摘要 |
A process-level data security system for use on a computer includes three primary components: a configuration utility, a file loader, and a file access interceptor. The configuration utility is used to establish a security context for each desired program file. A program having a security context associated therewith, after having been loaded into the computer's memory by the file loader of the invention, can access only limited information on a mass storage device coupled to the computer. The file access interceptor of the invention handles all file requests issued by the program, and permits or rejects such requests according to the security context. |