CN108460275A - A kind of file tamper resistant systems framework - Google Patents
A kind of file tamper resistant systems framework Download PDFInfo
- Publication number
- CN108460275A CN108460275A CN201810189549.8A CN201810189549A CN108460275A CN 108460275 A CN108460275 A CN 108460275A CN 201810189549 A CN201810189549 A CN 201810189549A CN 108460275 A CN108460275 A CN 108460275A
- Authority
- CN
- China
- Prior art keywords
- product management
- management platform
- user
- tamper resistant
- public product
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
Abstract
The present invention provides a kind of file tamper resistant systems framework comprising user, service of goods end and public product management platform;All users share a public product management platform;Public product management platform is data center or the website with fixed IP or domain name built and safeguarded in certain network;User operates respective file tamper resistant systems after logging in the public product management platform by communication channel on the client, and configuration of each user to respective file tamper resistant systems on this public administration platform is automatically stored;The file tamper resistant systems configuration of storage is handed down to corresponding service of goods end by the public product management platform automatically.The no longer each user of public Product Management Platform individually disposes, it avoids and needs to upgrade all clients of all clients or privately owned admin site in existing framework, whole operation process is participated in without user, so improving upgrading efficiency, reduce upgrading duration, reduces fault rate.
Description
Technical field
The invention belongs to network safety filed, more particularly to a kind of file tamper resistant systems framework.
Background technology
World today's informationization is grown rapidly, and is also expedited the emergence of outstanding multi-network security while bringing people's great convenience and is chosen
War.Hacker attack for the purpose of tampering with a document can always produce maximum most significant destruction, such as:Distort certain Government News
The web page files of website spread various illegal information whereby;It extorts virus encryption and distorts thesis file, engineering drawing text
Part, program source code file etc., whereby to victim's extortionist.To resist such/file attack that tampers with a document, network security
Research staff develops respective file tamper resistant systems product one after another, and some carries out anti-usurp just for web page files/file
Change protection, what is had can carry out anti-tampering protection to arbitrary file/folder.
Current file tamper resistant systems are generally by the various access controls to file/folder, or distort afterwards certainly
The dynamic method restored realizes that anti-tamper purpose, framework can be divided into two kinds of C/S and B/S:
(1)C/S frameworks:See Fig. 1.In the network of user:First to host to be protected installation service of goods end program, then
Host is directly connected to by product client-side program to be managed product.
(2)B/S frameworks:See Fig. 2.In the network of user:Service of goods end program is installed to host to be protected first,
Then a privately owned admin site for management product is built, the admin site can manage production finally by browser access
Product(Management of product website can be with service of goods end communication).
The common drawback of existing C/S frameworks and B/S frameworks is:
(1)Research staff has such as issued the safety upgrade patch for client or admin site, then must be to all users'
All clients or all privately owned admin sites are all upgraded.These hinder upgrading efficiency, increase upgrading duration, increase
Fault rate.
(2)User moves to internet when host batch migrates, such as operation system and data from local computer room
The new host of cloud platform, then after having reinstalled service of goods end on every new host, must manually reconfigure product or
It imports and restores products configuration.These complex steps and the professional skill of user there are certain requirements, increase failure occur it is general
Rate increases duration and complexity that product redeploys.
(3)When user enables SMS alarm, then it must increase SMS alarm hardware device.These increased hardware cost,
The reliability for increasing energy consumption, reducing product total system.Because each user must increase a hardware alarms
Equipment, and it is not to have all the time to alarm, so macroscopically reducing hardware resource utilization rate.
(4)When user enables mail alarm, then such as the addresses SMTP, SMTP user names, SMTP passwords must be additionally configured
Etc. information, but also need to inspect periodically send address whether be put into spam and can not normally send out mail.These increased
Time maintenance cost.
(5)User leaves(Such as when going on business)Network where former, and when necessary management product, need the net by former network
Close, gateway needs to open the operation of nat port mapping at this time, also need to close in time after the completion of operation related port map in order to avoid
Opening is utilized by hacker for a long time.These complex steps and the professional skill of user there are certain requirements, and increases safety
Hidden danger.
To existing C/S frameworks, it is proprietary the disadvantage is that:Research staff needs for the different operating system of user(Such as
Windows、Linux、MacOS、Andorid、iOS)The client-side program of different editions is developed, any one system or equipment goes out
Problem, such as virus, hardware damage, be required for being reinstalled or be safeguarded, in addition the update of product, client it is various
Patch and upgrading etc., these can all increase R&D costs.
To existing B/S frameworks, it is proprietary the disadvantage is that:It is brought following daily due to newly building privately owned management of product website
Additional step when use:
(1)The operating system of all users(Such as Windows, Linux, MacOS, Andorid, iOS)In research and development must be installed
The privately owned root certificate of personnel(Otherwise whether the certificate of the privately owned admin site of browser None- identified is legal, and being unable to ensure communication can
Letter, or even can not access).
(2)User is daily must to carry out this admin site the common safety measure based on website, such as:It inspects periodically
Whether access log periodically with the scanning of newest detection instrument has webshell with the presence or absence of loopholes, the periodic scanning such as SQL injection
Deng.
Invention content
The object of the present invention is to provide a kind of file tamper resistant systems framework, which changed to one kind of existing framework
Into can effectively solve the disadvantage that existing framework.
To achieve the above object, the present invention uses following technical scheme:A kind of file tamper resistant systems framework comprising use
Family, service of goods end and public product management platform;Service of goods end is the anti-tamper system of file mounted on the host that need to be protected
System;Public product management platform is data center or the website with fixed IP or domain name built and safeguarded in certain network;
All users share mutually isolated between same public product management platform and user;User is on the client by communication channel
Corresponding file tamper resistant systems are operated after logging in the public product management platform;The public product management platform
Configuration of each user to respective file tamper resistant systems on this public administration platform is automatically stored;Service of goods end with it is public
Product Management Platform is established by communication channel and is communicated, to carry out data interaction;The public product management platform will store
File tamper resistant systems configuration be handed down to corresponding service of goods end automatically.
In an embodiment of the present invention, public product management platform is used to receive the various fortune that each service of goods end uploads
Information when row, the operation of service of goods end are unified automatic for issuing pair by warning message by public product management platform when alarm
Using family.
In an embodiment of the present invention, warning message is unified automatic generation by public product management platform by short message or mail
Issue corresponding user.
In an embodiment of the present invention, when user and service of goods end be not in consolidated network, pass through other communication channels
It logs in and respective file tamper resistant systems is managed after the public product management platform, is checked.
In an embodiment of the present invention, client includes browser or APP or management software.
In an embodiment of the present invention, the public product management platform is built and is safeguarded by related research staff.
In an embodiment of the present invention, the public product management platform is demonstrate,proved using the SSL that trusted root certificate mechanism issues
Book.
In an embodiment of the present invention, public product management platform provides new user's registration function.
Compared with prior art, the present invention has the following advantages:
1, the public no longer each user of Product Management Platform individually disposes in the present invention, but all users share it is same
A, so if research staff's publication is for the patch of public administration platform, no matter how many user need to only be applied to one
A public administration platform, avoid needed in existing framework to all clients of all clients or privately owned admin site into
Row upgrading, whole operation process are participated in without user, so improving upgrading efficiency, reduce upgrading duration, reduce event
Hinder probability of happening.
2, the products configuration of user is automatically stored in Product Management Platform public in the present invention, so when user is in host batch
When amount migration, this product only need to be reinstalled in new host, subsequent service of goods end will be put down from public administration automatically
Platform downloads one's own latest configuration, and whole process, which avoids, to be needed user manually to reconfigure or import to match in existing framework
It sets, so reducing the requirement to user's professional skill, reduces fault rate, reduce the duration that product redeploys
With reduce complexity.
3, the no longer each user of Product Management Platform public in the present invention individually disposes, but all users share together
One public administration platform, and uniformly provide generation and send out warning message various(Such as:SMS alarm, mail alarm)Function,
So avoiding user in existing framework needs whether newly-increased SMS alarm hardware device and the alarm of periodic detection mail work just
Often, so reducing time maintenance cost, reduce hardware cost, reduce energy consumption, improve product total system
Reliability macroscopically improves hardware resource utilization rate.
4, Product Management Platform public in the present invention can not be in user network(Such as:It can be in internet),
So user leaves(Such as when going on business)When network where former is managed product, avoids and needed in existing framework to former net
Network diagram puts the operation of row open and close nat port mapping into, so reducing the requirement to user's professional skill, it is hidden to reduce safety
Suffer from.
5, directly browser can be used as client in framework of the present invention, so existing C/S frameworks can be avoided to need
To be directed to the different operating system of user(Such as Windows, Linux, MacOS, Andorid, iOS)Develop the visitor of different editions
The shortcomings that family end program.
6, Product Management Platform public in the present invention has fixed IP or domain name, it is possible to use trusted root certificate machine
Structure(Such as VeriSign, GlobalSign)The SSL certificate issued because this certificate is trusted root certificate mechanism issue
It can be identified as by all operating systems credible, need to install in the operating system of user so avoiding in existing B/S frameworks
The operating procedure of privately owned root certificate.
7, Product Management Platform public in the present invention is built and is safeguarded by R&D personnel, so avoiding existing
User is needed to carry out the operating procedure of regular web portal security detection to admin site in B/S frameworks.
Description of the drawings
Fig. 1 is prior art C/S architectural configurations schematic diagrames.
Fig. 2 is prior art B/S architectural configurations schematic diagrames.
Fig. 3 is a kind of file tamper resistant systems architectural configurations schematic diagram of one embodiment of the invention.
Specific implementation mode
Explanation is further explained to the present invention in the following with reference to the drawings and specific embodiments.
A kind of file tamper resistant systems framework comprising user, service of goods end and public product management platform;Product takes
End be engaged in as mounted on the file tamper resistant systems for the host that need to be protected;Public product management platform is to build and tie up in certain network
Shield has fixed IP or data center or the website of domain name;All users share same public product management platform and user it
Between it is mutually isolated;User prevents corresponding file after logging in the public product management platform by communication channel on the client
The system of distorting is operated;Each user is automatically stored on this public administration platform to respective in the public product management platform
The configuration of file tamper resistant systems;Service of goods end is established by communication channel with public product management platform and is communicated, thus into
Row data interaction;The file tamper resistant systems configuration of storage is handed down to corresponding product by the public product management platform automatically
Server-side.
File tamper resistant systems be for preventing unauthorized from tampering with a document/a kind of software or hardware of file, it is general logical
The various access controls to file/folder are crossed, or distorts the method restored automatically afterwards and realizes anti-tamper purpose, such as
Protect the webpage tamper resistant systems of web page files/file.The prior art can be selected according to demand.
In an embodiment of the present invention, public product management platform is used to receive the various fortune that each service of goods end uploads
Information when row(Such as product log, product warning message,), the operation of service of goods end put down by public product management when alarming
In warning message unified generation automatically, is issued corresponding user by platform.
In an embodiment of the present invention, warning message is unified automatic generation by public product management platform by short message or mail
Issue corresponding user.
In an embodiment of the present invention, when user and service of goods end be not in consolidated network, pass through other communication channels
It logs in and respective file tamper resistant systems is managed after the public product management platform, is checked.
In an embodiment of the present invention, client includes browser or APP or management software.
In an embodiment of the present invention, the public product management platform is built and is safeguarded by related research staff.
In an embodiment of the present invention, the public product management platform is demonstrate,proved using the SSL that trusted root certificate mechanism issues
Book.
In an embodiment of the present invention, public product management platform provides new user's registration function.
Public product management platform product is research staff in certain network(Such as internet)It builds and safeguards a tool
There are fixed IP or the public Product Management Platform of domain name(Such as a data center or website)And use trusted root certificate machine
Structure(Such as VeriSign, GlobalSign)The SSL certificate issued.
The present invention improves the client that each user individually disposes in existing framework or privately owned management of product website
The same public product management platform is all shared for all users(Such as a data center or website).The public administration platform
With fixed IP or domain name.The public administration platform can issue product strategy automatically.The public administration platform can be each user
It is mutually isolated.The public administration platform can store each consumer products configuration.New user can be registered on the platform, phase between user
Mutually isolation, and configuration of each user to respective product on this public administration platform is automatically stored.
Referring to Fig. 3, a kind of file tamper resistant systems architectural configurations schematic diagram of one embodiment of the invention.It is real in the present invention one
It applies in example, service of goods end passes through communication channel with public product management platform(Such as internet)Communication is established, to carry out
Data interaction.Public administration platform can be by all users by certain communication channel(Such as internet)Pass through client(Than
Such as browser or APP or management software)It logs in, then user can manage respective file tamper resistant systems(Such as to respective
File tamper resistant systems carry out tactful editor and issue, daily record is checked, status inquiry etc.).
In an embodiment of the present invention, user can with service of goods end consolidated network can not also in consolidated network,
When in consolidated network, subscription client is led to service of goods end by same router and public product management platform
News.It is logged in after the public product management platform to respective by other communication channels when user leaves corresponding user network
File tamper resistant systems be managed, check.
In an embodiment of the present invention, the public product management platform is built and is safeguarded by related research staff.
The above are preferred embodiments of the present invention, all any changes made according to the technical solution of the present invention, and generated function is made
When with range without departing from technical solution of the present invention, all belong to the scope of protection of the present invention.
Claims (8)
1. a kind of file tamper resistant systems framework, it is characterised in that:It is flat including user, service of goods end and public product management
Platform;
Service of goods end is the file tamper resistant systems mounted on the host that need to be protected;
Public product management platform is data center or the website with fixed IP or domain name built and safeguarded in certain network;
All users share mutually isolated between same public product management platform and user;
User logs in after the public product management platform by communication channel to the anti-tamper system of corresponding file on the client
System is operated;It is anti-to respective file on this public administration platform that each user is automatically stored in the public product management platform
Distort the configuration of system;Service of goods end is established by communication channel with public product management platform and is communicated, to carry out data
Interaction;The file tamper resistant systems configuration of storage is handed down to corresponding service of goods by the public product management platform automatically
End.
2. file tamper resistant systems framework according to claim 1, it is characterised in that:Public product management platform is for connecing
Information when receiving the various operations that each service of goods end uploads, the operation of service of goods end are put down when alarming by public product management
In warning message unified generation automatically, is issued corresponding user by platform.
3. file tamper resistant systems framework according to claim 2, it is characterised in that:Public product management platform passes through short
In warning message unified generation automatically, is issued corresponding user by letter or mail.
4. file tamper resistant systems framework according to claim 1, it is characterised in that:When user and service of goods end do not exist
When consolidated network, by other communication channels log in after the public product management platform to respective file tamper resistant systems into
Row management is checked.
5. file tamper resistant systems framework according to claim 1, it is characterised in that:Client includes browser or APP
Or management software.
6. file tamper resistant systems framework according to claim 1, it is characterised in that:The public product management platform by
Related research staff builds and safeguards.
7. file tamper resistant systems framework according to claim 1, it is characterised in that:The public product management platform makes
The SSL certificate issued with trusted root certificate mechanism.
8. file tamper resistant systems framework according to claim 1, it is characterised in that:Public product management platform provides new
User's registration function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810189549.8A CN108460275A (en) | 2018-03-08 | 2018-03-08 | A kind of file tamper resistant systems framework |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810189549.8A CN108460275A (en) | 2018-03-08 | 2018-03-08 | A kind of file tamper resistant systems framework |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108460275A true CN108460275A (en) | 2018-08-28 |
Family
ID=63217368
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810189549.8A Pending CN108460275A (en) | 2018-03-08 | 2018-03-08 | A kind of file tamper resistant systems framework |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108460275A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6289462B1 (en) * | 1998-09-28 | 2001-09-11 | Argus Systems Group, Inc. | Trusted compartmentalized computer operating system |
| CN101061454A (en) * | 2004-04-15 | 2007-10-24 | 清晰路径网络股份有限公司 | Systems and methods for managing a network |
| CN105429808A (en) * | 2015-12-31 | 2016-03-23 | 公安部第三研究所 | Trusted computing-based dynamic management service system and method |
| CN107038392A (en) * | 2017-04-28 | 2017-08-11 | 郑州云海信息技术有限公司 | A kind of method of client integrity detection |
| CN107437037A (en) * | 2017-07-31 | 2017-12-05 | 郑州云海信息技术有限公司 | A kind of method that information leakage protection is realized based on fail-safe software |
-
2018
- 2018-03-08 CN CN201810189549.8A patent/CN108460275A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6289462B1 (en) * | 1998-09-28 | 2001-09-11 | Argus Systems Group, Inc. | Trusted compartmentalized computer operating system |
| CN101061454A (en) * | 2004-04-15 | 2007-10-24 | 清晰路径网络股份有限公司 | Systems and methods for managing a network |
| CN105429808A (en) * | 2015-12-31 | 2016-03-23 | 公安部第三研究所 | Trusted computing-based dynamic management service system and method |
| CN107038392A (en) * | 2017-04-28 | 2017-08-11 | 郑州云海信息技术有限公司 | A kind of method of client integrity detection |
| CN107437037A (en) * | 2017-07-31 | 2017-12-05 | 郑州云海信息技术有限公司 | A kind of method that information leakage protection is realized based on fail-safe software |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109831327B (en) | IMS full-service network monitoring intelligent operation and maintenance support system based on big data analysis | |
| CN101582883B (en) | System and method for managing security of general network | |
| CN101061454B (en) | Systems and methods for managing a network | |
| US9338187B1 (en) | Modeling user working time using authentication events within an enterprise network | |
| CN103413083B (en) | Unit security protection system | |
| EP2866411A1 (en) | Method and system for detecting unauthorized access to and use of network resources with targeted analytics | |
| US20070192867A1 (en) | Security appliances | |
| EP3297248B1 (en) | System and method for generating rules for attack detection feedback system | |
| US20020078382A1 (en) | Scalable system for monitoring network system and components and methodology therefore | |
| US20030110392A1 (en) | Detecting intrusions | |
| CN105391687A (en) | System and method for supplying information security operation service to medium-sized and small enterprises | |
| DE60029643T2 (en) | Method and apparatus for using a virus-free file certificate | |
| CN105430000A (en) | Cloud computing security management system | |
| CN104753936A (en) | Opc security gateway system | |
| KR20090065267A (en) | Method and apparaus for analyzing web server log by intrusion detection method | |
| CN109587122B (en) | System and method for realizing self-guarantee of Web subsystem security based on WAF system function | |
| CN102333098A (en) | Implementation method for security private cloud system | |
| KR101233934B1 (en) | Integrated Intelligent Security Management System and Method | |
| CN101656632A (en) | Virus monitoring method and virus monitoring device in large network | |
| CN109039752B (en) | Unified gateway-based SOA architecture system management method | |
| CN112329054A (en) | Method, device, equipment and storage medium for improving software permission | |
| CN108460275A (en) | A kind of file tamper resistant systems framework | |
| JP6933320B2 (en) | Cybersecurity framework box | |
| CN114745203A (en) | Method and device for monitoring full life cycle of user account | |
| US20230300141A1 (en) | Network security management method and computer device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180828 |
|
| RJ01 | Rejection of invention patent application after publication |