摘要
如何实现进程级别的访问控制仍是目前传统自主访问控制技术无法解决的问题。针对该问题,文章在深入研究Windows系统访问控制列表机制的基础上首次提出一种基于Windows内核模式下进程监控的系统访问控制方案,并给出了系统设计及关键技术的详细说明。该方案不仅解决了传统HOOK保护技术所面临的系统兼容性问题,而且将系统权限控制从账户权限控制细化到系统每一个进程的特定权限控制上,为Windows系统核心资源提供了更细颗粒度的自主访问控制。
In order to solve the problem that traditional system access control technology can’t limit system’s privilege in process-level, a new solution to Windows system Discretionary Access Control with low cost is proposed. By using Windows kernel mode driver, a process monitoring system which adopts the system access token control technology is designed, the components and key technologies of it are given after a deep analysis of Windows Access Control List (ACL) mechanism. It not only solves the system compatibility issues that traditional HOOK API methods are facing, but also achieves the goal that different processes can be adjusted in different run-level of specified privileges, while providing very fine-grained discretionary access control.
出处
《信息网络安全》
2014年第4期13-19,共7页
Netinfo Security
基金
国家自然科学基金[61170282]
关键词
进程权限控制
进程监控
自主访问控制
process access control
process monitoring
discretionary access control
