CN102667719B - 基于资源属性控制资源访问 - Google Patents

基于资源属性控制资源访问 Download PDF

Info

Publication number
CN102667719B
CN102667719B CN201080052356.XA CN201080052356A CN102667719B CN 102667719 B CN102667719 B CN 102667719B CN 201080052356 A CN201080052356 A CN 201080052356A CN 102667719 B CN102667719 B CN 102667719B
Authority
CN
China
Prior art keywords
resource
access
tag
file
policy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201080052356.XA
Other languages
English (en)
Chinese (zh)
Other versions
CN102667719A (zh
Inventor
N·本-茨维
R·P·佩鲁玛
A·塞缪尔森
J·B·汉布林
R·卡拉赫
Z·李
M·H·沃尔尼克
C·劳
P·A·奥尔泰安
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Technology Licensing LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Technology Licensing LLC filed Critical Microsoft Technology Licensing LLC
Publication of CN102667719A publication Critical patent/CN102667719A/zh
Application granted granted Critical
Publication of CN102667719B publication Critical patent/CN102667719B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
CN201080052356.XA 2009-11-20 2010-10-29 基于资源属性控制资源访问 Active CN102667719B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US12/622,441 2009-11-20
US12/622,441 US9038168B2 (en) 2009-11-20 2009-11-20 Controlling resource access based on resource properties
PCT/US2010/054722 WO2011062743A2 (en) 2009-11-20 2010-10-29 Controlling resource access based on resource properties

Publications (2)

Publication Number Publication Date
CN102667719A CN102667719A (zh) 2012-09-12
CN102667719B true CN102667719B (zh) 2015-08-26

Family

ID=44060263

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201080052356.XA Active CN102667719B (zh) 2009-11-20 2010-10-29 基于资源属性控制资源访问

Country Status (6)

Country Link
US (1) US9038168B2 (enExample)
EP (1) EP2502144B1 (enExample)
JP (1) JP5722337B2 (enExample)
KR (1) KR101751088B1 (enExample)
CN (1) CN102667719B (enExample)
WO (1) WO2011062743A2 (enExample)

Families Citing this family (71)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110087670A1 (en) * 2008-08-05 2011-04-14 Gregory Jorstad Systems and methods for concept mapping
US8412646B2 (en) * 2008-10-03 2013-04-02 Benefitfocus.Com, Inc. Systems and methods for automatic creation of agent-based systems
US8918867B1 (en) * 2010-03-12 2014-12-23 8X8, Inc. Information security implementations with extended capabilities
US8601549B2 (en) * 2010-06-29 2013-12-03 Mckesson Financial Holdings Controlling access to a resource using an attribute based access control list
US8572760B2 (en) * 2010-08-10 2013-10-29 Benefitfocus.Com, Inc. Systems and methods for secure agent information
US9208332B2 (en) 2010-12-24 2015-12-08 Microsoft Technology Licensing, Llc Scoped resource authorization policies
US8935705B2 (en) 2011-05-13 2015-01-13 Benefitfocus.Com, Inc. Execution of highly concurrent processing tasks based on the updated dependency data structure at run-time
US8898806B1 (en) 2011-12-15 2014-11-25 Symantec Corporation Systems and methods for protecting services
US8966576B2 (en) * 2012-02-27 2015-02-24 Axiomatics Ab Provisioning access control using SDDL on the basis of a XACML policy
US8875302B2 (en) 2012-05-15 2014-10-28 International Business Machines Corporation Classification of an electronic document
US8832848B1 (en) * 2012-07-26 2014-09-09 Symantec Corporation Systems and methods for content-aware access control
EP2696303B1 (en) * 2012-08-03 2017-05-10 Alcatel Lucent Mandatory access control (MAC) in virtual machines
US8990883B2 (en) * 2013-01-02 2015-03-24 International Business Machines Corporation Policy-based development and runtime control of mobile applications
US9530020B2 (en) * 2013-01-22 2016-12-27 Amazon Technologies, Inc. Use of freeform metadata for access control
US9576141B2 (en) 2013-01-22 2017-02-21 Amazon Technologies, Inc. Access controls on the use of freeform metadata
US10341281B2 (en) * 2013-01-22 2019-07-02 Amazon Technologies, Inc. Access control policies associated with freeform metadata
EP2948840B1 (en) * 2013-01-22 2020-08-12 Amazon Technologies, Inc. Use of freeform metadata for access control
US20140379915A1 (en) * 2013-06-19 2014-12-25 Cisco Technology, Inc. Cloud based dynamic access control list management architecture
CN103427998B (zh) * 2013-08-20 2016-12-28 航天恒星科技有限公司 一种面向互联网数据分发的身份验证和数据加密方法
US20150235049A1 (en) * 2014-02-20 2015-08-20 International Business Machines Corporation Maintaining Data Privacy in a Shared Data Storage System
GB2527285B (en) * 2014-06-11 2021-05-26 Advanced Risc Mach Ltd Resource access control using a validation token
US10454970B2 (en) * 2014-06-30 2019-10-22 Vescel, Llc Authorization of access to a data resource in addition to specific actions to be performed on the data resource based on an authorized context enforced by a use policy
GB2565734B (en) * 2014-09-14 2019-05-29 Sophos Ltd Labeling computing objects for improved threat detection
US9967283B2 (en) 2014-09-14 2018-05-08 Sophos Limited Normalized indications of compromise
US10122687B2 (en) 2014-09-14 2018-11-06 Sophos Limited Firewall techniques for colored objects on endpoints
US10965711B2 (en) 2014-09-14 2021-03-30 Sophos Limited Data behavioral tracking
US9537841B2 (en) 2014-09-14 2017-01-03 Sophos Limited Key management for compromised enterprise endpoints
US9967264B2 (en) 2014-09-14 2018-05-08 Sophos Limited Threat detection using a time-based cache of reputation information on an enterprise endpoint
US9967282B2 (en) 2014-09-14 2018-05-08 Sophos Limited Labeling computing objects for improved threat detection
US9965627B2 (en) 2014-09-14 2018-05-08 Sophos Limited Labeling objects on an endpoint for encryption management
US9992228B2 (en) 2014-09-14 2018-06-05 Sophos Limited Using indications of compromise for reputation based network security
US9396343B2 (en) * 2014-10-20 2016-07-19 International Business Machines Corporation Policy access control lists attached to resources
US10277522B1 (en) * 2014-11-26 2019-04-30 Amazon Technologies, Inc. Automated association of computing resources with resource creators for usage allocation
CN105871577A (zh) * 2015-01-22 2016-08-17 阿里巴巴集团控股有限公司 资源权限管理方法及装置
CN104809405B (zh) * 2015-04-24 2018-06-01 广东电网有限责任公司信息中心 基于分级分类的结构化数据资产防泄露方法
CN104866780B (zh) * 2015-04-24 2018-01-05 广东电网有限责任公司信息中心 基于分级分类的非结构化数据资产防泄露方法
US20170170990A1 (en) * 2015-12-15 2017-06-15 Microsoft Technology Licensing, Llc Scalable Tenant Networks
US10609042B2 (en) * 2016-02-15 2020-03-31 Cisco Technology, Inc. Digital data asset protection policy using dynamic network attributes
US10659466B2 (en) 2016-03-22 2020-05-19 Microsoft Technology Licensing, Llc Secure resource-based policy
CN107968798B (zh) * 2016-10-19 2023-04-07 中兴通讯股份有限公司 一种网管资源标签获取方法、缓存同步方法、装置及系统
US10713355B2 (en) * 2016-10-21 2020-07-14 Qatar University Method and system for adaptive security in cloud-based services
US10523590B2 (en) 2016-10-28 2019-12-31 2236008 Ontario Inc. Channel-based mandatory access controls
KR102725130B1 (ko) 2016-11-21 2024-11-04 삼성전자주식회사 효율적인 리소스 관리를 위한 전자 장치 및 이의 방법
US10521599B2 (en) * 2017-02-28 2019-12-31 2236008 Ontario Inc. Label transition for mandatory access controls
CN106991013B (zh) * 2017-04-18 2018-09-07 腾讯科技(深圳)有限公司 一种对资源请求进行处理的方法及装置
US10491584B2 (en) * 2017-05-22 2019-11-26 General Electric Company Role-based resource access control
US10491635B2 (en) * 2017-06-30 2019-11-26 BlueTalon, Inc. Access policies based on HDFS extended attributes
US10846263B2 (en) * 2017-09-22 2020-11-24 Microsoft Technology Licensing, Llc Systems and methods for implementing content aware file management labeling
US10819652B2 (en) * 2018-07-02 2020-10-27 Amazon Technologies, Inc. Access management tags
US10540207B1 (en) * 2018-07-18 2020-01-21 International Business Machines Corporation Fast, low memory, consistent hash using an initial distribution
US11212312B2 (en) * 2018-08-09 2021-12-28 Microsoft Technology Licensing, Llc Systems and methods for polluting phishing campaign responses
US11481377B2 (en) * 2018-10-30 2022-10-25 Microsoft Technology Licensing, Llc Compute-efficient effective tag determination for data assets
CN109726572A (zh) * 2018-12-28 2019-05-07 中国移动通信集团江苏有限公司 数据管控方法、装置、设备、计算机存储介质及系统
EP3751812B1 (en) * 2019-06-10 2022-10-26 Nokia Technologies Oy Resource access
US11328089B2 (en) 2019-09-20 2022-05-10 International Business Machines Corporation Built-in legal framework file management
US11321488B2 (en) * 2019-09-20 2022-05-03 International Business Machines Corporation Policy driven data movement
US11443056B2 (en) 2019-09-20 2022-09-13 International Business Machines Corporation File access restrictions enforcement
US11327665B2 (en) 2019-09-20 2022-05-10 International Business Machines Corporation Managing data on volumes
US11580239B2 (en) * 2019-10-22 2023-02-14 Microsoft Technology Licensing, Llc Controlling access to cloud resources in data using cloud-enabled data tagging and a dynamic access control policy engine
CN111064701A (zh) * 2019-11-08 2020-04-24 浪潮电子信息产业股份有限公司 一种共享数据安全访问控制方法、装置、设备、介质
US11334672B2 (en) * 2019-11-22 2022-05-17 International Business Machines Corporation Cluster security based on virtual machine content
CN111259417A (zh) * 2020-01-13 2020-06-09 奇安信科技集团股份有限公司 文件处理方法及装置
CN113381969B (zh) * 2020-03-09 2023-06-27 北京达佳互联信息技术有限公司 资源访问控制方法、装置及设备和存储介质
US11797702B2 (en) * 2021-03-11 2023-10-24 EMC IP Holding Company LLC Access control rights assignment capabilities utilizing a new context-based hierarchy of data based on new forms of metadata
US12326931B2 (en) 2021-06-29 2025-06-10 EMC IP Holding Company LLC Malicious data access as highlighted graph visualization
US11983192B1 (en) 2021-12-31 2024-05-14 Capital Rx, Inc. Computing technologies for data organization based on tags
JP7765871B2 (ja) * 2022-03-28 2025-11-07 パナソニックオートモーティブシステムズ株式会社 情報処理装置及び情報処理装置の制御方法
CN115758330A (zh) * 2022-11-21 2023-03-07 统信软件技术有限公司 沙箱应用权限管控策略的配置方法及访问权限的管控方法
WO2024143726A1 (en) * 2022-12-26 2024-07-04 Samsung Electronics Co., Ltd. An electronic device for managing access to an application and method thereof
CN116701304B (zh) * 2023-07-06 2023-11-03 北京应天海乐科技发展有限公司 用于自助设备的文件管理方法、装置、设备及存储介质
US20250133073A1 (en) * 2023-10-20 2025-04-24 Sap Se Data classification framework

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1782943A (zh) * 2004-10-01 2006-06-07 微软公司 集成访问授权
CN101114295A (zh) * 2007-08-11 2008-01-30 腾讯科技(深圳)有限公司 检索在线广告资源的方法和装置

Family Cites Families (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3976009A (en) * 1974-04-24 1976-08-24 Delgado Manuel M Composite cast structure and process for manufacture of same
US5052040A (en) 1990-05-25 1991-09-24 Micronyx, Inc. Multiple user stored data cryptographic labeling system and method
US5889952A (en) * 1996-08-14 1999-03-30 Microsoft Corporation Access check system utilizing cached access permissions
US5991877A (en) 1997-04-03 1999-11-23 Lockheed Martin Corporation Object-oriented trusted application framework
US7035850B2 (en) * 2000-03-22 2006-04-25 Hitachi, Ltd. Access control system
US7185192B1 (en) * 2000-07-07 2007-02-27 Emc Corporation Methods and apparatus for controlling access to a resource
JP3790661B2 (ja) * 2000-09-08 2006-06-28 インターナショナル・ビジネス・マシーンズ・コーポレーション アクセス制御システム
US6928427B2 (en) 2001-03-09 2005-08-09 Arcot Systems, Inc. Efficient computational techniques for authorization control
US7016893B2 (en) * 2001-05-29 2006-03-21 Sun Microsystems, Inc. Method and system for sharing entry attributes in a directory server using class of service
US6895503B2 (en) * 2001-05-31 2005-05-17 Contentguard Holdings, Inc. Method and apparatus for hierarchical assignment of rights to documents and documents having such rights
US7069330B1 (en) * 2001-07-05 2006-06-27 Mcafee, Inc. Control of interaction between client computer applications and network resources
US7380271B2 (en) * 2001-07-12 2008-05-27 International Business Machines Corporation Grouped access control list actions
US7124192B2 (en) 2001-08-30 2006-10-17 International Business Machines Corporation Role-permission model for security policy administration and enforcement
US7092942B2 (en) * 2002-05-31 2006-08-15 Bea Systems, Inc. Managing secure resources in web resources that are accessed by multiple portals
JP2004017569A (ja) * 2002-06-19 2004-01-22 Fuji Xerox Co Ltd インクジェット記録方法
US20040073668A1 (en) 2002-10-10 2004-04-15 Shivaram Bhat Policy delegation for access control
GB0425113D0 (en) * 2004-11-13 2004-12-15 Ibm A method of determining access rights to IT resources
CN100490387C (zh) * 2004-12-28 2009-05-20 北京邮电大学 用于应用服务器的基于令牌的细粒度访问控制系统及方法
US7593942B2 (en) 2004-12-30 2009-09-22 Oracle International Corporation Mandatory access control base
US20060230282A1 (en) * 2005-04-06 2006-10-12 Hausler Oliver M Dynamically managing access permissions
US7475138B2 (en) * 2005-06-23 2009-01-06 International Business Machines Corporation Access control list checking
US7779265B2 (en) * 2005-12-13 2010-08-17 Microsoft Corporation Access control list inheritance thru object(s)
US8621549B2 (en) 2005-12-29 2013-12-31 Nextlabs, Inc. Enforcing control policies in an information management system
US8677499B2 (en) * 2005-12-29 2014-03-18 Nextlabs, Inc. Enforcing access control policies on servers in an information management system
US9942271B2 (en) * 2005-12-29 2018-04-10 Nextlabs, Inc. Information management system with two or more interactive enforcement points
US8875218B2 (en) * 2005-12-29 2014-10-28 Nextlabs, Inc. Deploying policies and allowing off-line policy evaluations
US7716240B2 (en) * 2005-12-29 2010-05-11 Nextlabs, Inc. Techniques and system to deploy policies intelligently
WO2007089786A2 (en) * 2006-01-30 2007-08-09 Sudhakar Govindavajhala Identifying unauthorized privilege escalations
JP2007293630A (ja) 2006-04-25 2007-11-08 Toshiba Corp アクセス制御方法およびこれを用いたデータベースシステム
US20080034438A1 (en) 2006-08-07 2008-02-07 International Business Machines Corporation Multiple hierarchy access control method
JP5270863B2 (ja) * 2007-06-12 2013-08-21 キヤノン株式会社 データ管理装置及び方法
US20090055937A1 (en) * 2007-08-22 2009-02-26 Samuel Ehab M System, Method and Machine-Readable Medium for Periodic Software Licensing
US7934249B2 (en) * 2007-08-27 2011-04-26 Oracle International Corporation Sensitivity-enabled access control model
US9292305B2 (en) 2008-01-14 2016-03-22 International Business Machines Corporation Declarative instance based access control for application resources with persisted attributes and state
US8839344B2 (en) 2008-01-28 2014-09-16 Microsoft Corporation Access policy analysis
CN101448002B (zh) 2008-12-12 2011-12-14 北京大学 一种数字资源的访问方法及设备
US9270679B2 (en) * 2009-06-23 2016-02-23 Yahoo! Inc. Dynamic access control lists

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1782943A (zh) * 2004-10-01 2006-06-07 微软公司 集成访问授权
CN101114295A (zh) * 2007-08-11 2008-01-30 腾讯科技(深圳)有限公司 检索在线广告资源的方法和装置

Also Published As

Publication number Publication date
EP2502144B1 (en) 2016-04-20
WO2011062743A2 (en) 2011-05-26
US20110126281A1 (en) 2011-05-26
JP5722337B2 (ja) 2015-05-20
KR20120117018A (ko) 2012-10-23
CN102667719A (zh) 2012-09-12
WO2011062743A3 (en) 2011-08-18
EP2502144A4 (en) 2013-05-22
US9038168B2 (en) 2015-05-19
KR101751088B1 (ko) 2017-06-26
JP2013511770A (ja) 2013-04-04
HK1173537A1 (en) 2013-05-16
EP2502144A2 (en) 2012-09-26

Similar Documents

Publication Publication Date Title
CN102667719B (zh) 基于资源属性控制资源访问
CN100504714C (zh) 使用个人标识信息标签和目的服务功能集合的pii数据访问控制工具的实现和使用
US7730094B2 (en) Scoped access control metadata element
US7599907B2 (en) Method and system applying policy on screened files
EP1946238B1 (en) Operating system independent data management
US9213843B2 (en) Analyzing access control configurations
CN1773417B (zh) 聚集反病毒软件应用程序的知识库的系统和方法
US8281410B1 (en) Methods and systems for providing resource-access information
US20090222879A1 (en) Super policy in information protection systems
US20080222719A1 (en) Fine-Grained Authorization by Traversing Generational Relationships
WO2006069866A1 (en) Automatic enforcement of obligations according to a data-handling policy
CN102542412A (zh) 有范围的资源授权策略
Ghani et al. A Pursuit of Sustainable Privacy Protection in Big Data Environment by an Optimized Clustered-Purpose Based Algorithm.
US9329784B2 (en) Managing policies using a staging policy and a derived production policy
HK1173537B (en) Controlling resource access based on resource properties
Margheri et al. On properties of policy-based specifications
Ferrari Access Control
Moldovan et al. ABOUT INTEGRITY IN SECURITY MODELS

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1173537

Country of ref document: HK

ASS Succession or assignment of patent right

Owner name: MICROSOFT TECHNOLOGY LICENSING LLC

Free format text: FORMER OWNER: MICROSOFT CORP.

Effective date: 20150729

C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20150729

Address after: Washington State

Applicant after: Micro soft technique license Co., Ltd

Address before: Washington State

Applicant before: Microsoft Corp.

C14 Grant of patent or utility model
GR01 Patent grant
REG Reference to a national code

Ref country code: HK

Ref legal event code: GR

Ref document number: 1173537

Country of ref document: HK