a reinforcement system

Abstract

The invention discloses a reinforcement system, which includes: a two-factor identity verification subsystem, a mandatory access control subsystem based on security marks, an executable code protection verification execution subsystem, a residual information protection subsystem, and role-based authority management Subsystem, security audit subsystem, built-in LDAP directory service subsystem; under the joint action of these subsystems, it adds mandatory access control, two-factor authentication, anti-object reuse, system and Security functions such as application integrity protection and important data protection meet the technical requirements for hierarchical protection of important information systems such as railways and electric power, and provide a security enhancement system for key business applications with a safe and reliable operating environment.

Description

technical field [0001] The invention relates to a UNIX upper layer middleware system, in particular to a UNIX security enhancement system. Background technique [0002] Commercial UNIX systems are used in many users' key business information systems, but as their applications mature, their security weaknesses are constantly exposed and exploited, bringing security risks to users' businesses. Among these security weaknesses, the security flaws in the system structure are the most fundamental. The flaws in the security structure of the commercial UNIX system allow hackers or other attackers to invade the system through the system back door, run illegal programs, destroy the normal service of the system, or access business-sensitive data without permission; at the same time, the coding flaws in the software engineering of the system cause the system to exist. Overflow attack vulnerabilities, these vulnerabilities can allow attackers to obtain uncontrolled permissions, bypass t...

AI Technical Summary

Problems solved by technology

The flaws in the security structure of the commercial UNIX system allow hackers or other attackers to invade the system through the system back door, run illegal programs, destroy the normal service of the system, or access business-sensitive data without permission; at the same time, the coding flaws in the software engineering of the system cause the system to exist. Overflow attack vulnerabilities, these vulnerabilities can allow attackers to obtain uncontrolled permissions, bypass the inspection of system security mechanisms, and evade system audits

[0003] Commercial UNIX systems also have insufficient security strength in terms of user identity and account management, which may lead to the theft and fraudulent use of legitimate user identities, thereby bringing security risks such as illegal access

In addition, commercial UNIX systems cannot well support the security principles of "least privilege" and "privilege separation" in terms of security management permissions. System administrators or super users have uncontrolled permissions. Once these management identities and roles are illegally stolen or malicious use, the system cannot take adequate security measures to protect itself, and cannot track these behaviors

[0004] In addition, the commercial UNIX system still lacks sufficient or sufficient security mechanism measures, and it is difficult to meet the high-intensity protection requirements of users for important applications or sensitive information

For example, in industries such as railways and electric power, their management and organizational structures often have clear superior-subordinate levels and departmental relationships. This management level and departmental relationship will also be mapped to related business systems. However, general commercial UNIX systems do not have the same Therefore, it is difficult to meet the security protection and management requirements for important system resources or sensitive information

[0005] On the one hand, commercial UNIX systems have the above major security weaknesses; on the other hand, operating system security products developed by foreign commercial UNIX system manufacturers cannot meet the requirements of our national information security in terms of technical functions and policies

Images