A model based on Bell-LaPadula model is proposed for access control in hierarchical organizations which have hierarchical units. These units include departments, staff and a new concept named post. In the model proposed by this paper, relationships among units in organization are built, and security tags can be assigned to subjects and objects simply. The interoperation among different departments is implemented through assigning multiple security tags to one post, and the more departments are closed on the organization tree, the more secret objects can be exchanged by the staff of the departments. The access control matrices of the department, post and staff are defined. By using the three access control matrices, a multi granularity and flexible discretionary access control policy is implemented. The outstanding merit of the BLP model is inherited, and the new model can guarantee that all the information flow is under control. Finally, the study shows that the proposed model is more flexible.
[1]
Li Rui.
A BLP Model Based on Access History
,
2006
.
[2]
Ruixuan Li,et al.
Multi-level Access Control Model for tree-like Hierarchical Organizations
,
2008
.
[3]
D. Elliott Bell,et al.
Secure Computer System: Unified Exposition and Multics Interpretation
,
1976
.
[4]
Feng Dengguo,et al.
A Fine-Grained Mandatory Access Control Model for XML Documents
,
2004
.
[5]
Liu Haifeng.
Design of a Modified BLP Security Model and Its Application to SecLinux
,
2002
.
[6]
Jian-Bo He.
Analysis of Two Improved BLP Models
,
2007
.
[7]
Joos Vandewalle,et al.
Realisation of the Bell-LaPadula security policy in an OSI-distributed system using asymmetric and symmetric cryptographic algorithms
,
1992,
[1992] Proceedings The Computer Security Foundations Workshop V.
[8]
He Jian,et al.
Analysis of Two Improved BLP Models
,
2007
.