| Classified protection's wide implementation brings new challenges for access control between the entities of different systems. The traditional multi-level security policy is mainly used for access control in the single system, but does not satisfy the security requirements of permissions assignment and permissions adjustment in the the multi-classification interconnected system. It is an urgent and key problem to ensure the secure access to the information in multi-classification interconnected system, while realizing classified protection for information. Fourcing on the features of access control in the multi-classification interconnected system, the thesis proposes the static permissions assignment policy and dynamic permissions adjustment policy, and proves the validity of the two policies through genetic inference,which sloves the accss control problem in the multi-classification interconnected system. The main work are as follows:1. The thesis studies the needs of access control policy in the multi-classification interconnected system. Based on analyzing the particular security requirements of multi-classification interconnected system and the application limitation of the traditional multi-level security policies, countermeasures are presented.2. Focusing on the problem of permissions assignment to the information in the multi-classification interconnected system, the thesis explores a static access control policy based on the joint authorization. Based on the formal definitions of the related elements and rules, the thesis introduces multiple authorization types to extent the authorization rules, depicts the combination authorization rules and steps, and proposes the conflict detection algorithm and conflict resolution rules to ensure the policy consistence. These work solve the problem of permissions assignment to the information in the multi-classification interconnected system,.3. Focusing on the problem of the permissions adjustment of the information in the multi-classification interconnected system, the thesis explores the dynamic access control policy based on the quantified risk. Analyzing the factors that relates to the quantified risk, a quantified risk algorithm is proposed. Introducing the information lattic model into the multi-classification interconnected system, a risk management mechanism and the dynamic access control process is proposed, with the security of the policy analyzed. These work solve the problem of dynamic permissions adjustment in the multi-classification interconnected system.4. Focusing on the problem of policy validity validation, the thesis analyses the current reaserches in this field. Using the genetics theory, the thesis demonstrates the access control policy based on the genetic inference. Designing the policy individual, fitness function and genetic operator, several experiments are given to validate the effectivity of the static and dynamic access control policy. |
PDF Full Text Request