Home > OS >  Why there is no state control of information security
Why there is no state control of information security

Time:11-03

Why there is no state control in information security
In information system security protection, the core is the access control, whether the operating system, WEB applications, DBMS, or the current popularity of cloud computing platform, mobile APP applications, industrial control systems and so on, was discussed with plenty of space in the security access control, has the absolute dominance in the application, at the same time, in the related national test, measurement technology of (such as level protection assessment standards, risk assessment standards), the most talked about and access control, and it is as a standard to check item exists in the standard,
As an important safety control mechanism, so it's necessary for us to analyze what is access control, from the access control applications to access the session as the core control target, in terms of safety, there are two: one is to implement the safety of the session itself; Second is access to the session control means, to achieve different security requirements of the system, obviously, the latter is the key to the widely used of the access control,
But he said can access the session control is important? From the control object, the control of the access control target (access session behavior) is one of two basic elements (and state) of the behavior of the category, from the application scope, access session behavior itself has limited (only is clearly visible when the application user related factors, the relative underlying abstraction layer does not apply, or higher), which limits the application of access control, in addition, look from the control effect, access control, there are still many problems cannot be solved,
For this situation, I think the access control is one of the system safety protection means, though it is one of the most important, but believe that with the development of the information security technology, there will be other better means to appear, as a core of access control methods and safety of all, set for the standard, even itself reflects our lack of safety protection means,
For a long time, I admire the access control of dog excrement luck: a control object and humble, limited model, incredibly can be used as the core of the system security protection, also as an important part of the standard, do not know this is the difficult of information security research, and information security research is still in its original state,
In the past, individual learning some access control model, has been that the limitations of access control model exists in two aspects: one is hard coded in the application logic of role permission, its flexibility is poor, on the other hand, the access control model for the main body, object, access to the session behavior clearly, this is also a very deadly limit,
In system structure, we known system made up of behavior and status, behavior driven state transition so as to constitute a system, from this point of view, only behavior control (access session behavior is a small class behavior) is obviously not enough, behavior control and state control of combination to form a complete control system, in addition, from the application point of view, the state control can be used to supplement the behavior control, for some behavior control is not applicable to occasions, state control can play an unexpected effect, after all, the system is driven by behavioral state sequence, can be realized by controlling the state indirect control behavior (of course, also can be realized by controlling the behavior of indirect control state), it seems, the introduction of state control in system safety is clearly worth it, and from the access control of fire, do good, the introduction of state control, thus a repeat of the access control is not impossible,
But, still rarely seen at home and abroad related research and application of state control, why? Is the collective blindness? Obviously not, study abroad has always been to careful meticulous known, why is that? If you after a long time of study, you will find an answer: state explosion (the problem seems to be no one answer, maybe the answer is not correct, for your reference), is the current state explosion at home and abroad has always been a headache problem, personal guess this is probably why state control have been few studies, but the glory of our state control are difficult to give up, there is no denying the fact that its obvious advantage, can't we give up just because the state explosion state control?
Through in-depth study, the state explosion can be found at home and abroad have long-term research, although many are not involved in information security field, such as Dr Domestic have discussed in program analysis program path explosion problem solution, inspired by this, I want to try to step in state control aspects, first is to address the state explosion problem, we can use the behavior control indirect control state, this is one of the solutions, the second is by the solution of existing state explosion, in a certain state security applications in a controlled environment, discusses the application of specific solutions, in addition, in the information security, some critical state itself is very few, not necessarily explosion problems,
After considered the state explosion problem, the state control is widely used, such as for a state of control, i.e., according to the state as the goal, to ensure that the system of state security, another is by means of state control, the realization of system security, namely by state control system confidentiality, availability, etc., in addition, also can be indirectly controlled through state control behavior, realize the access control is difficult to achieve some of the security protection function,
, of course, how to use the state control to realize a series of similar access control model, own a bright access control, and the researchers in-depth study, in addition, the state of how to control the security idea really fall to the ground, also need to further study, otherwise, as the domestic popular network behavior control, is a can't be born concept will attract jokes,
Lin Mengni
In January, 2016
This is a controversial itself, welcome everybody to discuss

Page link:https//www.codepudding.com/os/76577.html

Prev:The most critical step in Windows driver didn't understand that
Next:An error occurred when installing jira6.0.4 hint added services
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding