Abstract: An apparatus for providing a trusted channel among secure operating systems (OSs) to which a mandatory access control (MAC) policy is applied includes on a data transmission side a trusted channel sub system, a MAC module and a kernel memory. The apparatus further includes on a data reception side a trusted channel system and a kernel memory. By using the apparatus, the contents of data can be prevented from being exposed even in case the packet is intercepted while being transmitted since the packet is encrypted. Furthermore, even though the contents of the data packet are replaced with malicious contents, such modulation of data can be detected by examining the integrity of the packet through the use of authentication data.

Abstract: Disclosed is an access control method using a token having security attributes in a computer system when a user gains access to a specific file. The computer system adopts a token having encryption, modification, execution, and provision attributes to determine access permission or access denial between a user and a file in such a way that a file access request is controlled. The access control method enciphers a file and stores the enciphered file in a storage unit, so that it can maintain security of the file even though the storage unit is stolen. The access control method enables a system manager to read only enciphered contents of the file when the system manager performs a data backup operation, thereby eliminating limitations in commonly operating a system simultaneously with maintaining file security.

Abstract: A file security system uses a security class set by an access control module. The file security system includes a disk, a kernel memory and an encryption file system. The disk includes a key file in which an encryption key corresponding to the security class is stored and a file encoded by the encryption key. The encryption key stored in the disk is loaded into the kernel memory when the file security system starts operating. The encryption file system extracts an encryption key corresponding to a security class of a file that a user intends to read or store; decodes or encodes the file by using the extracted encryption key; and then provides the decoded file to the user or stores the encoded file in the disk.

Abstract: Disclosed herein is a method of providing a trusted path between a client and a system using an access control processing technique. The method of providing a trusted path between a client and a system includes the step of determining whether access to resources of the system will be permitted or refused on the basis of access control rules and databased attributes set by a security administrator. Thereafter, the client is notified of permission for or refusal of the access in accordance with the result of the determination.