Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

An Active Security Guarantee Method for Linux Servers

An active security and server technology, applied in the direction of electrical components, transmission systems, platform integrity maintenance, etc., can solve the problems of system resource management firewall management, user management file management, and insufficient monitoring of log security audit status

Active Publication Date: 2019-02-26
NANJING UNIV OF AERONAUTICS & ASTRONAUTICS
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] Purpose of the invention: In order to overcome the deficiencies of the existing Linux operating system in terms of system resource management, process management, firewall management, user management, file management, log security audit, and status monitoring, the patent of the present invention provides a set of black and white gray lists. Controlled management Linux operating system security scheme

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An Active Security Guarantee Method for Linux Servers
  • An Active Security Guarantee Method for Linux Servers

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] The present invention will be further explained below in conjunction with the accompanying drawings.

[0043] The security guarantee method of the present invention provides a kind of global security policy, mainly comprises following 9 aspects:

[0044] 1. Recompile the kernel and embed the security module into the Linux kernel.

[0045] 2. The system security module is loaded in the Linux system kernel loading stage.

[0046] 3. The security policy execution module intercepts all user requests (including process execution, network access, file reading and writing, etc.) and submits them to security policy arbitration for judgment.

[0047] 4. When the policy arbitration is a whitelist item, the execution module releases the request.

[0048] 5. When the policy arbitration is a blacklist item, the execution module will prohibit the request.

[0049] 6. When the policy arbitration is a gray list item, the execution module will prohibit the request, and then ask the u...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an active safety guaranteeing method for a Linux server. An embedded system kernel and an operating system are tightly combined through a safety module capable of being operated independently, the defects existing in system resource management, process management, firewall management, user management, file management, log safety auditing, condition monitoring and the like of an existing Linux operating system are overcome, a multi-module working mode is adopted, strategy execution, strategy arbitration, strategy storage and log recording are independent from one another, and it is ensured that the system is operated normally.

Description

technical field [0001] The invention belongs to an operating system security protection method. Background technique [0002] At present, hacker attacks emerge in endlessly, and even intensify. Attacks on various levels such as the network, operating system, and applications are aimed at obtaining resources and permissions in the host. For users, the core is to protect the data information in the operating system, and ensuring the security of the operating system is the basis of information security. [0003] In the current operating system environment, any application system can be controlled by logging in as a super user, and complete isolation cannot be achieved between each application system. If you have the authority of a super user, it means that you can do anything in the server, and the data is kept confidential. The integrity and integrity cannot be guaranteed at all, let alone meet the security requirements of information systems. At the same time, if there is a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57H04L29/06
CPCG06F21/57H04L63/02
Inventor 薛明富郭克君栾俊超王箭
Owner NANJING UNIV OF AERONAUTICS & ASTRONAUTICS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products