| 基于标记技术的强制访问控制模型设计与应用 |
| |
| 引用本文: | 朱涛,董鹏,朱贺,齐胜.基于标记技术的强制访问控制模型设计与应用[J].铁路计算机应用,2022,31(1):55-60. |
| |
| 作者姓名: | 朱涛 董鹏 朱贺 齐胜 |
| |
| 作者单位: | 1.中国铁路信息科技集团有限公司 研发和建设处,北京 100844 |
| |
| 基金项目: | 中国国家铁路集团有限公司科技研究开发计划重大课题(K2019S001)。 |
| |
| 摘 要: | 为了增强铁路应用在新型计算基础设施环境下的网络安全防护能力,根据《信息安全技术网络安全等级保护基本要求》,在铁路现有的网络架构基础上,设计铁路网络空间安全体系架构,并提出适用于该体系架构的强制访问控制模型。依据该模型,利用标记技术可以实现相同网络空间相同域、相同网络空间不同域和不同网络空间之间的强制访问,并与可信操作系统、数据交换平台和数据交换总线协同工作,能够实现对访问操作的管控,保证数据安全交换,提升铁路网络的安全防护能力。
|
| 关 键 词: | 等级保护 主体 客体 标记技术 强制访问控制 铁路网络空间 |
| 收稿时间: | 2021-05-27 |
Mandatory access control model based on marking technology |
| |
| ZHU Tao,DONG Peng,ZHU He,QI Sheng.Mandatory access control model based on marking technology[J].Railway Computer Application,2022,31(1):55-60. |
| |
| Authors: | ZHU Tao DONG Peng ZHU He QI Sheng |
| |
| Affiliation: | 1.R&D and Construction Department,China Railway Information Technology Group Co. Ltd., Beijing 100844,China2.Network Security Research Office, China Railway Information (Beijing) Network Technology Research Institute Co. Ltd., Beijing 100044, China |
| |
| Abstract: | In order to enhance the network security protection ability of railway applications in the new type computing infrastructure environment, according to the basic requirements for network security level protection of information security technology, based on the existing railway network architecture, this paper designed the railway cyberspace security system architecture, and put forward the mandatory access control model suitable for the system architecture based on marking technology. According to this model, the marking technology could be used to implement the forced access between the same domain in the same cyberspace, different domains in the same cyberspace and different cyberspace, and work together with trusted operating system, data exchange platform and data exchange bus, so as to implement the control of access operation, ensure data security exchange and improve the security protection ability of railway computing platform. |
| |
| Keywords: | classified protection subject object marking technology mandatory access control railway cyberspace |
| 本文献已被 维普 等数据库收录! |
| 点击此处可从《铁路计算机应用》浏览原始摘要信息 |
|
点击此处可从《铁路计算机应用》下载全文 |
|
