Technical Research On Access Control With One-way Information Flow Model

With the extensive application and rapid development of computer technology and internet technology, the computer has become an important part of work and life in modem society. People can use computers and internet to store and exchange various kinds of information resources easily and fastly, however, with the coming era of information technology, the security of computer information need to cause enough attention. The computers of government, army, corporation and personal are often attacked by viruses,Trojans and many kinds of malicious programs, so that important information is lost and leaked with causing a great loss.The technology of access control is one of the effective methods of computer and information security, providing a safe and reliable model for information security.But with the computer technology advancing continuously and the information security increasing continuously, the traditional models of access control have been unable to meet the needs of modern computer system on information security. Therefore, how to design a more secure, efficient and reasonable security protected mechanism of access control is the issue for security access control areas to research and solve in the future.This thesis focuses on the consideration of information security access control problem in multilevel security policy environment, studying and learning the traditional model of access control and the implement technology, analysing the possible leakage way in modem computer systems, according to the design thought and the security characteristics of BLP model and Chinese wall model, proposing an access control security model based on one-way information flow. In the model, we do not limit the read access request liking the BLP model and the Chinese wall model. We record the read access operations, and judge the write access permissions by tracking the access history. The model provides a more comprehensive access control policy, safer, more flexible and more efficient.In the implementation of the model, this paper selects the very mature technology of file system filter driver. In the file system filter driver of the core layer, according to the rules of the security access control model, implementing dynamic monitoring on the operation of the document, and implementing the security access control of the document.