Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for controlling file access in operation system according to user's action history

An operating system and control file technology, applied in the direction of electronic digital data processing, instrument, platform integrity maintenance, etc., can solve the problems of reducing system security, not examining user behavior history, not considering, etc., to improve security, Effect of preventing malicious users from inappropriately accessing target files via the network

Active Publication Date: 2007-03-28
毛德操 +1
View PDF0 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0012] It should be said that it is a defect in the prior art that the operating system does not consider or examine the user's behavior history in the protection mechanism of files and other objects, which reduces the security of the system to a certain extent.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for controlling file access in operation system according to user's action history

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0045] Embodiment 1, the implementation in the Linux operating system

[0046] The Linux operating system supports many different file systems, but there is not much difference in terms of the implementation of the ACL mechanism, so the following uses ext2 as an example to illustrate the implementation of this method.

[0047] 1. Expansion of ACL:

[0048] In the 2.6.14 version of the Linux code, the data structure of ACE is defined as: struct posix_acl_entry {short e_tag; unsigned short e_perm; unsigned int e_id;};

[0049] The e_tag here is the attribute of ACE; e_id is the ID of the visitor in a certain aspect, that is, the value of a certain attribute, for example, when the attribute is "user", this is the user ID; e_perm is the bitmap of the allowed access rights.

[0050] The ACL is basically an ACE array, that is, an array of posix_acl_entry structures: struct posix_acl{atomic_t a_refcount; unsigned int a_count; struct posix_acl_entry a_entries[0];};

[0051] The stru...

Embodiment 2

[0121] Embodiment two, the implementation in Windows operating system

[0122] The method of the present invention is also applicable to Windows, and the above-mentioned Linux embodiment can be referred to in implementation.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The method includes steps: setting up access control list (ACL) for files needed to protect; arranging access control item with attribute being as 'having executed' for each program needed to guard against in ACL; specific access right is prescribed in ACE, and ID of access is setup as program file name needed to guard against; when a process requests to access a file, operation system checks through each access control item of ACL of the file in sequence. For access control item with attribute being as 'having executed', operation system determines whether current process is executing ACE specified programs by looking at program names provided by 'process control block' in current process. Advantages are: ACL mechanism investigates behavior history of user in order to prevent baleful users from accessing target file inadequately through network so as to raise safety of operation system.

Description

technical field [0001] The invention relates to a user access control method of a computer operating system, mainly a method for controlling file access in the operating system according to user behavior history. Background technique [0002] The computer operating system's access protection for files, directories, and other system resources (such as "registry") in the file system is a basic security mechanism. If there is no such protection mechanism, anyone can arbitrarily modify, add, delete, or execute any file in the system. As for hackers, they can even spread malicious codes such as viruses, worms, and Trojan horses arbitrarily. In that case, the system would have no security at all. [0003] For this reason, as early as 30 years ago, the Unix operating system took measures to divide computer users into three categories: "file owner (creator of the file)", "file owner's peers", and "(other) users" Divide the "access" to the file into three basic operations: reading,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/22G06F21/50
Inventor 毛德操
Owner 毛德操
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products