| Budget Amount *help |
¥5,400,000 (Direct Cost: ¥5,400,000)
Fiscal Year 1996: ¥1,000,000 (Direct Cost: ¥1,000,000)
Fiscal Year 1995: ¥4,400,000 (Direct Cost: ¥4,400,000)
|
|---|
| Research Abstract |
To control the access right of users to data base systems concentrically is one of the approaches for solving to the problem. A systematic model for the approach is called the security model. Typical security models are a mandatory model of the Bell and LaPadula model (summarize BLP) and a discretionaly model using an access matrix. The BLP is defined security levels for information and users. An access right of users is controlled by comparing the security levels of the users and the information. Direction of the information flows are defined by the security levels.
On the other haid, the discretionaly model using an access matrix an access matrix has an advantage to be able to look aroud information flows all over the users. But there is a problem that the indirect information flows are caused by writing any information to the other information, and consequently, confidentiality and integrity for the information are damaged. And if access right is changed, we have a further problem th
… More
at the access matrix which has been secure before changing access right is not secure. But reports of this type of research have apparently not been published to date.
This research proposes a security model and reification method to detect the indirect information flows and to verify whether information is secure or not. For the security model proposed, a Hierarchical Time Petri Net (H-TPN), which is an extended not of the Hierarchical Petri Net, is defimed. The H-TPN is introduced time parameter and colored tokens in the Hierarchical Petri Net. The information flows in the access matrix are described by the paths on the H-TPN whose places describe users and information. The time parameter is defined in the transitions of the H-TPN.Colored tokens, which are divided into two types, are introduced to reduce complexity of toke'n propagation paths, The one type of the colored tokens describes information to be verified, the others describe information not to be verified. Operation rules between colored tokens are defined.
In the proposed security model, we will show very interesting properties for the security with regard to the time. The properites are a condition to be secure till a certain time and a condition to be secure from a certain time to a certain future time. Less
|
