网络与信息安全学报 (Oct 2023)

Redundancy and conflict detection method for label-based data flow control policy

  • Rongna XIE, Xiaonan FAN, Suzhe LI, Yuxin HUANG, Guozhen SHI

DOI
https://doi.org/10.11959/j.issn.2096-109x.2023074
Journal volume & issue
Vol. 9, no. 5
pp. 21 – 32

Abstract

Read online

To address the challenge of redundancy and conflict detection in the label-based data flow control mechanism, a label description method based on atomic operations has been proposed.When the label is changed, there is unavoidable redundancy or conflict between the new label and the existing label.How to carry out redundancy and conflict detection is an urgent problem in the label-based data flow control mechanism.To address the above problem, a label description method was proposed based on atomic operation.The object label was generated by the logical combination of multiple atomic tags, and the atomic tag was used to describe the minimum security requirement.The above label description method realized the simplicity and richness of label description.To enhance the detection efficiency and reduce the difficulty of redundancy and conflict detection, a method based on the correlation of sets in labels was introduced.Moreover, based on the detection results of atomic tags and their logical relationships, redundancy and conflict detection of object labels was carried out, further improving the overall detection efficiency.Redundancy and conflict detection of atomic tags was based on the relationships between the operations contained in different atomic tags.If different atomic tags contained the same operation, the detection was performed by analyzing the relationship between subject attributes, environmental attributes, and rule types in the atomic tags.On the other hand, if different atomic tags contained different operations without any relationship between them, there was no redundancy or conflict.If there was a partial order relationship between the operations in the atomic tags, the detection was performed by analyzing the partial order relationship of different operations, and the relationship between subject attribute, environment attribute, and rule types in different atomic tags.The performance of the redundancy and conflict detection algorithm proposed is analyzed theoretically and experimentally, and the influence of the number and complexity of atomic tags on the detection performance is verified through experiments.

Keywords