Multilevel security policy conversion method

A security policy and conversion method technology, applied in the field of multi-level security policy conversion, can solve problems such as difficulty in ensuring security and heavy workload, and achieve the effect of improving efficiency and reducing labor costs

Inactive Publication Date: 2010-06-30
INST OF COMPUTING TECH CHINESE ACAD OF SCI
View PDF0 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the present invention is to overcome the defects that the security policy conversion method in the prior art is heavy in workload and difficult to ensure security when it is applied to a large system, thereby providing a multi-level security policy conversion method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multilevel security policy conversion method
  • Multilevel security policy conversion method
  • Multilevel security policy conversion method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] The present invention will be described below in conjunction with the accompanying drawings and specific embodiments.

[0023] Before describing the specific implementation of the present invention in detail, some concepts involved in the present invention will be described uniformly.

[0024] Sensitive mark: In multi-level security, both subject and object will be marked with sensitive mark, which includes category and confidentiality level. The set of sensitive flags is expressed as L = { ( c , k ) | c ∈ C , k ⊆ K } , Among them, the confidentiality level C is a linear sequence with comparable size, such as {public, secret, confidential, top secret}, and the confidentiality level is getting higher and higher from "public" to "top secret". The categories in the category set K are no...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a multilevel security policy conversion method, comprises the steps: reading, in an original system, original authorized policy data which describes the authority of host to access relative guests in the original system; classifying the guests in the original system and clustering the classes so as to construct the membership between category and the guests; then combining the membership between the category and the guests with the original authorized policy to construct the membership between the host and the category; within each of the resultant categories, calculating an optimal security classification assignment way of the host to the guests to result I the security classification between the host and the guests so as to obtain a sensitive mark; and according to the sensitive mark of the host and the guests and the access authority of a system to be migrated, generating authorized policy data of the system to be migrated. The method according to the invention can be suitable for the conversion of security policy in large-scale system.

Description

technical field [0001] The invention relates to the field of computer security, in particular to a multi-level security policy conversion method. Background technique [0002] For the sake of computer security, my country has divided the computer information system security protection capabilities into five levels in the "Computer Information System Security Protection Level Classification Guidelines" (GB 17859), namely: user independent protection level (level 1), system Audit protection level (second level), security mark protection level (third level), structured protection level (fourth level), access verification protection level (fifth level). In the above-mentioned standards, it is required that the application security, host security, and network security of information systems above the third level must implement mandatory access control policies, and mainly multi-level security policies; it also requires the designation of sensitive marks for subjects and objects. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F21/60
Inventor 杨智金舒原段洣毅陈性元
Owner INST OF COMPUTING TECH CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap