Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Mandatory access control method and system loaded after system startup

A mandatory access control and access control technology, which is applied in the direction of program control design, program control device, program loading/starting, etc., can solve problems such as extended startup time, complicated debugging process, and long development cycle

Active Publication Date: 2021-06-15
BEIJING SOHU NEW MEDIA INFORMATION TECH
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, by adding subject-object tags and access control policy codes in the kernel, it is necessary to deeply understand the Linux kernel and add a lot of kernel codes. The development cycle is long and it is easy to introduce errors in the face of complex kernels; the modified kernel will prolong the startup time. Time; long kernel compilation time, complex debugging process at startup
The use of mandatory access control servers requires complex system design and implementation of communication mechanisms, which will result in additional server nodes, and the implementation of access control requires additional communication costs

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Mandatory access control method and system loaded after system startup
  • Mandatory access control method and system loaded after system startup
  • Mandatory access control method and system loaded after system startup

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0052] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0053] Such as figure 1 As shown, it is a method flow chart of Embodiment 1 of a mandatory access control method loaded after system startup disclosed by the present invention, and the method includes:

[0054] S101. After the system is started, a subject-object tag linked list is initialized in the kernel;

[0055] After the system is started, a subject-object tag linked list needs to be initialized in the kernel. The subject-object tag linked list is used t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a mandatory access control method loaded after the system starts, comprising initializing a subject-object mark list in the kernel after the system starts, the subject-object mark list is used to store the subject-object mark; A loadable module of mandatory access control logic; the linked list of subject and object tags is maintained through application layer tools. The present invention is based on the Linux LSM framework, does not need to modify the kernel in large quantities, and realizes the complete decoupling of the modules of the access control strategy from the kernel, and the module of realizing the access control strategy is loaded after the system is started, which is flexible in use, does not affect the system startup, and does not require service nodes. Compared with the kernel, the module compiles faster, debugs easier, and has a shorter development cycle. It can also implement a custom access control model. The invention also discloses a mandatory access control system loaded after the system starts.

Description

technical field [0001] The invention relates to the technical field of computer system security, in particular to a mandatory access control method and system loaded after system startup. Background technique [0002] Many commercial and research systems are developed based on the Linux kernel. The source code of the Linux kernel is very large, and there are many known vulnerabilities and the vulnerabilities are being continuously discovered. Operating system security issues are very important. A secure system needs to meet the corresponding technical requirements in more than ten aspects such as autonomous access control, mandatory access control, marking, identity authentication, etc. [0003] Among them, Linux mandatory access control is implemented based on the LSM framework. By adding a security domain to the kernel data structure and inserting a hook function into the system call invoked when the process, file and other subject and object access, a specific strategy i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/52G06F9/445
CPCG06F9/44505G06F9/44521G06F21/52
Inventor 田兆楠
Owner BEIJING SOHU NEW MEDIA INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products