CN112685729B - Special mandatory access control method, system, electronic equipment and storage medium - Google Patents
Special mandatory access control method, system, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN112685729B CN112685729B CN202011563015.0A CN202011563015A CN112685729B CN 112685729 B CN112685729 B CN 112685729B CN 202011563015 A CN202011563015 A CN 202011563015A CN 112685729 B CN112685729 B CN 112685729B
- Authority
- CN
- China
- Prior art keywords
- access control
- user
- software
- access
- resource
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention provides a special mandatory access control method, a system, electronic equipment and a storage medium, wherein the method comprises the following steps: the judgment basis of special access control is led in and the access request is judged according to a special access control logic of three-layer linkage cooperation of a user, software and resources; wherein determining the access request according to the dedicated access control logic comprises: receiving an access request; acquiring security context information of a subject and an object in an access request processing process; respectively judging the access requests from a user execution software layer, a software access resource layer and a user access resource layer to obtain judgment results of all layers; and obtaining a judgment result of the special access control according to the judgment result of each layer. The invention provides a more perfect safety protection layer for the operating system by formulating the judgment basis of the special access control and the special access control logic of the linkage and cooperation of the three layers of the user, the software and the resource, thereby improving the convenience and the safety of the system.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method, a system, an electronic device, and a storage medium for controlling a dedicated mandatory access.
Background
The access control is to provide information security guarantee for the computer system and enhance the security of the operating system. A conventional mandatory access control is a Type Enforcement (TE) access control, which is authorized according to the Type in a secure context. The Access Control models also include Role-Based Access Control (RBAC) models, task-Based Access Control (TBAC) models.
With the continuous improvement of the requirements of people on the safety of an operating system, various mandatory access control methods are developed, such as a main body credibility verification method and a system under mandatory access control, wherein the method mainly carries out credibility verification on an executable file and a link library of the system and detects whether the executable file and the link library are tampered by comparing with a reference value; the file authority management method and system based on mandatory access control mainly set security levels for users and files and perform security protection according to the security levels.
The traditional mandatory access control has the defect that any authority policy rule is lacked, so that the authority is necessarily insufficient, and the system or software is abnormally operated. And the protection for key sensitive resources of the system and private data of the user is lacked, and the requirement for separating three members in the operating system cannot be met.
Disclosure of Invention
The invention provides a special mandatory access control method, a special mandatory access control system, electronic equipment and a storage medium, which are used for solving at least part of problems.
The invention provides a special mandatory access control method, which comprises the following steps: the judgment basis of special access control is led in and the access request is judged according to a special access control logic of three-layer linkage cooperation of a user, software and resources;
the method for judging the access request according to the special access control logic coordinated by three layers of user, software and resource comprises the following steps:
receiving an access request;
acquiring security context information of a subject and an object in the access request processing process;
respectively judging the access request from a user execution software layer, a software access resource layer and a user access resource layer to obtain judgment results of all layers;
and obtaining the judgment result of the special access control according to the judgment result of each layer.
According to the special mandatory access control method provided by the invention, the access control request is judged from the software execution level of a user, and the method comprises the following steps:
and judging the execution authority and execution mode of the software by the user based on the judgment basis of the relationship file of the user and the software, the role field of the subject and the type field of the object in the security context information, and obtaining the judgment result of the user on the software execution level.
Further, the relationship file between the user and the software according to the judgment comprises:
the operation authority required by each piece of software; and
mandatory type conversion of security context information and retention of user types when the user executes the software.
According to the special mandatory access control method provided by the invention, the access control request is judged from the software access resource level, and the method comprises the following steps:
and judging whether the software has the right to access the resources or not based on the trusted software and the sensitive resource file in the judgment basis, and the type field of the subject and the type field of the object in the security context information to obtain a judgment result of the software access resource level.
Further, the trusted software and the sensitive resource file in the determination basis include:
the protection condition of each resource based on the safety factor of the system; wherein the resources are divided into common resources and sensitive resources;
authorization of operation requests for each software; the software is divided into trusted software and common software, and the trusted software is authorized to access sensitive resources by adopting a minimum authorization principle.
