Research And Implementation Of Multilevel Access Control Method In Classified Information System

The rapid development of network technology raises the information network application efficiency enormously. However, the Critical information’s existence and propagation on the Internet has brought a very serious issue of network security and deepened the contradiction between information sharing and security isolation.According to the analysis, the situation of the intranet, especially the intranet of classified secrets, is very serious in the entire network security system. Classified information causes lots of security issues such as internal leakage, illegal access and big loss. Critical information systems has been protected at home and abroad. Many countries have raised the idea of hierarchical protection and issued series of standards and documentation. However, to solve the safety problem of Classified Information System and management the users and information access requires a deeper level of theoretical research and technical support.On the base of hierarchical protection, our country has developed Classified Information System gradational protection demand and standard. It clearly defines to divide the security domain in system and control the flow of information to prohibit low dense data flow to high dense data in order to protect information from illegal access and reduce security risks.BLP model is the most classic multi-level security model, and often used in Classified Information Systems to make access control strategy. But existed access control methods, such as VLAN technology, ACL technology and network Firewall etc., still have limitations in grade and domains access control. This paper analyses the demands of gradational protection and the limitations of access control technology, and raises a kind of Multi-level information access control based on E-mail system for the application of the BLP model, and describes its design idea, composition principle, and work processes in detail. The main ideas of this paper include:1. Researching the background and status of international and domestic hierarchical protection idea and domestic demand for Classified Information System gradational protection.2. By understanding the access control model technology and the BLP model principle, the limitations of present technology in application of BLP model on implementing access control are summarized.3. After analyzing the e-mail working characteristics and availability, this paper raises a Multi-level information access control method based on E-mail system for the application of the BLP model, and adds a information gateway during the E-mail server and client to manage the access behavior, control the information flow, and limit users’ access permissions.4. Divide the building blocks from functions and introduce its logical relations and main features. Discuss the specific algorithm and implementation steps of the building blocks., including access control, SMTP&POP3, etc. Prove the feasibility, availability and superiority of the strategy from test and next work plan is given.