CN115080980A - SELinux operating system security policy integrity model and integrity detection method - Google Patents

SELinux operating system security policy integrity model and integrity detection method Download PDF

Info

Publication number
CN115080980A
CN115080980A CN202210593242.0A CN202210593242A CN115080980A CN 115080980 A CN115080980 A CN 115080980A CN 202210593242 A CN202210593242 A CN 202210593242A CN 115080980 A CN115080980 A CN 115080980A
Authority
CN
China
Prior art keywords
integrity
type
model
rule
subject
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210593242.0A
Other languages
Chinese (zh)
Inventor
刘海波
乔冶
沈晶
于爱民
肖丽芳
刘湿润
李岩
范祎明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Harbin Engineering University
Original Assignee
Harbin Engineering University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Harbin Engineering University filed Critical Harbin Engineering University
Priority to CN202210593242.0A priority Critical patent/CN115080980A/en
Publication of CN115080980A publication Critical patent/CN115080980A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a SELinux operating system strategy integrity model and a strategy integrity detection method, and belongs to the field of information security. The method is divided into two stages, namely a first stage: the SSIM model is first constructed and then converted into standard rules for the access control matrix format. This step needs only to be done once; the second stage is as follows: and when the integrity of the SELinux security policy is checked every time, detecting the security policy according to an integrity detection method based on an SSIM model. The invention aims to solve the problems that the existing integrity model is not suitable for protecting the integrity of data, meanwhile, the data needs to be kept secret and the authorized access is convenient, and an effective method is not available for detecting the integrity of the strategy.

Description

SELinux operating system security policy integrity model and integrity detection method
Technical Field
The invention belongs to the field of information security, and particularly relates to a security policy integrity model and an integrity detection method for a SELinux operating system.
Background
Linux is one of the mainstream operating systems at present, and particularly, domestic operating systems are mainly developed on the basis of Linux. The security of the Linux operating system directly determines the security of the computer system. The SELinux is an operating system for enhancing the security of the Linux by adopting a mandatory access control strategy, and the security strategy of the SELinux is correctly configured, so that the integrity of the information stored in a computer can be effectively protected. Integrity is one of the basic features of information security, and refers to the property of keeping data from being destroyed or modified, lost, and unauthorized from changing, and different integrity requirements can be described by a custom integrity model. Entities within an operating system may be divided into different security levels and an integrity model defines integrity by restricting accessible relationships between entities of different security levels. Various SELinux Integrity models exist, such as Biba model, Low-Water-Mark model, Ring model, Strict Integrity model, Clark-Wilson model, and Chinese Wallm model. The Biba model implements data integrity protection by 3 rules without reading down (a subject cannot read data from a lower integrity level), writing up (a subject cannot write data to a subject at a higher integrity level), and tuning up (a subject cannot request or invoke services of a subject at a higher integrity level), which is not a concern for confidentiality of data. The integrity levels of the subject and the object in the Low-Water-Mark model can be dynamically changed, and the Low-Water-Mark model is not suitable for application scenarios in which the subject and the object levels are not allowed to be changed. In the Ring model, any object can be read by any host regardless of the integrity level, and the mechanism can cause very serious information leakage. The Strict Integrity model is able to mark the appropriate level of Integrity, but does not give a suitable level assignment as a reference. The Clark-Wilson model does not divide data in multiple stages, but distinguishes objects requiring integrity protection from objects not requiring integrity protection, and then authenticates and authorizes each access sub-process separately, the authentication process is complex, and if some interest alliances exist among users, cheating may exist, so that the integrity cannot be protected. The Chinese Wall model can be used for realizing dynamic change of access authority, the basic principle of the model is that a user can only access information which has no benefit conflict with the owned information, the Chinese Wall model is mainly used in the field of business information protection, the Chinese Wall model enables the user not to access any file class which has benefit conflict, and the Chinese Wall model is very limited. The integrity models are not suitable for application scenarios in which data integrity is protected, data is kept secret, and authorized access is facilitated. Although there are models that consider confidentiality, such as the BLP (Bell-Lapadula) model, the model does not have integrity protection capability.
In order to ensure that the configured security policy meets the requirements of the integrity model, the security policy needs to be integrity checked. However, due to the bulkiness and variability of SELinux security policies, integrity detection is very challenging, and an effective detection method is currently lacking.
Disclosure of Invention
The invention aims to provide a SELinux operating system security policy integrity model and an integrity detection method.
The purpose of the invention is realized by the following technical scheme:
a SELinux operating system security policy integrity model and an integrity detection method comprises the following steps:
step 1: constructing an SSIM model and converting the SSIM model into a standard rule of an access control matrix format;
step 1.1: constructing an SSIM model containing 4 rules;
step 1.2: according to the step 1.1, expressing the rules in the SSIM model as an access control matrix to form a standard rule matrix;
step 2: according to the step 1, detecting the integrity of the SELinux security policy;
step 2.1: acquiring integrity labels of a subject and an object;
step 2.2: acquiring a security context;
step 2.3: analyzing the domain type conversion path to obtain a domain type label;
step 2.4: converting the SELinux security rules into an access control matrix;
step 2.5: and (5) checking the integrity of the strategy.
Further, the specific steps of step 1 are as follows:
step 1.1: constructing an SSIM model containing 4 rules, wherein the 4 rules are as follows:
(1)neverallow S O C{relablfrom,relabelto};
(2)allow S c O c C s {setattr,write,append,unlink,create};
(3)neverallow S O C{read};
(4)neverallow O S C{write};
wherein S represents a subject, O represents an object, C is an entity set, and S c Being a high integrity body, O c Being a high integrity guest, C s For the system security file class, the meaning of each rule is:
(1) any host and object in the system cannot modify the integrity label again;
(2) in the system service security class file, the high integrity subject only allows the high integrity object to have 5 kinds of rights, namely setr, write, append, unlink, create;
(3) any high integrity host cannot read the low integrity guest;
(4) any low integrity guest cannot write to a high integrity host;
step 1.2: according to the step 1.1, expressing the rules in the SSIM model as an access control matrix to form a standard rule matrix;
in addition to the system service type file, when the subject is a high integrity subject and the object is a low integrity object, the standard rule is expressed as:
Figure BDA0003666474930000031
when the host is a low integrity host and the guest is a high integrity guest, the standard rule is expressed as:
Figure BDA0003666474930000032
for a system service class file, the standard rule is expressed as:
Figure BDA0003666474930000033
