CN116471125A - Encryption database flow auditing method, device, computer equipment and storage medium - Google Patents
Encryption database flow auditing method, device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN116471125A CN116471125A CN202310726500.2A CN202310726500A CN116471125A CN 116471125 A CN116471125 A CN 116471125A CN 202310726500 A CN202310726500 A CN 202310726500A CN 116471125 A CN116471125 A CN 116471125A
- Authority
- CN
- China
- Prior art keywords
- ssl
- database
- probe
- plaintext data
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 239000000523 sample Substances 0.000 claims abstract description 136
- 238000012550 audit Methods 0.000 claims abstract description 56
- 238000004891 communication Methods 0.000 claims abstract description 24
- 238000012544 monitoring process Methods 0.000 claims abstract description 12
- 238000004590 computer program Methods 0.000 claims description 21
- 238000004458 analytical method Methods 0.000 claims description 14
- 239000011800 void material Substances 0.000 claims description 12
- 238000004806 packaging method and process Methods 0.000 claims description 7
- 230000000977 initiatory effect Effects 0.000 claims description 2
- 230000008447 perception Effects 0.000 abstract description 3
- 230000006870 function Effects 0.000 description 15
- 238000010586 diagram Methods 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 8
- 238000009434 installation Methods 0.000 description 4
- 230000003993 interaction Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000006731 degradation reaction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 235000019800 disodium phosphate Nutrition 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/06—Generation of reports
- H04L43/062—Generation of reports related to network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/12—Network monitoring probes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention discloses an encryption database flow auditing method, an encryption database flow auditing device, computer equipment and a storage medium. The method comprises the following steps: deploying a probe; setting database configuration to the probe; starting an iptables rule by using a probe, and hijacking database traffic to a TCP port; starting proxy service by using the probe, and monitoring a TCP port; judging whether the subsequent communication enables SSL encryption or not; if yes, creating an SSL first encryption channel and an SSL second encryption channel; acquiring plaintext data sent by a client; judging whether flow audit is currently carried out or not; if so, the private protocol is encapsulated for the plaintext data, and the encapsulated result is sent to database auditing equipment, so that the database auditing equipment can take the plaintext data after stripping the private protocol, and the database flow is normally audited according to the plaintext data, so as to generate an audit log. By implementing the method of the embodiment of the invention, the data base flow encrypted by all encryption algorithms can be audited, and the user is not required to modify the existing network, so that the non-perception deployment is realized.
Description
Technical Field
The present invention relates to databases, and more particularly, to methods, apparatus, computer devices, and storage media for auditing encrypted database traffic.
Background
The database is used as a core for storing data of the information system, the security is particularly important, and the important research subject of information security is how to effectively prevent the database system from being attacked and ensure the security and the effectiveness of the data in the database while the performance and the efficiency of the database are continuously improved. Along with the gradual promulgation and effectiveness of data security related laws and regulations in recent years, the requirements of a data security construction system are continuously improved, more and more databases default to open an encryption transmission mode, and the original plaintext data cannot be obtained by traditional bypass flow audit. For this scenario, some security vendors support proxy mode to acquire plaintext using man-in-the-middle technology, but require users to modify the network structure, which is inconvenient.
At present, the flow audit of an encrypted database is commonly carried out in two modes, wherein the first mode is a bypass mode, the private key is imported to decrypt data, so that the private key of the user database is easily exposed to have leakage risk, the SSL algorithm is limited to only decrypt non-DH (elliptic curvature algorithm, diffie-Hellman), and the universality is limited; secondly, the technology is a man-in-the-middle technology, and a proxy device is deployed between a client and a database server to serve as a man-in-the-middle to establish a two-way data channel, so that a data plaintext can be obtained; this solution requires tandem devices in the user network and requires the user database client to modify the destination address of the access.
Therefore, a method is necessary to be designed, so that the database traffic encrypted by all encryption algorithms can be audited, and the existing network is not required to be modified by a user, so that the non-perception deployment is realized.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides an encryption database flow auditing method, an encryption database flow auditing device, computer equipment and a storage medium.
In order to achieve the above purpose, the present invention adopts the following technical scheme: the encryption database flow auditing method comprises the following steps:
deploying a probe;
setting a database configuration to the probe;
starting an iptables rule by using the probe, hijacking database traffic to a TCP port;
starting proxy service by using the probe, and monitoring a TCP port to acquire hijacked database flow;
carrying out grammar analysis on the database traffic, and judging whether SSL encryption is started for subsequent communication;
if the subsequent communication starts SSL encryption, the probe is utilized to start a decryption program, and an SSL first encryption channel and an SSL second encryption channel are created;
acquiring plaintext data sent by a client through an SSL first encryption channel;
judging whether flow audit is currently carried out or not;
and if the flow audit is currently performed, packaging the private protocol for the plaintext data, sending the packaged result to database audit equipment, so that the database audit can take the plaintext data after the private protocol is stripped off, and the database flow is normally audited according to the plaintext data, so as to generate an audit log.
The further technical scheme is as follows: after judging whether the flow audit is currently performed, the method further comprises the following steps:
if the flow audit is not performed currently, encrypting the plaintext data by using the probe and then sending the encrypted plaintext data to a database service through an SSL second encryption channel;
and acquiring plaintext data responded by the database service through the SSL second encryption channel by using the probe, encrypting the plaintext data responded by the database service, and transmitting the encrypted plaintext data to the client through the SSL first encryption channel.
The further technical scheme is as follows: the setup database is configured to the probe, comprising:
the IP address and port of the database service are configured to the probe as asset information to be protected.
The further technical scheme is as follows: the method for starting the decryption program by using the probe to create an SSL first encryption channel and an SSL second encryption channel comprises the following steps:
starting a decryption program by using the probe, and establishing an SSL first encryption channel by using the probe as an SSL server and a client by using an open source opensl password library;
and establishing an SSL second encryption channel with the database service by taking the probe as a client.
The further technical scheme is as follows: the obtaining plaintext data sent by a client through an SSL first encryption channel includes:
reading first data through a first TCP session using the probe;
writing the first data to a wbio_bio_write (wbio_c_, buf, nlen);
call ssl_read (ssl_, (void) (plainText), cirrular_buffer_size;
and reading the plaintext data sent by the client from the ssl_handle.
The further technical scheme is as follows: the method for sending the plaintext data to a database service through an SSL second encryption channel after encrypting the plaintext data by using the probe comprises the following steps:
writing plain text data sent by a client into SSL handle ssl_c_ssl_write (ssl_c_, (void) plainText, nlen) by using the probe;
reading the encrypted second data from the BIO handle;
the second data is sent to the database service over a second TCP session.
The invention also provides an encrypted database flow auditing device, which comprises:
a deployment unit for deploying the probe;
a configuration unit for setting a database configuration to the probe;
the rule starting unit is used for starting the iptables rule by using the probe and hijacking the database traffic to the TCP port;
the monitoring unit is used for starting proxy service by using the probe and monitoring a TCP port so as to acquire hijacked database traffic;
the communication judging unit is used for carrying out grammar analysis on the database traffic and judging whether SSL encryption is started for subsequent communication;
the channel creation unit is used for creating an SSL first encryption channel and an SSL second encryption channel by utilizing the probe to start a decryption program if the SSL encryption is started in the subsequent communication;
the data acquisition unit is used for acquiring plaintext data sent by the client through the SSL first encryption channel;
the audit judging unit is used for judging whether flow audit is currently carried out or not;
and the auditing unit is used for packaging the private protocol for the plaintext data if the flow auditing is currently performed, sending the packaged result to the database auditing equipment so that the database auditing equipment can take the plaintext data after stripping the private protocol, and normally auditing the flow of the database according to the plaintext data to generate an auditing log.
The further technical scheme is as follows: further comprises:
the forwarding unit is used for encrypting the plaintext data by using the probe and then sending the encrypted plaintext data to a database service through an SSL second encryption channel if the flow audit is not performed currently;
and the feedback unit is used for acquiring plaintext data responded by the database service through the SSL second encryption channel by using the probe, encrypting the plaintext data responded by the database service, and transmitting the encrypted plaintext data to the client through the SSL first encryption channel.
The invention also provides a computer device which comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the method when executing the computer program.
The present invention also provides a storage medium storing a computer program which, when executed by a processor, implements the above method.
Compared with the prior art, the invention has the beneficial effects that: according to the invention, the probe is deployed, the TCP port flow monitoring is performed by combining the probe with the iptables technology, the database flow is analyzed by the protocol, whether the database flow is the encrypted flow is judged according to handshake information in the protocol, and the encrypted flow is subjected to flow audit, so that the database flow encrypted by all encryption algorithms can be audited, the existing network is not required to be modified by a user, and the non-perception deployment is realized.
The invention is further described below with reference to the drawings and specific embodiments.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of an application scenario of an encryption database traffic auditing method according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart of an audit method of encrypted database flow according to an embodiment of the present invention;
FIG. 3 is a schematic sub-flowchart of an encryption database traffic auditing method according to an embodiment of the present invention;
FIG. 4 is a schematic sub-flowchart of an encryption database traffic auditing method according to an embodiment of the present invention;
FIG. 5 is a schematic sub-flowchart of an encryption database traffic auditing method according to an embodiment of the present invention;
FIG. 6 is a schematic block diagram of an encrypted database traffic auditing apparatus provided by an embodiment of the present invention;
FIG. 7 is a schematic block diagram of a channel creation unit of an encryption database traffic auditing apparatus provided by an embodiment of the present invention;
FIG. 8 is a schematic block diagram of a data acquisition unit of an encrypted database traffic auditing apparatus according to an embodiment of the present invention;
FIG. 9 is a schematic block diagram of a forwarding unit of the encrypted database traffic auditing apparatus according to an embodiment of the present invention;
fig. 10 is a schematic block diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be understood that the terms "comprises" and "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
Referring to fig. 1 and fig. 2, fig. 1 is a schematic application scenario diagram of an encrypted database traffic auditing method according to an embodiment of the present invention. Fig. 2 is a schematic flow chart of an encryption database traffic auditing method according to an embodiment of the present invention. The encryption database flow auditing method is applied to a database server. The database server performs data interaction with the database auditing equipment and the client, the database auditing equipment is internally provided with a probe program, the probe is installed on the database server in a mode of remotely pushing a probe installation package or manually downloading the probe installation package, the database traffic is audited by deploying the probe on the database server under the condition of not modifying a network, the applicability is strong, the database traffic of all encryption algorithms can be audited, the probe is used as a device deployed on the database server, an additional hardware server is not needed, the device is suitable for a cloud database environment, an audit encryption traffic function can be realized by utilizing the iptables technology nat network conversion function and restarting the database service, a protocol analysis module is adopted for carrying out protocol analysis on the database traffic, and whether the database traffic is encryption traffic is judged according to handshake information in the protocol.
Fig. 2 is a flow chart of an audit method of encrypted database according to an embodiment of the present invention. As shown in fig. 2, the method includes the following steps S110 to S150.
