1、机密性访问控制信息流DAC自主MAC强制完整性RBACBLPChinese Wall(非干扰性,非观察性)BibaClark-Wilsonthe“Chinese Wall”Policy is a mandatory access control policy for stock market analysts.This organizational policy is legally binding in the United Kingdom stock exchange.Ln HiHn HiHn LiLn Li RBAC3RBAC1 RBAC2 RBAC010 NON-REVERSIBLE
2、ACTIONS11 REDUNDANCY12 MINIMIZATION.Variable Minimization Data Minimization Target Value Minimization Access Time MinimizationRule 1.The system will have an IVP for validating the integrity of any CDI.In Windows NT there is a local security authority(LSA)which checks the security information in the
3、subjects access token with the security information in the objects security descriptorRule 2.The application of a TP to any CDI must maintain the integrity of that CDIIn Windows NT,most subjects cannot change the attribution of the objects,but some subjects have this privilege,such as administrator
4、But this is only limited to some special users.So this rule is not applied to Windows NT strictlyRule 3.A CDI can only be changed by a TPAs mentioned above some special users can change attribution of the objects,and no other methods can be applied to change objectsRule 4.Subjects can only initiate
5、certain TPs on certain CDIsIn windows NT,the subjects access token includes what kinds of operations are permitted.Only when information of the access token is consistent with the information in the objects security descriptor,the operation is allowed C-W 模型的模型的NT解释解释 Rule 5.CW-triples must enforce
6、some appropriate separation of duty policy on subjects In Windows NT,administrator can do anything.So this rule is not appliedRule 6.Certain special TPs on UDIs can produce CDIs as outputIn Windows NT,users can change the object from without ACL state to with ACL state.Generally,this operation is pe
7、rformed by AdministratorRule 7.Each TP application must cause information sufficient to reconstruct the application to be written to a special append-only CDIIn Windows NT,audit services can collect information about how the system is being usedRule 8.The system must authenticate subjects attempting
8、 to initiate a TPIn Windows NT,any user has her or his SID,and any process in behalf of this user copies the same SID.By this way,Windows NT can authenticate subjects attempting to initial a TPRule 9.The system must only permit special subjects(i.e.,security officers)to make any authorization-related lists.In Windows NT,only administrator can do and view some high security events
