CN102495989A - Subject-label-based access control method and system - Google Patents
Subject-label-based access control method and system Download PDFInfo
- Publication number
- CN102495989A CN102495989A CN2011104324364A CN201110432436A CN102495989A CN 102495989 A CN102495989 A CN 102495989A CN 2011104324364 A CN2011104324364 A CN 2011104324364A CN 201110432436 A CN201110432436 A CN 201110432436A CN 102495989 A CN102495989 A CN 102495989A
- Authority
- CN
- China
- Prior art keywords
- access control
- request
- module
- access
- main body
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a subject-label-based access control method and a subject-label-based access control system. The method comprises the following steps of: setting a security label for a subject according to the characteristics of the system, setting an access request right list, and establishing a subject-label-based access control strategy library; intercepting an access request of the subject for an object in the system; performing security label detection on the subject transmitting the access request; and judging whether current operation is allowed or not, releasing the current request if the current operation is allowed, and on the contrary, refusing the request. The system comprises an interception and filtration module, an access control judgment module, a subject label library module, a security log query module and a subject label management module, wherein the interception and filtration module is used for intercepting and filtering the access request of an application program for data in the system; the access control judgment module is used for judging the access behavior of the requesting subject for the object, and refusing or allowing the access behavior; the subject label library module is used for storing the access request right list of the access control strategy library; the security log query module is used for storing dangerous operation information violating access control strategies; and the subject label management module is used for modifying the access request right list of the access control strategy library and querying a security log. The safety of public and general data in the system is ensured.
Description
Technical field
The present invention relates to a kind of operating system, relate in particular to a kind of access control method and system of operating system.
Background technology
The access control of existing operating system; Generally comprise autonomous access control model (Discretionary Access Control), Mandatory Access Control Model (Mandatory Access Control), based on role's access control (Role-Based Access Control) Bell-Lapadula model; And Biba model; Wherein
Autonomous access control model (Discretionary Access Control); The authority that main body can independently be authorized other main bodys the own access control right that has object or authorized from other main bodys withdrawals; With giving or a part of right of the authority that calls off a visit is left individual subscriber for; The keeper is difficult to confirm which user has access rights to which resource, is unfavorable for realizing unified global access control.In many tissues, the user can accessed resources not have entitlement to his institute, and tissue itself is only the real owner of resource in the system.Respectively organize the realization result who generally hopes access control and licensing scheme can be consistent, and, do not allow user's own ground to handle by administrative authority's unified implementation access control with the rules and regulations of organization internal.
Mandatory Access Control Model (Mandatory Access Control) then is to limit the visit of main object according to the permission level of the sensitivity level of object and main body, is used for multistage military systems more.
The Bell-lapadula the main consuming body, object, accessing operation (read, write, read/write) and these notions of level of security, when subject and object was positioned at the different security rank, just there was certain restrict access in main object.After realizing this model, it can guarantee information not visited by unauthorized main body.
The Biba model is developed after the Bell-lapadula model, and it is very similar with the Bell-lapadula model, is used to solve the integrity issue of application data.Bell-lapadula rank (top secret safe in utilization; Secret; Secrets etc.), these level of securitys are used to guarantee that a sensitive information authorized individual visits, and the Biba model is indifferent to the level of security of information privacy; Therefore its access control is not to be based upon on the level of security, but is based upon on the integrity grade.
Above-mentioned access control model; The emphasis of being concerned about all is how to control the access rights of main body to important sub-fraction object; The less relevance main body is to the restrict access of general on a large scale or public object resource in the system; What promptly pay close attention to is the access control relation of main body and one group of important object, and this lets the security of general object or public object resource receive very big threat.
Summary of the invention
In order to solve the deficiency that prior art exists; The present invention provides a kind of access control based on body mark (Subject Label-Based Access Control; Be called for short SLBAC) method and system; Task type according to main body need be accomplished is different, sets the different security mark for various main body, to limit main body all general or public object resources in the system is only had the required minimum access authority of operation.
Be the realization above-mentioned purpose, the access control method based on body mark provided by the invention, this method may further comprise the steps:
1) according to the characteristics of system, sets safety label, set the access request permissions list, set up access control policy storehouse based on body mark for main body;
2) access request of main object in the intercepting system;
3) main body of request visit being carried out safety label detects;
4) judge whether to allow current operation, if allow, the current request of then letting pass, otherwise refusal request.
Wherein, Said step 1) is that the method for main body setting safety label is: be one group of safety label of main body predefine; Each mark is represented the access rights of main body to one group of object; Or by the rational act that main body might occur in system it is classified, and set the different security mark, each mark is represented the access rights of main body to certain type of object.
What wherein, said step 2) the Intercept Interview request was adopted is: in the HOOK subsystem call table, to the kernel calls of object operation.
Wherein, said step 3) is carried out the safety label detection method to the main body of request visit and is: the main body of the access request of utilization interception is removed the access request permissions list in queried access control strategy storehouse, and whether the main body that detects the request visit has safety label;
Wherein, said step 4) further may further comprise the steps:
Do not have safety label if detect request body, then allow current operation;
Utilize the safety label of current request main body; Access request permissions list to wherein detects one by one; With the object of set main body safety label protection wherein; Compared by the request object with current,, then refuse current operation if wherein any current safety label by the request object is identical with the safety label of current request main body; Otherwise, then allow the operation of request body.
For realizing above-mentioned purpose; The present invention also provides a kind of access control system based on body mark, comprises interception filtering module, access control judge module, body mark library module, security log enquiry module, and the body mark administration module; It is characterized in that
Said interception filtering module connects said access control judge module, is used for tackling, the filtering system application program is to the access request of data;
Said access control judge module; Connect said interception filtering module, said body mark library module and said security log enquiry module respectively; Safety label with current main body is as the criterion, and request body is judged refusal or allow should the visit behavior to the visit behavior of target object;
Said body mark library module connects said access control judge module and said body mark administration module respectively, is used to preserve the access request permissions list in access control policy storehouse;
Said security log enquiry module connects said access control judge module and said body mark administration module respectively, is used to store the risky operation information of violating access control policy.
Said body mark administration module connects said body mark library module, is used to revise the access request permissions list in access control policy storehouse.
Wherein, said interception filtering module adopts in the HOOK subsystem call table, and the kernel calls of object operation is obtained the access request data of main object in the system, and accessing request information is sent to said access control judge module; Receive the access request response message that said access control judge module sends, the access request of refusal or permission main body.
Wherein, said access control judge module receives the accessing request information that said interception filtering module sends, and the visit behavior of main body and target object is judged, and the access request response message is sent to said interception filtering module; The risky operation information of violating the body mark access control policy is sent to the security log enquiry module.
Access control method and system based on body mark of the present invention; Protection to as if system in the now public data never taken into account of model and non-core general data; Be that one of present model short slab is well replenished, and define main body all general or public object resources in the system are only had the required minimum access authority of operation.
Other features and advantages of the present invention will be set forth in instructions subsequently, and, partly from instructions, become obvious, perhaps understand through embodiment of the present invention.
Description of drawings
Accompanying drawing is used to provide further understanding of the present invention, and constitutes the part of instructions, and with content of the present invention and embodiment, is used to explain the present invention, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is according to the access control method process flow diagram based on body mark of the present invention;
Fig. 2 is according to the access control system theory diagram based on body mark of the present invention.
Embodiment
Below in conjunction with accompanying drawing the preferred embodiments of the present invention are described, should be appreciated that embodiment described herein only is used for explanation and explains the present invention, and be not used in qualification the present invention.
Fig. 1 is according to the access control method process flow diagram based on body mark of the present invention, below with reference to Fig. 1, the access control method based on body mark of the present invention is described in detail:
At first,,, set safety label, set an access request permissions list, set up access control (SLBAC) policy library based on body mark for main body according to the characteristics of system in step 101; In this step; Can be one group of safety label of main body predefine; Each mark is represented the access rights of main body to one group of object; Also can classify to it by the rational act that main body might occur in system, and set the different security mark, each mark is represented the access rights of main body to certain type of object;
If:
L=Label=mark, each mark all has specific restrict access to certain type of object;
S=Subject=intrasystem main body (operation promoter);
O=Object=intrasystem object (Action Target);
The S of A=Action=in an operation is to the concrete operations behavior of O.
Create following safety label:
Token name: exe_only_r, the mark object of protection is: * .exe file, the authority after the restriction is: read-only; Token name: dll_only_r, the mark object of protection is: * .dll file, the authority after the restriction is: read-only;
Set safety label for the host process of apache web server:
Subject process is: httpd, safety label is: exe_only_r.
After having disposed above SLBAC strategy, the httpd process will can only be read intrasystem exe and dll, can not carry out any destructive operation.
In step 102, intrasystem main body is sent the access request that comprises the concrete operations behavior, A to intrasystem object
1: S
1->O
1
The content of access request comprises: main body (S): user UID+ process PID; Object (O): object full name; Operation (A): requested operation.
In step 103, application program is to the access request of data in the intercepting system;
What the Intercept Interview request was adopted is: in the HOOK subsystem call table, to the kernel calls of object operation.
The purpose of interception: obtain the access request data of main object in the system, and stop its accessing operation when needed.
In step 104, the main body of request visit is carried out the detection of safety label, there is not safety label if judge this main body, then forward step 106 to, otherwise get into next step;
Safety label detection method: SLBAC is implemented in and has safeguarded access request permissions list (employing Adelson-Velskii-Landis tree) in the system kernel; Wherein each represents a main body that the main body safety label had been set; When receiving interception request; SLBAC will remove to inquire about this access request permissions list with request body, if find, representes that then this main body need carry out main body safety label scope check.
In step 105, whether the operation behavior that detects main body receives the restriction of safety label, if receive the restriction of safety label, promptly works as S
1To O
1Operation A
1At S
1Safety label M
S1Limited field within the time, forward step 107 to, otherwise work as S
1To O
1Operation A
1Not at S
1Safety label M
S1Limited field within the time then get into next step;
Body mark detection mode: the safety label that utilizes the current request main body; Access request permissions list to wherein detects one by one; With the object of set main body safety label protection wherein, contrast one by one with current requested object, if wherein any SLBAC does not allow when operation (current safety label by the request object is identical with the safety label of current request main body); Then refusal operation, on the contrary allow operation.
In step 106, allow operation, main object is carried out concrete operations;
In step 107, the refusal operation is sent failure information to request body.
Fig. 2 is according to the access control system theory diagram based on body mark of the present invention; As shown in Figure 2; Access control system based on body mark of the present invention; Comprise interception filtering module 201, access control judge module 202, body mark library module 203, security log enquiry module 204, and body mark administration module 205
Interception filtering module 201, connected reference control judge module 202 is used for tackling, the filtering system application program is to the access request of data, and accessing request information is sent to access control judge module 202; Receive the access request response message that access control judge module 202 returns, and, access request is handled according to the access request response message.If the operation of access request is allowed to, then,, then initiates to use and return failure information to access request if the operation of access request is under an embargo according to this access request of normal process flow processing of operating system.
Access control judge module 202; Connect interception filtering module 201, body mark library module 203 respectively; And security log enquiry module 204; Receive the accessing request information (access request data of main object) that interception filtering module 201 sends and the access request permissions list of body mark library module 203 transmissions, be as the criterion, the visit behavior between current main body and the target object is judged with the safety label of current main body; Confirm whether access request is allowed to, the access request response message is sent to interception filtering module 201.If do not have safety label or safety label in the data not within the safety label restriction, then return the access request response message that allows visit to interception filtering module 201; If the safety label in the data belongs within the safety label restriction, then return the access request response message of denied access to interception filtering module 201; The risky operation information of violating the SLBAC strategy is sent to security log enquiry module 204.
Body mark library module 203; Judge module 202 and body mark administration module 205 are controlled in connected reference respectively; Be used to store the access control based on body mark (SLBAC) policy library of foundation, the keeper can limit its authority through the safety label that body mark administration module 205 is revised some main bodys of access request permissions list in the SLBAC policy library.
Security log enquiry module 204; Judge module 202 and body mark administration module 205 are controlled in connected reference respectively; Be used to store the risky operation information (security log) of violating the SLBAC strategy, the keeper can inquire about through body mark administration module 205.
Body mark administration module 205; Connect body mark library module 203 and security log enquiry module 204 respectively; Be used for revising the access request permissions list of body mark library module 203 SLBAC policy librarys, and the security log in the query safe log query module 204.
Access control method and system based on body mark of the present invention; Task type according to main body need be accomplished is different; Set the different security mark for various main body; To limit main body all general or public object resources in the system are only had the required minimum access authority of operation; Public data that existing model is never taken into account in the protection system and non-core general data, and the qualification main body only has the required minimum access authority of operation to all general or public object resources in the system.
One of ordinary skill in the art will appreciate that: the above is merely the preferred embodiments of the present invention; Be not limited to the present invention; Although the present invention has been carried out detailed explanation with reference to previous embodiment; For a person skilled in the art, it still can be made amendment to the technical scheme of aforementioned each embodiment record, perhaps part technical characterictic wherein is equal to replacement.All within spirit of the present invention and principle, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (8)
1. access control method based on body mark, this method may further comprise the steps:
1) according to the characteristics of system, sets safety label, set the access request permissions list, set up access control policy storehouse based on body mark for main body;
2) access request of main object in the intercepting system;
3) main body of request visit being carried out safety label detects;
4) judge whether to allow current operation, if allow, the current request of then letting pass, otherwise refusal request.
2. the access control method of body mark according to claim 1; It is characterized in that; Said step 1) is that the method for main body setting safety label is: be one group of safety label of main body predefine, each mark is represented the access rights of main body to one group of object, or by the rational act that main body might occur in system it is classified; And set the different security mark, each mark is represented the access rights of main body to certain type of object.
3. the access control method based on body mark according to claim 1 is characterized in that, said step 2) the Intercept Interview request adopt be: in the HOOK subsystem call table, to the kernel calls of object operation.
4. the access control method based on body mark according to claim 1; It is characterized in that; Said step 3) is carried out the safety label detection method to the main body of request visit: the main body of the access request of utilization interception is removed the access request permissions list in queried access control strategy storehouse, and whether the main body that detects the request visit has safety label;
The access control method of body mark according to claim 1 is characterized in that, said step 4) further may further comprise the steps:
Do not have safety label if detect request body, then allow current operation;
Utilize the safety label of current request main body; Access request permissions list to wherein detects one by one; With the object of set main body safety label protection wherein; Compared by the request object with current,, then refuse current operation if wherein any current safety label by the request object is identical with the safety label of current request main body; Otherwise, then allow the operation of request body.
5. the access control system based on body mark comprises interception filtering module, access control judge module, body mark library module, security log enquiry module, and the body mark administration module, it is characterized in that,
Said interception filtering module connects said access control judge module, is used for tackling, the filtering system application program is to the access request of data;
Said access control judge module; Connect said interception filtering module, said body mark library module and said security log enquiry module respectively; Safety label with current main body is as the criterion, and request body is judged refusal or allow should the visit behavior to the visit behavior of target object;
Said body mark library module connects said access control judge module and said body mark administration module respectively, is used to preserve the access request permissions list in access control policy storehouse;
Said security log enquiry module connects said access control judge module and said body mark administration module respectively, is used to store the risky operation information of violating access control policy.
6. said based on the body mark administration module, connect said body mark library module, be used to revise the access request permissions list in access control policy storehouse.
7. the access control system based on body mark according to claim 6; It is characterized in that; Said interception filtering module; Adopt in the HOOK subsystem call table, the kernel calls of object operation is obtained the access request data of main object in the system, and accessing request information is sent to said access control judge module; Receive the access request response message that said access control judge module sends, the access request of refusal or permission main body.
8. the access control system based on body mark according to claim 6; It is characterized in that; Said access control judge module; Receive the accessing request information that said interception filtering module sends, the visit behavior of main body and target object is judged, and the access request response message is sent to said interception filtering module; The risky operation information of violating the body mark access control policy is sent to the security log enquiry module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011104324364A CN102495989A (en) | 2011-12-21 | 2011-12-21 | Subject-label-based access control method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011104324364A CN102495989A (en) | 2011-12-21 | 2011-12-21 | Subject-label-based access control method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102495989A true CN102495989A (en) | 2012-06-13 |
Family
ID=46187814
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011104324364A Pending CN102495989A (en) | 2011-12-21 | 2011-12-21 | Subject-label-based access control method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102495989A (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103116716A (en) * | 2013-01-25 | 2013-05-22 | 复旦大学 | Immediate access conferring method aiming at low interference of mobile platform |
| CN103248485A (en) * | 2013-04-24 | 2013-08-14 | 中国南方电网有限责任公司 | Security label-based power secondary system access control method and system |
| CN103366115A (en) * | 2013-07-03 | 2013-10-23 | 中国联合网络通信集团有限公司 | Safety detecting method and device |
| CN103647771A (en) * | 2013-12-12 | 2014-03-19 | 浪潮电子信息产业股份有限公司 | Method for carrying out mandatory access controlling on network data packet |
| CN104298925A (en) * | 2014-10-14 | 2015-01-21 | 北京可信华泰信息技术有限公司 | Design and implementation method of active immunity platform of operating system |
| CN109495474A (en) * | 2018-11-19 | 2019-03-19 | 南京航空航天大学 | Towards the dynamic access control frame internaled attack |
| CN109739806A (en) * | 2018-12-28 | 2019-05-10 | 安谋科技(中国)有限公司 | Memory pool access method, internal storage access controller and system on chip |
| CN109948360A (en) * | 2019-02-26 | 2019-06-28 | 维正知识产权服务有限公司 | A kind of more control domain security kernel construction methods and system for complex scene |
| CN110290128A (en) * | 2019-06-20 | 2019-09-27 | 中国科学院信息工程研究所 | A kind of Network Isolation and switching control method and device based on service security label |
| CN110413372A (en) * | 2019-06-20 | 2019-11-05 | 中国科学院信息工程研究所 | A kind of web services middleware extended method for supporting service security to mark |
| CN110427770A (en) * | 2019-06-20 | 2019-11-08 | 中国科学院信息工程研究所 | A kind of Access and control strategy of database method and system for supporting service security to mark |
| CN110457268A (en) * | 2019-06-20 | 2019-11-15 | 中国科学院信息工程研究所 | A kind of file operation auditing method and device for supporting service security to mark |
| CN111159735A (en) * | 2019-12-24 | 2020-05-15 | 珠海荣邦智能科技有限公司 | Data access method and device for application program |
| CN111177761A (en) * | 2019-12-30 | 2020-05-19 | 北京浪潮数据技术有限公司 | File access control method, device and equipment based on sensitive marks |
| CN112733165A (en) * | 2021-01-07 | 2021-04-30 | 苏州浪潮智能科技有限公司 | File access control method, device and medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070244898A1 (en) * | 2002-09-04 | 2007-10-18 | International Business Machines Corporation | Row-level security in a relational database management system |
| CN101667235A (en) * | 2008-09-02 | 2010-03-10 | 北京瑞星国际软件有限公司 | Method and device for protecting user privacy |
| CN102495988A (en) * | 2011-12-19 | 2012-06-13 | 北京诺思恒信科技有限公司 | Domain-based access control method and system |
-
2011
- 2011-12-21 CN CN2011104324364A patent/CN102495989A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070244898A1 (en) * | 2002-09-04 | 2007-10-18 | International Business Machines Corporation | Row-level security in a relational database management system |
| CN101667235A (en) * | 2008-09-02 | 2010-03-10 | 北京瑞星国际软件有限公司 | Method and device for protecting user privacy |
| CN102495988A (en) * | 2011-12-19 | 2012-06-13 | 北京诺思恒信科技有限公司 | Domain-based access control method and system |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103116716A (en) * | 2013-01-25 | 2013-05-22 | 复旦大学 | Immediate access conferring method aiming at low interference of mobile platform |
| CN103248485A (en) * | 2013-04-24 | 2013-08-14 | 中国南方电网有限责任公司 | Security label-based power secondary system access control method and system |
| CN103248485B (en) * | 2013-04-24 | 2016-12-07 | 中国南方电网有限责任公司 | A kind of electric power secondary system access control method based on safety label and system |
| CN103366115A (en) * | 2013-07-03 | 2013-10-23 | 中国联合网络通信集团有限公司 | Safety detecting method and device |
| CN103366115B (en) * | 2013-07-03 | 2016-03-23 | 中国联合网络通信集团有限公司 | Safety detecting method and device |
| CN103647771A (en) * | 2013-12-12 | 2014-03-19 | 浪潮电子信息产业股份有限公司 | Method for carrying out mandatory access controlling on network data packet |
| CN104298925A (en) * | 2014-10-14 | 2015-01-21 | 北京可信华泰信息技术有限公司 | Design and implementation method of active immunity platform of operating system |
| CN104298925B (en) * | 2014-10-14 | 2017-07-21 | 北京可信华泰信息技术有限公司 | The design and implementation method of operating system active specific immunotherapy platform |
| CN109495474B (en) * | 2018-11-19 | 2021-04-13 | 南京航空航天大学 | Dynamic access control method facing internal attack |
| CN109495474A (en) * | 2018-11-19 | 2019-03-19 | 南京航空航天大学 | Towards the dynamic access control frame internaled attack |
| CN109739806A (en) * | 2018-12-28 | 2019-05-10 | 安谋科技(中国)有限公司 | Memory pool access method, internal storage access controller and system on chip |
| CN109948360A (en) * | 2019-02-26 | 2019-06-28 | 维正知识产权服务有限公司 | A kind of more control domain security kernel construction methods and system for complex scene |
| CN110413372A (en) * | 2019-06-20 | 2019-11-05 | 中国科学院信息工程研究所 | A kind of web services middleware extended method for supporting service security to mark |
| CN110427770A (en) * | 2019-06-20 | 2019-11-08 | 中国科学院信息工程研究所 | A kind of Access and control strategy of database method and system for supporting service security to mark |
| CN110457268A (en) * | 2019-06-20 | 2019-11-15 | 中国科学院信息工程研究所 | A kind of file operation auditing method and device for supporting service security to mark |
| CN110290128A (en) * | 2019-06-20 | 2019-09-27 | 中国科学院信息工程研究所 | A kind of Network Isolation and switching control method and device based on service security label |
| CN110457268B (en) * | 2019-06-20 | 2022-06-28 | 中国科学院信息工程研究所 | File operation auditing method and device supporting business security marking |
| CN111159735A (en) * | 2019-12-24 | 2020-05-15 | 珠海荣邦智能科技有限公司 | Data access method and device for application program |
| CN111177761A (en) * | 2019-12-30 | 2020-05-19 | 北京浪潮数据技术有限公司 | File access control method, device and equipment based on sensitive marks |
| CN112733165A (en) * | 2021-01-07 | 2021-04-30 | 苏州浪潮智能科技有限公司 | File access control method, device and medium |
| CN112733165B (en) * | 2021-01-07 | 2022-09-20 | 苏州浪潮智能科技有限公司 | File access control method, device and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102495989A (en) | Subject-label-based access control method and system | |
| CN102495988A (en) | Domain-based access control method and system | |
| CN103065100B (en) | Container-based method of users to protect private data | |
| CN104318171B (en) | Android private data guard methods and system based on rights label | |
| CN102202062B (en) | Method and apparatus for realizing access control | |
| CN106326699A (en) | Method for reinforcing server based on file access control and progress access control | |
| CN102043927B (en) | Data divulgence protection method for computer system | |
| CN103268438A (en) | Android authority management method and system based on calling chain | |
| CN101901313A (en) | Linux file protection system and method | |
| CN101727545A (en) | Method for implementing mandatory access control mechanism of security operating system | |
| US20100100929A1 (en) | Apparatus and method for security managing of information terminal | |
| CN103890772A (en) | Sandboxing technology for webruntime system | |
| CN104751050A (en) | Client application program management method | |
| CN104732147A (en) | Application program processing method | |
| CN102254123B (en) | Method and device for enhancing security of application software | |
| CN105827645B (en) | Method, equipment and system for access control | |
| CN104735091A (en) | Linux system-based user access control method and device | |
| CN102143168B (en) | Linux platform-based server safety performance real-time monitoring method and system | |
| CN106228078A (en) | Method for safe operation based on enhancement mode ROST under a kind of Linux | |
| CN102592076B (en) | Data tamper-proof method and device | |
| CN104978543A (en) | Mobile terminal information safety protection system and method | |
| CN104732140A (en) | Program data processing method | |
| CN105049445A (en) | Access control method and stand-alone access controller | |
| CN102663313A (en) | Method for realizing information security of computer system | |
| CN101827091A (en) | Method for detecting Solaris system fault by utilizing mandatory access control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120613 |