CN109145536A - A kind of webpage integrity assurance and device - Google Patents
A kind of webpage integrity assurance and device Download PDFInfo
- Publication number
- CN109145536A CN109145536A CN201710465752.9A CN201710465752A CN109145536A CN 109145536 A CN109145536 A CN 109145536A CN 201710465752 A CN201710465752 A CN 201710465752A CN 109145536 A CN109145536 A CN 109145536A
- Authority
- CN
- China
- Prior art keywords
- file
- operation requests
- webpage
- target webpage
- requests
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 claims description 44
- 238000012544 monitoring process Methods 0.000 claims description 22
- 230000008859 change Effects 0.000 claims description 8
- 230000006870 function Effects 0.000 description 36
- 230000008569 process Effects 0.000 description 15
- 238000010586 diagram Methods 0.000 description 8
- 230000004048 modification Effects 0.000 description 6
- 238000012986 modification Methods 0.000 description 6
- 230000006399 behavior Effects 0.000 description 5
- 238000001514 detection method Methods 0.000 description 5
- 230000004044 response Effects 0.000 description 3
- 238000004422 calculation algorithm Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000002045 lasting effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000000903 blocking effect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/16—Program or content traceability, e.g. by watermarking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a kind of webpage integrity assurance and devices, which comprises receives the file operation requests for being directed to target webpage file;It monitors whether to access the corresponding operation table of the target webpage file;If it is, judging whether the file operation requests are webpage tamper operation requests;If so, refusing to respond the file operation requests.Using the embodiment of the present invention, the risk that can not restore after being tampered to avoid web page files.
Description
Technical field
The present invention relates to filed of network information security, in particular to a kind of webpage integrity assurance and device.
Background technique
There are three types of application layer webpage tamper-resistance techniques common at present: timing cycle scanning technique, digital watermark technology, thing
Part triggering technique.
Wherein, timing cycle scanning technique is by external mechanical according to time threshold set by user, to targeted website
It is polled access, whether detection web page files are consistent with the web page files backed up, if inconsistent, illustrate the web page files
It has been be tampered that, the web page files distorted have been restored with the web page files backed up.
Digital watermark technology is that integrity checking is carried out when webpage is browsed, by comparing accessed web page files therewith
The watermark of the web page files of preceding backup prevents the web page files being tampered from being shown to judge whether accessed file is tampered
User, and the web page files distorted are restored with the web page files backed up.
Event triggering technique is monitored by catalogue of the User space program to protection, if catalogue is modified, monitoring
Program will obtain system notification event, then judge whether it is tampering according to relevant configuration strategy, if it is tampering,
Then it is restored.
Above-mentioned three kinds of tamper resistant methods are all to be restored again after web page files are tampered, but if be tampered
Web page files are maliciously kidnapped, and the risk that can not restore may be generated.
Summary of the invention
The embodiment of the present invention is designed to provide a kind of webpage integrity assurance and device, is usurped to avoid web page files
The risk that can not restore after changing.
In order to achieve the above objectives, the embodiment of the invention discloses a kind of webpage integrity assurance, the method includes the steps:
Receive the file operation requests for being directed to target webpage file;
It monitors whether to access the corresponding operation table of the target webpage file;
If it is, judging whether the file operation requests are webpage tamper operation requests;
If so, refusing to respond the file operation requests.
Optionally, the operation table is that index node operates table and/or file operation table.
It is optionally, described to judge whether the file operation requests are webpage tamper operation requests, comprising:
By operating table and/or the corresponding kernel file handling function setting hook of file operation table to the index node
The mode of function detects whether the file operation requests are webpage tamper operation requests.
Optionally, the method also includes:
When judging the file operation requests not is webpage tamper operation requests, the file operation requests are responded.
Optionally, it is described judge whether the file operation requests are webpage tamper operation requests before, further includes:
According to the corresponding configuration strategy of the target webpage file, the corresponding configuration text of the target webpage file is generated
Part.
It is optionally, described to judge whether the file operation requests are webpage tamper operation requests, comprising:
Obtain the corresponding configuration file of the target webpage file;
According to the configuration strategy in the configuration file, judge whether the file operation requests are that webpage tamper operation is asked
It asks.
Optionally, it is described refuse to respond the file operation requests after, further includes:
According to the file operation requests, operation log is distorted in generation.
In order to achieve the above objectives, the embodiment of the invention also discloses a kind of webpage tamper resistant device, described device includes:
Receiving module, for receiving the file operation requests for being directed to target webpage file;
Monitoring modular accesses the corresponding operation table of the target webpage file for monitoring whether;
Judgment module is used in monitoring module monitors operation table corresponding to the access target webpage file,
Judge whether the file operation requests are webpage tamper operation requests;
Refuse module, for judging that the file operation requests are webpage tamper operation requests in the judgment module
When, refuse to respond the file operation requests.
Optionally, the operation table is that index node operates table and/or file operation table.
Optionally, the judgment module, is specifically used for:
By operating table and/or the corresponding kernel file handling function setting hook of file operation table to the index node
The mode of function detects whether the file operation requests are webpage tamper operation requests.
Optionally, described device further include:
Respond module is webpage tamper operation requests for judging the file operation requests not in the judgment module
When, respond the file operation requests.
Optionally, described device further include:
First generation module, for judging whether the file operation requests are webpage tamper operation in the judgment module
Before request, according to the corresponding configuration strategy of the target webpage file, the corresponding configuration text of the target webpage file is generated
Part.
Optionally, the judgment module, comprising:
Submodule is obtained, for obtaining the corresponding configuration file of the target webpage file;
Judging submodule, for whether judging the file operation requests according to the configuration strategy in the configuration file
For webpage tamper operation requests.
Optionally, described device further include:
Second generation module, for after the refusal module refuses to respond the file operation requests, according to described
Operation log is distorted in file operation requests, generation.
As seen from the above, scheme provided by the embodiment of the present invention is receiving the file operation for being directed to target webpage file
After request, if monitoring to access the corresponding operation table of the target webpage file, judge whether this document operation requests are that webpage is usurped
Change operation requests, if so, refusing to respond this document operation requests.Compared with prior art, side provided in an embodiment of the present invention
In case, due to monitoring that accessing the target webpage file corresponds to before responding the file operation for target webpage file
Operation table when, need whether to be that malice is distorted request and judged to this document operation requests, when determining that this document operation asks
Seeking Truth malice refuses to respond this document operation requests when distorting request, that is to say, that and target webpage file will not be maliciously tampered,
The risk that can not restore after being tampered so as to avoid web page files.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is the first flow diagram of webpage integrity assurance provided in an embodiment of the present invention;
Fig. 2 is second of flow diagram of webpage integrity assurance provided in an embodiment of the present invention;
Fig. 3 is the first flow diagram of webpage tamper resistant device provided in an embodiment of the present invention;
Fig. 4 is second of flow diagram of webpage tamper resistant device provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
It should be noted that webpage integrity assurance provided in an embodiment of the present invention can be applied to linux system, it is related to
To the Virtual File System (Virtual File System, VFS) of linux system, a distinguishing feature of Virtual File System
It is to support the access of a variety of file system, such as ext3, nfs.Wherein, the data structure in VFS include index node object and
File object, the corresponding index node object of a file, due to opening simultaneously and operating one there may be multiple processes
The case where file, therefore a file may correspond to multiple file objects.And the corresponding index of each index node object
Nodal operation table, the corresponding file operation table of each file object, accordingly, it can be said that the corresponding index section of a file
Point operation table, may correspond to multiple file operation tables.
Certainly, webpage integrity assurance provided in an embodiment of the present invention can also be applied to other similar above system
System, the application are not defined the specific application environment of webpage integrity assurance provided in an embodiment of the present invention.The application
It is illustrated by taking (SuSE) Linux OS as an example.
The index node object of one file can be understood as a pointer, be directed toward this document specifically depositing in disk partition
Storage space is set, and when carrying out system calling, the information that index node object stores is called in memory, and be filled into index node
It operates in table, each member in the operation table is function pointer, is directed toward the realization function of modification attribute.Here realization letter
Number is also referred to as kernel file handling function.
File object is the expression of the file opened in memory, is mainly used for establishing the file in process and disk
Corresponding relationship.The relevant operational set composing document of file object operates table, and each member in the operation table is that function refers to
Needle is directed toward some specific operation and realizes function, as write member is directed toward the realization function of file write operations.Here reality
Existing function is also referred to as kernel file handling function.
There are two types of runlevel, respectively kernel state and User space, kernel state program is program in (SuSE) Linux OS
The program of kernel spacing is operated in, User space program is to operate in the program of user's space.
When a task or process are when executing the code of user oneself, it is claimed to be in user's run mode (User space), this
When processor run in the minimum personal code work of privilege level, i.e., the task or process operate in user's space.Appoint when one
Business or process execute system and call and enter in kernel code when executing, then claim task or process be in kernel run mode (or simple
Referred to as kernel state), processor is in the highest kernel code of privilege level and executes at this time, i.e., the task or process operate in interior
Nuclear space.
Webpage integrity assurance in the prior art is realized by operating in the program of User space, as timing cycle is swept
Technology, digital watermark technology, event triggering technique are retouched, is restored again after detecting that web page files are modified, it may
Web page files are caused maliciously to be kidnapped the risk that can not restore.And webpage integrity assurance provided in an embodiment of the present invention by
Kernel state carries out security protection to web page files, avoids User space program and is easy the risk maliciously stopped, to web page files
The defence for distorting operation, has evaded the influence of watermarking algorithm performance caused by server, and the defence of real-time blocking formula is not responding to malice
Operation requests avoid the risk that can not restore after web page files are tampered.
Specifically, timing cycle scanning technique passes through external mechanical according to time threshold set by user, to target network
Station is polled the mode of access, be affected to targeted website, low efficiency and covering surface it is smaller, the main object that covers is pure quiet
State website.And scheme provided by the embodiment of the present invention is blocked before distorting operation requests response, and it is high-efficient, to net
Standing, it is small to influence, and the characteristic of a variety of file system accesses is supported since Virtual File System in linux system is utilized, covers object
It is more.
Digital watermark technology is adopted using Web server kernel inside technology as the kernel inside module of web server
Integrity checking is carried out when webpage is browsed with the form of web server access triggers.Using watermark contrast module as plug-in unit
It is inserted into different web servers, by the comparison to accessed file watermark, realizes the protection to webpage, it is main to protect
Object is static file and script.The major defect of the technology has: (1) digital watermarking is calculated to server access performance and resource
Occupancy has certain influence;(2) real-time response is carried out not when file is tampered;(3) need to increase independent publication when disposing
Server;(4) software module relies on web container, need to develop different modules for different web containers;(5) watermarking algorithm is deposited
In insecurity;(6) when facing lasting modification, it not can guarantee webpage and be not tampered.And scheme provided by the embodiment of the present invention
It carries out detecting whether the operation requests are to distort request before operation requests response, does not need to carry out website in additional portion
Administration, refuses to respond before file is tampered and distorts operation, it is ensured that file is not tampered, and safety is higher, to server
Performance influences smaller.
Event triggering technique is monitored by catalogue of the User space program to protection, if catalogue is modified, monitoring
Program will obtain system notification event, then malice tampering be judged whether it is according to configuration strategy, if it is malicious modification
Behavior then restores it, and main protected object is static file and script.The major defect of the technology are as follows: (1) User space
There is the risk maliciously terminated in program, be difficult to evade;(2) user carries out the lasting modification of high speed to web page files, it would be possible to lead
The case where causing file that can not restore;(3) after user modifies to web page files, file handle is kidnapped immediately, will lead to file
The case where can not restoring.And scheme provided by the embodiment of the present invention, file is protected in kernel state, avoids User space
There is the risk maliciously terminated in program, blocked before distorting operation and executing, avoiding can not be extensive after file is tampered
Multiple risk.
To solve prior art problem, the embodiment of the invention provides a kind of webpage integrity assurance and devices.Lower kept man of a noblewoman
A kind of webpage integrity assurance is first provided for the embodiments of the invention to be described in detail.
Fig. 1 is the first flow diagram of webpage integrity assurance provided in an embodiment of the present invention, and this method can wrap
It includes:
S101 receives the file operation requests for being directed to target webpage file.
Wherein, user can be reading file operation, operating writing-file, deletion file to the file operation of target webpage file
It operates or other is directed to the operation of web page files, may include: mark, the file of target webpage file in file operation requests
Information, certain the application such as the mark of operation, the user for executing file operation do not limit the letter for including in file operation requests
Breath, the mark of above-mentioned file operation reads file operation, operating writing-file for indicating this document operation, delete file operation or
Person other be directed to web page files operation.
It is understood that for linux system, when user carries out file operation to target webpage file, meeting
Triggering the documentary information event of linux kernel, i.e. linux kernel receives the file operation requests for the web page files,
That is this document operation enters kernel state from User space.
S102 monitors whether to access the corresponding operation table of the target webpage file;If it is, executing S103.
Specifically, aforesaid operations table can operate table and/or file operation table for index node.As seen from the above description,
In linux kernel state, each target webpage file is corresponding with index node operation table and file operation table.In kernel state pair
When target webpage file carries out file operation, require to access first the corresponding index node operation table of the target webpage file and
File operation table obtains this document according to the function pointer in above-mentioned table and operates corresponding realization function, carries out the realization function
Corresponding system is called, and the file operation to target webpage file is completed.
S103 judges whether this document operation requests are webpage tamper operation requests;If so, executing S104.
In practical application, when monitoring to access the corresponding index node operation table of the target webpage file and/or file behaviour
When making table, need to judge whether this document operation requests are webpage tamper operation requests.
It in one implementation, can be by corresponding interior to above-mentioned index node operation table and/or file operation table
The mode of hooking function is arranged in core file manipulation function, and whether detection this document operation requests are webpage tamper operation requests.Tool
Body, the parameter in table and/or file operation table is operated by modification index node, operates table and/or file in index node
It operates table corresponding kernel file handling function and hooking function is set.
Hooking function is pre-set detection function according to the corresponding configuration strategy of target webpage file, is used for basis
The corresponding configuration strategy of target webpage file judges whether file operation requests are webpage tamper operation requests.Specifically, configuration
Strategy can be the access authority of target webpage file, indicate to allow or specific permission is forbidden to access file.If this document is grasped
It is consistent with the access authority in configuration strategy to make request, indicates that this document operation requests are not webpage tamper operation requests;If should
File operation requests and the access authority in configuration strategy are inconsistent, indicate that this document operation requests are that webpage tamper operation is asked
It asks.
For example, the configuration strategy of web page files A is that user A is forbidden to carry out write operation, i.e. user A does not write this document A
The permission of operation, and other users have the permission of write operation to this document A;So, when receiving user A to web page files A
Write operation requests after, hooking function judges that this document operation requests are usurped for webpage according to the configuration strategy of web page files A
Change operation requests;After receiving write operation requests of the user B to web page files A, according to the configuration strategy of web page files A,
It is webpage tamper operation requests that hooking function, which judges this document operation requests not,.
It should be noted that in the application, it can be individually corresponding in the corresponding index node operation table of target webpage file
Kernel file handling function be arranged hooking function, individually the corresponding kernel file handling function of file operation table can also be set
Hooking function is set, since each target webpage file may correspond to multiple file operation tables, it is therefore desirable to each file
Hooking function is all arranged in the corresponding kernel file handling function of operation table.It, can also be simultaneously in a kind of preferable embodiment
Table is operated to index node and hooking function is arranged in the corresponding kernel file handling function of index node operation table, it is more preferable to realize
Protection effect.
S104 refuses to respond this document operation requests.
When judging this document operation requests is webpage tamper operation requests, in order to guarantee the peace of target webpage file
Entirely, it needs to refuse to respond this document operation requests.
When judging this document operation requests not is webpage tamper operation requests, it should also respond this document operation and ask
It asks, to guarantee that the file operation for target webpage file is normally carried out.
Further, due to judging that this document operation requests are webpage tamper operation requests, in order to track webpage tamper
Operation, can also be according to this document after refusing to respond this document operation requests convenient for analyzing to distorting operation behavior
Operation log is distorted in operation requests, generation.
It can be with specifically, distorting the information for including in operation log are as follows: the mark for distorting operation, carries out at the file distorted
The IP address distorted distorts the time etc., and the application is not defined to distorting the information for including in operation log.
As seen from the above, scheme provided by the embodiment of the present invention is receiving the file operation for being directed to target webpage file
After request, if monitoring to access the corresponding operation table of the target webpage file, judge whether this document operation requests are that webpage is usurped
Change operation requests, if so, refusing to respond this document operation requests.Compared with prior art, side provided in an embodiment of the present invention
In case, due to monitoring that accessing the target webpage file corresponds to before responding the file operation for target webpage file
Operation table when, need whether to be that malice is distorted request and judged to this document operation requests, when determining that this document operation asks
Seeking Truth malice refuses to respond this document operation requests when distorting request, that is to say, that and target webpage file will not be maliciously tampered,
The risk that can not restore after being tampered so as to avoid web page files.
It should be noted that the access authority in the corresponding configuration strategy of target webpage file can be from file operation class
The various aspects such as type, user, process are configured.It in one particular embodiment of the present invention, can be according to the web page files
Configuration strategy generates corresponding configuration file and is judging file operation in order to which system flexibly sets or modify configuration strategy
When whether request is webpage tamper operation requests, after the configuration strategy in the configuration file is read by hooking function, according to configuration
Strategy is judged.
In a kind of specific implementation of the application, receive for target webpage file file operation requests it
Before, the corresponding configuration file of target webpage file can be generated first according to the corresponding configuration strategy of target webpage file.In reality
In, as long as it is corresponding to generate target webpage file before judging whether file operation requests be webpage tamper operation requests
Configuration file, be all it is reasonable, the application does not limit this.
Based on above-mentioned specific implementation, referring to fig. 2, second of flow diagram of webpage integrity assurance is provided,
Compared with embodiment illustrated in fig. 1, in the present embodiment, judge whether this document operation requests are webpage tamper operation in step S103
Before request, can also include:
S105 generates the corresponding configuration text of the target webpage file according to the corresponding configuration strategy of target webpage file
Part.
It, can be multi-party from file operation type, user, process etc. to the configuration strategy of target webpage file in practical application
The access authority in face is configured.For example, user A forbids carrying out file operation type A's to target webpage file in process A
File operation, user B allow to carry out target webpage file in process A the file operation, etc. of file operation type A.
Correspondingly, above-mentioned steps S103, judges whether file operation requests are webpage tamper operation requests, may include:
S1031 obtains the corresponding configuration file of target webpage file.
S1032 judges whether this document operation requests are webpage tamper operation according to the configuration strategy in the configuration file
Request.
Specifically, judging whether this document operation requests are webpage tamper behaviour according to the configuration strategy in the configuration file
When requesting, judge whether above-mentioned file operation requests match with above-mentioned configuration strategy, if matching, can be determined that this document
Operation requests are webpage tamper operation requests, if mismatching, can be determined that this document operation requests not is webpage tamper operation
Request.
For example, configuration strategy can be the access authority of target webpage file, indicates to allow or specific permission is forbidden to visit
Ask file.If this document operation requests are consistent with the access authority in configuration strategy, indicate that this document operation requests are not webpages
Distort operation requests;If this document operation requests and the access authority in configuration strategy are inconsistent, this document operation requests are indicated
For webpage tamper operation requests.
Above-mentioned configuration strategy can also be other content, but deterministic process is similar with above situation, here no longer one by one
It enumerates.
By foregoing description it is recognised that by hooking function according to the corresponding configuration strategy detection file behaviour of target webpage file
Request whether to be webpage tamper operation requests.In the present embodiment, hooking function obtains that target webpage file is corresponding to match first
File is set, the configuration strategy in the configuration file is read, protection detection is carried out according to configuration strategy, whether judges this document request
For webpage tamper operation requests.
As seen from the above, scheme provided by the embodiment of the present invention is receiving the file operation for being directed to target webpage file
After request, if monitoring to access the corresponding operation table of the target webpage file, judge whether this document operation requests are that webpage is usurped
Change operation requests, if so, refusing to respond this document operation requests.Compared with prior art, side provided in an embodiment of the present invention
In case, due to monitoring that accessing the target webpage file corresponds to before responding the file operation for target webpage file
Operation table when, need whether to be that malice is distorted request and judged to this document operation requests, when determining that this document operation asks
Seeking Truth malice refuses to respond this document operation requests when distorting request, that is to say, that and target webpage file will not be maliciously tampered,
The risk that can not restore after being tampered so as to avoid web page files;Further, according to the configuration strategy of target webpage file
Corresponding configuration file is generated, configuration strategy is flexibly set or modified convenient for system.
Corresponding to above method embodiment, the embodiment of the invention also provides a kind of webpage tamper resistant devices.
Corresponding with embodiment of the method shown in FIG. 1, Fig. 3 is the of webpage tamper resistant device provided in an embodiment of the present invention
A kind of structural schematic diagram, the apparatus may include: receiving module 301, monitoring modular 302, judgment module 303 refuse module
304, in which:
Receiving module 301, for receiving the file operation requests for being directed to target webpage file;
Monitoring modular 302 accesses the corresponding operation table of the target webpage file for monitoring whether;
Judgment module 303 accesses the corresponding operation of the target webpage file for monitoring in the monitoring modular 302
When table, judge whether the file operation requests are webpage tamper operation requests;
Refuse module 304, for judging that the file operation requests are webpage tamper operations in the judgment module 303
When request, the file operation requests are refused to respond.
In practical applications, the operation table can operate table and/or file operation table for index node.
In practical applications, the judgment module 303, specifically can be used for:
By operating table and/or the corresponding kernel file handling function setting hook of file operation table to the index node
The mode of function detects whether the file operation requests are webpage tamper operation requests.
In practical applications, which can also include:
Respond module (not shown) is for judging the file operation requests not in the judgment module 303
When webpage tamper operation requests, the file operation requests are responded.
In practical applications, which can also include:
Second generation module (not shown) is asked for refusing to respond the file operation in the refusal module 304
After asking, according to the file operation requests, operation log is distorted in generation.
As seen from the above, scheme provided by the embodiment of the present invention is receiving the file operation for being directed to target webpage file
After request, if monitoring to access the corresponding operation table of the target webpage file, judge whether this document operation requests are that webpage is usurped
Change operation requests, if so, refusing to respond this document operation requests.Compared with prior art, side provided in an embodiment of the present invention
In case, due to monitoring that accessing the target webpage file corresponds to before responding the file operation for target webpage file
Operation table when, need whether to be that malice is distorted request and judged to this document operation requests, when determining that this document operation asks
Seeking Truth malice refuses to respond this document operation requests when distorting request, that is to say, that and target webpage file will not be maliciously tampered,
The risk that can not restore after being tampered so as to avoid web page files.
Corresponding with embodiment of the method shown in Fig. 2, Fig. 4 is the of webpage tamper resistant device provided in an embodiment of the present invention
Two kinds of structural schematic diagrams, compared with embodiment illustrated in fig. 3, in the present embodiment, which can also include: first
Generation module 305, in which:
First generation module 305, for judging whether the file operation requests are that webpage is usurped in the judgment module 303
Before changing operation requests, according to the corresponding configuration strategy of the target webpage file, it is corresponding to generate the target webpage file
Configuration file.
Correspondingly, the judgment module 303, may include: to obtain submodule 3031, judging submodule 3032, in which:
Submodule 3031 is obtained, for obtaining the corresponding configuration file of the target webpage file;
Judging submodule 3032, for judging the file operation requests according to the configuration strategy in the configuration file
It whether is webpage tamper operation requests.
As seen from the above, scheme provided by the embodiment of the present invention is receiving the file operation for being directed to target webpage file
After request, if monitoring to access the corresponding operation table of the target webpage file, judge whether this document operation requests are that webpage is usurped
Change operation requests, if so, refusing to respond this document operation requests.Compared with prior art, side provided in an embodiment of the present invention
In case, due to monitoring that accessing the target webpage file corresponds to before responding the file operation for target webpage file
Operation table when, need whether to be that malice is distorted request and judged to this document operation requests, when determining that this document operation asks
Seeking Truth malice refuses to respond this document operation requests when distorting request, that is to say, that and target webpage file will not be maliciously tampered,
The risk that can not restore after being tampered so as to avoid web page files;Further, according to the configuration strategy of target webpage file
Corresponding configuration file is generated, configuration strategy is flexibly set or modified convenient for system.
It should be noted that, in this document, relational terms such as first and second and the like are used merely to a reality
Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation
In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to
Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those
Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment
Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that
There is also other identical elements in process, method, article or equipment including the element.
Each embodiment in this specification is all made of relevant mode and describes, same and similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for device reality
For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method
Part explanation.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.It is all
Any modification, equivalent replacement, improvement and so within the spirit and principles in the present invention, are all contained in protection scope of the present invention
It is interior.
Claims (14)
1. a kind of webpage integrity assurance, which is characterized in that the method includes the steps:
Receive the file operation requests for being directed to target webpage file;
It monitors whether to access the corresponding operation table of the target webpage file;
If it is, judging whether the file operation requests are webpage tamper operation requests;
If so, refusing to respond the file operation requests.
2. the method according to claim 1, wherein the operation table is that index node operates table and/or file
Operate table.
3. according to the method described in claim 2, it is characterized in that, described judge whether the file operation requests are that webpage is usurped
Change operation requests, comprising:
By operating table and/or the corresponding kernel file handling function setting hooking function of file operation table to the index node
Mode, detect whether the file operation requests are webpage tamper operation requests.
4. the method according to claim 1, wherein the method also includes:
When judging the file operation requests not is webpage tamper operation requests, the file operation requests are responded.
5. the method according to claim 1, wherein judging whether the file operation requests are webpage described
Before distorting operation requests, further includes:
According to the corresponding configuration strategy of the target webpage file, the corresponding configuration file of the target webpage file is generated.
6. according to the method described in claim 5, it is characterized in that, described judge whether the file operation requests are that webpage is usurped
Change operation requests, comprising:
Obtain the corresponding configuration file of the target webpage file;
According to the configuration strategy in the configuration file, judge whether the file operation requests are webpage tamper operation requests.
7. the method according to claim 1, wherein it is described refuse to respond the file operation requests after,
Further include:
According to the file operation requests, operation log is distorted in generation.
8. a kind of webpage tamper resistant device, which is characterized in that described device includes:
Receiving module, for receiving the file operation requests for being directed to target webpage file;
Monitoring modular accesses the corresponding operation table of the target webpage file for monitoring whether;
Judgment module, for judging in monitoring module monitors operation table corresponding to the access target webpage file
Whether the file operation requests are webpage tamper operation requests;
Refuse module, for refusing when the judgment module judges that the file operation requests are webpage tamper operation requests
Lost art answers the file operation requests.
9. device according to claim 8, which is characterized in that the operation table is that index node operates table and/or file
Operate table.
10. device according to claim 9, which is characterized in that the judgment module is specifically used for:
By operating table and/or the corresponding kernel file handling function setting hooking function of file operation table to the index node
Mode, detect whether the file operation requests are webpage tamper operation requests.
11. device according to claim 8, which is characterized in that described device further include:
Respond module, for when it is webpage tamper operation requests that the judgment module, which judges the file operation requests not,
Respond the file operation requests.
12. device according to claim 8, which is characterized in that described device further include:
First generation module, for judging whether the file operation requests are webpage tamper operation requests in the judgment module
Before, according to the corresponding configuration strategy of the target webpage file, the corresponding configuration file of the target webpage file is generated.
13. device according to claim 12, which is characterized in that the judgment module, comprising:
Submodule is obtained, for obtaining the corresponding configuration file of the target webpage file;
Judging submodule, for judging whether the file operation requests are net according to the configuration strategy in the configuration file
Page distorts operation requests.
14. device according to claim 8, which is characterized in that described device further include:
Second generation module, for after the refusal module refuses to respond the file operation requests, according to the file
Operation log is distorted in operation requests, generation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710465752.9A CN109145536B (en) | 2017-06-19 | 2017-06-19 | Webpage tamper-proofing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710465752.9A CN109145536B (en) | 2017-06-19 | 2017-06-19 | Webpage tamper-proofing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109145536A true CN109145536A (en) | 2019-01-04 |
| CN109145536B CN109145536B (en) | 2021-03-26 |
Family
ID=64804399
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710465752.9A Active CN109145536B (en) | 2017-06-19 | 2017-06-19 | Webpage tamper-proofing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109145536B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110022305A (en) * | 2019-03-07 | 2019-07-16 | 北京华安普特网络科技有限公司 | Web portal security guard system and method |
| CN110765453A (en) * | 2019-09-27 | 2020-02-07 | 山东高速信联科技有限公司 | Tamper-proof method and system for ETC online recharging service |
| CN112052423A (en) * | 2020-10-10 | 2020-12-08 | 杭州安恒信息安全技术有限公司 | Data tamper-proof method, system and related device |
| CN112187787A (en) * | 2020-09-27 | 2021-01-05 | 广州瀚信通信科技股份有限公司 | Digital marketing advertisement page tamper-proof method, device and equipment based on knowledge graph |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103324885A (en) * | 2013-06-19 | 2013-09-25 | 山东中创软件商用中间件股份有限公司 | Method and system for protecting kernel-level file |
| CN104766009A (en) * | 2015-03-18 | 2015-07-08 | 杭州安恒信息技术有限公司 | System for preventing webpage document tampering based on operating system bottom layer |
| CN104778423A (en) * | 2015-04-28 | 2015-07-15 | 福建六壬网安股份有限公司 | Webpage tamper-resistant method based on file-driven watermark comparison |
| CN105550599A (en) * | 2015-12-29 | 2016-05-04 | 山东中创软件商用中间件股份有限公司 | Linux virtual file system-based tamper-proof method and system |
-
2017
- 2017-06-19 CN CN201710465752.9A patent/CN109145536B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103324885A (en) * | 2013-06-19 | 2013-09-25 | 山东中创软件商用中间件股份有限公司 | Method and system for protecting kernel-level file |
| CN104766009A (en) * | 2015-03-18 | 2015-07-08 | 杭州安恒信息技术有限公司 | System for preventing webpage document tampering based on operating system bottom layer |
| CN104778423A (en) * | 2015-04-28 | 2015-07-15 | 福建六壬网安股份有限公司 | Webpage tamper-resistant method based on file-driven watermark comparison |
| CN105550599A (en) * | 2015-12-29 | 2016-05-04 | 山东中创软件商用中间件股份有限公司 | Linux virtual file system-based tamper-proof method and system |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110022305A (en) * | 2019-03-07 | 2019-07-16 | 北京华安普特网络科技有限公司 | Web portal security guard system and method |
| CN110765453A (en) * | 2019-09-27 | 2020-02-07 | 山东高速信联科技有限公司 | Tamper-proof method and system for ETC online recharging service |
| CN112187787A (en) * | 2020-09-27 | 2021-01-05 | 广州瀚信通信科技股份有限公司 | Digital marketing advertisement page tamper-proof method, device and equipment based on knowledge graph |
| CN112187787B (en) * | 2020-09-27 | 2023-10-10 | 广州瀚信通信科技股份有限公司 | Digital marketing advertisement page tamper-proof method, device and equipment based on knowledge graph |
| CN112052423A (en) * | 2020-10-10 | 2020-12-08 | 杭州安恒信息安全技术有限公司 | Data tamper-proof method, system and related device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109145536B (en) | 2021-03-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113489713B (en) | Network attack detection method, device, equipment and storage medium | |
| US10491621B2 (en) | Website security tracking across a network | |
| EP3533199B1 (en) | Detection of fraudulent account usage in distributed computing systems | |
| CN109145536A (en) | A kind of webpage integrity assurance and device | |
| WO2014103115A1 (en) | Illicit intrusion sensing device, illicit intrusion sensing method, illicit intrusion sensing program, and recording medium | |
| US10587652B2 (en) | Generating false data for suspicious users | |
| CN108769070A (en) | One kind is gone beyond one's commission leak detection method and device | |
| Lee et al. | Protecting data on android platform against privilege escalation attack | |
| CN105049445A (en) | Access control method and stand-alone access controller | |
| CN112580066B (en) | Data protection method and device | |
| Raju et al. | SNAPS: Towards building snapshot based provenance system for virtual machines in the cloud environment | |
| CN114722432A (en) | Access control method and device for Linux file system | |
| US11144656B1 (en) | Systems and methods for protection of storage systems using decoy data | |
| CN105183799B (en) | Authority management method and client | |
| Kaczmarek et al. | Operating system security by integrity checking and recovery using write‐protected storage | |
| CN116185785A (en) | Early warning method and device for file abnormal change | |
| CN116048554A (en) | Container mirror image security scanning method and device, electronic equipment and storage medium | |
| CN111241547A (en) | Detection method, device and system for unauthorized vulnerability | |
| Park et al. | An enhanced security framework for reliable Android operating system | |
| CN114268481A (en) | Method, device, equipment and medium for processing illegal external connection information of intranet terminal | |
| Abdullah et al. | File integrity monitor scheduling based on file security level classification | |
| Sykosch et al. | Hunting observable objects for indication of compromise | |
| CN106372510B (en) | A kind of monitoring method and device of operation information | |
| KR20140108779A (en) | Apparatus and method for secure cloud system using dummy authentification key | |
| KR102309695B1 (en) | File-based deception technology for thwarting malicious users |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |