CN114297652A - Endorsement chain system capable of preventing unknown network attack - Google Patents
Endorsement chain system capable of preventing unknown network attack Download PDFInfo
- Publication number
- CN114297652A CN114297652A CN202111645858.XA CN202111645858A CN114297652A CN 114297652 A CN114297652 A CN 114297652A CN 202111645858 A CN202111645858 A CN 202111645858A CN 114297652 A CN114297652 A CN 114297652A
- Authority
- CN
- China
- Prior art keywords
- endorsement
- authentication
- chain
- sensitive
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses an endorsement chain system capable of preventing unknown network attacks, and provides a mode of constructing an endorsement chain by fusing sensitive service extraction, authentication backward movement, authentication external arrangement, a chain structure, dynamic credibility and the like.
Description
Technical Field
The invention belongs to the technical field of network space security, and particularly relates to an endorsement chain system capable of preventing unknown network attacks.
Background
The cyberspace security domain does not give a well-recognized, definite definition of "unknown cyber attacks," which can be generally considered to be unknown when they satisfy the following two conditions: when an attacker launches a network attack on an information system of a defender through the Internet, the defender is unknown whether a vulnerability exists in the information system to be protected or not and what vulnerability exists; the attack characteristics, attack methods, tools used, attack samples, activity time, etc. of the defender to the attacker are also unknown.
In recent years, with the continuous improvement of network security defense technologies and products (hereinafter referred to as "defense products"), the defense effect of the defense products on known network attacks has been high, and some defense products even try to detect network attacks with unknown characteristics based on a large number of acquired attack samples by using big data analysis and artificial intelligence technology. However, at present, besides trusted computing, mimicry defense and zero trust, no other technology can realize effective defense against unknown network attacks on the premise of unknown attack characteristics, samples, methods and the like, and how to effectively prevent the unknown network attacks on the premise of resource limitation still remains an open problem which puzzles the strong countries of various networks in the world.
The trusted computing refers to the security protection of the information system while computing and calculating the information system, so that the information system can be measured, controlled and not interfered in the whole computing process, and the obtained computing result is consistent with the expected result. Trusted computing is a unique active defense technology based on an overall security idea, and from an early TPM (Trusted Platform Module) to a current Trusted execution environment represented by ARM TrustZone and Intel SGX, Trusted computing core key technologies such as secure boot, Trusted execution environment, measurement and certification, Trusted storage and the like are used as supports to construct a Trusted security support Platform to provide a security base stone for various types of terminals, edge terminals and cloud computing environments. The basic idea of implementing trusted computing is: firstly, a trust root is constructed, then a trust chain is established, starting from the trust root to a hardware platform, to an operating system and then to an application, and the trust is expanded to the whole computer system by one level of authentication and one level of trust, thereby ensuring the trust of the whole computer system. Trusted computing is a "static" trusted system that signs programs, and concerns whether the software and hardware themselves are trusted.
The mimicry defense is a dynamic redundancy structure based on a network space endogenous safety mechanism and proposed by Wu Jiangxing academy of China in 2008, and is used for dealing with unknown threats in a network space. Wu, the academy considers that the biggest problem faced by the current cyberspace field is that the vulnerability and backdoor in software and hardware cannot be thoroughly searched or are thoroughly checked, that is, the intrinsic safety problem of the cyberspace, which causes the biggest threat faced by the cyberspace to be an unknown attack implemented by an attacker based on the unknown vulnerability or backdoor, whereas the existing defense system of the current cyberspace is established based on the prior knowledge, is essentially a static, similar and definite defense system, and cannot defend the unknown safety threat. The basic assumption of mimicry defense is that heterogeneous executors are almost impossible to make the same error, and the core ideas are heterogeneous, dynamic and redundant. Specifically, the larger the heterogeneity of the executives, the lower the probability of the same vulnerability being exploited, the dynamism is in a way of generating a new executives set to replace the current executives set, and the redundancy means that there are multiple executives responding to the request of the user, and by comparing the execution results of different isoforms, a voting mechanism is used to return the correct response to the user.
Zero trust is a network security paradigm with resource protection as a core, and the premise is that: trust is never implicitly granted, but must be continually evaluated. The zero trust model removes trust in any one element, node, and service by assuming that a miss is inevitable or has occurred, looking for anomalous or malicious activity while continuing access control. The zero trust architecture accurately controls the Access nodes and the resource nodes and depends on Identity Identification and Access Management (IAM), Identity and Access Management, and Gartner defines the following: the IAM is a specification that enables the correct individual to access the correct resources at the correct time for the correct reasons. IAMs are able to meet mission critical requirements to ensure proper access to resources in an increasingly diverse technical environment and to meet increasingly stringent regulatory requirements. Of widespread interest are risk-based access control techniques, combined with a continuous rating of a user's risk during login to determine the operational rights that the user can have. Compared with the endorsement chain, the zero trust provides a defense concept taking the IAM as a core, and the endorsement chain provides an enhanced landing scheme. Zero trust considers dynamic authentication and authorization to be of paramount importance, while the endorsement chain presents a way of how dynamic authentication and authorization is not bypassed by attackers. It can be seen that the cognitive difference in the probability that the authentication and authorization mechanisms are bypassed is the first core difference between the two; zero trust requires constant monitoring of account, device, network activity and abnormal activity in data access to perform dynamic authorization; the endorsement chain considers that since it is an unknown network attack scenario, it is likely that any anomaly cannot be perceived, and therefore the endorsement chain does not activate itself based on the anomaly detection result. It can be seen that the confidence level for "anomaly detection" is the second core difference between the two; zero trust attempts to reduce the exposure of the resource to be protected, while endorsement chains assume that the resource to be protected will eventually be accessed, so its defense strategy is to embed a "security gene" inside the resource to be protected regardless of the resource exposure. It can be seen that the handling policy for resources to be protected is the third core difference between the two.
In summary, although the trusted computing can ensure the trust of the whole computer system, in most cases, the computer system needs to be used by people, and "computer system + people" constitutes an open complex huge system, because of the existence of people, the computer system has to introduce and receive external information, and most of the external information is unsigned untrusted content, and after the untrusted content enters the computer system, the untrusted content can be linked with a trusted program in the computer system to achieve the effect of effectively launching malicious attacks. For example, in the Windows operating system, when a user receives a "document" by mail and opens, the system will run a trusted winword. However, if the document docx contains the malicious macro, the malicious macro is activated and operated by the winword. Similarly, when the user opens the unsafe website by using the browser, the malicious script on the website can also be executed by the trusted browser (e.g., iexplor. To summarize, even if the computer system itself is trusted, the trusted computing defense system is bypassed because the computer system has to interact with the outside world during the actual application process. Currently, the industry recognized trusted systems that are prominently characterized are the Apple Mac series products, such as iPhone, Macbook. Such products only allow trusted programs from Apple stores to run, however, even so, the Safari browser on such products has been successfully compromised many times in the Pwn2Own challenge.
The core idea of mimicry defense is multi-mode voting (especially three-mode voting), and the theoretical basis is as follows: the probability that multiple heterogeneous systems will behave identically in error is infinitely close to 0, but will often behave identically when working correctly. For example, critical decision making systems on aircraft often require the installation of three different types of products, and when the system makes a decision inconsistent, a few majority-compliant principles are taken because it is unlikely 2/3 that the decision making systems are both at the same time in error and draw exactly the same false conclusion. The mimicry defense concept is just based on multi-mode voting in the fault tolerance field, so that at least two heterogeneous executives are inevitably required to be customized and additionally developed for a deterministic system to be protected, the work is high in cost and easy to make mistakes, and the overall cost of time and labor is high.
The core idea of zero trust is that trust is no longer defaulted for all behaviors, but rather a dynamic trust model is built. For example, after an employee remotely logs into an important system within the company using his assigned notebook, account number, and password, the employee may need to continue to provide the required credentials if they need to use other resources of the company. However, if the zero-trust gateway used for verifying the identity of the user has a vulnerability, an attacker may bypass the zero-trust access control mechanism without a notebook, an unknown account number and a password which are recorded by a company, and further be considered as a legal user to normally use sensitive resources in an enterprise. Zero trust presents such a risk because its starting point is dynamic authentication authorization, emphasized "dynamic", rather than how to prevent such dynamic authentication authorization from being bypassed by "unknown attack methods".
Disclosure of Invention
In view of this, the present invention provides an endorsement chain system capable of preventing unknown network attacks, and dynamic defense of a deterministic system to be protected is realized by constructing an endorsement chain.
The invention provides an endorsement chain system capable of preventing unknown network attack, which comprises: the system comprises a deterministic system, a heterogeneous endorsement node cluster and an endorsement chain scheduler;
wherein authentication move-back code is embedded in sensitive services of the deterministic system; the authentication backward shift code is used for collecting relevant information of sensitive services to form a meta-information group and sending the meta-information group to the heterogeneous endorsement node cluster; the heterogeneous endorsement node cluster comprises a plurality of endorsement nodes, each endorsement node adopts a chain topological structure to form an endorsement chain, and each endorsement chain is used for judging whether a user has the authority to access sensitive services or not according to the meta-information group; the endorsement chain scheduler operates in a safe trusted environment and is used for realizing linkage between a deterministic system and a heterogeneous endorsement node cluster; the deterministic system and heterogeneous endorsement node clusters are deployed in two different physical environments respectively and allow only endorsement-related communication between the two.
Further, the endorsement chain scheduler comprises a deterministic system management module, a sensitive service management module, an endorsement node management module, a user management module and an access control management module;
the deterministic system management module is used for managing the deterministic system to be protected and comprises basic information for configuring the deterministic system; the sensitive service management module is used for determining and managing sensitive services in the deterministic system, including configuring basic information of the sensitive services, customizing and embedding authentication backward-moving codes for the sensitive services; the endorsement node management module is used for setting basic information, an authentication program, a networking program and a communication program of the endorsement node; the user management module is used for managing users with access sensitive service authority; and the access control management module is used for establishing access rights among the user, the sensitive service and the endorsement node.
Further, the authentication move-back code is a code sequence or an encapsulated API.
Further, the embedded position of the authentication backward shift code in the sensitive service is determined in a random mode.
Further, the basic information of the deterministic system includes the name, domain name, IP address and port of the deterministic system.
Further, the basic information of the sensitive service comprises a deterministic system to which the sensitive service belongs, a sensitive service name, associated endorsement node information, an effective time and a forbidden time.
Further, the basic information of the endorsement node comprises an internal serial number, a globally unique ID and addressing information of the endorsement node.
Further, the user information comprises mnemonics corresponding to the user ID, the nickname, the password, the certificate and the endorsement node ID and the allowed access time.
The invention provides a defense method for preventing unknown network attack by adopting an endorsement chain system, which is characterized by comprising the following steps:
selecting a deterministic system to be protected, and screening out sensitive services from the services provided by the deterministic system according to business requirements and safety expectations; customizing an authentication backward shift code for the sensitive service, and embedding the authentication backward shift code into the sensitive service; the endorsement chain scheduler configures a deterministic system, sensitive services, endorsement nodes and basic information of a user, and establishes access rights among the user, the sensitive services and the endorsement nodes; the endorsement chain scheduler deploys heterogeneous endorsement nodes to form a heterogeneous endorsement node cluster; the endorsement chain system is started.
Furthermore, when the endorsement chain scheduler deploys heterogeneous endorsement nodes to form a heterogeneous endorsement node cluster, an endorsement chain is constructed by adopting a mode that each endorsement node endorses two other endorsement nodes, the other two nodes endorse each endorsement node, and the endorsement nodes do not endorse each other to form the heterogeneous endorsement node cluster.
Has the advantages that:
1. the invention provides a mode of constructing an endorsement chain by fusing sensitive service extraction, authentication backward movement, authentication external arrangement, a chain structure, dynamic credibility and the like, establishes an endorsement chain system capable of preventing unknown network attacks based on the endorsement chain, can defend authentication by-pass attacks by adopting the authentication backward movement, and can defend unauthorized or rights-lifting attacks by adopting the authentication external arrangement.
2. The invention provides a method for constructing a sensitive service pool to uniformly control a sensitive system, which comprises the steps of screening all sensitive services of a deterministic system to be protected to form the sensitive service pool, embedding authentication backward shift related codes into all the sensitive services in the sensitive service pool, and triggering authentication action of an endorsement chain once a certain user sends a certain operation to the sensitive services. By integrally protecting the sensitive service pool, even if an attacker sinks the system to be protected, the attacker still cannot use the sensitive service provided by the system.
3. The invention provides an endorsement chain topological structure with staggered proofs and elastic reorganization, the construction mode of the endorsement chain determines the safety attributes of the authentication system, such as robustness, expansibility, elasticity, damage resistance and reconfigurability, the safety of the authentication system is directly influenced by the design of the endorsement chain, and the safety of the authentication system can be effectively ensured by allocating credible endorsement nodes, a plurality of nodes to participate in endorsement during initialization, staggered proofs among the nodes and the design of the endorsement chain topological structure with elastic reorganization among a large number of nodes; meanwhile, a dynamic credibility can be established by using a staggered endorsement mechanism in a chain structure, so that nodes without a credible computing environment can be trusted by themselves by means of endorsements of other nodes.
Drawings
Fig. 1 is an architecture diagram of an endorsement chain system capable of preventing unknown network attacks according to the present invention.
Fig. 2 is a schematic diagram of a protection target sensitive service pool of an endorsement chain system capable of preventing unknown network attacks provided in the present invention.
Fig. 3 is a schematic diagram of a sensitive service of an embedded authentication backward shift code of an endorsement chaining system for preventing unknown network attacks provided by the present invention.
Fig. 4 is a schematic diagram of an endorsement chain topology structure of an endorsement chain system capable of preventing unknown network attacks provided by the present invention.
Detailed Description
The present invention will be described in detail below with reference to the accompanying drawings.
The invention provides an endorsement chain system capable of preventing unknown network attacks, which has the basic idea that: the invention provides a method for constructing an endorsement chain by fusion sensitive service extraction, authentication backward movement, authentication external arrangement, chain structure, dynamic credibility and the like, which can protect an important information system from unknown network attack.
The technical problem is that: how to defend against circumvention of unknown authentication.
Sensitive services provided by deterministic systems generally only allow specific users to access and use them, however, attackers may employ various methods to bypass the deterministic system authentication methods to achieve illegal access and use of sensitive services, such as: stealing cookies, stealing tokens, double authentication interception, etc. The deterministic system according to the invention is: the system has the advantages of high definition and fixation of the target, the function, the operation mode and the like, no interference of a large number of frequently uncertain factors, and high expectation on safe and reliable operation. Aiming at the technical problem, the invention provides a thought of 'authentication backward movement', namely, the important safety link of authentication is embedded into the sensitive service, so that even though an attacker bypasses various conventional authentication mechanisms in an access path, the attacker has to trigger the relevant codes of the authentication backward movement when finally arriving and actually accessing the sensitive service, thereby ensuring that various previous authentication bypassing methods cannot work, and causing the calling failure and self exposure of the sensitive service.
No matter where the original authentication function of the deterministic system to be protected is located and when triggered by any reason, the method embeds an additional authentication module which can be communicated with an authentication system in the sensitive service to be protected, so that the authentication is moved backwards to a position where the backward movement cannot be continued, and even though various conventional authentication mechanisms (known or unknown methods) are bypassed, an attacker has to trigger the authentication to activate the authentication system when the sensitive service is finally and actually called, so that the previous various authentication bypassing methods finally fail, and the sensitive service is failed to be called and exposed.
The second technical problem is that: how to defend against unknown unauthorized attacks.
When the sensitive service provided by the deterministic system is called, the tuple consisting of the user, the role, the authority, the behavior and the like is generally judged to realize authority identification, and the user can be released to use the sensitive service only within the permission range. However, attackers may employ various methods to bypass the authentication mechanism of a deterministic system to achieve illegitimate access, use sensitive services, such as: right-lifting, right-surmounting and escape, etc. Therefore, the invention provides an external authentication concept, which separates the important safety link of authentication from the deterministic system and independently and externally arranges the authentication system in the deterministic system, thereby effectively defending various rights-raising, rights-surmounting and escaping attacks surrounding the deterministic system.
The invention constructs a safe and credible authentication system in a heterogeneous computing cluster outside the system to be protected no matter where the original authentication function of the deterministic system to be protected is positioned and when the original authentication function is triggered, separates the key link of authentication from the deterministic system and the operating environment of the deterministic system, and independently and externally arranges the authentication system in the deterministic system, thereby effectively defending various attacks such as unauthorized, rights-taking, escape and the like.
The technical problem three is as follows: how to ensure the safety and credibility of the endorsement chain.
When the sensitive service provided by the deterministic system is called, the built-in authentication backward-moving code is triggered, and the external authentication system is further activated. The authentication system operates within a heterogeneous computing cluster comprised of a large number of heterogeneous nodes, referred to herein as "endorsement nodes". Besides the authentication program, the endorsement node also needs to run a networking and communication program so as to connect the large-scale distributed endorsement nodes together in a chain structure to form an endorsement chain. The security of the authentication system is crucial, since it directly determines the security of the sensitive service authentication process. And because the authentication program runs on the endorsement node, the safety of the endorsement chain directly influences the safety of the authentication system. The invention provides a chain type topological structure design for staggered verification among endorsement nodes, which can effectively guarantee the safety and the credibility of an endorsement chain and further guarantee the safety and the credibility of an authentication process.
The technical problem is four: how to defend against dynamically introduced attack code.
When a deterministic system has to introduce dynamic code in the running process, attack code processed by disguising or hiding and the like is introduced into the system to initiate an attack even if the deterministic system adopts trusted computing protection. The invention expands the static credibility into the dynamic credibility by adopting the staggered endorsement mechanism, namely, the staggered endorsement mechanism in the chain structure is used for establishing the dynamic trust, so that the nodes which originally do not have the credible calculation condition can be trusted by the endorsement of the credible nodes. Thus, even dynamically introduced attack code can still be detected and intercepted when trying to bypass authentication and authorization mechanisms to illegally invoke sensitive services.
In summary, the authentication backward shift, the authentication external, the chain topology, the dynamic trusted mechanism and the like are collectively referred to as an endorsement chain, the defense system constructed based on the endorsement chain idea is referred to as an endorsement chain system, the programs run on the endorsement nodes include an authentication program, a networking program and a communication program, and the endorsement chain system embeds the authentication backward shift code into the deterministic system and arranges the authentication system outside the deterministic system. The application of the endorsement chain system does not require an in-depth understanding, substantial modification, or reconfiguration of the system. After the endorsement chain system is applied, the deterministic system can prevent the sensitive service from being illegally used due to the 0day bug, the password leakage of the visitor, the unauthorized access of the attacker and the like, or the sensitive service is illegally used on the premise of being attacked, so that the safety events with small probability and great harm of the deterministic system are avoided. The more important a deterministic system is, the greater the value of the endorsement chain and the more acceptable the performance of the system degraded by the intervention of the endorsement chain.
The endorsement chain system capable of preventing unknown network attacks provided by the invention, as shown in fig. 1, specifically comprises: a deterministic system, a heterogeneous endorsement node cluster, and an endorsement chain scheduler.
The deterministic system is a protected object, and all protected sensitive services contained in the deterministic system are embedded with the same service-independent authentication backward-moving code.
The authentication backward-shifting code is used for extracting meta-information such as time, an accessor, accessed sensitive services, access types and the like, the meta-information and endorsement node addressing mode provided by the accessor and the accessor signature meta-information form a meta-information group, and then the meta-information group is sent to an authentication program in the heterogeneous endorsement node cluster. The authentication move-back code may be a sequence of codes, or may be a packaged API to facilitate modification of the source code. Furthermore, in order to improve the security of the authenticated backward-moving code, an attacker is prevented from directly jumping to the sensitive service binary code in the memory to call, and the authenticated backward-moving code is embedded into a random position in the sensitive service code sequence.
Specifically, the authentication move-back code sends a meta-information group consisting of meta-information such as < time, visitor, visited sensitive service, visit type, endorsement node addressing mode, visitor signature > to the authentication program in the heterogeneous endorsement node cluster. In the meta-information group, the addressing mode of the endorsement node and the visitor signature meta-information are provided by the visitor, and other meta-information is generated by the authentication backward-moving code. The visitor may be an authorized user or attacker. In fig. 1, VIP _ FuncX and the like represent sensitive services, origin _ Code and the like represent original codes of the sensitive services, and embedded _ Code represents an authentication move-back Code.
The heterogeneous endorsement node cluster is formed by a large-scale heterogeneous computing environment, nodes in the cluster are called endorsement nodes, an authentication program, a networking program and a communication program are operated on each endorsement node and have the functions of authentication, communication and networking, and the endorsement nodes are connected by a chain architecture to form an endorsement chain. The networking program and the communication program are used for maintaining communication between endorsement nodes, and can be realized by adopting a P2P system, or can be realized by adopting modes of independent construction, formation of alliance construction, use of heterogeneous cloud computing platforms provided by different manufacturers and the like; when the authentication program on a specific endorsement node provides authentication for a sensitive service, the authentication programs on other endorsement nodes also provide endorsements for the authentication program to prove the credibility of the authentication program. The endorsement node is a logical concept and can exist in the forms of physical computers, virtual machines, containers and the like. For example, in fig. 1, when node 3 is used as an authentication node to authenticate a sensitive service, the authentication procedures at node 1 and node 2 are 3 endorsements to prove the authenticity of node 3. Similarly, when node 2 acts as an authentication node, there will be nodes 1 and 12 endorsed for it, and so on.
In particular, a deterministic system and a heterogeneous endorsement node cluster are respectively deployed in two physical environments, only endorsement-related communication is allowed between the two, interactive communication is realized between the two through connection of a gateway, and therefore the deterministic system and an endorsement chain have no intersection on software and hardware.
The endorsement chain scheduler is used for realizing organic linkage between the deterministic system and the heterogeneous endorsement node cluster. The endorsement chain scheduler runs in a safe and reliable environment, all computers and related administrators need to be safe, reliable and reliable, and the trusted administrators are responsible for operation and need to perform auditing. Operations on the trusted computer can be considered to be safe and trusted as long as executable factors such as codes or scripts are not introduced from the outside. The method is practical and feasible for constructing the closed safe and trusted environment, and the closed safe and trusted environment is the safe and trusted environment like a computer environment for signing software, a U shield system for signing bank transaction information and the like.
The endorsement chain scheduler comprises a deterministic system management module, a sensitive service management module, an endorsement node management module, a user management module and an access control management module:
and the deterministic system management module is used for managing all the deterministic systems to be protected to establish a global view and supporting the configuration of basic information of the deterministic systems, such as names, domain names, IP addresses, ports and the like.
And the sensitive service management module is used for managing all sensitive services, including operations of adding, deleting, changing, searching and the like to the sensitive services, and supporting the basic information of the configured sensitive services and customizing the personalized authentication backward-moving codes. Basic information of the sensitive service, such as a deterministic system to which the sensitive service belongs, a sensitive service name, associated endorsement node information, effective time, forbidden time and the like. The authentication backward shift code generally needs to be written into personalized information of the sensitive service, so that the personalized information is embedded (for example, in a copying and pasting manner) into the sensitive service to realize linkage with an authentication program. For example, each sensitive service needs to be configured with its associated endorsement node (which is one type of personalized information). For example, if the addressing information of the (r) endorsement node (as shown in fig. 1) is embedded into the authentication move-back code in sensitive service a, then when the authentication move-back code is activated, the authentication procedure on the (r) endorsement node will be contacted to authenticate the visitor's operation.
And the endorsement node management module is used for managing the endorsement nodes to establish a global view, and comprises basic information, an authentication program, a topological relation and the like which are input into the endorsement nodes, wherein the basic information of the endorsement nodes comprises a node internal sequence number, a global unique ID, addressing information and the like. Taking a heterogeneous cloud as an example, when all endorsement nodes in the cloud are ready, an administrator needs to enter endorsement node information, such as node internal serial numbers (shown as (r) and (r)) in fig. 1, a globally unique ID (which may be considered to use a public key or a public key hash, etc. as an ID), addressing information (IP: Port), and the like, one by one in a scheduler. In this way, the scheduler can manage all endorsement nodes uniformly to establish a global view. In addition, since the authentication backward code in the sensitive service needs to communicate with the authentication program on the endorsement node, two-way dynamic authentication needs to be performed between the two, and information required by authentication needs to be configured in the scheduler.
After the endorsement node information is input, the administrator connects to the endorsement nodes one by one through a trusted computer (through the IP addresses and ports thereof), deploys authentication programs and the like to the endorsement nodes and runs the authentication programs. Meanwhile, the topological relation between endorsement nodes (i.e. which 2 nodes each node can endorse and which 2 nodes each node must endorse) also needs to be configured in this link, and thereafter, each endorsement node no longer operates in isolation, but forms the topological relation as shown in fig. 4.
And the user management module is used for managing users with access authority to specific sensitive services and establishing a global view, wherein the user information comprises user IDs, nicknames, passwords, certificates, mnemonics corresponding to endorsement node IDs, allowed access time and the like.
And the access control management module is used for establishing a many-to-many association relationship among the user, the sensitive service, the endorsement node and the authority. For example, user A may access sensitive services S1 and S2, and S1 may request an endorsement node x to authenticate itself, which in turn requires x-1, x-2 to endorse for its trustworthiness. The implementation method of the endorsement process is not limited, for example, when a accesses S1, it will activate the authentication move-back code embedded in S1 to ask a for 2 endorsement node mnemonics, a will send its associated meta-information (such as < time, visitor, visited sensitive service, access type, endorsement node mnemonics, visitor signature >) to S1 together, S1 knows that it should communicate with endorsement node x and present its authentication information and the mnemonics provided by a, x contacts the scheduler and requests 2 endorsement node information (especially current IP: Port) associated with the mnemonics, then after establishing a connection with 2 endorsement nodes and authenticating bi-directionally, x asks 2 endorsement nodes respectively, asking if the content is a has the right to access S1, if it has been configured in the dispatcher before, so a can get authorization.
The process of the endorsement chain system protection information system capable of preventing unknown network attack provided by the invention comprises the following steps:
The information system must have certainty to be suitable for protection using the endorsement chaining system provided by the present invention. The certainty of the information system means that the target, the function, the operation mode and the like of the information system are highly definite and fixed, and cannot be interfered by a large number of frequently uncertain factors, and the information system has high expectation on safe and reliable operation. For example, a highly secure server servicing the sensitive business of a banking system is a deterministic system, whereas a personal computer of a home user is not a deterministic system because it is possible to install new software or change the originally intended use at any time.
After the deterministic system to be protected is determined, a plurality of sensitive services need to be screened from the information system for protection. For non-sensitive services, traditional defense products can be employed to provide protection without the need for endorsement chaining protection, since even malicious exploitation by an attacker will not cause unacceptable harm.
And 2, selecting and determining sensitive services from the services provided by the deterministic system to be protected, and constructing a sensitive service pool.
Screening a plurality of sensitive services from the services provided by the deterministic system to be protected according to business requirements and security expectations, wherein a set formed by the sensitive services is called a sensitive service pool, and the sensitive services are as follows: and sending a specific instruction, reading and writing a specific file, reading and writing a database password table, uploading data and the like. All sensitive services in the sensitive service pool are within the protection range, so that an authentication move-back code needs to be embedded in the sensitive service pool, and once a visitor tries to use the sensitive service, the authentication move-back code is triggered to further activate the authentication system. A sensitive service pool composed of one or more sensitive services is shown in fig. 2, in which five actions, i.e., issuing an instruction, writing a file, starting an external transmission, outputting control, and changing a registry, are classified as the sensitive services, and in actual application, the sensitive services are screened according to business requirements and security expectations.
And 3, embedding an authentication backward shift code for the sensitive service.
And embedding an authentication backward shift code in a source code of the sensitive service, wherein the embedding position of the authentication backward shift code is not fixed and the embedding position is randomly selected under the best condition. The deterministic system has the possibility of being attacked, but the protected object of the endorsement chain is a sensitive service, so that the sensitive service can be prevented from being utilized by an attacker even if the deterministic system is attacked. Schematic diagrams of embedding authentication move-back codes in sensitive services are shown in fig. 1 and 3.
After the authentication move-back code is embedded in the sensitive service, the relationship between the user access, the sensitive service, the authentication move-back code and the endorsement node is shown in fig. 2. The sensitive service of 'issuing an instruction' is taken as an example for explanation: when the visitor successfully accesses the 'instruction issuing' sensitive service after passing through the conventional authentication mechanism of the deterministic system, an authentication backward-moving code embedded in the 'instruction issuing' sensitive service is triggered; the authentication backward-moving code sends the meta-information group of < time, visitor, visited sensitive service, visiting type, endorsement node addressing mode and visitor signature > to the heterogeneous endorsement node cluster, and the authentication program in the endorsement node identifies whether the current visitor has the right to visit the sensitive service according to the meta-information group.
Through the processing from step 1 to step 3, the authentication backward shift code is embedded in all the sensitive services of the deterministic system, and the adaptation of the deterministic system is completed.
And 4, deploying an endorsement chain system scheduler.
The information required by a deterministic system management module, a sensitive service management module, an endorsement node management module, a user management module and an access control management module of the configuration endorsement chain system scheduler.
And 5, deploying the heterogeneous endorsement node cluster to realize external authentication.
A private heterogeneous cloud platform (hereinafter referred to as heterogeneous cloud) is selected as an endorsement chain system host environment, the heterogeneous cloud comprises a large number of heterogeneous computing environments (such as virtual machines and containers with different operating systems), terminal computing environments in the heterogeneous cloud are endorsement nodes, and an authentication program, a networking program and a communication program are run on each terminal computing environment.
Therefore, the authentication function originally responsible for the deterministic system or the operating environment where the deterministic system is located is transferred to the external heterogeneous cloud, and the probability of an attacker attacking the heterogeneous cloud is greatly reduced compared with the probability of attacking the deterministic system. Besides the heterogeneous cloud scheme, the same purpose can be achieved by adopting computer clusters and the like except for cloud computing.
Further, based on heterogeneous cloud, in order to realize mutual dynamic trusted connection between endorsement nodes, the invention provides an endorsement chain topology structure with staggered proofs, and a dynamic trusted chain structure can be formed. The endorsement chain topology is shown in fig. 4, wherein each circle with a number represents an endorsement node, and the number in the circle represents the globally unique number of the node.
In the process of constructing the endorsement chain topology structure, each node endorses other two nodes, and each node also has other two nodes as endorsements, but the nodes do not endorse each other but alternately endorse each other to form an endorsement chain. For example, node 1 is endorsed by nodes 2 and 3, while nodes 11 and 12 are endorsed by node 1. Such a staggered endorsement structure can prevent fault contamination, i.e. prevent "two bad persons hijack a good person". By the interlocking effect of the endorsement chain, 51% of good nodes can be finally cleared from 49% of bad nodes. Thus, each node has two nodes endorsed by it, and two nodes endorsed by the rest of the nodes. When a node performs sensitive operations, two nodes must be guaranteed for it. The entry of an attack results in the inability to perform sensitive operations because it is not known who guarantees it, and the guaranteed content is not pre-generated.
And 6, starting a dynamic and credible endorsement chain system.
After the configuration is completed, the entire endorsement chain can start to boot and provide protection for the deterministic system. In the future, if a new endorsement node needs to be added into an endorsement chain, a new sensitive service needs to be protected, a new user needs to obtain authorization and the like, the operations need to be repeated. This is similar to trusted computing-when a new program is introduced to a trusted computer, it needs to be signed.
In summary, the above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. An endorsement chaining system for protection against unknown network attacks, comprising: the system comprises a deterministic system, a heterogeneous endorsement node cluster and an endorsement chain scheduler;
wherein authentication move-back code is embedded in sensitive services of the deterministic system; the authentication backward shift code is used for collecting relevant information of sensitive services to form a meta-information group and sending the meta-information group to the heterogeneous endorsement node cluster; the heterogeneous endorsement node cluster comprises a plurality of endorsement nodes, each endorsement node adopts a chain topological structure to form an endorsement chain, and each endorsement chain is used for judging whether a user has the authority to access sensitive services or not according to the meta-information group; the endorsement chain scheduler operates in a safe trusted environment and is used for realizing linkage between a deterministic system and a heterogeneous endorsement node cluster; the deterministic system and heterogeneous endorsement node clusters are deployed in two different physical environments respectively and allow only endorsement-related communication between the two.
2. The endorsement chain system of claim 1, wherein the endorsement chain scheduler comprises a deterministic system management module, a sensitive service management module, an endorsement node management module, a user management module, and an access control management module;
the deterministic system management module is used for managing the deterministic system to be protected and comprises basic information for configuring the deterministic system; the sensitive service management module is used for determining and managing sensitive services in the deterministic system, including configuring basic information of the sensitive services, customizing and embedding authentication backward-moving codes for the sensitive services; the endorsement node management module is used for setting basic information, an authentication program, a networking program and a communication program of the endorsement node; the user management module is used for managing users with access sensitive service authority; and the access control management module is used for establishing access rights among the user, the sensitive service and the endorsement node.
3. The endorsement chain system of claim 1, wherein the authentication move-back code is a code sequence or an encapsulated API.
4. The endorsement chain system of claim 1, wherein the location of the authentication backshifting code embedded in the sensitive service is determined in a random manner.
5. The endorsement chain system of claim 2, wherein the essential information of the deterministic system comprises a name, a domain name, an IP address, and a port of the deterministic system.
6. The endorsement chain system of claim 2, wherein the basic information of the sensitive service comprises a deterministic system to which the sensitive service belongs, a sensitive service name, associated endorsement node information, an effective time, and a disabled time.
7. The endorsement chain system of claim 2, wherein the basic information of the endorsement node comprises an internal serial number, a globally unique ID, and addressing information of the endorsement node.
8. The endorsement chain system of claim 2, wherein the user information comprises user IDs, nicknames, passwords, certificates, mnemonics corresponding to endorsement node IDs, and allowed access times.
9. A defense method against unknown network attacks using the endorsement chaining system of claim 1, comprising the following steps:
selecting a deterministic system to be protected, and screening out sensitive services from the services provided by the deterministic system according to business requirements and safety expectations; customizing an authentication backward shift code for the sensitive service, and embedding the authentication backward shift code into the sensitive service; the endorsement chain scheduler configures a deterministic system, sensitive services, endorsement nodes and basic information of a user, and establishes access rights among the user, the sensitive services and the endorsement nodes; the endorsement chain scheduler deploys heterogeneous endorsement nodes to form a heterogeneous endorsement node cluster; the endorsement chain system is started.
10. The defense method according to claim 9, wherein the endorsement chain scheduler deploys heterogeneous endorsement nodes to form a heterogeneous endorsement node cluster, and each endorsement node performs endorsement on two other endorsement nodes, and each endorsement node performs endorsement on the other two nodes simultaneously, and the endorsement nodes do not perform endorsement with each other, so as to form the heterogeneous endorsement node cluster.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111645858.XA CN114297652B (en) | 2021-12-30 | 2021-12-30 | Endorsement chain system capable of preventing unknown network attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111645858.XA CN114297652B (en) | 2021-12-30 | 2021-12-30 | Endorsement chain system capable of preventing unknown network attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114297652A true CN114297652A (en) | 2022-04-08 |
| CN114297652B CN114297652B (en) | 2022-07-26 |
Family
ID=80972492
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111645858.XA Active CN114297652B (en) | 2021-12-30 | 2021-12-30 | Endorsement chain system capable of preventing unknown network attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114297652B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050144440A1 (en) * | 2003-12-31 | 2005-06-30 | International Business Machines Corp. | Method for securely creating an endorsement certificate in an insecure environment |
| US20190102555A1 (en) * | 2017-10-02 | 2019-04-04 | Microsoft Technology Licensing, Llc | System integrity using attestation for virtual trusted platform module |
| CN109858270A (en) * | 2019-02-22 | 2019-06-07 | 江苏金智教育信息股份有限公司 | A kind of construction method and system of decentralization digital identity |
| CN111385236A (en) * | 2018-12-27 | 2020-07-07 | 北京卫达信息技术有限公司 | Dynamic defense system based on network spoofing |
| CN111740973A (en) * | 2020-06-16 | 2020-10-02 | 深圳市迈科龙电子有限公司 | Intelligent defense system and method for block chain service and application |
| CN112468441A (en) * | 2020-10-28 | 2021-03-09 | 北京工业大学 | Cross-heterogeneous-domain authentication system based on block chain |
| CN113158255A (en) * | 2020-10-30 | 2021-07-23 | 迅鳐成都科技有限公司 | Organization information management method, device and system based on private chain and storage medium |
-
2021
- 2021-12-30 CN CN202111645858.XA patent/CN114297652B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050144440A1 (en) * | 2003-12-31 | 2005-06-30 | International Business Machines Corp. | Method for securely creating an endorsement certificate in an insecure environment |
| US20190102555A1 (en) * | 2017-10-02 | 2019-04-04 | Microsoft Technology Licensing, Llc | System integrity using attestation for virtual trusted platform module |
| CN111385236A (en) * | 2018-12-27 | 2020-07-07 | 北京卫达信息技术有限公司 | Dynamic defense system based on network spoofing |
| CN109858270A (en) * | 2019-02-22 | 2019-06-07 | 江苏金智教育信息股份有限公司 | A kind of construction method and system of decentralization digital identity |
| CN111740973A (en) * | 2020-06-16 | 2020-10-02 | 深圳市迈科龙电子有限公司 | Intelligent defense system and method for block chain service and application |
| CN112468441A (en) * | 2020-10-28 | 2021-03-09 | 北京工业大学 | Cross-heterogeneous-domain authentication system based on block chain |
| CN113158255A (en) * | 2020-10-30 | 2021-07-23 | 迅鳐成都科技有限公司 | Organization information management method, device and system based on private chain and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114297652B (en) | 2022-07-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Tabrizchi et al. | A survey on security challenges in cloud computing: issues, threats, and solutions | |
| US11604861B2 (en) | Systems and methods for providing real time security and access monitoring of a removable media device | |
| US11757835B2 (en) | System and method for implementing content and network security inside a chip | |
| Hong et al. | Systematic identification of threats in the cloud: A survey | |
| US11947693B2 (en) | Memory management in virtualized computing environments | |
| US20090222907A1 (en) | Data and a computer system protecting method and device | |
| Gupta et al. | Taxonomy of cloud security | |
| Kumar et al. | Exploring security issues and solutions in cloud computing services–a survey | |
| RU2762528C1 (en) | Method for processing information security events prior to transmission for analysis | |
| Anand et al. | Vulnerability-based security pattern categorization in search of missing patterns | |
| US20220391506A1 (en) | Automated Interpreted Application Control For Workloads | |
| Zeng et al. | Full-stack vulnerability analysis of the cloud-native platform | |
| CN114297652B (en) | Endorsement chain system capable of preventing unknown network attack | |
| EP3926501B1 (en) | System and method of processing information security events to detect cyberattacks | |
| Chaudhari et al. | A review on cloud security issues and solutions | |
| Gligor | Zero Trust in Zero Trust | |
| Kumar | Intrusion detection and prevention system in enhancing security of cloud environment | |
| Goyal et al. | Cloud Computing and Security | |
| Ayyub et al. | An analysis of security attacks on cloud wrt saas | |
| RU2763115C1 (en) | Method for adjusting the parameters of a machine learning model in order to identify false triggering and information security incidents | |
| Sethi et al. | Secure Web Application: Rudimentary perspective | |
| Alalayah | Pattern Image based Dynamic Framework for Security in Web Application | |
| CN116796332A (en) | Trusted computing platform system based on double-system architecture | |
| Thangavel et al. | Threats and vulnerabilities of mobile applications | |
| Vinay et al. | The Demonstration of Android Vulnerabilities |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |