Operation system architecture based on separation of permissions and implementation method thereof

A technology of operating system and separation of three powers, which is applied in the directions of instruments, electrical digital data processing, platform integrity maintenance, etc., and can solve problems such as excessive authority

Inactive Publication Date: 2011-04-27
BEIJING UNIV OF TECH
View PDF3 Cites 36 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The purpose of the present invention is to solve various security problems caused by privileged users of the operating system due to excessive authority by providing an operating system architecture and implementation method based on the separation of three rights

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Operation system architecture based on separation of permissions and implementation method thereof
  • Operation system architecture based on separation of permissions and implementation method thereof
  • Operation system architecture based on separation of permissions and implementation method thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] Below in conjunction with accompanying drawing of description, specific embodiment of the present invention is described:

[0045] An operating system architecture based on the separation of three rights. The operating system rights are divided into system management rights, security management rights, and security audit rights; the system management rights correspond to the System Management Subsystem (SMS) in the operating system , the security management right corresponds to the security management subsystem (Security Management Subsystem, SEMS) in the operating system, and the security audit right corresponds to the audit subsystem (Audit Subsystem, AS) in the operating system; deleting the administrator will log in to the operating system The user who performs the actual operation is named as the operator;

[0046] (1) System Management Subsystem (SMS)

[0047] The system management subsystem is composed of trusted measurement, trusted service, trusted reference l...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an operation system architecture based on the separation of permissions and an implementation method thereof, wherein the permissions are divided into a system management permission, a security management permission and a security audit permission; the system management permission corresponds to a management subsystem in an operation system, the security management permission corresponds to a security management subsystem in the operation system, and the security audit permission corresponds to a security audit subsystem in the operation system. The implementation method comprises the following steps: deleting the administrator, and taking a user who logs in the operation system and carries out actual operation as the operator; running a file filtering driver PriKernel in a WINDOWS kernel layer so as to complete a control system based on the separation of permissions, and after loading a security strategy on the control system, by an upper trust agent, intercepting the communication information between an application layer of the operation system and a bottom file system, then sending the communication information to the three subsystems to judge; and thoroughly removing the role of administrator so as to realize the separation of permissions. The operation system architecture and the implementation method provided by the invention have the advantages of reducing the occurrence of systematic security accidents caused by the misjudgment of the administrator, and prohibiting the illegal operation performed for some purpose by the administrator.

Description

technical field [0001] The present invention is based on the operating system system structure and implementation method of separation of three rights, and relates to the realization method of separating the three rights of operating system privileges in the core layer of the system. This method can realize the effective separation of operating system privileges. According to the mapping of privileges, the privileges are divided into three parts that both restrict and support each other, avoiding system security accidents caused by administrator misjudgments, and prohibiting management Illegal operations performed by administrators for illegal purposes completely remove the role of super administrators with all privileges in the operating system, which belongs to the field of information security. Background technique [0002] Privileges are the permissions that the operating system must have to perform some security operations, such as maintaining user accounts, installing ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/20G06F21/57
Inventor 李瑜赵勇韩培胜
Owner BEIJING UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap