| 摘要 |
A technique for performing domain-based access control for granular isolation on a data processing system includes assigning, using the data processing system, one or more first domain tags to a dynamic object that is created by a first process that is executing on the data processing system. The technique also includes assigning, using the data processing system, one or more second domain tags to a second process that is executing on the data processing system. The first and second domain tags are evaluated, using the data processing system, according to one or more enforced rules to determine whether to grant or deny the second process access to data associated with the dynamic object.
|
