Reinforcing system

Abstract

The invention discloses a reinforcing system, which comprises a dual-factor authentication sub system, a mandatory access control sub system based on safety marks, a protection verification executing sub system capable of executing codes, a remaining information protection sub system, an authority management sub system based on roles, a security auditing sub system and a built-in lightweight directory access protocol (LDAP) directory service sub system. Under the simultaneous effects of the sub systems, security functions such as mandatory access control, dual-factor authentication, object reuse prevention, system and application program completeness protection and important data protection which are not realized by an ordinary commercial uniplexed information and computering service (UNIX) operation system, the classification protection technical requirements of important information systems of railways, electric power and the like are met, and the reinforcing system belongs to the security reinforcing system providing safe and reliable operation environment for key business application.

Description

technical field [0001] The invention relates to a UNIX upper layer middleware system, in particular to a UNIX security enhancement system. Background technique [0002] Commercial UNIX systems are used in many users' key business information systems, but as their applications mature, their security weaknesses are constantly exposed and exploited, bringing security risks to users' businesses. Among these security weaknesses, the security flaws in the system structure are the most fundamental. The flaws in the security structure of the commercial UNIX system allow hackers or other attackers to invade the system through the system back door, run illegal programs, destroy the normal service of the system, or access business-sensitive data without permission; at the same time, the coding flaws in the software engineering of the system cause the system to exist. Overflow attack vulnerabilities, these vulnerabilities can allow attackers to obtain uncontrolled permissions, bypass t...

AI Technical Summary

Problems solved by technology

The flaws in the security structure of the commercial UNIX system allow hackers or other attackers to invade the system through the system back door, run illegal programs, destroy the normal service of the system, or access business-sensitive data without permission; at the same time, the coding flaws in the software engineering of the system cause the system to exist. Overflow attack vulnerabilities, these vulnerabilities can allow attackers to obtain uncontrolled permissions, bypass the inspection of system security mechanisms, and evade system audits

[0003] Commercial UNIX systems also have insufficient security strength in terms of user identity and account management, which may lead to the theft and fraudulent use of legitimate user identities, thereby bringing security risks such as illegal access

In addition, commercial UNIX systems cannot well support the security principles of "least privilege" and "privilege separation" in terms of security management permissions. System administrators or super users have uncontrolled permissions. Once these management identities and roles are illegally stolen or malicious use, the system cannot take adequate security measures to protect itself, and cannot track these behaviors

[0004] In addition, the commercial UNIX system still lacks sufficient or sufficient security mechanism measures, and it is difficult to meet the high-intensity protection requirements of users for important applications or sensitive information

For example, in industries such as railways and electric power, their management and organizational structures often have clear superior-subordinate levels and departmental relationships. This management level and departmental relationship will also be mapped to related business systems. However, general commercial UNIX systems do not have the same Therefore, it is difficult to meet the security protection and management requirements for important system resources or sensitive information

[0005] On the one hand, commercial UNIX systems have the above major security weaknesses; on the other hand, operating system security products developed by foreign commercial UNIX system manufacturers cannot meet the requirements of our national information security in terms of technical functions and policies

Images