Protecting system for access control system in virtual domain

A protection system and access control technology, applied in the direction of program control devices, platform integrity maintenance, software simulation/interpretation/simulation, etc., can solve problems such as inability to effectively guarantee security and failure of the security system to start normally, and achieve increased effect of difficulty

Inactive Publication Date: 2014-09-24
HUAZHONG UNIV OF SCI & TECH
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Malicious programs (such as rootkits, etc.) often run in the kernel mode, not only can see the memory information of all user programs, but also can bypass the inspection of the security system, and can also prevent the security system from starting normally
The traditional mandatory access control system cannot effectively guarantee its own security, and this problem cannot be solved under the traditional architecture

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Protecting system for access control system in virtual domain

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] The technical terms of the present invention are firstly explained and illustrated below.

[0024] Low-level semantics: the operational semantics that the machine can recognize when the system is executing

[0025] High-level semantics: the operational semantics that the system administrator can recognize when the system is executing

[0026] Security Policy: The guidelines for system operation formulated for the purpose of information security.

[0027] Process information: the process number when the process is running, the process number and other information.

[0028] File operation information: the system reads, writes, deletes, and creates files, etc.

[0029] The present invention will be described in further detail below in conjunction with the accompanying drawings.

[0030] Such as figure 1 As shown, the protection system of the access control system in the virtual domain of the present invention includes a policy execution module 1 , a policy decision cac...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a protecting system for an access control system in a virtual domain, which comprises a policy executing module, a policy decision buffering module, a policy server module and an internal memory protecting module. The policy executing module is used for intercepting low-level semantics, converting the intercepted low-level semantics into high-level semantics, transmitting the high-level semantics to the policy decision buffering module and acquiring policy decision results, the policy decision buffering module is used for receiving the high-level semantics from the policy executing module, transmitting the high-level semantics to the policy server module, acquiring the policy decision results from the policy server module, transmitting the policy decision results to the policy executing module and caching the policy decision results, and the policy server module is used for searching a safety policy library thereof according to the high-level semantics so as to generate policy decision results. The access control system in the virtual domain can be protected from being attacked by the protecting system, and the safety thereof is improved.

Description

technical field [0001] The invention belongs to the fields of computer resource virtualization and computer system security, and in particular relates to a protection system for an access control system in a virtual domain. Background technique [0002] Mandatory Access Control (MAC) is an effective method to prevent computer systems from being attacked. MAC can prevent malicious users or malicious codes that imitate legitimate users from abusing resources, because MAC access rules can only be modified by system administrators, and malicious codes cannot modify security policies without system permission. A variety of models and systems have been applied to different operating systems, such as SELinux, Trustees, and Security Enhanced Linux (SELinux for short), which is the most representative of them, with a flexible and mandatory The access control structure can improve the security of the Linux system, provide a strong security guarantee, and can defend against unknown at...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F9/455G06F21/53
Inventor 金海邹德清杨凯段培胡刚项国富陈刚代炜琦
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap