CN106101149A - Based on accessing the process access control method and device controlling list - Google Patents

Based on accessing the process access control method and device controlling list Download PDF

Info

Publication number
CN106101149A
CN106101149A CN201610670578.7A CN201610670578A CN106101149A CN 106101149 A CN106101149 A CN 106101149A CN 201610670578 A CN201610670578 A CN 201610670578A CN 106101149 A CN106101149 A CN 106101149A
Authority
CN
China
Prior art keywords
list
access
info
accessing
certification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610670578.7A
Other languages
Chinese (zh)
Other versions
CN106101149B (en
Inventor
彭日濂
王界兵
梁猛
施莹
张伟
董迪马
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangxi Qianjiang Information Technology Co ltd
Original Assignee
Shenzhen Frontsurf Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Frontsurf Information Technology Co ltd filed Critical Shenzhen Frontsurf Information Technology Co ltd
Priority to CN201610670578.7A priority Critical patent/CN106101149B/en
Publication of CN106101149A publication Critical patent/CN106101149A/en
Application granted granted Critical
Publication of CN106101149B publication Critical patent/CN106101149B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

Present invention is disclosed a kind of based on accessing the process access control method and device controlling list, including: authorize S1: read access list of rules R={r of user setup1,r2,r3,...,rn};Regular r in listkDescribe for controlled data Dk, specific program PkAccess license;Certification S2: when having process X to controlled data DxWhen proposing access request, obtain progress information Infox;Progress information comprises PIDxAnd Px;According to InfoxIn Px, eigenvalue list PS searches for Px;License S3: in accessing list of rules R, search includes [Dx,Px] regular rx;Work as rxExist and X needs script performer PShell x/ subprogram PChildren x, to PShell x/PChildren xCarry out S2 certification;Audit S4: access record is stayed for accessing of each process X every time.The present invention controls the list Access Control List access control model to program based on accessing, and be may have access to the black/white list of data by one program of definition, it is possible to realize the precise controlling to data access.

Description

Based on accessing the process access control method and device controlling list
Technical field
The present invention relates to the technical field of data safety, particularly to a kind of based on accessing the process access control controlling list Method and device processed.
Background technology
In computer safety field, there is minimum right principle, i.e. require each of specific abstract layer in computing environment Module such as process, user or computer program can only access necessary information or resource, protection data and merit instantly It is avoided that and is destroyed by mistake or malicious act.
The process accessing data cannot be controlled by traditional access control technology based on user right or user's group, To from the process being held as a hostage with by the attack shortage defensive ability/resistance ability of the program of malicious modification.
Summary of the invention
The main object of the present invention is for providing a kind of based on accessing the process access control method and device, base controlling list Control the list access control model to program in accessing, be may have access to the black/white list of data by one program of definition, it is possible to Realize the precise controlling to data access.
For achieving the above object, the present invention proposes a kind of based on accessing the process access control method controlling list, depends on Secondary including authorizes S1, certification S2, permits S3 and audit S4 Four processes:
Authorize S1: first read access list of rules R={r of user setup1,r2,r3,...,rn};Rule in list rkDescribe for controlled data Dk, specific program PkAccess license, rule rkComposition include Tk、Dk、Pk、PShell k、 PChildren k;To each access rule r in list of rules Rk, calculate relative program Pk, script performer PShell k, subprogram PChildren kMD5 eigenvalue S, set up eigenvalue list PS={ [P1,S1],[P2,S2],[P3,S3],...,[Pn,Sn]};
Certification S2: when having process X to controlled data DxWhen proposing access request, obtain progress information Infox;Progress information Comprise PIDxAnd Px;According to InfoxIn Px, eigenvalue list PS searches for Px;If it does not exist, then PxDo not accessing rule Then list is mentioned, denied access, return Authx=DENY;If it does, the eigenvalue S of record in return listx', enter Next step;For realizing the control to script type program, and the control of subroutine, system contains by the process of certification Cache list PC={Info1,Info2,Info3,...,Infon};If the subprogram that X is another process Y/script performer, The handling process of Y can carry out the certification of X, as X certification is passed through, its progress information InfoxCan be stored in PC;PC searches for Infox, as existed, then return authentication passes through;If do not existed, enter next step;Calculate PxMD5 eigenvalue Sx, and and Sx' right Ratio;If Sx=Sx', then certification is passed through, InfoxIt is stored in cache list PC, access admittance stage;Otherwise, then Auth is returnedx= DENY, denied access;
License S3: in accessing list of rules R, search includes [Dx,Px] regular rx;Work as rxExist and X needs script to transport Row device PShell x/ subprogram PChildren x, to PShell x/PChildren xCarry out S2 certification;As certification by or X need not PShell x/ PChildren x, obtain rxIn license type Tx, return allowed results Authx=TxIf, i.e. Tx=ALLOW, license accesses;If Tx =DENY then denied access;Such as rxDo not exist, denied access, return Authx=DENY;
Audit S4: access record is stayed for accessing of each process X every time;Record comprises Infox、Dx、Authx
As preferably, described TkBeing license type, license type is ALLOW/DENY, represents rkFor allowing or denied access.
As preferably, described DkIt is to define rkThe data being suitable for;PkIt is to define rkThe program being suitable for;PShell kIt is to work as PkIt is one During script, definition runs PkScript performer be applicable to rk;PChildren kIt is to work as PkWhen needing call subroutine, definition is applicable to rkSubprogram.
As preferably, described PIDxIt is the ID of X;PxIt it is the program that enabled of X.
Present invention also offers a kind of based on accessing the process access control apparatus controlling list, including:
Granted unit: first read access list of rules R={r of user setup1,r2,r3,...,rn};Rule in list Then rkDescribe for controlled data Dk, specific program PkAccess license, rule rkComposition include Tk、Dk、Pk、PShell k、 PChildren k;To each access rule r in list of rules Rk, calculate relative program Pk, script performer PShell k, subprogram PChildren kMD5 eigenvalue S, set up eigenvalue list PS={ [P1,S1],[P2,S2],[P3,S3],...,[Pn,Sn]};
Authentication ' unit: when having process X to controlled data DxWhen proposing access request, obtain progress information Infox;Process is believed Breath comprises PIDxAnd Px;According to InfoxIn Px, at eigenvalue list PSMiddle search Px;If it does not exist, then PxDo not accessing List of rules is mentioned, denied access, return Authx=DENY;If it does, the eigenvalue S of record in return listx', enter Enter next step;For realizing the control to script type program, and the control of subroutine, system contains entering by certification Cache list PC={Info of journey1,Info2,Info3,...,Infon};If the subprogram that X is another process Y/script runs Device, can carry out the certification of X in the handling process of Y, as X certification is passed through, and its progress information InfoxCan be stored in PC;PC searches Rope Infox, as existed, then return authentication passes through;If do not existed, enter next step;Calculate PxMD5 eigenvalue Sx, and and Sx' Contrast;If Sx=Sx', then certification is passed through, InfoxIt is stored in cache list PC, access admittance stage;Otherwise, then Auth is returnedx= DENY, denied access;
Licence units: search includes [D in accessing list of rules Rx,Px] regular rx;Work as rxExist and X needs foot This performer PShell x/ subprogram PChildren x, to PShell x/PChildren xIt is authenticated;As certification by or X need not PShell x/ PChildren x, obtain rxIn license type Tx, return allowed results Authx=TxIf, i.e. Tx=ALLOW, license accesses;If Tx =DENY then denied access;Such as rxDo not exist, denied access, return Authx=DENY;
Auditable unit: access record is stayed for accessing of each process X every time;Record comprises Infox、Dx、Authx
As preferably, described TkBeing license type, license type is ALLOW/DENY, represents rkFor allowing or denied access.
As preferably, described DkIt is to define rkThe data being suitable for;PkIt is to define rkThe program being suitable for;PShell kIt is to work as PkIt is one During script, definition runs PkScript performer be applicable to rk;PChildren kIt is to work as PkWhen needing call subroutine, definition is applicable to rkSubprogram.
As preferably, described PIDxIt is the ID of X;PxIt it is the program that enabled of X.
The process access control method and the device that control list based on access provided in the present invention, controls row based on accessing The table (Access Control List accesses and the controls list) access control model to program, can be visited by one program of definition Ask the black/white list of data, it is possible to realize the precise controlling to data access.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of authorisation step in the embodiment of the present invention;
Fig. 2 is the schematic flow sheet of authenticating step in the embodiment of the present invention;
Fig. 3 is the schematic flow sheet processing in the embodiment of the present invention and accessing application.
The realization of the object of the invention, functional characteristics and advantage will in conjunction with the embodiments, are described further referring to the drawings.
Detailed description of the invention
Should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not intended to limit the present invention.
Refering to Fig. 1 to Fig. 3, the embodiment of the present invention provide a kind of based on accessing the process access controlling party controlling list Method, includes authorizing S successively1, certification S2, license S3With audit S4Four processes.
Authorize S1: first read access list of rules R={r of user setup1,r2,r3,...,rn};Rule in list rkDescribe for controlled data Dk, specific program PkAccess license, rule rkComposition include Tk、Dk、Pk、PShell k、 PChildren k;To each access rule r in list of rules Rk, calculate relative program Pk, script performer PShell k, subprogram PChildren kMD5 eigenvalue S, set up eigenvalue list PS={ [P1,S1],[P2,S2],[P3,S3],...,[Pn,Sn]}。
Certification S2: when having process X to controlled data DxWhen proposing access request, obtain progress information Infox;Progress information Comprise PIDxAnd Px;According to InfoxIn Px, eigenvalue list PS searches for Px;If it does not exist, then PxDo not accessing rule Then list is mentioned, denied access, return Authx=DENY;If it does, the eigenvalue S of record in return listx', enter Next step;For realizing the control to script type program, and the control of subroutine, system contains by the process of certification Cache list PC={Info1,Info2,Info3,...,Infon};If the subprogram that X is another process Y/script performer, The handling process of Y can carry out the certification of X, as X certification is passed through, its progress information InfoxCan be stored in PC;PC searches for Infox, as existed, then return authentication passes through;If do not existed, enter next step;Calculate PxMD5 eigenvalue Sx, and and Sx' right Ratio;If Sx=Sx', then certification is passed through, InfoxIt is stored in cache list PC, access admittance stage;Otherwise, then Auth is returnedx= DENY, denied access.
License S3: in accessing list of rules R, search includes [Dx,Px] regular rx;Work as rxExist and X needs script to transport Row device PShell x/ subprogram PChildren x, to PShell x/PChildren xCarry out S2 certification;As certification by or X need not PShell x/ PChildren x, obtain rxIn license type Tx, return allowed results Authx=TxIf, i.e. Tx=ALLOW, license accesses;If Tx =DENY then denied access;Such as rxDo not exist, denied access, return Authx=DENY.
Audit S4: access record is stayed for accessing of each process X every time;Record comprises Infox、Dx、Authx.Institute State TkBeing license type, license type is ALLOW/DENY, represents rkFor allowing or denied access.Described DkIt is to define rkIt is suitable for Data;PkIt is to define rkThe program being suitable for;PShell kIt is to work as PkWhen being a script, definition runs PkScript performer be applicable to rk;PChildren kIt is to work as PkWhen needing call subroutine, definition is applicable to rkSubprogram.Described PIDxIt is the ID of X;PxIt is that X is opened Program.
The present embodiment accesses the existing rule allowing to access in control list, also has the rule of denied access;Definition Blacklist is to access to control the list of denied access in list, and white list is to access the list controlling to allow to access in list.This The process access control method controlling list based on access provided in inventive embodiments, this method controls list based on accessing (Access Control List accesses and controls list) access control model to program, be may have access to by one program of definition The black/white list of data, it is possible to realize the precise controlling to data access.
The embodiment of the present invention additionally provide a kind of based on accessing the process access control apparatus controlling list, including:
Granted unit: first read access list of rules R={r of user setup1,r2,r3,...,rn};Rule in list Then rkDescribe for controlled data Dk, specific program PkAccess license, rule rkComposition include Tk、Dk、Pk、PShell k、 PChildren k;To each access rule r in list of rules Rk, calculate relative program Pk, script performer PShell k, subprogram PChildren kMD5 eigenvalue S, set up eigenvalue list PS={ [P1,S1],[P2,S2],[P3,S3],...,[Pn,Sn]};
Authentication ' unit: when having process X to controlled data DxWhen proposing access request, obtain progress information Infox;Process is believed Breath comprises PIDxAnd Px;According to InfoxIn Px, eigenvalue list PS searches for Px;If it does not exist, then PxDo not accessing List of rules is mentioned, denied access, return Authx=DENY;If it does, the eigenvalue S of record in return listx', enter Enter next step;For realizing the control to script type program, and the control of subroutine, system contains entering by certification Cache list PC={Info of journey1,Info2,Info3,...,Infon};If the subprogram that X is another process Y/script runs Device, can carry out the certification of X in the handling process of Y, as X certification is passed through, and its progress information InfoxCan be stored in PC;PC searches Rope Infox, as existed, then return authentication passes through;If do not existed, enter next step;Calculate PxMD5 eigenvalue Sx, and and Sx' Contrast;If Sx=Sx', then certification is passed through, InfoxIt is stored in cache list PC, access admittance stage;Otherwise, then Auth is returnedx= DENY, denied access;
Licence units: search includes [D in accessing list of rules Rx,Px] regular rx;Work as rxExist and X needs foot This performer PShell x/ subprogram PChildren x, to PShell x/PChildren xIt is authenticated;As certification by or X need not PShell x/ PChildren x, obtain rxIn license type Tx, return allowed results Authx=TxIf, i.e. Tx=ALLOW, license accesses;If Tx =DENY then denied access;Such as rxDo not exist, denied access, return Authx=DENY;
Auditable unit: access record is stayed for accessing of each process X every time;Record comprises Infox、Dx、Authx
Wherein, described TkBeing license type, license type is ALLOW/DENY, represents rkFor allowing or denied access;Described DkIt is to define rkThe data being suitable for;PkIt is to define rkThe program being suitable for;PShell kIt is to work as PkWhen being a script, definition runs PkFoot This performer is applicable to rk;PChildren kIt is to work as PkWhen needing call subroutine, definition is applicable to rkSubprogram;Described PIDxIt is The ID of X;PxIt it is the program that enabled of X.
In sum, accessing in embodiments of the present invention controls the existing rule allowing to access in list, also has refusal The rule accessed;Blacklist is to access to control the list of denied access in list, and white list controls to allow in list to visit for accessing The list asked.The process access control method of list and device is controlled based on accessing for what the embodiment of the present invention provided, based on Access the access control model controlling list (Access Control List accesses and controls list) to program, by definition one Zhang Chengxu may have access to the black/white list of data, it is possible to realizes the precise controlling to data access.
The foregoing is only the preferred embodiments of the present invention, not thereby limit the scope of the claims of the present invention, every utilization Equivalent structure or equivalence flow process that description of the invention and accompanying drawing content are made convert, or it is relevant to be directly or indirectly used in other Technical field, be the most in like manner included in the scope of patent protection of the present invention.

Claims (8)

1. the process access control method controlling list based on access, it is characterised in that: include successively authorizing S1, certification S2、 License S3With audit S4Four processes:
Authorize S1: first read access list of rules R={r of user setup1,r2,r3,...,rn};Regular r in listkRetouch State for controlled data Dk, specific program PkAccess license, rule rkComposition include Tk、Dk、Pk、PShell k、PChildren k; To each access rule r in list of rules Rk, calculate relative program Pk, script performer PShell k, subprogram PChildren k's MD5 eigenvalue S, sets up eigenvalue list PS={ [P1,S1],[P2,S2],[P3,S3],...,[Pn,Sn]};
Certification S2: when having process X to controlled data DxWhen proposing access request, obtain progress information Infox;Progress information comprises PIDxAnd Px;According to InfoxIn Px, eigenvalue list PS searches for Px;If it does not exist, then PxDo not accessing rules column Table is mentioned, denied access, return Authx=DENY;If it does, the eigenvalue S of record in return listx', enter next Step;For realizing the control to script type program, and the control of subroutine, system contains delaying by the process of certification Deposit list PC={Info1,Info2,Info3,...,Infon};If the subprogram that X is another process Y/script performer, Y's Handling process can carry out the certification of X, as X certification is passed through, its progress information InfoxCan be stored in PC;Searching I nfo in PCx, As existed, then return authentication passes through;If do not existed, enter next step;Calculate PxMD5 eigenvalue Sx, and and Sx' contrast;If Sx =Sx', then certification is passed through, InfoxIt is stored in cache list PC, access admittance stage;Otherwise, then Auth is returnedx=DENY, refusal Access;
License S3: in accessing list of rules R, search includes [Dx,Px] regular rx;Work as rxExist and X needs script performer PShell x/ subprogram PChildren x, to PShell x/PChildren xCarry out S2 certification;As certification by or X need not PShell x/ PChildren x, obtain rxIn license type Tx, return allowed results Authx=TxIf, i.e. Tx=ALLOW, license accesses;If Tx =DENY then denied access;Such as rxDo not exist, denied access, return Authx=DENY;
Audit S4: access record is stayed for accessing of each process X every time;Record comprises Infox、Dx、Authx
It is the most according to claim 1 a kind of based on accessing the process access control method controlling list, it is characterised in that: institute State TkBeing license type, license type is ALLOW/DENY, represents rkFor allowing or denied access.
It is the most according to claim 1 a kind of based on accessing the process access control method controlling list, it is characterised in that: institute State DkIt is to define rkThe data being suitable for;PkIt is to define rkThe program being suitable for;PShell kIt is to work as PkWhen being a script, definition runs Pk's Script performer is applicable to rk;PChildren kIt is to work as PkWhen needing call subroutine, definition is applicable to rkSubprogram.
It is the most according to claim 1 a kind of based on accessing the process access control method controlling list, it is characterised in that: institute State PIDxIt is the ID of X;PxIt it is the program that enabled of X.
5. the process access control apparatus controlling list based on access, it is characterised in that including:
Granted unit: first read access list of rules R={r of user setup1,r2,r3,...,rn};Regular r in listk Describe for controlled data Dk, specific program PkAccess license, rule rkComposition include Tk、Dk、Pk、PShell k、 PChildren k;To each access rule r in list of rules Rk, calculate relative program Pk, script performer PShell k, subprogram PChildren kMD5 eigenvalue S, set up eigenvalue list PS={ [P1,S1],[P2,S2],[P3,S3],...,[Pn,Sn]};
Authentication ' unit: when having process X to controlled data DxWhen proposing access request, obtain progress information Infox;Progress information bag Containing PIDxAnd Px;According to InfoxIn Px, eigenvalue list PS searches for Px;If it does not exist, then PxDo not accessing rule List is mentioned, denied access, return Authx=DENY;If it does, the eigenvalue S of record in return listx', under entrance One step;For realizing the control to script type program, and the control of subroutine, system contains by the process of certification Cache list PC={Info1,Info2,Info3,...,Infon};If the subprogram that X is another process Y/script performer, Y Handling process in can carry out the certification of X, as X certification is passed through, its progress information InfoxCan be stored in PC;PC searches for Infox, as existed, then return authentication passes through;If do not existed, enter next step;Calculate PxMD5 eigenvalue Sx, and and Sx' right Ratio;If Sx=Sx', then certification is passed through, infoxIt is stored in cache list PC, access admittance stage;Otherwise, then Auth is returnedx= DENY, denied access;
Licence units: search includes [D in accessing list of rules Rx,Px] regular rx;Work as rxExist and X needs script to run Device PShell x/ subprogram PChildren x, to PShell x/PChildren xIt is authenticated;As certification by or X need not PShell x/ PChildren x, obtain rxIn license type Tx, return allowed results Authx=TxIf, i.e. Tx=ALLOW, license accesses;If Tx =DENY then denied access;Such as rxDo not exist, denied access, return Authx=DENY;
Auditable unit: access record is stayed for accessing of each process X every time;Record comprises Infox、Dx、Authx
It is the most according to claim 5 a kind of based on accessing the process access control apparatus controlling list, it is characterised in that: institute State TkBeing license type, license type is ALLOW/DENY, represents rkFor allowing or denied access.
It is the most according to claim 5 a kind of based on accessing the process access control apparatus controlling list, it is characterised in that: institute State DkIt is to define rkThe data being suitable for;PkIt is to define rkThe program being suitable for;PShell kIt is to work as PkWhen being a script, definition runs Pk's Script performer is applicable to rk;PChildren kIt is to work as PkWhen needing call subroutine, definition is applicable to rkSubprogram.
It is the most according to claim 5 a kind of based on accessing the process access control apparatus controlling list, it is characterised in that: institute State PIDxIt is the ID of X;PxIt it is the program that enabled of X.
CN201610670578.7A 2016-08-15 2016-08-15 Process access control method and device based on accesses control list Active CN106101149B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610670578.7A CN106101149B (en) 2016-08-15 2016-08-15 Process access control method and device based on accesses control list

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610670578.7A CN106101149B (en) 2016-08-15 2016-08-15 Process access control method and device based on accesses control list

Publications (2)

Publication Number Publication Date
CN106101149A true CN106101149A (en) 2016-11-09
CN106101149B CN106101149B (en) 2019-05-17

Family

ID=58069309

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610670578.7A Active CN106101149B (en) 2016-08-15 2016-08-15 Process access control method and device based on accesses control list

Country Status (1)

Country Link
CN (1) CN106101149B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020019971A1 (en) * 2018-07-25 2020-01-30 百富计算机技术(深圳)有限公司 Active security protection method for operating system, system and terminal device
CN110781491A (en) * 2019-10-25 2020-02-11 苏州浪潮智能科技有限公司 Method and device for controlling process to access file
CN112104625A (en) * 2020-09-03 2020-12-18 腾讯科技(深圳)有限公司 Process access control method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1758590A (en) * 2004-10-08 2006-04-12 飞力凯网路股份有限公司 Information processing apparatus, information processing method, and program
CN1936915A (en) * 2006-09-15 2007-03-28 毛德操 Method for controlling file access in operation system according to user's action history
CN101827091A (en) * 2010-03-26 2010-09-08 浪潮电子信息产业股份有限公司 Method for detecting Solaris system fault by utilizing mandatory access control
CN103034799A (en) * 2012-12-14 2013-04-10 南京中孚信息技术有限公司 Kernel level desktop access control method
CN103701801A (en) * 2013-12-26 2014-04-02 四川九洲电器集团有限责任公司 Resource access control method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1758590A (en) * 2004-10-08 2006-04-12 飞力凯网路股份有限公司 Information processing apparatus, information processing method, and program
CN1936915A (en) * 2006-09-15 2007-03-28 毛德操 Method for controlling file access in operation system according to user's action history
CN101827091A (en) * 2010-03-26 2010-09-08 浪潮电子信息产业股份有限公司 Method for detecting Solaris system fault by utilizing mandatory access control
CN103034799A (en) * 2012-12-14 2013-04-10 南京中孚信息技术有限公司 Kernel level desktop access control method
CN103701801A (en) * 2013-12-26 2014-04-02 四川九洲电器集团有限责任公司 Resource access control method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
徐琼: "内网安全访问控制中进程访问控制的设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 *
王峰: "基于进程访问控制机制的研究与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020019971A1 (en) * 2018-07-25 2020-01-30 百富计算机技术(深圳)有限公司 Active security protection method for operating system, system and terminal device
CN110781491A (en) * 2019-10-25 2020-02-11 苏州浪潮智能科技有限公司 Method and device for controlling process to access file
CN110781491B (en) * 2019-10-25 2022-02-18 苏州浪潮智能科技有限公司 Method and device for controlling process to access file
CN112104625A (en) * 2020-09-03 2020-12-18 腾讯科技(深圳)有限公司 Process access control method and device
CN112104625B (en) * 2020-09-03 2024-04-16 腾讯云计算(北京)有限责任公司 Process access control method and device

Also Published As

Publication number Publication date
CN106101149B (en) 2019-05-17

Similar Documents

Publication Publication Date Title
Kerr Norms of computer trespass
CN108292331B (en) Method and system for creating, verifying and managing identities
US9112863B2 (en) Method, program product and server for controlling a resource access to an electronic resource stored within a protected data environment
US7509497B2 (en) System and method for providing security to an application
CN107342992A (en) A kind of System right management method, apparatus and computer-readable recording medium
US8307406B1 (en) Database application security
US20110296497A1 (en) Delegation-Based Authorization
US9990505B2 (en) Temporally isolating data accessed by a computing device
CN110149328A (en) Interface method for authenticating, device, equipment and computer readable storage medium
EP3805962B1 (en) Project-based permission system
US20230153403A1 (en) Computing System and Method for Verification of Access Permissions
CN105612731B (en) It may have access to application state across accredited and untrusted platform roaming internet
CN106101149A (en) Based on accessing the process access control method and device controlling list
US8271785B1 (en) Synthesized root privileges
CN114385995B (en) Method for accessing micro-service to industrial Internet through identification analysis based on Handle and identification service system
Zhang et al. A Small Leak Will Sink Many Ships: Vulnerabilities Related to mini-programs Permissions
Wang et al. Towards a better super-app architecture from a browser security perspective
US20180165467A1 (en) System and method of preventing unfair evaluation of applications by users
US9479492B1 (en) Authored injections of context that are resolved at authentication time
CN104980435A (en) Identity authentication system and method
CN112187725A (en) Cloud computing resource access method and device, service line service and gateway
RU2630163C1 (en) Method of control of files access
Deng et al. Research on the role-based access control model and data security method
CN110427770A (en) A kind of Access and control strategy of database method and system for supporting service security to mark
JP4062067B2 (en) Application execution permission judgment method by combination of user authentication

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20230411

Address after: Huawei (Jiangxi) New Generation Information Technology Application Innovation Center Partner Regional Office, 3rd Floor, Building 1, Science and Technology Innovation Center, No. 798 Lianxi Avenue, Lianxi District, Jiujiang City, Jiangxi Province, 332000

Patentee after: Jiangxi Qianjiang Information Technology Co.,Ltd.

Address before: 518000, 9th Floor, Longguang Century Building, Haixiu Road, Shenzhen, Guangdong Province

Patentee before: SHENZHEN FRONTSURF INFORMATION TECHNOLOGY Co.,Ltd.

TR01 Transfer of patent right