Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Privilege minimizing method based on capability

A technology of minimization and capability, which is applied in the field of security and privilege minimization to prevent the abuse of operating system privileges, and can solve problems such as reduction, privilege abuse security, etc.

Inactive Publication Date: 2006-04-26
NAT UNIV OF DEFENSE TECH
View PDF0 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] The technical problem to be solved by the present invention is to solve the problem that the main body of the operating system often obtains privileges beyond itself when performing tasks, which leads to the problem that the privileges are abused and the security is reduced. A capability-based privilege minimization method is proposed to make the operating system The subjects in it, including roles, users, applications, and processes, only have the necessary privileges to complete their functions, and the operating system implemented using it is easy to use, supporting both process capabilities and file capabilities

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Privilege minimizing method based on capability
  • Privilege minimizing method based on capability
  • Privilege minimizing method based on capability

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] figure 1It is a structural diagram of the capability-based privilege minimization model of the present invention. The model is divided into two parts: the inner core and the outer core. The inner core is composed of a privilege control module and a system call implemented in a dynamic module manner, and the outer core is composed of a PAM minimum privilege module, It consists of function libraries, command line tools and graphical tools. The privilege control module mainly includes a capability calculator and a privilege checker. The capability calculator calculates the final privilege of the process according to the logical relationship of the capability when exec process; the privilege checker judges whether the process has the corresponding access privilege at each privilege operation point; the privilege control The module uses system calls to provide the user layer with the capability status of viewing files, setting the capability status of files, viewing the capa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a privilege minimum method based on the power, which is characterized by the following: inheriting the power mechanism of draft standard POSIX1003.1e; defining role power, user power and power logical relationship; designing a privilege minimum model based on the power through dynamic mode pattern, wherein the privilege control mode contains power calculator and privilege examiner; the power calculator computes the course final privilege according to the power logical relationship; the privilege examiner judges the corresponding invitation privilege in each privilege operation.

Description

technical field [0001] The present invention relates to a method for improving computer security, especially a privilege minimization method for improving operating system security and preventing operating system privilege abuse. Background technique [0002] There is an omnipotent super user in the current mainstream computer operating systems. The super user of Windows2000 and WindowsXP is Administrator, and the super user of Unix, Linux and FreeBSD is called root. Although this super user brings great convenience to the use of the system, it is also a huge security risk. Because the super user is omnipotent, and the user or process to complete the task usually only needs a small part of privileges, so that legitimate users may use the system beyond their authority and cause unintentional damage to it, and malicious users will use this hidden danger to abuse privileges , deliberately disrupting the system. For example, many daemons often run as superusers, and these dae...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F9/44
Inventor 陈松政何连跃罗军
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com