信息网络安全 ›› 2014, Vol. 14 ›› Issue (9): 101-104.doi: 10.3969/j.issn.1671-1122.2014.09.023

• 入选论文 • 上一篇    下一篇

涉密环境桌面虚拟化多级安全系统设计与实现

武越, 刘向东   

  1. 中国航天科工集团第二研究院七O六所,北京 100854
  • 收稿日期:2014-08-06 出版日期:2014-09-01
  • 作者简介:武越(1989-),女,山西,助理工程师,硕士,主要研究方向:计算机网络安全;刘向东(1974-),男,河北,研究员,硕士,主要研究方向:计算机网络安全。

Design and Implementation of Multi-level Security System on Desktop Virtualization in Classified Environment

WU Yue, LIU Xiang-dong   

  1. Institute 706,The Second Academy of China Aerospace Science and Industry Corporation, Beijing 100854, China
  • Received:2014-08-06 Online:2014-09-01

摘要: 为解决涉密环境对于桌面虚拟化的多级安全防护需求,文章提出了一种面向涉密环境的桌面虚拟化多级安全模型——vDesktop-BLP模型。该模型结合桌面虚拟化应用场景,对经典BLP多级安全模型进行了改进,实现了对涉密环境桌面虚拟化系统中信息流流向的多级安全控制。文章还对模型进行了系统实现,对其中的安全机制进行了详细设计,最终保证虚拟桌面间最主要的两类信息交互行为(网络通信行为和存储设备读写行为)能够符合涉密信息系统多级安全的要求。

关键词: 桌面虚拟化, 涉密环境, 多级安全

Abstract: Aiming to achieve the goal of multi-level security to desktop virtualization in classified environment, a new model vDesktop-BLP is proposed. The model which improves the classical BLP model can control path of information flow in desktop virtualization and realize the control of network communication between virtual desktops and access behaviors to storage devices based on principles of multi-level security in classified environment. Afterwards, a prototype system is implemented to verify the feasibility and effectiveness design of vDesktop-BLP.

Key words: desktop virtualization, classified environment, multi-level security