Está en la página 1de 264

LI NI U

Vn an ton thng tin (ATTT) c hnh thnh t nhng nm 70 ca


th k trc (TK 20). N tin c nhng bc di c bn. Mc d vy,
trong khun kh ca bn thn vn vn cn rt nhiu bi ton cha c li
gii. An ton thng tin l vn gn lin vi cng ngh thng tin (CNTT); m
CNTT ngy cng pht trin nhanh v l mt trong nhng yu t quan trng thc
y nn kinh t tr thc hnh thnh v pht trin vi nhng xu th ton cu ho
y thi c v thch thc vi loi ngi. V th ngy nay, vn ATTT vn l
vn c u tin c gc quc gia v quc t.
Thng tin v ATTT l yu t quan trng hng u ca an ninh quc gia.
Mc d nhng nm gn y, nhng c s php l u tin trong lnh vc
bo m ATTT c gy dng (Php lnh C yu, Ch th ca B Chnh tr
v cng tc c yu, cc ngh nh di Php lnh C yu, cc b lut v giao
dch in t, v thng mi in t), nhng y cha phi l gii php ton
b v hon chnh. mi ch l nhng nn mng u tin. S phn tch hin
trng vn ATTT hin nay a ti kt lun v tnh cp thit phi c mt tip
cn ng b h thng trong vic gii quyt nhng nhim v ca s nghip bo
m ATTT. Mt trong nhng nhim v quan trng l vn con ngi
chng ta thiu hng vn cn b lm CNTT, trong c cc k s ATTT.
Vic m chuyn ngnh o to k s ATTT ti hc vin K thut mt m
(Ban c yu Chnh ph) l nhm tng bc thc hin nhim v lu di
ni trn. Gio trnh c s an ton thng tin c th coi l nhp mn ca
chuyn ngnh ATTT ny
y l mn hc quan trng ca chuyn ngnh ATTT, n cung cp nhng
khi nim, nhng kin thc c bn c tc dng nh hng v gi m cho
sinh vin i vo hc tp v nghin cu ton b cc mn hc khc v ATTT
sau ny. Chnh v vy, chng ti mun gii thiu mt ci nhn tng th va
bao qut y cc vn c bn ca chuyn ngnh, li va th hin c
mc pht trin ca tng vn cng nh thnh tu mi nht vi mt
su nht nh (nht l cc vn v cng ngh an ton). y l nhim v ht
sc kh khn (v nhiu khi nhm tc gi cm thy l qu sc mnh), chng
ti c gng ti mc cao nht gii quyt n, cn thnh cng n u th
xin ch thc tin tr li.
Gio trnh gm ba phn:
Phn 1: L thuyt an ton thng tin cc h thng. Phn ny c bn
chng, tp trung gii thiu cc khi nim c bn v ATTT, m hnh tng

qut, cc nguyn tc c bn ca ATTT, cc him ho ATTT, cc phng


php bo m ATTT tng th, cc phng php mt m v cc thit b bo
v. Phn quan trng nht, trnh by cc vn c ngha phng php lun
trong thit lp h thng bo v chng cc him ho ph v tnh b mt, tnh
ton vn v tnh sn sng phc v ca thng tin. y l ba tnh cht quan
trng to thnh tnh an ton y ca thng tin. Trong phn ny trnh by
kh y cc phng php, cc cng ngh, cc k thut c bn trong vic
thit lp cc h thng m bo ATTT. Cc vn y c th hin trong
lgic tun th quan im mi nht v ATTT v c i chiu vi nhng tiu ch
ATTT c cng nhn rng ri nht.
Phn 2: Chnh sch an ton thng tin v cc m hnh an ton. Phn
ny gm hai chng ln, trnh by cc khi nim v chnh sch an ton v
m hnh an ton, lm r vai tr ch cht ca CSAT trong vic duy tr ATTT
ca mi h thng v mi thit b. Qua lm r vai tr ca con ngi, ca
nh qun tr v ca nhn vin trong gii quyt cc vn ATTT c th. y
chng ti tp trung vo CSAT ca h thng TT v cc c s ton hc ca
chng; vai tr ca CSAT v m hnh an ton trong vic phn nh v gii
quyt cc nhim v ATTT m thc t t ra vi mi h thng. Phn chnh
sch qun l nh nc v ATTT y khng c cp v chng ti mun
dnh ch ny cho mt gio trnh l Php lut an ton thng tin. y l ch
mi v nc ta ang trong qu trnh hnh thnh nhng bc u tin.
Phn 3: Cc tiu ch an ton thng tin. Phn ny gm 2 chng, tp
trung gii thiu mt vn thi s hin nay: s cn thit phi c cc tiu
chun, cc tiu ch ATTT khi m CNTT pht trin v bo, dn ti s ra i
cc mng din rng v mng ton cu, khi hnh thnh mt khng gian
CNTT (v do l khng gian ATTT) ton cu; trnh by cc b chun ATTT
ca mt s nc i u trong lnh vc ny v xu th pht trin ca chng.
Qua lm r vai tr cc tiu ch ATTT trong vic nh hng cho th trng
cng ngh an ton, v trong vic phi hp n lc chung ca nh qun l,
nh sn xut v khch hng trong vic cho ra i cc sn phm an ton
CNTT.
Gio trnh c vit ln u tin, chc chn cn rt nhiu khim khuyt
v ni dung cng nh phng php th hin, chng ti rt mong nhn
c nhng kin ng gp ca cc ng nghip v cc bn c, sinh
vin xa gn hon chnh tip trong qu trnh thc hin.
H Ni, thng 11 nm 2006
Cc tc gi.

Phn mt
L thuyt an ton thng tin cc h thng
Chng 1:
M hnh tng qut v cc nguyn l an ton thng tin
1.1. Khi nim an ninh (an ton) thng tin
1.1.1. An ninh quc gia v an ton thng tin trong thi i
hin nay.
Ch th 41-CT/TW ngy 1/7/2004 ca B Chnh Tr v tip
tc y mnh cng tc c yu phc v s nghip CNH HH
t nc l tp hp cc quan im chnh thc ca ng v
Nh nc ta v mc tiu, nhim v, cc nguyn tc ch o v
phng hng pht trin ca cng tc m bo an ton an ninh
thng tin ca nc ta trong giai on hin nay. Ch th nu r:
Cng tc c yu (tc l cng tc m bo an ton an ninh
thng tin) l mt trong nhng hot ng quan trng ca an
ninh quc gia.
Trong Php lnh c yu cng b ngy 15/4/2004 cng ch r
trong iu 1 (chng I): Hot ng c yu l hot ng c
mt c bit, thuc lnh vc an ninh quc gia.
Ch th 41 ca BCT v bn cht c th coi nh mt hc
thuyt v an ninh thng tin (ATTT) ca nc ta trong giai on
mi. N l c s:
hnh thnh chnh sch Nh nc trong lnh vc
bo m ATTT ca CHXHCN Vit Nam.
chun b cc lun c trong vic hon thin vic
bo m ATTT ca nc ta v php lut, v khoa hc
cng ngh, v qun l v trong vic hoch nh cc
chng trnh mc tiu v an ninh TT quc gia.
Ch th ny thng nht vi lut v an ninh quc gia ca
Vit Nam p dng vo lnh vc thng tin.
An ninh quc gia ca nc ta y c nh ngha l an
ninh ca mt dn tc vi t cch l ngi thc hin ch quyn
ton vn lnh th v ngi nm gi quyn lc duy nht ca
t nc.
An ninh quc gia c bo m bng cch ngn chn
hoc lm trit tiu cc e do bn ngoi v bn trong cc
lnh vc khc nhau ca i sng x hi nh chnh tr, kinh t,
quc phng, mi trng, thng tin,.
3

Trong mi lnh vc nh vy, Nh nc i din cho quyn li


ca ton x hi, cn phi tin hnh cc bin php nhm chn
ng cc mi him ho an ninh .
Trong x hi hin i hm nay, khi m cc mng vin
thng tin hc lin kt cht ch cc quc gia dn tc vi
nhau, khi m my tnh c mt trong mi gia nh v c
quan, khi m s ho, tin hc ho nh mt ln sng cun ht
mi t nc v dn tc, th vai tr ca lnh vc thng tin
ngy cng tng ln.
Lnh vc thng tin ngy nay c hiu l tp hp cc thng
tin, cc h tng c s thng tin, cc ch th thc hin vic
thu nhn, hnh thnh (sng to ra), chuyn ti v s dng
thng tin, k c cc h thng php lut iu tit cc quan
h x hi trong lnh vc thng tin.
Nh vy, lnh vc thng tin vi t cch l cc yu t cu
thnh ca cuc sng x hi hin i, nh hng ngy cng ln
ti trng thi chnh tr, kinh t, quc phng v cc thnh t
khc ca an ninh quc gia. An ninh quc gia v th ph thuc
mt cch cht ch vo vic bo m an ton thng tin v
trong qu trnh tin b k thut, s ph thuc ny s tng ln
khng ngng.
1.1.2. An ton thng tin quc gia.
An ton thng tin quc gia c hiu l trng thi c bo
v ca cc quyn li dn tc ca nh nc ta trong lnh vc
thng tin. l tp hp cn bng v hi ho cc quyn li ca
c nhn, ca x hi v ca Nh nc v thng tin.
Quyn li ca cc c nhn trong lnh vc thng tin:
l s thc hin cc quyn con ngi v quyn cng dn
(c ghi trong hin php) trong tip cn cc thng tin, trong
s dng thng tin vi mc ch tin hnh cc hot ng
khng b cm bi php lut, v s pht trin th cht, tm
hn v tr tu ca c nhn, cng nh trong vic bo v cc
thng tin lin quan ti an ton bn thn.
4

Quyn li x hi trong lnh vc thng tin: chnh l


vic m bo cc quyn li ca c nhn nu trn; cng c
nn dn ch XHCN; xy dng nh nc php quyn ca dn,
do dn, v dn; t c v duy tr s n nh chnh tr
x hi; pht huy bn sc dn tc i i vi i mi t nc
v mt vn ho, tinh thn; tng cng s lnh o ca ng
CSVN, y mnh CNH HH; hng ti mt Vit Nam dn giu
nc mnh, x hi cng bng, dn ch, vn minh.
Quyn li ca nh nc trong lnh vc thng tin: l
xy dung cc iu kin pht trin hi ho h tng c s
TT ca t nc; thc hin cc quyn hin php v t do con
ngi v c nhn trong vic thu nhn thng tin v s dng
chng vi mc ch bo m tnh lin tc ca th ch
XHCN, ton quyn v ch quyn lnh th ca nc ta; bo
m s n nh chnh tr, kinh t v x hi; pht trin s
hp tc quc t bnh ng v cng c li.
Trn c s quyn li dn tc ca Vit Nam trong lnh vc
thng tin, s hnh thnh cc nhim v chin lc v nhim v
trc mt ca chnh sch (i ni v i ngoi) ca Nh nc
trong lnh vc bo m ATTT.
T gc bo m ATTT, trong cc quyn li dn tc v
TT c th chia ra 4 thnh phn c bn nh sau:
Mt l, tun th cc quyn hin php v t do con
ngi v cng dn trong lnh vc thu nhn thng tin v s
dng thng tin; bo m s nghip i mi, CNH HH t
nc; gn gi v cng c cc gi tr o c ca x hi, bn
sc vn ho dn tc, cc tim lc vn ho v khoa hc ca
t nc.
Hai l, bo m TT v cc ch trng, ng li,
chnh sch ca ng v Nh nc Vit Nam. iu ny lin quan
ti vic cung cp cho d lun x hi nc ta v d lun quc t cc
TT chnh xc v cc ch trng, ng li, chnh sch ca
ng v Nh nc Vit Nam; quan im chnh thc ca ng,
5

Nh nc v cc s kin c ngha x hi quan trng ca Vit


Nam v th gii; lin quan ti vic bo m s tip cn ca
cc cng dn ti cc ngun TT quc gia cng khai.
Ba l, pht trin cc cng ngh thng tin (CNTT)
hin i; pht trin nn CNTT trong nc, trong c cng
nghip sn xut cc thit b tin hc ho, cc thit b lin lc
vin thng; bo m cc sn phm ny cho th trng trong
nc v xut khu, cng nh bo m cho vic tch tr, bo
v v s dng c hiu qu cc ti nguyn TT trong nc. Ngy
nay, ch c trn c s nh vy mi gii quyt c vn xy
dng cng ngh cao, ti trang b nn sn xut cng nghip,
pht huy hiu qu cc thnh tu khoa hc cng ngh trong nc. Vit Nam cn phi c v tr xng ng trong khu vc v
trn th gii v CNTT v cng nghip vi in t.
Bn l, bo v cc ti nguyn TT khi cc tip cn
tri php; bo m an ton cho cc h thng TT v cc h
thng lin lc - vin thng c trin khai cng nh ang
c thit lp trn lnh th nc ta.
1.2. Cc nguyn tc c bn ca an ton thng tin.
1.2.1. Cc dng thng tin.
Nh thy trn, ATTT l mt lnh vc bao gm hu ht
cc mt c bn ca i sng x hi: chnh tr, kinh t, x
hi, quc phng, an ninh, quan h quc t cng nh thng tin
i chng.
Nhn tng th, h thng ATTT c 3 thnh t c bn m
trong qu trnh thit lp v hon thin n chng ta phi ht
sc quan tm: l s bo m v lut php chun, v t
chc qun l v v cng ngh (Cng ngh Qun l Php l
chun) hay nh trong mt s ti liu cn gi l tam gic ATTT
(Cng ngh Chnh sch qun l Cc chun).
Chng ta hy xem xt nh ngha thng tin hin nay.
Trn quan im ATTT ngi ta nh ngha TT nh sau:

Thng tin - l tp hp cc c liu (cc tin tc) v


th gii bao quanh chng ta (cc s kin, cc c
nhn, cc hin tng, cc qu trnh, cc nhn t v
cc mi lin h gia chng), c th hin trong dng
thc ph hp cho vic truyn i bi nhng ngi ny
v tip nhn bi nhng ngi kia v c s dng vi
mc ch thu nhn kin thc (cc tri thc) v a ra
nhng quyt nh.
Ngy nay TT c hnh thnh, tn ti v vn ng trong
cc h thng thng tin vin thng (TT VT). Chng ta cn
nh ngha r v khi nim h thng TT VT.
H thng TT VT l tp hp cc thit b k thut
v bo m phn mm, lin h vi nhau bng cc
knh truyn v nhn TT. T cc yu t ngn cch
nhau v v tr a l, chng lin kt cht ch vi
nhau thnh mt th thng nht nhm mc ch
bo m chu trnh cng ngh x l TT (tm kim,
lu tr, bo v, x l, hiu nh) v cung cp cho
ngi dng kt qu ca s x l ny dng i hi.
Tm li, h thng TT VT bao gm cc mng my
tnh, cc bo m ton hc (cc phn mm) v h
thng lin lc.
Nh vy, ta thy TT - l cc tri thc trong ngha rng
nht ca t ny. V rng TT phn nh cc thuc tnh ca cc
i tng vt cht v mi quan h gia chng, nn theo cc
khi nim c bn ca trit hc, TT c th coi l i tng ca
nhn thc.
Suy cho cng, bo m TT l c s cho bt k hot ng
no ca con ngi. TT tr thnh mt trong nhng phng tin
c bn gii quyt cc vn v cc nhim v ca mt
quc gia, ca cc ng chnh tr v cc nh lnh o ca cc
c cu thng mi khc nhau v ca cc c nhn con ngi.
Ngy nay, kinh t th gii pht trin mc cao, khoa
hc cng ngh a ti s ra i ca nn kinh t tri thc. Lng TT tch lu c v mi kha cnh ca cuc sng x hi
7

hin i l khng l. Cc TT mi c sng to ra vi tc


ngy cng cao. Nhng mt khc, thu nhn TT bng con ng tin hnh nhng nghin cu, kho st ring (ca c nhn
hoc ca tp th) ngy cng tr nn t gi, tn km v
kh khn. Cho nn vic thu lm TT bng con ng r hn nhng bt hp php (tc l n cp TT) ngy cng tr nn thng
xuyn v m rng.
Trong bi cnh ni trn, ngy cng tng tnh cp thit ca
nhim v bo v TT (BVTT) trong tt c cc lnh vc hot
ng ca con ngi: trong phc v cc c quan Nh nc (lnh
o, ch huy, an ninh, quc phng, i ngoi); trong thng
mi, kinh doanh; trong hot ng khoa hc cng ngh, trong
sn xut v thm ch trong i sng ring t ca cc c nhn.
S cnh tranh thng xuyn gia cc phng php n cp TT
(v cc phng tin thc hin chng) vi cc phng php (phng tin) bo v thng tin dn n s xut hin trn th
trng rt nhiu chng loi thit b BVTT, v cng xut
hin vn la chn chng sao cho ti u v s dng cho
hiu qu trong nhng iu kin c th.
Chng ta hy im qua cc tnh cht ca TT nh l i tng ca nhn thc v cng l i tng ca s bo v.
Cc c tnh ca TT nh l i tng ca nhn thc:
TT l phi vt cht trong ngha rng khng th
o cc thng s ca n, v d nh khi lng, kch thc, nng lng bng cc my mc v cc phng
php vt l quen thuc.
TT c ghi trn mt vt mang vt cht, c th lu
gi, x l, truyn ti theo cc knh lin lc khc
nhau.
Bt k i tng vt cht no cng cha TT v bn
thn n hoc v mt i tng khc.

Khng c TT th cuc sng khng th tn ti di bt c


hnh thc no, v khng th hot ng c bt k h thng
TT no do con ngi v t nhin to ra. Khng c TT, cc h
thng sinh hc v cc h thng nhn to ch cn l mt
ng cc nguyn t ho hc. Cc th nghim cch ly cc c
quan cm gic ca con ngi, ngn cn s trao i TT ca con
ngi vi mi trng xung quanh, chng t rng s i TT
gy ra nhng hu qu hu dit khng km g i kht vt
cht.
Mc d ngnh thng tin hc (informatics) ngnh khoa
hc ng dng chuyn nghin cu v cc qu trnh TT, n
nay t nhng thnh tu nht nh, nhng mt s thu
hiu su sc v bn cht ca TT vn cha t c.
Cc tnh cht ca TT nh i tng ca s bo v:
1) i tng cn bo v l cc vt mang TT.
Thng tin n c vi con ngi l v n c cha ng
trong cc vt th mang TT. V d, mt bn tin chin s ta
nhn c nh c bo (TT th hin qua ch vit v c in
trn vt mang l giy) hoc nh nghe i (TT th hin qua
ting ni m thanh sng m l vt mang). V bng cc
thit b vt cht ch c th bo v c cc i tng vt
cht, nn i tng cn bo v l cc vt mang TT (vt cht)
Ngi ta phn chia ra vt mang ngun tin, vt mang ti
tin v vt mang thu tin. V d, mt bn v l mt ngun tin,
cn t giy m trn c bn v l vt mang tin. Bn cht
vt l ca ngun v vt mang y l mt - l t giy.
Tuy nhin gia chng c s khc nhau. T giy khi khng c
vn bn hoc hnh v trn ch l t giy trng v ch l
ngun thng tin v cc c tnh vt l v ha hc ca bn
thn n m thi. Khi t giy c cha mt TT c ngha n s
c mt tn gi khc: bn v, bn tin, ti liu v.v Bn v cc
chi tit hoc cc nt l cu thnh ca mt ti liu phc tp
hn bn v mt chic my, mt c ch, mt ti liu thit
k sn phm mu

Nh vy theo chc nng, ngun c th mang tn gi khc


nhau. Nhng khng ph thuc vo tn gi ca cc ti liu, ci
cn phi bo v chng li vic nh cp, sao chp, lm
thay i v ph hu thng tin chnh l cc t giy v chng
c kch thc xc nh, trng lng r rng, c bn c hc
nht nh, c bn vng mu sc hoc mc in i vi
cc tc ng bn ngoi ca mi trng. Cc thng s ca vt
mang tin quyt nh cc iu kin v phng php lu gi
thng tin trn . Mt loi vt mang c bit khc l cc trng (sng in t, sng m ). Chng khng c bin gii r
rng trong khng gian, nhng cc c trng ca chng hon
ton o c. Bn cht ca ngun tin, vt ti tin v vt thu tin
c th nh nhau v cng c th khc nhau.
Vic truyn TT thc hin bng cch di chuyn vt mang
TT trong khng gian lin quan n tiu tn nng lng v nng
lng ny ph thuc di ng i, cc thng s ca mi trng v bn cht vt mang.
2) Gi tr ca TT c nh gi bi mc c li ca n
i vi ngi s dng (ch s hu, ngi c tin, ngi nhn tin).
y c th phn chia lm 3 loi TT: c li, c hi v trung
ho (v hi).
TT trung ho khng gy nh hng g n
trng thi cng vic ca ngi dng n.
TT c hi l TT mang li thit hi vt cht hoc
tinh thn cho ngi dng hoc ngi nhn tin .
Khi mt TT c hi c dng ln mt cch ch
th n cn gi l TT ngu trang hay TT ho m.
TT c li mang li li ch nht nh cho ngi
dng n.
Li ch ca TT lun lun c th. TT c li hay c hi l i
vi ngi dng c th. Ngi dng y hiu l mt c nhn
con ngi, hoc mt tp th v thm ch c nhn loi. TT
cc k c li cho mt loi ngi ny c th li l c hi hoc
khng c li cho nhng ngi khc. Thm ch, TT qu gi cho
10

ton b nhn loi, v d cng ngh ch to cc thuc cha


bnh him ngho, nhng i vi mt con ngi kho mnh c
th li khng ng quan tm.
Chnh v vy, trong BVTT, trc ht ngi ta xc nh
phm vi nhng ngi (cc cng ty, cc nh nc) c nhu cu
i vi TT c bo v. V c th l trong phm vi s
xut hin cc tin tc (ngi sn lng TT c
bo v).
Vi mc ch bo v thng tin c gi tr (c li) ch s
hu ca TT (Nh nc, t chc, c nhn) nh ra trn vt
mang TT mt du hiu quy c tnh gi tr ca TT cha
trong Du hiu gi l mt ca TT.
mt ca cc TT m ch s hu l Nh nc (hoc cc
c quan Nh nc) c xc nh trn c s Php lnh bo v
b mt Nh nc v Danh mc cc b mt nh nc ca cc c
quan, l thuc v b mt quc gia. Theo ngh nh s
33/2002/N-CP ngy 28-3-2002 ca Chnh ph, cc thng tin
mt, thng tin ti mt, thng tin tuyt mt l cc thng tin
m s nh cp hoc s ph bin bt hp php ca n c
th mang li thit hi cho t chc, c quan Nh nc, cc lnh
vc kinh t x hi, cc tnh thnh hoc c nc.
nh du mt ca cc TT thng mi dch v,
kinh t x hi ngi ta dng nhiu cch phn chia khc nhau,
v d: cng cng, hn ch, c quyn, hoc i chng, dng
chung, dnh ring
3)1 C th coi TT l mt th hng ho.
TT c li, c hi v c th mua hoc bn TT. Do vy TT c
gi c. Cng nh cc hng ho khc, TT c gi c v gi tr. Gi
c gm gi tr v li nhun
Gi tr xc nh bi chi ph m ch s hu b ra
thu c TT bng cch:

11

Tin hnh cc kho st, nghin cu trong phng th


nghim, trong cc trung tm phn tch, trong cc
nhm.
Mua TT trn th trng TT.
t c TT bng con ng bt hp php.
Li nhun t TT, do tnh c th, c th c cc dng
rt khc nhau, v tin bc khng phi l hnh thc ph bin
nht. Ni chung, li nhun t TT c th thu c bng cc hot
ng sau:
Bn TT trn th trng.
Vt cht ho TT trong sn phm vi cc tnh cht mi
hoc cng ngh mi mang li li nhun.
S dng TT a ra cc quyt nh hiu qu
hn. iu ny khng hon ton r rng, nhng li
chnh l hnh thc ph bin nht ca li nhun t
TT.
4) Gi tr ca TT thay i theo thi gian.
S lan truyn ca TT v vic s dng TT dn n thay
i gi tr (v gi c) ca n. c trng thay i gi tr ca
TT theo thi gian ph thuc vo dng ca TT. Vi cc TT khoa
hc k thut s ph thuc ny thng c dng hnh sng (lc
cao, lc thp). V d, vo u th k 20, cc kt qu nghin
cu v vt l nguyn t ch mang tnh khm ph thun tu
v ch c s t cc nh bc hc quan tm n. TT trong
lnh vc ny tr nn cc k gi tr khi xut hin cc kh
nng thc t s dng nng lng nguyn t. Theo mc ph
bin ca cng ngh s dng nng lng ni trn, gi tr ca TT
trong lnh vc ny li dn dn gim st
Gi tr phn ln cc dng TT, lan truyn trong x hi theo
thi gian u gim dn TT b c i. Ngi ta biu din mc
c i (mc lc hu) ca TT bng cng thc sau:

12

C ( ) C exp(2,3 )
i

y:

: lc hu ca TT ti thi im s dng

: gi tr ca TT ti thi im n xut hin (c

to ra)
: khong thi gian t lc TT xut hin n thi
im s dng TT

: di chu k sng (vng i) ca TT (t lc


TT xut hin
ton).

n thi im lc hu hon

Theo cng thc ny, sau mt vng i gi tr ca TT gim


xung cn 0,1 gi tr ban u. Ph thuc vo chu k sng ca
TT, i khi ngi ta phn ra thnh:
TT chin thut: l TT m gi tr ca chng gim
i 10% mi ngy (v d TT v tn dng ngn hn,
n t hng trong vng 1 thng).
TT chin lc: l TT m gi tr ca n gim i
10% mi thng (v d, TT v cc i tc, v tn
dng di hn, v pht trin)
5) Khi nim lng thng tin.
Lng TT cha trong mt cun sch, chng hn, i vi cc
c gi khc nhau s khc nhau. Thm ch cng mt con ngi
cc giai on khc nhau ca cuc i mi ln vn tm c
trong cun sch iu g mi hn cho bn thn. Lng
TT trong u mt ngi c th gin tip nh gi theo vic
lm ca anh ta v c mt quyt nh ng n cn
phi c nhiu TT hn. R rng l khng th nh gi mt
cch khch quan (khng tnh ti li ch ca TT i vi ngi
dng) lng TT.
Trong l thuyt TT, nh gi lng TT ngi ta dng tip
cn entrpi ( bt nh). Theo lng TT c nh gi
bng gim s bt nh (entrpi) ca ngi nhn TT trong
13

la chn hoc ch i s kin sau khi nhn c TT. Lng TT


thu c cng ln, th xc sut s kin cng nh. Cch miu t
nh vy rt thun tin xc nh lng TT trong mt bn tin
c truyn theo cc knh lin lc. Lng TT trong bn tin t N k
hiu (khng tnh ti lin h gia cc k hiu trong bn tin) c tnh theo cng thc ni ting ca Shannon:
n

I N Pi log
i 1

y:

: Xc sut xut hin k hiu i trong bn tin

n : s k hiu trong bng ch ci.


T cng thc ny suy ra, lng TT (o bng bit, bytes) ch
ph thuc vo s lng v thng k ca cc k hiu ch khng
ph thuc ni dung TT.
Lng TT xc nh theo cng thc ny, ging nhau khi
truyn i mt bn tin v ngha hoc mt bn tin quan trng
sng cn i vi ngi nhn TT. Trn quan im truyn tin
theo cc knh lin lc th tip cn trn l ng n, v ci
gi b ra truyn cc bn tin nh vy l ging nhau. Cn
vic vi mc ch g ngi gi tin i chi ph tin bc v
bn tin ny c ch li g cho ngi nhn cc cu hi ny
khng c quan h g i vi lin lc.
Cng ging nh vy, trong cuc ni chuyn qua in thoi
m ngi bn cung cp cho ta nhng tin tc bit th lng
TT ta thu c rt nh mc d cuc ni chuyn c th rt lu.
Khi xut hin cu hi, ci g c truyn i y.
R rng ci c truyn i ch thun tu l cc tn hiu
in v tn hiu m thanh m thi.
Trn thc t, ngi ta hay dng phng php n gin v
th hn o TT bng cch tnh lng k hiu ca bn tin
(bng bit hoc bytes) hoc l o cc c trng ca vt
mang nh s trang, s t, thi gian truyn tin M ngha
ca TT v gi tr ca n khng c quan tm.

14

1.2.2. M hnh tng qut ca qu trnh bo v thng


tin.
Vai tr c bn ca m hnh tng qut l ch ra cc
iu kin cho vic nh gi khch quan trng thi chung ca
h thng trn quan im o mc bo v TT trong h
thng (HT). y cc khi nim nh mo him, bo
v, tn thng ca TT c th coi nh ng nht. S cn
thit ca cc nh gi nh vy thng xut hin khi phn tch
cc tnh hung chung a ra cc quyt nh c tnh
cht chin lc trong t chc BVTT.
Gi s chng ta c mt HT TT VT ni TT ang c x l
trong cc thnh phn (ta s gi l cc i tng objects) ca n.
HT gm nhiu i tng

nh vy. Trong qu trnh x l TT

(m ta quan tm) HT c th trong cc trng thi k khc


nhau (khi nim trng thi ca HT nh vy chng ta s nh
ngha sau). R rng l ton b HT v cc i tng

lun

lun chu tc ng lin tc ca cc him ho (e do) v


ATTT. Ta k hiu cc him ho ny l

. Gi s tip, trong

HT ca chng ta c ci t mt s thit b bo v

no chng li cc him ho nht nh bit. Ta k


hiu tp hp tt c cc him ho cn li (tr cc him ho
c thit b bo v chng li) l

. Khi m hnh tng

qut nht c th ch ra nh s sau:

(Yo )

ij ''k

15

P
i

Hnh 1.1: M hnh tng


qut BVTT
Chng ta lu rng:

l xc sut (x.s) bo v TT ang x l ti i t-

ng

(tc l BVTT ti

Vic x l TT ti
him ho ATTT

O ).
i

chu tc ng lin tc ca cc

(trong mi trng thi ca

O ).
i

c tnh v mc tc ng ca mi loi him ho


coi l c lp vi nhau.
H thng c coi l khng y trong ngha l
c tnh ti ch mt s thit b bo v chng li mt
vi him ho nht nh, cn nhiu him ho khng
c thit b tng ng chng li.
tnh ton y th phi tnh ti tng tc gia
cc him ho vi nhau, cng nh tng tc gia cc
thit b bo v vi nhau, v c tng tc gia cc
thit b bo v vi cc him ho na.
Chng ta c th vit:

P 1 (1 P )
i

i ,k

y:

l x.s bo v TT ti

ik

trng thi k.

l trng s ca trng thi k ca HT trong

khong thi gian nh gi. Nu T l khong thi gian


nh gi v

l phn thi gian m HT x l ri vo

trng thi k th c th vit:

t k
T

16

V h l khng y nn c th vit:

ik

P' P''
ik

ik

y:

P'

x.s bo v TT ti

ik

lm vic ca

trng thi k ca n (ch

O ), chng li tt c cc him ho m
i

trong HT khng c cc thit b bo v tng ng (tp hp


cc him ho cn li

P''

).

x.s bo v TT nh trn chng li cc him ho

ik

m trong HT c ci t cc thit b bo v.
C th vit:

1 (1 Pij 'ko )
(Y )

P'

ik

j '

y j nhn cc gi tr s th t cc him ho m
khng c thit b chng li; cn:

P''

ik

1 (1 Pij ''ok )
(Y )

j ''

y, j nhn cc gi tr s th t cc him ho m
trong HT c cc thit b chng li.
nhn gi tr s th t cc thit b bo v c ci

t trong HT.
X.s P bo v TT ti mt nhm cc i tng x l ca
HT s l:

P Pi
i

Trong bi ton cn phi tnh ti cc yu t thi gian. Cc


cng thc tnh bo v nu trn ch ng trong mt
khong thi gian khng ln t . Nu khong thi gian T m
trong ta nh gi bo v ca HT ln hn nhiu so vi
t th ta c:
17

P(T ) P z (t )
z 1

Z [

T
]
t

- phn nguyn, cn

P (t ) - l bo v
z

TT khong thi gian th z vi di t .


M hnh tng qut ny kh n gin. xc nh
bo v TT ch cn bit cc c trng thng k tc ng ca
cc him ho khc nhau i vi TT v hiu qu hot ng ca
cc thit b bo v c. c c cc c trng l rt
kh, nhng khng phi l khng gii quyt c. Cn ch ra
rng, m hnh b qua mt s tng tc quan trng nh
ni trn.
1.2.3. Cc nguyn tc c bn ca thuyt ATTT.
ATTT cc h thng da trn cc i hi ca php lut hin
hnh, cc tiu chun, cc ti liu phng php chun, c bo
m bng t hp cc thit b k thut chng trnh v cc
bin php t chc tr gip chng tt c cc giai on cng
ngh ca x l TT v trong tt c cc ch hot ng ca
cc thit b k c khi sa cha v nim ct.
Cc thit b k thut chng trnh ca bo v khng c gy nh hng xu ti cc c trng hot ng c bn ca
h thng ( tin cy, tnh linh hot, kh nng thay i cu
hnh). Mt trong nhng phn khng th b qua ca cng
vic v ATTT l vic nh gi hiu qu ca cc thit b bo
v, c tin hnh theo phng php c tnh ti ton b cc
c trng k thut ca i tng c nh gi k c cc gii
php k thut v s thc hin trn thc t cc thit b bo
v. Vic bo v h thng phi i km s kim sot hiu qu
cc thit b bo v c xut nh k bi ngi dng hoc
bi c quan kim tra.
Nhng i hi nu trn c th thc hin nh 7 nguyn
tc sau y:
1. Nguyn tc tnh h thng.
18

Tip cn h thng trong ATTT coi rng: cn phi kim k


tt c cc yu t, cc iu kin v cc nhn t c quan h
vi nhau, c tng tc vi nhau v c bin i theo thi gian:
Trong tt c cc dng hot ng TT v th hin TT.
Vi tt c cc thnh t ca HT.
Trong tt c cc ch hot ng.
tt c cc giai on ca chu k sng.
Trong s tng tc ca i tng bo v vi mi trng
bn ngoi.
Khi thc hin ATTT h thng cn phi tnh ti tt c cc
ch xung yu, cc v tr d tn thng ca h thng x l
TT, v c c trng, cc i tng tim nng, cc hng ca cc
tn cng v h thng t pha nhng k ph hoi (c bit k
c c trnh chuyn mn cao), cc con ng xm nhp
vo cc h thng phn tn v cc knh tip cn tri php
(TCTP) ti thng tin. H thng bo v phi c thit lp vi
vic tnh ti khng ch tt c cc knh xm nhp bit,
m cn c kh nng xut hin cc knh hon ton mi ca cc
nguy c an ton.
2.1

Nguyn tc tng th.

Trong tay cc chuyn gia an ton my tnh c rt nhiu


bin php, phng php v thit b bo v h thng my
tnh. Cc thit b tnh ton hin i, cc h iu hnh, cc
thit b chng trnh ng dng v ch dn u c ci t
cc yu t bo v khc nhau. S dng tng th ng b cc
yu t ny yu cu s tng thch ng b ca cc thit b
khc loi khi xy dng h thng ton vn bt kn tt c
cc knh xm nhp ca cc him ho v khng cha cc v
tr xung yu ni tip gip ca cc thnh t ca h.
3. Nguyn tc bo v lin tc.
Bo v TT - khng phi l bin php mt vi ln v
thm ch khng phi l tp hp c th ca cc bin php
19

thc hin v cc thit b ci t, m l mt qu


trnh lin tc hng ti mc tiu, yu cu phi a ra cc gii
php ph hp tt c cc giai on ca chu k sng ca h
thng (bt u ngay t lc thit k ch khng phi ch
trong khi khai thc h thng). Thit k h thng bo v phi
c tin hnh song song vi thit lp chnh h thng c bo
v.
Phn ln cc thit b bo v k thut v vt l cn c s
tr gip thng xuyn ca cc bin php t chc (hnh chnh)
thc hin c hiu qu cc chc nng ca chng. (V d
nh s thay i kp thi bo qun cht ch v ng dng linh
hot cc tn, mt khu, cc kho m, s phn quyn v.v). S
gin on (hoc ngng tm thi) trong cng vic ca cc
thit b bo v c th b bn c li dng phn tch cc
phng php v cc thit b c p dng chng a vo
cc chng trnh c bit, cc thit b ci by v cc phng tin khc qua mt h thng bo v khi h thng
lm vic tr li.
4. Nguyn tc y hp l.
Thit lp mt h bo v tuyt i khng chc thng c
l mt iu khng tng v rng vi y iu kin v
phng tin c th vt qua mi h bo v bt k. V d, cc
phng tin bo v mt m trong phn ln cc trng hp khng
bo m bn vng tuyt i, m chng ch bo m
s b mt TT trong iu kin b tn cng m thm lin tc
bng cc my tnh hin i, trong mt khong thi gian ph
hp vi yu cu bo v m thi. Do cn ni v mt
bo v va no . Mt HT bo v hiu qu c gi kh
t. N s dng cng sut ng k ca my tnh v cc ti
nguyn i km v do n c th gy thm cho ngi dng
h thng mt s bt tin v rc ri ng k. iu quan
trng l phi la chn ng mc bo v cn thit, m
trong cc chi ph, mo him v phm vi cc thit hi
c th l chp nhn c (Bi ton phn tch mo him).
20

5. Nguyn tc mm do h thng.
Thng thng phi thit lp h bo v trong cc iu
kin bt nh kh ln. Cho nn cc bin php thc hin v
cc thit b lp t cho bo v, nht l giai on u i
vo hot ng, c th bo m hoc l mt bo v qu
mc hoc l qu thp. Do vy c th iu chnh
bo v, cc thit b nh vy phi c s mm do nht nh.
c bit quan trng iu ny, khi m h bo v c a
vo mt HT ang lm vic m khng c php ph v qu
trnh hot ng bnh thng ca n. Ngoi ra, iu kin bn
ngoi, cc yu cu bo v theo thi gian cng c thay i.
Trong nhng tnh hung nh vy, tnh cht mm do HT bo
v s gip cho vic nng cp HT d dng m khng phi
thay th mi ton b my mc thit b ca HT.
6. Nguyn tc cng khai ca thut ton v c ch bo v.
Bn cht ca nguyn tc ny l ch, s bo v khng
c ch da vo b mt c cu t chc v cc thut ton
hot ng ca cc tiu h (b phn). D c bit thut ton
lm vic ca HT bo v th cng khng th qua mt c n
(thm ch c tc gi ca HT bo v cng vy).
7. Nguyn tc n gin trong s dng.
Cc c ch bo v phi d hiu v n gin trong s
dng. Vic p dng cc thit b bo v khng c buc phi
bit cc ngn ng c bit hoc buc phi thc hin cc
ng tc i hi lao ng kh khn i vi ngi dng hp
php, k c vic thc hin cc thao tc kh hiu rc ri.

Chng 2
21

Cc him ho an ton thng tin


2.1. Khi nim cc him ho ATTT.
2.1.1. nh ngha him ho ATTT i vi HT TT VT.
2.1.1.1. nh ngha:
Him ho c hiu l nhng s kin, tc ng, qu
trnh hoc hin tng tim nng c th, m khi xy ra s
mang li thit hi cho quyn li ca mt ai .
Him ho ATTT ca HT TT VT l nhng kh nng
tc ng ln TT c x l trong HT v dn ti s bin dng,
hu dit, sao chp, s ngn chn tip cn ti TT; l kh nng
tc ng ti cc thnh phn ca HT dn ti s mt mt, s ph
hu hoc s ngng tr hot ng ca vt mang TT, cc thit
b tng tc vi vt mang hoc cc thit b iu khin
chng.
2.1.1.2. Cc him ho in hnh v phn tch him
ho.
Nh trn phn tch, khi xut hin mt HT TT VT no
, trong mi trng a l t nhin v mi trng x hi c rt
nhiu cc yu t tc ng vo HT v cc TT c x l trong
HT . c bit trong x hi hin i, c rt nhiu ngi quan
tm ti cc TT cha trong HT . Ngha l tn ti rt nhiu
cc him ho ATTT i vi mi HT TT VT bt k.
Ngy nay ngi ta kho st c rt nhiu loi him ho
ATTT i vi HT, danh mc cc him ho nh vy c ti hng
trm. Cc him ho hay xy ra v thng gp in hnh l:
Sao chp (copy) bt hp php cc vt mang TT.
Thao tc khng thn trng dn n gii mt cc TT
mt hoc l lm l cc TT mt.
B qua (khng tun th) cc quy tc t chc (
c xc lp) khi lm vic vi TT ca HT.

22

vch ra c cc yu cu ATTT i vi vic bo v HT,


trc ht phi tin hnh phn tch him ho ca HT. Phi lit
k c danh mc cc him ho; nh gi c xc sut thc
hin ca chng; cn xc nh c m hnh k ph hoi.
chnh l ni dung c bn ca phn tch him ho HT. Ngoi
vic lm r cc him ho c th, cn phi tin hnh phn
tch chng trn c s phn loi theo cc du hiu, m mi
du hiu sau s phn nh mt trong nhng yu cu tng
qut i vi h BVTT. Cc him ho cng loi (cng tng ng vi
mt du hiu) s cho php chi tit ho yu cu tng qut ni
trn i vi mi du hiu phn loi.
2.1.1.3. Phn loi cc him ho.
S cn thit phi phn loi cc him ho ATTT i vi mt
HT l do nhng iu kin khch quan sau y: Kin trc
ca cc thit b x l TT hin i, thit k v t chc, v
cu to, v chc nng hot ng ca cc trung tm my tnh
v cc mng; cng ngh v iu kin x l t ng cc TT
hin nay trong trng thi m TT tch lu, lu gi v x l
trong phi chu cc nh hng ngu nhin ca cc k
nhiu cc yu t, n mc khng th no t ra c bi
ton miu t ton b tp hp cc him ho i vi mi HT. Cho
nn, i vi h bo v, ngi ta thc hin vic xc nh
khng phi danh mc y cc him ho, m ch l danh
mc cc lp him ho m thi.
Phn loi cc him ho ATTT ca mt HT c th thc hin
theo lot cc du hiu c bn sau y:
1. Theo bn cht xut hin.
Cc him ho t nhin: l cc him ho do s tc
ng ln HT v cc thnh phn, ca cc qu trnh
vt l khch quan hoc cc hin tng thin tai ngu
nhin, khng ph thuc vo con ngi.
Cc him ho nhn to: l cc him ho ATTT
i vi HT gy ra bi hot ng ca con ngi.
23

2. Theo mc nh trc.
Him ho ca hnh ng ngu nhin v/hoc
him ho sinh ra do cc li hoc s bt cn ca
nhn vin.
Him ho t cc hnh ng c nh trc (k xu
nh cp TT).
3. Theo ngun trc tip sinh ra.
Ngun sinh trc tip l mi trng t nhin: nh thin
tai, bo t, phng x.
Ngun sinh trc tip l con ngi: ci cm ni gin,
mua chuc, sao chp trm
Ngun sinh l cc phn mm hp php: Khi chy chng trnh lm vic m gy nn treo my hoc
gy ra cc bin i trong cu trc d liu.
Ngun sinh l cc phn mm bt hp php: nh
virus, nga Troa, bom logic
4. Theo v tr ca ngun sinh ra.
Ngun sinh nm ngoi lnh th kim sot ni t
HT nh: thu trm cc bc x thp nh in t m
thanh t cc thit b v ng dy hoc thu v
khuch i cc bc x tch cc t cc thit b ph
tr khng trc tip tham gia qu trnh x l TT (ng in thoi, ng in nui, l si).
Ngun sinh nm ngay trong lnh th kim sot (to
nh t my) nh: n cp rc thi cng ngh (giy
vit, giy nhp c cha TT), cc thit b nghe trm,
chy n
Ngun sinh c tip cn ti thit b u cui.
Ngun sinh t ngay trong h thng: v d, thit
k ci t cc thit b, cc chng trnh ly cp,
ph hoi S dng khng ng cc ti nguyn.
24

5. Theo mc ph thuc vo hot ng ca HT TT VT.


Khng ph thuc vo hot ng ca HT: v d cng
ph mt m bo v, n cp cc vt mang tin (a
t, b nh, bng t).
Ch xut hin trong qu trnh t ng x l TT:
nh hon thnh v pht tn cc chng trnh vi rt
6. Theo mc tc ng ln h thng.
Him ho th ng khng lm thay i g v
cu trc v ni dung HT: v d sao chp cc d liu
mt.
Him ho tch cc gy ra nhng thay i nht
nh trong cu trc v ni dung ca HT: v d cc
by, cc vi rt, nga Troa, b, rp lm bin dng
TT
7. Theo cc giai on tip cn ca ngi dng hoc cc chng trnh ti cc ti nguyn HT.
Th hin khi thc hin tip cn ti nguyn HT: v
d tip cn tri php ti HT.
Th hin sau khi c php tip cn ti HT: v d s
dng tri php hoc sai ti nguyn HT
8. Theo phng php tip cn ti cc ti nguyn HT.
S dng con ng chun thng thng tip cn ti
nguyn: v d li dng mt khu, gi danh ngi
dng
S dng cc phng tin ngm (khng chun): qua
mt cc thit b kim sot, chc thng h iu
hnh HT.
9. Theo ni c tr hin ti ca TT c lu gi v x l trong
HT.
Tip cn TT ti cc b nh ngoi (sao chp trm t
a cng).
25

Tip cn TT ti vng nh hot ng (ROM, RAM): v


d c TT t vng nh dnh cho h iu hnh
hoc thit b bo v
Tip cn TT ang i li trn cc ng lin lc: v
d trch ng lin lc bin i TT, n trm
danh tnh ngi dng mo nhn, nh la xc
thc, chim ot TT ng truyn
Tip cn TT phn x t terminal, hoc trn my in:
v d ghi cc TT phn x vo mt camera mt
2.1.1.4. nh ngha h thng TT VT an ton.
Trc khi xem xt nh ngha HT an ton, chng ta hy a ra cc tnh cht quan trng ca TT, m qua phn tch cc
him ho ATTT chng ta c th suy ra. l tnh b mt ca
TT, tnh ton vn ca TT v tnh sn sng tip cn ca
TT (hay cn gi l tnh sn sng phc v ca TT).
1. Tnh b mt ca TT.
y l mt thuc tnh c xc nh mt cch ch quan.
N ch ra s cn thit phi hn ch s ch th c tip cn
ti TT ny v n phi c bo m bng kh nng ca HT bo
v TT ny (gi b mt) trc nhng ch th khng c php
tip cn ti n. C s khch quan ca s hn ch nh vy i
vi mt loi ch th ny l ch cn phi bo v cc quyn li
hp php ca nhm ch th ny trc cc ch th khc trong
mi quan h TT.
2. Tnh ton vn ca TT.
l s tn ti ca TT dng khng b bp mo (xuyn
tc), tc l dng khng thay i so vi mt trng thi xc
nh no (v d trng thi ban u chng hn).
3. Tnh sn sng phc v ca TT.
y l thuc tnh ca HT (mi trng, thit b v cng
ngh x l) m trong TT chuyn ng c c trng bi
kh nng bo m tip cn thng sut v kp thi ca cc
26

ch th ti TT m h quan tm v bi s sn sng ca cc
dch v t ng tng ng phc v cc yu cu ca cc
ch th khi h a ra.
Tng ng nh vy, cc him ho ATTT c th quy v 3 loi
sau y:
Him ho ph v tnh b mt (hay l him ho l tin). Khi
m TT n vi ngi m ngi khng c quyn tip cn ti
n th ta ni him ho l tin xy ra. C mi ln c mt
tip cn ti mt TT mt no ang c lu tr, chuyn ti
hoc x l trong h thng th u c nguy c l tin din
ra. Ngi ta cn gi l s r r TT mt.
Him ho ph v tnh ton vn TT. Bt k s thay i
c no ti TT ang tham gia qu trnh x l u lm ph v
s ton vn ca n. S thay i hp php TT l s thay i
TT c thc hin bi ch th c u quyn vi mc ch r
rng (v d cp nht theo chu k cc CSDL). Trong cc thay
i TT hp php nu xy ra cc li ngu nhin v bo m
chng trnh hoc bo m thit b cng s dn ti ph v s
ton vn TT.
Him ho t chi dch v (hay l khc t phc v). Khi
m hnh ng c ca k xu hoc ca mt ngi dng no
, lm ngn cn tip cn ti mt ti nguyn nht nh ca
h thng th ta ni mt him ho t chi dch v xy ra.
S ngn cn tip cn ny c th l vnh vin hoc c th
trong mt thi gian nht nh.
By gi chng ta c th a ra nh ngha HT an ton.
Ngy nay ngi ta cng nhn mt nh ngha nh sau: Mt
HT x l TT c coi l an ton nu HT bo m c 3
tnh cht c bn ca TT l tnh b mt, tnh ton vn v
tnh sn sng dch v ca TT c x l trong HT . Chng
ta s cn quay tr v nh ngha ny trong chng ti.
2.1.1.5. Him ho l cc thng s ca h thng.

27

trnh pht trin hin nay ca CNTT, thc t cho


thy: cc tiu h bo v hoc cc chc nng bo v l mt
b phn khng th tch ri ca mt HT x l TT. Thng tin
khng t khi c biu din dng thun tu, m trn con ng dn n TT bao gi cng c cc h bo v nht nh.
V vy tn cng, hoc to ra him ho ATTT (ph v tnh
b mt TT chng hn), pha tn cng phi cng ph h bo
v ny. Mt khc, thc t cng cho thy, khng tn ti mt
h bo v tuyt i bn vng, vn chnh y l thi
gian v thit b i hi cng ph h bo v m thi.
T thc t nh vy, ngi ta coi rng, vic bo v mt HT
TT VT c xc nh, nu trong qu trnh kho st HT ta
xc nh c tt c cc v tr xung yu ca n. S cng ph
mt HT r rng l nhm trc tin vo cc v tr xung yu ni
trn, v bn thn s cng ph ny l mt him ho to ln. Cho
nn bo v HT x l TT, cng vi 3 loi him ho c bn ni
phn trn, ngi ta cn xem xt loi him ho th t: l
him ho l cc thng s ca HT (gm c h bo v).
Trn quan im thc t th bt k th on cng ph
no cng thng bt u bng tnh bo, thm d nhm xc
nh c cc thng s c bn ca HT, cc c trng ca n
v.v Trn c s s xc nh r hn nhim v cng ph
v la chn thit b k thut ph hp cng ph HT.
Him ho l thng s HT c th coi nh l gin tip. Khi
him ho ny xy ra, khng gy thit hi g cho bn thn
TT c x l trong HT, nhng n to iu kin cho 3 loi him
ho c bn (s cp) k trn xy ra. Vic a ra khi nim
him ho l thng s HT cho php trn quan im k thut
lm r s khc nhau gia cc HT c dng (phi c bo v)
vi cc HT cng khai. i vi loi HT ny th him ho do thm
cc thng s ca HT khng cn t ra (coi nh c thc
hin).

28

2.1.2. Cc phng php ph v cc thuc tnh c bn ca


TT.
2.1.2.1. Ba thuc tnh c bn ca TT.
Chng ta nh ngha 3 thuc tnh c bn ca TT nh
i tng cn bo v. l tnh b mt, tnh ton vn v
tnh sn sng dch v ca TT. Trn thc t kh phn bit
gianh gii gia chng. Ba phm tr ny c nhng min giao
nhau. D thy rng, c nhng TT mt dnh ring cho mt
i tng dng m vic tho mn tnh b mt bao hm c
s ton vn v sn sng phc v ri. Cng cn lu ti yu
cu phc v TT lnh o, ch o, ch huy ca ngnh C
yu nc ta l b mt, chnh xc v kp thi trong mi tnh
hung, thy r c s khoa hc ca khu hiu ny. C th
miu t quan h gia 3 tnh cht c bn ca TT trong s
sau:

Ton vn

B mt

Sn
sng
phc v

Hnh 2.1: Mi quan h gia 3 tnh cht


c bn ca TT
2.1.2.2. Bn mc tip cn TT trong h thng.

29

Khi nghin cu cc vn bo v TT trong HT t ng


ho, ngi ta thy thun tin chia ra 4 mc tip cn thng tin
nh sau:
Mc cc vt mang TT.
Mc cc thit b tng tc vi vt mang TT.
Mc biu din TT.
Mc ni dung TT.
Bo v cc vt mang TT cn phi lm trit tiu tt c cc
him ho c th hng ti chnh cc vt mang v c ti TT cha
trong vt mang . i vi HT t ng, th vt mang TT phi
hiu trc tin l cc vt mang trn my (a, bng, b nh).
Nhng cng phi tnh rng cc knh lin lc, cc dng ti liu
thu c trong qu trnh x l tin cng l cc vt mang TT.
Bo v cc thit b tng tc vi vt mang TT c ngha l
bo v cc thit b my mc chng trnh c trong h
thng v nh: k thut tnh ton, h iu hnh, cc chng
trnh ng dng.
Bo v biu din ca TT tc l mt dy xc nh cc k
hiu (ch ci) thng c thc hin nh mt m. Cn bo v
ni dung TT l bo v TT v mt ng ngha.
C th k ra cc hng chnh m bn c thng thc hin
cc him ho ATTT l:
Trc tip tip xc vi cc i tng tip cn.
To ra cc thit b k thut chng trnh m c
th trc tip lm vic vi cc i tng tip cn v
qua mt c cc phng tin bo v.
M phng cc thit b bo v thc hin him
ho.
a vo trong cc thit b k thut ca h thng cc
c ch my mc hoc chng trnh nhm ph v
cu trc hay chc nng ca chng.
30

2.1.2.3. Cc phng php c bn.


Cng c th k ra cc phng php c bn thng c dng
thc hin cc him ho ATTT sau y:
Xc nh dng v cc thng s cc vt mang TT.
Thu lm cc TT v mi trng thit b chng trnh,
v loi v cc thng s ca cc phng tin tnh
ton, loi v version ca h iu hnh, thnh phn
ca bo m chng trnh, cc TT chi tit v chc
nng ca h thng, v cc d liu ca h thng bo
v.
Xc nh cch biu din TT.
Xc nh ni dung d liu c x l trong h thng.
n cp (sao chp) cc vt mang tin trn my c cha
cc d liu mt.
S dng cc thit b c bit chn bt bc x
in t v vi chnh cc sng mang TT t li in
nui cc thit b x l tin ca HT.
Hu dit cc thit b tnh ton v cc vt mang TT.
n cp (sao chp) cc vt mang tin.
Tip cn tri php ti cc ti nguyn h thng, qua
mt hay l b qua h bo v nh dng cc thit b
k thut c bit.
Lm quyn tri php sao chp, thu tin.
Chn bt d liu ang trn ng truyn.
Khm ph biu din TT (gii m d liu).
Khm ph ni dung TT mc ng ngha tc l
tip cn kha cnh ngha ca TT.

31

a cc thay i bt hp php vo s bo m chng trnh v vo d liu ang c x l trong h


thng.
Lm bn bng cc chng trnh vi rt.
a cc TT gi vo h thng.
.
2.2. Nguyn nhn v cc dng r r, xuyn tc thng tin.
2.2.1. Khi nim tip cn tri php ti TT.
Cc nguyn nhn chnh lm r r TT nh sau:
Nhn vin v ngi dng khng tun th cc tiu
chun, cc yu cu, cc iu lut khai thc h
thng.
Cc li trong thit k h thng v bo v h thng.
Tin hnh tnh bo k thut v ni gin t pha i
phng.
Cc nguyn nhn trn lin h cht ch vi cc dng r r
TT. Theo GOST 50922-96 c 3 dng r r TT sau y:
Gii mt TT.
Tip cn tri php ti TT.
Thu TT c bo v bng tnh bo (trong nc v nc
ngoi).
Ho gii TT c hiu l s cung cp TT tri php ti ngi
dng, m ngi khng c quyn tip cn ti TT c bo v.
Tip cn tri php l s thu c TT bo v bi ch th
mong mun km theo s ph v cc lut l v cc iu lut, c quy nh bi cc vn bn php l hoc bi ch s hu TT
trong tip cn ti TT c bo v. y ch th mong mun
thc hin tip cn tri php ti TT c th l mt nh nc, mt

32

php nhn, mt nhm ngi, trong s c cc t chc x hi


v cc c nhn.
Thu thp TT bo v bng tnh bo c th thc hin bng
cc thit b k thut (tnh bo k thut) hoc bng cc
nhn vin tnh bo (ip vin).
2.2.2. Cc knh r r TT.
Knh r r TT - l mt t hp gm ngun tin, vt
mang vt cht hoc mi trng lan truyn tn hiu mang TT
v thit b tch TT khi tn hiu hay vt mang. i vi h
thng TT VT c th chia ra cc knh r r TT sau y:
2.2.2.1. Knh in t.
Nguyn nhn xut hin knh ny chnh l trng in t
sinh ra t dng in chy trong cc thnh t my mc ca h
thng. Trng in t c th lm cm ng cc dng in
trong cc dy dn gn n (s cm ng xuyn in). Knh
in t c th chi ra thnh cc knh:
Knh v tuyn (bc x cao tn).
Knh tn s thp.
Knh li in (cm ng xuyn in trn li in
nui).
Knh ni t (xuyn in trn dy ni t).
Knh tuyn tnh (xuyn in trn cc dy lin lc
gia h my tnh).
2.2.2.2. Knh m thanh.
Lin quan ti vic truyn cc sng m trong khng kh
hoc cc dao ng n hi trong cc mi trng khc. Chng
xut hin khi cc thit b phn nh TT lm vic.
2.2.2.3. Knh hnh nh (video).
Knh ny lin quan ti kh nng k xu quan st c bng
hnh nh s lm vic ca cc thit b phn x TT ca HT
33

(mn hnh chng hn) m khng phi lt vo a im


t cc thit b ca HT. Cc thit b tch TT khi vt mang
y l my chp hnh, my quay video (video camera)
2.2.2.4. Knh thng tin.
Knh ny lin quan ti tip cn (trc tip hoc t xa) ti
cc yu t ca HT, ti cc vt mang TT, ti bn thn TT u
vo v u ra (v cc kt qu x l), ti bo m ton hc
(k c cc h iu hnh). N cng gm c vic trch cc ng dy dn TT. Knh TT c th chia ra cc loi:
Cc ng dy TT lin lc vin thng.
Cc ng dy lin lc c bit (ng dy nng).
Mng cc b.
Cc vt mang tin trn my.
Cc thit b u cui.
c th lit k cc him ho ATTT i vi mt HT TT
VT,n trm
hin nay tn ti rt nhiu phng php v d nh phng
saolit k bt k, phng php cy him ho, phng php
php
Bc x
chp
Nghe
tip cn
phn
loi hc Trong
cc
phng
php

u
s
dng cc
Can nhiu
trm
tri
Can
nhiu
B x y chng
Bcbng
x
Bcti
x a ra mt s
s php
, cc
biu
Bc x
l
Cc
HTfile
TT VT gip ch cho cng vic nh hnh sau:
(CPU)

B x l
(CPU)

Cc knh
lin lc

Trung
tm
thng tin

Khch hng


Trc trc KT
bo m
chng
trnh ph
hoi

Lp
trnh
vin h
thng
C dn
xp,ci
by

Thao
tc vin

Nhn
vin
iu
khin
Li v ,
Thao tc
sai

34
Hnh 2.2: S tng qut HT TT-VT
v cc him ho ATTT i km

Son
tho,
ghi,
nghe

Nhn
dng
xc
thc ph
ng
tin t
xa

Chng 3
Bo m an ton thng tin tng th
3.1. Cc quan im c bn v thit lp h thng ATTT.
C mt s vn mang tnh nguyn tc ni ln khi
thit lp mt h thng x l TT an ton (ta gi l h an ton
- HAT):
Th no l mt h thng x l TT an ton?
Nhng i hi c bn t ra vi vn ATTT l
g?
Nhng nguyn l c bn no l nn tng ca cng
ngh thit lp mt h thng an ton TT?
3.1.1. Khi nim h an ton (HAT).
35

Mt mc ch ra ch c th t c trn c s hiu
bit r rng nhng nhim v xc nh phi gii quyt trn
con ng i ti ch . Khng c iu ny th khng th
xc nh c cc bc i ng hng, khng tm c phng
php gii quyt ng n cc nhim v xut hin, v quan
trng nht l khng th chng minh c rng mc ch
t c v cc nhim v c gii quyt thnh cng. Do
vy, trc khi bt tay vo thit lp mt h x l TT an ton,
cn phi a ra cu tr li r rng cho cu hi sau: H an
ton l mt h nh th no?
nh ngha khi nim ny phi cho php xc nh c
cc thnh phn ch yu ca HAT; cc thuc tnh c bn ca
n; cn phi gii quyt nhng bi ton no thit lp h
an ton v nhng phng php no c hiu qu gii
quyt nhng bi ton . Trn gc ny th nh ngha
HAT m chng ta a ra trong chng II c th coi l cha y
. Chng ta s phn tch b sung thm cho nh
ngha trn.
Mt s ngi cho rng, HAT - l h x l TT m trong cc
thnh phn ca n c ci t t hp ny hoc t hp kia cc
thit b bo v. Quan nim nh vy l n gin, l khng
ng. V rng, s c mt cc thit b bo v ch l iu
kin cn v khng th coi nh l tiu ch ca s an ton, l
s bo v HT chng li cc him ho thc t. An ton khng
phi l c tnh c ngha tuyt i, n ch c xem xt
trong mt mi trng xc nh vi nhng him ho nht
nh. Trit l bo v y cng quan trng khng km g
thit b.
Trn c s cc phn tch nu, chng ta c th nh
ngha HAT nh sau:
H x l TT gi l an ton trong mi trng vn hnh nht
nh l h x l TT bo m c s b mt v ton vn ca
TT c x l v duy tr c kh nng hot ng ca h thng

36

trong iu kin chu tc ng lin tc ca hng lot cc


him ho ATTT tn ti trong mi trng hot ng .
nh ngha ny cha iu kin ca an ton cho
php hiu r bn cht ca ATTT l bo m c 3 thuc
tnh an ton ca TT l tnh b mt, tnh ton vn v tnh
sn sng dch v. T y suy ra rng, an ton l mt c
trng v cht ca h thng, khng th o n trong mt n
v o lng no . Hn na, thm ch kh c th so snh
vi kt qu n nht an ton ca hai h, m mt h s
bo m tt hn TT x l trong trng hp ny, cn h kia s
bo m an ton tt hn trong trng hp khc.
3.1.2. Cc tnh cht c bn ca h an ton.
3.1.2.1. HAT thc hin t ng ho qu trnh x l
thng tin mt.
Trc ht HAT l mt h thng x l TT; n l mt phng
tin t ng ho qu trnh x l TT; n phi gii quyt bi
ton t ng ho qu trnh x l TT no . Qu trnh x l
TT thng c hiu nh l cc thao tc lin quan ti vic lu tr,
bin i v truyn ti TT. Nh vy, trc tin, HAT cng ging
nh cc h x l TT khc nh l cc c s d liu, cc h x l
giy t, h a phng tin v.v C iu c bit y l
HAT phi t ng ho cc qu trnh x l TT m s an
ton gi vai tr quan trng hng u. l qu trnh x l
cc TT mt. Ngha l ta c th xut pht t qu trnh x l
cc TT mt ( c thc hin c hiu qu bng th cng
hoc c kh) tip cn vn t ng ho. Chng hn,
nu qu trnh x l TT mt ny i hi phi thc hin cc
bin php no bo v TT, th cc thit b hoc cc
gii php bo v tng ng cng phi c thit k v ci t
vo HAT t ng ho qu trnh . V d: qu trnh x l
ti liu mt bng th cng i hi phi c cc bin php bo
v tnh b mt v tnh ton vn ca TT th trong HAT cng
phi c cc thit b tng ng t ng thc hin bo mt
v ton vn. Tm li, ta phi coi HAT l h lun lun phi x
l cc TT mt v phi i x vi n vi tt c cc quy tc cn
37

thit ca cc bc x l TT mt c xc lp. Nh vy, ta c


th pht biu tnh cht th nht ca HAT nh sau: H an
ton phi t ng ho qu trnh x l TT mt, n bao gm
tt c cc yu t ca qu trnh ny lin quan ti vic bo
m an ton ca TT c x l.
3.1.2.2. HAT chng li cc him ho an ton.
Ngoi cc tnh cht truyn thng m cc h t ng ho
no cng phi c nh tnh tin cy, tnh hiu qu, tin li ngi
dng HAT cn phi c mt tnh cht c bit v l tnh
cht quan trng nht ca n - l tnh cht an ton c
pht biu nh sau:
HAT - l h phi chng li mt cch thnh cng v c
hiu qu i vi cc him ho an ton.
Trong khng gian ca CNTT hin i, tn ti tp hp rt
nhiu v rt a dng cc him ho v ATTT. l cc tn
cng c lin tc v thng minh ca cc k tin tc, bn sn
lng v ph hoi. l cc him ho ngu nhin, v ca mi
trng, ca k thut, cc li kh trnh ca khch hng v nhn
vin C th quy tt c cc him ho v ba loi c bn:
him ho l tin, him ho ton vn v him ho khc t dch
v. HAT phi chng li c hiu qu cc him ho ny gi
vng vai tr ca mnh. y ng l mt nhim v chin
u thng trc ca HAT.
3.1.2.3. Tng thch vi cc chun an ton ca CNTT.
Bn thn HAT l mt h thng CNTT. c th nh gi
mc an ton c duy tr trong HAT v so snh n vi cc
h khc, HAT phi tun th cc i hi v cc tiu ch ca
cc chun an ton thng tin trong CNTT hin i.
Vn an ton cc HT TT VT c nghin cu t lu.
hnh thnh trong qu trnh cc yu cu, i hi v cc
tiu ch cng nh cc khi nim ca an ton HT. hnh thnh
cc chun ATTT di dng cc i hi v cc tiu ch, nh hng cho cc tip cn vn ATTT cp quc gia hay quc
38

t. Cc ti liu ny xc nh khi nim h an ton bng


vic tiu chun ho cc i hi v cc tiu ch an ton TT, to
ra thang nh gi cc mc bo v ca cc HT x l TT. S
tn ti cc chun chung nh vy cho php phi hp cc quan
im ca cc chuyn gia khc nhau cng tham gia vo vic
thit lp mt HT an ton. (V d, cc yu cu ca ngi dng,
cng ngh v cc phng php trit l ca nh sn xut, cc
tiu ch ca cc chuyn gia c lp). N cng cho php
nh gi (d ch l nh tnh) mc an ton m h bo
m cho TT c x l.
Cn lu rng, tt c cc i hi v cc tiu ch ATTT ch
mang tnh cn thit ch khng bao gi l iu kin .
Khng c mt s kim chun no c th bo v an ton
tuyt i mt HT chng li cc him ho thc t c.
Tm li, c th nh gi c mc bo v ca HAT
v so snh kh nng ca chng vi nhau, HAT phi tng thch
vi cc i hi v cc tiu ch ca cc chun ATTT.
3.1.3. Cc phng php thit lp HAT x l TT.
Trn c s nh ngha HAT nu v 3 tnh cht c bn
ca HAT c th a ra 3 nhim v (cn v ) phi gii quyt
xy dng c mt HAT, l:
Trong qu tnh tin hc ho (t ng ho) vic x l
TT mt cn phi thc hin tt c cc khu, cc quy
tc ca qu trnh bo m an ton TT cho TT c
x l.
Bo m chng li c hiu qu cc nguy c e do
ATTT tn ti trong mi trng khai thc s dng HAT.
Thc hin cc yu cu cn thit ca cc chun ATTT
tng ng.
Sau khi ch r cc nhim v ni trn chng ta c th xem
xt cc phng php chung gii quyt cc nhim v .
3.1.3.1. T ng ho qu trnh x l TT mt.
39

Nhim v bo m ATTT cho h thng my tnh khng


phi l bt u t s khng. T trc khi p dng my tnh
in t v CNTT, trong bt k t chc no m vn ATTT
l cn thit u c xc lp mt trt t lm vic vi cc
TT (cng vn, ti liu) v trt t iu chnh, kim sot
lung TT bn trong c quan v s trao i TT vi th gii bn
ngoi. V d, c ch lm vic vi cc TT mt trong B quc
phng: phn cp mt, ni i, ni n, ni lu, ch
tiu hu, cch x l khi truyn nhn
Trt t lm vic vi TT mt ny thng gm 2 yu t:
S cc lung TT trong c quan.
Cc quy tc (quy nh) iu hnh cc lung TT
. (V d: lung cc bo co t c s ln cp trn,
lung cc cng vn, ch th, mnh lnh t trn
xung c s).
Nh vy, nu mc ch c bn ca p dng CNTT l t
ng ho qu trnh x l TT, th nhim v t ng ho qu
trnh x l TT mt l thc hin ng n trong HT my
tnh s cc lung TT v cc quy tc iu khin cc
lung TT , m c t trc khi p dng CNTT. Trong mi trng hp, h tin hc ho cn phi, mt l - thc hin cc lung
TT tn ti t trc khi p dng tin hc ho, v khng c sinh
ra cc lung TT mi; hai l - bo m s kim sot cc lung
TT ph hp vi cc iu lut rt ra t cc qu trnh x l TT
(c tin hc ho).
Gii quyt nhim v ny c thc hin theo cc bc th
t sau y:
1. Xc nh c ch th hin ng n s cho
trc ca cc lung TT v cc iu lut kim sot
chng.
2. Xy dng m hnh an ton, th hin trt t c
ca s x l TT v chng minh s an ton ca n.

40

3. Thc hin h thng x l TT theo m hnh xc


nh.
4. Chng minh s ph hp ca cc lung TT v cc iu
lut kim sot tip cn c thc hin trong h
thng t ng ho, vi s c t trc ca cc
lung TT v cc iu lut kim sot chng.
Khi gii quyt cc bc cng vic ny s xut hin kh
nhiu vn kh khn mi. Nhng nhng vn hon
ton c th khc phc c nu chng ta quan tm phn
tch k cng v tun th cc nguyn tc h thng ca vn
ATTT.
3.1.3.2. Chng li cc him ho ATTT bng cch lm
trit tiu cc iu kin (nguyn nhn) dn
n thnh cng ca chng.
H thng TT VT trn thc t l mt tp hp cc thit b
v cc c ch thu ht cc tn cng (tc l thc hin ca cc
him ho) v ATTT. Tuy nhin cc phng tin thc hin cc
him ho (cc tn cng) c la chn khng phi l ngu nhin
khng c ai li c gng thm nhp vo HT nh cc phng
tin m khng cho php h tip cn ti cc TT hoc qua mt
h thng bo v ang tn ti. R rng l bt k tn cng
thnh cng no vo HT cng phi s dng (li dng) nhng
c th no trong cu trc v chc nng hot ng ca HT
x l TT hoc cc khim khuyt ca cc thit b bo v
c.
Cc c th ny c gi l cc l hng bo v, cc
im d tn thng, cc im r r thng tin hoc gi l
cc kh nng b tn cng (KNBTC) ca HT. Chng c gii
chuyn mn nghin cu kh su t lu.
Mt HT TT VT bao gm phn cng, phn mm, mi trng truyn dn, d liu v mi trng nhn vin (qun l v
s dng). An ton ca HT s gm an ton phn cng, an ton
phn mm, an ton d liu, an ton ng truyn v an ton
nhn vin. Trong mi thnh phn an ton ni trn, phi tin
41

hnh phn tch cc him ho tn ti vi n, c gng tm ra


cc l hng bo v, cc im d tn thng, cc kh nng
b tn cng hoc cc knh r r nu c. Nhim v ca thit
k an ton (khi thit lp mt HT an ton) l phi a ra c
cc gii php v hiu ho cc him ho ATTT . Ni cch
khc phi trit ph c cc nguyn nhn sinh ra cc him ho
bng cc gii php bo v k thut, hoc phi k thut;
bng my mc, chng trnh hoc bng bo v vt l, php
l, hnh chnh, t chc Li c th thit k bo v nhiu
lp, vng trong, vng ngoi nhm bt kn tt c cc knh r
r TT.
Thit k bo v l mt bi ton rt phc tp v vi mi HT
TT VT c th phi c mt tip cn ring ph thuc v s
mnh ca HT, vo c im cu trc k thut v mi trng
vn hnh ca HT. Cc tnh ton y l da vo m hnh
tng qut qu trnh BVTT trnh by chng I. Bi ton
ny c chia thnh cc bc theo th t v to thnh mt qu
trnh lp nh s sau. (Qu trnh lp s dng li, vi tng
i tng, khi mo him chp nhn c):

1. c t cu trc
HT

5. Phn loi v ci
t bo v

2. Phn loi cc
him ho (cc
KNBTC) v cc tn
cng
4. u tin ho cc
KNBTC

3. nh gi mo
him thnh phn
(cc i tng)

mo him chp
nhn

42

Bc th nht: c t cu trc h.
Trong bc u tin ny, phi c ch c cu trc c
bn lm thnh h thng tng lai (gm c cc giao din v
mi trng truyn thng). Chng hn, cc yu t ca mt mi
trng mng MT s bao gm: Cc my ch, cc thnh phn
mng, cc giao din v bt k cc tin ch h tng xa no
khc C th nhn ra rng, tip cn an ton ti mt h
thng cho, u tin phi xc nh v ch ra c chnh
xc rng h bao gm nhng ci g. Nu mt cu trc
hon thnh khng c c ch bc ny, th sau cc
KNBTC trong cc thnh t b b qua c th khng c
tnh ti trong cc bc tip theo ca qu trnh.
C nhiu cch tip cn khc nhau ch nh cu
trc h. C th chn cch m t v v s cc thnh t v
cc kt ni ca h cho. Cch ch nh cu trc nh vy l
quan trng, v rng n cho ta thng tin v mi trng bao
quanh mi thnh t. Ngoi ra, mt ch nh cu trc h
phi cha ng s m t cc tnh cht chc nng ca cc
thnh t v cc giao din ca h. iu ny cung cp mt ci
nhn lgic hn v cu trc, sao cho chc nng chung gia
cc thnh t khc nhau c th nhn ra c.
Ch nh cu trc h thng phi bao gm c thng tin
lin quan ti mc u tin ca cc thnh phn khc nhau ca
cu trc. iu ny i hi phi xc nh c mc ch c
bn hay s mnh ca cu trc v cc phn t ti hn lin quan
cht ch vi s mnh . Cc phn t ti hn l cc phn t
m nu b loi b s ngn cn s mnh ca h c thc hin.
V d, trong mt h ghi nhn in hnh, cc phn t x l
v iu khin ca cu trc ni chung l ti hn hn so vi cc
phn t lgic t bn ngoi hay cc phn t thu thp thng k.

43

Cui cng ch nh cu trc phi bao gm s m t bt


k c ch an ton no ang tn ti m c th c ci
t trc nh l mt phng tin lm trit tiu cc him ho trc
nhn thc c. Trong mt s trng hp th kt qu qu
trnh c th l: cc c ch ny hoc khng thch hp hoc
khng cn thit na. Trong mt s trng hp him hoi, kt
qu c th l: cc c ch ny cn thch hp v khng cn lu
g thm na v an ton.
Bc th hai: Phn loi cc him ho, cc KNBTC, cc
tn cng.
Cc him ho tim n i vi h phi c dng trong bc
th hai nh l c s cho vic phn loi cc KNBTC trong cc
thnh t cu trc h v cc dng tn cng m c th c
thc hin qua cc KNBTC ny. S nhn bit cc him ho
chnh, nhn chung bao gm s nh gi th mi nguy him
tim tng c th xy ra i vi cc thnh t c bn to
thnh cu trc h. V d, nu mt cu trc c sng ch ra
nhm cung cp s phn phi cc tip cn v kim tra ca
mt c s d liu (CSDL) th cc him ho tim n s lin
quan ti s truy cp tri php, thay i hoc kho cc ti
nguyn ca CSDL.
Cc k thut thu nhn, ghi chp v kim chng cc him
ho, cc KNBTC v cc tn cng s c ni ti trong cc phn
sau. Tuy nhin cn ni rng, trng thi hin thi ca cng
ngh phn loi cc him ho an ton, c pht trin trong
qu trnh thit k an ton h thng t c s hp l c
bn, nhng cn xa mi ti ti u.
Bc th ba: nh gi s mo him ca cc thnh phn.
Cc nh gi mo him phi c tnh ton cho tt c cc
thnh phn ca cu trc. Cn s dng cc tnh tri, cc him
ho bit, cc KNBTC v cc tn cng nh l cc thng s
chnh trong cng thc mo him. Hy coi rng trong bc
th nht, cu trc c c t v cc thnh t c bn ca
cu trc c xc nh. Cng coi rng trong bc th hai,
44

cc him ho c s, cc KNBTC v cc tn cng vo cc thnh


t ny c phn loi.
mo him vi mt thnh t cu trc h t l thun vi
s ln ln ca cc ph hoi tim n v t l nghch vi s tng
ln ca kh khn cho cc tn cng v .
Nh vy, nu mt h c th b ph hoi tim nng mt
cch ng k v k t nhp d dng gy ra s ph hoi
th mo him s c nh gi l cao. Mt khc, nu ph
hoi tim n ca h khng ln v k t nhp khng c thi
c d dng thc hin s ph hoi , th mo him s
c nh gi l thp.
Lu rng, qu trnh thit k an ton h thng c th kt
thc vi s nh gi s mo him. C ngha l khi s mo him
c chp nhn l thp. nh ngha nh vy s chu nh hng ln bi mc tiu v s mnh ca h thng. V d, nu mt
h MT cha cc thnh t c s dng cho cc hot ng v hi,
khng ti hn (nh l cc tr chi in t) th s gim s mo
him qua thit k an ton c th coi l mt thao tc di ti hn.
Tuy nhin, nu mt h c dng cho hot ng r rng l ti hn
(nh l kim sot v kh hay l s duy tr s sng) th vic
gim mo him tr thnh rt quan trng.
Bc th t: u tin ho cc kh nng b tn cng.
Gi s mo him c xc nh l rt cao. Bc tip
theo trong qu trnh TKAT bao gm nh gi tnh u tin i
vi cc KNBTC thnh t. R rng l, mo him nh gi
trong bc th ba trc s ch dn trc tip cho vic xc lp s u
tin ny. Nh vy, cc thnh t an ton c s mo him cao
nht s c phn hng l c tnh u tin cao nht trong TKAT
h thng.
Bc u tin ho ny l quan trng v n cung cp mt trt
t cho s ci t cc bo v an ton. Kt qu l cc thnh
t c mo him cao nht, c tnh ti hn cao s c u tin
hng u. Mt v d tng t c li thng c a ra minh ho
cho iu ny: Gi s ta c mt chic t, m mc ch
45

hng u l cho ta s di chuyn an ton, thun tin v tin


cy. Trong s phn loi s him ho, KNBTC v tn cng chic
t, c th ch ra cc tn cng ton vn tim n vo ng
c, vo v xe, vo cc bnh xe v v.v R rng l s u tin tng i ca cc him ho vi cc thnh t ca t c th c phn loi tng i chnh xc. Chng hn, tn cng vo v
xe c th c coi l t nguy him hn so vi tn cng vo
ng c t.
Bc th nm: Phn loi v ci t bo v.
Trong bc ny, tp hp cc tip cn bo v an ton c th
c phn loi bao gm c cc th tc v c ch an ton
chun. Cc u im v nhc im ca mi loi bo v vi h
thng cng s c kho st. Cc nhn t in hnh thng c ngi ta nh hng trong vic tm kim mt gii php bo
v an ton kh d thng bao gm: nh hng cc tiu ln
tnh s dng; tc ng nh nht ln hot ng ca h thng;
gi c thp; tc ng t nht ti cc ng dng hin c v cc
th tc ang tn ti.
Mt khi cc bo v c la chn, chng phi c tch
hp vo h thng. S tch hp ny phi c thc hin theo
cch sao cho khng mang vo h cc KNBTC mi. iu ny rt
quan trng v rt c th l trong khi trit tiu hu qu ca
mt him ho ny, li c th em vo mt loi him ho tim
n mi i vi h.
Lu rng, ton b qu trnh TKAT h thng c th c
lp li cho n khi mo him ca h c nh gi l
chp nhn c. Thng thng, qu trnh thc hin vi ln lp
i vi phn loi KNBTC, nh gi mo him v tch hp
bo v th mo him c th gim xung mt cch ph
hp. Ngoi ra i khi ch i hi mt phn cc bc trc
phi lp li (ch khng phi tt c cc bc). V d, bc th
nht thng khng phi lp li nu s kho st k lng thc
hin ch r cc thnh t ca h.

46

Nh vy trong quy trnh thit k an ton mt h thng


i hi u tin l phi tin hnh nhn bit v phn loi cc
kh nng b tn cng hay l cc knh r r thng tin, cc
knh mt an ton ca h thng . chnh l qu trnh
phn tch an ton h thng. Nh trong chng I ch r,
trong phn tch an ton h thng phi dng cc php phn
loi cc him ho, cc kh nng b tn cng v cc tn cng;
phi c gng tm ra cc knh mt an ton v tp trung vo
cc nguyn nhn sinh ra chng. V mc ch ca an ton l
ra c cc gii php, phng n loi tr cc nguyn nhn
ny, trit tiu cc kh nng b tn cng v bt kn cc knh
r r an ton .
3.1.3.3. Tin hnh kim chun cho h thng.
Mc ch kim chun l tng bc p dng cc i hi v
cc tiu ch ATTT ca cc cng ngh TT hin i vo thit lp
cc h thng c th. Vic tun th cc chun ATTT phi i
t thp n cao, u tin cc tiu chun c bn v theo hng
ngy cng hon thin v nng cao, ho nhp khu vc v
quc t.
M l nc u tin a ra Cc tiu ch nh gi h thng
my tnh tin cy vo nm 1983 hay cn gi l Sch Da cam.
Sau nhiu nc chu u nh Anh, Php, c, ri Canaa
cng pht trin cc h tiu chun ATTT ca h. Cc nc Nga,
Trung Quc, Hn Quc ang hnh thnh v hon thin cc
tiu chun ca mnh. Tt c cc tiu ch ATTT hin nay u
c xy dng ln t ngn ng c bn ca Sch Da cam. C
th ni nhng ni dung ch yu nh sau:
Mt HT TT VT bao gm cc thc th tng tc ln
nhau. l cc ch th (subjects) v cc i tng
(objects). C th hnh dung cc i tng O nh l cc
kho cha TT (cc file, cc th mc), cc ch th S nh l
cc qu trnh, cc chng trnh thc hin tc ng ln
cc O bng cc cch khc nhau, n i hi cc ti
nguyn v c th thc hin cc tnh ton no .
47

Mt HT TT VT an ton l HT duy tr mt s kim sot


truy cp ti cc TT c x l trong , sao cho ch c
nhng ngi dng hp php hoc cc qu trnh c h
u quyn mi c th c, ghi, a vo v ly ra TT. Tc
l HT ny phi bo m c tnh b mt, tnh ton
vn v tnh sn sng dch v ca TT c x l trong
HT. Hay ni khc i l HT phi ngn chn c cc truy
cp tri php ti TT m n x l.
duy tr c cc tip cn ti TT nh vy HT phi thc
thi mt s iu lut, quy nh gi l cc chnh sch
an ton. Nh vy ni dung kim sot truy cp l cc
chnh sch an ton (CSAT) ca HT.
Trong m hnh ch th - i tng (gi tt l m hnh S
O) bo m ATTT trong HT c duy tr nh gii quyt bi
ton kim sot truy nhp ca cc ch th S ti cc i tng O
ph hp vi cc iu lut v quy nh ca cc CSAT ca HT.
Ngi ta coi rng HT s l an ton nu nh cc ch th S
khng c kh nng ph v c cc iu lut v quy nh ca
cc CSAT ca HT trong tip cn ti TT c bo v, tc l HT
hon ton ngn chn c cc tip cn tri php ti TT ca n.
Hin nay, gii chuyn mn cho rng mt h x l TT an
ton phi tho mn 4 nguyn l c bn sau y:
Nguyn l 1: Chnh sch an ton (CSAT).
HT phi duy tr mt CSAT r rng v hon chnh, CSAT
ny phi l bt buc thi hnh vi ton b HT. Mt CSAT phi
c nh ngha nh mt tp hp cc iu lut, cc quy
nh ch ra rng khi no v trong iu kin no th mt
ch th nht nh c cho php tip cn ti mt i tng
xc nh trong HT.
Nguyn l 2: Gim st tung tch.
Mi tip cn ti cc i tng thuc HT phi c gn vi
mt du vt kim ton chi tit, sao cho bt k hnh ng

48

no u s c nh du b phn theo di tng ng


(ng k).
Nguyn l 3: Bo him lin tc.
HT (bao gm c h iu hnh) phi c cc tnh nng
hiu lc cho php kim tra (vo bt k lc no) chng t
rng, HT tun th nghim ngt cc nguyn l an ton.
Nguyn l 4: Ti liu tng minh.
HT phi c mt ti liu minh ho, hng dn i km v ti
liu ny phi tng minh.
Mt ti liu tng minh phi phn nh c trit l bo v
AT (tc c s l lun AT) ca nh sn xut, thit k v phi
th hin c trit l c thc thi nh th no xy
dng cc mi trng an ton.
Cc nguyn l ny c thc thi trong mt HT TT VT c
th bng lot cc dch v nh sau:
Nhn dng v xc thc.
Kim sot quyn (phn quyn).
ng k v kim ton.
B mt d liu.
Ton vn d liu.
Sn sng phc v.
Chng chi b.
3.2. Cc phng php bo v chng tip cn tri php.
Tt c cc gii php bo m ATTT phi gip t n
cc mc ch sau y:
Cnh bo s xut hin cc him ho.
Lm r cc hng tim nng v mc nguy him
ca him ho ph v ATTT.
Pht hin cc du vt thc t ph v ATTT.

49

Ngn chn s ho gii, r r v tip cn tri php ti


TT.
Trit tiu hoc lm gim mc thit hi do ph v
ATTT v do vic TT b lt vo tay tin tc.
Chng ta hy xem xt cc phng php c bn ca vic
chng TCTP, c lit k trong hnh v sau:
1.Chnh tc

K thut
Ngn cn

Vt l

Kim sot tip


cn

Thit b

M ho

Phn mm

Cc ph
ng php
BVTT

2.Phi chnh tc
Quy tc

T chc

Cng ch

Lut php

Gio dc

o c

Cc ph
ng tin
BVTT

Hnh 3.1: Cc phng php c bn chng TCTP


3.2.1. Phng php ngn cn vt l.
y l phng php bo v vng ngoi, ngn chn trn
ng i ti TT ca k xu. Thng s dng cc cng c k
thut vt l thc hin phng php ny. l thit b
c - in, in t, v tuyn in t, nh cc tn hiu bo
ng in t, cc loi camera theo di, cc loi kho ca, cc
50

li chn cc ca s C loi thit b gn hn c ci t


ngay trong h thng nh tiu h kim tra TT theo chn l,
bo v b nh theo kho, bo v cc thanh ghi c bit.
3.2.2. Phng php m ho (ngu trang).
l phng php dng mt m che du (m ho) TT.
y l mt phng php rt hiu qu v c p dng rng ri
trong cc HT TT VT hin nay. c bit khi TT c truyn i
khong cch xa th y l phng php an ton duy nht
bo v TT. Thit b thc hin m ho thng thng s
dng l cc chng trnh phn mm (hoc cc thit b chng trnh).
3.2.3. Phng php phi k thut.
Phng php ny (cn gi l khng chnh tc) c p
dng ch yu vi mi trng nhn vin (con ngi) lm vic
trong HT. V nhn vin l nhng ngi thao tc nhiu thit
b, nhiu cng vic lin quan trc tip ti TT c bo v, nn
h phi c xem l i tng ca bo v. Cc li v tnh hoc
c ca h c th to iu kin cho cc tip cn tri php
xy ra. y cn lu cc nhm phng php sau:
Ch nh cc quy tc.
Bn cht phng php ny l ch, phi quy tc ho (a
ra v thc hin cc quy tc) qu trnh hot ng ca HT x
l TT. Cc quy tc bao gm mt t hp cc bin php to
ra cc iu kin t ng x l v lu gi TT sao cho trong
kh nng tip cn tri php ti TT l nh nht. Cc chuyn gia
cho rng, ngay t khu xy dng cng trnh nh t HT,
phng t thit b ni tht, cng, ca cho n cc bc
ca cng ngh t ng x l TT, t chc v duy tr ch
lm vic ca cc nhn vin u phi tun th nhng quy
tc nghim tc. Trong HT phi xc lp cc quy nh r rng
v n ngha v cc cng vic ca ngi dng, ca nhn
vin lp trnh, ca cc yu t CSDL v cc vt mang tin. Cn
phi nh r cc ngy trong 1 tun l v cc gi trong ngy
cho php cc ngi dng v nhn vin lm vic trn HT. Trong
51

tng ngy lm vic ca nhn vin cn phi lit k r rng


cc ti nguyn HT c cho php tip cn v th t tip cn ti
chng. Cn phi c danh sch cc ngi dng c php s
dng cc thit b k thut, cc chng trnh i vi cc yu
t CSDL, cn ch r danh sch nhng ngi c quyn tip
cn v cc th tc cho php h thc hin. i vi cc vt
mang TT phi quy nh r, ch ct thng xuyn, danh sch
cc c nhn c quyn nhn chng v lit k cc chng trnh
cho php c lm vic vi chng.
thc hin quy tc ho thng p dng cc bin php t
chc k thut v t chc php l. Cc bin php t chc
nh vy bao ph tt c cc yu t cu thnh ca HT x l TT
tt c cc giai on trong vng i ca HT: xy dng nh
ca, thit k HT, lp t v chy th thit b, th nghim
v kim tra, a vo s dng
Phng php cng ch.
l cch bo v m trong , khi ngi dng v cc nhn
vin ca HT trao i d liu buc phi tun th y
cc iu lut v x l v s dng cc TT c bo v v cch
bo v ny t h trc php lut v trch nhim vt cht,
hnh chnh hoc ti phm hnh s. y thng c cc
php lnh, cc b lut quy nh cc lut l s dng v x l
cc TT nhy cm, b mt v cc bin php trng pht v ph
v cc iu lut .
Phng php gio dc.
l phng php bo v, trong to ra cc iu kin
m cc iu lut x l v s dng TT c bo v quyt
nh bi cc tiu chun o c v thi quen. l cc
chun mc hnh thnh hoc ang hnh thnh theo s
pht trin v ph bin ca cc my tnh in t. Cc chun
mc ny a phn khng l bt buc nh cc iu lut nh,
tuy nhin vic khng tun th chng thng dn n mt uy
tn, danh d ca c nhn hoc t chc (mt thng hiu).
52

Cc chun mc o c nhiu khi khng thnh vn (v d


cc chun c cng nhn chung v danh d, v yu nc) v
nhiu khi c quy nh theo trt t php lut dng cc
bng lut l hoc hng dn. in hnh y c th nu v
d l Cc quy tc ng x chuyn mn ca cc thnh vin
Hip hi ngi dng MTT Hoa K.
3.2.4. Cc phng php kim sot truy nhp.
Trong cc phng php bo v chng TCTP lit k trong
bng s trn, cc phng php ngn cn vt l v phi k
thut c th coi nh l bo v vng ngoi ca HT; phng php
m ho l phng php c bit (n c mt c vng ngoi,
vng trong, c ng truyn) chng ta s dnh cho n mt chng ring; cc phng php kim sot truy nhp l ni dung
chnh ca bo v HT vng trong.
Kim sot truy nhp (KSTN) l phng php BVTT bng
cch iu khin vic s dng tt c cc ti nguyn ca HT
(cc phng tin k thut, cc chng trnh phn mm, cc
c s d liu CSDL).
Kim sot tip cn bao gm cc chc nng bo v sau
y:
Nhn dng v xc thc: Nhn dng ngi dng, nhn vin
v cc ti nguyn HT. y nhn dng c hiu l gn
cho mi i tng k trn mt c ch ring (tn, m,
mt khu); cn xc thc (xc lp tnh chn thc) ca
ch th hay i tng theo c ch m h a ra.
Xc lp quyn: Sau khi nhn dng v xc thc xong cn
phi xc lp quyn ca cc ch th. l tp hp cc
quyn m mi ch th (subjects) c cho php tip
cn ti ngun ti nguyn c trong HT. y l khu
quyt nh ngn chn vic s dng bt hp php
(s dng sai quyn) cc ti nguyn h thng.

53

ng k v kim ton: Ghi chp (lm bin bn) nht k,


theo di v phn tch thng xuyn cc bn ghi kim
ton kp thi pht hin v ngn chn cc TCTN.
Cc bin i mt m: Phi c kim sot cht ch nh
mt ti nguyn c bit ca HT.
Cch ly (bng cc gii php ngn cch hiu qu): y l
phng php mi xut hin. Cc ngn cch thng dng l
cc mng lc di dng Tng la (Firewalls).
Phn ng linh hot: Dng my HT, t chi tip cn,
ngt ti nguyn, bo ng Khi xut hin cc hnh
ng tri php
Chng ta hy xem xt cc chc nng c bn ca KSTN:
1) Nhn dng v xc thc (ND&XT).
ND&XT l c s ca tt c cc HT bo v TT, v tt c
cc c ch BVTT u da trn s tng tc ca cc ch th
v cc i tng ca HT, m chng (cc S v O) c cc tn
gi c th. Cc ch th ca HT thng l cc ngi dng, cc qu
trnh, cc i tng ca HT l bn thn TT v cc ti nguyn
TT ca HT (cc file, cc th mc, CSDL)
Vic gn cho cc ch th (S) v cc i tng (O) ca
tip cn mt c ch ring (.C) v vic so snh n
(C ny) vi bng cho trc gi l s nhn dng. ND bo
m cc chc nng ATTT sau:
Xc lp tnh chn thc v xc lp quyn ca
ch th khi cho S ng nhp vo HT.
Kim sot quyn trong phin lm vic ca S.
ng k theo di cc hnh vi ca S v.v
S xc thc (XT) l vic kim tra s ph hp ca S tip
cn vi C dnh cho S v khng nh quyn ca
n (ni cch khc l c ng l S khai bo).
54

S chung ca XT&ND ngi dng khi anh ta tip cn HT


c dng nh hnh sau:
Vo C ngi dng

C ng
khng

No

Bo cho ngi dng


v li
Yes

Yes
Gi th tc XT

Yes

XT ngi
dng ng
khng

S ln th
cho php

No

No

Tn hiu v TCTP
Kp thi bao vy.

Cho tip cn vo
HT
Hnh 3.2: S xc thc ngi dng
Nu trong qu trnh XT, s chn thc ca S c xc
lp, th HT bo v cn phi xc nh cc quyn ca S na.
iu ny cn thit cho cc kim sot tip theo.
C th chia ra lm hai loi XT: XT cc i tc trong trao
i v XT ngun d liu. XT cc i tc s dng khi xc lp
(hoc kim tra) kt ni trong phin lm vic. N dng
ngn chn cc him ho nh l gi danh v nhc li phin lin
lc c. XT ngun d liu l khng nh s chn thc cc
phn d liu ring bit.
Ngi ta cng phn bit XT theo chiu: XT mt chiu (v
d, khch hng chng minh s chn thc ca mnh vi HT
khi ng nhp) v XT hai chiu (XT ln nhau).
C rt nhiu phng php thc hin XT, chng ta hy xem
xt 4 phng php c bn sau y:
a) Dng mt khu (M.K).
55

y l phng php thng c dng hn c. MK l cc


c ch b mt ca cc ch th, m khi ng nhp HT cc
S a vo v tiu h XT s so snh chng vi MK mu c lu
gi dng m ho trong c s MK mu v trong trng hp
trng nhau tiu h s cho php tip cn vi cc ti nguyn HT.
Ngi ta chia ra lm 2 loi MK: MK c nh (dng nhiu
ln) v MK thay i (dng 1 ln).
Trong nhiu HT ngi ta dng MK s dng nhiu ln.
y MK ca khch hng khng thay i (trong cc phin
lm vic) v trong khong thi gian do nh qun tr quy
nh. H MK nh vy l n gin cho qun tr nhng li c
nhiu nguy c b khm ph. Ngy nay tn ti nhiu phng
php khm ph MK: t n cp bng mt thng (nhn trm,
thu thp cc giy vn ghi MK) cho n chn bt cc phin
lin lc, vt cn cc MK c th bng MTT hin i nht. Kh
nng khm ph mt khu tng ln, nu MK n gin, trc
tip (tn ngi thn, ngy thng sinh nht, ), nu MK c
di nh, khng c chu k tn ti v.v
Thng ngi ta a MK vo HT ch hi thoi. Nhng
cng c th chn MK t chng trnh.
Phng php MK dng mt ln (MK thay i) c an
ton cao hn. C 3 phng php dng MK thay i thng c
p dng:
Bin tng h MK n gin: Theo phng php ny
ngi ta cho khch hng mt lit k cc MK. Khi XT,
HT s hi khch hng MK m s th t ca n (
trong lit k ) l ngu nhin (v d, trng vi thi
im ca ng h chng hn). di v s th t
cc k hiu ca MK cng c th c hi theo cch
ngu nhin.
Phng php Hi - p: l phng php m trong
HT hi khch hng mt s cu hi c c tnh
56

chung, nhng tr li ng th ch tng c nhn c


th mi c c. V d:
Login, Minh
XT: Hy ni h tn ca m anh?

V Th Bnh

XT: Anh hc trng THPT no? ng a


XT: OK!
C th tng cu hi ln theo cc ch khc nhau
(v p n ng tt nhin HT lu trc dng m).
Phng php hm s: l phng php s dng mt
hm s c bit bin i MK f(x), cho php lm
thay i MK (theo cng thc xc nh) ca khch
hng theo thi gian. Hm f(x) phi tho mn mt s
i hi nh: vi MK x cho trc d dng tnh c MK
mi y=f(x); d bit x v y, rt kh hoc khng th
xc nh c f(x). V d MK ca ta l mt s c 4
ch s l d1d2d3d4 (chng hn l cc s 1312, 4752,
). Hm f(x) ta chn nh sau:
f(x)=2(d1.d4+d2.d3)mod(d1d2d3d4)
Khi ta c MK mi, v d:
y=f(4752)=2(4.2+7.5)mod(4.7.5.2)
=2(8+35)mod280=86mod280=86
Ta c bng tng ng sau:
x

y=f(x)

1312

4752

86

5472

76

6836

120

8831

64

57

HT v khch hng u bit trc f(x). HT gi cho


khch hng MK x v i hi khch hng tr li.
Khch hng tnh y=f(x) v gi cho HT. HT xc thc
bng cch so snh y vi kt qu c sn ca mnh.
Cho d k cng ph MK c bit x v y cng kh on
c hm cng kh on c hm f(x).
C 2 phng php thng dng trong bin i hm s.
l phng php bin hm v phng php bt tay.
Phng php bin hm thc hin bng cch bin i bn
thn hm f(x) theo chu k no . Thng ngi ta a vo
biu thc ca f(x) cc tham s c th thay i mm do (v
d ph thuc ngy, gi no ). Khch hng c bit MK ban
u, hm f(x) v chu k thay i mt khu. Bn cht ca
phng php bt tay nh sau: Hm bin i MK f(x) ch c
khch hng v HT bit. Khi ng nhp HT, tiu h XT sinh ra
mt dy s ngu nhin x v gi cho khch hng. Khch hng
tnh kt qu y=f(x) v gi li cho HT. HT s so snh kt qu
vi kt qu ca chnh HT. Nu trng nhau th coi nh XT
c chng minh. Trong nhiu trng hp, mt khch hng
no c th rt cn kim tra XT mt khch hng t xa
khc hoc mt HT no m anh ta nh truy nhp. Khi
ph hp hn c l dng ch MK bt tay, v trong
qu trnh trao i MK ny khng c thnh vin no nhn c bt c TT mt no (h ch bt tay nhau thi).
b) Dng th bi (Token).
y l mt phng php t hp XT. N i hi khng
ch bit MK m cn phi c mt tm th (token) l mt
thit b c bit khng nh s chn thc ca ch th.
Th bi chia lm 2 loi: loi th ng (c b nh) v loi tch
cc (th thng minh hay smart-card).
Ph bin nht l loi th th ng (th t), c bng t.
Th t i hi phi c thit b c vi bn phm v b x l.
Khi s dng th t, khch hng phi a ra s XT ca mnh
58

(tc C). Trong trng hp n trng vi phng n in t m


trong th t, th khch hng c cho php tip cn HT. Dng
th t nh vy cho php XT chnh xc ngi c quyn tip cn
HT v loi tr c vic s dng bt hp php th bi k xu (v
d, khi mt cp hoc ri th). Cch dng nh vy thng gi l
XT hai mc.
i khi (thng l trong cc kim sot vt l ca ra vo) cc
th t ch c a vo my c m ngi ta khng hi s XT (tc
C) ca ch s hu th.
Vic s dng th t XT c u im l: c thit b ring
x l cc TT xc thc (thit b c) m khng cn a
chng vo b nh ca MTT, do loi tr c kh nng bt
trm chng trn cc knh lin lc. Phng php ny cng c cc
nhc im sau: n t gi hn cc MK, i hi phi c thit
b c ring, khi dng cn c cc tnh ton v phn phi sao
cho an ton, phi phng k xu ly cp v khng b qun
thit b c, cng c trng hp lm th gi
Th thng minh (Smart-card) c b nh v cn c thm
b vi x l gn trn . iu ny cho php thc hin c cc
phng n khc nhau ca MK: MK dng nhiu ln, MK dng mt
ln, MK hi - p Th thng minh u bo m XT hai
cp. Th thng minh cn kt hp cc chc nng khc nh lm
th rt tin Nhc im l gi c rt t.
c) Dng cc c im sinh trc ca con ngi.
y l phng php XT cc mnh, bo m chnh xc
100% m khng phi lo v vn ri, mt MK v cc C.
Tuy nhin phng php ch thch hp vi con ngi (ng vt),
kh p dng cho vic XT cc qu trnh hoc d liu. Phng
php ny cng i hi phi c cc thit b phc tp v t
tin. Do vy ngi ta ch p dng n i vi h thng c
bit quan trng (XT ngi dng theo ng t mt, theo du
vn tay, hnh di tai, theo nh hng ngoi ng mch, theo
ch vit, theo mi, theo ting ni v thm ch theo ADN).
59

Chng ta im qua mt s phng php sinh trc in


hnh.
Du vn tay: Cc my qut du vn tay (scanner) tng i nh, c bit hp dn v cng khng t
tin. S trng hp du vn tay c x.s c 10 -3%. Cc my
qut nh vy hin c dng nhiu trong lnh vc hnh
s v lng du vn tay tch tr c l khng
l.
ng t mt: Thit b XT theo ng t mt c
chnh xc rt cao. V mt l thuyt, th x.s trng lp
ca hai ng t mt l c 10-78.
Ting ni: Kim tra ting ni thng c dng trong khi
lin lc bng in thoi. Mt thit b ghi m 16 qung
v mt mirco t in l c th thc hin c xc sut
li y c 2% 5%. Trng thi con ngi y cng
phi tnh ti: kch ng, m au, say xn
d) Dng h thng nh v ton cu (GPS).
y l phng php XT mi xut hin gn y nht da
vo h thng nh v ton cu (GPS Global Positioning
System) chng minh tnh chn thc ca ngi dng xa
theo v tr m anh ta ang . Ngi dng c my GPS gi
(nhiu ln) to ca cc v tinh nm trong vng nhn thy
ca anh ta. Tiu h XT ca HT nhn c to y v bit c qu o ca cc v tinh s xc nh c v tr ca khch
hng vi chnh xc c 1m. Trng hp ny i hi ngi dng
hp php ( xa) phi c nh mt a im.
2) Xc lp quyn.
Sau khi nhn dng hon tt, cn phi xc lp quyn
ca ch th. iu ny cn thit kim sot vic s dng
cc ti nguyn HT sau ny. Qu trnh xc lp quyn cn c
gi l phn gii tip cn (tc l gii hn qun l lgic tip
cn).

60

Thng thng, cc quyn ca ch th c th hin bng


lit k cc ti nguyn cho php c dng v cc quyn tip
cn ti tng ti nguyn trong lit k . Cc ti nguyn HT c
th l chng trnh, d liu, thit b lgic, vng nh, thi gian
b x l, cc u tin
C cc phng php phn gii tip cn (xc lp quyn) c
bn sau y:
a) Phn quyn theo lit k.
Cn c s tng ng sau y trong cc lit k: mi ngi
dng lit k cc ti nguyn v cc quyn tip cn ti chng
hoc l, mi ti nguyn lit k cc ngi dng v cc quyn
tip cn ca h ti ti nguyn ny. Cc lit k cho php xc
lp quyn vi chnh xc n tng ngi dng. y d
dng cho thm quyn hoc trc tip cm tip cn. Cc lit
k thng dng trong cc H iu hnh v trong h qun tr
CSDL (DBMS).
b) Dng ma trn quyn.
Ma trn quyn cn gi l bng quyn. Trong ma trn
quyn, cc hng l cc C ca cc ch th tip cn HT, cn
cc ct l cc i tng ca HT (hay l cc ti nguyn). Mi yu
t ca ma trn c th cha tn, kch thc ca ti nguyn cho
php, quyn tip cn (c, ghi, v.v), ch gii v chng
trnh iu khin quyn Trong hnh v sau a ra mt mng
ca ma trn quyn:
Ch th
Ngi dng 1

Th mc

Chng trnh

D:\Heap
cdrw

BMT
E

My in

w
w t 9:00
Ngi dng 2
R
n 17:00
K hiu : c sinh to, d xo, r - c, w ghi, e thc
hin.
Ma trn quyn l phng php thun tin, tt c TT v
quyn u cha trong mt bng. Tuy nhin kch thc ca
61

ma trn c th ln v khng ti u (nhiu rng). Vn


nn ma trn quyn c x l kh tt trong h iu
hnh.
c) Phn gii tip cn theo mt v th hng.
Ti nguyn HT c nhm li v phn chia theo mt
hoc theo th hng. Theo mt chia thnh cc nhm tip
cn chung, mt, ti mt, tuyt mt. Ngi dng c cp quyn
tng ng vi mc mt cao nht m anh ta c cho php. Khi
anh ta c tip cn ti tt c cc d liu vi mt
khng cao hn mt c cho php. Trong phn gii
theo th hng th phn chia theo quan trng ca ngi
dng (v d, lnh o, nh qun tr, khch hng, ).
C 2 c ch cp quyn thng c p dng: c ch la
chn (DAC Discretionary Access Control) v c ch bt
buc (MAC Mandatory Access Control).
C ch cp quyn DAC: Vi mi cp (S O) phi lit k
r v n ngha cc loi tip cn (c, vit) tc l cc
tip cn c php ca ch th S ti i tng O. C ch ny
c thc hin nh lit k quyn hoc nh ma trn quyn.
C ch cp quyn MAC: C ch ny da trn s phn
cp theo mt cc TT cha trong cc i tng O ca HT v
s cho php chnh thc cc ch th S c tip cn ti TT vi
mt tng ng. Ni cch khc, mi ch th S v mi i tng O c gn cho cc nhn an ton, phn nh v tr ca S v
O trong cc tp c th t ca chng. Cc nhn an ton c cha
cc c trng trong phn cp c th t (tc mt) v c
cc c trng phi th t (tc hng mc an ton). MAC c
thc hin nh phng php phn gii theo mc () mt v
theo hng mc an ton.
3) ng k v kim ton.
ng k l mt c ch ca H BVTT, ghi chp tt c
cc s kin lin quan n an ton ca HT (vo v ra ca cc
ch th tip cn, chy v thc hin cc chng tnh, in cc
62

ti liu, cc tip cn ti cc ti nguyn nhy cm, s thay


i quyn ca cc ch th v trng thi cc i tng tip
cn v.v). Vi cc HT c kim chun v ATTT, cc nc nh
Nga, M, danh sch cc s kin m ng k ghi chp do U
ban c bit ca Nh nc quy nh (v d, Nga l do
UBKT NN quyt). tng hiu qu ca ng k, ngi ta tin
hnh kim ton cc bn ghi chp c. Cho nn ngi ta thng
gi phng php ny l kim ton (audit). Kim ton l phn
tch cc TT ghi chp c. N cho php kp thi pht hin cc
sai phm, xc nh cc im xung yu ca h bo v,
nh gi cc cng vic ca ngi dng v.v
Cng c dng cho kim ton l tp ch (bn ghi) kim
ton. l tp hp c th t v thi gian cc bn ghi kt qu
hot ng ca cc S ca HT, khi phc li, xem xt li
v phn tch dy cc thao tc v cc th tc khc nhau hoc
din bin cc s kin. Dng thng gp ca bn ghi kim
ton ging nh sau:
Loi ghi
chp

Ngy

81

11.8

91

11.8

Thi
gian
10:14:0
6
10:15:1
1

Terminal

Ngi
dng

S
kin

1A5

NDVINH

LOGIN

1A5

NDVINH

LOGIN

Kt qu
OK
INCORPAS
S

Bn ghi kim ton nhiu khi cn c gi l du vt kim


ton,
mt lung
cng c kim sot truy nhp rt quan trng.
1.l
Nhn
Vicmng
nghin cu v kim ton cn giai on m u.
Qu trnh thc hin ng k gm 4 giai on: thu thp
v lu d liu; bo v vt kim ton; tng hp; phn tch.
2. Ghi nhn cc
3. Kim sot
S s
chc
nng
ca
tiu
h
ng
k
cmng
dng sau (dng cho
kin
mt mng):
4. Thit lp bn
ghi kim sot

5. Phn tch
nht k kim

Hnh 3.3: S chc nng


63
ca tiu h
ng k

giai on u (thu thp v lu d liu), ngi ta xc


nh cc d liu cn thu thp v lu (t lung mng), chu k
lm sch (ly ra v in) v lu tr nht k, mc kim sot
tp trung, v tr v phng tin lu nht k, kh nng ng k
TT c m ho v.v
Trc ht, cc d liu ng k c phi c bo v khi
cc tip cn tri php v cc cng ph. Giai on tng hp
cn thit lin kt v ng b (v format) cc d liu
ng k c t cc mng khc nhau ca HT. Giai on quan
trng nht l phn tch cc TT kim ton. C 2 phng php
phn tch TT nhm pht hin cc tip cn tri php (pht
hin xm nhp).
Phng php thng k: Da trn c s xc nh cc gi
tr thng k trung bnh ca cc thng s hot ng ca
cc tiu h (ci gi l dng dp lch s ca lung
mng) v s so snh chng (cc gi tr ny) vi ci ang
din ra. Tn ti s sai khc nht nh (gia lch s v
hin ti) c th l tn hiu v kh nng xut hin s
xm nhp, gm c s dng my ch (server) do trn
ngp yu cu, do lan truyn virut, do cc chng trnh
gi mo v.v
Phng php tin on: Trong trng hp ny th ti cc
iu lut logic pht hin xm nhp c lp trnh cc
64

kch bn quen thuc i vi HT; lp trnh cc c


trng ca HT bo hiu v s cng ph hoc l m hnh
cc hnh ng (thao tc) ca k ph hoi dn n xm
nhp. R rng l, phng php ny ch nhn bit c
cc him ho c, xc nh trn c s hiu bit h
pht hin xm nhp m thi.
4) Mt m.
Cc phng php mt m BVTT bo m m ho v gii m
cc d liu mt (tnh b mt), v cng c s dng
khng nh tnh chn thc (xc thc) ngun d liu v
kim sot ton vn ca d liu (tnh ton vn). Cc phng
php mt m l yu t bt buc ca cc HAT, nhng n c
ngha c bit vi vic pht trin ca cc h phn tn v
cc mng m, m ta khng th duy tr c s bo v
vt l cc knh lin lc.
Cc phng php mt m c in chia lm 2 loi c bn
l: mt m i xng v phi i xng.
a) Cc phng php mt m i xng.
l mt m s dng cng mt kho mt m ho v
gii m.
i din in hnh ca m ho i xng vi kho mt l
chun m d liu dng trong cc c quan nh nc ca M DES
(Data Encryption Standarts). Thut ton DES dng kho c
di 56 bit (i hi k cng ph phi chn 72 t t hp kho c
th mi c hy vng). 3DES l mt dng khc ca thut ton
DES nhng bn vng cng ph cao hn (nhng chy chm
hn 2 ln) cho php dng kho c di 112 bit.
Mt thut ton m ho khc l IDEA (International Data
Encryption Algorithm) dng kho c di ti 128 bit. IDEA c
bn vng hn DES v tng c c thay th DES.
Chun m d liu ca Nga, do GOST 28147-89 xc nh
l thut ton m ho i xng c kho di ti 256 bit. u
im chnh ca m ho i xng l tc ng nhanh v n
65

gin. Cn nhc im ln y l, kho mt phi c c ngi


gi v ngi nhn bit trc. iu ny lm phc tp ng k
vic quy c v phn phi kho gia nhng ngi dng. V bn
cht, trong cc mng m khi cn phi duy tr mt knh an
ton vt l trao i kho. Chnh nhc im ln ny
dn ti thit k mt phng php m ho mi m ho vi kho
cng khai hay l mt m phi i xng.
b) Cc phng php mt m phi i xng.
Mt m phi i xng s dng 2 kho lin quan vi nhau
(cp kho): m v gii m. Mt kho mt v ch c
ngi nhn mi bit. N dng gii m, cn kho kia l cng
khai, mi ngi u c th bit theo mng v c cng b
cng a ch ca ngi dng. N c dng m ho.
Cho n nay, thut ton m phi i xng ni ting nht
v bn vng nht l thut ton RSA (Rivest Shamir Alldeman)
v thut ton ELGamal.
Nhc im c bn ca cc thut ton phi i xng l tc
ng chm n chm hn thut ton i xng ti hng
nghn ln. hn ch nhc im ny, ngi ta s dng cng
ngh kt hp c hai phng php m ho i xng v phi i
xng. V d, bn r c th m ho bng mt m i xng (tc
ng nhanh), cn kho mt (ngu nhin) gi km theo bn r
c m bng mt m phi i xng.
Mt u vit quan trng ca cc thut ton phi i xng l
kh nng nhn bit (nhn dng) ngi gi bng cch dng ch
k in t ca anh ta (nht l trong cc giao dch in t).
T tng ca cng ngh ch k in t nh sau: Ngi gi
truyn i 2 phin bn ca cng mt bn tin (mt bn r v
mt bn l gii m ca n bng kho mt, tc l m ho
nghch o). Ngi nhn dng kho cng khai ca ngi gi m
ho exampler nhn c trn. Nu kt qu thu c trng vi
bn r th c nhn v ch k ca ngi gi coi nh c xc
nh.

66

Trn thc t p dng ch k in t, th khng phi tt


c bn tin c m ho, m ch c mt tng kim tra c
bit hash total (tng bm) gi bn tin khng b xuyn tc,
c m ho thi. Quan trng y l, ch k in t bo
m c c ton vn bn tin v c chn thc ca ngi gi.
Cc vn lin quan n vic trin khai ch k in
t v tnh tng bm (hash total) ca n, c xc nh trong
cc lut v giao dch in t ca cc quc gia. V d, chun
cc hm bm (Hash functions) trong GOST P34-10-94 ca Lin
bang Nga chng hn.
Chng ti lu rng, cc phng php mt m c s dng
bo m khng ch tnh b mt m cng dng kim
sot tnh ton vn ca TT v cc chng trnh.
5) Tng la (Firewalls).
y l phng php dng c ch mn chn BVTT
trong cc mng my tnh. N dng kim sot cc lung TT
cng ra vo cc mng LAN, WAN c bo v v n thc
hin 2 chc nng c bn:
N tng cng s an ton ca cc i tng bn trong mng
bng vic b qua cc yu cu khng hp php t mi trng
bn ngoi. iu lm gim tnh tn thng ca cc i tng bn trong, v bn tin tc buc phi vt qua mt barier
bo v l mn chn lin mng (firewall), trong cc c ch
ATTT c tp trung rt cht ch v cn thn.
N cho php kim sot cc lung TT i ra mi trng bn
ngoi do nng cao c ch mt ca HT.
Ngoi chc nng kim sot tip cn, mn chn cn bo
m c vic ng k (v kim ton) cc trao i TT.
Chc nng mn chn c thc hin nh mn lin mng
gi l tng la (Firewall). Tng la l cc chng trnh phn
mm hoc cc thit b chng trnh, thc hin vic kim

67

sot cc lung TT vo v/hoc ra khi HT v bo v HT bng


cch lc cc TT.
S lc TT y gm: phn tch TT theo tp hp cc tiu
ch nht nh v a ra quyt nh cho php TT i vo
(hoc ra) khi HT.
Ni chung mn chn lin mng khi thc hin cc chc
nng ca mnh, tin hnh phn tch tt c cc lung TT
gia hai mng ca mt mng hoc gia cc mng ring bit.
Mn chn lin mng phn loi nh sau:
Theo v tr t trong mng: bn ngoi v bn trong
bo v khi mng ngoi hoc gia cc mng.
Theo mc lc: tng ng vi m hnh chun mng m
OSI ca ISO.
Cc mn bn ngoi lin quan n phn tch giao thc
TCP/IP siu mng Internet. i vi mn chn bn trong c trng l a giao thc. V d, nu s dng H iu hnh mng
Nowell Netware th cn tnh ti giao thc SPX/IPX.
Hot ng ca cc mn chn lin mng u s dng TT
ca cc mc khc nhau ca m hnh OSI. Mn lin mng lc
TT mc cng cao th mc bo v an ton ca n cng cao.
Theo mc lc cc gi tin, Tng la chia ra 4 loi c bn:
Tng la lc gi.
Cng gc mc phin.
Cng gc mc ng dng.
Thanh tra trng thi.
a) Tng la lc gi (packet filtering firewall).
l tp hp cc chng trnh lm vic trn my ch
(server) sao cho c th lc tt c cc gi tin i vo v i ra.
S lc c thc hin bng cch phn tch a ch IP ca
68

ngun v ch, v c ca cc port (socket) trong thnh phn


ca cc gi TCP v UDP v so snh chng vi mt bng quyn
c cu hnh trong Tng la lc gi. Tng la loi ny n
gin trong s dng, r tin, t nh hng ti nng sut h
thng. Nhc im c bn ca chng l tnh d b tn thng ca a ch IP. Chng hn, IP-spoofing l mt v d
in hnh. IP-spoofing (ngha l s gi mo a ch IP), khi
m mt tin tc s dng mt a ch IP gi danh tn
cng vo mng. Tng la lc gi cng phc tp trong cu
hnh: lp t n i hi phi bit cc th tc mc
mng, mc vn ti v mc ng dng. Sau y l bng cc
loi Tng la v cc mc mng tng ng ca m hnh mng
m OSI (Open System Interconnection):

Cc mc OSI
7. ng dng

Th tc Internet (IP)

Loi Firewalls

Telnet, FTP, DNS, NPS, Cng gc ng


PING, SMTP, HTTP
dng
Thanh tra trng
thi

6.

Biu din
d liu

5. Phin

TCP, UDP

4. Vn ti

TCP, UDP

3. Mng

IP, ICMP

Cng gc tng
phin

Tng la lc gi

2. Lin kt d
liu
1. Vt l
b) Cng gc tng phin (Circuit level Gateway).

69

Tng la loi ny kim sot s cho php mt phin lin lc


(tc l khp kn mng lin lc, v th ting Anh goi l Circuit
level Gateway). N theo di vic xc lp lin lc gia client
hp php vi my ch host bn ngoi (v ngc li) v quyt
nh cho php (hay khng?) yu cu phin lin lc. Trong
vic lc cc gi, cng gc tng phin da vo TT cha trong
u cc gi ca tng phin ca th tc TCP, tc l n hot
ng mc cao hn (2 tng) so vi tng la lc gi (firewall
lc gi hot ng tng mng 3 cn cng gc ny lm vic
tng phin 5). HT tng la ny thng c chc nng truyn
cc a ch mng trong c cha cc a ch IP, tc l
n loi b cc IP-spoofing. Tuy nhin, v n ch kim sot cc
gi tng phin nn vic kim sot ni dung cc gi tin do
cc dch v khc nhau to thnh vn khng c c. khc
phc nhc im ny ngi ta dng Tng la Cng gc tng
ng dng.
c) Cng gc tng ng dng (Application level Gateway).
Tng la loi ny kim tra ni dung ca mi gi tin i qua
cng gc v n c th lc cc loi Lnh ring bit hoc cc
TT trong tng ng dng. y l mt loi firewall hon thin
v chc chn hn c. N s dng cc chng trnh trung
gian proxies (u nhim) ca mc ng dng hay l cc chng
trnh nhn vin agent. Cc agent dng cho cc dch v
c th ca Internet (HTTP, FTP, TELNET, ), chng c a
vo vi mc ch kim tra cc gi mng v cc d liu chnh
xc. Tuy nhin cng gc tng ng dng lm gim hiu sut
ca HT do vic x l li trong cc chng trnh trung gian
(trong cc chng trnh agent).
Nhc im ca n cn l vic phi thit k cc chng
trnh trung gian mi mi khi c mt dch v mi c a vo
Internet.
d) Tng la thanh tra trng thi (Stateful Inspection).

70

Thanh tra trng thi bao gm cc yu t ca c 3 loi tng


la trn. Nh mt b lc gi, n lm vic tng mng lc tt
c cc gi ra vo trn c s kim tra a ch IP v cc
Number of port. N cng thc hin chc nng ca cng gc
tng phin bng cch xc nh cc gi tin thuc mi phin
lin lc. V cui cng, n thc hin chc nng Gc tng ng
dng, nh gi ni dung mi gi tin theo chnh sch an ton
c mi t chc, c quan c th a ra.
c th ca Thanh tra trng thi l: n chn bt v
phn tch tng gi tin ti tng ng dng ca m hnh OSI.
Thay v dng cc chng trnh trung gian lin quan ti cc
ng dng, Thanh tra trng thi s dng cc thut ton nhn
bit v x l d liu, c bit ti mc ng dng, trong
cc gi c so snh vi cc tp d liu bit; iu bo
m s lc gi hiu qu cao hn nhiu.
3.3. Thit lp h bo v chng him ho l tin.
3.3.1. Cc bin php t chc hnh chnh bo v vt
mang tin.
Vn bo v cc vt mang tin (trn my) gii quyt
ch yu bng cc bin php t chc ch , nhm lm
cho k c khng th tip cn ti chng hoc lm cho hn
ch ti a tip cn kiu nh vy. Thng l loi bo v vt
l.
K gian khng th c tip cn ti TT trn cc vt mang
(trn my) trong 2 trng hp:
1. Nu n khng tip cn c bn thn vt mang.
2. Nu tip cn c vt mang, nhng n khng c c
cc thit b tng tc vi vt mang .
Nhim v c bn ca vic bo m ATTT h thng mc
vt mang tin l:
Loi b vic di chuyn vt mang TT theo cc giai on
cng ngh m thc t x l khng i hi.
71

Cnh co vic tip cn trc tip ti vt mang ca cc


nhn vin khng c nhim v thao tc vi vt mang (ti
thiu ho tip cn), cnh bo vic mt trm hoc h
hng vt mang TT.
Quy nh cht ch trt t lm vic vi vt mang: t
khu ghi TT (to vt mang) v tr an ton, giao np
sn phm vi nhn mc ngu trang v mt, mang i
(li) phi c nht k theo di, mang khi t chc phi
c lnh c bit cho n vic nim ct cc t
kho c bit, thiu hu khi qu hn dng hoc khi
chuyn i vt mang; phi c hi ng thiu hu
thnh lp bi nhn vt lnh o chu trch nhim
Thit lp cc i hi nghim mt i vi cc nhn
vin phc v h thng v vn vt mang TT: v d,
nghim cm vic tit l cho bt k ai, bt c dng TT
no, bt c TT g v c trng lm vic, nhim v
ca HT, trt t bo v, kim ton v nim ct cc vt
mang TT, trt t canh gc bo v v qua li ca cc i
tng (nu cng v khng i hi).
3.3.2. H mt khu bo v chng tip cn tri php.
Chng ta nh ngha tip cn tri php ti TT l tip
cn ti TT vi phm cc quy nh c xc lp ca kim sot
tip cn v c thc hin (xy ra) c s dng cc thit b l
thnh t ca h thng TT VT (hoc h thng x l TT). Tip
cn tri php (TCTP) c th l ngu nhin hoc c .
3.3.2.1. Quan im chung v xy dng h mt
khu (MK).
MK dng mt ln (hoc nhiu ln) rt ph bin thc
hin nhn dng v xc thc. Cc phng php xc thc y
thng l:
Theo bn sao c bo v ca MK (hoc theo bn
r ca n).
Theo ngha kim tra ca MK.
72

Khng cn truyn trc tip TT v MK cho pha b


kim tra (tri thc khng).
Dng MK nhn kho mt m.
H xc thc dng mt khu dng u tin gi nh rng
c 2 pha u phi c bn copy MK (hoc bn r tng t
ngha). t chc h nh vy cn phi xy dng v duy tr
mt CSDL cha cc MK (hoc tng t) ca tt c cc ngi
dng. Yu im y l, nu k xu ly cp c CSDL ny
th n c th i qua xc thc vi danh ngha ca bt k ngi
dng no.
Cc phng php dng th hai cho ta mc an ton cao
hn ca h MK, v rng ngha kim tra cho d vn ph
thuc vo MK, nhng n khng th b k xu s dng trc tip
qua mt xc thc.
Xc thc m khng i hi pha b kim tra phi a ra
bt c TT g v MK bo m an ton cao nht. Phng
php ny bo m an ton ngay c khi m cng vic ca
pha b kim tra v l do no b ngng tr (v d, trong
chng trnh ng k c nga Troa). l phng php da
trn ci gi l chng minh tri thc khng.
Mt tip cn c bit trong cng ngh xc thc l vic
s dng MK nhn kho mt m (cn gi l cc th tc mt
m ca xc thc). Th tc nh vy miu t mt dy cc ng
tc, m cc bn phi thc hin xc thc ln nhau; ngoi
ra, cc ng tc ny lun lun kt hp vi vic sinh ra v
phn phi cc kho mt m m ho s trao i TT tip
theo. Tnh ng n ca cc th tc xc thc suy ra t cc
tnh cht ca cc bin i mt m v ton hc c mt trong
cc th tc , v hon ton c th chng minh chnh xc.
Cc h MK bnh thng n gin hn v r hn trong
thc hin nhng km an ton hn so vi h cc th tc mt
m. Cc th tc mt m bo m an ton cao hn v n
cn gii quyt c bi ton phn phi Kho. Tuy nhin, cc

73

cng ngh s dng y c th gy nn cc tranh ci v


php l.
Chng ta hy a ra mt s nh ngha c bn:
c ch ngi dng: l lng TT c bit no cho
php phn bit cc ngi dng c nhn ca h MK
(c ch ho cc ngi dng). Ngi ta cn gi c ch
l tn ngi dng hay tn ti khon ca ngi dng. c
ch ngi dng cn gi l nh danh ngi dng.
Mt khu ca ngi dng: l mt lng TT mt no ,
m ch c ngi dng v h MK c bit, m ngi dng
cn phi nh v a ra i qua th tc xc thc. MK
dng mt ln ngi dng xc thc mt ln, MK dng
nhiu ln c th qua xc thc nhiu ln.
Danh sch ti khon ca ngi dng: l tp hp cc
c ch v MK ca anh ta.
CSDL cc ngi dng ca h MK cha cc danh sch ti
khon ca tt c ngi dng ca h MK .
H mt khu s c hiu nh mt t hp thit b chng
trnh thc thi s nhn dng v xc thc cc ngi dng
ca HT VT trn c s cc MK dng mt ln hoc dng
nhiu ln. Thng thng th, t hp nh vy hot ng
cng vi cc tiu h kim sot truy nhp (phn quyn)
v ng k s kin. Trong mt s trng hp, h MK c
th thc hin thm cc chc nng ph khc nh sinh v
phn phi cc kho mt m ngn hn (kho phin).
Cc thnh phn c bn ca h MK gm:
Giao din ngi dng.
Giao din ngi qun l.
Modul lin h vi cc tiu h an ton khc.
CSDL cc danh sch ti khon.
C th coi h MK l tin n pha trc ca c h thng
an ton. Mt vi thnh t ca n (v d giao din ngi dng)
c th t nhng ch m k xu trc tip tip cn c.

74

Cho nn h MK chnh l mt trong nhng i tng tn cng


u tin ca k xu khi xm nhp vo h thng c bo v.
Sau y im qua cc dng him ho an ton i vi h
MK:
a. Gii mt cc thng s danh sch ti khon:
Thng qua tm kim ch ngh gii lao.
Nhn trm.
Qua bn giao nh trc MK cho ngi khc.
nh cp CSDL ca h MK.
Chn bt cc TT truyn theo mng v MK.
Lu gi MK ch d tip cn.
b. Can thip vo chc nng ca cc thnh t ca h MK.
a vo cc by chng trnh.
Pht hin v s dng cc li giai on thit k.
Lm hng h MK.
y chng ta cn lu ti nhn t con ngi, v rng ngi dng c th:
La chn MK sao cho d nh v cng d on nhn.
Ghi cc MK kh nh v lu ghi chp ti ni d tip
cn.
a MK vo m cho ngi khc nhn thy c.
Cho ngi khc MK mt cch c hoc do nhm ln.
3.3.2.2. Chn mt khu.
Trong phn ln cc HT, ngi dng c kh nng c t la
chn MK hoc nhn c MK t nh qun tr. lm gim
nh hng tiu cc ca nhn t con ngi cn phi thc hin
lot cc yu cu i vi chn v dng cc MK (xem bng).
Cc yu cu

Hiu qu thu c

Xc nh di cc Lm kh cho k xu mun nhn trm


tiu ca MK.
hoc tn cng bng phng php vt
cn.
Trong MK dng cc Hn ch phng php tn cng vt cn
nhm k hiu khc
ca i phng.

75

nhau.
Kim tra v loi b Chng li phng php on nhn MK theo
MK theo t in.
t in ca i phng.
Xc nh di cc Hn ch tn cng theo kiu vt cn, k
i thi gian MK c
c khi tip cn t xa (ch off-line).
tc dng.
Xc nh di cc Ngn cn nh ngi dng i MK nh c
tiu thi gian dng
sau khi n hn i theo yu cu trn.
MK.
a ra s ghi l lch Tng cng kh nng an ton ca cc MK,
cc MK.
km vi cc i hi khc.

p dng thut ton Chng li tn cng la chn MK ca


ngu nhin xa b MK
trn c s l lch cc
MK.

i phng theo t in hoc theo thut


ton ngu nhin.

Hn ch s lng cc Hn ch tn cng la chn tch cc


nh a MK vo.
ca i phng.

Duy tr ch bt Bo m hiu qu cho i hi hn ch


buc thay i MK
ngi dng.

di cc i tc dng MK.

Dng bin php dng Hn ch phng php la chn tch cc ca


ko di khi c MK sai
i phng.
a vo.
Nghim cm vic t Chng li vic on MK theo t in v
ngi dng chn MK v
chng li tn cng vt cn ca i phsinh MK t ng ho
ng.
bng thut ton.
Bt buc i MK khi Ngn cn cc hnh vi tri php ca nh
ln u tin ghi nhn
qun tr HT c quyn tip cn h MK
ngi dng trong HT.
thi im bt u ghi danh sch kim
ton.

3.3.2.3. Lu tr mt khu.
Vic lu tr mt khu trong CSDL cc danh sch kim ton
nh th no quyt nh tnh bn vng ca h MK rt nhiu.
C th c cc phng n lu tr MK sau y:
dng m.
76

dng bm (bm ho bng hm Hash).


M ho (bng kho no ).
Hai phng php sau c nhiu im c bit cn ch .
Bm ho s khng bo v c MK chng li on nhn theo t
in nu k xu c c CSDL trong tay. Khi chn thut ton
bm tnh vt ca MK cn phi chn sao cho khng c s
trng nhau v gi tr gia cc MK ngi dng khc nhau. Ngoi
ra, cn tnh ti c ch bo m tnh duy nht ca cc vt
trong trng hp c 2 ngi dng u chn MK ging nhau.
c iu ny, khi tnh mi vt thng ngi ta dng lng TT
ngu nhin no , v d, do b sinh s ngu nhin cung
cp.
Trong vic m ho MK th phng php sinh v lu tr kho
m ca CSDL cc danh sch kim ton c ngha c bit.
Hy k ra cc phng n c th:
Kho sinh ra bng chng trnh (kho thut ton) v
lu trong h thng, ng thi bo m kh nng h
thng t ng ti kho vo.
Kho sinh ra bng chng trnh v lu vt mang bn
ngoi, t c c vo mi ln dng.
Kho sinh ra trn c s MK do nh qun tr chn v
a vo h thng mi ln dng.
Cc thng s nh gi nh lng bn vng ca
cc h MK c dn ra trong bng sau:
Thng s

Phng php xc nh

Cng sut b ch ci ca C th t hp bo m gi tr cho trMK: A


c S (S=AL)
di MK: L
Cng sut khng gian MK: Tnh c trn c s bit P, T hoc V (theo
S
cng thc: P V T ).

Tc la chn MK: V

C th c tng ln (tu ) bo v
Vi ch trc tip lin chng him ho cho trc.
tc c xc nh nh tc

77

ghi nhn mt
tn cng MK.
c cho bi thut ton tnh vt. Thut ton
Vi ch off-line (da chm s lm tng bn vng i vi
vo vt MK) c xc him ho loi ny.
nh nh tc tnh gi
tr vt cho mt MK th.
Khong tc ng ca MK c xc nh t xc sut P cho trc hoc
(cho khong thi gian m cho trc xc nh S.
sau MK buc phi thay
mi): T
Xc sut la chn ng Chn trc xc nh S hoc T tip .
MK trong khong tc
ng ca n (tn cng
chn MK din ra lin tc
trong sut khong tc
ng ca n): P

Chng ta xem xt v d v bi ton xc nh cng sut


ti thiu ca khng gian MK (ph thuc vo A v L) tng ng
vi xc sut chn MK cho trc P=10-6. Cn phi tm di (ti
thiu) ca MK (L) kh d bo m bn vng ca n
trong khong 1 tun l b tn cng la chn lin tc. Coi tc
tn cng la chn l V=10 (mk/pht). S MK chn c
trong sut 1 tun l: V T 10 60 24 7 100800 mk. Theo cng
thc P V T S ta c S V T P :
S 100800 10 6 1,008.1011 1011

(mk)

Vi gi tr ny c 2 cp gi tr ca A v L l:
A=26, L=8 v A=36, L=6
Lu tr MK an ton hn c l trc tin hy bm ho MK sau
m ho cc vt thu c, tc l kt hp phng php th hai
v th ba vi nhau.
3.3.2.4. Chuyn giao mt khu trn mng.
Trong phn ln cc trng hp xc thc, u din ra trong
cc h thng phn tn v lin quan ti vic truyn qua mng
TT v cc thng s ca danh sch kim ton ca cc ngi
78

dng. Nu TT ny trong qu trnh xc thc khng c bo v


bng phng php cn thit, th s xut hin him ho k xu
chn bt v dng ph v bo v h MK. Cc bo v
y gm:
Bo v vt l i vi mng.
M ho u cui.
M ho gi tin.
Thng thng c cc phng php truyn MK theo mng sau
y:
dng m (r).
dng m ho.
dng cc vt.
Khng km theo truyn trc tip TT v MK (chng
minh tri thc khng).
Phng php u tin cho n nay vn c dng trong
nhiu ng dng thng thng (v d, TELNET, FTP). Trong h
bo v ch c th p dng phng php ny cng vi phng
tin bo v lung mng m thi.
Khi truyn MK dng m ho hoc dng cc vt theo
mng vi tip cn vt l m c th xy ra cc him ho an
ton sau y i vi h MK:
Chn bt v dng li TT.
Chn bt v khi phc MK.
Modifier TT truyn vi mc ch nh la pha kim
tra.
K xu bt chc hnh ng ca pha kim tra
nh la ngi dng.
Cn mt phng php na nng cao bn vng
ca h MK lin quan ti vic truyn MK theo mng. l p
dng cc MK dng mt ln (one-time). Tip cn chung y
79

l s dng lin tc hm Hash tnh MK mt ln ny t MK


ln trc k tip. u tin ngi dng nhn c mt dy c th t
cc MK dng mt ln, MK cui cng trong dy ny cng c lu
trong h xc thc. C mi ln ng nhp, ngi dng a vo
mt MK (theo th t), v h tnh vt ca MK v so snh
vi mu lu ti h. Nu trng khp nhau th ngi dng xc thc
thnh cng, cn MK va c a vo c lu dng lm
mu cho ln ng nhp tip sau. Bo v chng chn bt
trn mng trong trng hp ny da trn tnh cht mt chiu
ca hm Hash.
3.4. Thit lp h bo v chng him ho ph v ton
vn tin.
3.4.1. Cc bin php t chc k thut vi vt mang tin.
Cc bin php TC KT bo v ton vn tin trn cc vt
mang c th chia lm 2 nhm chnh:
Cc bin php t chc duy tr ton vn TT lu trn cc
vt mang: to cc bn sao lu d phng v duy tr ng
cc iu kin nim ct v s dng vt mang tin.
Cc bin php k thut kim tra tnh ton vn cc dy
bit.
To cc bn sao lu d phng TT cha trn cc vt mang
phi l mt vic lm bt buc thng xuyn, chu k ca n
ph thuc vo cng ngh x l TT, vo khi lng d liu a
vo, quan trng ca TT, kh nng dng li v.v to sao
lu d phng c th s dng cc chng trnh ng dng chun
lu tr cc file la chn hoc cc th mc, cng c th s dng
cc h thng sao lu c bit ca tng h thng c th.
Cc vt mang ph tr (cha bn sao lu) trc kia hay dng l
bng t. Ngy nay s pht trin nhanh ca cng ngh lu tr
TT lm xut hin nhiu loi vt mang mi.
Hy xem xt cc bin php k thut kim tra tnh ton
vn ca cc dy bit lu trn cc vt mang. Ton vn TT trong
80

cc vng d liu trn cc vt mang c kim tra nh mt m


ciclic kim tra. Cc s kim tra ca m ny c ghi vo cui
cc vng d liu tng ng, v trong vng d liu c kim tra
cc bit nh du c a vo.
Vi mt sector chun ca a mm, kch thc vng kim
tra l 516 bytes: 512 bytes d liu cng vi 4 bytes nh du
d liu. Khi c t a, d liu s c kim tra xem c tng ng vi m m t trn v trong trng hp khng trng
khp th nh du ngay li.
Thng hay dng m kim tra cyclic bo m kim tra
tnh ton vn TT. C s ca tip cn ny l cc a thc.
a thc l mt dy lu tha tc l tng ca nhiu biu thc
lu tha ca cc bin c lp.
Ni chung, mt khi tin bt k x trong b nh ca my
tnh biu din mt dy cc bit; dy bit ny c th coi l mt
a thc nh phn v ta k hiu l A(x). tnh m kim tra
ta cn phi c mt a thc na gi l a thc sinh (ta k
hiu l G(x)). a thc G(x) ny c th coi l cha kho ca m
cyclic ni trn.
M kim tra, biu din bng a thc R(x) s c tnh nh
d s ca php chia A(x).xr cho G(x):
R(x)=(A(x).xr)modG(x)
y r lu tha ca a thc sinh.
T l thuyt m cyclic cho bit, nu r cng ln th kh
nng pht hin ca m kim tra cng ln. Trn thc t, khi
thc thi phng php tnh m kim tra, gi tr r ni chung ch
ph thuc vo tham s ca vt mang tin. Chng hn,
kim tra cc a mm r=16 v a thc sinh G(x) c dng
sau:
G(x)=x16+x12+x5+1.
3.4.2. Ton vn d liu trong cc h t ng ho.
3.4.2.1. Khi nim ton vn d liu.
Khi nim ton vn d liu trong cc ti liu khoa hc
c nh ngha khc nhau, c nhiu bi bo khoa hc
m t v so snh chng. Mt trong nhng cch hiu thng
81

dng hn c th: ton vn d liu hiu l khng c cc thay


i khng ph hp. Cc thay i khng ph hp c Clark v
Wilson gii thch nh sau: Khng cho php bt k ngi dng
no ca HT, k c ngi c u quyn, c thc hin cc thay
i d liu, m dn ti ph hu hoc mt mt chng.
Khi nghin cu vn ton vn d liu chng ta s s
dng tip cn tng hp do Clark v Wilson xng, n gm
9 nguyn tc l thuyt tru tng:
1. Tnh ph hp ca cc giao dch.
2. Xc thc ngi dng.
3. Cc tiu cc u tin.
4. Phn chia cc quyn hot ng.
5. Kim ton cc s kin din ra.
6. S kim sot khch hng.
7. Qun l vic u quyn u tin.
8. Bo m hot ng lin tc.
9. n gin trong s dng cc c ch bo v.
Khi nim giao dch hp l c nh ngha nh sau: Ngi
dng khng c thay i d liu tu m ch bng cc phng thc xc nh sao cho tnh ton vn ca d liu c
bo m. Ni cch khc, ch c th bin i d liu bng
cc giao dch hp l ch khng c bng phng tin tu .
Ngoi ra, cn phi hiu rng, tnh hp l (ngha bnh thng) ca mi giao dch nh vy u c th chng minh c
bng cch no y. Nguyn tc giao dch hp l v bn cht
phn nh t tng quan trng xc nh s ton vn d liu m
ta ni trn.
Nguyn tc th hai cho rng: s bin i d liu ch c
th c thc hin bi cc ngi dng c xc thc cho mc
ch ny. Nguyn tc ny lin quan cht ch ti 4 nguyn
tc tip trong h thng bo m tnh ton vn TT.

82

T tng cc tiu cc u tin xut hin t rt sm v c


phn nh di dng cc hn ch i vi kh nng thc hin ca
cc qu trnh trong HT, v hn ch ny c hiu rng, cc
qu trnh ch c gn vi cc u tin m chng cn thit mt
cch t thn v t nht hon thnh chng m thi.
Phn chia cc quyn hot ng c hiu l vic t chc
lm vic vi d liu phi thc hin theo cch sao cho, trong
mi cng on then cht ca mt qu trnh nhy cm trn
quan im ton vn TT, rt khot phi c s tham gia ca
cc ngi dng khc nhau. iu ny cho rng, mt ngi dng
khng c thc hin c mt qu trnh (hoc thm ch hai
cng on lin tip) ph v s ton vn d liu. Trong
cuc sng thc t, c th k ra v d p dng nguyn tc
ny l, ngi ta trao mt na MK tip cn chng trnh iu
khin l phn ng ht nhn cho nh qun tr h thng th
nht, cn na MK kia cho nh qun tr th hai.
Nh lu trn, nguyn tc cc tiu cc u tin p dng
cho c cc ngi dng v cho c cc chng trnh. Nhng tuy
nhin, i vi ngi dng rt kh a ra mt mc cc tiu
l thuyt cc u tin v 2 l do. Th nht, cc ngi dng thc
hin cc bi ton rt a dng i hi cc u tin khc nhau.
Th hai, nu tun th nghim khc nguyn tc cc tiu i
vi cc qu trnh lin quan ti cc vn gi c v hiu qu,
th i vi cc ngi dng n li ng chm n tnh cm v
o c, tin dng v hiu qu cng vic cc nhn t ny
kh c th nh gi mt cch nh lng. V vy cc ngi
dng thng c mt vi u tin hn l h cn thit xt ti mt
thi im lm mt cng vic c th. R rng iu ny l
mt k h lm dng u tin.
Kim ton cc s kin din ra (gm c kh nng khi
phc li ton b bc tranh din ra) l mt bin php ngn
chn i vi k ph hoi tim nng.
Nguyn tc kim sot khch quan cng l mt trong cc
c s quan trng ca chnh sch kim sot ton vn. Bn
83

cht ca n l ch, kim sot ton vn d liu ch c


ngha khi m n phn nh ng v tr thc t ca s kin.
R rng l, tht v ngha nu thc hin kim sot ton vn
cc d liu v b tr trn tuyn ca s on khi m s on
ny chuyn qun n khu vc khc t lu. Do vy m
Clark v Wilson a ra i hi l, cn phi thng xuyn kim
tra vi mc ch pht hin kp thi s khng tng ng gia
cc d liu c bo v v thc trng khch quan m chng
phn nh.
Qun l s u quyn cc u tin cn thit cho s lm vic
hiu qu ca cc CSAT ni chung. Nu s gn cc u tin
khng phn nh ph hp c cu t chc ca c quan, HT,
hoc khng cho php cc nh qun tr an ton iu hnh
mt cch linh hot n duy tr hot ng sn xut hiu
qu, th s bo v s tr thnh gnh nng v s gy ra s
b qua bo v nhng ch m n cn tr cng vic bnh
thng.
Trong mt s ti liu khoa hc nc ngoi, ngi ta a ra
nguyn tc bo m hot ng lin tc (gm c bo v chng
hng hc, cc tai ho t nhin v cc nhim v bt kh khng
khc), nh l yu cu kim sot ton vn, nhng thc ra vn
ny thuc v kim sot tip cn ni chng trc.
Trong nguyn tc cui cng (th chn) ca kim sot ton
vn nguyn tc n gin trong s dng cc c ch bo v
ngi ta a vo cc t tng lin quan n vic p dng c hiu
qu cc c ch bo m an ton v ang hin c. Trn
thc t thng xy ra l, cc c ch an ton hin c mt
trong mt HT khng c s dng ph hp hoc b b qua
hon ton bi cc nh qun tr HT v cc l do sau y:
Cc nh sn xut chn khng ng cc thng s
cu hnh do vy ch bo m s bo v lng lo.

84

Cc giao din iu khin bo v c thit k km


lm phc tp ho vic s dng cc phng tin bo v
d l n gin nht.
Cc thit b an ton c khng bo m kim
sot HT ph hp.
Thc t cc c ch an ton khng tng ng vi s
thng hiu c tnh ngh nghip ca cc nh qun tr
HT.
Mt s thit b an ton no tch hp vo HT an
ton chung khng ng.
Cc nh qun tr khng thng t v s quan trng
p dng mt s c ch bo v c th v cc c tnh
ca chng.
n gin trong s dng cc c ch bo v ngha l, con
ng an ton nht s dng HT s l con ng n gin nht
v ngc li, n gin nht cng l an ton nht.
3.4.2.2. M hnh kim sot ton vn Clark Wilson.
M hnh Clark Wilson xut hin t s phn tch do
Clark v Wilson thc hin i vi cc phng php bo m
ton vn cc ti liu theo chu trnh trong cc cng ty thng
mi M. Khc vi m hnh Biba v Bell Lapadula, lc u
n ra i p ng t hng ca cc nh kinh doanh v ph
hp vi i hi ca h hn l m hnh ton vn trn c s
cc dn trc .
T tng chnh ca m hnh Clark Wilson - l tnh hp
l ca cc giao dch v s phn chia cc quyn hot ng.
M hnh a ra cc iu lut cho hot ng ca h thng
my tnh v xc nh 2 loi i tng d liu v 2 lp thao
tc trn 2 loi d liu y.
Tt c d liu trong h thng c chia lm 2 loi: D
liu c rng buc (Constrained Data Items CDI) v D
85

liu khng rng buc (Unconstrained Data Items UDI).


Ton vn ca CDI c bo m bng m hnh Clark
Wilson, cn UDI trong m hnh ny khng bo m ton
vn.
M hnh ny a ra 2 lp thao tc trn cc yu t d liu:
Cc th tc kim sot ton vn (Integrity Verification
Procedures IVP) v Cc th tc bin i (Tranformation
Procedures TP). IVP bo m kim tra ton vn ca cc
yu t d liu kim sot (CDI), cn TP lm thay i thnh
phn ca tp tt c cc CDI (v d: bin i cc yu t CDI
thnh UDI).
Ngoi ra m hnh Clark Wilson a ra 9 iu lut xc
nh mi quan h cc yu t d liu vi cc th tc trong
qu trnh lm vic ca h thng.
1. Lut C1: Tp hp tt c cc th tc kim sot ton vn
(IVP) phi cha cc th tc kim sot ton vn ca cc yu t
bt k no trong tp hp cc CDI.
2. Lut C2: Tt c cc th tc bin i (TP) phi c thc
hin mt cch hp l trong ngha l chng khng c ph v
ton vn ca cc CDI c chng x l. Ngoi ra, vi mi th tc
bin i phi i km mt lit k cc yu t CDI cho php c x l bi th tc ny. S i km lit k ny do nh qun tr
an ton xc nh.
3. Lut E1: H thng phi kim sot s cho php p dng
cc th tc TP i vi cc yu t CDI tng ng vi cc lit k
c ch ra trong iu lut C2.
4. Lut E2: H thng phi duy tr mt bn lit k cc th
tc bin i TP, cho php i vi cc ngi dng c th, km
theo s ch r tp la chn cc yu t d liu CDI cho php
i vi tng th tc TP v tng ngi dng.
5. Lut C3: Bn lit k c xc nh bng lut C2 phi
p ng yu cu phn chia cc quyn hot ng.

86

6. Lut E3: H thng phi thc thi vic xc thc tt c cc


ngi dng, c nh thc hin bt k mt th tc bin i
TP no.
7. Lut C4: Mi th tc TP phi ghi vo s ng k thng tin
khi phc bc tranh ton cnh mi ng dng ca th tc
ny. S ng k - l yu t c bit ca CDI v ch dnh
ring ghi thm thng tin vo n m thi.
8. Lut C5: Bt k th tc TP no, m x l UDI phi thc
hin ch cc bin i hp l m thi v cc bin i hp l
ny bin mi yu t UDI thnh cc CDI.
9. Lut E4: Ch c mt nhn vt c u quyn c bit
mi c th thay i cc bn lit k c xc nh trong cc
lut C2 v E2. Nhn vt ny khng c quyn thc hin cc
thao tc bt k no, nu anh ta c u quyn thay i cc
bn lit k iu chnh cc thao tc ny.
Vai tr mi iu lut ca m hnh Clark Wilson trong
bo m ton vn thng tin c th thy r nu ta i chiu
chng vi cc nguyn tc l lun ca chnh sch kim sot
ton vn k trn (c bit l 6 nguyn tc u tin) v cc
t tng quan trng ca m hnh Clark Wilson.
Ta c bng sau v s tng ng ni trn:
Cc lut ca m hnh
CW

Cc nguyn tc chnh sch kim


sot ton vn, thc hin nh cc
lut

C1
C2
E1
E2
C3
E3
C4
C5
E4

1,6
1
3,4
1,2,3,4
4
2
5
1
4

87

Sau khi m hnh Clark Wilson c cng b, trong gii


chuyn mn c s hng ng rng ln. C nhiu bi bo bn v
kha cnh ng dng thc t ca m hnh, a ra cc phng
php kt hp m hnh ny vi cc m hnh khc trong an
ton thng tin.
3.4.2.3. Bo v b nh.
Trong h thng TT VT , v c trong h iu hnh bt
k, b nh c chia ra (t nht l v mt lgic) thnh cc
vng m cc thnh phn khc nhau ca h thng v cc chng trnh ng dng ca ngi dng s s dng. y rt cn
thit phi m bo vic bo v cc vng nh khi s can
thip vo chng t pha cc thnh t khc, ngha l phi
phn tch s tip cn cc ng dng vo cc vng nh, cn
trong mi trng a phng tin th phn tch tip cn ti
cc vng nh ca nhau. Ngoi ra, cng cn gii quyt vn
t chc mt tip cn chung ca cc ng dng ti cc vng
nht nh ca b nh (vn dng chung mt s vng nh).
Thng dng 3 phng php gii quyt vn :
Loi b hon ton tip cn chung, ch s dng
n nht tng vng nh.
Cho php cc tip cn quy nh nghim khc ti
ni dung vng nh nh trc (xem bng).
Cho php tip cn chung v khng c hn ch
g.
Cc ng dng

Ghi

Hon thnh

ng dng 1

Khng

ng dng 2

ng dng 3

Khng

Khng

Tip cn chung c th c t chc hoc l ti vng nh


nguyn thu, hoc l ti vng sao ring ca n. Trong trng hp
ny i hi phi thc hin ng b ho vic lm mi vng
88

bng cc ng dng khc nhau, cn trong trng hp trc phi


loi b s thay i cng lc vng nh bi nhiu chng trnh.
Cn lu rng, vic dng chung c th cho php khng ch l
d liu m cn c m thc hin. Nh vy, trong nhim v ca
h thng cung cp vng nh dng chung c:
T chc mt tip cn c th t v loi tr ln nhau
ca mt s chng trnh ti cc i tng dng chung.
Hn ch kh nng ca cc chng trnh dng chung
trong vic nh tro cc thng tin c gi tr khc
nhau.
Chng ta hy xem xt ngn gn cc phng php c bn
bo v b nh.
Cc a ch hng ro.
a ch hng ro ch ra s bt u ca mt vng nh s
dng, v nh vy tch n (vng nh ngi dng) khi vng nh c
cha chng trnh ca h thng v d liu ca n (thng
th l vng cc a ch nh).
Gi s rng, cc a ch hng ro vng cc a
ch nh c th xc nh hot ng ca c ch a ch
hng ro nh sau: C mi ln c yu cu ca chng trnh ngi
dng ti b nh, a ch ca nh c yu cu em so snh
vi a ch hng ro. Yu cu no c a ch nh cao hn
a ch hng ro s c coi nh l cho php. Chng trnh
no c nh yu cu b nh ca h thng (tc l ti nh c
a ch nh hn hng ro) s c thng tin cho ngi dng l
mc li. Ngi ta ni h thng c t vng cc a ch
nh.
Gi tr ca a ch hng ro c th biu din bng
hng s v ghi vo thit b ring ca h thng v nh vy a
vo hn ch nht nh v kch thc ti a ca chnh h
thng hoc c th dn ti vic s dng khng c hiu qu
ti nguyn b nh. C phng php mm do hn khi cho a
ch hng ro l lu gi n trong mt thanh ghi c bit m
89

gi tr thanh ghi ny c thit lp bng mt lnh u tin vo


lc h thng bt u lm vic v c th thay i c ng
tng ng vi nhu cu ca h thng. Phng php ny li t
hn ch ln c ch t a ch , c s dng bi cc chng trnh thc hin trong h thng cho.
Cc a ch vt l ca cc d liu ca chng trnh
c ti vo b nh, c xc nh bng php cng cc a
ch lgic vi gi tr ca a ch hng ro, tc l gi nh
rng khng gian a ch lgic ca chng trnh bt u t
a ch khng, tng ng vi nh m bt u t chng
trnh c t vo b nh.
Nu xc nh cc a ch vt l trn c s cc a ch
lgic ca chng trnh din ra giai on thng dch th
cho chng trnh chy ng c cn phi sao cho a
ch hng ro c bit giai on thng dch phi lun lun
khng i trong sut thi gian chng trnh lm vic v
trong mi ln chy li chng trnh . Ni cch khc l vic
s dng cc chng trnh ch c th khi m a ch hng
ro c cho dng mt hng s (trong h thng hoc trong
thit b ring ca h thng), v chng trnh c ti vo mt
min nh m c a ch chnh xc. Trong trng hp ngc li,
s thay i a ch hng ro c th i hi phi thng
dch li tt c cc chng trnh c vit cho h thng
cho.
Vng nh c ng.
Cc a ch vt l ca d liu chng trnh c th c
tnh khng ch vo thi im thng dch hoc np chng
trnh m cn trc tip trong qu trnh thc hin chng
trnh. Trong trng hp ny cc a ch lgic ca cc d liu
nh trc y c bt u t khng, cn khi yu cu ti nh
th a ch vt l ca n s c tnh bng php cng a
ch lgic vi gi tr ca a ch hng ro. Nh vy s bo
m c kh nng thay i ca a ch hng ro trong khi
thc hin chng trnh, cn cc chng trnh h thng v
ng dng s chim cc vng c ng.
90

Cc phng php xem xt trn thc hin s ngn cch


tip cn ti b nh ca h thng v cc ng dng. Tuy nhin
trong h a phng tin, cn thit phi bo v ring r c cc
d liu ca mi ng dng. Sau y ta s xem xt cc c ch
nh vy.
Thanh ghi a ch.
Vng nh m chng trnh ngi dng c th tip cn, c
th gii hn bng mt cp gi tr c lu cc thanh ghi l
a ch u v a ch cui cng ca vng. y, mi chng trnh c dnh ring cc vng nh v cp thanh ghi a
ch.
Mt trong cc phng n s dng thanh ghi a ch l lu
tr trong chng cc a ch vt l u v cui vng nh ng
dng. Trong trng hp ny, trong mi ln yu cu ca chng
trnh ti b nh, s c kim tra xem yu cu c nm trong
khong cho trc ca a ch khng.
Phng php khc p dng cc thanh ghi a ch - l
ch ra trong chng a ch c s v a ch gii hn vng
nh ng dng, trong u tin l a ch vt l cn a
ch sau l lgic. a ch, m theo din ra yu cu ti b
nh, trc tin c so snh vi ni dung thanh ghi a ch lgic
gii hn cho php (nh l s gn a ch trong khng gian
lgic bt u t khng). Nu a ch c ch ra trong chng trnh nh hn gii hn, c c a ch vt l ta
em cng vi n gi tr ca a ch c s. Trong trng hp
ngc li, chng trnh coi l mc li. Qu trnh nh vy r rng
cho php s di chuyn c ng chng trnh trong b nh.
Mt phng php tin cy hn bo v b nh trn c s
cc thanh ghi a ch gi nh s dng 2 cp thanh ghi
a ch cho mi chng trnh: dng ring bit cho min m
v min cc d liu. y, s ghi vo mng u tin c

91

th c cm bo v m khi bin i (tt nhin l


khng c ).
Tt c cc phng php bo v b nh miu t trn c
chung mt im c bit l chng bo v vng nh c tch
ring v cu to t cc nh c sp xp trt t. Tuy nhin,
nhiu khi xut hin s cn thit hn ch tip cn b nh tinh
t hn, v c th thc hin n vi s gip ca kho tip
cn. Kho tip cn - l c trng ca mt nh ring r c thit lp bi h iu hnh, m trn c s sau ny s
thc hin kim tra vi mi yu cu (cho php hay khng).
Xem bng sau:
a ch nh

Ghi

Hon thnh

000000315

Khng

000000316

Khng

Khng

000000317

Khng

Mt c im khc ca c ch bo v vi ng dng cc
thanh ghi a ch lin quan ti t chc vic dng chung cc
vng nh. Hai cp thanh ghi (cho m v cho d liu nh ni
trn) cho php t chc hiu qu vic dng chung ch min
m m thi (vic ghi vo min ny b cm). bo v min
d liu khi s bin dng khng c do thao tc ghi cn phi
c cc phng tin ph thm (thanh ghi a ch cho php
kim sot ch chnh s kin tip cn ti vng nh ch khng
phi phng php c th thc hin tip cn: c hay l ghi).
Cc phng tin hon thin hn bo v b nh c
thc hin nh c ch t chc trang nh v to cc sector nh .
Trang v Sector nh.
Trong t chc trang nh, ton b khng gian a ch
chia thnh cc khi (block) c kch thc cho trc (cc trang).
Vic kim tra cc a ch cho php v bin i cc a
ch lgic vo a ch vt l khi c yu cu b nh c thc
hin nh bng cc trang mi bn ghi ca bng cha a ch
92

u tin xp trang vo b nh. a ch lgic c format (s


ca trang, dch chuyn), theo s trang s xc nh a ch
vt l ca nh u tin ca trang sau cng thm vi n
dch chuyn. Vi mi trang c lin kho tip cn, xc
nh mt b cc thao tc cho php (c, ghi, hon thnh).
S t chc b nh nh vy cho php dng chung cc
trang: trong cc bng trang ng dng c th miu t ch mt
loi trang b nh vt l.
T tng t chc sector nh c bn nh sau: c gng dnh
cc cng nh ring (c th khng cng mt kch thc) cho cc
phn khc nhau v lgic ca mt chng trnh. V d, trong
cc sector ring c th t cc d liu vi cc dng tip cn
khc nhau hoc m ca phn chnh ca chng trnh m sau
cc chng trnh con ca n s gi ti. Bin i a ch
lgic vo cc a ch vt l din ra trn c s ni dung ca
bng cc sector, ni m a vo a ch c s v a ch
gii hn ca mi sector (ta ni v iu ny khi miu t hot
ng ca cc thanh ghi a ch). Mt a ch lgic c
format (s sector, dch chuyn), ging nh format p dng
cho nh a ch theo trang. Tuy nhin, by gi mi sector
cha cc i tng cng loi, cng c mc bo v bo m
bng kho tip cn. Kh nng c th dng chung cc sector
d liu v m, m cc phn ring ca n (v d cc th tc v
cc hm) cng c dng chung c lp so vi chng trnh
chnh.
3.4.2.4. Ch k s.
Cc phng tin kim sot tnh ton vn cc chng trnh
v cc file d liu lu gi trong HT VT cn phi bo v
chng li s thay i tri php cc thng tin bi k ph hoi,
c bit l khi truyn chng theo cc knh lin lc. Ch k
s (in t) m cc c trng c bn ca n c trnh by
trong rt nhiu ti liu, l mt trong cc c ch c p dng
rng ri gii quyt nhim v ny.
Ngoi ra, thng tin trong cc mng my tnh thng cn
n xc thc tc l phi bo m tin cy nht nh cho
93

ngi nhn (hoc l trng ti) rng thng tin c gi i t


ngi gi v n khng b nh tro hoc xuyn tc. Nu nh
mc ch ca m ho l bo v chng ph v tnh b mt
th mc ch ca xc thc l bo v nhng ngi tham gia
vo vic trao i thng tin khng ch chng li hnh ng
ca k bn ngoi m cn chng li s la di ln nhau.
Vy vn xc thc d liu hay l ch k s bn cht l
ch no?
Cui mi bc th bnh thng hoc mt cng vn ngi vit
hoc ngi lnh o thng k tn. Thao tc ny nhm vo 2
ch: th nht, ngi nhn c th c thuyt phc v tnh
chn thc ca bc th sau khi so snh ch k vi mu m anh
ta c; th hai, ch k c nhn l bo m php l cho quyn
tc gi ca ti liu. Kha cnh th hai ny c bit quan
trng khi k kt cc hp ng thng mi khc nhau, trong
son tho cc cam kt, cc trch nhim v.v
Nu bt chc ch k ca mt ngi trn giy l rt kh,
cn xc lp quyn tc gi ch k bng phng php ti phm
chi tit k thut cn kh hn na, th vi ch k s cng
vic hon ton khc. Bt chc mt chui bit, ch vic n
gin copy n hoc l b mt a vo ti liu mt chnh sa
no th bt c ngi dng no cng lm c.
Trong m hnh tng qut ca xc thc cc thng bo thng c mt 5 ngi tham d: ngi gi A, ngi nhn B, k xu C,
trung gian tin cy D v trng ti c lp E. Nhim v ca ngi gi A l hnh thnh v gi thng bo T cho ngi nhn B.
Nhim v ca ngi nhn B l nhn thng bo T v xc lp
tnh chn thc ca n. Nhim v ca trung gian tin cy D l
trin khai cung cp thng tin cng v cn thit c tnh
nghip v cho cc thu bao mng, trong trng hp xut
hin tranh ci gia A v B v tnh chn thc ca thng bo
th cung cp cc ti liu cn thit cho trng ti. Nhim v
ca trng ti c lp E l gii quyt tranh ci gia cc thu
bao A v B v tnh chn thc ca thng bo T.

94

Chng ta hy lit k cc phng php la di c th (cc


tn cng ph v tnh chn thc ca thng bo) trong iu
kin rng gia cc thnh vin A, B, C khng c s hp tc no.
Phng php A: ngi gi A tuyn b rng anh ta khng
gi thng bo T cho B, mc d trn thc t anh ta gi
(nh tro thng bo c gi hay l t b quyn tc gi).
Phng php B1: ngi nhn B thay i thng bo
nhn c t A v tuyn b rng thng bo b thay i
ny anh ta nhn c t A (nh tro thng bo nhn).
Phng php B2: ngi nhn B t mnh hnh thnh
thng bo v tuyn b rng nhn c n t A (gi mo
thng bo nhn c).
Phng php C1: k xu C xuyn tc thng bo m A
ang truyn cho B (nh tro thng bo ang truyn).
Phng php C2: k xu C hnh thnh v gi cho B thng
bo T vi danh ngha l ngi gi A (gi mo thng bo c
gi).
Phng php C3: k xu C copy thng bo trc y m A
gi cho B (nhc li thng bo c gi trc ).
Xc thc (ch k s) trong iu kin tin tng ln nhau
gia cc thnh vin trao i thng tin c bo m bng ci
gi l bo v chng gi mo thng tin v c thc hin nh
cc bin i mt m bn vng.
Chng ta hy so snh ch k thng v ch k s. Khi k
ch k thng s din ra nh sau:
Mi c nhn s dng cc c trng ring bit m
ch ngi mi c (nt k, p lc t ln bt
v.v).
Vic gi mo ch k c pht hin nh php phn
tch ho.
Ch k v ti liu c k truyn i cng vi nhau
trn cng mt t giy; truyn ch k ring r khi ti
95

liu tuyt i khng c; ch k khng ph thuc


vo ni dung ti liu c k.
Cc bn sao ca cc ti liu c k khng c gi
tr, nu nh mi bn sao khng c ch k tht (ch
khng phi ch k sao).
Khi k ch k s th thut ton nh sau:
Mi c nhn s dng mt kho b mt ring ca
mnh.
Bt c no mun k ti liu m khng bit
kho mt ring tng ng thc t s tht bi.
Ch k s ca ti liu l mt hm s ca ni dung
ti liu v kho mt; ch k s c th truyn i
tch bit khi ti liu.
Mt bn sao ti liu vi ch k s khng phn bit
so
vi
ti
liu gc.
Nm 1976, Diffie v Hellman a ra vn dng ch
k s xc thc thng tin. Bn cht ca vn nh sau:
Mi thu bao mng c mt kho mt ring ca mnh, m anh
ta dng n hnh thnh ch k v mt t hp kim tra
(cn gi l kho cng khai) m mi thu bao khc trong mng
u bit v c dng kim tra ch k s. Ch k s c
tnh trn c s thng bo v kho mt ring ca ngi gi. Ngi nhn bt k c trong tay t hp kim tra tng ng (kho
cng khai tng ng) s c th xc thc thng bo theo ch k.
y, nu ch bit t hp kim tra khng th gi mo c
ch k. S nh vy gi l s xc thc phi i xng.
Thut ng ch k s dng cho cc phng php, cho
php xc lp tnh chn thc ca tc gi mt thng bo khi
xut hin tranh ci v quyn tc gi ca thng bo . Ch
k s c p dng trong cc HT TT m khng c s tin

96

tng ln nhau ca cc bn (cc h thng ngn hng, cc h


thng kim sot s tun th cc hip nh quc t v.v).
Cc phng php hnh thnh ch k s c th chia lm 2
lp:
Lp th nht s dng cc hm mt chiu dng cc php
lu tha trong cc trng hu hn kch thc ln (hng
trm
v
thm
ch
hng
nghn bit).
Lp th hai s dng cc bin i mt m bn vng
dng kho b mt.
Trong c hai trng hp u i hi phi c s chun b
trc v phn phi cho cc ngi nhn tim nng cc thng tin
v cc t hp kim tra. Cc t hp kim tra, m mi ngi
u tip cn c (cng khai) phi c chng nhn thi
nh, sao cho c ngi gi, c ngi nhn sau ny u khng
th chi b c. C hai lp phng php ny u khng cn
cc knh lin lc mt. Yu t b mt duy nht y l kho
mt ring ca ngi gi m thi.
3.4.3. Bo v ton vn TT mc ni dung.
Bo v thng tin ton vn mc ni dung trn thc t thng c xem nh bo v chng li xuyn tc thng tin. Gi s
rng, k c khng c kh nng tc ng ln cc thnh phn
ring bit ca h thng ti cc a im kim sot, nhng
nu cc ngun thng tin i vo h thng li bn ngoi th
vn lun c kh nng l k c nm bt c cc ngun thng
tin . S xuyn tc c thng dng c cch nh la nh
trc v c cch dng mt phn s tht (trong thng tin gc)
dn ngi nhn n suy lun gi. Cc th thut in
hnh lm iu c th l:
Xo trc tip cc d liu.
La chn d liu theo xu hng.

97

Ph v s lin quan lgic v thi gian gia cc s


kin.
nh tro s tht theo ngha l (thm vo cc s
kin gi hoc ng ) khi nhn, n s c coi l gi.
Trnh by cc d liu quan trng trn nn cc c
liu mu sc rc r thu ht s ch (lm m nht
ni dung quan trng).
Xo trn cc tng khc nhau v cc s kin khc
nhau.
Trnh by cc d liu bng cc li l c th hiu
theo nhiu cch khc nhau.
Khng nhc ti cc chi tit ch cht ca s kin.
Ngoi ra, trong qu trnh thu thp v truyn nhn TT
cng xut hin s sai lch do cc nguyn nhn sau:
Truyn nhn ch mt phn bn tin.
Minh ho iu nghe c tng ng vi hiu bit ca
c nhn v cc khi nim ca c nhn.
B qua tnh s kin trn lng knh cc quan h ch
quan c nhn.
u tranh thnh cng chng xuyn tc TT cn phi:
Bit phn bit d kin v tng.
p dng cc knh thng tin d tr.
Loi b tt c cc khu trung gian tha v.v
Vn bo v thng tin trong h thng khi cc him
ho ph v thng tin mc ni dung thng tin cho n nay
vn cha c ch tho ng, c l l v: trc nay chng ta
vn xem xt cc h thng t ng ho nh l cc h thng
kim k kho tng hoc kim ton ngn hng, m trong
thay i ni dung mt bn ghi thc t khng gy nn mu
thun trong ni dung cc bn ghi cn li. Khi m cc thut ton
x l thng tin ngy cng phc tp, vic m rng cc ng dng
vo i sng kinh t x hi cc h chuyn gia v cc h hc
tp t xa v.v pht trin, lng thng tin a vo h thng s gi

98

vai tr ngy cng quan trng. Vic bo v ng ngha (ni


dung) s cn thit v cng.
3.5. Thit lp h bo v chng him ho khc t
phc v.
V rng mt trong nhng nhim v c bn ca h thng
l p ng kp thi cho cc khch hng thng tin m h cn
thit (d liu, c liu, tc ng iu hnh), cho nn him
ho khc t tip cn ti thng tin, trn gc h thng t
ng cng c th nhn nhn nh him ho t chi phc v
hoc him ho ngng hot ng. Mt khc, thit lp v khai
thc h thng t ng lin quan cht ch n vn bo
m tin cy, m s quan trng ca n ngy cng tng ln
theo mc phc tp v ph tn ca qu trnh x l v c
tnh cht ca nhng hiu qu tim n c th xy ra, c
bit l i vi nhng h thng iu khin ti hn.
3.5.1. Bo v chng li s ngng tr ca mi trng
phn mm.
Cc li trong bo m chng trnh s dn n hot
ng sai ca h thng hay l s t chi ca thit b. V vy
trong mt tng th lin quan hu c vi nhau y kh c th
phn tch cc nguyn nhn t chi c bit l giai on
u ca vic tm kim. Do vy ngi ta a ra khi nim
tnh tin cy ca bo m chng trnh, n thng c hiu
l tnh cht ca mt i tng gi nguyn c theo thi gian
cc gi tr ca tt c cc thng s, c trng cho kh nng
hon thnh cc chc nng cn thit trong cc ch cho trc
v trong cc iu kin khai thc, bo dng k thut, sa
cha, nim ct v di chuyn.
Mc d c s ging nhau b ngoi trong nh ngha
tnh tin cy gia cc thit b v bo m chng trnh, trn
thc t n li khc nhau v nguyn tc. Mt chng trnh ni
chung l khng th ngng chy mt cch ngu nhin. Cc li
trong bo m chng trnh, xy ra khi xy dng n, ph
thuc vo cng ngh, t chc v trnh chuyn mn ca
ngi thc hin v v nguyn tc khng l hm s ca thi
99

gian. Nguyn nhn ca cc khc t, xut hin do nhng li


nh vy v c ghi nhn nh mt qu trnh ngu nhin, khng
phi l thi gian hot ng ca h thng m l tp hp cc
d liu u vo thi im s c khc t.
Him ho khc t hot ng ca h thng (mt tin
cy) xy ra c th do hot ng c ca k xu, c th do
tn ti cc thit b v cc chng trnh c tin cy km
trong thnh phn cc my mc v bo m chng trnh ca
h thng.
Trong bo m an ton cho h thng chng li him ho
khc t hot ng, ngi ta thng a ra cc gi nh sau. Coi
tin cy ca cc t hp my mc l rt cao, v trn thc t
c th b qua thnh phn ny trong tin cy chung ca c
h thng. Hn na, tc i mi (v tm l) cc k thut
my tnh thng i trc rt nhiu tc lo ho (v vt l)
ca chng, v thng th s i mi thay th ca thit b
tnh ton lun din ra trc khi chng b thi loi (v bn
vng). Nh vy, tin cy trong hot ng h thng c th
quy v tin cy trong hot ng ca cc thnh phn nm
trong bo m chng trnh ca h thng. Cn mt gi
nh na, l khng cn phn bit bn cht ca cc
nguyn nhn s c v cc khc t trong hot ng ca h
thng, ngha l i vi tin cy hot ng ca h thng
khng quan trng vic cc s c lin quan ti cc hnh ng
ca k xu hay l ti cc li trong bo m chng trnh, m
quan trng l chng xy ra nh th no v mc no
tm cch chng (khc phc).
Tn ti 2 tip cn c bn trong bo v bo m chng
trnh ca h thng chng li him ho khc t hot ng l khc phc s c (fault avoidance) v tnh chu li
(fault tolerance) tc l tnh chu ng li hoc tnh bn
vng li hay cn gi l tnh ng cu ca h thng.
ng cu h thng cho rng, cc khim khuyt cn li
ca bo m chng trnh (tc l cc khim khuyt khc
phi c pht hin khi nghim thu v chp nhn chng
100

trnh) c pht hin trong thi gian thc hin chng trnh
v s c khc phc nh s dng s d tha v chng
trnh, v thng tin v v thi gian trong h thng. Cn
khc phc s c lin quan ti vic phn tch bn cht cc
li, xut hin cc giai on khc nhau trong qu trnh
xy dng bo m chng trnh v cc nguyn nhn xut
hin ca chng.
3.5.1.1. Bo m tnh chu li ca cc phn mm
trong cc h t ng ha (Fault Tolerance).
V nguyn tc, ta khng th bo m cho h thng
bo v tuyt i chng li him ho khc t hot ng, thm
ch ngay c khi khng c cc hnh ng ph hoi c ca k
xu. iu bt buc phi tm kim cc phng php v
cc phng tin nng cao an ton hot ng ca bo
m chng trnh cho h thng giai on khai thc.
thc hin vic ny, cc phng php ang c pht trin v
p dng l phng php pht hin chin thut cc khim
khuyt khi s dng cc chng trnh v cc sai lch d liu
bng cch a vo y s d tha v thi gian, v thng tin
v v chng trnh. Cc dng d tha ny c dng khi
phc kp thi (c tnh cht chin thut) cc chng trnh b
lm hng v ngn chn kh nng pht trin him ho n
mc c th ph v an ton c h thng.
c tin cy cao v an ton hot ng h thng
cn phi c cc ti nguyn tnh ton pht hin nhanh
nht cc biu hin ca khim khuyt, nhn din chnh xc
cc loi hu qu bit v hu qu c th; cng nh cho
cc bin php t ng ho khi phc nhanh hot ng bnh
thng ca h thng. S khng trnh khi cc li trong cc h
thng phc tp, cc sai lch v d liu cho v cc bt
bnh thng khc dn ti nhu cu phi kim tra thng xuyn
trng thi v qu trnh thc hin cc chng trnh v c bo
ton d liu. Trong khi thit k i hi phi xy dng cc
chng trnh tin cy v an ton, v cc CSDL n nh trc

101

mi tc ng v c kh nng bo ton cht lng cc kt qu


trong sut qu trnh hot ng thc t ca h thng.
S d tha thi gian th hin vic s dng mt phn
nng sut ca my tnh kim sot s thc hin cc chng trnh v khi phc (restart) qu trnh tnh ton. c
iu ny, khi thit k h thng phi tnh ti d tr nng
sut my m sau ny h thng dng nng cao tin
cy v an ton hot ng. Gi tr ca d tha thi gian ph
thuc vo yu cu an ton hot ng hoc x l thng tin
v nm trong khong 5 n 10% nng sut chung ca h
thng.
S d tha thng tin th hin s sao lu d phng cc d
liu tch lu c v cc d liu trung gian x l bi cc chng trnh. S d tha ny c s dng bo m
chnh xc cc d liu m nh hng ln hn c ti hot ng
ca h thng v i hi nhiu thi gian khi phc li
chng. Nhng d liu nh vy thng c cc c trng tch hp
v qu trnh iu khin bn ngoi, trong trng hp ph hu
chng c th dn ti ngng tr vic x l cc thng tin ca
chng, phn nh s an ton ca h thng.
S d tha chng trnh dng kim sot v bo m
s chnh xc ca cc quyt nh quan trng hn c v
iu khin v x l thng tin. N th hin trong s so snh
cc kt qu x l cc d liu ban u ging nhau bi cc chng trnh khc nhau v trong s loi b cc kt qu bin
dng do cc bt thng gy ra. D tha chng trnh cng cn
thit thc hin cc thit b kim tra t ng v khi
phc cc d liu dng d tha thng tin v cn cho hot ng
ca tt c cc thit b bo v c cc d tha thi gian.
c trng tun t lin tc thc hin cc chng trnh ca
b CPU dn ti iu l, cc phng tin kim sot chng
trnh chin thut c a vo sau khi hon thnh cc chng trnh ng dng v cc chng trnh phc v. V vy cc
phng tin chin thut thng khng pht hin c s xut
hin cc mo m ca qu trnh tnh ton hoc ca cc d
102

liu (li s cp) v chng ch ghi nhn c cc hu qu ca


cc sai lch s cp (ca li th cp). Kt qu ca cc sai lch
s cp, i khi pht trin theo thi gian v c th t n
c tnh khng hong khc t nu chm c pht hin.
3.5.1.2. Khc phc s c trong bo m CT cho cc
h thng t ng ho (Fault Avoidance).
Nhng nm gn y trong gii lp trnh s dng rng ri
m hnh chu k sng m t qu trnh xy dng chng
trnh. M hnh chu k sng ngy nay a ra di dng cc
chun bao gm cc pha c bn sau y:
Phn tch v c ch cc yu cu.
Thit k.
Thc hin.
Chng ta hy xem xt tng pha nu trn gc gii
quyt bi ton khc phc s c trong bo m chng trnh
cho h thng.
Pha phn tch v c ch cc yu cu.
y cn c bit ch khu c ch yu cu.
Phn tch tt c cc yu cu ti h thng cc nhim v k
thut (NVKT) - c thc hin giai on u tin khi xy
dng chng trnh. Cc NVKT hnh thnh trn c s lit k
cc yu cu i vi h thng do cc khch hng a ra (loi
bi ton phi gii quyt, cc c trng ca chng, ch
lm vic ca h thng, cc thit b ngoi vi i hi, kh
nng thng qua, thi gian tnh v.v trong nhng hn ch
cho v chi ph di x l).
Mc ch ca xy dng cc NVKT l lm r v chnh
xc ho cc nhim v t ln h thng, lin kt hi ho cc
yu cu ca khch hng vi kh nng ca ngi thc hin v
hnh thnh nhim v k thut ca bo m chng trnh.
Ni chung cc thng tin cha trong NVKT c th cha
thit lp cc c ch chi tit y . V vy cn
phn tch cc yu cu i vi h iu hnh (HH) b
sung cho thit k cc NVKT. S miu t HH giai on ny

103

c gi l n s b. n s b ny s l c s cho pha
tip theo l pha thit k.
M t hnh thc cc c ch, rt ra t cc NVKT l rt
kh nhng rt cn thit.
Thit lp cc c ch tc l a ra cc khng nh ton
hc r rng, y , duy nht (n ngha) v kim tra c
d dng.
Tip theo t cc c ch s thu c cc hin thc ho
phc v cho pha thit k sau ny.
Thc t chng t rng, a phn cc li m sau ny c
pht hin trong qu trnh chu k sng ca chng trnh v l
nhng li t gi v phc tp khc phc, thng xut
hin khu c ch cc NVKT thuc pha u tin ca bo
m chng trnh.
Pha thit k.
Nhim v chnh ca thit k h thng bo m chng
trnh l trn c s n s b, thit k c tp hp cc
c trng c bn ca bo m chng trnh nh cu trc ca
n tc l thnh phn v giao din ca cc modul. Sau l
khu chnh xc ho n s b, tc l a ra cc m t
hnh thc tp hp cc nhim v bn trong thit k cc
thnh t (cc th tc ring r), v cc thut ton thc hin
chng.
Khng tn ti mt l thuyt v phng php lun chung
cho thit k h thng. iu ny c l gii l do c rt nhiu
vn lin quan n thit k h thng, s phc tp ca cc
vn v s kh khn c c s hnh thc ho.
Pha thc hin.
Bao gm chn m, tch hp, c vit chng trnh (ngn
ng) v chy th. Thng ngi ta coi vit chng trnh l cng
c o ch khng nh hng ti tin cy ca chng trnh
cho nn y khng cn xem xt.
Vi mi pha ca bo m chng trnh lin quan ti cc li
c th: vi pha phn tch v c ch cc yu cu l cc li

104

h thng, vi pha thit k cc li thut ton, v vi pha m


ho - cc li chng trnh.
Nh vy, trn c s phn tch cc pha xy dng bo
m chng trnh v cc li xy ra trong cc pha ny, c th
kt lun rng c 2 loi li c bn cn c bit quan tm
y l:
c ch khng chnh xc t hp ton b HT chng
trnh v tng thnh phn ring ca n.
Khng ph hp gia hot ng CT v thut ton ca
n.
Khc phc cc li ny chnh l con ng khc phc s
c trong bo m chng trnh.
3.5.2. Phng php lun nhiu tng thit k.
Cc phng php thit lp HT ATTT c th chia ra lm 2
nhm:
Nhm i vi bt k HT TT no gm phng php
nhiu tng thit k; kho st s ph hp ng n
v kim chun.
Nhm c th ring ch cho HT bo v (L thuyt
h an ton).
3.5.2.1. Phng php nhiu tng thit k cho h
thng TT VT.
Theo nguyn tc tru tng ho, khi thit k h thng ngi
ta c th i theo 2 con ng: T thit b ln trn- ti my
o, biu din ca h thng, hoc t my o xung di- ti
thit b thc. y chnh l 2 phng php c bn trong thit
k: t di ln trn v t trn xung di.
Phng php t di ln gi nh bt u thit k t
thit b chnh ca h thng. Trong khi thit k, cc modul
chia thnh nhiu lp, v y lp khng ca h thng o
chnh l thit b chn. Cc lp, thc hin mt hoc vi
tnh cht cn thit, c thm vo k tip nhau cho n khi
thu c my o cn c.
Mt s hn ch ca phng php thit k t di ln l:

105

Cn thit ngay t u phi quyt nh chn cch


hin thc ho cc thnh phn ca HT nh thit b,
cc CT con hoc cc CT, iu ny rt kh lm.
Ch c th thit k HT sau khi thit lp c
thit b.
S khc bit gia HT thc v ci c xc nh trong
cc nhim v k thut.
Trong phng php t trn xung (cn gi l phng php
nhiu tng), ngi ta xut pht t mt my o, biu din ca
h thng vi nhng thuc tnh i hi v tun t thit lp
cc lp k tip ca my o cho n cc thit b c th. Trong
trng hp ny, thit k i theo th t sau y: Xc nh
mc tru tng ho miu t cc thnh t h thng ca cc lp
cao nht. Sau tin hnh phn tch mt cch h thng
xem xc nh cha cc thnh t c th hin thc
chng, y s dng mt vi khi nim nguyn thu.Nu
cha th mi hm s (chc nng) ca mi thnh t c
biu din l hm s ca cc thnh t ca lp k tip tng
ng vi mc tru tng ho thp hn, v li tin hnh phn
tch v kh nng thc hin chng. Trong phng php nhiu
tng cn s dng nguyn tc cu trc v nguyn tc thit
k theo modul.
Nguyn tc cu trc c ngha c bn v l c s
ca a s cc thc hin. Theo nguyn tc ny, thit lp
bo m chng trnh i hi phi c 3 kin trc:
Khi chc nng.
Chu k tng qut.
Quyt nh nh phn.
Khi chc nng (function block) c th hnh dung nh mt
ton t ring bit hoc mt chui tnh ton thc bt k vi
u vo v u ra duy nht nh mt chng trnh con. T
chc chu k thng c gi l yu t DO WHILE. Kin trc
nhn quyt nh nh phn c gi l IF THEN ELSE.
106

Cc kin trc ny c th coi nh l cc khi chc nng (v


chng cng ch c mt u vo v mt u ra). V do
c th a ra php bin i ton t chu k vo khi chc
nng, v tip theo c th xem mi ton t chu k nh vy l tng ng ca khi chc nng. Tng t c th dng bin
i kin trc nhn quyt nh vo khi chc nng. V cui
cng, c th a bt k mt chui cc yu t chc nng v
mt yu t chc nng.
Nguyn tc thit k modul phn tch cc chng
trnh thnh cc modul chc nng c lp, bo m s thay
th nhau, bin i c, a ra v thm vo cc thnh phn
nht nh.
u im ca nguyn tc modul c bn l:
Lm cho vic chy th chng trnh n gin hn,
v rng hn ch s tip cn ti mi modul v tnh
n tr ca biu hin b ngoi ca n gip cho
vic loi tr cc nh hng ca cc li i vi hot
ng ca n trong cc mdul khc lin kt vi n.
Bo m kh nng cng cng tc ca nhiu nhm
cc nh thit k, v rng mi lp trnh vin lm
vic vi mt phn c lp ca chng trnh.
Nng cao c cht lng ca chng trnh, v rng
kch c nh tng i ca mi modul v do s
phc tp c gim i v iu gip cho vic kim
tra chng trnh tt hn, loi tr cc li tt hn.
3.5.2.2. Kho st tnh ng n hin thc v kim
chun cc HT t ng ho.
Khi nim tnh ng n c hiu l s tng ng ca
i tng c kim tra so vi mt i tng mu no , hoc
so vi tp hp cc c trng chc nng v cc lut nh mu.
S ng n ca bo m chng trnh c phn nh y
hn c mc tng ng i vi cc i hi hnh thc
ho i vi n v c t chng trnh, cc c trng mu,
cc tnh cht v iu kin m chng trnh phi tng ng.
107

Nh vy, vic to dng tp hp cc c t khng mu


thun v lin kt vi nhau l c s cn thit bo m
tnh ng n ca chng trnh c xy dng. y cc
c t cn phi c cc tnh cht sau:
Phi l hnh thc ho.
Cho php kim tra s khng mu thun v tnh
y cc yu cu t hng.
L c s thit k hnh thc ha tip theo i
vi HH.
Tn ti mt s phng php tip cn xc nh c t cc
yu cu.
c t nh mt s miu t.
Trn quan im nh t hng th anh ta a ra yu cu
k thut cho h thng nn anh ta nhn c t h thng c
bn nh mt ti liu miu t h thng m anh ta mun c. V
nguyn tc, trong m t phi ch ra c nhng g m
h thng phi v khng nn lm. Trn thc t ngi ta thng
ngm nh rng, h thng cn phi lm ci m c
chnh xc ho trong c ch, ngoi ra h thng khng phi
lm nhng g hn na. y chnh l vn c bn ca
m t trong c ch.
c t nh mt s cho trc.
Nh sn xut nhn ti liu c t nh mt t hp cc
thnh phn ring, cn phi lp rp vi nhau gii quyt
vn m nh t hng yu cu. Quan im lm cho
kh khn hn khi a ra ti liu m t (ni trn). Cc c liu
trong m t (c t) nh hng ln n t do ca nh
sn xut.
Phng php lun hp ng.
Trong khun kh s m t ca nh t hng s
cho trc i vi nh sn xut th c t c xem xt nh s
chia s gia cc bn. Ngi t hng s c gng m phn s
chp nhn nh nht, trong khi nh sn xut hng ti s i
hi ln nht. m phn c a ra v tin hnh khi bt u
108

hnh thnh h thng v kt thc ch khi thit lp xong


h thng, khi m nh t hng chp nhn n nh l p
ng nhng yu cu ti thiu ca anh ta.
c t nh mt m hnh.
Khi nim hin i v chnh xc hn c v c t l coi
n nh mt m hnh ca h thng. Vi iu kin rng
ngha c bn ca m hnh phi thuyt phc, th c
t loi ny bo m cung cp mt cng thc r rng cc i
hi vi h thng cn thit lp.
Nh trn lu rng, khi thit lp h thng t ng v
c bit l cc thnh t (nh l mt h thng) bo v thng
tin phi s dng tip cn thit k hnh thc ho.
Thit k hnh thc ho cc thut ton da trn c s cc
ngn ng lgic thut ton, n bao gm mnh Q(S)R, c
c nh sau:Nu trc khi thc hin ton t S hon thnh
iu kin Q, th sau khi thc hin n s c R.
y Q c gi l iu kin tin s, cn R l iu
kin hu s. C tin (Q) v hu (R) u gi l cc
tin .
S xem xt cc chng trnh nh l mt loi bin i cc
tin cho php trc tip xc nh s lin h gia cc
trng thi u v cui m khng cn quan tm ti cc trng
thi trung gian, m c th xut hin trong khi thc hin chng trnh.
u im ca vic coi mt thut ton l mt bin i cc
tin chnh l ch, n cho php c th:
Phn tch cc thut ton nh cc i tng ton hc.
Miu t hnh thc cc thut ton.
T hp cc thut ton theo cc c t.
Tin hnh s kim chun hnh thc cc thut ton,
tc l chng minh tnh ng n ca s thc hin
cc thut ton.

109

Phng php x l hnh thc v chng minh tnh ng


n ca cc thut ton hin nay kh hon thin. Bn
cht ca cc phng php ny nh sau:
Thit k thut ton tin hnh bng phng php
phn tch lin tc, phn chia bi ton tng qut
(c gii bng c thut ton) thnh dy cc bi ton
con.
Tiu ch ca vic chi tit ho cc bi ton con l kh
nng thc hin chng bng mt cu trc nhnh
hoc chu k.
Vic chia bi ton ln thnh cc bi ton con phi
tin hnh sao cho li hnh thnh cc tin v hu
cho mi bi ton con vi mc ch thit k
ng n chng v kim chun tip theo.
chng minh tnh ng n cc thut ton (kim
chun) s hnh thnh nh l ton hc Q(S)R v sau l
chng minh nh l ny. Ngi ta chia chng minh nh l v
tnh ng n lm 2 phn: Trong phn u chng minh
rng, thut ton ang xem xt ni chung hon ton c th
hon thnh cng vic (tin hnh phn tch tt c cc chu
k); trong phn th hai tnh ng n ca tin vi gi
thit rng thut ton s hon thnh cng vic.
3.5.2.3. L thuyt TCB cc h thng an ton.
Khi nim mi trng tnh ton tin cy (trusted
computing base TCB) xut hin nc ngoi t lu. ngha
c trng tin cy c th hiu nh sau.
Bn cht ri rc ca c trng an ton(tc l ci g
l an ton s p ng y cc yu cu ra, hoc l
khng an ton nu mt hoc vi yu cu khng c thc
hin) cng vi khng nh rng khng c ci g l an ton
tuyt i c (an ton 100%) gi ti vic a ra mt cm t
mm do hn, kh d cho php nh gi c mc m h
thng bo v c thit lp p ng mong i ca ngi t
hng. Cm t tin cy v th ph hp hn, nh vy c th
hiu an ton v tin cy l nh nhau trong trng hp ny.
110

TCB bao gm tt c cc thnh t v c ch ca h thng


c bo v, p ng thc hin cc chnh sch an ton
(CSAT). Tt c nhng phn cn li ca h thng v c nh
t hng ca n u ngm nh rng, TCB thc hin
ng n CSAT cho ngay c trong trng hp nu mt vi
mdul hoc tiu h ca h thng c thit lp bi k ph
hoi c chuyn mn cao vi mc ch can thip vo hot
ng ca TCB ph v CSAT do n duy tr.
TCB gm cc tiu cc thnh t v bo m cc chc nng
sau:
Tng tc vi cc thit b HT (ngoi vi).
Bo v b nh.
Chc nng vo ra cc files.
iu khin cc qu trnh.
TCB thng c thc hin dng nhn an ton, ni tp
trung tt c cc c ch bo m an ton.
Trong khun kh tip cn TCB nu trn, c th xc nh
cc giai on thit k mt h thng ATTT nh sau:
Xc nh chnh sch an ton.
Thit k m hnh HT TT.
Xc nh m ca HT.
Bo m thc thi ng chnh sch an ton cho.

111

Chng 4
Cc phng php mt m v cc thit b bo v
4.1. Cc nguyn l BVTT bng mt m.
4.1.1. Nhim v ca cc thit b mt m.
Cc thit b bo v TT bng mt m (TBMM) l cc my
mc cc TB chng trnh v cc chng trnh (phn mm)
thc hin gii thut mt m (thut ton mt m) bin i TT
vi mc ch:
Bo v TT khi x l, lu tr v truyn dn n trong
mi trng vn chuyn ca HT t ng (HT TT VT).
Bo m s chnh xc v ton vn TT (k c s
dng ch k s) trong khi x l, lu tr v chuyn ti
theo mi trng truyn thng ca HT TT VT.
Cung cp thng tin dng cho cc qu trnh nhn
dng v xc thc ch th, ngi dng v cc thit b.
To ra TT s dng cho vic bo v cc thnh t
xc thc ca HT trong qu trnh x l, lu tr v vn
ti chng.
Lun lun gi nh rng, cc TBMM c dng trong HT TT
VT no (trong mt lot cc ngun pht tin ca cc HT TT
VT hoc cc mng lin lc) cng ng thi vi cc c ch
thc hin v bo m chnh sch an ton (CSAT).
Khng i su vo nh ngha mt bin i MM (h
mt) chng ti im qua mt vi c tnh ca n:
Trong TBMM thc hin mt thut ton no bin
i TT (m ho, ch k s in t, kim sot ton
vn v.v).
Cc tham s u vo v u ra ca bin i mt
m c mt trong HT TT VT dng vt cht nht
nh (cc i tng objects ca HT).

112

hot ng c, TBMM s dng TT mt no


(kho m).
Thut ton ca bin i mt m thc hin dng mt
i tng (object) vt cht no , c tng tc vi mi
trng bao quanh (trong c cc ch th v cc i
tng ca HT TT VT cn bo v).
Nh vy, vai tr ca TBMM trong HT l ch n lm bin
i cc i tng. Trong mi trng hp c th bin i nh
vy c cc c th ring. Chng hn, th tc m ho s dng
cc thng s vo l bn r v kho, kt qu php bin i
l bn m, ngc li, th tc gii m s dng cc thng s vo l
bn m v kho; th tc hnh thnh ch k s li dng u
vo l bn tin v kho mt ca ch k, kt qu u ra l
ch k c tch hp vo ngay bn tin.
C th ni rng TBMM tin hnh bo v cc i tng
mc ng ngha. Trong khi cc thng s - i tng ca
mt bin i mt m cng l cc i tng y (bnh
ng) ca HT v chng c th l i tng ca mt chnh
sch an ton (CSAT) no . (V d, cc kho m c th v
cn c bo v khi cc tip cn tri php, kho cng khai
kim tra ch k s cn c bo v khi s thay i
v.v)
4.1.2. Th hin mt m trong HT bo v TT.
Mt m c a vo HT bi cc TBMM. TBMM trong cu
trc ca HT TT VT c bo v c mt thc th c th -
l mt thit b chuyn dng c g lp vo my tnh hoc
l mt phn mm chuyn bit.
Nhng cng on lm vic sau y ca TBMM l rt
quan trng:
Trao i TT vi mi trng bn ngoi, ni c th hn
l khi a nhp kho, bn r vo m ho.

113

S dng cc chi tit my (trong trng hp my m) c


tin cy thp (ngha l trong cc chi tit ca
TBMM c th xy ra sai st hoc trc trc).
Trong trng hp chng trnh phn mm, vic chy
CT trn b x l km tin cy v trong mi trng phn
mm c cha cc CT l, c th gy tc ng n
cc cng vic ca TBMM.
Lu gi trn vt mang vt cht (trong trng hp phn
mm) v c th c s bin dng c hoc ngu
nhin trong khi lu gi.
Tng tc vi mi trng bn ngoi mt cch gin tip
(c nui t li in, bc x cc trng in t v.v).
Con ngi tham gia thit k v khai thc c th gy
ra cc li (c hoc ngu nhin ) cho TBMM.
Do vy c th ch ra cc nguyn nhn chnh ph v ATTT
khi x l TT cc TBMM.
4.1.3. Cc him ho ATTT trong p dng mt m.
4.1.3.1. S r r TT theo cc knh k thut:
Bc x in t cao tn trc tip (bc x ca cc ng
phng in t, mang TT v hin mn hnh, bc x
cao tn ca block h thng, c chnh lu bi tn
hiu khun dng chung v.v).
Bc x in t m tn trc tip (trng c thnh
phn t mnh ca cc yu t t nh cc cun dy
hoc cc bin p).
Bc x in t gin tip (cm ng trn cc dy dn
v b mt dn in, s chnh lu ca cc b hi
tip ca cc thit b tr gip).
Knh m thanh (m thanh v rung ng khi n bn
phm v chy cc my in, ging ni ca cc nhn
vin TBMM).

114

Knh video (nhn hoc chp nh cc bn r trn


mn hnh, my in hoc cc thit b nh x TT khc).
Knh m thanh - in t (bin i cc tn hiu
m thanh v dao ng vo cc tn hiu in bng
cc thit b tr gip nh in thoi, ng h in t,
cc thit b chiu sng v.v).
Knh ng in li (s khng ng u ca dng
in nui t in li cm ng trn dy dn in
nui).
Theo ng ni t hoc theo ng lin lc ca
my tnh cc thit b truyn tin nh Mem (cm
ng tn hiu t TBMM vo ng truyn hoc ng
ni t).
4.1.3.2. Li trong cc chi tit ca TBMM.
S ngng chy v cc li trong cc chi tit ca TBMM c
th gy nh hng trc tip n dng ca bin i m ho
(c th chng t rng, ni chung s ghi nhn cc in th
khng hoc n v s dn n s n gin ho thc thi
ca bin i m ho), nh hng n cc th tc tng tc
ca my mc hoc chng trnh ca TBMM vi cc thit b v
cc CT khc (v d, a vo mi ln kho c nh) hoc ti
cc trnh t c kho.
4.1.3.3. Lm vic cng vi cc chng trnh khc.
y s c 2 loi tc ng nh hng n an ton, nh
hng v v nh hng c .
Ta th xem xt trng hp tc ng v (ngu nhin). Gi
s chng trnh ang m mt file (tp) v cha bn m vo
. Nu cng lc cng lm vic mt chng trnh khc
cm vic ghi ln disk (a). Khi kt qu ca vic m ho
s l chnh file ban u (cha m g). Ni chung, ngun ca
cc tng tc v thng l s tranh chp cc ti nguyn tnh
ton v vic x l khng ph hp cc tnh hung li.

115

Trng hp tc ng c thng l cc m virut (CT virut),


CT nga Troa (cn gi l by chng trnh). l mt modul
phn mm c bit c mc ch tc ng ti cc TBMM.
Cc by chng trnh c th lm vic 2 ch : th ng
v ch ng.
1) Th ng (cha cc kho a vo hoc cc bn r
m khng nh hng g ti thng tin).
2) Ch ng:
nh hng ti qu trnh ghi - c cc chng
trnh m ho v ch k s nhng khng lm thay
i ni dung thng tin (v d CT by dng cho
h thng ch k s PGP thc hin vic lin kt
cc on r b lm ngn bt bm bn r).
Tc ng ti qu trnh c ghi lm thay i
thng tin.
Lm thay i thut ton m bng cch bin tp
li b m trong file hoc trong b nh ng.
4.1.3.4. Tc ng ca con ngi.
Thao tc vin c th a mt cch c hoc v vo mt
chng trnh mt vi tnh cht no (v d, kh nng
ch chy th (cc by) CT cho hin mt TT ln mn hnh
hoc trn cc vt mang bn ngoi). Ngi khai thc CT bo v
c th cho rng CT bo v khng thun tin v bt u
s dng n khng ng nh ch dn (a vo kho ngn hn
quy nh hoc l dng ch mt kho m cc TT khc
nhau). Lu nh vy cng ng vi cc my mc bo v.
Vi li ca cc nhn vin th ngoi vic ci t cc thit
b gim st (camera theo di) lm vic, cn cn phi theo di
qu trnh thit k v p dng cc bin php t chc khc
na.
4.1.4. Cc nguyn l c bn ca TBMM.
4.1.4.1. Cc i hi v mt m.
116

Gi s rng m thm c th s dng mi phng tin v


c liu v vt cht thm cc bn m ca ta (do TBMM bo
v), n c th s dng thut ton thm bt k (i vi ch k
s - thu c kho b mt ca ch k hoc l la chn
bn r).
Hiu sut ng dng cc thut ton ca nh thm m c
xc nh bi i lng trung bnh TT thm c , n l gi tr
trung bnh ca t s gia lng TT thm c v ton b lng TT
m ho v c em thm, v bi kh m ca mt n
v TT, c o bng Q php th c bn. Mt php th c bn
c hiu l mt thao tc trn 2 s nh phn bc n bt k. Khi
thc hin thut ton thm m, c th s dng mt s tr tin
nghim, c b nh khng vt qu M bn nh phn. C mi ln
dng n b nh, nh vy, ta c th ghi vo mt a ch no
hoc c ra t b nh khng nhiu hn n bit TT. Nh vy,
mi ln vin ti b nh theo kh coi nh bng mt php th
c bn. Mt n v TT thng c coi l ton b lng TT c
x l trn mt TBMM trong khong thi gian l mt n v
(thng l 1 ngy) k hiu l V. Tn cng ca thm m ln b
mt ca TT coi l thnh cng, nu lng TT thm c (r) ln
hn V.
Vic p dng thut ton thm m coi l khng hiu qu,
nu tha mn mt trong cc iu kin: < 0 hoc Q Q0.
Gi tr cc thng s , Q, V, M v cc gi tr ngng 0 , Q0, xc
nh ring r cho mi TBMM.
4.1.4.2. Cc i hi v tin cy.
Mi TBMM cn phi bo m tin cy xc nh cho
cc php bin i mt m c p dng. tin cy ny c
o bng gi tr cho php ca xc sut hng hc hoc ngng
tr c th dn n lm cho k ch nhn c cc TT ph v
php bin i mt m.
Thng tin nguy him ny cho php lm gim (tim nng)
cc thng s kh Q0 c trng cho mi TBMM khi p dng
mt thut ton m thm no . Khi tnh thng s Q ch
tnh ti cc tiu hao khc phc cc hng hc m khng
c pht hin trc khi TBMM lm vic (v d, nu my tnh
117

khng ti c v TBMM khng lm vic, th loi hng hc


ny khng nguy him).
S chnh xc ca hot ng ca cc yu t k thut ca
HT TT VT m trong c ci t TBMM c xc nh nh
s tng ng trong hot ng thc hin cc thao tc (cc
lnh) ca HT ng nh ch dn trong ti liu hng dn i
km. Sa cha v bo hnh, bo dng TBMM cng khng c
lm cho cc tnh cht ca n km i (trong c cc thng
s tin cy).
4.1.4.3. i hi v bo v chng TCTP.
Trong mt HT TT VT c ci t cc my m hoc cc
phn mm m ho, khi lu gi v x l TT trong h thng nht
thit phi thc hin cc c ch bo v chng TCTP sau
y:
Nhn dng v xc thc ngi dng v cc ch th
tip cn (chng trnh, qu trnh).
Kim sot tip cn.
Bo m tnh ton vn.
ng k v kim ton.
Tiu h xc thc v nhn dng nhm phn tch v nhn
bit nhng ngi dng c cho php lm vic vi TBMM trn
c s cc du hiu nhn dng ca ring h (mt khu, nhn
TBMM v.v). Khi thc hin tip cn ca cc khch hng ti HT
TT VT hoc ti TBMM, xc sut P xc thc nhm trn mi ln
tip cn phi khng ln hn P0. Trong HT cn phi xc nh
s gii hn s ln thc hin cc tip cn khng thnh
cng (m nu c thc hin th coi l TCTP). Xc thc nhm
c hiu l mt s kin coi mt khch hng khng ng
nhp HT nh mt khch hng hp php trong s la chn ngu
nhin, ng xc sut, khng nhc li du hiu nhn dng
trong tp cc du hiu c th ca khch hng . V d,
trong nhn dng vn tay th P0 c th coi ~10-5 (xem phn
Nhn dng v Xc thc chng III).
118

Tiu h kim sot tip cn thc hin vic kim sot


lung thng tin gia cc ch th v cc i tng TC v bo
m s kim tra vic thc thi cc quyn TC ca cc khch
hng ti TBMM.
Tiu h bo m ton vn (TV) thc hin kim sot s
bt bin ca cc c ch phn mm bo v (chng TCTP)
trong c thut ton hot ng ca TBMM, ph hp vi cc
lut kim sot TC:
Xc sut P lm thay i thut ton hot ng ca
TBMM (hoc ca h bo v chng TCTP), trong mt
ln tip cn khng c vt qu xc sut P0.
Xc sut P ca vic c tri php hoc thay i tri
php cc TT mt trong HT trn mt ln tip cn, khng
c vt qu xc sut P0.
Tiu h ng k v kim ton cn phi bo m ng
k (ghi nhn) cc thng s ca qu trnh xc thc v nhn
dng ca khch hng, qu trnh cho ra cc ti liu trn cc
vt mang vt cht ( a, copy rn v.v), khi chy (v kt
thc) chng trnh v cc qu trnh dng x l cc file c
bo v: cc nh tip cn bng phn mm ti cc file .
Tiu h ng k v cc d liu c dng l i tng
ca kim sot TC. Cn phi thc hin kim ton t ng cc
file bo v c hnh thnh v cc vt mang tin mi xut
hin.
Trong h bo v chng TCTP cn phi c s quan BVTT
ngi chu trch nhim v vic thm vo v xo b cc ngi
dng TBMM trong HT; v xc lp cc quyn TC, v s lm vic
bnh thng v s kim sot cng vic ca cc c ch bo
v chng TCTP.
4.1.4.4. i hi ti mi trng thit k, sn xut v
hot ng ca TBMM.
Cc TBMM nm trong HT v mi trng (chng trnh v
thit b) bao quanh, m trong TBMM c thit k, sn
119

xut v a vo s dng, khng c c cc chc nng nhim


v (cng khai v b mt) khc, cho php:
Lm bin dng hoc thay i thut ton lm vic
ca TBMM trong qu trnh thit k, sn xut v s
dng; k c cc lung TT hoc kim sot v cc qu
trnh lin quan ti hot ng ca TBMM.
Thc hin tip cn (c v thay i) ca nhng
ngi l mt (hoc l cc qu trnh do h iu
khin); ti cc kho mt m v cc TT nhn dng v
xc thc.
Nhn c tip cn ti TT mt ca TBMM.
Thnh phn (cu to) v nhim v ca cc thit b chng trnh phi c nh v khng thay i trong sut c
thi gian.
4.2. Cc vn h thng khi thc hin cc phng tin
bo v mt m.
Trn thc t tn ti hai phng php dng mt m (ch yu
l trong m ho) cho cc i tng ca HT TT VT: m ho tnh
v m ho ng.
4.2.1. M ho tnh.
Bn cht ca m ho tnh nh sau: Trc tin thc hin m
ho ton b mt file (cn m) bng mt chng trnh (m ho)
no . Ta nh l chng trnh ny c coi l mt ch th S
(trong m hnh S O) ca HT. Sau vic gii m s c
thc hin bng chnh ch th y hoc mt ch th khc ca
HT. Lu l, gii m c th p dng chnh chng trnh
trn hoc mt chng trnh khc (dnh ring cho gii m). Ri
mng (massive) gii m thu c, cung cp cho chng trnh
ng dng ca ngi dng.
Tip cn m ho tnh c nhiu yu im mc d n c
s dng kh rng ri. Cc nhc im c tnh nguyn tc ca
phng php ny l:

120

Cn c mt ti nguyn h tr cho vic m ho i tng


v phi m ton b mt file (cn b nh thao tc m
ho v khng gian a ghi kt qu file m ho).
Trong gii m cng cn c khng gian a cho vic
gii m thnh file vi tn khc (so vi file u tin).
Tim cha kh nng tip cn ti file gii m (file r)
(trong thi gian tn ti ca n) t pha cc ch th (S)
tch cc ca HT.
Cn phi gii quyt vn hu (chc chn) file
c gii m (tc l file r) sau khi s dng xong.
4.2.2. M ho ng v p dng.
Trong thi gian gn y, khc phc cc nhc im
ca m ho tnh ngi ta ng dng rng ri phng php m ho
ng (Dynamic Encryption). Bn cht ca n nh sau: Trc ht,
thc hin m ho ton b file (ging nh m ho s b). Sau
, s dng cc c ch c bit lm bin i chc nng
bo m chng trnh ca HT nhm iu khin cc i tng
(O), thc hin vic gii m i tng (file m ho trn). Nhng y vic gii m khng phi i vi c file, m ch gii
m phn ca i tng m ti thi im cn dng cho chng trnh ng dng (S), tc l chng trnh ng dng cn
dng ti u th gii m ti v dng kp thi ngay (khng
phi ghi file gii m nh mt i tng mi ca HT nh trong m
ho s b).
Phng php ny cho php s dng tit kim (ti u) cc
ti nguyn HT, v ch tin hnh gii m phn i tng m
chng trnh ng dng trc tip cn. Ngoi ra, trn cc vt
mang (trn my) TT lun lun c lu dng m ho, iu m
bo m an ton chng tip cn tri php i hi.
Phng php m ho ng c p dng rt tt cho vic
bo v cc i tng xa, hay cc i tng phn tn ca HT.
M ho ng cc file cn phi xem xt trong tng th bo
v cc nhm file th mc hoc a lgic.

121

Khi cn thit lm vic vi cc file xa ca HT, ti mt my


trm ta kch hot bo m chng trnh mng (HH mng).
N s xc nh li chc nng lm vic vi cc file ca HH v
nh vy (t gc my trm) to ra mt khng gian file thng
nht ca my trm v file server (my ch). V lm vic vi
cc file c thc hin nh chc nng ca HH t my
trm, bo m chng trnh mng (HH mng) s thay i
cc chc nng ny sao cho, lm vic vi chng t pha mc
ng dng ca HT din ra nh bnh thng. Chnh iu cho
php bo m cng vic bnh thng ca cc tng ng dng
v ngi dng trn cc my trm ca HT. Cc chc nng lm
vic vi cc file ca HT c ci t vo mt chui x l cc
thao tc file nh trong hnh v sau y. Cn lu rng, cc
modul 1 4 trn thc t nm ti ROM my trm ca HT. Cc
thao tc file y l:
ng kn file.
c t mt file m.
Ghi vo mt file m.
1. Chng trnh ng
dng

2. Modul mt
m

3. Trm lm vic (client)

4. HH trm

5. Tng vn ti

6. HH mng

Hnh 4.1: V tr ca modul mt m trong m ho


ng
122

Hnh 7 m t cu trc tng tc ca modul mt m v bo


m chng trnh HT trong m ho ng cc file.
Chng ta hy xem xt hai hnh ng tim nng c bn
ca k cng ph:
1. Kt ni vi mt file trn my ch t ch lm vic (t
my trm) m khng c kho gii m.
2. Bt TT knh lin lc Client Server.
Hnh ng u tin b v hiu ho, v vic m ho TT
ch din ra trong ROM ca my Client ca HT v vic ghi c TT t a cng (HDD) ca Server hay ca my trm thc
hin ch dng m ho m thi. Cng v l do m hnh
ng th hai ca tin tc cng b v hiu ho: Vic trao i
TT gia Client v Server din ra cc mc 3 5, khi m s
m ho va kt thc hoc l khi m s gii m cn cha
bt u.
C th chng t rng, phng php m ho ng trong
iu kin bt bin i vi bo m chng trnh ng dng
ca trm lm vic l ti u (tc l bo m cc tiu xc sut
tip cn ti TT gii m) so vi cc phng php khc ca c ch
mt m.
4.2.3. Phng php server m ho ng dng.
Phng php server mt m l mt dng ca m ho ng.
Ngi ta tch ring mt thnh t tch cc ca HT (thng l mt
my trm client) lm chc nng mt m. Thnh t ny
phi c cng nhm ti nguyn chung vi cc ch th (S) c nhu
cu mt m. Khi to ra mt file no thuc ti nguyn
chung, th vic ghi vo file s t ng c m ho (hoc
c kim sot ton vn) nh server mt m ny. Ngoi ra,
trong server mt m ng dng ny, c th thc hin chc
nng cch ly file phi bo v (tc i tng bo v) bng cch
123

di chuyn n vo mt nhm mng ring bit (th mc cc file


phn k). Qu trnh bin i ngc li (gii m) hoc th
ton vn tng t nh vy s din ra ti cc mng c tch ring
khc.
i vi mt ch th (S) ca my Client, qu trnh trn
ging nh l m ho t ng (hoc l t hp ch k s vo
file). Khi ta ghi vo mt th mc cho trc v xut hin mt file
c m ho trong mt th mc khc.
Phng php server m ho ng dng c dng rng ri cho
vic bo v mt m cc file ti liu in t trong cc h
phn tn v cc h lin lc vin thng.
4.3. Bo v mt m cc tng vn ti v ng dng.
4.3.1. Bo v mt m tng vn ti.
Trong nghin cu vn bo v tng vn ti ca HT,
chng ta cn lu ti cc tnh cht hot ng ca m hnh
lin kt mng m OSI nhiu tng: vic truyn nhn TT t cc
tng trn biu din (ca cc file) ti cc tng thp (ti cc
pakets gi tin) gi nguyn vn ton b phn ni dung TT. T
suy ra rng, vic m ho ca cc file thc hin nh cc
thao tc file (nu phn trn) dn ti s i qua ca cc phn
TT ca mi gi tin (thu c t mt file c m), n tng
vn ti dng m. V ngc li, cc th tc m ho nm ti
tng vn ti, nhn v truyn TT ln cc tng cao hn ca
biu din s dng r.
iu ny cho php xc nh, trong cc iu kin nh th
no c th p dng m ho tng vn ti.
Trong trng hp ng cp dn ca HT i qua vng
m k xu d dng tip cn.
Khi khng c kh nng t cc ng dng ngi dng
vin dn h m c ng cho cc file.
Khi khng cn thit m ho cc ti nguyn a phng (local).

124

Bo v mt m tng vn ti c th thc hin bng CT


phn mm khi ci t vo trong cc thit b lung mng v
c th bng my khi g lp my vo ch giao nhau my trm
client cc thit b mng (mc 4 trong hnh v trc) hoc g
lp vo ch ni gia my trm client h thng ng
truyn (mc 6 trong hnh v sau y). Trng hp TBMM g
lp ngi ta thng gi l hp mt m (Crypto Box) hoc l
mun an ton (SAM Secure Adapter Modul). Ta gi tn nh
vy l do cc TBMM g lp an ton c lp, khng ph thuc
vo s hot ng ca cc chng trnh c np vo HT tng
ng dng.
Sau y l cc s biu din vic bo v mt m
tng vn ti va trnh by trn:
1. Chng trnh ng
dng
2. My trm (Client ca mng)

3. HH cc
b

4. Modul mt m ci
t
5. Tng vn ti

6. Modul mt m g
lp
Hnh 4.2: Bo v
mt m tng
vn ti

7. HH mng

Nh thy, bo v mt m tng vn ti l trong sut vi


vic i qua ca TT tng ng dng, v v vy n khng bo
v, chng c cc him ho mc tng tc ca mi trng
thao tc (HH) v tng tc ca cc ng dng (nh hng ca

125

cc chng trnh ng dng ti cc file c m v cc chng


trnh m ho).
4.3.2. Bo v mt m tng ng dng.
Bo v mt m cc TT tng ng dng - l mt trt t
thit k, thc hin v s dng cc TBMM, m trong thng
tin u vo, u ra v c th c cc tham s kho u
thuc v cc lung v cc i tng (O) ca tng ng dng
(trong m hnh lin kt mng m OSI).
Thng tin ang lu tr ti cc tng thp ca m hnh OSI,
trong quan h vi mt i tng (O) ca tng ng dng, l cc
i tng con ca i tng O ny, v lun lun c xem l tch
bit ln nhau (v d, cc gi tin, cc datagrams). Do ,
cc tng thp (tng mng v thp hn) khng th nhn bit
chnh xc c, v v vy khng th bo v bng cc phng
php mt m c cc i tng c cu trc phc tp dng vn
bn in t hoc l mt trng no ca mt CSDL. Ti
cc tng thp ny, loi ti liu in t nh vy c biu
din bng mt dy cc i tng con an xen vo nhau (mt
dy ln ln cc gi tin paket chng hn).
Mt khc, ch c tng ng dng mi c th c th ho
mt i tng, tc l gn mt cch n nht i tng vi
ch th sinh ra n (ch th ca tng ng dng lun lun
l chng trnh ng dng, c iu khin bi con ngi ngi
dng). Cc ch th S ca cc tng thp c gn cho cc c
trng (tham s) c bn nh a ch ( l TT c trng cho
ch th tng thp mt my tnh PC chng hn). Cc tham
s ny s ch nh sinh ra mt dy cc i tng (v nhiu
i tng con ca mt i tng ca tng ng dng). Ta cn nh
rng, a ch my tnh ch l mt c trng gin tip ca
mt ch th sinh ra TT ca tng ng dng.
Chng ta cn lu ti tnh cht k tha v bo v lgic
(logic) t tng cao ti cc tng thp ca OSI. C th chng
minh nh sau:
126

nh : Trong bo v TT tng ng dng, cc th tc


truyn tin, chuyn thnh cc gi (packets), nh tuyn v
lp ghp ngc tr li khng gy thit hi g cho tnh b mt
ca TT.
Nhn y cng cn khng nh rng: Hai nhim v
kinh in ca bo v mt m (bo v tnh b mt v bo
v tnh ton vn TT) l bt bin (invariant) i vi mi tng
ca m hnh OSI (v tnh k tha ni trn). Bo v tng ng
dng cng gii quyt hai nhim v ni trn hoc l ring r
hoc l cng lc.
C th thy hai cch tip cn ti vn bo v mt m
tng ng dng. Phng php tip cn th nht (H mt m g
lp) thc hin chc nng bo v mt m ti mt ch th chng trnh phn mm ring bit (v d, sau khi chun b
xong ti liu in t file r; ngi ta kch hot chng trnh
ch k s cho file ). Phng php ny cn c gi l Bo
v khch hng (v rng kch hot chng trnh do khch
hng ngi dng u cui thc hin v n c t ti ch
lm vic ca ngi dng). Phng php th hai (H mt m ci
t) thc hin vic gi chc nng ca ch th TBMM trc
tip t chng trnh sinh ra i tng cn bo v (files) v ci
t cc hm mt m vo chnh chng trnh ng dng (CT
sinh) .
Sau y l s so snh gia 2 phng php nu trn:
Tnh cht ca
TBMM

Phng php 1

Phng php 2

i lin vi tiu h
ng dng.

giai on khai
thc

giai on thit
k v sn xut

Ph thuc vo h
ng dng

Thp (t ph
thuc)

Cao (rt ph thuc)

127

V tr (nh v)
ca i tng bo
v

Bn ngoi (so vi
mun bo v v
chng trnh ng
dng)

Bn trong (bo v
i tng bn trong
ca CT ng dng)

Ph thuc HH

Ton b

Thp (t ph
thuc).