S110, deploying the probe.
In this embodiment, the probe refers to software for intercepting data and forwarding data.
Specifically, the database auditing equipment is internally provided with a probe program, and the probe is installed on the database server by means of remote pushing of a probe installation package or manual downloading of the probe installation package so as to deploy the probe in the database server.
S120, configuring a setting database to the probe.
In this embodiment, the IP address and port of the database service are configured to the probe as asset information to be protected.
Specifically, the database auditing apparatus acts as a probe management server, and configures the IP and port of the database service as asset information to be protected to the probe program and thereby to the probes within the database server.
S130, starting an iptables rule by using the probe, and hijacking database traffic to a TCP port;
and S140, starting proxy service by using the probe, and monitoring a TCP port to acquire hijacked database traffic.
In this embodiment, the probe program starts the TCP PROXY service proxy_server according to the configuration, listens to the TCP PORT proxy_port (11521).
Through the iptables PORT mirroring technology, a probe firstly acquires a database service IP address SERVER_IP (192.168.52.149) and a PORT SERVER_PORT (1521) according to configured asset information, configures an iptables DNAT rule 'iptables-t nat-A OUTPUT-p TCP-d 192.168.52.149-dport 1521-j DNAT-to-degradation 127.0.1:11521', and a netfilter driver redirects the flow of an external access database to a local PROXY PORT PROXY_PORT (11521), and when a database client accesses a database service, the client accesses a TCP PROXY service PROXY_SERVER of the probe to establish a first TCP session; the probe then simulates the database client to access the database service to establish a second TCP session, and the probe is used as a middleman to establish and complete a bidirectional TCP link channel.
In this embodiment, the probe is deployed inside the database server, and the encrypted database content can be audited through the iptables function without the need for the user to modify the network environment.
S150, carrying out grammar analysis on the database flow, and judging whether SSL encryption is started for subsequent communication.
In this embodiment, the PROXY SERVER serves as a TCP SERVER, receives data sent by a client of a database, and then transmits the content to an internal protocol analysis module, and the protocol analysis module parses the type database traffic according to the type of the database in the asset configuration information, and determines whether SSL encryption is enabled for subsequent communication according to the content negotiated between the SQL request and the response content.
If the subsequent communication does not enable SSL encryption, step S170 is performed.
S160, if the subsequent communication starts SSL encryption, the probe is used for starting a decryption program, and an SSL first encryption channel and an SSL second encryption channel are created.
In this embodiment, the SSL first encryption channel refers to a channel for the client to communicate with the database server; SSL second encryption channel refers to the channel used by the database server to communicate with the database service.
In one embodiment, referring to fig. 3, the step S160 may include steps S161 to S162.
S161, starting a decryption program by using the probe, and establishing an SSL first encryption channel by using the probe as an SSL server and a client by using an open source opensl password library.
In the present embodiment, the ssl_ctx handle CTX is created using a ctx=ssl_ctx_new () function; creating SSL handles ssl_and BIO write handles wbio_and BIO read handles rbio_ using ssl_ = ssl_new (ctx_); wbio_ = bio_new (bio_s_mem ()) rbio_ = bio_new (bio_s_mem ()) functions; an association handle SSL_set_bio (ssl_, rbio_, wbio_); the function writes the DATA buf read by the first TCP session into the wbio_handle, invokes a handshake function SSL_do_handle (ssl_) BIO_read (rbio_) to acquire the SSL handshake required DATA DATA1, responds the DATA DATA1 to the client through the first TCP session, and finally completes the SSL handshake through repeated multiple handshake interactions, so as to establish an SSL first encryption channel.
S162, the probe is used as a client to establish an SSL second encryption channel with the database service.
In the present embodiment, ssl_ctx handle ctx_c_ is created using ctx_c_ = ssl_ctx_new () function; creating SSL handles ssl_c_and BIO handles wbo_c_and BIO handle rbio_c_ using ssl_c_ = ssl_new (ctx_c_); wbo_c_ = bio_new (bio_s_mem ()) rbio_c_ = bio_new (bio_s_mem ()) functions; the association handle ssl_set_bio (ssl_c_, rbio_c_, wbio_c_); primary handshake using SSL and BIO handle ssl_do_handle, acquiring DATA2 required by the SSL handshake using bio_read (rbio_c __), sending the DATA to database service through a second TCP session, initiating SSL request to database service, subsequent handshake, invoking bio_write (wbio_c_, buf, nlen) using SSL and BIO handle; the function writes the DATA buf read by the second TCP session into the wbio_c_handle, invokes a handshake function SSL_do_handleshake (ssl_c_) BIO_read (rbio_c__) to acquire the SSL handshake required DATA DATA3, and finally completes the SSL handshake through repeated multiple handshake interactions to establish an SSL second encryption channel.
S170, acquiring plaintext data sent by the client through the SSL first encryption channel.
In one embodiment, referring to fig. 4, the step S170 may include steps S171 to S174.
S171, reading first data through a first TCP session by using the probe;
s172, writing the first data into a Wbio_BIO_write (Wbio_c_, buf, nlen);
s173, call ssl_read (ssl_, (void) (plainText), cirrular_buffer_size;
s174, the plaintext data sent by the client side is read from the ssl_handle.
S180, judging whether flow audit is currently performed or not;
and S190, if the flow audit is currently performed, packaging the private protocol for the plaintext data, sending the packaged result to database audit equipment, so that the plaintext data is obtained after the database audit is provided with the stripping private protocol, and the database flow is normally audited according to the plaintext data, so as to generate an audit log.
In this embodiment, when the client uses non-SSL to encrypt subsequent traffic, the probe does not need to enable SSL tunnels, but only TCP layer proxy.
And a data channel is established between the probe and the database auditing equipment, after plaintext data sent by the client is obtained, a private protocol is packaged and sent to the database auditing equipment, after the database auditing equipment receives the data sent by the probe, the private protocol is stripped and then the data is taken to the database plaintext data, and the subsequent database auditing equipment can normally audit the database flow according to the plaintext data to generate an audit log.
And S200, if the flow audit is not performed currently, encrypting the plaintext data by using the probe, and then transmitting the encrypted plaintext data to a database service through an SSL second encryption channel.
In one embodiment, referring to fig. 5, the step S200 may include steps S201 to S203.
S201, writing plainText data sent by a client into SSL handle ssl_c_SSL_write (ssl_c_, (void) plainText, nlen) by using the probe;
s202, reading encrypted second data from the BIO handle;
and S203, the second data is sent to the database service through a second TCP session.
S210, acquiring plaintext data responded by the database service through the SSL second encryption channel by using the probe, encrypting the plaintext data responded by the database service, and transmitting the encrypted plaintext data to the client through the SSL first encryption channel.
In this embodiment, after the SSL channel is established, the probe program obtains the plaintext data sent by the client from the SSL first encryption channel, and the probe program encrypts the plaintext data and sends the encrypted plaintext data to the database service through the SSL second encryption channel. Similarly, the probe can acquire the plaintext data responded by the database service through the SSL second encryption channel, and the probe program encrypts the plaintext data and then sends the encrypted plaintext data to the client through the SSL first encryption channel. At this time, the probe has obtained the plaintext data sent by the client and the plaintext data responded by the database server, and ensures the normal operation of the service between the client and the database server.
The method of the embodiment reduces hardware cost; the deployment and implementation are convenient; the cloud environment database is applicable; all SSL algorithm database encryption traffic may be audited.
According to the method, under the condition that the network does not need to be modified, the database encryption flow is audited by deploying the probes to the database server, the applicability is high, and the database flow of all encryption algorithms can be audited. The probe is used as a device deployed on a database server, does not need an additional hardware server, and is suitable for a cloud database environment. And by utilizing the iptables technology nat network conversion function, the audit encryption flow function can be realized without restarting the database service. And carrying out protocol analysis on the database traffic by adopting a protocol analysis module, and judging whether the database traffic is encrypted traffic according to handshake information in the protocol.
According to the encrypted database flow auditing method, the probe is deployed, TCP port flow interception is performed by combining the probe with the iptables technology, protocol analysis is performed on the database flow, whether the database flow is encrypted flow is judged according to handshake information in the protocol, and flow auditing is performed on the encrypted flow, so that the database flow encrypted by all encryption algorithms can be audited, the user does not need to modify the existing network, and no-perception deployment is achieved.
Fig. 6 is a schematic block diagram of an encrypted database traffic auditing apparatus 300 according to an embodiment of the present invention. As shown in fig. 6, the present invention further provides an encrypted database traffic auditing apparatus 300, corresponding to the above encrypted database traffic auditing method. The encrypted database traffic auditing apparatus 300 includes means for performing the encrypted database traffic auditing method described above, and may be configured in a server. Specifically, referring to fig. 6, the encrypted database traffic auditing apparatus 300 includes a deployment unit 301, a configuration unit 302, a rule starting unit 303, a listening unit 304, a communication judging unit 305, a channel creating unit 306, a data acquiring unit 307, an audit judging unit 308, an auditing unit 309, a forwarding unit 310, and a feedback unit 311.
A deployment unit 301 for deploying the probe; a configuration unit 302, configured to set a database configuration to the probe; a rule starting unit 303, configured to start an iptables rule by using the probe, hijack database traffic to a TCP port; a monitoring unit 304, configured to start a proxy service by using the probe, monitor a TCP port, so as to obtain hijacked database traffic; a communication judging unit 305, configured to parse the database traffic and judge whether SSL encryption is enabled for subsequent communication; a channel creation unit 306, configured to create an SSL first encryption channel and an SSL second encryption channel by starting a decryption procedure using the probe if SSL encryption is started in the subsequent communication; a data obtaining unit 307, configured to obtain plaintext data sent by the client through the SSL first encryption channel; an audit judging unit 308, configured to judge whether to perform flow audit currently; and the auditing unit 309 is configured to encapsulate the private protocol for the plaintext data if the traffic auditing is currently performed, and send the encapsulated result to the database auditing device, so that the database auditing device can take the plaintext data after stripping the private protocol, and normally audit the database traffic according to the plaintext data, thereby generating an audit log. A forwarding unit 310, configured to encrypt the plaintext data with the probe and send the encrypted plaintext data to a database service through an SSL second encryption channel if no traffic audit is currently performed; the feedback unit 311 is configured to obtain plaintext data responded by the database service through the SSL second encryption channel by using the probe, encrypt the plaintext data responded by the database service, and send the encrypted plaintext data to the client through the SSL first encryption channel.
In an embodiment, the configuration unit 302 is configured to configure the IP address and port of the database service as asset information to be protected to the probe.
In one embodiment, as shown in fig. 7, the channel creation unit 306 includes a first creation subunit 3061 and a second creation subunit 3062.
The first creating subunit 3061 is configured to start a decryption program by using the probe, and use an open source opensl cipher library to establish an SSL first encryption channel with the client by using the probe as an SSL server; the second creation subunit 3062 is configured to establish, with the database service, the SSL second encrypted channel using the probe as a client.
In one embodiment, as shown in fig. 8, the data acquisition unit 307 includes a first read subunit 3071, a first write subunit 3072, a first call subunit 3073, and a second read subunit 3074.
A first reading subunit 3071 for reading the first data over the first TCP session using the probe; a first writing subunit 3072 for writing first data to wbio_bio_write (wbio_c_, buf, nlen); a first calling subunit 3073 for calling ssl_read (ssl_, (void x) (plainText), cirrular_buffer_size); a second reading subunit 3074 is configured to read the plaintext data sent by the client from the ssl_handle.
In one embodiment, as shown in fig. 9, the forwarding unit 310 includes a second writing sub-unit 3101, a third reading sub-unit 3102, and a transmitting sub-unit 3103.
A second writing subunit 3101, configured to write, with the probe, plainText data sent by a client into SSL handle ssl_c_ssl_write (ssl_c_, (void x) plainntext, nlen); a third read subunit 3102 configured to read the encrypted second data from the BIO handle; a sending subunit 3103 is configured to send the second data to the database service through the second TCP session.
It should be noted that, as will be clearly understood by those skilled in the art, the specific implementation process of the encryption database traffic auditing apparatus 300 and each unit may refer to the corresponding description in the foregoing method embodiments, and for convenience and brevity of description, the description is omitted here.
The above-described encrypted database traffic auditing apparatus 300 may be implemented in the form of a computer program that is executable on a computer device as shown in fig. 10.
Referring to fig. 10, fig. 10 is a schematic block diagram of a computer device according to an embodiment of the present application. The computer device 500 may be a server, where the server may be a stand-alone server or may be a server cluster formed by a plurality of servers.
With reference to FIG. 10, the computer device 500 includes a processor 502, memory, and a network interface 505 connected by a system bus 501, where the memory may include a non-volatile storage medium 503 and an internal memory 504.
The non-volatile storage medium 503 may store an operating system 5031 and a computer program 5032. The computer program 5032 includes program instructions that, when executed, cause the processor 502 to perform an encrypted database traffic auditing method.
The processor 502 is used to provide computing and control capabilities to support the operation of the overall computer device 500.
The internal memory 504 provides an environment for the execution of a computer program 5032 in the non-volatile storage medium 503, which computer program 5032, when executed by the processor 502, causes the processor 502 to perform an encrypted database traffic auditing method.
The network interface 505 is used for network communication with other devices. Those skilled in the art will appreciate that the architecture shown in fig. 10 is merely a block diagram of a portion of the architecture in connection with the present application and is not intended to limit the computer device 500 to which the present application is applied, and that a particular computer device 500 may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
Wherein the processor 502 is configured to execute a computer program 5032 stored in a memory to implement the steps of:
deploying a probe; setting a database configuration to the probe; starting an iptables rule by using the probe, hijacking database traffic to a TCP port; starting proxy service by using the probe, and monitoring a TCP port to acquire hijacked database flow; carrying out grammar analysis on the database traffic, and judging whether SSL encryption is started for subsequent communication; if the subsequent communication starts SSL encryption, the probe is utilized to start a decryption program, and an SSL first encryption channel and an SSL second encryption channel are created; acquiring plaintext data sent by a client through an SSL first encryption channel; judging whether flow audit is currently carried out or not; and if the flow audit is currently performed, packaging the private protocol for the plaintext data, sending the packaged result to database audit equipment, so that the database audit can take the plaintext data after the private protocol is stripped off, and the database flow is normally audited according to the plaintext data, so as to generate an audit log.
In one embodiment, after implementing the determining whether to perform the flow audit step, the processor 502 further implements the following steps:
if the flow audit is not performed currently, encrypting the plaintext data by using the probe and then sending the encrypted plaintext data to a database service through an SSL second encryption channel; and acquiring plaintext data responded by the database service through the SSL second encryption channel by using the probe, encrypting the plaintext data responded by the database service, and transmitting the encrypted plaintext data to the client through the SSL first encryption channel.
In one embodiment, when the step of configuring the setting database to the probe is implemented by the processor 502, the following steps are specifically implemented:
the IP address and port of the database service are configured to the probe as asset information to be protected.
In one embodiment, when the step of creating the SSL first encryption channel and the SSL second encryption channel by using the probe to start the decryption procedure is implemented by the processor 502, the following steps are specifically implemented:
starting a decryption program by using the probe, and establishing an SSL first encryption channel by using the probe as an SSL server and a client by using an open source opensl password library; and establishing an SSL second encryption channel with the database service by taking the probe as a client.
In an embodiment, when implementing the step of obtaining the plaintext data sent by the client through the SSL first encryption channel, the processor 502 specifically implements the following steps:
reading first data through a first TCP session using the probe; writing the first data to a wbio_bio_write (wbio_c_, buf, nlen); call ssl_read (ssl_, (void) (plainText), cirrular_buffer_size; and reading the plaintext data sent by the client from the ssl_handle.
In one embodiment, when the processor 502 implements the step of encrypting the plaintext data using the probe and then sending the encrypted plaintext data to the database service via the SSL second encryption channel, the steps are specifically implemented as follows:
writing plain text data sent by a client into SSL handle ssl_c_ssl_write (ssl_c_, (void) plainText, nlen) by using the probe; reading the encrypted second data from the BIO handle; the second data is sent to the database service over a second TCP session.
It should be appreciated that in embodiments of the present application, the processor 502 may be a central processing unit (Central Processing Unit, CPU), the processor 502 may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSPs), application specific integrated circuits (Application Specific Integrated Circuit, ASICs), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. Wherein the general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
Those skilled in the art will appreciate that all or part of the flow in a method embodying the above described embodiments may be accomplished by computer programs instructing the relevant hardware. The computer program comprises program instructions, and the computer program can be stored in a storage medium, which is a computer readable storage medium. The program instructions are executed by at least one processor in the computer system to implement the flow steps of the embodiments of the method described above.
Accordingly, the present invention also provides a storage medium. The storage medium may be a computer readable storage medium. The storage medium stores a computer program which, when executed by a processor, causes the processor to perform the steps of:
deploying a probe; setting a database configuration to the probe; starting an iptables rule by using the probe, hijacking database traffic to a TCP port; starting proxy service by using the probe, and monitoring a TCP port to acquire hijacked database flow; carrying out grammar analysis on the database traffic, and judging whether SSL encryption is started for subsequent communication; if the subsequent communication starts SSL encryption, the probe is utilized to start a decryption program, and an SSL first encryption channel and an SSL second encryption channel are created; acquiring plaintext data sent by a client through an SSL first encryption channel; judging whether flow audit is currently carried out or not; and if the flow audit is currently performed, packaging the private protocol for the plaintext data, sending the packaged result to database audit equipment, so that the database audit can take the plaintext data after the private protocol is stripped off, and the database flow is normally audited according to the plaintext data, so as to generate an audit log.
In one embodiment, after executing the computer program to implement the determining whether to perform the flow audit step, the processor further implements the steps of:
if the flow audit is not performed currently, encrypting the plaintext data by using the probe and then sending the encrypted plaintext data to a database service through an SSL second encryption channel; and acquiring plaintext data responded by the database service through the SSL second encryption channel by using the probe, encrypting the plaintext data responded by the database service, and transmitting the encrypted plaintext data to the client through the SSL first encryption channel.
In one embodiment, the processor, when executing the computer program to implement the step of configuring the setup database to the probe, specifically implements the steps of:
the IP address and port of the database service are configured to the probe as asset information to be protected.
In one embodiment, when the processor executes the computer program to implement the step of creating the SSL first encryption channel and the SSL second encryption channel by using the probe to start the decryption program, the following steps are specifically implemented:
starting a decryption program by using the probe, and establishing an SSL first encryption channel by using the probe as an SSL server and a client by using an open source opensl password library; and establishing an SSL second encryption channel with the database service by taking the probe as a client.
In one embodiment, when the processor executes the computer program to implement the step of obtaining the plaintext data sent by the client through the SSL first encryption channel, the processor specifically implements the following steps:
reading first data through a first TCP session using the probe; writing the first data to a wbio_bio_write (wbio_c_, buf, nlen); call ssl_read (ssl_, (void) (plainText), cirrular_buffer_size; and reading the plaintext data sent by the client from the ssl_handle.
In one embodiment, when the processor executes the computer program to implement the step of sending the encrypted plaintext data to the database service through the SSL second encryption channel after encrypting the plaintext data with the probe, the method specifically includes the following steps:
writing plain text data sent by a client into SSL handle ssl_c_ssl_write (ssl_c_, (void) plainText, nlen) by using the probe; reading the encrypted second data from the BIO handle; the second data is sent to the database service over a second TCP session.
The storage medium may be a U-disk, a removable hard disk, a Read-Only Memory (ROM), a magnetic disk, or an optical disk, or other various computer-readable storage media that can store program codes.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the elements and steps of the examples have been generally described in terms of function in the foregoing description to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of each unit is only one logic function division, and there may be another division manner in actual implementation. For example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed.
The steps in the method of the embodiment of the invention can be sequentially adjusted, combined and deleted according to actual needs. The units in the device of the embodiment of the invention can be combined, divided and deleted according to actual needs. In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The integrated unit may be stored in a storage medium if implemented in the form of a software functional unit and sold or used as a stand-alone product. Based on such understanding, the technical solution of the present invention is essentially or a part contributing to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a terminal, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention.
While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.
Claims (10)
1. The encrypted database flow auditing method is characterized by comprising the following steps:
deploying a probe;
setting a database configuration to the probe;
starting an iptables rule by using the probe, hijacking database traffic to a TCP port;
starting proxy service by using the probe, and monitoring a TCP port to acquire hijacked database flow;
carrying out grammar analysis on the database traffic, and judging whether SSL encryption is started for subsequent communication;
if the subsequent communication starts SSL encryption, the probe is utilized to start a decryption program, and an SSL first encryption channel and an SSL second encryption channel are created;
acquiring plaintext data sent by a client through an SSL first encryption channel;
judging whether flow audit is currently carried out or not;
and if the flow audit is currently performed, packaging the private protocol for the plaintext data, sending the packaged result to database audit equipment, so that the database audit can take the plaintext data after the private protocol is stripped off, and the database flow is normally audited according to the plaintext data, so as to generate an audit log.
2. The method for auditing flow in encrypted database according to claim 1, wherein after said determining whether to perform flow auditing currently, further comprising:
if the flow audit is not performed currently, encrypting the plaintext data by using the probe and then sending the encrypted plaintext data to a database service through an SSL second encryption channel;
and acquiring plaintext data responded by the database service through the SSL second encryption channel by using the probe, encrypting the plaintext data responded by the database service, and transmitting the encrypted plaintext data to the client through the SSL first encryption channel.
3. The encrypted database traffic auditing method according to claim 1, wherein the setup database is configured to the probe, comprising:
the IP address and port of the database service are configured to the probe as asset information to be protected.
4. The method of claim 1, wherein the initiating a decryption process using the probe creates an SSL first encrypted channel and an SSL second encrypted channel, comprising:
starting a decryption program by using the probe, and establishing an SSL first encryption channel by using the probe as an SSL server and a client by using an open source opensl password library;
and establishing an SSL second encryption channel with the database service by taking the probe as a client.
5. The method for auditing the traffic of the encrypted database according to claim 1, wherein the step of obtaining plaintext data transmitted by the client through the SSL first encrypted channel includes:
reading first data through a first TCP session using the probe;
writing the first data to a wbio_bio_write (wbio_c_, buf, nlen);
call ssl_read (ssl_, (void) (plainText), cirrular_buffer_size;
and reading the plaintext data sent by the client from the ssl_handle.
6. The encrypted database traffic auditing method according to claim 2, wherein said encrypting the plaintext data using the probe and then sending the encrypted plaintext data to a database service via an SSL second encrypted channel, comprising:
writing plain text data sent by a client into SSL handle ssl_c_ssl_write (ssl_c_, (void) plainText, nlen) by using the probe;
reading the encrypted second data from the BIO handle;
the second data is sent to the database service over a second TCP session.
7. An encrypted database traffic auditing apparatus, comprising:
a deployment unit for deploying the probe;
a configuration unit for setting a database configuration to the probe;
the rule starting unit is used for starting the iptables rule by using the probe and hijacking the database traffic to the TCP port;
the monitoring unit is used for starting proxy service by using the probe and monitoring a TCP port so as to acquire hijacked database traffic;
the communication judging unit is used for carrying out grammar analysis on the database traffic and judging whether SSL encryption is started for subsequent communication;
the channel creation unit is used for creating an SSL first encryption channel and an SSL second encryption channel by utilizing the probe to start a decryption program if the SSL encryption is started in the subsequent communication;
the data acquisition unit is used for acquiring plaintext data sent by the client through the SSL first encryption channel;
the audit judging unit is used for judging whether flow audit is currently carried out or not;
and the auditing unit is used for packaging the private protocol for the plaintext data if the flow auditing is currently performed, sending the packaged result to the database auditing equipment so that the database auditing equipment can take the plaintext data after stripping the private protocol, and normally auditing the flow of the database according to the plaintext data to generate an auditing log.
8. The encrypted database traffic auditing apparatus according to claim 7, further comprising:
the forwarding unit is used for encrypting the plaintext data by using the probe and then sending the encrypted plaintext data to a database service through an SSL second encryption channel if the flow audit is not performed currently;
and the feedback unit is used for acquiring plaintext data responded by the database service through the SSL second encryption channel by using the probe, encrypting the plaintext data responded by the database service, and transmitting the encrypted plaintext data to the client through the SSL first encryption channel.
9. A computer device, characterized in that it comprises a memory on which a computer program is stored and a processor which, when executing the computer program, implements the method according to any of claims 1-6.
10. A storage medium storing a computer program which, when executed by a processor, implements the method of any one of claims 1 to 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310726500.2A CN116471125B (en) | 2023-06-19 | 2023-06-19 | Encryption database flow auditing method, device, computer equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310726500.2A CN116471125B (en) | 2023-06-19 | 2023-06-19 | Encryption database flow auditing method, device, computer equipment and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116471125A true CN116471125A (en) | 2023-07-21 |
CN116471125B CN116471125B (en) | 2023-09-08 |
Family
ID=87182906
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310726500.2A Active CN116471125B (en) | 2023-06-19 | 2023-06-19 | Encryption database flow auditing method, device, computer equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116471125B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117633319A (en) * | 2024-01-26 | 2024-03-01 | 杭州美创科技股份有限公司 | Database automation response method, device, computer equipment and storage medium |
CN118174961A (en) * | 2024-05-10 | 2024-06-11 | 深圳融安网络科技有限公司 | Data processing method, terminal device and storage medium |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020174340A1 (en) * | 2001-05-18 | 2002-11-21 | Dick Kevin Stewart | System, method and computer program product for auditing XML messages in a network-based message stream |
US20130227689A1 (en) * | 2012-02-17 | 2013-08-29 | Tt Government Solutions, Inc. | Method and system for packet acquisition, analysis and intrusion detection in field area networks |
CN110198297A (en) * | 2018-10-08 | 2019-09-03 | 腾讯科技(深圳)有限公司 | Data on flows monitoring method, device, electronic equipment and computer-readable medium |
CN110855699A (en) * | 2019-11-18 | 2020-02-28 | 北京天融信网络安全技术有限公司 | Flow auditing method and device, server and auditing equipment |
CN112035851A (en) * | 2020-07-22 | 2020-12-04 | 北京中安星云软件技术有限公司 | MYSQL database auditing method based on SSL |
CN112291280A (en) * | 2020-12-31 | 2021-01-29 | 博智安全科技股份有限公司 | Network flow monitoring and auditing method and system |
CN112487483A (en) * | 2020-12-14 | 2021-03-12 | 深圳昂楷科技有限公司 | Encrypted database flow auditing method and device |
CN112527772A (en) * | 2020-12-11 | 2021-03-19 | 深圳昂楷科技有限公司 | Graph database auditing method and auditing equipment |
CN113839824A (en) * | 2020-06-08 | 2021-12-24 | 奇安信科技集团股份有限公司 | Flow auditing method and device, electronic equipment and storage medium |
CN114513326A (en) * | 2021-12-28 | 2022-05-17 | 奇安信科技集团股份有限公司 | Method and system for realizing communication audit based on dynamic proxy |
CN115632861A (en) * | 2022-10-24 | 2023-01-20 | 北京中安星云软件技术有限公司 | Method and system for realizing auditing firewall probe SDK |
CN115801442A (en) * | 2022-12-08 | 2023-03-14 | 北京天融信网络安全技术有限公司 | Encrypted traffic detection method, security system and agent module |
-
2023
- 2023-06-19 CN CN202310726500.2A patent/CN116471125B/en active Active
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020174340A1 (en) * | 2001-05-18 | 2002-11-21 | Dick Kevin Stewart | System, method and computer program product for auditing XML messages in a network-based message stream |
US20130227689A1 (en) * | 2012-02-17 | 2013-08-29 | Tt Government Solutions, Inc. | Method and system for packet acquisition, analysis and intrusion detection in field area networks |
CN110198297A (en) * | 2018-10-08 | 2019-09-03 | 腾讯科技(深圳)有限公司 | Data on flows monitoring method, device, electronic equipment and computer-readable medium |
CN110855699A (en) * | 2019-11-18 | 2020-02-28 | 北京天融信网络安全技术有限公司 | Flow auditing method and device, server and auditing equipment |
CN113839824A (en) * | 2020-06-08 | 2021-12-24 | 奇安信科技集团股份有限公司 | Flow auditing method and device, electronic equipment and storage medium |
CN112035851A (en) * | 2020-07-22 | 2020-12-04 | 北京中安星云软件技术有限公司 | MYSQL database auditing method based on SSL |
CN112527772A (en) * | 2020-12-11 | 2021-03-19 | 深圳昂楷科技有限公司 | Graph database auditing method and auditing equipment |
CN112487483A (en) * | 2020-12-14 | 2021-03-12 | 深圳昂楷科技有限公司 | Encrypted database flow auditing method and device |
CN112291280A (en) * | 2020-12-31 | 2021-01-29 | 博智安全科技股份有限公司 | Network flow monitoring and auditing method and system |
CN114513326A (en) * | 2021-12-28 | 2022-05-17 | 奇安信科技集团股份有限公司 | Method and system for realizing communication audit based on dynamic proxy |
CN115632861A (en) * | 2022-10-24 | 2023-01-20 | 北京中安星云软件技术有限公司 | Method and system for realizing auditing firewall probe SDK |
CN115801442A (en) * | 2022-12-08 | 2023-03-14 | 北京天融信网络安全技术有限公司 | Encrypted traffic detection method, security system and agent module |
Non-Patent Citations (2)
Title |
---|
ANITHA GOLLAMUDI; STEPHEN CHONG; OWEN ARDEN: "Information Flow Control for Distributed Trusted Execution Environments", 《2019 IEEE 32ND COMPUTER SECURITY FOUNDATIONS SYMPOSIUM (CSF)》 * |
周建宁;季君;吴陈龙;戴欣宇;朱梁;: "多维度数据库安全审计设计和实现", 中国公共安全(学术版), no. 04 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117633319A (en) * | 2024-01-26 | 2024-03-01 | 杭州美创科技股份有限公司 | Database automation response method, device, computer equipment and storage medium |
CN117633319B (en) * | 2024-01-26 | 2024-04-30 | 杭州美创科技股份有限公司 | Database automation response method, device, computer equipment and storage medium |
CN118174961A (en) * | 2024-05-10 | 2024-06-11 | 深圳融安网络科技有限公司 | Data processing method, terminal device and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN116471125B (en) | 2023-09-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN116471125B (en) | Encryption database flow auditing method, device, computer equipment and storage medium | |
CN106713320B (en) | Terminal data transmission method and device | |
AU2015215904B2 (en) | Implementation of secure communications in a support system | |
US7562211B2 (en) | Inspecting encrypted communications with end-to-end integrity | |
KR100961796B1 (en) | Apparatus and methods for securing architectures in wireless networks | |
EP2820792B1 (en) | Method of operating a computing device, computing device and computer program | |
EP2820793B1 (en) | Method of operating a computing device, computing device and computer program | |
CN109067739B (en) | Communication data encryption method and device | |
US20050262357A1 (en) | Network access using reverse proxy | |
US20130227280A1 (en) | Method of operating a computing device, computing device and computer program | |
CN110808990B (en) | Mail transmission method, device, electronic equipment and computer readable storage medium | |
CN111818166A (en) | Method for realizing communication middleware by adopting HTTP proxy database protocol | |
US11444958B2 (en) | Web server security | |
CN113992642B (en) | Flow auditing method, device and related equipment of gateway proxy server | |
CN110995422A (en) | Data analysis method, system, equipment and computer readable storage medium | |
CN111327634A (en) | Website access supervision method, secure socket layer agent device, terminal and system | |
CN115664841A (en) | Data acquisition system and method with network isolation and one-way encryption transmission functions | |
KR101971995B1 (en) | Method for decryping secure sockets layer for security | |
CN113709100B (en) | Shared file access control method, device, equipment and readable storage medium | |
CN112565447B (en) | Encryption and decryption method and system matched with uploading and downloading in cloud environment and WEB file manager | |
CN114301967A (en) | Narrow-band Internet of things control method, device and equipment | |
CN115967511A (en) | Encryption and decryption method and device and computer readable storage medium | |
CN110808993A (en) | Data transmission control method, device, computer system and medium | |
CN110022247B (en) | APP data encryption transmission test method | |
CN110457171A (en) | A kind of embedded apparatus debugging method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |