CN112733148B - Java-based trusted policy automatic adaptation method - Google Patents
Java-based trusted policy automatic adaptation method Download PDFInfo
- Publication number
- CN112733148B CN112733148B CN202110035584.6A CN202110035584A CN112733148B CN 112733148 B CN112733148 B CN 112733148B CN 202110035584 A CN202110035584 A CN 202110035584A CN 112733148 B CN112733148 B CN 112733148B
- Authority
- CN
- China
- Prior art keywords
- middleware
- java
- path
- program
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Stored Programmes (AREA)
- Devices For Executing Special Programs (AREA)
Abstract
The invention provides a method for automatically adapting a trusted policy based on Java, which can dynamically obtain the position of a main program of a middleware and the position of a working directory and automatically form an access control policy, thereby simplifying the configuration work of a security policy and being more suitable for a batch deployment mode. The method realizes the automatic discovery of the file positions of the service program and the middleware directory through the program under non-manual condition by positioning the java service program file of the java middleware and the middleware working directory. The method has significance in the configuration of the mandatory access control strategy based on the mark, wherein a java service program can be used as a subject mark, a middleware directory can be used as an object mark, the strategy configuration is very easy in combination with the predefined access logic relationship of the subject to the object, and a large amount of manual operation is avoided.
Description
Technical Field
The invention relates to the technical field of trusted computing, in particular to a method for automatically adapting a trusted policy based on Java.
Background
In trusted computing, a trusted mechanism may measure and control the behavior of processes in a system. The trusted mechanism is the act of enforcing metrics and controls according to a pre-configured policy. For the middleware of java class, protection is carried out on the java main service process and the working directory.
The existing policy matching method is based on configuring a complete policy in a security management center in advance, and the policy format must include the exact location of a program loaded by a process (the full path of a program file) and the full path of a working directory.
However, this method requires a prior investigation of the system to define the complete path of the relevant document. However, if the number of servers is large during implementation, program file paths and working directory paths on each server need to be investigated, so that efficiency is seriously affected, and omission occurs due to manual checking.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a method for automatically adapting a trusted policy based on Java.
The invention is realized by the following technical scheme:
the invention provides a method for automatically adapting a trusted policy based on Java, which can dynamically acquire a main program position and a working directory position of a middleware, and comprises the following steps:
1) starting a search program and checking whether the middleware is installed or not; if the middleware is not installed, exiting the searching program;
2) if the middleware is installed, determining the version of the middleware;
3) checking the directory under the corresponding version, and checking whether a related configuration file exists under the configuration path of the middleware;
4) if the middleware configuration path has a related configuration file, determining a root path according to the related configuration file; if no related configuration file exists under the middleware configuration path, searching the related configuration file from the script file, and then determining a root path;
5) obtaining a target working path according to the determined root path;
6) and (5) obtaining the target working path and then exiting the searching program.
Preferably, the method for automatically adapting the trusted Java-based policy further automatically forms an access control policy, and includes the following steps:
1) searching java service running in the current system;
2) judging whether the java service is running;
3) if the java service is running, obtaining a program file path corresponding to the currently running java service through a ps instruction;
4) saving the program file path obtained in the step 3) into a policy file;
5) if the java service is not operated, searching a path of a java program file through an environment variable;
6) if the environment variable has a path of the java program file, storing the path into a policy file;
7) and if the environment variable has no path of the java program file, ending and exiting the search program.
The invention has the beneficial effects that: the method for automatically adapting the trusted policy based on Java can dynamically acquire the position of the main program of the middleware and the position of the working directory, and automatically form the access control policy, thereby simplifying the configuration work of the security policy and being more suitable for a batch deployment mode.
The method realizes the automatic discovery of the file positions of the service program and the middleware directory through the program under non-manual condition by positioning the java service program file of the java middleware and the middleware working directory.
The method has significance in the configuration of the mandatory access control strategy based on the mark, wherein a java service program can be used as a subject mark, a middleware directory can be used as an object mark, the strategy configuration is very easy in combination with the predefined access logic relationship of the subject to the object, and a large amount of manual operation is avoided.
Drawings
FIG. 1 is a flowchart of a method for automatically adapting a trusted Java-based policy according to an embodiment of the present invention to dynamically obtain a location of a main program of a middleware and a location of a working directory;
fig. 2 is a flowchart of automatically forming an access control policy by a method for Java-based trusted policy automatic adaptation according to an embodiment of the present invention.
Detailed Description
The following detailed description of specific embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present invention, are given by way of illustration and explanation only, not limitation.
The following describes a method for automatically adapting a trusted Java based policy according to an embodiment of the present application with reference to the accompanying drawings.
Referring first to fig. 1, fig. 1 is a flowchart of dynamically obtaining a location of a main program of a middleware and a location of a working directory according to a method for Java-based trusted policy automatic adaptation provided by an embodiment of the present invention.
As can be seen from fig. 1, the method for automatically adapting a Java-based trusted policy provided by the present invention can dynamically obtain a location of a main program of a middleware and a location of a working directory, and specifically includes the following steps:
1) starting a search program and checking whether the middleware is installed or not; if the middleware is not installed, exiting the searching program;
2) if the middleware is installed, determining the version of the middleware;
3) checking the directory under the corresponding version, and checking whether a related configuration file exists under the configuration path of the middleware;
4) if the middleware configuration path has a related configuration file, determining a root path according to the related configuration file; if no related configuration file exists under the middleware configuration path, searching the related configuration file from the script file, and then determining a root path;
5) obtaining a target working path according to the determined root path;
6) and (5) obtaining the target working path and then exiting the searching program.
According to the above flow steps, we will use tomcat software as an example of middleware for detailed description. It should be noted that, when finding the location of the webcaps directory of the tomcat software, the tomcat software is mainly suitable for normally installed tomcat software, and for abnormally installed tomcat software, the working path of the tomcat software cannot be found.
The main idea of using tomcat software as a specific embodiment is as follows:
1) opening a search program and checking whether tomcat is installed or not; if not, quitting the searching program; if so, continuing with step 2);
2) checking whether a corresponding version of directory exists under the/etc/directory, such as/etc/tomcat, and checking whether a corresponding configuration file exists under the directory, such as tomcat. conf, finding a directory behind CATALINA _ BASE, if the directory is a link directory, finding a source directory, and if the directory is webcaps under the directory, the working path of tomcat, such as/var/lib/tomcat/webcaps;
3) if there is no configuration file, we need to find out from the start script/etc/init.d/tomcat, find out CATALINA _ BASE line, take its directory and find out tomcat/webaps under its directory, then it is the work path of tomcat.
Referring to fig. 2, fig. 2 is a flowchart illustrating a method for automatically adapting a trusted Java based policy to automatically form an access control policy according to an embodiment of the present invention.
As shown in fig. 2, the method for automatically adapting a Java-based trusted policy also automatically forms an access control policy, and for a Java program, a file path of a program file itself needs to be found, which specifically includes the following steps:
1) searching java service running in the current system;
2) judging whether the java service is running;
3) if the java service is running, obtaining a program file path corresponding to the currently running java service through a ps instruction;
4) saving the program file path obtained in the step 3) into a policy file;
5) if the java service is not operated, searching a path of a java program file through an environment variable;
6) if the environment variable has a path of the java program file, storing the path into a policy file;
7) and if the environment variable has no path of the java program file, ending and exiting the search program.
The method for automatically adapting the trusted policy based on Java realizes the automatic discovery of the file positions of the service program and the middleware directory through the program without manual work by positioning the Java service program file and the middleware working directory of the Java middleware. The method has significance in the configuration of the mandatory access control strategy based on the mark, wherein a java service program can be used as a subject mark, a middleware directory can be used as an object mark, the strategy configuration is very easy in combination with the predefined access logic relationship of the subject to the object, and a large amount of manual operation is avoided.
The method for automatically adapting the trusted policy based on Java can dynamically obtain the main program position and the working directory position of the middleware (such as tomcat), and automatically form the access control policy, thereby simplifying the configuration work of the security policy and being more suitable for a batch deployment mode.
The above-described embodiments are merely illustrative of the preferred embodiments of the present invention and do not limit the spirit and scope of the present invention. Various modifications and improvements of the technical solutions of the present invention may be made by those skilled in the art without departing from the design concept of the present invention, and the technical contents of the present invention are all described in the claims.
Claims (1)
1. A method for automatically adapting a trusted policy based on Java is characterized in that a middleware main program position and a working directory position can be dynamically obtained, and the method comprises the following steps:
1) starting a search program and checking whether the middleware is installed or not; if the middleware is not installed, exiting the searching program;
2) if the middleware is installed, determining the version of the middleware;
3) checking the directory under the corresponding version, and checking whether a related configuration file exists under the configuration path of the middleware;
4) if the middleware configuration path has a related configuration file, determining a root path according to the related configuration file; if no related configuration file exists under the middleware configuration path, searching the related configuration file from the script file, and then determining a root path;
5) obtaining a target working path according to the determined root path;
6) obtaining a target working path and then exiting a searching program;
and automatically forming an access control policy, comprising the steps of:
1) searching java service running in the current system;
2) judging whether the java service is running;
3) if the java service is running, obtaining a program file path corresponding to the currently running java service through a ps instruction;
4) saving the program file path obtained in the step 3) into a policy file;
5) if the java service is not operated, searching a path of a java program file through an environment variable;
6) if the environment variable has a path of the java program file, storing the path into a policy file;
7) and if the environment variable has no path of the java program file, ending and exiting the search program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110035584.6A CN112733148B (en) | 2021-01-12 | 2021-01-12 | Java-based trusted policy automatic adaptation method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110035584.6A CN112733148B (en) | 2021-01-12 | 2021-01-12 | Java-based trusted policy automatic adaptation method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112733148A CN112733148A (en) | 2021-04-30 |
| CN112733148B true CN112733148B (en) | 2021-10-01 |
Family
ID=75590938
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110035584.6A Active CN112733148B (en) | 2021-01-12 | 2021-01-12 | Java-based trusted policy automatic adaptation method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112733148B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104318163A (en) * | 2014-10-27 | 2015-01-28 | 北京工业大学 | Trusted third-party software building method |
| CN105227379A (en) * | 2015-10-29 | 2016-01-06 | 国家电网公司 | A kind of centralized monitor for java web application and method for early warning |
| CN107357736A (en) * | 2017-07-28 | 2017-11-17 | 郑州云海信息技术有限公司 | A kind of automated detection method for Tomcat security configurations |
| CN107491693A (en) * | 2017-07-24 | 2017-12-19 | 南京南瑞集团公司 | A kind of industry control operating system active defense method with self-learning property |
| CN107733739A (en) * | 2017-10-23 | 2018-02-23 | 郑州云海信息技术有限公司 | Credible strategy and the System and method for of report are managed in visualization concentratedly |
| CN110213310A (en) * | 2018-03-14 | 2019-09-06 | 腾讯科技(深圳)有限公司 | A kind of method for obtaining path, device and the storage medium of network service |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011038359A2 (en) * | 2009-09-26 | 2011-03-31 | Cisco Technology, Inc. | Providing services at a communication network edge |
| CN105159770B (en) * | 2015-09-21 | 2018-07-20 | 天脉聚源(北京)传媒科技有限公司 | A kind of management method and device of process |
-
2021
- 2021-01-12 CN CN202110035584.6A patent/CN112733148B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104318163A (en) * | 2014-10-27 | 2015-01-28 | 北京工业大学 | Trusted third-party software building method |
| CN105227379A (en) * | 2015-10-29 | 2016-01-06 | 国家电网公司 | A kind of centralized monitor for java web application and method for early warning |
| CN107491693A (en) * | 2017-07-24 | 2017-12-19 | 南京南瑞集团公司 | A kind of industry control operating system active defense method with self-learning property |
| CN107357736A (en) * | 2017-07-28 | 2017-11-17 | 郑州云海信息技术有限公司 | A kind of automated detection method for Tomcat security configurations |
| CN107733739A (en) * | 2017-10-23 | 2018-02-23 | 郑州云海信息技术有限公司 | Credible strategy and the System and method for of report are managed in visualization concentratedly |
| CN110213310A (en) * | 2018-03-14 | 2019-09-06 | 腾讯科技(深圳)有限公司 | A kind of method for obtaining path, device and the storage medium of network service |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112733148A (en) | 2021-04-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9575830B2 (en) | Run-time error repairing method, device and system | |
| US7640458B2 (en) | Software self-repair toolkit for electronic devices | |
| US20060236083A1 (en) | Method and system for controlling software version updates | |
| CN110045991B (en) | RAID configuration method and device of server, computer equipment and storage medium | |
| CN105760200A (en) | Terminal device and system updating method thereof | |
| CN112733148B (en) | Java-based trusted policy automatic adaptation method | |
| CN112748949A (en) | Software package management method, device, equipment and storage medium of operating system | |
| CN115454575B (en) | jar packet conversion and automatic loading method, device, equipment and storage medium | |
| CN111090442A (en) | Application updating method and device and storage medium | |
| CN110188294A (en) | URL intercepts conversion method, device and computer equipment | |
| CN113254941A (en) | Linux kernel source code processing method, device and equipment | |
| US20060155830A1 (en) | Configuration mediator for a multi-component software solution environment | |
| EP2053504A1 (en) | System and method for managing processing resources | |
| CN112788153A (en) | Internet of things equipment upgrade management method, device, equipment and storage medium | |
| US20080140687A1 (en) | Socket structure simultaneously supporting both toe and ethernet network interface card and method of forming the socket structure | |
| CN111291012A (en) | Rule file deployment system, method, equipment and medium | |
| CN112000354A (en) | Version information updating method, version information updating device, version information updating equipment and storage medium | |
| CN112835597A (en) | Upgrading method, device, server, terminal and storage medium | |
| CN113064749B (en) | Method for controlling debugging information output at runtime stage through BIOS | |
| CN116594661B (en) | Singlechip upgrading method for ensuring matching of firmware and engineering in compiling stage | |
| CN114995861B (en) | Weex-based application program updating method, storage medium and electronic equipment | |
| CN116257278B (en) | Patch execution method of application software and storage medium | |
| KR100260087B1 (en) | Method for loading program in full electronic exchange system | |
| CN106325957A (en) | Plug-in component loading method and equipment thereof | |
| CN116700766A (en) | Application running method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |