Abstract
Privilege user is needed to manage the commercial transactions, but a super-administrator may have monopolize power and cause serious security problem. Relied on trusted computing technology, a privilege separation method is proposed to satisfy the security management requirement for information systems. It authorizes the system privilege to three different managers, and none of it can be interfered by others. Process algebra Communication Sequential Processes is used to model the three powers mechanism, and safety effect is analyzed and compared.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Classified criteria for security protection of computer information system. GB17859-1999 (1999)
Trusted Computer System Evaluation Criteria (TCSEC), DoD (1985)
Saltzer, J., Schroeder, M.: The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9), 1278–1308 (1975)
Clark, D.D., Wilson, D.R.: A Comparison of Commercial and Military Computer Security models. In: Proceedings 1987 Symposium on Security and Privacy. IEEE Computer Society, Oakland (1987)
Lee, T.M.P.: Using Mandatory Integrity to Enforce “Commercial Security”. In: 1988 IEEE Symposium on Security and Privacy. IEEE Computer Society, Oakland (1988)
Shockley, W.R.: Implement Clark/Wilson Integrity Policy Using Current Technology. In: Proceedings 11th National Computer Security Conference (October 1988)
Qing, S.H., Shen, C.X.: Designing of High Security Level Operating System. Science in China Ser. E. Information Sciences 37(2) (2007)
Ji, Q.G., Qing, S.H., He, Y.P.: A New Privilege Control Formal Model Supporting POSIX. Science in China Ser. E. Information Sciences 34(6) (2004)
Sheng, Q.M., Qing, S.H., Li, L.P.: Design and Implementation of a Multi-Layered Privilege Control Mechanism. Journal of Computer Research and Development (3) (2006)
Bergstra, J.A., Klop, J.W.: Fixed Point Semantics in Process Algebras, Report IW 206. Mathematisch Centrum, Amsterdam (1982)
Hoare, C.A.R.: Communicating Sequential Processes. Prentice/Hall International, Englewood Cliffs (1985)
Krohn, M., Tromer, E.: Non-interference for a Practical DIFC-Based Operating System. In: 2009 IEEE Symposium on Security and Privacy. IEEE Computer Society, Oakland (2009)
Roscoe, A.W.: A Theory and Practice of Concurrency. Prentice Hall, London (1998)
Schneider, S.: Concurrent and Real-Time Systems: The CSP Approach. John Wiley & Sons, LTD., Chichester (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Chen, Y., Hu, J., Gai, X., Sun, Y. (2011). A Privilege Separation Method for Security Commercial Transactions. In: Lai, X., Gu, D., Jin, B., Wang, Y., Li, H. (eds) Forensics in Telecommunications, Information, and Multimedia. e-Forensics 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 56. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23602-0_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-23602-0_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-23601-3
Online ISBN: 978-3-642-23602-0
eBook Packages: Computer ScienceComputer Science (R0)