Fail-safe software unitized overall development method based on the RMI standard
Technical field
The present invention relates to the method for fail-safe software exploitation.
Background technology
Fail-safe software can be divided into two classes usually: towards the fail-safe software of particular device with towards the fail-safe software of specific function.
Often at equipment, the system of certain particular type, provide comprehensive safety management function towards the fail-safe software of particular device.The fail-safe software that common hardware vendor provides belongs to this type, they are the secure hardware products at certain type, as fire wall, intruding detection system, Anti-Virus, the network equipment etc., adopt the specific management interface of device type, carry out real-time supervision, the operational factor that obtains safety product is with real-time understanding equipment running status, and long-range configuration parameter and the running status that safety product is set.Basically do not support the equipment to other types, the management that system also concentrates towards the fail-safe software of particular device.
Chinese patent application CN02822219.9 unilaterally in multi-processor environment loads the apparatus and method of secure operating system, comprises when operate the loading safety zone that detects current active, ignores the loading safety zone instruction of receiving.Otherwise in response to the loading safety zone instruction of receiving, the storage protection unit is directed to form secure memory environments.In case be directed, then the undelegated read to one or more Guared memory zone is under an embargo.At last, the keyed hash value in one or more Guared memory zone is stored in the summary info storehouse as the fail-safe software ident value.In case be stored, then the external agent can ask the software identification value that is digitally signed is conducted interviews, so that set up the safety verification to the fail-safe software in secure memory environments.
Chinese patent application CN200410013285.9 has designed a kind of new computer security software product by process and system trajectory analysis blocking-up computer virus method, it comprises four aspects: log system, be responsible for finishing the behavior and the result of record the process, and the change of operating system; Early warning system, the early-warning conditions that sets in advance, the action that monitoring process is specific when these actions take place, is carried out " behavior checking " to the executor of this action, and carries out early warning, blocking-up or charge to operation such as blacklist with setting in advance according to the checking result; Analytic system is carried out analysis-by-synthesis according to daily record, so that identification has or not security incident to take place, the source of tracing specific action is for the recovery operation system provides the recovery foundation; Restoring system carries out intelligence restoration to the destruction of having caused already, mainly is the removing that is harmful to file according to the analysis conclusion (accident track) that analytic system provides, the recovery that system is provided with, comprise: start the cleaning of item, the cleaning of service entry, the loading of kernel module.
Fail-safe software towards specific function is designed and developed at certain particular safety management function.For example, the security log management system is gathered the security log information that various device, system generate, and is used for the running status of monitoring network and system, follows the tracks of user's behavior; The configuration integrity management system is in time collected the configuration information of various device, system, can in time send a warning message when the key configuration item changes, and recover automatically; The desktop security management system guarantees that desktop system is equipped with up-to-date security patch, to eliminate the threat that the worm-type virus outbreak brings.Fail-safe software towards specific function adopts multiple communication interface commonly used to come to communicate with plurality of devices and system usually, but they limit on some specific functions basically.
All there is apparent in view limitation in these two kinds of fail-safe softwares, and there is following problem in its develop and field:
Be difficult to realize that data are effectively shared: equipment, system that each fail-safe software is all managed by the communication interface visit of oneself, and data based oneself the business demand that will collect is stored in the database of internal system.Be difficult to like this accomplish to realize data sharing between a plurality of systems, cause a plurality of independently information islands;
Traffic load is big: because that each fail-safe software to the operational factor of surveillance equipment, system, has produced is a large amount of, the communication flows that repeats, to the equipment managed and the traffic load increase of system;
A little less than the general safety supporting dynamics: each fail-safe software all can only be finished the part security function, and these software systems are stand-alone developments, lack the unified basis of software and the interactive interface of function close cooperation, being difficult to provides the secured views of the overall situation and integrated safety management instrument to the system manager.
And fail-safe software all needs some general function, for example fail-safe software all needs the operational factor of each managed devices of automatic regular polling usually and is saved in the analysis of carrying out running status in the database, and fail-safe software all needs to receive log information that managed devices produces usually and is saved in and carries out statistical study etc. in the database.By each fail-safe software these functional modules of stand-alone development separately, will cause the research and development of fail-safe software to do a large amount of repetitive operation, development efficiency is very low, and software quality can not get guaranteeing.
In a word, traditional fail-safe software is directly to develop Secure Application software in the equipment of being managed, system, thereby cause fail-safe software on communication interface, to bind together, on function realizes, can only finish certain specific management function with specific equipment, system.
Summary of the invention
The present invention seeks to research and development present situation, propose a kind of method of the fail-safe software unitized overall development based on the RMI standard, design, realized new SmartSecurer fail-safe software unitized overall development platform at this fail-safe software,
Technical solution of the present invention is: based on the fail-safe software unitized overall development method of RMI standard, with increasing the communications facility layer between the Secure Application system of user's request, increasing the security service layer again is applied to the Secure Application system in addition at managed devices, system and face.The communications facility layer is made up of proxy for equipment object VO, VO server and centralized manager three parts of communicating by letter; The standard communication of communications facility layer definition underlying device (managed devices), system.
The system of agreement that any support is adopted can pass through the communications facility layer, and equipment, the system of bottom conducted interviews.The log event that managed devices, system produce at first sends to the communication server, is transmitted to the VO object of each event source correspondence then.The communications facility layer is all created a corresponding equipment agent object to each equipment of being managed, system, abbreviates VO as; VO is to liking the object logic that can move, and it outwards provides the access interface of predefined standard, and each concrete communication function then adopts equipment specific telemanagement communication interface and equipment to realize alternately; VO to as if in logic the adapter of managed devices in software systems, it is the mapping in software systems of physical equipment, system, and the remote communication interface of equipment isomery is transformed on the predefined management interface of a group system; The remote communication interface of shielding device isomery provides the access interface of standard to the upper strata;
Adopted the order distributing list mechanism of innovation for inquiry, the VO object of supporting different parameters; Each VO object has an order distributing list, to each parameter that will monitor and control, has defined the title that will monitor and control the command object that this parameter need carry out; The VO object receives the standard commands call request by standard communication, according to the parameter query order distributing list that defines in the command request, the title of the command object that acquisition will be carried out, this command object of VO object dynamic load then, the supervision of call instruction object or control method; Each command object adopts a kind of specific communication protocol and equipment and the system communication managed towards a concrete supervision and control function; Thereby support inquiry, the function for monitoring of different parameters need adopt different communication protocol;
For the lot of V O object on a plurality of VO servers is effectively managed, the communications facility layer provides the communication centralized manager.The communication centralized manager is in time stored its running status by each VO server is regularly carried out health examination; Unusual when the appearance of VO server, after restarting, the interface that the communication centralized manager is called the VO server automatically returns to the preceding state of fault generation with it, has shielded the fault of bottom appearance to the upper strata software systems;
The communication centralized manager provides VO to dispose, be provided with the interface of upper layer software (applications) system call communication centralized manager, when creating a VO object, the communication centralized manager is at first according to predefined VO deployment strategy, VO server under the decision VO object, the interface that calls the VO server is then created the VO object of specified type on this communication server; The communication centralized manager provides the function of name server;
The target of communications facility layer is the safety management interface of the isomery that provides of shielding bottom each managed devices, system, provides standard access interface to bottom managed devices, system to upper strata service layer and application system; The communications facility layer is by definition underlying device (managed devices) and be provided with the standard communication of system; The system of agreement that any support is adopted is all by the communications facility layer, and equipment, the system of bottom conducted interviews; The log event that managed devices, system produce at first sends to the communication server, is transmitted to the VO object of each event source correspondence then; The upper layer software (applications) module only need be known the title of the title of VO object or managed devices, system, just by the inquiry of communications facility course communication centralized manager, knows which VO server the VO object operates on, and obtains the communication handle of VO object; By this communication handle, just can call the standard access interface that the VO object provides, thus visit bottom managed devices.
The upper layer software (applications) module only need be known the title of the title of VO object or managed devices, system, just can know which VO server the VO object operates on, and obtain the communication handle of VO object by the inquiry of communications facility course communication centralized manager.By this communication handle, just can call the standard access interface that the VO object provides, thus visit bottom managed devices.
The target of communications facility layer is the safety management interface of the isomery that provides of shielding bottom each managed devices, system, provides standard access interface to bottom managed devices, system to upper strata service layer and application system.The SmartSecurer platform adopts the communication middleware RMI standard based on the Java technology, defines the standard communication of underlying device, system.The system of any support RMI agreement can pass through the communications facility layer, and equipment, the system of bottom conducted interviews.
The present invention designs, has realized the security service layer on the basis of communications facility layer; The security service layer comprises generic service layer and application oriented service layer; The generic service layer is towards all fail-safe softwares, and needed service module is provided, and application oriented service layer is some functional modules that provide at the needs of one or several specific fail-safe software; The service layer that uses comprises that task manager, database service, Web service and desktop security event handling center constitute; The generic service layer is provided with poll services, the general functional module of alerting service, keeps supplying a layer fail-safe software and directly uses; The generic service layer also provides the asset store service, and all devices of the required management of centralized stores fail-safe software and system's details provide the basis of data sharing;
The security service layer is applied to the Secure Application system; The Secure Application system comprises QQMSN supervisory system, Vulnerability Management, patch management, asset management, group of assets management, alarm management; The generic service layer of described security service layer and application oriented service layer constitute and be as follows with the relation of Secure Application system: the generic service layer comprises event service module, the VO object is normalized into the event object of standard with incident, through sending to the event service module of security service layer after filtering; After Event Service received event object, the filtering rule according to definition filtered once more, then event object is stored in the event base;
Directly to the event base of event service module inquire about, statistics and analysis, generate various statistical study forms; The function that Event Service provides general incident to receive, store and notify to upper strata Secure Application system;
The Secure Application system orders the event type that oneself needs processing to the Event Service registration of event service module to Event Service; Each Secure Application system can order different event types; Event Service compares event object that receives and the event type that each Secure Application system orders, if satisfy the condition of ordering, Event Service handles to the Secure Application system on upper strata the event object real-time informing.
Employing defines the standard communication of underlying device, system based on the communication middleware RMI standard of Java technology.Different VO supports different communication protocol, and the different communication protocol that the different order of same VO object also needs to adopt is finished
Description of drawings
Fig. 1 is that the present invention constitutes block diagram, is the function that the SmartSecurer Event Service provides general incident to receive, store and notify to upper strata Secure Application system
Fig. 2 is a communication block diagram of the present invention, by SmartSecurer fail-safe software unitized overall development platform of the present invention, has increased communications facility layer and security service layer between managed devices, system and the face Secure Application system with user's request
Fig. 3 is that platform communications service layer of the present invention is implemented block diagram
Fig. 4 is the development approach process flow diagram of fail-safe software of the present invention
Fig. 5 is a fail-safe software example schematic of the present invention
Embodiment
Shown in Fig. 1-5; The communication centralized manager is regularly carried out health examination to each VO server, in time stores its running status, for example the VO object of creating in the VO container of VO server.Unusual when the appearance of VO server, after restarting, the interface that the communication centralized manager is called the VO server automatically returns to the preceding state of fault generation with it, has shielded the fault of bottom appearance to the upper strata software systems.
The communication centralized manager provides VO to dispose function.The interface of upper layer software (applications) system call communication centralized manager, when creating a VO object, the communication centralized manager is at first according to predefined VO deployment strategy, VO server under the decision VO object, the interface that calls the VO server is then created the VO object of specified type on this communication server.
For the remote communication interface of shielding device isomery, provide the access interface of standard to the upper strata, the communications facility layer is all created a corresponding equipment agent object to each equipment of being managed, system, abbreviates VO (Virtual Object, virtual objects) as.VO is to liking the object logic that can move, and it outwards provides the access interface of predefined standard, and each concrete communication function then adopts equipment specific telemanagement communication interface and equipment to realize alternately.In fact VO to as if in logic the adapter of managed devices in software systems, it is the mapping in software systems of physical equipment, system, and the remote communication interface of equipment isomery is transformed on the predefined management interface of a group system.
Different VO can support different communication protocol, even the different communication protocol that the different order of same VO object also needs to adopt is finished.For example gathering the real time execution parameter of a router can finish by snmp protocol, and the configuration file that obtains router then needs to be remotely logged on the router with the Telnet mode, and operation is got configuration order and just can be finished the function of getting configuration file then.
Communication centralized management person provides the function of name server.Will be after the VO object starts to the communication centralized manager.
The formation of described security service layer is: comprise event service module.The VO object is normalized into the event object of standard with incident, through sending to the event service module of security service layer after filtering.After Event Service received event object, the filtering rule according to definition filtered once more, then event object is stored in the event base.The Secure Application system can be directly to event base inquire about, statistics and analysis, generate various statistical study forms.The Secure Application system also can register to Event Service, orders the event type that oneself needs processing to Event Service.Each Secure Application system can order different event types.Event Service compares event object that receives and the event type that each Secure Application system orders, if satisfy the condition of ordering, Event Service handles to the Secure Application system on upper strata the event object real-time informing.
Want between the fail-safe software to realize data sharing, thereby can be fused into the fail-safe software solution of an integral body.For example the asset management system stores the detailed configuration information of all equipment of being managed, system.Fragility management system, Threat Management system, risk management system be the safety loophole information, the current security threat that faces and the degree of risk that have of managing assets respectively.But these systems all need and will gather, analyze the fragility data, threat data, risk data and the affected asset association that obtain.This just requires fragility management system, Threat Management system, risk management system to want and can share assets information with the asset management system.
The SmartSecurer platform designs, has realized the security service layer on the basis of communications facility layer.The security service layer comprises generic service layer and application oriented service layer.The generic service layer is towards all fail-safe softwares, and needed service module is provided, and application oriented service layer is some functional modules that provide at the needs of one or several specific fail-safe software.
The generic service layer provides multiple general functional modules such as poll services, alerting service, keeps supplying layer fail-safe software directly to use, and all develops these general utility functions modules again without each fail-safe software.The generic service layer also provides the asset store service, and all devices of the required management of centralized stores fail-safe software and system's details provide the basis of data sharing
The function that the SmartSecurer Event Service provides general incident to receive, store and notify to upper strata Secure Application system
The present invention constitutes the SmartSecurer system, all adopts pure java applet design language exploitation, and the Java RMI interface by standard between the software module communicates.All softwares have professional platform independence, may operate on various UNIX, LINUX, the Windows main frame.
The SmartSecurer system is made up of three-decker from disposing, and is respectively the communication server, Core server and application server, as shown in Figure 5.
The communication server: the VO server in communications facility layer of each communication server operation, finish function with concrete managed devices, system communication.System can dispose a plurality of communication servers according to range of management, communication flows, real-time requirement etc., and each communication server is responsible for communicating with part managed devices, system.
Core server: communication centralized management person in the operational communications facility layer and generic service layer.Each system only need move a Core server, is in charge of all communication servers, finishes general collection, event collection function, and provides access interface to the upper strata.
Application server: each application server is disposed towards one or more concrete Secure Application, and running face is to application service layer and concrete Secure Application; A kind of specific communication protocol of described employing and equipment and the system communication managed; Thereby support the inquiry of different parameters; Function for monitoring need adopt different communication protocol;
For example to the function of the supervision and the control of desktop terminal equipment, at first need configuration information by SNMP V3 set protocol transmitting order to lower levels acquisition terminal, need then the process that order issues to be followed the tracks of by SNMP V3 WALK agreement, the distributing list project that these two agreements are corresponding different is inquired about and is carried out by different OID parameters.So just can reach the purpose that different parameter and function for monitoring use different communication protocol.
Described VO object is normalized into the event object of standard with incident, through sending to the event service module of security service layer after filtering; After Event Service received event object, the filtering rule according to definition filtered once more, then event object is stored in the event base;
Dissimilar VO objects has different incident specification engines, for example can be by carrying out the analysis of incident based on the event module of WINDOWS for the alarm of PC_HOST type equipment, then need to analyze for the equipment of UNIX_HOST type according to the special event format of UNIX.But all provide accordant interface for event service module, so effectively shielded the difference of the event information of underlying device, the operation layer on event service module upper strata is provided through formative unified event information and inquiry service.
Directly to the event base of event service module inquire about,
The flow chart of Fig. 4-5 is implemented the present invention according to block diagram.
Fig. 4 explanation:
The background server BackServer of SmartSecurer platform and the relation between the safety service server have been showed, BackServer provides the service of communication service, poll services, topology service and the alarm event of shielding device otherness, and service server has then been realized task management, data management and WEB service based on these services.The ability that uppermost professional foreground interface provides the foreground to show, this interface directly and the keeper carry out alternately.
Detail display how to utilize SmartSecurer platform development Secure Application system (desktop security system), this figure has showed the system architecture based on the SmartSecurer platform of desktop security system.The VoManager of the bottom and a plurality of VoServer provide the communication service of striding equipment, and the communication mode by RMI provides communication service for the generic service layer.Generic service layer in the security service layer is direct and communication layers is mutual, and the generic service layer mainly comprises topological service, alarm and Event Service, poll services.Application service layer is based upon on the generic service layer basis, and task, particular event, the web of service-oriented, the RMI service interface of database are provided.
Fig. 5 explanation:
The various services that uppermost desktop security system has then utilized the security service layer to provide are carried out business and are represented and handle, and for example management etc. of management, specific warnings and the safety assessment of management, assets and the group of assets of audit, leak and the patch of QQ/MSN chat record of specific function is provided.