CN110443025A - Method and device, household appliance for handover operation permission - Google Patents
Method and device, household appliance for handover operation permission Download PDFInfo
- Publication number
- CN110443025A CN110443025A CN201910667603.XA CN201910667603A CN110443025A CN 110443025 A CN110443025 A CN 110443025A CN 201910667603 A CN201910667603 A CN 201910667603A CN 110443025 A CN110443025 A CN 110443025A
- Authority
- CN
- China
- Prior art keywords
- uid
- operating right
- permission
- operation permission
- handover operation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
Abstract
This application involves a kind of methods for handover operation permission, comprising: classifies to the operating right of system, is the corresponding User Identity UID of every generic operation authority configuration;When needing the operating right to user to switch over, UID corresponding to object run permission is obtained;Using UID corresponding to object run permission as system call parameter, the system for handover operation permission is called to call;Judge whether UID is the corresponding UID of sorted operating right;If so, current operation permission is switched to the corresponding operating right of UID.Even if violated system has cracked UID corresponding to sorted operating right, and realizes and propose power, power also can only be once proposed to one type operating right, can not disposably propose all operationss permission of power to system, so that reducing violated system proposes caused damage after power.The application further relates to a kind of device and household appliance for handover operation permission.
Description
Technical field
This application involves operating right administrative skill fields, such as are related to a kind of method and dress for handover operation permission
It sets, household appliance.
Background technique
With popularizing for smart machine, more and more equipment develop towards intelligent, automation direction, to promote
The development of technology of Internet of things, the subtle life for changing the mankind.In internet of things equipment, the user of operation control program
No longer it is often that system highest weight limits the use of family, but is executed with ordinary user, program invasion is reduced to internet of things equipment with this
Operating system and internet of things equipment itself damage.
During realizing the embodiment of the present disclosure, at least there are the following problems in the related technology for discovery:
Often bottom uses the bases of the embedded OSs as intelligence system such as Linux to Internet of Things intelligent appliance at present
Plinth, but there are super keepes as root in linux system, systematic all operationss permission are gathered around, even if home wiring control
Program is run in intelligence system with ordinary user, it is also possible to be invaded by violated system, and by proposing power to root after invasion
Permission makes whole system be in the state fully controlled by violated system, very harmful.
Summary of the invention
In order to which some aspects of the embodiment to disclosure have basic understanding, simple summary is shown below.It is described general
Including is not extensive overview, nor to determine key/critical component or describe the protection scope of these embodiments, but is made
For the preamble of following detailed description.
The embodiment of the present disclosure provides a kind of method and device for handover operation permission, household appliance, to solve to work as
When basis using Linux embedded OS as intelligence system, operation control program may be invaded by violated system, and
By proposing power to root authority after invasion, it is in whole system i.e. and is asked by the technology for the state that violated system fully controls
Topic.
In some embodiments, the method for handover operation permission includes:
Classify to the operating right of system, is the corresponding User Identity UID of every generic operation authority configuration;
When needing the operating right to user to switch over, UID corresponding to object run permission is obtained;
Using UID corresponding to object run permission as system call parameter, the system for being used for handover operation permission is called
It calls;
Judge whether UID is the corresponding UID of sorted operating right;If so, current operation permission is switched to UID
Corresponding operating right.
In some embodiments, the device for handover operation permission includes processor and the storage for being stored with program instruction
Device, processor are configured as when executing program instructions, and execute the method for being previously described for handover operation permission.
In some embodiments, household appliance includes the device for being previously used for handover operation permission.
Following skill may be implemented in method and device, the household appliance for handover operation permission that the embodiment of the present disclosure provides
Art effect:
Before handover operation permission, classify to the operating right of system, and corresponding for every generic operation authority configuration
User Identity UID, with the UID calling system calling, current operation permission can be switched to one type operating rights
Limit, so that the operating right of system is distributed to multiple administrators, reaches and weighs discrete state more.In handover operation permission
When, even if violated system has cracked UID corresponding to sorted operating right, and cracked by operation program invasion with this
UID calling system calls realization to propose power, also can only once propose power to one type operating right, can not disposably propose power to system
All operationss permission, thus reduce violated system mention power after caused by damage.
