A webshell defense method based on mandatory access control mechanism

A mandatory access control and mechanism technology, applied in electrical components, transmission systems, etc., can solve problems such as expensive, inability to accurately locate webshells, and achieve a comprehensive effect of prevention

Active Publication Date: 2018-05-08
NAT UNIV OF DEFENSE TECH
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, WAF is based on certain rules, and it is inevitable that there will be false negatives and false negatives, and it is impossible to accurately locate the webshell
In addition, WAF is often provided as a specific product, which is expensive and requires certain professional skills for configuration and use
In summary, the current webshell defense methods are difficult to prevent intruders from attacking in a timely and accurate manner

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A webshell defense method based on mandatory access control mechanism
  • A webshell defense method based on mandatory access control mechanism

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] Such as figure 1 As shown, the implementation steps of the webshell defense method based on the mandatory access control mechanism in this embodiment are as follows:

[0021] 1) The operating system-based mandatory access control mechanism classifies the web files in the web server into web application script files that need to be parsed and executed and web multimedia files that do not need to be parsed and executed, and detects the web server during the running of the web server In the newly generated files, based on the mandatory access control mechanism of the operating system, the newly generated files in the web server are classified into web application script files that need to be parsed and executed and web multimedia files that do not need to be parsed and executed through object tags; in the operating system Establish a mandatory access control strategy for all web application script files and web multimedia files, and the mandatory access control strategy in...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a webshell prevention method based on a mandatory access control mechanism. The webshell prevention method comprises the following implementation steps: classifying web files and establishing a mandatory access control policy based on classification; obtaining object tags of target web files requested by a client, inquiring the mandatory access control policy to determine limits of authority corresponding to the target web files if the object tags are web application script files and determining whether to analyze and implement the target web files or not according to inquiry results; inquiring the mandatory access control policy to determine limits of authority corresponding to the target web files if the object tags are web multi-media files and determining whether to read the target web files or not according to inquiry results. The webshell prevention method has the benefits that webshell uploaded by an intruder can be prohibited from being analyzed and implemented, so that the intruder is prevented from implementing further damage through the webshell; the webshell is complete in prevention and has high safety and reliability, low cost and good universality.

Description

technical field [0001] The invention relates to the technical field of security access control of computer systems, in particular to a webshell prevention method based on a mandatory access control mechanism. Background technique [0002] At present, web applications are becoming more and more abundant, which provides great convenience for the work, life and entertainment of the majority of users. At the same time, web servers have gradually become the main attack target due to their powerful computing power, processing performance and high value. Security incidents such as SQL injection, webpage tampering, and webpage hanging horses occur frequently. In 2012, the National Computer Network Emergency Response Technology Coordination Center (CNCERT / CC) monitored and found that 52,324 websites in my country were implanted with backdoors, including 3,016 government websites, an average monthly increase of 213.7% and 93.1% respectively compared with 2011. Implanting a webshell i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/10
Inventor 陈松政戴华东孙利杰魏立峰董攀黄辰林丁滟罗军
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap