CN107273754A - A kind of data access control method and device - Google Patents
A kind of data access control method and device Download PDFInfo
- Publication number
- CN107273754A CN107273754A CN201610218182.9A CN201610218182A CN107273754A CN 107273754 A CN107273754 A CN 107273754A CN 201610218182 A CN201610218182 A CN 201610218182A CN 107273754 A CN107273754 A CN 107273754A
- Authority
- CN
- China
- Prior art keywords
- integrity
- level
- subject
- access control
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 88
- 238000010586 diagram Methods 0.000 description 16
- 238000012360 testing method Methods 0.000 description 7
- 238000013461 design Methods 0.000 description 6
- SUBDBMMJDZJVOS-UHFFFAOYSA-N 5-methoxy-2-{[(4-methoxy-3,5-dimethylpyridin-2-yl)methyl]sulfinyl}-1H-benzimidazole Chemical compound N=1C2=CC(OC)=CC=C2NC=1S(=O)CC1=NC=C(C)C(OC)=C1C SUBDBMMJDZJVOS-UHFFFAOYSA-N 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 3
- 238000011217 control strategy Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 239000011159 matrix material Substances 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000008094 contradictory effect Effects 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
Disclosed herein is a kind of data access control method and device.Data access control method in the embodiment of the present invention includes:According to the current access operation in SOS OS, the confidentiality label be provided with advance in the complete rank of integrality label in the safe context of main body or object, the safe context of the subject and object for indicating level of security is adjusted;According to the complete rank of the subject and object after the level of security of subject and object, and adjustment, current access operation is performed.The embodiment of the present invention solves data access control mode of the prior art, due to use BLP models or BIBA models that can only be selective, so as to cause the problem of message reference can not take into account confidentiality and integrality.
Description
Technical Field
The embodiments of the present invention relate to, but not limited to, the field of computer technologies and system security, and in particular, to a method and an apparatus for controlling data access.
Background
With the development of computer technology, the application of electronic information gradually replaces the use of paper documents, and has become the main information source and storage mode of users. In view of security, to ensure the security of information assets, the industry focuses on the security, integrity and availability of information as a triple of information security.
In the multilevel security model of the security Operating System (OS), in 1973, a security access control model, i.e., a Bell-lapula (BLP) model, which is a model based on a state machine and is a basis for defining multilevel security, has been proposed by David Bell and Leonard La Padula for the confidentiality of information; for the integrity of information, an integrity access control model, the BIBA model, was proposed in 1977 by BIBA (k.j.biba), which is a mandatory access model. In the current secure OS, information is protected by the BLP model and the BIBA model, where the BLP model is designed to ensure confidentiality of information, and the implementation principle is to allow upward writing and downward reading, and prohibit upward reading and downward writing, thereby ensuring confidentiality of data; the BIBA model is designed to protect the integrity of information, and the implementation principle is to allow reading and writing down, and prohibit reading down and writing up, so as to ensure the integrity of data. Obviously, if the BLP model and the BIBA model are used together in the secure OS based on the design principle of each of the BLP model and the BIBA model, the security level and the privacy level may be high or low, and thus the access capability of the subject is severely limited. Therefore, the current secure OS can only selectively use the BLP model or the BIBA model, i.e. confidentiality and integrity of information cannot be considered.
In summary, in the data access control method in the prior art, the BLP model or the BIBA model can only be selectively used, so that the information access cannot be both confidential and complete.
Disclosure of Invention
In order to solve the above technical problems, embodiments of the present invention provide a data access control method and apparatus, so as to solve the problem that privacy and integrity cannot be considered at the same time for information access due to only selectively using a BLP model or a BIBA model in a data access control manner in the prior art.
In a first aspect, an embodiment of the present invention provides a data access control method, including:
adjusting a level of integrity of an integrity tag in a security context of a subject or an object, the security context of the subject and the object being preconfigured with a security tag indicating the level of security, according to a current access operation in a secure operating system, OS;
and executing the current access operation according to the security levels of the subject and the object and the adjusted integrity levels of the subject and the object.
In a first possible implementation manner of the first aspect, the adjusting the integrity level of the integrity tag in the security context of the subject or object includes:
when a subject with a higher integrity level executes read operation on an object with a lower integrity level, reducing the integrity level of the subject to the integrity level of the object; or,
and when the host with lower integrity level executes write operation on the object with higher integrity level, reducing the integrity level of the object to the integrity level of the host.
In a second possible implementation manner of the first aspect, the adjusting the integrity level of the integrity tag in the security context of the subject or object includes:
the integrity tag in the security context of the subject or the object is adjusted to a corresponding integrity level by modifying the integrity level indicated by the command.
According to the first aspect and any one of the first to second possible implementation manners of the first aspect, in a third possible implementation manner, before the adjusting the integrity level of the integrity tag in the security context of the subject or the object, the method further includes:
configuring the integrity tag in a security context of the subject and the object, respectively.
According to a third possible implementation manner of the first aspect, in a fourth possible implementation manner, the adding the integrity tag in the security context of the subject includes:
initializing and configuring the security context of the main body in the process of user login in the security OS;
adding the integrity tag in the security context of the subject by reading a preset subject integrity level profile.
According to a fourth possible implementation manner of the first aspect, in a fifth possible implementation manner, the main body integrity level configuration file includes a first level adjustment parameter, the "read-down" operation permission is instructed to be turned on when the first level adjustment parameter is 1, and the "read-down" operation permission is instructed to be turned off when the first level adjustment parameter is 0.
According to a fifth possible implementation manner of the first aspect, in a sixth possible implementation manner, the initial value of the first level adjustment parameter is 1.
According to a third possible implementation manner of the first aspect, in a seventh possible implementation manner, the configuring the integrity tag in the security context of the object includes:
initializing and configuring the security context of the object in the starting process of the security OS;
and configuring the integrity tag in the security context of the object by reading a preset object integrity level configuration file.
According to a seventh possible implementation manner of the first aspect, in an eighth possible implementation manner, the object integrity level configuration file includes a second level adjustment parameter, where the "write-up" operation permission is indicated to be turned on when the second level adjustment parameter is 1, and the "write-up" operation permission is indicated to be turned off when the second level adjustment parameter is 0.
In an eighth possible implementation manner of the first aspect, in a ninth possible implementation manner, the initial value of the second level adjustment parameter is 0.
In a second aspect, an embodiment of the present invention provides a data access control apparatus, where the data access control apparatus includes: the adjusting module and the access module are connected;
the adjusting module is configured to adjust the integrity level of an integrity tag in the security context of a subject or an object according to the current access operation in a security Operating System (OS), wherein the security context of the subject and the security context of the object are preconfigured with a security tag for indicating the security level;
the access module is configured to be capable of executing the current access operation according to the security levels of the subject and the object and the integrity levels of the subject and the object adjusted by the adjustment module.
In a first possible implementation manner of the second aspect, the adjusting module is configured to adjust a level of integrity of the integrity tag in the security context of the subject or object, and includes:
when a subject with a higher integrity level performs a read operation on an object with a lower integrity level, the integrity level of the subject is reduced to the integrity level of the object; or,
the method is configured to reduce the integrity level of an object to the integrity level of a subject when the subject with a lower integrity level performs a write operation to the object with a higher integrity level.
In a second possible implementation manner of the second aspect, the adjusting module is configured to adjust a level of integrity of the integrity tag in the security context of the subject or object, and includes:
configured to enable adjustment of an integrity tag in a secure context of the subject or the object to a corresponding level of integrity by modifying the level of integrity indicated by the command.
According to the second aspect and any one of the first to second possible implementation manners of the second aspect, in a third possible implementation manner, the data access control apparatus further includes: a configuration module respectively connected to the adjustment module and the access module, and configured to configure the integrity tag in the security context of the subject and the object before the adjustment module adjusts the integrity level of the integrity tag in the security context of the subject or the object.
According to a third possible implementation manner of the second aspect, in a fourth possible implementation manner, the configuration module includes: the initialization unit and the configuration unit are connected;
the initialization unit is configured to perform initialization configuration on the security context of the main body in the process of user login in the secure OS;
the configuration unit is configured to add the integrity tag in the security context of the body initialized by the initialization unit by reading a preset body integrity level configuration file.
According to a fourth possible implementation manner of the second aspect, in a fifth possible implementation manner, the main body integrity level configuration file includes a first level adjustment parameter, and when the first level adjustment parameter is 1, the main body integrity level configuration file indicates to turn on the "read-down" operation permission, and when the first level adjustment parameter is 0, the main body integrity level configuration file indicates to turn off the "read-down" operation permission.
In a sixth possible implementation manner, according to the fifth possible implementation manner of the second aspect, the initial value of the first level adjustment parameter is 1.
According to a third possible implementation manner of the second aspect, in a seventh possible implementation manner, the configuration module includes: the initialization unit and the configuration unit are connected;
the initialization unit is configured to perform initialization configuration on the security context of the object in the process of starting the secure OS;
the configuration unit is configured to configure the integrity tag in the security context of the object initialized by the initialization unit by reading a preset object integrity level configuration file.
According to a seventh possible implementation manner of the second aspect, in an eighth possible implementation manner, the object integrity level configuration file includes a second level adjustment parameter, where the second level adjustment parameter indicates to turn on the "write-up" operation permission when the second level adjustment parameter is 1, and the second level adjustment parameter indicates to turn off the "write-up" operation permission when the second level adjustment parameter is 0.
In an eighth possible implementation manner of the second aspect, in a ninth possible implementation manner, the initial value of the second level adjustment parameter is 0.
According to the data access control method and device provided by the embodiment of the invention, according to the current access operation in the security OS, by adjusting the integrity level of the integrity tag in the security context of the subject or the object, the security tag indicating the security level is configured in advance in the security context, and by the adjustment, the current access operation is executed according to the security levels of the subject and the object and the adjusted integrity level; in the embodiment of the invention, the BIBA model is realized on the basis of the BLP model, the integrity label and the confidentiality label are arranged in the same security context, and the integrity level can be dynamically adjusted according to the current access operation so as to realize the application mode of the BLP model and the BIBA model coexisting, thereby solving the problem that the confidentiality and the integrity can not be considered in information access because the BLP model or the BIBA model can only be selectively used in the data access control mode in the prior art.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the example serve to explain the principles of the invention and not to limit the invention.
FIG. 1 is a diagram illustrating a data access control principle in a BLP model in the prior art;
FIG. 2 is a schematic diagram of another data access control principle in the BLP model of the prior art;
FIG. 3 is a diagram illustrating a data access control principle in a BIBA model in the prior art;
FIG. 4 is a schematic diagram of another data access control principle in the BIBA model in the prior art;
fig. 5 is a flowchart of a data access control method according to an embodiment of the present invention;
fig. 6 is a flowchart of another data access control method according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of a model application in the data access control method according to the embodiment shown in FIG. 6;
fig. 8 is a flowchart of another data access control method according to an embodiment of the present invention;
fig. 9 is a schematic diagram of an application scenario in a data access control method according to the embodiment shown in fig. 8;
fig. 10 is a schematic view of another application scenario in a data access control method according to the embodiment shown in fig. 8;
fig. 11 is a schematic structural diagram of a data access control device according to an embodiment of the present invention;
fig. 12 is a schematic structural diagram of another data access control apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.
The steps illustrated in the flow charts of the figures may be performed in a computer system such as a set of computer-executable instructions. Also, while a logical order is shown in the flow diagrams, in some cases, the steps shown or described may be performed in an order different than here.
The BLP model is a control strategy that achieves information confidentiality that restricts only reading and writing between a subject and an object. The rules for the privacy control policy are as follows:
1) the subject with low security prohibits reading the object with high security, i.e. prohibits reading upwards, as shown in fig. 1, which is a schematic diagram of a data access control principle in the BLP model in the prior art.
2) The high-security subject prohibits writing the object with low security, i.e. prohibits writing down, as shown in fig. 2, which is a schematic diagram of another data access control principle in the BLP model in the prior art.
The above rules indicate that users with low security levels are not allowed to read high-sensitivity information, nor are they allowed to write to low-sensitivity areas, i.e. information is prohibited from flowing from high levels to low levels. The security control strategy realizes the one-way circulation of information through the gradient security label, and realizes that the information can only flow from bottom to top according to the security level or flows between the same security level according to the rules of the strategy.
The BIBA model is a control strategy for achieving information integrity, which also only restricts the reading and writing between the subject and the object. The rules of the integrity control policy are as follows:
1) the subject with high integrity prohibits reading the object with low integrity, i.e. prohibits reading down, as shown in fig. 3, which is a schematic diagram of a data access control principle in the prior art BIBA model.
2) The host with low integrity prohibits writing the object with high integrity, i.e. prohibits writing, as shown in fig. 4, which is a schematic diagram of another data access control principle in the prior art BIBA model.
In practical applications, the integrity control policy is mainly to avoid the application program modifying some important system programs or system databases. The IBA model specifies that information can only flow from a high integrity level to a low integrity level, i.e. to prevent information of a low integrity level from "polluting" information of a high integrity level.
By introducing the principles of the BLP model and the BIBA model, it is obvious that the requirement of coexistence of the BLP model and the BIBA model cannot be realized in one secure OS, and because the access of the BLP model and the BIBA model is contradictory, only the BLP model or the BIBA model can be selected for use in one secure OS, i.e., the confidentiality or integrity of information must be selectively sacrificed. How to satisfy the requirements of the secure OS for information confidentiality and integrity at the same time becomes a problem that needs to be solved by common expectations in the industry at present.
The technical solution of the present invention is described in detail below with specific embodiments, the secure OS in the following embodiments of the present invention may be, for example, a Windows system, a Linux system, or another secure OS, and the terminal device executing the embodiments of the present invention may be, for example, a computer having the secure OS system. The following specific embodiments of the present invention may be combined, and the same or similar concepts or processes may not be described in detail in some embodiments.
Fig. 5 is a flowchart of a data access control method according to an embodiment of the present invention. The data access control method provided by this embodiment is suitable for use in a case of performing data read-write access, and the method may be executed by a data access control device, where the data access control device is implemented by combining hardware and software, and the device may be integrated in a processor of a terminal device for being invoked by the processor. As shown in fig. 5, the method of this embodiment may include:
s110, according to the current access operation in the security OS, adjusting the integrity level of the integrity tag in the security context of the subject or the object, wherein the security context of the subject and the object is configured with a security tag for indicating the security level in advance.
The data access control method provided by the embodiment of the invention is a mode for performing confidentiality control and integrity control when data access is performed in a secure OS. To ensure data confidentiality, the access control in embodiments of the present invention is based on a security access control model, e.g., based on the BLP model, and the secure OS divides an entity in a computer information system into two parts, a subject and an object, where the definition of the subject and the object is:
a main body: wherever operations are performed, they are called agents, such as users and processes.
Object: all the operated objects are called objects, such as files, databases and the like.
The secure OS also configures a security context (secure context) for each of the host and the object, where the security context is a security description of the host or the object, and is stored in an index node (inode) of the file, similar to the rwx authority of the file system. The format of the security context may be:
the user: role: type (2): a security level. Wherein, with ": the "number separates.
The format of the security context may also be expressed as:
user _ u object _ r tmp _ t sensitive attribute + classification attribute;
in the above format, User _ u is User (User), object _ r is Role (Role), tmp _ t is Type (Type), where Security Level (SL) — sensitive attribute + classification attribute, and SL may be indicated by using a Security tag, for example, by using an attribute field "s".
In this embodiment, based on the BLP model in the secure OS and the security context supporting the BLP model, a user may view the security context of a certain file by using a command "ls-Z file name", for example, view the security context of a/etc/shadow file in the file Linux system, and may input the following commands:
# ls-Z/etc/shadow; the obtained security context information is:
r- -root system _ u- -object _ r- -shadow _ t: s0-s 15/etc/shadow; the "system _ u: object _ r: show _ t: s0-s 15" is the security context format of the file show, wherein "s 0-s 15" is the security label of the file show, and represents that the SL is at a level of 0 to 15.
In the secure OS of this embodiment, the integrity tags can be classified into two categories: with and without an integrity tag. The integrity label is defined as follows:
i0< i1< i2< i 3. < i [ N ], wherein 0< ═ N < > 15.
In the above expression, i0 represents that the subject or object has no integrity label; [ i1, i15] indicates that the subject or object has an integrity tag. The integrity tag is implemented by adding a field "i" in the security context of the subject and object. For example, the object security context for the added integrity tag is as follows:
such as: user _ u object _ r user _ home _ t s0 i1
#ll-Z test
-rw-r--r--.root root user_u:object_r:user_home_t:s0:i1 test
Where i [ N ] is a new integrity tag added at the end of the current security context.
As another example, the security context for the user is as follows:
#id-Z
user_u:user_r:user_t:s0:i8
it can be seen that the format of adding an integrity tagged security context can be expressed as:
user _ u object _ r tmp _ t sensitive attribute + classification attribute: a completeness level;
in the above format, User _ u is User (User), object _ r is Role (Role), tmp _ t is Type (Type), where Security Level (SL) — sensitive attribute + classification attribute, Security tag is represented by an attribute field "s", and integrity tag is represented by an attribute field "i". In addition, integrity tag i [ N ] and security tag sN represent the identity of the integrity level and security level dimensions of the subject and object, respectively, unlike security tags, which are single level only and cannot be scoped.
In the embodiment of the present invention, in order to facilitate simple and easy understanding of the integrity tags of the subject and the object, and at the same time, consider the design of data confidentiality, on the basis of the security context formats of the subject and the object in the BLP model, the security contexts of the subject and the object in the embodiment further have integrity tags indicating an integrity level, for example, an attribute field "i" is added at the end of the security context to represent the integrity tags of data, thereby effectively implementing protection on data integrity. In this embodiment, by adding a tag capable of indicating data integrity in the security context of the subject and the object in the BLP model, the BIBA model is implemented on the basis of the BLP model, and the integrity level indicated by the integrity tag of the subject or the object can be adjusted according to the requirement of the current access operation, so that the BIBA model with a non-strict policy, that is, the "low-watermark BIBA model", is implemented on the basis of the BLP model.
And S120, executing the current access operation according to the security levels of the subject and the object and the adjusted integrity levels of the subject and the object.
In this embodiment, the integrity level of a subject or object has been adjusted in response to a conflict in the current access operation, e.g., the security level and integrity level of a process, with respect to the restrictions on read and write operations. For example, if the tag of process a is (S3: I2), a "read" operation needs to be performed on the object with the integrity level of I1, and the "read down" operation cannot be performed due to the limitation of the BIBA model, at this time, the integrity level of the integrity tag of process a can be reduced from I2 to I1 by the access control method provided in this embodiment, and at this time, the tag of process a is (S3: I1), and the read down operation on the object (I1) can be performed.
In contrast, the BLP model and the BIBA model in the prior art are two independent models, and the BLP model strictly complies with the principle of "no read and no write", and the BIBA model strictly complies with the principle of "no read and no write", in combination with the access permission matrix of the following table 1 where integrity and confidentiality coexist.
TABLE 1
Obviously, in each row and each column in the access permission matrix with coexistence of integrity and confidentiality, the coexistence of the BLP model and the BIBA model strictly follows the principles of the BLP model and the BIBA model, and the BLP model and the BIBA model cannot coexist as long as a cross-row or cross-column access situation occurs. And in case of double high or double low of the integrity and confidentiality levels, the access capability of the main body is severely limited, namely the problem of information isolated island in the coexistence model.
The access control model provided by this embodiment, through the mode of redesigning BLP model and BIBA model work, realizes that the mode of model coexistence is not two independent models, but designs the BIBA model on the basis of BLP model, and the integrality label in the BIBA model can be adjusted according to the current access operation to realize a "low watermark BIBA model", thereby can compromise the confidentiality and the integrality of data access.
According to the data access control method provided by the embodiment, according to the current access operation in the secure OS, by adjusting the integrity level of the integrity tag in the security context of the subject or the object, in which the security tag indicating the security level is pre-configured, the current access operation is executed according to the security levels of the subject and the object and the adjusted integrity level through the adjustment; in this embodiment, the BIBA model is implemented on the basis of the BLP model, the integrity tag and the confidentiality tag are set in the same security context, and the integrity level can be dynamically adjusted according to the current access operation, so as to implement an application mode in which the BLP model and the BIBA model coexist, thereby solving the problem that information access cannot be both confidential and integrated due to the fact that the BLP model or the BIBA model can only be selectively used in a data access control mode in the prior art.
Optionally, fig. 6 is a flowchart of another data access control method provided in an embodiment of the present invention, based on the embodiment shown in fig. 5, a specific manner of adjusting a subject or an object in this embodiment, that is, S110 in the embodiment may include:
and S111, when the subject with higher integrity level executes read operation on the object with lower integrity level, reducing the integrity level of the subject to the integrity level of the object. Or may include:
and S112, when the host with the lower integrity level executes the write operation on the object with the higher integrity level, the integrity level of the object is reduced to the integrity level of the host.
In this embodiment, as shown in fig. 7, a schematic diagram of a model application in the data access control method provided in the embodiment shown in fig. 6 is shown. In the access control method provided in this embodiment, for the BLP model and the BIBA model that coexist, the adjustment of the integrity level of the agreed subject and object is permanently effective. The confidentiality tag and the integrity tag of the process a in fig. 7 are (S3: I2), i.e., the middle block, the security level is "S3, confidential", the integrity level is "I2, medium integrity", in the case where the BLP model and the BIBA model coexist in the prior art, the subject is restricted from performing read-write operations on objects of different security levels and integrity levels, and "R" and "W" in the figure are read-write operations that can be performed by the coexistence model in the prior art, and the access permissions of "R (2)" and "W (3)" in fig. 7 can be realized by using the "low-water-mark BIBA model" realized by the method provided by this embodiment.
For example, if the current operation that the process A (S3: I2) needs to perform is R (2), the integrity level of the process A is adjusted to I1 because the integrity level of the process A is higher than that of the object I1, i.e. after the process A performs the R (2) operation, the level of the process A is adjusted to (S3: I1).
For another example, if the current operation that the process a (S3: I2) needs to execute is W (3), since the integrity level of the object in the W (3) operation is higher than that of the process a, the integrity level of the object is adjusted from I3 to I2, that is, the integrity level of the file written in the process a after the process a executes the W (3) operation is adjusted to I2.
Further, in this embodiment, the adjustment manner of the integrity level of the subject or the object, that is, S110 in the above embodiment, may also be: s113, adjusting the integrity tag in the security context of the subject or object to a corresponding integrity level by modifying the integrity level indicated by the command.
In this embodiment, a user or a designer may have a current access requirement, or a requirement of a subject or an object for a complete level range, may adjust the complete level of the subject or the object by himself, and may set a parameter "i" of the complete level by a setting command, that is, a "chcon command".
For example, the integrity label for all files and subdirectories under the settings/root and directory is i 2.
#chcon-i i2 -R /root
By the above command, the integrity level of the files below the/root directory is all modified to i2, which is in the form of:
user_u:user_r:user_t:s0:i2
it should be noted that, in this embodiment, S111, S112, and S113 are selectively executed, and are generally adjusted by selecting one of the manners according to the type of access executed by the current process and the integrity level of the subject and the object; in addition, the user or designer may perform S113 at any time as required.
In the embodiments of the present invention, the integrity tags in the subject and object security contexts are preconfigured, as shown in fig. 8, which is a flowchart of another data access control method provided in the embodiments of the present invention, on the basis of the embodiment shown in fig. 5, this embodiment further includes, before S110: s100, configuring integrity tags in the security contexts of the subject and the object respectively.
In a specific implementation of this embodiment, the manner of configuring the integrity tag in the security context of the object may include:
s101, initializing and configuring the security context of the object in the starting process of the security OS.
S102, configuring the integrity tag in the security context of the object by reading a preset object integrity level configuration file.
In this embodiment, the configuration file of the integrity level of the object is, for example: /etc/selinux/file _ lomac
The configuration file has the following structure:
<file/directory path><integrity level>
/etc/* 12
/root/test.txt 2
the integrity level of the object can now be checked in the system by command "ls-Z", for example:
#ls -Z /root/test.txt
the obtained viewing results are: user _ u: user _ r: user _ t: s0: i2.
it should be noted that: the above-mentioned user _ u, user _ r, user _ t, s0 may vary depending on the specific situation, and here is only for the sake of saying that the integrity level of the file/root/test.txt is i2, as for the former "user: role: type (2): security level "is to better illustrate the integrity level i2 behind the file.
The format is as follows:
the user: role: type (2): security level: the integrity level, i.e. the integrity level, is an extension following the security level. The same may be used to view/etc/directory integrity levels with the command "ls-d", for example:
#ls -d -Z /etc/
the obtained viewing results are: user _ u: user _ r: user _ t: s0: i12. "user: role: type (2): the security level "is the same as described above, and thus is not described in detail.
As shown in fig. 9, which is a schematic view of an application scenario in the data access control method provided in the embodiment shown in fig. 8, where fig. 9 is an application scenario in which an integrity tag is configured in a security context of an object, and the integrity tag is configured in the security context of the object, and the initial configuration of the integrity tag is usually completed by a process No. 0 in a system start stage, specifically including:
s210, starting a multi-operating system boot loader (GRand Unified Bootloader, Grub for short) and a small kernel.
S220, switching the root file system.
S230, starting a process 0 (system).
S240, calling the rhel-autorelabel script.
S250, initializing the complete context of the object.
And S260, reading the object integrity configuration file. The integrity profile is specifically described in the above embodiments, and thus, is not described herein again.
S270, a system service starting stage.
In addition, in a specific implementation of the embodiment shown in fig. 8, the manner of configuring the integrity tag in the security context of the main body may include:
s103, initializing and configuring the security context of the main body in the process of user login in the security OS.
S104, adding an integrity label in the security context of the main body by reading a preset main body integrity level configuration file.
In this embodiment, the subject integrity level configuration file is, for example: /etc/selinux/user _ lomac
The configuration file has the following structure:
<username><integrity level>
test 10
the # test user sets a integrity tag level of 10, at which point the user's integrity level can be viewed in the system by a command "id-Z", for example:
#id -Z
the obtained viewing results are: user _ u: user _ r: user _ t: s0: i10.
as shown in fig. 10, which is a schematic view of another application scenario in the data access control method provided in the embodiment shown in fig. 8, fig. 10 is an application scenario in which an integrity tag is configured in a security context of a subject, where the integrity tag is configured in the security context of the subject, and the initial configuration of the integrity tag is usually completed through cooperative operation of a kernel-mode component and a user-mode component, and specifically includes:
and S310, logging in and authenticating the identity of the user.
And S320, password verification.
S311, session initialization.
S321, initializing a full context of the body.
S322, reading the integrity configuration file of the main body. The integrity profile is specifically described in the above embodiments, and thus, is not described herein again.
And S312, subsequent initialization setting.
S313, successful login.
It should be noted that, in the application scenario shown in fig. 9, S310, S311, and S312 to S313 are operations executed on a User mode component, for example, a terminal having a Graphical User Interface (GUI); s320 and S321-S322 are operations executed on kernel-mode components, such as Pluggable Authentication Modules (PAM).
It should be further noted that, in the embodiment shown in fig. 8, configuring the integrity tag for the subject and the object generally includes configuring the integrity tag for the object first in a system start stage, and configuring the integrity tag for the subject by logging in by a user after the system is started; that is, S101 to S102 in the embodiment shown in FIG. 8 are executed before S103 to S104.
In a specific implementation of the embodiments of the present invention, the integrity level may be adjusted by designing an external interface of a "low-watermark BIBA model", which may be designed in a configuration subject and object integrity profile. Specifically, in this embodiment, the configuration file of the integrity level of the main body may include a first level adjustment parameter, for example, a parameter "lomac", where when the first level adjustment parameter is 1, the "read-down" operation permission is indicated to be turned on, that is, the integrity level of the main body is allowed to be turned from high to low, and when the first level adjustment parameter is 0, the "read-down" operation permission is indicated to be turned off, that is, the integrity level of the main body is prohibited to be turned from high to low; in addition, the initial value of the first-level adjustment parameter is 1, that is, the default opening is based on the main body 'reading down' operation authority. In this embodiment, by allowing a "read-down" operation based on the BIBA model of the policy, when the subject reads an object with a lower integrity level, the integrity level of the subject is reduced to the integrity level of the object.
On the other hand, in the embodiment, the object integrity level configuration file includes a second level adjustment parameter, such as a parameter "/proc/sys/selinux/", where the second level adjustment parameter is 1, indicating to turn on the "write-up" operation right, that is, allowing the integrity level of the object to be turned from high to low, and the second level adjustment parameter is 0, indicating to turn off the "write-up" operation right, that is, prohibiting the integrity level of the object to be turned from high to low; in addition, the initial value of the second-level adjustment parameter is 0, namely, the operation permission of 'write on' based on the object is closed by default. The present embodiment allows "write-up" operations by basing on the BIBA model of strict policy. When a subject writes a high integrity level object, the integrity level of the object is reduced to that of the subject.
Further, a parameter "low-watermark" may also be set in the configuration file of this embodiment, and when the parameter is 1, the current kernel is instructed to start the integrity control policy provided in the embodiment of the present invention, that is, start the "low-watermark BIBA model", where the parameter is 0, and the parameter is the BIBA model instructed that the BIBA model is a strict policy.
It should be noted that, in order to solve the information islanding problem existing in the coexistence of the BLP model and the BIBA model, the embodiments of the present invention have the following conventions:
1. access control between a subject and an object with a complete tag: dynamically adjusting the level of the integrity label of the subject or object by adopting a low-watermark BIBA model; namely, the embodiments of the present invention provide an improved method for strict BIBA model, so called "low watermark" refers to taking a low integrity level when dynamically adjusting.
2. Subject access to special integrity tags
1) The integrity-tagged-free subject, whose integrity level is equivalent to I0, is only allowed to perform "read operations" on objects that have integrity tags.
In the method provided by the embodiment of the present invention, if a subject without an integrity tag is illegal, if the integrity level of an object is reduced, so that a "write-up" right is given to the subject without the integrity tag, the integrity of data is likely to be broken, and therefore, the principle is to keep consistent with the prohibited write-up operation of the strict BIBA model.
2) Access of a subject with an integrity tag and a subject without the integrity tag, wherein the subject without the integrity control policy is only limited by selinux DTE policy, and the selinux DTE is field type enhancement of selinux; wherein DTE is: the Domainand Type implementation for Linux is the Linux domain Type enhancement; selnux is: security Enhancements (SE) for Linux, i.e. Linux Security Enhancements, selinux and DTE are both access control technologies in a system.
3) Access between host and object without integrity tag, in this case without integrity control policy, is again limited only by selinux DTE policy.
Further, the principle of adjusting the integrity level in the access control method provided by the embodiments of the present invention is described, which includes the following principles:
1. the subject and object integrity level automatically adjusts to follow the low-watermark BIBA model which is currently effective by a kernel;
2. the automatic adjustment of the integrity level of the host and the object follows the principle of decreasing the integrity level: namely, the high integrity level is adjusted to the low integrity level;
3. except the complete level in the user login reading configuration file, the child process inherits the complete level of the parent process;
4. objects such as files created by the process inherit the complete level of the process;
5. after the completion of the initial configuration of the integrity level of the subject and the object: forbidding display adjustment on the body integrity level; and the object integrity level cannot be adjusted by the user-mode command display (except for the case where selinux is set to permission).
According to the embodiment of the invention, through the design of the low-watermark BIBA model and the access principle, the information isolated island problem existing under the condition that the BLP model and the BIBA model coexist and the problem that the access of a double-high or double-low main body is limited in the prior art can be effectively solved.
Fig. 11 is a schematic structural diagram of a data access control apparatus according to an embodiment of the present invention. The data access control device provided by this embodiment is suitable for use in the case of performing data read-write access, and is implemented by combining hardware and software, and the device may be integrated in a processor of a terminal device for the processor to call and use. As shown in fig. 11, the data access control device of this embodiment specifically includes: a connected adaptation module 11 and an access module 12.
Wherein the adjusting module 11 is configured to adjust the integrity level of the integrity tag in the security context of the subject or the object, which is pre-configured with the security tag for indicating the security level, according to the current access operation in the secure operating system OS.
The data access control device provided by the embodiment of the invention is a mode for performing confidentiality control and integrity control when data access is performed in a secure OS. In order to ensure data confidentiality, the access control in the embodiments of the present invention is based on a security access control model, and for example, based on a BLP model, the secure OS divides an entity in the computer information system into a host and an object, where the host and the object may be defined, and the BLP model is a specific format of a security context configured by the host and the object, and various operations performed on the security context, which have been described in the above embodiments, and therefore are not described herein again.
It should be noted that, in this embodiment, the manner and format of the integrity tag configured in the security context of the subject and the object, and the format of the security context and the operations that can be executed after the integrity tag is configured have been described in the above embodiments, and therefore, no further description is given here.
In the embodiment of the present invention, in order to facilitate simple and easy understanding of the integrity tags of the subject and the object, and at the same time, consider the design of data confidentiality, on the basis of the security context formats of the subject and the object in the BLP model, the security contexts of the subject and the object in the embodiment further have integrity tags indicating an integrity level, for example, an attribute field "i" is added at the end of the security context to represent the integrity tags of data, thereby effectively implementing protection on data integrity. In this embodiment, by adding a tag capable of indicating data integrity in the security context of the subject and the object in the BLP model, the BIBA model is implemented on the basis of the BLP model, and the integrity level indicated by the integrity tag of the subject or the object can be adjusted according to the requirement of the current access operation, so that the BIBA model with a non-strict policy, that is, the "low-watermark BIBA model", is implemented on the basis of the BLP model.
And the access module 12 is configured to be capable of executing a current access operation according to the security levels of the subject and the object and the integrity levels of the subject and the object adjusted by the adjustment module 11.
In this embodiment, the integrity level of the subject or object has been adjusted in response to a conflict between the restrictions on the "read" operation and the "write" operation in the current access operation, for example, the security level and the integrity level of a process, and the adjusted integrity level of the subject or object can perform the current access operation.
The access control model provided by this embodiment, through the mode of redesigning BLP model and BIBA model work, realizes that the mode of model coexistence is not two independent models, but designs the BIBA model on the basis of BLP model, and the integrality label in the BIBA model can be adjusted according to the current access operation to realize a "low watermark BIBA model", thereby can compromise the confidentiality and the integrality of data access.
The data access control device provided in the embodiment of the present invention is used for executing the data access control method provided in the embodiment shown in fig. 5 of the present invention, and has corresponding functional modules, which implement similar principles and technical effects, and are not described herein again.
Optionally, a specific manner of adjusting the integrity level of the integrity tag in the security context of the subject or the object by the adjusting module 11 in the embodiment of the present invention may be as follows: the method comprises the steps that when a subject with a higher integrity level executes read operation on an object with a lower integrity level, the integrity level of the subject is reduced to the integrity level of the object; or, the configuration is such that when a host with a lower integrity level performs a write operation on an object with a higher integrity level, the integrity level of the object can be reduced to that of the host.
Further, the specific way for the adjusting module 11 to adjust the integrity level of the integrity tag in the security context of the subject or object may also be: configured to be able to adjust the integrity tag in the security context of the subject or object to a corresponding level of integrity by modifying the level of integrity indicated by the command.
It should be noted that, in this embodiment, the specific adjustment manner of the adjustment module 11 is selectively executed, and is usually adjusted by selecting one of the manners according to the type of access executed by the current process and the integrity level of the subject and the object; in addition, the user or designer can adjust the integrity level of the subject or object by modifying the command at any time according to the requirement.
The data access control device provided in the embodiment of the present invention is used to execute the data access control method provided in the embodiment shown in fig. 6 of the present invention, and has corresponding functional modules, which implement similar principles and technical effects, and are not described herein again.
In each embodiment of the present invention, the integrity tag in the security context of the subject and the object is configured in advance, as shown in fig. 12, which is a schematic structural diagram of another data access control apparatus provided in the embodiment of the present invention, on the basis of the embodiment shown in fig. 11, the data access control apparatus provided in this embodiment further includes: the configuration module 13, connected to the adaptation module 11 and the access module 12, respectively, is configured to be able to configure the integrity tag in the security context of the subject and the object, respectively, before the adaptation module 11 adapts the integrity level of the integrity tag in the security context of the subject or the object.
In a specific implementation, the configuration module 13 in this embodiment includes: an initialization unit 14 and a configuration unit 15 connected; the initialization unit 14 is configured to perform initialization configuration on the security context of the subject during user login in the secure OS; a configuration unit 15 configured to be able to add an integrity tag in the security context of the body initialized by the initialization unit 14 by reading a preset body integrity level configuration file. In this embodiment, the main integrity level configuration file includes a first level adjustment parameter, which indicates to turn on the "read-down" operation right when the first level adjustment parameter is 1, and indicates to turn off the "read-down" operation right when the first level adjustment parameter is 0, and an initial value of the first level adjustment parameter is 1.
In addition, the initialization unit 14 and the configuration unit 15 in this embodiment are further configured to configure an integrity tag in the security context of the object, where the initialization unit 14 is configured to perform initialization configuration on the security context of the object in the process of starting the secure OS; the configuration unit 15 is configured to be able to configure the integrity tag in the security context of the object initialized by the initialization unit 14 by reading a preset object integrity level configuration file. In this embodiment, the object integrity level configuration file includes a second level adjustment parameter, and when the second level adjustment parameter is 1, the "write-up" operation permission is instructed to be opened, and when the second level adjustment parameter is 0, the "write-up" operation permission is instructed to be closed; and the initial value of the second level adjustment parameter is 0.
It should be noted that, in this embodiment, a specific manner of configuring the integrity tag in the security context of the object and the subject by the configuration module 13 is as described in fig. 9 and fig. 10, and generally, the integrity tag of the object is configured first at a system start stage, and after the system is started, the integrity tag of the subject is configured by logging in by a user.
It should be further noted that, in order to solve the information islanding problem existing in the coexistence of the BLP model and the BIBA model, the agreed access method of the subject and the object and the adjustment principle of the integrity level are already described in the foregoing embodiments, and therefore, no further description is given here.
The data access control device provided in the embodiment of the present invention is used to execute the data access control method provided in the embodiment of fig. 7 of the present invention, and has corresponding functional modules, which implement similar principles and technical effects, and are not described herein again.
In a Specific implementation, the adjusting module 11, the accessing module 12 and the configuring module 13 in the embodiments shown in fig. 11 to fig. 12 of the present invention may be implemented by a processor of a terminal device, where the units and sub-units may also be implemented by a processor of the terminal device, and the processor may be, for example, a Central Processing Unit (CPU), or an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits that implement the embodiments of the present invention.
It will be understood by those skilled in the art that all or part of the steps of the above methods may be implemented by a program instructing associated hardware (e.g., a processor) which may be stored in a computer readable storage medium such as a read only memory, a magnetic or optical disk, etc. Alternatively, all or part of the steps of the above embodiments may be implemented using one or more integrated circuits. Accordingly, the modules/units in the above embodiments may be implemented in hardware, for example, by an integrated circuit, or may be implemented in software, for example, by a processor executing programs/instructions stored in a memory to implement the corresponding functions. Embodiments of the invention are not limited to any specific form of hardware or software combination.
Although the embodiments of the present invention have been described above, the above description is only for the convenience of understanding the present invention, and is not intended to limit the present invention. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (20)
1. A data access control method, comprising:
adjusting a level of integrity of an integrity tag in a security context of a subject or an object, the security context of the subject and the object being preconfigured with a security tag indicating the level of security, according to a current access operation in a secure operating system, OS;
and executing the current access operation according to the security levels of the subject and the object and the adjusted integrity levels of the subject and the object.
2. The data access control method of claim 1, wherein the adjusting the integrity level of the integrity tag in the security context of the subject or object comprises:
when a subject with a higher integrity level executes read operation on an object with a lower integrity level, reducing the integrity level of the subject to the integrity level of the object; or,
and when the host with lower integrity level executes write operation on the object with higher integrity level, reducing the integrity level of the object to the integrity level of the host.
3. The data access control method of claim 1, wherein the adjusting the integrity level of the integrity tag in the security context of the subject or object comprises:
the integrity tag in the security context of the subject or the object is adjusted to a corresponding integrity level by modifying the integrity level indicated by the command.
4. The data access control method according to any one of claims 1 to 3, wherein before adjusting the integrity level of the integrity tag in the security context of the subject or object, the method further comprises:
configuring the integrity tag in a security context of the subject and the object, respectively.
5. The data access control method of claim 4, wherein the adding the integrity tag in the security context of the subject comprises:
initializing and configuring the security context of the main body in the process of user login in the security OS;
adding the integrity tag in the security context of the subject by reading a preset subject integrity level profile.
6. The data access control method according to claim 5, wherein the main body integrity level configuration file includes a first level adjustment parameter, and when the first level adjustment parameter is 1, it indicates to turn on the "read down" operation right, and when the first level adjustment parameter is 0, it indicates to turn off the "read down" operation right.
7. The data access control method of claim 6, wherein the initial value of the first level adjustment parameter is 1.
8. The data access control method of claim 4, wherein the configuring the integrity tag in the security context of the object comprises:
initializing and configuring the security context of the object in the starting process of the security OS;
and configuring the integrity tag in the security context of the object by reading a preset object integrity level configuration file.
9. The data access control method according to claim 8, wherein the object integrity level configuration file includes a second level adjustment parameter, and when the second level adjustment parameter is 1, the "write-up" operation permission is indicated to be turned on, and when the second level adjustment parameter is 0, the "write-up" operation permission is indicated to be turned off.
10. The data access control method of claim 9, wherein the initial value of the second level adjustment parameter is 0.
11. A data access control device, characterized in that the data access control device comprises: the adjusting module and the access module are connected;
the adjusting module is configured to adjust the integrity level of an integrity tag in the security context of a subject or an object according to the current access operation in a security Operating System (OS), wherein the security context of the subject and the security context of the object are preconfigured with a security tag for indicating the security level;
the access module is configured to be capable of executing the current access operation according to the security levels of the subject and the object and the integrity levels of the subject and the object adjusted by the adjustment module.
12. The data access control device of claim 11, wherein the adjustment module is configured to adjust a level of integrity of the integrity tag in the security context of the subject or object, comprising:
when a subject with a higher integrity level performs a read operation on an object with a lower integrity level, the integrity level of the subject is reduced to the integrity level of the object; or,
the method is configured to reduce the integrity level of an object to the integrity level of a subject when the subject with a lower integrity level performs a write operation to the object with a higher integrity level.
13. The data access control device of claim 11, wherein the adjustment module is configured to adjust a level of integrity of the integrity tag in the security context of the subject or object, comprising:
configured to enable adjustment of an integrity tag in a secure context of the subject or the object to a corresponding level of integrity by modifying the level of integrity indicated by the command.
14. A data access control device according to any one of claims 11 to 13, further comprising: a configuration module respectively connected to the adjustment module and the access module, and configured to configure the integrity tag in the security context of the subject and the object before the adjustment module adjusts the integrity level of the integrity tag in the security context of the subject or the object.
15. The data access control device of claim 14, wherein the configuration module comprises: the initialization unit and the configuration unit are connected;
the initialization unit is configured to perform initialization configuration on the security context of the main body in the process of user login in the secure OS;
the configuration unit is configured to add the integrity tag in the security context of the body initialized by the initialization unit by reading a preset body integrity level configuration file.
16. The data access control device of claim 15, wherein the master integrity level configuration file comprises a first level adjustment parameter, and the first level adjustment parameter indicates turning on the "read-down" operation right when the first level adjustment parameter is 1, and the first level adjustment parameter indicates turning off the "read-down" operation right when the first level adjustment parameter is 0.
17. The data access control device of claim 16, wherein the initial value of the first level adjustment parameter is 1.
18. The data access control device of claim 14, wherein the configuration module comprises: the initialization unit and the configuration unit are connected;
the initialization unit is configured to perform initialization configuration on the security context of the object in the process of starting the secure OS;
the configuration unit is configured to configure the integrity tag in the security context of the object initialized by the initialization unit by reading a preset object integrity level configuration file.
19. The data access control device of claim 18, wherein the object integrity level configuration file comprises a second level adjustment parameter, and the second level adjustment parameter indicates to turn on the write-up operation right when the second level adjustment parameter is 1, and the second level adjustment parameter indicates to turn off the write-up operation right when the second level adjustment parameter is 0.
20. The data access control device of claim 19, wherein the initial value of the second level adjustment parameter is 0.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610218182.9A CN107273754A (en) | 2016-04-08 | 2016-04-08 | A kind of data access control method and device |
| PCT/CN2017/079738 WO2017174030A1 (en) | 2016-04-08 | 2017-04-07 | Data access control method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610218182.9A CN107273754A (en) | 2016-04-08 | 2016-04-08 | A kind of data access control method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107273754A true CN107273754A (en) | 2017-10-20 |
Family
ID=60000876
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610218182.9A Withdrawn CN107273754A (en) | 2016-04-08 | 2016-04-08 | A kind of data access control method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN107273754A (en) |
| WO (1) | WO2017174030A1 (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111177743A (en) * | 2019-12-06 | 2020-05-19 | 西安交通大学 | Credit big data oriented risk control method and system thereof |
| CN112733165A (en) * | 2021-01-07 | 2021-04-30 | 苏州浪潮智能科技有限公司 | File access control method, device and medium |
| CN113127849A (en) * | 2021-03-14 | 2021-07-16 | 曹庆恒 | Private information using method and system and computer readable storage medium |
| CN113468214A (en) * | 2020-03-30 | 2021-10-01 | 阿里巴巴集团控股有限公司 | Database access control method and device, electronic equipment and readable storage medium |
| CN114826636A (en) * | 2021-01-29 | 2022-07-29 | 华为技术有限公司 | Access control system and related method and apparatus |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109413166B (en) * | 2018-10-09 | 2021-07-27 | 浙江明度智控科技有限公司 | Industrial gateway and data management method thereof |
| CN115333862B (en) * | 2022-10-13 | 2023-01-24 | 山东省人民政府机关政务保障中心 | Network information security management system based on big data |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101727545A (en) * | 2008-10-10 | 2010-06-09 | 中国科学院研究生院 | Method for implementing mandatory access control mechanism of security operating system |
| CN102495988A (en) * | 2011-12-19 | 2012-06-13 | 北京诺思恒信科技有限公司 | Domain-based access control method and system |
| CN104079569A (en) * | 2014-06-27 | 2014-10-01 | 东湖软件产业股份有限公司 | BLP improved model integrated with credibility level and authentication access method |
| CN104112089A (en) * | 2014-07-17 | 2014-10-22 | 中国人民解放军国防科学技术大学 | Multi-strategy integration based mandatory access control method |
| US20150256559A1 (en) * | 2012-06-29 | 2015-09-10 | Sri International | Method and system for protecting data flow at a mobile device |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070136603A1 (en) * | 2005-10-21 | 2007-06-14 | Sensis Corporation | Method and apparatus for providing secure access control for protected information |
| CN101577622B (en) * | 2009-06-24 | 2012-07-04 | 贵阳易特软件有限公司 | Method for controlling access to shared component of leveled partition |
| CN102904889B (en) * | 2012-10-12 | 2016-09-07 | 北京可信华泰信息技术有限公司 | Support the forced symmetric centralization system and method for cross-platform unified management |
| CN104462899A (en) * | 2014-11-29 | 2015-03-25 | 中国航空工业集团公司第六三一研究所 | Trust access control method for comprehensive avionics system |
-
2016
- 2016-04-08 CN CN201610218182.9A patent/CN107273754A/en not_active Withdrawn
-
2017
- 2017-04-07 WO PCT/CN2017/079738 patent/WO2017174030A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101727545A (en) * | 2008-10-10 | 2010-06-09 | 中国科学院研究生院 | Method for implementing mandatory access control mechanism of security operating system |
| CN102495988A (en) * | 2011-12-19 | 2012-06-13 | 北京诺思恒信科技有限公司 | Domain-based access control method and system |
| US20150256559A1 (en) * | 2012-06-29 | 2015-09-10 | Sri International | Method and system for protecting data flow at a mobile device |
| CN104079569A (en) * | 2014-06-27 | 2014-10-01 | 东湖软件产业股份有限公司 | BLP improved model integrated with credibility level and authentication access method |
| CN104112089A (en) * | 2014-07-17 | 2014-10-22 | 中国人民解放军国防科学技术大学 | Multi-strategy integration based mandatory access control method |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111177743A (en) * | 2019-12-06 | 2020-05-19 | 西安交通大学 | Credit big data oriented risk control method and system thereof |
| CN111177743B (en) * | 2019-12-06 | 2022-02-22 | 西安交通大学 | Credit big data oriented risk control method and system thereof |
| CN113468214A (en) * | 2020-03-30 | 2021-10-01 | 阿里巴巴集团控股有限公司 | Database access control method and device, electronic equipment and readable storage medium |
| CN112733165A (en) * | 2021-01-07 | 2021-04-30 | 苏州浪潮智能科技有限公司 | File access control method, device and medium |
| CN112733165B (en) * | 2021-01-07 | 2022-09-20 | 苏州浪潮智能科技有限公司 | File access control method, device and medium |
| CN114826636A (en) * | 2021-01-29 | 2022-07-29 | 华为技术有限公司 | Access control system and related method and apparatus |
| CN113127849A (en) * | 2021-03-14 | 2021-07-16 | 曹庆恒 | Private information using method and system and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2017174030A1 (en) | 2017-10-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107273754A (en) | A kind of data access control method and device | |
| US10831886B2 (en) | Virtual machine manager facilitated selective code integrity enforcement | |
| US8583888B2 (en) | Method to qualify access to a block storage device via augmentation of the device'S controller and firmware flow | |
| US11093647B2 (en) | Method and device for executing system scheduling | |
| US20050240918A1 (en) | Method for executing software applications using a portable memory device | |
| TW200527293A (en) | A computer system employing a trusted execution environment including a memory controller configured to clear memory | |
| WO2017088135A1 (en) | Method and device for configuring security indication information | |
| US20210089684A1 (en) | Controlled access to data stored in a secure partition | |
| JP7146812B2 (en) | Auxiliary storage device with independent restoration area and equipment to which this is applied | |
| US11003798B1 (en) | Systems and methods for enforcing age-based application constraints | |
| JP4516598B2 (en) | How to control document copying | |
| RU2701111C2 (en) | Enabling classification and control of access rights to information in software applications | |
| EP3001293A1 (en) | Method and device for rights management | |
| US11775201B2 (en) | Apparatus and method for providing one time programmable memory features in a hypervisor of a computing device | |
| KR101321479B1 (en) | Method and Apparatus for preventing illegal copy of application software using access control of process | |
| CN112749030A (en) | Clipboard control method and device and readable storage medium | |
| US10321317B1 (en) | NFC-enhanced firmware security | |
| US10592663B2 (en) | Technologies for USB controller state integrity protection | |
| WO2016107348A1 (en) | Process right configuration method and device | |
| US10740454B2 (en) | Technologies for USB controller state integrity protection with trusted I/O | |
| CN105844151B (en) | File storage protection implementation method and system | |
| CN115758330A (en) | Configuration method of sandbox application authority control strategy and access authority control method | |
| CN112784263B (en) | Bit-locked disk handler management system and method | |
| CN108376227A (en) | A kind of file access method and its system of safety chip | |
| KR101391508B1 (en) | Terminal and method for protecting stored file |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20171020 |
|
| WW01 | Invention patent application withdrawn after publication |