CN1349163A - Safe web page issuing system based on base layer of operation system and capable of preventing distortion of issued file - Google Patents
Safe web page issuing system based on base layer of operation system and capable of preventing distortion of issued file Download PDFInfo
- Publication number
- CN1349163A CN1349163A CN 01139007 CN01139007A CN1349163A CN 1349163 A CN1349163 A CN 1349163A CN 01139007 CN01139007 CN 01139007 CN 01139007 A CN01139007 A CN 01139007A CN 1349163 A CN1349163 A CN 1349163A
- Authority
- CN
- China
- Prior art keywords
- module
- file
- web page
- publishing
- monitoring client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention relates to a web page safe releasing system with preventing from tamper being build on bottom layer of operate system. The system consists of first and second stages of monitoring ends. The first stage of monitoring end includes some web page releasing servers. The second stage of monitoring end includes dispatching server or add-ons inspecting server and releasing catalog inspection module. There is an anti-tampering module for web page document to be released on bottom layer of operate system of the web page releasing servers. The anti-tampering module takes over read-write operation completely. There is a protocol module for uploading the releasing document between first and second stage of monitoring ends. The uploading protocol module possesses functions of carrying on the sign and issue of normal documents; preventing document in advance from tampering; so as to stop unprofitable influence as well as reduce cost and time needed for system to be recovered.
Description
Technical field
The present invention relates to the method for supervising of a kind of network and information security, specifically, is a kind of webpage issue tamper resistant method based on the operating system bottom.
Background technology
Existing comparatively perfect safe web page delivery system adopts the scheme of Two monitor levels server mostly, so that effectively solve the contradiction of performance and quality monitoring in the monitoring.The framework of system is as shown in Figure 1: the one-level monitoring client is connected with 5 one-tenth networkings, the Internet respectively with the secondary monitoring client, wherein the one-level monitoring client comprises the webpage publisher server 1,2,3 on Web Server (web page server) end that is positioned at shown in the figure and distorts the file publishing detection module 9 of detection technique agreement based on the file publishing of Windows API; The secondary monitoring client comprises Distributor 6 or the additional detected server 7 that is positioned at shown in the figure, with based on the issue catalogue detection module 10 that webpage issue catalogue and webpage publisher server are detected, and have and connect the one-level monitoring and upload with the file publishing of secondary monitoring client and recover protocol module 8 and Ethernet 4.Real-time detection based on 9 pairs of file publishings of file publishing detection module, in case file is distorted by the disabled user, then notify Distributor 6 to take corresponding measure to restore to the original state immediately, normal file is signed and issued also and is undertaken by Distributor 6, uploads by file publishing between secondary monitoring client and the one-level monitoring client and recovers protocol module 8 and carry out signing and issuing the recovery that tampers with a document and normal file.If the disabled user has enough big authority on WebServer, and understood behind the anti-tamper working mechanism of file publishing, directly do not change the file under the issue catalogue, but the workaround system bottom goes to change the issue catalogue setting of Web Server, the issue catalogue is pointed to the catalogue that it will be issued, owing to reduce consume system resources as far as possible for improving system performance, the normal passive mode that adopts detects file publishing, there is not file amendment can not trigger under the issue catalogue, so just walked around monitor service, and the technology of issue catalogue detection module 10 is just tackled distorting of this mode specially.
Yet the solution of this type systematic is to take corresponding measure again after the disabled user has carried out file publishing changing, and this efficient and instantaneity for whole delivery system all has considerable influence; In addition, webpage issue end and access end not only will carry out the communicating by letter of issue of normal file, but also the communication of the recovery that will tamper with a document, traffic load is bigger.
Summary of the invention
The objective of the invention is to overcome the defective of prior art, a kind of safe web page delivery system of distorting based on the anti-file publishing of operating system bottom is provided, to guarantee the efficient webpage file publishing that detects in real time, prevent illegal operation distorting to file publishing, guarantee the normal file distribution in website, rather than after the webpage tamper behavior takes place, do the webpage real-time recovery again.Guarantee in the very first time, in time to stop the tampering of webpage,, shorten the response processing time to reduce the system resource cost that webpage recovers.
Technical scheme of the present invention is based on existing safe web page delivery system, characteristics are the file publishing detection module in its one-level monitoring client to be improved at webpage publisher server operating system bottom webpage file publishing tamper-resist module is set, take over the read-write operation of file system by it comprehensively, be improved to transmission module on the file publishing with the former file publishing of connection one, two, level monitoring client is uploaded and recovered protocol module, carry out signing and issuing of normal file by it;
Further, said webpage file publishing tamper-resist module is the file system filter driver module,, user's operation is differentiated by the operation validity identification module as the basis with it.Utilize the filter Driver on FSD module to take over the read-write operation of file system.When the user conducts interviews to the web page files system, just use the filter Driver on FSD module before operation takes place, to obtain operation information, call operation legitimacy identification module obtains the whether legal information of operation simultaneously.For legal operation, give its corresponding operational rights according to its authority setting; And, then control access rights to the web page files system for illegal operation, force the illegal operation of blocking-up user to file system.
The filter Driver on FSD module is so that (form of V * D) is write, and finds the operation intention with the assurance system before the file read-write operation takes place the user based on the virtual device driver of system bottom.
Effect of the present invention is significant, it has very strong ageing for the issue page anti-tamper, stop file being distorted attack in advance, stopped the destroyed all adverse effects that caused later of file publishing, reduce and recover needed cost and time.
Description of drawings
Fig. 1 is existing safe delivery system frame diagram.
Fig. 2 is that system of the present invention realizes prototype figure.
Fig. 3 is file filter module implementation framework figure of the present invention.
Embodiment
The webpage tamper resistant systems of this method practice in national information Secure Application demonstration project (S219).Its system's realization prototype figure is seen Fig. 2.The webpage publisher server 1,2,3 among the figure, Ethernet 4, the Internet 5, Distributor 6, additional detected server 7, issue catalogue detection module 10, their effect is all identical with prior art (shown in Figure 1), system of the present invention is mainly reflected in the webpage file publishing tamper-resist module 21 based on the operating system bottom shown in Fig. 2, takes over the read-write operation of file system to prevent that file from being distorted by it comprehensively.Like this between access end and the one-level monitoring client if by shown in file uploading protocol 22 carry out signing and issuing of normal file, and do not need to resemble file publishing among Fig. 1 upload and recover protocol module 8 with shown in the file publishing detection module 9 to carry out the recovery of signing and issuing and tampering with a document of normal file simultaneously, thereby reduced the loss of the traffic and system resource, strengthen the ageing of system, improved overall system efficiency.
The file system filter driver module is the core ingredient of the one-level supervisory system of web content monitoring and recovery system, and it is the interim driver that is positioned at the specific type on the file system.Under the Windows NT environment, each virtual, logic and equipment physics all have a corresponding with it Device object (device object) to be used for the feature and the status information of recording unit in the system.By the Device object, I/O (I/O) manager and driver can at any time be known the present situation of I/O equipment.The anti-modification of webpage file publishing in present embodiment module 21 is file system filter driver modules, and it intercepts and captures the various requests to file system pellucidly, and responds these requests according to predefined filter rules.Specifically, if request is legal, then file system filter driver should be asked to pass to file system pellucidly and handled; If request is illegal, then file system filter driver will be ignored this request and provide warning prompt.
The function that driver module is realized generally shows as the interface (to the response of various external request or message) of driver module to the outside.The file system filter driver module must be able to be handled the various requests that are sent to file system, or it is ignored, or it is passed to file system.The file I/O request of file filter device driver module response and corresponding file operation thereof.The specific implementation framework of file system filter driver module is as shown in Figure 3: file filter device driver module 11, connect the driving inlet 12 of this driver module 11 down, with file message request distribution module 13, the locking equipment that the one-level monitoring file message request distribution module 14 that connects down this request distribution module 13 connects the file device control module 16 of this one-level monitoring file message request distribution module 14 and connects this document device control module 16 down with other application file message request distribution modules 15, down is provided with module 17 and appointment locking equipment module 18.
One of maximum differential of driver and application program is exactly the control structure of driver.Application program is from first to last all moved under the control of Windows principal function, determines the invoked order of each subroutine.And driver does not have Windows principal function inlet, and it is the set of a subroutine that has the I/O manager to call as required (Dispatch routine).In essence, driver is that message or request drive operation, and each driver provides message or request to distribute table, and the function code of I/O manager use solicit operation is called corresponding driving program Dispatch routine as the index of this table.
Driver comprises following a few class routine:
● DriverEntry (driving inlet) routine
The DriverEntry routine is the entrance of driver, and each driver all must provide this routine.When starting driver, operating system will be called this inlet.The DriverEntry routine mainly be responsible for to be carried out relevant initial work, comprises the pointer (generate message or request and distribute table) that is established to other drivers, searches and locatees by any hardware device of driver use, allocation buffer etc.
● Unload (unloading) routine
When unloading a driver, the I/O manager is with the Unload routine of call driver.The Unload routine.Be responsible for cancellation any operation that DriverEntry did, comprise the distribution of removing any hardware resource that belongs to this driver, delete kernel objects that this driver creates etc.
● I/O system service routine (Dispatch routine)
I/O system service routine is the emphasis of Driver Design and realization, is the main embodiment of driver function.When the I/O manager obtains when request, its uses in the some Dispatch routines of function code call driver of request one.The Dispatch routine carries out pre-service to this request and allows the I/O manager that it is sent to relevant equipment handling.
By the concrete application of this method in the S219 engineering, obtained effect preferably.
Claims (3)
1, a kind of safe web page delivery system of distorting based on the anti-file publishing of operating system bottom comprises the one-level monitoring client and the secondary monitoring client that are connected with the Internet (5) one-tenth networking respectively; This one-level monitoring client contains plurality of webpages publisher server (1,2,3); This secondary monitoring client contains Distributor (6) or additional detected server (7) and issue catalogue detection module (10); This plurality of webpages publisher server (1,2,3) connects with Ethernet (4) mutually with this Distributor (6) or additional detected server (7), it is characterized in that, the operating system bottom of this plurality of webpages publisher server (1,2,3) is established this tamper-resist module of webpage file publishing tamper-resist module (21) (21) and is taken over the read-write operation of file system comprehensively, and between this one-level monitoring client and secondary monitoring client, establish file publishing uploading protocol module (22), this uploading protocol module (22) is carried out signing and issuing of normal file.
2, the safe web page delivery system of distorting based on the anti-file publishing of operating system bottom according to claim 1, it is characterized in that, said webpage file publishing tamper-resist module (21) is the file system filter driver module, and it discriminates user's operation by the legitimacy identification module.
3, the safe web page delivery system of distorting based on the anti-file publishing of operating system bottom according to claim 2, it is characterized in that, said file system filter driver module, it comprises that connecing this document filtrator driver module (11) under the filter Driver on FSD module (11) drives inlet (12) and file message request distribution module (13), connects the one-level monitoring file message request distribution module (14) and other application file message request distribution modules (15) of this request distribution module (13) down, connect the file device control module (16) of this one-level monitoring file message request distribution module (14) down, module (17) is set and specifies locking equipment module (18) with the locking equipment that connects this document device control module (16) down.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 01139007 CN1349163A (en) | 2001-12-03 | 2001-12-03 | Safe web page issuing system based on base layer of operation system and capable of preventing distortion of issued file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 01139007 CN1349163A (en) | 2001-12-03 | 2001-12-03 | Safe web page issuing system based on base layer of operation system and capable of preventing distortion of issued file |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1349163A true CN1349163A (en) | 2002-05-15 |
Family
ID=4674938
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 01139007 Pending CN1349163A (en) | 2001-12-03 | 2001-12-03 | Safe web page issuing system based on base layer of operation system and capable of preventing distortion of issued file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1349163A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010003317A1 (en) * | 2008-07-11 | 2010-01-14 | 中联绿盟信息技术(北京)有限公司 | Device, method and system for preventing web page from being tampered |
| CN103034811A (en) * | 2011-09-29 | 2013-04-10 | 北大方正集团有限公司 | File processing method and system and device |
-
2001
- 2001-12-03 CN CN 01139007 patent/CN1349163A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010003317A1 (en) * | 2008-07-11 | 2010-01-14 | 中联绿盟信息技术(北京)有限公司 | Device, method and system for preventing web page from being tampered |
| CN103034811A (en) * | 2011-09-29 | 2013-04-10 | 北大方正集团有限公司 | File processing method and system and device |
| CN103034811B (en) * | 2011-09-29 | 2016-08-03 | 北大方正集团有限公司 | A kind of method, system and device of file process |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20120240187A1 (en) | Policy based auditing of workflows | |
| CN102724313B (en) | Clustering bridge operation safety monitoring system based on cloud computation | |
| CN106227780B (en) | A kind of the automation screenshot evidence collecting method and system of magnanimity webpage | |
| CN101018119A (en) | Hardware-based server network security centralized management system without relevance to the operation system | |
| CN101079763A (en) | A remote configuration and management system and method of servers | |
| US20080282115A1 (en) | Client-server text messaging monitoring for remote computer management | |
| CN115277566B (en) | Load balancing method and device for data access, computer equipment and medium | |
| CN112559831A (en) | Link monitoring method and device, computer equipment and medium | |
| CN105761011A (en) | Laboratory resource management system based on cloud platform | |
| CN107769985A (en) | A kind of computer network management system | |
| CN115174148B (en) | Cloud service management method and artificial intelligent platform for cloud computing and information security | |
| CN108833442A (en) | A kind of distributed network security monitoring device and its method | |
| CN1349163A (en) | Safe web page issuing system based on base layer of operation system and capable of preventing distortion of issued file | |
| CN201054604Y (en) | Driver website tamper prevention architecture | |
| CN116074075A (en) | Security event association behavior analysis method, system and equipment based on association rule | |
| CN1719767A (en) | Network storage method and system based on instant communication platform | |
| CN110221991A (en) | The management-control method and system of computer peripheral | |
| CN1627759A (en) | Digital management system and method of managing access right in such system | |
| CN114077973A (en) | Manufacturing execution system and method for solar cell module production | |
| CN109543420B (en) | Permission configuration method and device based on sud, electronic equipment and storage medium | |
| CN1889502A (en) | Method for preventing star-shape network from invading and attacking based on intelligent exchanger | |
| CN104125255A (en) | Remote work checking device, work automatic system and remote work checking method | |
| CN115174238B (en) | Network attack source identification method and device | |
| CN1598801A (en) | Platform system information access managing method and system of network computer | |
| CN116414699B (en) | Operation and maintenance testing method, device, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |