CN106933819A - Security baseline storehouse dynamic fixing method based on metadata - Google Patents
Security baseline storehouse dynamic fixing method based on metadata Download PDFInfo
- Publication number
- CN106933819A CN106933819A CN201511010266.5A CN201511010266A CN106933819A CN 106933819 A CN106933819 A CN 106933819A CN 201511010266 A CN201511010266 A CN 201511010266A CN 106933819 A CN106933819 A CN 106933819A
- Authority
- CN
- China
- Prior art keywords
- baseline
- security
- extended attribute
- requirement point
- metadata
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2291—User-Defined Types; Storage management thereof
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The present invention discloses a kind of security baseline storehouse dynamic fixing method based on metadata, including step:First according to actual needs; based on hierarchical protection standard; security baseline is determined according to service needed and security requirement; on the basis of this security baseline; determine safe aspect; determine baseline requirement point, determine the extended attribute and extended attribute value of baseline requirement point, build the Security Architecture of the relation for describing between safe aspect, between safe aspect and baseline requirement point, ultimately generate with safe aspect, baseline requirement point as the extension on entity node basis tree-shaped hierarchical model.The present invention can dynamic construction, adjustment security baseline storehouse, to adapt to service needed and the security requirement of different industries, both can guarantee that the security of system, development and maintenance cost can be reduced again.
Description
Technical field
The present invention relates to a kind of security baseline storehouse dynamic fixing method based on metadata, belong to information security skill
Art field.
Background technology
Security baseline is used to describe all relevant configurations of computer security operation and management is set, including service
The configuration of setting, operating system with application program, authority and right distribution etc., as whole information system
Minimum safe ensure, various countries security baseline is proposed correlation standard and instruction, such as U.S.
NIST SP800-53 and China computer information safe protection class criteria for classifying (hereinafter referred to as grade
Protective standard) etc..
In China, when implementing specific security baseline project, the industrial nature that project team can be according to where it is combined
Hierarchical protection standard builds security baseline storehouse, due to different industries, its business demand and demand for safety protection
Difference, so, the organizational form of baseline is different in different industries security baseline storehouse, and for example some are according to class
- race-security control is organized, and some are organized according to device type-equipment-baseline item-baseline requirement;
Meanwhile, the attribute of the baseline requirement of the bottom is also different in security baseline storehouse, reality of the specific object according to project
Border business demand adjustment change.Existing security baseline base construction method, structure is distinguished generally be directed to every profession and trade
Build, it is impossible to according to different business, different security requirement dynamic configurations, adjustment baseline library, adds additional
Development and maintenance cost.
The content of the invention
In view of the foregoing, it is an object of the invention to provide a kind of security baseline storehouse dynamic based on metadata
Construction method, can dynamically build security baseline storehouse, meet different business demand and security requirements.
To achieve the above object, the present invention uses following technical scheme:
A kind of security baseline storehouse dynamic fixing method based on metadata, comprises the following steps:
According to service needed and security requirement, security baseline is formulated;
Based on the security baseline, the hierarchical model in security baseline storehouse is built, including:
Determine safe aspect;
Determine baseline requirement point;
Determine the extended attribute and extended attribute value of baseline requirement point;
Build the safety body of the relation for describing between each safe aspect, between safe aspect and baseline requirement point
Architecture.
The hierarchical model in the security baseline storehouse is the tree of extension, wherein, the safe aspect can be with
It is father node, child node, the baseline requirement point is child node, the extended attribute of the baseline requirement point is
The baseline requirement point attribute it is extending transversely.
The attribute information of the safe aspect includes:Safe aspect numbering, safe aspect title, use state.
The attribute information of the baseline requirement point includes:It is baseline requirement point numbering, baseline requirement point title, excellent
First level, weight, use state.
The extended attribute information of the baseline requirement point includes:Extended attribute numbering, extended attribute coding, expansion
Exhibition Property Name, extended attribute explanation, extended attribute data type, extended attribute decimal number, use shape
State.
The extended attribute value information of the baseline requirement point includes:Extended attribute value numbering, affiliated extension category
Property numbering, affiliated baseline requirement point numbering, extended attribute value, use state.
The attribute information of the Security Architecture includes:System numbering, father node numbering, father node type,
Child node numbering, sub-node type, use state.
The security baseline is based on hierarchical protection standard.
The advantage of the invention is that:
1st, the present invention can dynamic construction security baseline storehouse, make it on the basis of hierarchical protection standard is met,
Service needed and the security requirement of different industries are disclosure satisfy that, development and maintenance cost is reduced;
2nd, the present invention can dynamically adjust security baseline storehouse, resource wave caused by baseline can either be avoided too high
The problems such as taking and limit excessive, security is not high caused by can avoiding baseline too low again.
Brief description of the drawings
Fig. 1 is method of the present invention schematic flow sheet.
Fig. 2 is the Partial security baseline library model that a specific embodiment of the invention builds.
Fig. 3 is the hierarchical protection standard of the reference of specific embodiment shown in Fig. 2.
Specific embodiment
Below in conjunction with drawings and Examples, the present invention is described in further detail.
Fig. 1 is method of the present invention schematic flow sheet.As illustrated, disclosed by the invention based on metadata
Security baseline storehouse dynamic fixing method, comprises the following steps:
S1:According to service needed and security requirement, security baseline is formulated;
The security baseline of formulation should be based on hierarchical protection standard, according to industrial nature, while disclosure satisfy that
The service needed of industry and security requirement.
S2:On the basis of security baseline, security baseline storehouse model is built.
Building the method for security baseline storehouse model is:
S21:Determine safe aspect;
The attribute information of safe aspect includes:Safe aspect numbering, safe aspect title, use state etc..
S22:Determine baseline requirement point;
The attribute information of baseline requirement point includes:Baseline requirement point numbering, baseline requirement point title, priority,
Weight, use state etc..
S23:Determine the extended attribute and extended attribute value of baseline requirement point;
The extended attribute of baseline requirement point is defined according to service needed, extended attribute information includes:Extended attribute
Numbering, extended attribute coding, the explanation of extended attribute title, extended attribute, extended attribute data type, expansion
Exhibition attribute decimal number, use state etc..
Extended attribute value is used to store the corresponding value of extended attribute, and extended attribute value information includes:Extended attribute
Value numbering, affiliated baseline requirement point numbering, affiliated extended attribute numbering, extended attribute value, use shape
State etc..
S24:Determine between safe aspect, the Security Architecture between safe aspect and baseline requirement point;
After safe aspect, the definition of baseline requirement point, Security Architecture is defined, it is each for describing, building
Relation between safe aspect, between safe aspect and baseline requirement point, the attribute letter of the Security Architecture
Breath includes:System numbering, father node numbering, father node type, child node numbering, sub-node type, make
With state etc..
S25:The hierarchical model in generation security baseline storehouse.
It is above-mentioned to determine safe aspect, baseline requirement point, between safe aspect, safe aspect and baseline requirement
After relation between point, you can the hierarchical model in generation security baseline storehouse, the hierarchical model is the tree of extension
Type structure, wherein, safe aspect can be father node, child node, and baseline requirement point can be child node,
The extended attribute of baseline requirement point is the extending transversely of baseline requirement point attribute.
As shown in Figure 2,3, below only with hierarchical protection standard (part) as security baseline, illustrate to build
The method in security baseline storehouse (part):
First, determine safe aspect, safe floor face includes Host Security specification (first order node), Windows
Operating system security Baseline Profiles (second level node is the child node of first order node), identity differentiate (the
Three-level node, is the child node of second level node);
Second, determine baseline requirement point, baseline requirement point includes:The user of register system carries out identity
Mark and discriminating (fourth stage node is the child node of third level node), operating system management user identity
Mark should have and be difficult the characteristics of being falsely used, password should have complexity require and regularly replace (fourth stage node,
It is the child node of third level node);
3rd, determine the extended attribute and extended attribute value of baseline requirement point, it is 1 with baseline requirement point numbering,
The baseline requirement point of baseline requirement point entitled " user of register system carries out identity and discriminating "
As a example by, it is that its increase extended attribute is entitled " normative reference ", its extended attribute value is " hierarchical protection mark
The extended attribute of standard ";
4th, determine between safe aspect, the Security Architecture between safe aspect and baseline requirement point;
The table describes the relation between root node and its child node, wherein, zero level node is root node,
Its child node is the safe aspect (first order node) that safe aspect numbering is 1, the title of the safe aspect
It is " Host Security specification ".
The table describes the relation between first order node and its child node, wherein, first order node is safety
Aspect, entitled " the Host Security specification " of the safe aspect, its child node is that safe aspect numbering is 2
Safe aspect (second level node), entitled " the safe base of Windows operating system of the safe aspect
Line gauge model ".
The table describes the relation between second level node and its child node, wherein, second level node is safety
Aspect, entitled " the Windows operating system security baseline specification " of the safe aspect, its child node is
Safe aspect numbering is 3 safe aspect (third level node), entitled " the identity mirror of the safe aspect
Not ".
The table describes the relation between third level node and its child node, wherein, third level node is safety
Aspect, entitled " the identity discriminating " of the safe aspect, its child node is that baseline requirement point numbering is 1
Baseline requirement point (fourth stage node), " user of register system enters for the baseline requirement point entitled
Row identity and discriminating ".
According to above method step, the hierarchical model (part) such as Fig. 2 institutes in security baseline storehouse are finally constructed
Show.
Security baseline storehouse dynamic fixing method based on metadata of the invention, first according to actual needs, with
Based on hierarchical protection standard, security baseline is determined according to service needed and security requirement, herein safety
On the basis of baseline, safe aspect, the extended attribute for determining baseline requirement point, determining baseline requirement point are determined
And extended attribute value, build between safe aspect, the safety body tying between safe aspect and baseline requirement point
Structure, ultimately generate with safe aspect, baseline requirement point as entity node basis extension tree-shaped hierarchical model.
The present invention can dynamic construction, adjustment security baseline storehouse, will with the service needed and security that adapt to different industries
Ask, both can guarantee that the security of system, development and maintenance cost can be reduced again.
The above is presently preferred embodiments of the present invention and its know-why used, for the skill of this area
It is without departing from the spirit and scope of the present invention, any based on the technology of the present invention side for art personnel
Equivalent transformation on the basis of case, it is simple replace etc. it is obvious change, belong to the scope of the present invention it
It is interior.
Claims (8)
1. the security baseline storehouse dynamic fixing method of metadata is based on, it is characterised in that comprised the following steps:
According to service needed and security requirement, security baseline is formulated;
Based on the security baseline, the hierarchical model in security baseline storehouse is built, including:
Determine safe aspect;
Determine baseline requirement point;
Determine the extended attribute and extended attribute value of baseline requirement point;
Build the safety body of the relation for describing between each safe aspect, between safe aspect and baseline requirement point
Architecture.
2. the security baseline storehouse dynamic fixing method of metadata, its feature are based on as claimed in claim 1
It is that the hierarchical model in the security baseline storehouse is the tree of extension, wherein, the safe aspect can
To be father node, child node, the baseline requirement point is child node, the extended attribute of the baseline requirement point
It is the extending transversely of the baseline requirement point attribute.
3. the security baseline storehouse dynamic fixing method of metadata is based on as claimed in claim 1 or 2, its
It is characterised by, the attribute information of the safe aspect includes:Safe aspect numbering, safe aspect title, make
Use state.
4. the security baseline storehouse dynamic fixing method of metadata, its feature are based on as claimed in claim 3
It is that the attribute information of the baseline requirement point includes:Baseline requirement point numbering, baseline requirement point title,
Priority, weight, use state.
5. the security baseline storehouse dynamic fixing method of metadata, its feature are based on as claimed in claim 4
It is that the extended attribute information of the baseline requirement point includes:Extended attribute is numbered, extended attribute is encoded,
Extended attribute title, extended attribute explanation, extended attribute data type, extended attribute decimal number, use
State.
6. the security baseline storehouse dynamic fixing method of metadata, its feature are based on as claimed in claim 5
It is that the extended attribute value information of the baseline requirement point includes:Extended attribute value numbering, affiliated extension
Attribute number, affiliated baseline requirement point numbering, extended attribute value, use state.
7. the security baseline storehouse dynamic fixing method of metadata, its feature are based on as claimed in claim 6
It is that the attribute information of the Security Architecture includes:System numbering, father node numbering, father node class
Type, child node numbering, sub-node type, use state.
8. the security baseline storehouse dynamic fixing method of metadata, its feature are based on as claimed in claim 1
It is that the security baseline is based on hierarchical protection standard.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511010266.5A CN106933819A (en) | 2015-12-29 | 2015-12-29 | Security baseline storehouse dynamic fixing method based on metadata |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511010266.5A CN106933819A (en) | 2015-12-29 | 2015-12-29 | Security baseline storehouse dynamic fixing method based on metadata |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106933819A true CN106933819A (en) | 2017-07-07 |
Family
ID=59458344
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201511010266.5A Pending CN106933819A (en) | 2015-12-29 | 2015-12-29 | Security baseline storehouse dynamic fixing method based on metadata |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106933819A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109460400A (en) * | 2018-12-12 | 2019-03-12 | 国网江苏省电力有限公司南京供电分公司 | System and method is established in a kind of electric power monitoring system security baseline library |
| CN114915431A (en) * | 2021-01-29 | 2022-08-16 | 中移(苏州)软件技术有限公司 | State detection method, node, system and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103414585A (en) * | 2013-08-01 | 2013-11-27 | 华南师范大学 | Method and device for building safety baselines of service system |
| CN103905270A (en) * | 2014-03-11 | 2014-07-02 | 国网湖北省电力公司信息通信公司 | Smart grid android system safety base line automatic checking system and method |
| US8886217B2 (en) * | 2012-12-31 | 2014-11-11 | Apple Inc. | Location-sensitive security levels and setting profiles based on detected location |
| CN104966021A (en) * | 2015-05-21 | 2015-10-07 | 浪潮电子信息产业股份有限公司 | Creating and analytic methods and device for security baseline data files |
-
2015
- 2015-12-29 CN CN201511010266.5A patent/CN106933819A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8886217B2 (en) * | 2012-12-31 | 2014-11-11 | Apple Inc. | Location-sensitive security levels and setting profiles based on detected location |
| CN103414585A (en) * | 2013-08-01 | 2013-11-27 | 华南师范大学 | Method and device for building safety baselines of service system |
| CN103905270A (en) * | 2014-03-11 | 2014-07-02 | 国网湖北省电力公司信息通信公司 | Smart grid android system safety base line automatic checking system and method |
| CN104966021A (en) * | 2015-05-21 | 2015-10-07 | 浪潮电子信息产业股份有限公司 | Creating and analytic methods and device for security baseline data files |
Non-Patent Citations (1)
| Title |
|---|
| 梁凤薇: "运营商业务平台安全域防护策略及安全基线设计", 《计算机安全》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109460400A (en) * | 2018-12-12 | 2019-03-12 | 国网江苏省电力有限公司南京供电分公司 | System and method is established in a kind of electric power monitoring system security baseline library |
| CN109460400B (en) * | 2018-12-12 | 2022-04-08 | 国网江苏省电力有限公司南京供电分公司 | System and method for establishing safety baseline library of power monitoring system |
| CN114915431A (en) * | 2021-01-29 | 2022-08-16 | 中移(苏州)软件技术有限公司 | State detection method, node, system and storage medium |
| CN114915431B (en) * | 2021-01-29 | 2024-05-24 | 中移(苏州)软件技术有限公司 | State detection method, node, system and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Günel et al. | Tall buildings: structural systems and aerodynamic form | |
| Milligan | An algorithm for generating artificial test clusters | |
| Ruspini | Men and masculinities around the world: Transforming men’s practices | |
| KR102293819B1 (en) | Spatial information based digital twin service providing device and method | |
| CN103473265B (en) | The analysis method and device of a kind of layout of flow chart | |
| CN101782977A (en) | Optimal dispatch system and dispatch algorithm of emergency rescue goods and materials | |
| CN106383956B (en) | The converting system and method for thermal power plant civil engineering model data | |
| CN106777644A (en) | Automatic generation method and device for power plant identification system code | |
| CN116956423B (en) | Automatic modeling method and system based on property layering household map | |
| CN103885999A (en) | Indexing template for defining XBRL (extensible business reporting language) and business correspondence | |
| CN101777073A (en) | Data conversion method based on XML form | |
| CN201867789U (en) | Self-adaptive graphical user interface building device | |
| CN106933819A (en) | Security baseline storehouse dynamic fixing method based on metadata | |
| CN106777607A (en) | A kind of computer room rack modeling method and system for data center | |
| CN105608119A (en) | Rapid thematic map drawing technology | |
| CN101847222A (en) | Human factor management system of nuclear power plant and method | |
| EP2897401A1 (en) | Method and device for guaranteeing consistency of planning data | |
| CN107025214B (en) | Data processing method and device | |
| CN110176076B (en) | Method for carrying out spatial operation on BIM (building information modeling) model based on IFC (information processing center) format | |
| CN102306199A (en) | Data management device and data management method | |
| CN111275788A (en) | Graph synthesis method based on common template graph and differential topological graph | |
| Giovanardi et al. | IoT in building process: a literature review | |
| CN104156435A (en) | Method for rapidly finding HSE laws and regulations from database | |
| US20190258653A1 (en) | System of dynamic hierarchies based on a searchable entity model | |
| CN106202768A (en) | Attribute input method in house property area Calculation Plane figure |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170707 |