CN113079160B - Safe host management system based on trusted computing - Google Patents
Safe host management system based on trusted computing Download PDFInfo
- Publication number
- CN113079160B CN113079160B CN202110357838.6A CN202110357838A CN113079160B CN 113079160 B CN113079160 B CN 113079160B CN 202110357838 A CN202110357838 A CN 202110357838A CN 113079160 B CN113079160 B CN 113079160B
- Authority
- CN
- China
- Prior art keywords
- trusted
- server
- module
- security
- management system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention discloses a security host management system based on trusted computing, which comprises a transaction security management system and a server area, wherein the server area comprises a file server, a data server and a mail server, the security management system is deployed on all the server areas, the security management system and the server areas are connected with the Internet through a switch, a firewall and a router, the security management system comprises a security management center, a security agent program and a user identity authentication USB-KEY, and trusted computing security protection system software is loaded in the server areas to form a trusted application management platform.
Description
Technical Field
The invention relates to the technical field of system management, in particular to a safe host management system based on trusted computing.
Background
Based on the particularity of the power service, the construction of the information security guarantee system of the power service not only needs to meet the requirements of safe and reliable operation of the system, but also needs to meet the relevant policies and requirements of the state and the power industry. The information security guarantee work is paid great attention by the country, and relevant departments of the country continuously issue corresponding files and requirements, so that the construction of the project conforms to the national and industry information security standards and specifications, an information security guarantee system is comprehensively and deeply planned and designed, the advancement and the standardization of the construction of the security guarantee system of the electric power information system are ensured, and the security host management system based on the trusted computing is provided.
Disclosure of Invention
The present invention is directed to a secure host management system based on trusted computing, so as to solve the problems in the background art.
The purpose of the invention is realized by the following technical scheme:
a security host management system based on trusted computing comprises a security management system and a server area, wherein the server area comprises a file server, a data server and a mail server, the security management system is deployed on all the server areas, the security management system and the server areas are connected with the Internet through a switch, a firewall and a router, the security management system comprises a security management center, a security agent program and a user identity authentication USB-KEY, trusted computing security protection system software is installed in the server area to form a trusted application management platform, the trusted application management platform comprises a trusted management platform, a trusted function platform and a trusted platform standardization module, the trusted platform standardization module is used for designing a trusted function module, the trusted management platform is used for managing the trusted function module, the trusted management platform comprises a security management center module and a trusted auditing module, the trusted function module comprises a user identity trusted module, a trusted execution program module, a trusted program module, a network connection trusted module, a file mandatory access control module, a configuration verification module, a software distribution management module, a registry mandatory access control module, a trusted mobile media access control module and a mandatory access control process module.
In the invention, the security management center is a core, and each server receives the unified management of a security administrator under the support of the security management center so as to realize that the running state of each server is always controllable and manageable; a hardware module USB-KEY is added on the existing server hardware platform and is used as a trust root of the system and a unique identifier of the user identity; and installing a server security agent and executing a security policy in a kernel layer of an operating system of each server.
In the invention, the user identity trusted module provides the identity identification verification of the user based on trusted computing, binds trusted verification equipment with the user identity and a server, realizes the double-factor identity authentication of the user identity and supports the login authentication failure locking function; the idle overtime locking function after the user logs in is supported, the user login authority is controlled, and the server is effectively prevented from being damaged due to unauthorized authentication.
Compared with the prior art, the safe host management system based on the trusted computing has the advantages that various invasion behaviors can be resisted, illegal access of internal personnel is prevented, the overall defense is improved, a unified safe management platform is constructed, all servers are controlled in a centralized mode, system vulnerability attack is prevented, infection of ferry trojans and damage of immune trojan viruses are prevented, and the safety level of an operating system is improved.
Drawings
FIG. 1 is a diagram of the overall system architecture of a trusted computing based secure host management system of the present invention;
FIG. 2 is a general architecture diagram of a trusted computing based secure host management system of the present invention;
FIG. 3 is an application architecture diagram of a trusted application management platform of a secure host management system based on trusted computing according to the present invention;
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments, and all other embodiments obtained by a person of ordinary skill in the art without creative efforts based on the embodiments of the present invention belong to the protection scope of the present invention.
As shown in fig. 1-3, the present invention discloses a security host management system based on trusted computing, which includes a security management system and a server area, where the server area includes a file server, a data server and a mail server, and a security management system is deployed on all server areas, the security management system and the server area are connected to the internet through a switch, a firewall and a router, the security management system includes a security management center, a security agent program and a user identity authentication USB-KEY, and trusted computing security protection system software is installed in the server area to form a trusted application management platform, which includes a trusted management platform, a trusted function platform and a trusted platform normalization module, the trusted platform normalization module is used to design a trusted function module, the trusted management platform is used to manage the trusted function module, and the trusted management platform includes the security management center module and the trusted platform normalization module, the trusted application management platform includes the trusted management module, the trusted execution program module, a trusted network connection module, a file mandatory access control module, a configuration trusted execution program module, a software distribution management module, a trusted form mandatory access control module, a trusted mobile access control module and a trusted platform mandatory access control module.
In the invention, the security management center is a core, and each server receives the unified management of a security administrator under the support of the security management center so as to realize that the running state of each server is always controllable and manageable; a hardware module USB-KEY is added on the existing server hardware platform and is used as a trust root of the system and a unique identifier of the user identity; and installing a server security agent and executing a security policy in a kernel layer of an operating system of each server.
In the invention, the user identity trusted module provides the identity identification verification of the user based on trusted computing, binds trusted verification equipment with the user identity and a server, realizes the double-factor identity authentication of the user identity and supports the login authentication failure locking function; the idle overtime locking function after the user logs in is supported, the user login authority is controlled, and the server is effectively prevented from being damaged due to unauthorized authentication.
The security host management system based on the trusted computing can resist various invasion behaviors, prevent illegal access of internal personnel, improve the overall defense force, construct a unified security management platform, intensively manage and control all servers, prevent system vulnerability attack, prevent infection of ferry trojans and damage of immune trojan viruses, and improve the security level of an operating system.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Furthermore, it should be understood that although the present description refers to embodiments, not every embodiment may contain only a single embodiment, and such description is for clarity only, and those skilled in the art should integrate the description, and the embodiments may be combined as appropriate to form other embodiments understood by those skilled in the art.
Claims (3)
1. A secure host management system based on trusted computing, comprising a secure management system and a server area, characterized in that: the server area comprises a file server, a data server and a mail server, a security management system is deployed on all the server areas, the security management system and the server areas are connected with the Internet through a switch, a firewall and a router, the security management system comprises a security management center, a security agent program and a user identity authentication USB-KEY, trusted computing security protection system software is installed in the server areas to form a trusted application management platform, the trusted application management platform comprises a trusted management platform, a trusted function platform and a trusted platform standardization module, the trusted platform standardization module is used for designing a trusted function module, the trusted management platform is used for managing the trusted function module, the trusted management platform comprises a security management center module and a trusted auditing module, and the trusted function module comprises a user identity trusted module, a trusted execution program module, a script program trusted module, a network connection trusted module, a file mandatory access control module, a configuration trusted verification module, a software distribution management module, a registry mandatory access control module, a trusted mobile medium control module and a process mandatory access control module.
2. A secure host management system based on trusted computing according to claim 1, characterized by: the safety management center is a core, and all the servers receive the unified management of a safety manager under the support of the safety management center so as to realize that the running state of all the servers is always controllable and manageable; a hardware module USB-KEY is added on the existing server hardware platform and is used as a trust root of the system and a unique identifier of the user identity; and installing a server security agent and executing a security policy in a kernel layer of an operating system of each server.
3. A secure host management system based on trusted computing according to claim 1, characterized by: the user identity trusted module provides user identity identification verification based on trusted computing, binds trusted verification equipment with a user identity and a server, realizes double-factor identity authentication of the user identity, and supports a login authentication failure locking function; the idle overtime locking function after the user logs in is supported, the user login authority is controlled, and the server is effectively prevented from being damaged due to unauthorized authentication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110357838.6A CN113079160B (en) | 2021-04-01 | 2021-04-01 | Safe host management system based on trusted computing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110357838.6A CN113079160B (en) | 2021-04-01 | 2021-04-01 | Safe host management system based on trusted computing |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113079160A CN113079160A (en) | 2021-07-06 |
| CN113079160B true CN113079160B (en) | 2023-02-10 |
Family
ID=76614771
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110357838.6A Active CN113079160B (en) | 2021-04-01 | 2021-04-01 | Safe host management system based on trusted computing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113079160B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113726728B (en) * | 2021-07-13 | 2023-10-17 | 上海数慧系统技术有限公司 | Safety protection system and application system transformation processing method and device |
| CN113609494A (en) * | 2021-08-10 | 2021-11-05 | 上海交通大学 | Software and hardware system and architecture method suitable for trusted computing in high-performance scene |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103856477B (en) * | 2012-12-06 | 2018-01-02 | 阿里巴巴集团控股有限公司 | A kind of credible accounting system and corresponding authentication method and equipment |
| US9569638B2 (en) * | 2014-12-31 | 2017-02-14 | Google Inc. | Trusted computing |
| CN106982204A (en) * | 2017-02-15 | 2017-07-25 | 深圳市中科智库互联网信息安全技术有限公司 | Credible and secure platform |
| CN106991329A (en) * | 2017-03-31 | 2017-07-28 | 山东超越数控电子有限公司 | A kind of trust calculation unit and its operation method based on domestic TCM |
| CN113065136B (en) * | 2021-03-16 | 2024-03-22 | 广东电网有限责任公司汕尾供电局 | Host protection trusted computing system |
-
2021
- 2021-04-01 CN CN202110357838.6A patent/CN113079160B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN113079160A (en) | 2021-07-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8407240B2 (en) | Autonomic self-healing network | |
| US7712143B2 (en) | Trusted enclave for a computer system | |
| CN106326699B (en) | Server reinforcing method based on file access control and process access control | |
| EP2332285B1 (en) | Methods and systems for securely managing virtualization platform | |
| CN113079160B (en) | Safe host management system based on trusted computing | |
| CN105430000A (en) | Cloud computing security management system | |
| KR20050026624A (en) | Integration security system and method of pc using secure policy network | |
| US20060265486A1 (en) | One-core, a solution to the malware problems of the internet | |
| Sun et al. | SPLM: security protection of live virtual machine migration in cloud computing | |
| Rekik et al. | A cyber-physical threat analysis for microgrids | |
| CN114338105B (en) | Zero trust based system for creating fort | |
| CN111274620B (en) | USB device management and control method based on Windows operating system | |
| CN113065136B (en) | Host protection trusted computing system | |
| CN116015895A (en) | Big data computer network safety protection system | |
| CN113076542A (en) | Test management system for trusted computing in artificial intelligence | |
| Patel et al. | Cloud Computing Security, Privacy Improvements Using Virtualized High Trust Zone | |
| Ruha | Cybersecurity of computer networks | |
| Sun | A Security Reinforcement Method for Intranet Computer Terminal | |
| Surya et al. | Security issues and challenges in cloud | |
| Su et al. | Study of Cloud Computing Security Service Model | |
| Gong | Research and Practice of Cloud Application Security Based on Multi Factor Authentication Technology | |
| Yi et al. | Notice of Retraction: Technical Research of Credible Chain | |
| Appukuttan et al. | Operational considerations for substation security | |
| Lingdong et al. | Design and analysis of a kind of engineering information security protection system | |
| Dong et al. | Safety Protection Implementation for Automotive Repair Information Disclosure Service Platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |