CN115270157A - Access control method and system - Google Patents
Access control method and system Download PDFInfo
- Publication number
- CN115270157A CN115270157A CN202210923503.0A CN202210923503A CN115270157A CN 115270157 A CN115270157 A CN 115270157A CN 202210923503 A CN202210923503 A CN 202210923503A CN 115270157 A CN115270157 A CN 115270157A
- Authority
- CN
- China
- Prior art keywords
- access request
- access
- attribute
- attribute information
- attribute data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
Abstract
The embodiment of the specification discloses an access control method and system, which relate to the technical field of computer system security and comprise the following steps: acquiring access request attribute data; the access request attribute data corresponds to an access request in host equipment and comprises attribute information and credible attribute information of an access element in the access request; performing access request security level evaluation to obtain an evaluation result; modifying or not modifying a trusted attribute value in the access request attribute data based on the evaluation result; generating a control strategy corresponding to the access request based on the access request attribute data and a preset access management strategy; the control strategy is used for controlling the mode of the host equipment responding to the access request, and further ensuring the information security of the host equipment.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to an access control method and system.
Background
Inside the computer, the main body mainly uses the resources by means of access requests. For example, a user or a process requests file data stored inside a computer to obtain and use the file data. Access control is a means for restricting the ability of an access agent in a computer system to use resources based on a certain policy, and is an important means for protecting information security.
Some embodiments of the present description are directed to providing an access control method to implement dynamic management and control of access requests inside a computer.
Disclosure of Invention
One of the embodiments of the present specification provides an access control method, which is implemented by a trusted system, including: acquiring access request attribute data; the access request attribute data corresponds to an access request in host equipment and comprises attribute information and credible attribute information of an access element in the access request; performing access request security level evaluation to obtain an evaluation result; modifying or not modifying trusted attribute information in the access request attribute data based on the evaluation result; generating a control strategy corresponding to the access request based on the access request attribute data and a preset access management strategy; the control strategy is used for controlling the mode of the host equipment responding to the access request, and further ensuring the information security of the host equipment.
One of the embodiments of the present specification provides an access control system, including: the strategy information component is used for acquiring the attribute data of the access request; the access request attribute data corresponds to an access request in host equipment and comprises attribute information and credible attribute information of an access element in the access request; the trusted attribute component is used for evaluating the security level of the access request to obtain an evaluation result; and for modifying or not modifying trusted attribute information in the access request attribute data based on the evaluation result; the strategy decision component is used for generating a control strategy corresponding to the access request based on the access request attribute data and a preset access management strategy; the control strategy is used for controlling the mode of the host equipment responding to the access request, and further ensuring the information security of the host equipment.
One of the embodiments of the present specification provides an apparatus, including a processor and a storage medium, where the storage medium stores computer instructions, and the processor is configured to execute the computer instructions to implement the access control method.
Drawings
The present description will be further explained by way of exemplary embodiments, which will be described in detail by way of the accompanying drawings. These embodiments are not intended to be limiting, and in these embodiments like numerals are used to indicate like structures, wherein:
FIG. 1 is an exemplary flow diagram of an access control method according to some embodiments of the present description;
fig. 2 is a schematic diagram of the architecture and internal data flow of an access control system according to some embodiments of the present disclosure.
Detailed Description
In order to more clearly illustrate the technical solutions of the embodiments of the present specification, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only examples or embodiments of the present description, and that for a person skilled in the art, the present description can also be applied to other similar scenarios on the basis of these drawings without inventive effort. Unless otherwise apparent from the context, or otherwise indicated, like reference numbers in the figures refer to the same structure or operation.
It should be understood that "system", "device", "unit" and/or "module" as used herein is a method for distinguishing different components, elements, parts, portions or assemblies at different levels. However, other words may be substituted by other expressions if they accomplish the same purpose.
As used in this specification, the terms "a," "an," and/or "the" are not intended to be inclusive in the singular, but rather are intended to include the plural, unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" merely indicate that steps and elements are included which are explicitly identified, that the steps and elements do not form an exclusive list, and that a method or apparatus may include other steps or elements.
