Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A Method of User Authorization on Demand Supporting Least Privilege

A user and privileged technology, applied in the direction of instruments, digital data authentication, electronic digital data processing, etc., can solve problems such as incompletion, security risks, and non-compliance with the principle of least privilege, and achieve the effect of minimizing authority

Active Publication Date: 2018-02-06
NAT UNIV OF DEFENSE TECH
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The system often involves more permissions. If more permissions are associated with a role, the user associated with the role will have greater operation authority, which does not conform to the principle of least privilege, and it is often easy to bring security risks; if Each role has fewer permissions, which in turn leads to the fact that users who are only associated with this role are often unable to complete all the required operations
To sum up, in the user authorization scheme of the prior art, the relevant authority is granted to the administrative user at one time, which does not conform to the principle of least privilege and may easily bring security risks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Method of User Authorization on Demand Supporting Least Privilege
  • A Method of User Authorization on Demand Supporting Least Privilege
  • A Method of User Authorization on Demand Supporting Least Privilege

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] Such as figure 1 As shown, the implementation steps of the method for supporting the least privileged user on-demand authorization in this embodiment are as follows:

[0046] 1) Establish multiple roles in the operating system, and set authentication passwords for each role; define the different permissions required by different applications in the operating system to run as different permission types, and control that one user can associate multiple roles and Each user can only be associated with one role at the same time, a role can be associated with multiple permission types, and each role can only be associated with one permission type at the same time;

[0047] 2) When a user logs in to the operating system, set a role for the user and associate the permission type of the role, and provide the user with an explicit conversion function that specifies the required role and permission type conversion during the operation of the operating system. When the user initiates a c...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a user on-demand authorization method capable of supporting least privilege. The method comprises the following implementation steps: establishing a plurality of roles in an operating system, and setting a verification password for each role; defining different permission classes needed by running of different application programs as different permission types; associating a user with the corresponding role and the corresponding permission type of the role during login, wherein role conversion or permission type conversion can be carried out according to program requirements; finally extracting the current role and the permission type information of the user, judging whether a program requested by the user is allowed to be executed or not on the basis of the current role and the permission type of the user, if yes, executing the program requested by the user, and otherwise, prohibiting executing the program requested by the user. According to the method, authorization can be carried out according to actual permission requirements of different applications, the applications only have associated permissions to complete normal functions when the user executes the applications, the safety is guaranteed, the usability of the system is improved, the generality is high, and the application range is wide.

Description

Technical field [0001] The invention relates to the field of user authority management of a computer system, in particular to a method for user-on-demand authorization that supports least privilege. Background technique [0002] With the gradual deepening of informatization, more and more core businesses are built on information systems, so how to ensure the security and stability of information systems is becoming more and more important. In order to solve this problem, in addition to providing the function of completing normal services, the system also needs to check the operation authority to achieve corresponding access control. [0003] Access control is an important technology in the field of information security. It prevents unauthorized users from interacting with specific resources in certain ways and ensures that authorized users will not be rejected. Based on whether there is a strict sequence between the subject set and the object set, access control is mainly divided ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/31G06F21/51
CPCG06F21/31G06F21/604G06F2221/2141
Inventor 吴庆波董攀孙利杰廖湘科罗军陈松政魏立峰黄辰林戴华东唐晓东丁滟
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com