公开(公告)号：KR100447511B1

公开(公告)日：2004-09-07

申请号：KR1020010084866

申请日：2001-12-26

Applicant: 한국전자통신연구원

Inventor： 고종국 ,  유준석 ,  임재덕 ,  두소영 ,  은성경 ,  김정녀

IPC: G06F15/00

Abstract: PURPOSE: A role based access control method is provided to control an access request based on a user role at a kernel level for preventing or intercepting a system hacking. CONSTITUTION: The method comprises several steps. A process selects effective roles among current roles by checking whether the roles, whose current member is the process, exist with the data on all the generated roles stored at a role data file(S1). The generation number of the effective roles, stored at the role data file, is compared with that of the roles, stored at an object security database, and a permission value of the role defined at an object is regarded as meaningless in a case that the two generation numbers are not same(S2). An OR operation is applied to attribute values defined at the object corresponding to the remaining roles processed via the steps, S1 and S2, it is checked whether a requested attribute value exists at the object, and an access permission result is output according to the check result(S3).

Abstract translation: 目的：提供基于角色的访问控制方法来控制基于内核级用户角色的访问请求，以防止或拦截系统黑客行为。 构成：该方法包括几个步骤。 进程通过检查当前成员是进程的角色是否与存储在角色数据文件（S1）上的所有生成角色的数据一起存在，从而在当前角色中选择有效角色。 存储在角色数据文件中的有效角色的世代号与存储在对象安全数据库中的角色的世代号进行比较，并且在对象安全数据库中定义的角色的许可值被认为是无意义的 两代号码不一样（S2）。 对在与通过步骤S1和S2处理的剩余角色相对应的对象处定义的属性值应用OR操作，检查在对象处是否存在请求的属性值，并且根据该检查输出访问许可结果 结果（S3）。

公开(公告)号：KR100439171B1

公开(公告)日：2004-07-05

申请号：KR1020010072639

申请日：2001-11-21

Applicant: 한국전자통신연구원

Inventor： 두소영 ,  은성경 ,  고종국 ,  김정녀 ,  정교일

IPC: G06F15/00

CPC classification number: H04L63/101 ,  H04L67/14

Abstract: Disclosed herein is a method of providing a trusted path between a client and a system using an access control processing technique. The method of providing a trusted path between a client and a system includes the step of determining whether access to resources of the system will be permitted or refused on the basis of access control rules and databased attributes set by a security administrator. Thereafter, the client is notified of permission for or refusal of the access in accordance with the result of the determination.

Abstract translation: 这里公开了一种使用访问控制处理技术在客户端和系统之间提供可信路径的方法。 在客户机和系统之间提供可信路径的方法包括以下步骤：基于由安全管理员设置的访问控制规则和数据库属性来确定是否允许或拒绝对系统的资源的访问。 此后，根据判断结果向客户通知访问的许可或拒绝。

公开(公告)号：KR1020030042117A

公开(公告)日：2003-05-28

申请号：KR1020010072639

申请日：2001-11-21

Applicant: 한국전자통신연구원

Inventor： 두소영 ,  은성경 ,  고종국 ,  김정녀 ,  정교일

IPC: G06F15/00

CPC classification number: H04L63/101 ,  H04L67/14

Abstract: PURPOSE: A method for providing a trusted path between a client and a system using an access control processing technique is provided to protect system resource, and to prevent the information outflow of the client by making the client confirm an instruction transferred from the system before transferring the personal information to the system. CONSTITUTION: If the client inputs an ID after logging in to the system, a log-in function is set to a hardware processing tool and the client(S200). If the log-in function is set to the hardware processing tool and the client, the access to the resource is judged by comparing the sameness of the ID based on an access control rule and the databased attributes(S208). If the access to the resource is approved, a display function of the hardware processing tool is set to 'on'(S210). A password certification process is carried out subsequently(S216).

Abstract translation: 目的：提供一种使用访问控制处理技术在客户机和系统之间提供可信路径的方法，以保护系统资源，并通过使客户端在传输之前确认从系统传输的指令来防止客户端的信息流出 个人信息给系统。 规定：如果客户端在登录系统后输入了ID，则会将登录功能设置为硬件处理工具和客户端（S200）。 如果登录功能被设置为硬件处理工具和客户端，则通过比较基于访问控制规则和数据库属性的ID的同一性来判断对资源的访问（S208）。 如果对资源的访问被批准，则硬件处理工具的显示功能被设置为“开”（S210）。 密码认证过程随后进行（S216）。