CN108881219A - A kind of file permission management method and system based on forced symmetric centralization - Google Patents

A kind of file permission management method and system based on forced symmetric centralization Download PDF

Info

Publication number
CN108881219A
CN108881219A CN201810615969.8A CN201810615969A CN108881219A CN 108881219 A CN108881219 A CN 108881219A CN 201810615969 A CN201810615969 A CN 201810615969A CN 108881219 A CN108881219 A CN 108881219A
Authority
CN
China
Prior art keywords
file
user
level
permission
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810615969.8A
Other languages
Chinese (zh)
Inventor
王杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201810615969.8A priority Critical patent/CN108881219A/en
Publication of CN108881219A publication Critical patent/CN108881219A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The file permission management method and system based on forced symmetric centralization that the embodiment of the invention discloses a kind of, including:Obtain client id;Defence policies are sent to client id;Obtain user class and file-level to be read;Permission examination is carried out to user class and file-level to be read according to defence policies;Result, which is screened, according to permission carries out corresponding operating.Management end in the embodiment of the present invention in SSR system divides the security level of file and user, and specific grade is distributed according to the significance level of each file and user, it is packaged as being sent to client after defence policies, defence policies be sent to after client can automatic running can't random device switching on and shutting down and stop, can under the premise of not modifying or stopping continuous service, when user accesses to the file for being provided with security level, the security level of user and file can be matched, corresponding operation is carried out according to security level, improve the safety of client.

Description

A kind of file permission management method and system based on forced symmetric centralization
Technical field
The present invention relates to field of information security technology, more particularly to a kind of file permission pipe based on forced symmetric centralization Manage method and system.
Background technique
SSR (Server Security Reinforcement, operating system security enhance system) is based on advanced ROST (Reinforcement Operating System Technique, intensified operation systems technology) technical know-how is from system The security solution that bottom reinforces operating system, cardinal principle are by file, catalogue, process, registration table With the forced symmetric centralization of service, the permission of original system administrator is effectively restricted and dispersed, is combined to file kimonos The functions such as the integrity detection of business and safety damped area spilling, can upgrade common operating system from system, comply with The grade III Standard of national information protection based on security rank server operating system safety, can be in real time common server operation System upgrades from system, has the function of the safe practice of three-level, is fundamentally immunized existing various for operating system Attack, such as:Virus, worm, hacker attack etc..
In the prior art, SSR is made of client and management platform two parts, and client is mounted on the service for needing to protect On device, the management of prevention policies is then carried out to it from management end.Forced symmetric centralization is to issue prevention policies for client, Then corresponding protection effect is played.
However, all client users are owned by same permission to file after policy distribution, it is unfavorable for permission control, Affect client secure.
Summary of the invention
A kind of file permission management method based on forced symmetric centralization is provided in the embodiment of the present invention, it is existing to solve The low problem of client secure in technology.
In order to solve the above-mentioned technical problem, the embodiment of the invention discloses following technical solutions:
First aspect present invention provides a kind of file permission management method based on forced symmetric centralization, including:
Obtain client id;
Defence policies are sent to the client id;
Obtain user class and file-level to be read;
Permission examination is carried out to the user class and file-level to be read according to the defence policies;
Result, which is screened, according to permission carries out corresponding operating.
Preferably, determine that the defence policies specifically include:
Obtain the file information and client user's information;
According to the file information, file safeguard rule is set;
According to client user's Information Setup User safeguard rule;
The file safeguard rule and user's safeguard rule are packaged as defence policies.
Preferably, the file safeguard rule specifically includes:
File-level is divided into high, high, medium and low, extremely low five grades;
Obtain file significance level to be placed;
It is that security level is arranged in file to be placed according to the file significance level.
Preferably, user's safeguard rule specifically includes:
User class is divided into high, high, medium and low, extremely low five grades;
Obtain client user's significance level;
It is user setting security level according to user's significance level.
Preferably, the defence policies are sent to automatic running after client;The stopping of the defence policies passes through management End control.
Preferably, permission is carried out to the user class and file-level to be read according to the defence policies to screen specifically Including:
Judge whether the user class is equal to the file-level;
If it is it is same level permission, otherwise judges whether the user class is greater than the file-level;
If it is it is high-level permission, is otherwise low level permission.
Preferably, when same level permission, user possesses access limit to file;
When high-level permission, user only possesses read right to file;
When low level permission, user does not possess file any permission.
Preferably, the method also includes:
Obtain user right request;
Setting file is requested to update safeguard rule according to the user right;
File update safeguard rule is packaged as client where defence policies are sent to request user.
Preferably, the method also includes:The defence policies of transmission are stored in journal file.
Preferably, the defence policies have uniqueness for each user of each client.
A kind of file permission management system based on forced symmetric centralization that second aspect of the present invention provides, including:Communication The management end and client of connection, the management end include data obtaining module and strategy setting sending module, the client Module is obtained including information receiving module, rank and judges control module, wherein the data obtaining module is for obtaining client Hold ID and user right request;Strategy setting sending module is used to be arranged and send the strategy setting sending module of defence policies; Information receiving module is used to receive the defence policies of control terminal transmission;The rank obtains module for obtaining user class and text Part rank;The judgement control module is used to carry out permission judgement to user class and file-level and carries out operation control.
By above technical scheme as it can be seen that in the management end of SSR system to the security level of file and user in the present invention It is divided, and distributes specific grade according to the significance level of each file and user, be packaged as sending out after defence policies Give client, defence policies be sent to after client can automatic running can't random device switching on and shutting down and stop, can be with Continuous service under the premise of not modifying or stopping accesses to the file for being provided with security level in user When, the security level of user and file can be matched, carry out corresponding operation according to security level, improve client Safety.
Detailed description of the invention
It is illustrated more clearly that the embodiment of the present invention or technical solution in the prior art, it below will be to embodiment or existing Attached drawing needed in technical description is briefly described, it should be apparent that, for those of ordinary skills, Without creative efforts, it is also possible to obtain other drawings based on these drawings.
Fig. 1 is that a kind of process of the file permission management method based on forced symmetric centralization provided in an embodiment of the present invention is shown It is intended to;
Fig. 2 is the flow diagram of the method for determining defence policies provided in an embodiment of the present invention;
Fig. 3 is the process of another file permission management method based on forced symmetric centralization provided in an embodiment of the present invention Schematic diagram;
Fig. 4 is the process of another file permission management method based on forced symmetric centralization provided in an embodiment of the present invention Schematic diagram;
Fig. 5 is that a kind of structure of the file permission management system based on forced symmetric centralization provided in an embodiment of the present invention is shown It is intended to.
Specific embodiment
Technical solution in order to enable those skilled in the art to better understand the present invention, below in conjunction with of the invention real The attached drawing in example is applied, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described implementation Example is only a part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, this field is common Technical staff's every other embodiment obtained without making creative work, all should belong to protection of the present invention Range.
It is a kind of file permission management method based on forced symmetric centralization provided in an embodiment of the present invention referring to Fig. 1 Flow diagram, as shown in Figure 1, the file permission management method provided in an embodiment of the present invention based on forced symmetric centralization.Packet It includes:
S10:Obtain client id.
The file of the user and preservation that are logged in each client are all different, in order to ensure management end carries out accurately Control need to obtain accurate client id, response defence policies are issued by client id.
S20:Defence policies are sent to the client id.
Defence policies are by kernel-driven by managing to client is issued to, wherein both having included the correlation setting for user It also include the correlation setting for file, specific determination process defends plan referring to fig. 2, for determination provided in an embodiment of the present invention The flow diagram of method slightly, as shown in Fig. 2, determining that the process of defence policies specifically includes:
S21:Obtain the file information and client user's information.
Because both having included related setting for user in prevention policies or including correlation setting for file, Obtain the file information while client user is also obtained because a large amount of file can be preserved in client, such as Fruit carries out each file priority assignation more to be taken considerable time, and most files are not needed to carry out permission Protection, therefore only need to obtain the file protected when obtaining file, for user information, because of a visitor Multiple user names can be set on the end of family to realize that logging in for a variety of users, such as administrator and tourist, unused user exist Permission after logging in for file in client is different, and therefore, it is necessary to whole user informations progress to being arranged in client It obtains
S22:According to the file information, file safeguard rule is set.
File safeguard rule is arranged by the file setting security level for different significance levels to realize, in the present invention In embodiment, file-level will be divided into high, high, medium and low, extremely low five grades, be according to each file significance level Its security level that response is set.
S23:According to client user's Information Setup User safeguard rule.
Likewise, in order to match user gradation with file hierarchies, also by user class be divided into it is high, high, medium and low, Extremely low five grades, according to each user when logging in the degree of exposure of vital document, and the behaviour of the possible practical user Make personnel's classification and determine user's significance level, is user setting security level, such as certain client according to the significance level of user It is only provided with a user i.e. administrator, then the operator that the administrator can be used must be for internal staff, then can be with Set high or high for administrator's security level, it can be with when logging in client for the other staff that non-administrator thinks It is considered tourist, the file in client is not allowed to operate substantially, then can sets the security level of tourist user to It is low or extremely low.
S24:The file safeguard rule and user's safeguard rule are packaged as defence policies.
Because file safeguard rule and user's safeguard rule are arranged in management end, in view of management end and client it Between file interaction feature and only come into force there are two types of safeguard rule when can just execute the embodiment of the present invention, therefore will be literary Part safeguard rule and user's safeguard rule are packaged into defence policies together and are handed down to client.
Because the file and user in each client are all different, file safeguard rule and user guarantor are being carried out Shield rule needs to carry out for specific client, and the defence policies after packing can only also be sent to the client, to make to prevent Imperial strategy has uniqueness for each user of each client, i.e. a defence policies can only come into force to a client.
Defence policies meeting automatic running after being handed down to client, and will not be closed with the switching on and shutting down of client, Operation if necessary to stop defence policies must issue response out code by management end, therefore not to client Before defence policies are modified or closed, defence policies can continuous service.
S30:Obtain user class and file-level to be read.
During defence policies are run, if the user for logging in client wants to read certain file for being provided with defence policies When, system will read the security level of user and the grade of file to be read simultaneously.
S40:Permission examination is carried out to the user class and file-level to be read according to the defence policies.
User security grade and file security grade need to screen the two after obtaining, and determine that the two security level is Which kind of setting in defence policies, then executes step S50:Result, which is screened, according to permission carries out corresponding operating.
It is specially to the process of user class and file-level to be read progress permission examination in the embodiment of the present invention:First Judge whether the user class is equal to the file-level, if it is user has same level permission, otherwise continues to judge Whether the user class is greater than the file-level, and if it is user has high-level permission, and otherwise user is low level Permission.
Being provided with user in defence policies to have same level permission, high-level permission or low level permission is for file Corresponding operating, specially:When same level permission, user possesses access limit to file;When high-level permission, user is to file Only possess read right;When low level permission, user does not possess file any permission.
Referring to Fig. 3, for another file permission management method based on forced symmetric centralization provided in an embodiment of the present invention Flow diagram, as shown in figure 3, the method also includes:
S60:Obtain user right request.
S70:Setting file is requested to update safeguard rule according to the user right.
S80:File update safeguard rule is packaged as client where defence policies are sent to request user.
For the file that client saves, the file if there is newly needing to be arranged access authority is stored in or exists for user In access process since it is desired that when access response file but permission do not allow, need to ask that file resets defence plan for this Slightly, it needs to send the request of user omnidirectional at this time, includes user information and the information (teammate of file to be read of request in request Newly-increased file need to only send the information of newly-increased file), if by judgement can its request open to the user file or The significance level for judging file resets the security level grade grade of file, generates new file and updates protection File update safeguard rule is packaged as client where defence policies are sent to request user and run, by upper by rule For the uniqueness of client, the permission of other clients will not change the defence policies stated, and because only repairing in this client The important level of file is changed, therefore, has only had changed a user for the operating right of a file, the visitor will not be influenced Operating right of the other users to alternative document on the end of family.
It referring to fig. 4, is another file permission management method based on forced symmetric centralization provided in an embodiment of the present invention Flow diagram, as shown in figure 4, the method also includes:
S90:The defence policies of transmission are stored in journal file.
For the ease of management end staff check defence policies issue situation, avoid maloperation or illegal operation, The policy distribution that is on the defensive every time is that the relevant information in the defence policies for requiring to issue this is stored in journal file, Which includes the client ids, user information and the file information that issue defence policies.
It is a kind of file permission management system based on forced symmetric centralization provided in an embodiment of the present invention referring to Fig. 5 Structural schematic diagram, as shown in figure 5, the file permission management system provided in an embodiment of the present invention based on forced symmetric centralization, packet It includes:Management end and client.
Management end is connected with client communication, and the management end includes the data obtaining module and strategy setting interconnected Sending module, the data obtaining module are used for for obtaining client id and user right request, strategy setting sending module It is arranged and sends the strategy setting sending module of defence policies, the client id and user's power that data obtaining module will acquire Limit request is sent to strategy setting sending module, strategy setting sending module according to client id send defence policies, according to New defence policies are arranged in family authority request.
The client includes that information receiving module, rank obtain module and judge control module, rank obtain module and Judge that control module connects, wherein information receiving module is used to receive the defence policies of control terminal transmission;The rank obtains mould Block is for obtaining user class and file-level;The judgement control module is used to carry out permission to user class and file-level Judging and carry out operation control, the defence policies that information receiving module receives control terminal transmission are executed immediately later, when When user is read out the file for being provided with defence policies, rank obtains module and obtains to user class and file-level It takes, and is sent to judgement control module, judge control module by the way that two big multilevel iudges of rank are gone out with permission and the control of user User processed carries out corresponding operation.
Management end in the present invention in SSR system divides the security level of file and user, and according to each The significance level of file and user distribute specific grade, are packaged as being sent to client, defence policies after defence policies Be sent to after client can automatic running can't random device switching on and shutting down and stop, can not modifying or stop Continuous service under the premise of only can be to user and file when user accesses to the file for being provided with security level Security level is matched, and is carried out corresponding operation according to security level, is improved the safety of client.
The above is only a specific embodiment of the invention, is made skilled artisans appreciate that or realizing this hair It is bright.Various modifications to these embodiments will be apparent to one skilled in the art, as defined herein General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, of the invention It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one The widest scope of cause.

Claims (10)

1. a kind of file permission management method based on forced symmetric centralization, which is characterized in that including:
Obtain client id;
Defence policies are sent to the client id;
Obtain user class and file-level to be read;
Permission examination is carried out to the user class and file-level to be read according to the defence policies;
Result, which is screened, according to permission carries out corresponding operating.
2. a kind of file permission management method based on forced symmetric centralization according to claim 1, which is characterized in that really The fixed defence policies specifically include:
Obtain the file information and client user's information;
According to the file information, file safeguard rule is set;
According to client user's Information Setup User safeguard rule;
The file safeguard rule and user's safeguard rule are packaged as defence policies.
3. a kind of file permission management method based on forced symmetric centralization according to claim 2, which is characterized in that institute File safeguard rule is stated to specifically include:
File-level is divided into high, high, medium and low, extremely low five security levels;
Obtain file significance level to be placed;
It is that security level is arranged in file to be placed according to the file significance level.
4. a kind of file permission management method based on forced symmetric centralization according to claim 2, which is characterized in that institute User's safeguard rule is stated to specifically include:
User class is divided into high, high, medium and low, extremely low five security levels;
Obtain client user's significance level;
It is user setting security level according to user's significance level.
5. a kind of file permission management method based on forced symmetric centralization according to claim 1, which is characterized in that institute It states defence policies and is sent to automatic running after client;The stopping of the defence policies is controlled by management end.
6. a kind of file permission management method based on forced symmetric centralization according to claim 1, which is characterized in that root Permission examination is carried out to the user class and file-level to be read according to the defence policies to specifically include:
Judge whether the user class is equal to the file-level;
If it is it is same level permission, otherwise judges whether the user class is greater than the file-level;
If it is it is high-level permission, is otherwise low level permission.
7. a kind of file permission management method based on forced symmetric centralization according to claim 6, which is characterized in that same When level-right, user possesses access limit to file;
When high-level permission, user only possesses read right to file;
When low level permission, user does not possess file any permission.
8. -7 any a kind of file permission management method based on forced symmetric centralization according to claim 1, feature It is, the method also includes:
Obtain user right request;
Setting file is requested to update safeguard rule according to the user right;
File update safeguard rule is packaged as client where defence policies are sent to request user.
9. a kind of file permission management method based on forced symmetric centralization according to claim 8, which is characterized in that institute The method of stating further includes:The defence policies of transmission are stored in journal file.
10. a kind of file permission management system based on forced symmetric centralization, which is characterized in that including:The management of communication connection End and client, the management end include data obtaining module and strategy setting sending module, and the client includes that information connects Receive module, rank obtains module and judges control module, wherein the data obtaining module is for obtaining client id and user Authority request;Strategy setting sending module is used to be arranged and send the strategy setting sending module of defence policies;Information receives mould Block is used to receive the defence policies of control terminal transmission;The rank obtains module for obtaining user class and file-level;Institute It states and judges control module for carrying out permission judgement to user class and file-level and carrying out operation control.
CN201810615969.8A 2018-06-14 2018-06-14 A kind of file permission management method and system based on forced symmetric centralization Pending CN108881219A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810615969.8A CN108881219A (en) 2018-06-14 2018-06-14 A kind of file permission management method and system based on forced symmetric centralization

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810615969.8A CN108881219A (en) 2018-06-14 2018-06-14 A kind of file permission management method and system based on forced symmetric centralization

Publications (1)

Publication Number Publication Date
CN108881219A true CN108881219A (en) 2018-11-23

Family

ID=64339081

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810615969.8A Pending CN108881219A (en) 2018-06-14 2018-06-14 A kind of file permission management method and system based on forced symmetric centralization

Country Status (1)

Country Link
CN (1) CN108881219A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109656615A (en) * 2018-12-28 2019-04-19 四川新网银行股份有限公司 A method of permission early warning is carried out based on code method significance level
CN110166473A (en) * 2019-05-29 2019-08-23 中国移动通信集团江苏有限公司 Network data transmission detection method, device, equipment and medium
CN111008395A (en) * 2019-10-31 2020-04-14 苏州浪潮智能科技有限公司 Method and device for protecting USB flash disk
CN112257106A (en) * 2020-10-20 2021-01-22 厦门天锐科技股份有限公司 Data detection method and device
CN110046205B (en) * 2019-04-22 2021-04-09 瀚高基础软件股份有限公司 Relational database row security access control method and system
CN113660222A (en) * 2021-07-28 2021-11-16 上海纽盾科技股份有限公司 Situation awareness defense method and system based on mandatory access control
CN113660224A (en) * 2021-07-28 2021-11-16 上海纽盾科技股份有限公司 Situation awareness defense method, device and system based on network vulnerability scanning
CN115098227A (en) * 2022-08-24 2022-09-23 中诚华隆计算机技术有限公司 Method and device for updating dynamic information of security equipment
CN115277155A (en) * 2022-07-22 2022-11-01 中国银行股份有限公司 Secret-related file access method and device
CN116522316A (en) * 2023-02-23 2023-08-01 武汉禾正丰科技有限公司 Service management system based on distributed network

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20080057919A (en) * 2006-12-21 2008-06-25 주식회사 레드게이트 Method for illegal privilege flow prevention and mandatory access control using the state transition model of security role in window system
CN101877039A (en) * 2009-11-23 2010-11-03 浪潮电子信息产业股份有限公司 Fault detection technology of server operating system
CN104657676A (en) * 2015-03-05 2015-05-27 北京安普诺信息技术有限公司 File mandatory access control method and system thereof based on minifilter drive
CN105429972A (en) * 2015-11-10 2016-03-23 华为技术有限公司 Resource access control method and equipment
CN107612939A (en) * 2017-10-30 2018-01-19 北京众铖科技有限公司 The safety protecting method and device of self-service terminal

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20080057919A (en) * 2006-12-21 2008-06-25 주식회사 레드게이트 Method for illegal privilege flow prevention and mandatory access control using the state transition model of security role in window system
CN101877039A (en) * 2009-11-23 2010-11-03 浪潮电子信息产业股份有限公司 Fault detection technology of server operating system
CN104657676A (en) * 2015-03-05 2015-05-27 北京安普诺信息技术有限公司 File mandatory access control method and system thereof based on minifilter drive
CN105429972A (en) * 2015-11-10 2016-03-23 华为技术有限公司 Resource access control method and equipment
CN107612939A (en) * 2017-10-30 2018-01-19 北京众铖科技有限公司 The safety protecting method and device of self-service terminal

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109656615A (en) * 2018-12-28 2019-04-19 四川新网银行股份有限公司 A method of permission early warning is carried out based on code method significance level
CN110046205B (en) * 2019-04-22 2021-04-09 瀚高基础软件股份有限公司 Relational database row security access control method and system
CN110166473A (en) * 2019-05-29 2019-08-23 中国移动通信集团江苏有限公司 Network data transmission detection method, device, equipment and medium
CN110166473B (en) * 2019-05-29 2021-08-27 中国移动通信集团江苏有限公司 Network data transmission detection method, device, equipment and medium
CN111008395B (en) * 2019-10-31 2022-07-12 苏州浪潮智能科技有限公司 Method and device for protecting USB flash disk
CN111008395A (en) * 2019-10-31 2020-04-14 苏州浪潮智能科技有限公司 Method and device for protecting USB flash disk
CN112257106A (en) * 2020-10-20 2021-01-22 厦门天锐科技股份有限公司 Data detection method and device
CN112257106B (en) * 2020-10-20 2022-06-17 厦门天锐科技股份有限公司 Data detection method and device
CN113660224A (en) * 2021-07-28 2021-11-16 上海纽盾科技股份有限公司 Situation awareness defense method, device and system based on network vulnerability scanning
CN113660222A (en) * 2021-07-28 2021-11-16 上海纽盾科技股份有限公司 Situation awareness defense method and system based on mandatory access control
CN113660224B (en) * 2021-07-28 2023-10-03 上海纽盾科技股份有限公司 Situation awareness defense method, device and system based on network vulnerability scanning
CN115277155A (en) * 2022-07-22 2022-11-01 中国银行股份有限公司 Secret-related file access method and device
CN115098227A (en) * 2022-08-24 2022-09-23 中诚华隆计算机技术有限公司 Method and device for updating dynamic information of security equipment
CN116522316A (en) * 2023-02-23 2023-08-01 武汉禾正丰科技有限公司 Service management system based on distributed network
CN116522316B (en) * 2023-02-23 2023-11-14 武汉禾正丰科技有限公司 Service management system based on distributed network

Similar Documents

Publication Publication Date Title
CN108881219A (en) A kind of file permission management method and system based on forced symmetric centralization
US9503458B2 (en) Retrospective policy safety net
US7555645B2 (en) Reactive audit protection in the database (RAPID)
US20170286653A1 (en) Identity risk score generation and implementation
CN109918924A (en) The control method and system of dynamic access permission
US7065784B2 (en) Systems and methods for integrating access control with a namespace
CN109670768A (en) Right management method, device, platform and the readable storage medium storing program for executing in multi-service domain
US8533782B2 (en) Access control
US20140215575A1 (en) Establishment of a trust index to enable connections from unknown devices
CN114003943B (en) Safe double-control management platform for computer room trusteeship management
CN102571873B (en) Bidirectional security audit method and device in distributed system
CN101986599A (en) Network security control method based on cloud service and cloud security gateway
CN102495989A (en) Subject-label-based access control method and system
CN105827645B (en) Method, equipment and system for access control
CN106685955B (en) Radius-based video monitoring platform security authentication method
CN112115484B (en) Access control method, device, system and medium for application program
CN100586123C (en) A safe audit method based on role management and system thereof
US20220255970A1 (en) Deploying And Maintaining A Trust Store To Dynamically Manage Web Browser Extensions On End User Computing Devices
CN108830075A (en) A kind of application program management-control method of SSR centralized management platform
CN116567083A (en) Service data processing method, device, equipment and medium
US8150984B2 (en) Enhanced data security through file access control of processes in a data processing system
CN110233816A (en) A kind of industrial data assets authorization management method and equipment
Palencia et al. Kerberized Lustre 2.0 over the WAN
Cortes Active Directory security: Why we fail and what auditors miss
CN117195177A (en) Unified user management system and method for big data platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181123