CN117235735A - Main and customer security access control method and system of trusted DCS controller system - Google Patents
Main and customer security access control method and system of trusted DCS controller system Download PDFInfo
- Publication number
- CN117235735A CN117235735A CN202311196057.9A CN202311196057A CN117235735A CN 117235735 A CN117235735 A CN 117235735A CN 202311196057 A CN202311196057 A CN 202311196057A CN 117235735 A CN117235735 A CN 117235735A
- Authority
- CN
- China
- Prior art keywords
- access control
- host
- file
- trusted
- policy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 68
- 238000007726 management method Methods 0.000 claims abstract description 29
- 238000012550 audit Methods 0.000 claims abstract description 27
- 230000006870 function Effects 0.000 claims description 24
- 238000004590 computer program Methods 0.000 claims description 17
- 238000012423 maintenance Methods 0.000 claims description 10
- 230000006399 behavior Effects 0.000 claims description 6
- 238000012986 modification Methods 0.000 claims description 6
- 230000004048 modification Effects 0.000 claims description 6
- 238000011217 control strategy Methods 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 8
- 238000012545 processing Methods 0.000 description 8
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Storage Device Security (AREA)
Abstract
The application discloses a host and guest security access control method and system of a trusted DCS controller system, comprising a policy configuration management module and an access control module, wherein the policy configuration management module is positioned at an application layer of the trusted DCS controller system, and the access control module is positioned at a kernel layer of the trusted DCS controller system; the strategy configuration management module is utilized to manage the configuration, inquiry and switch of the function control module of the access control strategy; the access control module is utilized to maintain and update the policy table and judge the operation behavior, so that the security of the SylixOS system can be effectively enhanced, the system important files are prevented from being tampered randomly, the integrity of the important files and the legality of content sources are protected, the integrity, the consistency and the security of configuration files such as audit log files and domestic trusted DCS controllers can be effectively protected, and the security of a service system is effectively provided.
Description
Technical Field
The application belongs to the technical field of security of a trusted DCS controller system, and particularly relates to a host and client security access control method and system of the trusted DCS controller system.
Background
The domestic trusted distributed control system uses a Feiteng CPU platform and a real-time operating system SylixOS, a thermal power service program is operated on the Feiteng CPU platform, and the service environment is practically applied to a plurality of power plants at present. The SylixOS provides the bottom operating system environment for the operation of the service, and the functionality of the SylixOS is well verified. The current all-domestic credible distributed control system uses a layered component architecture of a configuration design flow, is mainly based on a message bus technology, adopts a component type data management system and an incremental refreshing model/view graphic system according to a data-driven modularized component integration scheme, and aims to realize quick refreshing of memory data to an operation interface, reduce the coupling between modules and the complexity of a program, and improve the maintainability, expandability and portability of configuration software.
However, the real-time SylixOS operating system used by the current trusted DCS controller mainly considers the real-time performance of tasks at present, ignores the security of the system, easily causes the real-time operating system to suffer illegal invasion, causes great threat to running thermal power business, has low security, cannot provide perfect access control function, and cannot effectively resist various attacks.
Disclosure of Invention
The application aims to provide a host and guest security access control method and system of a trusted DCS controller system, which are used for solving the problem that the existing trusted DCS controller is poor in attack resistance.
A host-guest secure access control system of a trusted DCS controller system, comprising: a policy configuration management module and an access control module;
the policy configuration management module is used for accessing the configuration, inquiry and switch of the function control module of the control policy; the access control module is used for maintaining and updating the policy table and judging the operation behavior.
Preferably, the object of the configuration of the policy configuration management module for accessing the control policy includes a subject process file, an object file, and access control rights of other processes to the object file.
Preferably, the access control rights include read, write, and execute; the host process file has all control rights to the object file, and the access rights of other processes to the object file are executed according to the configured object access control rights, wherein the write rights are not configured, and the other processes can prohibit modification operation to the object file.
Preferably, the maintenance and update of the access control module to the policy table comprises maintaining a host, an object and an access control authority linked list, and inserting corresponding links at the reading, writing and executing operation positions of the kernel of the trusted DCS controller system, when the reading, writing and executing operation is carried out on a file, searching the host, the object and the access control authority linked list, if the operated file is in the linked list, judging whether the host process operating the file is a configured host process, if yes, operating the access, if not, determining whether to allow or reject the access according to the access control authority of the object, and if not, operating the access, otherwise, not performing the access.
Preferably, the policy configuration management module is connected with a function control module, and the function control module is used for starting and stopping the access control function of the subject and the object.
Preferably, the policy configuration management module is connected with an audit log module, and the audit log module is used for recording an operation log of the user layer, and recording all operations of the access control policy into the audit log.
Preferably, the policy maintenance module is responsible for updating the policy, and when the application layer configures or deletes the policy, the policy is issued to the kernel layer by calling a special interface and is updated to the policy linked list by the policy maintenance module of the kernel; the policy configuration management module is connected with an audit module, generates an alarm audit log when the operation is stopped, and sends the alarm audit log to the user layer record through a special interface.
A host and guest security access control method of a trusted DCS controller system comprises the following steps: and inserting corresponding links at reading, writing and executing operation positions of the kernel of the trusted DCS controller system, executing operation according to the access request, searching a host, an object and an access control authority linked list when the reading, writing and executing operation is carried out on the file, judging whether a host process for operating the file is a configured host process or not if the operated file is in the linked list, operating the access if the operated file is in the linked list, determining whether to allow or reject the access according to the access control authority of the object if the operated file is not in the linked list, and operating the access if the operated file is not in the linked list, otherwise, not operating the access.
A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the host guest secure access control method of the trusted DCS controller system described above when the computer program is executed.
A computer readable storage medium storing a computer program which when executed by a processor implements the steps of the host-guest secure access control method of the trusted DCS controller system described above.
Compared with the prior art, the application has the following beneficial technical effects:
the application provides a host-client security access control system of a trusted DCS controller system, which comprises a policy configuration management module and an access control module, wherein the policy configuration management module is positioned at an application layer of the trusted DCS controller system, and the access control module is positioned at a kernel layer of the trusted DCS controller system; the strategy configuration management module is utilized to manage the configuration, inquiry and switch of the function control module of the access control strategy; the access control module is utilized to maintain and update the policy table and judge the operation behavior, so that the security of the SylixOS system can be effectively enhanced, the system important files are prevented from being tampered randomly, the integrity of the important files and the legality of content sources are protected, the integrity, the consistency and the security of configuration files such as audit log files and domestic trusted DCS controllers can be effectively protected, and the security of a service system is effectively provided.
Drawings
FIG. 1 is a diagram of a host-guest secure access control system of a trusted DCS controller system in an embodiment of the present application.
FIG. 2 is a schematic diagram of a host-guest secure access control flow of a trusted DCS controller system in an embodiment of the present application.
Detailed Description
In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
As shown in fig. 1, the application provides a host-guest security access control system of a trusted DCS controller system, which comprises a policy configuration management module and an access control module, wherein the policy configuration management module belongs to an application layer of the trusted DCS controller system, and the access control module belongs to a kernel layer of the trusted DCS controller system.
The policy configuration management module is used for accessing the configuration, inquiry and switch of the function control module of the control policy; the access control module is used for maintaining and updating the policy table and judging the operation behavior.
The strategy configuration management module is used for configuring the object of the access control strategy and comprises a subject process file, an object file and access control rights of other processes to the object file;
access control rights include read, write, and execute. The host process file has all control rights to the object file, and the access rights of other processes to the object file are executed according to the configured object access control rights, wherein the write rights are configured or not, the other processes can prohibit modification operation to the object file, and the relationship between the access control rights of the host process file and the object file is shown in the following table 1:
the maintenance and updating of the access control module strategy table comprises maintenance of a host, an object and an access control authority linked list, corresponding links are inserted at the reading, writing and executing operation positions of the kernel of the trusted DCS controller system, when the reading, writing and executing operation is carried out on a file, the host, the object and the access control authority linked list are searched, if the operated file is in the linked list, whether the host process operating the file is a configured host process is judged, if yes, the access is operated, if not, whether the access is allowed or refused is determined according to the access control authority of the object, and if the access is allowed, the access is operated, otherwise, the access is not carried out.
The host and guest secure access control system can effectively enhance the security of the trusted DCS controller system, prevent system important files from being tampered randomly, protect the integrity of the important files and the legality of content sources, and effectively protect the integrity, consistency and security of configuration files such as audit log files and domestic trusted DCS controllers; the security of the service system is effectively provided.
As shown in fig. 2, the application provides a host-guest secure access control method of a trusted DCS controller system, comprising the steps of: and inserting corresponding links at reading, writing and executing operation positions of the kernel of the trusted DCS controller system, executing operation according to the access request, searching a host, an object and an access control authority linked list when the reading, writing and executing operation is carried out on the file, judging whether a host process for operating the file is a configured host process or not if the operated file is in the linked list, operating the access if the operated file is in the linked list, determining whether to allow or reject the access according to the access control authority of the object if the operated file is not in the linked list, and operating the access if the operated file is not in the linked list, otherwise, not operating the access.
Examples
The policy configuration management module is used for configuring access control policies, including the configuration of the access control policies of the subject and the object, and the configured objects include the access control rights of the subject process file, the object file and other processes to the object file.
The access control authority of the object comprises reading, writing and executing of the object file, when the object is configured with the corresponding authority, the access authority of other processes to the object file is deprived, wherein the writing authority is deprived all the time, only the configured host process is allowed to write the object file, and the other processes are prohibited to write the object file uniformly. The configured control policies are stored in a database for persistence and the database file is also protected by the subject and object access control policies, only commands to the management module of the database file being configured to allow modification.
The policy configuration management module is connected with a function control module, the function control module is used for starting and stopping the access control function of the host and the object, and the function control module has three states:
closed state: in the state, the access of the object file is not verified and controlled at all, and any audit alarm log is not recorded;
monitoring the state: in the state, the access of the object file is verified, the access of other processes to the object file is not prevented, but an audit alarm log is recorded;
opening state: in the state, the access of the object file is verified, other processes are prevented from controlling the access of the object file according to the access control strategy, and meanwhile, an audit alarm log is recorded;
the policy configuration management module is connected with an audit log module, and the audit log module is used for recording an operation log of a user layer, recording all operations of the access control policy into the audit log, and facilitating the audit of the operations.
The access control module of the kernel layer inserts processing functions at the kernel IoOpen, iosFdNew, unlink, rename and __ elfLoad functions respectively, and when the application layer executes the read-write deletion operation on the file, the corresponding function of the kernel layer intercepts the operation and enters the access control module for processing; the access control module searches the corresponding strategy in the strategy table according to the file name of the operation, and if the strategy is not found, the operation is allowed to be continued; if the strategy is found, confirming whether the process for operating the file is a configured main process, and if so, allowing the operation to be continued; if not, checking the access control strategy value, confirming whether the access control authority is configured in the operation authority bit corresponding to the read-write execution, if so, prohibiting the operation, otherwise, allowing the operation to be continued.
The policy maintenance module is responsible for updating the policies, and when the application layer configures or deletes the policies, the policies are issued to the kernel layer by calling the special interfaces and updated into the policy linked list by the policy maintenance module of the kernel.
The policy configuration management module is connected with an audit module, generates an alarm audit log when the operation is stopped, and sends the alarm audit log to the user layer record through a special interface.
The system log file is a place for recording various operations, audits and alarms in the system, and an attacker attacks the system and after executing various operations, generally falsifies or deletes the audit log file in the system in order to hide own operation behaviors, so as to achieve the purpose of being incapable of tracking and investigating oneself. However, the log file needs to be written with data at any time by the log process, and the file cannot be prevented from being modified and deleted by using a completeness means. The application can effectively solve the problem that the configuration log file can only be modified by the appointed log writing process, and other processes can uniformly prohibit modification and deletion. Taking the example of a syslogd process, log security can be protected according to the following configuration.
In still another embodiment of the present application, a host-guest secure access control system of a trusted DCS controller system is provided, where the host-guest secure access control system of the trusted DCS controller system can be used to implement the host-guest secure access control method of the trusted DCS controller system described above, and specifically, the host-guest secure access control system of the trusted DCS controller system includes a policy configuration management module and an access control module;
the policy configuration management module is used for accessing the configuration, inquiry and switch of the function control module of the control policy; the access control module is used for maintaining and updating the policy table and judging the operation behavior.
In yet another embodiment of the present application, a terminal device is provided, the terminal device including a processor and a memory, the memory for storing a computer program, the computer program including program instructions, the processor for executing the program instructions stored by the computer storage medium. The processor may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf Programmable gate arrays (FPGAs) or other Programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc., which are the computational core and control core of the terminal adapted to implement one or more instructions, in particular adapted to load and execute one or more instructions to implement a corresponding method flow or a corresponding function; the processor of the embodiment of the application can be used for the operation of the host-guest secure access control method of the trusted DCS controller system, and comprises the following steps: and inserting corresponding links at reading, writing and executing operation positions of the kernel of the trusted DCS controller system, executing operation according to the access request, searching a host, an object and an access control authority linked list when the reading, writing and executing operation is carried out on the file, judging whether a host process for operating the file is a configured host process or not if the operated file is in the linked list, operating the access if the operated file is in the linked list, determining whether to allow or reject the access according to the access control authority of the object if the operated file is not in the linked list, and operating the access if the operated file is not in the linked list, otherwise, not operating the access.
In a further embodiment of the present application, the present application also provides a storage medium, in particular, a computer readable storage medium (Memory), which is a Memory device in a terminal device, for storing programs and data. It will be appreciated that the computer readable storage medium herein may include both a built-in storage medium in the terminal device and an extended storage medium supported by the terminal device. The computer-readable storage medium provides a storage space storing an operating system of the terminal. Also stored in the memory space are one or more instructions, which may be one or more computer programs (including program code), adapted to be loaded and executed by the processor. The computer readable storage medium herein may be a high-speed RAM memory or a non-volatile memory (non-volatile memory), such as at least one magnetic disk memory.
One or more instructions stored in a computer-readable storage medium may be loaded and executed by a processor to implement the corresponding steps of the host-guest secure access control method with respect to a trusted DCS controller system in the above embodiments; one or more instructions in a computer-readable storage medium are loaded by a processor and perform the steps of: and inserting corresponding links at reading, writing and executing operation positions of the kernel of the trusted DCS controller system, executing operation according to the access request, searching a host, an object and an access control authority linked list when the reading, writing and executing operation is carried out on the file, judging whether a host process for operating the file is a configured host process or not if the operated file is in the linked list, operating the access if the operated file is in the linked list, determining whether to allow or reject the access according to the access control authority of the object if the operated file is not in the linked list, and operating the access if the operated file is not in the linked list, otherwise, not operating the access.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical aspects of the present application and not for limiting the same, and although the present application has been described in detail with reference to the above embodiments, it should be understood by those of ordinary skill in the art that: modifications and equivalents may be made to the specific embodiments of the application without departing from the spirit and scope of the application, which is intended to be covered by the claims.
Claims (10)
1. The host-client security access control system of the trusted DCS controller system is characterized by comprising a policy configuration management module and an access control module;
the policy configuration management module is used for accessing the configuration, inquiry and switch of the function control module of the control policy; the access control module is used for maintaining and updating the policy table and judging the operation behavior.
2. The host-guest secure access control system of claim 1, wherein the object of the configuration of the policy configuration management module for accessing the control policy comprises a host process file, a guest file, and access control rights of other processes to the guest file.
3. The host-guest secure access control system of a trusted DCS controller system of claim 2, wherein the access control rights include read, write and execute; the host process file has all control rights to the object file, and the access rights of other processes to the object file are executed according to the configured object access control rights, wherein the write rights are not configured, and the other processes can prohibit modification operation to the object file.
4. The host-guest secure access control system of claim 1, wherein the maintenance and update of the access control module policy table comprises maintaining a host, a guest, and an access control authority linked list, and inserting corresponding links at the read, write, and execute operations of the trusted DCS controller system kernel, when the read, write, and execute operations are performed on a file, searching the host, the guest, and the access control authority linked list, if the operated file is in the linked list, determining whether the host process operating the file is a configured host process, if yes, operating the access, if not, determining whether to allow or deny the access according to the access control authority of the guest, and if not, operating the access, otherwise, not performing the access.
5. The host-guest secure access control system of claim 1, wherein the policy configuration management module is coupled to a function control module, the function control module being configured to enable and disable host and guest access control functions.
6. The host-guest security access control system of claim 1, wherein the policy configuration management module is connected to an audit log module, and the audit log module is configured to record an operation log of the user layer, and record all operations of the access control policy into the audit log.
7. The host-guest secure access control system of claim 1, wherein the policy maintenance module is responsible for updating policies, and when the policies are configured or deleted by the application layer, the policies are issued to the kernel layer by invoking a dedicated interface and updated to the policy linked list by the policy maintenance module of the kernel; the policy configuration management module is connected with an audit module, generates an alarm audit log when the operation is stopped, and sends the alarm audit log to the user layer record through a special interface.
8. A host-guest secure access control method of a trusted DCS controller system based on the host-guest secure access control system of claim 1, comprising the steps of: and inserting corresponding links at reading, writing and executing operation positions of the kernel of the trusted DCS controller system, executing operation according to the access request, searching a host, an object and an access control authority linked list when the reading, writing and executing operation is carried out on the file, judging whether a host process for operating the file is a configured host process or not if the operated file is in the linked list, operating the access if the operated file is in the linked list, determining whether to allow or reject the access according to the access control authority of the object if the operated file is not in the linked list, and operating the access if the operated file is not in the linked list, otherwise, not operating the access.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor, when executing the computer program, implements the steps of the host guest secure access control method of the trusted DCS controller system of claim 8.
10. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor performs the steps of the host-guest secure access control method of the trusted DCS controller system of claim 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311196057.9A CN117235735A (en) | 2023-09-15 | 2023-09-15 | Main and customer security access control method and system of trusted DCS controller system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311196057.9A CN117235735A (en) | 2023-09-15 | 2023-09-15 | Main and customer security access control method and system of trusted DCS controller system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117235735A true CN117235735A (en) | 2023-12-15 |
Family
ID=89083716
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311196057.9A Pending CN117235735A (en) | 2023-09-15 | 2023-09-15 | Main and customer security access control method and system of trusted DCS controller system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117235735A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117436079A (en) * | 2023-12-20 | 2024-01-23 | 麒麟软件有限公司 | Integrity protection method and system for Linux system |
-
2023
- 2023-09-15 CN CN202311196057.9A patent/CN117235735A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117436079A (en) * | 2023-12-20 | 2024-01-23 | 麒麟软件有限公司 | Integrity protection method and system for Linux system |
| CN117436079B (en) * | 2023-12-20 | 2024-04-05 | 麒麟软件有限公司 | Integrity protection method and system for Linux system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109840410A (en) | The method and system of data isolation and protection in a kind of process | |
| CN101351774B (en) | Method, device and system for coloring page of memory and page associated pages with programs | |
| CN103268438B (en) | Based on Android right management method and the system of call chain | |
| US20160110545A1 (en) | Code pointer authentication for hardware flow control | |
| CN111353162B (en) | TrustZone kernel-based asynchronous execution active trusted computing method and system | |
| US20210089684A1 (en) | Controlled access to data stored in a secure partition | |
| CN102495989A (en) | Subject-label-based access control method and system | |
| CN117235735A (en) | Main and customer security access control method and system of trusted DCS controller system | |
| Shieh | A pattern-oriented intrusion-detection model and its applications | |
| CN102194078A (en) | Method and system for security of file input and output of application programs | |
| CN106228078A (en) | Method for safe operation based on enhancement mode ROST under a kind of Linux | |
| CN105447397A (en) | File security level identification method based on kernel module | |
| CN108205615A (en) | Implementation system and implementation method for optimizing trusted basic component | |
| CN113486400A (en) | Data leakage prevention method and device, electronic equipment and readable storage medium | |
| CN102663313B (en) | Method for realizing information security of computer system | |
| CN107045605A (en) | A kind of real-time metrics method and device | |
| US7487548B1 (en) | Granular access control method and system | |
| CN107368739A (en) | A kind of monitoring method and apparatus of kernel-driven | |
| CN105550582A (en) | Method and system for accessing to virtual disk | |
| KR20130101956A (en) | Method and apparatus for preventing illegal copy of application software using access control of process | |
| CN102737198B (en) | Object protection method and device | |
| WO2023093757A1 (en) | Protection method for system data in control system, and related apparatus | |
| CN103440465A (en) | Mobile storage medium safety control method | |
| JP2005149164A (en) | Method for calling external disclosure function stored in shared library | |
| CN103051608B (en) | A kind of method and apparatus of movable equipment access monitoring |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |