A Hardening Method Based on Host Monitoring Operating System

Abstract

The invention discloses a reinforcing method based on a host machine monitoring operating system. The reinforcing method includes the steps of building a host machine monitoring model based on tree security domain, carrying out access control by applying semantic level audit, injecting a monitoring module into a kernel of a computer operating system of a main machine through ROOkit, and adopting a strategy mode to carry out function control to the computer operating system. The strategy mode adopts extensive makeup language (XML) language to define monitoring objects, monitoring contents and monitoring modes, and the language definition monitoring objects, the monitoring contents and the monitoring modes are written into the monitoring module. The monitoring contents comprise audit modes, safety protection and monitoring. Through adoption of the kernel level control based on the ROOkit, safety and reliability of the control can be achieved, through adoption of the tree security domain system, the problem of management complexity of large-scale network machine groups / network groups is solved, and through adoption of distributed type strategy description language, flexibility and deep expression of monitoring requirements and methods can be achieved.

Description

technical field [0001] The invention relates to a novel intranet group monitoring and management system, in particular to a reinforcement method based on a host monitoring operating system. Background technique [0002] The emergence of computers and computer networks has brought revolutionary convenience to people's work and life, making them almost indispensable tools like traditional pen and paper. However, computers (especially computers for personal use) and their networks are also a double-edged sword, and irregular and unrestrained use will inevitably have a negative effect and even cause great harm. Therefore, how to prevent the irregular and unrestrained use of computers and their networks is as important as how to facilitate the use of computers, especially for key applications such as e-commerce. The solution to this kind of problem is nothing more than two types of methods: thin client and system protection. For system protection, early people mainly relied on ...

AI Technical Summary

Problems solved by technology

[0004] The current host monitoring system, both in terms of function and performance, is far from meeting the actual needs, and there are the following problems: non-kernel control: the control system runs on the operating system, as a process or service of the operating system, there is no and operation The core of the system is integrated, and there are problems such as low efficiency, poor reliability, weak control, rough control, etc. In particular, it is easy to be removed or stopped by computer experts

Not suitable for large-scale discrete applications: For computer applications such as e-commerce, generally scattered users perform sensitive interoperability through a huge public network, user identities are complex and widely distributed, and interoperable communication is not controlled by the application owner, resulting in More complex internal security management

Images