公开(公告)号：US20100100929A1

公开(公告)日：2010-04-22

申请号：US12571873

申请日：2009-10-01

Applicant: Guntae BAE ,  Gaeil AN ,  Minho HAN ,  Kiyoung KIM

Inventor： Guntae BAE ,  Gaeil AN ,  Minho HAN ,  Kiyoung KIM

IPC: G06F17/00 ,  H04L9/32

CPC classification number: G06F21/6218

Abstract: Provided is an apparatus and a method for security managing of an information terminal. The provided classifies a plurality of information providing means into a plurality of domains including at least one information providing means and when a user process accesses any one domain and then attempts to access another domain, controls the access to said another domain by verifying whether or not the access of the user process to said another domain is allowed. According to the provided, security threats are monitored for each domain which an execution process accesses by simply constructing domain classification information of an entire system without specifically establishing a security policy of an information providing device, such that it is possible to protect a terminal from a multi-domain access process having high security risk. Accordingly, it is advantageous to increase security for the terminal from various security threats.

Abstract translation: 提供了一种用于信息终端的安全管理的装置和方法。 所提供的多个信息提供装置将多个信息提供装置分成包括至少一个信息提供装置的多个域，并且当用户进程访问任何一个域然后尝试访问另一个域时，通过验证是否进行访问来控制对所述另一个域的访问 允许用户进程访问所述另一个域。 根据所提供的，通过简单地构建整个系统的域分类信息而不特别地建立信息提供设备的安全策略来监视执行过程访问的每个域的安全威胁，使得可以保护终端免受 多域访问过程具有很高的安全隐患。 因此，从各种安全威胁增加终端的安全性是有利的。