A BLP-BASED MODEL FOR HIERARCHICAL ORGNIZATIONS

摘要

A model based on Bell-LaPadula model is proposed for access control in hierarchical organizations which have hierarchical units. These units include departments, staff and a new concept named post. In the model proposed by this paper, relationships among units in organization are built, and security tags can be assigned to subjects and objects simply. The interoperation among different departments is implemented through assigning multiple security tags to one post, and the more departments are closed on the organization tree, the more secret objects can be exchanged by the staff of the departments. The access control matrices of the department, post and staff are defined. By using the three access control matrices, a multi granularity and flexible discretionary access control policy is implemented. The outstanding merit of the BLP model is inherited, and the new model can guarantee that all the information flow is under control. Finally, the study shows that the proposed model is more flexible.