| 摘要 |
The present invention is an algorithm that manages the ability of a user or software program to access certain protected file resources. This invention describes a method for file system security through techniques that control access to the file system resources using externally stored attributes. This invention accomplishes the described objectives in file system security by creating an external database containing auxiliary attributes for objects in the file system. During a file access attempt, an identifier of this file will be matched against a set of protected files in a security database. If that file is not in the database, there is not protection on the file and requester will be allowed to access the file. If a match does show that the file is protected there will be a determination as to whether the requester will be allowed access to the file. The basis for this access determination will be a set security rules defined in the external security attribute. This invention incorporates techniques and algorithms for attribute attachment, storage and organization of the associations to these attributes, and subsequent recognition of attached attributes. In this approach, the attributes would define authorization policy for controlling access to objects in the file system.
|
