关键词: 外设, 访问控制列表, 角色控制, 安全策略

Abstract:

With respect to the coarse granularity and simplicity of the existing equipment control methods, we propose a peripheral access control method based on user identification, which can achieve a flexible and fine-grained access control for peripherals by using peripheral role access control lists, user group peripheral access control lists and user peripheral access control lists. Based on Linux operating system, we design and implement a framework, in which we utilize a peripheral feature database to identify a variety of devices; a policy database to define access permissions in connection with roles, user groups and users; and an arbitration procedure to check the accesses of peripherals. Finally, the functions are tested to verify the validity of the method and the features of the method are analyzed.

Key words: peripheral;access control list;role based access control;security policy