CN109711147B - Method, device and system for managing three rights separately of operating system and storage medium - Google Patents
Method, device and system for managing three rights separately of operating system and storage medium Download PDFInfo
- Publication number
- CN109711147B CN109711147B CN201910002213.0A CN201910002213A CN109711147B CN 109711147 B CN109711147 B CN 109711147B CN 201910002213 A CN201910002213 A CN 201910002213A CN 109711147 B CN109711147 B CN 109711147B
- Authority
- CN
- China
- Prior art keywords
- operating system
- access
- information
- user
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 238000000926 separation method Methods 0.000 claims abstract description 22
- 230000007246 mechanism Effects 0.000 claims abstract description 13
- 238000007726 management method Methods 0.000 claims description 29
- 238000012550 audit Methods 0.000 claims description 19
- 238000004590 computer program Methods 0.000 claims description 12
- 230000008569 process Effects 0.000 claims description 7
- 238000012545 processing Methods 0.000 claims description 4
- 230000001960 triggered effect Effects 0.000 claims description 3
- 230000006870 function Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 3
- 230000002349 favourable effect Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000000903 blocking effect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method, a device and a system for managing the three-right separation of operating systems and a computer readable storage medium, which comprises the steps of carrying out the three-right separation of the authority setting on each operating system in advance according to a three-right separation mechanism and generating a corresponding relation table of an ID (identity) of the operating system and the authority setting information; receiving an access request sent by a current operating system, wherein the access request comprises an operating system ID, an access user and accessed execution file information; determining authority setting information corresponding to the operating system ID according to the operating system ID and the corresponding relation table; judging whether the access user has the authority to access the corresponding execution file or not according to the access request and the authority setting information, if so, returning the access permission information so that the access user can access the execution file according to the access permission information; if not, returning the access prohibition information to end the access of the access user. The operating systems are subjected to the separation of the three rights, the unified management of each operating system is facilitated, and the management efficiency is improved.
Description
Technical Field
The embodiment of the invention relates to the technical field of operating systems, in particular to a method, a device and a system for managing the three rights of an operating system separately and a computer readable storage medium.
Background
The operating system is the core of the whole computer information system, and the safety of the operating system is the basis of the whole safety precaution system and is also the key point of information guarantee. With the continuous development of computer and network technologies and applications, the security problem of computer systems has attracted more and more attention, and the information security industry has paid more and more attention to the security problem of server operating systems.
The national standard of information security technology is released for the country, and the security of the standard operating system is classified into five grades. The "three power split" access control requirement is set forth from the mandatory access control in the "security label protection level" of the third level. The method is characterized in that a specially-arranged system security administrator uniformly manages events and information related to security mechanisms such as mandatory access control in an operating system, and respectively undertakes conventional management, security-related management and audit management of the system by the system administrator, the system security administrator and the system auditor, respectively grants authorities required by the system administrator, the system security administrator and the system auditor to complete tasks undertaken by the system administrator, the system security administrator and the system auditor according to a function division principle, and forms a mutual restriction relation.
However, the existing linux operating systems, no matter redhat or centos, have no function of separating the three rights, and only some operating systems which reach the three-level standard of level protection have the function of separating the three rights, and in the operating systems which achieve the three-level standard of level protection, the three-right separation judgment is locally achieved, which is not beneficial to the unified management of each operating system.
In view of the above, how to provide a method, an apparatus, a system and a computer-readable storage medium for managing ownership of an operating system to solve the above technical problems becomes a problem to be solved by those skilled in the art.
Disclosure of Invention
Embodiments of the present invention provide a method, an apparatus, a system, and a computer-readable storage medium for managing ownership independence of an operating system, which implement ownership independence on the operating system during a use process, and are also beneficial to unified management of each operating system, thereby improving management efficiency.
In order to solve the above technical problem, an embodiment of the present invention provides a method for managing ownership of an operating system separately, including:
carrying out permission setting of the three-permission separation on each operating system in advance according to the three-permission separation mechanism, and generating a corresponding relation table of the ID of the operating system and permission setting information;
receiving an access request sent by a current operating system, wherein the access request comprises an operating system ID, an access user and accessed execution file information;
determining authority setting information corresponding to the operating system ID according to the operating system ID and the corresponding relation table;
judging whether the access user has the authority to access the corresponding execution file or not according to the access request and the authority setting information, if so, returning access permission information so that the access user can access the execution file according to the access permission information; if not, returning the access prohibition information to end the access request of the access user.
Optionally, the process of receiving the access request sent by the current operating system is as follows:
and receiving an access request sent by the current operating system through the LSM module through the network.
Optionally, the method further includes:
and recording the access request into a pre-established access record.
Optionally, the permission setting information includes: authority information and user information corresponding to the authority information.
Optionally, when the permission information is time setting or user management, the user information is a system administrator;
when the authority information is set by a system password or a firewall, the user information is a security administrator;
and when the authority information is viewed by an audit log, the user information is an audit manager.
The embodiment of the invention correspondingly provides a device for managing the three rights separation of the operating system, which comprises the following components:
the setting module is used for carrying out permission setting on each operating system in advance according to a three-permission separation mechanism and generating a corresponding relation table of the ID and the permission setting information of the operating system;
the system comprises a receiving module, a processing module and a processing module, wherein the receiving module is used for receiving an access request sent by a current operating system, and the access request comprises an operating system ID, an access user and accessed execution file information;
the determining module is used for determining authority setting information corresponding to the operating system ID according to the operating system ID and the corresponding relation table;
the judging module is used for judging whether the access user has the authority to access the corresponding execution file or not according to the access request and the authority setting information, and if so, the first returning module is triggered; if not, triggering a second return module;
the first returning module is used for returning access permission information so that the access user can access the execution file according to the access permission information;
and the second returning module is used for returning the access prohibition information so as to end the access request of the access user.
Optionally, the receiving module is specifically configured to receive, through a network, an access request sent by a current operating system through the LSM module.
Optionally, the method further includes:
and the recording module is used for recording the access request into a pre-established access record.
The embodiment of the invention also provides a system for managing the three rights separately of the operating system, which comprises the following components:
a memory for storing a computer program;
and the processor is used for realizing the steps of the three-right discrete management method of the operating system when the computer program is executed.
The embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method for managing ownership of an operating system as described above are implemented.
The embodiment of the invention provides a method, a device and a system for managing the three rights of an operating system separately and a computer readable storage medium, wherein the method comprises the following steps: carrying out permission setting of the three-permission separation on each operating system in advance according to the three-permission separation mechanism, and generating a corresponding relation table of the ID of the operating system and permission setting information; receiving an access request sent by a current operating system, wherein the access request comprises an operating system ID, an access user and accessed execution file information; determining authority setting information corresponding to the operating system ID according to the operating system ID and the corresponding relation table; judging whether the access user has the authority to access the corresponding execution file or not according to the access request and the authority setting information, if so, returning the access permission information so that the access user can access the execution file according to the access permission information; if not, returning the access prohibition information to end the access request of the access user.
Therefore, the method and the device perform rights setting with three rights separated on each operating system through a three rights separated mechanism, generate a corresponding relation table of the ID of the operating system and the rights setting information so as to uniformly manage the rights of each operating system, judge whether an access user has the right to access an accessed execution file according to the access request and the corresponding relation between the ID of the operating system and the rights setting information after receiving the access request of the current operating system, and return corresponding information to the current operating system according to the judgment result so as to facilitate the access user to perform the next operation. The method and the device realize the separation of the execution rights of the operating systems, are favorable for the unified management of each operating system, and improve the management efficiency.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed in the prior art and the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a schematic flowchart of a method for managing ownership and privilege of an operating system according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a device for managing ownership and privilege of an operating system according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a method, a device and a system for managing the three power separation of an operating system and a computer readable storage medium, which realize the three power separation of the operating system in the using process, are favorable for the unified management of each operating system and improve the management efficiency.
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a flowchart illustrating a method for managing ownership of an operating system according to an embodiment of the present invention. The method comprises the following steps:
s110: carrying out permission setting of the three-permission separation on each operating system in advance according to the three-permission separation mechanism, and generating a corresponding relation table of the ID of the operating system and permission setting information;
it should be noted that the method for managing the three rights of the operating systems separately provided in the present application may be applied to linux operating systems or K-UX operating systems, and a centralized management platform is adopted to manage the three rights of each operating system separately, where the three rights of each operating system may be set in advance according to a three rights separate mechanism, for example, the respective rights of a system administrator, a security administrator, and an audit administrator in each operating system may be set, and for convenience, the system administrator managing each operating system may be the same, the security administrator may be the same, the audit administrator may be the same, or certainly may be different, and the setting is specifically performed according to an actual situation, where the system administrator, the security administrator, and the audit administrator may set as designated users.
Specifically, each operating system has an operating system ID uniquely corresponding thereto, so that after the permission setting of each operating system is determined, the operating system ID and the permission setting information corresponding thereto can be recorded in the pre-established correspondence table between the operating system ID and the permission setting information, so as to subsequently determine the access request of the user.
S120: receiving an access request sent by a current operating system, wherein the access request comprises an operating system ID, an access user and accessed execution file information;
specifically, when a user wants to access an execution file in the current operating system, the current operating system sends an access request to the centralized management platform, where the access request may specifically include an operating system ID, an access user, and information about the execution file accessed by the user.
The specific operating system may send an access request to the centralized management platform through the network, and the operating system may send an access request to the centralized management platform through the internal LSM module. In addition, when a user accesses a file, the operating system sequentially executes functional error check and traditional DAC check through an original kernel interface, and then centrally manages an access request sent by the platform through an internal LSM module.
S130: determining authority setting information corresponding to the operating system ID according to the operating system ID and the corresponding relation table;
it can be understood that, in this implementation, after receiving an access request, matching may be performed according to an operating system ID corresponding to a current operating system carried in the access request and a pre-established correspondence table between the operating system ID and an access right, and determining authority setting information corresponding to the operating system ID, where the authority setting information includes authority information and user information corresponding to the authority information, and the user information of each operating system includes three types, which are respectively a system administrator, a security administrator, and an audit administrator, and the authority information includes first authority information corresponding to the system administrator, second authority information corresponding to the security administrator, and third authority information corresponding to the audit administrator.
Specifically, the permission setting information of the operating system may be:
when the authority information is time setting or user management, the user information is a system administrator;
when the authority information is set by a system password or a firewall, the user information is a security administrator;
and when the authority information is viewed by an audit log, the user information is an audit manager. Wherein, the user management comprises addition and deletion of users; the authority information corresponding to the system administrator may further include network settings, the authority information corresponding to the security administrator may further include access blocking and the like, and the authority information corresponding to the audit administrator may further include information such as search and alarm. Of course, the authority information respectively corresponding to the system administrator, the security administrator and the audit administrator of the operating system may be set according to the actual situation, and the present application is not particularly limited.
S140: judging whether the access user has the authority to access the corresponding execution file or not according to the access request and the authority setting information, if so, entering S150; otherwise, go to S160;
for example, in this embodiment, if the authority information corresponding to the current operating system is time setting or user management, the corresponding user information is a system administrator, and the access user in the access request is the system administrator, and the accessed execution file information includes time setting, it may be determined that the access user has time setting authority; when the access user is an audit administrator and the accessed execution file information is time set, it can be determined that the access user does not have access authority, that is, the security administrator and the audit administrator do not have authority to set the authority of the operating system. Accordingly, only operations with authority can be executed for a security administrator and an audit administrator, and other operations are not executed with authority.
S150: returning the access permission information so that the access user can access the execution file according to the access permission information;
s160: and returning the access prohibition information to end the access request of the access user.
Specifically, when it is determined that the accessing user has the right to access the execution file, a notification message allowing access is returned to the current operating system, and the current operating system enables the accessing user to access the corresponding execution file according to the notification and performs corresponding operation on the execution file; if the fact that the access user does not have the authority of accessing the execution file is determined, the notification information of forbidding access is returned to the current operating system, the current operating system forbids and ends the access request of the user to the corresponding execution file according to the notification information, and prompt information without the access authority can be displayed to the user.
For example, when the access user is a system administrator, the accessed execution file information includes time setting, the LSM module intercepts and sends the user and command file information to the centralized management platform, the platform allows the access request according to the set rule and returns the access allowing information, and the system administrator successfully sets the time. However, when the security administrator and the audit administrator access and execute the time setting program file, the LSM module intercepts and sends the access information to the centralized management platform, and the platform returns the result of forbidding access. The security administrator, the audit administrator, has no authority to set the system time.
Further, the method further comprises:
and recording the access request into a pre-established access record.
It should be noted that, in order to facilitate unified management of access conditions of the operating systems and to facilitate subsequent checking work, the access request corresponding to each operating system may also be recorded in the present application.
Therefore, the method and the device perform rights setting with three rights separated on each operating system through a three rights separated mechanism, generate a corresponding relation table of the ID of the operating system and the rights setting information so as to uniformly manage the rights of each operating system, judge whether an access user has the right to access an accessed execution file according to the access request and the corresponding relation between the ID of the operating system and the rights setting information after receiving the access request of the current operating system, and return corresponding information to the current operating system according to the judgment result so as to facilitate the access user to perform the next operation. The method and the device realize the function of setting the three rights separation for the operating systems, are favorable for unified management of the operating systems, and improve the management efficiency.
On the basis of the foregoing embodiments, the present invention provides a apparatus for managing ownership of an operating system, which is specifically shown in fig. 2. The device includes:
the setting module 21 is configured to perform right setting with three rights separated on each operating system in advance according to a three rights separated mechanism, and generate a corresponding relationship table between an operating system ID and right setting information;
a receiving module 22, configured to receive an access request sent by a current operating system, where the access request includes an operating system ID, an access user, and accessed execution file information;
the determining module 23 is configured to determine, according to the operating system ID and the corresponding relationship table, permission setting information corresponding to the operating system ID;
the judging module 24 is used for judging whether the access user has the authority to access the corresponding execution file according to the access request and the authority setting information, and if so, the first returning module 25 is triggered; if not, triggering a second returning module 26;
a first returning module 25, configured to return the access permission information, so that the access user accesses the execution file according to the access permission information;
and a second returning module 26, configured to return the access prohibition information to end the access request of the access user.
Further, the receiving module is specifically configured to receive, through the network, an access request sent by the current operating system through the LSM module.
Further, the apparatus further comprises:
and the recording module is used for recording the access request into a pre-established access record.
It should be noted that the apparatus for managing ownership of an operating system provided in the embodiment of the present invention has the same beneficial effects as the method for managing ownership of an operating system provided in the foregoing embodiment, and for specific description of the method for managing ownership of an operating system in the embodiment, reference is made to the foregoing embodiment, and details of the application are not repeated herein.
On the basis of the above embodiments, an embodiment of the present invention further provides a system for managing ownership of an operating system, including:
a memory for storing a computer program;
and the processor is used for realizing the steps of the three-power discrete management method of the operating system when executing the computer program.
For example, the processor in the embodiment of the present invention is configured to implement, according to a three-power separation mechanism, performing three-power separation permission setting on each operating system in advance, and generating a correspondence table between an operating system ID and permission setting information; receiving an access request sent by a current operating system, wherein the access request comprises an operating system ID, an access user and accessed execution file information; determining authority setting information corresponding to the operating system ID according to the operating system ID and the corresponding relation table; judging whether the access user has the authority to access the corresponding execution file or not according to the access request and the authority setting information, if so, returning the access permission information so that the access user can access the execution file according to the access permission information; if not, returning the access prohibition information to end the access request of the access user.
On the basis of the foregoing embodiments, the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the method for managing ownership of an operating system as described above.
The computer-readable storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A method for managing ownership of an operating system separately is characterized by comprising the following steps:
carrying out permission setting of the three-permission separation on each operating system in advance according to the three-permission separation mechanism, and generating a corresponding relation table of the ID of the operating system and permission setting information;
receiving an access request sent by a current operating system, wherein the access request comprises an operating system ID, an access user and accessed execution file information;
determining authority setting information corresponding to the operating system ID according to the operating system ID and the corresponding relation table;
judging whether the access user has the authority to access the corresponding execution file or not according to the access request and the authority setting information, if so, returning access permission information so that the access user can access the execution file according to the access permission information; if not, returning the access prohibition information to end the access request of the access user.
2. The method for managing the ownership right of the operating system according to claim 1, wherein the process of receiving the access request sent by the current operating system is as follows:
and receiving an access request sent by the current operating system through the LSM module through the network.
3. The method for trialling management of an operating system according to claim 2, further comprising:
and recording the access request into a pre-established access record.
4. The method for managing the right of ownership separately according to claim 1, wherein the right setting information includes: authority information and user information corresponding to the authority information.
5. The method for managing the operating system according to claim 4, wherein when the authority information is time setting or user management, the user information is a system administrator;
when the authority information is set by a system password or a firewall, the user information is a security administrator;
and when the authority information is viewed by an audit log, the user information is an audit manager.
6. An apparatus for managing ownership of an operating system, comprising:
the setting module is used for carrying out permission setting on each operating system in advance according to a three-permission separation mechanism and generating a corresponding relation table of the ID and the permission setting information of the operating system;
the system comprises a receiving module, a processing module and a processing module, wherein the receiving module is used for receiving an access request sent by a current operating system, and the access request comprises an operating system ID, an access user and accessed execution file information;
the determining module is used for determining authority setting information corresponding to the operating system ID according to the operating system ID and the corresponding relation table;
the judging module is used for judging whether the access user has the authority to access the corresponding execution file or not according to the access request and the authority setting information, and if so, the first returning module is triggered; if not, triggering a second return module;
the first returning module is used for returning access permission information so that the access user can access the execution file according to the access permission information;
and the second returning module is used for returning the access prohibition information so as to end the access request of the access user.
7. The apparatus for managing ownership of an operating system according to claim 6, wherein the receiving module is specifically configured to receive, via the network, an access request sent by the current operating system through the LSM module.
8. The apparatus for managing ownership of an operating system according to claim 7, further comprising:
and the recording module is used for recording the access request into a pre-established access record.
9. A system for triply managing an operating system, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the method for tripartite management of an operating system according to any one of claims 1 to 5 when executing the computer program.
10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the method for ownership independence management of an operating system as claimed in any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910002213.0A CN109711147B (en) | 2019-01-02 | 2019-01-02 | Method, device and system for managing three rights separately of operating system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910002213.0A CN109711147B (en) | 2019-01-02 | 2019-01-02 | Method, device and system for managing three rights separately of operating system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109711147A CN109711147A (en) | 2019-05-03 |
| CN109711147B true CN109711147B (en) | 2020-06-02 |
Family
ID=66260559
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910002213.0A Active CN109711147B (en) | 2019-01-02 | 2019-01-02 | Method, device and system for managing three rights separately of operating system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109711147B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111062054A (en) * | 2019-12-13 | 2020-04-24 | 重庆擎华信息科技有限公司 | Data processing method, device and system |
| CN112052437A (en) * | 2020-08-15 | 2020-12-08 | 富先智能科技(武汉)有限公司 | Railway equipment management method and system based on two-dimensional code label and storage medium thereof |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101859323A (en) * | 2010-05-31 | 2010-10-13 | 广西大学 | Ciphertext full-text search system |
| CN102034052A (en) * | 2010-12-03 | 2011-04-27 | 北京工业大学 | Operation system architecture based on separation of permissions and implementation method thereof |
| CN102184355A (en) * | 2011-04-11 | 2011-09-14 | 浪潮电子信息产业股份有限公司 | Method for realizing separation of three powers by using kernel technology |
| CN103067463A (en) * | 2012-12-19 | 2013-04-24 | 新浪网技术(中国)有限公司 | Centralized management system and centralized management method for user root permission |
| CN103338128A (en) * | 2013-02-25 | 2013-10-02 | 中国人民解放军91655部队 | Information security management system with integrated security management and control function |
| CN103729582A (en) * | 2014-01-08 | 2014-04-16 | 浪潮(北京)电子信息产业有限公司 | Safety storage management method and system based on checks and balances |
| CN105046146A (en) * | 2015-06-30 | 2015-11-11 | 中标软件有限公司 | Resource access method of Android system |
| CN105956460A (en) * | 2016-05-12 | 2016-09-21 | 浪潮电子信息产业股份有限公司 | Authority system for information security management |
| CN106446716A (en) * | 2016-10-14 | 2017-02-22 | 郑州云海信息技术有限公司 | Cloud storage safety management device |
| CN106815503A (en) * | 2017-02-24 | 2017-06-09 | 郑州云海信息技术有限公司 | A kind of operating system method for managing user right and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140259003A1 (en) * | 2013-03-07 | 2014-09-11 | Go Daddy Operating Company, LLC | Method for trusted application deployment |
-
2019
- 2019-01-02 CN CN201910002213.0A patent/CN109711147B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101859323A (en) * | 2010-05-31 | 2010-10-13 | 广西大学 | Ciphertext full-text search system |
| CN102034052A (en) * | 2010-12-03 | 2011-04-27 | 北京工业大学 | Operation system architecture based on separation of permissions and implementation method thereof |
| CN102184355A (en) * | 2011-04-11 | 2011-09-14 | 浪潮电子信息产业股份有限公司 | Method for realizing separation of three powers by using kernel technology |
| CN103067463A (en) * | 2012-12-19 | 2013-04-24 | 新浪网技术(中国)有限公司 | Centralized management system and centralized management method for user root permission |
| CN103338128A (en) * | 2013-02-25 | 2013-10-02 | 中国人民解放军91655部队 | Information security management system with integrated security management and control function |
| CN103729582A (en) * | 2014-01-08 | 2014-04-16 | 浪潮(北京)电子信息产业有限公司 | Safety storage management method and system based on checks and balances |
| CN105046146A (en) * | 2015-06-30 | 2015-11-11 | 中标软件有限公司 | Resource access method of Android system |
| CN105956460A (en) * | 2016-05-12 | 2016-09-21 | 浪潮电子信息产业股份有限公司 | Authority system for information security management |
| CN106446716A (en) * | 2016-10-14 | 2017-02-22 | 郑州云海信息技术有限公司 | Cloud storage safety management device |
| CN106815503A (en) * | 2017-02-24 | 2017-06-09 | 郑州云海信息技术有限公司 | A kind of operating system method for managing user right and system |
Non-Patent Citations (2)
| Title |
|---|
| "信息安全模型的研究及安全系统方案设计";黄益民 等;《浙江大学学报》;20011130;第35卷(第6期);第603-607页 * |
| "基于SELinux的三权分离技术的研究";杨霞 等;《电子科技大学学报》;20161130;第45卷(第6期);第958-963页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109711147A (en) | 2019-05-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10127401B2 (en) | Redacting restricted content in files | |
| JP2013033449A (en) | Server system, control method and program | |
| CN109711147B (en) | Method, device and system for managing three rights separately of operating system and storage medium | |
| CN110930561B (en) | Control method and device of intelligent lock | |
| CN111711631A (en) | Network access control method, device, equipment and storage medium | |
| JP5141360B2 (en) | Work support device for information processing device | |
| CN105069366B (en) | A kind of Account Logon and management method and device | |
| JP4122042B1 (en) | Access authority control system | |
| CN112800399B (en) | Rights management method, system and related device of prest query platform | |
| CN108092946B (en) | Method and system for safely accessing network | |
| CN113111066A (en) | Automatic online method, device and system for database operation work order and computer equipment | |
| CN112926084A (en) | Access authority management method and system | |
| CN110990802B (en) | Method and device for carrying out batch authorization on mysql user permission information | |
| JP4191239B2 (en) | Access authority control system | |
| CN117118729A (en) | Management cloud server system | |
| CN108282477B (en) | Service data sharing method and device based on SaaS cloud platform | |
| CN116185785A (en) | Early warning method and device for file abnormal change | |
| CN114070856B (en) | Data processing method, device, system, operation and maintenance auditing equipment and storage medium | |
| JP2007004610A (en) | Complex access approval method and device | |
| CN115774581A (en) | Method and related apparatus for executing robot feet | |
| CN117938547B (en) | Data asset security control method, equipment and medium | |
| Xie et al. | Design and implement of spring security-based T-RBAC | |
| JP4005120B1 (en) | Access authority control system | |
| CN111199049A (en) | File authority management method and device | |
| CN112464286B (en) | Resource protection method and related device of cloud management platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |