Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Loose coupling role authorized-type implementation access control method and system thereof

An access control and loosely coupled technology, applied in the direction of preventing unauthorized use of memory, instruments, electrical digital data processing, etc., can solve the complex syntax and semantics of policy description language, the inability to flexibly adjust security policy configuration, configuration language syntax and rules Complexity and other issues, to achieve the effect of universality, improving access control efficiency, and reducing configuration difficulty

Inactive Publication Date: 2011-10-19
NAT UNIV OF DEFENSE TECH
View PDF1 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] However, the combination of RBAC and TE also leads to the fact that policy analysis must be carried out at two different levels, TE and RBAC. It is necessary to ensure the correctness of TE policies and analyze role authorization policies on this basis, which greatly increases the Complexity in Policy Analysis
Moreover, this approach leads to a tight coupling between type implementation policies and user roles. When the system adds a new role, it needs to check the existing TE security configuration in the system at the same time; the number of policy rules is huge, and the syntax and semantics of the policy description language are relatively complex. Both the formulation and management of rules need to be very familiar with the policy language, otherwise it is easy to make mistakes
Therefore, the configuration of such security policies is mostly carried out by system researchers. The syntax and rules of the configuration language are complex and cannot be changed flexibly. Users cannot flexibly adjust the configuration of security policies according to changes in roles.
In addition, with the increase in the number of control system rule configurations, the system performance will be greatly affected
[0009] According to the use experience of the security operating system, the most important user role in the system is the system administrator, who is responsible for the daily management and configuration of the system, involves most of the system applications, and has the highest authority; functional roles such as security administrators and audit administrators are mainly responsible for For the applications related to this function, the application types are relatively concentrated; in addition, ordinary users generally use the default role when logging in to the system, and if the roles are to be distinguished according to the actual usage, the applications involved in the role are relatively single

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Loose coupling role authorized-type implementation access control method and system thereof
  • Loose coupling role authorized-type implementation access control method and system thereof
  • Loose coupling role authorized-type implementation access control method and system thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0048] The present invention will be further described in detail below with reference to the drawings and specific embodiments of the specification.

[0049] Such as figure 1 Shown is the structure diagram of the implementation system of the present invention based on the type of operating system access control framework component. The type implementation control system constructed by the present invention is connected to the operating system security access control framework in the form of a security module, mainly receives access control requests from the access control framework, and then obtains a security decision according to the current access policy configuration. The system mainly includes five sub-modules: policy initialization, subject security type migration, object security type migration, access authority check, and policy rule configuration management. The policy initialization module is mainly responsible for registering the security module with the access contro...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a loose coupling role authorized-type implementation access control method and a system thereof. The method comprises the following steps of: adding a user role incidence relation based on a type implementation access control method; adding a related process type transformation rule definition relating to a user role and a corresponding type transformation decision mechanism; when a system process type is transformed, according to the process type transformation rule, judging whether to perform role related type transformation according to a current role of the user to change a user process execution flow; and entering a specific security domain of the user role. The system comprises a type implementation access control policy module, a policy security configuration module and a policy rule configuration module, wherein the type implementation access control policy module is operated in the kernel of an operating system; the policy security configuration module is operated on the user layer of the operating system; and the policy rule configuration module is positioned in a file system. The method and the system have the advantages of reducing the influence of user role configuration change on a type implementation rule system, reducing the security configuration difficulties, facilitating flexible configuration according to actual service conditions.

Description

Technical field [0001] The present invention mainly relates to the field of operating system security access control, and particularly refers to an operating system security access control strategy and control system implemented by combining role authorization and type. Background technique [0002] Currently, with the continuous development and large-scale application of information technology, information security has become an increasingly prominent issue. Among them, operating system security provides a strong guarantee for information system security. Access control effectively controls the behavior of the subject and protects information security by controlling the subject's access authority to the object in the operating system. [0003] The Type Enforcement security policy divides the objects with the same security attributes in the operating system into one type, and achieves the purpose of access control by specifying the access rights between types, with fine-grained ac...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F12/14G06F21/62
Inventor 丁滟何连跃魏立峰陈松政唐晓东戴华东吴庆波
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com