CN108881219A - A kind of file permission management method and system based on forced symmetric centralization - Google Patents
A kind of file permission management method and system based on forced symmetric centralization Download PDFInfo
- Publication number
- CN108881219A CN108881219A CN201810615969.8A CN201810615969A CN108881219A CN 108881219 A CN108881219 A CN 108881219A CN 201810615969 A CN201810615969 A CN 201810615969A CN 108881219 A CN108881219 A CN 108881219A
- Authority
- CN
- China
- Prior art keywords
- file
- user
- level
- permission
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The file permission management method and system based on forced symmetric centralization that the embodiment of the invention discloses a kind of, including:Obtain client id;Defence policies are sent to client id;Obtain user class and file-level to be read;Permission examination is carried out to user class and file-level to be read according to defence policies;Result, which is screened, according to permission carries out corresponding operating.Management end in the embodiment of the present invention in SSR system divides the security level of file and user, and specific grade is distributed according to the significance level of each file and user, it is packaged as being sent to client after defence policies, defence policies be sent to after client can automatic running can't random device switching on and shutting down and stop, can under the premise of not modifying or stopping continuous service, when user accesses to the file for being provided with security level, the security level of user and file can be matched, corresponding operation is carried out according to security level, improve the safety of client.
Description
Technical field
The present invention relates to field of information security technology, more particularly to a kind of file permission pipe based on forced symmetric centralization
Manage method and system.
Background technique
SSR (Server Security Reinforcement, operating system security enhance system) is based on advanced
ROST (Reinforcement Operating System Technique, intensified operation systems technology) technical know-how is from system
The security solution that bottom reinforces operating system, cardinal principle are by file, catalogue, process, registration table
With the forced symmetric centralization of service, the permission of original system administrator is effectively restricted and dispersed, is combined to file kimonos
The functions such as the integrity detection of business and safety damped area spilling, can upgrade common operating system from system, comply with
The grade III Standard of national information protection based on security rank server operating system safety, can be in real time common server operation
System upgrades from system, has the function of the safe practice of three-level, is fundamentally immunized existing various for operating system
Attack, such as:Virus, worm, hacker attack etc..
In the prior art, SSR is made of client and management platform two parts, and client is mounted on the service for needing to protect
On device, the management of prevention policies is then carried out to it from management end.Forced symmetric centralization is to issue prevention policies for client,
Then corresponding protection effect is played.
However, all client users are owned by same permission to file after policy distribution, it is unfavorable for permission control,
Affect client secure.
Summary of the invention
A kind of file permission management method based on forced symmetric centralization is provided in the embodiment of the present invention, it is existing to solve
The low problem of client secure in technology.
In order to solve the above-mentioned technical problem, the embodiment of the invention discloses following technical solutions:
First aspect present invention provides a kind of file permission management method based on forced symmetric centralization, including:
Obtain client id;
Defence policies are sent to the client id;
Obtain user class and file-level to be read;
Permission examination is carried out to the user class and file-level to be read according to the defence policies;
Result, which is screened, according to permission carries out corresponding operating.
Preferably, determine that the defence policies specifically include:
Obtain the file information and client user's information;
According to the file information, file safeguard rule is set;
According to client user's Information Setup User safeguard rule;
The file safeguard rule and user's safeguard rule are packaged as defence policies.
Preferably, the file safeguard rule specifically includes:
File-level is divided into high, high, medium and low, extremely low five grades;
Obtain file significance level to be placed;
It is that security level is arranged in file to be placed according to the file significance level.
Preferably, user's safeguard rule specifically includes:
User class is divided into high, high, medium and low, extremely low five grades;
Obtain client user's significance level;
It is user setting security level according to user's significance level.
Preferably, the defence policies are sent to automatic running after client;The stopping of the defence policies passes through management
End control.
Preferably, permission is carried out to the user class and file-level to be read according to the defence policies to screen specifically
Including:
Judge whether the user class is equal to the file-level;
If it is it is same level permission, otherwise judges whether the user class is greater than the file-level;
If it is it is high-level permission, is otherwise low level permission.
Preferably, when same level permission, user possesses access limit to file;
When high-level permission, user only possesses read right to file;
When low level permission, user does not possess file any permission.
Preferably, the method also includes:
Obtain user right request;
Setting file is requested to update safeguard rule according to the user right;
File update safeguard rule is packaged as client where defence policies are sent to request user.
Preferably, the method also includes:The defence policies of transmission are stored in journal file.
Preferably, the defence policies have uniqueness for each user of each client.
A kind of file permission management system based on forced symmetric centralization that second aspect of the present invention provides, including:Communication
The management end and client of connection, the management end include data obtaining module and strategy setting sending module, the client
Module is obtained including information receiving module, rank and judges control module, wherein the data obtaining module is for obtaining client
Hold ID and user right request;Strategy setting sending module is used to be arranged and send the strategy setting sending module of defence policies;
Information receiving module is used to receive the defence policies of control terminal transmission;The rank obtains module for obtaining user class and text
Part rank;The judgement control module is used to carry out permission judgement to user class and file-level and carries out operation control.
By above technical scheme as it can be seen that in the management end of SSR system to the security level of file and user in the present invention
It is divided, and distributes specific grade according to the significance level of each file and user, be packaged as sending out after defence policies
Give client, defence policies be sent to after client can automatic running can't random device switching on and shutting down and stop, can be with
Continuous service under the premise of not modifying or stopping accesses to the file for being provided with security level in user
When, the security level of user and file can be matched, carry out corresponding operation according to security level, improve client
Safety.
Detailed description of the invention
It is illustrated more clearly that the embodiment of the present invention or technical solution in the prior art, it below will be to embodiment or existing
Attached drawing needed in technical description is briefly described, it should be apparent that, for those of ordinary skills,
Without creative efforts, it is also possible to obtain other drawings based on these drawings.
Fig. 1 is that a kind of process of the file permission management method based on forced symmetric centralization provided in an embodiment of the present invention is shown
It is intended to;
Fig. 2 is the flow diagram of the method for determining defence policies provided in an embodiment of the present invention;
Fig. 3 is the process of another file permission management method based on forced symmetric centralization provided in an embodiment of the present invention
Schematic diagram;
Fig. 4 is the process of another file permission management method based on forced symmetric centralization provided in an embodiment of the present invention
Schematic diagram;
Fig. 5 is that a kind of structure of the file permission management system based on forced symmetric centralization provided in an embodiment of the present invention is shown
It is intended to.
Specific embodiment
Technical solution in order to enable those skilled in the art to better understand the present invention, below in conjunction with of the invention real
The attached drawing in example is applied, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described implementation
Example is only a part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, this field is common
Technical staff's every other embodiment obtained without making creative work, all should belong to protection of the present invention
Range.
It is a kind of file permission management method based on forced symmetric centralization provided in an embodiment of the present invention referring to Fig. 1
Flow diagram, as shown in Figure 1, the file permission management method provided in an embodiment of the present invention based on forced symmetric centralization.Packet
It includes:
S10:Obtain client id.
The file of the user and preservation that are logged in each client are all different, in order to ensure management end carries out accurately
Control need to obtain accurate client id, response defence policies are issued by client id.
S20:Defence policies are sent to the client id.
Defence policies are by kernel-driven by managing to client is issued to, wherein both having included the correlation setting for user
It also include the correlation setting for file, specific determination process defends plan referring to fig. 2, for determination provided in an embodiment of the present invention
The flow diagram of method slightly, as shown in Fig. 2, determining that the process of defence policies specifically includes:
S21:Obtain the file information and client user's information.
Because both having included related setting for user in prevention policies or including correlation setting for file,
Obtain the file information while client user is also obtained because a large amount of file can be preserved in client, such as
Fruit carries out each file priority assignation more to be taken considerable time, and most files are not needed to carry out permission
Protection, therefore only need to obtain the file protected when obtaining file, for user information, because of a visitor
Multiple user names can be set on the end of family to realize that logging in for a variety of users, such as administrator and tourist, unused user exist
Permission after logging in for file in client is different, and therefore, it is necessary to whole user informations progress to being arranged in client
It obtains
S22:According to the file information, file safeguard rule is set.
File safeguard rule is arranged by the file setting security level for different significance levels to realize, in the present invention
In embodiment, file-level will be divided into high, high, medium and low, extremely low five grades, be according to each file significance level
Its security level that response is set.
S23:According to client user's Information Setup User safeguard rule.
Likewise, in order to match user gradation with file hierarchies, also by user class be divided into it is high, high, medium and low,
Extremely low five grades, according to each user when logging in the degree of exposure of vital document, and the behaviour of the possible practical user
Make personnel's classification and determine user's significance level, is user setting security level, such as certain client according to the significance level of user
It is only provided with a user i.e. administrator, then the operator that the administrator can be used must be for internal staff, then can be with
Set high or high for administrator's security level, it can be with when logging in client for the other staff that non-administrator thinks
It is considered tourist, the file in client is not allowed to operate substantially, then can sets the security level of tourist user to
It is low or extremely low.
S24:The file safeguard rule and user's safeguard rule are packaged as defence policies.
Because file safeguard rule and user's safeguard rule are arranged in management end, in view of management end and client it
Between file interaction feature and only come into force there are two types of safeguard rule when can just execute the embodiment of the present invention, therefore will be literary
Part safeguard rule and user's safeguard rule are packaged into defence policies together and are handed down to client.
Because the file and user in each client are all different, file safeguard rule and user guarantor are being carried out
Shield rule needs to carry out for specific client, and the defence policies after packing can only also be sent to the client, to make to prevent
Imperial strategy has uniqueness for each user of each client, i.e. a defence policies can only come into force to a client.
Defence policies meeting automatic running after being handed down to client, and will not be closed with the switching on and shutting down of client,
Operation if necessary to stop defence policies must issue response out code by management end, therefore not to client
Before defence policies are modified or closed, defence policies can continuous service.
S30:Obtain user class and file-level to be read.
During defence policies are run, if the user for logging in client wants to read certain file for being provided with defence policies
When, system will read the security level of user and the grade of file to be read simultaneously.
S40:Permission examination is carried out to the user class and file-level to be read according to the defence policies.
User security grade and file security grade need to screen the two after obtaining, and determine that the two security level is
Which kind of setting in defence policies, then executes step S50:Result, which is screened, according to permission carries out corresponding operating.
It is specially to the process of user class and file-level to be read progress permission examination in the embodiment of the present invention:First
Judge whether the user class is equal to the file-level, if it is user has same level permission, otherwise continues to judge
Whether the user class is greater than the file-level, and if it is user has high-level permission, and otherwise user is low level
Permission.
Being provided with user in defence policies to have same level permission, high-level permission or low level permission is for file
Corresponding operating, specially:When same level permission, user possesses access limit to file;When high-level permission, user is to file
Only possess read right;When low level permission, user does not possess file any permission.
Referring to Fig. 3, for another file permission management method based on forced symmetric centralization provided in an embodiment of the present invention
Flow diagram, as shown in figure 3, the method also includes:
S60:Obtain user right request.
S70:Setting file is requested to update safeguard rule according to the user right.
S80:File update safeguard rule is packaged as client where defence policies are sent to request user.
For the file that client saves, the file if there is newly needing to be arranged access authority is stored in or exists for user
In access process since it is desired that when access response file but permission do not allow, need to ask that file resets defence plan for this
Slightly, it needs to send the request of user omnidirectional at this time, includes user information and the information (teammate of file to be read of request in request
Newly-increased file need to only send the information of newly-increased file), if by judgement can its request open to the user file or
The significance level for judging file resets the security level grade grade of file, generates new file and updates protection
File update safeguard rule is packaged as client where defence policies are sent to request user and run, by upper by rule
For the uniqueness of client, the permission of other clients will not change the defence policies stated, and because only repairing in this client
The important level of file is changed, therefore, has only had changed a user for the operating right of a file, the visitor will not be influenced
Operating right of the other users to alternative document on the end of family.
It referring to fig. 4, is another file permission management method based on forced symmetric centralization provided in an embodiment of the present invention
Flow diagram, as shown in figure 4, the method also includes:
S90:The defence policies of transmission are stored in journal file.
For the ease of management end staff check defence policies issue situation, avoid maloperation or illegal operation,
The policy distribution that is on the defensive every time is that the relevant information in the defence policies for requiring to issue this is stored in journal file,
Which includes the client ids, user information and the file information that issue defence policies.
It is a kind of file permission management system based on forced symmetric centralization provided in an embodiment of the present invention referring to Fig. 5
Structural schematic diagram, as shown in figure 5, the file permission management system provided in an embodiment of the present invention based on forced symmetric centralization, packet
It includes:Management end and client.
Management end is connected with client communication, and the management end includes the data obtaining module and strategy setting interconnected
Sending module, the data obtaining module are used for for obtaining client id and user right request, strategy setting sending module
It is arranged and sends the strategy setting sending module of defence policies, the client id and user's power that data obtaining module will acquire
Limit request is sent to strategy setting sending module, strategy setting sending module according to client id send defence policies, according to
New defence policies are arranged in family authority request.
The client includes that information receiving module, rank obtain module and judge control module, rank obtain module and
Judge that control module connects, wherein information receiving module is used to receive the defence policies of control terminal transmission;The rank obtains mould
Block is for obtaining user class and file-level;The judgement control module is used to carry out permission to user class and file-level
Judging and carry out operation control, the defence policies that information receiving module receives control terminal transmission are executed immediately later, when
When user is read out the file for being provided with defence policies, rank obtains module and obtains to user class and file-level
It takes, and is sent to judgement control module, judge control module by the way that two big multilevel iudges of rank are gone out with permission and the control of user
User processed carries out corresponding operation.
Management end in the present invention in SSR system divides the security level of file and user, and according to each
The significance level of file and user distribute specific grade, are packaged as being sent to client, defence policies after defence policies
Be sent to after client can automatic running can't random device switching on and shutting down and stop, can not modifying or stop
Continuous service under the premise of only can be to user and file when user accesses to the file for being provided with security level
Security level is matched, and is carried out corresponding operation according to security level, is improved the safety of client.
The above is only a specific embodiment of the invention, is made skilled artisans appreciate that or realizing this hair
It is bright.Various modifications to these embodiments will be apparent to one skilled in the art, as defined herein
General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, of the invention
It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one
The widest scope of cause.
Claims (10)
1. a kind of file permission management method based on forced symmetric centralization, which is characterized in that including:
Obtain client id;
Defence policies are sent to the client id;
Obtain user class and file-level to be read;
Permission examination is carried out to the user class and file-level to be read according to the defence policies;
Result, which is screened, according to permission carries out corresponding operating.
2. a kind of file permission management method based on forced symmetric centralization according to claim 1, which is characterized in that really
The fixed defence policies specifically include:
Obtain the file information and client user's information;
According to the file information, file safeguard rule is set;
According to client user's Information Setup User safeguard rule;
The file safeguard rule and user's safeguard rule are packaged as defence policies.
3. a kind of file permission management method based on forced symmetric centralization according to claim 2, which is characterized in that institute
File safeguard rule is stated to specifically include:
File-level is divided into high, high, medium and low, extremely low five security levels;
Obtain file significance level to be placed;
It is that security level is arranged in file to be placed according to the file significance level.
4. a kind of file permission management method based on forced symmetric centralization according to claim 2, which is characterized in that institute
User's safeguard rule is stated to specifically include:
User class is divided into high, high, medium and low, extremely low five security levels;
Obtain client user's significance level;
It is user setting security level according to user's significance level.
5. a kind of file permission management method based on forced symmetric centralization according to claim 1, which is characterized in that institute
It states defence policies and is sent to automatic running after client;The stopping of the defence policies is controlled by management end.
6. a kind of file permission management method based on forced symmetric centralization according to claim 1, which is characterized in that root
Permission examination is carried out to the user class and file-level to be read according to the defence policies to specifically include:
Judge whether the user class is equal to the file-level;
If it is it is same level permission, otherwise judges whether the user class is greater than the file-level;
If it is it is high-level permission, is otherwise low level permission.
7. a kind of file permission management method based on forced symmetric centralization according to claim 6, which is characterized in that same
When level-right, user possesses access limit to file;
When high-level permission, user only possesses read right to file;
When low level permission, user does not possess file any permission.
8. -7 any a kind of file permission management method based on forced symmetric centralization according to claim 1, feature
It is, the method also includes:
Obtain user right request;
Setting file is requested to update safeguard rule according to the user right;
File update safeguard rule is packaged as client where defence policies are sent to request user.
9. a kind of file permission management method based on forced symmetric centralization according to claim 8, which is characterized in that institute
The method of stating further includes:The defence policies of transmission are stored in journal file.
10. a kind of file permission management system based on forced symmetric centralization, which is characterized in that including:The management of communication connection
End and client, the management end include data obtaining module and strategy setting sending module, and the client includes that information connects
Receive module, rank obtains module and judges control module, wherein the data obtaining module is for obtaining client id and user
Authority request;Strategy setting sending module is used to be arranged and send the strategy setting sending module of defence policies;Information receives mould
Block is used to receive the defence policies of control terminal transmission;The rank obtains module for obtaining user class and file-level;Institute
It states and judges control module for carrying out permission judgement to user class and file-level and carrying out operation control.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810615969.8A CN108881219A (en) | 2018-06-14 | 2018-06-14 | A kind of file permission management method and system based on forced symmetric centralization |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810615969.8A CN108881219A (en) | 2018-06-14 | 2018-06-14 | A kind of file permission management method and system based on forced symmetric centralization |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108881219A true CN108881219A (en) | 2018-11-23 |
Family
ID=64339081
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810615969.8A Pending CN108881219A (en) | 2018-06-14 | 2018-06-14 | A kind of file permission management method and system based on forced symmetric centralization |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108881219A (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109656615A (en) * | 2018-12-28 | 2019-04-19 | 四川新网银行股份有限公司 | A method of permission early warning is carried out based on code method significance level |
CN110166473A (en) * | 2019-05-29 | 2019-08-23 | 中国移动通信集团江苏有限公司 | Network data transmission detection method, device, equipment and medium |
CN111008395A (en) * | 2019-10-31 | 2020-04-14 | 苏州浪潮智能科技有限公司 | Method and device for protecting USB flash disk |
CN112257106A (en) * | 2020-10-20 | 2021-01-22 | 厦门天锐科技股份有限公司 | Data detection method and device |
CN110046205B (en) * | 2019-04-22 | 2021-04-09 | 瀚高基础软件股份有限公司 | Relational database row security access control method and system |
CN113660222A (en) * | 2021-07-28 | 2021-11-16 | 上海纽盾科技股份有限公司 | Situation awareness defense method and system based on mandatory access control |
CN113660224A (en) * | 2021-07-28 | 2021-11-16 | 上海纽盾科技股份有限公司 | Situation awareness defense method, device and system based on network vulnerability scanning |
CN115098227A (en) * | 2022-08-24 | 2022-09-23 | 中诚华隆计算机技术有限公司 | Method and device for updating dynamic information of security equipment |
CN115277155A (en) * | 2022-07-22 | 2022-11-01 | 中国银行股份有限公司 | Secret-related file access method and device |
CN116522316A (en) * | 2023-02-23 | 2023-08-01 | 武汉禾正丰科技有限公司 | Service management system based on distributed network |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20080057919A (en) * | 2006-12-21 | 2008-06-25 | 주식회사 레드게이트 | Method for illegal privilege flow prevention and mandatory access control using the state transition model of security role in window system |
CN101877039A (en) * | 2009-11-23 | 2010-11-03 | 浪潮电子信息产业股份有限公司 | Fault detection technology of server operating system |
CN104657676A (en) * | 2015-03-05 | 2015-05-27 | 北京安普诺信息技术有限公司 | File mandatory access control method and system thereof based on minifilter drive |
CN105429972A (en) * | 2015-11-10 | 2016-03-23 | 华为技术有限公司 | Resource access control method and equipment |
CN107612939A (en) * | 2017-10-30 | 2018-01-19 | 北京众铖科技有限公司 | The safety protecting method and device of self-service terminal |
-
2018
- 2018-06-14 CN CN201810615969.8A patent/CN108881219A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20080057919A (en) * | 2006-12-21 | 2008-06-25 | 주식회사 레드게이트 | Method for illegal privilege flow prevention and mandatory access control using the state transition model of security role in window system |
CN101877039A (en) * | 2009-11-23 | 2010-11-03 | 浪潮电子信息产业股份有限公司 | Fault detection technology of server operating system |
CN104657676A (en) * | 2015-03-05 | 2015-05-27 | 北京安普诺信息技术有限公司 | File mandatory access control method and system thereof based on minifilter drive |
CN105429972A (en) * | 2015-11-10 | 2016-03-23 | 华为技术有限公司 | Resource access control method and equipment |
CN107612939A (en) * | 2017-10-30 | 2018-01-19 | 北京众铖科技有限公司 | The safety protecting method and device of self-service terminal |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109656615A (en) * | 2018-12-28 | 2019-04-19 | 四川新网银行股份有限公司 | A method of permission early warning is carried out based on code method significance level |
CN110046205B (en) * | 2019-04-22 | 2021-04-09 | 瀚高基础软件股份有限公司 | Relational database row security access control method and system |
CN110166473A (en) * | 2019-05-29 | 2019-08-23 | 中国移动通信集团江苏有限公司 | Network data transmission detection method, device, equipment and medium |
CN110166473B (en) * | 2019-05-29 | 2021-08-27 | 中国移动通信集团江苏有限公司 | Network data transmission detection method, device, equipment and medium |
CN111008395B (en) * | 2019-10-31 | 2022-07-12 | 苏州浪潮智能科技有限公司 | Method and device for protecting USB flash disk |
CN111008395A (en) * | 2019-10-31 | 2020-04-14 | 苏州浪潮智能科技有限公司 | Method and device for protecting USB flash disk |
CN112257106A (en) * | 2020-10-20 | 2021-01-22 | 厦门天锐科技股份有限公司 | Data detection method and device |
CN112257106B (en) * | 2020-10-20 | 2022-06-17 | 厦门天锐科技股份有限公司 | Data detection method and device |
CN113660224A (en) * | 2021-07-28 | 2021-11-16 | 上海纽盾科技股份有限公司 | Situation awareness defense method, device and system based on network vulnerability scanning |
CN113660222A (en) * | 2021-07-28 | 2021-11-16 | 上海纽盾科技股份有限公司 | Situation awareness defense method and system based on mandatory access control |
CN113660224B (en) * | 2021-07-28 | 2023-10-03 | 上海纽盾科技股份有限公司 | Situation awareness defense method, device and system based on network vulnerability scanning |
CN115277155A (en) * | 2022-07-22 | 2022-11-01 | 中国银行股份有限公司 | Secret-related file access method and device |
CN115098227A (en) * | 2022-08-24 | 2022-09-23 | 中诚华隆计算机技术有限公司 | Method and device for updating dynamic information of security equipment |
CN116522316A (en) * | 2023-02-23 | 2023-08-01 | 武汉禾正丰科技有限公司 | Service management system based on distributed network |
CN116522316B (en) * | 2023-02-23 | 2023-11-14 | 武汉禾正丰科技有限公司 | Service management system based on distributed network |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108881219A (en) | A kind of file permission management method and system based on forced symmetric centralization | |
US9503458B2 (en) | Retrospective policy safety net | |
US7555645B2 (en) | Reactive audit protection in the database (RAPID) | |
US20170286653A1 (en) | Identity risk score generation and implementation | |
CN109918924A (en) | The control method and system of dynamic access permission | |
US7065784B2 (en) | Systems and methods for integrating access control with a namespace | |
CN109670768A (en) | Right management method, device, platform and the readable storage medium storing program for executing in multi-service domain | |
US8533782B2 (en) | Access control | |
US20140215575A1 (en) | Establishment of a trust index to enable connections from unknown devices | |
CN114003943B (en) | Safe double-control management platform for computer room trusteeship management | |
CN102571873B (en) | Bidirectional security audit method and device in distributed system | |
CN101986599A (en) | Network security control method based on cloud service and cloud security gateway | |
CN102495989A (en) | Subject-label-based access control method and system | |
CN105827645B (en) | Method, equipment and system for access control | |
CN106685955B (en) | Radius-based video monitoring platform security authentication method | |
CN112115484B (en) | Access control method, device, system and medium for application program | |
CN100586123C (en) | A safe audit method based on role management and system thereof | |
US20220255970A1 (en) | Deploying And Maintaining A Trust Store To Dynamically Manage Web Browser Extensions On End User Computing Devices | |
CN108830075A (en) | A kind of application program management-control method of SSR centralized management platform | |
CN116567083A (en) | Service data processing method, device, equipment and medium | |
US8150984B2 (en) | Enhanced data security through file access control of processes in a data processing system | |
CN110233816A (en) | A kind of industrial data assets authorization management method and equipment | |
Palencia et al. | Kerberized Lustre 2.0 over the WAN | |
Cortes | Active Directory security: Why we fail and what auditors miss | |
CN117195177A (en) | Unified user management system and method for big data platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181123 |