CN104796432A - Data protection method and safety bastion host - Google Patents
Data protection method and safety bastion host Download PDFInfo
- Publication number
- CN104796432A CN104796432A CN201510229746.4A CN201510229746A CN104796432A CN 104796432 A CN104796432 A CN 104796432A CN 201510229746 A CN201510229746 A CN 201510229746A CN 104796432 A CN104796432 A CN 104796432A
- Authority
- CN
- China
- Prior art keywords
- data
- operational order
- severity level
- acl
- access control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a data protection method and a safety bastion host which is connected in series to a path between a client terminal and a server. The method comprises the following steps: acquiring a plurality of data of a server; determining the importance level of each datum, and setting up no operation privilege of a system administrator to data with higher importance level than the set threshold; determining the importance level of data operated by a first operation instruction sent by the system administrator when the first operation instruction is received; and preventing the first operation instruction from access to the data operated by the first operation instruction when the importance level of the data operated by the first operation instruction is higher than the set threshold. According to the scheme, attacking server data by a hacker through acquiring the privilege of the system administrator is avoided through setting no operation privilege of the system administrator to the data with higher importance level than the set threshold, thereby improving the safety performance of the server data.
Description
Technical field
The present invention relates to communication technical field, particularly a kind of data guard method and fort machine.
Background technology
Along with the develop rapidly of the communication technology, the data security of server is even more important.Traditional data guard method can utilize the data security of fort machine Deterministic service device.Wherein, fort machine is a kind of O&M audit series products of data-oriented center, can provide the functions such as single-sign-on, account management, empowerment management and security audit.
The data security of fort machine Deterministic service device is adopted in prior art, by fort machine is connected in series between clients and servers, the data in server are obtained by the system manager of client-side, and the data in server are stored in fort machine, when receiving the access instruction that client sends, need the authority judging client institute access destination data according to this access instruction, only have the client to target data has an authority to access.Wherein, system manager has highest weight limit, has the operating functions such as access, amendment.
But if fort machine suffers assault, hacker obtains the authority of system manager, utilize the highest weight limit access of system manager in fort machine, the data of amendment server, thus cannot the fail safe of Deterministic service device data.
Summary of the invention
In view of this, the invention provides a kind of data guard method and fort machine, with the fail safe of Deterministic service device data.
The invention provides a kind of data guard method, on the path that fort machine is connected between clients and servers, also comprise:
Obtain multiple data of server;
Determine the severity level of each data, and system manager is set to the important data being superior to setting threshold without operating right;
When receiving the first operational order that system manager sends, determine the severity level of data operated by described first operational order;
When determining the severity level of data operated by described first operational order higher than described setting threshold, stop described first operational order to the access of data operated by it.
Preferably,
Comprise further: according to severity level each data higher than described setting threshold, set up Access Control List (ACL), and the application program described Access Control List (ACL) to operating right is set;
Comprise further: when receiving the second operational order that destination application sends, determine the severity level of data operated by described second operational order, when determining the severity level of data operated by described second operational order higher than described setting threshold, judge whether described destination application has operating right to described Access Control List (ACL), judged result be described destination application to described Access Control List (ACL), there is operating right time, described destination application is allowed to operate described Access Control List (ACL), otherwise, described destination application is stoped to operate described Access Control List (ACL).
Preferably,
Comprise further: application program is set at solicit operation severity level higher than redirect operation during described setting threshold data; Described determine the severity level of data operated by described second operational order higher than described setting threshold time, redirect operation is carried out to described second operational order, describedly judges whether described destination application has operating right to described Access Control List (ACL) to perform.
Preferably, comprise further:
Create independently kernel and reinforce keeper, utilize described kernel to reinforce keeper and perform the described severity level determining each data, and system manager is set the important data being superior to setting threshold are operated without operating right.
Preferably, comprise further:
Browser mode is utilized to receive the second operational order of described destination application transmission.
Present invention also offers a kind of fort machine, on described fort machine series connection path between clients and servers, comprising:
Acquiring unit, for obtaining multiple data of server;
Processing unit, for determining the severity level of each data, and arranges system manager to the important data being superior to setting threshold without operating right;
Determining unit, for when receiving the first operational order that system manager sends, determines the severity level of data operated by described first operational order;
Stoping unit, for when determining the severity level of data operated by described first operational order higher than described setting threshold, stoping described first operational order to the access of data operated by it.
Preferably, comprise further:
Set up unit, for according to severity level each data higher than described setting threshold, set up Access Control List (ACL), and the application program described Access Control List (ACL) to operating right is set;
Described determining unit, for when receiving the second operational order that destination application sends, determine the severity level of data operated by described second operational order, when determining the severity level of data operated by described second operational order higher than described setting threshold, judge whether described destination application has operating right to described Access Control List (ACL), judged result be described destination application to described Access Control List (ACL), there is operating right time, described destination application is allowed to operate described Access Control List (ACL), otherwise, described destination application is stoped to operate described Access Control List (ACL).
Preferably, described processing unit, for arranging application program at solicit operation severity level higher than redirect operation during described setting threshold data; Described determine the severity level of data operated by described second operational order higher than described setting threshold time, redirect operation is carried out to described second operational order, describedly judges whether described destination application has operating right to described Access Control List (ACL) to perform.
Preferably, comprise further:
Creating unit, reinforcing keeper for creating independently kernel, utilizing described kernel to reinforce keeper and performing the described severity level determining each data, and arranging system manager and operate without operating right the important data being superior to setting threshold.
Preferably, comprise further:
Receiving element, for the second operational order utilizing browser mode to receive the transmission of described destination application.
Embodiments provide a kind of data guard method and fort machine; by arranging system manager to the important data being superior to setting threshold without operating right; with make system manager to important be superior to the data of setting threshold time; stop system manager to the operation of operating data; thus avoid hacker and carry out attack server data by obtaining the authority of system manager, improve the security performance of server data.
Accompanying drawing explanation
Fig. 1 is the method flow diagram that the embodiment of the present invention provides;
Fig. 2 is the method flow diagram that another embodiment of the present invention provides;
Fig. 3 is the fort machine series connection schematic diagram between a client and a server that the embodiment of the present invention provides;
Fig. 4 is the fort machine structural representation that the embodiment of the present invention provides;
Fig. 5 is the fort machine structural representation that another embodiment of the present invention provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described.Obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
As shown in Figure 1, embodiments provide a kind of data guard method, on the path of connect fort machine between clients and servers, the method can comprise the following steps:
Step 101: the multiple data obtaining server.
Step 102: the severity level determining each data, and system manager is set to the important data being superior to setting threshold without operating right.
Step 103: when receiving the first operational order that system manager sends, determine the severity level of data operated by the first operational order.
Step 104: when determining the severity level of data operated by the first operational order higher than setting threshold, stops the first operational order to the access of data operated by it.
According to such scheme, by arranging system manager to the important data being superior to setting threshold without operating right, with make system manager to important be superior to the data of setting threshold time, stop system manager to the operation of operating data, thus avoid hacker and carry out attack server data by obtaining the authority of system manager, improve the security performance of server data.
In order to improve the security performance of server data further, also need, according to severity level each data higher than setting threshold, to set up Access Control List (ACL), and arrange application program Access Control List (ACL) to operating right; When receiving the second operational order that destination application sends, determine the severity level of data operated by the second operational order, when determining the severity level of data operated by the second operational order higher than setting threshold, judge whether destination application has operating right to Access Control List (ACL), judged result be destination application to Access Control List (ACL), there is operating right time, destination application is allowed to operate Access Control List (ACL), otherwise, stop destination application to operate Access Control List (ACL).
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with drawings and the specific embodiments, the present invention is described in further detail.
As shown in Figure 2, embodiments provide a kind of data guard method, the method can comprise the following steps:
Step 201: configuration fort machine grid, on the path of connect fort machine between clients and servers.
As shown in Figure 3, by by fort machine series connection path between clients and servers, when client needs access services device, fort machine must be passed through, fort machine the key technology such as to fill out by agency by agreement, automatically generation, the single-sign-on of O&M user to remote server can be realized, can effectively prevent client from stoping in time, with the security performance of Deterministic service device data when malice access services device data.
Step 202: at client-side, kernel reinforces keeper logs in fort machine management system by browser, obtains the multiple data of server.
In the present embodiment, in order to separate with the permission section of system manager, a kernel separate with system manager can be created and reinforce keeper and store to realize data to log in fort machine system.Fort machine operating system nucleus, through customized development, recompility, is protected from the system directory of inner nuclear layer storage server account number cipher, file, improves fort machine system safety grade.
In the present embodiment, the mode using browser to log in fort machine can prevent the attack of hacker further.Wherein, the multiple data obtaining server can comprise: the information such as IP address, port, system account, password.
In the present embodiment, the mode connection server that fort machine can be forwarded by agency by agreement, to obtain multiple data of server.Wherein, the O&M pants (3389,22) of server are only open to fort machine, and support the Access Management Access of the class Unix server such as all Windows class servers, RedHat, Solaris, HP-UNIX, AIX.
Step 203: kernel reinforces keeper according to the multiple data of server obtained, and sets the severity level of each data, and set up Access Control List (ACL) according to the data that severity level is greater than setting threshold.
Because the server data that system manager has the inner nuclear layer in fort machine stores in the prior art carries out the highest operating right, therefore hacker is easily made to get the highest operating right of system management in some way, thus the inner nuclear layer in fort machine is attacked, in order to ensure that the significant data that in fort machine, inner nuclear layer is preserved is not attacked, the severity level of each data can be set, such as, the severity level setting IP address is 1, the severity level of port is 3, the severity level of system account is 2, the severity level of password is 3.Wherein, the numeral corresponding to severity level is larger, and its significance level is higher.
Therefore, in the present embodiment, can set a threshold value, such as 2, severity level is greater than the data of this threshold value as significant data, ensure not by assault, the data that can be greater than 2 according to severity level set up Access Control List (ACL).Wherein, Access Control List (ACL) comprises the data message that severity level is greater than 2.
Step 204: kernel reinforces Administrator has operating right application program to Access Control List (ACL), and arranges system manager to Access Control List (ACL) without operating right, and the operating right of setting is stored into the back-up coat of fort machine.
In the present embodiment, in order to prevent hacker from obtaining the authority of system manager, fort machine is attacked, can suitably impair system management authority, such as, system manager is set to Access Control List (ACL) without operating right, namely system manager cannot realize the data higher to severity level included in Access Control List (ACL) and operates, and correspondingly, system manager has operating right to the data that severity level is less than setting threshold.
In the present embodiment, also need to arrange application program Access Control List (ACL) to operating right, application program/etc/ssc/sscservice Access Control List (ACL) to operating right can be set by the mode of signature, such as, setting application A, application program B and application program C has operating right to Access Control List (ACL), so just in application A, application program B and application program C signs, such as, utilize 128 Hash signature algorithms, to the application A of believable fort machine, application program B and application program C signs, it is allowed to operate the object in Access Control List (ACL).Wherein, the any operation of application program to the object in Access Control List (ACL) of believable fort machine can also be set, such as, allow application A to carry out read operation to the object in Access Control List (ACL), allow the operating right that application program B and application program C reads the object in Access Control List (ACL) and revises.
In order to ensure fort machine inner nuclear layer store the fail safe of data, as shown in Figure 3, HOOK technology can be utilized in fort machine to increase back-up coat between client layer and inner nuclear layer, thus in fort machine, construct a MAC layer, the setting of aforesaid operations authority is added in this back-up coat, and setting is redirected function, all needs to be redirected to back-up coat judge to make each operational order, thus the authority of restriction system keeper.In addition, by increasing back-up coat in fort machine, and user-interface and independent kernel is provided to reinforce keeper, the self-defined forced symmetric centralization list to critical system catalogue file.
Step 205: exit the login that kernel reinforces keeper, the finger daemon booting script Dprotect.sh of nuclear hardening program in starting, to protect inner nuclear layer.
Step 206: receive the operational order that client-side sends, according to this operational order, determine the severity level of the data of this operational order institute solicit operation, if the severity level of the data of institute's solicit operation is less than or equal to setting threshold, then allow it to operate the data of institute's solicit operation; Otherwise, continue to perform step 207.
Wherein, browser mode can be utilized to receive the operational order of client-side generation.
Step 207: judge whether this operational order has the operating right of the data to institute's solicit operation, if this operational order is sent by system manager, then perform step 208, if this operational order is sent by the application program of the operating right with Access Control List (ACL), then perform step 209, if this operational order is sent by the application locks of the operating right without Access Control List (ACL), then perform step 208.
Step 208: prompting client, this operational order does not have authority.
Such as, this suggestion content can be: operation is prevented from, and please contact kernel and reinforce keeper.
Step 209: allow the data of this operational order to institute's solicit operation to operate.
From above result, through the safe fort machine system of interior nuclear hardening, kernel level protection can be carried out to operating system critical directories, file, the operating right of restriction system keeper, improve operating system security grade, minimize the consequence that assault causes.
In the present embodiment, this kernel reinforcement technique is invisible to user, and does not affect normal use, but, can prevent hacker attacks after fort machine, utilize system manager to check, revise, delete the server account password of storage, improve the safe class of fort operating system.
According to such scheme, this fort machine is increased income and is adopted open source linux operating system, directly can be communicated with linux kernel interface by kernel reinforcement technique, and between inner nuclear layer and client layer, set up a kind of forced symmetric centralization layer, all must carry out alternately with forced symmetric centralization layer when making application-level request access kernel, after obtaining the license of forced symmetric centralization layer, kernel interface and data could be accessed.
As shown in Figure 4, the embodiment of the present invention additionally provides a kind of fort machine, on fort machine series connection path between clients and servers, comprising:
Acquiring unit 401, for obtaining multiple data of server;
Processing unit 402, for determining the severity level of each data, and arranges system manager to the important data being superior to setting threshold without operating right;
Determining unit 403, for when receiving the first operational order that system manager sends, determines the severity level of data operated by described first operational order;
Stoping unit 404, for when determining the severity level of data operated by described first operational order higher than described setting threshold, stoping described first operational order to the access of data operated by it.
In an embodiment of the invention, as shown in Figure 5, this fort machine may further include:
Set up unit 501, for according to severity level each data higher than described setting threshold, set up Access Control List (ACL), and the application program described Access Control List (ACL) to operating right is set;
Described determining unit 403, for when receiving the second operational order that destination application sends, determine the severity level of data operated by described second operational order, when determining the severity level of data operated by described second operational order higher than described setting threshold, judge whether described destination application has operating right to described Access Control List (ACL), judged result be described destination application to described Access Control List (ACL), there is operating right time, described destination application is allowed to operate described Access Control List (ACL), otherwise, described destination application is stoped to operate described Access Control List (ACL).
Further, described processing unit 402, for arranging application program at solicit operation severity level higher than redirect operation during described setting threshold data; Described determine the severity level of data operated by described second operational order higher than described setting threshold time, redirect operation is carried out to described second operational order, describedly judges whether described destination application has operating right to described Access Control List (ACL) to perform.
Comprise further:
Creating unit 502, reinforcing keeper for creating independently kernel, utilizing described kernel to reinforce keeper and performing the described severity level determining each data, and arranging system manager and operate without operating right the important data being superior to setting threshold.
Receiving element 503, for the second operational order utilizing browser mode to receive the transmission of described destination application.
To sum up, the embodiment of the present invention at least can realize following beneficial effect:
1, by arranging system manager to the important data being superior to setting threshold without operating right, with make system manager to important be superior to the data of setting threshold time, stop system manager to the operation of operating data, thus avoid hacker and carry out attack server data by obtaining the authority of system manager, improve the security performance of server data.
2, by arranging application program Access Control List (ACL) to operating right, the application program only with operating right can access this Access Control List (ACL), thus further increases the security performance of server data.
The content such as information interaction, implementation between each unit in the said equipment, due to the inventive method embodiment based on same design, particular content can see in the inventive method embodiment describe, repeat no more herein.
It should be noted that, in this article, the relational terms of such as first and second and so on is only used for an entity or operation to separate with another entity or operating space, and not necessarily requires or secretly exist between these entities or operation the relation or sequentially of any this reality.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or equipment and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or equipment.When not more restrictions, the key element " being comprised " limited by statement, and be not precluded within process, method, article or the equipment comprising described key element and also there is other identical factor.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can have been come by the hardware that program command is relevant, aforesaid program can be stored in the storage medium of embodied on computer readable, this program, when performing, performs the step comprising said method embodiment; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium in.
Finally it should be noted that: the foregoing is only preferred embodiment of the present invention, only for illustration of technical scheme of the present invention, be not intended to limit protection scope of the present invention.All any amendments done within the spirit and principles in the present invention, equivalent replacement, improvement etc., be all included in protection scope of the present invention.
Claims (10)
1. a data guard method, is characterized in that, on the path of connected between clients and servers by fort machine, also comprises:
Obtain multiple data of server;
Determine the severity level of each data, and system manager is set to the important data being superior to setting threshold without operating right;
When receiving the first operational order that system manager sends, determine the severity level of data operated by described first operational order;
When determining the severity level of data operated by described first operational order higher than described setting threshold, stop described first operational order to the access of data operated by it.
2. method according to claim 1, is characterized in that,
Comprise further: according to severity level each data higher than described setting threshold, set up Access Control List (ACL), and the application program described Access Control List (ACL) to operating right is set;
Comprise further: when receiving the second operational order that destination application sends, determine the severity level of data operated by described second operational order, when determining the severity level of data operated by described second operational order higher than described setting threshold, judge whether described destination application has operating right to described Access Control List (ACL), judged result be described destination application to described Access Control List (ACL), there is operating right time, described destination application is allowed to operate described Access Control List (ACL), otherwise, described destination application is stoped to operate described Access Control List (ACL).
3. method according to claim 2, is characterized in that,
Comprise further: application program is set at solicit operation severity level higher than redirect operation during described setting threshold data; Described determine the severity level of data operated by described second operational order higher than described setting threshold time, redirect operation is carried out to described second operational order, describedly judges whether described destination application has operating right to described Access Control List (ACL) to perform.
4. method according to claim 1, is characterized in that, comprises further:
Create independently kernel and reinforce keeper, utilize described kernel to reinforce keeper and perform the described severity level determining each data, and system manager is set the important data being superior to setting threshold are operated without operating right.
5. method according to claim 2, is characterized in that, comprises further:
Browser mode is utilized to receive the second operational order of described destination application transmission.
6. a fort machine, is characterized in that, on described fort machine series connection path between clients and servers, comprising:
Acquiring unit, for obtaining multiple data of server;
Processing unit, for determining the severity level of each data, and arranges system manager to the important data being superior to setting threshold without operating right;
Determining unit, for when receiving the first operational order that system manager sends, determines the severity level of data operated by described first operational order;
Stoping unit, for when determining the severity level of data operated by described first operational order higher than described setting threshold, stoping described first operational order to the access of data operated by it.
7. fort machine according to claim 6, is characterized in that, comprise further:
Set up unit, for according to severity level each data higher than described setting threshold, set up Access Control List (ACL), and the application program described Access Control List (ACL) to operating right is set;
Described determining unit, for when receiving the second operational order that destination application sends, determine the severity level of data operated by described second operational order, when determining the severity level of data operated by described second operational order higher than described setting threshold, judge whether described destination application has operating right to described Access Control List (ACL), judged result be described destination application to described Access Control List (ACL), there is operating right time, described destination application is allowed to operate described Access Control List (ACL), otherwise, described destination application is stoped to operate described Access Control List (ACL).
8. fort machine according to claim 7, is characterized in that, described processing unit, for arranging application program at solicit operation severity level higher than redirect operation during described setting threshold data; Described determine the severity level of data operated by described second operational order higher than described setting threshold time, redirect operation is carried out to described second operational order, describedly judges whether described destination application has operating right to described Access Control List (ACL) to perform.
9. fort machine according to claim 6, is characterized in that, comprise further:
Creating unit, reinforcing keeper for creating independently kernel, utilizing described kernel to reinforce keeper and performing the described severity level determining each data, and arranging system manager and operate without operating right the important data being superior to setting threshold.
10. fort machine according to claim 8, is characterized in that, comprise further:
Receiving element, for the second operational order utilizing browser mode to receive the transmission of described destination application.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510229746.4A CN104796432A (en) | 2015-05-07 | 2015-05-07 | Data protection method and safety bastion host |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510229746.4A CN104796432A (en) | 2015-05-07 | 2015-05-07 | Data protection method and safety bastion host |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104796432A true CN104796432A (en) | 2015-07-22 |
Family
ID=53560944
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510229746.4A Pending CN104796432A (en) | 2015-05-07 | 2015-05-07 | Data protection method and safety bastion host |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104796432A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108667802A (en) * | 2018-03-30 | 2018-10-16 | 全球能源互联网研究院有限公司 | A kind of monitoring method and system of electric power application network safety |
| CN110099060A (en) * | 2019-05-07 | 2019-08-06 | 瑞森网安(福建)信息科技有限公司 | A kind of network information security guard method and system |
| CN110351228A (en) * | 2018-04-04 | 2019-10-18 | 阿里巴巴集团控股有限公司 | Remote entry method, device and system |
| CN110557282A (en) * | 2019-08-23 | 2019-12-10 | 北京浪潮数据技术有限公司 | Server operation and maintenance management method, device and equipment |
| CN111125039A (en) * | 2018-10-30 | 2020-05-08 | 华为技术有限公司 | Method and device for generating operation log |
| CN114254384A (en) * | 2021-12-10 | 2022-03-29 | 卫宁健康科技集团股份有限公司 | Medical data calling method and device and computer equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101051937A (en) * | 2006-05-10 | 2007-10-10 | 华为技术有限公司 | User's power managing method and system based on XML |
| CN102799645A (en) * | 2012-06-28 | 2012-11-28 | 用友软件股份有限公司 | Security search device and method |
| CN102891840A (en) * | 2012-06-12 | 2013-01-23 | 北京可信华泰信息技术有限公司 | Three power separation-based information security management system and information security management method |
| CN103441986A (en) * | 2013-07-29 | 2013-12-11 | 中国航天科工集团第二研究院七〇六所 | Data resource security control method in thin client mode |
| CN103581001A (en) * | 2012-07-24 | 2014-02-12 | 深圳市中兴移动通信有限公司 | Gateway system with cloud storage and data interaction method applied to system |
-
2015
- 2015-05-07 CN CN201510229746.4A patent/CN104796432A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101051937A (en) * | 2006-05-10 | 2007-10-10 | 华为技术有限公司 | User's power managing method and system based on XML |
| CN102891840A (en) * | 2012-06-12 | 2013-01-23 | 北京可信华泰信息技术有限公司 | Three power separation-based information security management system and information security management method |
| CN102799645A (en) * | 2012-06-28 | 2012-11-28 | 用友软件股份有限公司 | Security search device and method |
| CN103581001A (en) * | 2012-07-24 | 2014-02-12 | 深圳市中兴移动通信有限公司 | Gateway system with cloud storage and data interaction method applied to system |
| CN103441986A (en) * | 2013-07-29 | 2013-12-11 | 中国航天科工集团第二研究院七〇六所 | Data resource security control method in thin client mode |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108667802A (en) * | 2018-03-30 | 2018-10-16 | 全球能源互联网研究院有限公司 | A kind of monitoring method and system of electric power application network safety |
| CN110351228A (en) * | 2018-04-04 | 2019-10-18 | 阿里巴巴集团控股有限公司 | Remote entry method, device and system |
| CN111125039A (en) * | 2018-10-30 | 2020-05-08 | 华为技术有限公司 | Method and device for generating operation log |
| CN111125039B (en) * | 2018-10-30 | 2022-06-10 | 华为技术有限公司 | Method and device for generating operation log |
| CN110099060A (en) * | 2019-05-07 | 2019-08-06 | 瑞森网安(福建)信息科技有限公司 | A kind of network information security guard method and system |
| CN110557282A (en) * | 2019-08-23 | 2019-12-10 | 北京浪潮数据技术有限公司 | Server operation and maintenance management method, device and equipment |
| CN114254384A (en) * | 2021-12-10 | 2022-03-29 | 卫宁健康科技集团股份有限公司 | Medical data calling method and device and computer equipment |
| CN114254384B (en) * | 2021-12-10 | 2023-10-20 | 卫宁健康科技集团股份有限公司 | Medical data retrieval method and device and computer equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Islam et al. | A classification and characterization of security threats in cloud computing | |
| KR101877732B1 (en) | Validating the identity of a mobile application for mobile application management | |
| CN104796432A (en) | Data protection method and safety bastion host | |
| US10354070B2 (en) | Thread level access control to socket descriptors and end-to-end thread level policies for thread protection | |
| WO2015096695A1 (en) | Installation control method, system and device for application program | |
| CN105991595A (en) | Network security protection method and device | |
| US10768941B2 (en) | Operating system management | |
| US9485271B1 (en) | Systems and methods for anomaly-based detection of compromised IT administration accounts | |
| EP3014847A1 (en) | Secure hybrid file-sharing system | |
| KR100788256B1 (en) | System for monitoring web server fablication using network and method thereof | |
| Gupta et al. | Taxonomy of cloud security | |
| US20070079364A1 (en) | Directory-secured packages for authentication of software installation | |
| WO2010082166A1 (en) | Methods and systems for securing and protecting repositories and directories | |
| CN113821305B (en) | Cloud password service calling method based on Docker and middleware system | |
| CN105528543A (en) | Remote antivirus method, client, console and system | |
| CN103430153B (en) | Inoculator and antibody for computer security | |
| US10158623B2 (en) | Data theft deterrence | |
| Kumar et al. | A survey on cloud computing security threats and vulnerabilities | |
| Kang et al. | A strengthening plan for enterprise information security based on cloud computing | |
| US20170024560A1 (en) | Blocking Routine Redirection | |
| KR102611045B1 (en) | Various trust factor based access control system | |
| Xiao-tao et al. | Research on service-oriented cloud computing information security mechanism | |
| Jouini et al. | Security problems in cloud computing environments: A deep analysis and a secure framework | |
| CN112162967A (en) | Mimicry storage system and method for industrial control system data security | |
| CN114297652B (en) | Endorsement chain system capable of preventing unknown network attack |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150722 |
|
| WD01 | Invention patent application deemed withdrawn after publication |