安全操作系统中的权能管理模型

最小特权和责任分离原则要求安全操作系统能够提供细粒度的访问控制．基于权能的安全操作系统可以满足这种需求，但现有的权能管理模型不能同时解决权能控制的客体有限、权能撤销机制不够完善以及访问检查的速度太慢的问题.本文提出一种新的权能管理模型（GYC模型），较好的解决了上述三个问题．该模型已被应用到安全操作系统Minicore中，实验结果表明，与典型的Redell模型相比，GYC模型在整体性能上更好．     

一种面向J2EE应用的条件权能访问控制方法

为了满足J2EE应用所提出的访问控制要求,我们应用NISTRBAC参考模型提出了一种基于条件权能的访问控制机制,讨论了访问控制系统的实现策略,解决了J2EE服务层和表现层的访问控制问题。     

Access数据库的完整性控制策略

Microsoft Access for Windows是Microsoft公司推出的面向办公自动化、功能强大的关系数据库管理系统。文中讨论了在Ac-cess中的完整性控制策略,并举出了几个实际操作的例子。     

Checking Event-Based Specifications in Java Systems

One of today's challenges is producing reliable software in the face of an increasing number of interacting components. Our system CHET lets developers define specifications describing how a component should be used and checks these specifications in real Java systems. CHET is able to check a wide range of complex conditions in large software systems without programmer intervention. It does this by doing a complete and detailed flow analysis of the software and using this analysis to build a simpler, model program. This paper explores the motivations for CHET, the specification techniques that are used, and the methodology used in statically checking that the specifications are obeyed in a system.     

并发反应式系统的组合模型检验与组合精化检验

模型检验和精化检验是两种重要的形式验证方法,其应用的主要困难在于如何缓解状态爆炸问题.基于分而治之的思想进行组合模型检验和组合精化检验是应对这个问题的重要方法,它们利用系统的组合结构对问题进行分解,通过对各子系统性质的检验和综合推理导出整个系统的性质.在一个统一的框架下对组合模型检验和组合精化检验作了系统的分析和归纳,从模块检验的角度阐述了上述两种组合验证方法的原理及其相应的组合验证策略.同时总结了各类问题的复杂性,并对上述两种方法作了比较分析,揭示了它们之间的内在联系.最后展望了组合模型检验与组合精化检验的发展方向.     

Model Checking Dynamic Memory Allocation in Operating Systems

Most system software, including operating systems, contains dynamic data structures whose shape and contents should satisfy design requirements during execution. Model checking technology, a powerful tool for automatic verification based on state exploration, should be adapted to deal with this kind of structure. This paper presents a method to specify and verify properties of C programs with dynamic memory management. The proposal contains two main contributions. First, we present a novel method to extend explicit model checking of C programs with dynamic memory management. The approach consists of defining a canonical representation of the heap, moving most of the information from the state vector to a global structure. We provide a formal semantics of the method that allows us to prove the soundness of the representation. Secondly, we combine temporal LTL and CTL logic to define a two-dimensional logic, in time and space, which is suitable to specify complex properties of programs with dynamic data structures. We also define the model checking algorithms for this logic. The whole method has been implemented in the well known model checker SPIN, and illustrated with an example where a typical memory reader/writer driver is modelled and analyzed.     

Scientific Theories of Computational Systems in Model Checking

Model checking, a prominent formal method used to predict and explain the behaviour of software and hardware systems, is examined on the basis of reflective work in the philosophy of science concerning the ontology of scientific theories and model-based reasoning. The empirical theories of computational systems that model checking techniques enable one to build are identified, in the light of the semantic conception of scientific theories, with families of models that are interconnected by simulation relations. And the mappings between these scientific theories and computational systems in their scope are analyzed in terms of suitable specializations of the notions of model of experiment and model of data. Furthermore, the extensively mechanized character of model-based reasoning in model checking is highlighted by a comparison with proof procedures adopted by other formal methods in computer science. Finally, potential epistemic benefits flowing from the application of model checking in other areas of scientific inquiry are emphasized in the context of computer simulation studies of biological information processing.     

访问控制系统的规则集模型及其检测算法

针对访问控制系统规则存在漏洞问题,提出一个建立在系统读写规则集基础之上的访问控制系统规则集模型及相应的模型检测算法,通过对系统状态的遍历,判断目标在权限提供某些许可的情况下是否可完成,并在目标可完成的情况下输出相应的策略。实验结果证明,在中等规模的系统中该算法有效。     

ERP系统中的可视化权限管理技术

概述了现有的ERP软件系统中的权限管理的方法,指出它们存在的问题,提出两种可视的、直观的、简便的权限管理方法,以及它们的适用范围,并给出了其中一种方法的具体实现以及相应的权限设置和管理的方法。     

角色权限管理在WebGIS系统中的应用

基于角色的权限管理在各类应用系统中已得到了广泛的应用,它能方便地控制不同权限的用户登录系统后查看不同的信息、使用不同的功能,增加了系统的安全性和多用性。WebGIS系统中往往会有许多不同权限的多种用户,分别可以获得不同级别或种类的地理信息。该文先简单介绍了ArcGIS Server 9.2中Web ADF的基本情况,而后阐述了几种不同的基于角色的权限管理方案,用来控制基于ArcGIS Server开发的WebGIS网站中地图图层和图例的显示与否以及工具条中工具和任务的可否使用。最后作为示例,利用Web ADF开发一个简单的WebGIS网站并用角色来控制权限。     

嵌入式实时系统的软件需求检测

以需求描述模型HRFSM(hierarchical finite state machines based on rules)为基础,提出了一个嵌入式实时系统软件的动态执行模型(dynamic execution model,简称DEM)和基于该模型的检测方法.由于DEM能将控制流、数据流和时间有效地集成为一体,故提出的检测方法能检测嵌入式实时系统的软件需求的一致性和完全性.该检测方法由3种侧重点不同的检测形式组成,并能在检测过程中提供一些重要的检测信息.分析员可以利用基于该检测方法的工具灵活地对嵌入式实时系统的软件需求进行检测,以提高分析和检测软件需求的效率.     

中断驱动控制系统的有界模型检验技术

针对一类中断驱动的航天控制系统,给出了有界模型检验的算法.这类系统由中断处理程序和操作系统调度的任务组成.当中断发生时,对应的中断处理程序响应中断事件,并可以修改控制变量值,以便在系统任务中完成后续工作.操作系统周期性地调度任务序列处理日常事务以及中断事件的后续工作.使用了带中断标记的时间自动机对中断事件和任务调度事件进行建模,并使用中断向量表和中断处理程序的伪代码模型共同描述中断的处理过程.控制变量将中断处理过程和系统任务相关联,中断处理程序可以设定某个控制变量,而系统任务则通过检查该控制变量来确定是否需要进行后续处理.对于这样的形式化模型,给出了检验关键时序性质的有界模型检验算法.该算法使用深度优先的方式遍历所有长度小于等于K的可行路径,并使用SMT Z3实现了对时间约束和规约的处理.     

区间系统鲁棒稳定性的有限检验

讨论区间对象族能否被一给定补偿器鲁棒镇定的问题.用Sturm判据给出闭环区间系统鲁棒稳定的充要条件.     

The Architecture of a Capability-Based Microprocessor System

By implementing a capability-oriented addressing scheme, tagged storage, and a single-level-store approach to memory management, and by providing hardware support for multitasking, this architecture reduces the semantic gap.     

高性能处理系统中自修改代码的高效检测技术

在主流通用处理系统中,超标量机制及高速缓存使得自修改代码(SMC)成为一种需要特殊处理的情况,为了继续支持使用自修改代码的程序并兼容原有程序,在处理系统设计中需要对SMC的情况进行支持。本文分析并对比了多种程序的SMC行为及解决方案,设计了一种利用FIFO队列在流水线外检测SMC的方案,避免了对主流水线的干扰;并通过复用访存通路来检测SMC导致的缓存一致性问题,由于优化后的设计不需要额外的端口,避免了在数据缓存使用多端口设计,使得整体面积下降了1.16%。同零开销的理想方案相比,该方案对性能的影响小于0.1%。     

Implementation of a Capability-Based Data Abstraction

One important feature in programming language design is an appropriate data definitional facility. Criteria now recognized as important are the concepts of information hiding and data abstraction. The problem, however, is to embed these ideas into languages. Although including these ideas has often led to the design of a new language, that is not always necessary. Such facilities may be added to languages like PL/1 or Pascal. This report discusses the inclusion of such facilities within one such PL/1 compiler. While the resulting system does not have the optimal set of protection features, it does have several advantages: the base language is known to a large class of programmers, there are many such compilers already written, and the system achieves almost as much protection as is needed.     

门禁系统在博物馆的应用

在数字技术网络技术飞速发展的今天门禁技术得到了迅猛的发展。门禁系统早已超越了单纯的门道及钥匙管理,它已经逐渐发展成为一套完整的出入管理系统。它在工作环境安全、人事考勤管理等行政管理工作中发挥着巨大的作用。本文就门禁系统在博物馆的应用进行分析研究。     

模态转移系统的三值逻辑模型检验

分析了现有的模型检验技术应用于模态转移系统的三值逻辑公式的模型检验中存在的问题.提出了把模态转移系统转换成Kripke结构的算法以及三值逻辑公式转换成2个二值逻辑的算法,经过转换后可用现有的模型检验技术进行模型检验.用该算法转换后,状态数、转移数和原子命题数目与原模型呈线性关系,没有增加模型检验的复杂度.