Cross-platform-unified-management-supported mandatory access controlling system and method

Abstract

The invention discloses a cross-platform-unified-management-supported mandatory access controlling system. The system comprises a security management center; the security management center manages servers with different operating systems and data processing terminals which are connected with the servers, and the security management center also comprises mandatory access controlling modules, which connect the servers and the data processing terminals, in an application layer; and the mandatory access controlling modules comprise a special mandatory access controlling module, a general mandatory access controlling module, a strategy module and an audit module, wherein the general mandatory access controlling module is used for controlling mandatory access and checking strategy conformance. The invention also discloses a mandatory access controlling method based on the system, an access request is checked by the mandatory access controlling module based on a system mandatory access controlling strategy, a behavior which does not accord with the system mandatory access controlling strategy is checked, a behavior which accords with the mandatory access controlling strategy is regulated, the operation of a process on a file is controlled, the reliability of system security is improved, the confidentiality and integrity of an information system can be protected and prevented from being destroyed, and the flexibility of system security control is enhanced.

Description

【Technical field】 [0001] The invention relates to the fields of safety marks, mandatory access control, etc., and in particular to a method for realizing mandatory access control supporting cross-platform unified management. 【Background technique】 [0002] The security management of information system in the construction of informatization has aroused great attention of the country. Information system security management is not just a matter of management system and technology, but an organic collection of strategy, management and technology. Comprehensively constructing and standardizing information security from the height of security management system will effectively guarantee the security of my country's information system. [0003] On the computing platform of the operating system in the prior art, from the application layer to the operating system layer, and then to the device layer, the operation is gradually refined, followed by the gradual dilution of the context ...

AI Technical Summary

Problems solved by technology

[0003] On the computing platform of the operating system in the prior art, from the application layer to the operating system layer, and then to the device layer, the operation is gradually refined, followed by the gradual dilution of the context of the operation, such as in the file system The file system can only see basic operations such as reading, writing, and creating files, but the context in which these actions are initiated and the process of related applications are unknown to the file system. However, from the perspective of the file system layer, it is an unsafe situation. That is, only a general access control mechanism is given at the operating system layer, and it is inevitable that the control will be inflexible and affect the availability of the system.

Images