FIELD: information technology.
SUBSTANCE: system for session-based resource access control, comprising a unit for user identification from a request, a unit for identifying an access object and action from a request, a unit for identifying a process from a request, a unit for user identification and authentication, a unit for selection of a session by a user, a decision element unit, a unit for storing access rules, wherein the input of the unit for user identification from a request is connected to the input of the unit for identifying an access object and action from a request, the input of the unit for identifying a process from a request, the first input of the system, the output of the unit for user identification from a request is connected to the first input of the decision element unit, the second input of which is connected to the output of the unit for identifying an access object and action from a request, the third input is connected to the output of the unit for storing access rules, the first output is connected to first output of the system, the second output is connected to the first input of the unit for storing access rules, the second input of which is connected to the second input of the system, the fourth input of the decision element 6 unit is connected to the output of the unit for identifying a process from a request, the fifth input is connected to the first output of the unit for selection of a session by a user, the second output of which is connected to the second output of the system, the input/output of the user identification and authentication unit is connected to the first input/output of the system, the input/output of the unit for selection of a session by a user is connected to the second input/output of the system, the third input of the unit for selection of a session by a user is connected to the second input of the user identification and authentication unit, the second input of the system, the output of the user identification and authentication unit is connected to the sixth input of the decision element unit, the second input of the unit for selection of a session by a user.
EFFECT: broader functional capabilities of the system for controlling access to resources by implementing session-based resource control, wherein the access subject is defined by three entities - a session, a user and a process.
1 tbl, 2 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| SYSTEM FOR SESSION-BASED FILE OBJECT ACCESS CONTROL | 2013 |
|
RU2562410C2 |
| SYSTEM FOR SESSION-BASED CONTROL OF ACCESS TO CREATED FILES | 2013 |
|
RU2583757C2 |
| SYSTEM FOR CONTROLLING ACCESS TO COMPUTER SYSTEM RESOURCES WITH "INITIAL USER, EFFECTIVE USER, PROCESS" SUBJECT | 2013 |
|
RU2534488C1 |
| ACCESS CONTROL SYSTEM TO RESOURCES OF COMPUTER SYSTEM WITH SUBJECT OF ACCESS "USER, PROCESSES" | 2013 |
|
RU2534599C1 |
| SYSTEM FOR CONTROLLING FILE ACCESS BASED ON AUTOMATIC TAGGING THEREOF | 2013 |
|
RU2524566C1 |
| SYSTEM FOR CONTROLLING ACCESS TO FILES BASED ON MANUAL AND AUTOMATIC MARKUP THEREOF | 2013 |
|
RU2543556C2 |
| SYSTEM FOR CONTROLLING ACCESS TO FILES BASED ON AUTOMATIC MARKUP THEREOF WITH ARRANGEMENT OF ACCOUNT DATA OF ACCESS SUBJECT TO CREATED FILE | 2015 |
|
RU2583759C1 |
| SYSTEM FOR CONTROLLING ACCESS TO CREATED ENCRYPTED FILES | 2013 |
|
RU2533061C1 |
| METHOD FOR PROTECTED REMOTE ACCESS TO INFORMATION RESOURCES | 2013 |
|
RU2530691C1 |
| SYSTEM FOR REFORMING OBJECT IN ACCESS REQUEST | 2013 |
|
RU2538918C1 |
