CN103139203A - Remoting-based distributed application security enhancement method - Google Patents
Remoting-based distributed application security enhancement method Download PDFInfo
- Publication number
- CN103139203A CN103139203A CN2013100306489A CN201310030648A CN103139203A CN 103139203 A CN103139203 A CN 103139203A CN 2013100306489 A CN2013100306489 A CN 2013100306489A CN 201310030648 A CN201310030648 A CN 201310030648A CN 103139203 A CN103139203 A CN 103139203A
- Authority
- CN
- China
- Prior art keywords
- remoting
- server end
- client
- call
- enhancement method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a Remoting-based distributed application security enhancement method. A self-defined Proxy is utilized to replace an original Proxy in an existing Remoting framework. A novel security check module is additionally arranged in the self-defined Proxy. The mutual communication and application between the existing Remoting frameworks can not be affected, and the security requirements of client-sides are met.
Description
Technical field
The present invention relates to computer security technique, particularly relate to the safe Enhancement Method of the distributed object system of a kind of Remoting based on the .NET of Microsoft platform.
Background technology
Remoting is the framework of the distributed object system that provides in the .NET platform of Microsoft.By Remoting, be present in object in the different application territory and can mutually know the other side's news that work of going forward side by side, allocating object is called as client object, and the object that is called is called server object.Utilize Remoting, can realize easily the distributed treatment of data.
Traditional method call is to realize by stack, the principle that realizes of Remoting is, in client is encapsulated into a message object by agent object with original stack-based method call information (information, method name, method parameter etc. of location remote object), then the data flow that as required these message object is changed into certain form send to the remote object place Application Domain in.After arriving server through formatted message, at first therefrom restore message object, afterwards the remote object place Application Domain in construct the correlation method call stack, this moment just can be according to the calling of the machine-processed Method Of Accomplishment of traditional stack-based method call, and the process that returns results is according to above-mentioned method reverse process.
Under default situations, Remoting uses HTTP or Transmission Control Protocol, and uses SOAP or the machine binary message form of XML coding to communicate.
Existing Remoting realizes in Organization Chart such as accompanying drawing shown in Figure 1.
The Remoting technology has many good qualities, and comprises carrying out distributed development, and the Remoting speed of TCP passage is very fast, although be long-range, approaches very much the state etc. call native object and can keep object.But the Remoting technology also has shortcoming simultaneously, and topmost is exactly that the Rmoting technology lacks security mechanism.Because the Remoting technical standard is all disclosed, so be easy to intercept and capture communication information on network node, even communication information is tampered, and this is with the serious safety that threatens distributed system.
Summary of the invention
Defective for the security mechanism deficiency that exists in existing Remoting technology, but the object of the invention is to utilize the extension characteristic of Remoting technology, add strong method by Remoting being expanded the new safety of interpolation, reach the purpose of guaranteeing system safety.
Technical scheme of the present invention is as follows:
A kind of safe Enhancement Method of the Distributed Application based on Remoting is characterized in that, in the Remoting framework of expansion, comprises the following steps during client object invoking server end object:
(a) the Remoting bottom is encapsulated in recalls information in message object, is delivered to server end by communication channel;
(b) client is when sending a message to server end, and the Cailcontext that the caller information exchange is crossed the Remoting standard architecture and provided sends to server end in the lump;
(c) server end receives and reduces message object, and the self-defined Proxy by expansion processes this client call, comprises this is called and carries out safety check module, and whether judgement is this time called is legal calling;
(d) if call legal, invoking server end object, and return the result to client object; If call illegally, directly return, no longer carry out calling of server end.
Further, the safety inspection in described step (C) comprises a safety check module, and described safety check module is passed through to extract caller information from Callcontext, and judges by this caller information of comparative analysis whether this calls is legal calling.
Further, the caller information in described step (b) comprises client ip/Mac address.
Technique effect of the present invention is:
The Open architecture of the framework Remoting of the distributed object system that provides in the .NET platform of Microsoft is provided, on existing basis of calling communication, process client call by self-defining Proxy, utilize safety check module default in self-defining Proxy, recalls information from client is carried out safety inspection, intercept and capture and distort the threat of communication information with the malice of avoiding automatic network, thereby be issued in the condition of maintenance system normal use the purpose of safeguarding and strengthening system safety.
In the safe Enhancement Method of the Distributed Application based on Remoting of the present invention, utilize self-defining Proxy to substitute original Proxy in existing Remoting framework, and set up new safety check module in self-defining Proxy, the mutual communication that neither can affect existing Remoting framework is applicable, has reached again the safety requirements of client.
Description of drawings
Figure 1 shows that the communication block diagram of client call service device end in existing Remoting framework.
Figure 2 shows that the communication block diagram of client call service device end in Remoting framework of the present invention.
Embodiment
The present invention will be further described below in conjunction with accompanying drawing.
The .NET platform application of Microsoft is extensive, and wherein the Remoting technology has many good qualities, and comprises carrying out distributed development, and the Remoting speed of TCP passage is very fast, although be long-range, approaches very much the state etc. call native object and can keep object.
But in the Remoting technology, a topmost shortcoming is exactly that the Rmoting technology lacks security mechanism simultaneously.Because the Remoting technical standard is disclosed, particularly for the people that those are harhored evil intentions, it is easy to intercept and capture and distort communication information on network node, this with serious threaten this distributed system just use safety.
The present invention is exactly on the basis of Remoting technology, by adding security mechanism to Remoting expansion and to the distribution application system that uses Remoting, thereby strengthens system safety.
The present invention expands Remoting on the basis of standard Remoting framework, and the Organization Chart after expansion as shown in Figure 2.
Concrete extended mode is included in expansion Remoting framework, the Proxy of self-defined server end replaces the Proxy that gives tacit consent in existing Remoting framework, and introduced safety check module in self-defining Proxy, the information of caller is checked.
In the Remoting framework of expansion, client object invoking server end object step is as follows:
The Proxy invoking server end of client by giving tacit consent in existing Remoting framework, the Remoting bottom is encapsulated in recalls information in message object, is delivered to server end by communication channel.
Client is when sending a message to server end, and the Callcontext that caller information (as client ip/Mac address etc.) can be provided by the Remoting standard architecture sends to server end in the lump.
Callcontext provides the property set that transmits together with the run time version path, CallContext is the dedicated collection object that is similar to the local storage of thread of method call, and the slot data unique to each logic execution thread is provided.
Server end receives message and reduces after message object, determines invoked server end type according to message object.On the server end type, registration has self-defining Proxy if be called, and Remoting generates self-defined Proxy and processes this client call.
At first self-defined Proxy calls safety check module, and safety check module extracts caller information from Callcontext, and whether this time call according to the safety inspection rule judgment of setting is legal calling.
If it is legal to call, the invoking server end is carried out and is called, and returns results.Otherwise, if call illegally, directly return, no longer carry out calling of server end.
As a kind of example, the safety inspection rule can compare audit to the client ip that comprises in Callcontext/Mac address for comprising, also can utilize other the information that comprises in Callcontext to compare inspection.
Claims (3)
1. the safe Enhancement Method based on the Distributed Application of Remoting, is characterized in that, in the Remoting framework of expansion, comprises the following steps during client object invoking server end object:
(a) the Remoting bottom is encapsulated in recalls information in message object, is delivered to server end by communication channel;
(b) client is when sending a message to server end, and the Callcontext that the caller information exchange is crossed the Remoting standard architecture and provided sends to server end in the lump;
(c) server end receives and reduces message object, and self-defined this client call of Proxy object handles by expansion comprises this is called and carries out safety check module, and whether judgement is this time called is legal calling;
(d) if call legal, invoking server end object, and return the result to client object; If call illegally, directly return, no longer carry out calling of server end.
2. the safe Enhancement Method of the Distributed Application based on Remoting as claimed in claim 1, it is characterized in that, safety inspection in described step (C), comprise a safety check module, described safety check module is passed through to extract caller information from Callcontext, and judges by this caller information of comparative analysis whether this calls is legal calling.
3. the safe Enhancement Method of the Distributed Application based on Remoting as claimed in claim 2, is characterized in that, the caller information in described step (b) comprises client ip/Mac address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100306489A CN103139203A (en) | 2013-01-28 | 2013-01-28 | Remoting-based distributed application security enhancement method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100306489A CN103139203A (en) | 2013-01-28 | 2013-01-28 | Remoting-based distributed application security enhancement method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103139203A true CN103139203A (en) | 2013-06-05 |
Family
ID=48498509
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013100306489A Pending CN103139203A (en) | 2013-01-28 | 2013-01-28 | Remoting-based distributed application security enhancement method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103139203A (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050216594A1 (en) * | 2004-03-25 | 2005-09-29 | Microsoft Corporation | Instant messaging communications channel for transporting data between objects executing within a managed code environment |
| CN101552801A (en) * | 2009-05-20 | 2009-10-07 | 中国电信股份有限公司 | A method and system for on-line browsing and downloading the address-book of user group |
-
2013
- 2013-01-28 CN CN2013100306489A patent/CN103139203A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050216594A1 (en) * | 2004-03-25 | 2005-09-29 | Microsoft Corporation | Instant messaging communications channel for transporting data between objects executing within a managed code environment |
| CN101552801A (en) * | 2009-05-20 | 2009-10-07 | 中国电信股份有限公司 | A method and system for on-line browsing and downloading the address-book of user group |
Non-Patent Citations (3)
| Title |
|---|
| EAGLET,HCLING03: "Remoting 的服务器侧如何获知Client的IP地址", 《HTTP://BBS.CSDN.NET/TOPICS/90204483》 * |
| IDIOR: "Remoting基本原理及其扩展机制(上)", 《HTTP://WWW.CNBLOGS.COM/IDIOR/ARCHIVE/2007/01/04/611265.HTML》 * |
| LUMINJI: "remoting安全之草稿", 《HTTP://BLOG.CSDN.NET/LUMINJI/ARTICLE/DETAILS/5298959》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108200146B (en) | Method for realizing lightweight microservice architecture | |
| CN109766700A (en) | Access control method and device, the storage medium, electronic device of file | |
| CN104767755A (en) | Method for protecting packet-based network from attacks, and security border node | |
| CN104767748A (en) | OPC server safety defending system | |
| CN105490872B (en) | A kind of network instant communication data information real-time monitoring system and monitoring method | |
| CN106452955B (en) | A kind of detection method and system of abnormal network connection | |
| CN102663274A (en) | Method and system for detecting remote computer-invading behavior | |
| CN102014141A (en) | Method for realizing security of network terminal equipment | |
| CN111552568B (en) | Cloud service calling method and device | |
| CN104519129A (en) | Data transmission method, device and system | |
| CN105635035A (en) | Method for monitoring flow of virtual machine | |
| CN102882894A (en) | Method and device for identifying attack | |
| CN1761206A (en) | Multifunctional management system for detecting erotic images and unhealthy information in network | |
| CN110866265A (en) | Data storage method, device and storage medium based on block chain | |
| CN108206760A (en) | A kind of safe O&M framework of industrial control system | |
| US10536397B2 (en) | Packet count-based object locking protocol | |
| CN1152517C (en) | Method of guarding network attack | |
| CN102546364A (en) | Network data distribution method and device | |
| Kang et al. | Defense technique against spoofing attacks using reliable ARP table in cloud computing environment | |
| CN103139203A (en) | Remoting-based distributed application security enhancement method | |
| CN106254534A (en) | Distributed type assemblies monitoring agent based on mixed architecture and method | |
| CN110022332B (en) | Hypertext transfer security protocol proxy method, device, equipment and medium | |
| CN108011825B (en) | Multi-network equipment interconnection reality method and system based on software defined network | |
| CN103067476A (en) | Dynamic network reconstruction method based on virtual machine | |
| CN116389385A (en) | System resource processing method, device, storage medium and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130605 |