1971
Q
Q(S,O,M)
(S,O) , S O
. M :
Command a(x1,xk)
if r1 in M[Xs1,Xo1] and
if r2 in M[Xs2,Xo2] and
if rm in M[Xsm,Xom] and
then
op1
op2
a
xi ,
opi , , if then.
Q=(S,O,M) Q=(S,O,M).
6
1) Enter r into M[s,o] (s**S,o**O)
S r O. :
S=S
O=O
M[xs,xo]= M[xs,xo], (xs,xo) (s,o)
M[s,o]= M[s,o]v{r}
2) Delete r from M[s,o] (s**S,o**O)
S r O
S=S
O=O
M[xs,xo]= M[xs,xo], (xs,xo) (s,o)
M[s,o]= M[s,o]\{r}
3) Create subject s (s# #S)
s
O=Ov{s}
S=S v{s}
M[xs,xo]= M[xs,xo] (xs,xo)##S*O
M[s,xo]=# # xo##O
M[s,xo]=# # xs##S
4) Destroy subject s (s##S)
s
S=S\{s}
O=O\{s}
M[xs,xo]= M[xs,xo] (xs,xo)##S*O
5) Create object o (o# #O)
O=Ov{o}
S=S
M[xs,xo]= M[xs,xo] (xs,xo)##S*O
M[xs,o]=# # xs##S
6) Destroy object o (o##O)
o
O=O\{o}
S=S
M[xs,xo]= M[xs,xo] (xs,xo)##S*O
1.
command create_file (p,f)
create object f
enter own into M[p,f]
enter r into M[p,f]
enter w into M[p,f]
end
own, .
2. ( p q , , q )
command exec_process (p,q)
create subject q
enter own into M[p,q]
enter r into M[p,q]
enter w into M[p,q]
enter r into M[q,p]
enter w into M[q,p]
end
3. . f p q
command grand_read (p,q,f)
if own in M[p,f]
then
enter r into M[q,f]
end
--
##=(Q,R,C)
:
1) R={r1,,rn}
2) So={s1,,sn}
|
|
3) Oo={o1,,on}
4) Mo
5) C={ai(x1,,xk)}
{Qi}, .
, . E=(Q,R,C) , ai##
Th:
, .
:
, , , . . create, .. , , . create , .
1,2,,n , . :
1) Delete Destroy.
2) 1,2,,n Sinit : create subject.
3) , create subject, Sinit.
4) create object, Sinit.
5) enter, , .
. . create object, destroy subject, destroy object delete . create subject . enter |R|(|S0|+1)(|O0|+1), |R|(|S0|+1)(|O0|+1)+1, , .
.
Th:
, , . .
-
- , :
1) , Simple Security (SS) Xs X0 , Xs X0; no read up
|
|
2) * - (property) Xs X0 , X0 Xs. no write down
S##O
R={r,w}
L={u,su,s,ts} (unclassified, sensitive but unclassified, secret, top secret)
## - .
V , (F,M)
F: SvO->L, F , .
M =
## (L, <=,# #,# #)
<= - ,
# # -
# # -
, <=, :
1) (# # ## L: <= )
.
2)
(# # 1,a2 ## L:((1 <= 2)&(a2<=a1))->a2=a1)
, , , .
3)
(# # 1,a2,a3 ## L: ((1 <= 2)&(a2<=a3))->a1<=a3)
, , , .
# # # # :
=1# #a2<=>(1,a2<=a)&(##a##L:(a<=a)->(a<=a1Va<=a2))
=1# #a2 <=> <=>(a<=1,a2)&(##a##L:(a<=a1)&(a<=a2)->(a<=a))
.
∑=(V0,R,T) :
V0
R
T:VxR->V ,
:
, v##V, r##R V*=T(v,r). Vn ∑, :
{(Z0,V0),,(Zn-1,Vn-1),(Zn,Vn)}:T(Zi,Vi)=Vi+1,##i=0,n-1
V0 .
(F,M) Simple-, , , .
##s##S, ##o##O,
z##M[s,o]->F(o)<=F(s)
##s##S, ##o##O,
w##M[s,o]->F(s)<=F(o)
(F,M) , , , .
(F,M) , . ∑=(V0,R,T) , V0 , V0 R .
|
|
-
∑=(V0,R,T) , :
1) V0
2) V, V0, R ,
T(v,z)=V*
v=(F,M)
V*=(F*,M)
##s##S,
##o##O
:
a. If z##M*[s,o] z# #M[s,o] then F*(o)<=F*(s)
b. If z##M[s,o] F*(s)< F*(o), then z# #M*[s,o]
c. If w##M*[s,o] w# #M[s,o] then F*(s)<=F*(o)
d. If w##M[s,o] F*(o)< F*(s), then w# #M*[s,o]
∑=(V0,R,T) .
V0
, V*, V:T(v,r)=V*
, (a-d), , V* . .
∑=(V0,R,T) :
1) , V0 ( ).
2) , V*, V0 R. , - (v,r)=V*, v , V* - , (a-d) .
- (1987)
S
D
CDI (constrained data items) ,
UDI (un constrained data items) ,
D=CDI# (cup)#UDI
CDI# (hat)#UDI=# #
TP (transformation procedure) ,
,
IVP (integrity verification procedure) CDI
-:
1) IVP, CDI
2) TP CDI CDI
3) TP CDI
4) TP CDI ( (s,t,d), s,t,d S,TP,CDI)
5) , CDI
6) TP UDI CDI
7) TP CDI, :
a. CDI
b. CDI ,
8) , TP
9)
(1977)
- .
##=(IC, <=, # #, # #)
IC
:
1) (Simple integrity, SI) Xs X0 , X0 Xs (No read down)
|
|
2) * - (integrity) Xs X0 , Xs X0 (No write up)
, , . , . - . , . , - .