基于安全熵的间接非授权行为分析理论

针对系统中存在间接非授权访问可能性的量化分析和证明问题,提出了一种基于安全熵的量化分析理论.首先,结合信息论有关知识引入安全熵概念,提出系统对间接非授权访问行为响应的不确定性计算方法;然后,基于安全熵提出了系统的间接安全性定理,作为判断系统是否可能存在间接非授权访问的依据;最后,应用该方法对经典安全模型进行了量化分析,验证了该方法的实用性.结果证明该方法适用于系统或访问控制模型对间接非授权访问的防护能力评估和证明.

Analysis Technique for Classificatory Access Control Model Security based on Security Entropy

To resolve the problems of quantitative analysis and proof on the probability of indirectly unauthorized access existing in the system, a quantitative analysis method based on security entropy is proposed. Firstly,the concept of security entropy is introduced in accordance with information theory, and the calculation method for uncertainty of the system＇ s response to the irregular access be- haviors is given. Then the security theorem based on security entropy is proposed ,which serves as a basis to determine if there are in- directly unauthorized accesses. Finally, the typical access control model is quantitively analyzed by the method, and through this, the practicability of this method is validated. The experiment result indicates that this methods is suitable for security quantitative analysis and proof on indirectly unauthorized access control capability in information system and access control model.