Abstract

Designing a trusted access control mechanism of an operating system (OS) is a complex task if the goal is to achieve high level of security assurance and guarantees of unwanted information flows absence. Even more complex it becomes when the integration of several heterogeneous mechanisms, like role-based access control (RBAC), mandatory integrity control (MIC), and multi-level security (MLS) is considered. This paper presents results of development of a hierarchical integrated model of access control and information flows (HIMACF), which provides a holistic integration of RBAC, MIC, and MLS preserving key security properties of all those mechanisms. Previous version of this model is called MROSL DP-model. Now the model is formalized using Event-B formal method and its correctness is formally verified. In the hierarchical representation of the model, each hierarchy level (module) corresponds to a separate security control mechanism, so the model can be verified with less effort reusing the results of verification of lower level modules. The model is implemented in a Linux-based operating system using the Linux Security Modules infrastructure.

中文翻译：

---

将RBAC，MIC和MLS集成到已验证的操作系统分层安全性模型中

摘要

如果目标是实现高级别的安全保证并保证不存在不必要的信息流，那么设计操作系统（OS）的受信任访问控制机制是一项复杂的任务。考虑到几种异构机制的集成，甚至更复杂，例如基于角色的访问控制（RBAC），强制性完整性控制（MIC）和多级安全性（MLS）。本文介绍了访问控制和信息流的分层集成模型（HIMACF）的开发结果，该模型提供了RBAC，MIC和MLS的完整集成，并保留了所有这些机制的关键安全性。该模型的先前版本称为MROSL DP模型。现在，使用Event-B形式化方法对模型进行形式化，并正式验证其正确性。在模型的分层表示中，每个分层级别（模块）都对应一个单独的安全控制机制，因此可以通过重用较低级别模块的验证结果来轻松验证模型。该模型使用Linux安全模块基础结构在基于Linux的操作系统中实现。