计算机科学与探索 ›› 2011, Vol. 5 ›› Issue (2): 179-192.

• 学术研究 • 上一篇    

面向无传递性安全策略的语法信息流分析方法

周从华, 刘志锋, 吴海玲, 陈 松   

  1. 江苏大学 计算机科学与通信工程学院, 江苏 镇江 212013
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2011-02-01 发布日期:2011-02-01
  • 通讯作者: 周从华

Syntactic Information Flow Analysis Based on Nontransitive Security Policy

ZHOU Conghua, LIU Zhifeng, WU Hailing, CHEN Song   

  1. School of Computer Science and Telecommunication Engineering, Jiangsu University, Zhenjiang, Jiangsu 212013, China
  • Received:1900-01-01 Revised:1900-01-01 Online:2011-02-01 Published:2011-02-01
  • Contact: ZHOU Conghua

摘要: 传统的语法信息流分析方法均基于实施机密性安全策略的信息流格模型, 而格关系的传递特性使得该方法不能用来分析实施无传递性安全策略的系统的安全性。提出一种新的标识隐蔽信息流的语法信息流分析方法, 该方法对实施具有传递性和无传递性安全策略的系统均适用。将信息流语义附加在每条语句之后, 定义一种称为信息流时序图的图结构来刻画信息流发生的时序关系, 给出了基于源程序的信息流时序图的构造方法, 提出了一种基于时序图的隐蔽信息流的标识算法。另外, 针对并发程序的并发特性, 提出了一种简化信息流时序图的方法, 在该方法下只要考虑并发进程之间特定的交互次序即可, 而不需要考虑所有可能的交互方式。

关键词: 隐通道, 语法信息流分析, 访问控制, 保密性安全策略

Abstract: The traditional syntactic information flow analysis is based on the lattice model such that the method can not be used to analyze the security of systems implementing the security policy not satisfying transitivity. This paper proposes a new information flow analysis approach. First, information flow semantics is attached to each statement of a program language. Then a graph structure called information flow temporal relation is defined to describe the temporal relation of information flow occurring, and a method of constructing the graph structure is presented. Fi-nally, based on the graph structure a covert information flow identification method is developed. In addition, ac-cording to the concurrency feature of concurrent programs, a method for reducing the information flow temporal relation is proposed. With the help of the method, it is sufficient to consider the special interleave order between concurrent processes instead of all interleave orders.

Key words: covert channel, syntactic information flow analysis, access control, confidentiality security policy