Current research on declassification policies mainly involves content,location,time and other dimensions,and each of them has some limitations. Attacker could learn more confidential information than intended by using the vulnerability of other dimensions. A synthesis of different dimensions in declassification policy would further improve assurance that confidential information is being declassified properly. This paper proposed a declassification policy based on the content and location dimensions,using attacker knowledge model. The key idea of content dimension of the policy is that attacker is not allowed to increase observations about confidential information by causing misuse of the declassification mechanism, and that location dimension of the policy controls confidential information is declassified only through the declassification statement Additionally, we established type rules of policy enforcement and proved its soundness.%目前机密信息降级策略的研究主要集中在信息降级的内容、地点、时间等维度上,每个维度的策略都有一定的局限性,攻击者将会利用其他维度的漏洞,非法获取额外的机密信息.降级策略需要综合考虑多个维度来确保机密信息的可信降级.为此,利用攻击者知识模型,提出了一种基于内容和地点维度的降级策略.内容维度的关键思想是攻击者不允许通过滥用降级机制来获取额外的机密信息,而地点维度控制机密信息仅能通过特定的语句进行降级.此外,建立了该策略实施的类型规则,并证明了类型规则的可靠性.
展开▼