[0027] In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the accompanying drawings.
[0028] Given that the existing network devices or systems are mostly a single fixed operating system, the methods or technologies used to defend against external attacks are all defenses or vulnerability patches against known backdoors or vulnerabilities, and there is a certain lag, inactivity or vulnerability. It is called passive defense. In order to effectively solve the problems existing in the above passive defense forms, the present invention proposes a system and method for implementing system overloading based on the basic principle of irregular and non-deterministic replacement of various operating systems.
[0029] The present invention actively defends against unknown backdoors and loopholes through mimetic security. Mimicry is the phenomenon in which an organism imitates the appearance and behavior of another for survival benefits. The basic idea of the mimicry of the present invention is to provide the dynamic, non-deterministic, heterogeneous and non-sustainable target environment through active jump or rapid migration of structures such as networks, platforms, environments, software, and data. Realize the mimetic environment, make dynamic changes in a controllable way for defenders, and show target changes that are difficult to observe and predict for attackers, thus greatly increasing the difficulty and cost of attacks including unknown exploitable vulnerabilities and backdoors.
[0030] Specifically, as figure 1 As shown, a simulation security implementation system based on system overloading includes a storage module, a startup guide module, a overload selection and operation control module, and a data flow control module.
[0031] The storage module is used to store different types of operating systems in different storage media of the network device or on different addresses of the same storage medium; generally speaking, the network devices are generally software and hardware products with embedded operating systems. In order to realize the reloading of its operating system, it is first necessary to save multiple operating systems into its storage space, such as FLASH, SD card and other storage media. However, the storage of multiple operating systems must be guaranteed, and the storage must be divided into addresses and media (to achieve separate storage of multiple mimic variants), that is, stored in different storage media or at different addresses of the same storage medium; There is at least one difference in the type and version of each operating system. Correspondingly, the system software that needs to be called internally, that is, the CPU running program, also requires different versions. In this case, due to the diversity of operating systems and system software, it will increase the difficulty of network attacks.
[0032] such as figure 2 As shown, the network equipment mainly includes CPU chip, CPLD chip and storage medium, including FLASH, uBoot and SD card three kinds of storage medium, which can make address 1 in FLASH store linux3.x system, and address 2 in FLASH store VxWorks2 .x system, address 3 in FLASH stores WinCE6.x system, address 1 in SD card stores linux2.x system, etc. At the same time, uBoot is used to store loader.
[0033] The booting and booting module is internally preset to load the CPU running program of the above-mentioned operating system, which is used to select the operating system in the storage module according to the user's instruction, and according to the selected operating system, start the CPU running program to load the operating system into the operating system. On the network device, the user's instruction can be issued through a hardware button or network interface when the system is running for the first time, specifying which operating system to choose; in the system overload stage, it can be selected and controlled by the overload selection and operation control module, that is, according to the system overload. Load instructions to choose to load the corresponding operating system.
[0034] Further, the booting and booting module can also load the selected operating system into a different storage medium of the network device, or perform a booting operation on a different address of the same storage medium.
[0035] The overload selection and operation control module is used to realize the selection of the operating system to be started next time and the startup time through the overload selection and operation control module, so as to facilitate the implementation of the operating system overload on the same network device.
[0036] The reload selection and operation control module executes the reload operation by starting an internal preset loading program according to the system reload instruction, and the reload instruction delivery includes the user's manual delivery and the user's delivery through a software program.
[0037] The manual release can be realized by setting a plurality of hardware buttons corresponding to different operating systems, and each hardware button corresponds to a loading program of an operating system; the software program downloading can be performed by changing the overload selection and operating the system of the loading program in the control module Select parameters and boot time parameters to implement the next operating system reload.
[0038]Specifically, after the booting module completes the loading and booting operation of the selected operating system, it waits for the next reload command, that is, the system reload instruction is issued. One-to-one corresponding loading control program, that is, hardware button 1 corresponds to linux3.x system, hardware button 2 corresponds to VxWorks2.x system, hardware button 3 corresponds to WinCE6.x system, and hardware button 4 corresponds to linux2.x system. , the user presses the hardware button 1, and the corresponding loading control program triggers the booting module to load it onto the network device according to the selected linux3. Select and set the corresponding loading program in the operation control module, set which operating system to use in different time periods, or randomly call an operating system from several operating systems for loading; on the other hand, it can be loaded through the network interface The existing overload selection and the loader set in the operation control module are modified, that is, if it is originally set that the VxWorks2.x system needs to be loaded at the next moment, but now it is modified to the linux3.x system. The operating system to be started next time, the time to start the next time and other conditions can be set according to the needs of the user.
[0039] However, the above process is not a power-off process, but a system reload process. In order to ensure that when the network device prepares for the system reload to the end of the system reload, the entire process ensures that the data flow completely passes through the device and no packet loss occurs.
[0040] The system further includes a data flow control module, which is equivalent to the role of a layer 2 data switch, and is used to separate the data plane and the control plane of the system when the system is overloaded, so that the data plane can independently implement switching. The control plane implements the routing function to ensure the integrity of the system data flow when the system is overloaded; when the system is overloaded, the control plane sends commands to the data plane to restore the control plane to data control.
[0041] To achieve data integrity, the data plane and control plane of the device need to be separated. The data plane can independently implement the switching function, and the control plane can implement the routing function. The system overload affects the programs of the control plane, but does not affect the functions of the data plane, so as to ensure that the quantity traffic will not be disconnected when the system is overloaded. like image 3 , when the system is overloaded, when the control plane does not play a role in the data plane, the data plane will forward the data to each interface in a broadcast manner. The dotted line is the data coming in from Eth0 when the control plane is active, and only output from Eth1. In this routing process, control commands are issued by the control plane. Because the control plane is overloading the system, it cannot issue control commands. Therefore, during overloading, on the data plane, the data entering from Eth0 will be output from the three network ports of Eth1, Eth2 and Eth3 to achieve the integrity of the data flow.
[0042] At the same time, based on the above principles, the present invention also designs a system overload-based mimetic security implementation method, which is characterized in that:
[0043] include
[0044] S1. Store different types of operating systems in different storage media of a network device or on different addresses of the same storage medium; generally speaking, network devices are generally software and hardware products with embedded operating systems. In order to realize the reloading of its operating system, it is first necessary to save multiple operating systems into its storage space, such as FLASH, SD card and other storage media. However, the storage of multiple operating systems must be guaranteed, and the storage must be divided into addresses and media (to achieve separate storage of multiple mimic variants), that is, stored in different storage media or at different addresses of the same storage medium; There is at least one difference in the type and version of each operating system. Correspondingly, the system software that needs to be called internally, that is, the CPU running program, also requires different versions. In this case, due to the diversity of operating systems and system software, it will increase the difficulty of network attacks.
[0045] such as figure 2 As shown, the network equipment mainly includes CPU chip, CPLD chip and storage medium, including FLASH, uBoot and SD card three kinds of storage medium, which can make address 1 in FLASH store linux3.x system, and address 2 in FLASH store VxWorks2 .x system, address 3 in FLASH stores WinCE6.x system, address 1 in SD card stores linux2.x system, etc. At the same time, uBoot is used to store loader.
[0046] S2. Preset the CPU running program of the operating system loaded on the network device, select the operating system in the storage module according to the user's instruction, and start the CPU running program according to the selected operating system to load the operating system on the network device. The user instruction can be issued through a hardware button or network interface when the system is running for the first time, specifying which operating system to choose; in the system overload stage, it can be selected and controlled by the overload selection and the operation control module, that is, according to the system overload instruction, select the load the corresponding operating system.
[0047] S3. Perform a reload operation on the network device after completing the loading of the selected operating system.
[0048] The reloading operation is implemented by starting a preset loading program according to a system reloading instruction, and the reloading instruction delivery includes manual delivery by the user and delivery by the user through a software program.
[0049] The manual release can be realized by setting a plurality of hardware buttons corresponding to different operating systems, and each hardware button corresponds to a loading program of an operating system; the software program downloading can be performed by changing the overload selection and operating the system of the loading program in the control module Select parameters and boot time parameters to implement the next operating system reload.
[0050] Specifically, after completing the loading and booting operation of the selected operating system, wait for the next reload command, that is, the issuance of the system reload instruction. When the reload instruction is manually issued, a number of hardware buttons are set correspondingly to each operating system one by one. The corresponding loading control program, that is, the hardware button 1 corresponds to the linux3.x system, the hardware button 2 corresponds to the VxWorks2.x system, the hardware button 3 corresponds to the WinCE6.x system, and the hardware button 4 corresponds to the linux2.x system. Press the hardware button 1, the corresponding loading control program triggers the booting module to load it onto the network device according to the selected linux3. The corresponding loading program is set in the operation control module to set which operating system to use in different time periods or randomly call an operating system from several operating systems for loading; The overload selection and the loader set in the operation control module are modified, that is, if the original setting needs to load the VxWorks2.x system at the next moment, but now it is modified to the linux3.x system. The operating system to be started next time, the time to start the next time and other conditions can be set according to the needs of the user.
[0051] However, the above process is not a power-off process, but a system reload process. In order to ensure that when the network device prepares for the system reload to the end of the system reload, the entire process ensures that the data flow completely passes through the device and no packet loss occurs.
[0052] The method further includes S4: when the system is overloaded, separate the data plane and the control plane of the network device, so that the data plane independently implements the switching function, and the control plane implements the routing function, so as to ensure the data flow of the network device when the system is overloaded. The integrity of the system; when the system is overloaded, the control plane sends an instruction to the data plane to restore the control plane's control of the data.
[0053] To achieve data integrity, the data plane and control plane of the device need to be separated. The data plane can independently implement the switching function, and the control plane can implement the routing function. The system overload affects the programs of the control plane, but does not affect the functions of the data plane, so as to ensure that the quantity traffic will not be disconnected when the system is overloaded. like image 3 , when the system is overloaded, when the control plane does not play a role in the data plane, the data plane will forward the data to each interface in a broadcast manner. The dotted line is the data coming in from Eth0 when the control plane is active, and only output from Eth1. In this routing process, control commands are issued by the control plane. Because the control plane is overloading the system, it cannot issue control commands. Therefore, during overloading, on the data plane, the data entering from Eth0 will be output from the three network ports of Eth1, Eth2 and Eth3 to achieve the integrity of the data flow.
[0054] like Figure 4 As shown, the system or method of the present invention stores different types of operating systems in different storage media of the network device or on different addresses of the same storage media. Then, when the user instruction or reload instruction is received, the bootstrap module is used to reload the system, and the data flow control module ensures the integrity of the data flow by broadcasting; finally, after the reload is completed, restore the data plane and wait for the next time Start time.
[0055] The above description is only a preferred embodiment of the present invention, but the protection scope of the present invention is not limited to this. The equivalent replacement or change of the inventive concept thereof shall be included within the protection scope of the present invention.