128

Cu hi v bi tp phn 1
1. Hy to v m t cc trng hp v mt HT TT VT chu
cc tn cng c gy ra bi mi loi him ho (l tin, ph v
ton vn tin v t chi dch v).
2. Sng tc mt kch bn v h my tnh chu mt tn
cng c do tt c 3 loi him ho gy ra cng mt lc.
3. Cho bn tin sau: Tp ch cng sn l c quan l lun
v chnh tr ca Trung ng ng cng sn Vit nam, a tin
v thnh cng tt p ca i hi X. Hy tnh lng thng tin
cha trong bn tin (theo cng thc ca C.Shannon).
4. Hy a ra mt lit k cc him ho c th e do ti
an ton ca mt HT ca mt cng ty v i vi HT my tnh
ca c nhn bn. (Vng ngoi, vng trong)
5. Hy lm bi tp 4 bng v s v lp bng.
6. Lun c no c th a ra bo v cho vic khng
a mt HT bo m ATTT ra xem xt tp th v phn tch
ph phn? Cc mt u v mt yu ca lun c ?
7. S khc nhau gia bo mt (Secrecy hoc Privacy) v
an ton (Security); an ton v b mt (Confidentiality); b
mt v ton vn (Integrity)?
8. Cho trc cng thc Anderson

T V
P

. y S l cng

sut khng gian mt khu S=AL; A l cng sut b ch ci ca


mt khu v L l di mt khu. Cho trc xc sut chn mt
khu P=10-6. Cho tc tn cng la chn l V=10 mk/pht.
Hy tm di ti thiu ca mt khu (L) sao cho n ng
vng c trong vng 1 tun l b tn cng lin tc. (Chn
A=26 v A=36).
9. Nu r nhng nhc im chung ca cc h mt khu?
10. Bng cch no k l mt c th ot c tin mt
trong mng TT VT ngay c khi xc thc c thc hin c
hai hng? iu c ngha g i vi s bo v ch bng
h mt khu?
129

11. Thut ton xc thc c nhng u im v nhc im


g so vi s dng mt khu?
12. Gi s th tc mt khch hng tip cn HT gm
c hin mt khu v tn. Khi a vo mt MK sai, khch hng
c th chn MK mi (sau khi c thng bo v li MK), iu
ny mt 5 giy. Nu a ti 3 MK sai th khch hng s b
mt quyn tip cn. Nu cn 3 giy hin tn v 1 giy
hin mi k hiu ca MK v nu bng ch ci t lm
MK gm 100 k hiu, cn th tc ngt my chim mt 3
giy, th iu g sau y s bo m an ton ln hn
(v ti sao):
a) Tng di MK t 3 ln 4 k hiu.
b) Ko di th tc ngt my thm dng l 1
pht.
13. Mt file d liu c kho trong vi di 32 bit. Gi v
kim tra m kho file i hi mt 20 s . Hy tnh thi
gian an ton khi dng MK m bng phng php th sai?
14. Khi no th cc HT i hi nhn dng tng b CPU
ring bit (tng my tnh ring bit)? Ti sao?
15. Lm th no gim kch thc ca cc ma trn ln
nhng khng cht ch (nh ma trn quyn)?
16. Ch tho lun theo nhm: Nn ma trn quyn
trong mt s h thng in hnh.
17. Mt s ng k, trong c ghi chp tt c cc trao
i gia khch hng v ngn hng d liu, bng cch no
c th tr thnh v ch?
18. Phn bit s ging v khc nhau gia H pht hin
xm nhp vi ng k v kim ton?
19. M ho TT l phng php bo v chng li nhng
him ho loi g?
20. Hy gii thch kh nng ca phng php m ho TT
chng li:

130

a) Vic nghe trm trn cc ng lin lc.


b) Tip cn vt l t xa ti cc file.
21. Hy so snh u v nhc im ca vic m ho TT bng
thit b mt m (my) v bng chng trnh phn mm?
22. Ch tho lun theo nhm: H an ton (nh
ngha, cc tnh cht, cc phng php thit lp, cc nguyn l
v cc dch v).
23. Hy phn tch, so snh cu trc lin kt mng m OSI
vi m hnh TCP/IP (ch r vai tr v th hin ca cc tng
trong mi m hnh).
24. Ch tho lun theo nhm: Cc m hnh kim
sot tnh ton vn (M cyclic, m hnh Clark Wilson, m
hnh BiBa).
25. Ch tiu lun: Tnh bn vng ca chng trnh
phn mm (Fault Tolerance v Fault Avoidance).

Phn hai
Chnh sch an ton v cc m hnh an ton
Chng 5
Chnh sch an ton thng tin.
5.1. Khi nim chnh sch an ton v cc dng c bn.
5.1.1. nh ngha chnh sch an ton (CSAT).
i n nh ngha CSAT chng ta cn xem xt mt
s khi nim cn thit. Khi nghin cu cc vn ATTT trong
cc HT TT VT, chng ta mun ni v nhng trng thi nht
nh ca HT v trng thi an ton TT ca HT l iu chng
ta mong mun. Mt HT t ng bao gi cng phi c biu
din bi mt m hnh (t nht l m hnh cu trc, n gm
nhng thnh t g, cc tng tc gia chng ra sao). Vn
an ton HT phi c m t trong m hnh . Mt khc, khi
nim bo v an ton lin quan cht ch vi khi nim him
ho, k ph hoi, k xu, k lm dng nh l nguyn nhn gy
131

ra mt an ton cho HT. Cho nn vn an ton ca HT phi


c biu din bng mi lin h gia cc yu t cu thnh HT
vi nhau v s tng tc gia chng vi nguyn nhn gy ra
mt an ton . Trc tin, chng ta xem xt khi nim v m
hnh h thng.
5.1.1.1. M hnh ch th - i tng.
y l m hnh cu trc thng dng nht miu t mt
HT TT VT.
Theo m hnh ny, cc thc th ca mt HT TT VT
c chia lm 2 loi: cc ch th (subjects) v cc i tng
(objects). Cc ch th (S.) l cc thc th tch cc n c th
a ra cc yu cu v ti nguyn, s dng cc ti nguyn
thc hin cc tnh ton no . C th hnh dung ch
th l cc khch hng, cc chng trnh, cc qu trnh i
tng (O.) l cc thc th th ng nh l mt kho cha thng
tin, l cc file, cc th mc
Cc ch th v cc i tng tng tc vi nhau trong qu
trnh x l TT. Ta ni chng tng tc vi nhau v mt TT. Cc
tng tc TT in hnh l cc thao tc x l TT nh read, write,
create, delete, Cc tng tc TT nh vy xc nh trng thi
TT ca HT.
Cc ch th thc hin cc thao tc TT trn tp hp cc
i tng. Cc mi quan h tng tc ny c th hin qua
khi nim truy nhp. Ta ni ch th S. tip cn ti i tng O.
Trng thi an ton ca HT (trng thi ATTT) l trng thi
duy tr c cc tng tc TT an ton, hay ni cch khc l
trng thi phi duy tr c cc tip cn an ton v loi b
c cc tip cn tri php (TCTP).
K ph hoi, k xu, k lm dng, tin tc l ngun bn
ngoi HT, l nguyn nhn ph v tnh an ton TT ca HT. R
rng k xu mun tn cng vo ATTT ca HT th n phi tm
cch xm nhp HT tc l n phi tip cn ti HT (cc ch th
v cc i tng ca HT) qua ci gi l Knh tc ng -
chnh l cc knh r r TT ni phn trn.

132

5.1.1.2. Khi nim chnh sch an ton v thit b


kim sot.
nh ngha CSAT: Theo Sch da cam (1983), chnh sch
an ton l tp hp cc iu lut, cc quy nh v cc gii
php thc t gim st s iu khin, s bo v v vic
phn phi cc thng tin nhy cm trong HT.
Ni cch khc, cc CSAT s gip cho HT loi b c cc
TCTP ti TT trong , duy tr cc tip cn an ton tc l
cc trng thi ATTT ca HT.
Cc tng tc TT u thc hin nh cc tip cn, v d
mt phin lm vic ca mt khch hng c khi ng v
thc hin qua mt chui cc truy nhp (tip cn) ti cc i tng ca HT. Quan im ny v hot ng ca h MT dn ta
n hnh dung rng, c tn ti mt s th tc lm trung
gian dn xp xem tip cn no c cho php v tip cn
no th khng. C th coi s trung gian ny l mt b lc m
tt c cc i hi truy nhp ca cc ch th u phi i
qua.
Kiu s lc ny c gi l thit b kim sot hay
cn gi l thit b tham chiu (Reference Monitor). V mt
chc nng n c minh ho trong hnh sau:
Ch
th
yu
cu

Reference
Monitor

Tip cn
c cho php

T chi tip
cn
Hnh 5.1: S thit b kim sot
(Reference Monitor)
T y thy r rng, thit b kim sot l b phn
quan trng duy tr cc chnh sch an ton ca HT.
133

CSAT khc vi TCTP ch: N xc nh cc tip cn cho


php v c cc tip cn b nghim cm (TCTP). N c
tnh cu trc tc l n l c s xc nh mt thit
b hoc mt c cu t ng no thc hin n
(thit b kim sot).
CSAT bao gm:
- Tp hp tt c cc thao tc c th trn i tng ca
HT.
- Vi mi cp ch th, i tng (S i ,O j ) tp hp cc
thao tc cho php l tp con ca tp hp tt c cc
thao tc c th.
V d in hnh mt CSAT nh sau:
s S, o O, a A: Allow(s,o,a) iff P
5.1.2. Cc tin ca h thng t ng.
T cc trnh by trn c th pht biu cc tin quan
trng sau i vi HT t ng x l TT.
Tin 1. Trong h thng t ng an ton lun lun tn
ti mt thc th tch cc (ch th S) gi vai tr kim sot
cc thao tc ca cc ch th trn cc i tng (thc t chu
trch nhim thc hin mt CSAT no )
y l tin v tn ti thit b kim sot (reference
monitor).
Tin 2. thc hin c cc thao tc trn cc i tng
trong HT t ng x l TT an ton, lun lun cn phi c cc
thng tin b tr (v s tn ti cc i tng cha cc TT ) v
cc thao tc cho php v cc thao tc cm i vi cc ch
th.
y l tin v tn ti cc CSAT.
T cc lp lun trn chng ta pht biu tin 3 l tin
c ngha c bn v quan trng nht cho ton b l
thuyt ATTT.
Tin 3. Tt c cc vn v ATTT trong h thng t
ng c m t bng cc truy nhp ca cc ch th ti cc
i tng.
134

Nh vy, thc cht vn ATTT HT quy v vic qun l


cc truy nhp bng cc CSAT.
5.1.3. Chin lc ATTT v vn ti u ho trong BVTT.
Chng ta cn lu rng, CSAT biu hin r rng tnh cht
m ca h thng. HT c th thay i, c tng cng cc
thc th mi (ch th, i tng, cc thao tc mi). Cc CSAT
phi c duy tr theo thi gian. Cho nn trong qu trnh
nghin cu cc tnh cht ca HT phi xc nh cc th tc
qun l an ton. Mt khc, tnh m ca HT v vn thc
hin CSAT trong cu trc c th ca HT (v d, lp trnh ch
th kim sot trong cc lnh ca b vi x l c th) li t
ra s cn thit phi xem xt nhim v bo him (bo m
hot ng lin tc) cho mi CSAT.
Khi nghin cu CSAT cn gii quyt 4 loi nhim v lin
quan cht ch vi nhau:
1. Pht biu v kho st cc dng CSAT.
2. Th hin chng trn thc t.
3. S bo m duy tr CSAT.
4. Vn qun l an ton.
gip cho vic gii quyt cc nhim v c thun
tin chng ta hy xem xt khi nim chin lc ATTT v quan
h ca n vi khi nim CSAT.
Chin lc - l quan im ch o chung, hng ti mc
ch trong qu trnh t chc v m bo ca mt dng
hot ng no , kh d sao cho nhng mc ch quan
trng c bn ca hot ng ny c th t c vi cc chi
ph hp l nht cc ti nguyn c.
Vic t chc BVTT thc cht l tm kim mt gii php
ti u, trung ho gia cc i hi v bo v an ton v cc ti
nguyn cn c t c mc ch .
Nhu cu bo v c xc nh trc ht bi tnh quan
trng v khi lng thng tin phi bo v, v c bi cc iu
kin lu tr, x l v s dng TT .

135

Cc iu kin ny c xc nh bi mc thit lp
(v cu trc v t chc) i tng x l TT v xy dng cc
s cng ngh x l, a im, mi trng t i tng
v cc thnh phn ca n
Lng ti nguyn BVTT c th b gii hn nht nh
hoc c xc nh bi iu kin bt buc phi t ti mc
bo v i hi. Trong trng hp th nht, vic bo v TT phi
c t chc sao cho vi iu kin cc ti nguyn c phi
bo m bo v c th l cao nht (cc i), cn trong
trng hp th hai sao cho bo v i hi t c vi chi
ph ti nguyn t nht (cc tiu).
Hai trng hp nu trn, thc cht l hai cch t vn
thun v nghch ca bi ton ti u ho c nghin cu k
trong l thuyt iu khin HT, trong thng tin hc v ton
ng dng. Nu nh bit c s ph thuc hm s gia lng ti
nguyn tiu tn v mc bo v i hi th hai bi ton
nu trn c th t c li gii chnh xc trong tng trng hp
c th.
Nhng, chng ta bit, s ph thuc hm s ni trn
cho n nay vn khng tn ti, v vic tm ra n l vn
rt nan gii. C 2 nguyn nhn c bn ca vn ny. Th
nht l, qu trnh BVTT ph thuc vo rt nhiu cc yu t
ngu nhin kh on trc nh l hnh ng ca k ph hoi, tc
ng ca cc hin tng t nhin, s c k thut v li trong
hot ng ca HT x l TT v.v Th hai l, trong cc gii php
bo v th v tr ng k thuc v cc bin php t chc,
php l lin quan ti hot ng ca con ngi.
Hn na, chnh qu trnh BVTT trn quan im c
in c mt s bt nh ng k: v d, bo v ca TT
c th tng ln ng k khng ch bng p dng c hc cc
thit b bo v chuyn dng, m cn nh vic thit lp
chnh xc c cu cc i tng bo v, vic xc nh trt t
s dng cc yu t ca n, nh vic tuyn chn v o to
i ng nhn vin phc v

136

Vi mc ch nh hng trong nhng tnh hung khng


xc nh nh vy, ngi ta a ra khi nim chin lc bo v
nh l ci nhn tng qut bi cnh hin ti ca vic bo m
ATTT v cch tip cn chung nhm tm mt li gii hp l
hn c trong bi cnh tnh hung . R rng l, s lng cc
chin lc khng c qu ln (v nu khng th ngay c nh
hng trong chnh cc chin lc cng s kh khn), nhng ng
thi chng phi phn nh ng v ton b cc tnh
hung c th.
Vic a ra s lng cc chin lc v ni dung ca chng
da trn 2 tiu ch: bo v cn thit v cc bc t do
trong hnh ng t chc BVTT.
ngha ca tiu ch th nht thng c biu din qua
tp hp cc him ho, m chng li chng s bo v phi c
t chc:
1. Chng li cc him ho nguy him hn c (t cc him
ho bit).
2. Chng li tt c cc him ho bit.
3. Chng li tt c cc him ho tim nng c th.
Theo tiu ch th hai c th chia ra lm 3 bc t do nh
sau:
1. Khng cho php bt k s can thip no vo HT
(khng nh hng g ti HT). i hi ny l i vi cc HT
ang hot ng v khng cho php ph v s hot ng ca
HT ci t cc c ch bo v vo.
2. Cho php cc yu cu khng c tnh ton cc ti cu
trc v cng ngh hot ng ca HT (c nh hng tng phn
ti HT). Ni cch khc l cho php tm dng hot ng ca HT
ci t cc c ch bo v vo.
3. Cho php cc i hi bt k do nhu cu ca vic BVTT
a ra nh cc iu kin bt buc khi thit lp HT, t chc
v m bo hot ng ca n (nh hng ton b ti HT).
Tch -cc ca cc iu kin ca 2 tiu ch trn (3x3) s
cho ta 9 chin lc bo v TT khc nhau. Tuy nhin, r rng l

137

t 9 chin lc c th , ch c 3 chin lc c ngha c


bn, nh trong bng sau y:
Cc chin lc bo v thng tin
nh hng c c ti h thng

Cc him ho
c tnh ti

Khng c

Nguy him
hn c

Chin lc
phng ng

Tt c cc
him ho
bit

Tng phn

Ton b

Chin lc tn
cng

Tt c cc
him ho
tim nng

Chin lc
ngn chn

Chn chin lc phng th th chng ta hiu rng nu


khng cho php can thip vo qu trnh hot ng ca HT
th ch c th chng li cc him ho nguy him hn c m
thi. Vi mt i tng ang tn ti, p dng chin lc ny cho
thy cn thc hin cc bin php t chc hnh chnh v
s dng cc thit b k thut vt l chng li s xm
nhp tri php ti i tng.
Chin lc ngn chn i hi s kho st k lng cc
him ho c th i vi HT v thit lp cc gii php chng li
chng ngay t giai on thit k v ch to HT. mi thi k
c th, khng cn thit xem xt ch mt s him ho c th
no thi.
Trong thc hin chin lc tn cng, v cho php can
thip tng phn vo qu trnh hot ng ca HT, nn cn
thit loi tr kh nng nh hng (tc ng) ca tt c cc
him ho bit (tc l chng li chng c hiu qu nht).
Nh vy vic chn chin lc no l do yu cu ca tnh
hnh c th v c cp qun l cao nht quyt nh. Th138

ng biu din chin lc dng n gin l ci g c th v


ci g khng th trong k hoch bo v khi HT hot ng.
Chin lc biu din bo v chuyn mn cao nht. Quan
h ca n vi CSAT th hin trong hnh sau:
Cp qun
l cao
nht

Chin lc bo v
(Ci g c th v
ci g khng th
trong k hoch
bo v)

Thc hin
chnh
sch an
ton

Hnh 5.2: S
c ch thc hin

Cc c
ch bo
v

chin lc bo v.

thc hin chin lc bo v (CLBV) chn c th s


dng 2 loi chnh sch an ton (CSAT): CS tu chn
(discretionary) v CS bt buc (mandatory).
Chnh sch an ton tu chn (CSAT D).
Cn gi l CSAT thn trng. C s ca CSAT ny l kim
sot tip cn la chn (Discretionary Access Control: DAC).
DAC
c
2
thuc
tnh
c
bn sau:
Tt c cc ch th v cc i tng u phi c
nhn dng.
Cc tip cn ca mt ch th ti mt i tng ca HT
c xc nh trn c s mt iu lut bn ngoi HT
(la chn trc t bn ngoi HT).
CSAT tu chn c u im l, n c thc hin bi cc c
ch bo v tng i n gin. a s cc HT t ng hin
nay tun th cc iu lut ca loi CSAT ny.
139

C th xem ma trn truy cp, m cc hng ca n l cc


ch th v cc ct l cc i tng l v d in hnh ca
CSAT D; cc yu t ma trn y th hin cc quyn truy
cp v c la chn trc. Nhc im y l, tnh cng nhc
ca m hnh. Ngha l, CSAT loi ny khng tnh ti s thay
i trng thi ca HT, khng c i hi g ti trng thi ca
HT khi c s thay i .
Cn lu rng, khi s dng CSAT D s xut hin vn
, phi xc nh cc lut trao quyn tip cn v phi
phn tch nh hng ca chng ti an ton HT. Ni chung,
khi s dng CSAT loi ny, lun xut hin bi ton kh gii
v mt thut ton, l phi kim tra xem cc iu lut
chn trc t bn ngoi nh vy trong qu trnh tng tc TT c
dn ti vic ph v an ton hay khng?
Chnh sch an ton bt buc (ton quyn) CSAT M.
C s ca CSAT bt buc (cn gi l CSAT ton quyn) l
kim sot tip cn bt buc (Mandatory Access Control
MAC). Ni dung ca n nh sau;
Tt c cc ch th v cc i tng ca HT phi c
nhn dng.
Cho trc mt tp tuyn tnh c trt t cc nhn an
ton.
Mi i tng ca HT c gn cho mt nhn an ton
xc nh nhy cm ca TT cha trong n tc l
mt ca n trong HT.
Mi ch th ca HT c gn cho mt nhn AT xc
nh mc tin cy ca n trong HT Gi tr cc
i trong s cc nhn AT ca cc i tng m ch th
c tip cn c gi l mc tip cn ca mt
ch th.
Mc ch c bn ca CSAT M l ngn chn s chy TT
t cc i tng vi mc tip cn cao xung cc i tng vi
mc tip cn thp hn, tc l chng li vic xut hin trong
HT cc knh TT t trn xung. Trong cc ti liu, ngi ta hay
m t CSAT M nh mt m hnh c tn l m hnh Bell

140

Lapadula (m hnh BLP). Chng ta s nghin cu m hnh


ny sau.
Trong khun kh m hnh BLP c th chng
minh kt lun quan trng (ch ra s khc nhau v nguyn
tc gia cc HT thc hin CSAT M v cc HT thc hin
CSAT D) sau y:
Nu trng thi ban u ca HT l an ton v tt c cc
bin i HT t trng thi ny sang trng thi kia khng vi
phm cc iu lut do CSAT quy nh, th mi trng thi
ca HT u l an ton.
Nh vy, i vi cc HT thc hin CSAT M th c ch
thc hin n cn phi theo di khng ch cc iu lut truy
cp ca cc ch th ti cc i tng m cn cn kim sot
trng thi ca HT na. Do vy thc hin CSAT ny lm cho
tnh tin cy ca HT cao hn.
Mt u im na ca CSAT M l cc iu lut ca n
minh bch v n gin hn cc nh sn xut v pht
trin d hiu v thc hin.
5.2. Khi nim truy nhp v gim st trong ATTT.
5.2.1. Cc b v cc nh ngha cn thit.
Trong l thuyt ATTT chng ta lun s dng m hnh S.
O. m t cc HT TT VT. Cc ch th l cc thnh t tch
cc, chng tc ng ln cc i tng. Ngi dng (user) nhn
bit cc i tng v ly TT v trng thi HT thng qua cc ch
th m anh ta iu khin. Mt khc, cc him ho i vi
cc thnh t ca HT thng xut pht t mt ch th no
(thnh t tch cc), lm xut hin cc lung TT v lm thay
i trng thi ca cc i tng trong HT (ni cha TT). Cc S.
c th tng tc (nh hng) ln nhau thng qua vic lm thay
i cc i tng O. (c lin quan ti cc S. khc), v cui cng
c th lm xut hin trong HT cc ch th (hoc cc trng
thi HT) sinh ra s nguy him i vi ATTT hoc e do kh
nng lm vic ca ton b HT.
Chng ta coi vic chia HT TT - VT thnh cc S. v cc O.
l cho trc v c nh.

141

Gi s rng, ti thi im ri rc bt k, tp cc S. ca HT
khng rng.
B : Cc ch th S. trong mt HT ch c th c sinh
ra bi mt thnh t tch cc (tc l bi cc S. khc).
Chng ta hy c t c ch sinh ra cc S. mi bng nh
ngha sau:
nh ngha 1: i tng Oi l ngun cho ch th Sm, nu tn
ti ch th Sj m kt qu tc ng ca n ln i tng Oi trong
HT s xut hin ch th Sm.
Ch th Sj lm sinh ch th mi t i tng Oi gi l ch
th kch hot cho ch th Sm. Sm c gi l sinh ra bng i
tng Oi (ngun).
Ta k hiu: Create (SjOi) Sm T i tng Oi sinh ra ch
th Sm trong tc ng kch hot ca ch th S j. Create gi l
ton t sinh cc ch th (hnh 5.3).
Oi
Create (SjOi) Sm
Sj

Sm

Hnh 5.3: S sinh


mt ch th
Ton t Create cho ta nh x ca tch - cc tp cc S.
v tp cc O. ln hp ca tp cc S. vi tp rng. Lu rng,
trong h thng coi thi gian l ri rc, v thc t th ch th
mi Sm c sinh ra ti thi im t+1 so vi t l thi im
din ra tc ng ca ch th sinh S j ln i tng ngun Oi.
Tt nhin l ton t sinh cc S. ph thuc vo tnh cht ca
ch th kch hot v ph thuc vo c ni dung ca i tng
ngun.
142

R rng l nu Create (SjOi) , th vic sinh ch th


mi t i tng Oi nh kch hot Sj l khng th c.
T cu trc my tnh J.P.Neiman suy ra rng, vi bt k S.
no cng lin h i tng O. no (hoc vi O.), phn nh
trng thi ca n. V d, vi mt chng trnh kch hot (S.)
lun c mt i tng l ni dung phn b nh cha m thc
hin chng trnh .
nh ngha 2: i tng Oi ti thi im t c lin kt vi
ch th Sm nu nh trng thi ca n tc ng ti trng thi ca
ch th ti thi im tip sau (tc l ch th S m dng
thng tin cha trong i tng Oi).
Chng ta dng k hiu: Si({Om}) ch tp cc i tng
{Om}i lin kt vi ch th Si ti thi im t.
Mt ch th, ni chung s thc hin mt nh x no
ca tp cc i tng lin kt ti thi im t ln tp cc i tng lin kt thi im t+1. Cho nn c th chia ra cc i
tng lin kt lm bin i dng nh x ( l cc i tng
cha m chng trnh lin kt hm) v cc i tng lin kt
d liu (l bin ca ton t, nhng khng lm thay i dng
nh x). Sau y chng ta ch quan tm ti cc i tng lin
kt hm s m thi.
H qu (ca nh ngha 2): Ti thi im sinh ra S m t
Oi, Oi l i tng lin kt ca Sm.
Cn lu rng, i tng ngun c th l lin kt ca ch
th kch hot, khi s sinh ra l t ng (tc l khng ph
thuc vo tnh cht ca cc S. v cc O. cn li). Nu nh i
tng ngun l khng lin kt ca ch th kch hot, th s
sinh khng phi l t ng v ph thuc vo tnh cht ca
i tng ngun.
Tnh cht tch cc ca mt ch th (S.) th hin kh
nng tc ng trn cc i tng. Cn trng thi b ng ca
cc i tng li i hi s tn ti lung thng tin t i tng ny
143

ti i tng kia (ngc li s khng th ni v s thay i ca cc


i tng), v lung TT ny c kch hot bi mt ch th.
nh ngha 3: Lung TT gia i tng Om v i tng Oj
l thao tc bt k trn Oj c thc hin trong ch th Si v
ph thuc vo i tng Om.
Lu rng, cc i tng Oj v Om c th l lin kt hoc
khng lin kt, v c th l cc i tng rng ().
K hiu: Stream (Si,Om)
hnh 5.3.

Oj lung TT t Om ti Oj . Xem

Om
Stream (Sj,Om) Oj
Si

Hnh 5.4: S lung


thng tin

Oj

y chng ta s phn ra ngun sinh (Om) v ch thu


( Oj ) ca lung tin. Trong nh ngha nhn mnh rng, lung
TT tn ti gia cc i tng ch khng phi gia i tng v
ch th; v d, gia i tng v i tng lin kt ca ch th
(hoc gia 2 i tng). Vai tr tch cc ca ch th biu hin
vic thc hin lung TT ny (tc l thao tc sinh lung TT
nh v ti ch th v c phn nh bng trng thi ca cc
i tng lin kt hm ca n ).
Lu rng, thao tc Stream c th to ra i tng mi hoc
hu dit n. Trong hnh 5.5 sau y s biu din s cc
lung tin khc nhau.
Om

Om
144

Oj

Oj

To mt i tng

Hu mt i tng
Om

Si

Oj

Si

Oj

Thao tc ghi
Thao tc c
(Write)
(Read)
Khi nim cc
i 5.5:
tng Cc
lin dng
kt vi
cc ch th khng phi
Hnh
lung
l ngu hng. Mt cchthng
ngtin
n ch c th ni v cc
lung TT gia cc thc th ging nhau (tc l gia cc i tng). Mt khc, trng thi hin thi ca mt ch th c phn
nh trong cc i tng lin kt vi n. Bng cc nh x Create
v Stream, trn quan im m hnh S. O., c th m t tt
c cc s kin (s thay i ca cc S. v cc O.) xy ra trong
HT.
T nh ngha 3 cng suy ra rng, lung TT lun lun c kch hot (sinh ra) bi mt ch th.
5.2.2. Khi nim truy nhp h thng.
nh ngha 4: Truy nhp ca ch th Si ti i tng Oj l
s sinh ra mt lung TT gia mt i tng no (v d,
i tng lin kt vi ch th Si({Om})) v i tng Oj.
Gi s P l tp tt c cc lung TT trong tt c cc thi
im ca HT (P l hp ca cc lung TT theo tt c cc thi
im ca thi gian ri rc). Chng ta chia tu P ra lm hai
tp con khng giao nhau N v L. Ta c:
P = NL, NL =

145

Ta k hiu: N tp cc lung c trng cho tip cn tri


php; L tp cc lung c trng tip cn hp php. Cn gii
thch thm v vic phn chia ra cc tp N v L ny. Khi
nim an ton lun ngm nh v s tn ti ca mt trng
thi khng an ton - l cc trng thi khng mong mun
ca HT. Ta hy coi cp phm tr dng an ton khng an
ton l cho trc i vi mi HT v chng c m t bng
mt CSAT, cn kt qu p dng CSAT trong HT l s phn
chia ton b tp cc lung TT lm thnh tp cc lung an
ton L v tp cc lung khng an ton N. S phn chia ra
N v L c th dng m t tnh ton vn (lung t N ph v
tnh ton vn ca HT) hoc tnh b mt (lung t N ph v
tnh b mt ca HT) cng nh mt tnh cht bt k no khc.
nh ngha 5: Cc iu lut kim sot tip cn ca cc
ch th ti cc i tng l cc lung TT thuc v tp con L.
Lu rng, CSAT miu t tiu ch chia ra thnh cc tp
L v N. Trong m hnh S. O. a ra cc iu kin tn ti
ng n ca cc thnh t HT bo m cho cc CSAT
c thc hin.
nh ngha 6: Cc i tng Oi v Oj ng nht ti thi
im t, nu chng trng nhau nh l cc t c vit trong cng
mt ngn ng.
V d, trong biu din dng cc dy bit
O1=(O11,O12,,O1m) v O2=(O21,O22,,O2k) ng nht nu
m=k v O1i=O2i vi tt c i=1,2,,k ( Oij cc bytes )
nh ngha 7: Cc ch th Si v Sj ng nht ti thi
im t nu tng cp cc i tng lin kt vi chng ng
nht vi nhau.
V d, hai chng trnh (2 ch th) trng nhau nu 2 vng
b nh (2 i tng lin kt vi 2 ch th trn) ghi m ca chng
trng nhau, hoc l cha cc bin v cc mng ca chng nh
nhau.

146

H qu(T nh ngha 6&7): Cc ch th c sinh ra s


ng nht, nu ng nht cc ch th sinh ra chng (kch
hot) v cc i tng-ngun.
Tnh ng n ca h qu ny suy ra t s ng nht
ca cc i tng lin kt hm trong cc ch th sinh (kch
hot) chu trch nhim v s sinh ca ch th mi, v cng
c suy ra t s ng nht ca cc bin s (cc i tng-d
liu lin kt) tng ng vi cc i tng-ngun.
phn chia ton b tp cc lung tin trong HT thnh cc
tp con L v N, cn tn ti mt thnh t tch cc (ch th), c
th thc hin cc thao tc sau y:
- t kch hot khi xut hin bt k lung TT no.
- thc hin vic lc cc lung thnh cc tp L hoc
N.
Lu : Nu tn ti Stream (Si,Oj)
Om v Stream
(Sk,Om)
O i th s tn ti Stream ((S i,Sk),Oj)
Oi
(tnh kt hp).
5.2.3. Khi nim gim st ATTT
nh ngha 8: Gim st hnh ng (Monitor operators
MO) l mt ch th, t kch hot khi xut hin mt lung t
bt k ch th no ti bt k i tng no.
C th phn ra 2 loi MO:
- Loi MO ch th: ch ghi nhn s kin giao tc ca
ch th ti i tng.
- Loi MO ni dung: n hot ng sao cho khi xut
hin lung t i tng Om lin kt vi ch th Si ti
i tng Oj th ngc li s tn ti i tng Om0, lin
kt vi MO (trong trng hp ny s l cc i tng
d liu), ng nht vi i tng Om hoc mt trong
nhng Si ({Om}). MO ni dung tham gia trn vn
vo lung t ch th ti i tng (trong ngha l,
TT s i qua cc i tng-d liu lin kt vi n v
tn ti mt nh x ng nht ca i tng l mt
i tng lin kt no ca MO).

147

By gi chng ta s a ra khi nim gim st an ton


(trong cc ti liu cn gi l gim st tham chiu-monitor
reference). Khi nim ny lin quan ti bi ton lc cc lung
TT ni trn. R rng l mc ch ca gim st an ton
(GSAT) l s lc cc lung bo m an ton cho HT
(chng ta nhn mnh rng, s phn chia ra L v N l cho
trc).
nh ngha 9: Gim st an ton cc i tng, gi tt l
gim st ATTT (MSO-monitor security objects) l mt gim
st hnh ng (MO) c nhim v ch cho php mt lung TT
thuc v tp cc truy nhp hp php L. S cho php y
c hiu l s thc hin thao tc trn i tng-ch thu
lung, cn s cm-l khng c thc hin (tc l khng thay
i g ca i tng-ch thu ngun).
5.3. Thit lp v thc hin CSAT.
5.3.1. iu kin hon thnh CSAT.
R rng l, s thay i ca cc i tng, lin kt hm vi
gim st ATTT (ch th MSO), c th dn ti s thay i tnh
cht ca chnh MSO trong lc cc lung v hu qu l c th
xut hin cc lung thuc tp N.
Xem hnh 5.6:

MS
O

Oj

MS
O

Oj

Bin i
ca LO
Bin i ca LO v

Lung b qua

Hnh 5.6: Cc con ng ph v


CSAT
148

(LO - Link Objects l cc i tng lin kt)


Chng ta cn a ra khi nim v tnh ng n ca
cc ch th.
nh ngha 10: Ch th Si v ch th Sj gi l khng nh
hng n nhau (hoc gi l ng n i vi nhau) nu
trong bt k thi im no u khng c lung TT (lm thay
i trng thi i tng) gia cc i tng bt k Oi v Oj lin
kt tng ng vi cc ch th Si v Sj, ngoi ra y Oj
khng phi l i tng lin kt ca Si, cn Oi khng phi l
i tng lin kt ca Sj.
S thay i trng thi ca mt i tng y c hiu
l s khng ng nht ca cc i tng ti cc thi im tng ng. Trong khi nh ngha cng nhn mnh rng, ton
t thay i i tng nh v trong ch th m i tng
khng lin kt vi n. C th minh ho tnh ng n
bng v d sau: Gi s trong cng mt khng gian b nh ca
MT c cha vect m v cc bin ca 2 chng trnh. Hai chng trnh l 2 ch th, cn 2 min b nh ghi vect m v
cc bin ca chng l 2 i tng (lin kt vi 2 ch th-CT
trn). Hai ch th (2 CT) l ng n vi nhau ngha l
chng khng cn c kh nng bin i hm cc vect m v
cc bin trng thi ca nhau.
Ta c th a ra nh ngha cht ch hn nh sau:
nh ngha 11: Cc ch th Si v Sj gi l tuyt i khng
nh hng n nhau (hoc l tuyt i ng n i vi
nhau) nu trong cc iu kin ca nh ngha 10, cc tp
i tng lin kt ca 2 ch th trn khng c min giao nhau.
nh ngha tnh tuyt i ng n cho php pht
biu nh l v iu kin bo m tn ti truy nhp
hp php trong HT.
5.3.1.1. nh l 1 (iu kin 1 hon thnh CSAT)
Pht biu: Gim st ATTT (MSO) s cho php sinh ra cc
lung TT ch nm trong tp L nu tt c cc ch th trong
149

HT u l tuyt i ng n i vi n (MSO) v i vi
nhau.
Chng minh: iu kin tuyt i ng n (theo nh
ngha 11) bo m s bt bin ca cc i tng lin kt
hm ca MSO (v rng khng tn ti cc lung c th lm
thay i cc i tng lin kt ca MSO). Mt khc cc lung
nh vy ch c th xut hin nu c s thay i cc i tng
lin kt ca cc ch th khc trong HT (thay i tnh cht
ca ch th, trong c th do sinh lung ti chnh
MSO).iu kin ng n ca cc ch th i vi nhau loi
tr iu ny. Do vy cng c ngha l MSO thc hin cc
lung ch thuc tp L.
nh l c chng minh.
Tuy nhin, trong nh l 1 a ra cc iu kin rt cht ch
v kh thc hin i vi cc tnh cht ca cc ch th trong
mt HT. Ngoi ra khng th bo m c tnh ng n ca
cc ch th bt k trong HT, b kch hot i vi MSO.
Cho nn, mt cch lgic cn hn ch tp cc ch th c
sinh ra, m ng n cho trc i vi cc MSO. Do chng
ta s a ra mt s nh ngha cn thit na.
nh ngha 12: Gim st sinh ch th (MCS-Monitor
Created Subject)- l mt ch th t kch hot khi trong HT
c sinh ra mt ch th bt k.
nh ngha 13: Gim st an ton cc ch th (MSSMonitor Security Subject)- l mt ch th cho php sinh ra
cc ch th ch i vi mt tp c nh cc cp ch th
kch hot-sinh cc ch th.
Tc ng ca MSS tch t tp ton b cc ch th S ra
mt tp con cc truy nhp cho php E. Cn lu rng, nu ti
thi im t, trong tp con cc ch th c mt MSS, th bin
u tin trong ton t Create ch c th l ch th thuc tp
cc ch th, cn bin th hai- i tng bt k.
nh ngha 14: H thng c gi l kn i vi s sinh
cc ch th, nu trong HT tc ng MSS, cho php s sinh
150

ch tp con hu hn cc ch th c nh i vi cc i tng- ngun bt k.


Khi xem xt vn thc hin cc mi trng an ton,
cng thng dng thut ng mi trng phn mm khp kn,
m v bn cht tng ng nh ngha 14 ni trn. Tuy
nhin n cha m t cc tnh cht ca HT (k c tnh an
ton), v rng cn cn bo m tnh ng n ca cc
ch th c sinh ra bi MSS i vi chnh n v i vi MSO.
C ch mi trng phn mm khp kn lm gim lng cc
ch th c th ti gii hn no , nhng vn cho php tn ti
cc ch th khng ng n trong mi trng kn .
nh ngha 15: Tp cc ch th ca HT gi l c lp
(tuyt i c lp), nu trong n tn ti MSS v cc ch th t
tp c sinh ra l ng n (tuyt i ng n) i vi
nhau v i vi MSS.
H qu 1: Tp con bt k cc ch th ca mt HT c lp
(tuyt i c lp), bao gm c MSS cng s to thnh mt
mi trng c lp.
H qu 2: Vic b thm vo HT c lp (tuyt i c lp)
mt ch th ng n (tuyt i ng n) i vi bt
k ch th no nm trong thnh phn ca mi trng c lp
(tuyt i c lp) lm cho mi trng thu c vn l c lp
(tuyt i c lp).
5.3.1.2. nh l 2 (iu kin 2 bo m thc
hin CSAT).
Pht biu: Nu trong mt HT tuyt i c lp tn ti MSO
cc ch th c sinh ra v MSS l tuyt i ng n vi
MSO, th trong HT ny ch thc hin mt truy nhp m t
bi CSAT.
Chng minh: T nh ngha c lp tuyt i suy ra kh
nng tn ti trong HT mt tp hu hn cc ch th, cc ch
th ny n lt mnh, ng n vi MSS. Theo iu kin
ca nh l (tnh ng n ca MSO i vi ch th bt
k c sinh ra v MSS), cc i tng lin kt ch c th thay
151

i bi chnh MSO, do vy trong HT ch thc hin cc lung


thuc v tp L m thi.
nh l c chng minh
Khng nh trong nh l trn c tnh thc t hn so
vi nh l 1, khi m n i hi tnh ng n ca MSO
i vi mi ch th bt k, kh thc hin c trn thc t.
Trong trng hp nh l 2, tp cc ch th c gii hn nh p
dng c ch v tn ti kh nng xem xt tnh ng n
tng cp cc ch th c sinh ra.
Khi xem xt thao tc sinh ra mt ch th s xut hin
mt vn quan trng l, trong cc HT thc t, cc i tng
c cng tn c th trng thi khc nhau trong khng gian (v
d, trong cc th mc khc nhau) hoc trong thi gian.
Chng ta gi thit rng, trng thi ca i tng Om ti thi
im t0 l c nh v k hiu l Om(t0).
nh ngha 16: Thao tc sinh mt ch th Create (S k,Om)
Si gi l s sinh c kim sot bt bin i tng, nu vi thi
im t >t0, ti kch hot thao tc sinh ca i tng
Create, s sinh ch th Si xy ra ch khi Om(t0) v Om(t) ng
nht vi nhau.
H qu: Trong iu kin nh ngha 16 cc ch th c sinh ra Si(t1) v Si(t2) ng nht nu t1>t0 v t2>t0. Khi t1=t2
th sinh ra cng mt ch th.
Trong vic sinh ra cc ch th c kim sot bt bin i
tng, trong HT cho php cc lung t cc ch th ti cc i tng ngun tham gia vo vic sinh cc ch th vi s thay i
trng thi ca chng.
5.3.1.3. nh l 3 (nh l c bn ca mi trng
phn mm c lp).
Pht biu: Nu ti thi im t0, trong mt HT c lp tn
ti s sinh cc ch th c kim sot bt bin i tng v tn
ti lung t ch th bt k ti i tng bt k, khng mu
thun vi iu kin ng n (tuyt i ng n) ca

152

cc ch th, th ti thi im bt k t > t 0 HT cng tip tc


l c lp (tuyt i c lp).
Chng minh: Theo iu kin ca nh l, trong HT c
th tn ti cc lung lm thay i trng thi ca cc i tng
khng lin kt vi mt ch th no vo thi im . Nu
i tng vi s thay i trng thi khng phi l ngun
sinh ch th, th tp cc ch th ca mi trng c lp s
khng m rng, trong trng hp ngc li (i tng thay i l
ngun sinh ch th) theo iu kin nh l (s sinh ch th
c kim sot) th s sinh ch th ny khng th xy ra. Do
vy cng sut ca tp cc ch th khng th vt qu gi tr
ghi nhn trc khi c s thay i trng thi ca bt k i
tng no. Theo h qu t nh ngha 16 (v tnh kn ca
tp cc i tng trong mi trng phn mm c lp vi cng
sut khng tng ca tp cc ch th) chng ta kt lun rng
tp cc ch th ca HT l c lp.
nh l c chng minh.
By gi ta c th a ra phng php lun thit k (thit
lp) mt HT bo m an ton. Bn cht ca phng php lun
ny l, khi thit k cc c ch bo v HT cn phi tun th
ton b cc iu kin a ra (nh l 1,2,3) trn.
Cc iu kin ny phi c thc hin i vi cc ch th,
bo m cc tnh cht an ton c xc nh khi thc hin
MSO trong HT (tc l bo m hon thnh mt CSAT nh
MSO cho).
Khi nim mi trng phn mm c lp trn rng hn
khi nim nhn an ton m phng Ty thng dng. Thng
thng, m hnh hot ng ca nhn an ton c m t
bng s sau y:
C s d liu bo
v

153

Cc i tng

Cc ch
th

Nhn an
ton
bo
c v
in
ca l mt i tng
y Hnh
c s5.7:
dS
liu
ngha
nhn an ton
cha TT v cc lung tp L (bo v theo danh sch trngcho php lung) hoc tp N (bo v theo danh sch encm lung).
tnh ti nh hng ca cc ch th trong HT cn phi
xem xt s m rng v tng tc ca cc thnh t thc
hin v m bo CSAT.
Trong hnh v sau y, trnh by s nhn an ton
c tnh ti kim sot s sinh cc ch th:
MSO

Subje
ct

Subje

Stream(,
)

Object
iu
khin

MSS

Objec
ts

Create(,

Hnh 5.8: Nhn an ton c kim sot


cc ch th
154

y phn nh vai tr ca MSS trong s sinh cc ch


th t cc i tng. Tng tc cc ch th v cc i tng
trong s sinh cc lung c tnh ti bng vic a vo cc
i tng lin kt vi mt ch th (LO). i tng iu khin
cha TT v cc gi tr cho php ca nh x Stream (v cc
yu t ca tp L hoc N) v Create (v cc yu t ca tp
E). i tng iu khin c th lin kt (lin kt-d liu) vi
MSO cng nh vi MSS.
Da vo nh l 3 pht biu v chng minh trn, c
th a ra phng php thc t thit lp mt HT an ton
(trong ngha thc hin mt CSAT cho trc) trong khun kh
m hnh tnh ti tng tc S.O. nh sau: Trong qu trnh thit
lp HT an ton cn phi:
1. Kim tra tnh ng n tng cp ca cc ch th
khp kn trong mi trng phn mm c lp (hoc tnh
ng n ca ch th bt k i vi MSO v MSS)
2. Thit k v thc hin bng phn mm (hoc thit b
- phn mm) MSS sao cho:
- vi ch th v i tng bt k tin hnh c s
kim tra sinh cc ch th (tc l cho MSS tho
mn nh ngha ca n)
- sinh ch th bt k din ra c kim sot bt bin
i tng-ngun.
3. Thc hin MSO trong khun kh CSAT hnh thnh
t trc.
Lu rng CSAT nh trc khng c mu thun vi
cc iu kin ca nh l trn.
5.3.2. Cc min an ton.
Trong khun kh m hnh S.- O., vic kim sot truy
nhp ca cc ch th ti cc i tng c th c thc hin
nh ma trn truy nhp (Access Matrix-AM). AM thng c kch
thc rt ln (v trong HT c rt nhiu S. v O.) v c nhiu

155

trng (v cc ch th ch cn truy nhp ti khng nhiu cc


i tng)
Sau y l mt AM in hnh:
Cc i tng (Object)

Cc
ch
th
(Subje
ct)

ra

Read

Read

execute

Read

Read/Write

Read/Writ
e

write

execute

No access

Min an ton (ca mt ch th) l tp hp cc i tng


m ch th c cho php truy nhp ti. Trong ma trn
truy nhp (AM) cc min an ton l tng hng ca AM. Tun
th nguyn tc cc tiu cc u tin (s xem xt di y) min
an ton ca mt ch th phi cha mt la chn cc tiu c
th cc i tng v cc quyn truy nhp lin quan ti chng,
cn ch th lm vic m thi. iu ny s lm gim
bt nguy c lm dng quyn truy nhp t pha ch th v do
hn ch c tc ng ph hoi c th do s lm dng
gy ra.
thc thi nguyn l cc tiu cc u tin cn quan tm ti
cc ch th c nhu cu thc hin nhiu loi thao tc khc
nhau. Cn sp xp sao cho cc ch th nh vy c th lm
vic theo th t trong mt s min khng ln (theo ngha:
s i tng to thnh min v cc quyn cho php truy nhp
ti cc i tng ) v lc cn c th bt-tt qua li. Thc t
cho thy, mt s nhn t sau y xc nh kch thc cc
tiu c th ca cc min:
- S mm do v n gin ca c ch tt-m cc
min.
- Kch thc ca cc i tng c bo v.
156

- Cc phng php thay i ma trn truy nhp.


- S mm do trong vic xc nh cc dng truy
nhp ti cc i tng.
Trong HT vic tt-m cc min an ton c th din ra;
v d, khi t chng trnh chnh gi mt th tc hoc hm
no . Nu s dng ngn ng ca m hnh S.- O. trn
th iu din ra ti thi im sinh ra mt ch th mi
(th tc c gi) bi mt ch th kch hot (chng trnh
ang chy) t mt i tng-ngun no (vng nh cha m
ca th tc). Khi th tc c gi hon thnh xong, s din
ra s bt tr li ca min an ton.
Nu s bt-m cc min an ton lin h vi vic gi mt
th tc, th th tc ny c gi l an ton. N c mt trong
ma trn truy nhp vi t cch va l ch th va l i tng. L
ch th v th tc ny hot ng trong min an ton ca
ring n; l i tng v c th i x vi th tc ny nh mt
i tng, vi n c th gn cc quyn truy nhp, k c quyn
execute.
Chng ta xt mt v d c th, khi m cc quyn truy
nhp cho trc nh bng sau y:
Objects
File chng trnh
son tho vn bn

File vn bn

execute

Read/Write

T in

user
Subje
cts

Chng
trnh son
tho

Read/Write

Read

User c quyn truy nhp ti file vn bn t min an ton


ca ring mnh, v thng qua chng trnh son tho anh ta
157

cng truy nhp c vo file vn bn . Tuy nhin, truy nhp


c ti t in i vi user ch c th khi xy ra chuyn ti
min an ton ca chng trnh son tho (bng cch cho chy
CT son tho). Trong phng php chuyn tip min ny ma
trn truy nhp khng h thay i sau khi chuyn min.
Phc tp hn na l s chuyn min c km theo vic
giao cc quyn truy nhp nh l cc tham s ca th tc c
gi v sau ma trn truy nhp s b thay i. Gi s cc
quyn truy nhp c cho trong bng di y:
Objects
File chng trnh
son tho vn bn

File vn bn

execute

Read/Write

T in

user
Subje
cts

Chng
trnh son
tho

Read

Khc vi trng hp trn, CT son tho khng c quyn truy


nhp ti file vn bn ca user. Khi gi chng trnh son tho
th quyn ny phi c trao cho n, v trong ma trn truy
nhp s to ra mt dng mi, tm thi nh bng sau y:
Objects
File chng
trnh son tho
vn bn

File vn bn

execute

Read/Write

T in

user
Subje
cts

CT- son
tho

Read

Son tho
thay mt
user

158

Min AT tm thi c to ra miu t quyn (chun) ca


son tho vn bn tip cn ti t in v quyn va c trao
cho n (khi gi) truy nhp ti file vn bn ca user. Min AT
tm thi ny s t hu i khi kt thc cng vic ca son
tho.
Trong v d trn, vic chuyn tip cc min AT lin quan
vi hoc ch s mt quyn (v d user mt truy nhp ti t
in khi lm vic vi chng trnh son tho) hoc ch s
thm quyn ( CT son tho khi chy nhn c quyn truy
nhp ti file vn bn). Phng php ny c th c p dng cho
trng hp: khi s mt v s thu thm cc quyn truy nhp
khc nhau bi mt ch th din ra ng thi vi chuyn giao
min AT.

159

Chng 6
Cc m hnh an ton
Cc m hnh an ton (MHAT) l c s l thuyt xy
dng cc CSAT. Trong cc m hnh ca cc CSAT c th phn
ra hai loi c bn:
- loi tu chn (bt k) (MHAT- D)
- loi bt buc (chun) (MHAT-M)
Chng ta s nghin cu cc m hnh tiu biu cho mi loi
ni trn. in hnh cho m hnh tu chn (tng ng vi
chnh sch iu khin truy nhp tu chn) l m hnh an
ton HRU. V tiu biu cho loi MHAT bt buc l m hnh
b mt BLP.
6.1. M hnh ma trn truy nhp Harison - Ruzzo Ullman (vit tt l m hnh HRU).
6.1.1. Cc lun im c bn ca m hnh HRU.
M hnh HRU (Harison M., Ruzzo W., Ullman J.) thng dng
phn tch h bo v thc hin CSAT-D, v yu t c
bn ca n l Ma trn truy nhp. y trng thi ca HT c
coi nh mt tmat hu hn, hot ng theo cc lut di
chuyn xc nh.
M hnh HRU ln u tin c a ra vo nm 1971, v
n nm 1976 xut hin m t hnh thc ca n.
K hiu O - tp cc i tng ca HT; S tp cc ch th
ca HT. tnh ti c mi quan h gia cc ch th, m
hnh coi cc ch th ng thi cng l cc i tng (S O);
R tp cc quyn truy cp ca cc ch th ti cc i tng, v
d nh read, write, own; M ma trn truy nhp, cc hng tng
ng vi cc ch th v cc ct cc i tng; M [s,o] R
quyn truy nhp ca ch th s ti i tng o.
Mi tmat c xy dng trn c s cc lun im ca
m hnh HRU s c gi l mt HT. Chc nng ca mt HT c xem xt ch trong khun kh cc thay i trong ma trn

160

truy nhp M. Din bin ca HT c m t qua khi nim trng


thi ca n.
Khng gian trng thi ca HT xc nh bi tch -cc
ca 3 tp cc yu t cu thnh HT l S, O v R: O x S x R.
Trng thi hin thi Q ca HT trong khng gian trn c
xc nh bi b ba: gm yu t t tp cc ch th, tp cc
i tng v ma trn truy nhp M: Q = ( S,O,M ).
S thay i c th trong HT c xc nh nh 6 ton t
c bn sau:
1. Enter r into M[s,o]: cp cho ch th s quyn
truy nhp r ti i tng o. Khi ti yu t
M[s,o] ca ma trn truy nhp thm r vo.
2. Delete r from M[s,o]: xo khi ch th s quyn
truy nhp r ti i tng o.
3. Create subject S: to mt ch th mi trong HT.
Trong ma trn truy nhp s thm mt hng mi
v mt ct mi.
4. Create object O: to mt i tng mi trong HT.
Trong ma trn M s thm mt ct mi.
5. Destroy subject S: xo khi HT ch th S. Trong
ma trn M s mt i mt hng v mt ct tng
ng.
6. Destroy object O: xo khi HT i tng O. Trong
ma trn M s bt i mt ct tng ng.
Ta gi y l cc ton t nguyn thu v k hiu chng
l ton t . Kt qu tc ng ca ton t l HT chuyn t
trng thi Q = (S,O,M) sang trng thi mi Q = (S,O,M). Dch
chuyn ny ta s k hiu l Q
= Q. Ta c bng trng thi
sau y:
Ton t nguyn
thu HRU

iu kin
thc hin

Enter r into M[s,o]

sS , oO

Delete r from

sS ,oO
161

Trng thi mi ca HT
S=S, O=O, M[s,o]=M[s.o]
{r}
S=S, O=O, M[s,o]=M[s.o]

M[s,o]

\ {r}

Create subject s

sS

S=S {s}, O=O {s}

Create object o

oO

S=S, O=O {o}

Destroy subject s

sS

S=S \ {s}, O=O \ {s}

Destroy object o

oO

S=S, O=O \ {o}

C th cu to t cc ton t nguyn thu cc ton t


lnh. Cc lnh ny gm 2 phn:
- Cc iu kin thc hin lnh.
- Dy cc ton t nguyn thu tip theo.
Cc lnh loi ny c dng sau:
Command C (x1,,xk)
If r1 M[xs1,xo1] and and rm M[xsm,xom] then
1

n
End.
y C tn lnh; xi tham s lnh, l cc c ch
ca cc ch th v i tng, si v oi cc ch s ca cc ch
th v i tng (t 1 n k); - cc ton t nguyn thu; r1,
rm R cc quyn truy nhp.
Khi hon thnh cu lnh C (x1,,xk) HT thc hin bc
chuyn t trng thi Q sang trng thi mi Q.
Ta k hiu bc chuyn ny nh sau: Q C (x1,,xk) Q. Lu
y:
- Q=Q, nu nh mt trong nhng iu kin ca cu
lnh
C (x1,,xk) khng c thc hin.
- Q=Qn, nu tt c cc iu kin ca cu lnh C
(x1,,xk) c thc hin v tn ti cc trng thi Q 1,
Q=Q0 1Q1 2 n Qn
,Qn:
Ta hy xem my v d n gin nht.
V d 1: Lnh to mt file ring cho bi ch th s

162

Command Create File (s,f):


Create object f;
enter own into M[s,f];
enter read into M[s,f];
enter write into M[s,f];
End.
V d 2: Lnh chuyn cho ch th s quyn read file f
m ch s hu ca f l ch th s
Command Enter Read (s,s,f):
If own M[s,f] then
enter read into M[s,f];
End.
6.1.2. Tnh an ton ca h thng
Theo cc i hi ca hu ht cc tiu ch nh gi ATTT,
cc MT phi c thit lp trn cc m hnh ton hc xc
nh , t phi chng t c, v mt l lun (trit l) s
tng ng ca h bo v vi cc i hi ca CSAT cho trc.
gi quyt bi ton, cn phi c mt thut ton cho php
kim tra c s tng ng ni trn. Chng ta hy xem xt
iu ny.
nh ngha 1: Ta coi rng, s r r quyn r R c th
xy ra do thc hin lnh Command C, nu trong bc chuyn
HT ti trng thi Q c thc hin ton t nguyn thu, a r vo
yu t ma trn truy nhp M, m trc yu t ny khng
cha r.
nh ngha 2: Trng thi ban u Q0 coi l an ton i vi
mt quyn r no , nu khng th xy ra bc chuyn ca
HT ti trng thi Q, trong c th xut hin s r r quyn
r.
nh ngha 3: Mt HT c gi l n ton t, nu mi
lnh ch thc hin mt ton t nguyn thu.
6.1.2.1. nh l 1: (v tn ti thut ton kim tra)

163

Tn ti mt thut ton cho php kim tra xem mt trng


thi cho trc ca mt HT n ton t c an ton hay khng
i vi quyn r cho.
Chng minh: chng minh nh l 1 ch cn chng t
rng, s cc dy lnh Command ca HT m ta cn kim tra l
hu hn. Trong trng hp ny, thut ton kim tra an ton l
thut ton chn tng ton b cc dy lnh v kim tra trng
thi cui cng mi dy xem c r r quyn r hay khng.
Lu rng, khng cn thit xem xt trong cc dy lnh cc
ton t Delete v Destroy, v rng ta cn kim tra s
tn ti mt quyn truy nhp ch khng phi s vng mt
ca n. Hn na, cn rng khng cn phi xem xt cc
dy lnh c cha nhiu hn mt ton t Create. l do,
tt c cc dy lnh hoc l kim tra, hoc l enter cc
quyn truy nhp vo cc yu t mi ca ma trn truy nhp M,
c th bng php th n gin cc tham s, biu din
dng cc dy lnh tc ng ch ln cc ch th v cc i tng ang tn ti (khng cn c cc S. v O. mi sinh ra). Cn
ch mt ton t Create cho trng hp nu Q0 = (S,O,M) v S =
.
Nh vy, chng ta ch cn xem xt cc dy lnh c cha
cc ton t Enterinto v cc i l mt ton t Create
subject. S cc ton t Enter khc nhau l n= R ( S 0 1)( O0 1)
. V trt t cc thao tc Enter trong dy lnh l khng quan
trng nn cng vi mt thao tc Create, th s cc dy lnh
b gii hn bi i lng 2n+1.
6.1.2.2. nh l 2: (khng tn ti thut ton kim
tra)
Bi ton kim tra tnh an ton ca HT bt k l khng c
li gii v mt thut ton.
chng minh nh l 2 phi da vo kt lun quan
trng trong l thuyt my Turing: khng tn ti mt thut ton
kim tra i vi my Turing bt k v mt t ban u bt k.
Chng ta s cng nhn iu ny m khng i su vo cc
lp lun ton hc cng knh v phc tp.

164

nh l 1 v nh l 2 trn cho ta 2 cch chn b bo


v. Mt mt, m hnh HRU c th biu din a dng cc
CSAT tu chn, nhng li khng tn ti thut ton kim tra
tnh an ton ca chng; mt khc, c th s dng cc h
n ton t, m vi HT ny c tn ti thut ton kim tra an
ton, nhng loi HT nh vy li rt hn hp.
Phng hng pht trin tip theo ca m hnh HRU l xc
nh cc iu kin m HT phi tun th, sao cho bi
ton kim tra an ton vi HT c th gii c v thut ton. V
d nm 1978, ngui ta chng t rng, cc HT n iu v
n iu kin, tc l n khng cha cc ton t Destroy
hoc Delete v ch cha cc lnh, m phn iu kin
ca chng c khng hn mt mnh , s c tn ti thut
ton kim tra.
6.2. M hnh trao quyn truy nhp Take Grant.
6.2.1. M hnh Take Grant c bn.
6.2.1.1. Cc lun im c bn ca m hnh.
M hnh trao quyn truy nhp Take-Grant (ra i vo
nm 1976) dng phn tch cc HT bo m kim sot
truy nhp tu chn (DAC), trc ht l phn tch cc cch
trao quyn truy nhp trong cc HT nh vy. Trong m hnh c
s dng cc gin truy nhp v cc lut bin i ca
chng. Mc ch ca m hnh l tm li gii cho cu hi
v kh nng mt ch th ca HT nhn cc quyn truy nhp
ti mt i tng ti trng thi c m t bng mt gin truy
nhp.
V cch phn chia cc thc th ca HT vn tun theo
m hnh S.-O., v vn coi S O. Vy:
S-tp cc ch th v O-tp cc i tng ca HT.
R={r1,r2,,rm} {t,g} tp cc quyn truy nhp, y
t (take) l quyn truy nhp, g (grant) l quyn cho quyn
truy nhp.

165

G=(S,O,E)-l mt gin c nh hng u cui c


nh du v khng c vng khp kn; gin ny th hin
cc truy nhp ang xy ra trong HT. Tp S,O tng ng vi cc
nh ca gin v c k hiu nh sau: - cc i tng
(cc yu t ca tp O\S); - ch th (yu t ca tp S). Cc
yu t ca tp E x x R th hin cc cung ca gin ,
nh du cc tp con khng rng t tp cc quyn truy nhp
R.
Trng thi ca HT c m t bng gin truy nhp ca
n. Bc chuyn ca HT t trng thi ny sang trng thi khc
c xc nh bi cc ton t hoc bng cc lut bin i
gin truy nhp. Bin i gin G vo
gin G sau khi thc hin lut op thng k hiu l G
op G.
Trong m hnh Take-Grant c bn, c 4 loi lut bin i
gin truy nhp sau y:
1. Lut Take (,x,y,z) Ly quyn.
Gi s x S, y,z O l cc nh khc nhau ca gin
G;
R v . Gin truy nhp th hin trng thi G
ca HT, trong ch th x ang nhn quyn t t i tng y
v i tng y c cc quyn truy nhp ti i tng z.
t

x
y
Lut Take (,x,y,z)
xc
nh
th t nhn gin mi G t
z
G nh sau:

G
t

take

(,x,y,z)
x
y
x
y
Ch th x ly t i tng y quyn truy
nhp
ti
i tng
z
z
z. ( )

166

1. Lut Grant ( ,x,y,z) Trao quyn.


Gi s x S, y,z O l cc nh ca gin G; R
v .
Lut ny xc nh trt t thu c gin mi G t gin
G nh hnh sau:

grant(,x,y

,z)
y
x
y
x
Ch th x trao cho i tng y quyn ti i tng z.
z
z
2. Lut Create ( , x, y) To lp quyn cho i tng
mi.
Gi s: x S; R; , y - i tng mi (hoc ch
th). Lut ny xc nh trt t nhn G t G nh sau:
G
G

x
x
y
create(,x,y)
Ch th x to ra mt i tng mi y m n c quyn truy
nhp ti . (x c quyn truy nhp ti y).
3. Lut Remove ( , x, y) Tho b quyn.
Gi s: x S, y O cc nh ca gin G, R;
. Lut ny xc nh trt t nhn G t G nh sau.

remove (, x,
x
y)

Ch th x tho b quyn truy nhp ti i tng y.


Cc lut nu trn gi l cc lut c bn. Ta c bng cc lut
c bn sau y:
Cc lut c
bn ca m

Cc iu kin

167

Trng thi kt qu ca
HT G=(S,O,E)

hnh T - G
x S, (x,y,t) E
Take (,x,y,z)

(y,z, ) E. x z,

x S, (x,y,g) E

Grant (,x,y,z) (x,z, ) E. y z,

S=S, O=O
E=E {(x,z, )}
S=S, O=O
E=E {(y,z, )}
O=O {y},S=S{y},
nu y l ch th, E=E

Create (, x, y) x S, y O

{(x,y, )}
Remove (, x,
y)

x S, y O

S=S, O=O

(x,z, ) E;

E=E \ {(x,y, )}

Trong m hnh Take Grant, quan trng l xc nh cc


iu kin, m trong HT c th din ra s trao quyn truy
nhp theo mt cch nht nh. Chng ta hy xem xt cc
iu kin thc hin:
- phng php nhn bt hp php cc quyn truy
nhp.
- phng php cp quyn truy nhp
6.2.1.2. Trao quyn tri php.
y cn gi l phng php trao bt hp php quyn truy
nhp. Phng php ny c c trng chnh l, trong vic trao
quyn truy nhp khng c mt s hn ch no i vi s phi
hp ca cc ch th tham gia qu trnh (tc l khng
phn bit ch th hp php hay bt hp php).
Gi s x,y O - cc i tng khc nhau ca gin truy
nhp G0=(S0,O0,E0); R. Chng ta hy nh ngha mnh
truy nhp cho php (,x,y,G0) sao cho mnh ny s
ng khi v ch khi c tn ti cc gin G 1=(S1,O1,E1),

168

GN=(SN,ON,EN) cho G0

op1 G1

op2

op N GN v (x,y, )

EN.
nh ngha 1: Ngi ta ni cc nh ca mt gin
truy nhp l tg-lin kt vi nhau hoc chng c ni vi nhau
bng tg-con ng nu (khng tnh ti hng ca cc cung)
trong gin gia chng (cc nh) c tn ti mt ng, m mi cung ca n c ch th t hoc g. S gi l cc
nh trc tip lin kt tg vi nhau, nu ng tg gia chng
ch gm c mt cung duy nht.
nh l 1. Gi s G0=(S0,O0,E0) gin truyu nhp ch
cha cc nh-ch th. Khi mnh truy nhp cho
php (,x,y,G0) ng khi v ch khi tho mn cc Iu kin
1 v 2 sau y:
iu kin 1: Tn ti cc ch th s1,,sm sao cho (s0,y,1)
E0 i vi i=1,,m v =1 m.
iu kin 2: Ch th x trong gin G 0 c ni bng
ng tg vi mi ch th si ,vi i=1,,m.
Chng minh: y l nh l c chng minh kh phc
tp. Chng ta khng dn ra ton b chng minh m s ch ra
phng php thc hin n.
u tin ngi ta chng minh nh l vi m=1 (trng hp
m >1 d dng suy ra.
Sau p dng phng php quy np ton hc chng
minh tnh cn v ca nh l.
Chng minh tnh cn: Gi s mnh l ng s suy
ra s cn thit ca cc mnh 1 v 2.
Chng minh tnh : Gi s hon thnh cc iu kin 1
v 2 s dn ti mnh phi ng.
Trong hnh v sau, chng ta s a ra tt c cc trng hp
c th ca lin kt tg trc tip ca x v s.

169

G0

G1
t

take
(,x,y,z)

x
G1

G0

g
x

Create((t,g),

x
x,z)
Take(g,x,s,z)

G1
t,g

G0

gtt
x

grant
(,x,s,y)
G1
t,g

tt

Create((t,g),

x
x,z)
Take(g,x,s,z)

g
s

G0

y
G2
t,g

Grant(,s,z,y)
y Take(,x,z,y)x

G2
t,g
Grant(,s,z,y)
y Take(,x,z,y)x

g
s

nh l 2: Ngi ta c th chng minh nh l 2 v kh nng


trao quyn tri php xy ra cc iu kin km cht ch
hn so vi cc iu kin ca nh l 1. y chng ti
ch gii thiu v s tn ti ca nh l ny.
Tuy c 2 trng hp trao quyn ni ti nh l 1 v 2 vn
u gi nh c s hp tc, tc ng nht nh ca cc ch
th, c bit l u c tc ng tham gia ca ch th ban
u c mt s quyn truy nhp trao i.
3. Kh nng cp quyn truy nhp (nh l 3)
Trong trng hp trao quyn bt hp php u gi nh s
hp tc cht ch ca cc ch th tham gia (cc iu kin ca
nh l 1 v nh l 2).

170

Trong khun kh m hnh Take-Grant c th chng minh


c kh nng tn ti vic cp quyn truy nhp.
Gi s x,y O l cc i tng khc nhau ca gin
truy nhp G0=(S0,O0,E0); R. Ta nh ngha mnh cp
quyn c th (,x,y,G0) m s ng khi v ch khi (x,y,)
E0 v tn ti ccgin G1=(S1,O1,E1), , GN=(SN,ON,EN) sao
cho G0

op1 G1

op2

nu (x,y,) E0

opN GN v (x,y,) EN; trong ,

th z Sj, j = 0,1,,N

opK

grant(,s,z,y) K=1,N.
nh l 3: Gi s G0=(S0,O0,E0) l gin truy nhp bt
k. Mnh cp quyn c th ng khi v ch khi tho
mn cc iu kin 1,2,3 sau:
iu kin 1: (x,y,) E0.
iu kin 2: Tn ti cc i tng S1,,Sm sao cho (si,yi,i)
E0 vi i=1,m v = i m
iu kin 3: Cc mnh Truy nhp cho php
(t,x,si,G0) vi i=1,,m l ng.
Chng minh tng t nh nh l 2.
6.2.2. Cc nhn an ton.
6.2.2.1. Khi nim mc AT, hng mc AT v nhn AT.
a. Mc an ton (Security levels):
Mc an ton c nh ngha nh mt c trng phn
cp ( hierarchical attribute ) c gn lin vi cc thc th
trong h my tnh, gip cho ta nh du mc nhy cm
an ton ca chng.
Thc t cho thy, trong nhiu h thng MT tn ti mi
quan h th bc gia cc nhy cm an ton ca cc thc
th ca chng. V d, mt file ny c th c nhy cm an
ton cao nht, file khc c th c nhy cm an ton thp hn,
file khc na s c nhy cm an ton khc, v v. v...Tnh
hung ny ging nh cc nhy cm quen thuc thng gn vi
cc h s v cc nhn vin trong mt c quan. Trong mi c

171

quan hay mi cng ty, th cc ghi nh, cc bo co, cc nhn


vin v cc ti nguyn khc thng c coi l c mt nhy
cm v mt tm quan trng no trong khun kh th bc
c xc nh.
Khi mi tng quan th bc c hnh thnh, cn mt
c ch cho vic lp th tn cc thc th c bn trong h MT
sao cho nhy cm an ton ca chng th hin c. Mt trong
nhng bin php lm vic ny l gn cho mi thc th
mt mc an ton ( security level ). Cc nhn an ton lun lun
thuc v mt cp bc xc nh. V d, trong qun s,
tp cc mc bao gm : mc khng phn loi (khng xp vo
loi mt ), mc mt, mc ti mt, mc tuyt mt. Th bc
ca cc mc an ton trong qun s c xc lp nh sau: Tuyt
mt c coi l cao hn ti mt; Ti mt coi l cao hn mt;
Mt coi l cao hn khng phn loi (khng mt). Trong mi
trng thng mi, cc mc tng ng c th l: Hn ch, c
quyn, nhy cm, v cng cng. Hnh 6.1 th hin iu
.
Tuyt mt
Ti mt
Mt

Hn ch
S hu
Nhy

Khng phn loi

Cng

cm
cng
a) Mc an ton qun s.
thng mi

b) Mc an ton

Hnh 6.1: Cc mc an ton qun s v thng mi.


gip cho vic biu din cc mc an ton v cc khi
nim tng t trong chng ny v tip sau, chng ta cn a
vo cc cu trc ton hc n gin v cc quan h ton hc
cn thit. Trong cc tho lun nh vy, mt tp cc mc an
ton s c ni n bng tn " levels " (cc mc ). Cn quan
h th bc gia cc yu t khc nhau ca "levels " s c ghi
nhn bng cc k hiu iu kin:

172

< nh hn ; nh hn hoc bng ; > ln hn ; ln


hn hoc bng.
Trong ngha , " levels " c th c coi l mt tp hp
c th t. Ngha l, hai phn t bt k ca "levels" u c
th c so snh xc nh xem chng l bng nhau hay
c mt ln hn.
b. Hng mc an ton ( security categories ):
Cc hng mc an ton c nh ngha nh s nhm
khng th bc cc thc th ca h MT gip ch ra mc
nhy cm an ton ca chng.
hiu iu ny, hy coi rng, trong mt h MT ngoi
cc mc an ton levels, cn phi chia nh cc thc th khc
nhau ca h thnh cc nhm khng c th bc. iu ny c
thc hin bng vic dng cc hng mc an ton categories.
Cc category qun s in hnh c th l cc nhm nato,
nhm nasa, nhm nga, nhm ng-nam , nhm ni a v
nhm noform. S tng t nh vy c th da trn c s l
nhiu tp on v cng ty c chia ra theo cc d n khc
nhau m cc ti nguyn ca chng c cung cp cho h
thng. Cc hng mc an ton phi th bc ni chung, cung cp
m hnh c ngha cho cc tnh hung tng t. V d, cc
hng mc an ton thng mi c th c xc nh bi thnh
vin ca tp on, ca cng ty (xem hnh 6.2 v hnh 6.3).
Nat
o

Cty
A

Nas
a

Nofor
m

Cty
C

CtyB

Hnh 6.2: Hng mc


LAT qun s in
hnh

Hnh 6.3: Hng mc AT thng


mi
in hnh

173

Lu rng, khng c g ngn cn vic cho php cc thc


th hay cc nhn vin ca mt h c gn vi hn mt
category an ton. Hin nhin l, nh thit k hoc qun tr
h thng c th la chn lp ra bn phn hoch nh
dng cc category an ton sao cho, tt c cc i tng ch
nm ng mt category an ton m thi, nhng iu ny
khng phi l nht thit. Cng cn lu rng, khng loi tr trng hp h thng khng c category an ton no hoc ch
c mt tp con cc i tng ca h c gn vi cc category
an ton xc nh.
Mt khi nim hu ch trong qun s thng c m t
bi cc category an ton l khi nim Cn--Bit (Need-toKnow), trong thng tin khng ch c gn cc levels an
ton qun s m cn c gn vi thuc tnh qun s Cn-Bit. iu cho php thng tin ch c chuyn ti
nhng ai cn n nu levels an ton cho php. Thuc tnh
Cn--Bit trong qun s l phi th bc, v rng cc c
nhn lm vic trong khun kh mt level an ton no
c th khng cn bit mt s thng tin ti mc ny. V d,
cc c nhn nm trong khong cho php Tuyt Mt c th
khng c quyn kho st thng tin tuyt mt nu h khng
c nhu cu ng k Cn--Bit thng tin ny.
Trong cc tho lun c tnh cht ton hc tip sau y,
tp cc hng mc an ton s c k hiu l " categories ", v
chng ta thng kho st cc tp con khc nhau ca "
categories " bng quan h bao hm " ". Tt c cc tp con
ca " categories " khng ging nh cc phn t ca tp " levels
" khng phi tt c u c th bc di quan h bao hm.
Ngha l, nu " categories " = { C , C* }, th cc tp con { C
} v {C*} khng bng nhau m cng khng c tp con no l
ph ln tp con kia.
c. Cc nhn an ton ( security labels ):
Nhn an ton (label ) c nh ngha nh mt c trng
gn lin vi cc thc th ca h MT nh du mc nhy
cm c th bc v tnh cht Cn--Bit ca chng. Mt
174

cch c th, mt nhn an ton bao gm hai thnh t: mt


mc an ton c th bc v mt tp ( c th l rng ) cc hng
mc an ton phi th bc. Chng ta s ni v tp cc nhn an
ton trong cc tho lun tip theo l labels vi nh ngha
ton hc nh sau ( y, k hiu vit hoa P(categories)
nh du tp ca tt c cc tp con ca cc hng mc ) :
labels = levels P(categories)
Ti y ta dng k hiu ton hc quan h tch cho,
c nh ngha nh sau:
Cho cc tp X v Y, tch cho X Y l mt tp hp tt c
cc cp c th t (x,y), trong x l mt yu t ca X v y
l mt yu t ca Y. V d, nu X = {1,2} v ta c Y = {a,b}
th
X Y = {(1,a),(1,b),(2,a),(2,b)}
Nh vy, cc nhn l mt tp tt c cc cp c th t (a,b)
trong a l mt yu t ca cc mc (levels) v b l mt
yu t ca P(categories). Ta thy, mt nhn an ton bao gi
cng cu to t mt mc an ton v mt tp cc hng mc an
ton (c th l tp rng). Ta hy xt mt v d c th. Gi s
rng, trong mi trng qun s, cc nh ngha sau y l
ng:
levels = {mt,ti mt}
categories = {army,navy}
P(categories) = {,{army},{navy},
{army,navy}}.
Ni cch khc, hai mc an ton Mt v Ti mt c nh
ngha trong mi trng qun s v hai hng mc an ton
army v navy ( qun i v hi qun ) cng c xc nh.
nh ngha ny cung cp cho ta tp cc nhn an ton trong
mi trng qun s l tch cho ca hai tp ny, c th nh
sau :
"labels" = {(mt,{army}),( ti mt,{army}),
( mt,{navy}),( ti mt,{navy}),
( mt,{army,navy}),( ti mt,
{army,navy}),
175

( mt, ),( ti mt, )}


cho thun tin, mt nhn an ton cho x=
( lev,cats ), chng ta dng lev k hiu ton t hnh chiu
lev(x) v cats k hiu ton t hnh chiu cats(x). Nh vy,
lev(( ti mt,)) s l ( ti mt ) v cats((mt,{army})) s l
{army}. Hn na, chng ta s tip tc s dng k hiu cp
c th t biu din cc nhn an ton. V d
x = ( khng phn loi,{a, b, c})
V d trn th hin nhn an ton x vi mc an ton c th
bc l khng phn loi, ngha l lev(x) = khng phn loi
v cc hng mc an ton phi th bc l a, b v c, ngha l
cats(x) = {a, b, c}.
Thng thng c th thy rng, cc nhn an ton cng c
biu din bng s m t mc an ton v cc hng mc
an ton i km. Chng hn, gin trong hnh v sau m t
nhn an ton qun s in hnh vi mc an ton v tip sau
l bn hng mc an ton
Ti mt
navy

nato

nasa

army

Mc AT c th
bc

Cc hng mc AT phi th
bc
6.2.2.2. Khi nim quan h tri
a. Quan h hai ngi:
Chng ta nh rng, mt quan h hai ngi (a binary
relation) trn tp X l mt tp con ca tch cho X X. V
d, quan h th t gia cp hai s nguyn bt k trn tp
cc s nguyn Z l mt quan h hai ngi in hnh. Nu a
l mt yu t ca Z v b cng l mt yu t khc ca Z, th
r rng l quan h a > b l mt yu t ca mt tp con ca
tch cho Z Z. Cc yu t ca mt quan h bt k c xc
nh, ni chung, u chia s mt tnh cht chung no .
Chng hn, quan h nh hn xc nh trn cc s nguyn
176

bao gm tt c cc cp c th t cc s nguyn, trong


thnh t u tin ca cp nh hn thnh t th hai. Tng
t, quan h bng nhau trn cc s nguyn bao gm tt c cc
cp c th t cc s nguyn, trong thnh t th nht
bng thnh t th hai.
b. Quan h tri (Dominate relation):
Chng ta s a ra nh ngha sau, quan h tri ( a
dominate relation ) l mt quan h hai ngi ( a binary
relation) c xc nh trn tp cc nhn an ton "labels". Khi
mt cp cc nhn an ton ( a,b ) l mt phn t ca tp
"labels", chng ta ni rng cp ( a,b ) thuc quan h tri
( (a,b) dominates ) hoc a tri so vi b ( a dominates b ). D
thy rng, trn quan im tri th, khi mt nhn an ton tri
so vi mt nhn an ton khc m khng quan trng hn th
chng ta khng ni " km quan trng "hn v rng, y
chng ta quy nh rng mt nhn an ton tri so vi chnh
n. c bit, iu kin m chng ta s s dng nh
ngha quan h tri dominates nh sau :
x1,x2 "labels" : x1 dominates x2 khi v ch
khi
lev(x1) > lev(x2) v cats(x1) cats(x2)
iu kin trn cho rng, mt nhn an ton tri so vi
mt nhn khc khi thnh phn mc an ton ca n ln hn
hoc bng thnh phn mc an ton ca nhn kia v khi tp
cc hng mc an ton ca n l tp bao ca tp cc hng mc
an ton ca nhn kia. C th vit li nh sau:
Dominates
( x1,x2 )

labels labels sao cho


dominates

khi

lev(x1) > lev(x2)


v cats(x1) cats(x2)
Lu rng, mc d cc k hiu dng m t quan h
tri kh phc tp, trn thc t n hon ton n gin. V d,
quan h bng nhau trn cc nhn (ngha l, mt cp cc nhn
trong quan h ny nu cc thnh t ca chng bng nhau )
c th c m t nh sau:
177

x1,x2 "labels" : x1 bng x2 khi v ch


khi
lev(x1) = lev(x2) v cats(x1) = cats(x2)
tip tc minh ho v khi nim dominates, hy gi
thit rng, nhng tuyn b sau y tt c u ng trong
mi trng qun s vi cc nhn an ton qun s v cc hng
mc an ton a v b :
((Tuyt mt,{ a }),(Tuyt mt,)) dominates
((Ti mt,{a,b}),(Khng phn loi,{a}))
dominates
((Khng phn loi,{a,b}),(Khng phn loi,
{a,b})) dominates
not (((Tuyt mt,),(Khng phn loi,{a}))
dominates)
not (((Ti mt,{a}),(Khng phn loi,{a,b}))
dominates)
not (((Ti mt,{a}),(Ti mt,{a,b})) dominates)
Nh trn gi nh, cc tuyn b ny cng c th c
biu din dng sao cho d c hn: v d, (Tuyt mt,
{a}) dominates (Tuyt mt,{}). Cng cn cch khc
miu t quan h tri bng gin nh trong hnh
v sau:
Ti mt
navy

nato

nasa

army

Mt
nato
nasa
army
Trong s ny, hai nhn an ton c v ra sao cho lin
h gia cc mc an ton v cc hng mc an ton d nhn
thy. Trong v d, mc nhn trn ln hn mc nhn di, cn
categories ca nhn trn to thnh tp bao ca tp cc
categories ca nhn di. Kt qu l nhn trn tri so vi
nhn di.
6.2.2.3. Biu din mt CSAT
a. Biu din phi chnh tc CSAT.
178

Nh ni trn, cc chnh sch an ton bt buc trn


cc h MT thc t ni chung, c biu din dng phi chnh
tc. iu ny tng ng vi biu din phi chnh tc tt c
cc yu cu i vi h v cc ti liu i km vi chng. Trong
khi vn xui r rng l phng tin chung nht m t cc
CSAT, th vic lp cc bng biu n gin cng rt thng
dng m t cc iu lut bt buc i vi cc truy nhp
nht nh gia ch th v i tng. Cc bng nh vy thng
ngm hiu mt gi nh no v cc thao tc n ca h
thng.
Ni chung cc bng biu ca biu din phi chnh tc
CSAT gi nh rng, cc ch th, cc i tng v cc truy
nhp tn ti trong h MT c phn loi. V do , bng
ny c cha mt ct cho cc truy nhp phn loi, mt ct
dnh cho quan h tng h phi c thc hin gia ch th
v i tng trong loi truy nhp tng ng. Cch biu din
bng bng ny cha ng thng tin dng rt c ng v
ngn gn.
minh ho cho mt biu din phi chnh tcchng ta s
kho st CSAT cho mt h MT n gin. Ta s dng mt bng
c hai ct; mt ct biu din loi truy nhp v mt ct biu
din quan h tng ng phi thc hin gia ch th yu cu
v i tng c i hi. Bng ny c ch ra trong hnh
sau. ( y equals l mt quan h hai ngi, n ch ng
khi hai nhn an ton em so snh ging ht nhau).
Loi truy nhp

Quan h ( ch th-i tng )


Dominates
Dominates
Equals

Read
Execute
Write

Biu din phi chnh tc chnh sch an ton.


T bng ny ta c th kt lun rng, nhn an ton ca
ch th phi tri hn nhn an ton ca i tng th thao tc
read v execute mi c cho php. Tng t, nhn an ton ca
179

ch th v nhn an ton ca i tng phi nh nhau (equals)


th write mi c cho php.
u vit ca loi biu din ny l ngn gn v d hiu
i vi khch hng. iu lm gim cn tr ca tnh an
ton n tnh tin dng ca h cho. Nhc im ca n
l, cc li logic c th d xy ra v cc quan h phc tp hn
s kh th hin vo mt bng nh vy c. c bit vi cc h
MT ln, phc tp , a chiu, phn tn th kh p dng c
cc bng loi ny.
Chng ta s xt mt v d c th . l CSAT h iu
hnh V/MLS ca h UNIX. Bc u tin trong vic thit lp
cc chnh sch nh vy l ch ra cc ch th, cc i tng v
cc loi truy nhp. Ch th y l cc qu trnh UNIX v
i tng l cc file, cc th mc, cc nut loi i( i-nodes), cc tn
hiu (signals), cc cu trc lin thng qu trnh hay cc qu
trnh lin lc bn trong khi nhn tn hiu (ipc - inerprocces
communication ). Cc thao tc ch ra trong hnh sau l cc
loi truy nhp m h iu hnh V/MLS ca UNIX thc hin
trong mi trng an ton. Cc thao tc c phn chia vo cc
nhm bo v file, i-nodes, th mc v signal/ipc.
Lu rng, quan h ch nh trong bng phi c
duy tr gia cc ch th V/MLS h UNIX v cc i tng th
loi truy nhp i km mi c cho php. V d, dng u
trong bng ch nh rng, nhn ca ch th phi tri hn
nhn ca i tng th ch th s c c i tng.
Loi truy nhp

Quan h (ch th - i tng)

Read (c file )

dominates (tri)

Exec (thc hin file)

dominates (tri)

Write (ghi file)

equals (ngang bng)

Overwrite (ghi file)

equals (ngang bng)

Append (in file)

equals (ngang bng)

Stat (khi to i-node)

dominates (tri)

Change (i i-node)

equals (ngang bng)


180

Read (c th mc)

dominates (tri)

Search (tm th mc)

dominates (tri)

Create (to th mc)

equals (ngang bng)

Link (lin kt th mc)

equals (ngang bng)

Unlink (b lin kt th mc)

equals (ngang bng)

Read (c signal/ipc)

dominates (tri)

Write (ghi signal/ipc)

equals (ngang bng)

Kill (hu signal/ipc)


equals (ngang bng)
Cn nh rng, trong bng trn khng phi lc no i tng cng l cc file. V d, cc thao tc create, link v unlink
i hi quan h ch nh c duy tr gia nhn an ton
ca ch th v nhn an ton ca th mc ch.
Cn lu rng, y cc thao tc khng lm thay i
gi tr ca i tng c gn vi quan h tri (dominates). Cc
thao tc c th lm thay i gi tr ca i tng c gn vi
quan h ngang bng (equals). iu ny l ngn chn cc
ch th vi mc (mt) thp hn c cc i tng c mc
(mt) cao hn v cc ch th vi mc (mt) cao hn lm
bin i cc i tng c mc (mt) thp hn.
b. Biu din chnh tc CSAT
Hm s boolean.
Ct li ca biu din hnh thc cc CSAT l da vo cc
hm s ton hc c bit. l hm s dng boolean (ch
nhn hai gi tr true hoc false) xc nh trn tp cc ch
th, cc i tng v cc truy nhp tn ti trong h MT cho.
a cc hm s vo h thng cn cc gi thit c bn
v cc thao tc ca h. Gi thit c bn nht y l: Mt
h MT c biu din bng cc trng thi v cc bc chuyn t
trng thi ny sang trng thi kia k t mt trng thi ban
u. Cc bc chuyn nh vy gy ra cc thay i c xc
nh r rng trong h. Cc thay i ny xut hin l do

181

cc ch th yu cu cc truy nhp ti cac i tng. Hm s


biu din s xc nh xem, cc truy nhp nh vy c c cho
php khng cn c vo CSAT ch nh. Nu truy nhp
khng c cho php th trng thi h khng thay i. Nu
truy nhp l cho php th trng thi h s thay i (ngay c
vi thao tc read).
Nh vy, hm boolean m chng ta a ra s c gi tr l
true (ng) nu cc iu kin hoc cc c trng ca h
cho c duy tr, v s c gi tr false (sai) nu ngc li.Tt
nhin phi hiu y true c xc nh vi tt c cc trng
thi ca h.
K hiu hm s nh bnh thng
f: A
B
y f l hm s gn vi mi yu t ca min xc
nh A mt yu t duy nht ca min gi tr B. T nh
ngha trn ta c, hm boolean c tp (true,false) l min gi
tr v min xc nh ca n l tp cc ch th, cc i tng
v cc truy nhp tn ti trong h thng. Nh vy, cc gi tr
true v false s c gn vi cc yu t khc nhau ca min
xc nh.
Hm u tin m ta xt l hm allow (cho php). Hm
ny s gn true vi tt c cc t hp ca ch th, i tng v
truy nhp m i vi chng ch th c cho php truy nhp
i tng. Cc tp hp subjects (ch th) v objects (i tng)
c nh ngha trong chng trc. By gi ta a tp
accesses (truy nhp) vo k hiu tt c cc loi truy nhp
ch nh.
f : A
B
allow :
subjects accesses objects
boolean
(cho php : ch th truy nhp i tng
boolean)
V d, hm allow c th biu din trng thi sau: trong
h cho khch hng Joe c th c i tng myfile nhng

182

khch hng Bill khng c cho php nh vy. Trong trng hp


ny hm allow c dng:
Allow (Joe,read,myfile)
Allow (Bill,read,myfile)

true
false

Nh vy, trn thc t hm allow s cung cp cc phng


tin c bn m da vo ta xc nh mt CSAT. Cn nh
rng, hm ny ch nh cc i hi phi duy tr trong tt
c cc trng thi ca h thng.
Loi hm th hai c a ra m hnh ho ch s hu
ca mt i tng, nh qun tr ca mt h thng v mt
quan h tri v nhn an ton. Trc tin ta xt hm xc
nh ch s hu ca mt i tng:
Own : subjects objects
boolean
(s hu : ch th i tng
boolean)
V d, nu own (Bill,file)
true th ta kt lun
rng Bill l ch s hu ca file.
Tip theo ta s xt hm admin xc nh nh qun tr
h thng :
Admin : subjects
boolean
(qun tr : ch th
boolean)
Chng hn, nu admin (Harry)
true th ta kt
lun rng Harry l nh qun tr ca h thng. Hm admin c
th c nhiu hn mt ch th.
Cui cng, chng ta a ra hm dominates xc nh
mt quan h tri gia hai nhn an ton :
Dominates : labels labels
boolean
(tri : nhn AT nhn AT
boolean)
Chng hn, nu dominates (label1,label2)
true
th ta c th suy ra l nhn AT1 tri hn so vi nhn AT2. Lu
rng, hm tri y khc vi quan h tri xc nh phn
trc,(mc d hm s cng l mt quan h v mt ton hc).
Chng ta kt thc phn ny bng vic dng mt biu
din n gin sau:
Allow (s,o,a) iff P
183

C ngha l, mi trng thi ca h thng ch th s c th


thc hin truy nhp a ti i tng o khi v ch khi tnh cht P
l true. ( Hy nh li rng, A khi v ch khi B thng c k hiu
l A iff B, c ngha l A dn ti B v cng c B dn ti A)
Chng ta s biu din cc chnh sch c xc nh trn
mt tp c bit S cc ch th, tp O cc i tng v tp A
cc truy nhp nh sau :
s S , o O , a A : allow (s,o,a) iff P
y x X k hiu vi mi x trong tp X.
Chng ta cn nh rng, hon ton c th xy ra iu sau
y: mt CSAT vit ra theo kiu ny c th khng thc thi
c. V trong ton hc v khoa hc MT c nhng vn
khng th gii quyt c ( chng hn vn cc my Turing
ni ting ). Nu mt chnh sch an ton c biu din qua
cc iu kin li l mt vn khng gii quyt c th r
rng l chnh sch an ton khng th thc thi.
Biu din CSAT
By gi chng ta c th kho st cc v d c th cho
cc tnh cht ca CSAT (tc l biu thc P trong biu din).Ta
bt u t chnh sch hon ton t do (khng g p), trong
tt c cc ch th c th thc hin bt c truy nhp no
ti bt k i tng no trong h thng. Ta gi l chnh
sch khng hn ch (unconditioned policy) hoc chnh sch
v iu kin :
Unconditioned : s S, o O, a A : alow (s,o,a) iff
True.
Nh vy, mt h thng buc thc thi chnh sch khng
hn ch s cho php truy nhp loi bt k ca tt c cc ch
th ti cc i tng bt k. Trn thc t, nhiu h my tnh
c nhn thuc ng cp an ton D thc hin iu ny.
Loi chnh sch th hai m chng ta xem xt gi l
chnh sch s hu th hay cn gi l ownership :

184

Ownership : s S, o O, a A : allow (s,o,a) iff Own


(s,o).
Trong chnh sch ny, cc truy nhp ch cho php i
vi cc ch th l ch s hu ca cc i tng c yu cu m
thi. Loi chnh sch ny c dng cho cc h nhiu ngi s
dng v cc i tng c chia s cng c nhiu ch s hu.
Loi chnh sch th ba l chnh sch ginh u tin t do
cho mt vi ch th c bit nh ch s hu hay nh qun
tr... l chnh sch own/admin:
Own/admin: s S, o O, a A: allow (s,o,a) iff Own (s,o)
or Admin (s).
Trong chnh sch ny, cc ch th c th truy nhp ti
cc i tng m h l ch s hu, nhng ngoi ra, nh qun
tr h c th truy nhp i tng bt k.
Chng ta s a ra mt chnh sch na. l chnh sch
Dom hay chnh sch tri, trong cc ch th ch c php
truy nhp ti cc i tng khi m nhn an ton ca h tri hn
nhn an ton ca i tng :
Dom : s S, o O, a A : allow (s,o,a) iff Dominates
(label(s),label(o)).
Chnh sch Dom l mt minh ho v vic cc nhn an
ton c s dng nh mt c s cho nh hng an ton. y
l mt chnh sch c nhiu ng dng trn thc t. Trong cc
h thng MT phc tp, phn P thng rt cng knh v ko
di hng trang gii thch.
6.3. M hnh b mt Bell Lapadula (BLP)
6.3.1. Cc hnh mc.
Chng ta bt u bng vic m t k thut hnh
mc phi hnh thc. hnh ny dng m t m hnh
Bell - Lapadula( gi tt l m hnh BLP) v cc m hnh
khc trong chng ny.
Trong cc tho lun chng trc ta phn bit cn
thn gia cc mc an ton v cc nhn an ton (chng bao
185

hm cc hng mc an ton phi th bc).Ta cng phn bit


gia mi quan h tri( dominates) trn cc nhn an ton v
quan h > trn cc mc an ton. Tuy nhin, trong cc nghin
cu v an ton h MT, n gin cc tho lun ngi ta
thng b qua cu trc dn ca cc nhn an ton v thay th
chng bng th t ca cc mc an ton (tc l ta ch ch ti
thnh phn lev(x) ca nhn an ton x m thi ). S n gin
ho ny cho php nh gi cc m hnh an ton theo thut
ng cc mc an ton m khng xt n trng hp cc mc
an ton khng so snh c vi nhau( nh trng hp i vi hai
nhn an ton khng c nhn no tri hn nhau) .Thc t cho
thy, s n gin nh vy dn n s tng qut ho m
khng gy nh hng g ln ti bn cht ca cc m hnh an
ton. Do vy, chng ta s tho lun y m hnh BLP theo
cc mc an ton c xp th t da trn quan h > .
Chng ta s biu din m hnh BLP bng ci gi l cc
hnh mc. Chng gm mt s ng thng nm ngang v
mt nhm cc hnh trn v hnh vung nh. Cc ng thng
c th c coi nh l ng ranh gii gia cc mc an ton khc
nhau trong h thng cho (cc ng nm pha trn biu
din ranh gii gia cc mc an ton cao hn). Trong vng gia
hai ng thng, cc hnh trn biu din cc ch th, cn
cc hnh vung l cc i tng.

Hnh 6.4: hnh


mc

186

Trn hnh ny c hai ch th v mt di tng mc an


ton thp nht, c mt ch th v hai i tng mc trung,
c mt ch th v mt i tng nm mc an ton cao nht.
Cc thao tc v trn hnh l nhng cung hng t ch
th n i tng. Cc cung hng t mt ch th n mt
i tng c ghi ch write hoc read ch thao tc ghi hoc
c t ch th n i tng. Nhng cung lun xut pht
t ch th v mi tn ch hng n i tng. Hnh sau l
hai kiu thao tc c - ghi
write

read

write

Hnh 6.5: M t cc thao tc read v


write.
Lu rng, hnh trn v mt thao tc c t ch th
mc an ton cao xung mt i tng nm mc an ton thp
nht. N cng biu din mt thao tc ghi t mt ch th
mc trung ln mt i tng mc an ton cao nht v mt
thao tc ghi ca mt ch th n mt i tng cng mc
an ton thp nht.
Trn hnh mc, cc cung nh hng vi ng gch
ngang cho qua s biu din cc thao tc khng c php.
V d nh trong hnh biu din hai thao tc nh vy.

Write

Read

187

Hnh 6.6: Cc thao tc c v ghi khng


c php.
Cc thao tc c - ghi lm cho thng tin lu chy gia ch
th v i tng. Trong thao tc c, thng tin chy t i tng sang ch th, cn trong thao tc ghi, thng tin chy t
ch th n i tng. biu din dng thng tin ny, ta v
ng chm chm t cc ch th n cc i tng vi mi tn
ch chiu chy ca dng TT. Ch , trong thao tc c, cung
v biu din thao tc read s xut pht t ch th hng ti i
tng cn c, cn ng chm hm biu din lung TT s
xut pht t i tng v hng ti ch th nh trong hnh sau.
Cc dng thng tin trong thao tc ghi chy cng hng vi
cc cung biu din thao tc write (t ch th hng ti i tng). Lu rng, hnh sau biu din mt h thng cho php
c ln v ghi xung (tc l n ngc li vi hnh trn). Hai
hnh v ny ch l cc v d cho hnh mc m thi.

Write

Read

Hnh 6.7: Cc ng ch dng thng tin.


6.3.2. Cc quy tc ca m hnh BLP.
Nhn xt c bn ca Bell v Lapadula khi h a ra m
hnh ca mnh l: tt c cc ch th v cc i tng thuc
cc h thng MT ca Chnh ph M u c gn vi cc
nhn an ton t loi thp nht nh Khng phn loi cho n
loi cao nht l Tuyt mt (ging nh trong chng trc chng ta
188

bn ti). Hn na, khi lm vic cho d n do Chnh ph


M ti tr hai ng cn pht hin ra rng, ngn cn c s
r r thng tin n cc ch th khng u quyn th nhng
ch th c nhn an ton thp s khng c php c thng
tin t cc i tng c nhn an ton cao hn. Chnh iu ny
dn n quy tc th nht ca m hnh BLP.
6.3.2.1. Quy tc khng c ln (NRU- No read up).
Thuc tnh an ton n gin hay l quy tc khng c
ln (no read up - NRU) pht biu rng, mt ch th vi nhn an
ton xs ch c th c thng tin t i tng c nhn an ton
xo nu xs tri hn so vi xo (hay xs dominates xo ). iu ny c
ngha l nu mt ch th c cho php (clearance) l
Mt, c c thng tin t mt i tng c phn lp
(classification) l Tuyt mt trn mt h thng tun th quy
tc NRU th yu cu c s khng c cho php. Quy
tc NRU c minh ho mt cch n gin trong hnh sau.
Read
Read

Read

Hnh 6.8: Thuc tnh an ton n gin ( NRU ).


Trong khi xy dng m hnh ca mnh Bell v Lapadula
cn nhn xt thm rng, trong cc h thng ca Chnh ph
M, ngi ta khng cho php cc ch th ct gi hoc ghi ti
liu vo cc i tng c nhn an ton thp hn. V d, mt
ti liu Tuyt mt m c t vo mt ngn khng mt th
s xy ra s r r thng tin. Chnh iu ny dn n quy
tc
th
hai
ca
m
hnh BLP.

189

6.3.2.2. Quy tc khng ghi xung (NWD-No write


down).
Quy tc khng ghi xung (no write down-NWD) hay cn
gi l thuc tnh * (c l thuc tnh sao-Star property)
pht biu nh sau: Mt ch th c nhn an ton x s ch c th
ghi thng tin ln mt i tng c nhn an ton xo khi m xo
dominates xs .Bi vy, nu mt ch th c cho php
Tuyt mt c ghi thng tin ln mt i tng c phn loi Mt,
trn mt h thng tun th m hnh BLP th s khng c
cho php. Quy tc ny c m t phi chnh tc trong hnh
sau.

Write
Write

Write

Hnh 6.9: Quy tc khng ghi xung (NWD).


Lu rng, v cc ch th c th c cc nhn an ton khc
nhau nn mt ch th c nhn Tuyt mt c th ghi ln mt
i tng vi nhn Khng phn loi ch khi ch th c
gn nhn Khng phn loi (hoc thp hn). iu ny phc
tp hn v n khng ch i hi xem xt nhn AT ang c
hiu lc vo lc i hi mt thao tc, m n cn i hi cch
thc c th thay i nhn AT ang cn hiu lc.Ta s xc
nh khi nim thay i cc nhn an ton trong phn tho
lun v tnh n nh ca m hnh BLP di y.
6.3.3. Tnh n nh v m hnh BLP.
Ta thy trn, cc quy tc NRU v NWD ca m hnh
BLP h tr mt cch trc gic v cch ngn chn s r r
thng tin n nhng ni khng c php. Mt ch th no
190

c cho php Mt, mun xem TT c xp vo loi Ti


mt th quy tc NRU s ngn chn vic ny v TT Tuyt
mt nhy cm hn TT m ch th c php xem. Tng
t, nu ch th mun t TT Tuyt mt vo i tng khng
mt th quy tc NWD s ngn chn iu ny xy ra, v v
tr khng phi l ch lu TT nhy cm hn.
Chng ta thy rng, cc yu cu c, ghi u c thu
xp da trn cc nhn an ton ca ch th v i tng. Ngoi
ra, hu ht cc yu cu c, ghi trn mt h thng thc t
thng khng phi l t ng. Ngha l chng bao gm mt
dy cc thao tc c hoc khng c kh nng b ngt bi mt
hnh ng khc (ca h thng). Chng hn, cc yu cu in
mt tp tin c th bao gm mt dy cc lnh gi h thng v
cc chng trnh nhn (kernel) nh v tp, m n
c v sau l khi ng qu trnh in tp tin .
Nh vy, cc quy tc NRU v NWD ngm i hi nhng
thuc tnh no trong tt c cc truy nhp. c bit,
chng i hi cc nhn an ton ca cc ch th v cc i tng trong truy nhp mong mun no s khng b thay
i trong sut thi gian m qu trnh truy nhp vn cn
ang x l theo cch thc khi vi phm nhng chnh sch an
ton. Nu khng nh vy, c th xy ra trng hp sau: Mt ch
th mt i hi truy nhp c n mt i tng mt v
trong khi yu cu ang c x l nhn AT ca ch th li b
thay i (gim xung thp hn), v nh vy, ch th khng
cn xp loi mt na li c php truy nhp c n i tng mt. Ta thy, tnh n nh ca cc nhn an ton y
c vai tr rt quan trng.
Tnh n nh mnh :
Thuc tnh n nh mnh pht biu rng, cc nhn an
ton ca cc ch th v cc i tng khng bao gi c thay
i trong sut thi gian h thng hot ng.
Bng cch bo m iu kin ny trn h thng cho trc, c th d dng kt lun rng, vn vi phm quy tc
BLP m t trn s khng bao gi xut hin. Hn ch hin
191

nhin trong cc h thng c tnh n nh mnh l mc


linh hot trong cc thao tc b mt i.
Tnh n nh yu :
Thuc tnh n nh yu pht biu rng, cc nhn an
ton ca cc ch th v cc i tng khng bao gi c thay
i theo cch vi phm n mt chnh sch an ton.
Thuc tnh ny i hi cc ch th v i tng kim
ch khi cc hnh ng nht nh trong khong thi gian
khi cc nhn an ton ca chng b thay i. V d, c th
i hi nhn an ton ca mt i tng khng c thay
i khi mt ch th no ang s dng i tng . Tuy
nhin, nu mt thao tc xen vo lm thay i nhn an ton
m khng gy nn s vi phm quy tc (chng hn, ch th
c nng cp t Mt ln Tuyt mt trong khi c mt tp
Khng mt) th tnh n nh yu ny vn c tha nhn.
Ch rng, ta vn cn cha ni g v cch thc thay i
thc s cc nhn an ton. l do s thay i ca nhn an
ton l mt khi nim v thao tc v c x l khc nhau
trn hu ht cc h thng my tnh tun th quy tc BLP.
Trong cc tho lun tip theo ta s gi thit rng, cc nhn s
khng bao gi thay i tr khi c thng bo.
6.3.4. M t hnh thc m hnh BLP.
M t trn biu din cc quy tc ca m hnh BLP
dng phi chnh tc n gin v trc quan. c c s cho
vic phn tch cht ch hn, ta phi a ra mt tp cc hm
s gip m t cc quy tc NRU v NWD.
Ging nh trc y, ta s dng k hiu subject v object
ch tp cc ch th v tp cc i tng. Tp cc nhn an
ton s k hiu l labels, cn quan h dominates c xc
nh trn tp cc nhn an ton nh bnh thng. Dng cc k
hiu trn, ta c th pht biu quy tc NRU ca m hnh BLP
theo hm boolean allow nh sau:
NRU : s subjects, o objects
Allow (s,o,read) iff Dominates(label(s),label(o))

192

Cn ch rng, NRU xc nh mt cch n gin


nhng iu kin hm allow cho gi tr true. NRU s
khng xc nh iu kin mt qu trnh c xut hin
thc s. N ch xc nh iu kin khi qu trnh c c
th xut hin. Quy tc NWD o ngc mt cch n gin
quan h dominates gia hai nhn an ton nh sau :
NWD : s subjects, o objects
Allow (s,o,write) iff Dominates (label(o),label(s))
Cc nh ngha hnh thc ny xc nh nhng iu
kin ng m theo n, cc ch th s c php c hoc
ghi trn i tng. Chng cng lm r rng thm vic xc
nh ci g s xy ra di nhng iu kin nht nh ca
h thng. V d, cc hnh mc khng cho ta bit r rng
ci g s xy ra khi mt ch th c gng ng thi c v
ghi ln mt i tng. Khi dng cc quy tc hnh thc r rng
l, mt ch th c v ghi ng thi ln mt i tng
th c NRU v NWD u phi cho gi tr true. iu ny c
ngha l, cc nhn ca ch th v i tng phi bng nhau.
y l mt v d nh cho thy cc phng php chnh tc c
li th nh th no so vi cc phng php phi chnh tc.

193

Cu hi v bi tp phn 2
1.

Hy to v m t cc trng hp mt h thng MT b cc
tn cng c gy ra bi mi loi him ho (l tin, ton
vn v KTDV).

2.

Sng tc mt kch bn v h MT chu mt tn cng c


bao gm tt c
cc loi him ho gy ra cng mt
lc.

3.

Sng tc mt kch bn v mt li v trong h pht


trin gy ra bi tt c cc loi him ho (l tin, ton vn
v KTDV) cng mt lc.

4.

Hy ch r cc bng chng c th c s dng xc


lp rng c xut hin trong mt phn mm
no hoc trong s ci t vo cu trc h.

5.

Hy a ra cc tip cn (m bn bit) c th gip cc tin


ho kh nng tn cng c vo mt phn mm MT.

6.

Hy thc hin mt s phn tch thit k an ton h


thng i vi mt mi trng pht trin phn mm in
hnh c s dng h iu hnh ph bin hin c v cc
cng c tr gip lp trnh.

7. V li s thit k an ton h thng vi vng lin h ngc t bc phn loi v ci t bo v n bc nh


gi mo him thnh phn. Hy bnh lun xem iu
ny c nh hng nh th no n qu trnh thit k an
ton h thng.
8.

Hy xc nh tp cc mc an ton v cc hng mc an
ton c ngha cho cng tc tuyn dng hoc thi
tuyn.

9.

Lit k tp cc nhn an ton t cc mc v cc hng mc


xc nh trong bi tp 8.

194

10.

Hy xy dng mt biu thc ton hc m t s nhn AT


l mt hm ca s mc v s hng mc.

11. Hy ch ra rng quan h tri trn tp cc nhn an ton


qun s c tnh phn x, bt i xng v bc cu.
12. Hy a ra cc v d t cc mi trng phi qun s v phi
tnh ton m h tr hai quy tc ca m hnh BLP.
13. To ra mt v d v bi cnh trong mt mi trng pht
trin phn mm h tr hai quy tc BLP.
14.

Biu din m hnh BLP (c 2 quy tc) theo quy tc


dng thng tin nh hng n gin. Ch ra rng, quy
tc mi ny gi c phn ch o ca c hai quy tc
BLP.

15. Hy gii thch cch gii quyt ca cc quy tc BLP vi cc


truy nhp c,ghi ca mt ch th ln mt i tng m
phn loi ca n khng lin quan vi s phn cp ca ch
th gi n.
16.

Hy nhn xt v phm vi ca cc h thng tun th m


hnh BLP i vi trng hp cc ch th mc thp thay
i hoc ph hoi cc i tng mc cao.

17. Bn hy m rng kiu quy tc (n c th rng buc cc


kiu thay i nhn an ton) trong h thng c tnh n
nh yu.
18. Hy trnh by vn tt m hnh ma trn quyn HRU v
phn tch vn chuyn quyn trong m hnh .
M hnh HRU c an ton khng?
19. Trnh by nhng vn tng t nh bi tp 18 i vi
m hnh Take-Grant.
20.

Phn tch s khc nhau c bn gia m hnh BLP v


cc m hnh HRU, Take-Grant.

195

Phn ba
Cc tiu ch an ton thng tin
Chng 7
Cc tiu ch v cc lp an ton
7.1. Cc khi nim c bn
7.1.1. S cn thit ca cc tiu ch ATTT hin i.
hiu c vn , trc tin chng ta phi bit nh gi
ATTT l g ? nh gi ATTT hiu theo ngha rng nht l qu
trnh nh gi mc an ton ca thng tin cn c bo
v di 03 yu cu chnh l: (i) Tnh b mt; (ii) Tnh ton
vn v (iii) Tnh sn sng hot ng.
ATTT lun c gn vi cc phng tin x l, lu gi v
truyn tin. Trc kia cc phng tin nh vy thng n gin,
th s v khng c t ng ho hot ng. Chnh v vy
m nh gi ATTT thng t ph thuc vo cc phng tin x
l thng tin m ch yu ph thuc vo c ch x l
thng tin.
Ngy nay cc phng tin nh vy ch yu l cc phng
tin CNTT. Cc phng tin CNTT c pht trin ngy cng
nhiu v s lng, a dng v phc tp v chc nng hot
ng. Nhng phng tin nh vy c th l phn mm, phn
cng hay mm cng kt hp hoc nhng c ch bo v
kim sot hot ng thng tin no .
Khi ngi ta s dng cc phng tin CNTT trong cc hot
ng thng tin ca mnh th ngoi vic cc phng tin
CNTT cn m bo cc chc nng ca mnh, chng cn c
yu cu m bo cc chc nng v ATTT t ra cho chng.
Ngi s dng hay ngi sn xut ra cc phng tin CNTT
chc chn cn phi t t ra cho mnh l phng tin hay
sn phm CNTT m mnh ch to hay s dng c an ton
thc s hay khng ? Nu sn phm khng m bo c mc
ATTT th khi em s dng s c th mang li nhng tn
196

tht v tnh hay hu ln khng g b p ni cho thng


tin lu hnh trong chng.
Mun bit sn phm CNTT c m bo mc ATTT
mong mun hay khng th phi thng qua nh gi ATTT.
Khng c nh gi ATTT th khng c cch no khc c lng
chnh xc mc ATTT ca sn phm CNTT em s dng.
Chng ta s thy tnh cp thit ca nh gi ATTT v
nhng thc t sau y: (i) Qu trnh ton cu ho ko theo
vic s dng CNTT v Internet cng pht trin trn phm vi
ton cu do vy m ATTT khng ch l nhim v ca mi
quc gia m l nhim v chung; (ii) T khi my tnh ra i v
nht l t khi mng my tnh ra i v i vo hot ng th
chng pht trin vi tc v bo ko theo cc sn phm
CNTT tng ln gp bi v phc tp ho cao v chc nng lm
cho m bo ATTT tr nn kh khn gp bi v cng kh
khn hn cho nh gi ATTT; (iii) Trong x hi CNTT c s
dng rng khp v trong nhiu lnh vc hot ng nn e
do ATTT ngy cng tng v s lng v mc tinh vi cc v
tnh v hu c th gy ra nhng thit hi ln hn rt
nhiu so vi trc y lm cho nhim v ATTT tr nn quan
trng sng cn hn bao gi ht; (iv) n lc ngi ta khng
th chp nhn sn phm CNTT em ra s dng m khng c m bo ATTT ngay t khu thit k ch to nh trc y
na. ATTT phi c t ngay khi thit k sn phm CNTT v
phi c duy tr kim sot trong sut qung i hot ng
ca sn phm cho ti khi chng khng cn c lu hnh s
dng na mi thi.
nh gi ATTT chnh v vy m gn lin vi phn tch,
thit k sn phm CNTT v php lut ATTT to thnh mt b
ba tng th ATTT nhm bo v thng tin t mc cao
nht c th c.
Mt d n thit lp HT no hoc mt thit k HT an
ton nht nh ch c th i ti thnh cng khi m cc
thnh vin tham gia ca n hiu r rng h mun thu c
nhng g kt qu cui cng. Ch c s nm vng mc
197

ch mi cho php chn c con ng tt nht t c


n. Cho nn trc khi bt tay vo thit lp mt HT ATTT (h AT
HAT) cn phi tr li r rng cu hi: Th no l mt h an
ton ? Cn phi c mt nh ngha c tnh cu trc khi
nim ny, trn c s a ra cc nguyn l v hot
ng ca HAT v tm c cng ngh thit lp n.
Nh chng ta thy cc chng trc, an ton l mt
c trng nh tnh ca HT, khng th o n trong cc
n v no , thm ch kh c th so snh vi kt qu duy
nht an ton ca hai h khc nhau, m mt h BVTT tt hn
trong trng hp ny, cn h kia trong trng hp khc. Mt
khc, ngy nay CNTT pht trin rt nhanh chng. Cc sn
phm CNTT rt a dng, rt ph bin, nhiu chng loi lm
tng kh nng la chn cho cc nh thit k, cc chuyn gia
trong lnh vc ATTT. Cc sn phm khc nhau, cc la chn
khc nhau v do cc quan im v ATTT cng rt khc
nhau. Tt nhin, kin no cng c quyn tn ti v pht
trin, nhng tp trung n lc ca tt c cc chuyn gia vo
mt hng trong thit lp HAT th rt cn phi thng nht
nh ngha, mc ch cng nhau chn con ng t
c cc mc tiu ra.
tr li cho cc cu hi v ng thun v i ti
thng nht tt c cc quan im v vn thit lp cc
HAT, ngi ta son tho v tip tc a ra cc chun
(standards) v ATTT. Cc chun ATTT l cc ti liu quy ch
ho cc khi nim c bn v cc quan nim v ATTT pham
vi quc gia v quc t. Chnh cc chun ny xc nh khi
nim h an ton nh tiu chun ho cc i hi v cc
tiu ch an ton. Cc tiu ch an ton ny to thnh thang
nh gi mc an ton ca h thng.
Nh vy by gi c th tr li cho cu hi nu trn nh
sau: H x l TT an ton - l h p ng c cc tiu
chun v ATTT. Tt nhin khng hn l n gin nh vy.
l c trng tng i, n ph thuc vo cc tiu ch v cc
i hi, theo m an ton ca HT c nh gi, nhng
198

y c mt iu quan trng l tnh khch quan. Cc tiu


chun l khch quan, v n cho php so snh mc ATTT
ca cc h khc nhau i vi mt tiu chun c chp
nhn.
7.1.2. Cc khi nim c bn v cc nh ngha.
Trc khi nghin cu ni dung ca cc tiu chun ATTT
chng ta cn lm quen vi mt s thut ng v nh ngha.
Chnh sch an ton (Security Policy): Tp hp cc iu
lut, cc quy nh bo m s bo v c hiu qu cc HT
x l TT chng li cc him ho ATTT.
M hnh an ton (Security Model): l cc biu din
hnh thc ca chnh sch an ton.
Kim sot truy nhp tu chn (Discretionary Access
Control DAC): l s iu khin truy nhp da trn tp
cc iu lut cho php truy nhp c xc nh trc bi nh
qun tr. V d, di dng ma trn quyn (ch th, i tng,
truy nhp).
Kim sot truy nhp bt buc (chun) (Mandatory
Access Control MAC): l iu khin truy nhp da trn
cc iu lut cho php truy nhp, c xc nh nh tp cc
nhn an ton ca cc ch th v cc i tng, v d, ph
thuc vo mt ca TT v mc cho php ca khch hng.
Nhn an ton hay c s tnh ton tin cy (Trusted
Computing Base TCB): l tp hp cc thnh t my mc,
thit b, chng trnh thc hin s bo v v bo m an
ton HT.
Nhn dng (Indentification): Qu trnh nhn bit cc
thc th bng cch gn cho chng cc du hiu ring (cc
c ch).
Xc thc (Authentification): Qu trnh kim tra tnh
chn thc ca cc c ch ca cc thc th bng cc phng php khc nhau (ch yu l bng mt m).

199

Tnh m bo (Assurance ph hp). l ch s mc


an ton c m bo trn thc t, n phn nh tnh hiu
qu v tin cy ca cc sn phm bo v c ci t v
s p ng ca chng vi cc nhim v t ra (trong a s
trng hp y l nhim v thc hin cc CSAT).
Phn tch nh gi, nh gi mc an ton, nh
gi ATTT (Information Security Evaluation). l s phn tch
mt HT TT VT vi mc ch xc nh mc an ton (
bo v) v mc p ng ca n i vi cc i hi ATTT
trn c s cc tiu ch ca mt chun ATTT c th. l qu
trnh kim chun mt HT. nh gi mc ATTT l khu
cui ca chu trnh cng ngh thit lp HT ATTT, hon tt cc
th tc kim chun v n kt thc bng vic gn cho HT mt
lp AT ny hoc lp AT kia hay mc AT ny hoc mc AT khc.
Cc chuyn gia lm vic trong lnh vc phn tch nh gi
ATTT gi l cc chuyn gia kim chun ATTT.
Phn loi hc Php phn loi (Taxonomy). Mn khoa
hc v s h thng ho v phn loi cc i tng phc tp v
t chc v cc hin tng c cu trc th bc.
ng dn tin cy (Trusted Path). l nguyn tc t
chc tng tc thng tin (gia khch hng v h thng) bo
m rng, TT c trao i khng b mt trn ng hoc
khng b xuyn tc.
Sn phm CNTT (Information Technology Product) l mt
s kt hp phn cng, phn mm v phn sn cung cp mt
chc nng c thit k s dng hay kt hp s dng
trong h thng CNTT.
Sn phm CNTT c th l mt sn phm n hay nhiu
sn phm c cu hnh li nh mt h thng CNTT, mng my
tnh hay mt gii php nhm tho mn nhng yu cu ca
ngi s dng.
Chnh v vy m vic kim nh xy ra trong phng
tin kim nh hay ti pha ngi s dng trong nhng iu
kin ca cc phng th nghim ch tuyt nhin khng phi
200

xy ra trong mi trng vn hnh thc t. nh gi ATTT ca


sn phm CNTT phi tnh n vic kim nh sn phm
CNTT trong mi trng vn hnh thc t ca sn phm.
Cc tiu ch nh gi an ton CNTT (Information
Technology Security Evaluation Criteria ITSEC). l nhng
yu cu an ton ca sn phm CNTT di hai phm tr c th l
nhng yu cu chc nng v nhng yu cu m bo.
Nhng yu cu chc nng xc nh hnh vi an ton mong
mun. Nhng yu cu m bo l c s cho vic t c s
tin chc rng nhng o an ton tuyn b c hiu lc v
c ci t ng n.
Mc m bo nh gi (Evaluation Assurance Level
EAL) l mt tp hp cc thnh phn chc nng hoc m bo
c kt hp li tho m mt tp hp con cc mc tiu an
ton xc nh. Mc m bo nh gi thng c gn cho
sn phm CNTT sau qu trnh nh gi ATTT. Ngi s dng s
da vo cc mc m bo nh gi ny bit sn phm
CNTT m mnh em s dng an ton n mc no.
H s bo v (Protection Profile PP) ca mt chng loi
sn phm CNTT l ti liu hnh thc c xc nh trong h
thng tiu ch nh gi ATTT phn nh mt tp hp khng ph
thuc vo ci t ca nhng yu cu an ton i vi sn
phm CNTT p ng nhng yu cu c th ca ngi s dng
hoc nhng t hp hon chnh ca nhng mc tiu an ton
v nhng yu cu chc nng v m bo vi c s hp l c
kt hp.
i tng nh gi (Target of Evaluation TOE) gm c
chnh bn thn sn phm CNTT v ti liu hng dn ngi s
dng v ngi qun tr gn kt vi n phc v cho vic nh
gi.
i tng an ton (Security Target ST) l t hp hon
chnh ca nhng mc tiu an ton, nhng yu cu chc nng
v m bo, nhng c t vn tt v c s hp l c s
dng lm c s nh gi i tng c ch ra.
201

7.2. Cc him ho ATTT v cc tip cn tri php.


7.2.1. Cc him ho c bn.
Nh trn nu r, ngi ta chia cc him ho ATTT ra lm
3 loi: Him ho ph v tnh b mt ca TT c x l; him
ho ph v tnh ton vn ca TT c x l; him ho ph v
kh nng lm vic ca HT (khc t dch v).
Him ho ph v tnh b mt ( him ho l tin) hng ti
vic gii mt TT, tc l TT c cung cp cho ngi s dng m
ngi khng c quyn tip cn ti n.
i khi ch r hin tng ny, ngi ta dng khi nim
Tip cn tri php TCTP. Nh vy TCTP l tn cng ph v
tnh b mt ca TT ang c x l trong HT. Vic m bo
an ton cho mt HT trc tin l vic phi ngn chn c cc
TCTP ny. cng l nhim v c bn ca cc chnh sch an
ton ca mi HT.
Him ho ph v tnh ton vn TT l bt k s xuyn tc
hoc s thay i bt hp php no i vi TT ang c lu
gi hoc lu chuyn trong HT. Ton vn TT c th b ph v
bi k ph hoi, cng nh do tc ng ca cc hin tng t
nhin khch quan ca mi trng khai thc HT. Him ho loi
ny ni ln c bit i vi cc HT truyn TT nh cc mng
my tnh v cc HT vin thng.
Him ho khc t dch v (ph v kh nng lm vic) ca
HT hng ti vic to ra cc tnh hung, khi m do kt qu ca
nhng hnh ng c trc, cc ti nguyn ca HT tr nn
khng tip cn c hoc hiu sut lm vic gim st ng
k.
Mc ch ca BVTT trong HT l chng li cc him ho
ATTT. Cho nn HAT phi l HT c trang b cc thit b bo
v chng li c hiu qu cc him ho AT.
7.2.2. M hnh k ph hoi.
Chng ta thy, cc him ho ATTT rt a dng v nguyn
nhn gy ra cc him ho cng rt khc nhau. Nhng d bng
202

cch ny hay cch khc th nguyn nhn su xa nht ca


tt c cc him ho ATTT vn l con ngi k ph hoi (k xu,
tin tc, k sn lng ). Cho nn ngi bo v phi thy c
nguy c tn ti k ph hoi v nm c khi nim ny. Rt
thng dng m hnh k ph hoi sau y: K ph hoi l mt
ch th (subject) c tip cn ti cng vic ca cc thit b
trong HT hoc cc phng tin tnh ton v l mt chuyn gia
trnh cao hiu bit tt c v HT k c cc thit b bo
v n. nu ra c cc yu cu v tiu ch an ton ngi ta
c th phn loi k ph hoi theo mc cc kh nng ca
n. Cng lm r c s tn cng hnh ng v kh nng
chuyn nghip ca k ph hoi, cng gip ch cho ngi bo v
ra c cc bin php phng ph hp v hiu qu.
7.3. Vai tr ca cc chun ATTT.
7.3.1. Vai tr phi hp hnh ng.
Vai tr c bn ca cc chun ATTT l to lp c s cho s
phi hp hnh ng gia cc nh sn xut, cc khch hng
(nh tiu dng) v cc chuyn gia kim chun trong qu trnh
xy dng cc h thng CNTT an ton t cc sn phm ca
CNTT. Mi nhm ngi ny u c cch xem xt ca mnh v
vn ATTT.
V pha khch hng, trc tin h quan tm n phng
php cho php la chn ng sn phm p ng nhu cu
ca h v gii quyt tt vn m h t ra. lm iu
h cn mt thang nh gi v ATTT. Th hai, h cn phi
c mt cng c m nh n h c th pht biu cc yu cu
ca mnh i vi nh sn xut. y h ch quan tm c
bn n cc i lng v tnh cht k thut ca sn phm
cui cng (ch khng phi l cc phng php t c
iu ). T gc th thang nh gi AT l tng cho
h c th, v d l:
Mc 1: H thng x l TT vi mt khng cao hn
mt

203

Mc 2: H thng x l TT vi mt khng cao hn ti


mt

Cn cc yu cu th khch hng mong mun pht biu


dng d hiu nht, v d nh: chng ti mun rng, khi x l
cc thng tin ti mt th tt c phi c bo v an ton.
D y l mt tip cn khng cu trc nhng li l t nhin,
v khch hng khng hiu rng, cc yu cu v ATTT thng
mu thun vi cc yu cu chc nng ca mt HT (nh thun
tin s dng, hiu sut v thi gian), v chng thng hn
ch cc nh sn sut rt nhiu v phi t b la chn cc
sn phm thng dng nht (nh chng trnh ng dng chng
hn)
Cc nh sn xut cng cn phi c cc tiu chun. l
phng tin so snh cc kh nng ca cc sn phm ca
h. cng l sau ny p dng trong qu trnh kim
chun nh mt c ch nh gi khch quan cc sn phm .
Cc nh sn xut cng cn tiu chun ATTT cho chnh vic
tiu chun ho mt nhm nht nh cc yu cu an ton vi
mi loi sn phm c th gip cho cc khch hng d
tm c (v hiu c) cc sn phm ph hp vi h. T gc
ca nh sn xut, th cc yu cu v ATTT phi c c th
ho ti a v phi quy nh r vic ng dng cc thit b,
cc c ch, cc thut tonNhng y l iu khng phi
lc no cng lm c v cng ngy cng kh thc hin v s
pht trin nhanh chng ca CNTT v nhu cu v bo v ATTT
ngy cng a dng v cp bch.
Cc chuyn gia v nh gi v kim chun coi cc chun
ATTT l mt cng c cho php h c th nh gi mc an
ton c bo m bi cc sn phm CNTT; cng nh h
c th cung cp cho cc khch hng kh nng la chn c c
s sn phm m h mong mun. Nh sn xut khi c kt
qu nh gi mc an ton (loi an ton) nhn c t cc chuyn
gia kim chun mt nh gi khch quan v cc kh nng ca
sn phm ca h. T gc ca mnh, cc chuyn gia kim
204

chun vo v tr kh c bit: mt mt, ging nh nh sn


xut, h cn c cc tiu ch r rng v n gin p dng
vo cc sn phm c th (n gin hn c l dng cc cu
tr li No/Yes); mt khc, h phi p ng mt cch c c s
(chu o) cc cu hi ca khch hng rng sn phm ny c
tho mn nhu cu hay khng. Suy cho cng, chnh h (cc
chuyn gia kim chun) l ngi chu trch nhim v s an
ton ca mt sn phm nhn c nh gi (mc ATTT) v
i qua c s kim chun.
7.3.2. Cc yu cu, cc tiu ch v phn loi an ton.
Mi b tiu chun ATTT (ca mi nc) thng c cu trc c
bn nh sau: B tiu chun gm nhiu lun im ln. Cc lun
im cha cc yu cu c bn. Cc yu cu thng gm: cc
yu cu v chc nng i vi hot ng hoc c ch bo v
ca HT v cc yu cu v m bo (cht lng k thut) an
ton TT. Cc yu cu v ATTT l c s (nh hng) a ra
cc tiu ch c th (v cht lng, v k thut). Cc tiu ch
ATTT to thnh mt thang hon chnh nh gi v mc
bo m ATTT ca sn phm. Cc tiu ch to thnh cc
nhm c bn (xung quanh cc yu cu ni trn) phc v cho
vic nh gi phn loi (phn lp) cc sn phm v mt
m bo ATTT.
Nh vy vic nh gi ATTT chnh l s kim chun i
vi mt thit b hay mt HT c th. Cng vic c kt
thc bng gn cho sn phm mt loi (lp, mc) an ton c
th.
Chnh cc tiu ch ATTT gi nhim v phi hp cc quan
im khc nhau ca ngi sn xut, khch hng v cc chuyn
gia kim chun trong vic thit k, xy dng mt HT ATTT.
S cn thit cc tiu chun ATTT hnh thnh t rt lu
(cng vi s ra i v pht trin ca cc sn phm CNTT v
my tnh in t). V trong lnh vc ny t c s tin
b ng k. Mt th h mi cc tiu chun ATTT ra i v
khng nh v tr ca mnh vo nhng nm 90 ca th k
trc. l Tiu ch an ton cc h thng my tnh ca B
205

quc phng M; Cc ti liu hng dn GTK ca Nga; Cc


tiu chun ATTT ca chu u; Cc tiu chun ATTT lin bang
ca M; Cc tiu ch ATTT ca Canada v H tiu ch
ATTT chung. Chng ta s ln lt lm quen vi cc ti liu trn
trong chng sau.
7.3.3. S lc lch s pht trin ca cc tiu chun ATTT.
Nh chng ta bit giai on ny ko di t khi CNTT ra
i cho ti trc khi ra i h thng tiu ch an ton CNTT
u tin vo nm 1983. Trc y ngi ta nhm tng rng an
ton my tnh v an ton mng l hai phn ca ATTT hin
i t khi mng Internet ra i vo nhng nm 60 ca th k
trc. Nhng thc t an ton my tnh hay COMPUSEC ra i t
khi cc my tnh ra i vo nm 1946.
Trong giai on ny tuy c nhu cu v nh gi ATTT nhng nhu cu ch nhm ti cc HT CNTT ch cha phi l cc sn
phm CNTT. Hn na nhu cu nh gi ch xut hin ch
yu i vi cc chnh ph nhm vo lnh vc quc phng v
an ninh quc gia ch khng phi l cc hng hay cc t chc
v c nhn nhm vo lnh vc thng tin kinh t x hi.
Giai on ny cng l giai on manh nha xut hin cc
ti liu hng dn v an ton my tnh, tin thn ca h
thng
tiu
ch
nh
gi
ATTT
sau ny.
Thng 01/1973 B quc phng M cho xut bn Sch hng
dn an ton my tnh Cc k thut v cc quy trnh ci
t, kh hot, kim nh v nh gi ti nguyn chia s cc
h thng x l s liu ng (ADP Computer Security Manual
Techniques and Procedures for Implementing, Deactivating,
Testing and Evaluating Secure Resoure Sharing ADP systems).
Thng 06/1979 B quc phng M cho xut bn hai sch
hng dn ny vi ln chnh l u tin (ADP Computer
Security Manual Techniques and Procedures for
Implementing, Deactivating, Testing and Evaluating Secure
Resoure Sharing ADP systems, with 1st Amendent).

206

y c th coi l nhng ti liu tin thn ca cc h


thng tiu ch nh gi ATTT. Chng d bo tnh cp thit v
kh nng chn mui ca nhng h thng tiu ch nh gi
ATTT vn nng s ra i trong nay mai khng xa.
H thng tiu ch nh gi an ton CNTT u tin ca
nhn loi ra i vo thng 08/1983 bi B quc phng M vi
tn ting Anh l US Trusted Computer System Evaluation
Criteria (TCSEC) hay cn gi l Sch da cam (Orange Book)
gi theo mu ca ba ngoi cun sch ny.
Tuy nhin ngi ta quen coi Sch da cam ra i vo thng
12/1985 tng ng vi ti bn ln th hai ca n. Cc tiu ch
c xc nh trong TCSEC trc tin quan tm n cc h
thng tin cy x l d liu t ng v thng mi hin hnh.
Cc tiu ch cp cc c tnh an ton v cc bin php
m bo ti thiu c yu cu gn kt vi mi trong cc
c t an ton khc nhau. Cc yu cu ca c tnh nhm
ti cc h thng x l TT da trn cc h iu hnh mc
ch chung. Cn cc yu cu c tnh an ton cng c th
p dng cho cc HT vi mi trng c bit nh l cc b x l
hay cc my tnh kim sot qu trnh lin lc. Ring cc yu
cu m bo c p dng cho tt c cc dng cc mi trng
v cc HT tnh ton.
H thng tiu ch an ton CNTT th hin r n lc ca
cng ng chu u ra i vo thng 06/1991 vi phin bn
1.2 vi tn ting Anh l Information Technology Security
Evaluation Criteria (ITSEC).
Nhng quc gia ng gp chnh l:
Php vi ti liu Catalogue de Critres Destins valuer
le Degr de Confiance des Systmes dinformation (SCSSI
1989).
Anh vi 3 ti liu chnh ph v thng mi: (i) UK
Systems Security Confidence Levels (CESG 1989); (ii) DTI
Commercial Computer Security Centre Evaluation Manual (DTI
1989-1); (iii) DTI Commercial Computer Security Centre
Functionality Manual (DTI 1989-2).
207

c vi ti liu IT Security Criteria (ZSIEC) (GISA 1989)


H Lan cng c ng gp cho ITSEC.
Tin thn ca ITSEC phi k n TCSEC. TCSEC nh
hng ti tt c cc ti liu nu trn y.
ITSEC nhm n nhu cu cn thit ca c cc sn phm
an ton thng mi v an ton chnh ph. ITSEC nhm n
s m rng ca TCSEC vi nhng mc nh gi chuyn i
c sang cc mc nh gi ca TCSEC.
H thng tiu ch an ton CNTT ca ring Canada ra i
vo thng 01/1993 phin bn 3.0 vi tn ting Anh l The
Canadian Trusted Computer Product Evaluation Criteria
(CTCPEC).
CTCPEC nh gi tnh hiu qu ca cc dch v an ton
ca sn phm. Cc tiu ch ny c thit k cho chnh ph
s dng m khng nhm n nh hng ln mnh ca cc
sn phm thng mi.
Cc tiu ch lin bang l s cp nht ca TCSEC hay Sch
da cam ra i vo thng 12/1992 vi tn ting Anh l The
Federal Criteria for Information Technology (FC) nhm tr
thnh chun an ton quc gia ca M bo v s u t hin
hnh trong cng ngh an ton, ci tin qu trnh nh gi
an ton ang tn ti, d kin i vi nhng cn thit thay
i ca khch hng v thc y s ho hp quc t trong
nh gi an ton CNTT. Mc d vy n vn c nhng li xy
ra. Sau mt s ln sa i t s xut bn u tin ca FC
c chp nhn bi cng ng an ton.
Trong nm 1992 U ban k thut nh nc (GTK) trc thuc
tng thng Lin bang Nga xut bn 5 ti liu hng dn
dnh cho cc vn bo v chng truy cp tri php ti
thng tin. y chnh l nhng ti liu chun an ton CNTT
ca Lin bang Nga.
Ngoi chu u, Bc M ra, chun an ton CNTT cn pht
trin ti Nam Thi Bnh Dng (Australia v New Zealand)

208

nm 1994 v ng (Nht Bn nm 1992 v Hn Quc nm


1998)
Nhu cu v mt h thng tiu ch thng nht v tin tin
n. Qu trnh ny bt u t nm 1993 m vo thng
05/1995 vn ang cn trong giai on pht trin. Thng
01/1996 phin bn d tho 1.0 c pht hnh. T n
thng 10/1997 ph bnh gp cng khai v nh gi th.
Thng 10/1997 phin bn d tho Beta 2.0 c pht hnh.
Thng 05/1998 phin bn 2.0 c pht hnh. V cho n
thng 12/1999 th CC chnh thc pht hnh vi tn gi l
ISO/IEC 15408 vi tn y ting Anh l Information
Technology Security Techniques Evaluation Criteria for IT
Security.
T n nay xu hng thng nht v hon thin h
thng tiu ch nh gi ATTT l xu hng tt yu v nhiu n
lc pht trin c tp trung rt hiu qu. Tuy nhin s
hon thin v y vn cn l ci ch cn phn u
ch cha phi l mc tiu hon thnh.

209

Chng 8
Cc Chun An Ton Thng tin ca mt s nc
8.1. S lc lch s v chun ATTT mt s nc.
8.1.1. Sch Da cam ca b quc phng M (TCSEC
1983).
8.1.1.1. Mc ch ban hnh.
Cc tiu ch an ton h thng my tnh (Trusted
Computer System Evaluation Criteria), cn c tn gi ni
ting l sch Da cam c cng b vo nm 1983 bi B
quc phng M. Mc ch ca n l xc nh cc yu cu an
ton i vi cc thit b v bo m chng trnh (phn
mm) ca cc h thng my tnh; v a ra phng php v
cng ngh tng ng cho vic phn tch nh gi mc
m bo chnh sch an ton trong h thng my tnh ca
B quc phng M.
Trong ti liu ny, ln u tin a ra cc khi nim nh
chnh sch an ton, TCB, v.v Theo sch Da cam, H my
tnh an ton (HAT) l h thng duy tr s qun l tip cn ti
cc TT c x l trong sao cho, ch c cc khch hng c
u quyn (thng qua xc thc v nhn dng) hoc cc qu
trnh thay mt h mi c th c kh nng c, ghi, cp nht
v ly TT ra. Chnh trong sch Da cam ny, cc thut ng v
cc quan nim v bo v, tp hp cc yu cu v chc nng
ln u tin c a ra. Chng l c s hnh thnh tt
c cc tiu chun ATTT sau ny.
8.1.1.2. Phn loi cc yu cu v cc tiu ch ca
sch Da cam.
Trong sch Da cam a ra 3 loi yu cu an ton ln: chnh
sch an ton, kim ton (audit) v tnh m bo
210

(assurance). Trong khun kh 3 yu cu ln ny hnh thnh 6


yu cu an ton c bn. 4 yu cu u tin trc tip hng ti
vic m bo ATTT, cn 2 yu cu sau ni v cht lng ca
chnh cc thit b bo v. Chng ta xem xt chi tit hn cc
yu cu .
a)Yu cu ln v CSAT (Security Policy).
CSAT gm 2 yu cu c bn.
Yu cu 1: CSAT. H thng phi duy tr chnh xc mt
CSAT nht nh. Kh nng cc ch th truy nhp ti
cc i tng phi c quyt nh trn c s nhn dng
v tp hp cc iu lut qun l truy nhp. nhng
ch cn thit phi s dng chnh sch MAC, cho php
kim sot c hiu qu tip cn ti cc TT nhy cm
(dng ti mt, tuyt mt ).
Yu cu 2: Nhn (Labels). Cc nhn an ton phi c gn
cho cc i tng, v phi c s dng nh cc du hiu
cho kim sot truy nhp. thc hin MAC h thng
phi m bo kh nng gn cho mi i tng mt nhn
hoc nhm cc du hiu xc nh mt ca i tng v/hoc ch truy nhp ti i tng .
b)
Yu cu ln v kim ton (Audit).
Audit gm 2 yu cu c bn.
Yu cu 3: Nhn dng v xc thc (Indentification and
Authentification). Tt c cc ch th u phi c cc
c ch ring (indentification). Vic kim sot truy
nhp phi c thc hin trn c s nhn dng v xc
thc cc ch th v i tng truy nhp v cc iu
lut kim sot truy nhp. Cc d liu dng cho xc thc
v nhn dng phi c bo v khi cc tip cn tri
php, cc xuyn tc v hu hoi v chng phi c gn
vi tt c cc thnh t tch cc ca HT my tnh m
hot ng ca cc thnh t ny c tnh ti hn t gc
an ton.
Yu cu 4: ng k v kim ton (Registration & Audit).
xc nh mc trch nhim ca cc khch hng
211

v hnh ng ca h trong HT, tt c cc s kin din


ra trong HT m c ngha t gc an ton u
phi c theo di v ng k vo trong mt s sch
c bo v (gi l vt kim ton). H thng ng k
phi thc hin vic phn tch t lung cc s kin
chn tch ra nhng s kin c nh hng n an ton
gim bt kch thc s ghi (bn ghi kim ton). Bn
ghi kim ton cn phi c bo v chng tip cn tri
php, xuyn tc v hu hoi.
c) Yu cu ln v tnh m bo (Assurance).
Tnh m bo assurance gm 2 yu cu c bn.
Yu cu 5: Kim sot s m bo cho hot ng ca
cc thit b bo v. Cc thit b bo v phi cha cc
phn cng hoc phn mm c lp, bo m cho
kh nng lm vic ca chc nng bo v. iu ny c
ngha l, tt c cc thit b bo v, bo m CSAT,
qun l nhn an ton, nhn dng v xc thc, ng k
v kim ton u phi c t di s kim sot ca
cc thit b kim tra s hot ng chnh xc ca
chng. Nguyn tc kim sot s m bo l ch cc
thit b kim sot phi hon ton c lp vi cc thit
b bo v.
Yu cu 6: Bo v lin tc. Tt c cc thit b bo v
(k c cc thit b thc hin yu cu ny) u phi
c bo v chng s can thip bt hp php v hoc
ngt dng. S bo v ny phi l thng xuyn v lin
tc trong mi ch hot ng ca h bo v v HT
my tnh ni chung. Yu cu ny c p dng cho ton
b chu k sng ca HT. Ngoi ra, vic thc hin yu
cu ny l mt trong nhng yu t then cht chng
minh cho s an ton ca HT.
d) Phn loi cc tiu ch an ton.
Cc tiu ch trong Sch Da cam l s c th ho ca 6
yu cu c bn v tng qut nu trn. Cc tiu ch lm thnh
mt thang thng nht nh gi s an ton ca HT my tnh.
212

Chng c chia thnh 7 lp (loi) v cc lp ny to thnh 4


nhm tng ng vi an ton khc nhau: t an ton cc
tiu (nhm D) n an ton chng minh hnh thc c
(nhm A). C th tm tt s phn loi cc tiu ch an ton
trong s sau y:
Cc tiu ch an ton ca Sch
Da cam
CSAT
DAC
Dng
nhiu ln
cc i t
ng
Nhn AT
Ton vn
nhn AT

Kim ton

m bo

Nhn
dng
v
xcTthc
ng tc

m
bo
chc nng
Cu trc
HT
Ton vn
HT
Phn tch
cc knh
ngm
Ngh
quyt

trc tip
vi TCB

ng k
v kim
ton
s
cc
kin

Ti liu i
km

Hng
dn
khch hng
Hng dn nh
qun tr AT
Ti liu ho
qu
trnh
kim th
Ti liu ho
qu
trnh
thit k

Bo
m
thit k

Xut cc TT c
nh du
Nhn quyn cc ch
th
Nhn cc thit
b

Th nghim
AT
Thit k v
kim
tra
c ch
Qun l cu
hnh
Phn nh chi
tit

MAC

8.1.1.3. Cc lp an ton ca H thng my tnh.


Nh ni trn, Sch Da cam a ra 4 nhm tiu ch tng ng vi cc mc an ton t thp nht (D) n cao
nht (A). Mi nhm (A, B, C, D) bao gm mt hoc vi lp. Cc
nhm D v A cha mi nhm cha mt lp (lp D v lp A t ng
ng); nhm C c 2 lp (lp C1 v lp C2), cn nhm B c 3 lp
(B1, B2, B3) c trng bi tp hp cc tiu ch an ton khc
nhau. an ton tng dn theo chiu t nhm D n nhm
A, cng trong mi nhm tng theo s th t ca cc lp.
Nhm D: Bo v cc tiu.
213

Lp D: Bo v cc tiu. Tt c cc HT khng p ng c
cc yu cu ca cc lp khc u thuc lp ny. C th
ni, cc HT thuc lp D l khng an ton.
Nhm C: Bo v tu chn (Discretionary Security DS).
c trng ca nhm C l c ch DAC v ng k hnh
ng
ca
cc
ch th.
Lp C1: Bo v tu chn. Cc HT thuc lp C1 tho
mn yu cu bo m phn tch cc khch hng v
thng tin v bao gm c cc thit b kim sot truy
nhp, cho php t ra cc hn ch vi mi khch
hng ring bit; iu ny cung cp cho h kh nng
bo v cc TT ring ca mnh khi cc khch hng
khc. Lp C1 gm cc HT a khch hng, trong
thc hin vic cng x l cc TT (d liu) cung mt
mt.
Lp C2: Kim sot truy nhp. Cc HT thuc lp ny
thc hin kim sot truy nhp c la chn hn lp
C1, nh p dng cc thit b gim st c nhn i
vi hnh ng ca cc khch hng bng ng k,
kim ton s kin v phn chia cc ti nguyn.
Nhm B: Bo v bt buc (Mandatory Security MS).
Cc i hi chnh ca nhm ny l iu khin truy nhp
chun nh s dng cc nhn AT, duy tr m hnh v CSAT, v
c tn ti cc c t v chc nngTCB. i vi cc HT thuc
nhm B monitor reference (ghi nhn tham chiu) phi kim
sot tt c cc s kin trong HT.
Lp B1: Bo v vi p dng cc nhn AT. Cc HT ca lp
ny phi tho mn tt c cc yu cu ca lp C2, v
ngoi ra chng phi duy tr mt cch phi hnh thc
mt m hnh AT, m ho d liu v MAC. Khi xut
TT khi HT th TT phi c m ho. Cc li c pht
hin trong qu trnh kim th phi c loi tr.
Lp B2: Bo v cu trc. tng ng vi lp B2 TCB
ca HT phi duy tr mt m hnh AT c thuyt
214

minh bng ti liu r rng v c xc nh hnh


thc ho. M hnh ny phi dng c c hai c ch
DAC v MAC; v cc c ch kim sot truy nhp
phi c p dng cho tt c cc ch th (so vi cc
HT ca lp B1). Ngoi ra, phi thc hin s kim sot
cc knh ngm r r TT. Trong cu trc TCB phi tch
ring c cc yu t ti hn t gc an ton. Giao
din TCB phi c xc nh r rng, cn cu trc
ca TCB v s thc hin n phi tnh ti kh nng
tin hnh cc th nghim kim tra (kim th). So vi
lp B1, cn phi tng cng cc thit b xc thc.
Qun l an ton phi do cc nh qun tr HT thc
hin. Cn phi c cc thit b kim sot cu hnh.
Lp B3: Cc min an ton (Secure Domains SD).
tng ng lp B3, TCB ca HT phi duy tr Reference
Monitor kim sot tt c cc loi truy nhp ca cc
ch th ti cc i tng. Ngoi ra, TCB phi c thit
k vi mc ch a ra khi n cc tiu h khng
chu trch nhim thc hin cc chc nng bo v v
phi cht ch kim th v phn tch c
hiu qu. Trong qu trnh thit k v thc hin TCB
cn p dng cc phng php v cc thit b sao cho
cc tiu ho s phc tp ca n. Cc thit b kim
ton (Audit) phi bao gm cc c ch thng bo ca
nh qun tr khi xut hin cc s kin v an ton
ca HT. Yu cu phi c cc thit b khi phc kh
nng lm vic ca HT.
Nhm A: Bo v c kim chun.
y l nhm c trng bi vic p dng cc phng php
hnh thc ca kim chun tnh m bo lm vic ca cc
c ch kim sot truy nhp (DAC v MAC). i hi thm cc
ti liu chng minh rng, cu trc v thc hin TCB p ng
cc yu cu an ton.
Lp A1: Kim chun hnh thc. Cc HT thuc lp A1 tng ng vi cc HT lp B3 v mt chc nng, v vi
215

chng khng c yu cu chc nng no thm. Khc


vi cc HT lp B3 l ch, trong qu trnh thit k
cn phi p dng cc phng php kim chun hnh
thc, n cho php thu c s thc hin ng n
cc chc nng bo v (vi tin cy cao). Qu trnh
chng minh s ph hp ca thc hin c bt u
ngay t thi k u tin ca thit k vi vic thit
lp m hnh an ton v cc c t mc cao.
bo m cc phng php kim chun, cc HT lp A1
cn phi c cc thit b mnh v qun l cu hnh
v cc th tc bo v phn tn.
8.1.1.4. Cc thuyt minh v s pht trin ca Sch
Da cam.
Vic cng b Sch Da cam tr thnh mt giai on
quan trng v gi mt vai tr ng k trong s pht trin
cc cng ngh bo m an ton ca cc HT my tnh. Tuy
nhin, trong qu trnh p dng cc lun im ca n thy
rng, c mt s vn thc t quan trng khng c
cp ti trong b chun ny, v ngoi ra vi s pht trin c
nhiu lun im ca n tr thnh li thi i hi phi
xem xt li. Mt lot cc vn v an ton mng my tnh
v CSDL c cp trong cc ti liu ring do Trung tm
an ton my tnh quc gia (NCSC) ca M cng b nh l cc
b sung cho sch Da cam di dng cc thuyt minh
(Interpretations): Thuyt minh cho cc mng my tnh
(Trusted Network Interpretation); Thuyt minh cho cc H
qun tr CSDL (Trusted Database Management System
Interpretation). Cc ti liu ny cha ng s minh ho cc
lun im c bn ca Sch Da cam p dng vo cc HT x l
TT tng ng.
S lc hu ca lot cc lun im trong Sch Da cam trc
tin l do s pht trin nhanh chng ca CNTT, vic chuyn
t cc my tnh ln (mainframe) sang cc my trm lm vic
v cc PC c hiu sut cao trong m hnh tnh ton trn
mng. cho cc lun im c bn ca Sch Da cam thch
216

ng vi nhu cu hin ti, ngi ta tin hnh khi lng ln cc


cng vic v thuyt minh v pht trin cc lun im ca
b chun ny. Kt qu l ra i mt lot cc ti liu i
km Sch Da cam, rt nhiu trong s tr thnh phn
khng th tch ri ca n. l:
Ch dn v DAC trong cc HT an ton (A guide to
understanding discretionary access control in trusted
systems)
Ch dn v qun l mt khu (Password management
guide-line)
Ch dn v p dng cc tiu ch an ton HT my tnh
trong cc mi trng c bit (Guidance for applying the
Department of Defence Trusted Computer System Evaluation
Criteria in specific environment)
Ch dn v kim ton trong cc h an ton (A guide to
understanding Audit in trusted systems)
Ch dn v qun l cu hnh trong cc h an ton (A
guide to understanding configuration management in trusted
systems)
S lng cc ti liu nh vy cng vi cc bnh lun, cc
thuyn minh ngy cng tng v ln hn c bn thn Sch
Da cam rt nhiu. Cho nn n nm 1995 NCSC ca M
tp hp tt c cc b sung, thuyn minh li v cho cng b
thnh mt ti liu c tn l Thuyt minh cc tiu ch an
ton h thng my tnh (The Interpreted Trusted Computer
System Evaluation Criteria Requirements). Ti liu ny ghi
nhn tt c cc b sung, thay i i vi Sch Da cam, v
thc s i mi n, cho php n c p dng trong cc
iu kin hin ti.
Trong bng di y s th hin s phn b cc yu cu
an ton ca Sch Da cam theo cc lp nh ni trn. Lu
rng, cc tiu ch an ton chnh l cc yu cu to thnh (c
th mt yu cu tng ng vi mt tiu ch, cng c th vi
yu cu cho ta mt tiu ch)

217

Khi xem bng phn b ny cn lu cc k hiu vi ch


gii sau:
Khng c yu cu vi lp ny
Yu cu mi hoc yu cu b sung
Yu cu trng vi yu cu lp trc
y l cch trnh by thng gp trong cc Tiu chun
ATTT.
Cc yu cu c bn ca Sch Da cam

Cc lp an ton
C1

C2

B1

B2

B3

A1

Chnh snh an ton


1. CSAT tu chn (D)

2. CSAT bt buc (M)

3. Cc nhn b mt

4. Ton vn cc nhn

5. Nhn cng tc

6. Dng li nhn

7. Gii phng ti nguyn khi dng li cc i tng

8. Cch ly cc Mun

9. nh du cc thit b vo/ra

10.nh du s c ra

Kim ton (Audit)


11. Nhn dng v xc thc

12. Audit

13. Knh c bo v (Trusted path)

m bo (Assurance)
14. c t v kim chun thit k

15. Cu trc h thng (nhiu tng)

16. Ton vn h thng

218

17. Kim th h thng an ton

18. S phc hi tin cy sau s c

19. Qun l cu hnh h thng

20. Thng bo trc v h thng

21. Lan truyn tin cy

22. Phn tch cc knh ngun

23.Ch dn khch hng

24. Ch dn v cu hnh bo v

25. Ti liu v kim th

26. Ti liu thit k

Ti liu ho

8.1.2. Tiu ch an ton cng ngh thng tin chu u


Cc vn v ATTT t ra cp thit khng ch vi nc
M. Ngay sau khi ra i Sch Da cam ca B quc phng M,
cc nc chu u cng
son tho v cho ra i Cc tiu ch an ton CNTT
(Information Technology Security Evaluation Criteria), sau
y s gi l Cc tiu ch chu u. y chng ti tm lc ti liu ny da trn phin bn 1.2 c cng b thng
6/1991 bi cc c quan c thm quyn ca 4 nc: Php, c,
H Lan v Anh quc.
8.1.2.1. Cc khi nim c bn.
Cc tiu ch chu u xem xt cc nhim v c bn ca
cc thit b ATTT nh sau:
Bo v TT chng cc truy nhp tri php nhm bo
m tnh b mt.
Bo m ton vn TT bng cch bo v chng li s
bp mo hoc hu hoi bt hp php.

219

Bo m kh nng lm vic ca HT bng vic chng li


cc him ho khc t dch v.
tho mn cc yu cu v b mt, ton vn v sn
sng dch v, cn phi thc hin mt tp hp tng ng cc
chc nng an ton: nh nhn dng v xc thc, kim sot truy
nhp, khi phc sau s c cho cc thit b bo v c
th c coi l c hiu qu, i hi phi c mt mc nht
nh tin cy trong s chn la ng cc thit b v trong
hot ng chnh xc ca chng. gii quyt vn ny,
trong cc tiu ch chu u ln u tin a ra khi nim v
tnh m bo (tnh ph hp) ca cc thit b bo v
(assurance).
Assurance bao gm hai kha cnh: Tnh hiu qu phn
nh s tng ng ca cc thit b bo v vi cc nhim v
t ra, v tnh chnh xc c trng cho qu trnh thit k
v hot ng (thc t) ca chng. Tnh hiu qu xc nh
bi s tng ng gia cc nhim v t ra trc cc thit b
an ton v tp hp thc hin cc chc nng bo v tnh
y v ng b, n gin s dng, c tnh ti cc hu
qu tim nng nu k xu li dng cc im xung yu ca
bo v. Tnh chnh xc y c hiu l s ng n v
tin cy trong hin thc ho cc chc nng an ton.
nh gi chung v mc an ton ca HT c gp li t
kh nng v chc nng hot ng ca cc thit b bo v v
mc m bo ca s hin thc ho cc chc nng .
8.1.2.2. Cc tiu ch chc nng.
Trong cc tiu ch chu u. cc thit b ATTT c xem
xt trn 3 mc chi tit. mc u tin, xem xt cc mc
tiu m s an ton t ra; mc th hai cha cc c t
chc nng bo v; mc th ba cc c ch thc
hin chng.
Cc c t chc nng bo v c xem xt t gc cc
yu cu sau y:
220

Nhn dng v xc thc.


Kim sot truy nhp.
Kim ton.
Dng li cc i tng.
Ton vn thng tin.
Tin cy dch v.
An ton trao i cc d liu.
a s cc yu cu nu trn trng vi cc yu cu tng t
ca Sch Da cam. Chng ta xem xt mt s nt c trng
cho Cc tiu ch chu u.
Cc yu cu v an ton trao i d liu, quy nh cng
tc ca cc thit b bo m an ton cc d liu c truyn
theo cc knh lin lc, bao gm cc yu cu nh sau:
Xc thc.
Kim sot truy nhp.
B mt d liu.
Ton ven d liu.
Chng chi b.
Tp hp cc chc nng an ton c th phn loi nh s
dng cc lp xc nh trong Sch Da cam (c th chuyn
i c). C 5 lp nh vy, l cc lp F - C1, F - C2, F B1,
F B2, F B3. Cn 5 lp khng chuyn i v Sch Da cam
c.. Chng ta xem xt 5 lp ny k hn v chng phn nh
quan im ring ca Chu u v vn ATTT:
Lp F- IN dng cho cc HT c nhu cu cao v bo m
tnh ton vn (INtergrity) m in hnh l cc h qun tr
CSDL. C th miu t n trn c s khi nim cc vai tr, tng ng vi cc hot ng ca khch hng, v trn c s cho
php mt truy nhp ti cc i tng xc nh ch thng qua
221

cc trnh u quyn. Cn phi phn bit cc dng truy nhp


sau y: c, ghi, xo, to lp, i tn v hon thnh i
tng (read, write, add, delete, creat, rename, execute)
Lp F AV. c trng bi cc yu cu tng cng v bo
m kh nng lm vic (tng tnh kh dng AVailable).
iu ny quan trng cho cc HT kim sot cc qu trnh cng
ngh. Trong cc yu cu ca lp ny ch ra rng. HT cn phi
c khi phc sau mi ngng tr ca mt thnh phn ring
bit no , sao cho tt c cc chc nng ti hn quan trng
u vn c lin tc sn sng cho cc truy nhp. S thay
th cc b phn, chi tit cng phi c duy tr trong ch
nh vy. Khng ph thuc vo ti trng ra sao, cn phi bo
m mt thi gian nht nh cho phn ng ca HT trc cc
s kin bn ngoi.
Lp F DI hng ti cc HT phn tn (DIstribution). Trc khi
bt u trao i v trong khi thu nhn cc d liu, cc bn
cn phi c kh nng tin hnh nhn dng cc thnh vin
tham gia tng tc v xc thc chng. Cn phi s dng cc
thit b kim sot li v sa sai. c bit trong vic truyn
d liu, cn phi pht hin c tt c cc sai lnh ngu
nhin hoc c ca TT a ch v TT khch hng. Bit
thut ton pht hin sai cng khng cho php k xu tin
hnh b mt xuyn tc (modifer) cc d liu c truyn i.
Cn pht hin cc pht li cc bn tin c truyn.
Lp F DC dnh quan tm c bit cho cc yu cu v
tnh b mt ca TT c truyn nhn. TT theo cc knh lin lc
phi c truyn i dng m ho. Cc kho m phi c bo
v chng cc tip cn tri php.
Lp F DX p t cc yu cu tng cng ti c tnh ton
vn v tnh b mt ca TT. C th coi F DX l tch hp ca
cc lp F DI v F DC vi cc kh nng tng cng thm v m
ho v bo v chng phn tch lu lng. Cn phi gii hn tip

222

cn ti TT c truyn trc v TT ny v nguyn tc c


th hu thun cho m thm (phn tch m)
8.1.2.3. Cc tiu ch bo m (Assurance)
Cc tiu ch chu u dnh cho tnh bo m s quan
tm ln hn cc yu cu chc nng. Mc m bo c 2 thnh
phn tnh hiu qu v tnh chnh xc lm vic ca cc
thit b bo v. nh gi mc m bo ngi ta s
dng cc tiu ch sau y (Xem hnh trang 199)

223

Cc tiu ch m bo
Cc tiu ch hiu qu

Cc tiu ch chnh xc

--S tng ng ca tp cc
thit b bo v vi cc mc
tiu ra.

Qu trnh thit
k

--S ng b tng thch


ca
cc thit b v cc
c ch bo v khc nhau

--c t cc
yu cu
an ton

--Thit
b
kim sot cu
hnh

--Hngdn
khch hng

--Thit
cu trc

--Cc
ngn
ng lp trnh
v thng dch

--Hng dn nh
qun s

--Kh nng chng li cc tn


cng ca cc thit b bo v
--Kh nng s dng thc
t cc khim khuyt ca
cu trc ca cc thit b
bo v
--n gin s dng thit
b bo v

Mi trng thit
b

--Thit
lp
d n lm
vic
--Thc hin

--An ton mi
trng thit k

--Kh nng s dng thc t


cc khim khuyt chc
nng ca cc thit b bo
v

178

Ti liu khai
thc

Mi trng khai thc

--Cung cp v
ng gi
--Vn hnh v
khai thc

Cc tiu ch chu u xc nh 7 mc m bo t E0
n E6 (theo th t tng dn). Mc E0 nh du mc bo
m thp nht (tng t lp D ca Sch Da cam). Trong kim
tra tnh m bo ngi ta phn tch ton b chu k sng ca
HT t pha u tin ca thit k cho n khai thc v bo
dng. Cc mc m bo t E1 n E6 c xy dng theo
th t tng dn s cn trng trong kim sot . Chng hn,
mc E1 ch phn tch cu trc chung ca HT, cn tnh m
bo ca cc thit b bo v (TBBV) c khng nh bng
kim th chc nng. mc E3, vic phn tch tin hnh vi
cc bn ngun ca cc chng trnh v s ci t thit
b. mc E6 i hi miu t hnh thc cc chc nng an
ton, cu trc chung v c chnh sch an ton.
an ton ca HT c xc nh bi c ch yu nht
trong cc c ch bo v ti hn quan trng. Trong cc tiu ch
chu u c 3 mc an ton: C s, trung bnh v cao.
Mc an ton c s nu cc TBBV c kh nng chng li
cc tn cng ngu nhin ring bit.
Mc an ton l trung bnh nu cc TBBV c kh nng
chng li k xu, c trong tay lng ti nguyn hn ch v kh
nng chuyn mn hn ch.
Cui cng, mc an ton c th coi l cao, nu c s chc
chn rng, cc TBBV ch c th b v hiu ho bi k xu c
trnh chuyn mn cao v c mt tp hp cc kh nng v
ti nguyn v bin (khng gii hn).
8.1.2.4. Kt lun.
Cc tiu ch an ton CNTT chu u, xut hin ngay
sau Sch Da cam c nh hng ng k ti cc tiu chun
ATTT
v
phng
php
lun
kim chun.
Thnh tu chnh ca ti liu ny l a ra khi nim m
bo (assurance) ca cc TBBV v xc nh c mt thang
nh gi ring cho cc tiu ch m bo. Nh ni, Cc tiu
ch chu u coi tnh m bo ca cc TBBV c ngha ln

179

hn l cc chc nng ca chng. Li tip cn ny c s dng


trong nhiu b Tiu chun ATTT xut hin sau .
Cn lu rng, Cc tiu ch chu u gn lin vi Sch Da
cam ca M, iu lm cho n khng hon ton l mt ti
liu c lp.
Thot nhn, cm thy ngc nhin rng, Cc tiu ch chu
u tha nhn kh nng tn ti cc khim khuyt trong cc HT
qua kim chun (cc tiu ch v kh nng s dng cc
khim khuyt ca bo v). Tuy nhin thc ra iu ch
th hin mt quan im thc dng trong cch nhn hin
trng v tha nhn iu r rng l: cc HT ang tn ti cn
rt cha hon thin, cn xa mi ti c mc hon ho.
8.1.3. H tiu ch an ton ca Lin Bang Nga (LNB).
8.1.3.1. Cc lun im c bn.
Nm 1992, U ban k thut nh nc (GTK) trc thuc tng
thng LBN cng b nm (5) ti liu v cc vn bo v
TT chng li cc tip cn tri php (TCTP). Quan trng nht l
cc ti liu sau y:
Phng hng bo v cc thit b tnh ton (CBT) chng cc
TCTP ti TT.
CBT. Bo v chng TCTP. Cc ch s bo v chng TCTP
ti TT.
Cc HT t ng ho (AC). Bo v chng cc TCTP. Phn
loi cc AC v cc yu cu v bo v TT.
T tng ch o cho cc ti liu nm ti liu chnh l
Phng hng bo v CBT chng cc TCTP ti TT. y cha
ng cc quan im ca GTK v vn ATTT v cc
nguyn l c bn bo v cc HT my tnh. Theo cc quan
im ny th: nhim v c bn ca cc thit b an ton l
bo v chng li cc TCTP ti TT. Nu nh cc thit b kim
sot ton vn cn c ni n t nhiu, th vic duy tr s
sn sng phc v ca HT x l TT ni chung khng c ni ti.
S thin lch v pha bo m tnh b mt c gii thch l
v cc ti liu ny c son tho vi mc ch p dng cho

180

cc HT thng tin ca B quc phng v cc lc lng an ninh


LBN (hay cn gi l cc c cu sc mnh).
8.1.3.2. Phn loi cc tiu ch v cc yu cu an
ton.
Cc ti liu ch dn GTK a ra 2 nhm tiu ch an ton:
cc ch s bo v ca cc thit b tnh ton (CBT) chng cc
TCTP v cc tiu ch bo v ca cc HT t ng ho x l d
liu. Nhm u tin cho php nh gi mc bo v ca
cc thnh t ring r ca HT tnh ton, cn nhm th hai dnh
cho cc HT y x l cc d liu.
a. Ch s bo v ca CBT chng cc TCTP. Ti liu GTK
xc nh phn loi CBT theo mc bo v TT (chng cc
TCTP) trn c s lit k cc ch s bo v v tp hp cc yu
cu miu t chng. y CBT c hiu l tp hp cc phn
mm (chng trnh) v cc yu t k thut ca cc HT x l
d liu, c kh nng hot ng c lp hoc hot ng
trong thnh phn ca cc HT khc.
Ch s ny cha cc yu cu bo v CBT chng cc TCTP
ti TT v c p dng cho cc chng trnh HT chung v cc
h iu hnh (tnh ti cu trc ca MTT). Cc lit k c th
ca cc ch s xc nh cc lp bo v CBT v c m t
bng mt tp hp cc yu cu. Tp hp tt c cc TBBV to
thnh t hp cc TBBV (KCZ). Cc ti liu GTK xc nh 7 lp
bo v CBT chng TCTP, thp nht l lp 7 cao nht l lp 1.
Cc ch s bo v v cc yu cu ti cc lp c dn ra
trong
bng
di y.
Cc k hiu c ngha nh sau:
Khng c yu cu ti lp ny.
Cc yu cu mi hoc b sung vo.
Cc yu cu trng vi yu cu ca lp trc
KCZ T hp cc thit b bo v
(Xem k bng ny v hy so snh vi s phn loi tng t
ca Sch Da cam ca B quc phng M phn trn)

181

Cc lp bo v

Tn gi cc ch s
Kim sot truy nhp tu chn (DAC)
Kim sot truy nhp bt buc
(MAC)
Xo sch b nh
Cch ly cc m un
Ngu trang (m ho) cc ti liu
Bo v vo/ra trnh cc vt mang
TT l
Gn khch hng vi thit b
Nhn dng v xc thc
Bo him thit k
ng k
Tng tc khch hng vi KCZ
Khi phc tin cy
Ton vn KCZ
Kim sot s thay i
Kim sot s phn tn
Bo him cu trc
Kim th
Ch dn khch hng

182

Ch dn v KCZ
Ti liu bng vn bn
Ti liu thit k

b. Cc yu cu bo v ca cc HT t ng ho
Cc yu cu ny l mt thnh phn ca cc tiu ch bo
v ca cc HT t ng ho x l d liu. Cc yu cu to
thnh cc nhm xung quanh cc tiu h thc hin chng.
Khng c nhng yu cu v tnh sn sng phc v ca HT,
nhng li c cc mc dnh cho cc thit b mt m. Trong
nhiu b tiu chun ATTT khng h ni ti mt m, v
ngi ta xem n ch nh mt c ch bo v thc hin cc yu
cu v xc thc, kim ton ton vnLoi tr ch c Cc
tiu ch chung (Common Criteria CC) ( mc 2.10), tuy
nhin trong yu cu ca mc mt m ch ni v phn
phi ho m thi. Phn loi cc yu cu v cc TBBV ca AC
dn ra trong bng sau:
Cc yu cu ca cc TBBV ca
AC
Tiu h
kim sot
truy nhp
--Nhn

dng,
xc thc, kim
sot truy nhp

--Kim sot cc
lung thng tin

Tiu h
ng k v
kim ton

Tiu h
mt m
--M ho

--ng k v
kim ton

cc TT mt

--Kim k

--M

cc vt
mang tin
--Xo cc xng
nh c gii
phng
--Bo hiu cc
xm phm
bo v

ho
TT
thuc cc ch
th khc nhau
bng cc kho
khc nhau

--S dng cc
thit b mt m
qua kim
chun

Tiu h bo
m tnh
ton vn
--Bo m ton
vn cc phn
mm v TT c
x l
--Bo v vt l
CBT v cc vt
mang tin
--Cc nh qun
tr BVTT

--Kim th theo
chu k cc TBBV

--C cc thit b
183

khi phc cc
TBBV
--S dng cc
TBBV qua
kim chun

8.1.3.3. Cc lp bo v ca cc h thng t ng ho
(AC)
Cc ti liu GTK xc nh 9 lp bo v ca AC chng cc
TCTP, mi lp c c trng bi mt tp cc yu cu i vi
cc TBBV. Cc lp chia thnh 3 nhm, phn bit bi c tnh
x l TT trong AC. Cc nhm ca AC c xc nh trn c s
cc du hiu sau:
Tn ti trong AC cc TT vi cc mt khc nhau.
Mc quyn ca cc khch hng AC truy nhp ti cc TT
mt.
Ch x l TT trong AC (tp th hay c nhn).
Trong mi nhm c mt trt t cc lp bo v AC. Lp c
bo v cao nht trong mt nhm c k hiu l NA,
y N s th t ca nhm (t 1 n 3). Lp tip theo l
N...
Nhm th ba bao gm cc AC, trong ch c mt khch
hng lm vic c tip cn tt c cc TT cha trong cc vt
mang cng mt cng mt. Nhm ny c 2 lp - 3 v 3.
Nhm th hai bao gm cc AC, trong cc khch hng
c cng cc quyn truy nhp ti tt c cc TT c x l
v/hoc lu gi trong AC trn cc vt mang c mt khc
nhau. Nhm ny c 2 lp - 2 v 2.
Nhm th nht bao gm cc AC nhiu ngi dng, trong
ng thi cng x l v/hoc lu gi TT c mt khc nhau.
Khng phi tt c cc khch hng u c quyn tip cn nh
nhau. Nhm ny c 5 lp - 1, 1, 1, 1 v 1.

184

8.1.3.4. Kt lun.
Vic son tho cc ti liu GTK l kt qu ca s pht
trin mnh m qu trnh p dng CNTT ti nc Nga. Trc
nhng nm 90 (TK 20) s cn thit ca cc ti liu nh vy
cha xut hin. V rng, a s cc trng hp x l v lu tr
TT mt c thc hin khng c p dng my tnh. Cho nn
cc ti liu GTK l giai on u ca vic hnh thnh cc
tiu chun ATTT ca nc Nga.
Vic son tho cc ti liu chu nh hng to ln ca
Sch Da cam. Chng c nhiu nt ging nhau: cng hng ti
cc HT p dng cho qun i, cng s dng mt thang tng
qut nh gi bo v
8.1.4. H tiu ch chung nh gi ATTT.
8.1.4.1. Mc ch ban hnh.
H tiu ch an ton CNTT chung (Common Criteria for
Information Technology Security Evaluation thng gi l Cc
tiu ch chung - Common Criteria) l kt qu ca n lc tp
th ca cc tc gi Cc tiu ch an ton CNTT chu u,
Cc tiu ch lin bang ca M, Cc tiu ch an ton cc HT
my tnh ca Canada, nhm hng ti s kt hp (tch hp) cc
lun im c bn ca cc ti liu ny v a ra mt
chun quc t thng nht v an ton CNTT. Cng vic ca
mt n to ln nht trong lch s cc tiu chun ATTT c
tin hnh bt u vo thng 6 nm 1993 (ch 10 nm sau
khi cng b Sch Da cam). Phin bn 2.1 ca chun ny
c T chc tiu chun quc t ISO ph chun vo nm 1999
nh l mt chun ATTT quc t ISO/IEC 15408.
Phin bn u tin ca Tiu ch chung c cng b vo
31/01/1996. Cc tc gi ca n l Vin cc tiu chun v cng
ngh quc gia v Cc an ninh quc gia ca M, cc c quan
tng t ca Anh, Canada, Php v H Lan. Phin bn th 2 ra
i vo 5/1998. y chng ta lm quen vi phin bn 2.1
ca n nh ni trn.
185

Cc tiu ch chung gi c nhng trng lp cng cc


tiu chun ang tn ti v pht trin chng ln bng cch a
vo cc khi nim, cc hng mi tng ng vi mc pht
trin ca CNTT hin i v s tch hp (lin kt) ca cc HT
thng tin ca quc gia vo mt khng gian TT thng nht
ton th gii. Ti liu ny c xy dng trn c s cc thnh
tu ca hng lot cc nghin cu trong lnh vc an ton CNTT
nhng nm 90 v trn kt qu phn tch kinh nghim p
dng cc tiu chun kt tinh vo cc thnh tu . Cc
tiu ch chung a ra mt s khi nim mi (m chng ta
bit phn u nh: Sn phm CNTT (IT-product), H s bo
v (Protection Profile-PP). CC c son tho nhm p ng
nhu cu ca 3 nhm ngi: Cc nh sn xut, cc nh tiu dng
cc sn phm CNTT v cc chuyn gia nh gi an ton
ca cc sn phm .
Nh vy,CC bo m cc iu kin chun cho qu trnh
la chn cc sn phm CNTT, m i vi chng s t ra cc
yu cu v chc nng hot ng trong mi trng c cc him
ho nht nh. CC l ti liu ch dn cho cc nh thit k
cc HT an ton v n cng quy ch ho cng ngh thit lp
cc HT nh vy cng cc th tc nh gi mc bo m an
ton ca chng.
CC xem xt ATTT, trc tin l tnh b mt v ton vn ca
TT c x l bi cc sn phm CNTT v c tnh sn sng
phc v ca cc ti nguyn HT; v th hai l n t ra cho
cc TBBV nhim v chng li cc him ho c bn tn ti
trong mi trng khai thc cc sn phm ny v nhim v thc
hin chnh sch an ton c chp nhn trong mi trng
khai thc .
V th trong CC c tt c cc kha cnh ca qu trnh
thit k, sn xut v khai thc ca cc sn phm CNTT dng
lm vic trong cc iu kin tc ng ca cc him ho

186

ATTT. Cc mi lin h nhn-qu gia cc khi nim c bn


ca CC c dn ra trong s sau:
S kin chun

Sn
phm
CNTT

Tnh bo
m

Cc thit b
bo v

Khch
hng

S r
r

Cc him
ho

Cc mo
him

Cc khch hng ca cc sn phm CNTT lo ngi v tn ti


cc him ho ATTT, s dn ti s mo him nht nh cho cc
TT c x l. chng li cc him ho ny sn phm CNTT
phi gm c c cc TBBV cho php khng nh tnh m
bo trc cc him ho v cc mo him.
8.1.4.2. Cc lun im c bn.
Trc tin chng ta lm quen vi mt s khi nim thut
ng ca CC:
Nhim v bo v Khi nim c bn ca CC, biu din
nhu cu ca cc khch hng ca sn phm CNTT trong vic
chng li tp hp cc him ho an ton hoc trong s cn
thit thc hin mt chnh sch an ton.
187

H s bo v - l mt ti liu chun c bit, cha


ng cc nhim v bo v, cc yu cu chc nng, cc yu
cu m bo, cc c trng ca TBBV v c s lun chng
ca chng. N l ti liu hng dn cho cc nh sn xut, thit
k sn phm CNTT trong qu trnh thit lp i tng an
ton.
i tng an ton l ti liu chun c bit, cha
ng cc nhim v bo v, cc yu cu chc nng, cc yu
cu m bo, cc c trng ca TBBV v c s lun chng
ca chng. Trong qu trnh phn tch, nh gi n s l s
m t sn phm CNTT.
Theo CC, an ton CNTT c th t c bng cch p
dng cng ngh thit k, kim chun v khai thc cc sn
phm CNTT do cc tc gi xut trong h tiu ch ny.
Trn quan im ca CC, iu quan trng nht trong cc
yu cu an ton m cc nh thit k nh hng theo, l
cc sn phm CNTT phi p ng cc nhu cu ca khch
hng. Ch c bo m iu ny mi c th t c mc
ch ra bo m an ton CNTT trong mi trng tc
ng ca cc him ho an ton.
CC xc nh kh nhiu cc yu cu in hnh (cc mu
yu cu), m cng vi c ch H s bo v chng cho php
cc khch hng la chn c cc yu cu ring ph hp vi nhu
cu an ton ca h. Cc nh thit k c th s dng H s
bo v nh l mt c s a ra cc c t cc sn phm
ca mnh. H s bo v v cc c t TBBV to thnh ci
gi l n bo v. Chnh n bo v l i din ca sn
phm CNTT trong qu trnh phn tch nh gi.
S phn tch nh gi c th c tin hnh song song
vi thit k sn phm CNTT hoc sau khi kt thc thit k.
tin hnh c phn tch nh gi, nh thit k sn
phm phi trnh ra cc ti liu sau y:
188

- H s bo v (Protection Profile): m t vai tr ca sn


phm v ch ra c trng ca mi trng khai thc n,
v cng xc lp trong cc Nhim v bo v v cc
yu cu m sn phm phi p ng.
- i tng an ton (Security Target - ST): bao gm cc c
t cc TBBV; lun chng ca s tng ng ca sn phm
vi cc nhim v bo v t H s bo v, v vi cc yu
cu ca CC nu ra trong (Tc H s bo v)
- Cc lun c khc nhau v cc khng nh cc tnh cht
v kh nng ca sn phm, do cc nh thit k thu c.
- Chnh sn phm CNTT.
- Cc c liu ph, thu c bng cch tin hnh cc thu
thp c lp khc nhau.
Qu trnh phn tch nh gi gm 3 giai on:
1. Phn tch H s bo v v cc mt: tnh y
, khng mu thun, tnh kh thi v kh nng
c s dng nh tp hp cc yu cu cho sn phm
c thit k
2. Phn tch i tng an ton v cc mt: s tng
ng vi cc yu cu ca H s bo v, tnh y
, khng mu thun, tnh kh thi v kh nng
c s dng nh mt mu trong phn tch sn
phm CNTT.
3. Phn tch sn phm CNTT v s tng ng vi i tng
an ton.
Kt qu ca phn tch nh gi l kt lun rng sn
phm CNTT c nh gi tng ng vi i tng an ton c
gii thiu. Bn kt lun bao gm mt s bo co, khc nhau
bi mc chi tit ho, v cha ng quan im ca cc
chuyn gia kim chun v sn phm trn c s cc tiu ch

189

phn loi CC. Cc bo co ny c th c s dng bi cc nh


sn xut v c cc khch hng.
Vic p dng phn tch nh gi v kim chun lm
nng cao cht lng cng vic ca cc nh sn xut trong
thit k v sn xut cc sn phm. Trong cc sn phm
qua nh gi an ton, xc sut xut hin cc li v cc
im yu bo v v cc r r nh i mt cch ng k (so
vi trong cc sn phm thng thng). iu ni ln rng, p
dng cc tiu ch chung c nh hng tch cc v xy dng
ti qu trnh hnh thnh cc yu cu, thit k sn xut sn
phm CNTT, chnh sn phm v s khai thc n. Chng ta hy
xem xt k hn v H s bo v v i tng an ton.
a)H s bo v (Protection Profile) HSBV.
HSBV xc nh cc yu cu an ton i vi mt chng loi
nht nh cc sn phm CNTT, khng chnh xc ho cc phng php v phng tin thc hin chng. Nh HSBV m cc
khch hng hnh thnh cc yu cu ca h ti cc nh sn
xut. Cu trc ca HSBV nh sau (xem hnh 26).
Chng ta hy xem xt vai tr v ni dung ca cc tiu
mc ca HSBV.
Nhp mn cha thng tin cn cho tm kim HSBV
c th trong th vin cc HSBV
- c ch ca HSBV l mt tn c bit, thch hp
cho vic tm kim n trong v s cc HSBV ging
nhau v nh du khi tham kho ti n.
- Tm tt ni dung cha nhng li gn gn ca HSB,
trn c s khch hng c th i n kt
lun v s tng ng ca HSBV vi cc i hi ca
h.
M t sn phm CNTT cha mt s c trng gn gn
ca sn phm, nhim v chc nng, cc nguyn l lm vic,

190

phng php s dngCc TT ny khng cn phi phn tch


v kim chun, nhng phi cung cp cho cc chuyn gia
gii thch cc yu cu an ton v xc nh s ph hp ca
chng vi cc nhim v m cc sn phm ny gii quyt, v
cng hiu r cu trc v cc nguyn l lm vic ca sn
phm CNTT.

191

H s bo
v
Nhp
mn
M t sn
phm

Mi trng khai
thc

c ch
Tm tt ni
dung

iu kin khai
thc
Cc him ho an
ton
Chnh sch an
ton

Cc nhim v
bo v

Cc yu cu an
ton

Lun
chng

Cc nhim v bo v
ca sn phm
Cc nhim v bo v
khc
Cc yu cu chc
nng
Cc yu cu m
bo
Cc yu cu v mi
trng
khai thc
Lun chng cc
nhim v bo v
Lun chng cc yu
cu an ton

Hnh 8.1: Cu trc ca H s


192
bo v

Mi trng khai thc. Mc ny cha s m t mi trng


hot ng ca sn phm CNTT trn gc an ton.
- Cc iu kin khai thc. M t cc iu kin khai
thc sn phm cn phi cha c trng y
mi trng khai thc trn quan im an ton, k c
cc gii hn v iu kin p dng sn phm.
- Cc him ho an ton. M t cc him ho an ton,
tc ng trong mi trng khai thc m s bo v
sn phm phi i mt.Vi mi him ho cn ch
r ngun gc ca n, phng php v i tng tc
ng ca him ho.
- Chnh sch an ton. M t CSAT cn phi xc nh
r v khi cn thit, phi gii thch cc iu lut
ca CSAT cn thit phi thc hin trong sn phm.
Cc nhim v bo v phn nh cc nhu cu ca khch
hng trong vic chng li cc him ho an ton ch ra
v/hoc trong vic thc hin CSAT.
- Cc nhim v bo v ca sn phm phn nh cc
nhu cu ca khch hng trong vic chng li cc
him
ho
v/
hoc
thc
hin CSAT.
- Cc nhim v bo v khc phn nh s cn thit
tham gia ca cc TBBV ca sn phm CNTT trong
chng li cc him ho an ton v/hoc thc hin
CSAT cng vi cc thnh t CNTT khc.
Cc yu cu an ton cha cc yu cu an ton cn phi
p ng i vi sn phm CNTT gii quyt cc nhim v
bo v.
- Cc yu cu chc nng ch cha cc yu cu mu
c a ra trong cc mc tng ng ca Cc tiu
ch chung. Cn phi bo m mc chi tit ho cc
yu cu sao cho n cho php th hin r s tng
ng vi cc nhim v bo v. Cc yu cu chc nng

193

c th bo trc hoc cm s dng mt s phng


php v thit b bo v.
- Cc yu cu m bo cha cc tham chiu ln cc
yu cu mu ca cc mc m bo ca Cc tiu
ch chung, nhng cho php nh ngha thm cc
yu cu m bo ph.
- Cc yu cu v mi trng khai thc. Mc ny khng
bt buc phi c. V n c th cha cc yu cu
chc nng v cc yu cu m bo, m phi p
ng cc thnh t CNTT to thnh mi trng khai thc
ca sn phm ang xem xt.Trong mc ny, khc
vi cc mc khc , vic s dng cc yu cu mu ca
Cc tiu ch chung l mong mun nhng khng
bt buc.
Cc c liu b sung. y l mc khng bt buc, cha
bt k TT b sung no c ch cho thit k, sn xut v
phn tch nh gi v kim chun sn phm CNTT.
Lun chng cn phi th hin r rng, H s bo v
cha mt tp hp y v h thng cc yu cu, v rng
sn phm CNTT, p ng chng s chng li mt cch c hiu
qu
cc
him
ho
an
ton
va
mi
trng
khai thc.
- Lun chng cc nhim v bo v cn phi th hin
r, rng cc nhim v bo v c a ra trong H
s tng ng vi cc tham s ca mi trng khai
thc, v gii quyt chng s cho php chng li c
hiu qu cc him ho an ton v thc hin c
CSAT.
- Lun chng cc yu cu an ton phi ch ra rng,
cc yu cu an ton cho php gii quyt c hiu
qu cc nhim v bo v, v cc l do:
Tp hp cc mc tiu, m cc yu cu chc
nng ring theo ui, tng ng vi cc
nhim v bo v ra.

194

Cc yu cu an ton l ng b,khng mu
thun nhau, m cn tng cng nhau.
La chn cc yu cu l hp l (c bit l
i tng an toni vi cc yu cu b sung, khng c trong
CC).
Nhp Tp hp la chn cc yu cu chc nng v
c ch
mn
mc cc yu cu m bo ph hp vi cc
nhim v bo v. Tm tt ni
M t sn phm
dung
HCNTT
s bo v l xut pht im
cho
nh
xut
Th
hin
ssn
tng
ngtrong
qu trnh hnh thnh thit lp vin
CCbo v, chnh l cc
Mi
tr
ng
khai
n k thut sn xut sn phm
CNTT
v l i din
iu kin
khai
thc
thc
cho sn phm trong phn tch nh
gi an ton.
Cc him ho an
b)
i tng an ton.ton
Chnh
sch an
i tng an ton cha cc yu cu
v nhim
v bo v ca
sn phm
CNTT, v
n m t mc ton
cc kh nng hot ng
Cc nhim
Cc nhim v bo v ca
bo
v tch hp trong sn phm,
ca cc
TBBV
lun chng v khng
sn phm
nh mc bo m ca TBBV.
tng v
an bo
ton va l
Cci
nhim
im ch dn cho nh thit lp h
thng, va l cc mu
v khc
Cc yu cu an
Cc yu
ca HTton
trong qu trnh phn tch nh
gicu chc
nng
Cu trc ca i tng an ton Cc
c yu
thcu
hin trong hnh
8.2:
m bo
Cc yu cu v mi trng
khai thc

Cc c t chung sn
phm CNTT

c t cc chc nng
bo v
c t mc bo
m
Tham chiu ti
HSBV
S tng ng vi
HSBV
Hon thin
HSBV

Th hin s tng ng vi
HSBV

Lun
chng
Hnh 8.2: Cu trc
ca i tng
an ton

Lun chng cc nhim v


bo v
Lun chng cc yu cu an
ton

195

Lun chng cc
c t chung
sn phm CNTT
Lun chng s tng ng
vi HSBV

Nhiu mc ca TAT trng tn vi cc mc ca HSBV. V


th chng ta dng li ch cc mc c trng cho TAT v
cc mc c t nhiu thay i gn y:
Nhp mn cha cc TT cn nhn dng TAT, xc
nh v tr v tm tt ni dung ca n.
c ch l tn ring ca TAT, cn cho vic tm
kim v nhn dng TAT l sn phm CNTT tng
ng vi n.
Tm tt ni dung l ch dn kh t m ca TAT
cho php khch hng tim nng xc nh s ph
hp ca sn phm gii quyt cc nhim v
ca h.
196

Th hin s tng tc vi CC cha m t tt c cc


tnh cht ca sn phm, thuc v phn tch
nh gi trn c s Cc tiu ch chung.
Cc yu cu an ton cha cc yu cu an ton i vi
sn phm, m cc nh sn xut nh hng theo trong
qu trnh thit k v thc hin. Mc ny ca TAT t
nhiu khc so vi mc tng t ca HSBV.
Cc yu cu chc nng i vi sn phm. Mc ny
khc vi HSBV, cho php s dng ngoi cc yu
cu mu ca CC, c cc yu cu khc, c trng
cho sn phm c th v mi trng khai thc n.
Khi miu t cc yu cu c trng ny cn tun
th phong cch ca CC v phi th hin c mc
c th vn c ca CC.
Cc yu cu m bo cho php dng cc mc
m bo khng c trong CC. Trong trng hp ny,
m t mc m bo phi r rng, khng mu
thun v c th sau ny dng cho phn
tch nh gi.
c t chung ca sn phm CNTT m t cc c ch
thc hin cc nhim v bo v nh xc nh cc c
t cc mc cao ca TBVV tng ng vi cc yu cu
chc nng v cc yu cu m bo
a ra.
c t cc chc nng bo v m t cc kh nng
hot ng ca cc TBBV trong sn phm CNTT
m cc nh sn xut coi l thc hin cc yu
cu an ton. Hnh thc biu din cc c t
phi cho php xc nh c s tng ng gia
cc chc nng bo v v cc yu cu an ton.
c t mc m bo xc nh mc m bo
nu ra ca sn phm v s tng ng ca n
197

vi cc yu cu m bo, dng thc a ra cc


tham s cng ngh thit k v thit lp sn
phm. Cc tham s ny phi c a ra di dng
sao
cho
c th xc nh c s tng ng ca n vi cc
yu
cu
m bo.
Th hin s tng ng vi HSBV. Mt TAT c th p
ng cc yu cu ca mt hoc mt vi HSBV. Mc ny l
khng bt buc, v cha cc TT cn thit cho khng nh
chp nhn th hin . Vi mi HSBV m TAT mun thc
hin, mc ny phi cha cc TT sau:
- Tham chiu ti HSBV nhn dng n nht HSBV m
TAT mong mun thc hin. Cn ch r cc trng
hp m mc bo v a ra vt hn yu cu ca H
s. Thc hin chnh xc HSBV c ngha l thc
hin chnh xc tt c cc yu cu ca H s,
khng c mt loi tr no.
- S tng ng vi HSBV xc nh kh nng ca sn
phm thc hin cc nhim v bo v v cc yu
cu cha ng trong H s.
- Hon thin HSBV phn nh cc kh nng ca sn
phm CNTT vt ra ngoi khun kh ca cc nhim
v bo v v cc yu cu t ra trong H s.
Lun chng phi chng t rng, TAT gm mt tp hp
y v h thng ca cc yu cu, hin thc ho sn
phm CNTT, s chng li c hiu qu cc him ho an ton tc
ng trong mi trng khai thc, v rng, cc c t chung
cc chc nng bo v tng ng vi cc yu cu an ton. Ngoi
ra, lun chng phi cha khng nh s tng ng vi HSBV.
Lun chng gm cc tiu mc sau:

198

- Lun chng cc nhim v bo v phi chng t c


rng, cc nhim v bo v a ra trong TAT tng
ng vi cc tnh cht ca mi trng khai thc, v
vic gii quyt chng cho php chng li c hiu
qu cc him ho an ton v thc hin c CSAT
i hi.
- Lun chng cc yu cu an ton ch ra rng, hon
thnh cc yu cu ny cho php gii quyt cc
nhim v bo v, v l do:
Tp hp cc yu cu chc nng v yu cu
m bo, v c cc iu kin khai thc sn
phm CNTT tng ng vi cc nhim v bo v.
Tt c cc yu cu an ton l khng mu
thun nhau m cn tng cng ln nhau.
S la chn cc yu cu l hp l.
Mc cc kh nng hot ng ca TBBV tng xng vi cc nhim v bo v.
- Lun chng cc c t chung ca sn phm phi
chng t rng, cc TBBV v cc phng php duy tr
tnh m bo ca chng tng ng vi cc yu cu
m bo a ra v:
Tp hp cc TBBV p ng cc yu cu chc
nng.
Mc an ton i hi v mc chnh xc ca
bo v c m bo bi cc thit b
xut.
Cc bin php duy tr tnh m bo thc
hin cc yu cu chc nng tng xng vi cc
yu cu m bo ra

199

- Lun chng s tng ng vi HSBV ch ra rng, cc


yu cu ca TAT duy tr tt c cc yu cu ca
HSBV. nh vy, cn phi chng t rng:
Tt c s hon chnh cc nhim v bo v so
vi HSBV c thc hin chnh xc v theo hng
pht trin v chi tit ho.
Tt c cc nhim v BV ca HSBV c gii
quyt thnh cng v tt c cc yu cu ca
HSBV u c p ng.
Khng c yu cu b sung no trong s a vo TAT, v cc nhim v BV c th v
cc yu cu an ton, c s mu thun vi
HSBV.
Nh chng ta thy trong cu trc ca HSBV v TAT v
qua tm tt ni dung ca chng, cc ti liu ny trn thc t
quy ch ho mt cc ton din s tng tc ca cc khch
hng, cc nh sn xut v cc chuyn gia nh gi trong qu
trnh thit lp mt HT an ton (mt sn phm CNTT). Trn
thc t, cc lun im ca 2 ti liu ny (TAT v HSBV)
xc nh cng ngh thit lp cc HAT.
8.1.4.3. Cc yu cu an ton.
Cc tiu ch chung chia cc yu cu an ton ra l 2 loi:
cc yu cu chc nng v cc yu cu m bo.
Cc yu cu chc nng quy nh cc hot ng an ton
ca cc thnh t ca sn phm CNTT v xc nh cc kh
nng ca cc TBBV.
Tnh bo m l mt c trng ca sn phm, n ch ra
rng, mc an ton c m bo hiu qu n u,
chnh xc thc hin ca cc TBBV nh th no. Tnh bo m
c xc nh bi cc cng ngh c s dng trong qu trnh
thit k, xy dng v khai thc sn phm. V vy, cc yu
cu m bo quy nh cng ngh v qu trnh thit lp
200

sn phm CNTT (HT), v c s cn thit tin hnh phn tch


cc yu im ca bo v.
a. Cc yu cu chc nng.
Cc yu cu chc nng ca CC c th hin di dng c
cu trc hnh thc cht ch, l mt t hp y v rt chi
tit. Cc yu cu c phn thnh cc lp. Mi lp li c cc
mc (c 5,6 mc), sau cc mc li n bn thn cc yu cu
(thuc mc v nhm tng ng). Mi yu cu chc nng li c
xy dng theo s gm: Tn gi, Ni dung yu cu v cc
yu cu i km. Nh vy CC c nhiu lp yu cu, mi lp c
nhiu mc, mi mc c nhiu yu cu, mi yu cu li c cc
yu cu i km; v nh vy CC l mt tp hp khng l cc yu
yunng.
cu chc
cuCc
chc
Cu trc chung ca cc yu cu chc nng ca
nng
CC c ch ra trong hnh 8.3:
Cc lp
Tn
gi
M t lp

Hnh 8.3: Cu trc


chung ca cc yu
cu chc nng

Cc mc
Tn gi v k
hiu
M t mc
Phn cp cc yu
cu
Cc tham s iu
khin
Cc i tng ng k v
kim ton
Cc yu cu
Tn
gi
Ni
dung

201

Cc yu cu km

Chng ta hy lm quen vi mt vi cu trc tiu biu ca


CC i vi cc mc trong mt lp.
- Tn gi v k hiu. Mi mc c mt tn gi ring v
mt c ch 7 k hiu ly t mt tin t (prefix)
c 3 ch ci ca c ch lp, du gch ngang v k
hiu 3 ch ci ca mc . Tn gi v k hiu dng
cho cc tham chiu ln mc.
- Phn cp cc yu cu. S phn cp cc yu cu
chc nng ca CC ch c th t mt phn (khc vi
nhiu b tiu chun khc thng c mt trt t thng
nht ton b to ra mt thang nh gi duy nht).
V d in hnh y l s phn cp cc yu
cu bo v TT khi truyn theo cc knh ni b v s
phn cp cc yu cu v s dng cc gi danh
(xem s )
202

Bo v TT khi
truyn theo
cc knh ni
b

S dng cc
gi danh

Cc TBBV c
bn TT
truyn i

Truyn d liu vi cc
du hiu an ton theo
cc knh tch ring

Kim sot
ton vn TT
truyn

p dng cc phng php


kim sot ton vn khc
nhau ph thuc vo cc
du hiu an ton

Kim sot
hot ng
ca cc khch
hng bng
cc gi danh

Xc lp c nhn
khch hng theo
gi danh

a ra cc gi
danh tng ng
vi cc iu lut

Vic thc hin yu cu bo v TT truyn theo cc knh


ni b c php tin hnh theo 2 hng bo m an ton
khi truyn tin v kim sot ton vn tin. i vi mi hng tn
ti 2 mc thc hin cc yu cu, ph thuc vo vic c
hay khng tnh ti cc du hiu an ton ca TT c truyn
i. Cc yu cu nm cc nhnh khc nhau l c lp vi
nhau v tng cng ln nhau.
Phn cp cc yu cu v s dng cc gi danh c cu
trc phc tp hn. Mc tng ng thp nht vi yu cu
ny c m bo nh s dng cc gi danh, che du cc c
nhn khch hng lm vic vi h thng. Tn ti 2 hng c
lp tng cng yu cu ny - a ra c ch cho php khi cn
xc nh c tng khch hng theo gi danh ca h; v a
ra cc iu lut (khi lp cc gi danh) cho php xc lp c
nhn khch hng. Hai yu cu ny nm 2 nhnh khc nhau
203

v khng so snh c vi nhau (v cng khng th tng cng


nhau).
Cc tham s iu khin. Trong tiu mc ny cc
tham s c th c lit k, cn c vo cc tham s
ny cn thc hin qun l cc TBBV, hin thc ho
cc yu cu ca mc nu.
Cc i tng ng k v kim ton. Trong tiu mc
ny ca cc yu cu phi lit k cc thao tc v cc
s kin cn phi qua ng k v kim ton.
S phn loi cc lp ca cc yu cu chc nng ca CC th
hin trong s di y:
Cc yu cu chc nng
Kim ton
Khng nh nhn, truyn
thng tin
M ho
Bo v TT
Nhn dng v xc thc
Qun l an ton
Tnh b mt cng vic
trong HT
Chnh xc ca cc
TBBV
Kim sot vic dng cc ti
nguyn
Kim sot cc tip cn
HT
ng dn tin cy

204

S phn loi cc yu cu chc nng i vi tt c cc lp


ca Cc tiu ch chung c ch ra trong lot hnh sau
y. Trc tin l php phn loi ca 2 lp: lp bo v TT v lp
chnh xc ca TBBV. y l 2 lp c tnh c th ring ca
CC.
Bo v TT
-- Chnh sch iu khin
tip
cnb iu khin tip
-- Thit
cn
-- Xc thc
TTChnh sch qun l cc
-lung
tinb qun l cc
-- Thit
lung
tinTT
-- Nhp
-- Bo v TT truyn theo knh
ni
b cc TT cn
-- Hu
li T chi
--- Kim sot ton vn khi tin lu
tr
-- Bo v vic truyn tin bn trong HT khi dng cc
knh
ngoi
-Ton
vn cc tin truyn bn trong HT khi dng cc
knh ngoi
Hnh 8.4: Phn loi lp bo v TT

205

Chnh xc cc
TBBV
-- Kim th phn mm v
phn cng
-- Bo v chng treo dng
-- Bo v chng treo dng
-- Sn sng TBBV phc v cc
Clients t xa
-- B mt cc TT truyn khi lm vic vi
Clients xa
-- Ton vn cc TT truyn khi lm vic vi
Clients xa
-- Bo v cc knh ni b trao i TT gia
cc TBBV
-- Bo v vt l
-- An ton khi phc sau dng
treo
-- Nhn bit vic truyn li TT v gi mo s
kin
-- Ghi nhn cc tng tc
gggggggggggggggggggggggggggggggggggggggggggggg
-- Phn tch cc min
ggggggggggggggggggggggggggggggggggggggggggggggggg
-- ng b
ggggggggggggggggggggggggggggggggggggggggggggggggg
-- Thi gian
ggggggggggggggggggggggggggggggggggggggggg
-- Trao i ng b TT gia
gggggggggggggggggggggggggggggggggggggggggggggg
cc TBBV
-- Sao lu TT dng cho cc TBBV
ggggggggggggggggggggggggggggggggggggggggggggggggg
-- T kim th ca cc TBBV
ggggggggggggggggggggggggggggggggggggggggggggggggg
ggggggggggggggggggggggggggggggggggggggggggggggggg
gggggggg
Hnh 8.5: Phn loi lp chnh xc ca
cc TBBV

206

Sau y l phn loi ca 4 lp khc l: Lp nhn dng v


xc thc; lp kim ton; lp qun l an ton v lp m ho.

Nhn dng v xc
thc
-- Phn x vi cc
xc thc khng
cng
-- thnh
Cc du
hiu an ton
ca cc khch hng
-- Cc tham s xc thc
-- Xc thc khch hng
-- Nhn dng khch
hng
-- S tng ng cc
khch hng v cc
ch th

Kim
ton
-- T ng phn ng
vi cc ph v an
-- ton
ng k v kim ton cc
s kin
-- Phn tch cc bn ghi
kim ton
-- Truy nhp ti bn ghi kim
ton
-- La chn cc s kin
cho ng k v
ton
-- kim
Th tc
kim ton
-- X l thng xuyn cc bn
ghi KT

Qun l an ton

M ho

-- Qun l cc
-- TBBV
Qun l cc du hiu
an ton
-- Qun l cc tham s v
cu hnh ca cc
TBBV bin cc du hiu
-- Phn
-- an
Giiton
hn thi gian tc
ng ca cc du
hiu
ancc
ton
-- Vai
tr
nh qun tr

-- Qun l kho
-- m
Cc thit b
mt m

Hnh
8.6:
Phn
loi
ca
44
lplp
c
Hnh
8.6:
Phn
loi
ca
c
th
th

207

Tip theo sau y l phn loi ca 5 lp cui cng:


Kim sot vic dng cc ti
nguyn
-- S km bn
vng
-- Phn phi cc ti nguyn
u tin
-- Phn tch ti nguyn

ng dn tin
cy

Kim sot tip cn


ti HT
-- Hn ch vic s dng
cc du hiu an ton

Khng nh vic
truyn/nhn TT
-- Chng chi b vic
truyn TT

-- ng dn tin cy gia
cc
TBBV
-- ng dn tin cy vi
cc khch hng

-- Hn ch s cc phin
ng thi
-- Cch ly cc phin lm vic
vi HT
-- Gii thch, cnh bo,
mi gi v mch bo
-- Ghi cc phin lm vic vi
HT
-- Kim sot cc phin lm vic
vi HT

-- Chng chi b vic


nhn TT

B mt cng vic
trong HT
-- Mt danh cc khch
hng
-- S dng cc gi danh
-- Mt danh cc phin lm vic
vi HT
-- Bo v chng nghe trm cc phin lm
vic vi HT
Hnh 8.7: Phn loi ca 5 lp cui
cng
Cn lu rng, cc yu cu v b mt, ton vn v kim
sot truy nhp gp vo mt lp Bo v TT l kh hp l v tng ng vi cc nhim v ca chng. y c s phn tch
208

nh gi cc yu cu v chnh sch kim sot truy nhp (Cc


m hnh tu chn DAC) khi cc yu cu kim sot cc
lung TT (Cc m hnh chun bt buc MAC). V cng c
s phn tch cc yu cu v CSAT khi cc yu cu thc hin
CSAT.
Lp cc yu cu v tnh chnh xc lm vic ca cc TBBV
l c khi lng ln nht. iu ni ln mc chi tit ho
rt cao ca cc yu cu ca lp ny i vi cc phng php v
cc thit b bo m cho hot ng bnh thng ca cc
TBBV.
b. Cc yu cu m bo (assurance).
Cc yu cu m bo (YCB) ca CC cu trc rt cht ch
v chng quy ch ho tt c cc cng on thit k, sn
xut v khai thc mt sn phm CNTT t gc duy tr tnh
chnh xc lm vic ca cc TBBV v s ph hp ca chng vi
cc yu cu chc nng, cc nhim v bo v v cc him ho,
tc ng trong mi trng khai thc sn phm.S phn loi
cc YCB ca Cc tiu ch chung th hin trong hnh 8.8

209

Cc yu cu m
bo
Qun l
n

Phn
phi

Thit k

Ti
liu

-- Thit b

-- Cung
cp
-- Lp t,
hiu chnh,
cho chy

-- c t chc
nng chung

-- Ch dn
nh qun
tr
-- Ch dn
khch
hng

kim sot
A
-- Kim sot
cc phin
bn

-- Cu hnh
A

-- Cu trc BV

-- Dng hnh
th hin sn
phm cho
kim chun
-- Cu trc
TBBV
Hnh--8.8:
Phn
c t
ring
cc TBBV

Qu
trnh
sn xut
-- An ton mi
trng sn
xut

-- Sa li v
khc phc
cc r r

-- Cng
ngh sn

xutm
loi cc yu cu
-- Cc thit
bo
b sn
xut

-- Tng ng s
m t mc
khc nhau
-- Chnh sch an
ton

Kim
th
-- S y
kim
th
-- su
kim th
-- Phng
php kim
th
-- Kim th
c lp

Phn
tch bo
v

-- Phn tch
cc knh
ngm

-- Phn tch
cc kh
nng s
dng sai
cc TBBV

-- Phn tch
s bn
vng ca
TBBV

-- Phn tch
sn phm
v tn ti
cc r r

Hnh 8.8: Phn loi cc yu cu m


bo

210

Cc tiu ch chung a ra 7 mc m bo chun, m


cht ch ca cc yu cu m bo tng dn theo th t
mc 1 n mc 7. Mi mc c trng bng mt tp cc yu
cu m bo, quy nh vic p dng cc phng php v
cng ngh khc nhau sn xut, kim th, qun l v
kim chun mt sn phm CNTT:
Mc 1. Kim th chc nng.
Mc 2. Kim th cu trc.
Mc 3. Kim th phng php v kim chun.
Mc 4. Thit k phng php, kim th v phn tch.
Mc 5. Cc phng php thit k bn hnh thc v
kim th.
Mc 6. Cc phng php kim chun thit k bn hnh
thc
v
kim th.
Mc 7. Cc phng php kim chun thit k chnh tc
v kim th.
Mi mc c mt m t ring m y chng ta khng c
iu kin phn tch chi tit.
Sau y l bng phn b cc yu cu m bo theo 7
mc an ton nu trn ca CC.
Cc yu cu m bo

Cc mc m bo
1

1. Qun l i tng (Target)


Cc thit b kim sot i tng
Kim sot cc phin bn
(Versions)

Cu hnh i tng
2. Phn phi
211

Cung ng
Lp t, hiu chnh, cho
chy

3. Thit k
Cc c t chc nng chung
Cu trc ca bo v
Dng th hin sn phm cho
kim chun
Cu trc ca cc TBBV
c t ring cc TBBV
S tng ng m t cc mc
khc nhau

Chnh sch an ton


4. Ti liu
Ch dn nh qun tr

Ch dn khch hng

Cng ngh sn xut

Cc thit b sn xut

5. Qu trnh sn xut
An ton mi trng sn xut
Sa li v khc phc cc r r

6. Kim th
Tnh y ca kim th

su ca kim th
Phng php kim th
c lp kim th

7. nh gi r r
212

Phn tch cc knh ngm


Phn tch kh nng s dng sai
cc TBBV

Phn tch bn vng ca


cc TBBV

Phn tch sn phm v tn ti


cc r r

8.1.4.4. Kt lun.
Cc tiu ch chung an ton cng ngh thng tin l kt
qu tng hp tt c cc thnh tu mi nht trong lnh vc
ATTT. B tiu chun ATTT ny nng cao thnh chun
chung quc t. To kh nng thc t cho vic xc lp mt
khng gian ATTT chung, trong vic kim chun an ton
cc HT s c tin hnh mc ton cu, v iu ny cho
php tch hp cc HT thng tin quc gia, m ra cc chn tri
hon ton mi cho vic ng dng cc CNTT.
8.2. Phn tch v so snh cc tiu chun ATTT.
8.2.1. Phn tch cc tiu chun ATTT.
8.2.1.1. Tnh tng qut.
l tnh cht xc nh bi tp cc HT, cc thit b tnh
ton c th p dng chnh xc cc lun im ca mt tiu
chun. giai on mi hnh thnh v pht trin ca cc
chun ATTT cc nh son tho cm gic rng vn an ton
cn thit cho ch mt lnh vc hp cc chuyn gia ca
chnh ph, trong an ninh quc phng m thi. Mt khc khi
tc tin hc ho cn chm chp. Cho nn tnh tng
qut ca chun ATTT khng c quan tm nhiu.
Trong chun ATTT u tin Sch Da cam, cc tiu ch
ch nhm vo cc ng dng qun s, da trn cc my tnh
ln (mainframe). Vic nng cp n cho cc HT phn tn,
213

cc CSDL i hi phi c cc ti liu b sung, cc thuyt


minh, cc gii thch.
Sau t nm, ra i Cc tiu ch chu u. y
lnh vc p dng ca chun ATTT m rng ln rt nhiu l mt ti liu c s v tnh ti cc HT phn tn, cc
mng, cc HT vin thng Tuy nhin trong chun chu u,
ch vn ni v cu trc v nhim v ca cc HT m n c
p dng, ch khng cp g n mi trng khai thc
chng.
Tiu chun GTK ca Lin bang Nga cng c phm vi p
dng kh hn ch. l cc PC v cc HT a khch hng (nhng vi s khch hng hn ch) Tiu ch Lin bang ca M
a phm vi p dng ln mt mc mi, bt u xem xt p
dng cho bt k sn phm no ca CNTT, khng phn bit
nhim v ca n. Tiu ch Lin bang ca M ch phn bit
cc c trng mi trng khai thc. Tiu ch Canaa xem
phm vi p dng ca mnh bt k loi H thng my tnh
no.
Cui cng, Cc tiu ch chung hon thin qu trnh m
rng phm vi ng dng cc chun ATTT bng vic cho rng
vic s dng chun ATTT l mt thnh t khng th thiu
ca cng ngh thit lp cc sn phm CNTT.
8.2.1.2. Tnh mm do.
S mm do ca cc lun im ca Tiu chun xc nh
s thun tin s dng n bi cc khch hng v cc nh sn
xut cc HT x l TT. V cc yu cu ca chun u tin
(Sch Da cam) a s l bt bin i vi cc c ch thc
hin, cho nn chng t ra qu tru tng trc tip c th
p dng trong nhiu trng hp, do i hi cn c thm cc
bnh lun, b sung v m rng. Cc tiu ch chu u tip
tc tip thu cch trnh by cc yu cu ca Sch Da cam, nhng i theo con ng pht trin nhanh v tch cc, c cc

214

mc v cc yu cu c bit cho cc HT mu (H qun tr


CSDL, HT vin thng)
V s mm do th tiu chun GTK ca Nga cn thua c
Sch da cam. N rt c th trong quy nh ho vic thc
hin cc chc nng bo v (V d, ch c GTK ca Nga a ra
yu cu m ho TT di dng bt buc). iu ny l gim i s
thun tin trong p dng rt nhiu.
Cc tiu ch Lin bang ca M bo m s mm do
mc cao hn hn cc tiu chun trc n. Ln u tin n a
ra c ch H s bo v, m nh c th xc lp cc yu
cu c bit tng ng vi nhu cu ca khch hng ca mt
sn phm c th v cc him ho ca mi trng khai thc sn
phm .
Cui cng, Cc tiu ch chung thc t c mt s mm
do hon ho nht, va c c ch H s bo v cho cc
khch hng, va c c ch n bo v cho cc nh sn
xut v cc chuyn gia kim chun.
8.2.1.3. Tnh m bo.
Tnh m bo ca mc bo v, lc u c cc nh
son tho cc tiu chun xem xt ch cho cc mc an ton
cao nht. V th Sch Da cam coi l bt buc vic p dng
cc phng php kim chun chnh tc (hnh thc) ch i
vi cc HT thuc lp A.
Tuy nhin, s cn thit kim sot tnh chnh xc ca thc
hin cc yu cu v khng nh hiu qu ca cc TBBV cho
cc HT thuc mi mc nhanh chng c hiu ra. Ngay
trong Cc tiu ch chu u xut hin mc cc yu cu
c bit cc yu cu m bo, quy ch ho cng ngh v
cng c thit k, sn xut. CC xem xt tnh m bo thc
hin bo v nh l mt thnh t quan trng nht ca ATTT v
n a ra s kim sot nhiu giai on vi qu trnh sn
xut, cho php khng nh s tng ng ca cc kt qu
thu c vi cc mc tiu ra, bng cch chng minh s
215

m bo ca cc nhim v bo v vi cc yu cu ca khch
hng, s m bo ca TAT vi Cc tiu ch chung v s
m bo ca sn phm CNTT vi TAT.
8.2.2. Xu th pht trin ca cc tiu chun ATTT.
Qua s phn tch cc tiu chun ATTT mc trn c th
ch ra cc xu th pht trin ca cc tiu chun ATTT sau
y:
1. S pht trin ca cc Tiu chun dn ti vic t b mt
thang nh gi duy nht phn cp cc yu cu v cc tiu
ch, cng dn n vic thay th chng bng tp cc ch s
ring c lp v a ra cc thang nh gi c trt t tng
phn.
2. S tng ln khng ngng vai tr ca cc yu cu m
bo thc hin bo v v thc hin CSAT chng t xu th
nghing v cht ca m bo an ton hn l lng ca
n.
3. Xc lp vai tr ca nh sn xut, khch hng v chuyn
gia nh gi sn phm CNTT v s phn tch cc chc nng
ca h trong qu trnh thit lp cc H x l TT an ton
chng t v mt s tch hp bnh ng y cc tiu
chun m bo an ton trong lnh vc CNTT.
4. S phn chia, hnh thnh trn c s cc tiu chun
hin i v vai tr ca nhng ngi tham gia vo qu trnh
thit lp v khai thc cc HT an ton; vic p dng cc c
ch v cc cng ngh tng ng dn n mt s phn b
cn bng trch nhim gia tt c cc thnh vin ca qu
trnh.
5. Cc xu th hin nay ca qu trnh tch hp cc CNTT
v kht vng vn ti s hnh thnh mt khng gian TT ton
cu dn n s cn thit ton cu ho cc tiu chun an
ton thng tin.

216

Cu hi v cc ch tho lun phn 3


1. Nu tm tt lch s pht trin ca cc tiu chun ATTT?
2. nh gi ATTT l g? Sn phm CNTT l g?
3. H s bo v, n bo v l g?
4. Nu cc him ho ATTT c bn.
5. Nu khi nim tnh m bo (assurance) v vai tr
ca cc yu cu m bo trong cc tiu chun ATTT.
6. Nu s phn loi cc yu cu v cc tiu ch ca Sch
Da cam ca B quc phng M?
7. Hy nu cc yu cu chc nng v cc tiu ch m bo
ca Cc tiu ch chu u?
8. Nu cc u im v nhc im ca H tiu ch ATTT
GTK ca Lin bang Nga?
9. Trnh by cu trc ca H s bo v v n bo v
trong Cc tiu ch chung. Ni r vai tr ca hai c ch ny
trong qu trnh thit k, sn xut v kim chun sn phm
CNTT?
10. Tm tt cc yu cu chc nng v cc yu cu m
bo ca Tiu ch chung .
11. Hy phn tch v tnh tng qut v tnh mm do
trong cc tiu chun ATTT?
12. Phn tch cc xu th pht trin ca cc tiu chun
ATTT hin i.

217

Ti liu tham kho


1. . . , . . . .
. 2004.
2. .., ... x
. . 2000.
3.

E.

Amoroso.

Fundamentals

of

Computer

security

technology. Prentice Hall. 1994.


4. J.Hoffman.
Hall. 1997.

Modern methods for computer security and privacy. Prentice

5. Pfleeger. An ton tnh ton. (bn dch). Hc vin k thut


mt m. 2004.
6. Nguyn nh Vinh. Nhng vn c bn ca an ton
thng tin (Tp 1 v tp 2). Hc vin k thut mt m. 2005.

218