秘密信息可信释放策略的研究目前主要集中在内容、时间、地点以及调用主体4个维度上,不同维度的策略侧重于解决可信释放的不同方面,具有一定的局限性.为了确保秘密信息的可信释放,需要综合考虑不同的维度.为此,提出了一种结合内容、地点和调用主体3个维度的可信释放策略.该策略的内容维度限制攻击者不能通过释放机制获取额外的秘密信息,地点维度控制秘密信息仅能在程序中特定语句点释放,而主体维度则限定攻击者不能影响秘密信息释放语句是否被调用执行.通过这3个维度的控制,该策略具有更细的控制粒度,能更好地抵抗信息清洗攻击.此外,建立了策略实施的类型系统,给出了类型系统的可靠性定理及其证明.%Current study on trusted release policies of confidential information focused on WHAT, WHEN, WHERE and WHO dimensions. Each of them tends to address only one aspect of information release and has some limitations. Hence, it is desirable to combine defense along different dimensions. A trusted release policy combining WHAT, WHERE and WHO dimensions is proposed. The key idea of WHAT dimension of the policy is that attacker is not allowed to increase observations about confidential information by causing misuse of the declassification mechanism. WHERE dimension of the policy controls confidential information is declassified only through the declassification statement, and WHO dimension of the policy prevents the attacker from influencing whether confidential information is released. This release policy has finer granularity of controlling the release of confidential information and can resist the information laundering attack better. Additionally, the type rules are established and proved for the policy enforcement.
展开▼
