CN110032879A - A kind of safety certification and log audit method and system of user behavior - Google Patents
A kind of safety certification and log audit method and system of user behavior Download PDFInfo
- Publication number
- CN110032879A CN110032879A CN201810025474.XA CN201810025474A CN110032879A CN 110032879 A CN110032879 A CN 110032879A CN 201810025474 A CN201810025474 A CN 201810025474A CN 110032879 A CN110032879 A CN 110032879A
- Authority
- CN
- China
- Prior art keywords
- hook
- log audit
- module
- safety certification
- user behavior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
- G06F16/1734—Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Bioethics (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Debugging And Monitoring (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to the safety certifications of user behavior and log audit method and system, it creates before hook and after hook functional module using hook technology, safety certification and log audit are executed respectively to each application and development interface api request, greatly simplify program, keep function more modular, the coupling being added between module, while ensure that calling must all carry out safety certification and log audit every time, can fully ensure that the safety of system.
Description
Technical field
The present invention relates to the safety certifications and log audit system of the design of project framework more particularly to a kind of user behavior
System.
Background technique
Currently, whether enterprise or individual are put into many data on the net with the extensive application of network, produce therewith
The problem of having given birth to network security.In order to ensure the safety of data, usually can all safety certification be carried out to the operation behavior of user
To judge whether user has corresponding permission, if there are the access controls such as go beyond one's commission, while can also be carried out to the behavior of user
Log audit, to check in the future.So the security authentication module of service platform and the realization of log audit module become more next
It is more important, it should guarantee the performance for not influencing entirely to service, guarantee the simplicity realized again.
As shown in Figure 1, the safety certification and log audit method implementation flow chart of the user behavior for the prior art, lead to
Normal service implementation is: first carrying out safety certification in the api interface of each request of user, then executes corresponding operation step
Suddenly, this api whether successfully equal logs are ultimately produced.Such method has following defects that first, makes contents of program very redundancy, disobeys
The simplicity of software is carried on the back;Second, safety certification and log audit do not have modularization, are unfavorable for later extension and maintenance.
Therefore, it is necessary to a kind of new safety certifications and log audit method.
Summary of the invention
To solve the shortcomings of the prior art, the present invention provides a kind of safety certification of user behavior and log audits
Method includes the following steps:
Step S1: before hook and after hook are created using hook technology;
Step S2: safety certification is carried out to user behavior using before hook and is executed in api if safety certification passes through
Hold, after hook is recycled to carry out log audit to user behavior;If safety certification does not pass through, after is directly utilized
Hook carries out log audit to user behavior.
Wherein, in the step S2, before hook is by calling security authentication module to carry out safety certification, after
Hook is by calling log audit module to carry out log audit.
Wherein, in the step S1, by calling encapsulation function pack func to call event functions event indirectly
Func realizes the creation of before hook and after hook.
Wherein, in the step S1, function pack func is encapsulated by calling, login web function is executed, adjusts indirectly
With event functions event func is called, to realize the creation of before hook and after hook.
Wherein, in the step S1, the creation form of before hook and after hook are as follows:
pack func(event func)
{
before hook func();
event func();
after hook func();
}。
Wherein, before hook and after the hook function of being created in the step S1 is mutually indepedent.
Invention additionally provides a kind of safety certification of user behavior and Log Audit Systems, comprising:
Before hook module, the api for receiving multiple users is requested, and carries out safety certification to it;
Multiple execution modules are connect with before hook module, for receiving the security certification result of before hook module,
And execute api request;
After hook module is connect with multiple execution modules and before hook module, for requesting to carry out to multiple api
Log audit simultaneously returns to auditing result.
Wherein, multiple api request, if passing through, is passed through and is executed after the safety certification of before hook module
Module, which executes, carries out log audit by after hook module again, if not passing through, directly carries out day by after hook module
Will audit.
Wherein, the before hook module and after hook module are based on the creation of hook technology.
Wherein, the before hook module includes security authentication module, by calling the safety in security authentication module
Verification function completes safety certification, and the after hook module includes log audit module, by calling log audit module
Interior log audit function completes log audit.
Wherein, the safety certification function and log audit function of the before hook module and after hook module
Independently of each other.
The safety certification and log audit method and system of user behavior provided by the invention are created using hook technology
Before hook and after hook functional module executes safety certification and day to each application and development interface api request respectively
Will audit, greatly simplifies program, keeps function more modular, the coupling being added between module, while ensure that every
Secondary calling must all carry out safety certification and log audit, can fully ensure that the safety of system.
Detailed description of the invention
Fig. 1: the safety certification and log audit method implementation flow chart of the user behavior of the prior art;
Fig. 2: the safety certification of user behavior of the invention and the implementation flow chart of log audit method;
Fig. 3: the safety certification and Log Audit System structural schematic diagram of user behavior of the invention.
Description of symbols
10 before hook modules
11 security authentication modules
20 execution modules
30 after hook modules
31 log audit modules.
Specific embodiment
In order to have further understanding to technical solution of the present invention and beneficial effect, it is described in detail with reference to the accompanying drawing
Technical solution of the present invention and its beneficial effect of generation.
The inventor Di Mubainasili of WWW said when speaking of design principle, and " simplicity and modularization are soft projects
Foundation stone;Distributed and fault-tolerance is the life of internet ".Therefore, it the present invention is based on identical theory, proposes based on module
Change the safety certification and log audit method and system of the user behavior of design concept.
As shown in Fig. 2, for the safety certification of user behavior of the invention and the implementation flow chart of log audit method, including
Following steps:
Step S1: using hook technology creation before hook(before Hook Function) and after hook(after Hook Function);
Step S2:before hook is by calling security authentication module to carry out safety certification to user behavior, if safety certification is logical
It crosses, then executes api content, after hook is by calling log audit module to carry out log audit to user behavior;If safety
Certification does not pass through, then after hook, which directly passes through, calls log audit module to carry out log audit to user behavior.
In the present invention, the creation of preceding Hook Function and rear Hook Function can be realized by way of encapsulation, such as define thing
Part function event_func, preceding Hook Function before_hook_func, rear Hook Function after_hook_func encapsulate letter
Number is pack_func:
pack_func(event_func)
{
before_hook_func();
Event_func();
after_hook_func();
}
As above, if necessary to execute login_web function, pack_func (login_web) can be called.
Event functions are called to realize by indirect form, i.e., first not instead of by way of calling directly in this way
Encapsulation function is called, calls event functions indirectly by encapsulating function.Get, post, delete in web request as the well-known,
Put request etc..
As shown in figure 3, for the safety certification and Log Audit System structural schematic diagram of user behavior provided by the invention, this
Invent provide user behavior safety certification and Log Audit System include:
Before hook module 10 is created based on hook technology, and the api for receiving multiple users is requested, and is pacified to it
Full certification;
Multiple execution modules 20 are connect with before hook module 10, and the safety for receiving before hook module 10 is recognized
Card is as a result, and execute api request;
After hook module 30 is created also based on hook technology, is connected with multiple execution modules 20 and before hook module 10
It connects, for requesting to carry out log audit to multiple api and returning to auditing result.
When specific works, multiple api request is after the safety certification of before hook module 10, if passing through,
It is executed by execution module 20 and log audit is carried out by after hook module 30 again, if not passing through, directly by after
Hook module 30 carries out log audit.
In the present invention, the safety certification function of the before hook module 10 is by calling the safety being arranged inside to recognize
It demonstrate,proves safety certification function provided by module 11 to complete, likewise, the log audit function of the after hook module 30 is logical
Log audit function provided by the log audit module 31 called and be arranged inside is crossed to complete.
That is, being executed as long as there is api to call, it is necessary to first carry out safety certification, also, after hook in the present invention
It is unrelated with the success or not of the calling of api and safety certification whether the calling of log audit module in module.In the present invention,
Before hook module and after hook functions of modules are independent from each other, and are not influenced by other functions, entire method
Implementation process is linear.
By taking the miniature framework bottle of web as an example, the present invention in, using hook technology carry out api request Authority Verification and
Steps are as follows for the realization of log audit:
It 1, is URL/api/user/<userid:int>/ info definition routing function get_user_info;
2, writing Authority Verification function is check_auth;
3, by Authority Verification function check_auth by decorator@hook (' before_request') decoration;
4, log audit modularity function do_audit is write;
5, by log audit function do_auth by decorator@hook (' after_request') decoration.
Assuming that entire web services framework has been put up, then calling URL in web services is /api/user/1/info
When request, service can first carry out the Authority Verification function check_auth that hook is before_request, if authenticated successfully,
It will continue to execute get_user_info function, otherwise skip, finally execute the log audit letter that hook is after_request
Number do_audit.
The safety certification and log audit method and system of user behavior provided by the invention are created using hook technology
Before hook and after hook functional module executes safety certification and day to each application and development interface api request respectively
Will audit, greatly simplifies program, keeps function more modular, the coupling being added between module, while ensure that every
Secondary calling must all carry out safety certification and log audit, can fully ensure that the safety of system.
Although the present invention is illustrated using above-mentioned preferred embodiment, the protection model that however, it is not to limit the invention
It encloses, anyone skilled in the art are not departing within the spirit and scope of the present invention, and opposite above-described embodiment carries out various changes
It is dynamic still to belong to the range that the present invention is protected with modification, therefore protection scope of the present invention subjects to the definition of the claims.
Claims (11)
1. the safety certification and log audit method of a kind of user behavior, it is characterised in that include the following steps:
Step S1: before hook and after hook are created using hook technology;
Step S2: safety certification is carried out to user behavior using before hook and is executed in api if safety certification passes through
Hold, after hook is recycled to carry out log audit to user behavior;If safety certification does not pass through, after is directly utilized
Hook carries out log audit to user behavior.
2. the safety certification and log audit method of user behavior as described in claim 1, it is characterised in that: the step S2
In, before hook is by calling security authentication module to carry out safety certification, and after hook is by calling log audit module
Carry out log audit.
3. the safety certification and log audit method of user behavior as described in claim 1, it is characterised in that: the step S1
In, by calling encapsulation function pack func to call event functions event func indirectly, realize before hook and after
The creation of hook.
4. the safety certification and log audit method of user behavior as claimed in claim 3, it is characterised in that: the step S1
In, function pack func is encapsulated by calling, login web function is executed, calls event functions event indirectly
Func, to realize the creation of before hook and after hook.
5. the safety certification and log audit method of user behavior as described in claim 1, it is characterised in that: the step S1
In, the creation form of before hook and after hook are as follows:
pack func(event func)
{
before hook func();
event func();
after hook func();
}。
6. the safety certification and log audit method of user behavior as described in claim 1, it is characterised in that: the step S1
Middle created before hook and after hook function is mutually indepedent.
7. the safety certification and Log Audit System of a kind of user behavior, characterized by comprising:
Before hook module, the api for receiving multiple users is requested, and carries out safety certification to it;
Multiple execution modules are connect with before hook module, for receiving the security certification result of before hook module,
And execute api request;
After hook module is connect with multiple execution modules and before hook module, for requesting to carry out to multiple api
Log audit simultaneously returns to auditing result.
8. the safety certification and Log Audit System of user behavior as claimed in claim 7, it is characterised in that: multiple api
Request, if passing through, is executed by execution module again by after hook after the safety certification of before hook module
Module carries out log audit, if not passing through, directly carries out log audit by after hook module.
9. the safety certification and Log Audit System of user behavior as claimed in claim 7, it is characterised in that: the before
Hook module and after hook module are based on the creation of hook technology.
10. the safety certification and Log Audit System of user behavior as claimed in claim 7, it is characterised in that: described
Before hook module includes security authentication module, by calling the safety certification function in security authentication module to complete safety
Certification, the after hook module includes log audit module, by calling the log audit function in log audit module
Complete log audit.
11. the safety certification and Log Audit System of user behavior as claimed in claim 7, it is characterised in that: described
The safety certification function and log audit function of before hook module and after hook module are mutually indepedent.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810025474.XA CN110032879B (en) | 2018-01-11 | 2018-01-11 | User behavior security authentication and log audit method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810025474.XA CN110032879B (en) | 2018-01-11 | 2018-01-11 | User behavior security authentication and log audit method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110032879A true CN110032879A (en) | 2019-07-19 |
CN110032879B CN110032879B (en) | 2023-10-20 |
Family
ID=67234177
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810025474.XA Active CN110032879B (en) | 2018-01-11 | 2018-01-11 | User behavior security authentication and log audit method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110032879B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111274554A (en) * | 2020-02-10 | 2020-06-12 | 广州虎牙科技有限公司 | API calling method, device, equipment and medium of applet |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5754860A (en) * | 1996-07-23 | 1998-05-19 | Digital Equipment Corporation | Method and apparatus for software testing using a differential testing technique to test compilers |
US20020116642A1 (en) * | 2000-07-10 | 2002-08-22 | Joshi Vrinda S. | Logging access system events |
US20040039809A1 (en) * | 2002-06-03 | 2004-02-26 | Ranous Alexander Charles | Network subscriber usage recording system |
CN101763593A (en) * | 2009-12-17 | 2010-06-30 | 中国电力科学研究院 | Method and device for realizing audit log of system |
CN104580233A (en) * | 2015-01-16 | 2015-04-29 | 重庆邮电大学 | Internet of Things smart home security gateway system |
-
2018
- 2018-01-11 CN CN201810025474.XA patent/CN110032879B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5754860A (en) * | 1996-07-23 | 1998-05-19 | Digital Equipment Corporation | Method and apparatus for software testing using a differential testing technique to test compilers |
US20020116642A1 (en) * | 2000-07-10 | 2002-08-22 | Joshi Vrinda S. | Logging access system events |
US20040039809A1 (en) * | 2002-06-03 | 2004-02-26 | Ranous Alexander Charles | Network subscriber usage recording system |
CN101763593A (en) * | 2009-12-17 | 2010-06-30 | 中国电力科学研究院 | Method and device for realizing audit log of system |
CN104580233A (en) * | 2015-01-16 | 2015-04-29 | 重庆邮电大学 | Internet of Things smart home security gateway system |
Non-Patent Citations (3)
Title |
---|
曲坤等: "基于LSM的安全审计机制研究与实现", 《计算机工程与设计》 * |
曲坤等: "基于LSM的安全审计机制研究与实现", 《计算机工程与设计》, vol. 30, no. 12, 28 June 2009 (2009-06-28), pages 2882 - 2885 * |
王振智;王开义;喻钢;: "AOP技术在农资信息管理平台中的应用", 农机化研究, no. 08 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111274554A (en) * | 2020-02-10 | 2020-06-12 | 广州虎牙科技有限公司 | API calling method, device, equipment and medium of applet |
Also Published As
Publication number | Publication date |
---|---|
CN110032879B (en) | 2023-10-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109361517A (en) | A kind of virtualization cloud cipher machine system and its implementation based on cloud computing | |
Xu et al. | An autonomic agent trust model for IoT systems | |
CN112311893B (en) | Cross-region, business and system data service middleware and data verification method | |
CN106357724A (en) | Uniformly integrated information management platform system | |
CN105872051A (en) | Capability opening management and control service platform in government-enterprise cloud platform | |
CN112583887B (en) | Data credible sharing method based on block chain | |
CN103227799A (en) | Implementing method of unified user management and single sign-on platform based on multiple application systems | |
CN106650422A (en) | System and method for using TrustZone technology to prevent leakage of sensitive data of third-party input method | |
CN101968745A (en) | Development system and development method for application programs of mobile terminal | |
CN107343007A (en) | Distributed file management method and system based on user identity and purview certification | |
CN101309139A (en) | License authentication system | |
CN103036917B (en) | The implementation method of client platform and client platform | |
CN104580211A (en) | SOA architecture-based intrusive system | |
CN104580081A (en) | Integrated SSO (single sign on) system | |
CN102480464B (en) | With service calling system and the method that contextual information is injected in web session decoupling | |
CN105975333B (en) | The method and device of application program operation control | |
CN110032879A (en) | A kind of safety certification and log audit method and system of user behavior | |
CN111970162B (en) | Heterogeneous GIS platform service central control system under super-integration framework | |
CN105681291B (en) | A kind of realization multi-client uniform authentication method and system | |
CN109697351A (en) | A kind of credible measurement system and method | |
CN109033809A (en) | A kind of user's integrated system and method based on application role's trustship | |
CN111027076B (en) | Safety isolated computer application system and design method thereof | |
CN102682240A (en) | Method for controlling resources in large browser/server (BS) structured system | |
CN114189330A (en) | Password service platform based on cloud architecture | |
CN107609070A (en) | NDF data fusion platforms |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |