CN104715175A - Computer system safety protection method and device - Google Patents
Computer system safety protection method and device Download PDFInfo
- Publication number
- CN104715175A CN104715175A CN201510128000.4A CN201510128000A CN104715175A CN 104715175 A CN104715175 A CN 104715175A CN 201510128000 A CN201510128000 A CN 201510128000A CN 104715175 A CN104715175 A CN 104715175A
- Authority
- CN
- China
- Prior art keywords
- access
- node
- track
- request
- data space
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a computer system safety protection method and device. The method includes the steps that all operation objects related to visit are abstracted to nodes in data space, and all the nodes are provided with coordinate values in the data space; the visit tracks corresponding to all the nodes are determined according to the coordinate values of all the nodes in the data space; a visit request of the first node is received, whether the visit is allowed or not is judged according to the corresponding visit track of the first node, and if yes, the visit is allowed; the safety protection of a computer system is achieved according to the scheme.
Description
Technical field
The present invention relates to field of computer technology, particularly a kind of safety protecting method of computer system and device.
Background technology
Increasingly sophisticated along with computer operating system, kind, the application program of peripheral hardware terminal are increasing, popularizing especially along with internet, the Cyberthreat pressure that computer operating system faces increases sharply day by day, makes the security of computer operating system more and more be difficult to ensure.
At present, authorized management mechanism can be adopted to carry out priority assignation between visitor and interviewee, but there are some common leaks in current authorized management mechanism.Such as, the authority that user Person A has form Table B in accessing database 1 is set, the authority that application A PP C has form Table D in accessing database 1 is set, but Person A does not have the authority of access Table D, if Person A can visit Table D by running APP C, as long as Person A has the authority of access APP C, namely can bypass this authorized management mechanism, get the content in Table D.For another example, the authority that application A does not have access file B is set, if but user by application A with administrator mode run after, then application A can walk around traditional authorized management mechanism easily, successfully reads the content in file B.
Therefore, be badly in need of proposing a kind of authorized management mechanism, to ensure the security protection of computer system.
Summary of the invention
In view of this, the invention provides a kind of safety protecting method and device of computer system, to realize the security protection of computer system.
The invention provides a kind of safety protecting method of computer system, comprising:
By abstract to the relevant each operand of access be node in data space, each node has the coordinate figure in described data space;
According to the coordinate figure of each node in described data space, determine the access track that each node is corresponding;
Receive the request of access to first node, the access track corresponding according to described first node, judges whether to allow this to access, and if so, then allows this to access.
Preferably, comprise further: in advance according to the kind of operand, set each generic operation object at the abstract coordinate figure for corresponding node in data space, and according to the coordinate figure of setting perform described by abstract for each operand relevant to access be node in data space; Wherein, same class operand is abstract is that node corresponding in data space is positioned at same layer;
Described kind comprises: one or more in hardware classes, data class, user class, software class, class of operation.
Preferably, describedly to comprise to the relevant operand of access: any one or more in equipment, data, application program, user, interface, parameter, operation.
Preferably, the described access track corresponding according to described first node, judges whether to allow this access to comprise:
Determine the second access track that described request of access is corresponding;
Contrast the first access track corresponding to described first node and described the second access track determined, if identical, then allow this to access; Otherwise refuse this access.
Preferably, the second access track that described request of access is corresponding comprises: initiate node corresponding to the equipment of this request of access, send the interface corresponding node of this request of access, the annexation of node that the routing device of this request of access process is corresponding and each node.
Present invention also offers a kind of safety device of computer system, comprising:
Abstraction unit, for by abstract to the relevant each operand of access be node in data space, each node has the coordinate figure in described data space;
Determining unit, for according to the coordinate figure of each node in described data space, determines the access track that each node is corresponding;
Judging unit, for receiving the request of access to first node, the access track corresponding according to described first node, judges whether to allow this to access, and if so, then allows this to access.
Preferably, shown abstraction unit, for the kind in advance according to operand, set each generic operation object at the abstract coordinate figure for corresponding node in data space, and according to the coordinate figure of setting perform described by abstract for each operand relevant to access be node in data space; Wherein, same class operand is abstract is that node corresponding in data space is positioned at same layer; Described kind comprises: one or more in hardware classes, data class, user class, software class, class of operation.
Preferably, describedly to comprise to the relevant operand of access: any one or more in equipment, data, application program, user, interface, parameter, operation.
Preferably, described judging unit, for determining the second access track that described request of access is corresponding; Contrast the first access track corresponding to described first node and described the second access track determined, if identical, then allow this to access; Otherwise refuse this access.
Preferably, the second access track that described request of access is corresponding comprises: initiate node corresponding to the equipment of this request of access, send the interface corresponding node of this request of access, the annexation of node that the routing device of this request of access process is corresponding and each node.
Embodiments provide a kind of safety protecting method and device of computer system, by by abstract for operand be node in data space, make each node in data space, have corresponding coordinate figure, thus the access track of each node of node sets with coordinate figure can be utilized, when receiving request of access, can determine whether to allow access by the access track corresponding according to this node, thus ensure that the security protection of computer system.
Accompanying drawing explanation
Fig. 1 is the method flow diagram that the embodiment of the present invention provides;
Fig. 2 is the method flow diagram that another embodiment of the present invention provides;
Fig. 3 is the hardware structure figure of the device place equipment that the embodiment of the present invention provides;
Fig. 4 is the apparatus structure schematic diagram that the embodiment of the present invention provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described.Obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
As shown in Figure 1, embodiments provide a kind of safety protecting method of computer system, the method can comprise the following steps:
Step 101: by abstract to the relevant each operand of access be node in data space, each node has the coordinate figure in described data space.
Step 102: according to the coordinate figure of each node in described data space, determines the access track that each node is corresponding.
Step 103: receive the request of access to first node, the access track corresponding according to described first node, judges whether to allow this to access, and if so, then allows this to access.
According to such scheme, by by abstract for operand be node in data space, make each node in data space, have corresponding coordinate figure, thus the access track of each node of node sets with coordinate figure can be utilized, when receiving request of access, can determine whether to allow access by the access track corresponding according to this node, thus ensure that the security protection of computer system.
In embodiments of the present invention, be not only be node in data space to device abstract, but be the node in data space by any one or more abstract in equipment, data, application program, user, interface, parameter, so just can set the access track of any one node in other nodes to computer system, thus ensure the security protection of computer system.
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with drawings and the specific embodiments, the present invention is described in further detail.
As shown in Figure 2, embodiments provide a kind of safety protecting method of computer system, the method can comprise the following steps:
Step 201: determine each operand relevant to access, and according to the kind of operand, set each generic operation object abstract be the coordinate figure in data space during corresponding node, and according to the coordinate figure of setting by abstract for each operand relevant to access be node in data space.
In the present embodiment, in order to the operand limiting access to computer system, the concept of various dimensions spatial digitalized can be utilized, by abstract to the relevant each operand of access be the node of data space, like this, just can using these operands as the point of in data space, thus the setting of the authority that can conduct interviews to these nodes more easily.In the present embodiment, operand can be the factor that any one follows that access is relevant.Be hopeful can the factor of limiting access, can abstractly be a node.Such as, any one or more in equipment, data, application program, user, interface, parameter, operation.
First, the coordinate figure of each operand when the abstract node in data space is needed to pre-set.
In the present embodiment, can arrange according to the coordinate figure of the distance in reality between operand to node, the coordinate figure of node also can be self-definedly set, also can be arranged coordinate figure by the kind of operand.Wherein, the kind of operand can be divided into hardware classes, data class, user class, software class and class of operation, so each generic operation object can be positioned at same layer abstract for node corresponding in data space.Such as, for the x-axis, y-axis and z-axis of data space coordinates, the order to the positive dirction of z-axis from data space coordinates z-axis from coordinate figure 0, set gradually the ground floor that hardware classes is positioned at data space coordinates, as z value is 0, data class is positioned at the second layer of data space coordinates, as z value is 1, user class is positioned at the third layer of data space coordinates, as z value is 2, software class is positioned at the 4th layer of data space coordinates, as z value is 3, class of operation is positioned at the layer 5 of data space coordinates, as z value is 4.When the coordinate figure of each node of concrete setting, can also according to the restrict access of setting to the Node configuration coordinate figure on every one deck, if node on the same layer conducts interviews, the Node configuration that this can be conducted interviews is in the adjacent position of same layer, if there is no the relation of restrict access between the node on same layer, so the Node configuration of this access can be separated by the position of a position etc. at same layer, rule to be specifically set and to be arranged according to custom by user.Illustrate, the coordinate figure of usb 1 can be set as (0,0,0), the coordinate figure of USB interface 2 is (1,0,0) coordinate figure of user A can, be set as (1,0,2), the coordinate figure of document 1 is (1,2,1), the coordinate figure of read-write operation is (3,2,4) etc.
Then, according to the coordinate figure of setting, by abstract to the relevant operand of access be node in data space, abstract node is identical with the corresponding coordinate figure set.
Step 202: according to the coordinate figure of each node in data space, determines the access track that each node is corresponding.
In the present embodiment, in order to protect the safety of computer system, need to associate access track corresponding to each node, by setting this access track, the access of any this node of access, all needs to conduct interviews restriction according to the access track of this setting.Wherein, the setting of this access track can be do not allow this access track to access this node, also can be only allow this access track to access this node, specifically be set as that this access track is allowed to access or is not allowed to access, only need at the enterprising line identifier of access track of setting.
Wherein, in order to the association of the track that realizes conducting interviews to each node, can by abstract tracks turned in data space of data manipulation such as the association between each node, control, mandates, such as, node 1, so just can according to these three nodes by node 2 access node 3, divide other coordinate figure, as, node 1 (1,0,2), node 2 (2,5,3), node 3 (3,2,0), associated access track is (1,0,2)-(2,5,3)-(3,2,0).Like this, just define access track to node 3, namely node 3 allows this access track to conduct interviews.
According to the above-mentioned explanation carried out the association of access track, illustrate the access track that can associate in the present embodiment below, wherein, the access track of association can comprise:
1, the Office Word in setting data storehouse is as the node of setting access track, and wherein, this node allows following access track to conduct interviews: the read-write operation of user A; This access track can be set as: Administrator A To Office Word With W/R.
2, arrange the node of USB port as setting access track, this node allows following access track to conduct interviews: the access of user A, and this access track can be set as: Administrator A To USBPort.In the present embodiment, if designated user A is not to the W/R authority of USB port, this place Administrator A is defaulted as user A and has administrator right to USB port, if access track is Guest A To USB Port, so this place Guest A is defaulted as user A and has temporary authority to USB port.
3, the node of form B as setting access track be set, this node allows following access track to conduct interviews: user A utilizes application program C to conduct interviews, and this access track can be set as: Administrator A To Office Excel B With APP C.
Step 203: show the access track that each node is associated, and whether associate correctly according to displaying content authentication access track, and when check results is associated errors, the access track of associated errors is adjusted, verification is proceeded to the access track after adjustment, until check results is correct for associating.
In the present embodiment, correct in order to ensure the access track that user view associates, can show the access track of user-association, wherein, this access track can be shown in the form of a list, to make user according to showing that content realizes the verification to access track.Wherein, can add by carrying out knot removal operation, node compiles operation or node to the association track needing the access track of adjustment to limit the adjustment that operation realizes access track.
Such as, when verifying access track, in verification access track 1, being intended that of user arranges user A and can be the document of * .docx and realize read-write by the Office Word suffix in accessing database, so need to adjust this access track 1, namely, in access track 1, increase node, forming correct access track is: Administrator A To Office Word To*.docx With W/R.
Step 204: utilize the correct access track of verification to monitor in real time.
In the present embodiment, after the verification of access track terminates, the correct access path implementation of verification namely can be utilized to monitor in real time.
In the present embodiment, monitoring in real time can be realized by calling following function:
S1: call function SpaceRulesManager (), initialization space rights manager.
Wherein, namely initialized process is the process of associated access track.
S2: call function ReadSystemEnvironment (), distinguish the configuration list of loading calculation machine system, application manifest and hardware device inventory.
Wherein, configuration list can comprise software program environment and hardware device environment; Software program environment can comprise following information: one or more in available communication ports list, available communications protocols list, trusted application identification certificate, user identity identification certificate, user behavior identification certificate and enciphered data identification certificate.Hardware device environment can comprise following information: one or more in system built in hardware recognition of devices certificate, USB peripheral hardware identification certificate, COM peripheral hardware identification certificate and other peripheral hardware identification certificates.In addition, all application programs related in access rule are included in application manifest.The all hardware equipment related in access rule is included in hardware device inventory.
In the present embodiment, the software program environment in configuration list and hardware device environment, for carrying out the identification in multidimensional space to the software program of computer system and hardware device.
S3: call function ReadUserProfiles (), load the access track of association.
S4: call function CreateSpaceManageRules (), according to the access track loaded, create with access relevant each node allow the access track of accessing, and show user to carry out preview in the form of a list access track.
S5: when user needs to adjust these access tracks, then can manually connect different nodes, click after confirming and return step S4, otherwise enter step S6.
S6: call function ApplySpaceManageRules (), is applied to access rule in the node manager of Spatial Data Model.
S7: call function CreateSpaceRulesManagerHandle (), create space access model management process, start supervisory system.
S8: call function InitHardwareManager (), initiating hardware management thread.
S9: call function InitNetwareManager (), initialization network management thread.
S10: call function InitSoftwareManager (), initializers management thread.
S11: call function LisenceManager (), create system monitoring thread.
Step 205: when receiving the request of access to node 1, according to the access track of node 1 correspondence, judges whether to allow this to access, and if so, then performs step 206, otherwise, perform step 207.
In order to ensure the safety of computer system, when monitoring the request of access to node 1, need to verify the access rights of this request of access, that is, utilize the access track that node 1 is associated, whether the access track associated node 1 is met to the track of this request of access, if identical, this is then allowed to access, otherwise, refuse this access.
In the present embodiment, the track of this request of access comprises: initiate node corresponding to the equipment of this request of access, send the interface corresponding node of this request of access, the annexation of node that the routing device of this request of access process is corresponding and each node.
In the present embodiment, the track of this request of access can be obtained: from the information entrained by request of access, obtain the track sending described request of access by following manner, wherein, when capturing the behavior that request of access is sent out or forwards at every turn, capture the XM performing the behavior, and the information of this XM is added in request of access.
Such as, when capturing node and sending the behavior of this access message, capturing the executor sending this request of access is start node, and e.g., user A, so, adds in request of access by the mark of user A, for characterizing the mark that this is designated start node; When capturing the behavior forwarding this request of access, grabbing executor is application program C, so, the mark of application program C is added in request of access, being designated track for characterizing this, therefore, can determining track according to the information of carrying in request of access.
Step 206: allow this to access.
Step 207: refuse this access.
According to such scheme, by by abstract for operand be node in data space, make each node in data space, have corresponding coordinate figure, thus the access track of each node of node sets with coordinate figure can be utilized, when receiving request of access, can determine whether to allow access by the access track corresponding according to this node, thus ensure that the security protection of computer system.
As shown in Figure 3, Figure 4, a kind of safety device of computer system is embodiments provided.Device embodiment can pass through software simulating, also can be realized by the mode of hardware or software and hardware combining.Say from hardware view; as shown in Figure 3; for a kind of hardware structure diagram of the safety device place equipment of embodiment of the present invention computer system; except the processor shown in Fig. 3, internal memory, network interface and nonvolatile memory; in embodiment, the equipment at device place can also comprise other hardware usually, as the forwarding chip etc. of responsible process message.For software simulating, as shown in Figure 4, as the device on a logical meaning, be by the CPU of its place equipment, computer program instructions corresponding in nonvolatile memory is read operation in internal memory to be formed.The safety device 40 of the computer system that the present embodiment provides comprises:
Abstraction unit 401, for by abstract to the relevant each operand of access be node in data space, each node has the coordinate figure in described data space;
Determining unit 402, for according to the coordinate figure of each node in described data space, determines the access track that each node is corresponding;
Judging unit 403, for receiving the request of access to first node, the access track corresponding according to described first node, judges whether to allow this to access, and if so, then allows this to access.
Further, shown abstraction unit 401, for the kind in advance according to operand, set each generic operation object at the abstract coordinate figure for corresponding node in data space, and according to the coordinate figure of setting perform described by abstract for each operand relevant to access be node in data space; Wherein, same class operand is abstract is that node corresponding in data space is positioned at same layer; Described kind comprises: one or more in hardware classes, data class, user class, software class, class of operation.
Further, describedly to comprise to the relevant operand of access: any one or more in equipment, data, application program, user, interface, parameter, operation.
Further, described judging unit 403, for determining the second access track that described request of access is corresponding; Contrast the first access track corresponding to described first node and described the second access track determined, if identical, then allow this to access; Otherwise refuse this access.
Further, the second access track that described request of access is corresponding comprises: initiate node corresponding to the equipment of this request of access, send the interface corresponding node of this request of access, the annexation of node that the routing device of this request of access process is corresponding and each node.
Embodiments of the invention at least have following beneficial effect:
1, by by abstract for operand be node in data space, make each node in data space, have corresponding coordinate figure, thus the access track of each node of node sets with coordinate figure can be utilized, when receiving request of access, can determine whether to allow access by the access track corresponding according to this node, when accessing unauthorized node when there being operation attempt to walk around access track, the present embodiment can find this attempt easily, and stop this operation behavior in time, thus ensure that the security protection of computer system.
2, can by be hopeful can the factor of limiting access all abstract be node, thus by equipment, data, application program, user, interface, parameter, operate these and do not belong to the unification of of a sort operand together, and the material elements of limiting access needs use can be embodied by track, thus the setting of the track that can conduct interviews to these nodes more easily, and then behavior of accessing between these access track with nodes is echoed mutually, finally define a kind of integration, complete seamless security protection module, thus the security protection achieved computer system.
Such as, when in prior art, user A attempts to access by authorized applications C the form D do not authorized to user A, according in access track, the present embodiment can judge that the access track of Administrator AToAPP CTo Excel D comprises the authority that user A does not have pro forma interview sheet D, therefore, this access behavior is stopped.
Same, when user wants the runlevel by promoting application A in prior art, thus not there is get around application A that access rights limit while the authority of access file B, the present embodiment also can judge by the start node obtaining this access behavior that this access behavior does not have the authority of access file B, thus stops this access behavior.
As mentioned above, the safety protecting method that the present embodiment provides not is using a kind of behavior of user as foundation, but needs each walking contrasted in whole access process to be the restriction whether meeting access track.Such as, user A can access file B, but is only limitted to use organizer program access, and other any unfolding mode are all unallowed.Such safety protecting method farthest can reduce the possibility that illegal invasion person uses third-party application leak access system sensitive information, also can offset user as much as possible and put forward the information leakage that power behavior caused by abusing.
The content such as information interaction, implementation between each unit in the said equipment, due to the inventive method embodiment based on same design, particular content can see in the inventive method embodiment describe, repeat no more herein.
It should be noted that, in this article, the relational terms of such as first and second and so on is only used for an entity or operation to separate with another entity or operational zone, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or equipment and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or equipment.When not more restrictions, the key element " being comprised " limited by statement, and be not precluded within process, method, article or the equipment comprising described key element and also there is other same factor.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can have been come by the hardware that programmed instruction is relevant, aforesaid program can be stored in the storage medium of embodied on computer readable, this program, when performing, performs the step comprising said method embodiment; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium in.
Finally it should be noted that: the foregoing is only preferred embodiment of the present invention, only for illustration of technical scheme of the present invention, be not intended to limit protection scope of the present invention.All any amendments done within the spirit and principles in the present invention, equivalent replacement, improvement etc., be all included in protection scope of the present invention.
Claims (10)
1. a safety protecting method for computer system, is characterized in that, comprising:
By abstract to the relevant each operand of access be node in data space, each node has the coordinate figure in described data space;
According to the coordinate figure of each node in described data space, determine the access track that each node is corresponding;
Receive the request of access to first node, the access track corresponding according to described first node, judges whether to allow this to access, and if so, then allows this to access.
2. method according to claim 1, it is characterized in that, comprise further: in advance according to the kind of operand, set each generic operation object at the abstract coordinate figure for corresponding node in data space, and according to the coordinate figure of setting perform described by abstract for each operand relevant to access be node in data space; Wherein, same class operand is abstract is that node corresponding in data space is positioned at same layer;
Described kind comprises: one or more in hardware classes, data class, user class, software class, class of operation.
3. method according to claim 1, is characterized in that, describedly comprises to the relevant operand of access: any one or more in equipment, data, application program, user, interface, parameter, operation.
4. method according to claim 1, is characterized in that, the described access track corresponding according to described first node, judges whether to allow this access to comprise:
Determine the second access track that described request of access is corresponding;
Contrast the first access track corresponding to described first node and described the second access track determined, if identical, then allow this to access; Otherwise refuse this access.
5. method according to claim 4, it is characterized in that, the second access track corresponding to described request of access comprises: initiate node corresponding to the equipment of this request of access, send the interface corresponding node of this request of access, the annexation of node that the routing device of this request of access process is corresponding and each node.
6. a safety device for computer system, is characterized in that, comprising:
Abstraction unit, for by abstract to the relevant each operand of access be node in data space, each node has the coordinate figure in described data space;
Determining unit, for according to the coordinate figure of each node in described data space, determines the access track that each node is corresponding;
Judging unit, for receiving the request of access to first node, the access track corresponding according to described first node, judges whether to allow this to access, and if so, then allows this to access.
7. device according to claim 6, it is characterized in that, shown abstraction unit, for the kind in advance according to operand, set each generic operation object at the abstract coordinate figure for corresponding node in data space, and according to the coordinate figure of setting perform described by abstract for each operand relevant to access be node in data space; Wherein, same class operand is abstract is that node corresponding in data space is positioned at same layer; Described kind comprises: one or more in hardware classes, data class, user class, software class, class of operation.
8. device according to claim 6, is characterized in that, describedly comprises to the relevant operand of access: any one or more in equipment, data, application program, user, interface, parameter, operation.
9. device according to claim 6, is characterized in that, described judging unit, for determining the second access track that described request of access is corresponding; Contrast the first access track corresponding to described first node and described the second access track determined, if identical, then allow this to access; Otherwise refuse this access.
10. device according to claim 9, it is characterized in that, the second access track corresponding to described request of access comprises: initiate node corresponding to the equipment of this request of access, send the interface corresponding node of this request of access, the annexation of node that the routing device of this request of access process is corresponding and each node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510128000.4A CN104715175A (en) | 2015-03-23 | 2015-03-23 | Computer system safety protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510128000.4A CN104715175A (en) | 2015-03-23 | 2015-03-23 | Computer system safety protection method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104715175A true CN104715175A (en) | 2015-06-17 |
Family
ID=53414498
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510128000.4A Pending CN104715175A (en) | 2015-03-23 | 2015-03-23 | Computer system safety protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104715175A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106372525A (en) * | 2016-08-19 | 2017-02-01 | 浪潮(苏州)金融技术服务有限公司 | Secure data storage method and device |
| CN111400758A (en) * | 2020-03-16 | 2020-07-10 | 沈寿娟 | Access right verification method, device and system applied to Internet of things |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050055565A1 (en) * | 2003-09-05 | 2005-03-10 | Cedric Fournet | Reviewing the security of trusted software components |
| CN1818876A (en) * | 2005-01-19 | 2006-08-16 | 阿尔卡特公司 | System and method for executing a process on a microprocessor-enabled device |
| CN101872400A (en) * | 2009-04-24 | 2010-10-27 | 汪家祥 | Method for establishing computer information security protection capable of judging security of computer operation request according to associative relation of computing system operation request |
-
2015
- 2015-03-23 CN CN201510128000.4A patent/CN104715175A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050055565A1 (en) * | 2003-09-05 | 2005-03-10 | Cedric Fournet | Reviewing the security of trusted software components |
| CN1818876A (en) * | 2005-01-19 | 2006-08-16 | 阿尔卡特公司 | System and method for executing a process on a microprocessor-enabled device |
| CN101872400A (en) * | 2009-04-24 | 2010-10-27 | 汪家祥 | Method for establishing computer information security protection capable of judging security of computer operation request according to associative relation of computing system operation request |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106372525A (en) * | 2016-08-19 | 2017-02-01 | 浪潮(苏州)金融技术服务有限公司 | Secure data storage method and device |
| CN106372525B (en) * | 2016-08-19 | 2019-03-12 | 浪潮金融信息技术有限公司 | A kind of method and apparatus of data safety storage |
| CN111400758A (en) * | 2020-03-16 | 2020-07-10 | 沈寿娟 | Access right verification method, device and system applied to Internet of things |
| CN111400758B (en) * | 2020-03-16 | 2020-12-11 | 北京珞安科技有限责任公司 | Access right verification method, device and system applied to Internet of things |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112118224B (en) | Trusted mechanism authority management method and system for big data block chain | |
| CN103593605B (en) | A kind of Android platform application program dynamic analysis system based on authority usage behavior | |
| CN1322385C (en) | Computer architecture for executing a program in a secure or insecure mode | |
| CN108763951B (en) | Data protection method and device | |
| Musa Shuaibu et al. | Systematic review of web application security development model | |
| CN101997912A (en) | Mandatory access control device based on Android platform and control method thereof | |
| Probst et al. | Where can an insider attack? | |
| CN102622311A (en) | USB (universal serial bus) mobile memory device access control method, USB mobile memory device access control device and USB mobile memory device access control system | |
| CN102667712A (en) | System, method and apparatus for simultaneous definition and enforcement of access-control and integrity policies | |
| US11562052B2 (en) | Computing system and method for verification of access permissions | |
| Mongiovì et al. | Combining static and dynamic data flow analysis: a hybrid approach for detecting data leaks in Java applications | |
| CN104318176A (en) | Terminal and data management method and device thereof | |
| CN104361266A (en) | Copyright protection method and system of digital contents | |
| US9374377B2 (en) | Mandatory protection control in virtual machines | |
| CN104537310A (en) | Method for managing portable storage device and client terminal | |
| US10089463B1 (en) | Managing security of source code | |
| Ware et al. | Using the common criteria to elicit security requirements with use cases | |
| CN107566375B (en) | Access control method and device | |
| CN104715175A (en) | Computer system safety protection method and device | |
| CN106302414B (en) | The anti-grasping means of web site contents and device | |
| CN112470153B (en) | Secure data processing | |
| CN110472423A (en) | A kind of nuclear power station file permission management method, device and equipment | |
| CN108810002A (en) | The more CA application systems and method of safety chip | |
| Laufer et al. | Modelling data protection in fog computing systems using UMLsec and SysML-Sec | |
| Chehida et al. | Risk assessment in iot case study: Collaborative robots system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150617 |