According to the special mandatory access control method provided by the invention, the access control request is judged from the user access resource level, and the method comprises the following steps:
and judging the execution authority and execution mode of the user to the software based on the user and the private data file thereof, the role field of the subject and the type field of the object in the security context information, and obtaining the judgment result of the user accessing the resource level.
Further, the judgment basis comprises the following steps of:
authorization for a user to access a resource; wherein resources that are only authorized for access by the user are defined as private data for the user.
The invention provides a special mandatory access control system, which comprises:
the access control management module is positioned in the kernel layer and used for judging the access request according to a special access control logic coordinated and coordinated by three layers of users, software and resources;
the data import module is positioned at the application layer and used for importing a judgment basis of special access control in the system initialization process;
and the bullet box prompting module is positioned at the application layer and used for recording and/or prompting information of various illegal operations for rejecting the access control request. When the same violation operation repeatedly occurs in the system, the box is popped for prompting once; when multiple illegal operations occur at the same time, only the first illegal operation is popped.
The invention also provides an electronic device, comprising a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor implements the steps of the special mandatory access control method as described in any one of the above when executing the program.
The invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the dedicated mandatory access control method as described in any of the above.
The special mandatory access control method provided by the invention realizes the special access control of multi-model fusion by formulating the judgment basis of special access control and the special access control logic of linkage and cooperation of three layers of users, software and resources, provides a more complete safety protection layer for an operating system, and improves the convenience and the safety of the system.
Drawings
In order to more clearly illustrate the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a flow chart illustrating a method for dedicated mandatory access control provided by the present invention;
FIG. 2 is a flow chart diagram of an embodiment of a dedicated mandatory access control method provided by the present invention;
FIG. 3 is a schematic diagram of an embodiment of a three-member discrete access control policy provided by the present invention;
FIG. 4 is a schematic diagram of an embodiment of a private data access control policy provided by the present invention;
FIG. 5 is a schematic structural diagram of a dedicated mandatory access control system provided by the present invention;
fig. 6 is a schematic structural diagram of an electronic device provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In recent years, many access control models have been proposed, with great results in the research of access control. Such as a Discretionary Access Control model (DAC) and a Mandatory Access Control Model (MAC). Traditionally, both Linux and UNIX systems employ DACs. SELinux (Security-enhanced Linux) is an example of a MAC mechanism adopted by Linux. In SELinux, there are no allowed rules by default, nor are there supervisors, and the allowed access must be given by a rule. This results in the defects of strict authority management and tedious customized strategy in the traditional mandatory access control.
SELinux adopts the TE model, in SELinux, each host (process) and object (file, interprocess communication channel, socket, network host, etc.) has a security context associated with it, and a security context may include three elements: users (users), roles (roles), and type identifiers (type identifiers).
And a user field for identifying which identity the data or process is owned by, for example, the user field of the system data is system _ u, and the user field of the user data is user _ u.
A role field to identify whether this data belongs to a process, a file, or represents a user. The system initialization role of an object resource such as a file or a folder is object _ r; the main resources such as processes and the system initialization role of the general user are designated as system _ r.
The type field is called a domain in the security context of the subject, the field is called a type in the security context of the object, the object type can be further divided into categories, and the domain and the type need to be matched for correct access. In the conventional mandatory access control, a type field is mainly controlled, and a user field and a role field are less controlled. This results in insufficient protection from the critical sensitive resources of the system and user private data, while also failing to meet the three-person separation requirements in operating systems.
The role-based access control model RBAC has the basic idea that access permission rights are assigned to certain roles, and a user obtains the access permission rights owned by the roles by decorating different roles, and the access control model RBAC comprises five basic data elements: user, role, goal, operation, permission. SELinux improves the RBAC model, and provides a TE-RBAC combined model, wherein authorization is assigned to a source type through allowing security policy rules, then the source type is assigned to roles, and finally one or more roles are assigned to an authorized user.
The invention provides a special mandatory access control method, and FIG. 1 is a schematic flow chart of the method according to the embodiment of the invention. As shown in fig. 1, the method mainly comprises the following steps:
103, acquiring security context information of a subject and an object in the access request processing process;
in this embodiment, it should be further explained that, the determining the access control request from the software execution level of the user includes: and judging whether the user has the authority to execute the software or not based on the judgment basis of the relationship file between the user and the software, the role field of the subject and the type field of the object in the security context information, and obtaining a judgment result of a user execution software layer. The relationship file of the user and the software according to the judgment comprises: the operation authority required by each piece of software; and mandatory type conversion of security context information and retention of user types when the user executes the software.
In this embodiment, the dedicated access control method divides the software in the system into two categories: trusted software and generic software. The user can only execute the trusted software by desktop double-click, command line, system service, and the user can execute the normal software in any way. Operation of a user login process: after the operating system loads the kernel, an init process is started, then other system services such as user login and the like are started, a pam authentication module is called when a user logs in, the security context of the current process is obtained, the current process is converted into a user running domain according to configuration information, after the conversion is successful, domain conversion is not carried out on operations executed in a configuration desktop environment and a command line environment, and the running domain of the user is reserved.
In this embodiment, it needs to be further explained that, determining an access control request from a software access resource level includes: and judging whether the software has the right to access the resources or not based on the trusted software and the sensitive resource file in the judgment basis, and the type field of the subject and the type field of the object in the security context information to obtain a judgment result of the software access resource level. Further, the trusted software and the sensitive resource file in the determination basis include: the protection condition of each resource based on the safety factor of the system; wherein the resources are divided into common resources and sensitive resources; authorization of operation requests for each software; the software is divided into trusted software and common software, and the trusted software is authorized to access sensitive resources by adopting a minimum authorization principle.
In this embodiment, the dedicated access control method divides the resources in the system into two categories: sensitive resources and common resources. The system provides a definition method of sensitive resources, and key file/directory types and operation authorities which affect the security and identity authentication of the system are used as the sensitive resources of the system together. And authorizing the access relation between the trusted software and the sensitive resource by adopting a minimum authorization principle according to an access control authority matrix in the policy rule. Ordinary software prohibits access to sensitive resources. All software has access to common resources.
In this embodiment, it should be further explained that, the determining the access control request from the resource access level of the user includes: and judging the execution authority and execution mode of the user on the software based on the user and the private data file thereof, the role field of the subject and the type field of the object in the security context information according to the judgment basis to obtain a judgment result of the user accessing the resource level. Further, the judgment basis comprises the following steps of: authorization for a user to access a resource; wherein resources that are only authorized for access by the user are defined as private data for the user.
In this embodiment, the system defines data under the user's home directory or data that only the user can access as private data of the user.
And 105, obtaining a judgment result of the special access control according to the judgment result of each layer.
The embodiment of the invention judges the access control request from the user execution software layer, thereby realizing a three-member separation mechanism; the access control request is judged by accessing the resource layer from software, so that the protection of sensitive resources is realized; the access control request is judged from the resource access level of the user, so that the private data of the user is protected.
The special mandatory access control method provided in this embodiment is a mandatory access control method based on SELinux, and may be specifically understood as a method implemented in a SELinux system, and a stronger security protection layer is provided for an operating system by further fusing special mandatory access control methods of other models, so as to improve convenience and security of the system.
In this embodiment, it should be noted that the order of each step is not a limitation of the present invention, some steps may occur simultaneously, and some steps may occur repeatedly, for example, according to a SELinux mandatory access control policy rule of an operating system, the determining of an access control data stream includes a process in which the operating system itself extracts information of a security context of the access control data stream to perform the determining, but the information obtained by this extraction may only be used for SELinux mandatory access control of the operating system. As described above, in the conventional mandatory access control, the type field is mainly controlled, and the user field and the role field are less controlled. This results in insufficient protection of the system's critical sensitive resources and user private data, while also not meeting the three-person discrete requirements of the operating system.
Another embodiment is described in detail below with reference to fig. 2, where fig. 2 is a schematic diagram of an embodiment of a three-member discrete access control policy provided by the present invention. As shown in fig. 2, three privileged users, a system administrator (root), a security administrator (secadm), and an audit administrator (audiodm), may be included and define three privileged roles, a system administration role (sysadm _ r), a security administration role (secadm _ r), and an audit administration role (audiodm _ r), each user being associated with a respective role, each role in turn being associated with source types that basically summarize the access permissions that the role allows for all objects of the system. For example, only if the audit administrator is associated with the audiodm _ t source type, the audit administrator can have the authority to view the audit log. According to the role of the security context information of the access control data stream and the object type of the operation, an audit administrator can successfully read the audit log, and the system administrator is denied reading the audit log and displays that access is denied.
Through the three-member discrete function in the special mandatory access control method provided by the invention, the judgment is carried out according to the extracted main body security context role information and the domain type information, the execution of the program which is not in the user execution range is forbidden, and the three-member discrete requirement is met.
Another embodiment is described in detail below with reference to fig. 3, fig. 3 is a schematic diagram of an embodiment of a private data access control policy provided by the present invention; as shown in fig. 3, in the special mandatory access control method provided by the present invention, a detailed minimum execution or access right is established for each user. If the first user cannot access the object type B, the first user is associated with a role, the role is associated with an object type allowing access, the login user is judged according to the role through role information in the security context, the access right of the user to the private data of the user is granted, the access of each user to other private resources of the user is forbidden, and the right of the user is limited to the maximum extent, so that the private data of the user is protected.
According to the embodiment of the invention, a relatively perfect security protection layer is established for the private data of the user through the correlation and judgment among the user, the role and the object type, so that the privacy of the private data of the user is protected.
In the following, another embodiment of the present invention is described in detail, in which it should be noted that, the decisions are not isolated, and the result of one decision may be used as the basis of another decision, for example, the result of a sensitive resource decision may be used as the basis of a trusted software decision. Different decision results do not necessarily lead to different final decision results for the operation on the access control data stream, requiring comprehensive decisions.
The access control strategy of the sensitive resources and the trusted software provided by the embodiment of the invention is judged according to the extracted security context types of the subject and the object, so that a more complete access control strategy is provided, and if the operation of non-sensitive resources and the operation of the object without self-protection requirements are allowed; forbidding the operation when the accessed object is the minimum set of sensitive resources, even though possible SELinux mandatory access control policy rules allow the operation; allowing a user to self-authorize operation of untrusted software on a minimal set of sensitive resources; and the unauthorized software is prohibited from accessing the key resources of the system, so that the requirement of protecting the sensitive resources of the system is met.
Another embodiment of the present invention is described in further detail below, and an embodiment of the dedicated mandatory access control method provided by the present invention is shown in fig. 4, and includes the following steps:
the method comprises the following steps: a user initiates an access request;
step two: according to the SELinux mandatory access control strategy rule of the operating system, judging the access request, and recording a judgment result;
step three: acquiring information of security context, role, subject type, object type, operation and the like in the current access request process;
step four: judging the role information in the acquired security context, and judging whether the role is a role bound with the user;
step five: if the role is not the role bound with the user, directly releasing the role, and performing the step ten;
step six: if the role is bound by the user, judging the authority of a security and confidentiality manager, an audit manager and a system manager, and judging whether the role of the current execution subject has the authority of accessing the executable file of the trusted program or not according to the role of the security context information of the access request and the type of the object of the operation;
step seven: if the system does not have the authority, recording a message of violating the three-member authority in a log, and popping up an access denied prompt information frame; otherwise, performing the step eight;
step eight: judging the private data of the user, namely judging whether the operated object accesses the private data of other users or not according to the role of the security context of the current access request and the type of the operated object;
step nine: if the private data of other users exist, recording a message of access private data rejection in the log, and popping up a prompt information box of 'access rejected'. Otherwise, performing the step ten;
step ten: judging key sensitive resources of the system, namely judging the information of the object security context in the current access request, and judging whether the object type, the class and the operation authority are the sensitive resources of the system;
step eleven: if the current access object type is not a sensitive resource, judging whether the current access object type has a self-protection requirement or not;
step twelve: if the self-protection requirement exists, recording the violation of the self-protection requirement in the log, and popping up an access denied prompt information frame; otherwise, the operation is released;
step thirteen: if the resource is sensitive, carrying out a fourteenth step;
fourteen steps: judging the trusted software, namely judging whether the main body type of the safety context of the main body is the operation domain of the trusted software or not according to the main body information of the access control;
step fifteen: if the access object is not the operation domain of the trusted software, judging whether the accessed object is the minimum set of the sensitive resources, and if the access object is the minimum set, rejecting the operation; if not, go to step sixteen:
sixthly, the step of: and the user performs user self-authorization according to the requirement. If the user does not execute the self-authorization function, prompting, recording rejection information of the non-trusted software for accessing the sensitive resource in the log, and popping up a prompt information frame of 'access rejected'; if the user executes the self-authorization module for authorization, the operation is released;
seventeen steps: and if the operation domain of the trusted software is the operation domain, inquiring the judgment result in the second step. If the judgment result allows, the operation is released; if the judgment result is not allowed, rejecting the operation, recording the refused information of the trusted software access sensitive resource in the log, and popping up an access refused prompt message frame;
in the embodiment of the invention, the plurality of models are fused to implement special mandatory access control, and after the context information of the subject and the object is obtained, each judgment is executed in sequence, so that each element in the context information of the subject and the object is fully utilized, the special access control of the multi-model fusion is realized, a stronger safety protection layer is provided for an operating system, and the convenience and the safety of the system are improved.
The following describes an embodiment of the present invention in detail with reference to fig. 5, where fig. 5 is a schematic structural diagram of a dedicated mandatory access control system provided by the present invention, and as shown in fig. 5, the system for multi-layer linkage dedicated mandatory access control provided by the present invention includes performing customized development at an application layer and a kernel layer, including:
the access control management module 502 is positioned in the kernel layer and used for judging the access request according to a special access control logic coordinated and coordinated by three layers of users, software and resources; the kernel layer primarily customizes the access control logic.
A data import module 501 located at the application layer, configured to import a decision basis for special access control in the system initialization process; the main function of the data import module 501 is to import three separate judgment bases, a private data judgment base, a trusted software judgment base, and a sensitive resource judgment base into the system, so as to provide bases and supports for analysis and judgment of the access control data stream.
And the bullet box prompting module 503 is located at the application layer and is used for recording and/or prompting information of various illegal operations for rejecting the access control request. When the same illegal operation repeatedly occurs in the system, the box is popped for prompting once; when multiple illegal operations occur at the same time, only the first illegal operation is popped. The main function of the pop-up box prompting module 503 is to perform pop-up box prompting when there is an illegal operation, and the illegal operation of the operation is recorded in a log, and the prompting information of the pop-up box prompting module 503 mainly includes the type of the illegal operation and the security context information of the subject and the object in the access control data stream.
Fig. 6 illustrates a physical structure diagram of an electronic device, which may include, as shown in fig. 6: a processor (processor) 610, a communication Interface 620, a memory (memory) 630 and a communication bus 640, wherein the processor 610, the communication Interface 620 and the memory 630 complete communication with each other through the communication bus 640. The processor 610 may call logic instructions in the memory 630 to perform a special mandatory access control method comprising: importing a judgment basis of access control and carrying out access control operation; the access control operation includes: receiving an access control data stream; acquiring security context information of a subject and an object in the access control data stream; according to a customized access control strategy, judging the access control data stream according to the judgment basis and the security context information of the subject and/or the object; and according to the judgment result, releasing or rejecting the operation of the access control data stream, and recording and/or prompting the information of rejecting the operation of the access control data stream.
In addition, the logic instructions in the memory 630 may be implemented in software functional units and stored in a computer readable storage medium when the logic instructions are sold or used as independent products. Based on such understanding, the technical solution of the present invention or a part thereof which substantially contributes to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product comprising a computer program stored on a non-transitory computer-readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the dedicated mandatory access control method provided by the above methods, the method comprising: importing a judgment basis of access control and carrying out access control operation; the above access control operation includes: receiving an access control data stream; obtaining security context information of a subject and an object in the access control data stream; according to a customized access control strategy, judging the access control data stream according to the judgment basis and the security context information of the subject and/or the object; and according to the judgment result, releasing or refusing the operation of accessing the control data stream, and recording and/or prompting the information of refusing the operation of accessing the control data stream.
In yet another aspect, the present invention also provides a non-transitory computer-readable storage medium having stored thereon a computer program which, when executed by a processor, is implemented to perform the dedicated mandatory access control method provided above, the method comprising: importing a judgment basis of access control and carrying out access control operation; the access control operation includes: receiving an access control data stream; obtaining security context information of a subject and an object in the access control data stream; according to a customized access control strategy, judging the access control data stream according to the judgment basis and the security context information of the subject and/or the object; and according to the judgment result, releasing or rejecting the operation of the access control data stream, and recording and/or prompting the information of rejecting the operation of the access control data stream.
The above-described embodiments of the apparatus are only illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (9)
1. A special mandatory access control method is characterized in that based on SELinux mandatory access control policy rules, the method comprises the following steps:
the judgment basis of special access control is led in and the access request is judged according to a special access control logic of three-layer linkage cooperation of a user, software and resources;
the method for judging the access request according to the special access control logic coordinated by three layers of user, software and resource comprises the following steps:
receiving an access request;
acquiring security context information of a subject and an object in the access request processing process;
respectively judging the access request from a user execution software layer, a software access resource layer and a user access resource layer to obtain judgment results of all layers;
obtaining a judgment result of the special access control according to the judgment result of each layer;
the determining the access control request from the user executing software layer comprises:
and judging the execution authority and execution mode of the software by the user based on the judgment basis of the relationship file of the user and the software, the role field of the subject and the type field of the object in the security context information, and obtaining the judgment result of the user on the software execution level.
2. The dedicated mandatory access control method according to claim 1, characterized in that the determination is based on a relationship file of a user and software, comprising:
the operation authority required by each piece of software; and
mandatory type conversion of security context information and retention of user types when the user executes the software.
3. The dedicated mandatory access control method of claim 1, characterized in that the decision of the access control request from the software access resource level comprises:
and judging whether the software has the right to access the resources or not based on the trusted software and the sensitive resource file in the judgment basis, and the type field of the subject and the type field of the object in the security context information to obtain a judgment result of the software access resource level.
4. The special mandatory access control method of claim 3, wherein the trusted software and sensitive resource file of the decision basis comprises:
the protection condition of each resource based on the safety factor of the system; wherein the resources are divided into common resources and sensitive resources;
authorization of operation requests for each software; the software is divided into trusted software and common software, and the trusted software is authorized to access sensitive resources by adopting a minimum authorization principle.
5. The dedicated mandatory access control method of claim 1, characterized in that the determination of the access control request from the user access resource level comprises:
and judging whether the user has the right to access the resources or not based on the user and the private data file thereof, the role field of the subject and the type field of the object in the security context information, and obtaining a judgment result of the resource access level of the user.
6. The dedicated mandatory access control method according to claim 5, characterized in that the decision-as a function of the user and his private data file comprises:
authorization for a user to access a resource; wherein resources that are only authorized for access by the user are defined as private data for the user.
7. A private mandatory access control system, characterized by comprising:
the access control management module is positioned in the kernel layer and used for judging the access request according to a special access control logic coordinated by three layers of user, software and resource;
the data import module is positioned at the application layer and used for importing a judgment basis of special access control in the system initialization process;
the system comprises a frame popping prompt module, a frame popping prompt module and a frame pushing prompt module, wherein the frame popping prompt module is positioned on an application layer and is used for recording and/or prompting information of various illegal operations refusing an access control request, and the frame popping prompt module only pops a frame once when the same illegal operation repeatedly appears in the system; when multiple illegal operations occur at the same time, only popping the frame for the first illegal operation;
the method for judging the access request according to the special access control logic coordinated by three layers of user, software and resource comprises the following steps:
receiving an access request;
acquiring security context information of a subject and an object in the access request processing process;
respectively judging the access request from a user execution software layer, a software access resource layer and a user access resource layer to obtain judgment results of all layers;
obtaining a judgment result of the special access control according to the judgment result of each layer;
the determining the access control request from the user executing software layer comprises:
and judging the execution authority and execution mode of the software by the user based on the judgment basis of the relationship file of the user and the software, the role field of the subject and the type field of the object in the security context information, and obtaining the judgment result of the user on the software execution level.
8. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the dedicated mandatory access control method according to any of claims 1 to 6 are implemented when the program is executed by the processor.
9. A non-transitory computer readable storage medium, having stored thereon a computer program, characterized in that the computer program, when being executed by a processor, realizes the steps of the dedicated mandatory access control method according to any of the claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011563015.0A CN112685729B (en) | 2020-12-25 | 2020-12-25 | Special mandatory access control method, system, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011563015.0A CN112685729B (en) | 2020-12-25 | 2020-12-25 | Special mandatory access control method, system, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112685729A CN112685729A (en) | 2021-04-20 |
| CN112685729B true CN112685729B (en) | 2023-04-07 |
Family
ID=75451704
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011563015.0A Active CN112685729B (en) | 2020-12-25 | 2020-12-25 | Special mandatory access control method, system, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112685729B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113299013B (en) * | 2021-05-20 | 2023-06-27 | 中铁信安(北京)信息安全技术有限公司 | Intelligent folder and control method thereof |
| CN113536243B (en) * | 2021-07-09 | 2022-03-25 | 益世信息技术(杭州)有限公司 | Enterprise internal software use management system based on authority analysis |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105046146A (en) * | 2015-06-30 | 2015-11-11 | 中标软件有限公司 | Resource access method of Android system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101727545A (en) * | 2008-10-10 | 2010-06-09 | 中国科学院研究生院 | Method for implementing mandatory access control mechanism of security operating system |
| CN104112089B (en) * | 2014-07-17 | 2017-02-01 | 中国人民解放军国防科学技术大学 | Multi-strategy integration based mandatory access control method |
-
2020
- 2020-12-25 CN CN202011563015.0A patent/CN112685729B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105046146A (en) * | 2015-06-30 | 2015-11-11 | 中标软件有限公司 | Resource access method of Android system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112685729A (en) | 2021-04-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2019206006B2 (en) | System and method for biometric protocol standards | |
| CN109766699B (en) | Operation behavior intercepting method and device, storage medium and electronic device | |
| US9917863B2 (en) | Method and system for implementing mandatory file access control in native discretionary access control environments | |
| McIlroy et al. | Multilevel security in the UNIX tradition | |
| US20090282457A1 (en) | Common representation for different protection architectures (crpa) | |
| US20080005798A1 (en) | Hardware platform authentication and multi-purpose validation | |
| US20030159070A1 (en) | System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages | |
| EP1394655A2 (en) | Secure system and method for accessing files in computers using fingerprints | |
| CN112685729B (en) | Special mandatory access control method, system, electronic equipment and storage medium | |
| JP2007524148A (en) | Trusted computer system | |
| GB2411988A (en) | Preventing programs from accessing communication channels withut user permission | |
| US9516031B2 (en) | Assignment of security contexts to define access permissions for file system objects | |
| CN114297708A (en) | Access control method, device, equipment and storage medium | |
| CN106101149B (en) | Process access control method and device based on accesses control list | |
| CN112667998A (en) | Safe access method and system for container mirror image warehouse | |
| JP2004126634A (en) | File protection system | |
| JP3756397B2 (en) | ACCESS CONTROL METHOD, ACCESS CONTROL DEVICE, AND RECORDING MEDIUM | |
| KR100706338B1 (en) | Virtual access control security system for supporting various access control policies in operating system or application | |
| CN113268723A (en) | Electric energy meter software platform application program authority control method and related device | |
| KR100657353B1 (en) | Security system and method for supporting a variety of access control policies, and recordable medium thereof | |
| Jaidi | Advanced access control to information systems: Requirements, compliance and future directives | |
| Langmead | Comparative Evaluation of Access Control Models | |
| KR100707940B1 (en) | Security method for supporting various access control policies in operating system or application | |
| Frank et al. | Access Control and Authentication Mechanisms in Cloud Databases | |
| Blanc et al. | Protection of a shared hpc cluster |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |