| With the development of information technologies, computers and networks have become an important role and facilitated the people’s daily life. However, the openness of the network results in the serious information security problem. As the main carrier of important information, files information security is particularly important, especially for the enterprises secrets and personal sensitive information. In order to prevent and detect threats from the outside, firewall or IDS network intrusion detection systems are adopted which can prevent external attacks. However, they cannot prevent internal staffs negligence or malicious attacks, which are usually more serious and difficult to be prevented. Most existing solutions and products mainly rely on pre-defined policies to control access rights, which is difficult to satisfy the requirements of real-time response, and at the same time these polices cannot be adjusted in time. Besides, some of policies are too simple to realize fine-grained access control, and thus affect the accuracy and instantaneity of the control access.Aming to solve these problems, this paper proposes a new label-based file control technology to provide a more fine-grained access control technology and a theoretical basis for information security system. The main work of this paper include:First, investigates the related research of access control technology, and then proposes the label-based file control solution. Finally, the proposed solution is realized and evaluated in the test-bed. The results show that it can achieve precise access control and support the real-time policy modification, and even support the large-scale network. |
PDF Full Text Request