CN113343282A - File security monitoring method and system for mandatory access control and storage medium - Google Patents
File security monitoring method and system for mandatory access control and storage medium Download PDFInfo
- Publication number
- CN113343282A CN113343282A CN202110862137.8A CN202110862137A CN113343282A CN 113343282 A CN113343282 A CN 113343282A CN 202110862137 A CN202110862137 A CN 202110862137A CN 113343282 A CN113343282 A CN 113343282A
- Authority
- CN
- China
- Prior art keywords
- security
- label
- audit result
- subject
- main body
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a file security monitoring method, a file security monitoring system and a storage medium for mandatory access control, wherein the file security monitoring method comprises the steps of intercepting an access request of a main body to a target device object; acquiring a security label of the main body to obtain a first security label; acquiring a security label of the target equipment object to obtain a second security label; performing filtering security audit on the access request according to the first security label and the second security label to obtain a security audit result; and determining the operation of the subject on the target equipment object according to the safety audit result. According to the file security monitoring method, all access requests of the subject to the target equipment object can be intercepted and blocked, and whether the subject can access the object or not is determined by comparing the security labels of the subject and the target equipment object, so that system data can be effectively protected, the security of files is improved, and host resources are protected.
Description
Technical Field
The present application relates to the field of information security, and in particular, to a method, a system, and a storage medium for file security monitoring based on mandatory access control.
Background
The primary goal of computer security is to ensure the confidentiality, integrity and availability of information in a computer. The Windows operating system adopts an autonomous access control system, has high flexibility and small granularity, and has the defects that the access authority relationship of information is changed in the moving process, and the access authority is transferred to another user by adding the user, so that the user without the access authority can access the target resource.
Mandatory Access Control (MAC) prevents the unsafe flow of information using Mandatory regulations, and thus can very effectively prevent trojan horse attacks. It is very important to maintain information security in some departments with high operating system security requirements, such as multi-level military systems.
In the related technology, the defects of the BLP (Bell-La Padula) model are mainly expressed in two aspects, namely that the application field is narrow, the use is not flexible, the BLP model is generally only used in industries or fields with obvious level concepts such as military and the like, the control on the integrity is not enough, the BLP model emphasizes that information flows towards the direction of high security level, and the integrity protection of the information of high security level is not emphasized enough. The Biba model is primarily directed to the protection aspect of information integrity. Similar to the BLP model, the Biba model replaces the security level in the BLP model with an integrity level, and the access control restriction is just the opposite of the BLP model, and there is insufficient control over the security of information.
Disclosure of Invention
The present application is directed to solving at least one of the problems in the prior art. Therefore, the file security monitoring method based on the mandatory access control is provided, confidentiality and integrity can be considered, the security of the file is improved, and host resources can be effectively protected.
The application also provides a file security monitoring system with mandatory access control.
The present application also provides a computer-readable storage medium.
According to the file security monitoring method of the mandatory access control in the embodiment of the first aspect of the application, the method comprises the following steps:
intercepting an access request of a main body to a target device object;
acquiring a security label of the main body to obtain a first security label;
acquiring a security label of the target equipment object to obtain a second security label;
performing filtering security audit on the access request according to the first security label and the second security label to obtain a security audit result;
and determining the operation of the subject on the target equipment object according to the safety audit result.
The file security monitoring method for mandatory access control according to the embodiment of the application has at least the following beneficial effects: all access requests of the subject to the target equipment object (object) are intercepted and blocked, and whether the subject can access the object or not is determined by comparing the security tags of the subject and the object, so that system data can be effectively protected, the security of a file is improved, and host resources are protected.
According to some embodiments of the present application, the intercepting a subject's access request to a target device object includes:
creating a driving device object of the target device object, and hanging the driving device object to the target device object;
acquiring an access request of the main body to the target equipment object;
and switching the access request to the driving device object.
According to some embodiments of the present application, the security tag comprises a security tag and an integrity tag, the first security tag comprises a first security tag and a first integrity tag, the second security tag comprises a second security tag and a second integrity tag;
the determining, according to the security audit result, the operation of the subject on the target device object includes:
if the safety audit result meets a preset safety rule, the safety audit result is an operation permission, and the main body is permitted to operate the target equipment object;
and if the safety audit result does not meet the preset safety rule, the safety audit result is operation refusal, and the main body is not allowed to operate the target equipment object.
According to some embodiments of the application, the preset security rules comprise: presetting a read operation rule, a preset adding operation rule and a preset write operation rule;
the first privacy label is defined as a triplet (Hs, Hc, Chs), H is the privacy level, C is the information category, wherein Hs ⊆ H is the highest privacy level of the subject; hc ⊆ H is the privacy level of the current principal; chs ⊆ C is the privacy information category of the subject;
the first integrity label Is defined as a binary group (Is, Cis), Is the integrity level of the subject, and Cis ⊆ C Is the integrity information category of the subject;
the second security label is defined as a binary group (Ho, Cho), Ho ⊆ H being the security level of the target device object; ch ⊆ C is the confidentiality information category of the target device object;
the first integrity label is defined as a tuple (Io, Cio), Io being an integrity level of the target device object, Cio ⊆ C being an integrity information category of the target device object;
the preset reading operation rule is defined as: (Hs Is more than or equal to Ho ^ Cho ⊆ Chs) ^ (Is less than or equal to Io ^ Cio ⊆ Cis);
the preset adding operation rule is defined as: (Hc Is less than or equal to Ho ^ Chs ⊆ Cho) ^ (Is more than or equal to Io ^ Cio ⊆ Cis);
the preset write operation rule is defined as: (Hc = Ho ^ Chs = Cho) ^ (Is ≧ Io ^ Cio ⊆ Cis).
According to some embodiments of the present application, if the security audit result satisfies a preset security rule, the security audit result is an operation permission, and the allowing the subject to operate the target device object includes:
and if the first security label and the second security label meet a preset reading operation rule, the security audit result is that the reading operation is allowed, and the main body is allowed to read the target equipment object.
According to some embodiments of the present application, if the security audit result satisfies a preset security rule, the security audit result is an operation permission, and the main body is permitted to operate the target device object, further including:
and if the first security label and the second security label meet a preset adding operation rule, the security audit result is that adding operation is allowed, and the main body is allowed to perform adding operation on the target equipment object.
According to some embodiments of the present application, if the security audit result satisfies a preset security rule, the security audit result is an operation permission, and the main body is permitted to operate the target device object, further including:
and if the first security label and the second security label meet a preset write operation rule, the security audit result is write operation permission, and the main body is permitted to write the target equipment object.
According to some embodiments of the present application, the document security monitoring method further comprises:
if the safety audit result is operation refusal, the IP address of the main body is output to obtain a warning IP address;
and if the safety audit result is the operation permission, outputting the IP address of the main body to obtain a normal IP address.
The file security monitoring system for mandatory access control according to the embodiment of the second aspect of the application comprises an interception module, an acquisition module, a filtering audit module and a control module;
the intercepting module is used for intercepting an access request of a main body to a target device object; the acquisition module is used for acquiring the security label of the main body to obtain a first security label;
the acquisition module is further used for acquiring the security label of the target equipment object to obtain a second security label;
the filtering and auditing module is used for performing filtering and security auditing on the access request according to the first security label and the second security label to obtain a security auditing result;
and the control module is used for receiving and determining the operation of the subject on the target equipment object according to the security audit result.
The file security monitoring system with mandatory access control according to the embodiment of the application has at least the following beneficial effects: all access requests of the subject to the target equipment object (object) are intercepted and blocked, and whether the subject can access the object or not is determined by comparing the security tags of the subject and the object, so that system data can be effectively protected, the security of a file is improved, and host resources are protected.
According to the computer-readable storage medium of the third aspect of the present application, the computer-readable storage medium stores computer-executable instructions for causing a computer to execute the file security monitoring method according to any one of the first aspect of the present application.
Additional aspects and advantages of the present application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application.
Drawings
The present application is further described with reference to the following figures and examples, in which:
FIG. 1 is a flow diagram of a method for document security monitoring provided by some embodiments of the present application;
FIG. 2 is a flowchart of a document security monitoring method provided in some embodiments of the present application;
FIG. 3 is a flowchart of a document security monitoring method provided in some embodiments of the present application;
FIG. 4 is a flowchart of a document security monitoring method provided in some embodiments of the present application;
fig. 5 is a block diagram of a document security monitoring system according to some embodiments of the present application.
Reference numerals: 510. an interception module; 520. an acquisition module; 530. a filtering audit module; 540. and a control module.
Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application.
In the description of the present application, it is to be understood that the positional descriptions, such as the directions of up, down, front, rear, left, right, etc., referred to herein are based on the directions or positional relationships shown in the drawings, and are only for convenience of description and simplification of description, and do not indicate or imply that the referred device or element must have a specific direction, be constructed and operated in a specific direction, and thus, should not be construed as limiting the present application.
In the description of the present application, the meaning of a plurality is one or more, the meaning of a plurality is two or more, and the above, below, exceeding, etc. are understood as excluding the present number, and the above, below, within, etc. are understood as including the present number. If the first and second are described for the purpose of distinguishing technical features, they are not to be understood as indicating or implying relative importance or implicitly indicating the number of technical features indicated or implicitly indicating the precedence of the technical features indicated.
In the description of the present application, unless otherwise expressly limited, terms such as set, mounted, connected and the like should be construed broadly, and those skilled in the art can reasonably determine the specific meaning of the terms in the present application by combining the detailed contents of the technical solutions.
In the description of the present application, reference to the description of the terms "one embodiment," "some embodiments," "an illustrative embodiment," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The basic idea of the mandatory access control technology is that each host and object have a predetermined security attribute, and whether a host can perform a specific operation on an object depends on the relationship between the security attributes. The MAC is mainly referred to as MAC in TCSEC (Trusted Computer Security Evaluation Criteria), and is mainly used to describe a multi-level Security policy in the context of a U.S. military Computer system. In a multi-level security policy, security attributes are represented as binary groups, denoted as (security level, set of categories), security level represents the degree of confidentiality, and set of categories represents the set of departments or organizations.
The Bell-LaPadula model (BLP) is a state machine model used to implement access control in government and military applications. The BLP model is designed according to the security policy of the military, and the essential problem to be solved is to control the information access with classified classification. The secret level in the BLP model is any element in the set { secret, public }, which is in full order, i.e.: secret > public. A set of categories is a subset of the set of non-hierarchical elements in the system, the elements of this set depending on the environment and application domain under consideration. In the BLP model, a set of security attributes form a lattice that satisfies a partial ordering relationship, referred to as a dominance relationship. The BLP model assigns a security attribute (also known as a privacy level) to each user in the system that reflects the confidence that the user does not reveal privacy information to users without the corresponding security attributes. User-activated processes will also be granted this security attribute; the BLP model also assigns a security attribute to each object in the system that reflects the degree of retention of information within the object and also reflects the potential threat posed by unauthorized disclosure of such information to users who are not allowed to access the information. In the BLP model, information flows from bottom to top. The BLP model considers several access patterns:
(1) read-only, reading the information contained in the object;
(2) adding information into the object without reading the information in the object;
(3) executing an object (program);
(4) and writing and reading, namely writing information into the object and allowing the information in the object to be read.
The subject's access to objects in the BLP model must satisfy the following two rules:
(1) simple safety rules: allowing the subject to read the object only when the subject's security level is not lower than the object security level and the subject's class set contains a class set of the object;
(2) rule: the subject is allowed to write to the object only if the subject's security level is not higher than the object's security level and the set of classes of the object includes the subject's set of classes.
The BLP model has the defects of narrow application field, inflexible use and only being generally used in industries or fields with obvious grade concepts such as military and the like; the integrity control is not enough, the emphasis is on the information flowing towards the high-security level, and the emphasis on the integrity protection of the high-security level information is not enough.
Biba model is the integrity access control model proposed by k.j. Biba in 1977, as well as a mandatory access control model.
The Biba model solves the integrity problem of data in the system. It does not care about security level and confidentiality. The Biba model uses the integrity level to prevent data from flowing from any integrity level into a higher integrity level. Information can only flow from top to bottom in the system. The Biba model is primarily directed to the protection aspect of information integrity. Similar to the BLP model, the Biba model replaces the privacy level in the BLP model with an integrity level, while the access control constraints are exactly the opposite of the BLP model:
(1) simple and complete rules: allowing the subject to write the object only if the completeness level of the subject is greater than or equal to the completeness level of the object and the class set of the subject includes the class set of the object;
(2) integrity constraint rule (— rule): the subject is allowed to read the object only when the subject's level of completeness is not higher than the level of completeness of the object and the set of classes of the object includes the set of classes of the subject.
The application provides a mandatory access control model which can simultaneously maintain the confidentiality and the integrity of a Windows file system. It is defined as follows:
let each principal possess two security tags: a privacy tag and an integrity tag. The main body confidentiality label is defined as a triplet (Hs, Hc, Chs), H is the confidentiality grade, C is the information category, wherein Hs ⊆ H is the highest confidentiality grade of the main body; hc ⊆ H is the privacy level of the current principal; chs ⊆ C is the privacy information category of the subject. The subject integrity label Is defined as a binary group (Is, Cis), Is the integrity level of the subject, and Cis ⊆ C Is the integrity information category of the subject.
The security label of each object is defined as a binary group (Ho, Cho), and Ho ⊆ H is the security level of the object; ch ⊆ C is the privacy information category of the object. The integrity label of the object is consistent with the confidentiality label of the subject, the integrity label of the object is defined as a binary group (Io, Cio), the Io is the integrity level of the object, and the Cio ⊆ C is the integrity information category of the object.
The security features of the mandatory access control model of the present application are as follows:
the condition that the host can read the object must be satisfied: (Hs Is more than or equal to Ho ^ Cho ⊆ Chs) ^ (Is less than or equal to Io ^ Cio ⊆ Cis);
the condition that the host can add the object must be satisfied: (Hc Is less than or equal to Ho ^ Chs ⊆ Cho) ^ (Is more than or equal to Io ^ Cio ⊆ Cis);
the condition that the host can write to the object must be satisfied: (Hc = Ho ^ Chs = Cho) ^ (Is ≧ Io ^ Cio ⊆ Cis).
Note that the comparison of security tags is defined as follows:
the comparison of the privacy tags is defined as follows:
(1) if the security level of two security labels is equal and the category sets are also equal, the two security labels are called to be equal;
(2) privacy tag a is said to be larger than privacy tag B if the following conditions hold: the security level of A is greater than that of B and the two category sets are equal; the two security levels are equal and the class set of A is a true superset of the class set of B; the security level of A is greater than the security level of B and the category set of A is a true superset of the category set of B;
(3) two security tags are said to be not comparable if they are not equal and neither security tag is greater than the other.
The comparison of integrity tags is defined as follows:
(1) two integrity labels are said to be equal if their integrity levels are equal and the class sets are also equal;
(2) if the following conditions are true, then the integrity label A is said to be larger than the integrity label B: the full level of a is greater than the full level of B and the two sets of categories are equal; the two complete levels are equal and the class set of a is a true superset of the class set of B; the full level of A is greater than the full level of B and the class set of A is a true superset of the class set of B;
(3) two integrity tags are said to be not comparable if they are not equal and neither integrity tag is greater than the other.
Superset: if each element in a set S2 is in set S1, and set S1 may contain elements not found in S2, then set S1 is a superset of S2, and S2 is a subset of S1. S1 is a superset of S2, and if S1 does not have an element in S2, S1 is a true superset of S2, and S2 is a true subset of S1.
It should be noted that the security feature of the mandatory access control model of the present application is not limited to this, and may be selected according to the security label comparison defined in the present application according to the actual situation.
Referring to fig. 1, in a first aspect, some embodiments of the present application provide a file security monitoring method for mandatory access control, including, but not limited to, step S110, step S120, step S130, step S140, and step 150.
Step S110: intercepting an access request of a main body to a target device object;
step S120: acquiring a security label of a main body to obtain a first security label;
step S130: acquiring a security label of a target equipment object to obtain a second security label;
step S140: performing filtering security audit on the access request according to the first security label and the second security label to obtain a security audit result;
step S150: and determining the operation of the subject on the target equipment object according to the security audit result.
Specifically, in this embodiment, the target device object is an object, all access requests of the object from the subject are intercepted, and filtering security audit is performed on the access requests according to the security tag of the subject and the security tag of the object, so as to determine whether to deny the subject access to the object or to allow the subject to operate on the object. By the arrangement, system data can be effectively protected, the security of files is improved, and host resources are protected.
Referring to fig. 2, in some embodiments of the present application, step S110 includes, but is not limited to, step S111, step S112, and step S113.
Step S111: creating a driving equipment object of a target equipment object, and hooking the driving equipment object to the target equipment object;
step S112: acquiring an access request of a main body to a target equipment object;
step S113: the access request is forwarded to the driver device object.
Specifically, in the present embodiment, WDM supports a hierarchical model, so the function of document security monitoring can be implemented at multiple levels. And (4) filtering safety audit, namely intercepting and capturing the file operation request and then carrying out safety audit.
Firstly, a driving device object linked to a target device object is generated, after the link is successful, all IRPs (I/O Request packages) distributed to the target device object are intercepted, a proper IRP is established according to actual needs and distributed to the target device object, and a new IHP structure or a related IRP is established according to a main IHP.
For example: to monitor the E-disk, an equipment object (target equipment object) of the E-partition is acquired, and then a nameless equipment object (drive equipment object) is generated and attached to the target equipment object of the E-partition. After the hooking is successful, all file operations (IRPs) to the target equipment object in the partition need to be processed by the driving equipment object, filtering security audit is carried out, and whether the IRPs are refused to be distributed or continue to be distributed is determined according to a security audit result.
It should be noted that the file operation includes requests for opening a file, creating a file, reading and writing a file, and closing a file. These requests are typically initiated by a user process and distributed to the file security monitor system through the I/O subsystem manager.
Referring to fig. 3, in some embodiments of the present application, the security tags include a confidentiality tag and an integrity tag, the first security tag includes a first confidentiality tag and a first integrity tag, and the second security tag includes a second confidentiality tag and a second integrity tag; step S150 includes, but is not limited to, step S151 and step S152.
Step S151: if the safety audit result meets the preset safety rule, the safety audit result is allowed to operate, and the main body is allowed to operate the target equipment object;
step S152: and if the safety audit result does not meet the preset safety rule, the safety audit result is operation refusal, and the subject is not allowed to operate the target equipment object.
Specifically, the preset security rules include a preset read operation rule, a preset add operation rule, and a preset write operation rule. The first confidentiality tag is defined as a triple (Hs, Hc, Chs), H is the confidentiality grade, C is the information category, wherein Hs ⊆ H is the highest confidentiality grade of the main body; hc ⊆ H is the privacy level of the current principal; chs ⊆ C is the confidentiality information category of the subject; the first integrity label Is defined as a binary group (Is, Cis), wherein Is the integrity level of the subject, and Cis ⊆ C Is the integrity information category of the subject; the second security label is defined as a binary group (Ho, Cho), Ho ⊆ H being the security level of the target device object; ch ⊆ C is the confidentiality information category of the target device object; the first integrity label is defined as a tuple (Io, Cio), where Io is the integrity level of the target device object and Cio ⊆ C is the integrity information category of the target device object.
The conditions of read operation, add operation, and write operation on the target device object are consistent with the security characteristics of the mandatory access control model proposed in the present application, that is:
the preset read operation rule is defined as: (Hs Is more than or equal to Ho ^ Cho ⊆ Chs) ^ (Is less than or equal to Io ^ Cio ⊆ Cis);
the preset adding operation rule is defined as: (Hc Is less than or equal to Ho ^ Chs ⊆ Cho) ^ (Is more than or equal to Io ^ Cio ⊆ Cis);
the preset write operation rule is defined as: (Hc = Ho ^ Chs = Cho) ^ (Is ≧ Io ^ Cio ⊆ Cis).
Through the setting, the confidentiality of the BLP model and the integrity of the Biba model can be considered, and the protection capability of host resources is enhanced.
In some embodiments, step S151 further includes, but is not limited to, step S1511, step S1512, step S1513.
Step S1511: if the first security label and the second security label meet a preset reading operation rule, the security audit result is that reading operation is allowed, and the main body is allowed to read the target equipment object;
step S1512: if the first security label and the second security label meet the preset adding operation rule, the security audit result is that the adding operation is allowed, and the main body is allowed to perform the adding operation on the target equipment object;
step S1513: and if the first security label and the second security label meet the preset write operation rule, the security audit result is write operation permission, and the main body is allowed to write the target equipment object.
Referring to fig. 4, in some embodiments of the present application, the document security monitoring method further includes, but is not limited to, step S160 and step S170.
Step S160: if the safety audit result is that operation is refused, the IP address of the main body is output to obtain a warning IP address;
step S170: and if the security audit result is the operation permission, outputting the IP address of the main body to obtain the normal IP address.
The monitoring system is emphasized by tracking and storing the IP address of the main body and listing the IP of the main body which does not pass the safety audit as the warning IP address. All relevant information such as the main IP address and the like is generated into a file access log, so that attacks from the local and the network can be well monitored and resisted. The file security monitoring system reinforces the security of the Windows file kernel, and can greatly improve the network security level and the system security. The network security technology is applied to a safer three-dimensional protection system which is combined internally and externally by the single application layer network protection such as firewall and intrusion detection, so that the network security can address both the symptoms and root causes.
In a second aspect, referring to fig. 5, the present application further provides a file security monitoring system with mandatory access control, which includes an interception module 510, an acquisition module 520, a filtering and auditing module 530, and a control module 540. The intercepting module 510 is configured to intercept an access request of a subject to a target device object; the obtaining module 520 is configured to obtain a security label of a subject to obtain a first security label; the obtaining module 520 is further configured to obtain a security tag of the target device object to obtain a second security tag; the filtering and auditing module 530 is used for performing filtering and security auditing on the access request according to the first security label and the second security label to obtain a security auditing result; the control module 540 is configured to receive and determine an operation of the subject on the target device object according to the security audit result.
It should be noted that the control module 540 may also be configured to implement operations such as adding, deleting, clearing, and the like of the host-object security tag, implement tracking of the host IP address, configure the filtering and auditing module 530, set monitoring conditions, implement an interface integrated with other systems, and the like.
The file security monitoring system realizes the file security monitoring system based on mandatory access control by setting the filtering audit module 530 and loading the mandatory access control model, improves the original mandatory access control model, ensures confidentiality and integrity, and effectively protects host resources. When network intrusion breaks through the control of a firewall and enters an operating system, the file security monitoring system can set the security level of a host and an object, block the request of an illegal user process, effectively protect system data by comparing the security labels of the host and the object, track the related information of an attack process and generate a file access log, and can well monitor and resist the attack from the local and the network. The file security monitoring system reinforces the security of the Windows file kernel, and can greatly improve the network security level and the system security. The network security technology is applied to a safer three-dimensional protection system which is combined internally and externally by the single application layer network protection such as firewall and intrusion detection, so that the network security can address both the symptoms and root causes.
In a third aspect, embodiments of the present application further provide a computer-readable storage medium.
In some embodiments, a computer-readable storage medium stores computer-executable instructions for performing the file security monitoring method mentioned in the first aspect embodiment.
In some embodiments, the storage medium stores computer-executable instructions that, when executed by one or more control processors, for example, by a processor in the electronic device, cause the one or more processors to perform the file security monitoring method.
The above-described embodiments of the apparatus are merely illustrative, wherein the units illustrated as separate components may or may not be physically separate, i.e. may be located in one place, or may also be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
One of ordinary skill in the art will appreciate that all or some of the steps, systems, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
The embodiments of the present application have been described in detail with reference to the drawings, but the present application is not limited to the embodiments, and various changes can be made within the knowledge of those skilled in the art without departing from the gist of the present application. Furthermore, the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
Claims (10)
1. The file security monitoring method for mandatory access control is characterized by comprising the following steps:
intercepting an access request of a main body to a target device object;
acquiring a security label of the main body to obtain a first security label;
acquiring a security label of the target equipment object to obtain a second security label;
performing filtering security audit on the access request according to the first security label and the second security label to obtain a security audit result;
and determining the operation of the subject on the target equipment object according to the safety audit result.
2. The method for file security monitoring according to claim 1, wherein the intercepting a subject's access request to a target device object comprises:
creating a driving device object of the target device object, and hanging the driving device object to the target device object;
acquiring an access request of the main body to the target equipment object;
and switching the access request to the driving device object.
3. The file security monitoring method of claim 1, wherein the security tags comprise a security tag and an integrity tag, the first security tag comprises a first security tag and a first integrity tag, and the second security tag comprises a second security tag and a second integrity tag;
the determining, according to the security audit result, the operation of the subject on the target device object includes:
if the safety audit result meets a preset safety rule, the safety audit result is an operation permission, and the main body is permitted to operate the target equipment object;
and if the safety audit result does not meet the preset safety rule, the safety audit result is operation refusal, and the main body is not allowed to operate the target equipment object.
4. The document security monitoring method according to claim 3, wherein the preset security rules include: presetting a read operation rule, a preset adding operation rule and a preset write operation rule;
the first privacy label is defined as a triplet (Hs, Hc, Chs), H is the privacy level, C is the information category, wherein Hs ⊆ H is the highest privacy level of the subject; hc ⊆ H is the privacy level of the current principal; chs ⊆ C is the privacy information category of the subject;
the first integrity label Is defined as a binary group (Is, Cis), Is the integrity level of the subject, and Cis ⊆ C Is the integrity information category of the subject;
the second security label is defined as a binary group (Ho, Cho), Ho ⊆ H being the security level of the target device object; ch ⊆ C is the confidentiality information category of the target device object;
the first integrity label is defined as a tuple (Io, Cio), Io being an integrity level of the target device object, Cio ⊆ C being an integrity information category of the target device object;
the preset reading operation rule is defined as: (Hs Is more than or equal to Ho ^ Cho ⊆ Chs) ^ (Is less than or equal to Io ^ Cio ⊆ Cis);
the preset adding operation rule is defined as: (Hc Is less than or equal to Ho ^ Chs ⊆ Cho) ^ (Is more than or equal to Io ^ Cio ⊆ Cis);
the preset write operation rule is defined as: (Hc = Ho ^ Chs = Cho) ^ (Is ≧ Io ^ Cio ⊆ Cis).
5. The file security monitoring method according to claim 4, wherein if the security audit result satisfies a preset security rule, the security audit result is an operation permission, and the main body is permitted to operate the target device object, and the method includes:
and if the first security label and the second security label meet a preset reading operation rule, the security audit result is that the reading operation is allowed, and the main body is allowed to read the target equipment object.
6. The method for file security monitoring according to claim 5, wherein if the security audit result satisfies a preset security rule, the security audit result is an operation permission, the subject is permitted to operate the target device object, and the method further includes:
and if the first security label and the second security label meet a preset adding operation rule, the security audit result is that adding operation is allowed, and the main body is allowed to perform adding operation on the target equipment object.
7. The method for file security monitoring according to claim 6, wherein if the security audit result satisfies a preset security rule, the security audit result is an operation permission, the subject is permitted to operate the target device object, and the method further includes:
and if the first security label and the second security label meet a preset write operation rule, the security audit result is write operation permission, and the main body is permitted to write the target equipment object.
8. The document security monitoring method according to any one of claims 3 to 7, further comprising:
if the safety audit result is operation refusal, the IP address of the main body is output to obtain a warning IP address;
and if the safety audit result is the operation permission, outputting the IP address of the main body to obtain a normal IP address.
9. A file security monitoring system for mandatory access control, comprising:
the intercepting module is used for intercepting an access request of a main body to a target device object;
the acquisition module is used for acquiring the security label of the main body to obtain a first security label;
the acquisition module is further used for acquiring the security label of the target equipment object to obtain a second security label;
the filtering and auditing module is used for performing filtering and safety auditing on the access request according to the first safety label and the second safety label to obtain a safety auditing result;
and the control module is used for receiving and determining the operation of the subject on the target equipment object according to the safety audit result.
10. Computer-readable storage medium, characterized in that it stores computer-executable instructions for causing a computer to execute the method for document security monitoring according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110862137.8A CN113343282A (en) | 2021-07-29 | 2021-07-29 | File security monitoring method and system for mandatory access control and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110862137.8A CN113343282A (en) | 2021-07-29 | 2021-07-29 | File security monitoring method and system for mandatory access control and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113343282A true CN113343282A (en) | 2021-09-03 |
Family
ID=77480459
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110862137.8A Pending CN113343282A (en) | 2021-07-29 | 2021-07-29 | File security monitoring method and system for mandatory access control and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113343282A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102368760A (en) * | 2010-12-31 | 2012-03-07 | 中国人民解放军信息工程大学 | Data secure transmission method among multilevel information systems |
| CN102495988A (en) * | 2011-12-19 | 2012-06-13 | 北京诺思恒信科技有限公司 | Domain-based access control method and system |
| CN104657676A (en) * | 2015-03-05 | 2015-05-27 | 北京安普诺信息技术有限公司 | File mandatory access control method and system thereof based on minifilter drive |
| US20170220720A1 (en) * | 2016-02-03 | 2017-08-03 | Fujitsu Limited | Temperature calculation method, information processing device, and non-transitory recording medium storing temperature calculation program |
| CN107944296A (en) * | 2017-11-30 | 2018-04-20 | 郑州云海信息技术有限公司 | A kind of cloud storage system and its user authority control method, equipment, storage medium |
-
2021
- 2021-07-29 CN CN202110862137.8A patent/CN113343282A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102368760A (en) * | 2010-12-31 | 2012-03-07 | 中国人民解放军信息工程大学 | Data secure transmission method among multilevel information systems |
| CN102495988A (en) * | 2011-12-19 | 2012-06-13 | 北京诺思恒信科技有限公司 | Domain-based access control method and system |
| CN104657676A (en) * | 2015-03-05 | 2015-05-27 | 北京安普诺信息技术有限公司 | File mandatory access control method and system thereof based on minifilter drive |
| US20170220720A1 (en) * | 2016-02-03 | 2017-08-03 | Fujitsu Limited | Temperature calculation method, information processing device, and non-transitory recording medium storing temperature calculation program |
| CN107944296A (en) * | 2017-11-30 | 2018-04-20 | 郑州云海信息技术有限公司 | A kind of cloud storage system and its user authority control method, equipment, storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 潘龙平等: "基于强制访问控制的安全Linux系统设计与实现", 《计算机工程与应用》 * |
| 马新强等: "基于安全标签的访问控制研究与设计", 《计算机工程与设计》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11941110B2 (en) | Process privilege escalation protection in a computing environment | |
| US11469976B2 (en) | System and method for cloud-based control-plane event monitor | |
| US8938775B1 (en) | Dynamic data loss prevention in a multi-tenant environment | |
| US10270781B2 (en) | Techniques for data security in a multi-tenant environment | |
| US10154066B1 (en) | Context-aware compromise assessment | |
| US9348984B2 (en) | Method and system for protecting confidential information | |
| US9934376B1 (en) | Malware detection appliance architecture | |
| US8484327B2 (en) | Method and system for generic real time management of devices on computers connected to a network | |
| US11714884B1 (en) | Systems and methods for establishing and managing computer network access privileges | |
| US20200302074A1 (en) | File access control based on analysis of user behavior patterns | |
| EP3171571B1 (en) | Method and system for managing access control lists in a networked application environment | |
| US20190012458A1 (en) | System and method for a security filewall system for protection of an information handling system | |
| US20070124803A1 (en) | Method and apparatus for rating a compliance level of a computer connecting to a network | |
| WO2016109042A1 (en) | Microvisor-based malware detection endpoint architecture | |
| US20060075492A1 (en) | Access authorization with anomaly detection | |
| EP3608825B1 (en) | Application control | |
| RU2691228C2 (en) | Cancellation protection of possible confidential data elements | |
| CN114553540B (en) | Zero trust-based Internet of things system, data access method, device and medium | |
| US11977494B2 (en) | Providing a secure communication channel between kernel and user mode components | |
| US20180026986A1 (en) | Data loss prevention system and data loss prevention method | |
| Ami et al. | Ransomware prevention using application authentication-based file access control | |
| JP6183889B2 (en) | Security system and security method for controlling interaction between components of a computer system | |
| Patel et al. | Cloud computing security risks: Identification and assessment | |
| US20160335433A1 (en) | Intrusion detection system in a device comprising a first operating system and a second operating system | |
| CN113343282A (en) | File security monitoring method and system for mandatory access control and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210903 |
|
| RJ01 | Rejection of invention patent application after publication |