A Method of User Authorization on Demand Supporting Least Privilege

A user and privileged technology, applied in the direction of instruments, digital data authentication, electronic digital data processing, etc., can solve problems such as incompletion, security risks, and non-compliance with the principle of least privilege, and achieve the effect of minimizing authority
CN104392159BActive Publication Date: 2018-02-06NAT UNIV OF DEFENSE TECH
4 Cites 0 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
NAT UNIV OF DEFENSE TECH
Publication Date
2018-02-06

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention discloses a user on-demand authorization method capable of supporting least privilege. The method comprises the following implementation steps: establishing a plurality of roles in an operating system, and setting a verification password for each role; defining different permission classes needed by running of different application programs as different permission types; associating a user with the corresponding role and the corresponding permission type of the role during login, wherein role conversion or permission type conversion can be carried out according to program requirements; finally extracting the current role and the permission type information of the user, judging whether a program requested by the user is allowed to be executed or not on the basis of the current role and the permission type of the user, if yes, executing the program requested by the user, and otherwise, prohibiting executing the program requested by the user. According to the method, authorization can be carried out according to actual permission requirements of different applications, the applications only have associated permissions to complete normal functions when the user executes the applications, the safety is guaranteed, the usability of the system is improved, the generality is high, and the application range is wide.
Need to check novelty before this filing date? Find Prior Art

Description

Technical field

[0001] The invention relates to the field of user authority management of a computer system, in particular to a method for user-on-demand authorization that supports least privilege. Background technique

[0002] With the gradual deepening of informatization, more and more core businesses are built on information systems, so how to ensure the security and stability of information systems is becoming more and more important. In order to solve this problem, in addition to providing the function of completing normal services, the system also needs to check the operation authority to achieve corresponding access control.

[0003] Access control is an important technology in the field of information security. It prevents unauthorized users from interacting with specific resources in certain ways and ensures that authorized users will not be rejected. Based on whether there is a strict sequence between the subject set and the object set, access control is mainly divided ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More