Security gateway which is designed in experience usually focuses on function implementation and is usually not designed according to security model.To solve this problem,we proposed a method of formally designing and verifying a typical security gateway.Firstly,we designed the typical security gateway's security policy according to its security requirements.Secondly,we formally modeled the security policy and verified the security model's internal consistency by means of BLP model.In the end,we verified the consistency between the security gateway's functional specifications and its security model.To make sure the reasoning procedure's correctness,we used the theorem prover Isabelle/HOL to formally describe the above work and help us deduce.Our work ensures the security of a typical security gateway in terms of its top-level design and plays certain referential significance on formal design of security gateway.%传统上依靠经验设计的安全网关侧重于功能实现,缺少严格的安全模型.对此,针对一种典型安全网关,首先根据其安全需求给出相应的安全策略,然后利用BLP模型对给出的安全策略进行形式化建模并对安全模型的内部一致性进行证明,最后对安全网关的功能规约和安全模型的一致性进行验证.为保证推理过程的正确性,使用定理证明器Isabelle/HOL对上述过程进行描述和推理,保证了安全网关顶层设计的安全性.研究结果为安全网关的形式化设计提供了一定的借鉴意义.
展开▼
