公开(公告)号：KR100657353B1

公开(公告)日：2006-12-14

申请号：KR1020050067968

申请日：2005-07-26

Applicant: (주)안랩시큐브레인 ,  전남대학교산학협력단

Inventor： 김정순 ,  김민수 ,  노봉남 ,  이병철 ,  김동근 ,  이재서 ,  조주봉 ,  임종혁 ,  정종민 ,  최민호 ,  이승용

IPC: G06F15/00

Abstract: A security system capable of accepting diverse access control policies, and a method and a recording medium thereof are provided to easily manage and verify the policies for access control, and enable a manager to easily modify design to apply diverse security models. A security manager(30) determines access permission to an object(70) of a subject(10) by using access right information preset to the object accessed from the subject and action performed to the object from the subject. A security agent(20) requests the access permission to the object of the subject by offering subject, object, and action information to the security manager according to a request from the subject. A security control mediation module(50) finally determines the access permission to the object of the subject by checking the abnormal action through statistical analysis for the subject requesting the access permission. The security agency includes a message maker(21) forms the subject, object, and action information into a message.

Abstract translation: 提供一种能够接受多种访问控制策略的安全系统及其方法和记录介质，以便于管理和验证访问控制策略，并使管理员能够容易地修改设计以应用各种安全模型。 安全管理器（30）通过使用预设给从对象访问的对象的访问权信息和从对象对对象执行的动作来确定对对象（10）的对象（70）的访问许可。 安全代理（20）根据来自主体的请求向安全管理器提供主体，对象和动作信息，向主体的对象请求访问许可。 安全控制中介模块（50）通过针对请求访问权限的主体的统计分析来检查异常行为，最终确定对主体的对象的访问许可。 安全机构包括一个消息制作者（21）将消息中的主题，对象和动作信息组成一个消息。