CN109815735A - To the management-control method and system of different user access same asset file permission - Google Patents

To the management-control method and system of different user access same asset file permission Download PDF

Info

Publication number
CN109815735A
CN109815735A CN201910062568.9A CN201910062568A CN109815735A CN 109815735 A CN109815735 A CN 109815735A CN 201910062568 A CN201910062568 A CN 201910062568A CN 109815735 A CN109815735 A CN 109815735A
Authority
CN
China
Prior art keywords
white list
list template
user
resource
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910062568.9A
Other languages
Chinese (zh)
Inventor
程灿涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Andian Science And Technology Co Ltd
Original Assignee
Zhejiang Andian Science And Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Andian Science And Technology Co Ltd filed Critical Zhejiang Andian Science And Technology Co Ltd
Priority to CN201910062568.9A priority Critical patent/CN109815735A/en
Publication of CN109815735A publication Critical patent/CN109815735A/en
Pending legal-status Critical Current

Links

Abstract

The invention discloses the management-control methods and system of a kind of pair of different user access same asset file permission, wherein, method includes: to carry out fingerprint extraction to each resource file in computer, and each finger print information that fingerprint extraction is obtained saves, and obtains fingerprint set;Corresponding finger print information is chosen according to preset user information and corresponding resource access authority, creates white list template, and white list template is bound with corresponding user information;When user logins operating system, corresponding white list template is loaded according to the user information of user's input;The access authorization for resource of user is obtained according to white list template and loads corresponding resource;Meanwhile the load of resource file is managed according to the disabling white list template in white list template.The present invention directly can block external program to execute using white list template, effectively prevention poisoning intrusion;And the access of specific resources file can be blocked using disabling white list template, hacker's behavior can be blocked.

Description

To the management-control method and system of different user access same asset file permission
Technical field
The present invention relates to field of computer technology more particularly to a kind of pair of different user to access same asset file permission Management-control method and system.
Background technique
Computer not only can handle official business or entertain, and either several individuals of family or enterprise would generally use same meter Calculation machine does different things.And non-professional people indescribable may be unloaded software using computer, be mounted with very Software mostly useless, in some instances it may even be possible to computer be caused to be poisoned.No matter can all bring in family or to user and can not estimate in the industry The loss of amount.
Currently, general pass through the sides such as user group, user, user group permission, user right and the password of setting computer Formula carrys out the access authority of specification user, reaches different user to the different access permission of same asset.But this kind of scheme still has not Foot: this needs the system maintenance personnel of profession, and all knows quite well to various operating systems and be just able to achieve;And it can only be to calculating Machine part resource is protected, and not can effectively prevent poisoning intrusion.
Summary of the invention
Management-control method and system provided by the invention to different user access same asset file permission, main purpose It is that existing access privileges schemes is overcome to need by professional system right-safeguarding personnel, and computer part resource can only be prevented The problem of protecting, not can effectively prevent poisoning intrusion.
In order to solve the above technical problems, the present invention adopts the following technical scheme:
The management-control method of a kind of pair of different user access same asset file permission, includes the following steps;
Fingerprint extraction is carried out to each resource file in computer, obtains corresponding finger print information, and by each finger Line information is saved, and fingerprint set is obtained;
Corresponding fingerprint letter in the fingerprint set is chosen according to preset user information and corresponding resource access authority Breath creates white list template, and the white list template is bound with corresponding user information;The white list template packet Include resource disabling white list template;
When user logins operating system, the external interface of kernel is called, according to the user information load pair of user's input Answer white list template;The access authorization for resource of user is obtained according to the white list template and loads corresponding resource;Meanwhile according to white Disabling white list template in list template manages the load of resource file.
As an embodiment, described according to preset user information and the selection of corresponding resource access authority Corresponding finger print information in fingerprint set creates white list template, includes the following steps;
It is breathed out according to the file chosen in preset user information and corresponding resource access authority in corresponding finger print information Uncommon value, file name, access path and time rule, create white list template corresponding with each user.
As an embodiment, the user information according to user's input loads corresponding white list template, including Following steps;
Whether the account information that user's input is judged according to the default table of comparisons is system manager;
If account information is system manager, the baseline white list template in white list template is loaded;
If account information is not system manager, file white list template, the time white name in white list template are loaded One or more of single module and resource disabling white list template.
As an embodiment, the control side provided by the invention to different user access same asset file permission Method, it is further comprising the steps of;
After obtaining the access authorization for resource of user according to the white list template and loading corresponding resource, and according to white list Time white list template being managed using the time to resource file in template.
As an embodiment, the control side provided by the invention to different user access same asset file permission Method, it is further comprising the steps of;
In user's shutoff operation system, current resource access authority corresponding with user information is obtained, to having created White list template be managed.
Correspondingly, the present invention also provides the managing and control systems of a kind of pair of different user access same asset file permission, including Extraction module, creation module and load control module;
The extraction module obtains corresponding fingerprint for carrying out fingerprint extraction to each resource file in computer Information, and each finger print information is saved, obtain fingerprint set;
The creation module, for choosing the fingerprint collection according to preset user information and corresponding resource access authority Corresponding finger print information in conjunction creates white list template, and the white list template is bound with corresponding user information; The white list template includes resource disabling white list template;
Module is managed in the load, for the external interface of kernel being called, according to user when user logins operating system The user information of input loads corresponding white list template;The access authorization for resource of user is obtained according to the white list template and loads phase The resource answered;Meanwhile the load of resource file is managed according to the disabling white list template in white list template.
As an embodiment, the creation module is also used to;
It is breathed out according to the file chosen in preset user information and corresponding resource access authority in corresponding finger print information Uncommon value, file name, access path and time rule, create white list template corresponding with each user.
As an embodiment, the load control module includes judging unit;
The judging unit, for whether being system administration according to the account information that the table of comparisons judges that user inputs is preset Member;
If account information is system manager, the baseline white list template in white list template is loaded;
If account information is not system manager, file white list template, the time white name in white list template are loaded One or more of single module and resource disabling white list template.
As an embodiment, the load control module includes time management and control module;
The time management and control module, for obtaining the access authorization for resource of user according to the white list template and loading corresponding Resource after, and resource file is managed using the time according to time white list template in white list template.
As an embodiment, the control system provided by the invention to different user access same asset file permission System, further includes management module;
The management module is visited in user's shutoff operation system, obtaining currently resource corresponding with user information It asks permission, the white list template created is managed.
Compared with prior art, the technical program has the advantage that
Management-control method and system provided by the invention to different user access same asset file permission, according to preset User information and corresponding resource access authority choose corresponding finger print information in fingerprint set and create white list template, can be right Each resource file covered protection of computer;When user logins operating system, corresponding white list template is loaded;According to white name Single mode plate obtains the access authorization for resource of user and loads corresponding resource;Directly using white list template can block it is external i.e. not Program in white list template executes, effectively prevention poisoning intrusion, is not rely on the professional knowledge of user;And utilize disabling White list template can block the access of specific resources file, can block hacker's behavior.
Detailed description of the invention
Fig. 1 is the stream for the management-control method for accessing different user same asset file permission that the embodiment of the present invention one provides Journey schematic diagram;
Fig. 2 is the original of the management-control method provided by Embodiment 2 of the present invention for accessing different user same asset file permission Manage schematic diagram;
Fig. 3 is the knot of the managing and control system provided by Embodiment 2 of the present invention for accessing different user same asset file permission Structure schematic diagram.
In figure: 100, extraction module;200, creation module;300, load control module;310, judging unit;400, it manages Module.
Specific embodiment
Below in conjunction with attached drawing, the technical characteristic and advantage above-mentioned and other to the present invention are clearly and completely described, Obviously, described embodiment is only section Example of the invention, rather than whole embodiments.
Please refer to Fig. 1 and Fig. 2, the pipe to different user access same asset file permission that the embodiment of the present invention one provides Prosecutor method, includes the following steps;
S100, fingerprint extraction is carried out to each resource file in computer, obtains corresponding finger print information, and by each finger Line information is saved, and fingerprint set is obtained;
S200, corresponding fingerprint letter in fingerprint set is chosen according to preset user information and corresponding resource access authority Breath creates white list template, and white list template is bound with corresponding user information;White list template includes that resource is prohibited With white list template;
S300, when user logins operating system, call the external interface of kernel, according to user input user information add Carry corresponding white list template;The access authorization for resource of user is obtained according to white list template and loads corresponding resource;Meanwhile according to white Disabling white list template in list template manages the load of resource file.
It should be noted that each resource file in computer requires to carry out fingerprint extraction, so as to cover Some resource files;The step of fingerprint extraction, can be, and be calculated using hash algorithm the file content in resource file Obtained file cryptographic Hash, and save corresponding file name, access path and preset corresponding time rule to the same finger In line information, i.e., finger print information includes file cryptographic Hash, file name, access path and time rule;So that creation is white List template is able to access that and manages corresponding resource file.That is, according to preset user information and corresponding resource File cryptographic Hash, file name, access path and the time rule in corresponding finger print information are chosen in access authority, are created White list template corresponding with each user.For in select file cryptographic Hash, file name, access path and time rule One kind or multiclass, different white list templates can be created.Time rule can be established procedure runing time and runtime Limit.Fingerprint set is the set of the finger print information in computer equipped with resource file.The white list template of creation can store In kernel.
User information includes the related datas such as the account for being not limited to user, password and identity information.One user can be with Possess multiple accounts, and each account is different to the access authority of same asset file.Certainly, different user is to same asset The access authority of file can also be different, this is determined by pre-set resource access authority.Preset each account Resource access authority, so that user can only access the resource file in corresponding white list template after through account import system; With the control to different user access same asset file permission, the external program i.e. not in white list template is blocked to hold Row, effectively prevention poisoning intrusion.
When user logins operating system, the external interface of kernel can be called according to subscriber policy;Subscriber policy is equal to White list template and user bind.That is those " white list templates " can be used in a user.In each user's accessing system Afterwards, corresponding white list template can be loaded;And the access authorization for resource of user is obtained according to white list template and loads corresponding resource, It allows users to access corresponding resource.In user's shutoff operation system, currently resource corresponding with user information is obtained Access authority is managed the white list template created;So that white list template is newest every time after accessing system , it is easy to use, and improve using safe.
Management-control method provided by the invention to different user access same asset file permission, believes according to preset user Breath and corresponding resource access authority choose corresponding finger print information in fingerprint set and create white list template, can be to computer Each resource file covered protection;When user logins operating system, corresponding white list template is loaded;According to white list template It obtains the access authorization for resource of user and loads corresponding resource;It can directly be blocked using white list template external i.e. not in white name Program in single mode plate executes, effectively prevention poisoning intrusion, is not rely on the professional knowledge of user;And utilize disabling white list Template can block the access of specific resources file, can block hacker's behavior.
Below first in white list template baseline white list template, file white list template, time white list module with And the content of resource disabling white list template is illustrated:
Baseline white list template is to carry out scan full hard disk to computer, then carries out fingerprint extraction to resource file, according to One format is saved.I.e. baseline white list template covers all resource files.Its content is file cryptographic Hash, filename Title and access path;All resource files can be accessed.File white list template edits baseline white list template, removes Unwanted finger print information, fingerprint set after editor.Belong to the subset of baseline white list template;Its content is file Hash Value, file name and access path;The resource file having permission can be accessed.Time white list template is to provide certain program fortune The capable time and running life.Its content is file cryptographic Hash, file name, access path and time rule;Manage program Runing time and running life.Resource disabling white list template is to provide that certain resources cannot be accessed.Its content is file Kazakhstan Uncommon value and access path;Specify certain resources that cannot be accessed.It can be visited according to above-mentioned white list template with rational delegation of power user Ask the permission of resource file;The runing time and running life of certain programs can be limited;Virus, wooden horse can be prevented to destroy electricity Brain information;The behavior of hacker can be blocked.Resource disables white list template and time white list template can be on other computers It can be multiplexed.
Further, corresponding white list template is loaded according to the user information of user's input, included the following steps;
Whether the account information that user's input is judged according to the default table of comparisons is system manager;
If account information is system manager, the baseline white list template in white list template is loaded;
If account information is not system manager, file white list template, the time white name in white list template are loaded One or more of single module and resource disabling white list template.
Only system manager could access to all resource files, and general user, it can be accessed into Row limitation is with safeguards system operational safety.For not being system manager, the white name of file in load white list template can be Single mode plate and time white list module;It is also possible to load file white list template and resource disabling white list in white list template Template;File white list template, time white list module and the resource disabling white list in white list template can also be loaded Template.Type for load is also pre-set by the permission of user.It, can be to user into one in other embodiments The refinement of step, the number amount and type of more accurate control user access resources file.For example, for system manager, it can also To be load baseline white list template and time white list module.
Further, it is provided by the invention to different user access same asset file permission management-control method, further include Following steps;After obtaining the access authorization for resource of user according to white list template and loading corresponding resource, and according to white list mould Time white list template being managed using the time to resource file in plate.When limiting access of the user to resource file Between.
Based on the same inventive concept, the embodiment of the present invention also provides a kind of pair of different user access same asset file permission Managing and control system, the implementation of the system can refer to the above method process realize, repeat place it is no longer redundant later.
As shown in figure 3, being the control provided by Embodiment 2 of the present invention to different user access same asset file permission The structural schematic diagram of system, including extraction module 100, creation module 200 and load control module 300;Extraction module 100 is used In carrying out fingerprint extraction to each resource file in computer, corresponding finger print information is obtained, and each finger print information is carried out It saves, obtains fingerprint set;Creation module 200 is used to be referred to according to preset user information and the selection of corresponding resource access authority Corresponding finger print information in line set creates white list template, and white list template is bound with corresponding user information; White list template includes resource disabling white list template;Load control module 300 is used for when user logins operating system, is called The external interface of kernel loads corresponding white list template according to the user information of user's input;It is obtained and is used according to white list template The access authorization for resource at family simultaneously loads corresponding resource;Meanwhile according to the disabling white list template in white list template to resource file Load managed.
The present invention directly can block the external program i.e. not in white list template to hold using white list template Row, effectively prevention poisoning intrusion, are not rely on the professional knowledge of user;And it can be blocked using disabling white list template specific The access of resource file can block hacker's behavior.
Further, creation module 200 is also used to;It is selected according in preset user information and corresponding resource access authority Take file cryptographic Hash, file name, access path and the time rule in corresponding finger print information, creation and each user couple The white list template answered.
Further, load control module 300 includes judging unit 310;Judging unit 310, for according to default control Table judges whether the account information of user's input is system manager;
If account information is system manager, the baseline white list template in white list template is loaded;
If account information is not system manager, file white list template, the time white name in white list template are loaded One or more of single module and resource disabling white list template.
Further, load control module 300 includes time management and control module;Time management and control module is used for according to white list After template obtains the access authorization for resource of user and loads corresponding resource, and according to the time white list template pair in white list template Resource file is managed using the time.
Further, it is provided by the invention to different user access same asset file permission managing and control system, further include Management module 400;Management module 400 is used in user's shutoff operation system, obtains currently resource corresponding with user information Access authority is managed the white list template created.
Although the invention has been described by way of example and in terms of the preferred embodiments, but it is not for limiting the present invention, any this field Technical staff without departing from the spirit and scope of the present invention, may be by the methods and technical content of the disclosure above to this hair Bright technical solution makes possible variation and modification, therefore, anything that does not depart from the technical scheme of the invention, and according to the present invention Technical spirit any simple modifications, equivalents, and modifications to the above embodiments, belong to technical solution of the present invention Protection scope.

Claims (10)

1. the management-control method of a kind of pair of different user access same asset file permission, which is characterized in that include the following steps;
Fingerprint extraction is carried out to each resource file in computer, obtains corresponding finger print information, and each fingerprint is believed Breath is saved, and fingerprint set is obtained;
Corresponding finger print information in the fingerprint set, wound are chosen according to preset user information and corresponding resource access authority White list template is built, and the white list template is bound with corresponding user information;The white list template includes money Source disables white list template;
When user logins operating system, the external interface of kernel is called, it is white according to the user information load correspondence of user's input List template;The access authorization for resource of user is obtained according to the white list template and loads corresponding resource;Meanwhile according to white list Disabling white list template in template manages the load of resource file.
2. as described in claim 1 to the management-control method of different user access same asset file permission, which is characterized in that institute It states and corresponding finger print information in the fingerprint set, creation is chosen according to preset user information and corresponding resource access authority White list template, includes the following steps;
According to the file cryptographic Hash chosen in preset user information and corresponding resource access authority in corresponding finger print information, File name, access path and time rule create white list template corresponding with each user.
3. as described in claim 1 to the management-control method of different user access same asset file permission, which is characterized in that institute It states and corresponding white list template is loaded according to the user information of user's input, include the following steps;
Whether the account information that user's input is judged according to the default table of comparisons is system manager;
If account information is system manager, the baseline white list template in white list template is loaded;
If account information is not system manager, file white list template in white list template, time white list mould are loaded One or more of block and resource disabling white list template.
4. as described in claim 1 to the management-control method of different user access same asset file permission, which is characterized in that also Include the following steps;
After obtaining the access authorization for resource of user according to the white list template and loading corresponding resource, and according to white list template In time white list template resource file is managed using the time.
5. as described in claim 1 to the management-control method of different user access same asset file permission, which is characterized in that also Include the following steps;
In user's shutoff operation system, currently resource access authority corresponding with user information is obtained, it is white to what is created List template is managed.
6. the managing and control system of a kind of pair of different user access same asset file permission, which is characterized in that including extraction module, wound Model block and load control module;
The extraction module, for obtaining corresponding finger print information to each resource file progress fingerprint extraction in computer, And save each finger print information, obtain fingerprint set;
The creation module, for being chosen in the fingerprint set according to preset user information and corresponding resource access authority Corresponding finger print information creates white list template, and the white list template is bound with corresponding user information;It is described White list template includes resource disabling white list template;
Module is managed in the load, for calling the external interface of kernel, being inputted according to user when user logins operating system User information load corresponding white list template;The access authorization for resource of user is obtained according to the white list template and is loaded corresponding Resource;Meanwhile the load of resource file is managed according to the disabling white list template in white list template.
7. as claimed in claim 6 to the managing and control system of different user access same asset file permission, which is characterized in that institute Creation module is stated to be also used to;
According to the file cryptographic Hash chosen in preset user information and corresponding resource access authority in corresponding finger print information, File name, access path and time rule create white list template corresponding with each user.
8. as claimed in claim 6 to the managing and control system of different user access same asset file permission, which is characterized in that institute Stating load control module includes judging unit;
The judging unit, for whether being system manager according to the account information that the table of comparisons judges that user inputs is preset;
If account information is system manager, the baseline white list template in white list template is loaded;
If account information is not system manager, file white list template in white list template, time white list mould are loaded One or more of block and resource disabling white list template.
9. as claimed in claim 6 to the managing and control system of different user access same asset file permission, which is characterized in that institute Stating load control module includes time management and control module;
The time management and control module, for obtaining the access authorization for resource of user according to the white list template and loading corresponding money Behind source, and being managed using the time to resource file according to the time white list template in white list template.
10. as claimed in claim 6 to the managing and control system of different user access same asset file permission, which is characterized in that It further include management module;
The management module, for obtaining currently resource access right corresponding with user information in user's shutoff operation system Limit, is managed the white list template created.
CN201910062568.9A 2019-01-23 2019-01-23 To the management-control method and system of different user access same asset file permission Pending CN109815735A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910062568.9A CN109815735A (en) 2019-01-23 2019-01-23 To the management-control method and system of different user access same asset file permission

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910062568.9A CN109815735A (en) 2019-01-23 2019-01-23 To the management-control method and system of different user access same asset file permission

Publications (1)

Publication Number Publication Date
CN109815735A true CN109815735A (en) 2019-05-28

Family

ID=66604905

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910062568.9A Pending CN109815735A (en) 2019-01-23 2019-01-23 To the management-control method and system of different user access same asset file permission

Country Status (1)

Country Link
CN (1) CN109815735A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102332070A (en) * 2011-09-30 2012-01-25 中国人民解放军海军计算技术研究所 Trust chain transfer method for trusted computing platform
CN106878325A (en) * 2017-03-20 2017-06-20 北京润科通用技术有限公司 A kind of method and device for determining access privilege
CN106897629A (en) * 2015-12-21 2017-06-27 北京奇虎科技有限公司 The control method and terminal of terminal applies
CN107038369A (en) * 2017-03-21 2017-08-11 深圳市金立通信设备有限公司 The method and terminal of a kind of resources accessing control
CN107196929A (en) * 2017-05-11 2017-09-22 国网山东省电力公司信息通信公司 Suitable for the intelligent protecting method and its system under high frequency time network-combination yarn environment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102332070A (en) * 2011-09-30 2012-01-25 中国人民解放军海军计算技术研究所 Trust chain transfer method for trusted computing platform
CN106897629A (en) * 2015-12-21 2017-06-27 北京奇虎科技有限公司 The control method and terminal of terminal applies
CN106878325A (en) * 2017-03-20 2017-06-20 北京润科通用技术有限公司 A kind of method and device for determining access privilege
CN107038369A (en) * 2017-03-21 2017-08-11 深圳市金立通信设备有限公司 The method and terminal of a kind of resources accessing control
CN107196929A (en) * 2017-05-11 2017-09-22 国网山东省电力公司信息通信公司 Suitable for the intelligent protecting method and its system under high frequency time network-combination yarn environment

Similar Documents

Publication Publication Date Title
US10868673B2 (en) Network access control based on distributed ledger
US5347578A (en) Computer system security
US8127133B2 (en) Labeling of data objects to apply and enforce policies
US6158010A (en) System and method for maintaining security in a distributed computer network
JP2012138078A (en) Method, system, and computer program for enabling granular discretionary access control for data stored in cloud computing environment
JPH06103058A (en) Data structure for program authorization information
Bleikertz et al. Secure cloud maintenance: protecting workloads against insider attacks
US10419488B2 (en) Delegating security policy management authority to managed accounts
US20080134320A1 (en) Method for automatic role activation
US20160087989A1 (en) Assignment of Security Contexts to Define Access Permissions for File System Objects
CN109831420A (en) The determination method and device of kernel process permission
Irwin et al. Enforcing security properties in task-based systems
Jaeger et al. Managing access control policies using access control spaces
CN109815735A (en) To the management-control method and system of different user access same asset file permission
US11151274B2 (en) Enhanced computer objects security
JP2002304231A (en) Computer system
Blanc et al. Mandatory access control with a multi-level reference monitor: PIGA-cluster
Xie et al. Design and implement of spring security-based T-RBAC
US20080301781A1 (en) Method, system and computer program for managing multiple role userid
CN109726187B (en) Hadoop-oriented adaptive permission control method and device
US20200195651A1 (en) Account lifecycle management
US20200174976A1 (en) Applying append-only policies for files
Yuan et al. How to block the malicious access to android external storage
US20130046720A1 (en) Domain based user mapping of objects
CN112149110A (en) System operation request response method, system and related device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination