CN102307197B - Trusted enhancement subsystem of multilevel security intercommunication platform - Google Patents

Trusted enhancement subsystem of multilevel security intercommunication platform Download PDF

Info

Publication number
CN102307197B
CN102307197B CN201110250349.7A CN201110250349A CN102307197B CN 102307197 B CN102307197 B CN 102307197B CN 201110250349 A CN201110250349 A CN 201110250349A CN 102307197 B CN102307197 B CN 102307197B
Authority
CN
China
Prior art keywords
data
module
interconnected
node
credible
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201110250349.7A
Other languages
Chinese (zh)
Other versions
CN102307197A (en
Inventor
章志华
李健俊
姜学峰
黄卫忠
黎勇
胡雅军
董惠良
陆海龙
朱剑平
王正敏
王宏铝
陆海良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Tobacco Zhejiang Industrial Co Ltd
Original Assignee
China Tobacco Zhejiang Industrial Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Tobacco Zhejiang Industrial Co Ltd filed Critical China Tobacco Zhejiang Industrial Co Ltd
Priority to CN201110250349.7A priority Critical patent/CN102307197B/en
Publication of CN102307197A publication Critical patent/CN102307197A/en
Application granted granted Critical
Publication of CN102307197B publication Critical patent/CN102307197B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention relates to the fields of level protection and trusted computing, in particular to a trusted enhancement subsystem of a multilevel security intercommunication platform. The trusted enhancement subsystem of the multilevel security intercommunication platform comprises a terminal node agent module, a trusted intercommunication module and an operating system enhancement module. In the multilevel security intercommunication platform adopting the trusted enhancement subsystem, a totally consistent access control system is constructed by taking access control over data switching between an industrial enterprise management network and an industrial control network as a starting point; and the trusted enhanced multilevel security intercommunication platform is constructed between a management area and a production area to ensure that the accurate and consistent access control without strategy omissions and conflicts can be performed on any layer in a resource access process and actually ensure that resources can be accessed only under authorized condition.

Description

The credible enhancer system of multilevel security interconnection platform
Technical field
The present invention relates to hierarchical protection and credible calculating field, relate in particular to the credible enhancer system of multilevel security interconnection platform.
Background technology
Carrying out hierarchical protection rectifying and improving; tentatively set up in the system of safe practice security system of Liao Yige center (security management center), triple protection (zone boundary, communication network, computing environment); according to the relevant policies of hierarchical protection and standard-required, interconnected need the composition by the interconnected parts of safety and cross-system security management center of safety between Grading System.And in reality is implemented; there is gap in the managerial grid of some corporate intranets and the precautionary measures between industrial control network and hierarchical protection policy requirements; need badly in system safety and carry out further investigation aspect interconnected; to realize the interconnected object of informatization platform safety by unified plan, unified management; further improve the safe precaution ability of whole information system; prevent that the potential threat in managerial grid is penetrated into production control network, thereby guarantee safety in production.
For this reason, applicant has applied for that name is called the patent of invention of " multilevel security interconnection platform and handling process thereof based on credible calculating " on the same day, and the platform of this patent comprises following system:
(1) L end and H end data exchange front subsystem: include network service interface, application protocol analyzing sub-module, data markers submodule, application access filtration submodule, administration agent Agent submodule, realize exchanges data and mark function, application safeguard function;
The interconnected component subsystems of (2) three system safety: comprise that L end interconnected systems, interconnect arbitration system, H hold interconnected systems, realize network security isolation features, internet data authentication function, interconnected audit function;
(3) credible enhancer system: comprise that terminal node proxy module and credible interconnect module and operating system strengthen module, realize node identify label function, can level of enforcement function of white name list;
(4) multistage interconnected security management center subsystem: comprise Bowser, MySQL, Web Agent module, realize system management, safety management, audit management function;
One, in L end and H end data exchange front subsystem:
1) described network service interface provides general data exchange interface, receives the request across level internet data, is connected with the interconnected component subsystems of three system safety, transmits data, the process Ju of safety label and asks that the Web verifying should serve;
2) exchange agreement is resolved, analyzed to application protocol analyzing sub-module, according to different agreement,, reduction transmission data;
3) data markers submodule by XML signature technology, provides data markers and the function of forcing access control, and simultaneously based on check result, the credibility of assessment data, on this basis, generates its mark, for the access control of multistage interconnected parts provides support;
4) application access is filtered submodule the access authentication mechanism to Web Application Server end is provided, by application layer intrusion feature database, the safety verification rule of comparison visit data, filters L end visit data bag, thereby avoids H end application service end attacked by application layer access;
5) administration agent Agent submodule is communicated by letter with multistage interconnected security management center, obtain the configuration informations such as data exchange agreement rule, data filtering rule, credible marking convention, and provide audit management required data filtering record to multistage interconnected security management center subsystem;
Two, in the interconnected component subsystems of three system safety:
1) L end interconnected systems and H end interconnected systems, it is respectively the terminal of directorial area and production area procotol, all passing data are carried out to protocol conversion, by peeling off the information reverting that procotol is relevant, be application layer raw information, again these information exchanges are crossed to specialized hardware and private communication protocol and sent to middle interconnect arbitration system, thereby can effectively block the attack based on ICP/IP protocol.
2) interconnect arbitration system, for providing the mandatory Access Control Mechanism based on credible verification mark across the system of level access, verifies the data message on turnover border, stops unauthorized exchanges data;
Three, in credible enhancer system:
1) terminal node proxy module is submitted registration, login and audit information to for the Web Agent module to multistage interconnected security management center subsystem, and receives the strategy that Web Agent module issues, and carries out corresponding policy update;
2) credible interconnecting modules is for credible interconnect verification between node the mutual trusted status that keeps, while having the other side's packet arrival at every turn, upgrade " time of advent recently ", if " time of advent recently " and current time are poor, surpass a specified time, must re-start authentication;
3) operating system enhancing module is utilized transitive trust technology, and integrity verification is carried out in important application program and service that operating system nucleus is loaded; Stop the not binary code in desired value file or script operation;
Four, in multistage interconnected security management center subsystem:
1) Bowser module is for providing UI interactive interface to administrator;
2) MySQL module is used for providing administrative center's back-end data support;
3) Web Agent is for mutual with the management data of node, L end and H end data exchange front subsystem, the interconnected component subsystems of three system safety.
It is starting point that this interconnection platform be take the access control of exchanges data between Industrial Management net and industrial control network, build omnidistance consistent Access Control System, between directorial area and production area, build the multilevel security interconnection platform of credible enhancing, guarantee in resource access process, on any level, can both carry out omitting and the accurate consistent access control conflicting without strategy, ensureing veritably only can access resources in the situation that authorizing.
Summary of the invention
The credible enhancer system that the object of this invention is to provide above-mentioned multilevel security interconnection platform.
In order to realize above-mentioned object, the present invention has adopted following technical scheme:
The credible enhancer system of multilevel security interconnection platform, enhancer system that this is credible comprises that terminal node proxy module and credible interconnect module and operating system strengthen module, wherein:
1) terminal node proxy module is submitted registration, login and audit information to for the Web Agent module of the multistage interconnected security management center subsystem of forward end, and receives the strategy that Web Agent module issues, and carries out corresponding policy update;
2) credible interconnecting modules is for credible interconnect verification between node the mutual trusted status that keeps, while having the other side's packet arrival at every turn, upgrade " time of advent recently ", if " time of advent recently " and current time are poor, surpass a specified time, must re-start authentication;
3) operating system enhancing module is utilized transitive trust technology, and integrity verification is carried out in important application program and service that operating system nucleus is loaded; Stop the not binary code in desired value file or script operation.
As preferably, the connection flow process of above-mentioned credible enhancer system is as follows:
1) after request connection data arrives, search this node whether in current communication list, if so, enter next step, otherwise jump to step 5);
2) in the current list, find the relevant informations such as the IP address, No. ID, state of this node and update time last time, and judge that according to strategy whether this node is credible, if so, enter next step, otherwise jump to step 4);
3) obtain and to get the current time in system, and current time is deducted to this IP update time last time, if be less than 5 minutes, accept this packet, and upgrade the corresponding time, otherwise abandon this connection request packet;
4) judge that this connection request whether in the process of authentic authentication, if so, continues to wait for, otherwise abandons this connection request packet;
5) search this node whether in communication connection summary table, if so, enter next step, otherwise abandon this connection request packet;
6) deposit this node in current communication list, and send apply for information to it, carry out authentic authentication, authentication is passed through, and accepts this packet and upgrades the corresponding time, otherwise abandoning this connection request packet.
As preferably, the credible interconnected checking flow process of above-mentioned credible enhancer system is as follows:
1) node A receives after the connection request of Node B, will create new TCP socket, and from the data structure of local policy, takes out a random number nonce and send to Node B;
2) Node B, by the combining for No. ID of the random number nonce receiving and himself, utilizes hash algorithm to calculate Hash, is nonce+IDb ', and the result of calculating is returned to node A;
3) node A utilizes the IP address that Node B is claimed, removes to search this IP corresponding No. ID in Trusted List, by this No. ID with previously sent to the random number nonce of B combined, calculate Hash, be nonce+IDb;
4) whether node A comparison nonce+IDb equates with nonce+IDb ', if equated, B is trusted node, and node A will set up credible connection with B, otherwise node A will refuse the connection request of Node B.
As preferably, this locality of above-mentioned credible enhancer system is credible, and checking flow process is as follows:
1), when executable code starts, credible interconnect module is intercepted and captured this request;
2) by credible password module digest value, calculate interface, the digest value of the executable code file that calculating will start;
3) inquiry desired value file white list, the digest value that judges this executable code whether with in desired value file, store consistent, if consistent, permission program starts, otherwise, this program of refusal startup.
Adopt the multilevel security interconnection platform of the credible enhancer system of the present invention, the access control of exchanges data between Industrial Management net and industrial control network of take is starting point, build omnidistance consistent Access Control System, between directorial area and production area, build the multilevel security interconnection platform of credible enhancing, guarantee in resource access process, on any level, can both carry out omitting and the accurate consistent access control conflicting without strategy, ensureing veritably only can access resources in the situation that authorizing.
The beneficial effect that this multilevel security interconnection platform brings is, existing network is isolated into directorial area and production area, the structure of the multilevel security interconnection platform by credible enhancing and interconnecting application protocol analysis and control, interconnection protocol blocking-up, interlink node identity are differentiated, interconnected systems strengthens, the realization of unified interconnected safety management, meet the safe demand for interconnection in two regions.
Accompanying drawing explanation
Fig. 1 is structure and the flow chart of multilevel security interconnection platform.
Fig. 2 is the structure chart of L/H end data exchange front subsystem.
Fig. 3 is the overall process flow figure of L/H end data exchange front subsystem.
Fig. 4 is the connection process chart of L/H end data exchange front subsystem.
Fig. 5 is the agreement mark process chart of L/H end data exchange front subsystem.
Fig. 6 is the application protective treatment flow chart of L/H end data exchange front subsystem.
Fig. 7 is the structure chart of the interconnected component subsystems of three system safety.
Fig. 8 is the process chart of the interconnected component subsystems of safety of three systems.
Fig. 9 be three be safety interconnected component subsystems connection process chart.
Figure 10 be three be safety interconnected component subsystems arbitrating access control flow chart.
Figure 11 is the structure chart of credible enhancer system.
Figure 12 is the connection flow chart of credible enhancer system.
Figure 13 is the credible interconnected checking flow chart of credible enhancer system.
Figure 14 is the credible checking flow chart in this locality of credible enhancer system.
Figure 15 is the structure chart of multistage interconnected security management center subsystem.
Figure 16 is the log-on message approval process figure of multistage interconnected security management center subsystem.
Figure 17 is that the policy information of multistage interconnected security management center subsystem issues flow chart.
Figure 18 is that the audit information of multistage interconnected security management center subsystem is uploaded flow chart.
Figure 19 is the heartbeat message transmission flow figure of multistage interconnected security management center subsystem.
In figure: 1, network service interface; 2, application protocol analyzing sub-module; 3, data markers submodule; 4, application access is filtered submodule; 5, administration agent Agent submodule; 6, L end interconnected systems; 7, interconnect arbitration system; 8, H end interconnected systems; 9, terminal node proxy module; 10, credible interconnect module; 11, operating system strengthens module; 12, Bowser module; 13, MySQL module; 14, Web Agent module.
Embodiment
Below in conjunction with accompanying drawing, the present invention is described in further detail:
A multilevel security interconnection platform for credible calculating as shown in Figure 1, this platform comprises following system:
(1) L end and H end data exchange front subsystem: include network service interface 1, application protocol analyzing sub-module 2, data markers submodule 3, application access filtration submodule 4, administration agent Agent submodule 5, realize exchanges data and mark function, application safeguard function;
The interconnected component subsystems of (2) three system safety: comprise that L end interconnected systems 6, interconnect arbitration system 7, H hold interconnected systems 8, realize network security isolation features, internet data authentication function, interconnected audit function;
(3) credible enhancer system: comprise that terminal node proxy module 9 and credible interconnect module 10 and operating system strengthen module 11, realize node identify label function, can level of enforcement function of white name list;
(4) multistage interconnected security management center subsystem: comprise Bowser module 12, MySQL module 13, Web Agent module 14, realize system management, safety management, audit management function.
As shown in Figure 2, in L end and H end data exchange front subsystem:
1) described network service interface 1 provides general data exchange interface, receives the request across level internet data, is connected with the interconnected component subsystems of three system safety, transmits data, the process Ju of safety label and asks that the Web verifying should serve;
2) exchange agreement is resolved, analyzed to application protocol analyzing sub-module 2, according to different agreement,, reduction transmission data;
3) data markers submodule 3, by XML signature technology, provides data markers and the function of forcing access control, and simultaneously based on check result, the credibility of assessment data, on this basis, generates its mark, for the access control of multistage interconnected parts provides support;
4) application access is filtered submodule 4 the access authentication mechanism to Web Application Server end is provided, by application layer intrusion feature database, the safety verification rule of comparison visit data, filters L end visit data bag, thereby avoids H end application service end attacked by application layer access;
5) administration agent Agent submodule 5 is communicated by letter with multistage interconnected security management center, obtain the configuration informations such as data exchange agreement rule, data filtering rule, credible marking convention, and provide audit management required data filtering record to multistage interconnected security management center subsystem.
As shown in Figure 7, in the interconnected component subsystems of three system safety:
1) L end interconnected systems 6 and H end interconnected systems 8, it is respectively the terminal of directorial area and production area procotol, all passing data are carried out to protocol conversion, by peeling off the information reverting that procotol is relevant, be application layer raw information, again these information exchanges are crossed to specialized hardware and private communication protocol and sent to middle interconnect arbitration system 7, thereby can effectively block the attack based on ICP/IP protocol;
2) interconnect arbitration system 7, for providing the mandatory Access Control Mechanism based on credible verification mark across the system of level access, the data message on turnover border verified, stop unauthorized exchanges data.
As shown in figure 11, in credible enhancer system:
1) terminal node proxy module 9 is submitted registration, login and audit information to for the Web Agent module 14 to multistage interconnected security management center subsystem, and receives the strategy that Web Agent module 14 issues, and carries out corresponding policy update;
2) credible interconnecting modules is for credible interconnect verification between node the mutual trusted status that keeps, while having the other side's packet arrival at every turn, upgrade " time of advent recently ", if " time of advent recently " and current time are poor, surpass a specified time, must re-start authentication;
3) operating system enhancing module 11 is utilized transitive trust technology, and integrity verification is carried out in important application program and service that operating system nucleus is loaded; Stop the not binary code in desired value file or script operation.
As shown in figure 15, in multistage interconnected security management center subsystem:
1) Bowser module 12 is for providing UI interactive interface to administrator;
2) MySQL module 13 is for providing administrative center's back-end data support;
3) Web Agent is for exchanging front subsystem, the interconnected component subsystems of three system safety with node, L end and H end data.
The handling process of above-mentioned multilevel security interconnection platform, this handling process comprises the following steps:
1) when system receives the connection of the preposition node of visit data first, node is data interchange platform or application terminal, first by the interconnected administrative center of multilevel security subsystem, carry out the registration to this node, require this node that the credible authorization information of himself is provided simultaneously, by just authorizing this node to initiate to connect after audit, otherwise disable access;
2) for application terminal node, the interconnected administrative center of multilevel security subsystem is given policy distribution the terminal node proxy module 9 of credible enhancer system after mandate, then arrive at application terminal, when node carries out accessing across level, according to strategy, first carry out credible interconnect verification, after interconnect verification is passed through, ability proper communication, otherwise forbid communication;
3) when L end node is that data interchange platform is while carrying out accessing across level, can only access L end data exchange front subsystem, by L end data exchange front subsystem, carry out Data Analysis, reduction, and carry out the credible mark of data, be forwarded to the interconnected component subsystems of three system safety;
4) when L end node is web access application while carrying out access across level, can only access L end data and exchange front subsystem, by application access, filter after the filtration of submodule 4, be forwarded to the interconnected component subsystems of three system safety;
5) the interconnected component subsystems of three system safety receives after the data from L end data exchange front subsystem, by specialized hardware, specialized protocol, pass through the filtration of interconnect arbitration system 7, mark to turnover data boundary information is verified, stop unauthorized exchanges data, will after data combination after filtration, send to H end data exchange front subsystem;
6) H end data exchange front subsystem receives after the data from the interconnected component subsystems of three system safety, data packing is reduced to corresponding soap agreement, xml file or web access and connects, and is connected to H and holds corresponding data server, middleware;
7) after between node, credible interconnect verification is passed through, mutually keep trusted status, while having the other side's packet arrival at every turn, upgrade " time of advent recently ", if " recently the time of advent " and current time be poor, surpass a specified time, interrupt this connection, need L end node to re-start authentication, prevent that foreign subscriber from being undertaken accessing across level by forgery.
As shown in Figure 3, above-mentioned L end and H end data exchange front subsystem overall process flow are as follows:
1) after request connection data arrives, according to this, connect predefined application, check whether be the protocol package of respective application, if so, enter next step, otherwise abandon and close connection;
2) if checked as web application connects, use application access to filter submodule 44web interface, otherwise discarded packets;
3) if web application authorization by; transfer data to interconnected safety component;
4) if soap bag, whether filtering content, check crediblely, if credible, the flag data of signing, is insincere packet otherwise select flag data bag;
5) structured data is transferred to the interconnected component subsystems of three system safety.
As shown in Figure 4, the connection handling process of above-mentioned L end and H end data exchange front subsystem is as follows:
1) accept after connection, first to 7 applications of interconnect arbitration system, client ip address, port numbers that interconnect arbitration system 7 is subsidiary according to application, IP address and the port numbers according to L end data exchange front subsystem, intercepted, and the information of security management center configuration is arbitrated, if legal assign sessions ID, return to L end data exchange front subsystem, simultaneously, link order to the transmission of H end data exchange front subsystem with application server, its arbitration is illegal, notifies L end data exchange front subsystem to refuse this connection;
2) L end data exchange front subsystem obtains the ID session that arbitration is returned, and connection is added to session, starts to accept/send data;
3) if L end data exchange front subsystem monitors to connect is closed by client, close when being connected with client, by multistage interconnected parts, to H end data exchange front subsystem, send end session instruction;
4) L end data exchange front subsystem is received H end data exchange front subsystem session instruction, closes with client and is connected, end session.
As shown in Figure 5, the agreement mark handling process of above-mentioned L end and H end data exchange front subsystem is as follows:
1) from session list, obtain session key;
2), according to data traffic and disposal ability, can choose all or part of data and make a summary, the part that the preposition identity of L, time, the session id that participates in making a summary will serve as a mark;
3) HTTP, SOAP, XML etc. are had to the data of structure, increase title or the attribute bearing mark of corresponding agreement;
4), to structureless data, mark is added into the data end of receiving.
As shown in Figure 6, the application protective treatment flow process of above-mentioned L end and H end data exchange front subsystem is as follows:
1) according to GET/POST, judge whether it is the bag of http;
2) obtain the URL content that will mate, with POST mode or GET mode, submit content and COOKIE content to;
3) travel through tactful chained list, parsing is that url filters or cookie filters;
4) filter the data of whole packet and submission of sheet;
5) carry out pattern matching with the regular expression compiling and optimized, make a policy;
6) record audit information.
As shown in Figure 8, the above-mentioned interconnected parts subsystem processes of three system safety flow process is as follows:
1) after the packet that L end interconnected systems 6 reception L end data exchange front subsystem are sent, this packet is reduced, peel off into application layer data;
2) L end interconnected systems 6, by application layer data, uses Special safety agreement to encapsulate, and by exclusive data link and dedicated transmissions hardware, is sent to interconnect arbitration system 7;
3) data that 7 pairs of L end interconnected systemss 6 of interconnect arbitration system send are arbitrated, and believable data application Special safety agreement is encapsulated, and by exclusive data link and dedicated transmissions hardware, are sent to H end interconnected systems 8;
4) the trusted application data that H end interconnected systems 8 sends interconnect arbitration system 7 are repackaged into ICP/IP protocol packet, are sent to H end data exchange front subsystem.
As shown in Figure 9, the above-mentioned interconnected component subsystems of three system safety is as follows with the connection handling process of Transmission Control Protocol:
1) L end data exchange front subsystem connects to the 6 designated port applications of L end interconnected systems by Transmission Control Protocol;
2) L end interconnected systems 6 is peeled off the solicited message of http protocol from tcp protocol stack, loads the session request bag that becomes private communication protocol, by dedicated link layer, is sent to interconnect arbitration system 7;
3) interconnect arbitration system 7 checks the information such as IP address of request, confirms as after the validated user of passage, sends the conversation informing bag of specialized protocol to L end interconnected systems 6, allows L end interconnected systems 6 to set up TCP with L end data exchange front subsystem and is connected;
4) L end interconnection system gateway is peeled off HTTP solicited message from Transmission Control Protocol, is encapsulated into the application message bag of specialized protocol and is forwarded to interconnect arbitration system 7;
5) interconnect arbitration system 7 extracts request from the application message bag of specialized protocol, and the method for inspection request, destination address, the information such as URL, and do corresponding inspection, after confirming as legal request, send the conversation informing bag of specialized protocol to H end interconnected systems 8, notice H end interconnected systems 8 connects H end data exchange front subsystem by Transmission Control Protocol;
6) H end interconnected systems 8 connects H end data exchange front subsystem by Transmission Control Protocol after receiving conversation informing bag, the main frame that H end interconnected systems 8 is connected to appointment is simultaneously afterwards to arbitration machine transmission conversation informing bag, notice interconnect arbitration system 7 has connected, interconnect arbitration system 7 extracts crucial URL and access method information from Intranet request, be reassembled into HTTP request, the application message that is loaded in private communication protocol is wrapped and is sent to H end interconnected systems 8;
7) H holds the HTTP solicited message of after the request of receiving of interconnected parts, application message being wrapped to extract and be loaded on Transmission Control Protocol, sends to actual H end data exchange front subsystem;
8) H end interconnected systems 8 receives response message from H end data exchange front subsystem;
9) H end interconnected systems 8 sends conversation informing bag to arbitration machine;
10) HTTP information is peeled off from Transmission Control Protocol, be encapsulated into the application message bag of specialized protocol;
11) H end interconnected systems 8 sends to interconnect arbitration system 7 by information;
12) the application message bag that 7 pairs of interconnect arbitration systems are received carries out arbitration process, and the information after processing is still sent to L end interconnected systems 6 according to the form of application message bag;
13) L end interconnected systems 6 extracts information from application message bag, and is loaded on Transmission Control Protocol;
14) L end interconnected systems 6 sends to L end data exchange front subsystem by Transmission Control Protocol, completes once complete data communication.
As shown in figure 10, above-mentioned three is that the interconnected component subsystems arbitrating access control flow of safety is as follows:
1) interconnect arbitration system 7 is accepted arbitration packet, starts the control decision based on mark;
2) if can successfully extract flag attribute, extract the data in packet, calculate the summary of message, otherwise, by data packet discarding, middle connection breaking;
3) by the mark of interconnect arbitration system 7, differentiate whether submodule judge mark attribute meets eap-message digest, if met, enters next step, otherwise, middle connection breaking, packet discard;
4) confirm as legally, to H, hold interconnected parts to initiate to connect.
As shown in figure 12, above-mentioned credible enhancer system connection flow process is as follows:
1) after request connection data arrives, search this node whether in current communication list, if so, enter next step, otherwise jump to step 5);
2) in the current list, find the relevant informations such as the IP address, No. ID, state of this node and update time last time, and judge that according to strategy whether this node is credible, if so, enter next step, otherwise jump to step 4);
3) obtain and to get the current time in system, and current time is deducted to this IP update time last time, if be less than 5 minutes, accept this packet, and upgrade the corresponding time, otherwise abandon this connection request packet;
4) judge that this connection request whether in the process of authentic authentication, if so, continues to wait for, otherwise abandons this connection request packet;
5) search this node whether in communication connection summary table, if so, enter next step, otherwise abandon this connection request packet;
6) deposit this node in current communication list, and send apply for information to it, carry out authentic authentication, authentication is passed through, and accepts this packet and upgrades the corresponding time, otherwise abandoning this connection request packet.
As shown in figure 13, the credible interconnected checking flow process of above-mentioned credible enhancer system is as follows:
1) node A receives after the connection request of Node B, will create new TCP socket, and from the data structure of local policy, takes out a random number nonce and send to Node B;
2) Node B is the combining for No. ID of the random number nonce receiving and himself, utilizes hash algorithm to calculate Hash (nonce+IDb '), and the result of calculating is returned to node A;
3) node A utilizes the IP address that Node B is claimed, removes to search this IP corresponding No. ID in Trusted List, by this No. ID with previously sent to the random number nonce of B combined, calculate Hash (nonce+IDb);
4) node A relatively Hash (nonce+IDb) and Hash (nonce+IDb ') whether equate, if equal, B is trusted node, node A will set up credible connection with B, otherwise node A will refuse the connection request of Node B.
As shown in figure 14, the above-mentioned credible checking flow process of credible enhancing subsystem local is as follows:
1), when executable code starts, credible interconnect module 10 is intercepted and captured this request;
2) by credible password module digest value, calculate interface, the digest value of the executable code file that calculating will start;
3) inquiry desired value file white list, the digest value that judges this executable code whether with in desired value file, store consistent, if consistent, permission program starts, otherwise, this program of refusal startup.
As shown in figure 16, above-mentioned multistage interconnected security management center subsystem register information approval process is as follows:
1) when terminal node accesses inter-trust domain first, or the login state in terminal node local profile is while being unsuccessful, and node provides registration required information by the Web Agent module 14 of Agent and front end processor Agent ,Xiang administrative center respectively;
2) multistage interconnected security management center agents query database, if this node is that " credible " but " recent renewal time " are for empty in database, and the log-on message that node provides is consistent with the information in database, succeeds in registration, and returns to the message that succeeds in registration;
3) and write to " recent renewal time " time of receiving message;
4) node is received " succeeding in registration " message, writes " succeeding in registration " state in configuration file, sends " login " message;
5) multistage interconnected security management center agents query database, if in database not this node or information inconsistent, be masked as " insincere ", then return to " registration failure " message;
6) if there is this nodal information in database, and be masked as " credible " and " recent renewal time " non-NULL, illustrate that this node succeeds in registration, do not allow to register again, return to equally " registration failure " message;
7) node is received " registration failure " message, writes " registration failure " state, and exit in configuration file.
As shown in figure 17, to issue flow process as follows for above-mentioned multistage interconnected security management center subsystem policy information:
1) safety officer notifies Web Agent module 14 to carry out policy distribution by browser;
2) Web Agent module 14 reads corresponding strategy from rear database, forming strategies file;
3) the Web Agent module 14 of administrative center issues new strategy file to all nodes in its territory;
4) front end processor Agent by configuration file write front end processor /etc/secwall/ catalogue in, and again read corresponding configuration file.
As shown in figure 18, to upload flow process as follows for above-mentioned multistage interconnected security management center subsystem audit information:
1) when illegal node is initiated connection request to the trusted node in inter-trust domain, Win/Linux Agent will record source IP, object IP and the port information of illegal connection, and these information is sent to the Web Agent module 14 of administrative center;
2) the Web Agent module 14 of administrative center writes background data base by audit information;
3), on administrative center's page, safety officer can pass through browser access background data base, checks that audit information carries out statistics and analysis.
As shown in figure 19, above-mentioned multistage interconnected security management center subsystem heartbeat message transmission flow is as follows:
1) Web Agent module 14 receives the packet of being uploaded by each node module, take time of administrative center is standard, record the time that this packet arrives, and store in background data base it as " recent renewal time ", simultaneously, timer is inquired about corresponding node state, if status indication is " extremely ", is changed into " work ";
2) Web Agent module 14 is according to the setting of timer, timer access background data base, inquire about the state information of each node, find out the node that status indicator is " work ", then take time of administrative center is standard, and " recent renewal time " adds 30 seconds to judge whether current time is greater than, if, by status indication " extremely ", otherwise be still " work ".

Claims (1)

1. the multilevel security interconnection platform based on credible calculating, is characterized in that this platform comprises following system:
(1) L end and H end data exchange front subsystem: include network service interface (1), application protocol analyzing sub-module (2), data markers submodule (3), application access filtration submodule (4), administration agent Agent submodule (5), realize exchanges data and mark function, application safeguard function;
The interconnected component subsystems of (2) three system safety: comprise that L end interconnected systems (6), interconnect arbitration system (7), H hold interconnected systems (8), realize network security isolation features, internet data authentication function, interconnected audit function;
(3) credible enhancer system: comprise that terminal node proxy module (9) and credible interconnect module (10) and operating system strengthen module (11), realize node identify label function, can level of enforcement function of white name list;
(4) multistage interconnected security management center subsystem: comprise Bowser module (12), MySQL module (13), Web Agent module (14), realize system management, safety management, audit management function;
One, in L end and H end data exchange front subsystem:
1) described network service interface (1) provides general data exchange interface, receives the request across level internet data, is connected with the interconnected component subsystems of three system safety, transmits data, the process of safety label and accesses the Web application service of verifying;
2) exchange agreement is resolved, analyzed to application protocol analyzing sub-module (2), according to different agreement,, reduction transmission data;
3) data markers submodule (3), by XML signature technology, provides data markers and the function of forcing access control, simultaneously based on check result, the credibility of assessment data, on this basis, generate its mark, for the access control of multistage interconnected parts provides support;
4) application access is filtered submodule (4) the access authentication mechanism to Web Application Server end is provided, by application layer intrusion feature database, the safety verification rule of comparison visit data, filters L end visit data bag, thereby avoids H end application service end attacked by application layer access;
5) administration agent Agent submodule (5) and multistage interconnected security management center subsystem communication, obtain data exchange agreement rule, data filtering rule, credible marking convention configuration information, and provide audit management required data filtering record to multistage interconnected security management center subsystem;
Two, in the interconnected component subsystems of three system safety:
1) L end interconnected systems (6) and H end interconnected systems (8), it is respectively the terminal of directorial area and production area procotol, all passing data are carried out to protocol conversion, by peeling off the information reverting that procotol is relevant, be application layer raw information, again these information exchanges are crossed to specialized hardware and private communication protocol and sent to middle interconnect arbitration system (7), thereby can effectively block the attack based on ICP/IP protocol;
2) interconnect arbitration system (7), for providing the mandatory Access Control Mechanism based on credible verification mark across the system of level access, verifies the data message on turnover border, stops unauthorized exchanges data;
Three, in credible enhancer system:
1) terminal node proxy module (9) is submitted registration, login and audit information to for the Web Agent module (14) to multistage interconnected security management center subsystem, and receive the strategy that Web Agent module (14) issues, carry out corresponding policy update;
2) credible interconnect module is for credible interconnected checking between node the mutual trusted status that keeps, while having the other side's packet arrival at every turn, upgrade " time of advent recently ", if " time of advent recently " and current time are poor, surpass a specified time, must re-start authentication;
3) operating system enhancing module (11) is utilized transitive trust technology, and integrity verification is carried out in important application program and service that operating system nucleus is loaded; Stop the not binary code in desired value file or script operation;
The connection flow process of described credible enhancer system is as follows:
1) after the request connection packet of node arrives, search this node whether in current communication list, if so, enter next step, otherwise jump to step 5);
2) in the current list, find this node IP address, No. ID, state and update time last time relevant information, and judge that according to strategy whether this node credible, if so, enter next step, otherwise jump to step 4);
3) obtain and to get the current time in system, and current time is deducted to this IP update time last time, if be less than 5 minutes, accept this packet, and upgrade the corresponding time, otherwise abandon this connection request packet;
4) judge that this connection request whether in the process of authentic authentication, if so, continues to wait for, otherwise abandons this connection request packet;
5) search this node whether in communication connection summary table, if so, enter next step, otherwise abandon this connection request packet;
6) deposit this node in current communication list, and send apply for information to it, carry out authentic authentication, authentication is passed through, and accepts this packet and upgrades the corresponding time, otherwise abandoning this connection request packet;
Four, in multistage interconnected security management center subsystem:
1) Bowser module (12) is for providing UI interactive interface to administrator;
2) MySQL module (13) is for providing administrative center's back-end data support;
3) Web Agent module is for mutual with the management data of node, L end and H end data exchange front subsystem, the interconnected component subsystems of three system safety.
CN201110250349.7A 2011-08-29 2011-08-29 Trusted enhancement subsystem of multilevel security intercommunication platform Active CN102307197B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110250349.7A CN102307197B (en) 2011-08-29 2011-08-29 Trusted enhancement subsystem of multilevel security intercommunication platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110250349.7A CN102307197B (en) 2011-08-29 2011-08-29 Trusted enhancement subsystem of multilevel security intercommunication platform

Publications (2)

Publication Number Publication Date
CN102307197A CN102307197A (en) 2012-01-04
CN102307197B true CN102307197B (en) 2014-02-19

Family

ID=45381006

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110250349.7A Active CN102307197B (en) 2011-08-29 2011-08-29 Trusted enhancement subsystem of multilevel security intercommunication platform

Country Status (1)

Country Link
CN (1) CN102307197B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103581156B (en) * 2012-08-09 2018-02-06 中铁信弘远(北京)信息软件开发有限公司 A kind of method of work of trustable network and trustable network
US10068083B2 (en) 2012-09-28 2018-09-04 International Business Machines Corporation Secure transport of web form submissions
CN103067203B (en) * 2012-12-25 2016-03-02 华为技术有限公司 policy consistency auditing method, device and equipment
TWI540459B (en) * 2015-01-22 2016-07-01 物聯智慧科技(深圳)有限公司 Data transmitting method and system and data transmitting method for client
CN104778410B (en) * 2015-04-16 2017-07-11 电子科技大学 A kind of application integrity verification method
CN105577705B (en) * 2016-03-22 2018-08-21 英赛克科技(北京)有限公司 For the safety protecting method and system of IEC60870-5-104 agreements
CN105577704B (en) * 2016-03-22 2018-08-17 英赛克科技(北京)有限公司 For the safety protecting method and system of IEC60870-5-101 agreements
CN107612929A (en) * 2017-10-18 2018-01-19 南京航空航天大学 A kind of multilevel security access control model based on information flow
CN108810032B (en) * 2018-07-24 2020-05-01 百卓网络科技有限公司 Web cross-site security processing method based on proxy
CN112241540B (en) * 2020-10-16 2023-10-20 浙江中烟工业有限责任公司 Method and device for improving data interaction safety between enterprises
CN113973303B (en) * 2021-11-02 2024-04-02 上海格尔安全科技有限公司 Method for realizing mobile terminal equipment access control gateway based on data packet analysis

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1280315A1 (en) * 1992-07-31 2003-01-29 Micron Technology, Inc. Apparatus and method for providing network security
CN101425903A (en) * 2008-07-16 2009-05-06 冯振周 Trusted network architecture based on identity
CN101635704A (en) * 2008-07-24 2010-01-27 北京盖特佳信息安全技术股份有限公司 Application security exchange platform based on trusted technology
CN101778099A (en) * 2009-12-31 2010-07-14 郑州信大捷安信息技术有限公司 Architecture accessing trusted network for tolerating untrusted components and access method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1280315A1 (en) * 1992-07-31 2003-01-29 Micron Technology, Inc. Apparatus and method for providing network security
CN101425903A (en) * 2008-07-16 2009-05-06 冯振周 Trusted network architecture based on identity
CN101635704A (en) * 2008-07-24 2010-01-27 北京盖特佳信息安全技术股份有限公司 Application security exchange platform based on trusted technology
CN101778099A (en) * 2009-12-31 2010-07-14 郑州信大捷安信息技术有限公司 Architecture accessing trusted network for tolerating untrusted components and access method thereof

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
一种面向等级保护的多级安全域间可信互联方法;孙燕等;《信息安全与技术》;20100630;全文 *
可信网络连接研究;张焕国等;《计算机学报》;20100430;第33卷(第4期);全文 *
孙燕等.一种面向等级保护的多级安全域间可信互联方法.《信息安全与技术》.2010,
张焕国等.可信网络连接研究.《计算机学报》.2010,第33卷(第4期),

Also Published As

Publication number Publication date
CN102307197A (en) 2012-01-04

Similar Documents

Publication Publication Date Title
CN102255924B (en) Multi-stage security interconnection platform based on trusted computing and processing flow thereof
CN102244664B (en) Multistage interconnection safety management centre subsystem of multistage safety interconnection platform
CN102307197B (en) Trusted enhancement subsystem of multilevel security intercommunication platform
Esposito et al. Blockchain-based authentication and authorization for smart city applications
US11882109B2 (en) Authenticated name resolution
EP2307982B1 (en) Method and service integration platform system for providing internet services
US7793096B2 (en) Network access protection
Meng et al. Enhancing the security of blockchain-based software defined networking through trust-based traffic fusion and filtration
US8990356B2 (en) Adaptive name resolution
US20120151565A1 (en) System, apparatus and method for identifying and blocking anomalous or improper use of identity information on computer networks
KR20170016878A (en) Method and network element for improved user authentication in communication networks
US20110047610A1 (en) Modular Framework for Virtualization of Identity and Authentication Processing for Multi-Factor Authentication
CN106612246A (en) Unified authentication method for simulation identity
CN1960255A (en) Distributed access control method in multistage securities
CN106603513A (en) Host identifier-based resource access control method and system
CN103685204A (en) Resource authentication method based on internet of things resource sharing platform
CN109413000A (en) A kind of anti-stealing link method and door chain gateway system
CN102299926B (en) Data exchange prepositioning subsystem of multistage safe interconnection platform
Sukiasyan et al. Secure data exchange in Industrial Internet of Things
Ladan Web services: Security challenges
CN102325134B (en) Three-system safety interconnected part sub-system of multi-stage safety interconnected platform
Sersemis et al. A novel cybersecurity architecture for iov communication
CN117240621B (en) Processing method and device of network request, computer readable medium and electronic equipment
CN108833395A (en) A kind of outer net access authentication system and authentication method based on hardware access card
US11968226B1 (en) Targeted traffic filtering

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant