• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文学位 >A unified mathematical model for stack- and role-based authorization systems.
【24h】

A unified mathematical model for stack- and role-based authorization systems.

机译:基于堆栈和基于角色的授权系统的统一数学模型。

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The purpose of this thesis is to build a mathematical framework for statically representing the execution of software programs and the flow of security information in those programs. This thesis shows how the result of this mathematical analysis can be used to automatically identify security properties of software and evaluate security policies. In particular, this work presents a mathematical model for Stack-Based Access Control (SBAC) systems, such as Java 2, Standard Edition (J2SE) and Microsoft .NET Common Language Runtime (CLR), and for Role-Based Access Control (RBAC) systems, such as Java 2, Enterprise Edition (J2EE) and CLR. The model is based on the mathematical theories of graphs and lattices, and allows static problem detection and security policy evaluation. This thesis proves that this mathematical model is correct and that the algorithms used to build it converge in polynomial time. The mathematical model presented in this thesis has been implemented and used extensively to analyze and detect security vulnerabilities in large production-level programs.
机译:本文的目的是建立一个数学框架,用于静态表示软件程序的执行和这些程序中的安全信息流。本文说明了如何将这种数学分析的结果用于自动识别软件的安全属性并评估安全策略。特别地,这项工作为基于堆栈的访问控制(SBAC)系统(例如Java 2,标准版(J2SE)和Microsoft .NET公共语言运行时(CLR))以及基于角色的访问控制(RBAC)提供了数学模型。 )系统,例如Java 2,Enterprise Edition(J2EE)和CLR。该模型基于图形和格子的数学理论,并允许进行静态问题检测和安全策略评估。本文证明了该数学模型是正确的,并且建立该模型的算法在多项式时间内收敛。本文提出的数学模型已被实现并广泛用于分析和检测大型生产级程序中的安全漏洞。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号