Flow charts are used in this description to illustrate operations performed by a system according to embodiments of the present description. It should be understood that the preceding or following operations are not necessarily performed in the exact order in which they are performed. Rather, the steps may be processed in reverse order or simultaneously. Meanwhile, other operations may be added to the processes, or a certain step or several steps of operations may be removed from the processes.
Inside the computer, the main body mainly uses the resources by means of access requests. The resources may include data, hardware resources, software resources, and the like. For example, a user requests document data stored inside a computer to obtain and use the document data. As another example, a process in a computing device requests access to the results of a computation by another process. As another example, a process in a computing device requests to invoke a hardware resource of the device. Yet alternatively, a process calls a function in the computing device. However, not any subject has a right to use various resources inside the computing device, and many attackers attack information security of the computing device by illegally requesting resources inside the computing device. Therefore, the management and control of the access request are effective information security protection means.
In some embodiments, the (resource) access request may include elements of a subject, an object, an operation, and an environment. The subject may be a party initiating the access request, such as a user, a process, etc.; an object may refer to an accessed object, such as a hardware resource, a software resource (a function, an application, etc.), data (a file, a processing result of a process, etc.); the operation may be reading, modifying, adding or deleting, etc.; the context may be an access time, a network address of the subject, etc. In some application scenarios, an access authority may be set in advance for a possible access subject, and during access control, whether the access subject has the authority to acquire the requested object resource may be verified based on the preset authority, and when the access subject does not have the authority, the computing device is prohibited from responding to the access subject, and when the access subject has the authority, the computing device is permitted to return the requested object resource to the access subject. RBAC (Role Based Access Control) introduces the concept of roles to classify the roles of the Access subject and sets corresponding Access rights for each Role. The access control mode belongs to static control, and after the authority is set, as long as an access subject meets the corresponding role requirement, the corresponding resources can be accessed all the time, even if the access subject is maliciously faked (if an attacker steals an account number of a user). The ABAC (Attribute Based Access Control) flexibly describes each element in the Access request from the perspective of attributes, and when performing Access Control, determines whether the Attribute value of each element in the Access request meets the preset Access authority or the Attribute condition in the Access management policy, and if so, releases the Access request. However, the access control mode still belongs to static control, and after the authority is set, as long as the access subject and other elements meet corresponding attribute conditions, corresponding resources can still be accessed all the time.
On the other hand, with the popularization of big data computing, distributed computing systems are widely used, and in a distributed computing environment, the number of access agents is huge, and the distributed computing environment has the characteristics of dynamic change along with time, such as that some users log out of the system every time period, and new users enter the system at the same time. Therefore, the management of system users cannot be as strict and accurate as a closed system, which also makes the static access control mode not well adapted to the open environment of the distributed computing system.
In view of this, some embodiments of the present disclosure provide a dynamic access control method, which can change access rights of an access request in time based on behavior of the access request.
FIG. 1 is an exemplary flow diagram of an access control method according to some embodiments of the present description.
In some embodiments, the process 100 shown in FIG. 1 may be implemented by a trusted system.
A trusted system may be "hosted" in a computing device, acting as an immune system to the computing device, that is built independently of the computing device's (also referred to as hosting device) own system. The trusted system has a hardware base and a database of the trusted system, does not need to rely on system resources of the host equipment, and has better security. In some embodiments, a trusted system (which may also be referred to as a trusted computing platform) may further include a root-of-trust entity and a trusted software base. The Trusted root entity is a basic function Module of the Trusted system, is implemented by bottom hardware and basic software, is used for supporting establishment and transmission of a Trusted chain of the Trusted system, and can provide services such as integrity measurement, secure storage, cryptographic computation and the like outwards. A Trusted Software Base (TSB) is a collection of Software elements that provide support for the trustworthiness of a Trusted system. For more description of the trusted system, reference may be made to the description of FIG. 2.
As shown in fig. 1, the process 100 may include:
step 110, access request attribute data is obtained.
The access request may be an access request in the host device, and the access request attribute data corresponds to the access request in the host device one to one, and includes attribute information of an access element in the access request and trusted attribute information. As previously described, the access request may include elements of subject, object, operation, and environment. In some embodiments, the elements in the access request are described by respective attribute information, and thus, the access request attribute data may be obtained directly based on the access request. In some embodiments, the access request record is an identifier of an element, and it is necessary to obtain attribute information of each access element by querying an attribute database, and then obtain access request attribute data based on the attribute information. In some embodiments, the access request attribute data may be generated by a policy information component. In some embodiments, the Access Request Attribute data may also be referred to as an Attribute-based Access Request (AAR).
In some embodiments, access requests in the hosting device may be actively intercepted by the hosting device interface component. The host device interface component may be implemented based on a hook preset in the host device operating system, and thus, the host device interface component may also be referred to as a security agent. The hooks are program interfaces for calling basic functions of the operating system or controlling the operating system, and the host device interface component can intercept behavior data of the operating system through some preset hooks, such as resource access requests in the host device or various monitoring data such as response information to the access requests.
The Attribute database (AA) records various Attribute data including subject and object Attribute information. The subject or object access elements, attribute information, and mapping relationships in the attribute database may be configured based on information security requirements at the beginning of trusted system creation. The policy information component may retrieve corresponding attribute information from the attribute database based on the identification of the access requirement. As an example, the access request intercepted by the hosting device interface component from the hosting device includes a subject identifier, an object identifier, an operation description, an environment description, and the like. At this time, the operation description and the environment description may be directly used as the attribute information of the operation and environment elements, and the attribute information corresponding to each of the operation and environment elements may be searched from the attribute database based on the subject identifier and the object identifier. In some embodiments, the trusted attribute information may be a preset value, for example, the trusted attribute information may default to a full score of 10. In some embodiments, trusted attribute information may correspond to an access subject or object and be stored in an attribute database. In still other embodiments, the trusted attribute information may also have a correspondence with the set of access elements, and in particular, a particular combination of subject, object, operation, and environment may have a particular trusted attribute value. At this point, the decision information component may obtain a corresponding trusted attribute value based on the subject or object or combination of access elements in the access request. Thereafter, access request attribute data is generated based on the attribute information of each element and the trusted attribute information. Wherein the access request attribute data may have the following format:
{sAttr_set,oAttr_set,aAttr_set,eAttr_set,tAttr_set};
here, s, o, a, e, and t correspond to a subject, an object, an operation, an environment, and a trusted attribute, respectively, and since a plurality of attribute values may be provided for each element, they may be represented by a set.
And step 120, evaluating the security level of the access request to obtain an evaluation result.
In some embodiments, a trusted system (e.g., a trusted property component) may evaluate an access request to determine its security level. In some embodiments, the results of the evaluation of the safety level may include danger and safety. As an example, the trusted system may obtain a frequency of access requests of the same access element, determine the security level based on the frequency thereof, e.g., may determine the security level of the access request as dangerous when the frequency exceeds a preset abnormal frequency value. In some embodiments, the trusted system may measure the identity information of the subject in the access request through its own measurement function to obtain a measurement result, for example, obtain a hash value of the identity information of the subject, obtain the hash value of the original identity information of the subject from a reference value pre-stored in the system through the determination function, compare the hash value with the measurement result, and if the result is inconsistent, determine that the security of the access request is equal to a risk. For another example, the trusted system may also match the subject and object in the access request, and if there is an apparent mismatch, the access request may be determined to be dangerous. Taking a computing device of a certain medical system as an example, the access subject is an anesthesiology attending physician, and the access object is purchase information of the medical device, at this time, the subject and the object are considered to be obviously unmatched, and the access request is determined to be dangerous. If the access request does not hit the preset hazard rules, the access request may be determined to be safe. In some embodiments, the security level of the access request may be further refined to further levels, such as may also include ordinary. It should be noted that the above policy for determining the security level of the access request is only an example, and may be formulated according to business needs in practical application, which is not limited in this specification.
And step 130, modifying or not modifying the credible attribute information in the access request attribute data based on the evaluation result.
After the access request is evaluated by the trusted property component, the trusted property information may be modified based on the evaluation result. As an example, when the evaluation result is safe, the trusted attribute information in the access request attribute data is not modified; and when the evaluation result is dangerous, modifying the credible attribute information in the access request attribute data. The modification may be carried out in a specific manner by replacing the original value thereof with another numerical value, or by decreasing the degree of risk, the more dangerous the more the degree of decrease. Or the trusted attribute information in the access request attribute data may be considered to reflect the result of the security level evaluation of the access request. In some embodiments, the trusted properties component may update the corresponding trusted properties information in the properties database AA based on the modified trusted properties information.
In some embodiments, the timing for modifying the trusted attribute information may also be determined according to the evaluation result. For example, when the evaluation result is normal, after step 140, the trusted attribute information in the access request attribute data may be modified and stored (for example, corresponding trusted attribute information in the attribute database AA is updated), so that the current access request is not interfered, and the subsequent similar access requests are restricted in authority; and when the evaluation result is dangerous, modifying the credible attribute information in the access request attribute data before the host equipment executes the access request, namely immediately limiting the authority of the dangerous access request.
And step 140, generating a control strategy corresponding to the access request based on the access request attribute data and a preset access management strategy.
The access management policy is preset and stored in the policy database. The access management policy may include an attribute condition of one or more of the access elements and a trusted attribute condition. The condition may be that the attribute information in the access request attribute data and the preset value or the preset range satisfy a relationship of being greater than, less than, or in the preset value or the preset range. Illustratively, the access management policy may have the following format:
Policy←<policy id ,Attr_Set_Policy,Rule>;
wherein, policy id For Policy identification, to distinguish different access management policies, the Attr _ Set _ Policy includes attribute information types (such as subject attribute, object attribute, trusted attribute, and the like) related to the policies, and Rule represents related condition information.
After the access request attribute data is generated, the access request attribute data is used for generating a control policy. Specifically, the policy decision component may compare the access policy with the policies in the policy database one by one, and if the AAR request satisfies the access management policy, that is, if the attribute value of any attribute information type in the AAR satisfies the constraint condition in the access management policy, feed back the Result { Permit, denny }. As an example, the control policy may be generated based on the following rules:
(1) If the attribute information in Policy cannot be completely covered by the attribute information value in AAR, the generated determination result is unknown. At this time, no control strategy is generated.
(2) And any attribute information in the Policy can be found in the attribute information in the AAR, and if the corresponding attribute information in the AAR meets the attribute condition in the Policy, a judgment result is generated to be a corresponding control strategy, such as permission or prohibition. As for the determination result, permission or prohibition is specifically determined by Policy, because either a prohibition Policy or an allowance Policy may exist. For the prohibition policy, the determination result may be determined as prohibition in the aforementioned case.
(3) Any attribute information in Policy can be found in the attribute information in the AAR, but if at least one corresponding attribute information in the AAR does not satisfy the attribute condition in Policy, the determination result is generated to be not satisfied, and at this time, the control Policy may not be generated.
Based on the above, it can be known that, when the trusted attribute value information in the access request attribute data is changed, the access management policy is not changed, which may cause the access request attribute data to be changed from the state of originally satisfying the access management policy to no longer satisfying the access management policy, and further may cause the access request that may be originally allowed to be prohibited. Therefore, dynamic control of the access request authority can be realized through dynamic adjustment of the trusted attribute value.
In some embodiments, steps 120 and 130 need to be performed upon triggering of a security event. The security event may be a category of access request. That is, steps 110 to 140 are executed only when the access request belongs to the security event, and when the access request does not belong to the security event, only steps 110 and 140 are executed, that is, processing is performed in the normal ABAC access control mode. Therefore, the processing frequency of the credible attribute of the access request of the non-safety event class can be reduced, and the system efficiency is improved.
In some embodiments, determining whether the access request belongs to a security event may be performed by the hosting device, e.g., by directly including an identifier with the security event in the intercepted access request, and the trusted system (e.g., the hosting device interface component or the access control access component or the host process) may then directly determine whether the access request belongs to a security event based thereon. Alternatively, the trusted system may perform the determining step, i.e., the process 100 may further include a security event determining step. As an example, when the access request involves a system call (e.g., involves reading from or writing to a host device sensitive file or a network connection is abnormal), it is determined that it belongs to a security event; when the access request relates to process loading (such as program loading and dynamic library loading), determining that the access request belongs to a security event; when the access request relates to shared memory, it is determined that it belongs to a security event. It should be noted that the rule for determining whether the access request belongs to the security event may be formulated according to a specific security protection requirement, which is not limited in this specification. In some embodiments, the security event determination step may be performed by a host device interface component in the trusted system, or by a host process or access control access component in the trusted system.
In some embodiments, process 100 may further include executing the control policy to affect the manner in which the host device responds to the access request. In some embodiments, the host device interface component may also enable control of the host device through other hooks provided by the host device operating system. Such as when the control policy is prohibit (Denny), the host device interface component prevents the host device from responding to the access request through a preset hook, or does not intervene in the access request (such as when the control policy is Permit).
Fig. 2 is a schematic diagram of the architecture and internal data flow of an access control system according to some embodiments of the present disclosure.
The trusted system shown in fig. 2 may be used to perform the process 100 described above. In some embodiments, the trusted system 200 may include a root-of-trust entity and a trusted software base. The trusted software base is based on the trusted root entity and provides software support for the function realization of the trusted system. The trusted software base further includes a plurality of functional components. In some embodiments, the plurality of functional components may include a host device interface component, a policy information component, a trusted properties component, and a policy decision component, among others. The foregoing components may be scheduled by an access control access component or a host process to implement the access control method described in flow 100.
In some embodiments, the hosting device interface component actively intercepts an access request from the hosting device and sends the access request to the access control access component; the access control access assembly sends the access request to the decision information assembly, the decision information assembly obtains the attribute information and the credible attribute information of each element in the access request by inquiring the attribute database AA and generates access request attribute data AAR, and then the decision information assembly returns the AAR to the access control access assembly; the access control access component sends the AAR to the trusted attribute component, the trusted attribute component evaluates the security level of the access request, modifies or does not modify the trusted attribute value in the AAR based on the evaluation result, and then the trusted attribute component returns the AAR to the access control access component; the access control access component sends the AAR to the policy decision component, the policy decision component acquires an access management policy from the decision database, matches the AAR with the access management policy, and generates a control policy based on a matching result; and then, the strategy decision component sends the control strategy to the access control access component, the access control access component sends the control strategy to the host equipment interface component, and the host equipment interface component does not respond to the control host equipment or responds to the access request based on the control strategy.
In some embodiments, the access control access component may further determine whether the access request belongs to a security event, and if not, directly send the AAR to the policy decision component after obtaining the returned AAR from the decision information component; when the access request belongs to the security event, the access control access component sends the AAR to the credible attribute component for processing after acquiring the AAR returned from the decision information component. That is, the trusted property component will only evaluate the security level and modify its trusted property value if the access request belongs to a security event.
In some embodiments, the access control access component may be replaced by a main process, that is, each functional component is scheduled by a process to implement dynamic access control.
For more details on the more functional components, reference may be made to the description relating to fig. 1. The division of the functional components is only used as an example, and in still other embodiments, the functions of the components may be further refined, and further, the division results in more functional components. For example, the trusted properties component can be further divided into a security level evaluation component and a trusted properties modification component.
The beneficial effects that may be brought by the embodiments of the present description include, but are not limited to: (1) The security processing mechanism process of the trusted system is decoupled, different functional components are responsible for realizing functions of different parts in the security processing mechanism process, and repeated code compiling is avoided, so that the system realization efficiency is improved, and the volume of the trusted system is reduced; (2) The dynamic access control method is provided, and the access authority can be changed in time based on the behavior expression of the access request; (3) Through the interaction between the host equipment interface component and the host equipment, the exposed surface of a trusted system is effectively reduced, and the attack risk is reduced. It is to be noted that different embodiments may produce different advantages, and in different embodiments, any one or combination of the above advantages may be produced, or any other advantages may be obtained.
Having thus described the basic concept, it will be apparent to those skilled in the art that the foregoing detailed disclosure is to be considered merely illustrative and not restrictive of the embodiments herein. Although not explicitly described herein, various modifications, improvements and adaptations to the embodiments described herein may occur to those skilled in the art. Such alterations, modifications, and improvements are intended to be suggested in the embodiments of this disclosure, and are intended to be within the spirit and scope of the exemplary embodiments of this disclosure.
Also, the description uses specific words to describe embodiments of the specification. Reference to "one embodiment," "an embodiment," and/or "some embodiments" means that a particular feature, structure, or characteristic described in connection with at least one embodiment of the specification. Therefore, it is emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, some features, structures, or characteristics of one or more embodiments of the specification may be combined as appropriate.
Moreover, those skilled in the art will appreciate that aspects of the embodiments of the present specification may be illustrated and described in terms of several patentable species or situations, including any new and useful combination of processes, machines, manufacture, or materials, or any new and useful improvement thereof. Accordingly, aspects of embodiments of the present description may be carried out entirely by hardware, entirely by software (including firmware, resident software, micro-code, etc.), or by a combination of hardware and software. The above hardware or software may be referred to as "data block," module, "" engine, "" unit, "" component, "or" system. Furthermore, aspects of the embodiments of the present specification may be represented as a computer product, including computer readable program code, embodied in one or more computer readable media.
The computer storage medium may comprise a propagated data signal with the computer program code embodied therewith, for example, on baseband or as part of a carrier wave. The propagated signal may take any of a variety of forms, including electromagnetic, optical, etc., or any suitable combination. A computer storage medium may be any computer-readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code located on a computer storage medium may be propagated over any suitable medium, including radio, cable, fiber optic cable, RF, or the like, or any combination of the preceding.
Computer program code required for operation of various portions of the embodiments of the present description may be written in any one or more programming languages, including an object oriented programming language such as Java, scala, smalltalk, eiffel, JADE, emerald, C + +, C #, VB.NET, python, and the like, a conventional programming language such as C, visualBasic, fortran2003, perl, COBOL2002, PHP, ABAP, a dynamic programming language such as Python, ruby, and Groovy, or other programming languages, and the like. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or processing device. In the latter scenario, the remote computer may be connected to the user's computer through any network format, such as a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet), or in a cloud computing environment, or as a service, such as a software as a service (SaaS).
In addition, the order of processing elements and sequences, the use of numbers and letters, or other designations in the embodiments of the present specification is not intended to limit the order in which the processes and methods of the embodiments of the present specification are performed, unless otherwise indicated in the claims. While various presently contemplated embodiments of the invention have been discussed in the foregoing disclosure by way of example, it is to be understood that such detail is solely for that purpose and that the appended claims are not limited to the disclosed embodiments, but, on the contrary, are intended to cover all modifications and equivalent arrangements that are within the spirit and scope of the embodiments herein. For example, although the system components described above may be implemented by hardware devices, they may also be implemented by software-only solutions, such as installing the described system on an existing processing device or mobile device.
Similarly, it should be noted that in the foregoing description of embodiments of the present specification, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure aiding in the understanding of one or more of the embodiments. This method of disclosure, however, is not intended to imply that more features are required than are expressly recited in the claims. Indeed, the embodiments may be characterized as having less than all of the features of a single embodiment disclosed above.
For each patent, patent application publication, and other material, such as articles, books, specifications, publications, documents, etc., cited in this specification, the entire contents of each are hereby incorporated by reference into this specification. Except where the application is filed in a manner inconsistent or contrary to the present specification, and except where a claim is filed in a manner limited to the broadest scope of the application (whether present or later appended to the application). It is to be understood that the descriptions, definitions and/or uses of terms in the accompanying materials of the present specification shall control if they are inconsistent or inconsistent with the statements and/or uses of the present specification.
Finally, it should be understood that the embodiments described herein are merely illustrative of the principles of the embodiments described herein. Other variations are possible within the scope of the embodiments of the present description. Thus, by way of example, and not limitation, alternative configurations of the embodiments of the present specification can be seen as consistent with the teachings of the present specification. Accordingly, the embodiments of the present description are not limited to only those embodiments explicitly described and depicted herein.
Claims (19)
1. An access control method, implemented by a trusted system, comprising:
acquiring access request attribute data; the access request attribute data corresponds to an access request in host equipment and comprises attribute information and credible attribute information of an access element in the access request;
performing access request security level evaluation to obtain an evaluation result;
modifying or not modifying trusted attribute information in the access request attribute data based on the evaluation result;
generating a control strategy corresponding to the access request based on the access request attribute data and a preset access management strategy; the control strategy is used for controlling the mode of the host equipment responding to the access request, and further ensuring the information security of the host equipment.
2. The method of claim 1, wherein said obtaining access request attribute data comprises:
acquiring an access request in host equipment;
inquiring an attribute database to obtain attribute information of the access elements;
generating the access request attribute data based on attribute information of an access element and trusted attribute information; and the credible attribute information is a preset value or is obtained by inquiring from an attribute database.
3. The method of claim 2, wherein the access element comprises one or more of: subject access, object access, operation, environment.
4. The method of claim 1, wherein when the access request pertains to a security event, then: performing an access request security level evaluation to obtain an evaluation result, and modifying or not modifying trusted attribute information in the access request attribute data based on the evaluation result.
5. The method of claim 4, further comprising: and judging whether the access request belongs to a security event.
6. The method of claim 1 or 4, the modifying or not modifying trusted attribute information in the access request attribute data based on the evaluation result, comprising:
when the evaluation result is safe, the credible attribute information in the access request attribute data is not modified;
and when the evaluation result is dangerous, modifying the credible attribute information in the access request attribute data.
7. The method of claim 1 or 4, the modifying or not modifying trusted attribute information in the access request attribute data based on the evaluation result, comprising: when the evaluation result is normal, the credible attribute information in the access request attribute data is not modified;
the method further comprises the following steps:
and after the control strategy is generated, modifying and storing the information attribute information in the access request attribute data.
8. The method of claim 1, wherein the access management policy comprises an attribute condition; the determining a control policy corresponding to the access request based on the access request attribute data and the preset access management policy includes:
obtaining an access management strategy from a strategy database;
judging whether attribute information in the access request attribute data is matched with attribute conditions in the access management strategy or not;
when the matching result is matching, determining that the control strategy is released or forbidden;
and when the matching result is not matched, the control strategy is not generated.
9. The method of claim 1, further comprising: and executing the control strategy to influence the mode of responding the access request by the host equipment.
10. An access control system comprising:
the strategy information component is used for acquiring the attribute data of the access request; the access request attribute data corresponds to an access request in host equipment and comprises attribute information and credible attribute information of an access element in the access request;
the credible attribute component is used for evaluating the security level of the access request to obtain an evaluation result; and for modifying or not modifying trusted attribute information in the access request attribute data based on the evaluation result;
the strategy decision component is used for generating a control strategy corresponding to the access request based on the access request attribute data and a preset access management strategy; the control strategy is used for controlling the mode of the host equipment responding to the access request, and further ensuring the information security of the host equipment.
11. The system of claim 10, further comprising a hosting device interface component for obtaining access requests in the hosting device;
the policy information component is also used for inquiring an attribute database, acquiring the attribute information of the access element, and generating the access request attribute data based on the attribute information of the access element and the credible attribute information; and the credible attribute information is a preset value or is obtained by inquiring from an attribute database.
12. The system of claim 11, wherein the access element comprises one or more of: subject access, object access, operation, environment.
13. The system of claim 10, wherein the trusted attribute component is to, when the access request pertains to a security event, only: performing an access request security level evaluation to obtain an evaluation result, and modifying or not modifying trusted attribute information in the access request attribute data based on the evaluation result.
14. The system of claim 13, further comprising an access control access component to determine whether the access request pertains to a security event.
15. The system of claim 10 or 13, to modify or not modify trusted attribute information in the access request attribute data based on the evaluation result, the trusted attribute component further to:
when the evaluation result is safe, the credible attribute information in the access request attribute data is not modified;
and when the evaluation result is dangerous, modifying the credible attribute information in the access request attribute data.
16. The system of claim 10 or 13, to modify or not modify trusted attribute information in the access request attribute data based on the evaluation result, the trusted attribute component further to: when the evaluation result is normal, the credible attribute information in the access request attribute data is not modified;
the trusted properties component is further to: and after the control strategy is generated, modifying and storing the information attribute information in the access request attribute data.
17. The system of claim 10, wherein the access management policy comprises an attribute condition; the policy decision component is further to:
obtaining an access management policy from a policy database;
judging whether attribute information in the access request attribute data is matched with attribute conditions in the access management strategy or not;
when the matching result is matching, determining that the control strategy is released or forbidden;
and when the matching result is not matched, the control strategy is not generated.
18. The system of claim 10, further comprising a host device interface component to: and executing the control strategy to influence the mode of responding the access request by the host equipment.
19. An access control device comprising a storage medium having stored thereon instructions and a processor for executing the instructions to implement the method of any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210923503.0A CN115270157A (en) | 2022-08-02 | 2022-08-02 | Access control method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210923503.0A CN115270157A (en) | 2022-08-02 | 2022-08-02 | Access control method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115270157A true CN115270157A (en) | 2022-11-01 |
Family
ID=83746619
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210923503.0A Pending CN115270157A (en) | 2022-08-02 | 2022-08-02 | Access control method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115270157A (en) |
-
2022
- 2022-08-02 CN CN202210923503.0A patent/CN115270157A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9680876B2 (en) | Method and system for protecting data flow at a mobile device | |
| US7350204B2 (en) | Policies for secure software execution | |
| Biba | Integrity considerations for secure computer systems | |
| US7085928B1 (en) | System and method for defending against malicious software | |
| JPH06103058A (en) | Data structure for program authorization information | |
| US20090150990A1 (en) | Integrated access authorization | |
| US11321455B2 (en) | Protecting a computer device from escalation of privilege attacks | |
| US11221968B1 (en) | Systems and methods for shadow copy access prevention | |
| US9516031B2 (en) | Assignment of security contexts to define access permissions for file system objects | |
| Gollamudi et al. | Automatic enforcement of expressive security policies using enclaves | |
| US20140230012A1 (en) | Systems, methods, and media for policy-based monitoring and controlling of applications | |
| CN111400723A (en) | TEE extension-based operating system kernel mandatory access control method and system | |
| Petracca et al. | On risk in access control enforcement | |
| KR101967663B1 (en) | A system for access control based on the role of process in the white list | |
| JP2012003787A (en) | Integrated access authorization | |
| US11151274B2 (en) | Enhanced computer objects security | |
| CN115270157A (en) | Access control method and system | |
| CN115879156A (en) | Dynamic desensitization method, device, electronic equipment and storage medium | |
| JP4444604B2 (en) | Access control device and program thereof | |
| Papagiannis et al. | BrowserFlow: Imprecise data flow tracking to prevent accidental data disclosure | |
| JP5126495B2 (en) | Security policy setting device linked with safety evaluation, program thereof and method thereof | |
| US11822699B1 (en) | Preventing surreptitious access to file data by malware | |
| US11968218B2 (en) | Systems and methods for contextually securing remote function calls | |
| Schmid et al. | Preventing the execution of unauthorized Win32 applications | |
| US20230038774A1 (en) | System, Method, and Apparatus for Smart Whitelisting/Blacklisting |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |