METHOD FOR EXPANDING THE SECURITY KERNEL WITH SYSTEM FOR PRIVILEGE FLOW PREVENTION BASED ROLE

摘要

PURPOSE: A security kernel extension method in a role base access control system for separating a login user and a process user is provided to systematically utilize various access restriction by supplying a role-based access control function. CONSTITUTION: A security policy setting unit includes a user property setting unit(101), a role setting unit(102), an OBS(Objects) and OPS(Operations) setting unit and a PA(Permission Assignment). A security function performance unit includes a system call controller, a process user property controller, and the access controller and a role base access controller. The compulsory access unit determines an access permission by comparison between an object security property of the OBS profile.