Application of Modified BLP Model on Mobile Web Operating System

• Published in: 2016 IEEE Trustcom/BigDataSE/ISPA pp. 1818 - 1824
• Main Authors: Dali Zhu, Ying Yang, Hao Jin, Jing Shao, Wei-Miao Feng
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.08.2016
• Subjects: Access control; Analytical models; BLP model; Computational modeling; integrity; isolation; Mobile communication; mobile security; Operating systems; principle of least privilege; Silicon; Web operating system
• ISSN: 2324-9013
• DOI: 10.1109/TrustCom.2016.0279

BLP model is a classic model of significant strategies of confidentiality. By classifying and marking the subjects and objects, it realizes the discretionary access control and mandatory access control. Existing system security models are mainly based on the improved BLP model. Along with the popularity of mobile devices, cross-platform system based on Web is attracting more and more attentions. For its advantages of high mobility, portability and scalability, Web OS is applied as mobile e-government system solution. However, the existing Web OSes provides low confidentiality, as well as ambiguous design of system security access control policy. Thus, they cannot satisfy the demands for the security of mobile egovernment system. This paper constructs the security model based on the analysis of BLP model, which achieves the abstract modeling of Web OS on intelligent terminal, and redefines the model elements, mapping functions, as well as access control policy on both the subject and object to improve its confidentiality. Since BLP model lacks the least privilege principle on trusted subject and integrity constraints, we redraw the security level of the subject and object, and add the tag of confidence level and role mapping function according to the existing Web OS model. Finally, we carry out the principle of least privilege, as well as the integrity constraints on subjects and isolation mechanism between domains, which can improve the security effectively.