CN111832083B - System resource tamper-proofing method based on block chain and national secret digital fingerprint technology - Google Patents

System resource tamper-proofing method based on block chain and national secret digital fingerprint technology Download PDF

Info

Publication number
CN111832083B
CN111832083B CN202010964491.7A CN202010964491A CN111832083B CN 111832083 B CN111832083 B CN 111832083B CN 202010964491 A CN202010964491 A CN 202010964491A CN 111832083 B CN111832083 B CN 111832083B
Authority
CN
China
Prior art keywords
file
fingerprint
resource
target system
strategy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010964491.7A
Other languages
Chinese (zh)
Other versions
CN111832083A (en
Inventor
孟军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Kaibo Technology Co.,Ltd.
Suzhou kaibotong Chain Technology Co.,Ltd.
Original Assignee
Jiangsu Kaibo Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Kaibo Technology Co ltd filed Critical Jiangsu Kaibo Technology Co ltd
Priority to CN202010964491.7A priority Critical patent/CN111832083B/en
Publication of CN111832083A publication Critical patent/CN111832083A/en
Application granted granted Critical
Publication of CN111832083B publication Critical patent/CN111832083B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/182Distributed file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a system resource tamper-proofing method based on a block chain and a national secret digital fingerprint technology, and belongs to the technical field of system encryption. The method comprises the following steps: step a: resource fingerprint uplink and source file secure backup: step a1, linking the file fingerprint; step a 2: carrying out digital fingerprint sampling on system resources; step a 3: encrypting the digital fingerprint by using a target system country password certificate; step a 4: submitting the encrypted digital fingerprint to a block chain platform; a5, safely backing up and storing the source file; step b: resource file fingerprint dynamic monitoring: b1, sampling the fingerprint of the target system resource file to obtain the fingerprint of the target system resource file; b2, acquiring the fingerprint on the source file chain of the target system resource file; step b3, comparing the fingerprint of the target system resource file with the fingerprint of the source file chain, and giving an alarm if the fingerprints do not accord with the fingerprint of the source file chain; c, executing step c if the strategy accords with the forced reduction strategy; step c: and forcibly restoring the resource file. The invention improves the safety coefficient of the system.

Description

System resource tamper-proofing method based on block chain and national secret digital fingerprint technology
Technical Field
The invention relates to a software system resource management and control method based on a block chain and a national encryption algorithm, and belongs to the technical field of system encryption.
Background
For a formally online software system, a serious problem that malicious components or resources enter a production system due to illegal deployment of human factors exists. In the License management and control mode, a hacking behavior that the License management and control mechanism is bypassed by a manual replacement component exists, and serious value damage of business infringement is brought to software suppliers. For a WEB system, the greatest risk is that external malicious attacks tamper the content of sensitive parts of a webpage, and serious damage is brought to politics, economy, society and the like.
The traditional resource tamper-resistant mechanism is based on a mainstream open source digest algorithm, and calculates MD5 fingerprint digests of sensitive components of a system, and stores the MD5 values of the components into a certain file or a database of a local file system. The MD5 value of the current system-related component is then calculated and compared to the MD5 value of the component in a library or database to find a component in an abnormal state.
The disadvantages of the conventional method are as follows: 1. the MD5 algorithm has low safety factor and is easy to attack; 2. the MD5 value stored in the file or database is easy to steal or tamper, 3, for the original resource file stored in a certain predetermined location, the file location is also easy to steal and expose, which causes the malicious problem of artificially replacing and modifying the original resource file, and the uniqueness and credibility of the original resource cannot be ensured; 4. the traditional method generally only carries out tampering monitoring on a certain specific resource, and few monitoring mechanisms for illegal deletion and illegal addition of the resource of the whole system exist; 5. the traditional method can only carry out local monitoring on a single system generally, cannot form large-scale remote monitoring, has small application and use range and large repeated investment on customers.
Disclosure of Invention
In order to solve the technical problems, the invention provides a system resource tamper-proofing method based on a block chain and a national secret digital fingerprint technology, which has the following specific technical scheme:
the invention discloses a system resource tamper-proofing method based on a block chain and a national secret digital fingerprint technology, which comprises the following steps:
step a: resource fingerprint uplink and source file secure backup
Step a1: chaining the file fingerprints:
step a 1.1: setting a creating module in a target system and generating a strategy file;
step a 1.1.1: in the initialization stage, a country secret SM2 asymmetric algorithm is used for generating a country secret certificate of a target system for the target system;
step a 1.1.2: generating an abstract of system resources by using a state secret SM3 abstract algorithm, and encrypting the abstract by using a state secret certificate of a target system to generate a novel digital fingerprint;
step a 1.1.3: the creating module generates a super administrator account, a certificate and authority of a target system;
step a 2: performing digital fingerprint sampling on system resources by using a state secret SM3 abstract algorithm;
step a 3: encrypting the digital fingerprint by using a target system country password certificate;
step a 4: submitting the generated encrypted digital fingerprint to a block chain platform;
step a5: safe backup storage of a source file;
step a 5.1: numbering HDFS storage nodes;
step a 5.2: calculating the average storage scale of the HDFS storage nodes;
step a 5.3: selecting a storage node number in a random number mode in a storage node list;
step a 5.4: calculating the current storage scale of the storage node corresponding to the current number;
step a 5.5: comparing the average storage scale with the current storage scale, if the deviation ratio of the average storage scale to the current storage scale is more than 5%, reselecting the node to generate a random number, and if the deviation ratio is less than 5%, hitting or generating a storage path;
step a 5.6: uploading the source file to a storage node corresponding to the established path;
step a 5.7: encrypting the storage path by using a target system state secret certificate, and uploading the encrypted path to a block chain platform;
step b: resource file fingerprint dynamic monitoring
Step b1: carrying out fingerprint sampling on a target system resource file to obtain a target system resource file fingerprint;
step b2: acquiring a fingerprint on a source file chain of a target system resource file;
step b3: comparing the target system resource file fingerprint with the fingerprint on the source file chain, and giving an alarm if the target system resource file fingerprint does not accord with the fingerprint on the source file chain; c, executing step c if the strategy accords with the forced reduction strategy;
step b 4: comparing the target system file list with the source file list on the chain, and giving an alarm if the system file is inconsistent with the source file number on the chain;
step c: forced restoration of resource files
Step c 1: acquiring a resource file storage path;
step c 1.1: uploading a query access path according to the file name;
step c 1.2: decrypting the file storage path;
step c 2: resource file download and reload
Step c 2.1: downloading the corresponding resource file to a storage path corresponding to the resource file in the target system according to the resource storage path;
step c 2.2: and reloading the resources to the container in a gray scale mode to finish forced restoration.
Further, step 1 further includes encrypting the locations of all resource storages of the target original system, specifically:
storing all resources of a target original system at a specific position, encrypting a position path by using a national secret certificate of the target system, and storing the encrypted path in a block chain platform; and under the forced restoration mode, reading the relevant path from the block chain platform, decrypting the relevant path, and acquiring the original credible resource according to the decrypted path for forced restoration.
Further, the creating module in the step a1.1 generates a policy file in an initialization stage, and the policy file defines a handling action corresponding to the monitoring result; the treatment action includes: forced restoration, pure alarm and superposition of two actions of forced restoration and alarm; the forced reduction action defines whether forced reduction is needed according to the sensitivity and reduction necessity of the resource; the policy file will also screen the resources precisely.
Further, in the initialization stage of the creation module in the step a1.1.3, an operation account or certificate is distributed to the super administrator and is stored in each daemon node in a safe encryption mode; the definite name and the monitoring path of the target system process are written into a super administrator operation authority package file, and are stored in each daemon node in a safe encryption mode; a super administrator logs in a certain target system process daemon node and logs in a WEB interface, inputs account information or provides a certificate, performs identity and authority authentication, and can perform normal operation and maintenance operation on related resources of a target system if the authentication is passed; and after the super administrator exits, the target system automatically enters a scanning monitoring mode of a non-super administrator.
Further, the storage mode of the policy file is as follows: encrypting by using a system certificate, storing the encrypted strategy file in a local system, and simultaneously carrying out fingerprint acquisition on the encrypted strategy file, wherein the fingerprint is stored in a block chain platform;
the strategy file is obtained in the following mode: and setting a scanner, acquiring the strategy file fingerprint from the block chain platform, comparing the strategy file fingerprint with the local strategy file fingerprint, and terminating service and giving an alarm when the strategy file fingerprint is inconsistent with the local strategy file fingerprint.
Furthermore, the policy files include a scanning policy file, a monitoring policy file, an identification policy file, an alarm policy file, a forced restoration policy file and a super administrator intervention policy file, and the policy files are generated at the initialization stage of the creation module, encrypted through a system certificate and stored in a local system.
Further, the account information, the authority information, the process alarm, the process monitoring report and the super administrator operation record are subjected to uplink backup through the block chain platform.
Further, the forced reduction process is as follows: and downloading an original credible resource storage path from the block chain platform, downloading related resources according to the resource storage path, quickly replacing the resources to the system, and calling a resource overloading service provided by the current software system to restore the system to an original state.
Furthermore, the super administrator operation record is stored in a local system in a safe encryption mode, and is reported to a behavior auditing system through a remote interface for post auditing and behavior analysis.
Further, the alarms described in step b4 include an increase alarm and a decrease alarm.
The invention has the beneficial effects that:
1. reading, decrypting and identifying the digital fingerprints of the components are carried out in a closed memory space, the tightness of core operation is ensured, and the anti-invasion capacity is improved.
2. The core information of all operators is linked up through the block chain platform, so that the uniqueness of the core information is ensured, and the tamper resistance and the repudiation resistance of the system are improved.
3. The storage paths of the related resources are stored in a plurality of media in a scattered manner, so that the stealth capability of the original resource file is greatly improved.
4. And encrypting the storage position of the whole resource of the original clean system and storing the encrypted storage position in the block chain platform, so that the uniqueness and the reliability of the original system resource are improved.
5. The large-scale target system resource abnormity monitoring targets in batches are realized through remote scanning, identification and analysis functions, so that the problem of repeated investment of clients is solved.
6. Under the super administrator intervention mode, the system compatibility of the normal iterative upgrade and the normal maintenance of the resources is improved.
Drawings
Figure 1 is a block flow diagram of the present invention,
figure 2 is a block flow diagram of a secure backup storage of a source file in the present invention,
FIG. 3 is a block diagram of a process for forced restoration of a resource file in the present invention.
Detailed Description
The present invention will now be described in further detail with reference to the accompanying drawings. These drawings are simplified schematic views illustrating only the basic structure of the present invention in a schematic manner, and thus show only the constitution related to the present invention.
As shown in fig. 1, the system resource tamper-proofing method based on the blockchain and the national secret digital fingerprint technology of the present invention includes the following steps:
step a: resource fingerprint uplink and source file secure backup
Step a1: chaining the file fingerprints:
step a 1.1: setting a creating module in a target system and generating a strategy file; the strategy file comprises a scanning strategy file, a monitoring strategy file, an identification strategy file, an alarm strategy file, a forced restoration strategy file and a super manager intervention strategy file, wherein the strategy file is generated in the initialization stage of the creation module, and is encrypted through a system certificate and then stored in a local system.
Step a 1.1.1: in the initialization stage, a country secret SM2 asymmetric algorithm is used for generating a country secret certificate of a target system for the target system;
step a 1.1.2: generating an abstract of system resources by using a state secret SM3 abstract algorithm, and encrypting the abstract by using a state secret certificate of a target system to generate a novel digital fingerprint;
step a 1.1.3: the creating module generates a super administrator account, a certificate and authority of a target system;
step a 3: encrypting the digital fingerprint by using a target system country password certificate;
step a 4: submitting the generated encrypted digital fingerprint to a block chain platform;
step a5: safe backup storage of a source file;
step a 5.1: numbering HDFS storage nodes;
step a 5.2: calculating the average storage scale of the HDFS storage nodes;
step a 5.3: selecting a storage node number in a random number mode in a storage node list;
step a 5.4: calculating the current storage scale of the storage node corresponding to the current number;
step a 5.5: comparing the average storage scale with the current storage scale, if the deviation ratio of the average storage scale to the current storage scale is more than 5%, reselecting the node to generate a random number, and if the deviation ratio is less than 5%, hitting or generating a storage path;
step a 5.6: uploading the source file to a storage node corresponding to the established path;
step a 5.7: encrypting the storage path by using a target system state secret certificate, and uploading the encrypted path to a block chain platform;
step b: resource file fingerprint dynamic monitoring
Step b1: performing fingerprint sampling on a target system resource file to acquire a target system resource file fingerprint;
step b2: acquiring a fingerprint on a source file chain of a target system resource file;
step b3: comparing the target system resource file fingerprint with the fingerprint on the source file chain, and giving an alarm if the target system resource file fingerprint does not accord with the fingerprint on the source file chain; c, executing step c if the strategy accords with the forced reduction strategy;
step b 4: and comparing the target system file list with the source file list on the chain, and when the number of the system files is not consistent with that of the source files on the chain, respectively increasing the number of the system files and reducing the number of the source files on the chain to warn.
As shown in fig. 3, step c: forced restoration of resource files
Step c 1: acquiring a resource file storage path;
step c 1.1: uploading a query access path according to the file name;
step c 1.2: decrypting the file storage path;
step c 2: resource file download and reload
Step c 2.1: downloading the corresponding resource file to a storage path corresponding to the resource file in the target system according to the resource storage path;
step c 2.2: and reloading the resources to the container in a gray scale mode to finish forced restoration.
Step 1 further comprises encrypting the positions of all resource storages of the target original system, specifically:
storing all resources of a target original system at a specific position, encrypting a position path by using a national secret certificate of the target system, and storing the encrypted path in a block chain platform; and under the forced restoration mode, reading the relevant path from the block chain platform, decrypting the relevant path, and acquiring the original credible resource according to the decrypted path for forced restoration.
A step a1.1, generating a strategy file by an appearance creating module in an initialization stage, wherein the strategy file defines a disposal action corresponding to a monitoring result; the treatment action includes: forced restoration, pure alarm and superposition of two actions of forced restoration and alarm; the forced reduction action defines whether forced reduction is needed according to the sensitivity and reduction necessity of the resource; the policy file will also screen the resources precisely. The forced reduction process comprises the following steps: and downloading an original credible resource storage path from the block chain platform, downloading related resources according to the resource storage path, quickly replacing the resources to the system, and calling a resource overloading service provided by the current software system to restore the system to an original state.
The storage mode of the policy file is as follows: encrypting by using a system certificate, storing the encrypted strategy file in a local system, and simultaneously carrying out fingerprint acquisition on the encrypted strategy file, wherein the fingerprint is stored in a block chain platform; the strategy file acquisition mode is as follows: and setting a scanner, acquiring the strategy file fingerprint from the block chain platform, comparing the strategy file fingerprint with the local strategy file fingerprint, and terminating service and giving an alarm when the strategy file fingerprint is inconsistent with the local strategy file fingerprint.
The structure definition of the policy file includes:
# ACTION _ WARNING Default alarm mode is 1, i.e. the alarm mode is turned on by default
The # ACTION _ FORCED _ recovery default FORCED recovery mode is 0, namely the default closed FORCED recovery mode; if the number of the resources is 1, a forced reduction mechanism is opened, and the reduction action is automatically executed under the condition that the resource identity is abnormal, so that the original resource is covered on the current resource
ACTION_WARNING = 1
ACTION_FORCED_RECOVER = 0
Scanning a target ROOT directory by # SCAN _ ROOT, and traversing from the current user ROOT directory by default when the target ROOT directory is empty; but in view of performance, it may be mandatory to configure the scan root directory, i.e. to monitor the specified system resources, rather than a full disk scan.
SCAN_ROOT = /usr/local/
When the # TARGER _ FILE _ TYPE FILE TYPE is empty, scanning the full FILE TYPE by default; if not, the directional scanning is carried out according to the type of the filled-in file
# for example: TARGER _ FILE _ TYPE = jar, java, xml, html, dll, conf, prop
TARGER_FILE_TYPE=
When the FILE NAME of # TARGER _ FILE _ NAME is empty, scanning all FILEs under SCANE ROOT by default; if not, performing directional scanning according to the filled file name; default to null;
# for example: target _ FILE _ NAME =/usr/local/test/xxxx. jar,/usr/local/test/yyy. jar;
TARGER_FILE_NAME=
when the TYPE of the # NOTIN _ TARGER _ FILE _ TYPE FILE is empty, scanning the full FILE TYPE by default; if not, the filled file type is not directionally scanned, such as a log file; is empty by default
# for example: NOTIN _ TARGER _ FILE _ TYPE = log, out
NOTIN_TARGER_FILE_TYPE=log
When the FILE NAME of # NOTIN _ TARGER _ FILE _ NAME is empty, scanning all FILEs under SCANE ROOT by default; if not, the filled file name is not scanned, such as a log file; default to null;
# for example: NOTIN _ TARGER _ FILE _ NAME = xxx.log, yyy.log, zzz.out
NOTIN_TARGER_FILE_NAME=
# Scan frequency in milliseconds
SCAN_PERIOD = 10000。
An initial stage of the creating module allocates an operation account or certificate for a super administrator, and the operation account or certificate is stored in each daemon node in a safe encryption mode; the definite name and the monitoring path of the target system process are written into a super administrator operation authority package file, and are stored in each daemon node in a safe encryption mode; a super administrator logs in a certain target system process daemon node and logs in a WEB interface, inputs account information or provides a certificate, performs identity and authority authentication, and can perform normal operation and maintenance operation on related resources of a target system if the authentication is passed; and after the super administrator exits, the target system automatically enters a scanning monitoring mode of a non-super administrator.
As shown in fig. 2, step a 2: performing digital fingerprint sampling on system resources by using a state secret SM3 abstract algorithm; and account information, permission information, process alarm, process monitoring report and super administrator operation record are subjected to uplink backup through the block chain platform. The super administrator operation records are stored in a local system in a safe encryption mode, and are reported to a behavior auditing system through a remote interface for post auditing and behavior analysis.
In conclusion, the method ensures the uniqueness and the credibility of the original resources of the system, also provides the evidence storage capability of the abnormal resource alarm information, improves the safety coefficient of the system and expands the application range.

Claims (10)

1. A system resource tamper-proofing method based on a block chain and a national secret digital fingerprint technology is characterized by comprising the following steps:
step a: resource fingerprint uplink and source file secure backup
Step a1: chaining the file fingerprints:
step a 1.1: setting a creating module in a target system and generating a strategy file;
step a 1.1.1: in the initialization stage, a country secret SM2 asymmetric algorithm is used for generating a country secret certificate of a target system for the target system;
step a 1.1.2: generating an abstract of system resources by using a state secret SM3 abstract algorithm, and encrypting the abstract by using a state secret certificate of a target system to generate a novel digital fingerprint;
step a 1.1.3: the creating module generates a super administrator account, a certificate and authority of a target system;
step a 2: performing digital fingerprint sampling on system resources by using a state secret SM3 abstract algorithm;
step a 3: encrypting the digital fingerprint by using a target system country password certificate;
step a 4: submitting the generated encrypted digital fingerprint to a block chain platform;
step a5: safe backup storage of a source file;
step a 5.1: numbering HDFS storage nodes;
step a 5.2: calculating the average storage scale of the HDFS storage nodes;
step a 5.3: selecting a storage node number in a random number mode in a storage node list;
step a 5.4: calculating the current storage scale of the storage node corresponding to the current number;
step a 5.5: comparing the average storage scale with the current storage scale, if the deviation ratio of the average storage scale to the current storage scale is more than 5%, reselecting the node to generate a random number, and if the deviation ratio is less than 5%, hitting or generating a storage path;
step a 5.6: uploading the source file to a storage node corresponding to the established path;
step a 5.7: encrypting the storage path by using a target system state secret certificate, and uploading the encrypted path to a block chain platform;
step b: resource file fingerprint dynamic monitoring
Step b1: carrying out fingerprint sampling on a target system resource file to obtain a target system resource file fingerprint;
step b2: acquiring a fingerprint on a source file chain of a target system resource file;
step b3: comparing the target system resource file fingerprint with the fingerprint on the source file chain, and giving an alarm if the target system resource file fingerprint does not accord with the fingerprint on the source file chain; c, executing step c if the strategy accords with the forced reduction strategy;
step b 4: comparing the target system file list with the source file list on the chain, and giving an alarm if the target system file is inconsistent with the source file number on the chain;
step c: forced restoration of resource files
Step c 1: acquiring a resource file storage path;
step c 1.1: uploading a query access path according to the file name;
step c 1.2: decrypting the file storage path;
step c 2: resource file download and reload
Step c 2.1: downloading the corresponding resource file to a storage path corresponding to the resource file in the target system according to the resource storage path;
step c 2.2: and reloading the resources to the container in a gray scale mode to finish forced restoration.
2. The system resource tamper-proofing method based on blockchain and cryptographic digital fingerprint technology according to claim 1, characterized in that: step a also includes step a 5.8: encrypting the positions of all resource storage of the target original system specifically comprises the following steps:
storing all resources of a target original system at a specific position, encrypting a position path by using a national secret certificate of the target system, and storing the encrypted path in a block chain platform; and under the forced restoration mode, reading the relevant path from the block chain platform, decrypting the relevant path, and acquiring the original credible resource according to the decrypted path for forced restoration.
3. The system resource tamper-proofing method based on blockchain and cryptographic digital fingerprint technology according to claim 1, characterized in that: a step a1.1, generating a strategy file by an appearance creating module in an initialization stage, wherein the strategy file defines a disposal action corresponding to a monitoring result; the treatment action includes: forced restoration, pure alarm and superposition of two actions of forced restoration and alarm; the forced reduction action defines whether forced reduction is needed according to the sensitivity and reduction necessity of the resource; the policy file will also screen the resources precisely.
4. The system resource tamper-proofing method based on blockchain and cryptographic digital fingerprint technology according to claim 1, characterized in that: in the step a1.1.3, an initialization stage of a creation module allocates an operation account or certificate for a super administrator, and the operation account or certificate is stored in each daemon node in a safe encryption mode; the definite name and the monitoring path of the target system process are written into a super administrator operation authority package file, and are stored in each daemon node in a safe encryption mode; a super administrator logs in a certain target system process daemon node and logs in a WEB interface, inputs account information or provides a certificate, performs identity and authority authentication, and can perform normal operation and maintenance operation on related resources of a target system if the authentication is passed; and after the super administrator exits, the target system automatically enters a scanning monitoring mode of a non-super administrator.
5. The system resource tamper-proofing method based on blockchain and cryptographic digital fingerprint technology according to claim 1, characterized in that: the storage mode of the policy file is as follows: encrypting by using a system certificate, storing the encrypted strategy file in a local system, and simultaneously carrying out fingerprint acquisition on the encrypted strategy file, wherein the fingerprint is stored in a block chain platform;
the strategy file is obtained in the following mode: and setting a scanner, acquiring the strategy file fingerprint from the block chain platform, comparing the strategy file fingerprint with the local strategy file fingerprint, and terminating service and giving an alarm when the strategy file fingerprint is inconsistent with the local strategy file fingerprint.
6. The system resource tamper-proofing method based on blockchain and cryptographic digital fingerprint technology according to claim 1, characterized in that: the strategy files comprise scanning strategy files, monitoring strategy files, identifying strategy files, alarming strategy files, forced restoration strategy files and super administrator intervention strategy files, and are generated in the initialization stage of the creation module, encrypted through a system certificate and stored in a local system.
7. The method for preventing system resource from being tampered based on the blockchain and national secret digital fingerprint technology according to claim 4, wherein the method comprises the following steps: and the account information, the authority information, the process alarm, the process monitoring report and the super administrator operation record are subjected to uplink backup through the block chain platform.
8. The system resource tamper-proofing method based on blockchain and cryptographic digital fingerprint technology according to claim 1, characterized in that: the forced reduction process comprises the following steps: and downloading an original credible resource storage path from the block chain platform, downloading related resources according to the resource storage path, quickly replacing the resources to the system, and calling a resource overloading service provided by the current software system to restore the system to an original state.
9. The method for preventing system resource from being tampered based on the blockchain and national secret digital fingerprint technology according to claim 4, wherein the method comprises the following steps: and the super administrator operation record is stored in a local system in a safe encryption mode, and is reported to a behavior auditing system through a remote interface for post auditing and behavior analysis.
10. The system resource tamper-proofing method based on blockchain and cryptographic digital fingerprint technology according to claim 1, characterized in that: the alarms described in step b4 include an increase alarm and a decrease alarm.
CN202010964491.7A 2020-09-15 2020-09-15 System resource tamper-proofing method based on block chain and national secret digital fingerprint technology Active CN111832083B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010964491.7A CN111832083B (en) 2020-09-15 2020-09-15 System resource tamper-proofing method based on block chain and national secret digital fingerprint technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010964491.7A CN111832083B (en) 2020-09-15 2020-09-15 System resource tamper-proofing method based on block chain and national secret digital fingerprint technology

Publications (2)

Publication Number Publication Date
CN111832083A CN111832083A (en) 2020-10-27
CN111832083B true CN111832083B (en) 2021-01-08

Family

ID=72919031

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010964491.7A Active CN111832083B (en) 2020-09-15 2020-09-15 System resource tamper-proofing method based on block chain and national secret digital fingerprint technology

Country Status (1)

Country Link
CN (1) CN111832083B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112486930A (en) * 2020-11-13 2021-03-12 卓尔智联(武汉)研究院有限公司 File uploading method, file querying method and electronic equipment
CN112417501A (en) * 2020-11-18 2021-02-26 中国电子科技集团公司第三十研究所 Block chain-based extranet confidential file detection method
CN113992432A (en) * 2021-12-24 2022-01-28 南京中孚信息技术有限公司 Message processing method, message bus system, computer device, and storage medium
CN115688192A (en) * 2022-10-21 2023-02-03 广西电网有限责任公司 Webpage tamper-proofing monitoring method and system based on block chain and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109325854A (en) * 2018-08-16 2019-02-12 北京京东尚科信息技术有限公司 Block chain network, dispositions method and storage medium
CN109871709A (en) * 2018-12-20 2019-06-11 顺丰科技有限公司 Block chain private data deposits card method, system and storage medium
CN111163034A (en) * 2018-10-22 2020-05-15 北京京东尚科信息技术有限公司 Block chain network, electronic lock control method thereof, terminal device and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11924322B2 (en) * 2017-05-16 2024-03-05 Arm Ltd. Blockchain for securing and/or managing IoT network-type infrastructure

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109325854A (en) * 2018-08-16 2019-02-12 北京京东尚科信息技术有限公司 Block chain network, dispositions method and storage medium
CN111163034A (en) * 2018-10-22 2020-05-15 北京京东尚科信息技术有限公司 Block chain network, electronic lock control method thereof, terminal device and storage medium
CN109871709A (en) * 2018-12-20 2019-06-11 顺丰科技有限公司 Block chain private data deposits card method, system and storage medium

Also Published As

Publication number Publication date
CN111832083A (en) 2020-10-27

Similar Documents

Publication Publication Date Title
CN111832083B (en) System resource tamper-proofing method based on block chain and national secret digital fingerprint technology
Kim et al. The design and implementation of tripwire: A file system integrity checker
Kim et al. Experiences with tripwire: Using integrity checkers for intrusion detection
US7996679B2 (en) System and method for performing a trust-preserving migration of data objects from a source to a target
US8474032B2 (en) Firewall+ storage apparatus, method and system
Fu et al. Security threats to Hadoop: data leakage attacks and investigation
US11449602B1 (en) Systems and methods for generating trust binaries
Gittins et al. Malware persistence mechanisms
Kardile Crypto ransomware analysis and detection using process monitor
CN112422527B (en) Threat assessment system, method and device for substation power monitoring system
CN113608907A (en) Database auditing method, device, equipment, system and storage medium
US11822647B1 (en) Data structure for trust store
CN114818005B (en) Linux system integrity checking method and system
Li et al. Uclog: A unified, correlated logging architecture for intrusion detection
US11928205B1 (en) Systems and methods for implementing cybersecurity using blockchain validation
CN100353277C (en) Implementing method for controlling computer virus through proxy technique
Blanc et al. A collaborative approach for access control, intrusion detection and security testing
Zlatkovski et al. A new real-time file integrity monitoring system for windows-based environments
CN111931218A (en) Client data safety protection device and protection method
CN111614620A (en) Database access control method, system and storage medium
Risto Forensics from trusted computing and remote attestation
Gehani Support for automated passive host-based intrusion response
CN110677483A (en) Information processing system and trusted security management system
Gehani et al. Augmenting storage with an intrusion response primitive to ensure the security of critical data
US11368377B2 (en) Closed loop monitoring based privileged access control

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: Room 2004, building 2, juhuiyuan, 108 Xuanwu Avenue, Xuanwu District, Nanjing City, Jiangsu Province

Applicant after: Jiangsu Kaibo Technology Co.,Ltd.

Address before: Room 2004, building 2, juhuiyuan, 108 Xuanwu Avenue, Xuanwu District, Nanjing City, Jiangsu Province

Applicant before: Jiangsu Kaibo Technology Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20210518

Address after: Room 2004, building 2, juhuiyuan, 108 Xuanwu Avenue, Xuanwu District, Nanjing City, Jiangsu Province

Patentee after: Jiangsu Kaibo Technology Co.,Ltd.

Patentee after: Suzhou kaibotong Chain Technology Co.,Ltd.

Address before: Room 2004, building 2, juhuiyuan, 108 Xuanwu Avenue, Xuanwu District, Nanjing City, Jiangsu Province

Patentee before: Jiangsu Kaibo Technology Co.,Ltd.

TR01 Transfer of patent right