Above general description and it is discussed below be only it is exemplary and explanatory, be not used in limitation the application.
Detailed description of the invention
One or more embodiments are illustrated by corresponding attached drawing, these exemplary illustrations and attached drawing
The restriction to embodiment is not constituted, the element with same reference numbers label is shown as similar element in attached drawing, and attached drawing is not
Composition limitation, and wherein:
Fig. 1 schematically illustrates the flow chart of the method for handover operation permission;
Fig. 2 schematically illustrates the segmentation schematic diagram of the operating right of system;
Fig. 3 is schematically illustrated when the UID for calling setuid system to call is legal, for handover operation permission
The operational flowchart of kernel and home wiring control program in method;
Fig. 4 is schematically illustrated when the UID for calling setuid system to call is illegal, is used for handover operation permission
Method in kernel and home wiring control program operational flowchart;
Fig. 5 is the structural schematic diagram for the device for handover operation permission that the embodiment of the present disclosure provides.
Appended drawing reference:
100: processor;101: memory;102: communication interface;103: bus.
Specific embodiment
The characteristics of in order to more fully hereinafter understand the embodiment of the present disclosure and technology contents, with reference to the accompanying drawing to this public affairs
The realization for opening embodiment is described in detail, appended attached drawing purposes of discussion only for reference, is not used to limit the embodiment of the present disclosure.
In technical description below, for convenience of explanation for the sake of, disclosed embodiment is fully understood with providing by multiple details.
However, one or more embodiments still can be implemented in the case where without these details.It in other cases, is simplification
Attached drawing, well known construction and device can simplify displaying.
The embodiment of the present disclosure provides a kind of method for handover operation permission, as shown in Figure 1, this method comprises:
Step S11: classifying to the operating right of system, is the corresponding User Identity of every generic operation authority configuration
UID;
Step S12: when needing the operating right to user to switch over, UID corresponding to object run permission is obtained;
Step S13: using UID as system call parameter, the system for handover operation permission is called to call;
Step S14: judge whether UID is the corresponding UID of sorted operating right;If so, by current operation permission
It is switched to the corresponding operating right of UID.
Handover operation permission is called by setuid system to realize on the bottom of class unix system.Wherein, it is
It is one group of subprogram for realizing various system functions being arranged in linux kernel that system, which calls, and user can pass through system tune
Them are called in the application program of oneself with order.Setuid is the system calling for handover operation permission.Work as calling
When setuid, current operation permission is switched to the corresponding operating right of system call parameter by setuid.
Before handover operation permission, classify to the operating right of system, and corresponding for every generic operation authority configuration
User Identity UID, with the UID calling system calling, current operation permission can be switched to one type operating rights
Limit, so that the operating right of system is distributed to multiple administrators, reaches and weighs discrete state more.In handover operation permission
When, whether the UID for judging that calling system calls is the corresponding UID of sorted operating right;If so, by current operation permission
It is switched to the corresponding operating right of UID, that is, is only switched into sorted operating right.Different classes of operating right needs not
Same UID is as system call parameter, therefore, increases the difficulty that violated system invasion proposes power.Even if violated system cracks
UID corresponding to sorted operating right, and call realization to mention by the UID calling system that operation program invasion is cracked with this
Power also can only once propose power to one type operating right, all operationss permission of power to system can not disposably be proposed, to drop
Low violated system mention power after caused by damage.
In some embodiments, classify to the operating right of system, comprising: determine and operate corresponding management attribute;
According to different management attributes, different classes of operating right is set.By the operation setting same class with identical management attribute
Other operating right, after one type operating right proposes power by violated system, on the one hand, the damage of system can be limited in this
Within the scope of class management attribute, it on the other hand, can be managed for all operations of same management attribute, timely, collection can be made
In, targeted remedial measure, the case where invasion compared to multi-class operating right, system is remedied more efficient.
In some embodiments, as shown in Fig. 2, according to different management attributes, different classes of operating right is set, is wrapped
It includes: setting configuration management permission (Configuration Management Officer) 221 corresponding with configuration management (network configuration, functional configuration etc.), setting
System administration permission (system manager) 222 corresponding with system administration (system reboot etc.).Optionally, network also can be set
Configuration management permission, functional configuration administration authority, system administration permission.
In some embodiments, classify to the operating right of system, comprising: in all operationss permission of selecting system
Part operation permission;Classify to part operation permission.
As shown in Fig. 2, by the selected part operating right 22 from all operationss permission 21 of system, part operation power
Limit 22 constitutes a proper subclass in all operationss permission 21, then classifies to the part operation permission 22, is every generic operation
The corresponding UID of authority configuration.In handover operation permission, whether the UID for judging that calling system calls is part operation permission 22
The corresponding UID of operating right after categorized;If so, current operation permission is switched to the corresponding operating right of UID.Cause
This, when violated system by operation program invasion after mention weigh operating right corresponding to one type UID when, can carry out into
One step destruction is strictly limited in a certain generic operation extent of competence in the part operation permission 22, to the danger of system
Evil very little can be ignored.When mentioning operating right of the power to all categories after violated system is by operation program invasion,
The further destruction that can be carried out is strictly limited in 22 range of part operation permission, is substantially reduced violated system and is entered
Invade rear caused damage.
In some embodiments, the method for handover operation permission further include: if the UID that calling system calls is not point
The corresponding UID of operating right after class, then refuse handover operation permission.Retrievable operating right is strictly limited wherein one
In generic operation extent of competence, even if violated system has cracked UID corresponding to sorted operating right, and pass through operation program
Invading the UID calling system cracked with this calls realization to propose power, also can only once propose power to one type operating right, Wu Fayi
Secondary property mention power to system all operationss permission, thus reduce violated system mention power after caused by damage.
In some embodiments, classify to the operating right of system, further includes: for the configuration pair of part operation permission 22
The UID answered;Call for handover operation permission system call after, further includes: judge calling system calling UID whether be
The corresponding UID of part operation permission;If so, refusal handover operation permission.Under normal circumstances, system does not allow to propose power to part
Operating right 22;As the UID that calling system calls UID corresponding for part operation permission, system, which thinks to belong to, illegally proposes power
Operation, and refuse handover operation permission, it weighs to avoid being mentioned by violated system invasion to the part operation permission 22, and then to system
It causes damages, ensures safety when intelligent appliance operation.
In some embodiments, classify to the operating right of system, further includes: match for all operationss permission of system
Set corresponding UID;After calling the system for handover operation permission to call, further includes: judge that the UID of calling system calling is
The no corresponding UID of all operationss permission for system;If so, refusal handover operation permission.Under normal circumstances, system does not allow
Power is proposed to all operationss permission 21;When the UID that calling system calls is 21 corresponding UID of all operationss permission, system thinks
Belong to and illegally propose power operation, and refuse handover operation permission, is grasped to avoid the whole for proposing power to system after being invaded by violated system
Make permission, and then cause damages to system, ensures safety when intelligent appliance operation.Optionally, all operationss permission of system
Corresponding UID is 0 namely system is called and only completes the permission switching that non-zero UID is called, and refusal switches to all operationss of system
Permission, it is ensured that the safety of appliance system.
In some embodiments, the method for handover operation permission further include: if the UID that calling system calls is not point
The corresponding UID of operating right after class, then alarm.Optionally, in the conspicuous position setting invasion warning light of household appliance
And early warning is flashed, prompt user to seek producer's help, so that generation control program or intelligence system be avoided to be attacked showing for the power of mentioning
As.
In some embodiments, the part operation permission 22 chosen from all operationss permission 21 is the function of household appliance
It is able to operate normally required operating right with control program, which weighs far less than all operationss of system
Limit 21, such as the part operation permission 22 are the least privilege that administrator completes that daily maintenance needs, to control journey in operation
Limited during sequence it is non-daily or control program completely without permission switching, prevent the non-genealogy of law from source
System proposes the generation of the phenomenon that power to higher-rights.
In some embodiments, using UID as system call parameter, the system for handover operation permission is called to call,
Include: encryption UID, using encrypted UID as system call parameter, the system for handover operation permission is called to call.
In handover operation permission, system call parameter is the encrypted place User Identity UID of object run permission
Value after reason, even if violated system has cracked the UID of object run permission, if can not correctly be encrypted to the UID, still
Can not calling system call, increase violated system and realize and propose the difficulty of power, so that reducing violated system proposes power to administrator,
Possess the risk of operating system highest permission.
In some embodiments, judge whether UID is the corresponding UID of sorted operating right, if so, will currently grasp
The corresponding operating right of UID is switched to as permission, comprising: encrypted UID is decrypted;Whether the UID after judging decryption
For the corresponding UID of sorted operating right;If so, current operation permission is switched to the corresponding operation of UID after decryption
Permission.System calling has the function of decrypting UID, so that can normally realize behaviour after calling by encrypted UID calling system
Make the switching of permission.
In some embodiments, the method for handover operation permission further include: executed with the corresponding operating right of UID
After operation, operating right is switched to the operating right of ordinary user from the corresponding operating right of UID, violated system is avoided to pass through
The operating right is directly obtained after operation invasion.
In some embodiments, when user triggers specific operation program, determine need to the operating right of user into
Row switching;Object run permission is operating right needed for executing the operation program.
Trigger the mode of handover operation permission first is that the specific operation program of triggering, the execution of the operation program need by
Current operation permission is switched to the corresponding object run permission of the operation program.When the operation program is triggered, system is automatic
Identification needs for current operation permission to be switched to the corresponding object run permission of the operation program.
In some embodiments, UID is encrypted, comprising: obtain encryption parameter relevant to operation program;Joined according to encryption
Number, generates the initial vector of Encryption Algorithm;Using Encryption Algorithm and initial vector, UID is encrypted.
Encryption parameter is related to operation program, and object run permission is operating right corresponding to the operation program, can
Increase after violated system cracks UID and call the difficulty for realizing the power that proposes by calling system, thus after reducing violated system invasion
Power is further proposed to administrator, possesses the risk of operating system highest permission.
In some embodiments, encryption parameter relevant to operation program is obtained, comprising: calculate the Hash meter of operation program
Calculation value;Obtain the triggered time of triggering operation program.
When one timing of operation program, the Hash calculation value of the operation program is fixed, if with Hash calculation value generation
The initial vector of Encryption Algorithm, then be not sufficiently random.The system time for triggering the operation program is introduced, produces one more at random
Encryption Algorithm initial vector, violated system can be increased and crack the difficulty called after UID by calling system and realize the power that proposes, thus
Power is further proposed to administrator after reducing violated system invasion, possesses the risk of operating system highest permission.
In some embodiments, encrypted UID is decrypted, comprising: obtain encryption parameter;According to encryption parameter,
Generate the initial vector of Encryption Algorithm;Using initial vector and decipherment algorithm corresponding with the Encryption Algorithm, to encrypted
UID is decrypted.
Decrypting process is the inverse process of ciphering process.Using the encryption parameter used in ciphering process, identical add is generated
The identical initial vector of close algorithm is calculated using encrypted UID, identical initial vector, decryption corresponding with identical Encryption Algorithm
Method can find out UID before encrypting, that is, the UID after decrypting.
In some embodiments, encryption parameter is obtained, comprising: calculate the Hash calculation for the operation program that calling system calls
Value;Obtain present system time;Wherein, present system time is identical as the triggered time.Calling system call operation program with
The above-mentioned operation program for needing object run permission be it is identical, therefore, the Hash calculation value being calculated is identical;It calls
The time that system is called is very fast, it is possible to the time be put into a minute rank, can guarantee the current system that kernel obtains completely
The system time of system time and triggering operation program is identical;By identical Hash calculation value and identical time, can obtain
Identical initial vector is obtained encrypted UID is decrypted to carry out the inverse process of Encryption Algorithm.
Fig. 3 shows the intelligence system of the method applied to household appliances for handover operation permission, and calls
When the UID that setuid system is called is legal, the operational flowchart of home wiring control program and kernel.As shown, this method packet
It includes:
Step S31: home wiring control program executes routine operation;
Step S32: user triggers administrator A operation, i.e. administrator A operation is triggered;
Step S33: home wiring control program encryption administrator A corresponding UID;
Step S34: home wiring control program calls setuid with encrypted UID, calling system;
Step S35: the interior encrypted UID of verification is decrypted;
Step S36: kernel judges whether the UID after decryption is legal, such as, if it is that sorted operating right is corresponding
UID;
Step S37: the UID after kernel judgement decryption is legal, then kernel side home wiring control program is switched to administrator A power
Limit;
Step S38: home wiring control program executes administrator A with administrator's A permission and operates;
Step S39: administrator A operation terminates, and home wiring control program application switches back into common permission;
Step S310: kernel identification drop power operation;
Step S311: kernel side home wiring control program is switched to normal user permission, to execute routine operation.
Fig. 4 shows the intelligence system of the method applied to household appliances for handover operation permission, and calls
When the UID that setuid system is called is illegal, the operational flowchart of home wiring control program and kernel.As shown, this method
Include:
Step S41: home wiring control program executes routine operation;
Step S42: user triggers administrator A operation, i.e. administrator A operation is triggered;
Step S43: home wiring control program encryption administrator A corresponding UID;
Step S44: home wiring control program calls setuid with encrypted UID, calling system;
Step S45: the interior encrypted UID of verification is decrypted;
Step S46: kernel judges whether the UID after decryption is legal, such as, if it is that sorted operating right is corresponding
UID;
Step S47: the UID after kernel judgement decryption is illegal, then refuses handover operation permission;
Step S48: home wiring control program executes intrusion alarm operation, such as control intrusion alarm lamp flashing.
The embodiment of the present disclosure provides a kind of device for handover operation permission, and structure is as shown in Figure 5, comprising:
Processor (processor) 100 and memory (memory) 101 can also include communication interface
(Communication Interface) 102 and bus 103.Wherein, processor 100, communication interface 102, memory 101 can
To complete mutual communication by bus 103.Communication interface 102 can be used for information transmission.Processor 100 can be called and be deposited
Logical order in reservoir 101, to execute the method for being previously used for handover operation permission.
Before handover operation permission, classify to the operating right of system, and corresponding for every generic operation authority configuration
User Identity UID, with the UID calling system calling, current operation permission can be switched to one type operating rights
Limit, so that the operating right of system is distributed to multiple administrators, reaches and weighs discrete state more.In handover operation permission
When, whether the UID for judging that calling system calls is the corresponding UID of sorted operating right;If so, by current operation permission
It is switched to the corresponding operating right of UID, that is, is only switched into sorted operating right.Different classes of operating right needs not
Same UID is as system call parameter, therefore, increases the difficulty that violated system invasion proposes power.Even if violated system cracks
UID corresponding to sorted operating right, and call realization to mention by the UID calling system that operation program invasion is cracked with this
Power also can only once propose power to one type operating right, all operationss permission of power to system can not disposably be proposed, to drop
Low violated system mention power after caused by damage.
In addition, the logical order in above-mentioned memory 101 can be realized by way of SFU software functional unit and conduct
Independent product when selling or using, can store in a computer readable storage medium.
Memory 101 is used as a kind of computer readable storage medium, can be used for storing software program, journey can be performed in computer
Sequence, such as the corresponding program instruction/module of the method in the embodiment of the present disclosure.Processor 100 is stored in memory 101 by operation
In program instruction/module realize the side for being previously used for handover operation permission thereby executing functional application and data processing
Method.
Memory 101 may include storing program area and storage data area, wherein storing program area can storage program area,
Application program needed at least one function;Storage data area, which can be stored, uses created data etc. according to terminal device.
In addition, memory 101 may include high-speed random access memory, it can also include nonvolatile memory.
The embodiment of the present disclosure provides a kind of household appliance, the device including being previously used for handover operation permission.
Before handover operation permission, classify to the operating right of system, and corresponding for every generic operation authority configuration
User Identity UID, with the UID calling system calling, current operation permission can be switched to one type operating rights
Limit, so that the operating right of system is distributed to multiple administrators, reaches and weighs discrete state more.In handover operation permission
When, whether the UID for judging that calling system calls is the corresponding UID of sorted operating right;If so, by current operation permission
It is switched to the corresponding operating right of UID, that is, is only switched into sorted operating right.Different classes of operating right needs not
Same UID is as system call parameter, therefore, increases the difficulty that violated system invasion proposes power.Even if violated system cracks
UID corresponding to sorted operating right, and call realization to mention by the UID calling system that operation program invasion is cracked with this
Power also can only once propose power to one type operating right, all operationss permission of power to system can not disposably be proposed, to drop
Low violated system mention power after caused by damage.
Internet of Things household electrical appliances have become a trend of household electrical appliances development now, show intelligent appliance instrumentation, intelligence at this stage
The major way of energyization is exactly to receive network-control request by the control program of household electrical appliances intelligence system, is executed on household electrical appliances later
Specific control, but intelligence system often has system manager, and there are administrator rights that excessively high, administrator right excessively collects
In, administrator right not rationally according to home wiring control management classification the problems such as, this greatly reduces the difficulty of malicious intrusions, increase
Risk after being invaded, the embodiment of the present disclosure provide for switching the method and device of permission, household appliance can pass through
Permission proper subclass, weigh more it is discrete, to realize these different means of system call parameter of permission switching evade invaded and
The harm being subject to after being invaded is reduced, the safety of internet of things home appliance is greatly improved.
The embodiment of the present disclosure provides a kind of computer program product, and computer program product can including being stored in computer
The computer program on storage medium is read, computer program includes program instruction, when program instruction is computer-executed, makes to count
Calculation machine executes the above-mentioned method for handover operation permission.
Above-mentioned computer readable storage medium can be transitory computer readable storage medium, be also possible to non-transient meter
Calculation machine readable storage medium storing program for executing.
The technical solution of the embodiment of the present disclosure can be embodied in the form of software products, which deposits
Storage in one storage medium, including one or more instruction is used so that computer equipment (can be personal computer,
Server or the network equipment etc.) execute embodiment of the present disclosure method all or part of the steps.And storage medium above-mentioned can
To be non-transient storage media, comprising: USB flash disk, read-only memory (ROM, Read-Only Memory), is deposited mobile hard disk at random
A variety of media that can store program code such as access to memory (RAM, Random Access Memory), magnetic or disk,
It is also possible to transitory memory medium.
Above description and attached drawing sufficiently illustrate embodiment of the disclosure, to enable those skilled in the art to practice
They.Other embodiments may include structure, logic, it is electrical, process and other change.Embodiment only represents
Possible variation.Unless explicitly requested, otherwise individual components and functionality is optional, and the sequence operated can change.
The part of some embodiments and feature can be included in or replace part and the feature of other embodiments.The embodiment of the present disclosure
Range includes the entire scope of claims and all obtainable equivalents of claims.Moreover, in the application
The word used is only used for description embodiment and is not used in limitation claim.Such as in the description of embodiment and claim
Used in, unless context clearly illustrates, otherwise "one" (a) of singular, "one" (an) and " described " (the)
It is intended to include equally plural form.Similarly, term "and/or" refers to comprising one or one as used in this specification
The above associated any and all possible combination listed.In addition, when in the application, term " includes "
(comprise) and its modification " comprising " (comprises) and/or including fingers such as (comprising) statement feature, entirety,
Step, operation, the presence of element and/or component, but be not excluded for one or more other features, entirety, step, operation,
The presence or addition of element, component and/or these grouping.In the absence of more restrictions, by sentence " including one
It is a ... " element that limits, it is not excluded that there is also other identical in the process, method or equipment for including the element
Element.Herein, what each embodiment stressed can be the difference from other embodiments, phase between each embodiment
It can be referred to each other with similar portion.For method, product disclosed in the embodiment etc., if itself and side disclosed in embodiment
Method part is corresponding, then related place may refer to the description of method part.
It will be appreciated by those of skill in the art that unit described in conjunction with the examples disclosed in the embodiments of the present disclosure and
Algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually with hard
Part or software mode execute, and can depend on the specific application and design constraint of technical solution.The technical staff
Described function can be realized using distinct methods to each specific application, but this realization is it is not considered that exceed
The range of the embodiment of the present disclosure.The technical staff can be understood that, for convenience and simplicity of description, foregoing description
The specific work process of system, device and unit, can refer to corresponding processes in the foregoing method embodiment, no longer superfluous herein
It states.
In embodiments disclosed herein, disclosed method, product (including but not limited to device, equipment etc.) can be with
It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit
Divide, can be only a kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or
Component can be combined or can be integrated into another system, or some features can be ignored or not executed.In addition, shown
Or the mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, device or unit it is indirect
Coupling or communication connection can be electrical property, mechanical or other forms.The unit as illustrated by the separation member can be or
Person, which may not be, to be physically separated, and component shown as a unit may or may not be physical unit
With in one place, or may be distributed over multiple network units.Portion therein can be selected according to the actual needs
Point or whole unit realize the present embodiment.In addition, each functional unit in the embodiments of the present disclosure can integrate at one
In processing unit, it is also possible to each unit and physically exists alone, a list can also be integrated in two or more units
In member.
The flow chart and block diagram in the drawings show system, the method and computer program products according to the embodiment of the present disclosure
Architecture, function and operation in the cards.In this regard, each box in flowchart or block diagram can represent one
A part of module, section or code, a part of the module, section or code include it is one or more for realizing
The executable instruction of defined logic function.In some implementations as replacements, function marked in the box can also be with
Occur different from the sequence marked in attached drawing.For example, two continuous boxes can actually be basically executed in parallel, they
Sometimes it can also execute in the opposite order, this can be depended on the functions involved.Flow chart and block diagram institute in the accompanying drawings
In corresponding description, operation corresponding to different boxes or step can also be to be different from sequence hair disclosed in description
Raw, there is no specific sequences between sometimes different operations or step.For example, two continuous operations or step actually may be used
To be basically executed in parallel, they can also be executed in the opposite order sometimes, this can be depended on the functions involved.Block diagram
And/or the combination of each box in flow chart and the box in block diagram and or flow chart, it can the function as defined in executing
Can or the dedicated hardware based system of movement realize, or can come using a combination of dedicated hardware and computer instructions real
It is existing.
Claims (10)
1. a kind of method for handover operation permission characterized by comprising
Classify to the operating right of system, is the corresponding User Identity UID of every generic operation authority configuration;
When needing the operating right to user to switch over, UID corresponding to object run permission is obtained;
Using the UID as system call parameter, the system for handover operation permission is called to call;
Judge whether the UID is the corresponding UID of sorted operating right;If so, current operation permission is switched to institute
State the corresponding operating right of UID.
2. the method according to claim 1, wherein the operating right to system is classified, comprising:
It determines and operates corresponding management attribute;
According to different management attributes, different classes of operating right is set.
3. the method according to claim 1, wherein the operating right to system is classified, comprising:
Part operation permission in all operationss permission of selecting system;
Classify to the part operation permission.
4. according to the method described in claim 3, it is characterized in that,
Classify to the operating right of system, further includes: be the corresponding UID of the part operation authority configuration;
After calling the system for handover operation permission to call, further includes: judge whether the UID is the part operation power
Limit corresponding UID;If so, refusal handover operation permission.
5. according to the method described in claim 3, it is characterized in that,
Classify to the operating right of system, further includes: be the corresponding UID of all operationss authority configuration of system;
Call for handover operation permission system call after, further includes: judge the UID whether be the system whole
The corresponding UID of operating right;If so, refusal handover operation permission.
6. method according to any one of claims 1 to 5, which is characterized in that using the UID as system call parameter,
The system for handover operation permission is called to call, comprising:
Encrypt the UID;
Using the encrypted UID as system call parameter, the system for handover operation permission is called to call.
7. according to the method described in claim 6, it is characterized in that, judging whether the UID is sorted operating right pair
The UID answered, if so, current operation permission is switched to the corresponding operating right of the UID, comprising:
The encrypted UID is decrypted;
Whether the UID after judging the decryption is the corresponding UID of sorted operating right;If so, by current operation permission
The corresponding operating right of UID after being switched to the decryption.
8. method according to any one of claims 1 to 5, which is characterized in that further include:
After having executed operation with the corresponding operating right of the UID, operating right is switched from the corresponding operating right of the UID
For the operating right of ordinary user.
9. a kind of device for handover operation permission, including processor and the memory for being stored with program instruction, feature exists
In the processor is configured to executing method as claimed in any one of claims 1 to 8 when executing described program instruction.
10. a kind of household appliance, which is characterized in that including device as claimed in claim 9.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910667603.XA CN110443025A (en) | 2019-07-23 | 2019-07-23 | Method and device, household appliance for handover operation permission |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910667603.XA CN110443025A (en) | 2019-07-23 | 2019-07-23 | Method and device, household appliance for handover operation permission |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110443025A true CN110443025A (en) | 2019-11-12 |
Family
ID=68431294
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910667603.XA Pending CN110443025A (en) | 2019-07-23 | 2019-07-23 | Method and device, household appliance for handover operation permission |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110443025A (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107301339A (en) * | 2016-04-14 | 2017-10-27 | 中兴通讯股份有限公司 | The method and apparatus of control terminal working condition |
US20180307955A1 (en) * | 2017-04-24 | 2018-10-25 | Konica Minolta, Inc. | Information processing apparatus, information processing system and a non-transitory computer readable medium including programmed instructions |
CN108881108A (en) * | 2017-05-09 | 2018-11-23 | 北京京东尚科信息技术有限公司 | The method and apparatus of rights management |
-
2019
- 2019-07-23 CN CN201910667603.XA patent/CN110443025A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107301339A (en) * | 2016-04-14 | 2017-10-27 | 中兴通讯股份有限公司 | The method and apparatus of control terminal working condition |
US20180307955A1 (en) * | 2017-04-24 | 2018-10-25 | Konica Minolta, Inc. | Information processing apparatus, information processing system and a non-transitory computer readable medium including programmed instructions |
CN108881108A (en) * | 2017-05-09 | 2018-11-23 | 北京京东尚科信息技术有限公司 | The method and apparatus of rights management |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2021254601B2 (en) | Method and device for managing security in a computer network | |
Chica et al. | Security in SDN: A comprehensive survey | |
US11546360B2 (en) | Cyber security appliance for a cloud infrastructure | |
CN106462438B (en) | The proof of host comprising trusted execution environment | |
Shameli-Sendi et al. | Taxonomy of intrusion risk assessment and response system | |
Deb et al. | A comprehensive survey of vulnerability and information security in SDN | |
CN106537406A (en) | A cyber-security system and methods thereof | |
CN107637018A (en) | Technology for the security personalization of security monitoring virtual network function | |
Gardikis et al. | SHIELD: A novel NFV-based cybersecurity framework | |
Arfaoui et al. | Security and resilience in 5G: Current challenges and future directions | |
CN106778348A (en) | A kind of method and apparatus for isolating private data | |
Ardagna et al. | Certification-based cloud adaptation | |
Rak et al. | Intrusion tolerance as a service-a sla-based solution | |
CN106341386A (en) | Threat assessment level determination and remediation for cloud-based multi-layer security architecture | |
CN109344042A (en) | Recognition methods, device, equipment and the medium of abnormal operation behavior | |
Lin | Automated analysis of security APIs | |
Liao et al. | Assessing security of software components for Internet of Things: a systematic review and future directions | |
Kendrick et al. | A self-organising multi-agent system for decentralised forensic investigations | |
Kumar et al. | AI based supervised classifiers: an analysis for intrusion detection | |
CN110443025A (en) | Method and device, household appliance for handover operation permission | |
CN110443024A (en) | Method and device, household appliance for handover operation permission | |
Farahmandian et al. | SDS 2: A novel software-defined security service for protecting cloud computing infrastructure | |
Szwaczyk et al. | Applicability of risk analysis methods to risk-aware routing in software-defined networks | |
Ge et al. | Optimal deployments of defense mechanisms for the internet of things | |
Kasmi et al. | Security evaluation management over LTE critical infrastructures networks: IMS case study |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191112 |