Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for determining main body in access control process, equipment and storage medium

An access control and subject technology, applied in the field of information security, can solve problems such as coarse access control granularity, subject deviation, and inability to control according to application programs

Active Publication Date: 2021-08-31
BEIJING TOPSEC NETWORK SECURITY TECH +2
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, from a security point of view, the granularity of this access control is too coarse to meet high-level security requirements, such as control by application (for example, it is reasonable for a document program to open a document file, but an instant messenger program to open Documentation files may mean uploading files)
[0004] In related technologies, in order to control the access of applications, the subject of access control is changed from user account to process, or in its access control policy, the process name or executable file path is used as the subject. However, the process is a difficult to identify Dynamic objects, simply taking the process name or the path of the process executable file as the main body, will cause deviations in the main body in the access control system, and the main body deviation will invalidate the access control

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for determining main body in access control process, equipment and storage medium
  • Method and device for determining main body in access control process, equipment and storage medium
  • Method and device for determining main body in access control process, equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] In order to more clearly understand the above objects, features and advantages of the present disclosure, the solutions of the present disclosure will be further described below. It should be noted that, in the case of no conflict, the embodiments of the present disclosure and the features in the embodiments can be combined with each other.

[0043] In the following description, many specific details are set forth in order to fully understand the present disclosure, but the present disclosure can also be implemented in other ways than described here; obviously, the embodiments in the description are only some of the embodiments of the present disclosure, and Not all examples.

[0044] Based on the description of the background technology, the determination of the subject in the access control process of the present disclosure is to determine the subject when access control is performed on the process. In related technologies, the process is mainly used as the subject of...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method and device for determining a main body in an access control process, equipment and a storage medium, and the method comprises the steps: when an access action of a process on a resource is detected, under the condition that the process determines a transformation main body, taking the transformation main body as the main body of the process; under the condition that the process does not determine the transformation main body, determining that the process is a dynamic library host process according to the classification identifier of the executable file of the process, and obtaining a first non-system built-in dynamic library file on the call stack as the main body of the process; and under the condition that the process does not determine the transformation main body and the process is not a dynamic library host process, taking the executable file of the process as the main body of the process. Therefore, when an access action occurs, the accurate, traceable and localizable main body file can be extracted, so that the access control is more effective in a practical application environment.

Description

technical field [0001] The present disclosure relates to the technical field of information security, and in particular to a method, device, device and storage medium for determining a subject in an access control process. Background technique [0002] Usually, in the field of information security, access control is one of the most basic and important technical means. Its main task is to determine whether the user (subject) has permission to access resources (objects) according to policies (rules), so as to protect designated resources. the goal of. [0003] At present, in the access control that comes with the operating system, the subject is the user account, and the process is the agent of the subject. When the access occurs, the operating system extracts the token of the process, and relies on the account, group and other information contained in the token to follow the rules attached to the object. Access control list on the control. However, from a security point of ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/60
CPCG06F21/604Y02P90/02
Inventor 周国华毕向阳李海峰
Owner BEIJING TOPSEC NETWORK SECURITY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com