| 摘要 |
The present invention relates to a role-based access control and an integrated file access control system through an approved file list wherein when a file is executed, an access control is performed on a priority basis in accordance with role-based access control, it is determined whether to execute the file based on a result of access control policy examination, if a request for an approved file examination is set in the examination result, execution is postponed, and it is verifying whether the file path is approved by referring to an approved file list. The invention includes: a role-based access control unit configured in a kernel layer of the operating system and controlling whether an execution file is executed according to a preset access control policy wherein the access control policy sets a policy operation in accordance with the process of setting a file path and a file and in accordance with user accounts; and an approved file control unit configured in a kernel layer of the operating system and when a policy operation determined by the role-based access control unit requests controlling of an approved file, determining whether the execution file is executed depending on whether the execution file is included in a preset approved file list. According to the system, it is additionally determined whether it is an approved file even when execution is allowed according to role-based access control based on a path, therefore, it is possible to correctly diagnose an infection by a malicious program and possible to prevent a newly generated malicious program from being executed and possible to safely protect the system from an unknown malicious program therefrom. |