further, the specific steps of step 2 are as follows:
step 2.1: acquiring integrity labels of a subject and an object, wherein the algorithm is as follows:
XX, extracting all types of sets T of the system, and processing each type T in the T e as follows:
adding smzy flag to high integrity subject set S if it exists c And high integrity guest set O c Otherwise, if the type is a trusted software type, adding the type into the high integrity subject set S c Otherwise, if the type is the sensitive resource type file type, adding the type into the high-integrity object set O c Otherwise, it is added to the low integrity body set S o And low integrity body set O o
Step 2.2: obtaining a security context, and the algorithm is as follows:
performing key value configuration on each role R and each associated source type T, and performing key value configuration on each type T E T s ,T s Representing the source type, and outputting a key name key corresponding to the current value of T to obtain an R multiplied by T set;
carrying out key value configuration on each SELinux user U and a role R owned by the SELinux user U, and outputting a key name key corresponding to the current value t for each type R belonging to the R to obtain a UxR set;
and carrying out Cartesian product on the two sets to obtain a security context: u, R, T, respectively;
step 2.3: analyzing the domain type conversion path to obtain a domain type label, wherein the algorithm is as follows:
inquiring the domain conversion rule, putting the conversion target type of the type T in the domain conversion rule into a set T, and for each entity type T k E, T is processed as follows:
if a domain switch occurs, the type is noted as t 1 When the path is t 1 →t 2 Transition to the next type t 2 If type t 2 In the set A, the set A is a target type set which is converted once, and the subsequent steps after outputting the domain conversion path and jumping begin to process the next entity type t k Otherwise type t 2 Adding the entity type into the set A and starting to process the next entity type t in the subsequent step after jumping k (ii) a If the domain conversion does not occur, outputting a domain conversion path;
step 2.4: converting the SELin security rule into an access control matrix, wherein the algorithm is as follows:
inquiring all the allow rules, inquiring the type after the domain conversion of the main body type, adding and modifying the allow rules, traversing all the allow rules, deleting redundant authority, and processing each rule as follows:
converting SSIM integrity model format representation, if the SSIM integrity model is met, numbering each subject and object in the traversal rule and the authority set, converting the number into a 0, 1 access control matrix, and outputting a result;
step 2.5: the strategy integrity check, the algorithm is as follows:
firstly, subtracting an SSIM integrity model access control matrix from a standard strategy rule matrix, if a zero matrix occurs, outputting an illegal strategy rule set, otherwise, processing as follows:
traversing the row matrix, converting into an allow rule, adding a violation policy rule set, and outputting the violation policy rule set.
The invention has the beneficial effects that:
the SSIM integrity model and the detection method are more suitable for application scenes with special requirements on security and confidentiality. The following comparison is made by taking the Strict Integrity model as an example, and the technical superiority of the present invention is illustrated in terms of Integrity level label definition, security policy rule analysis conditions and security policy detection time.
(1) Integrity level tag definition
The Strict Integrity model is used as a reference for defining multiple Integrity levels of type tags in a system, while the SSIM Integrity model is divided into a high Integrity level and a low Integrity level for the Integrity levels, and has a clear definition for dividing a set to which a resource belongs.
(2) Security policy rule analysis conditions
The Strict Integrity model rule defines three basic rules, namely, a high Integrity host cannot read a low Integrity object, a low Integrity host cannot write a high Integrity object, and one high Integrity host can execute another low Integrity host. In the rules of the traditional Biba model, the SSIM integrity model is characterized in that a high integrity subject cannot read a low integrity subject and a low integrity subject cannot write the high integrity subject, two rules related to information confidentiality are added, namely, the type of the subject cannot be modified during program operation (subject type) and the type of the subject cannot be modified, a malicious program is prevented from modifying a tag of the malicious program by utilizing the security policy rules, and the purpose of accessing sensitive resource files is achieved. For the comprehensive consideration of the system security service core class files, in order to ensure that a correct administrator accesses the system security service core class files and no illegal operation occurs, it is specified that the high-integrity subject can only have five permissions of setr, write, append, unlink and create for the high-integrity object. The two models have different security policy violation detection and analysis conditions, and the number of violation of security policies is larger.
(3) Security policy detection time
The detection time of the security policy depends on the detection algorithm of the model, the detection algorithm based on the Strict Integrity model sense is to traverse the all rules one by one and display the violation policy, and the consumed time is longer. The invention is based on the access control matrix to detect, has high detection speed and can accurately position through the row vector of the matrix.
Drawings
FIG. 1 is a flowchart of a policy loading system kernel according to an embodiment of the present invention;
FIG. 2 is an information diagram of the number of violations detected by the SSIM integrity model according to the embodiment of the present invention;
FIG. 3 is a graph of information for detecting the number of violations by the Strict Integrity model in accordance with an embodiment of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
All the policies of the invention are actual security policies in a domestic operating system, the security policies are exported and carried out on Centos7, the exported security policies are operated on a virtual machine configured with 64GB, and SELinux libraries provided by SETools are used for reading and analyzing basic elements of the policies. The access control relationship and the integrity violation condition of the system are intensively analyzed.
Firstly, a security policy source file written by a security policy language is required to be analyzed, generally under the conditions of/etc/SELinux/targeted/policy/policy.29, the file is generated by loading an if file, a te file and a binary file generated by compiling an fc file into a kernel. The policy loading system kernel flow diagram is shown in fig. 1.
(1) Acquiring integrity object tags of a subject and an object;
an entity set E is obtained through a basic setols library provided in the SELinux, then each entity is subjected to cyclic traversal, whether the entity is a high integrity label or not is judged, and the entity set E is respectively placed into two different sets.
(2) Acquiring a domain type label;
for the situation that the domain conversion may occur to the subject, special analysis is needed, because after the domain conversion occurs to the subject, the type of the subject changes, the access right to the object also changes, and integrity analysis needs to analyze whether the converted type violates the SSIM model rule. Domain switching is a switching process often existing in SELinux systems, and the process enables a file or a process to be switched to another target type through a switching program, and domain switching may also occur in the switched target type. Successful domain switching requires three conditions to be met simultaneously: defining a new source type to have an entrypoint entry point to the target type; the source type has certain authority to the type of the inlet target; the source type has a process transition field translation for the new source type.
Domain switching policy rule definition occurs:
allow user_t passwd_exec_t:file{getattr execute};
allow passwd_t passwd_exec_t:file entrypoint;
allow user_t passwd_t:process transition;
(3) SSIM integrity model rule transformation;
in order to ensure the absolute security and data integrity of the system, the domestic operating system needs to analyze all combination rules one by one, and when a security administrator writes policy rules, the system only has an allow rule. Therefore, the newAllow rule and unnecessary permissions in the SSIM model need to be converted to conform to the policy format in the operating system. The following practical rules in the strategy are used for transformation:
allow smzy_user_t munin_log_t:file{read getattr execute open};
allow user_t vmware_conf_t:file{read getattr execute open};
allow user_t rhev_agentd_unit_file_t:file{read getattr execute open};
according to the strategy rules, the relation of the strategy basic elements and the domain conversion rules is obtained through the analysis of the first two steps. Firstly, judging whether the main body in the rule generates domain conversion, if the domain conversion occurs, adding modification is carried out after inquiring the strategy rule, for example, smzy _ user _ t domain is converted into low integrity main body type user _ t, so that one inquiry rule is required to be added to the rule.
allow smzy_user_t munin_log_t:file{write getattr execute open};
allow user_t munin_log_t:file{write getattr execute open};
allow user_t vmware_conf_t:file{read getattr execute open};
allow user_t rhev_agentd_unit_file_t:file{read getattr execute open};
According to SSIM model authority rules, stipulating:
allow S O C{read write relabelfrom relabelto setattr append unlink create}
numbering the standard rule permissions in the allow rule:
{'file':1,'read':2,'write':3,'settar':4,'append':5,'unlink':6,'create':7,'relabelfrom':8,'relabelto':9}
then numbering other subject types, object types, categories and other rights, and classifying the allow rule according to three conditions.
When the host is a high-integrity host and the guest is a low-integrity guest, the host is converted into an allowable rule matrix.
[10 28 44 1 22 2 13 24 14 30 15]
[10 11 12 1 2 13 14 15]
[10 16 17 18 13 19 15]
[10 11 20 21 22 2 3 7 13 23 24 5 6 25 26 15]
And deleting the matrix to obtain a matrix which meets the requirement of an SSIM integrity model and reaches the following matrix:
[10 28 44 1 2]
[10 11 12 1 2]
and judging the authority specified in the SSIM, if the authority is 1 and the authority is not 0, the SSIM integrity model allow rule high integrity subject access control matrix is as follows:
[28 44 1 0 0 0]
[11 42 1 0 0 0]
when the subject is a low-integrity subject and the object is a high-integrity object, the subject is converted into an allowable rule matrix, and when the system service class file is generated, the high-integrity subject only has specific authority for the high-integrity object, and the high-integrity subject is converted into the allowable rule matrix to be expressed in the same way.
(4) Obtaining SSIM integrity model violation policy rules:
and comparing with a standard access control matrix, if the access control matrix has different rules, taking the row of the matrix as a mark, and outputting when all rows are checked, wherein the output results are violation policy rule sets. And then analyzing the single rule, analyzing the influence of each policy rule on the safety, and if the more policy safety rules violated by a certain main body in the rule, the higher the safety risk is possibly, and reminding a safety administrator.
The implementation method is characterized in that 65658 allowable rule sets and 4334 domain transformations of the domestic operating system are analyzed, and in addition to the 4 security policy rule conditions under different conditions in the SSIM integrity model, namely the characteristics of 'no reading and no writing' concerned by the Biba model, two points are added, so that the integrity label and the object authority limit of the high integrity subject to the high integrity cannot be revised by the self. The number of detection violations for the experiment is shown in fig. 2. By contrast, the number of violations detected based on the Strict Integrity model and method is shown in fig. 3.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (3)

1. A SELinux operating system security policy integrity model and an integrity detection method are characterized in that:
step 1: constructing an SSIM model and converting the SSIM model into a standard rule of an access control matrix format;
step 1.1: constructing an SSIM model containing 4 rules;
step 1.2: according to the step 1.1, expressing the rules in the SSIM model as an access control matrix to form a standard rule matrix;
step 2: according to the step 1, detecting the integrity of the SELinux security policy;
step 2.1: acquiring integrity labels of a subject and an object;
step 2.2: acquiring a security context;
step 2.3: analyzing the domain type conversion path to obtain a domain type label;
step 2.4: converting the SELin security rules into an access control matrix;
step 2.5: and (5) checking the integrity of the strategy.
2. The SELinux operating system security policy integrity model and integrity detection method of claim 1, wherein: the specific steps of step 1 are as follows:
step 1.1: constructing an SSIM model containing 4 rules, wherein the 4 rules are as follows:
(1)neverallow S O C{relablfrom,relabelto};
(2)allow S c O c C s {setattr,write,append,unlink,create};
(3)neverallow S O C{read};
(4)neverallow O S C{write};
wherein S represents a subject, O represents an object, C is an entity set, and S c Being a high integrity body, O c Being a high integrity guest, C s For the system security file class, the meaning of each rule is:
(1) any subject and object in the system can not modify the integrity label again;
(2) in the system service security class file, the high integrity subject only allows the high integrity object to have 5 kinds of rights, namely setr, write, append, unlink, create;
(3) any high integrity host cannot read the low integrity guest;
(4) any low integrity guest cannot write to a high integrity host;
step 1.2: according to the step 1.1, expressing the rules in the SSIM model as an access control matrix to form a standard rule matrix;
in addition to the system service type file, when the subject is a high integrity subject and the object is a low integrity object, the standard rule is expressed as:
Figure FDA0003666474920000021
when the host is a low integrity host and the guest is a high integrity guest, the standard rule is expressed as:
Figure FDA0003666474920000022
for a system service class file, the standard rule is expressed as:
Figure FDA0003666474920000023
3. the SELinux operating system security policy integrity model and integrity detection method of claim 1, wherein: the specific steps of step 2 are as follows:
step 2.1: acquiring integrity labels of a subject and an object, wherein the algorithm is as follows:
XX, extracting all types of sets T of the system, and processing each type T in the T e as follows:
adding smzy flag to high integrity subject set S if it exists c And high integrity guest set O c Otherwise, if the type is a trusted software type, adding the type into the high integrity subject set S c Otherwise, if the type is the sensitive resource type file type, adding the type into the high-integrity object set O c Otherwise, it is added to the low integrity body set S o And low integrity body set O o
Step 2.2: obtaining a security context, and the algorithm is as follows:
performing key value configuration on each role R and each associated source type T, and performing key value configuration on each type T E T s ,T s Representing the source type, and outputting a key name key corresponding to the current value of T to obtain an R multiplied by T set;
carrying out key value configuration on each SELinux user U and a role R owned by the SELinux user U, and outputting a key name key corresponding to the current value of t to each type R belonging to the R to obtain a UxR set;
and carrying out Cartesian product on the two sets to obtain a security context: u, R, T, respectively;
step 2.3: analyzing the domain type conversion path to obtain a domain type label, wherein the algorithm is as follows:
inquiring the domain conversion rule, putting the conversion target type of the type T in the domain conversion rule into a set T, and for each entity type T k E, T is processed as follows:
if a domain switch occurs, the type is noted as t 1 When the path is t 1 →t 2 Transition to the next type t 2 If type t 2 In the set A, the set A is a target type set which is converted once, and the subsequent steps after outputting the domain conversion path and jumping begin to process the next entity type t k Otherwise type t 2 Adding the entity type into the set A and jumping to start processing the next entity type t in the subsequent steps k (ii) a If the domain conversion does not occur, outputting a domain conversion path;
step 2.4: converting the SELin security rule into an access control matrix, wherein the algorithm is as follows:
inquiring all the allow rules, inquiring the type after the domain conversion of the main body type, adding and modifying the allow rules, traversing all the allow rules, deleting redundant authority, and processing each rule as follows:
converting SSIM integrity model format representation, if the SSIM integrity model is met, numbering each subject and object in the traversal rule and the authority set, converting the number into a 0, 1 access control matrix, and outputting a result;
step 2.5: the strategy integrity check, the algorithm is as follows:
firstly, subtracting an SSIM integrity model access control matrix from a standard strategy rule matrix, if a zero matrix occurs, outputting an illegal strategy rule set, otherwise, processing as follows:
traversing the row matrix, converting into an allow rule, adding a violation policy rule set, and outputting the violation policy rule set.
CN202210593242.0A 2022-05-27 2022-05-27 SELinux operating system security policy integrity model and integrity detection method Pending CN115080980A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210593242.0A CN115080980A (en) 2022-05-27 2022-05-27 SELinux operating system security policy integrity model and integrity detection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210593242.0A CN115080980A (en) 2022-05-27 2022-05-27 SELinux operating system security policy integrity model and integrity detection method

Publications (1)

Publication Number Publication Date
CN115080980A true CN115080980A (en) 2022-09-20

Family

ID=83249539

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210593242.0A Pending CN115080980A (en) 2022-05-27 2022-05-27 SELinux operating system security policy integrity model and integrity detection method

Country Status (1)

Country Link
CN (1) CN115080980A (en)

Similar Documents

Publication Publication Date Title
US10838758B2 (en) System and method for self-protecting data
CN102799817B (en) For the system and method using Intel Virtualization Technology to carry out malware protection
Gasser Building a secure computer system
US7565509B2 (en) Using limits on address translation to control access to an addressable entity
Ames et al. Security kernel design and implementation: An introduction
US9836608B2 (en) System, method and apparatus for simultaneous definition and enforcement of access-control and integrity policies
US8239959B2 (en) Method and data processing system to prevent manipulation of computer systems
US20050060561A1 (en) Protection of data
KR100917370B1 (en) Information processing apparatus that executes program, computer readable medium in witch program is stored, and program control method for executing program
US8452740B2 (en) Method and system for security of file input and output of application programs
JPS61195443A (en) Method of protecting system file in data processing system and data processing system
US7251735B2 (en) Buffer overflow protection and prevention
CN111159762B (en) Subject credibility verification method and system under mandatory access control
US9516031B2 (en) Assignment of security contexts to define access permissions for file system objects
CN109063471A (en) A kind of guard method of SGX operation
US20050289358A1 (en) Method and system for sensitive information protection in structured documents
CN115080980A (en) SELinux operating system security policy integrity model and integrity detection method
RU2134931C1 (en) Method of obtaining access to objects in operating system
Chou An RBAC-based access control model for object-oriented systems offering dynamic aspect features
TWI728637B (en) Information security protection method and computer-readable medium
CN112347499A (en) Program self-protection method
Zannone et al. Creating objects in the flexible authorization framework
CN115917542A (en) Data protection system
CN115758330A (en) Configuration method of sandbox application authority control strategy and access authority control method
Bacic et al. The rationale behind the Canadian criteria

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination