CN109145586B - Dynamic authorization method for SSR centralized management platform characteristics - Google Patents
Dynamic authorization method for SSR centralized management platform characteristics Download PDFInfo
- Publication number
- CN109145586B CN109145586B CN201810924161.8A CN201810924161A CN109145586B CN 109145586 B CN109145586 B CN 109145586B CN 201810924161 A CN201810924161 A CN 201810924161A CN 109145586 B CN109145586 B CN 109145586B
- Authority
- CN
- China
- Prior art keywords
- characteristic
- authorization
- ssr
- state
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 99
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000012795 verification Methods 0.000 claims abstract description 4
- 229910002056 binary alloy Inorganic materials 0.000 claims description 8
- 238000004364 calculation method Methods 0.000 abstract description 2
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 241000700605 Viruses Species 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/565—Static detection by checking file integrity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the invention discloses a dynamic authorization method for SSR centralized management platform characteristics, which comprises the following steps: importing a certificate; verifying whether each security feature is authorized; modifying the authorization state of each security characteristic according to the verification result; updating a display page according to the authorization state; and synchronizing the authorization state to the SSR client. According to the invention, the characteristic authorization value is added in the certificate, after the certificate is uploaded to the centralized management platform, the characteristic authorization value is obtained from the certificate and is subjected to bit calculation with the characteristic ID in the characteristic ID table, so that the authorized security characteristic is determined, the display page is updated according to the authorized security characteristic, and the authorization state synchronization is carried out on the SSR client side through heartbeat, so that the security characteristic authorization step is simplified, and the management difficulty can be reduced.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a dynamic authorization method for SSR centralized management platform characteristics.
Background
The wave tide operating system Security enhancement system (SSR) is an "operating system Security enhancement system" with autonomous intellectual property rights for wave tides, and effectively restricts and disperses the rights of the original system administrator by mandatory access control of files, directories, processes, registries and services. The SSR is a solution product for constructing a kernel module technology of a national third-level security operating system, can upgrade a common server operating system from a system in real time, has a third-level security technical function, and fundamentally immunizes various existing attack behaviors aiming at the operating system, such as: viruses, worms, hacking, etc. The SSR has gained an indispensable position in many markets as an operating system security defense product, can flexibly and effectively defend attacks or illegal operations from inside and outside, and is recorded into a log for query analysis.
The SSR is managed by a centralized management platform, and in order to implement security protection for the client, the centralized management platform provides many security features, such as: program management and control, mobile storage control, integrity detection and the like.
However, in the actual production process, the security characteristics of the clients are not required to be the same, and not all the security characteristics are required, so that almost every client needs to customize the security characteristics, and some different security characteristics are removed from the code level, which not only wastes resources, but also increases the management difficulty.
Disclosure of Invention
The embodiment of the invention provides a dynamic authorization method for SSR centralized management platform characteristics, which aims to solve the problem of high management difficulty in the prior art.
In order to solve the technical problem, the embodiment of the invention discloses the following technical scheme:
the invention provides a dynamic authorization method for SSR centralized management platform characteristics, which comprises the following steps:
importing a certificate;
verifying whether each security feature is authorized;
modifying the authorization state of each security characteristic according to the verification result;
updating a display page according to the authorization state;
and synchronizing the authorization state to the SSR client.
Preferably, the verifying whether each security feature is authorized specifically includes:
obtaining an auth field in a certificate;
obtaining a characteristic authorization value from the auth field;
acquiring a characteristic ID table;
performing bit operation on the characteristic authorization value and the characteristic ID table;
and judging whether to receive authorization according to the bit operation result.
Preferably, the characteristic authorization value is a sum of characteristic IDs corresponding to all authorized security characteristics.
Preferably, the property ID table is composed of a plurality of property IDs, wherein each property ID corresponds to a security property upon determination.
Preferably, the performing bit operation on the characteristic authorization value and the characteristic ID table specifically includes:
representing the characteristic authorization value and each characteristic ID in the characteristic ID table by binary;
and the characteristic authorization value expressed by binary system and the characteristic ID expressed by binary system are operated according to bit.
Preferably, the determining whether to receive the authorization according to the bit operation result specifically includes:
judging whether the bit operation result is equal to the characteristic authorization value or not;
if so, the corresponding security feature is not authorized, otherwise, authorization is performed.
Preferably, synchronizing the authorization status to the SSR client specifically includes:
adding a characteristic authorization value into the heartbeat signal;
sending the heartbeat signal added with the characteristic authorization value to the SSR client;
and the SSR client performs corresponding authorization operation according to the characteristic authorization value.
Preferably, the method further comprises:
acquiring real-time characteristic states of all safety characteristics;
judging whether the real-time characteristic state is the same as the characteristic state after bit operation;
if the bit is the same as the bit, the state is kept, otherwise, the characteristic state is modified to be the same as the characteristic state after the bit operation.
Preferably, the method further comprises;
and updating the display page according to the modified characteristic state.
According to the technical scheme, the characteristic authorization value is added in the certificate, after the certificate is uploaded to the centralized management platform, the characteristic authorization value is obtained from the certificate and is subjected to bit operation with the characteristic ID in the characteristic ID table, so that the authorized safety characteristic is determined, the display page is updated according to the authorized safety characteristic, and the authorization state synchronization is performed on the SSR client side through heartbeat, so that the safety characteristic authorization steps are simplified, and the management difficulty can be reduced.
Drawings
In order to illustrate the embodiments of the present invention or the technical solutions in the prior art more clearly, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious for a person skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a schematic flow chart of a dynamic authorization method for SSR centralized management platform characteristics according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a method for verifying whether each security feature is authorized according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of a method for synchronizing an authorization status to an SSR client according to an embodiment of the present invention;
fig. 4 is a schematic flow chart of another method for dynamically authorizing the characteristics of the SSR centralized management platform according to the embodiment of the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solution of the present invention, the technical solution in the embodiment of the present invention will be clearly and completely described below with reference to the drawings in the embodiment of the present invention, and it is obvious that the described embodiment is only a part of the embodiment of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, a schematic flow chart of a dynamic authorization method for SSR centralized management platform characteristics according to an embodiment of the present invention is shown in fig. 1, where the dynamic authorization method for SSR centralized management platform characteristics according to an embodiment of the present invention includes:
s10: and importing the certificate.
And the centralized management platform imports the certificate file prepared by the user through a management interface.
S20: each security feature is verified for authorization.
Because the centralized management platform can manage a plurality of security features, but the actual use of the user does not need all security features, so that the required security features need to be selected from the security features and authorized, in order to ensure the simplicity of the authorization process, if some security features are authorized in the last use process and also need to be authorized in the present use, only the authorized security features need to be authorized, and the unnecessary security features need to be closed, so as to check whether each security feature is authorized, see fig. 2, a flow diagram of a method for checking whether each security feature is authorized provided by the embodiment of the present invention, as shown in fig. 2, the checking whether each security feature is authorized specifically includes:
s21: an auth field in the certificate is obtained.
And decrypting the imported certificate and extracting an auth field from the decrypted file.
S22: and obtaining the property authorization value from the auth field.
The property authorization included in the auth field is determined according to the property ID corresponding to the security property of the allowed authorization, specifically, the sum of the property IDs corresponding to the security property of the allowed authorization, for example, the security property of the allowed authorization is a security baseline and a program control, and the property IDs corresponding to the security baseline and the program control are 1 and 4, respectively, so that the property authorization value in the auth field is 5.
S23: a property ID table is obtained.
The characteristic ID table is a table composed of a plurality of characteristic IDs, wherein the characteristic IDs corresponding to all the characteristics are included, the characteristic IDs are determined by the user, each characteristic ID is satisfied, but which value corresponds to each security characteristic is determined by the user, and the determined characteristic ID is also used for determining the characteristic authorization value mentioned in step S22.
S24: and performing bit operation on the characteristic authorization value and the characteristic ID table.
The bit operation is bitwise operation, which comprises and operation, or operation and non-operation, aiming at binary system, and the embodiment of the invention adopts and operation, before the and operation, the characteristic authorization value and each characteristic ID in the characteristic ID table are represented by binary system, and then the characteristic authorization value represented by binary system and the characteristic ID represented by binary system are bitwise and operated.
S25: and judging whether to receive authorization according to the bit operation result.
Because the characteristic ID is determined, and the characteristic authorization value is the sum of the characteristic IDs corresponding to all authorized security characteristics, only two results occur after the and operation, one is that the result is equal to the characteristic authorization value, and the other is that the result is 0, so whether to authorize specifically is to determine whether the bit operation result is equal to the characteristic authorization value, if so, the corresponding security characteristic is not authorized, otherwise, authorization is performed.
S30: and modifying the authorization state of each security feature according to the verification result.
S40: and updating a display page according to the authorization state.
S50: and synchronizing the authorization state to the SSR client.
Referring to fig. 3, a schematic flow chart of a method for synchronizing an authorization status to an SSR client according to an embodiment of the present invention is shown in fig. 3, where synchronizing the authorization status to the SSR client specifically includes:
s51: a characteristic grant value is added to the heartbeat signal.
The SSR client side can regularly send in-place information to the centralized management platform, the centralized management platform feeds back the information after receiving the information, the return signal is a heartbeat signal, and the characteristic authorization value is added into the heartbeat signal to realize the synchronization of the authorization state.
S52: and sending the heartbeat signal added with the characteristic authorization value to the SSR client.
S53: and the SSR client performs corresponding authorization operation according to the characteristic authorization value.
Referring to fig. 4, a schematic flow chart of another method for dynamically authorizing the characteristics of an SSR centralized management platform according to an embodiment of the present invention is shown in fig. 4, where the method further includes:
s60: and acquiring the real-time characteristic states of all safety characteristics.
For the security feature that has been authorized, the authorization state of the security feature may be changed when another operation is performed again, but the last authorization state is not automatically restored to the initial state, so that the authorization state corresponding to the bit operation result is different from the last authorization state.
S70: and judging whether the real-time characteristic state is the same as the characteristic state after bit operation.
By comparing whether the real-time characteristic state is consistent with the characteristic state after the bit operation, it is determined whether the characteristic state modification is required, and if the determination result is consistent, the modification is not required, and the step S80 can be directly executed: the state is maintained, otherwise step S90 is executed: the characteristic state is modified to the same characteristic state as after the bit operation. Step S40 is then re-executed according to the modified authorization status.
According to the invention, the characteristic authorization value is added in the certificate, after the certificate is uploaded to the centralized management platform, the characteristic authorization value is obtained from the certificate and is subjected to bit calculation with the characteristic ID in the characteristic ID table, so that the authorized security characteristic is determined, the display page is updated according to the authorized security characteristic, and the authorization state synchronization is carried out on the SSR client side through heartbeat, so that the security characteristic authorization step is simplified, and the management difficulty can be reduced.
The foregoing are merely exemplary embodiments of the present invention, which enable those skilled in the art to understand or practice the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (6)
1. A dynamic authorization method for SSR centralized management platform characteristics is characterized by comprising the following steps:
importing a certificate;
verifying whether each security characteristic is authorized, specifically including obtaining an auth field in a certificate; obtaining a characteristic authorization value from the auth field; acquiring a characteristic ID table; performing bit operation on the characteristic authorization value and the characteristic ID table; judging whether to receive authorization according to the bit operation result; wherein the performing the bit operation on the characteristic authorization value and the characteristic ID table specifically includes: representing the characteristic authorization value and each characteristic ID in the characteristic ID table by binary; carrying out bitwise AND operation on the characteristic authorization value represented by the binary system and the characteristic ID represented by the binary system in sequence; judging whether to receive authorization according to the bit operation result specifically comprises the following steps: judging whether the bit operation result is equal to the characteristic authorization value or not; if yes, the corresponding security feature is not authorized, otherwise, authorization is performed;
modifying the authorization state of each security characteristic according to the verification result;
updating a display page according to the authorization state;
and synchronizing the authorization state to the SSR client.
2. A method for dynamic authorization of characteristics of an SSR centralized management platform according to claim 1, wherein said characteristic authorization value is the sum of characteristic IDs corresponding to all authorized security characteristics.
3. An SSR centralized management platform feature dynamic authorization method according to claim 1 characterized in that said feature ID table consists of a plurality of feature IDs, where a feature ID is determined, each feature ID corresponding to a security feature.
4. An SSR centralized management platform feature dynamic authorization method according to claim 1, wherein synchronizing the authorization status to an SSR client specifically comprises:
adding a characteristic authorization value into the heartbeat signal;
sending the heartbeat signal added with the characteristic authorization value to the SSR client;
and the SSR client performs corresponding authorization operation according to the characteristic authorization value.
5. A SSR centralized management platform feature dynamic authorization method according to any of claims 1-4, characterized in that said method further comprises:
acquiring real-time characteristic states of all safety characteristics;
judging whether the real-time characteristic state is the same as the characteristic state after bit operation;
if the bit is the same as the bit, the state is kept, otherwise, the characteristic state is modified to be the same as the characteristic state after the bit operation.
6. A SSR centralized management platform feature dynamic authorization method according to claim 5, characterized in that said method further comprises;
and updating the display page according to the modified characteristic state.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810924161.8A CN109145586B (en) | 2018-08-14 | 2018-08-14 | Dynamic authorization method for SSR centralized management platform characteristics |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810924161.8A CN109145586B (en) | 2018-08-14 | 2018-08-14 | Dynamic authorization method for SSR centralized management platform characteristics |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109145586A CN109145586A (en) | 2019-01-04 |
CN109145586B true CN109145586B (en) | 2020-10-20 |
Family
ID=64792999
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810924161.8A Active CN109145586B (en) | 2018-08-14 | 2018-08-14 | Dynamic authorization method for SSR centralized management platform characteristics |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109145586B (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105141597A (en) * | 2015-08-13 | 2015-12-09 | 中国人民解放军国防科学技术大学 | Self-representation secure routing authorization method based on identity, namely, public key |
CN108256344A (en) * | 2018-01-22 | 2018-07-06 | 商客通尚景科技江苏有限公司 | A kind of SaaS enterprise platforms Database Systems and attaching method thereof |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102546672A (en) * | 2012-03-09 | 2012-07-04 | 浪潮通信信息***有限公司 | Out-of-band authorization safety reinforcement method for cloud computing platform |
FR3015726B1 (en) * | 2013-12-24 | 2016-01-08 | Morpho | SECURE COMPARATIVE PROCESSING METHOD |
CN106874730A (en) * | 2015-12-11 | 2017-06-20 | 平安科技(深圳)有限公司 | The method of calibration and client of bank server login certificate |
CN106355052A (en) * | 2016-11-03 | 2017-01-25 | 广东浪潮大数据研究有限公司 | Authorization centralized management method, device and system |
-
2018
- 2018-08-14 CN CN201810924161.8A patent/CN109145586B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105141597A (en) * | 2015-08-13 | 2015-12-09 | 中国人民解放军国防科学技术大学 | Self-representation secure routing authorization method based on identity, namely, public key |
CN108256344A (en) * | 2018-01-22 | 2018-07-06 | 商客通尚景科技江苏有限公司 | A kind of SaaS enterprise platforms Database Systems and attaching method thereof |
Also Published As
Publication number | Publication date |
---|---|
CN109145586A (en) | 2019-01-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10324774B2 (en) | Kernel program including relational database, and method and apparatus for executing said program | |
CN111209558B (en) | Internet of things equipment identity authentication method and system based on block chain | |
CN104811428A (en) | Method, device and system for verifying client identity by social relation data | |
EP3270318B1 (en) | Dynamic security module terminal device and method for operating same | |
CN105262717A (en) | Network service security management method and device | |
CN104320389A (en) | Fusion identify protection system and fusion identify protection method based on cloud computing | |
GB2439838A (en) | Mutual authentication procedure for Trusted Platform Modules with exchange of credentials | |
CN104202296A (en) | Trusted security enhancement method for domestic operating system | |
CN104751105A (en) | Fingerprint data verification method, fingerprint data verification device, related equipment and system | |
CN112464212A (en) | Data authority control reconstruction method based on mature complex service system | |
WO2015026971A2 (en) | Application trust-listing security service | |
CN111222160A (en) | Intelligent contract execution method and system | |
CN113360868A (en) | Application program login method and device, computer equipment and storage medium | |
CN101540704B (en) | Unreliable DBMS malicious intrusion detection system and method | |
CN106295384B (en) | Big data platform access control method and device and authentication server | |
CN111600701B (en) | Private key storage method, device and storage medium based on blockchain | |
CN113660268A (en) | Login authorization management method, system, device and medium | |
CN111090616B (en) | File management method, corresponding device, equipment and storage medium | |
CN109145586B (en) | Dynamic authorization method for SSR centralized management platform characteristics | |
CN115906184B (en) | Method, device, medium and electronic equipment for controlling process to access files | |
CN104243215A (en) | Terminal equipment password management method and system and equipment | |
CN103559430A (en) | Application account management method and device based on android system | |
CN111063061A (en) | Method, equipment and storage medium for using temporary password for intelligent door lock | |
US20220150241A1 (en) | Permissions for backup-related operations | |
CN115935388A (en) | Software package safety sending method, device, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20200917 Address after: 215100 No. 1 Guanpu Road, Guoxiang Street, Wuzhong Economic Development Zone, Suzhou City, Jiangsu Province Applicant after: SUZHOU LANGCHAO INTELLIGENT TECHNOLOGY Co.,Ltd. Address before: 450018 Henan province Zheng Dong New District of Zhengzhou City Xinyi Road No. 278 16 floor room 1601 Applicant before: ZHENGZHOU YUNHAI INFORMATION TECHNOLOGY Co.,Ltd. |
|
TA01 | Transfer of patent application right | ||
GR01 | Patent grant | ||
GR01 | Patent grant |