摘要 |
A process classification/execution controlling device for strengthening DAC(Discretionary Access Control) and a method thereof are provided to prevent probable authority elevation by dividing program objects executable in a system into a CUS(Command, Utility, and Safety) group and a DVO(Discretionary, Vulnerable, and Outer) group, and making a process subject of a DVO group member execute a CUS group member program. An application end includes a program group management program(3) requesting program classification to the objects classified into the CUS group(1) and the DVO group(2). A kernel module(5) performs CUS/DVO group classification by responding to a received request, and controls execution of the program by linking with group information of the executable programs while storing a group of the processes executed in the system, information for an execution object repository(7), and consistency information to a kernel memory. The execution object repository classifies/stores the CUS and DVO group. A program classifier(51) classifies the execution object programs stored to the execution object repository into the CUS a DVO group.
|