CN107105036B - Activity tracing method and system for server - Google Patents
Activity tracing method and system for server Download PDFInfo
- Publication number
- CN107105036B CN107105036B CN201710271352.4A CN201710271352A CN107105036B CN 107105036 B CN107105036 B CN 107105036B CN 201710271352 A CN201710271352 A CN 201710271352A CN 107105036 B CN107105036 B CN 107105036B
- Authority
- CN
- China
- Prior art keywords
- session
- system call
- authority
- server
- acquiring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/146—Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/535—Tracking the activity of the user
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses an activity tracing method and system for a server, wherein the method comprises the following steps: when the process of the application program carries out system call, acquiring the session information to which the system call belongs; carrying out permission check on system call according to the session permission corresponding to the session information and the self access permission of the system where the process is located; when the system call meets the session authority and the self access authority of the system, executing the current system call; auditing session activity according to the session information; and storing the audited content for tracing the source of the server. The examination of the session authority is introduced to match the access authority of the system to carry out examination and verification on the authority during system calling so as to control the authority of the application program, and the authority is controlled without being limited to the attributes of a process user and a file when the process executes the system calling. Audit is carried out according to the session information, audit content is stored, and source tracing inquiry of server activities is facilitated, so that the operation condition can be known.
Description
Technical Field
The invention relates to the technical field of servers, in particular to an activity tracing method and system for a server.
Background
With the development of science and technology, more and more internet users acquire shared resources of an external network in a remote access mode. When the user wants to realize remote access, the client of the user is required to be connected to the server in a remote login mode, and then the server calls corresponding information in the database to return to the client.
However, in internet applications, the server provides different services to different users, i.e. different clients have different respective access rights. Each client can only obtain the information in the database within the access authority range of the client. In general, when a user is performing remote access, the system of the server performs system call and system authority judgment, wherein the system call refers to call of a process trapped in an operating system kernel to execute system functions, such as file creation, file modification and program execution. While system permissions generally refer to permissions at the time of system invocation, permissions are typically determined by file attributes and the group of users to which the process operates. The process may be limited by the nature of the process user and the file when performing the system call. And when the server is accessed, the manager of the server is not easy to know the current system calling condition.
Therefore, how to realize the control of the authority without being limited to the attributes of the process user and the file when the process execution system is called, and conveniently know the operation condition of the server is a technical problem which needs to be solved by the technical personnel in the field at present.
Disclosure of Invention
The invention aims to provide an activity tracing method and an activity tracing system for a server, which can realize the control of authority without being limited by the attributes of process users and files when a process execution system is called, and can conveniently know the operation condition of the server.
In order to solve the technical problems, the invention provides the following technical scheme:
an activity tracing method for a server, comprising:
when the process of the application program carries out system call, acquiring the session information to which the system call belongs;
carrying out permission check on the system call according to the session permission corresponding to the session information and the self access permission of the system of the process;
when the system call meets the session authority and the self access authority of the system, executing the current system call;
auditing session activity according to the session information;
and storing the audited content for tracing the source of the server.
Preferably, when the process of the application program performs a system call, acquiring session information to which the system call belongs includes:
when the process of the application program carries out system calling, acquiring a session to which the system calling belongs;
and identifying the session, and acquiring the IP address and role information of the initiator of the session.
Preferably, when the process of the application program performs a system call, acquiring a session to which the system call belongs includes:
acquiring a file descriptor which is created when a process of an application program carries out system calling and is associated with a session to which the system calling belongs;
and acquiring the session mapped by the file descriptor according to the file descriptor.
Preferably, the auditing session activity according to the session information includes:
acquiring a user name and a uniform resource identifier of a server to which the process belongs;
and performing matching audit on the session information, the user name of the server and the uniform resource identifier.
Preferably, the performing permission check on the system call according to the session permission corresponding to the session information and the system access permission of the system in which the process is located includes:
judging whether the current system call is in the session authority corresponding to the session information;
and if so, judging whether the current system call is in the system self access authority of the system.
An activity traceability system for a server, comprising:
the system comprises a first acquisition module, a second acquisition module and a processing module, wherein the first acquisition module is used for acquiring session information to which a system call belongs when the system call is performed in a process of an application program;
the permission checking module is used for checking the permission of the system call according to the session permission corresponding to the session information and the self access permission of the system of the process;
the execution module is used for executing the current system call when the system call meets the session authority and the self access authority of the system;
the auditing module is used for auditing the session activity according to the session information;
and the storage module is used for storing the audited content so as to trace the source of the server.
Preferably, the first obtaining module includes:
the first acquisition unit is used for acquiring the session to which the system call belongs when the system call is carried out on the process of the application program;
and the second acquisition unit is used for identifying the session and acquiring the IP address and the role information of the initiator of the session.
Preferably, the first acquiring unit includes:
the system comprises a first acquisition subunit, a second acquisition subunit and a third acquisition subunit, wherein the first acquisition subunit is used for acquiring a file descriptor which is created when a process of an application program carries out a system call and is associated with a session to which the system call belongs;
and the second acquiring subunit is used for acquiring the session mapped by the file descriptor according to the file descriptor.
Preferably, the audit module comprises:
a third obtaining unit, configured to obtain a user name and a uniform resource identifier of a server to which the process belongs;
and the auditing unit is used for performing matching audit on the session information, the user name of the server and the uniform resource identifier.
Preferably, the permission checking module includes:
the first judging unit is used for judging whether the current system call is in the session authority corresponding to the session information;
a second judging unit, configured to judge whether the current system call is within the system access right of the system when the first judging unit judges that the current system call is within the session right corresponding to the session information.
Compared with the prior art, the technical scheme has the following advantages:
the activity tracing method for the server provided by the embodiment of the invention comprises the following steps: when the process of the application program carries out system call, acquiring the session information to which the system call belongs; carrying out permission check on system call according to the session permission corresponding to the session information and the self access permission of the system where the process is located; when the system call meets the session authority and the self access authority of the system, executing the current system call; auditing session activity according to the session information; and storing the audited content for tracing the source of the server. The process of the application program introduces the check of the session authority to the system call to match the access authority of the system to check and verify the authority when the system call is carried out in the server so as to control the authority of the application program, and the control of the authority is realized when the process executes the system call without being limited to the attributes of the process user and the file. Audit is carried out according to the session information and audit content is stored, so that source tracing inquiry of server activities is facilitated, and the operating condition of the server is conveniently known.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flowchart of an activity tracing method for a server according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an activity tracing system for a server according to an embodiment of the present invention.
Detailed Description
The core of the invention is to provide a method and a system for tracing the activity of a server, which can realize the control of the authority without being limited by the attributes of process users and files when a process execution system is called, and can conveniently know the operation condition of the server.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in detail below.
In the following description, specific details are set forth in order to provide a thorough understanding of the present invention. The invention can be implemented in a number of ways different from those described herein and similar generalizations can be made by those skilled in the art without departing from the spirit of the invention. Therefore, the present invention is not limited to the specific embodiments disclosed below.
Referring to fig. 1, fig. 1 is a flowchart illustrating an activity tracing method for a server according to an embodiment of the present invention.
A specific embodiment of the present invention provides an activity tracing method for a server, including:
s11: when the process of the application program carries out system call, acquiring the session information to which the system call belongs;
s12: carrying out permission check on system call according to the session permission corresponding to the session information and the self access permission of the system where the process is located;
s13: when the system call meets the session authority and the self access authority of the system, executing the current system call;
s14: auditing session activity according to the session information;
s15: and storing the audited content for tracing the source of the server.
In this embodiment, when the client accesses the server through a preset application program to obtain data in the database, a session related to a system call is established between the client and the server. Session information of the session is obtained, and the session information may indicate which role the session belongs to, i.e., a client or a user to which the session belongs, and the identity of different roles in the system has a set of operation right configurations. Different session information corresponds to respective session rights. When a user wants to call a system, the user needs to detect the conversation authority and the self access authority of the system, the data access authority of the role corresponding to the conversation is judged through the examination of the conversation authority, the self access authority of the system is examined to judge the data access authority which can be provided by the system for the role, the current system call is executed only when the data called by the system can pass the examination of the conversation authority and the examination of the self access authority of the system, and the system call is returned after the current system call is executed, so that the new system call is executed. An audit system is introduced according to the session information, the session is audited, audit contents are stored, the activity of the server is conveniently traced and inquired, the operation condition of the server is conveniently known, the access condition of the initiator of each session to the server and the system calling activity are inquired according to the stored audit contents.
The session authority indicates the access authority of the role corresponding to the session, so that when judging whether the system call accords with the authority, the file attribute of the system call and the attribute of the running affiliated user do not need to be judged, and the authority judging process is greatly simplified. The process of the application program introduces the check of the session authority to the system call to match the access authority of the system to check and verify the authority when the system call is carried out in the server so as to control the authority of the application program, and the control of the authority is realized when the process executes the system call without being limited to the attributes of the process user and the file.
It should be noted that, in the whole communication service process in this document, the system call mainly includes a system call of an application program for performing file read-write on a disk file system, and a system call of an application program for performing connection read-write on a database of a database program. In both cases, the authority is checked and determined when a system call is made.
It should be noted that the system call also includes a system call in which the database program reads and writes data from and to the database data, and since the technical permission check is of little significance, in this embodiment, the permission check determination may not be performed on the system call here.
In one embodiment of the present invention, when a process of an application performs a system call, acquiring session information to which the system call belongs, includes: when the process of the application program carries out system calling, acquiring a session to which the system calling belongs; and identifying the session, and acquiring the IP address and role information of the initiator of the session.
Preferably, when a process of an application performs a system call, acquiring a session to which the system call belongs includes: acquiring a file descriptor which is created when a process of an application program carries out system call and is associated with a session to which the system call belongs; and acquiring the session mapped by the file descriptor according to the file descriptor.
In this embodiment, a file descriptor is introduced, where the file descriptor refers to a number identifier in a process or operating system that indicates an open file or connection, or is referred to as a file handle. Session means that after a new connection is received by a service process, the system allocates a session to the new connection, the session is associated with the connection, and the connection means the connection between an application program and a database in the system. Each file descriptor is mapped into a session or empty session to indicate that the current session is associated with a session.
After the service process receives a new connection, namely a new task, a file descriptor and a session associated with the new connection are created, and the session is marked by the file descriptor and is associated, so that the system call can be identified according to the session, the current session is adjusted according to the file descriptor related to the system call, and the current system call is controlled according to the session authority of the current session.
Further, session activity auditing is carried out according to the session information, and the method comprises the following steps: acquiring a user name and a uniform resource identifier of a server to which a process belongs; and performing matching audit on the session information and the user name and the uniform resource identifier of the server.
In this embodiment, each system call contains at least the following information: the current system calls the IP address of the initiator of the corresponding session and the role information of the initiator. In some servers, the following information may be obtained through auditing of session activity: the username of the server, such as FTP/HTTP/SSH server; and URI information such as HTTP information.
In one embodiment of the present invention, performing an authority check on a system call according to a session authority corresponding to session information and a system access authority of a system in which a process is located includes: judging whether the current system call is in the session authority corresponding to the session information; if yes, judging whether the current system call is in the system self access authority of the system.
In this embodiment, after the session information of the system call is obtained, it is first determined whether the current system call is within the session authority, that is, it is detected whether the system call is within the authority range of the role corresponding to the session through the session authority, and if the system call is detected, it is determined whether the current system call is within the system access authority of the system, that is, whether the system opens the corresponding authority to the role corresponding to the session, and if the system call is also detected, the current system call is executed.
If the current system call is judged not to be in the session authority corresponding to the session information, the check is failed, and the system call is directly returned.
Further, in an embodiment of the present invention, after executing the current system call, the method further includes: judging whether the result of the current system call is in the session authority; if yes, returning the system call; and if not, clearing the system call return data, and returning the system call.
In this embodiment, since the data after the system call is executed may have a certain change, after the system call is executed, the authority is also checked by checking the result of the current system call. To further refine the authority control of the system call.
It should be noted that, in the present invention, after the session information of the system call is obtained, the access right of the system itself may be checked first, and if the system call passes the check, the system call is directly executed, and then the session right of the result of the system call is checked. It is also possible to realize control of authority not limited to attributes of the process user and the file when the process executes the system call.
Referring to fig. 2, fig. 2 is a schematic structural diagram of an activity tracing system for a server according to an embodiment of the present invention.
Accordingly, an embodiment of the present invention further provides an activity tracing system for a server, including:
a first obtaining module 21, configured to obtain session information to which a system call belongs when the process of the application performs the system call;
the authority checking module 22 is used for checking the authority of the system call according to the session authority corresponding to the session information and the system access authority of the system where the process is located;
the execution module 23 is configured to execute the current system call when the system call meets the session right and the access right of the system itself;
the auditing module 24 is used for auditing the session activity according to the session information;
and the storage module 25 is used for storing the audited content so as to perform server tracing.
In this embodiment, the first obtaining module and the permission checking module correspond to a system call middle layer, and when the client accesses the server through a preset application program to obtain data in the database, a session related to the system call is established between the client and the server. Session information of the session is obtained, and the session information may indicate which role the session belongs to, i.e., a client or a user to which the session belongs, and the identity of different roles in the system has a set of operation right configurations. Different session information corresponds to respective session rights. When a user wants to call a system, the user needs to detect the conversation authority and the self access authority of the system, the data access authority of the role corresponding to the conversation is judged through the examination of the conversation authority, the self access authority of the system is examined to judge the data access authority which can be provided by the system for the role, the current system call is executed only when the data called by the system can pass the examination of the conversation authority and the examination of the self access authority of the system, and the system call is returned after the current system call is executed, so that the new system call is executed. An audit system is introduced according to the session information, the session is audited, audit contents are stored, the activity of the server is conveniently traced and inquired, the operation condition of the server is conveniently known, the access condition of the initiator of each session to the server and the system calling activity are inquired according to the stored audit contents. The auditing module audits the session activity and generates corresponding auditing logs, then the auditing logs are stored by the storage module, and when a user needs to inquire the system calling condition of the server, the user only needs to call the corresponding auditing logs.
In one embodiment of the present invention, the first obtaining module includes: the system comprises a first acquisition unit, a second acquisition unit and a processing unit, wherein the first acquisition unit is used for acquiring a session to which a system call belongs when the system call is carried out in the process of an application program; and the second acquisition unit is used for identifying the session and acquiring the IP address and the role information of the initiator of the session.
The first acquisition unit includes: a first acquisition subunit, configured to acquire a file descriptor associated with a session to which a system call belongs, the file descriptor being created when a process of an application makes the system call; and the second acquisition subunit is used for acquiring the session mapped by the file descriptor according to the file descriptor.
After the service process receives a new connection, namely a new task, a file descriptor and a session associated with the new connection are created, and the session is marked by the file descriptor and is associated, so that the system call can be identified according to the session, the current session is adjusted according to the file descriptor related to the system call, and the current system call is controlled according to the session authority of the current session.
The audit module includes: a third obtaining unit, configured to obtain a user name and a uniform resource identifier of a server to which the process belongs; and the auditing unit is used for performing matching auditing on the session information, the user name of the server and the uniform resource identifier.
Further, the permission checking module comprises: the first judging unit is used for judging whether the current system call is in the session authority corresponding to the session information; and the second judging unit is used for judging whether the current system call is in the system self access authority of the system or not when the first judging unit judges that the current system call is in the session authority corresponding to the session information.
In this embodiment, each system call contains at least the following information: the current system calls the IP address of the initiator of the corresponding session and the role information of the initiator. In some servers, the following information may be obtained through auditing of session activity: the username of the server, such as FTP/HTTP/SSH server; and URI information such as HTTP information. After the session information of the system call is acquired, firstly, whether the current system call is in the session authority is judged, namely, whether the system call is in the authority range of the role corresponding to the session is detected through the session authority, if the system call is detected, whether the current system call is in the system self access authority of the system is judged, namely, whether the system opens the corresponding authority to the role corresponding to the session, and if the system call is also detected, the current system call is executed.
In summary, the activity tracing method and system for the server provided by the invention introduce the examination of the session authority to the process call of the application program to the system call, and perform examination and verification on the authority when the system call is performed in the server in cooperation with the access authority of the system itself, so as to control the authority of the application program, thereby realizing the control of the authority without being limited to the attributes of the process user and the file when the process executes the system call. Audit is carried out according to the session information and audit content is stored, so that source tracing inquiry of server activities is facilitated, and the operating condition of the server is conveniently known.
The above provides a detailed description of the activity tracing method and system for server provided by the present invention. The principles and embodiments of the present invention are explained herein using specific examples, which are presented only to assist in understanding the present invention and its core concepts. It should be noted that, for those skilled in the art, it is possible to make various improvements and modifications to the present invention without departing from the principle of the present invention, and those improvements and modifications also fall within the scope of the claims of the present invention.
Claims (8)
1. An activity tracing method for a server, comprising:
when the process of the application program carries out system call, acquiring the session information to which the system call belongs;
carrying out permission check on the system call according to the session permission corresponding to the session information and the self access permission of the system of the process;
when the system call meets the session authority and the self access authority of the system, executing the current system call;
auditing session activity according to the session information;
storing the audited content for tracing the source of the server;
when the process of the application program carries out system call, acquiring the session information to which the system call belongs, wherein the session information comprises the following steps:
acquiring a file descriptor which is created when a process of an application program carries out system calling and is associated with a session to which the system calling belongs;
and acquiring the session mapped by the file descriptor according to the file descriptor.
2. The method according to claim 1, wherein the obtaining the session information to which the system call belongs when the process of the application performs the system call comprises:
when the process of the application program carries out system calling, acquiring a session to which the system calling belongs;
and identifying the session, and acquiring the IP address and role information of the initiator of the session.
3. The method of claim 2, wherein said auditing session activity based on said session information comprises:
acquiring a user name and a uniform resource identifier of a server to which the process belongs;
and performing matching audit on the session information, the user name of the server and the uniform resource identifier.
4. The method according to any one of claims 1 to 3, wherein the performing permission check on the system call according to the session permission corresponding to the session information and the system access permission of the system in which the process is located includes:
judging whether the current system call is in the session authority corresponding to the session information;
and if so, judging whether the current system call is in the system self access authority of the system.
5. An activity traceability system for a server, comprising:
the system comprises a first acquisition module, a second acquisition module and a processing module, wherein the first acquisition module is used for acquiring session information to which a system call belongs when the system call is performed in a process of an application program;
the permission checking module is used for checking the permission of the system call according to the session permission corresponding to the session information and the self access permission of the system of the process;
the execution module is used for executing the current system call when the system call meets the session authority and the self access authority of the system;
the auditing module is used for auditing the session activity according to the session information;
the storage module is used for storing the audited content so as to be used for tracing the source of the server;
wherein the first acquisition unit includes:
the system comprises a first acquisition subunit, a second acquisition subunit and a third acquisition subunit, wherein the first acquisition subunit is used for acquiring a file descriptor which is created when a process of an application program carries out a system call and is associated with a session to which the system call belongs;
and the second acquiring subunit is used for acquiring the session mapped by the file descriptor according to the file descriptor.
6. The system of claim 5, wherein the first obtaining module comprises:
the first acquisition unit is used for acquiring the session to which the system call belongs when the system call is carried out on the process of the application program;
and the second acquisition unit is used for identifying the session and acquiring the IP address and the role information of the initiator of the session.
7. The system of claim 6, wherein the audit module comprises:
a third obtaining unit, configured to obtain a user name and a uniform resource identifier of a server to which the process belongs;
and the auditing unit is used for performing matching audit on the session information, the user name of the server and the uniform resource identifier.
8. The system of any one of claims 5 to 7, wherein the permission check module comprises:
the first judging unit is used for judging whether the current system call is in the session authority corresponding to the session information;
a second judging unit, configured to judge whether the current system call is within the system access right of the system when the first judging unit judges that the current system call is within the session right corresponding to the session information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710271352.4A CN107105036B (en) | 2017-04-24 | 2017-04-24 | Activity tracing method and system for server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710271352.4A CN107105036B (en) | 2017-04-24 | 2017-04-24 | Activity tracing method and system for server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107105036A CN107105036A (en) | 2017-08-29 |
| CN107105036B true CN107105036B (en) | 2020-10-23 |
Family
ID=59656358
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710271352.4A Active CN107105036B (en) | 2017-04-24 | 2017-04-24 | Activity tracing method and system for server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107105036B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111064791B (en) * | 2019-12-19 | 2022-08-23 | 中国移动通信集团江苏有限公司 | Method, device, equipment and medium for processing identifier field of JMS (Java Server System) message |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1773413A (en) * | 2004-11-10 | 2006-05-17 | 中国人民解放军国防科学技术大学 | Character constant weight method |
| CN102104607A (en) * | 2011-03-10 | 2011-06-22 | 易程(苏州)软件股份有限公司 | Method, device and system for controlling safety of service access |
| CN103347020A (en) * | 2013-07-02 | 2013-10-09 | 中国工商银行股份有限公司 | Cross-application authentication access system and method |
| CN103986741A (en) * | 2013-02-08 | 2014-08-13 | 株式会社日立制作所 | Cloud data system, cloud data center, and resource management method of the cloud data center |
| CN104270427A (en) * | 2014-09-18 | 2015-01-07 | 用友优普信息技术有限公司 | Session control method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130268302A1 (en) * | 2012-04-04 | 2013-10-10 | Google Inc. | System and method for facilitating a social trip planning experience |
-
2017
- 2017-04-24 CN CN201710271352.4A patent/CN107105036B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1773413A (en) * | 2004-11-10 | 2006-05-17 | 中国人民解放军国防科学技术大学 | Character constant weight method |
| CN102104607A (en) * | 2011-03-10 | 2011-06-22 | 易程(苏州)软件股份有限公司 | Method, device and system for controlling safety of service access |
| CN103986741A (en) * | 2013-02-08 | 2014-08-13 | 株式会社日立制作所 | Cloud data system, cloud data center, and resource management method of the cloud data center |
| CN103347020A (en) * | 2013-07-02 | 2013-10-09 | 中国工商银行股份有限公司 | Cross-application authentication access system and method |
| CN104270427A (en) * | 2014-09-18 | 2015-01-07 | 用友优普信息技术有限公司 | Session control method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107105036A (en) | 2017-08-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6559694B2 (en) | Automatic SDK acceptance | |
| KR102282656B1 (en) | Proxy servers within computer subnetworks | |
| CN107948203B (en) | A kind of container login method, application server, system and storage medium | |
| US10339153B2 (en) | Uniformly accessing federated user registry topologies | |
| JP5961638B2 (en) | System and method for application certification | |
| US8955037B2 (en) | Access management architecture | |
| US8627442B2 (en) | Hierarchical rule development and binding for web application server firewall | |
| US8898731B2 (en) | Association of service policies based on the application of message content filters | |
| US8838679B2 (en) | Providing state service for online application users | |
| CN108351807B (en) | Event management to maintain control of restricted data in a cloud computing environment | |
| US8745088B2 (en) | System and method of performing risk analysis using a portal | |
| CN107133516B (en) | Authority control method and system | |
| US11539707B2 (en) | Dynamic security policy consolidation | |
| US9189643B2 (en) | Client based resource isolation with domains | |
| US11108871B2 (en) | Dynamic generation of network routing configuration with service requirements | |
| CN109450976B (en) | Method and device for accessing service system | |
| US20210042631A1 (en) | Techniques for Cyber-Attack Event Log Fabrication | |
| CN107483477B (en) | Account management method and account management system | |
| US8949930B1 (en) | Template representation of security resources | |
| CN107105036B (en) | Activity tracing method and system for server | |
| CN107018140B (en) | Authority control method and system | |
| US8990398B1 (en) | Systems and methods for processing requests for network resources | |
| CN107071040B (en) | Authority control method and system based on file descriptor and session | |
| KR102357697B1 (en) | Proxy servers within computer subnetworks | |
| US11977643B2 (en) | Methods and systems of a software-based solution for autonomous application security testing of cloud-native applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |