CN109376557B - Information security management system - Google Patents

Information security management system Download PDF

Info

Publication number
CN109376557B
CN109376557B CN201811202991.6A CN201811202991A CN109376557B CN 109376557 B CN109376557 B CN 109376557B CN 201811202991 A CN201811202991 A CN 201811202991A CN 109376557 B CN109376557 B CN 109376557B
Authority
CN
China
Prior art keywords
application
module
management
security
release
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811202991.6A
Other languages
Chinese (zh)
Other versions
CN109376557A (en
Inventor
徐奎东
沈欢
潘宁
杨秋芬
张鹏
李志民
钟南
高扬
董辉
张凡
赵世杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WONDERS INFORMATION CO Ltd
Original Assignee
WONDERS INFORMATION CO Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WONDERS INFORMATION CO Ltd filed Critical WONDERS INFORMATION CO Ltd
Priority to CN201811202991.6A priority Critical patent/CN109376557B/en
Publication of CN109376557A publication Critical patent/CN109376557A/en
Application granted granted Critical
Publication of CN109376557B publication Critical patent/CN109376557B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to an information security management system, which comprises an application release module, an application release management center module, a server security agent module and an authorization management center, wherein the application release module is used for releasing a security agent; the system isolates a server operating system, application and an operating user to form a cloud information system security protection model, and the application can be controlled and issued on the server operating system in the operation isolation only through a mandatory access channel; the invention solves the defects that the prior art can not completely ensure the operation safety of the server, lacks universality, has release risks and subjective and objective operation risks in the system operation process, takes all-round consideration on the safety protection of an operation system and an application system on the premise of safety and reliability, converts the traditional information system operation management from an open type, subjective state to a closed type and controllable state, and greatly improves the safety of the system during the operation process while ensuring the operation and maintenance flexibility.

Description

Information security management system
Technical Field
The invention relates to the technical field of information system security management, in particular to an information security management system.
Background
The current trend of computer infrastructure architecture virtualization and cloud end has gradually become the mainstream. In some private cloud platforms, a large number of third-party application systems are running, and since each server may run a plurality of different application instances, and an application may also be deployed as a plurality of instances to a plurality of server nodes, once a security problem occurs in one server, the running of the plurality of applications will be affected, and similarly, if a security problem occurs in one application, more servers and other applications will be affected.
In order to ensure the security of the server and the credibility and the security of the application software running on the server, the following methods are mainly used at present:
1. a trusted secure computer. And based on a trusted base, namely a trusted security chip, a trusted security server mode is started from the bottommost layer of hardware. The method has good protection effect on the inner core of the computer operating system, hardware equipment resources and the like, but cannot be directly used for the trusted security judgment of an application software system. In addition, the trusted secure computer has matching requirements for hardware, an operating system and even a network environment, and cannot be directly applied to a general IT infrastructure environment.
2. And virus protection software. Based on features in the software binary code, pre-run scanning and in-run scanning are performed. The method has a good protection effect on some malicious operations with technical characteristics, such as malicious file deletion, system file modification, network attack and the like. However, since such systems run directly on top of the operating system and are easily shut down, once a maintenance manager becomes inattentive or simply trouble-free, the server may be installed with a large number of dangerous applications, threatening the security of the server resources and the resources within the entire network. In addition, the virus protection software cannot make a judgment on whether the business logic and rules of the application software are harmful, for example, a script for generating a database view is deployed, and the generated data does not need to be deleted, and similarly, a script for data backup may need to empty a part of data after backup. For these flexible and variable business processing rules, common software cannot cope with them at all.
3. Server resource proxy software. Between the server resource and the user operator, a control agent layer is formed, namely, the operator cannot directly control the server, but must access and control the server through an agent program. The method can effectively shield some malicious operations or potentially dangerous operations, and provides reliable protection for the application system running in the method. However, this method often has a problem that the software in the server is usually fixed as one or several programs, and is not allowed if other application system software is to be deployed and maintained.
The above-mentioned several ways all have some problems, which result in that the operation security and production needs of the server cannot be fully guaranteed, for example, either the complexity of the service logic cannot be coped with, or the constraint is lost because of lack of certain security effectiveness, or the protection range is not flexible enough, and the more general scene needs cannot be satisfied.
Chinese patent CN03138380.7 discloses a security chip and information security processing device and method based on the same, the invention is based on the security chip, the security chip verifies the integrity of the current bottom firmware, the bottom firmware verifies the integrity of the current operating system, the operating system verifies the integrity of the application module, and the security of the information of the application module is ensured. The invention has matching requirements for hardware, an operating system and even a network environment, and can not be directly applied to a general IT infrastructure environment.
Chinese patent CN107888609A discloses a computer network information security system, which intercepts conventional viruses by a virus protection system, and reduces the number of times that a computer is attacked, wherein the virus protection system is antivirus software, which runs directly on an operating system and is easily closed, once the antivirus software is closed inadvertently, a large amount of dangerous applications may be installed on a server, and the security of server resources and internal resources of the whole network is threatened.
Traditional classical information system security theoretical models, such as RBAC (Role-Based Access Control model), ACL (Access Control List), TPM (Trusted Platform Module) and other Control theories and practice methods, are proposed for a specific security problem, or can be realized by completely changing the basic environment of the whole information system, and lack of generality. In addition, from a practical application perspective, the nature of information system security is not an isolated individual problem, but is associated with administrative costs, application environments. If a system needs to have high safety, the application scene of the system is bound certainly, and on the basis, the management cost of a user is increased inevitably and the use efficiency and the intention of the user are reduced if a wider application scene is met; in the balance between management cost and security risk, the traditional application issuing and operation maintenance management does not relate to multi-node cluster deployment, and even if misoperation or security problems occur, the range of influence is relatively limited, so that the issuing authentication of software and subsequent online operation operations cannot be bound into a special system to be executed in the traditional information system management process, and the issuing risk and the subjective and objective operation risk in the system operation process exist in the traditional information system management.
Disclosure of Invention
In order to overcome the defects in the prior art, the invention aims to provide a universal information security management system which does not need to additionally customize special hardware equipment support, has the functions of identity recognition, operation isolation and access control and realizes comprehensive security protection of a cloud system environment, and the technical scheme is as follows: the system comprises an application release module, an application release management center module and a server security agent module; the application publishing module comprises an application compression package, an identity authentication module and a compression package publishing module;
according to the system, a server operating system, applications and an operating user are isolated to form a cloud information system security protection model, the cloud information system security protection model comprises a security operation management mandatory access channel and a security authentication and release review mandatory access channel, an operator can control and release the application system on the server operating system in the operation isolation only through the mandatory access channel, and risks easily occurring in information system life cycle management are avoided.
Preferably, the application compression package comprises an application installation package and an application upgrade package, the identity authentication module is used for performing login identity authentication when an operator who issues the application logs in the application issuing module, and the compression package issuing module is used for issuing the application compression package to the application issuing management center module through an interface.
Preferably, the application release management center module comprises a vulnerability scanning module, a release review module, an application authorization management module and an application release management module;
the vulnerability scanning module is used for automatically scanning vulnerabilities of the application compressed package, analyzing risk vulnerabilities and potential safety hazards of the application and generating a risk report;
the release review module is used for reviewing the risk report by an expert and evaluating the installation process and the operation effect of the application;
the application authorization management module is used for carrying out signature authentication on the application compressed package to generate authorization file information;
the application release management module releases the application compression packet after signature authentication to the server security agent module through an interface;
the application authorization management module and the application release management module form a mandatory access channel for application release.
Preferably, the risks include hard risks and soft risks, and the hard risks include identity recognition, authority control, system vulnerabilities, code and business logic vulnerabilities; the software risks include a risk of illegal operation, a risk of erroneous operation, and a risk of malicious operation.
Preferably, the application compression package has a security verification attribute after passing the release evaluation in the application release management center module, the application compression package is provided with a signature key, and the application compression package is internally provided with authorization information; and the server security agent module performs security verification after downloading the application compressed package, wherein the security verification comprises integrity verification and signature key comparison.
Preferably, the server security agent module includes an operation security monitoring management module, a security monitoring management policy module, an application resource updating management module, an application integration management module, a resource configuration management module, a file system, a system customization kernel, and a hardware system resource management module.
Preferably, the security monitoring management policy module includes a policy in an application system running process, and the running security monitoring management module detects various exceptions and overflow events in the application system running process according to the security monitoring management policy module, so as to eliminate unpredictable dynamic hidden dangers in a review stage.
Preferably, the application resource update management module is configured to receive the application compression package issued by the application issuance management center module, download the application compression package, perform security verification on the application compression package, and directly delete the application compression package that cannot pass the verification.
The application integration management module manages the operation and maintenance operation of the application system, and an operator must perform authority authentication before performing the operation and maintenance operation on the application system and can operate after the authority authentication; the operation and maintenance operation comprises starting and stopping, running, updating and unloading;
the resource allocation management module is an interface for the server security agent module to perform human-computer interaction, an operator realizes the installation and maintenance of the hardware system resource management module and the application system through the resource allocation management module, and the operator realizes the installation, the upgrade and the daily maintenance of the application system through the resource allocation management module;
the application resource updating management module and the application integration management module form a mandatory access channel for operation and maintenance operation of an application system, and the resource allocation management module forms a mandatory access channel for other subjective operations;
the system customizing inner core is a Linux system customizing inner core.
Preferably, the server security agent module is arranged in an independent memory, and the memory is in a read-only mode; the memory is provided with a unique physical number, an authorization key of a symmetric encryption algorithm is stored in the memory, the memory is registered in the application distribution management center module before being delivered to a client for use, and the registered content comprises the physical number and the authorization key of the memory;
when the server security agent module and the application release management center module perform mutual authentication, the physical numbers of the memories are firstly compared to determine whether the physical numbers are consistent, and then the authorization keys are compared to determine whether the authorization keys are consistent.
Preferably, the memory is an SD card or a USB memory.
The beneficial technical effects obtained by the invention are as follows:
1) the invention solves the defects that the prior art can not completely ensure the operation safety and the production requirement of the server, lacks universality, and has the issue risk and the subjective and objective operation risk in the system operation process; compared with the prior art, the invention has the advantages that the safety and the controllability of the server and the running application software thereof are ensured, and the safety protection of the operating system and the application system is considered in all directions on the premise of safety and reliability; the traditional information system operation management is changed from an open type subjective state to a closed type controllable state, so that the operation and maintenance flexibility is guaranteed, and the safety of the system during the operation period is greatly improved;
2) according to the method, the server operating system and the application resources are isolated, so that all subjective operations can be completed only by a 'safe operation management' mandatory access channel, and soft risks of each stage in the life cycle of the application system and hard risks of starting, stopping, updating and unloading in an operation and maintenance stage are effectively avoided; user operators need to complete installation, upgrading and daily maintenance of the application system through resource allocation management;
3) the invention ensures that the initial release stage of the application can complete release and deployment only by forcing an access channel through 'safety certification and release review', thereby avoiding hard risks in the release stage and soft and hard risks in the operation stage; various abnormal events and overflow events in the running process of the system are detected in real time through 'running safety monitoring' in the server, and dynamic potential safety hazards which cannot be predicted in a review stage are eliminated;
4) the invention carries out identity authentication by setting the secret key, thereby ensuring the self safety; sequentially carrying out vulnerability scanning and release review double evaluation and inspection on the application system on the application release management center module, evaluating the installation process and the operation effect of the application system by using a risk vulnerability scanning detection technology and using release review, and carrying out authorization management after the verification is successful, namely, the application system can be released and operated after signature authentication;
5) the invention can self-define the safety rules and management systems such as the safety operation management strategy, the safety monitoring management strategy and the like, and manage the actions of the application system such as release, vulnerability scanning, operation safety monitoring and the like.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a block diagram of an information security management system according to the present invention;
FIG. 2 is a diagram of a security protection model of a cloud information system according to the present invention;
FIG. 3 is a security threat matrix diagram for an information system in accordance with the present invention;
FIG. 4 is a flow chart of the operation of the information security management system of the present invention;
fig. 5 is a schematic diagram of the network topology of the present invention.
Detailed Description
Technical solutions of the present invention will be described in detail below by way of embodiments with reference to the accompanying drawings. It should be noted that the description of the embodiments is provided to help understanding of the present invention, but the present invention is not limited thereto.
The term "and/or" herein is merely an association describing an associated object, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, B exists alone, and A and B exist at the same time, and the term "/and" is used herein to describe another association object relationship, which means that two relationships may exist, for example, A/and B, may mean: a alone, and both a and B alone, and further, the character "/" in this document generally means that the former and latter associated objects are in an "or" relationship.
Example 1
As shown in fig. 1, an information security management system includes an application publishing module, an application publishing management center module, a server security agent module, and an authorization management center.
The system isolates the server operating system from the application to form a cloud information system security protection model. The isolation of the server operating system comprises the following steps:
(1) cutting a system kernel, and only reserving basic drive and guidance;
(2) self-defining a file system;
(3) a self-defined system guides a loading area, namely an MBR loading process;
(4) integrating a system kernel, a file system and a bootstrap program;
(5) integrating other sub-modules such as system resource management, application integration management and the like;
(6) the initialization process of the custom operating system shields all other ports except the 80 and 443 ports; and replacing the user-defined operating system login module.
As shown in fig. 2, the security protection model includes a security operation management mandatory access channel and a security authentication and release review mandatory access channel, and an operator must control and release an application system on a server operating system in an operation isolation through the mandatory access channel, so as to avoid risks that easily occur in information system lifecycle management.
As shown in fig. 3, the risks in the system release, online, and operation and maintenance stages include hard risks and soft risks, where the hard risks include identity recognition, authority control, system vulnerabilities, code, and business logic vulnerabilities; software risks include risk of illegal operations, risk of erroneous operations, and risk of malicious operations.
The application release module comprises an application compression package, an identity authentication module and a compression package release module; the application compression package comprises an application installation package and an application upgrading package, and when the application system is released, the application system files need to be compressed and packaged; the identity authentication module is used for the operator who releases the application to log in the application release module to firstly carry out login identity authentication, and the compressed packet release module is used for releasing the application compressed packet to the application release management center module through an interface.
The application release management center module comprises a vulnerability scanning module, a release review module, an application authorization management module and an application release management module; the vulnerability scanning module is used for automatically scanning vulnerabilities of the application compressed package, analyzing risk vulnerabilities and potential safety hazards of the application and producing a risk report; the issuing and reviewing module is used for reviewing the risk report by an expert and evaluating the installation process and the operation effect of the application; the application authorization management module is used for carrying out signature authentication on the application compressed package to generate authorization file information; the application release management module releases the application compression packet after signature authentication to the server security agent module through an interface; the application authorization management module and the application release management module form a mandatory access channel for application release, and the application system can only release on the server security agent module through the mandatory access channel.
The server security agent module comprises an operation security monitoring management module, a security monitoring management strategy module, an application resource updating management module, an application integration management module, a resource configuration management module, a file system, a system customization kernel and a hardware system resource management module.
The safety monitoring management strategy module comprises a strategy in the operation process of the application system, and the operation safety monitoring management module detects various abnormal events and overflow events in the operation process of the application system according to the safety monitoring management strategy module, so that dynamic hidden dangers which cannot be predicted in the evaluation stage are eliminated.
The application resource updating management module is used for receiving the application compression packet issued by the application issuing management center module, downloading the application compression packet, then carrying out safety verification on the application compression packet, and directly deleting the application compression packet which cannot pass the verification.
The application integration management module manages the operation and maintenance operation of the application system, and an operator must perform authority authentication before performing the operation and maintenance operation on the application system and can operate after the authority authentication; the operation and maintenance operation comprises starting and stopping, running, updating and unloading.
The resource allocation management module is an interface for the server security agent module to perform human-computer interaction, an operator realizes the hardware system resource management and the application system installation and maintenance through the resource allocation management, and the operator realizes the application system installation, upgrade and daily maintenance through the resource allocation management.
The application resource updating management module and the application integration management module form a mandatory access channel for operation and maintenance operation of the application system, and the resource allocation management module forms a mandatory access channel for other subjective operation.
The system customizing kernel is a Linux system customizing kernel; and the hardware system resource management module is used for carrying out operation management on the hardware on the server.
The application compression package has a safety verification function after being approved by release in the application release management center module, the application compression package is provided with a signature key, and authorization information is arranged in the application compression package; the server security agent module carries out security verification after downloading the application compressed package, the security verification comprises integrity verification and signature key comparison, the integrity verification is to verify the integrity of the application compressed package, and the application compressed package is prevented from being tampered or damaged in the transmission process; the signature key comparison is to compare the signature key of the application compressed packet sent to the server security agent module by the application distribution management central module with the signature key of the downloaded application compressed packet, so as to prevent the use of the unsafe compressed packet which is not authorized to be authenticated.
The server security agent module is arranged in an independent memory, the memory is a USB memory, and the memory is in a read-only mode; the memory has a unique physical number, the physical number of the memory is automatically generated in the process of factory processing and production, the server security agent module and related files are imported into the memory at the later stage, the memory stores a key of a symmetric encryption algorithm, the memory is registered in the application release management center module before being delivered to a client for use, and the registered content comprises the physical number of the memory and an authorization key.
Preferably, the memory is an SD card.
When the server security agent module and the application release management center module perform identity authentication, firstly, comparing whether the physical numbers of the memories are consistent or not, and then, comparing whether the authorization keys are consistent or not; when the physical number is consistent with the authorization key, the server security agent module obtains the identity authentication of the application release management center module, and can obtain the pushing, updating files and request downloading of the application compression package from the application release management center module.
Example 2
The embodiment is performed on the basis of embodiment 1, the same parts are not repeated, and an operation flow of the information security management system is mainly introduced, as shown in fig. 4, which is a flow chart of application release of the system, specifically, when an application release module performs application release, an installation (or upgrade) package is first generated, an application release management center module is logged in to perform identity authentication, and after the identity authentication is passed, the installation package (or upgrade package) is released to the application release management center module through an interface; the application release management center module sequentially performs security vulnerability scanning, release review and authorization management on the installation package (or the upgrade package) to generate a signature installation package (or the upgrade package); the application publishing management center module registers a server security agent module of the installed application in advance, a signed installation package (or upgrade package) pushes the installation package (or upgrade package) to the server security agent module in an FTP or HTTP mode, and the server security agent module can also obtain the installation package (or upgrade package) in a downloading request mode; the server security agent module firstly carries out integrity verification on the installation package (or the upgrade package), the integrity is verified by signature, the signature verification is carried out by executing the installation script, the application version and the system environment state are updated, the operation maintenance is carried out at the later stage, and when the integrity verification or the signature verification is failed, the installation package is removed. The server manager can manage the hardware resources on the server security agent module through the resource allocation management module, and the application installation maintenance personnel can install and maintain the application system on the server security agent module through the resource allocation management module.
As shown in fig. 5, which is a schematic diagram of a network topology of the system, as shown in the figure, a plurality of application distribution terminals are respectively connected to an application distribution management center, and the application distribution management center is connected to a plurality of server security agents.
Example 3
Based on the above embodiment 1, the application release of the system includes the following steps:
(1) registering a name, a version and a signature key of an application system to be published in an application publishing management center, and allowing to acquire a server security agent list authorized to install and operate and a preset system review group personnel list;
(2) firstly, MD5 calculation is carried out on a xxx _ yy.tar installation package (binary compression package) uploaded by an application publishing terminal, and the MD5 calculation is compared with an MD5 value recorded in a xxx y.config.ini file (configuration file) uploaded together to determine the integrity of the installation package;
(3) starting a test container and automatically deploying an installation package;
(4) starting automatic vulnerability scanning, and analyzing and evaluating technical vulnerabilities and security risks;
(5) generating a risk report and informing a system panel staff to prepare to start a release panel;
(6) starting a release review process;
(7) after the release review passes, automatically repackaging xxx _ yy.tar and xxx _ yy.config.ini uploaded by an application release end to generate xxx _ yy.tar.gz (corresponding to the requirement of the specification format of a corresponding installation package) and re-pairing the gz package, then carrying out MD5 value operation on the gz package, using an MD5 value as an encrypted data source, using a signature key preset by the application system to generate authorization information AuthKey through 3DES, writing the authorization information AuthKey into a newly generated xxx _ yy.install.cer file (wherein xxxx is replaced by a value of sysname in a specific config.ini file, and yy is a value of version), and after the file is downloaded by a server security agent, finishing the security verification of the installation package;
(8) the server security agent acquires the updating information of the application installation package at regular time, firstly indicates the environment identity of the server security agent when being informed of permission of downloading, acquires a signature key of an application system after passing verification, and downloads the installation package and the authorization file information of the application system;
(9) through the acquired signature key of the application system and the authorization file of the application system, the server security agent firstly decrypts the AuthKey to obtain an MD5 value of the installation package during signature, then recalculates the MD5 value of the installation package acquired by current downloading, compares the two values, and if the two values are consistent, the installation package is considered to be safe and credible;
(10) and the server security agent executes the installation script in the installation package to carry out installation and deployment, and the application system is released and implemented.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (8)

1. An information security management system is characterized by comprising an application release module, an application release management center module and a server security agent module; the application publishing module comprises an application compression package, an identity authentication module and a compression package publishing module;
the system isolates a server operating system, an application and an operating user to form a cloud information system security protection model, wherein the cloud information system security protection model comprises a security operation management mandatory access channel and a security authentication and release review mandatory access channel, and an operator can control and release the application system on the server operating system in the operation isolation only through the mandatory access channel, so that risks easily occurring in the life cycle management of the information system are avoided;
the application compression package is provided with a signature key after passing through the release review in the application release management center module; the server security agent module carries out security verification after downloading the application compressed package, wherein the security verification comprises integrity verification and signature key comparison; the integrity verification is to verify the integrity of the corresponding compressed packet, and the signature key comparison is to compare the signature key of the application compressed packet sent to the server security agent module by the application distribution management central module with the signature key of the downloaded application compressed packet;
the server security agent module is arranged in an independent memory, and the memory is in a read-only mode; the memory is provided with a unique physical number, an authorization key of a symmetric encryption algorithm is stored in the memory, the memory is registered in the application distribution management center module before being delivered to a client for use, and the registered content comprises the physical number and the authorization key of the memory;
when the server security agent module and the application release management center module perform identity authentication, the physical numbers of the memories are firstly compared to determine whether the physical numbers are consistent, and then the authorization keys are compared to determine whether the authorization keys are consistent.
2. The information security management system according to claim 1, wherein the application compression package includes an application installation package and an application upgrade package, the identity authentication module is configured to perform login identity authentication when an operator who issues an application logs in the application issuing module, and the compression package issuing module is configured to issue the application compression package to the application issuing management center module through an interface.
3. The information security management system according to claim 1, wherein the application release management center module includes a vulnerability scanning module, a release review module, an application authorization management module, and an application release management module;
the vulnerability scanning module is used for automatically scanning vulnerabilities of the application compressed package, analyzing risk vulnerabilities and potential safety hazards of the application and generating a risk report;
the release review module is used for reviewing the risk report by an expert and evaluating the installation process and the operation effect of the application;
the application authorization management module is used for carrying out signature authentication on the application compressed package to generate authorization file information;
the application release management module releases the application compression packet after signature authentication to the server security agent module through an interface;
the application authorization management module and the application release management module form a mandatory access channel for application release.
4. The information security management system according to any one of claims 1 to 3, wherein the risk includes hard risk and soft risk, the hard risk including identity recognition, authority control, system vulnerability, code and business logic vulnerability; the soft risks include operational risks of violation, operational risks of error, and operational risks of malice.
5. The information security management system according to any one of claims 1 to 3, wherein the server security agent module includes an operation security monitoring management module, a security monitoring management policy module, an application resource update management module, an application integration management module, a resource configuration management module, a file system, a system customization kernel, and a hardware system resource management module.
6. The information security management system according to claim 5, wherein the security monitoring management policy module includes a policy in an application system running process, and the running security monitoring management module detects various exceptions and overflow events in the application system running process according to the security monitoring management policy module, thereby eliminating dynamic hidden dangers that cannot be predicted in a review stage.
7. The information security management system according to claim 5, wherein the application resource update management module is configured to receive the application compression package issued by the application issuance management center module, download the application compression package, perform security verification on the application compression package, and directly delete the application compression package that fails to be verified;
the application integration management module manages the operation and maintenance operation of the application system, and an operator must perform authority authentication before performing the operation and maintenance operation on the application system and can operate after the authority authentication; the operation and maintenance operation comprises starting and stopping, running, updating and unloading;
the resource allocation management module is an interface for the server security agent module to perform human-computer interaction, an operator realizes the installation and maintenance of the hardware system resource management module and the application system through the resource allocation management module, and the operator realizes the installation, the upgrade and the daily maintenance of the application system through the resource allocation management module;
the application resource updating management module and the application integration management module form a mandatory access channel for operation and maintenance operation of an application system, and the resource allocation management module forms a mandatory access channel for other subjective operations;
the system customizing inner core is a Linux system customizing inner core.
8. The information security management system according to claim 1, wherein the memory is an SD card or a USB memory.
CN201811202991.6A 2018-10-16 2018-10-16 Information security management system Active CN109376557B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811202991.6A CN109376557B (en) 2018-10-16 2018-10-16 Information security management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811202991.6A CN109376557B (en) 2018-10-16 2018-10-16 Information security management system

Publications (2)

Publication Number Publication Date
CN109376557A CN109376557A (en) 2019-02-22
CN109376557B true CN109376557B (en) 2022-03-25

Family

ID=65399983

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811202991.6A Active CN109376557B (en) 2018-10-16 2018-10-16 Information security management system

Country Status (1)

Country Link
CN (1) CN109376557B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113378169A (en) * 2021-07-07 2021-09-10 国网冀北电力有限公司 Safety protection system for virtual power plant operation
CN113722720B (en) * 2021-10-29 2022-02-18 苏州浪潮智能科技有限公司 System starting method and related device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101132344A (en) * 2007-08-24 2008-02-27 上海可鲁系统软件有限公司 Safe intercommunication method and apparatus between two isolated networks
CN102082787A (en) * 2010-12-10 2011-06-01 江苏省电力公司 Application frame for intelligent power information interaction of large users
CN102479097A (en) * 2010-11-26 2012-05-30 中国科学院声学研究所 Safe embedded operating system capable of supporting multi-stage loading
CN104125251A (en) * 2013-04-26 2014-10-29 华茂云天科技(北京)有限公司 Virtualization technology-based cloud computing security terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101132344A (en) * 2007-08-24 2008-02-27 上海可鲁系统软件有限公司 Safe intercommunication method and apparatus between two isolated networks
CN102479097A (en) * 2010-11-26 2012-05-30 中国科学院声学研究所 Safe embedded operating system capable of supporting multi-stage loading
CN102082787A (en) * 2010-12-10 2011-06-01 江苏省电力公司 Application frame for intelligent power information interaction of large users
CN104125251A (en) * 2013-04-26 2014-10-29 华茂云天科技(北京)有限公司 Virtualization technology-based cloud computing security terminal

Also Published As

Publication number Publication date
CN109376557A (en) 2019-02-22

Similar Documents

Publication Publication Date Title
US20240098097A1 (en) Secure over-the-air updates
CN111082940B (en) Internet of things equipment control method and device, computing equipment and storage medium
US10958437B2 (en) Object signing within a cloud-based architecture
US8863290B2 (en) Methods and devices for improving the reliability of communication between an aircraft and a remote system
CN105468978B (en) A kind of creditable calculation password platform suitable for electric system universal computing platform
US11947693B2 (en) Memory management in virtualized computing environments
CN107463838B (en) Method for safety monitoring, device, system and storage medium based on SGX
US11989283B2 (en) Container escape detection method, apparatus, and system, and storage medium
WO2015184891A1 (en) Security management and control method, apparatus, and system for android system
Arce et al. Avoiding the top 10 software security design flaws
US11475107B2 (en) Hardware security
EP3345112B1 (en) Thresholds on scripts executable by unified extensible firmware interface systems
CN112783518A (en) Vehicle-mounted application containerization isolation framework system based on IPFS and implementation method
US10735430B1 (en) Systems and methods for dynamically enrolling virtualized execution instances and managing secure communications between virtualized execution instances and clients
CN111414612B (en) Security protection method and device for operating system mirror image and electronic equipment
US20220188444A1 (en) Systems and methods for securing virtualized execution instances
CN109376557B (en) Information security management system
CN112446029A (en) Trusted computing platform
US20210334085A1 (en) Systems and methods for secure over-the-air updates for cyber-physical systems
CN109583191B (en) Method and device for protecting integrity of control flow of cloud program
JP2022544840A (en) Data storage device to which variable computer file system is applied
CN113868628A (en) Signature verification method and device, computer equipment and storage medium
KR102447980B1 (en) Unmanned ground vehicle with dual network system and operating method thereof
CN114329444A (en) System safety improving method and device
Xiaozhou et al. Trusted Delivery Mechanisms for Software Supply Chains Based on Trusted Execution Environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant