| As the 21 century becomes the time of information and the information comes to be an important resource for strategy, the ability to ensure the security of information has become to be vital part for a country’s integrated skill. On one hand, information technology and skill are being unprecedented the prosperous period, information property has become the first property all over the world. On the other hand, the issues of destroying the security of information happen at a high frequency, the form for information security is serious.With the development of the Internet, especially cloud computing and distributed systems applications, the security demand of people on the network data have become increasing. At the same time, virtualization, as key technologies of cloud infrastructure, provides a more open network environment. It has become a serious problem that how to ensure the network resources in the virtual environment can be fully shared, and meanwhile, to achieve strict access control to prevent malicious intrusion and damage.Traditional access control models limit users’ access according to privileges. As the management of system is relied on users too much, the ability to manage data securely is demanded pretty great. Even though series of solutions are addressed to solve such secure problems, it cannot defend from some malicious attacks, especially from the system administrators. Therefore, the mandatory access control is needed, which can do classification on both users and data.In this paper, a novel access control model named E-MLR on the view of entity is proposed on the basis of the traditional MLR model. We redesign elements, data explanations, data operations for secure communication in traditional computer systems.Then, we reference to KVM as a research environment, and apply the E-MLR model to a virtualized environment. Considering the access control between virtual machines and the access control through shared memory on one machine, we proposed V-MGSM model and use it to control the communication process between VMs. The access control mechanism proposed in this paper also takes into account the memory share between VMs. What’s more, we provide the detailed implementation process and test results under the virtualized environment KVM. In a word, the whole research work includes:1.Aiming at traditional multi-level models at present, we propose an entity based multi-level access control model called E-MLR which includes new data explanations, an idea of data borrowing and four data operation instructions. As a result, we keep the low-level users can’t change the view of the high-level users, ensuring the information security of the system.2. We reference to KVM as a research environment, and apply the E-MLR model to a virtualized environment. We proposed V-MGSM model and use it to control the communication process between VMs.3.We provide the detailed implementation process and test results under the virtualized environment KVM. We draw conclusions from the test results that the communications between VMs can be judged correctly and securely so that our proposed model V-MGSM is correct and secure. |
PDF Full Text Request