CN110378134A - A kind of mixed cloud information protection and stream compression tracking based on label - Google Patents
A kind of mixed cloud information protection and stream compression tracking based on label Download PDFInfo
- Publication number
- CN110378134A CN110378134A CN201910610057.6A CN201910610057A CN110378134A CN 110378134 A CN110378134 A CN 110378134A CN 201910610057 A CN201910610057 A CN 201910610057A CN 110378134 A CN110378134 A CN 110378134A
- Authority
- CN
- China
- Prior art keywords
- label
- user
- information protection
- cloud information
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000006835 compression Effects 0.000 title claims abstract description 17
- 238000007906 compression Methods 0.000 title claims abstract description 17
- 238000000034 method Methods 0.000 claims abstract description 12
- 230000008569 process Effects 0.000 claims abstract description 8
- 238000004458 analytical method Methods 0.000 claims abstract description 7
- 238000004891 communication Methods 0.000 claims abstract description 5
- 238000013475 authorization Methods 0.000 claims abstract description 4
- 238000002360 preparation method Methods 0.000 claims abstract description 4
- 238000012544 monitoring process Methods 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 claims description 6
- 238000007792 addition Methods 0.000 claims description 3
- 238000012217 deletion Methods 0.000 claims description 3
- 230000037430 deletion Effects 0.000 claims description 3
- 238000012550 audit Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 206010016275 Fear Diseases 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Automation & Control Theory (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The mixed cloud information protection and stream compression tracking that the present invention provides a kind of based on label, S1: user terminal is obtained by cloud information protection system and configuration information protects label;S2: subscriber terminal equipment and cloud information protection system establish communication encryption process;S3: Email, file and browser with label are respectively transmitted to mail server, file-sharing server and Website server by user terminal;S4: cloud information protection system needs Email, file and user behavior to be protected to do authorization check and permission behavior auditing user by rights management center;S5: cloud information protection system stores the process ID, user behavior and label that user executes operation to log recording;S6: the operation of user in log is carried out data preparation analysis by cloud information protection system.The present invention passes through the circulation of label tracking data, and drawing data moving map carries out data and traces to the source, the circulation of tracking data.
Description
Technical field
The invention belongs to information protective technology fields, more particularly, to a kind of mixed cloud information protection sum number based on label
According to circulation tracking.
Background technique
Modern society has become an information-intensive society, in particular with the development of computer and mechanics of communication, information pair
The value of people is increasing, then more payes attention to the protection of information.But in peace during storing and transmitting of information
Quan Xing is always the problem of fears are entertained that.
Information protection system in the prior art, storage and it is shared when can reinforce data protection, but still have
Some defects and limitations.The system only protects its document and Email when by applying label, but not
The protection and monitoring of user terminal browser are related to, and is not carried out the tracking to label data.
Summary of the invention
In view of this, the present invention is directed to propose a kind of mixed cloud information protection and stream compression track side based on label
Method solves the problems of the prior art, using label to file, Email and browser carry out classification and it is selective
Protection, and by the circulation of label tracking data, drawing data moving map carries out data and traces to the source, the stream of tracking data
Turn, once leaking data occurs, can be recalled according to data moving map.
In order to achieve the above objectives, the technical scheme of the present invention is realized as follows:
A kind of mixed cloud information protection and stream compression tracking based on label, comprising the following steps:
S1: user terminal is obtained by cloud information protection system and configuration information protects label;
S2: subscriber terminal equipment and cloud information protection system establish communication encryption process, and user is to Email, file
And user browser behavior and sensitive data are identified using label;
S3: Email, file and browser with label are respectively transmitted to mail server, file by user terminal
Shared server and Website server;
S4: cloud information protection system by rights management center to user need Email to be protected, file and
User behavior does authorization check and permission behavior auditing;
S5: cloud information protection system remembers process ID, user behavior and the label storage that user executes operation to log
Record;
S6: the operation of user in log is carried out data preparation analysis by cloud information protection system, draws out the row of user
For data map.
Further, in step S1, it is clear that user terminal acquisition label comes identification and protection file, Email and user
Look at the monitoring of device behavior.
Further, in step S1, configuration information protection label includes tag operational and the setting of user terminal label.
Tag operational mainly carries out additions and deletions to label and changes to look into and grade classification;The setting of user terminal label is in user terminal
Whether file, Email and browser operation are configured with label.
Further, in step S2, when monitoring the operation behavior of browser, user terminal is used cooperatively domestic browser.
Further, in step S3, mail transmission process uses the safe encrypted tunnel of HTTPS.
Further, in step S3, file transmission uses SMB3.0, allows the text of application program and user terminal from distal end
Part server access file resource.
Further, in step S5, log remembers user in each request of protection file, Email and browser
Record is got off.
Further, in step S6, cloud information protection system is classified the operation behavior of user by label, benefit
It is analyzed with data and draws user behavior map, if encountering Information abnormity or leakage, user behavior map is analyzed, to information source
Carry out forensics analysis.
Compared with the existing technology, a kind of mixed cloud information protection and stream compression tracking based on label of the present invention
Method has the advantage that
A kind of mixed cloud information protection and stream compression tracking based on label of the present invention, using label pair
File, Email and browser carry out classification and selectively protection, and pass through the circulation of label tracking data, draw
Data moving map processed carries out data and traces to the source, the circulation of tracking data, once leaking data occurs, it can be according to data movably
Figure backtracking;This method also achieves progress permission audit beyond the clouds, improves reliability.
Detailed description of the invention
The attached drawing for constituting a part of the invention is used to provide further understanding of the present invention, schematic reality of the invention
It applies example and its explanation is used to explain the present invention, do not constitute improper limitations of the present invention.
In the accompanying drawings:
Fig. 1 is a kind of mixed cloud information protection and stream compression tracking based on label described in the embodiment of the present invention
Schematic diagram.
Specific embodiment
It should be noted that in the absence of conflict, the feature in embodiment and embodiment in the present invention can phase
Mutually combination.
In the description of the present invention, it is to be understood that, term " center ", " longitudinal direction ", " transverse direction ", "upper", "lower",
The orientation or positional relationship of the instructions such as "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outside" is
It is based on the orientation or positional relationship shown in the drawings, is merely for convenience of description of the present invention and simplification of the description, rather than instruction or dark
Show that signified device or element must have a particular orientation, be constructed and operated in a specific orientation, therefore should not be understood as pair
Limitation of the invention.In addition, term " first ", " second " etc. are used for description purposes only, it is not understood to indicate or imply phase
To importance or implicitly indicate the quantity of indicated technical characteristic.The feature for defining " first ", " second " etc. as a result, can
To explicitly or implicitly include one or more of the features.In the description of the present invention, unless otherwise indicated, " multiple "
It is meant that two or more.
In the description of the present invention, it should be noted that unless otherwise clearly defined and limited, term " installation ", " phase
Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can
To be mechanical connection, it is also possible to be electrically connected;It can be directly connected, can also can be indirectly connected through an intermediary
Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood by concrete condition
Concrete meaning in the present invention.
The present invention will be described in detail below with reference to the accompanying drawings and embodiments.
As shown in Figure 1, a kind of mixed cloud information protection and stream compression tracking based on label, including following step
It is rapid:
S1: user terminal is configured and is obtained information protection label by cloud information protection system;
S2: subscriber terminal equipment and cloud information protection system establish communication encryption process, and user is to Email, file
And user browser behavior and sensitive data are identified using label;
S3: Email, file and browser with label are respectively transmitted to mail server, file by user terminal
Shared server and Website server;
S4: cloud information protection system by rights management center to user need Email to be protected, file and
User behavior does authorization check and permission behavior auditing;
S5: cloud information protection system remembers process ID, user behavior and the label storage that user executes operation to log
Record;
S6: the operation of user in log is carried out data preparation analysis by cloud information protection system, draws out the row of user
For data map.
As shown in Figure 1, user terminal obtains label and comes identification and protection file, Email and user in step S1
The monitoring of browser behavior.
As shown in Figure 1, configuration information protection label includes tag operational and the setting of user terminal label in step S1.
Tag operational generally comprises selection default label, and the additions and deletions of label, which change, the operation such as looks into, according to the security level of data
Unique identifier mark can be created to sensitive data to the data application multistage label of protection by carrying out grade classification to label
Label;The setting of user terminal label can be arranged whether All Files, Email and browser operation all must in user terminal
Label must be had.
Creation can add visual indicia (page number, header, watermark etc.) and classified prompt condition when protecting new label, to
Existing protection label can add subtab.
As shown in Figure 1, when monitoring the operation behavior of browser, user terminal is used cooperatively domestic browser in step S2,
Domestic browser can audit user right and to rights management center verify.
User is using label come when identifying shielded information, file label can be related to access authority, read-write duplication
And customized access object etc.;Mailing label is related to forward/to forward, and mass-sends, access object and specific mailboxes are arranged
Access authority etc.;User browser behavior is mainly concerned with the permission of access website, and forwarding is shared in the upload downloading of web site contents
Etc. common behavior.
As shown in Figure 1, mail transmission process uses the safe encrypted tunnel of HTTPS in step S3.
As shown in Figure 1, file transmission uses SMB3.0 in step S3, allow application program and user terminal from distal end
File server access file resource.SMB 3.0 is greatly improved performance, reliability and safety.
As shown in Figure 1, log is by user in each request for protecting file, Email and browser in step S5
It records.
As shown in Figure 1, cloud information protection system is classified the operation behavior of user by label in step S6,
It is analyzed using data and draws user behavior map, if encountering Information abnormity or leakage, user behavior map is analyzed, to information
Source carries out forensics analysis.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention
Within mind and principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.
Claims (8)
1. a kind of mixed cloud information protection and stream compression tracking based on label, it is characterised in that: the following steps are included:
S1: user terminal is obtained by cloud information protection system and configuration information protects label;
S2: subscriber terminal equipment and cloud information protection system establish communication encryption process, user to Email, file and
User browser behavior and sensitive data are identified using label;
S3: Email, file and browser with label are respectively transmitted to mail server, file-sharing by user terminal
Server and Website server;
S4: cloud information protection system needs Email, file and user to be protected to user by rights management center
Authorization check and permission behavior auditing are done in behavior;
S5: cloud information protection system stores the process ID, user behavior and label that user executes operation to log recording;
S6: the operation of user in log is carried out data preparation analysis by cloud information protection system, draws out the behavior number of user
According to map.
2. a kind of mixed cloud information protection and stream compression tracking based on label according to claim 1, special
Sign is: in step S1, user terminal obtains label and comes identification and protection file, Email and user browser behavior
Monitoring.
3. a kind of mixed cloud information protection and stream compression tracking based on label according to claim 1, special
Sign is: in step S1, configuration information protection label includes tag operational and the setting of user terminal label.
Tag operational mainly carries out additions and deletions to label and changes to look into and grade classification;The setting of user terminal label is in user terminal to text
Whether part, Email and browser operation are configured with label.
4. a kind of mixed cloud information protection and stream compression tracking based on label according to claim 1, special
Sign is: in step S2, when monitoring the operation behavior of browser, user terminal is used cooperatively domestic browser.
5. a kind of mixed cloud information protection and stream compression tracking based on label according to claim 1, special
Sign is: in step S3, mail transmission process uses the safe encrypted tunnel of HTTPS.
6. a kind of mixed cloud information protection and stream compression tracking based on label according to claim 1, special
Sign is: in step S3, file transmission uses SMB3.0, and application program and user terminal is allowed to visit from the file server of distal end
Ask file resource.
7. a kind of mixed cloud information protection and stream compression tracking based on label according to claim 1, special
Sign is: in step S5, log records user in each request of protection file, Email and browser.
8. a kind of mixed cloud information protection and stream compression tracking based on label according to claim 1, special
Sign is: in step S6, cloud information protection system is classified the operation behavior of user by label, is analyzed using data
User behavior map is drawn, if encountering Information abnormity or leakage, analyzes user behavior map, evidence obtaining point is carried out to information source
Analysis.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910610057.6A CN110378134A (en) | 2019-07-08 | 2019-07-08 | A kind of mixed cloud information protection and stream compression tracking based on label |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910610057.6A CN110378134A (en) | 2019-07-08 | 2019-07-08 | A kind of mixed cloud information protection and stream compression tracking based on label |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110378134A true CN110378134A (en) | 2019-10-25 |
Family
ID=68252408
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910610057.6A Pending CN110378134A (en) | 2019-07-08 | 2019-07-08 | A kind of mixed cloud information protection and stream compression tracking based on label |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110378134A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110909323A (en) * | 2019-12-02 | 2020-03-24 | 北华航天工业学院 | Remote sensing image stream forwarding tracing method based on XML multi-label watermark |
| CN110990858A (en) * | 2019-12-11 | 2020-04-10 | 中山大学 | Cross-cloud resource sharing system and method based on distributed information flow control |
| CN112260931A (en) * | 2020-09-18 | 2021-01-22 | 冠群信息技术(南京)有限公司 | Circulation traceability method and system based on e-mail |
| CN113590619A (en) * | 2021-07-22 | 2021-11-02 | 中共四川省委组织部 | Information protection and data management method based on label |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103166977A (en) * | 2013-04-16 | 2013-06-19 | 福建伊时代信息科技股份有限公司 | Method, terminal, server and system for accessing website |
| CN103441986A (en) * | 2013-07-29 | 2013-12-11 | 中国航天科工集团第二研究院七〇六所 | Data resource security control method in thin client mode |
| CN103824031A (en) * | 2014-02-28 | 2014-05-28 | 江苏敏捷科技股份有限公司 | Method and system for guaranteeing security of electronic documents by using electronic document security labels |
| CN107180202A (en) * | 2017-05-10 | 2017-09-19 | 华中科技大学 | A kind of Web user intimacy protection system and method based on information stream label |
| CN108763245A (en) * | 2018-03-28 | 2018-11-06 | 北京明朝万达科技股份有限公司 | A kind of document management method and system based on NTFS system file labels |
| CN108809803A (en) * | 2018-04-18 | 2018-11-13 | 北京明朝万达科技股份有限公司 | A kind of anti-method and system divulged a secret with tracing of fileinfo |
| CN109388642A (en) * | 2018-10-23 | 2019-02-26 | 北京计算机技术及应用研究所 | Sensitive data based on label tracks source tracing method |
-
2019
- 2019-07-08 CN CN201910610057.6A patent/CN110378134A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103166977A (en) * | 2013-04-16 | 2013-06-19 | 福建伊时代信息科技股份有限公司 | Method, terminal, server and system for accessing website |
| CN103441986A (en) * | 2013-07-29 | 2013-12-11 | 中国航天科工集团第二研究院七〇六所 | Data resource security control method in thin client mode |
| CN103824031A (en) * | 2014-02-28 | 2014-05-28 | 江苏敏捷科技股份有限公司 | Method and system for guaranteeing security of electronic documents by using electronic document security labels |
| CN107180202A (en) * | 2017-05-10 | 2017-09-19 | 华中科技大学 | A kind of Web user intimacy protection system and method based on information stream label |
| CN108763245A (en) * | 2018-03-28 | 2018-11-06 | 北京明朝万达科技股份有限公司 | A kind of document management method and system based on NTFS system file labels |
| CN108809803A (en) * | 2018-04-18 | 2018-11-13 | 北京明朝万达科技股份有限公司 | A kind of anti-method and system divulged a secret with tracing of fileinfo |
| CN109388642A (en) * | 2018-10-23 | 2019-02-26 | 北京计算机技术及应用研究所 | Sensitive data based on label tracks source tracing method |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110909323A (en) * | 2019-12-02 | 2020-03-24 | 北华航天工业学院 | Remote sensing image stream forwarding tracing method based on XML multi-label watermark |
| CN110909323B (en) * | 2019-12-02 | 2021-10-29 | 北华航天工业学院 | Remote sensing image stream forwarding tracing method based on XML multi-label watermark |
| CN110990858A (en) * | 2019-12-11 | 2020-04-10 | 中山大学 | Cross-cloud resource sharing system and method based on distributed information flow control |
| CN110990858B (en) * | 2019-12-11 | 2023-01-17 | 中山大学 | Cross-cloud resource sharing system and method based on distributed information flow control |
| CN112260931A (en) * | 2020-09-18 | 2021-01-22 | 冠群信息技术(南京)有限公司 | Circulation traceability method and system based on e-mail |
| CN113590619A (en) * | 2021-07-22 | 2021-11-02 | 中共四川省委组织部 | Information protection and data management method based on label |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110378134A (en) | A kind of mixed cloud information protection and stream compression tracking based on label | |
| CN101482887B (en) | Anti-tamper verification method for key data in database | |
| KR101092024B1 (en) | Real-time vulnerability diagnoses and results information offer service system of web service | |
| US20170005961A1 (en) | Just-In-Time, Email Embedded URL Reputation Determination | |
| CN112217835B (en) | Message data processing method and device, server and terminal equipment | |
| Dezfoli et al. | Digital forensic trends and future | |
| US20090292930A1 (en) | System, method and apparatus for assuring authenticity and permissible use of electronic documents | |
| US20090138972A1 (en) | Resisting the spread of unwanted code and data | |
| CN111726353A (en) | Sensitive data grading protection method and grading protection system based on numerical control system | |
| KR100912794B1 (en) | Web hacking management system and manegement method thereof for real time web server hacking analysis and homepage hacking search | |
| CN102930225A (en) | Electronic document access control method based on confidential identifier | |
| CN101635730A (en) | Method and system for safe management of internal network information of small and medium-sized enterprises | |
| CN101388768A (en) | Method and device for detecting malicious HTTP request | |
| CN109376133A (en) | File access method and file access system | |
| CN103166966A (en) | Method and device for distinguishing illegal access request to website | |
| Valjarevic et al. | A harmonized process model for digital forensic investigation readiness | |
| CN103118035A (en) | Website access request parameter legal range analysis method and device | |
| CN107948235A (en) | Cloud data safety management and audit device based on JAR | |
| CN108390857B (en) | Method and device for exporting file from high-sensitivity network to low-sensitivity network | |
| CN108234506B (en) | Unidirectional isolation network gate and data transmission method | |
| KR20140071573A (en) | System capable of Providing Specialized Function for Host Terminal based Unix and Linux | |
| CN116522197A (en) | Identity authentication and access control system based on security management | |
| CN108322420A (en) | The detection method and device of backdoor file | |
| KR101464736B1 (en) | Security Assurance Management System and Web Page Monitoring Method | |
| KR102516819B1 (en) | Method for allowing threat events to be analyzed and handled based on big data and server using the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191025 |
|
| RJ01 | Rejection of invention patent application after publication |