Abstract: This paper introduces an access control mechanism called PBAC (process-based access control), which models from the active process, based on the access control model of current operating system, according to the role of process, the process privilege is assigned and managed in more detail. It enhances information confidentiality, integrity and controllability, and reduces the malicious code threat to the computer system. The basic concepts of PBAC are introduced and a formalization description is given, and the implementation in the Windows platform is discussed.

Key words: Information security, Process-based access control, Malicious code, Security model, Z language

摘要： 介绍了一种基于进程的访问控制机制PBAC，它从活动进程的角度建模，在基于操作系统现有的访问控制模型基础上，依据进程的具体作用，对其权限进行了进一步的细粒度分配管理，使信息的保密性、完整性、可控性得到加强，从而最大程度地降低有害程序对计算机系统的威胁。介绍了PBAC 的基本概念，对模型进行了形式化描述，讨论了在Windows下的具体实现。

关键词: 信息安全, 基于进程的访问控制, 有害代码, 安全模型, Z语言