CN112818396B - BMC trusted audit log generation and management method - Google Patents
BMC trusted audit log generation and management method Download PDFInfo
- Publication number
- CN112818396B CN112818396B CN202110140019.6A CN202110140019A CN112818396B CN 112818396 B CN112818396 B CN 112818396B CN 202110140019 A CN202110140019 A CN 202110140019A CN 112818396 B CN112818396 B CN 112818396B
- Authority
- CN
- China
- Prior art keywords
- file
- reference value
- confidential
- firmware
- bmc
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012550 audit Methods 0.000 title claims abstract description 99
- 238000007726 management method Methods 0.000 title claims abstract description 31
- 238000000034 method Methods 0.000 claims abstract description 20
- 238000000605 extraction Methods 0.000 claims description 36
- 238000004364 calculation method Methods 0.000 claims description 30
- 230000015572 biosynthetic process Effects 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 claims description 4
- 101100217298 Mus musculus Aspm gene Proteins 0.000 claims description 3
- 238000005070 sampling Methods 0.000 claims description 3
- 238000003491 array Methods 0.000 claims description 2
- 238000012937 correction Methods 0.000 claims description 2
- 238000013507 mapping Methods 0.000 claims description 2
- 238000013475 authorization Methods 0.000 claims 1
- 230000010365 information processing Effects 0.000 claims 1
- HOWHQWFXSLOJEF-MGZLOUMQSA-N systemin Chemical compound NCCCC[C@H](N)C(=O)N[C@@H](CCSC)C(=O)N[C@@H](CCC(N)=O)C(=O)N[C@@H]([C@@H](C)O)C(=O)N[C@@H](CC(O)=O)C(=O)OC(=O)[C@@H]1CCCN1C(=O)[C@H]1N(C(=O)[C@H](CC(O)=O)NC(=O)[C@H](CCCN=C(N)N)NC(=O)[C@H](CCCCN)NC(=O)[C@H](CO)NC(=O)[C@H]2N(CCC2)C(=O)[C@H]2N(CCC2)C(=O)[C@H](CCCCN)NC(=O)[C@H](CO)NC(=O)[C@H](CCC(N)=O)NC(=O)[C@@H](NC(=O)[C@H](C)N)C(C)C)CCC1 HOWHQWFXSLOJEF-MGZLOUMQSA-N 0.000 claims 1
- 108010050014 systemin Proteins 0.000 claims 1
- 239000000203 mixture Substances 0.000 abstract description 2
- 230000002035 prolonged effect Effects 0.000 abstract description 2
- 230000007123 defense Effects 0.000 abstract 1
- 238000012795 verification Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 108010028984 3-isopropylmalate dehydratase Proteins 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000011084 recovery Methods 0.000 description 2
- 206010033799 Paralysis Diseases 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000003028 elevating effect Effects 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000002910 structure generation Methods 0.000 description 1
- 238000013024 troubleshooting Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/11—File system administration, e.g. details of archiving or snapshots
- G06F16/116—Details of conversion of file system types or formats
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/16—File or folder operations, e.g. details of user interfaces specifically adapted to file systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/1805—Append-only file systems, e.g. using logs or journals to store data
- G06F16/1815—Journaling file systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention discloses a method for generating and managing a BMC (baseboard management controller) credible audit log, which belongs to the technical field of unit core sensitive information security and is characterized in that in view of the characteristics of complete hierarchy, strong concealment, quick deformation, short life cycle, multiple types and small volume of the information, a three-level reference value library is constructed by using word frequency composition characteristic values of file receiving date, author passwords and keywords and is used for implementing hierarchical complete coverage on the life cycle of confidential information type files, meanwhile, the date of warehouse entry is used as an audit date, 24 hours is used as an audit time frequency, the protection duration of individual confidential information is prolonged while the audit frequency is improved, so that the integrity of the files can be quickly protected when the files are subjected to external attack, and the security when the files are stolen by internal personnel is subjected to. The invention stands on the standpoint of an administrator, takes the audit log as a gripper, and simultaneously realizes active defense on external attack and internal theft by rapidly eliminating the consequences of external attack and preventing the sources of internal theft.
Description
Technical Field
A BMC trusted audit log generation and management method belongs to the technical field of unit core sensitive information security.
Background
With the increasing severity of network forms, the world is facing opportunities, but is also facing more significant challenges, and security issues are becoming a major concern for various countries. Information security means that an information system can run continuously and reliably, and security in the whole network environment, especially data security, protocol security and access security, is always paid great attention. The domestic server is developed from a lower global level to the present day by day, and with the development of big data, cloud computing, AI technology and mobile communication, the market of the domestic server requires the server to have higher security, so that the confidentiality and the integrity of the data are ensured, and the information service provided by the domestic server cannot be interrupted, thereby causing network paralysis.
On the server, there is an inherent security defect, one intrusion means is to start from BIOS, and the other hidden trouble is that each server has a necessary baseboard management controller BMC.M Baseboard Management Controller) is a special processor for monitoring the physical state of the relevant components in the server, such as input/output interface, input/output bus, cpu temperature, power status, fan speed, etc., in conjunction with the intelligent platform management interface (IPMI, intelligent Platform Management Interface) to facilitate better operation and maintenance of the server by the administrator, including server local and remote diagnostics, console support, configuration management, hardware management, and troubleshooting, etc. Starting from the two aspects, the most basic potential safety hazard can be stopped to the greatest extent.
Obviously, if the BMC has a bug, it will be similar to a crash of a basic input output system (BIOS, basic Input Output System). The architecture composition of the IPMI is a key ring, and the BMC is mastered, so that the server is not easy to lose. In reality, similar BMC hidden danger appears, and servers of some manufacturers have the risk that BMCs are not accessed through authentication; some BMCs of the manufacturer server have security holes, and an intruder can imitate legal users to check user records and execute transactions; the security hole often provides an attacker with unauthorized access and an entry point for attacking the system, so as to achieve the purpose of controlling or destroying the system, and recently, the worker letter department discovers that the BMC management chip of the chip manufacturer in the United states has the security hole, can steal user data to send outwards, and cannot be turned off or shielded.
The BMC system is generally only seen by core personnel, such as a company administrator, and based on the fact that the BMC is trusted to start, the potential safety hazard caused by access control of a drilled blank (such as an intruder imitating a legal user, an intruder elevating authority, an illegal person using an administrator account to tamper data and other illegal subjects to enter a protection area) can be found to be the largest aspect by analyzing the threat faced by the BMC and eliminating the threat which can be solved by the existing security policy. Aiming at the problems, the invention provides a method for ensuring the reliability and tamper resistance and recovery of the audit log under the audit log function requirement of the BMC system, so as to strengthen the audit log protection mechanism of the BMC system and ensure the confidentiality and the integrity of the audit log.
The patent application number CN111478962A discloses a block chain trusted log storage system, which manages management nodes of a regional chain system after nodes pass auditing and submits data requests to form a data operation log, other nodes form consensus nodes with common nodes after log verification, and finally the consensus verification is carried out. The independent hardware module serving as the log storage module authenticates the audit software running under the operating system serving as the log audit module, and the audit software is allowed to access the memory serving as the log storage unit only when the authentication is passed, so that the hidden danger that a third party tool may tamper with the log is eliminated. The scheme is mainly innovative for registration and auditing of the blockchain node, but does not explain how the trust of the log is realized through storage of the blockchain, and how the log is verified and accessed. The BMC system is used as a system for managing a server and has strong privacy, is generally only in a local area network, and is not suitable for introducing the trust of a blockchain assurance log.
The patent application number CN111858528A is a BMC log collecting and managing method, system, terminal and storage medium, and proposes that a log compressed file naming rule is set by setting the storage peak value of a log storage system, the size limit of each log compressed file and the number limit value of the log compressed file which is stored at most once, a log storage rule is formulated according to the label, the storage peak value, the number limit value and the size limit of the log compressed file, a new log compressed file is obtained after the log storage system is started, and the log compressed file is managed according to the formulated naming rule and the formulated storage rule. The method mainly aims at storing and managing log files and adjusts the storage quantity and the size of the log files, but the method does not consider the integrity and the credibility of the BMC log, mainly aims at the characteristic of small storage space of the BMC, compresses and manages the log, and stores the log as much as possible.
The patent application number CN108322306A is named as a privacy protection-oriented cloud platform trusted log auditing method based on a trusted third party, which provides collection and safe transmission of the trusted hardware-based cloud platform audit log, verification data structure generation and release of the third party audit log, audit log verification of cloud service providers and cloud users, and reliable collection and transmission of audit log. However, the method belongs to the field of cloud computing, is huge for user groups, and cannot recover the log after the log integrity is damaged although trusted verification measures are mentioned.
In the aspect of guaranteeing the credibility of audit logs, most schemes propose to store the logs on a blockchain for reading and displaying, and the integrity of log records is guaranteed through decentralization. The blockchain is characterized by transparent disclosure, confidentiality of log content cannot be guaranteed, and has great limitations, such as the disclosure of the blockchain cannot guarantee security, the private building of the blockchain is too costly, and there are enough blocks. The current development of the blockchain technology is not perfect, the blockchain on the journal memory is difficult to delete, and the data storage consumption is particularly large. In the audit log generation scheme, the confidentiality and the integrity of the protection log are rarely mentioned by the audit log generation scheme, and the optimization processing is only carried out on the problem of the storage space.
However, in the prior art, the problem of protecting the integrity and the security of the unit core secret by taking an audit log as a grip and the problem of rapidly solving the security of text information caused by external attack and internal theft are not involved in the standpoint of how to stand on an administrator. For enterprises, the core secrets at least comprise business secrets and key technical secrets, and the secrets have the characteristics of complete hierarchy, strong concealment, quick deformation, short life cycle, multiple types and small volume.
Disclosure of Invention
The invention aims to provide a solution to audit logs suitable for integrity and security protection of core sensitive files of enterprises and institutions.
The invention is characterized in that the invention is a method which is established on the basis of trusted starting and is hung on a UEFIBIOS confidentiality firmware file system on a kernel, stands on the standpoint of an administrator when facing external attack which damages the file integrity or internal theft which loses the file confidentiality, takes an audit log as a grip, and is realized in a BMC confidentiality firmware file audit log management system, which is hereinafter referred to as a system, according to the following steps in sequence:
step (1) constructing a system, which comprises the following steps: management processor, CPU for BMC confidentiality firmware file BMC.M A database collection, a reference value calculation module, an original secret firmware file formatting module, and a secret firmware file extraction module, wherein:
BMC confidentiality firmware file system management processor except CPU BMC.M In addition to storing one
Three levels of reference value management tree, wherein:
a root node, represented by a reference value of the UEFIBIOS confidentiality file firmware system,
the middle layer node is respectively expressed by two reference values corresponding to the management of business secret type and key technology type audit logs,
leaf nodes, which are sets of respective confidentiality firmware file reference values respectively corresponding to two of said middle-level nodes,
meanwhile, the authority of the various files which can be authorized to be extracted is set,
the database set comprises a UEFIBUOS system confidentiality firmware file database, an audit log database, a backup database thereof and a benchmark database, wherein:
the confidential firmware file database of the UEFIBIOS system is a file format module of the original confidential firmware in the CPU BMC.M The data base is formatted under the control, and the array of the confidential firmware file of the UEFIBIOS system obtained after formatting is: [ date received, class of service, filename, author, and filesource ]],
Audit log database, system audit log corresponding to root node, audit log corresponding to each middle layer node, and audit of each confidential firmware file corresponding to each leaf node
A log, wherein:
the system audit log is represented by an array [ audit date, audit log formation date, administrator password, system reference value corresponding to the current various confidential firmware file reference values ],
two types of audit logs corresponding to two types of service are represented by arrays [ audit day, audit log generation day, administrator password, service class, class reference value corresponding to each confidential file reference value of the current class ],
the audit logs of the confidential firmware files belonging to the same category are represented by an array [ file number, file name, audit day, audit log formation day, manager password and file characteristic value ], wherein the file characteristic value is formed by sequentially concatenating keywords of the first three bits of the file receipt day, the password of the file author and the word frequency in the file.
The reference value calculation module comprises three sub-modules, namely single confidential firmware file reference value calculation, reference value calculation of each service class and system reference value calculation, wherein the three sub-modules are as follows:
the single confidential firmware file reference value calculation sub-module calculates the reference value according to the following steps:
(a) The characteristic values of the individual secret firmware files are constructed,
(b) Expanding the eigenvalue obtained in step (a) into an expanded eigenvalue code sequence of 160 bits by an expansion extension algorithm SHA1,
(c) Calculating the hash value of the extended characteristic value code sequence obtained in the step (b) by using a hash algorithm to obtain a reference value of a single confidential firmware file, wherein the reference value is used for judging the integrity and the authenticity of the file,
the reference value calculation sub-module of each service class calculates the reference value according to the following steps:
(a) concatenating the reference values of the individual confidential firmware files in the present category into characteristic values of all confidential firmware files in the present category according to a set order, calculating the reference values of all confidential firmware file sets by the method described in steps (b) -step (c) in the single confidential firmware file reference value calculation submodule of the present category for judging the integrity and the credibility of the confidential firmware files under the present category,
the system reference value calculation sub-module performs reference value calculation according to the following steps:
(a) concatenating the reference values of all service classes in the system into characteristic values of all confidential firmware files of the system according to a set order, calculating the system reference values of all the various confidential firmware file sets by the method described in the steps (b) - (c) in the single confidential firmware file reference value calculation submodule for judging the integrity and the credibility of the confidential firmware files of the system,
the three different types of reference values output by the three types of reference value calculation submodules form a three-level reference value tree, are stored in the reference value database,
the confidential firmware file extraction module is provided with a mapping table composed of four parameters of file extraction authority, file reference value and file storage address field which are uniformly set and granted by a request extractor-system so as to prevent internal illegal personnel from stealing confidential files and damaging the security of the files on the premise of not affecting the legal use of the files,
an original secret firmware file formatting module for CPU BMC.M Under control, the input confidential firmware files are modified into formatted files of a single confidential firmware file audit log one by one according to the content and format of the confidential firmware file audit log corresponding to the category,
and (2) managing the trusted audit log of the BMC firmware file sequentially according to the following steps:
step (2.1) system initialization:
taking the file storage date as the audit date, taking 24 hours as a sampling interval, calculating initial reference values based on file characteristic values of all nodes in the three-level reference value tree in the initialization date by counting the file withdrawal number and the actual storage number after the file withdrawal number in one day, forming an initialized initial three-level reference value tree, adding the initial three-level reference value tree into a corresponding audit log,
step (2.2) at the end of the second day, calculating dynamic reference values of all nodes in the three-level reference value tree by the same method, writing the dynamic reference values into a three-level audit log formed on the second day,
step (2.3) comparing two reference values in audit logs in two adjacent days, and judging:
if all the values are the same, the reference values in the corresponding audit logs in the three-level reference value tree are not changed,
if at least one of the files is different, it means that at least one of the files in the corresponding category is attacked externally, the integrity is lost, and the CPU is provided with a memory BMC.M Under the control, the audit log of the initial reference value in the audit log corresponding to the backup library is used for correction,
step (2.4) in the three-level reference value tree, ensuring the integrity of the file in the audit log corresponding to the reference value of each node, and then in the CPU BMC.M Under control, if a file extraction request from the confidential firmware file extraction module is received,
step (2.5) CPU BMC.M CPU according to the file category and range of authorized extraction from the extraction module BMC.M And (3) judging:
if the file extraction authority of the user is required to meet the preset authority, the extraction module is authorized to extract, otherwise, the extraction module is informed to reject the extraction, so that the safety of the file is protected.
In the system for managing the audit log of the confidential firmware file of the BMC, an exit management module of the confidential firmware file is also arranged, which takes the day as a unit and sends the log to the CPU every day BMC.M Reporting membership class, file name and number of withdrawn confidential firmware files for CPU BMC.M Is deleted from the corresponding database in the database set and is simultaneously processed by the CPU BMC.M And under control, correcting the corresponding reference values of all levels in the three-level reference value management tree.
The invention has the advantages that:
1. the invention starts to recover the integrity of the file when the file is attacked by the outside, ensures the safety of the file when the file is stolen by facing to internal personnel, and has stronger feasibility compared with the method of cutting in from an intrusion means.
2. Starting from the audit log of the file, the problems of quick restoration of the integrity of the file and protection of the security of the file from infringement are synchronously solved.
3. The invention uses the characteristic values of three parameters including time, social property and word frequency to define the characteristic information of the file, and has strong individuality and identifiability.
4. The standard value formed by expanding, extending and encrypting the characteristic value is taken as an element, a three-level standard value tree is provided, the standard value tree is taken as a framework, and the mechanism of withdrawing and updating the file is combined. Thereby realizing hierarchical full coverage on the life cycle of the classified files of the confidential information so as to implement full-scale protection.
5. The warehouse-in day is used as an audit day, and the day is used as the audit time frequency, so that the individual protection time length is prolonged, and the audit frequency is improved.
Therefore, the invention has the advantages of high feasibility, wide coverage, wide adaptability and high efficiency because the core secret of enterprises and public institutions has the characteristics of complete hierarchy, strong concealment, multiple types, small volume, quick change and short life cycle.
Drawings
FIG. 1 is a block diagram of a system architecture of the present invention;
FIG. 2 is a block diagram of a main process flow of the present invention;
fig. 3 is a diagram of a three-level reference value library architecture of the present invention.
Detailed Description
The invention provides a method for generating and managing a BMC (baseboard management controller) trusted audit log, which aims to enable a person skilled in the art to better understand the scheme of the invention, and the technical scheme of the invention is clearly and specifically described below by combining with the drawings in the embodiment of the invention.
Firstly, initializing a system, taking a file storage date as an audit date, and taking 24 hours as a sampling interval to count the number of the file exits and the actual storage file numbers after the file exits and the file enters in one day.
Step 2, in CPU BMC.M Under control, the secret firmware file formatting module formats the input secret firmware files one by one to generate an original secret firmware file;
step 3, the confidential firmware file formatting module is arranged in the CPU BMC.M Under control, the original secret firmware files are respectively sent to a system secret firmware file database for storage and a reference value calculation module for calculating a reference value;
step 4, a single secret firmware file reference value calculation sub-module of the reference value calculation module, wherein the characteristic value of the single secret firmware file is constructed according to the input original secret firmware file, the SHA1 characteristic value is used for expanding into a 160-bit code sequence, and a hash algorithm is used for calculating the hash value of the characteristic value code sequence to be used as the reference value of the single secret firmware file;
step 5, classifying the confidential firmware files according to business confidential categories and key technical categories by a standard value calculation submodule of each service category, respectively concatenating standard values of the confidential firmware files in each category into characteristic values of the confidential firmware files in each category according to a set sequence, and calculating standard values of all confidential firmware file sets;
step 6, the system reference value calculation sub-module concatenates the reference values of two service categories in the system into characteristic values of all confidential firmware files of the system according to a set sequence, and calculates the reference values of all confidential firmware file sets;
step 7: the reference value calculation module outputs a three-level reference value tree, as shown in fig. 2, stores the three-level reference value tree in a reference value database, and simultaneously transmits data to an audit log database and an audit log backup library to be written into the system audit logs of the root nodes, the audit logs of the middle nodes and the audit logs of the confidential firmware files of the leaf nodes which are respectively corresponding to each other;
the above is the flow of generation of the reference value and the generation of the audit log, followed by the flow of management of the audit log and the confidential firmware file.
Step 1: generating a reference value in the same way in the second day, comparing the reference values in the audit logs in two adjacent days, if the reference values are the same, the integrity of the corresponding audit log in the three-level reference value library is not changed, otherwise, indicating that at least one file in the corresponding category is attacked by the outside;
step 2: if the file is detected to be attacked externally, the CPU is used for processing the file BMC.M Under control, reading an audit log of an initial reference value in the corresponding audit log from the backup library for recovery;
when the user extracts the confidential file, the legal extraction is judged, and the process is as follows:
step 1: CPU (Central processing Unit) BMC.M A file extraction request sent by a confidential firmware file extraction module is received;
step 2: CPU (Central processing Unit) BMC.M Judging whether the file exists in a preset authorized extraction person list according to the file type and range of authorized extraction sent by the extraction module, and then CPU BMC.M Sending an extraction control instruction to the extraction module;
step 3: if present, CPU BMC.M Issuing an authorized extraction instruction, and performing legal extraction after the extraction module receives the instruction;
step 4: if not, CPU BMC.M And sending out a refusal extraction instruction, and carrying out an unauthorized extraction warning after the extraction module receives the instruction.
When the confidential firmware file exits from management, the CPU BMC.M And deleting the file from the corresponding database in the database set, and simultaneously correcting the corresponding reference value in the three-level reference value management tree under the control of the CPUBMC.M.
It should be understood that although the present disclosure describes embodiments in terms of embodiments, not every embodiment is provided with a single embodiment, and that this description is made only for clarity, and that the embodiments may be practiced in any suitable combination as understood by those skilled in the art.
The above list of detailed descriptions is only specific to practical embodiments of the present invention, and they are not intended to limit the scope of the present invention, and all equivalent embodiments or modifications that do not depart from the spirit of the present invention should be included in the scope of the present invention.
Claims (2)
1. A BMC trusted audit log generation and management method is characterized in that the method is established on the basis of trusted starting and hung on a UEFIBIOS confidentiality firmware file system on a kernel, stands on the standpoint of an administrator when facing external attack for destroying file integrity or internal theft for losing file confidentiality, and is put forward by taking the audit log as a gripper, and is realized in a BMC confidential firmware file audit log management system and a system for short below according to the following steps:
step (1) constructing a system, which comprises the following steps: management processor, CPU for BMC confidentiality firmware file BMC.M A database collection, a reference value calculation module, an original secret firmware file formatting module, and a secret firmware file extraction module, wherein:
BMC confidentiality firmware file system management processor except CPU BMC.M In addition, a three-level reference value management tree is stored, wherein:
the root node is represented by a reference value of the UEFIBUS confidentiality file firmware system;
the middle-layer node is respectively represented by two reference values corresponding to the management of business secret types and key technology audit logs;
leaf nodes are sets of confidentiality firmware file reference values respectively corresponding to the two middle-layer nodes;
simultaneously, the authority which can be extracted by authorization of various files is set; the database set comprises a UEFIBUOS system confidentiality firmware file database, an audit log database, a backup database thereof and a benchmark database, wherein:
the UEFIBIOS system secret firmware file database is a kind of information processing systemIn the original secret file formatting module, in the CPU BMC.M The database is formatted under control, and the array of the confidential firmware file of the UEFIBIOS system obtained after formatting is: [ date received, class of service, filename, author, and filesource ]],
An audit log database, corresponding to the system audit log of the root node, the audit log of each middle layer node, and the audit log of each confidential firmware file of each leaf node, wherein:
the system audit log is represented by an array [ audit date, audit log formation date, administrator password, system reference value corresponding to the current various confidential firmware file reference values ],
two types of audit logs corresponding to two service types are represented by arrays [ audit day, audit log generation day, administrator password, service type, type reference value corresponding to each confidential file reference value of the current type ],
the audit logs of the confidential firmware files belonging to the same category are represented by an array [ file number, file name, audit day, audit log formation day, manager password and file characteristic value ], wherein the file characteristic value is formed by sequentially concatenating keywords of the first three bits with high word frequency in the file, namely the file receipt day, the password of the file author;
the reference value calculation module comprises three sub-modules, namely single confidential firmware file reference value calculation, reference value calculation of each service class and system reference value calculation, wherein the three sub-modules are as follows:
the single confidential firmware file reference value calculation sub-module calculates the reference value according to the following steps:
(a) The characteristic values of the individual secret firmware files are constructed,
(b) Expanding the eigenvalue obtained in step (a) into an expanded eigenvalue code sequence of 160 bits by an expansion extension algorithm SHA1,
(c) Calculating the hash value of the extended characteristic value code sequence obtained in the step (b) by using a hash algorithm to obtain a reference value of a single confidential firmware file, wherein the reference value is used for judging the integrity and the authenticity of the file,
the reference value calculation sub-module of each service class calculates the reference value according to the following steps:
(a) concatenating the reference values of the individual confidential firmware files in the present category into characteristic values of all confidential firmware files in the present category according to a set order, calculating the reference values of all confidential firmware file sets by the method described in steps (b) -step (c) in the single confidential firmware file reference value calculation submodule of the present category for judging the integrity and the credibility of the confidential firmware files under the present category,
the system reference value calculation sub-module performs reference value calculation according to the following steps:
(a) concatenating the reference values of all service classes in the system into characteristic values of all confidential firmware files of the system according to a set order, calculating the system reference values of all the various confidential firmware file sets by the method described in the steps (b) - (c) in the single confidential firmware file reference value calculation submodule for judging the integrity and the credibility of the confidential firmware files of the system,
three different types of reference values output by the three types of reference value calculation submodules form a three-level reference value tree, are stored in the reference value database,
the confidential firmware file extraction module is provided with a mapping table composed of four parameters of file extraction authority, file reference value and file storage address field which are uniformly set and granted by a request extractor-system so as to prevent internal illegal personnel from stealing confidential files and damaging the security of the files on the premise of not affecting the legal use of the files,
an original secret firmware file formatting module for CPU BMC.M Under control, the input confidential firmware files are modified into formatted files of a single confidential firmware file audit log one by one according to the content and format of the confidential firmware file audit log corresponding to the category,
and (2) managing the trusted audit log of the BMC firmware file sequentially according to the following steps:
step (2.1) system initialization:
taking the file storage date as the audit date, taking 24 hours as a sampling interval, calculating initial reference values based on file characteristic values of all nodes in the three-level reference value tree in the initialization date by counting the file withdrawal number and the actual storage number after the file withdrawal number in one day, forming an initialized initial three-level reference value tree, adding the initial three-level reference value tree into a corresponding audit log,
step (2.2) at the end of the second day, calculating dynamic reference values of all nodes in the three-level reference value tree by the same method, writing the dynamic reference values into a three-level audit log formed on the second day,
step (2.3) comparing two reference values in audit logs in two adjacent days, and judging:
if all the values are the same, the reference values in the corresponding audit logs in the three-level reference value tree are not changed,
if at least one of the files is different, it means that at least one of the files in the corresponding category is attacked externally, the integrity is lost, and the CPU is provided with a memory BMC.M Under the control, the audit log of the initial reference value in the audit log corresponding to the backup library is used for correction,
step (2.4) in the three-level reference value tree, ensuring the integrity of the file in the audit log corresponding to the reference value of each node, and then in the CPU BMC.M Under control, if a file extraction request from the confidential firmware file extraction module is received,
step (2.5) CPU BMC.M CPU according to the file category and range of authorized extraction from the extraction module BMC.M And (3) judging:
if the file extraction authority of the user is required to meet the preset authority, the extraction module is authorized to extract, otherwise, the extraction module is informed to reject the extraction, so that the safety of the file is protected.
2. The method for generating and managing a trusted audit log of BMC according to claim 1, wherein the system for managing the audit log of confidential firmware files of BMC further comprises an exit management module for managing the confidential firmware files, which is configured to send the log to the CPU daily in daily units BMC.M Reporting the membership class, file name and number of the withdrawn confidential firmware file,so that CPU BMC.M Is deleted from the corresponding database in the database set and is simultaneously processed by the CPU BMC.M And under control, correcting the corresponding reference values of all levels in the three-level reference value management tree.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110140019.6A CN112818396B (en) | 2021-02-02 | 2021-02-02 | BMC trusted audit log generation and management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110140019.6A CN112818396B (en) | 2021-02-02 | 2021-02-02 | BMC trusted audit log generation and management method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112818396A CN112818396A (en) | 2021-05-18 |
| CN112818396B true CN112818396B (en) | 2024-02-02 |
Family
ID=75861349
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110140019.6A Active CN112818396B (en) | 2021-02-02 | 2021-02-02 | BMC trusted audit log generation and management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112818396B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10015015B1 (en) * | 2014-09-30 | 2018-07-03 | EMC IP Holding Company LLC | Method and apparatus for verifying system log integrity |
| CN108322306A (en) * | 2018-03-17 | 2018-07-24 | 北京工业大学 | A kind of cloud platform reliable journal auditing method towards secret protection based on trusted third party |
| CN109561110A (en) * | 2019-01-19 | 2019-04-02 | 北京工业大学 | A kind of cloud platform audit log guard method based on SGX |
| CN109740353A (en) * | 2019-01-03 | 2019-05-10 | 北京工业大学 | A kind of credible starting method of the BMC firmware of server |
-
2021
- 2021-02-02 CN CN202110140019.6A patent/CN112818396B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10015015B1 (en) * | 2014-09-30 | 2018-07-03 | EMC IP Holding Company LLC | Method and apparatus for verifying system log integrity |
| CN108322306A (en) * | 2018-03-17 | 2018-07-24 | 北京工业大学 | A kind of cloud platform reliable journal auditing method towards secret protection based on trusted third party |
| CN109740353A (en) * | 2019-01-03 | 2019-05-10 | 北京工业大学 | A kind of credible starting method of the BMC firmware of server |
| CN109561110A (en) * | 2019-01-19 | 2019-04-02 | 北京工业大学 | A kind of cloud platform audit log guard method based on SGX |
Non-Patent Citations (1)
| Title |
|---|
| 基于可信计算平台的审计日志安全存储系统;成茂才;徐开勇;;计算机科学(第06期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112818396A (en) | 2021-05-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2351978C2 (en) | Method for provision of data records set integrity | |
| US20020141588A1 (en) | Data security for digital data storage | |
| CN107196934A (en) | A kind of cloud data managing method based on block chain | |
| CN113660224B (en) | Situation awareness defense method, device and system based on network vulnerability scanning | |
| CN105430000A (en) | Cloud computing security management system | |
| US20030236992A1 (en) | Method and system for providing secure logging for intrusion detection | |
| Doshi et al. | A review paper on security concerns in cloud computing and proposed security models | |
| CN109936555A (en) | A kind of date storage method based on cloud platform, apparatus and system | |
| WO2024088082A1 (en) | Method and device for auditing data integrity, and storage medium | |
| Hunter | An information security handbook | |
| Borhan et al. | A framework of TPM, SVM and boot control for securing forensic logs | |
| US11256824B2 (en) | Securing database backups with unique global identifier | |
| CN112818396B (en) | BMC trusted audit log generation and management method | |
| CN110311908A (en) | A kind of enterprises economic management information safe encryption method | |
| CN112187699B (en) | Method and system for sensing file theft | |
| CN111444270B (en) | Method and system for controlling harmful information based on block chain | |
| CN102752318B (en) | Information security verification method and system based on internet | |
| TW201917621A (en) | Detection method and system for preventing password file leakage building an index database to store the correct account/password pairing code | |
| Yang et al. | Analysis of Computer Network Security and Prevention Technology | |
| CN114567502B (en) | System for trusted security log management in communication network based on process control | |
| CN117439823B (en) | Cloud data intelligent authority authentication safety protection method and system | |
| KR102499947B1 (en) | Encryption key and smart contract implementation management system using hardware security module | |
| US20220255962A1 (en) | Systems and methods for creation, management, and storage of honeyrecords | |
| CN114969837A (en) | Important file tamper-proof method and system based on SM3Hash chain | |
| Kumar et al. | Data security framework for data-centers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |