Self-learning credible strategy construction method and system based on SELinux

A construction method and self-learning technology, applied in the computer field, which can solve problems such as application programs not running normally

Active Publication Date: 2020-05-15
BEIJING UNIV OF TECH
View PDF5 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] In view of this, the embodiment of the present invention provides a SELinux-based self-learning trusted policy construction method and its syst...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Self-learning credible strategy construction method and system based on SELinux
  • Self-learning credible strategy construction method and system based on SELinux
  • Self-learning credible strategy construction method and system based on SELinux

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0028] The trusted policy is a rule-based database for defining subjects to read objects. Each rule records which type of subject uses which method to read which object is allowed or denied, and at the same time defines which behavior is allowed or denied . Wherein, an object refers to all objects that can be read, including files, directories, p...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides a self-learning credible strategy construction method and system based on SELinux. The method comprises the steps: acquiring an application program needing tobe added into a strategy file; entering a strategy learning mode, and setting the SELinux as a tolerance mode; allowing and executing all operations of the application program, and obtaining rejectioninformation recorded in a log file; reading rejection information, and converting the rejection information into a strategy file; and loading the strategy file to the kernel. According to the self-learning credible strategy construction method and system, SELinux is to be in a tolerance mode for the newly installed application program, the strategy file is constructed through one training process, the application program operation needing to be added into the strategy file is executed, under the condition that the front operation strategy is not added, the rear operation is still allowed to be executed, the learning process cannot be stopped, and the credible strategy needed by the application program is constructed under the condition that program running is not affected.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a SELinux-based self-learning trusted policy construction method and system. Background technique [0002] The default rule of the SELinux security module is that in the enforcement mode, all operations not defined in the policy file will be denied and the rejection information will be written into the log file; in the permissive mode, SELinux will allow all operations of the application and will Operation information not defined in the file is written to the log file. The rejection information in the log file mainly includes: subject and object information, security context, operation of the subject on the object, etc. If certain operation information is defined in the policy file, the operation will not be rejected by SELinux, and the corresponding rejection information will not be recorded in the log file. When the system newly installs an application, any operation of the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/57
CPCG06F21/57
Inventor 张建标万永祺黄浩翔冯星伟陶务升曹雪琛
Owner BEIJING UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products