SYSTEM AND METHOD OF ISOLATING RESOURCES USING RESOURCE MANAGERS

SYSTEM AND METHOD OF ISOLATING RESOURCES USING RESOURCE MANAGERS

FIELD: physics, computer engineering.SUBSTANCE: invention relates to protection of operating system resources from unauthorised changes. Method for a client to perform operations on resource data using a resource manager comprises steps of: receiving a request, from a client, to the operating system...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: ERSHOV MIKHAIL ALEKSANDROVICH, MOISEEV STANISLAV VLADIMIROVICH
Format: Patent
Sprache:eng ; rus
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:FIELD: physics, computer engineering.SUBSTANCE: invention relates to protection of operating system resources from unauthorised changes. Method for a client to perform operations on resource data using a resource manager comprises steps of: receiving a request, from a client, to the operating system kernel to perform operations on data stored in a resource which is stored in resource storage means; using a separate process to perform operations on the data stored in a resource which is stored in resource storage means and transmitting, thereto, data provided by the client, indicators for data of said resource and indicators for a resource manager function, required for processing the transmitted data; obtaining a security policy on performing, by the client, operations on said resource, data on operations of all clients on said resource, metadata of said resource; performing the client-requested operations on the resource stored in resource storage means in case of positive analysis results of the obtained data, where the analysis comprises: analysing the metadata for possible change of the current metadata and violation of isolation of said client-requested resource by operations on the resource; analysing information on operations of all system clients on said resource for possible distortion of results of said operations by operations of the current client; analysing information on client rights for performing operations on said resource for possible violation of said rights.EFFECT: safer access, storage and use of resource content owing to full monitoring of operations on resources and preventing security policy violation.11 cl, 4 dwg Изобретение относится к области защиты ресурсов операционной системы от несанкционированных изменений. Технический результат настоящего изобретения заключается в повышении безопасности доступа, хранения и использования содержимого ресурсов за счет полного контроля операций над ресурсами и предотвращения нарушения политик безопасности. Способ осуществления клиентом операций над данными ресурса с использованием ресурсного менеджера содержит этапы, на которых: получают от клиента запрос ядру операционной системы на проведение операций над данными, хранящимися в ресурсе, хранящимся в средстве хранения ресурсов; используют отдельный процесс для проведений операций над данными, хранящими в ресурсе, хранящимся в средстве хранения ресурсов, и передают ему данные, предоставленные клиентом, указатели на данные указанного ресурса и