CN102904889A - Cross-platform-unified-management-supported mandatory access controlling system and method - Google Patents
Cross-platform-unified-management-supported mandatory access controlling system and method Download PDFInfo
- Publication number
- CN102904889A CN102904889A CN2012103853416A CN201210385341A CN102904889A CN 102904889 A CN102904889 A CN 102904889A CN 2012103853416 A CN2012103853416 A CN 2012103853416A CN 201210385341 A CN201210385341 A CN 201210385341A CN 102904889 A CN102904889 A CN 102904889A
- Authority
- CN
- China
- Prior art keywords
- module
- access control
- security
- request
- policy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a cross-platform-unified-management-supported mandatory access controlling system. The system comprises a security management center; the security management center manages servers with different operating systems and data processing terminals which are connected with the servers, and the security management center also comprises mandatory access controlling modules, which connect the servers and the data processing terminals, in an application layer; and the mandatory access controlling modules comprise a special mandatory access controlling module, a general mandatory access controlling module, a strategy module and an audit module, wherein the general mandatory access controlling module is used for controlling mandatory access and checking strategy conformance. The invention also discloses a mandatory access controlling method based on the system, an access request is checked by the mandatory access controlling module based on a system mandatory access controlling strategy, a behavior which does not accord with the system mandatory access controlling strategy is checked, a behavior which accords with the mandatory access controlling strategy is regulated, the operation of a process on a file is controlled, the reliability of system security is improved, the confidentiality and integrity of an information system can be protected and prevented from being destroyed, and the flexibility of system security control is enhanced.
Description
[technical field]
The present invention relates to the fields such as safety label, pressure access control, relate in particular to the pressure access control implementation method of supporting cross-platform unified management.
[background technology]
In informatization, carry out the information system security management and caused the great attention of country.The information system security management not merely is management system and technical problem, but organic set of strategy, management and technology.Make up and standardize information safety from the height of security management system comprehensively, will effectively ensure the information system security of China.
On the computing platform of the operating system of prior art, from the application layer to the operating system layer, arrive again mechanical floor, operation is by progressively refinement, the thing followed is that the linguistic context at operation place is watered down gradually, for example can only see substantially reading of file at file system layer, write, the operations such as establishment, but these actions are initiated under what linguistic context, the flow process of related application how, and file system is also unknown, so the request of certain safe and reasonable of application layer can occur, but be unsafe situation at file system layer, namely only provide general access control mechanisms at operating system layer, can occur unavoidably controlling dumb, affect the situation of system availability.
[summary of the invention]
The invention provides a kind of practical cross-platform unified management of support the pressure access control system should, in the judge fail safe of application operating request of concrete application context, confidentiality and the integrality of protection information system are not damaged.
The present invention solves the problems of the technologies described above by following technical proposals:
The present invention discloses a kind of pressure access control system of supporting cross-platform unified management, comprise: security management center, the server of the different operating system of security management center management management and the data processing terminal of connection server, it is characterized in that, described security management center also comprises the pressure access control module of the application layer of connection server and data processing terminal, and described pressure access control module comprises the special-purpose access control module of forcing, be used for forcing the general pressure access control module of access control and the inspection of tactful accordance, policy management module and audit module.
Aforesaid pressure access control system, the described special-purpose access control module of forcing is divided into application package module and safety system calling module according to implementation.
The present invention also discloses a kind of forced access control method of the pressure access control system based on the above-mentioned cross-platform unified management of support, comprises the steps:
(1), application layer sends access request, forces access control module to tackle this access request;
(2), force access control module and annotation management module communication, whether the and safety label of Subjective and Objective in the acquisition access request meets System Security Policy to check this access request;
(3), force access control module to judge whether safety of this access request according to the safety label of the Subjective and Objective in the access request that obtains and system's accordance inspection policy;
(4) if inspection is passed through, allow described access request to carry out, send audit log to the audit module, change the module of auditing otherwise access request is passed to grade;
(5), whether grade change the audit module and change the audit policy inspection according to system-level and meet and change safe class allowing access request to carry out, if can, then allow this request, otherwise refuse this request, the warning of auditing simultaneously.
Whether aforesaid forced access control method meets the change safe class and refers to that Iterim Change or permanent object safe level are to allow access request to carry out in the described step (5).
Aforesaid forced access control method, described tactful form comprises body mark and object mark.
Aforesaid forced access control method, the object of Subjective and Objective comprises process, file, section, equipment in the access request in the described step (2).
Aforesaid forced access control method, the safety label of Subjective and Objective comprises the appointment sensitivity label according to grade separation and the combination of non-grade separation in the described access request.
Aforesaid forced access control method, described step (1) also comprises the step that System Security Policy is written into.
Aforesaid forced access control method, described server and terminal be as controlled terminal, and when described System Security Policy was written into and is triggered by the policy update request signal, the loading method of described System Security Policy comprised the steps:
(1), security management center sends the policy update request to controlled terminal, the tactful version that clearly upgrades;
(2), controlled terminal receives the policy update request by the security strategy Executive Module;
(3), security strategy Executive Module invocation flags administration module checks Existing policies version situation;
(4), the Existing policies version that returns when the annotation management module is lower than when upgrading version, policy enforcement module is processed module sending strategy application audit information to management information, and enters the wait update mode;
(5), management information processing module is passed through the kernel system call to security management center sending strategy request for data bag;
(6), network-driven sends to security management center with tactful request for data bag;
(7), after security management center receives tactful request for data bag, send corresponding policy data bag to the node subsystem;
(8), management information is processed module and is obtained the policy data bag by the kernel system call, and it is decrypted operation and integrity checking operation;
(9), management information processes module and is written into interface by the annotation management module policy, security strategy is written into the access vector cache of annotation management module;
(10), the policy update of management information processing module notice security strategy Executive Module is finished;
(11), security strategy Executive Module invocation flags administration module once again, finish security strategy accordance inspection operation;
(12), check by after, system recovers normal operating condition, as checks failure, then sends failed audit information to security management center, requires security management center to carry out strategy inspection, and again renewal.
Aforesaid forced access control method, the permission access request in the described step (4) are carried out and are comprised system access control execution, and described system access control is carried out and comprised the steps:
(1), application program proposes the access control request by system call;
(2), system call entry call security strategy Executive Module;
(3), security strategy Executive Module invocation flags administration module, carry out the annotation management decision function, and return judged result;
(4), the security strategy Executive Module sends to management information with audit information and processes module;
(5), after the system call entrance obtains the ruling function of security strategy Executive Module, enter the system call execution phase:
(6), system call complete after, return application subsystem.
As mentioned above; the pressure access control module of the present invention by set security management center is for the strategy inspection of access request; the behavior that does not meet system's Mandatory Access Control is checked; meet and force the access of access strategy to be adjusted; the control process is to the operation of file; improve the reliability of system safety, confidentiality and the integrality of protection information system are not damaged, and strengthen the flexibility of system security controls.
[description of drawings]
Fig. 1 is the pressure access control system figure of the cross-platform unified management of support of the present invention.
Fig. 2 is unit interface explanation schematic diagram of the present invention.
Fig. 3 is the Organization Chart of security management center of the present invention.
Fig. 4 is pressure access control configuration diagram of the present invention.
Fig. 5 is pressure access control flow chart of the present invention.
Fig. 6 is pressure access control process description schematic diagram of the present invention.
Fig. 7 is that System Security Policy of the present invention is written into schematic flow sheet.
Fig. 8 is that schematic flow sheet is carried out in system access control of the present invention.
[embodiment]
Reach technological means and the effect that predetermined purpose is taked for further setting forth the present invention, below in conjunction with drawings and the embodiments, architectural feature, to concrete structure of the present invention and effect thereof, be described in detail as follows.
Such as Fig. 1, the pressure access control overall structure of cross-platform unified management of the present invention is comprised of with different platform and switches such as Windows data processing terminal, Linux data processing terminal, Windows server, Linux servers security management center.The server of different operating system and data processing terminal are as the controlled terminal of security management center, the security management center management implementation is to the unified security strategy of computing environment, zone boundary and communication network, guarantee that system configuration is complete credible, determine user's operating right, implement omnidistance audit trail.Wherein, the security mechanism service of computing environment safety controlled terminal, server OS, upper layer application system and database, the guarantee applied business is processed the safety of overall process; The zone boundary is by carrying out safety inspection and access control to the information flow that enters and flow out applied environment, guarantee not have run counter to System Security Policy information flow through the border; Communication network device is set up escape way by communicating pair being carried out credible discriminating checking, implements the transmission of data cryptoguard, guarantees that it can not be ravesdropping in transmission course, distorts and destroy.Overall structure, is supported by security management center safely as the basis take controlled terminal, and computing environment, zone boundary and communication network three parts are protected.
Such as Fig. 2, the relation between unit interface of the present invention and the parts can illustrate with the relation between application subsystem, node subsystem and the administrative center.Wherein, pass through system call interfaces between application subsystem and the node subsystem, between the node subsystem, between node subsystem and the administrative center then by the reliable network transmission protocol, interface protocol transmission policy data according to the rules, Audit data and other platform authentication data etc.
Such as Fig. 3 and Fig. 4, the pressure access control module connection server of core layer of the present invention and the application layer of data processing terminal, force the framework of access control module to be divided into two-layer: bottom is general pressure access control module, and high level is special-purpose pressure access control module.The special-purpose access control module of forcing is divided into application package module and safety system calling module according to implementation.General this one deck of pressure access control module is only forced access control in strict accordance with security model, namely only mechanically carries out tactful accordance inspection, does not change audit inspection and do not carry out grade; High-rise special use force access control module be for some service routines or security application in the system customized, be divided into two kinds of secure package mode and safety system calling interface modes according to the difference of implementation, wherein the secure package mode is applicable to those ripe or uncontrollable system service programs of source code, the system call of sending by tackling these programs, restore corresponding application context informa-tion, so that when the request of running counter to System Security Policy is sent in application, adjusted, to satisfy professional normal demand, it is that some are through the system call interfaces of secure package that safety system is called, the purpose that docking port encapsulates is to guarantee to use relevant flow process and language ambience information can be delivered to and force in the access control module, thereby so that force access control module can utilize these information to carry out tactful accordance inspection and grade change inspection, finally make more rational access control decision.
After access request was sent in application, operating system forced access control module can intercept this request, and it is carried out tactful plyability inspection.But in order to check whether this access request meets System Security Policy, access control module need to the annotation management module communication, to obtain the safety label of Subjective and Objective in the access request.On this basis, force access control module to judge that according to system's accordance inspection policy whether this ask safety, if check and pass through, then allow this request to carry out, change the module of auditing otherwise grade is passed in request.Grade change the audit module according to system-level change the audit policy inspection whether can be by Iterim Change or the mode that forever changes the object safe level allow this request execution, if can, then allow this request, otherwise refuse this request, the warning of auditing simultaneously.
Such as Fig. 5, need to prove, in the description of the specific embodiment of inventing, to carry out diagram and explanation for example with the computer under the environment of (SuSE) Linux OS platform as terminal, those skilled in the art can learn according to explanation of the present invention, the present invention is suitable in the platform of other operating systems such as operating systems such as Windows operating systems equally, does not repeat them here.Forced access control method of the present invention may further comprise the steps:
(1), application layer sends access request, force access control module to tackle this access request, and carry out the inspection of security strategy accordance;
(2), force access control module and annotation management module communication, whether the and safety label of Subjective and Objective in the acquisition access request meets System Security Policy to check this access request;
(3), force access control module to judge whether safety of this access request according to the safety label of the Subjective and Objective in the access request that obtains and system's accordance inspection policy;
(4) if inspection is passed through, allow this access request to carry out, send audit log to the audit module, change the module of auditing otherwise access request is passed to grade;
(5), whether grade change the audit module and change the audit policy inspection according to system-level and meet and change safe class allowing access request to carry out, if can, then allow this request, otherwise refuse this request, the warning of auditing simultaneously.
Aforesaid forced access control method, described policy tag form comprise body mark tabulation, the tabulation of object mark, consult Fig. 6, and body mark tabulation of the present invention and the tabulation of object mark are arranged to respectively in main body home banking and the object home banking.In service at implementation, also comprise the temporary marker tabulation of being arranged to the temporary mark storehouse, but the temporary marker tabulation only is used for the buffer memory New Policy and checks the operating control flow of the system that do not participate in when upgrading.
Aforesaid forced access control method, the object of Subjective and Objective comprises process, file, section, equipment in the access request in the described step (2).
Aforesaid forced access control method, the safety label of Subjective and Objective comprises the appointment sensitivity label according to grade separation and the combination of non-grade separation in the described access request.
Whether meet the change safe class in the aforesaid step (5) and refer to that Iterim Change or permanent object safe level are to allow access request to carry out.
Such as Fig. 7, need to prove, the figure notation in this Fig. 7 represents the workflow order of each program module.When the System Security Policy of forced access control method of the present invention is written into flow process by a policy update request signal triggering, for example system access to a new memory device of carry without the secure ID object triggers, described server and terminal are as the controlled terminal of security management center, and the loading method of described System Security Policy comprises the steps:
(1), security management center sends the policy update request to controlled terminal, the tactful version that clearly upgrades;
(2), controlled terminal receives the policy update request by the security strategy Executive Module;
(3), security strategy Executive Module invocation flags administration module checks Existing policies version situation;
(4), the Existing policies version that returns when the annotation management module is lower than when upgrading version, policy enforcement module is processed module sending strategy application audit information to management information, and enters the wait update mode;
(5), management information processing module is passed through the kernel system call to security management center sending strategy request for data bag;
(6), network-driven sends to security management center with tactful request for data bag;
(7), after security management center receives tactful request for data bag, send corresponding policy data bag to the node subsystem;
(8), management information is processed module and is obtained the policy data bag by the kernel system call, and it is decrypted operation and integrity checking operation;
(9), management information processes module and is written into interface by the annotation management module policy, security strategy is written into the access vector cache of annotation management module;
(10), the policy update of management information processing module notice security strategy Executive Module is finished;
(11), security strategy Executive Module invocation flags administration module once again, finish security strategy accordance inspection operation;
(12), check by after, system recovers normal operating condition, as checks failure, then sends failed audit information to security management center, requires security management center to carry out strategy inspection, and again renewal.
Tactful form of the present invention comprises body mark tabulation and the tabulation of object mark, is respectively described below.
Consult table 1, be the body mark tabulation, the security strategy form of body mark tabulation is as follows:
The tabulation of table 1-body mark
Consult table 2, be the tabulation of Subjective and Objective mark, the tactful form of object mark tabulation is as follows:
The tabulation of table 2-object mark
Such as Fig. 8, need to prove, the figure notation in this Fig. 8 is in order to represent the workflow order of each program module.The flow process that system access control of the present invention is carried out comprises the steps:
(1), application program proposes the access control request by system call, in the present invention, server and terminal are as the controlled terminal of security management center, and described application program comprises set such as browser, the word etc. of the application program of described controlled terminal;
(2), system call entry call security strategy Executive Module;
(3), security strategy Executive Module invocation flags administration module, carry out the annotation management decision function, and return judged result;
(4), the security strategy Executive Module sends to management information with audit information and processes module;
(5), after the system call entrance obtains the ruling function of security strategy Executive Module, enter the system call execution phase;
(6), system call complete after, return application program.
In sum, the present invention is based on prior art:
One, safety label: the sensitivity label relevant with the storage object (for example: process, file, section, equipment) of main body and control thereof that trusted computing base is safeguarded in the computer information system.These marks are the bases of implementing autonomous access control.
Two, force access control: at present, the certain operations system has realized mandatory Access Control Mechanism, but its access control coarse size can't be applicable to the higher occasion of security requirement.
The pressure access control module of the present invention by set security management center carries out strategy inspection for the process of the access object of access request, file etc.; realized fine-grained object access control; the behavior that does not meet system's Mandatory Access Control is checked; meet and force the access of access strategy to be adjusted; the control process is to the operation of file; improve the reliability of system safety; confidentiality and the integrality of protection information system are not damaged, and strengthen the flexibility of system security controls.
Only in order to principle of the present invention and structure to be described, those skilled in the art do any apparent conversion implementer to the above embodiment of the present invention accordingly, all within protection scope of the present invention.
Claims (10)
1. pressure access control system of supporting cross-platform unified management, comprise: the server of the different operating system of security management center, security management center management management and the data processing terminal of connection server, it is characterized in that, described security management center also comprises the pressure access control module of the application layer of connection server and data processing terminal, and described pressure access control module comprises the special-purpose general pressure access control module of forcing access control module, being used for forcing access control and the inspection of tactful accordance, policy management module and audit module.
2. pressure access control system as claimed in claim 1 is characterized in that, the described special-purpose access control module of forcing is divided into application package module and safety system calling module according to implementation.
3. the forced access control method of the pressure access control system of the cross-platform unified management of support as claimed in claim 1 comprises the steps:
(1), application layer sends access request, forces access control module to tackle this access request;
(2), force access control module and annotation management module communication, whether the and safety label of Subjective and Objective in the acquisition access request meets System Security Policy to check this access request;
(3), force access control module to judge whether safety of this access request according to the safety label of the Subjective and Objective in the access request that obtains and system's accordance inspection policy;
(4) if inspection is passed through, allow described access request to carry out, send audit log to the audit module, change the module of auditing otherwise access request is passed to grade;
(5), whether grade change the audit module and change the audit policy inspection according to system-level and meet and change safe class allowing access request to carry out, if can, then allow this request, otherwise refuse this request, the warning of auditing simultaneously.
4. forced access control method as claimed in claim 3 is characterized in that, whether meets the change safe class in the described step (5) and refers to that Iterim Change or permanent object safe level are to allow access request to carry out.
5. such as claim 3 or 4 described forced access control methods, it is characterized in that, described tactful form comprises body mark and object mark.
6. forced access control method as claimed in claim 3 is characterized in that, the object of Subjective and Objective comprises process, file, section, equipment in the access request in the described step (2).
7. forced access control method as claimed in claim 6 is characterized in that, the safety label of Subjective and Objective comprises the appointment sensitivity label according to grade separation and the combination of non-grade separation in the described access request.
8. forced access control method as claimed in claim 3, described step (1) also comprises the step that System Security Policy is written into.
9. forced access control method as claimed in claim 8, it is characterized in that, described server and terminal be as controlled terminal, and when described System Security Policy was written into and is triggered by the policy update request signal, the loading method of described System Security Policy comprised the steps:
(1), security management center sends the policy update request to controlled terminal, the tactful version that clearly upgrades;
(2), controlled terminal receives the policy update request by the security strategy Executive Module;
(3), security strategy Executive Module invocation flags administration module checks Existing policies version situation;
(4), the Existing policies version that returns when the annotation management module is lower than when upgrading version, policy enforcement module is processed module sending strategy application audit information to management information, and enters the wait update mode;
(5), management information processing module is passed through the kernel system call to security management center sending strategy request for data bag;
(6), network-driven sends to security management center with tactful request for data bag;
(7), after security management center receives tactful request for data bag, send corresponding policy data bag to the node subsystem;
(8), management information is processed module and is obtained the policy data bag by the kernel system call, and it is decrypted operation and integrity checking operation;
(9), management information processes module and is written into interface by the annotation management module policy, security strategy is written into the access vector cache of annotation management module;
(10), the policy update of management information processing module notice security strategy Executive Module is finished;
(11), security strategy Executive Module invocation flags administration module once again, finish security strategy accordance inspection operation;
(12), check by after, system recovers normal operating condition, as checks failure, then sends failed audit information to security management center, requires security management center to carry out strategy inspection, and again renewal.
10. forced access control method as claimed in claim 3 is characterized in that, the permission access request in the described step (4) is carried out and comprised system access control execution, and described system access control is carried out and comprised the steps:
(1), application program proposes the access control request by system call;
(2), system call entry call security strategy Executive Module;
(3), security strategy Executive Module invocation flags administration module, carry out the annotation management decision function, and return judged result;
(4), the security strategy Executive Module sends to management information with audit information and processes module;
(5), after the system call entrance obtains the ruling function of security strategy Executive Module, enter the system call execution phase;
(6), system call complete after, return application subsystem.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210385341.6A CN102904889B (en) | 2012-10-12 | 2012-10-12 | Support the forced symmetric centralization system and method for cross-platform unified management |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210385341.6A CN102904889B (en) | 2012-10-12 | 2012-10-12 | Support the forced symmetric centralization system and method for cross-platform unified management |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102904889A true CN102904889A (en) | 2013-01-30 |
CN102904889B CN102904889B (en) | 2016-09-07 |
Family
ID=47576925
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210385341.6A Active CN102904889B (en) | 2012-10-12 | 2012-10-12 | Support the forced symmetric centralization system and method for cross-platform unified management |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102904889B (en) |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104202296A (en) * | 2014-07-30 | 2014-12-10 | 中国电子科技集团公司第三十研究所 | Trusted security enhancement method for domestic operating system |
CN104394175A (en) * | 2014-12-17 | 2015-03-04 | 中国人民解放军国防科学技术大学 | Message access control method based on network marking |
CN104732127A (en) * | 2015-03-18 | 2015-06-24 | 深圳市九洲电器有限公司 | Set top box application program management method and system |
CN105103159A (en) * | 2013-04-10 | 2015-11-25 | 国际商业机器公司 | Spooling system call data to facilitate data transformation |
CN105357201A (en) * | 2015-11-12 | 2016-02-24 | 中国科学院信息工程研究所 | Access control method and system for object cloud storage |
CN105608344A (en) * | 2014-10-31 | 2016-05-25 | 江苏威盾网络科技有限公司 | Application program safety management system and method |
CN106468909A (en) * | 2015-08-17 | 2017-03-01 | 费希尔-罗斯蒙特系统公司 | Process control alarm is audited |
CN106648920A (en) * | 2016-09-29 | 2017-05-10 | 山东浪潮云服务信息科技有限公司 | Interface-based data communication method |
WO2017174030A1 (en) * | 2016-04-08 | 2017-10-12 | 中兴通讯股份有限公司 | Data access control method and device |
CN109600395A (en) * | 2019-01-23 | 2019-04-09 | 山东超越数控电子股份有限公司 | A kind of device and implementation method of terminal network access control system |
CN110290128A (en) * | 2019-06-20 | 2019-09-27 | 中国科学院信息工程研究所 | A kind of Network Isolation and switching control method and device based on service security label |
CN111897768A (en) * | 2020-06-28 | 2020-11-06 | 北京可信华泰信息技术有限公司 | Method and device for configuring object access policy |
CN112231726A (en) * | 2020-10-16 | 2021-01-15 | 中国南方电网有限责任公司 | Access control method, device, computer equipment and readable storage medium |
CN115086075A (en) * | 2022-07-21 | 2022-09-20 | 深圳市永达电子信息股份有限公司 | Mandatory access control method and device with credible behaviors |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101727545A (en) * | 2008-10-10 | 2010-06-09 | 中国科学院研究生院 | Method for implementing mandatory access control mechanism of security operating system |
CN101997912A (en) * | 2010-10-27 | 2011-03-30 | 苏州凌霄科技有限公司 | Mandatory access control device based on Android platform and control method thereof |
CN102542182A (en) * | 2010-12-15 | 2012-07-04 | 苏州凌霄科技有限公司 | Device and method for controlling mandatory access based on Windows platform |
-
2012
- 2012-10-12 CN CN201210385341.6A patent/CN102904889B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101727545A (en) * | 2008-10-10 | 2010-06-09 | 中国科学院研究生院 | Method for implementing mandatory access control mechanism of security operating system |
CN101997912A (en) * | 2010-10-27 | 2011-03-30 | 苏州凌霄科技有限公司 | Mandatory access control device based on Android platform and control method thereof |
CN102542182A (en) * | 2010-12-15 | 2012-07-04 | 苏州凌霄科技有限公司 | Device and method for controlling mandatory access based on Windows platform |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105103159A (en) * | 2013-04-10 | 2015-11-25 | 国际商业机器公司 | Spooling system call data to facilitate data transformation |
CN105103159B (en) * | 2013-04-10 | 2018-06-26 | 国际商业机器公司 | The method, apparatus and computer storage media called for processing system |
CN104202296A (en) * | 2014-07-30 | 2014-12-10 | 中国电子科技集团公司第三十研究所 | Trusted security enhancement method for domestic operating system |
CN105608344A (en) * | 2014-10-31 | 2016-05-25 | 江苏威盾网络科技有限公司 | Application program safety management system and method |
CN104394175A (en) * | 2014-12-17 | 2015-03-04 | 中国人民解放军国防科学技术大学 | Message access control method based on network marking |
CN104732127B (en) * | 2015-03-18 | 2018-08-31 | 深圳市九洲电器有限公司 | Set-top box application procedure management method and system |
CN104732127A (en) * | 2015-03-18 | 2015-06-24 | 深圳市九洲电器有限公司 | Set top box application program management method and system |
CN106468909B (en) * | 2015-08-17 | 2020-11-27 | 费希尔-罗斯蒙特系统公司 | Process control alarm auditing |
CN106468909A (en) * | 2015-08-17 | 2017-03-01 | 费希尔-罗斯蒙特系统公司 | Process control alarm is audited |
CN105357201A (en) * | 2015-11-12 | 2016-02-24 | 中国科学院信息工程研究所 | Access control method and system for object cloud storage |
CN105357201B (en) * | 2015-11-12 | 2019-04-16 | 中国科学院信息工程研究所 | A kind of object cloud storage access control method and system |
WO2017174030A1 (en) * | 2016-04-08 | 2017-10-12 | 中兴通讯股份有限公司 | Data access control method and device |
CN106648920A (en) * | 2016-09-29 | 2017-05-10 | 山东浪潮云服务信息科技有限公司 | Interface-based data communication method |
CN106648920B (en) * | 2016-09-29 | 2019-07-02 | 浪潮云信息技术有限公司 | A kind of data communications method based on interface |
CN109600395A (en) * | 2019-01-23 | 2019-04-09 | 山东超越数控电子股份有限公司 | A kind of device and implementation method of terminal network access control system |
CN110290128A (en) * | 2019-06-20 | 2019-09-27 | 中国科学院信息工程研究所 | A kind of Network Isolation and switching control method and device based on service security label |
CN111897768A (en) * | 2020-06-28 | 2020-11-06 | 北京可信华泰信息技术有限公司 | Method and device for configuring object access policy |
CN111897768B (en) * | 2020-06-28 | 2024-02-02 | 北京可信华泰信息技术有限公司 | Configuration method and device of object access policy |
CN112231726A (en) * | 2020-10-16 | 2021-01-15 | 中国南方电网有限责任公司 | Access control method, device, computer equipment and readable storage medium |
CN112231726B (en) * | 2020-10-16 | 2022-09-27 | 中国南方电网有限责任公司 | Access control method and device based on trusted verification and computer equipment |
CN115086075A (en) * | 2022-07-21 | 2022-09-20 | 深圳市永达电子信息股份有限公司 | Mandatory access control method and device with credible behaviors |
CN115086075B (en) * | 2022-07-21 | 2022-12-27 | 深圳市永达电子信息股份有限公司 | Mandatory access control method and device with credible behaviors |
Also Published As
Publication number | Publication date |
---|---|
CN102904889B (en) | 2016-09-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102904889A (en) | Cross-platform-unified-management-supported mandatory access controlling system and method | |
CN104885057B (en) | The visitor's creation being isolated in virtualized computing system | |
US9934105B2 (en) | Fault tolerance for complex distributed computing operations | |
CN105556478B (en) | System and method for protecting virtual-machine data | |
EP2897098A1 (en) | Risk analysis device, risk analysis method and program | |
CN102930202A (en) | Operation executing method in Linux system | |
CN105556475A (en) | Request processing techniques | |
CN101226577A (en) | Method for protecting microkernel OS integrality based on reliable hardware and virtual machine | |
CN101281570B (en) | Credible computing system | |
CN103210395A (en) | Techniques for interaction with a guest virtual machine | |
CN103902885A (en) | Virtual machine security isolation system and method oriented to multi-security-level virtual desktop system | |
CN103685399A (en) | Method, device and system for logging in Unix-like virtual container | |
CN103379089A (en) | Access control method and system based on security domain isolation | |
CN109992983A (en) | A kind of forced access control method, device, equipment and readable storage medium storing program for executing | |
CN104486357A (en) | Method for achieving role-based access control (RBAC) based on SSH website | |
CN110647318A (en) | Method, device, equipment and medium for creating instance of stateful application | |
CN101303716B (en) | Embedded system recuperation mechanism based on TPM | |
CN104346572B (en) | A kind of general external intelligent terminal secure operating environment construction method | |
CN102708330A (en) | Method for preventing system from being invaded, invasion defense system and computer | |
CN102916952B (en) | Support the self contained navigation method and system of cross-platform unified management | |
CN113946854A (en) | File access control method and device and computer readable storage medium | |
CN102521547A (en) | Protecting system for access control system in virtual domain | |
CN115344871A (en) | Confidential computing environment construction method and system based on ARM architecture | |
CN105550599B (en) | A kind of tamper resistant method and system based on Linux Virtual File Systems | |
CN201203867Y (en) | Credible computing system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |