Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

User privilege escalation method supporting mandatory access control

A mandatory access control and user technology, applied in the direction of digital data authentication, can solve problems such as process security attributes not being set correctly, users unable to perform privileged operations, and privilege escalation failures. Ease of use effect

Active Publication Date: 2014-09-10
NAT UNIV OF DEFENSE TECH
View PDF5 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in a system that supports mandatory access control, ordinary privilege escalation only changes the user ID and group ID, and the mandatory access control security attributes corresponding to the privileged process are inherited from the parent process by default, and there is no corresponding action with privilege escalation. Change, so operations after privilege escalation may still be blocked by mandatory access control, resulting in final privilege escalation failure
[0011] To sum up, the existing privilege escalation methods do not support or partially support mandatory access control, and when the privilege is escalated in a system that supports mandatory access control, the security attributes of the process after privilege escalation are not set correctly, resulting in Privileged operations are still blocked by the mandatory access control system, and users cannot perform privileged operations

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • User privilege escalation method supporting mandatory access control
  • User privilege escalation method supporting mandatory access control
  • User privilege escalation method supporting mandatory access control

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035]The present invention will be further described below in conjunction with the accompanying drawings and specific preferred embodiments, but the protection scope of the present invention is not limited thereby.

[0036] like figure 1 As shown, the specific implementation steps of the user privilege escalation method that supports mandatory access control in this embodiment are as follows:

[0037] 1) Pre-forcibly classify the privileged programs of the operating system and associate them with different administrator roles;

[0038] 2) Detect the operation requests of ordinary users, and when a privileged operation request is detected, jump to step 3);

[0039] 3) Authenticate the ordinary user who issued the privileged operation request. If the authentication is passed, the child process is forked, the security attribute of the child process is set, and the security attribute of the child process is inherited from the administrator associated with the target privileged p...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a user privilege escalation method supporting mandatory access control. The method comprises the following steps that: (1) privilege programs of an operating system are subjected to mandatory classification in advance and are correlated with different administrator roles; (2) access requests of users are detected, and when a privilege operation request is detected, jumping is carried out to execute the step (3); and (3) a user sending out the privilege operation request is authenticated, if the authentication is passed, a child process is derived, security attributes of the child process are set and are enabled to inherit security attributes of the administrator roles corresponding to the target privilege programs, and the target privilege programs are executed through the child process; and if the authentication is not passed, the privilege operation request of the user is refused, and exiting is carried out. The user privilege escalation method has the advantages that a realization method is simple; the privilege escalation operation of the user can be realized; in addition, the mandatory access control is supported; the safety of the operating system is high; and in addition, the usability is high.

Description

technical field [0001] The invention relates to the technical field of user privilege elevation of computer operating systems, in particular to a user privilege elevation method supporting mandatory access control. Background technique [0002] With the development of computer technology and network technology, the security of computer systems has become more and more important, and the operating system, as the manager of computer resources, is the basis of the security of the entire host system. An effective and reliable operating system should also have strong security and corresponding protection measures, that is, it can eliminate or limit the security risks posed to the system by skylights, hidden passages, Trojan horses, etc., and provide sufficient protection for the information in the system. Prevent unauthorized users from misusing or destroying system software resources. [0003] Many users like to log in to the system with an administrator account (Administrator ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/31
CPCG06F21/31
Inventor 陈松政罗求魏立峰董攀黄辰林付松龄丁滟唐晓东
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com