CN110750802A - Framework for protecting key data based on mimicry defense - Google Patents
Framework for protecting key data based on mimicry defense Download PDFInfo
- Publication number
- CN110750802A CN110750802A CN201910972845.XA CN201910972845A CN110750802A CN 110750802 A CN110750802 A CN 110750802A CN 201910972845 A CN201910972845 A CN 201910972845A CN 110750802 A CN110750802 A CN 110750802A
- Authority
- CN
- China
- Prior art keywords
- mimicry
- distributor
- redundant
- heterogeneous
- acl
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a framework for protecting key data based on mimicry defense, which comprises a heterogeneous redundant executive body, a distributor, a resolver and a mimicry converter, wherein the heterogeneous redundant executive body is used for executing a plurality of tasks; inputting excitation from the distributor, and entering a heterogeneous redundant execution body, wherein the mimicry converter is connected with the distributor, the resolver and the mimicry converter, and performs mimicry conversion through dynamic scheduling and negative feedback control; the heterogeneous redundant executive body processes the input excitation of the distributor and outputs the processed excitation to the resolver, and the resolver outputs a response; according to the technical scheme, the data protection is carried out by using the framework, so that the difficulty of stealing and tampering the protected data can be greatly improved, and the key data can be better protected.
Description
Technical Field
The invention belongs to the technical field of protection of key data, and particularly relates to a framework for protecting the key data based on mimicry defense.
Background
Today, networks and information systems have become the infrastructure for human society to operate. However, with the rapid development of networks and information technology, information security issues become more severe. Therefore, the information security problem is also increasingly emphasized by various countries in the world. For the problem of information security, the traditional defense technology and means mostly adopt sheep-death reinforcement type defense, and the targeted 'point' type defense needs to be carried out by relying on an attack technology as priori knowledge. While the loophole and the backdoor are important entrances for attackers to successfully carry out attack behaviors, but the loophole and the backdoor are taken as defensive parties and have no ability to master all loopholes and backdoors, the traditional defense technology adopts accurate plugging or killing of the exposed loophole backdoor, and obviously, the traditional defense technology is not suitable for the backdoor restraint of unknown loopholes.
Mimicry defense is a revolutionary defense technology which is initiated in China in recent years and changes game rules, and theories and related technologies are developed rapidly at present. The mimicry defense is based on a relatively correct axiom, the structure determination safety is taken as a core idea, and a system applying the mimicry defense technology can deal with unknown security threats through a Dynamic Heterogeneous redundant architecture (DHR), so that the system has endogenous high safety and high reliability. The mimicry defense is a novel active defense technology, allows an executive body completing business functions to be toxic and bacteria-carrying, can simultaneously and effectively deal with the safety threat brought by known and unknown loopholes and is a 'surface' type defense. The mimicry defense guarantees the dynamics and the variability of a mimicry defense system through a dynamic scheduling mechanism and a negative feedback control mechanism, guarantees the robustness of the system and the active cognition of the attack behavior through a multi-mode arbitration mechanism, and can be understood by means of the first attached drawing.
As advanced productivity of human society, information technology is data representing material forms of wealth brought to human beings. Files, images, videos, applications, and the like belong to data, and therefore, protection of the data is crucial. Important data leakage, tampering, loss and other events occur frequently, the technical means of data protection are various, but an effective method is to encrypt data to achieve the effect of 'one doctor turning off'. However, the security of encrypting data depends on the complexity of encryption algorithm and key, and there is still a possibility of being cracked because the complexity of data encryption increases the overhead and at the same time it is a static and single protection means.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides an architecture for protecting key data based on a mimicry defense technology, and the difficulty of stealing and tampering the protected data can be greatly improved by applying the architecture to protect the data.
In order to solve the technical problems, the invention provides the following specific technical scheme:
an architecture for protecting key data based on a mimicry defense technology comprises a heterogeneous redundancy executive body, a distributor, a resolver and a mimicry converter; inputting excitation from the distributor, and entering a heterogeneous redundant execution body, wherein the mimicry converter is connected with the distributor, the resolver and the mimicry converter, and performs mimicry conversion through dynamic scheduling and negative feedback control; the heterogeneous redundant executive body processes the input excitation of the distributor and outputs the processed excitation to the resolver, and the resolver outputs corresponding excitation.
Preferably, a dynamic scheduler is included in the mimicry transformer to implement a dynamic scheduling mechanism.
Preferably, the mimic converter is provided with control parameters; the mimicry converter is connected to a functionally equivalent isomer pool.
Preferably, the heterogeneous redundant executives include a plurality of heterogeneous executives to form an executor pool, and the service functions of the heterogeneous executives are encryption and decryption functions for data.
Preferably, the distributor comprises two distributors, an encryption distributor and a decryption distributor.
Preferably, the arbitrator performs multi-mode arbitration according to the arbitration parameters, and generates correct output and throw-out problem input according to the arbitration result.
Preferably, the dynamic scheduler dynamically schedules the heterogeneous redundant executors according to a policy.
Preferably, the invention also discloses a protection method for protecting the architecture aiming at the key data based on the mimicry defense technology, which comprises the following steps:
the first step is as follows: and (3) encryption process: and the plaintext ACL is copied through the encryption distributor, the copy number is consistent with the number of the on-line executors, and the redundant plaintext ACL is paired with the on-line executors without distinguishing marks.
The second step is that: and (3) decryption process: the redundant ciphertext ACL is paired with the 'on-line' executor through the decryption distributor according to the executor distinguishing mark.
The third step: and (3) a judging process: the arbitration decision is slightly based on the Hash fingerprint comparison of the data, and the process is packaged in an arbitrator. And obtaining a redundant fingerprint vector after the redundant plaintext ACL is subjected to the same Hash operation, and then performing multi-mode judgment.
The fourth step: and (3) dynamic scheduling process: and dynamically scheduling the heterogeneous encryption and decryption execution bodies by adopting a certain dynamic scheduling strategy, and determining an 'online' execution body.
Preferably, in the first step, after pairing without distinguishing mark, the pairing is encrypted by each 'online' execution body to become a redundant ciphertext ACL, and the execution body distinguishing mark is marked
Preferably, in the second step, after the pairing is performed, the redundant plaintext ACL is obtained after decryption by each "online" execution body.
Preferably, in the third step, if the redundant fingerprint vectors are inconsistent, it is determined that a tampered ACL exists, at this time, the problem ACL is thrown out and processed according to other designs, and the arbitrator shields the influence caused by tampering and outputs a correct plaintext ACL.
Preferably, the invention also discloses an operation excitation method for protecting the architecture aiming at the key data based on the mimicry defense technology, and the operation excitation method comprises the following steps:
the first step is as follows: and (3) initializing excitation: the process that MDADA will undergo at its excitation is d → a, which occurs during MDADA host system initialization.
The second step is that: access control query stimulus: what happens when an access request is intercepted and needs to be compared to an ACL is the process that MDADA will go through under its stimulus is a query comparison of b → c → ACL.
The third step: access control modification stimuli: the process that MDADA will go through under its stimulus when a lawful modification update operation on an ACL occurs is b → c → a modification update of the ACL → a.
The fourth step: and (3) dynamic scheduling excitation: the processes that MDADA will go through under its incentives are b → c, d → a (c and d may be done simultaneously), which occurs when heterogeneous redundancy executors are dynamically scheduled according to policy.
Preferably, the encryption and decryption isomerization dimensions are three, namely ① encryption and decryption algorithm isomerization, ② encryption and decryption key isomerization and ③ implementation mode isomerization (such as programming language, coding style and the like).
Preferably, the architecture of the protection can improve the security by enhancing the complexity of the corresponding algorithm, key, process, etc., optimize the corresponding algorithm, process, etc., and improve the performance.
Preferably, the hash storage and hiding of the redundant ciphertext ACL may be combined with some encryption techniques, such as putting it into a "dongle".
Preferably, the encryption/decryption algorithm, the auxiliary key generation algorithm, and the like may be implemented in an FPGA (Field-programmable gate array) manner.
Compared with the prior art, the invention has the beneficial effects that:
1. the framework for protecting the key data based on the mimicry defense technology enables the attack surface of the data to be in dynamic change through the dynamic scheduling encryption and decryption execution body, overcomes the defect that the logic can be analyzed indefinitely in the traditional static encrypted data, and effectively prevents the data from being leaked.
2. According to the framework for protecting the key data based on the mimicry defense technology, the difficulty of decrypting and tampering the data is improved by times compared with the single breaking difficulty of the traditional static encryption by combining the limitation of heterogeneous redundant data encryption and multi-mode arbitration.
3. The invention relates to a framework for protecting key data based on a mimicry defense technology, which can effectively resist destructive attack of key data deletion by utilizing a redundancy idea and combining a necessary data hash storage and hiding technology.
4. The framework for protecting the key data based on the mimicry defense technology ensures that the normal output of the key data and the correctness of the key data can be ensured even if a few redundant ciphertexts are successfully tampered and attacked through the guarantee of multi-mode arbitration in the aspect of robustness.
Drawings
FIG. 1 is a diagram of the proposed dynamic, heterogeneous, redundant architecture (DHR) for stateful defense.
FIG. 2 is a diagram of the proposed data attack defense architecture (MDADA).
FIG. 3 is a schematic representation of the isomerization dimensions of the present invention.
Fig. 4 is a logical schematic block diagram of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
For the protection of data in an information system, different types of data have different protection strengths according to the importance degree of the data, otherwise, the breakthrough of the key data protection even threatens the whole protection system. Therefore, improper protection processing of the critical data becomes a security weak link of the whole information system. For example, for Access Control Lists (ACLs) maintained by firewalls, if malicious theft and tampering can occur, Access control will be meaningless and the entire information system will be exposed to security threats. The following uses the ACL protection problem as a use case to describe the details of the present invention.
Mechanism of operation
The present invention introduces a mimicry defense mechanism. The mimicry Defense has different degrees of difference in specific application, and finally presented mechanism architectures are different, so that the Data protection is mimicry constructed from a dynamic, heterogeneous and redundant architecture (DHR) of the mimicry Defense, a brand-new and unique mechanism architecture is formed, and a mimicry Defense architecture (MDADA) for preventing Data Attack can be understood by means of a second attached drawing.
The specific working mechanism of MDADA using ACL protection as a use case is as follows:
1-2, an architecture for protecting critical data based on a mimicry defense technique, comprising a heterogeneous redundant executor, a distributor, a resolver, and a dynamic scheduler; heterogeneous redundant executives: all heterogeneous redundant executors form an executors pool, and the service functions of the executors are encryption and decryption functions of data. It is emphasized that the heterogeneous redundant executables are abstract, as will be explained in the analysis of the heterogeneous dimensions. A distributor: the system comprises two distributors, namely an encryption distributor and a decryption distributor. A resolver: and performing multi-mode judgment, and generating correct output and throw-out problem input according to a judgment result. And (3) a dynamic scheduler: and dynamically scheduling the heterogeneous redundant executives according to the strategy.
In fig. 2, solid arrows indicate control flows, and dashed arrows indicate data flows.
The invention also discloses a protection method for protecting the architecture aiming at the key data based on the mimicry defense technology, which comprises the following steps:
the first step is as follows: and (3) encryption process: and the plaintext ACL is copied by the encryption distributor, the number of copies is consistent with the number of the on-line executors, the redundant plaintext ACL is paired with the on-line executors without distinguishing marks, and the redundant plaintext ACL becomes a redundant ciphertext ACL after being encrypted by each on-line executors, and the execution distinguishing marks are marked.
The second step is that: and (3) decryption process: and the redundant ciphertext ACL is paired with the on-line execution body through the decryption distributor according to the execution body distinguishing mark, and becomes the redundant plaintext ACL after being decrypted by each on-line execution body.
The third step: and (3) a judging process: the arbitration decision is slightly based on the Hash fingerprint comparison of the data, and the process is packaged in an arbitrator. And obtaining a redundant fingerprint vector after the redundant plaintext ACL is subjected to the same Hash operation, and then performing multi-mode judgment. If the redundant fingerprint vectors are inconsistent, the fact that the ACL is tampered is indicated, the problem ACL is thrown out and is processed according to other designs, meanwhile, the resolver shields the influence caused by tampering, and the correct plaintext ACL is output.
The fourth step: and (3) dynamic scheduling process: and dynamically scheduling the heterogeneous encryption and decryption execution bodies by adopting a certain dynamic scheduling strategy, and determining an 'online' execution body.
Analytical evaluation
MDADA analysis using ACL protection as a case:
for innovativeness, the mimicry defense of the invention can protect heterogeneous redundant executors in mimicry brackets, and MDADA introduced by using ACL protection as a use case takes protected objects as data, namely, the invention enables the mimicry defense to be used for data protection. The innovation opens up a new way for the development of a mimicry defense theoretical system, and simultaneously provides a new idea and means for solving the problem of data protection.
For the isomerization dimension, the encryption and decryption isomerization dimensions given by the invention are three:
① the encryption and decryption algorithms are heterogeneous.
② encryption and decryption keys are isomerized.
③ implement isomerization (e.g., programming language, coding style, etc.).
According to the method, matching is carried out on different dimensions, a plurality of combined isomerization vectors can be derived, so that the isomerization mode is richer, and the reason why the heterogeneous redundancy execution body in the MDADA has abstraction can be understood by the aid of the three drawings. As shown in fig. 3, the X dimension is the isomerization degree of the encryption and decryption algorithm; y dimension is the isomerization degree of the encryption and decryption keys; the Z dimension is the degree of isomerization of the implementation.
As for the lifting means, the technical scheme of the invention also has a plurality of lifting means in the aspects of safety, performance and the like. The complexity of corresponding algorithms, keys, processes and the like is enhanced, the safety can be improved, and the performance can be improved by optimizing the realization of corresponding algorithms, processes and the like. In addition, the prior art can be used, for example: in terms of security, the hash storage and hiding of the redundant ciphertext ACL can be combined with some encryption technologies, for example, the redundant ciphertext ACL is put into a software dongle to be a good choice; in terms of performance, the encryption and decryption algorithm, the auxiliary key generation algorithm and the like can be realized in an FPGA (Field-Programmable Gate Array) mode, the method for realizing the algorithm in a hardware mode can certainly improve the operation speed, and the possibility that the hardware logic is reversed is far lower than that of software logic in a binary form.
MDADA evaluation using ACL protection as a case:
safety feature
It is emphasized here that the theory of mimicry defense has been clarified, and the theory of safety protection made by it can be broken through in the category of social engineering, which is the universality of mimicry defense and other defense techniques.
If an attacker wants to successfully tamper the ACL file, at least the first two capabilities of the following three capabilities need to be simultaneously provided. First, it has the ability to obtain most of the redundant ciphertext ACLs, and as mentioned above, we can use some existing sophisticated techniques to hash and hide the redundant ciphertext ACLs. Second, having the ability to decrypt and uniformly tamper with most redundant ciphertext ACLs and then re-encrypt and replace them requires that an attacker be able to reverse the corresponding encryption and decryption logic. Third, the ability to obtain its corresponding key for a particular ciphertext ACL requires that an attacker be able to reverse out the key generation logic. By analyzing the three abilities, when an attacker does not have the third ability, obtaining the key in a violent exhaustion mode is theoretically guaranteed, but in an actual process, a great cost is paid and a final result is unknown. The attacker needs to have at least the first two capabilities to have the possibility of realizing joint escape under the so-called multi-mode voting mechanism. However, the process of acquiring these abilities is extremely complex, and in addition, a dynamic scheduling mechanism enables the MDADA to be in dynamic change, so that cryptography and dynamics act together, the complexity of cryptography makes it difficult for an attacker to have the abilities in a short time, the dynamics makes an attacker time-critical and can make the effort of the attacker be abandoned, and the attacker wants to attack successfully is extremely difficult.
Loss of performance
The increased loss in performance of the information system using the present invention, as compared to the legacy information system not using the present invention, is mainly caused by the newly added MDADA. From the foregoing, it can be seen that the performance loss generated by MDADA using ACL protection as a case occurs during its operation, which is driven by the four aforementioned operation stimuli. Such performance loss is inevitable in order to obtain a safety gain brought about after its operation. However, this level of performance loss is acceptable and can be reduced using some means.
It is assumed that the protection of the ACL by the original system is a single form of encryption and decryption protection. By contrast, the redundant encryption and decryption executors of the MDADA in the multi-core environment can be executed in parallel, and the speed of the redundant encryption and decryption executors to complete the encryption and decryption process depends on the executors with the slowest operation speed, and when the speed is compared with the original system in the same system process, the performance loss at the time is related to the quality of the redundant executors carrying the encryption and decryption algorithm. The performance loss additionally caused by MDADA also includes an arbitration process, a distribution pairing process, a process caused by dynamic scheduling, and the like, and is also strongly related to the superiority and inferiority of implementing these processes.
The rationality of MDADA use is also an important factor in the high and low performance losses. The MDADA using ACL protection as a case is described above, and the ACL protected by the MDADA is a "key weak link" of a firewall, and the ACL has specificity and criticality. In contrast, if MDADA is abused (without considering the hardware performance, the number of files, the importance of files, etc.) in the whole file system, the disadvantages of the large file system volume, the difficult management, the serious performance loss, etc. are undoubtedly brought about, so that the rationality of the use of the architecture in the specific application has a great influence on the performance.
Example 2
1-2, an architecture for protecting critical data based on a mimicry defense technique, comprising a heterogeneous redundant executor, a distributor, a resolver, and a dynamic scheduler; heterogeneous redundant executives: all heterogeneous redundant executors form an executors pool, and the service functions of the executors are encryption and decryption functions of data. It is emphasized that the heterogeneous redundant executables are abstract, as will be explained in the analysis of the heterogeneous dimensions. A distributor: the system comprises two distributors, namely an encryption distributor and a decryption distributor. A resolver: and performing multi-mode judgment, and generating correct output and throw-out problem input according to a judgment result. And (3) a dynamic scheduler: and dynamically scheduling the heterogeneous redundant executives according to the strategy.
In fig. 2, solid arrows indicate control flows, and dashed arrows indicate data flows.
The invention also discloses a protection method for protecting the architecture aiming at the key data based on the mimicry defense technology, which comprises the following steps:
the first step is as follows: and (3) encryption process: and the plaintext ACL is copied by the encryption distributor, the number of copies is consistent with the number of the on-line executors, the redundant plaintext ACL is paired with the on-line executors without distinguishing marks, and the redundant plaintext ACL becomes a redundant ciphertext ACL after being encrypted by each on-line executors, and the execution distinguishing marks are marked.
The second step is that: and (3) decryption process: and the redundant ciphertext ACL is paired with the on-line execution body through the decryption distributor according to the execution body distinguishing mark, and becomes the redundant plaintext ACL after being decrypted by each on-line execution body.
The third step: and (3) a judging process: the arbitration decision is slightly based on the Hash fingerprint comparison of the data, and the process is packaged in an arbitrator. And obtaining a redundant fingerprint vector after the redundant plaintext ACL is subjected to the same Hash operation, and then performing multi-mode judgment. If the redundant fingerprint vectors are inconsistent, the fact that the ACL is tampered is indicated, the problem ACL is thrown out and is processed according to other designs, meanwhile, the resolver shields the influence caused by tampering, and the correct plaintext ACL is output.
The fourth step: and (3) dynamic scheduling process: and dynamically scheduling the heterogeneous encryption and decryption execution bodies by adopting a certain dynamic scheduling strategy, and determining an 'online' execution body.
As shown in fig. 4, the present invention also discloses an operation excitation method for protecting a framework based on a mimicry defense technology with respect to key data, the operation excitation method includes the following steps:
the first step is as follows: and (3) initializing excitation: the process that MDADA will undergo at its excitation is d → a, which occurs during MDADA host system initialization.
The second step is that: access control query stimulus: i.e., a business request, occurs when an access request is intercepted and needs to be compared to an ACL, the process that MDADA will go through under its stimulus is a query comparison of b → c → ACL.
The third step: access control modification stimuli: the process that MDADA will go through under its stimulus when a lawful modification update operation on an ACL occurs is b → c → a modification update of the ACL → a.
The fourth step: and (3) dynamic scheduling excitation: the processes that MDADA will go through under its incentives are b → c, d → a (c and d may be done simultaneously), which occurs when heterogeneous redundancy executors are dynamically scheduled according to policy.
Compared with the prior art, the framework for protecting the key data based on the mimicry defense technology enables the attack surface of the data to be in dynamic change through the dynamic scheduling encryption and decryption executive body, overcomes the defect that the logic can be analyzed indefinitely in the traditional static encrypted data, and effectively prevents the data from being leaked. The difficulty of decrypting and tampering the data is improved by more than multiple times compared with the single-property breaking difficulty of the traditional static encryption by the limit of heterogeneous redundant data encryption and multi-mode arbitration. By utilizing the redundancy idea and combining with the necessary data hash storage and hiding technology, the destructive attack of key data deletion can be effectively resisted. In the aspect of robustness, normal output of key data and correctness of the key data can be guaranteed even if a few redundant ciphertexts are subjected to successful tampering attack through multi-mode arbitration.
In addition, the technical scheme of the invention can greatly improve the difficulty of stealing and tampering the protected data by using the framework to protect the data.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (8)
1. An architecture for protecting key data based on mimicry defense is characterized by comprising a heterogeneous redundancy executive body, a distributor, a resolver and a mimicry converter; inputting excitation from the distributor, and entering a heterogeneous redundant execution body, wherein the mimicry converter is connected with the distributor, the resolver and the mimicry converter, and performs mimicry conversion through dynamic scheduling and negative feedback control; the heterogeneous redundant executives process the input excitation of the distributor and output the processed excitation to the arbitrator, and the arbitrator outputs the response.
2. The architecture for protecting against critical data based on mimicry defense of claim 1, wherein: the mimicry transformer includes a dynamic scheduler to implement a dynamic scheduling mechanism.
3. An architecture for protection against critical data based on mimicry defense according to claim 1 or 2, characterized in that: control parameters are set in the mimicry converter; the mimicry converter is connected to a functionally equivalent isomer pool.
4. An architecture for protecting against critical data based on mimicry defense as claimed in any one of claims 1-3 wherein: the heterogeneous redundant executors comprise a plurality of heterogeneous executors to form an executer pool, and the service functions of the heterogeneous executors are encryption and decryption functions of data.
5. The architecture for protecting against critical data based on mimicry defense of claim 1, wherein: the distributor comprises two distributors, an encryption distributor and a decryption distributor.
6. The architecture for protecting against critical data based on mimicry defense of claim 1, wherein: the arbitrator carries out multi-mode arbitration according to the arbitration parameters, and generates correct output and throw-out problem input according to the arbitration result.
7. The architecture for protecting against critical data based on mimicry defense of claim 1, wherein: and the dynamic scheduler dynamically schedules the heterogeneous redundant executives according to the strategy.
8. A protection method for protecting architecture against critical data based on mimicry defense according to any of claims 1-7, characterized in that the protection method comprises the following steps:
the first step is as follows: and (3) encryption process: the plaintext ACL is copied through the encryption distributor, the number of copies is consistent with the number of the on-line executors, and the redundant plaintext ACL is paired with the on-line executors without distinguishing marks;
the second step is that: and (3) decryption process: the redundant ciphertext ACL is matched with an online executive body through a decryption distributor according to the executive body distinguishing mark;
the third step: and (3) a judging process: the arbitration decision is slightly based on the Hash fingerprint comparison of the data, and the process is packaged in an arbitrator. Obtaining a redundant fingerprint vector after the redundant plaintext ACL is subjected to the same Hash operation, and then performing multi-mode judgment;
the fourth step: and (3) dynamic scheduling process: and dynamically scheduling the heterogeneous encryption and decryption execution bodies by adopting a certain dynamic scheduling strategy, and determining an 'online' execution body.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910972845.XA CN110750802B (en) | 2019-10-14 | 2019-10-14 | Framework for protecting key data based on mimicry defense |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910972845.XA CN110750802B (en) | 2019-10-14 | 2019-10-14 | Framework for protecting key data based on mimicry defense |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110750802A true CN110750802A (en) | 2020-02-04 |
| CN110750802B CN110750802B (en) | 2023-01-10 |
Family
ID=69278210
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910972845.XA Active CN110750802B (en) | 2019-10-14 | 2019-10-14 | Framework for protecting key data based on mimicry defense |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110750802B (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110995409A (en) * | 2020-02-27 | 2020-04-10 | 南京红阵网络安全技术研究院有限公司 | Mimicry defense arbitration method and system based on partial homomorphic encryption algorithm |
| CN111478970A (en) * | 2020-04-13 | 2020-07-31 | 国网福建省电力有限公司 | Power grid Web application mimicry defense system |
| CN111600836A (en) * | 2020-04-02 | 2020-08-28 | 之江实验室 | Device and method for ensuring TCP connection normalization of redundant execution body |
| CN111638951A (en) * | 2020-04-30 | 2020-09-08 | 河南信大网御科技有限公司 | Mimicry judging device and method, mimicry defense system and mimicry server |
| CN111859390A (en) * | 2020-07-06 | 2020-10-30 | 河南信大网御科技有限公司 | Mimicry bracket device, defense method and defense architecture |
| CN111859389A (en) * | 2020-07-06 | 2020-10-30 | 河南信大网御科技有限公司 | Mimicry bracket device, method and architecture based on flow control verification strategy |
| CN111935071A (en) * | 2020-06-18 | 2020-11-13 | 华南理工大学 | Multilayer mimicry defense method, device, storage medium and multilayer mimicry system |
| CN112202645A (en) * | 2020-11-12 | 2021-01-08 | 福州大学 | Measuring system based on mimicry defense and Sketch algorithm and abnormal flow detection method |
| CN112367289A (en) * | 2020-09-11 | 2021-02-12 | 浙江大学 | Mimicry WAF construction method |
| CN112367288A (en) * | 2020-05-25 | 2021-02-12 | 河南信大网御科技有限公司 | Single mimicry bracket device, method, readable storage medium and mimicry defense architecture |
| CN112417458A (en) * | 2020-11-18 | 2021-02-26 | 中国人民解放军战略支援部队信息工程大学 | Network data message programmable processing device with endogenous safety |
| CN112422540A (en) * | 2020-11-09 | 2021-02-26 | 浙江大学 | Dynamic transformation method for executive body in mimicry WAF |
| CN112491803A (en) * | 2020-11-03 | 2021-03-12 | 浙江大学 | Method for judging executive in mimicry WAF |
| CN112637240A (en) * | 2020-12-31 | 2021-04-09 | 河南信大网御科技有限公司 | Method, system and readable storage medium for preventing protocol message from being tampered under mimicry environment |
| WO2021179449A1 (en) * | 2020-03-09 | 2021-09-16 | 南京红阵网络安全技术研究院有限公司 | Mimic defense system based on certificate identity authentication, and certificate issuing method |
| CN114745150A (en) * | 2022-02-24 | 2022-07-12 | 中电科数字科技(集团)有限公司 | Web application-oriented redundancy consistency detection arbitration method and system |
| CN115225311A (en) * | 2022-05-20 | 2022-10-21 | 中国人民解放军战略支援部队信息工程大学 | Mimic bracket ciphertext proxy method and system based on openSSL transformation |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2001062128A (en) * | 1999-08-26 | 2001-03-13 | Samii Kk | Verification method of game machine, game machine, and verification device |
| CN102890758A (en) * | 2012-10-11 | 2013-01-23 | 北京深思洛克软件技术股份有限公司 | Method and system for protecting executable file |
| CN106534063A (en) * | 2016-09-27 | 2017-03-22 | 上海红阵信息科技有限公司 | Device, method and apparatus for encapsulating heterogeneous function equivalent bodies |
| CN107346272A (en) * | 2017-06-01 | 2017-11-14 | 上海红阵信息科技有限公司 | The determination method and apparatus of dynamic heterogeneous redundant system |
| CN108769073A (en) * | 2018-07-04 | 2018-11-06 | 中国人民解放军战略支援部队信息工程大学 | A kind of information processing method and equipment |
| CN109413092A (en) * | 2018-11-20 | 2019-03-01 | 国网浙江省电力有限公司电力科学研究院 | A kind of key isomery defence method |
| CN109587168A (en) * | 2018-12-29 | 2019-04-05 | 河南信大网御科技有限公司 | Network function dispositions method based on mimicry defence in software defined network |
| CN110162983A (en) * | 2019-04-25 | 2019-08-23 | 中国人民解放军战略支援部队信息工程大学 | The device and method of consistent encryption and decryption result is obtained in synchronizing redundant system |
-
2019
- 2019-10-14 CN CN201910972845.XA patent/CN110750802B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2001062128A (en) * | 1999-08-26 | 2001-03-13 | Samii Kk | Verification method of game machine, game machine, and verification device |
| CN102890758A (en) * | 2012-10-11 | 2013-01-23 | 北京深思洛克软件技术股份有限公司 | Method and system for protecting executable file |
| CN106534063A (en) * | 2016-09-27 | 2017-03-22 | 上海红阵信息科技有限公司 | Device, method and apparatus for encapsulating heterogeneous function equivalent bodies |
| CN107346272A (en) * | 2017-06-01 | 2017-11-14 | 上海红阵信息科技有限公司 | The determination method and apparatus of dynamic heterogeneous redundant system |
| CN108769073A (en) * | 2018-07-04 | 2018-11-06 | 中国人民解放军战略支援部队信息工程大学 | A kind of information processing method and equipment |
| CN109413092A (en) * | 2018-11-20 | 2019-03-01 | 国网浙江省电力有限公司电力科学研究院 | A kind of key isomery defence method |
| CN109587168A (en) * | 2018-12-29 | 2019-04-05 | 河南信大网御科技有限公司 | Network function dispositions method based on mimicry defence in software defined network |
| CN110162983A (en) * | 2019-04-25 | 2019-08-23 | 中国人民解放军战略支援部队信息工程大学 | The device and method of consistent encryption and decryption result is obtained in synchronizing redundant system |
Non-Patent Citations (7)
| Title |
|---|
| 冯峰等: "基于拟态防御技术针对关键数据进行保护的架构研究", 《现代计算机》 * |
| 扈红超等: "拟态防御DHR模型若干问题探讨和性能评估", 《信息安全学报》 * |
| 斯雪明等: "拟态防御基础理论研究综述", 《中国工程科学》 * |
| 邬江兴: "网络空间拟态防御原理简介(上)", 《网信军民融合》 * |
| 邬江兴: "网络空间拟态防御原理简介(下)", 《网信军民融合》 * |
| 邬江兴: "网络空间拟态防御研究", 《信息安全学报》 * |
| 马海龙等: "基于动态异构冗余机制的路由器拟态防御体系结构", 《信息安全学报》 * |
Cited By (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021169080A1 (en) * | 2020-02-27 | 2021-09-02 | 南京红阵网络安全技术研究院有限公司 | Mimicry defense decision method and system based on partial homomorphic encryption algorithm |
| CN110995409B (en) * | 2020-02-27 | 2020-06-23 | 南京红阵网络安全技术研究院有限公司 | Mimicry defense arbitration method and system based on partial homomorphic encryption algorithm |
| CN110995409A (en) * | 2020-02-27 | 2020-04-10 | 南京红阵网络安全技术研究院有限公司 | Mimicry defense arbitration method and system based on partial homomorphic encryption algorithm |
| WO2021179449A1 (en) * | 2020-03-09 | 2021-09-16 | 南京红阵网络安全技术研究院有限公司 | Mimic defense system based on certificate identity authentication, and certificate issuing method |
| CN111600836A (en) * | 2020-04-02 | 2020-08-28 | 之江实验室 | Device and method for ensuring TCP connection normalization of redundant execution body |
| CN111600836B (en) * | 2020-04-02 | 2022-02-22 | 之江实验室 | Device and method for ensuring redundancy equivalent executive TCP connection normalization |
| CN111478970A (en) * | 2020-04-13 | 2020-07-31 | 国网福建省电力有限公司 | Power grid Web application mimicry defense system |
| CN111638951A (en) * | 2020-04-30 | 2020-09-08 | 河南信大网御科技有限公司 | Mimicry judging device and method, mimicry defense system and mimicry server |
| CN111638951B (en) * | 2020-04-30 | 2023-07-07 | 河南信大网御科技有限公司 | Mimicry judging device and method, mimicry defending system and mimicry server |
| CN112367288A (en) * | 2020-05-25 | 2021-02-12 | 河南信大网御科技有限公司 | Single mimicry bracket device, method, readable storage medium and mimicry defense architecture |
| CN111935071B (en) * | 2020-06-18 | 2022-11-18 | 华南理工大学 | Multilayer mimicry defense method, device, storage medium and multilayer mimicry system |
| CN111935071A (en) * | 2020-06-18 | 2020-11-13 | 华南理工大学 | Multilayer mimicry defense method, device, storage medium and multilayer mimicry system |
| CN111859390B (en) * | 2020-07-06 | 2022-07-26 | 河南信大网御科技有限公司 | Mimicry bracket device, defense method and defense architecture |
| CN111859390A (en) * | 2020-07-06 | 2020-10-30 | 河南信大网御科技有限公司 | Mimicry bracket device, defense method and defense architecture |
| CN111859389B (en) * | 2020-07-06 | 2022-07-26 | 河南信大网御科技有限公司 | Mimicry bracket device, method and architecture based on flow control verification strategy |
| CN111859389A (en) * | 2020-07-06 | 2020-10-30 | 河南信大网御科技有限公司 | Mimicry bracket device, method and architecture based on flow control verification strategy |
| CN112367289A (en) * | 2020-09-11 | 2021-02-12 | 浙江大学 | Mimicry WAF construction method |
| CN112491803A (en) * | 2020-11-03 | 2021-03-12 | 浙江大学 | Method for judging executive in mimicry WAF |
| CN112422540A (en) * | 2020-11-09 | 2021-02-26 | 浙江大学 | Dynamic transformation method for executive body in mimicry WAF |
| CN112202645B (en) * | 2020-11-12 | 2022-05-03 | 福州大学 | Measuring system based on mimicry defense and Sketch algorithm and abnormal flow detection method |
| CN112202645A (en) * | 2020-11-12 | 2021-01-08 | 福州大学 | Measuring system based on mimicry defense and Sketch algorithm and abnormal flow detection method |
| CN112417458A (en) * | 2020-11-18 | 2021-02-26 | 中国人民解放军战略支援部队信息工程大学 | Network data message programmable processing device with endogenous safety |
| CN112637240A (en) * | 2020-12-31 | 2021-04-09 | 河南信大网御科技有限公司 | Method, system and readable storage medium for preventing protocol message from being tampered under mimicry environment |
| CN112637240B (en) * | 2020-12-31 | 2023-09-12 | 河南信大网御科技有限公司 | Protocol message tamper-proof method and system under mimicry environment and readable storage medium |
| CN114745150A (en) * | 2022-02-24 | 2022-07-12 | 中电科数字科技(集团)有限公司 | Web application-oriented redundancy consistency detection arbitration method and system |
| CN114745150B (en) * | 2022-02-24 | 2024-04-16 | 中电科数字科技(集团)有限公司 | Redundancy consistency detection and arbitration method and system for Web application |
| CN115225311B (en) * | 2022-05-20 | 2023-07-21 | 中国人民解放军战略支援部队信息工程大学 | Pseudo bracket ciphertext proxy method and system based on openSSL transformation |
| CN115225311A (en) * | 2022-05-20 | 2022-10-21 | 中国人民解放军战略支援部队信息工程大学 | Mimic bracket ciphertext proxy method and system based on openSSL transformation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110750802B (en) | 2023-01-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110750802B (en) | Framework for protecting key data based on mimicry defense | |
| Mofrad et al. | A comparison study of Intel SGX and AMD memory encryption technology | |
| US7870399B2 (en) | Software trusted platform module and application security wrapper | |
| WO2015157690A1 (en) | System and method for sharing data securely | |
| US8225290B2 (en) | Systems and methods for regulating execution of computer software | |
| JP2004038939A (en) | Storage and retrieval of data based on symmetric key encryption | |
| US20170063544A1 (en) | System and method for sharing data securely | |
| Pozzo et al. | An approach to containing computer viruses | |
| CN110825672A (en) | High performance autonomous hardware engine for online cryptographic processing | |
| Götzfried et al. | Soteria: Offline software protection within low-cost embedded devices | |
| CN110069935A (en) | Inside protecting sensitive data method and system based on label memory | |
| Averbuch et al. | Truly-protect: An efficient VM-based software protection | |
| CN110008693A (en) | Security application encrypts ensuring method and device and system and storage medium | |
| CN105184119B (en) | A kind of method for security protection of software | |
| Randmets | An overview of vulnerabilities and mitigations of Intel SGX applications | |
| Zhou et al. | Smile: Secure memory introspection for live enclave | |
| CN104639313B (en) | A kind of detection method of cryptographic algorithm | |
| Ahila et al. | Overview of mobile agent security issues—Solutions | |
| CN115730339B (en) | Plug-in code anti-disclosure method and system based on IDE source code protection | |
| Schrittwieser et al. | AES-SEC: Improving software obfuscation through hardware-assistance | |
| US20130332746A1 (en) | Method, a device and a computer program support for execution of encrypted computer code | |
| US20170134379A1 (en) | Method for securing an application and data | |
| Wang et al. | Malicious code detection for trusted execution environment based on paillier homomorphic encryption | |
| Kinsy et al. | Sphinx: A secure architecture based on binary code diversification and execution obfuscation | |
| Wagner et al. | Challenges of Using Trusted Computing for Collaborative Data Processing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |