WO2023098579A1 - Procédé de contrôle d'accès et dispositif associé - Google Patents

Procédé de contrôle d'accès et dispositif associé Download PDF

Info

Publication number
WO2023098579A1
WO2023098579A1 PCT/CN2022/134254 CN2022134254W WO2023098579A1 WO 2023098579 A1 WO2023098579 A1 WO 2023098579A1 CN 2022134254 W CN2022134254 W CN 2022134254W WO 2023098579 A1 WO2023098579 A1 WO 2023098579A1
Authority
WO
WIPO (PCT)
Prior art keywords
policy
application
policy set
application process
kernel
Prior art date
Application number
PCT/CN2022/134254
Other languages
English (en)
Chinese (zh)
Inventor
曹建龙
方锐
周广宇
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2023098579A1 publication Critical patent/WO2023098579A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/544Buffers; Shared memory; Pipes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Definitions

  • the embodiments of the present application relate to the field of computers, and in particular, to an access control method and related equipment.
  • Access control technology is used to distinguish the access rights of different applications to objects. Access control technology stores policies on a trusted base to ensure that policies cannot be tampered with. When an application requests access to an object, it is determined whether the application has permission to access the object by querying the policies in the trust base.
  • the trusted base usually runs in the kernel space, and the application runs in the user space, context switching is required when applying query policies, resulting in high overhead for policy access and policy query during access control.
  • Embodiments of the present application provide an access control method and related equipment, which are used to reduce policy access and policy query overhead during access control.
  • the embodiment of the present application provides an access control method, including: the kernel maps the memory address where the target application policy set is located to the user address space of the object application process, and the target application policy set is used to instruct the subject application process to control the object The access rights of the objects on the application process; where the objects include services and/or resources; the object application process determines the subject application process based on the query requirements for the access rights of the first service and according to the target application policy set mapped to the user address space A first application policy with the first service; the object application process determines the access authority of the subject application process to the first service according to the first application policy.
  • the object on the object application process is also called the object, so the object application process is also called the object application process.
  • the kernel maps the memory address where the target application policy set is located to the user address space of the object application process, so that the object application process can query the relevant The object's application policy, which determines access rights.
  • access rights ie, access control
  • context switching between the object application process and the kernel is not required, thereby reducing policy access and policy query overhead during access control.
  • the kernel maps the memory address where the target application policy set is located to the user address space of the object application process through a binary loader of the kernel.
  • the kernel writes the memory address to which the target application policy set is mapped to the auxiliary vector in the executable file of the object application process.
  • the mapping address information is transmitted through the auxiliary vector.
  • the mapping address information is transmitted through the auxiliary vector, which is relatively simple and has low performance overhead.
  • the auxiliary vector is located at the top of the stack of the object application process.
  • the executable file of the object application process includes a service mask corresponding to the target application policy set; before the kernel maps the memory address where the target application policy set is located to the user address space of the object application process, The kernel parses the policy source file to obtain a source policy set; then, the kernel determines a target application policy set from the source policy set according to the service mask, wherein the target application policy set is used to protect objects on the object application process.
  • the kernel determines the target application policy set corresponding to the object application process from the source policy set through the service mask, realizes the screening of the policy set, and does not map the application policies that are not related to the object application process, thereby reducing the The occupation of the user address space of the object application process is reduced, and the central processing unit (central processing unit, CPU) resource occupied during the mapping process is also reduced.
  • the executable file also includes a signature for the executable file; the kernel verifies the validity of the signature; if the signature is legal, the kernel determines from the source policy set according to the service mask A collection of target application policies.
  • the validity of the service mask and the executable file is verified through the signature, so as to ensure that the service mask is not tampered with, thereby ensuring the integrity and accuracy of the application policy mapped to the user address space of the object application process (If the mask is not tampered with, it can ensure that all application policies related to the object application process are mapped), ensuring that the object application process can query all application policies related to the object application process.
  • the service mask corresponding to the target application policy set is used to identify the target application policy set in the source policy set.
  • the executable file of the object application process includes a service mask corresponding to the target application policy set; the kernel determines the partial policy source corresponding to the target application policy set from the policy source file according to the service mask Then, the kernel maps the memory address where the target application policy set is located to the user address space of the object application process; the object application process parses the above part of policy source files to the above memory address to obtain the target application policy set.
  • the policy source file is parsed by the object application process in the user space, and the kernel does not need to parse the policy source file, which reduces the performance overhead of the kernel and improves the operating efficiency of the kernel.
  • the kernel before the kernel maps the memory address where the target application policy set is located to the user address space of the object application process, the kernel randomizes an address in the user address space of the object application process.
  • the address of the object application process is randomized before mapping, which can reduce the risk of the address where the application policy set is located being leaked, and also avoid the address where the application policy set is mapped to and the address reserved by the user. Space conflicts.
  • the embodiment of the present application provides an access control method, including: the kernel maps the memory address of the policy source file to the address space of the access control management process; the access control management process parses the policy source file to obtain the source policy set; The access control management process loads the target application policy set in the source policy set into the shared memory space of the object application process; wherein, the target application policy set is used to determine the access rights of objects on the object application process; The policy set is mapped to the user address space of the object application process.
  • the policy source file is parsed through the access control management process, and the kernel is not required to parse the policy source file, which reduces the performance overhead of the kernel and improves the operating efficiency of the kernel.
  • the access control management process parses the configuration file of the object application process to obtain the target ID of the target application policy set in the source policy set; the access control management process determines the target ID from the source policy set according to the target ID A target application policy set; the access control management process loads the target application policy set into the shared memory corresponding to the object application process.
  • the access control management process determines the target application policy set corresponding to the object application process from the source policy set according to the configuration file, and realizes the screening of the policy set.
  • the policy is applied, thereby reducing the occupation of the user address space of the object application process, and also reducing the CPU resources occupied during the mapping process.
  • an access control management process parses a policy source file once to implement application policy mapping for multiple object application processes, reducing the number of times of parsing the policy source file and reducing CPU resource occupation.
  • the access control management process parses the service mask in the configuration file of the object application process to obtain the target identifier of the target application policy set in the source policy set.
  • the application management process identifies the shared memory corresponding to the object application process through a unique identifier of the object application process (for example, process identification (process identification, PID), application number app name, etc.).
  • an embodiment of the present application provides a computing device, including a processor and a memory; the processor is coupled to the memory; the memory is used to store a program; the processor is used to execute the program in the memory, so that the processor executes the first aspect or The access control method described in the second aspect.
  • the embodiment of the present application provides a computer-readable storage medium, the computer-readable storage medium stores a computer program, and when the computer program is executed, the method described in the above-mentioned first aspect or the second aspect is realized .
  • the embodiment of the present application provides a computer program product
  • the computer program product includes: computer program code, when the computer program code is executed, the method described in the above first aspect or the second aspect is executed .
  • the present application provides a chip or a chip system, where the chip or chip system includes a processor, configured to implement the method in the first aspect or the second aspect above.
  • the chip or chip system further includes a memory for storing program instructions and/or data.
  • the system-on-a-chip may consist of chips, or may include chips and other discrete devices.
  • an embodiment of the present application provides a server, where the server includes the chip described in the sixth aspect.
  • Fig. 1a is an architecture diagram of the access control method provided by the embodiment of the present application.
  • Figure 1b is another architecture diagram of the access control method provided by the embodiment of the present application.
  • Figure 1c is another architecture diagram of the access control method provided by the embodiment of the present application.
  • FIG. 2 is a schematic diagram of an access control method provided in an embodiment of the present application.
  • FIG. 3 is a schematic flow chart of an access control method provided in an embodiment of the present application.
  • FIG. 4 is another schematic flowchart of the access control method provided by the embodiment of the present application.
  • FIG. 5 is a schematic diagram of an executable file of the access control method provided by the embodiment of the present application.
  • FIG. 6 is another schematic diagram of the access control method provided by the embodiment of the present application.
  • FIG. 7 is another schematic flowchart of the access control method provided by the embodiment of the present application.
  • FIG. 8 is another schematic diagram of the access control method provided by the embodiment of the present application.
  • FIG. 9a is another schematic flowchart of the access control method provided by the embodiment of the present application.
  • FIG. 9b is another schematic diagram of the access control method provided by the embodiment of the present application.
  • FIG. 10 is a structural diagram of an access control method provided by an embodiment of the present application.
  • FIG. 11 is a schematic structural diagram of a computing device provided by an embodiment of the present application.
  • FIG. 12 is a schematic structural diagram of a chip provided by an embodiment of the present application.
  • the embodiment of the present application provides an access control method, which is used to reduce the performance overhead of the kernel and improve the operating efficiency of the kernel.
  • FIG. 1a is a structural diagram of an access control method provided by an embodiment of the present application.
  • the architecture includes a subject application process, an object application process and a kernel.
  • the subject application process and the object application process run on the user space.
  • the object application process includes objects (also referred to as objects), and there is a policy library in the kernel.
  • the policy library includes a policy library 1 (also referred to as a target application policy set in this embodiment of the application), and the policy library 1 includes the subject application process and The first application policy between objects.
  • a policy includes a subject, an object, and an action.
  • the subject represents the execution subject of the access action, which is the subject application process in the embodiment of this application;
  • the object represents the object to be accessed, including services and/or resources in the embodiment of the application;
  • the behavior represents whether the subject can access the object.
  • the object application process is also referred to as the object application process. Since the application process includes the object, it is called the object application process.
  • the kernel is used to map the policy library 1 to the user address space of the object application process.
  • the object application process is used to protect the object. When the subject application process needs to access the object, it needs to query the first application policy; the object application process can query the first application policy through the mapping of the policy library 1 in the user address space.
  • FIG. 1b is another architecture diagram of the access control method provided by the embodiment of the present application.
  • the architecture includes a subject application process, an object application process and a kernel.
  • the kernel is used to determine a part of the policy source file corresponding to the object application process from the policy source file (encoded policy of interest, ePOI) (this part of the policy source file is the target application policy set after parsing), and maps the target application policy set to the user address space of the guest application process.
  • the object application process is used to parse the part of the policy source file, and load the parsed policy set into the user address space of the object application process to obtain the target application policy set (namely policy library 1) of the object application process.
  • the target application policy set is used to protect the object (object) on the object application process.
  • the subject application process needs to access the object on the object application process, it needs to query the first application policy;
  • the first application policy is queried for the mapping of the target application policy set (that is, the policy library 1).
  • FIG. 1c is another architecture diagram of the access control method provided by the embodiment of the present application.
  • the architecture includes a subject application process, multiple object application processes, an access control management process and a kernel.
  • the object application process includes objects, and there is a policy library in the kernel, and the policy library includes policy library 1, policy library 2, ... policy library n.
  • the policy library 1 includes the policies related to the object 1 on the object application process 1, which is also called the target application policy set; other policy libraries can be deduced in the same way, and will not be repeated here.
  • the kernel is used to map the policy library to the access control management process
  • the access control management process is used to map the part of the policy library related to the object application process in the policy library to the user address space of the corresponding object application process (for example, the policy library 1 is mapped to the user address space of the guest application process 1).
  • the object application process 1 is used to protect the object 1.
  • the subject application process needs to access the object 1, it needs to query the first application policy; the object application process 1 can query the first application policy through the mapping of the user address space to the policy library 1.
  • Strategy The functions of other object application processes can be deduced by analogy, and will not be repeated here.
  • the object application process can also be called a policy enforcement point (Policy enforcement point , PEP); Since the object application process can be used to perform policy queries, the object application process can also be called a policy decision point (policy decision point, PDP).
  • Policy enforcement point Policy enforcement point
  • PDP policy decision point
  • Fig. 2 is a schematic diagram of the access control method.
  • the policy mapping module in the kernel maps the application policy set related to the object (on the object application process) to the user address space of the object application process.
  • the policy query module PDP on the object application process can query the application policy set through the mapping of the application policy set on the user address space based on the access authority query requirements of the object, Therefore, the first application policy between the subject application process and the object is determined, and the access authority of the subject application process to the object is determined according to the first application policy.
  • FIG. 3 uses the object application process as an example of the object application process to illustrate the access control method provided by the embodiment of the present application.
  • the method includes:
  • the kernel maps the memory address where the target application policy set is located to the user address space of the object application process, and the target application policy set is used to indicate the access rights of the subject application process to objects on the object application process; where the objects include services and/or or resources.
  • the kernel can determine the memory address where the target application policy set is located, and before the object application process starts, the kernel can map the memory address of the target application policy set to the user address space of the object application process.
  • the kernel can realize the above-mentioned communication after the mapped address through the auxiliary vector. Specifically, before the object application process is started, the kernel may write the memory address to which the target application policy set is mapped to the auxiliary vector of the executable file of the object application process.
  • the auxiliary vector can be used to record the mapping address of the target application policy set (that is, the storage address on the object application process for storing application policies).
  • the object application process determines the first application policy between the subject application process and the first object according to the target application policy set in the user address space based on the access permission query requirement of the subject application process for the first object.
  • the object application process needs to query the access rights of the first object, and the object application process can query the access rights of the first object based on the requirements in the user address space
  • the policy search is performed in the target application policy set, so as to determine the first application policy between the subject application process and the first object.
  • the object application process determines the access right of the subject application process to the first object according to the first application policy.
  • the subject in the first application policy is the subject application process that accesses the first object, and the object is the first object on the object application process.
  • the object application process can determine the access of the subject application process to the first object according to the behavior of the first application policy permission. If the behavior of the first application policy is access, the subject application process can access the first object.
  • the set of target application policies may be derived from parsing policy source files.
  • the embodiments of the present application may include the following situations: 1. The policy source file is parsed by the kernel; 2. The policy source file is parsed by the application management process.
  • the policy source file is parsed by the kernel.
  • Fig. 4 is a schematic diagram of the access control method provided by the embodiment of the present application.
  • the method for parsing the policy source file by the kernel is shown in Fig. 4.
  • This method can be implemented based on the architecture shown in Fig. 1a, and the method includes:
  • the kernel reads the policy source file.
  • the kernel parses the policy source file to obtain a source policy set, which includes policies between all subjects and all objects.
  • the object may be resource and/or service; the location where the object is located may be the object application process.
  • the policy When the object of the policy is an object running on the object application process in the user process space, the policy is called an application policy.
  • the embodiment of the present application is used to avoid the context switch in the process of querying the access rights of the object application process, so it focuses on the application policy, so the application policy is called the policy of interest (POI), and the policy source file is called encoded POIs (ePOIs).
  • POI policy of interest
  • ePOIs encoded POIs
  • POIs there are one or more POIs, so in this embodiment of the application, POIs are also referred to as an application policy set.
  • the kernel can verify the validity of the executable file of the object application process by verifying the signature, so as to ensure that the executable file has not been tampered with. If the kernel verifies that the signature is valid, the subsequent steps are performed.
  • the kernel extracts policies according to the service mask.
  • the executable file includes the service mask of the guest application process.
  • the service mask is used to identify the identifier (identifier, ID) of the POI in the source policy set.
  • the kernel can determine the POI from the source policy set parsed in step 1 according to the service mask, and realize the screening of the application policy. . In this embodiment of the application, this step is also called extracting a policy.
  • the service mask may be a 32-bit integer, and the service mask may identify the ID of the POI in the source policy set by means of or, matching ID, and the like. It should be noted that 32 bits is just an example of the number of bits in the service mask, and the service mask can be more or less bits, such as 16 bits, 64 bits, etc., which is not limited here.
  • the enterprise manager (Oracle Enterprise Manager, OEM) can use the service mask, signature (that is, the signature in step 3 of this embodiment) and the source executable file of the object application process Perform packaging to form an executable file of the object application process.
  • the service mask and signature information may be described in the header of the executable file.
  • the service mask in addition to determining the service mask before leaving the factory, if there are new objects included in the object application process after leaving the factory, the service mask can also be modified after leaving the factory.
  • the service mask can be modified by a trusted subject (such as the kernel) to ensure the accuracy of the service mask.
  • the kernel prepares the address space mapping strategy.
  • the kernel prepares a process address space for the object application process, and at the same time maps the memory address of the POI to the process address space.
  • the kernel assigns the auxiliary vector as the policy map address.
  • the kernel stores the mapping address information into the auxiliary vector, so as to transfer the mapping address information of the application policy to the object application process.
  • the auxiliary vector is a part of the executable file, and during the parsing process of the executable file, the auxiliary vector will be resolved to the above agreed address. Therefore, the kernel assigns the auxiliary vector as the mapping address of the POI, so that the information of the mapping address can be transferred through the auxiliary vector.
  • an AT_POLICY vector may be added in a C standard library (C standard library, Libc), and the vector is used to write to a memory location reserved in the user address space.
  • C standard library C standard library, Libc
  • the AT_POLICY vector can reserve a vector array on the stack top of the object application process when creating the auxiliary vector table of the object application process.
  • the vector array is the auxiliary vector, and each element (vector) in the vector array corresponds to An application policy, an AT_POLICY vector is an element in this array, and the AT_POLICY vector is used to indicate the address of the mapping location of the application policy in the user process space.
  • the kernel When the kernel creates the object application process, it can assign the mapping address of the application policy in the POI to AT_POLICY.
  • the application process queries the policy, it can obtain the mapping address of the target application policy set (POI) at the [AT_POLICY] position corresponding to the auxiliary vector on the top of the stack.
  • the kernel returns to the user address space.
  • the kernel completes the above steps 1 to 6, it completes the mapping of the POI memory address to the auxiliary vector in the user address space of the object application process, so it can return to the user address space so that the application process can start and perform subsequent steps.
  • the application process can query the access rights of the object.
  • the object application process obtains the policy mapping address through the auxiliary vector.
  • the object application process can obtain the mapping address through the auxiliary vector based on the access permission query requirement of the subject application process for the first object, and query the application policy that the subject is the subject application process and the object is the first object through the mapping address.
  • the analysis of the policy source file is implemented through the kernel. Since the policy source file itself is stored on the kernel, the analysis speed is fast and the efficiency is high. Moreover, the kernel parsing and mapping are completed before the application process is started, and the policy can be queried immediately after the application process is started, which improves the efficiency of policy query.
  • the policy source file is parsed by the object application process.
  • the embodiment of the present application can transplant the action of parsing the policy source files to the object application process on the user space, so as to reduce the cost of the kernel. Performance overhead, improve the operating efficiency of the kernel.
  • FIG. 7 is a schematic flow diagram of an access control method provided in the embodiment of the present application. The method can be implemented through the architecture shown in FIG. 1b. As shown in FIG. 7, the method includes:
  • the kernel reads the policy source file ePOI.
  • the kernel verifies the signature.
  • the kernel can verify the validity of the executable file of the object application process by verifying the signature, so as to ensure that the executable file has not been tampered with. If the kernel verifies that the signature is valid, the subsequent steps are performed.
  • the kernel extracts part of the policy source files corresponding to the object application process according to the service mask.
  • the executable file includes the service mask of the guest application process.
  • the service mask is used to identify the identifier (identifier, ID) of the POI in the source policy set.
  • the kernel can determine the part of the policy source file corresponding to the POI in the policy source file ePOI according to the service mask, so as to realize the screening of the application policy. In this embodiment of the application, this step is also called extracting a policy.
  • step 4 in FIG. 4 For the description of the service mask, refer to step 4 in FIG. 4 , which will not be repeated here.
  • the kernel prepares the address space for mapping ePOI.
  • the kernel prepares an address space for the object application process, and at the same time maps the memory address of the POI to the address space of the object application process.
  • the kernel assigns the auxiliary vector as the policy map address.
  • the kernel stores the mapping address information into the auxiliary vector, so as to transfer the mapping address information of the application policy to the object application process.
  • the mapping address information into the auxiliary vector, so as to transfer the mapping address information of the application policy to the object application process.
  • the kernel returns to the user address space.
  • Step 6 and Step 7 refer to the description of Step 7 and Step 8 in FIG. 4 , which will not be repeated here.
  • the object application process obtains the policy mapping address through the auxiliary vector.
  • the object application process can obtain the mapping address from the auxiliary vector based on the query requirements of the subject application process for the access right of the first object, and determine the location of the application policy through the mapping address.
  • the object application process parses part of the policy source files in the ePOI corresponding to the POI determined in step 3, and obtains the POI. Since the kernel has prepared an address space in step 4 for mapping this part of the policy source file, the object application process can find the POI of the application according to the mapping in step 4, and parse and load it into the process address space (the source policy is mapped in step 4 file, so the object application process can find the source file through this mapping address, and then resolve it to its own user address space, and then query the policy from the source file parsed policy when querying the policy).
  • the policy source file is parsed through the object application process, and the kernel is not required to parse the policy source file, which reduces the performance overhead of the kernel and improves the operating efficiency of the kernel.
  • the policy source file is parsed by the access control management process.
  • the application policy can only be queried after step 9 is executed, and each object application process needs to parse the ePOI into a POI before performing policy query.
  • both the object application process 1 and the object application process 2 need to parse the ePOI to the POI before performing the subsequent POI query operation, and the ePOI parsing will slow down the startup speed of each object application process.
  • this application implements a method that performs an ePOI parsing in the access control management process to obtain the source policy set, and then collects the application policy sets required by each object application process through shared memory Mapping to the user address space of the corresponding object application process in other user states to realize the mapping from the POI to the corresponding object application process. Therefore, multiple object application processes in the user mode only need to analyze the ePOI once, so as to ensure that all object application processes can query policies.
  • the access control management process is used to analyze and manage all application access control policies.
  • Fig. 9a is a schematic flowchart of an access control method provided by an embodiment of the present application, and the method can be implemented based on the architecture shown in Fig. 1c. As shown in Figure 9a, the specific steps of the method are as follows:
  • the kernel reads the policy source file ePOI.
  • the kernel verifies the signature.
  • the kernel verifies the signature of the source executable file of the object application process.
  • the source executable file does not include the service mask.
  • the function of signature verification is to verify the legitimacy of the access control management process.
  • the kernel maps the policy source file ePOI to the access control management process.
  • the kernel prepares to access the address space of the control management process, and maps the policy source file ePOI to it.
  • the ePOI mapped here is a policy source file, which contains information about all policies.
  • the kernel transmits the mapping address information of the ePOI to the access control management process through the auxiliary vector.
  • the kernel stores the mapping address information of the ePOI into the auxiliary vector, thereby delivering the mapping address information of the ePOI to the access control management process.
  • the auxiliary vector refer to the description of step 6 in FIG. 4 , which will not be repeated here.
  • the kernel returns to the user address space.
  • the access control management process obtains the mapping address of the ePOI through the auxiliary vector.
  • the access control management process parses the ePOI to obtain the source policy set.
  • the access control management process parses the ePOI to obtain the source policy set, and parses the source policy set into the process space of the access management process; please refer to Figure 9b, step 9 in Figure 9a corresponds to step 1 in Figure 9b.
  • the access control management process determines the respective POIs of the object application processes (each object application process corresponds to one) according to the service IDs of the object application processes.
  • the access control management process can obtain the configuration file of the object application process, thereby parsing the service mask in the configuration file of the object application process, and obtaining the target application policy set (POI) in the source policy set
  • the policy ID also referred to herein as the target ID, or service ID
  • the access control management process can determine the target application policy set (POI) from the source policy set according to the target identifier.
  • the policy ID in addition to obtaining the policy ID of the POI of the object application process in the source policy set by parsing the service mask in the configuration file; the policy ID can also be obtained by other means, such as inter-process communication IPC, etc. There is no limit.
  • the access control management process loads the POI into the shared memory space of the corresponding object application process.
  • the access control management process After the access control management process determines the target application policy set (POI), it can load the memory address of the target application policy set into the shared memory corresponding to the object application process, thereby mapping the target application policy set (POI) to the object application process corresponding shared memory.
  • this step may be performed by a policy parser on the access control management process, see step 2 in FIG. 9b.
  • the shared memory space between the access control management process and each object application process is specified by a different shared memory file, and the shared memory file name corresponds to each object application process, which can be the app name or other unique identifier of each object application process , there is no restriction here.
  • the object application process finds the corresponding shared memory file according to their respective app names (or other unique identifiers), and maps the POI in the shared memory file to the user process space of the object application process. Wherein, the POI of the object application process is saved in the shared memory file. This step should be the step 3 in Figure 9b.
  • an access control management process is used to analyze all policies in the user state, and map the application policies of multiple object application processes, avoiding the need for each object application process when starting Policy analysis reduces system complexity.
  • the embodiment of the present application provides a policy query framework.
  • the object application process is started by the system process, and after entering the kernel, the kernel uses a binary loader to load the executable file of the object application process.
  • the header analyzer in the kernel analyzes the header mark of the executable file to see if there is a security marker for identity verification.
  • the signature analyzer verifies the identity. If the identity is legal, the policy in the kernel is randomly mapped to the process address space, and the address information is passed to the object application process through the auxiliary vector. After the object application process is started, the memory can be quickly queried to obtain the access policy.
  • the kernel is a trusted computing base (trusted computing base, TCB)
  • TCB trusted computing base
  • the access control method provided by the embodiment of the present application has the following advantages:
  • the method in this embodiment of the application can query policies without privilege switching.
  • the mapping in the embodiment of the present application is implemented by the kernel, and the kernel belongs to the trusted base, which ensures the credibility of the policy mapping.
  • the policy manager server (PMS) running in the user space stores application policies related to the application process of the object to reduce context switching, but this method requires an information processing center (information processing center, IPC) and PMS communication can only be realized, and IPC performance loss cannot be avoided.
  • IPC information processing center
  • the method of the embodiment of the present application does not require IPC to communicate with the PMS, the policy can be directly mapped to the address space of the object application process, and no new privileged process is required.
  • the kernel needs to protect shared resources through atomic locks, and the performance is degraded under a symmetric multi-processing architecture (symmetric multi-processor, SMP).
  • SMP symmetric multi-processor
  • each object application process has a mapping of the required application strategy locally, and the kernel does not need to protect shared resources through atomic locks, and the performance under SMP is improved.
  • an embodiment of the present application provides a computing device 1100, including a processor 1101 and a memory 1102; the processor 1101 is coupled to the memory 1102; the memory 1101 is used to store programs; the processor 1102 is used to execute the The program enables the processor 1102 to execute the access control methods described in FIG. 2 to FIG. 10 .
  • the embodiment of the present application provides a chip 1200, the chip 1200 includes at least one processor 1201 and a communication interface 1202, the communication interface 1202 and at least one processor 1201 are interconnected by lines, and at least one processor 1201 is used for Running a computer program or instruction to implement the access control method corresponding to any one of the above-mentioned embodiments in FIG. 2 to FIG. 10 .
  • the communication interface 1202 in the chip may be an input/output interface, a pin or a circuit, and the like.
  • the chip 1200 described above in this application further includes at least one memory 1203 , and instructions are stored in the at least one memory 1203 .
  • the memory 1203 may be a storage unit inside the chip, such as a register, a cache, etc., or a storage unit of the chip (eg, a read-only memory, a random access memory, etc.).
  • the disclosed system, device and method can be implemented in other ways.
  • the device embodiments described above are only illustrative.
  • the division of the units is only a logical function division. In actual implementation, there may be other division methods.
  • multiple units or components can be combined or May be integrated into another system, or some features may be ignored, or not implemented.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.
  • each functional unit in each embodiment of the present application may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit.
  • the above-mentioned integrated units can be implemented in the form of hardware or in the form of software functional units.
  • the integrated unit is realized in the form of a software function unit and sold or used as an independent product, it can be stored in a computer-readable storage medium.
  • the technical solution of the present application is essentially or part of the contribution to the prior art or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , including several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present application.
  • the aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), magnetic disk or optical disc and other media that can store program codes. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

Des modes de réalisation de la présente demande divulguent un procédé de contrôle d'accès, destiné à être utilisé pour réduire un accès à une politique et un surdébit d'interrogation de politique pendant un contrôle d'accès. Le procédé dans les modes de réalisation de la présente demande comprend les étapes suivantes : un noyau mappe, dans un espace d'adresse d'utilisateur d'une progression d'application d'objet, une adresse de mémoire dans laquelle un ensemble de politiques d'application cible est situé, l'ensemble de politiques d'application cible étant utilisé pour indiquer une autorisation d'accès d'une progression d'application de sujet sur un objet de la progression d'application d'objet, l'objet comprenant un service et/ou une ressource ; la progression d'application d'objet détermine une première politique d'application entre la progression d'application de sujet et un premier objet sur la base d'une exigence d'interrogation d'autorisation d'accès pour le premier objet et selon l'ensemble de politiques d'application cible mappé dans l'espace d'adresse d'utilisateur ; et la progression d'application d'objet détermine une autorisation d'accès de la progression d'application de sujet sur le premier objet selon la première politique d'application.
PCT/CN2022/134254 2021-11-30 2022-11-25 Procédé de contrôle d'accès et dispositif associé WO2023098579A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111446740.4 2021-11-30
CN202111446740.4A CN116204858A (zh) 2021-11-30 2021-11-30 一种访问控制方法和相关设备

Publications (1)

Publication Number Publication Date
WO2023098579A1 true WO2023098579A1 (fr) 2023-06-08

Family

ID=86515174

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/134254 WO2023098579A1 (fr) 2021-11-30 2022-11-25 Procédé de contrôle d'accès et dispositif associé

Country Status (2)

Country Link
CN (1) CN116204858A (fr)
WO (1) WO2023098579A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103971067A (zh) * 2014-05-30 2014-08-06 中国人民解放军国防科学技术大学 支持核内外实体的操作系统内核统一访问控制方法
CN104112089A (zh) * 2014-07-17 2014-10-22 中国人民解放军国防科学技术大学 基于多策略融合的强制访问控制方法
CN104885092A (zh) * 2012-11-13 2015-09-02 奥克兰服务有限公司 用于操作系统的安全系统和方法
CN105701416A (zh) * 2016-01-11 2016-06-22 华为技术有限公司 强制访问控制方法、装置和物理主机
CN109992983A (zh) * 2019-04-15 2019-07-09 苏州浪潮智能科技有限公司 一种强制访问控制方法、装置、设备及可读存储介质

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104885092A (zh) * 2012-11-13 2015-09-02 奥克兰服务有限公司 用于操作系统的安全系统和方法
CN103971067A (zh) * 2014-05-30 2014-08-06 中国人民解放军国防科学技术大学 支持核内外实体的操作系统内核统一访问控制方法
CN104112089A (zh) * 2014-07-17 2014-10-22 中国人民解放军国防科学技术大学 基于多策略融合的强制访问控制方法
CN105701416A (zh) * 2016-01-11 2016-06-22 华为技术有限公司 强制访问控制方法、装置和物理主机
CN109992983A (zh) * 2019-04-15 2019-07-09 苏州浪潮智能科技有限公司 一种强制访问控制方法、装置、设备及可读存储介质

Also Published As

Publication number Publication date
CN116204858A (zh) 2023-06-02

Similar Documents

Publication Publication Date Title
US11392506B2 (en) Apparatus and method for secure memory access using trust domains
EP0803101B1 (fr) Mecanisme permettant de connecter des fichiers d'un systeme emule et d'un systeme central en vue d'un acces par les utilisateurs du systeme emule
US10726120B2 (en) System, apparatus and method for providing locality assertion between a security processor and an enclave
US20070168567A1 (en) System and method for file based I/O directly between an application instance and an I/O adapter
CN108073823B (zh) 数据处理方法、装置及系统
US11481339B2 (en) Trusted intermediary realm
EP3867783B1 (fr) Signature de parametre pour des parametres de configuration de securite realm
US7577761B2 (en) Out of user space I/O directly between a host system and a physical adapter using file based linear block address translation
EP1989627A2 (fr) Prévention de la modification d'un code exécutable
KR101356223B1 (ko) 클라우드 환경에서의 클라우드 사용자를 위한 컴퓨팅 자원 할당 검증 장치 및 방법
WO2023098579A1 (fr) Procédé de contrôle d'accès et dispositif associé
JP4853671B2 (ja) アクセス権限判定システム、アクセス権限判定方法及びアクセス権限判定プログラム
CN112214769B (zh) 基于SGX架构的Windows系统的主动度量系统
Giantsidi et al. Treaty: Secure Distributed Transactions
US11748140B2 (en) Virtual machine security policy implementation
CN116521306A (zh) 一种容器使能selinux的方法和计算机设备
CN112631720B (zh) 内存控制方法、介质及设备
US12001541B2 (en) Parameter signature for realm security configuration parameters
US20230195652A1 (en) Method and apparatus to set guest physical address mapping attributes for trusted domain
US20230098288A1 (en) Apparatus and method for role-based register protection for tdx-io
Suann Zircon on seL4
Zhang IEEE Case 2007 Program Chair

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22900383

Country of ref document: EP

Kind code of ref document: A1