CN116405272A - Safety protection method of DCS software server and computer equipment - Google Patents
Safety protection method of DCS software server and computer equipment Download PDFInfo
- Publication number
- CN116405272A CN116405272A CN202310301131.2A CN202310301131A CN116405272A CN 116405272 A CN116405272 A CN 116405272A CN 202310301131 A CN202310301131 A CN 202310301131A CN 116405272 A CN116405272 A CN 116405272A
- Authority
- CN
- China
- Prior art keywords
- information
- dcs
- server
- steps
- software server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000012550 audit Methods 0.000 claims description 21
- 238000013515 script Methods 0.000 claims description 15
- 238000012986 modification Methods 0.000 claims description 14
- 230000004048 modification Effects 0.000 claims description 14
- 230000006399 behavior Effects 0.000 description 9
- 238000004590 computer program Methods 0.000 description 7
- 238000004422 calculation algorithm Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 230000002155 anti-virotic effect Effects 0.000 description 4
- 230000007123 defense Effects 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000009434 installation Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000001914 filtration Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000010365 information processing Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 206010033799 Paralysis Diseases 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000006185 dispersion Substances 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000005272 metallurgy Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a safety protection method of a DCS software server and computer equipment, wherein the method comprises the following steps: receiving working information of a DCS server from the DCS software server; judging whether working information of the DCS server accords with a preset protection strategy or not; and outputting a protection result. By implementing the invention, comprehensive and stable safety protection of the DCS software server is realized by utilizing the trusted protection server.
Description
Technical Field
The invention relates to the field of server security protection, in particular to a security protection method of a DCS software server and computer equipment.
Background
The DCS communication system adopts a basic design idea of centralized control dispersion, operation and management, adopts a multi-layer hierarchical and cooperative autonomous structural form, and is widely applied to various industries such as electric power, metallurgy, petrochemical industry and the like. The DCS communication system comprises a plurality of execution devices, and the execution devices can perform relevant calculation based on services provided by a DCS software server in the DCS communication system.
In the related technology, along with the continuous development of information technology, a lot of service files are stored on a DCS software server, in order to ensure the safety of the files, external installed safety antivirus software is often adopted for passive defense, the safety antivirus software usually performs antivirus identification under the condition of virus attack, if the identification fails, the DCS software server is paralyzed and cannot normally operate, and then the normal operation of a DCS communication system is affected; the passive defense mode by adopting the safe antivirus software cannot effectively ensure the safety of service files stored in the DCS software server.
Disclosure of Invention
The technical problem to be solved by the present invention is to address at least one of the drawbacks of the related art mentioned in the background art mentioned above: how to safely protect a DCS software server, and a safety protection method and computer equipment of the DCS software server are provided.
The technical scheme adopted for solving the technical problems is as follows: the safety protection method of the DCS software server comprises the following steps:
s1: receiving working information of a DCS server from the DCS software server;
s2: judging whether the working information of the DCS server accords with a preset protection strategy or not;
s3: and outputting a protection result.
Preferably, in the security protection of the DCS software server of the present invention, the working information of the DCS server includes disk file information in a disk;
the step S1 comprises the following steps:
receiving the disk file information from the DCS software server, and identifying executable file information and supporting script information in the disk file information;
the step S2 comprises the following steps:
judging whether the executable file information and the supporting script information calculate corresponding hash values or not;
if not, respectively calculating hash values corresponding to the executable file information and the supporting script information, and storing the corresponding hash values into a system white list.
Preferably, in the security protection of the DCS software server of the present invention, the working information of the DCS server includes target file information to be protected;
the step S1 comprises the following steps:
receiving the target file information to be protected from the DCS software server;
the step S2 comprises the following steps:
and judging whether the information of the target file to be protected accords with the preset modification authority of the target file to be protected.
Preferably, in the security protection of the DCS software server of the present invention, the working information of the DCS server includes key resource information;
the step S1 comprises the following steps:
receiving key resource information from the DCS software server;
the step S2 comprises the following steps:
and judging whether the key resource information accords with a preset key resource modification authority.
Preferably, in the security protection of the DCS software server of the present invention, the working information of the DCS server includes registry access information;
the step S1 comprises the following steps:
receiving the registry access information from the DCS software server;
the step S2 comprises the following steps:
and judging whether the registry access information accords with a preset registry access strategy or not.
Preferably, in the security protection of the DCS software server of the present invention, the working information of the DCS server includes heartbeat data information;
the step S1 comprises the following steps:
receiving the heartbeat data information from the DCS software server;
the step S2 comprises the following steps:
judging whether the heartbeat data information is processed or not;
if not, analyzing the heartbeat data information, and transmitting the analyzed heartbeat data notification information back to the DCS server.
Preferably, in the security protection of the DCS software server of the present invention, the working information of the DCS server includes audit information;
the step S1 comprises the following steps:
receiving the audit information from the DCS software server;
the step S2 comprises the following steps:
judging whether the audit information is repeatedly generated or not;
if yes, repeating the generation of the audit information for duplication removal.
Preferably, in the security protection of the DCS software server according to the present invention, step S1 further includes:
and encrypting the received working information of the DCS server.
The invention also constructs a safety protection method of the DCS software server, which is applied to the DCS software server and comprises the following steps:
s4: transmitting the working information of the DCS server to a trusted protection server;
s5: the trusted protection server judges whether the working information of the DCS server accords with a preset protection strategy;
s6: and the trusted protection server outputs a protection result.
The present invention also constructs a computer apparatus comprising:
one or more processors;
storage means for storing one or more programs that, when executed by the one or more processors, cause the one or more processors to implement the method of security protection for a DCS software server as claimed in any preceding claim.
By implementing the invention, the following beneficial effects are achieved:
the invention discloses a safety protection method and computer equipment of a DCS software server, which realize comprehensive and stable safety protection of the DCS software server through a trusted protection server, and can know the safety state of the DCS software server in real time, thereby solving the technical problem that safety protection software adopted by the DCS software server in the related technology can only perform passive defense and cannot guarantee the safety of internally stored files.
Drawings
The invention will be further described with reference to the accompanying drawings and examples, in which:
FIG. 1 is a flow chart of a first embodiment of a security protection method of a DCS software server of the present invention;
FIG. 2 is a flow chart of the white list control mechanism of the present invention;
FIG. 3 is a schematic flow chart of a registry protection control mechanism of the present invention;
FIG. 4 is a flow chart of a second embodiment of the security protection method of the DCS software server of the present invention.
Detailed Description
For a clearer understanding of technical features, objects and effects of the present invention, a detailed description of embodiments of the present invention will be made with reference to the accompanying drawings.
It should be noted that the flow diagrams depicted in the figures are merely exemplary and do not necessarily include all of the elements and operations/steps, nor are they necessarily performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
When the trusted protection software is installed in the DCS software server, it may include: the DCS software server copies the installation program/installation package to the target file directory through an external tool such as a trusted security management center or a USB flash disk; a common operation library collection of the installation system; running an installer/decompressing the compressed package; the installation program automatically scans the white list and reports the installation information to a trusted security management center; registering the DCS software server and the report program to the trusted security management center.
In this embodiment, as shown in fig. 1, the present invention provides a security protection method for a DCS software server, which is applied to a trusted protection server, and includes the following steps:
s1: receiving working information of a DCS server from the DCS software server;
s2: judging whether working information of the DCS server accords with a preset protection strategy or not;
s3: and outputting a protection result.
Specifically:
in this embodiment, the working information of the DCS server includes disk file information in the disk;
the step S1 comprises the following steps:
receiving disk file information from a DCS software server, and identifying executable file information and supporting script information in the disk file information;
the step S2 comprises the following steps:
judging whether the executable file information and the supporting script information calculate corresponding hash values or not;
if not, respectively calculating hash values corresponding to the executable file information and the supporting script information, and storing the corresponding hash values into a system white list.
In one embodiment, when safety protection is carried out or trusted protection software is started, traversing a disk on a DCS software server to obtain a disk file in the disk; identifying executable files and supporting scripts in the current running environment of the DCS software server from all disk files, wherein the executable files are identified by opening the files and reading executable standard formats (such as PE formats) matched with Windows files, and the script files are identified by extending names under the predefined HKEY_CLASSES_ROOT\in a registry; storing the executable file and the hash value corresponding to the supporting script into a system white list; and active safety protection is realized on the DCS software server based on the system white list.
When detecting hash values corresponding to the executable file information and the supporting script information calculated for the first time, generating a system white list, and storing the hash values calculated subsequently into the system white list.
The white list is a summary value obtained by calculating an application program or software through a specific algorithm, wherein the summary value is a white name list value of the software or the program, and is abbreviated as the white list; collecting all executable files and supporting scripts in the current running environment of a control system or an operating system of a DCS software server into a system white list, wherein the file format of the collected white list is as follows: windows system support (file judging PE header, all files with PE header are supported): EXE, DLL, OCX, SYS, COM and script (. Msi. Times. Msu,. Bat. Times. Cmd.) formats.
As shown in fig. 2, after the trusted protection software is installed and operated, that is, when the execution program operates, whether the program is trusted or not is started, and when the program is trusted, the program is allowed to operate and audited and reported to the management center; and when the program is judged to be not trusted, the program is not allowed to run, and the audit is reported to the management center.
When the white list collection operation is started, a user can be informed of scanning the white list on a DCS software server interface, hash value calculation can be carried out on executable files of the whole disk by using an encryption algorithm, the calculated hash value is stored into a system white list or written into a preset white list database as a reference value, meanwhile, a management center is informed of the completion of white list collection, and active safety protection is carried out on the DCS software server through the system white list (the hash value can be calculated firstly during protection and then verified with the reference value in the database, and normal execution can be carried out through verification).
In addition, in the embodiment, the work information of the DCS server includes target file information to be protected;
the step S1 comprises the following steps:
receiving target file information to be protected from a DCS software server;
the step S2 comprises the following steps:
judging whether the information of the target file to be protected accords with the preset modification authority of the target file to be protected;
and if not, prohibiting modification of the target file information to be protected.
In one embodiment, after the DCS software server is started, the control system starts a system basic service to obtain target files to be protected, including all files (e.g. word files, installation packages of software) in the trusted protection software installation directory. The system basic service can be to start basic operation software of a DCS software server, such as to start Windows and start trusted protection software.
And modifying authority information according to the preset target file to be protected, and carrying out safety protection on the target file and/or a process corresponding to the trusted protection software. The target file modification permission information to be protected is used for indicating whether the target file or the software process of the trusted protection software can be modified, deleted and the like, if the permission of the trusted protection software and the permission of the target file are configured to be read-only permission, the target file or the software process is safely protected when a modification instruction exists, and the modification is prevented.
In addition, in the present embodiment, the work information of the DCS server includes key resource information;
the step S1 comprises the following steps:
key resource information is received from a DCS software server;
the step S2 comprises the following steps:
judging whether the key resource information accords with a preset key resource modification authority;
and if not, prohibiting modification of the key resource information.
In one embodiment, after the trusted protection software is started, automatically acquiring a key resource file in a DCS software server according to key resource information (stored in a database already stored in the trusted product) configured by a previous user, wherein the trusted protection software acquires read and write permission information corresponding to the key resource file through a file path; performing authority configuration on the key resource file based on the read-write authority in the key resource modification authority; and based on the authority information, carrying out security protection on the key resource file.
The key resource file includes at least one of: a system registry, a system core file. The key resource file may define the input files (which may carry absolute paths) to be protected for the system administrator itself.
And, path protection in the white list is an effect of critical resource protection, and programs in the white list are not allowed to be modified.
In addition, in the present embodiment, the work information of the DCS server includes registry access information;
the step S1 comprises the following steps:
receiving registry access information from a DCS software server;
the step S2 comprises the following steps:
judging whether the registry access information accords with a preset registry access strategy or not.
In one embodiment, when the DCS software server detects a registry access activity, the registry access activity is intercepted; comparing a path of accessing the registry corresponding to the registry access behavior with a registry access policy, wherein the registry access policy defines the access policy of a subject to the object resource according to the path of a special key value (such as a starting item, a loading item and the like) in the registry; if the path of the access registry corresponding to the registry access behavior is not specified in the registry access policy, allowing the registry access behavior to be executed; and if the path of accessing the registry corresponding to the registry access behavior is specified in the registry access policy, prohibiting the execution of the registry access behavior.
The registry access control function is to make a release decision based on the registry access policy, and to set the registry standard communications module interface to return and receive data (such as audits and policies) to the application layer. The registry is set to control the filtering registration when the driving module is started. (registry filtering drive chain of System Standard)
Any registry path and operations (reads, writes) during user access to the registry are passed through the system to the registry filter chain to be passed or intercepted according to policy matching.
As shown in fig. 3, that is, when the driver is loaded, initializing an access policy table, performing a registration communication interface, finally registering a hook of a registry operation with a system, intercepting a registry access behavior through the hook, intercepting registry access information to a registry input/output module, then querying the access policy table, selecting release or interception (that is, prohibiting the execution of the registry access behavior) according to a policy table judgment result, and when a corresponding access path is specified in the detected policy table, prohibiting the registry access behavior; registry access behavior is allowed when the corresponding access path is randomly defined in the detection policy table.
The self-protection function is linked with the registry protection, and the corresponding self-registry protection key value path is issued by the self-protection module.
In addition, in the present embodiment, the work information of the DCS server includes heartbeat data information;
the step S1 comprises the following steps:
receiving heartbeat data information from a DCS software server;
the step S2 comprises the following steps:
judging whether the heartbeat data information is processed or not;
if not, analyzing the heartbeat data information, and transmitting the analyzed heartbeat data notification information back to the DCS server.
In one embodiment, when the DCS software server is safeguarded, heartbeat data may also be uploaded, including: the method comprises the steps that a DCS software server sends heartbeat data to a trusted security management center which is remotely connected with the DCS software server at intervals of a preset time period, wherein the heartbeat data carries relevant heartbeat data information of the DCS software server; the DCS software server receives notification information returned by the trusted security management center after the heartbeat data is received, wherein analysis of the notification information is realized through an application layer proxy of the trusted protection software, the notification information internally comprises corresponding check information and a strategy of a corresponding module, and the notification information is used for notifying the DCS software server to acquire the trusted strategy from the trusted security management center; the DCS software server acquires and analyzes a trusted policy from the trusted security management center and configures the trusted policy to the kernel to realize the control of the kernel module; the DCS software server sends a confirmation message to the trusted security management center, wherein the confirmation message is used for informing the trusted security management center that the trusted policy is validated.
The heartbeat data includes, but is not limited to: the DCS software server comprises a CPU running state, a memory duty ratio, disk information and a process list.
In addition, in the present embodiment, the work information of the DCS server includes audit information;
the step S1 comprises the following steps:
receiving audit information from a DCS software server;
the step S2 comprises the following steps:
judging whether the audit information is repeatedly generated or not;
if yes, the audit information is repeatedly generated and the duplication removal processing is carried out.
In one embodiment, when the DCS software server is safeguarded, the audit information may also be processed, including: acquiring all audit information generated by a database in a last period of time; according to the auditing time and the auditing text information, duplicate content in the auditing information is subjected to duplicate removal processing, so that the storage and frequent reporting of invalid data are reduced, and the system operation efficiency is improved; filtering audit information; reporting the filtered audit information to a trusted security management center; recording the position and the quantity of the currently processed audit information, and avoiding repeated processing; and the audit information processing log is reported, so that the storage of effective data is increased, the frequent reporting of useless data is reduced, and the operation efficiency is increased.
The method has the advantages that the trusted protection software is utilized to conduct active safety protection on the DCS software server, including software self-protection, file active safety protection, data encryption, audit information processing, heartbeat data reporting, key resource protection, white list acquisition, registry protection and the like, the safety performance of the DCS software server can be improved through protection of multiple aspects, the DCS software server can safely operate, and the safety of the DCS software server is guaranteed.
Further, step S1 further includes:
and encrypting the received work information of the DCS server.
In one embodiment, the working information between the DCS software server and the trusted security management center is encrypted, and after the proxy program in the trusted protection software receives the working information, the working information is shared to the kernel module, and the secure decryption is realized in the kernel according to the secret key exchanged with the management center.
After receiving the information, the agent program of the trusted protection software performs secure decryption according to the key exchanged with the management center (the key is not in the internal security section in the application layer) (the data is shared to the kernel module through the internal section of the product), and the decryption process is completed in the kernel).
The encryption algorithm in the encryption processing at least comprises the following steps: the national cipher SM4 algorithm.
As shown in fig. 4, the invention provides a security protection method of a DCS software server, which is applied to the DCS software server and comprises the following steps:
s4: transmitting the working information of the DCS server to a trusted protection server;
s5: the trusted protection server judges whether the working information of the DCS server accords with a preset protection strategy;
s6: the trusted protection server outputs a protection result.
Specifically, the security protection method of the DCS software server is applied to the DCS software server, and the usage method refers to the security protection method for implementing the DCS software server, which is applied to the trusted protection server, and is not described herein.
In addition, the electronic equipment comprises a memory and a processor; the memory is used for storing a computer program; the processor is configured to execute a computer program to implement security protection for a DCS software server as described in any of the above. In particular, according to embodiments of the present invention, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present invention include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may perform the above-described functions defined in the methods of embodiments of the present invention when downloaded and installed and executed by an electronic device. The electronic equipment in the invention can be a terminal such as a notebook, a desktop, a tablet computer, a smart phone and the like, and also can be a server.
Further, a storage medium of the present invention has stored thereon a computer program which, when executed by a processor, achieves the security protection of the DCS software server of any of the above. In particular, it should be noted that the storage medium of the present invention may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, fiber optic cables, RF (radio frequency), and the like, or any suitable combination of the foregoing.
The computer readable medium may be contained in the electronic device; or may exist alone without being incorporated into the electronic device.
In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
By implementing the invention, the following beneficial effects are achieved:
the invention discloses a safety protection method and computer equipment of a DCS software server, which realize comprehensive and stable safety protection of the DCS software server through a trusted protection server, and can know the safety state of the DCS software server in real time, thereby solving the technical problem that safety protection software adopted by the DCS software server in the related technology can only perform passive defense and cannot guarantee the safety of internally stored files.
It is to be understood that the above examples only represent preferred embodiments of the present invention, which are described in more detail and are not to be construed as limiting the scope of the invention; it should be noted that, for a person skilled in the art, the above technical features can be freely combined, and several variations and modifications can be made without departing from the scope of the invention; therefore, all changes and modifications that come within the meaning and range of equivalency of the claims are to be embraced within their scope.
Claims (10)
1. The security protection method of the DCS software server is applied to a trusted protection server and is characterized by comprising the following steps of:
s1: receiving working information of a DCS server from the DCS software server;
s2: judging whether the working information of the DCS server accords with a preset protection strategy or not;
s3: and outputting a protection result.
2. The security protection method of a DCS software server according to claim 1, wherein the operation information of the DCS server includes disk file information in a disk;
the step S1 comprises the following steps:
receiving the disk file information from the DCS software server, and identifying executable file information and supporting script information in the disk file information;
the step S2 comprises the following steps:
judging whether the executable file information and the supporting script information calculate corresponding hash values or not;
if not, respectively calculating hash values corresponding to the executable file information and the supporting script information, and storing the corresponding hash values into a system white list.
3. The security protection method of a DCS software server according to claim 1, wherein the work information of the DCS server includes target file information to be protected;
the step S1 comprises the following steps:
receiving the target file information to be protected from the DCS software server;
the step S2 comprises the following steps:
and judging whether the information of the target file to be protected accords with the preset modification authority of the target file to be protected.
4. The method for protecting the security of a DCS software server according to claim 1, wherein the operation information of the DCS server includes key resource information;
the step S1 comprises the following steps:
receiving key resource information from the DCS software server;
the step S2 comprises the following steps:
and judging whether the key resource information accords with a preset key resource modification authority.
5. The method for protecting security of a DCS software server according to claim 1, wherein the operation information of the DCS server includes registry access information;
the step S1 comprises the following steps:
receiving the registry access information from the DCS software server;
the step S2 comprises the following steps:
and judging whether the registry access information accords with a preset registry access strategy or not.
6. The method for protecting the security of a DCS software server according to claim 1, wherein the operation information of the DCS server includes heartbeat data information;
the step S1 comprises the following steps:
receiving the heartbeat data information from the DCS software server;
the step S2 comprises the following steps:
judging whether the heartbeat data information is processed or not;
if not, analyzing the heartbeat data information, and transmitting the analyzed heartbeat data notification information back to the DCS server.
7. The method for protecting the security of a DCS software server according to claim 1, wherein the operation information of the DCS server includes audit information;
the step S1 comprises the following steps:
receiving the audit information from the DCS software server;
the step S2 comprises the following steps:
judging whether the audit information is repeatedly generated or not;
if yes, repeating the generation of the audit information for duplication removal.
8. The method for protecting security of a DCS software server according to any one of claims 1 to 7, wherein step S1 further comprises:
and encrypting the received working information of the DCS server.
9. The safety protection method of the DCS software server is applied to the DCS software server and is characterized by comprising the following steps of:
s4: transmitting the working information of the DCS server to a trusted protection server;
s5: the trusted protection server judges whether the working information of the DCS server accords with a preset protection strategy;
s6: and the trusted protection server outputs a protection result.
10. A computer device, comprising:
one or more processors;
storage means for storing one or more programs which when executed by the one or more processors cause the one or more processors to implement the security protection method of the DCS software server of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310301131.2A CN116405272A (en) | 2023-03-17 | 2023-03-17 | Safety protection method of DCS software server and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310301131.2A CN116405272A (en) | 2023-03-17 | 2023-03-17 | Safety protection method of DCS software server and computer equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116405272A true CN116405272A (en) | 2023-07-07 |
Family
ID=87015312
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310301131.2A Pending CN116405272A (en) | 2023-03-17 | 2023-03-17 | Safety protection method of DCS software server and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116405272A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101924762A (en) * | 2010-08-18 | 2010-12-22 | 奇智软件(北京)有限公司 | Cloud security-based active defense method |
| CN102081714A (en) * | 2011-01-25 | 2011-06-01 | 潘燕辉 | Cloud antivirus method based on server feedback |
| US20130144404A1 (en) * | 2011-12-01 | 2013-06-06 | Honeywell International Inc. | Real time event viewing across distributed control system servers |
-
2023
- 2023-03-17 CN CN202310301131.2A patent/CN116405272A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101924762A (en) * | 2010-08-18 | 2010-12-22 | 奇智软件(北京)有限公司 | Cloud security-based active defense method |
| CN102081714A (en) * | 2011-01-25 | 2011-06-01 | 潘燕辉 | Cloud antivirus method based on server feedback |
| US20130144404A1 (en) * | 2011-12-01 | 2013-06-06 | Honeywell International Inc. | Real time event viewing across distributed control system servers |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10503904B1 (en) | Ransomware detection and mitigation | |
| US20190207966A1 (en) | Platform and Method for Enhanced Cyber-Attack Detection and Response Employing a Global Data Store | |
| US20190207967A1 (en) | Platform and method for retroactive reclassification employing a cybersecurity-based global data store | |
| US9860263B2 (en) | System and method for assessing data objects on mobile communications devices | |
| CN109873803B (en) | Permission control method and device of application program, storage medium and computer equipment | |
| US9888032B2 (en) | Method and system for mitigating the effects of ransomware | |
| US9344431B2 (en) | System and method for assessing an application based on data from multiple devices | |
| JP6019484B2 (en) | Systems and methods for server-bound malware prevention | |
| US9740852B2 (en) | System and method for assessing an application to be installed on a mobile communications device | |
| US8544095B2 (en) | System and method for server-coupled application re-analysis | |
| US11240275B1 (en) | Platform and method for performing cybersecurity analyses employing an intelligence hub with a modular architecture | |
| CN100386994C (en) | Client apparatus, server apparatus and authority control method | |
| WO2020139654A1 (en) | System and method for cloud-based control-plane event monitor | |
| KR101266037B1 (en) | Method and apparatus for treating malicious action in mobile terminal | |
| EP3270318B1 (en) | Dynamic security module terminal device and method for operating same | |
| CN110688653A (en) | Client security protection method and device and terminal equipment | |
| CN113672925B (en) | Method and device for preventing lux software attack, storage medium and electronic equipment | |
| CN116405272A (en) | Safety protection method of DCS software server and computer equipment | |
| CN110677483B (en) | Information processing system and trusted security management system | |
| CN108289073A (en) | APP safety detecting systems based on Android | |
| CN113726728B (en) | Safety protection system and application system transformation processing method and device | |
| CN109784037B (en) | Security protection method and device for document file, storage medium and computer equipment | |
| US20220327205A1 (en) | Method of blocking access of threatening user and program security application method | |
| CN116170182A (en) | Internet mobile application security control method and device and computer equipment | |
| Feng et al. | Security audit in mobile apps security design |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |