CN1921474A - Method or apparatus for managing a server process in a computer system - Google Patents
Method or apparatus for managing a server process in a computer system Download PDFInfo
- Publication number
- CN1921474A CN1921474A CN200610110765.6A CN200610110765A CN1921474A CN 1921474 A CN1921474 A CN 1921474A CN 200610110765 A CN200610110765 A CN 200610110765A CN 1921474 A CN1921474 A CN 1921474A
- Authority
- CN
- China
- Prior art keywords
- machine
- server
- client
- server process
- cycle
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 90
- 230000008569 process Effects 0.000 title claims abstract description 55
- 238000004891 communication Methods 0.000 claims abstract description 27
- 230000000694 effects Effects 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims description 6
- 238000012545 processing Methods 0.000 description 8
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 240000004859 Gamochaeta purpurea Species 0.000 description 1
- 235000006679 Mentha X verticillata Nutrition 0.000 description 1
- 235000002899 Mentha suaveolens Nutrition 0.000 description 1
- 235000001636 Mentha x rotundifolia Nutrition 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
A method and apparatus for running a server program are disclosed in which a first instance (301, 303) of a server program is run on a first machine (203/301) and communications are routed from client processes to that first machine (203/301). A second instance (305, 303) of the server program is then started on a second machine (203/305) and after a predetermined period subsequent communications from client processes are re-routed to the second machine (203/305).
Description
Technical field
The present invention relates to be used for method and apparatus in the computer system management servers process.
Background technology
Attack to computer system is divided into two kinds usually.In first kind of situation, the assailant obtains the visit to pregnable machine, and steal information is abandoned machine then.Second kind has comprised to occupy pregnable machine and place the mechanism be called the back door in machine further unauthorized access is provided.Then, (compromised) computer of divulging a secret can be used to start the network attack such as denial of service (DOS) is attacked, perhaps send the active Email that often is called spam.The unauthorized user of computer can also be made undesirable modification to software systems on the computer or data.
High function server with visit that high-speed Internet is connected is attracting hacker's attention.Such server can be dealt with the data volume that attack comprised such as sending millions of rubbish messages or participation dos attack.Conclude the business to the visit of this server of divulging a secret because of mint of money between the hacker through being everlasting.The current safe practice that is used for computer system provides access control, and the trial use of supervisory computer, to discern unauthorized or suspicious user behavior.Yet the commercial value of the machine of divulging a secret is instigated and is overcome existing safety measure, obtains visit and damage the safety of computer system and complete various trials.
Summary of the invention
According to some embodiment, a kind of method that is used for the server process of managing computer system is provided, the method comprising the steps of:
A) first example that runtime server is handled on first machine;
B) communication of route from client process to first machine;
C) second example of beginning server process on second machine; With
D) in the cycle way of escape of moving first example by first machine by subsequent communications from client process to second machine.
Each example of server process can be provided by the virtual applications server.
Each machine can be a virtual machine.Each machine can comprise one or more concurrent physical processors.When predetermined switching cycle past tense can trigger step d).Can determine switching cycle randomly.Can monitor server or the unauthorized activity of described first and second machines, and can trigger step d) by detecting any such activity.
Can on the 3rd machine, begin the 3rd example of server process, and, re-route subsequent communications from client process to the three machines by the shared determined all after dates of time of unauthorized activity that detect on first machine.After step d), can stop first example of server process.Can also stop first machine.In case stop server process or machine, can analyze its relevant data and file and detect unauthorized activity.
After step d), can allow first example of server process to finish the client communication that before stopping to handle, exists.After step d), can allow first example of server process to come in the cut-out cycle, to continue to handle existing client communication.Can be scheduled to the cut-out cycle.Can determine the length in cut-out cycle randomly.Can obtain the cut-out cycle from the average handling time of client communication.
According to other embodiments of the invention, a kind of equipment that is used for the server process of managing computer system is provided, this equipment comprises:
First machine is used for first example that runtime server is handled;
Controller, operation comes the communication of route from client process to first machine;
Second machine is used to move second example of the server process behind first example; With
Controller is also operated in the cycle way of escape of being moved first example by first machine by the subsequent communications from client process to second machine.
According to further embodiment, a kind of method of runtime server program is provided, the method comprising the steps of:
A) first example of runtime server program on first virtual machine (VM), and route is from the communication of client process to the VM; With
B) second example of beginning server program on the 2nd VM, and in the subsequent communications of predetermined all after date reroutings from client process to the two VM.
According to other embodiment, the computer program that comprises instruction is provided, when going up the described computer program of execution in computer system (101), the method that is used for management servers process is carried out in described instruction, and the method comprising the steps of:
A) first example that runtime server is handled on first machine;
B) communication of route from client process to first machine;
C) second example of beginning server process on second machine; With
D) in the cycle way of escape of moving first example by first machine by subsequent communications from client process to second machine.
According to some embodiment, the computer program that comprises instruction is provided, when going up the described computer program of execution in computer system (101), the method for runtime server program is carried out in described instruction, and the method comprising the steps of:
A) first example of runtime server program on first virtual machine (VM), and route is from the communication of client process to the VM; With
B) second example of beginning server program on the 2nd VM, and in the subsequent communications of predetermined all after date reroutings from client process to the two VM.
Description of drawings
By the mode of example embodiments of the invention are described with reference to the accompanying drawings, wherein:
Fig. 1 is the computer system schematic diagram;
Fig. 2 is the schematic diagram of the functional block of one of computer in the computer system of Fig. 1; With
Fig. 3 is the flow chart of the processing carried out in the computer of Fig. 2.
Embodiment
With reference to Fig. 1, computer system 101 comprises the one group of client computer 103 that is connected to one group of server computer 107,109,111,113 by wide area network (WAN) 105.Data and service that the client software of client computer 103 operation such as email client or web browser, client software can the access server computer provide via application server software.107,109,111, the 113 operation designs of each server computer will be to their software and the visit of the data access control software that is only limited to the user of mandate.Each client computer 103 can be via in the network 105 access server computers 107,109,111,113 any one.Yet any one in the client computer 103 can be used for attempt obtaining unauthorized access to any one of server computer 107,109,111,113 via hacking technique.Any successful unauthorized access may cause the software or the data of divulging a secret server or be used as on the server such as sending spam or execution dos attack, the further source of attacking are being destroyed.
With reference to Fig. 2, one of server computer 113 has the virtualization software of use to be realized so that the server software of one group of virtual server is provided.The operation of each virtual server is carried out in the mode identical with standard server software, but point at any time has only a virtual server to activate in this group, and from the new communication of client computer 103 receptions.Behind user-defined switching cycle, activate new virtual server, and will close for server old, that activate is arranged to now, eliminate any modification that the hacker may make thus.The virtual server of new virtual server replace old carries out that server uses continues to provide.By the life-span of restriction virtual server, their susceptibility and value reduce for the hacker.Virtual server and their switching are transparent to the client 103 of using server to use.
The processing that to carry out by controller 211 with further reference to the flow chart description of Fig. 3.In step 301, controller 211 produces and startup VM from host file system 213.The one VM (also being called first machine) is a main frame, and controller is routed to it with all client-requested.In this stage, there is not secondary VM to handle the client-requested of long operational time.Handle moving to step 303 then, it is scheduled time of 30 minutes that its middle controller will switch timer initiation.
In case go over switching time, handle to move to step 305, therein controller from host file system produce and start extra, also be called the VM of second machine, and the new client-requested that all are follow-up is routed to this node.In other words, new or the 2nd VM is called main frame, and previous main frame (first machine) is designated as secondary machine.The processing of new then main frame (owing to it starts, and take over first machine as main frame behind first machine, therefore also be called second machine) turns back to step 303 and continues above-mentioned steps.The processing of new secondary machine moves to step 307 then.
Step 301 and 303 is set up first example of server process, and step 305 and 303 is set up second example of server process.
In step 307, the cut-out timer of the chromaffin body point that controller is new is set to 90 minutes.Need only the request of its processing from the client of long operational time, perhaps before the period expires that is provided with in cutting off timer, secondary machine continues operation, and processing advances to step 309.In step 309, controller stops second machine and its resource is discharged go back to system.Shown in the treatment step among Fig. 3 311, a plurality of secondary machines can moved arbitrarily preset time.As mentioned above, switching and the domination of the relative length in the cycle of cut-out are at the maximum quantity of the secondary machine that moves preset time arbitrarily.
If the hacker reaches out for the unauthorized access to main frame, in case then switching cycle is gone over, controller is handled and is transferred main frame to secondary machine, and produces new main frame from host file system.The secondary machine that produces in this switch step moves in the cut-out cycle at the most, stops then and is finally destroyed.This mechanism (mechanism) is eliminated the hacker may be placed on webpage, hack tool, back door, the piracy software of any damage on the VM or the material of not expecting.Owing to start new main frame from host file system, therefore new main frame is clean and safety, so can not divulge a secret.Therefore, for some hacker, access server and set up the required work of visit in expectation mode (that is, use institute have a back door connection piracy software etc.) and will become and be unworthy again frequently.The application program of the switching of VM and they the client for application program is provided is transparent.In addition, can utilize above-mentioned technology by the random procedure or the service of VM operation, and firmer when under attack.
In certain embodiments, the data and the program of each chromaffin body point of having been stopped by controller are carried out debate (forensics) process.Arrange the debate process to detect any infringement of integrality and the safety of VM.The result of this process can be used to revise the main map of VM, so that remove any detected susceptibility.The debate process can be moved intrusion detection program (such as Tripwire
TM) come detection key system, configuration or application file whether to be modified; Whether test has produced new account or has not revised Host Based firewall rule; Determine whether secondary machine stores unfamiliar file or program; Or the investigation journal file determines whether exist illegal network to connect for second machine.
In other embodiments, each machine is arranged to preserve the registration of the binary code of all execution.This is by all binary code of hash (hash) before carrying out them and store these hash codes and realize.Use this additional function, the debate process can be checked and whether carry out unauthorized binary code that the indication machine has been encroached on (that is, its hash code do not admitted by security strategy binary code).
In certain embodiments, if detected infringement, then arrange the debate process to collect debate evidence (comprising all available journal files, configuration file and memory dump (dump)).Can use this evidence to analyze by the human expert and encroach on and develop the patch that is used for this potential susceptibility.
In another embodiment, if the debate process determines to have been revised in the malice mode specific file or Host Based firewall system, then upgrade host file system so that protection can not carried out such modification to new engine from clean copy.Can automatically perform such step, perhaps the people also can intervene.In the same manner, can check available security patch by schedule system, and automatically they are applied to host file system.
In certain embodiments, controller and/or each VM comprise intruding detection system, and if detect invasion then stop switching cycle immediately.For example can be at Tripwire
TMSystem has detected to be switched triggering after the unauthorized update of file.In addition, can after being connected, the new output that Host Based fire compartment wall is reported with the firewall policy of fire compartment wall is runed counter to trigger switching.
In other embodiments, considering under the situation of divulging a secret in the past switching cycle to be set dynamically.If ti is current switching cycle, establish a for greater than 1 constant, (0≤tmin<tmax) is minimum and maximum switching cycle (tmax=∞ is possible) for tmin and tmax.Then according to following algorithm computation ti+1:
IF (detecting infringement last time when operation is handled in debate)
Then?ti+1:=max(ti/a,tmin);
Else?ti+1:=min(ti*a,tmax)。
In a further embodiment, the type change according to the application server that is moving cuts off the cycle.For example, therefore the short request of webserver great majority operation can be set to the little constant value such as 5 minutes the cut-out cycle.
In other embodiments, be used for the server of database and trading processing such as those, the running time of request may bad prediction.Therefore dynamically be set break time, for example be set to average request processing time+three standard deviation.
In certain embodiments, under the integral body control of controller or cooperation controller group, a plurality of physical machines or processor are used for each example of runtime server application program.
Skilled person will appreciate that implementing a part of the present invention or all being provided with can be the general destination device with a part of arranging to provide the embodiment of the invention or all software.This device can be single device or device group, and software can be single program or program groups.In addition, be used to realize of the present invention arbitrarily or all softwares can communicate via various transmissions or the storage device such as computer network or storage device, making can be with software loading to one or more device.
Though the description by the embodiment of the invention has illustrated the present invention, and the embodiment that describes in detail very much, applicant's invention or claims should be restricted to this details.Those skilled in the art can be easy to make extra advantage and modification.Therefore, the present invention its be not limited to aspect wider representative equipment and method and shown in and the specific detail of the illustrative examples described.Therefore, can deviate from aim and the scope that this details does not still deviate from applicant's present general inventive concept.
Claims (19)
1. method that is used for the server process of managing computer system (101), described method comprises step:
A) go up first example (301,303) that runtime server is handled at first machine (203/301);
B) communication of route from described client process to described first machine (203/301);
C) on second machine (203/305), begin second example (305,303) of described server process; With
D) moving the cycle way of escape of described first example (301,303) by subsequent communications by described first machine (203/301) from client process to described second machine (203/305).
2. the method for claim 1 is wherein provided each described example of described server process by virtual applications server (113).
3. as the described method of any one claim of front, wherein each described machine is virtual machine (203/301,305).
4. method as claimed in claim 1 or 2, wherein each described machine comprises one or more concurrent physical processors.
5. as the described method of any one claim of front, wherein when predetermined switching cycle past tense triggering step d).
6. method as claimed in claim 5 is wherein determined described switching cycle randomly.
7. as the described method of any one claim of front, wherein monitor the unauthorized activity of described server (113) or described first and second machines (203/301,305), and trigger step d) by detecting any such activity.
8. method as claimed in claim 7 also comprises step:
C) the 3rd example of the described server process of beginning on the 3rd machine; With
D) by the described shared determined all after dates of time of unauthorized activity that detect on described first machine, re-route subsequent communications from client process to described the 3rd machine.
9. as the described method of any one claim of front, also comprise: described first example (301,303) that after step d), stops described server process.
10. method as claimed in claim 9 wherein also stops described first machine (203/301).
In a single day 11. as any one described method in the claim 9 to 10, wherein stop server process or machine, then analyze its related data and file and detect unauthorized activity.
12., wherein after step d), allow the next client communication that before finishing termination, exists of described first example (301,303,307,309) of described server process as the described method of any one claim of front.
13., wherein after step d), allow described first example (301,303,307,309) of described server process to come in the cut-out cycle, to continue to handle existing client communication as the described method of any one claim of front.
14. method as claimed in claim 13, the wherein predetermined described cut-out cycle.
15. method as claimed in claim 13 is wherein determined the length in described cut-out cycle randomly.
16. method as claimed in claim 13, wherein the average handling time from client communication obtains the cut-out cycle.
17. the method for a runtime server program, described method comprises step:
A) first example (301,303) of runtime server program on first virtual machine (VM) (203/301), and the communication of route from client process to a described VM (203/301); With
B) on the 2nd VM (203/305), begin second example (305,303) of described server process, and re-route subsequent communications from client process to described the 2nd VM (203/305) at predetermined all after dates.
18. an equipment that is used for the server process of managing computer system (101), this equipment comprises:
First machine (203/301) is used for first example (301,303) that runtime server is handled;
Controller (211), operation comes the communication of route from client process to described first machine (203/301); With
Second machine (203/305) is used to move second example (305,303) of the described server process of (301,303) behind described first example,
Wherein said controller is also operated and is being moved the cycle way of escape of described first example (301,303) by the subsequent communications from client process to described second machine (203/305) by described first machine (203/301).
19. a computer program that comprises instruction, when when computer system (101) go up to be carried out described computer program, described instruction is carried out according to any one the method in the claim 1 to 17.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| EP05405493 | 2005-08-25 | ||
| EP05405493.7 | 2005-08-25 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1921474A true CN1921474A (en) | 2007-02-28 |
Family
ID=37779048
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200610110765.6A Pending CN1921474A (en) | 2005-08-25 | 2006-08-11 | Method or apparatus for managing a server process in a computer system |
Country Status (2)
| Country | Link |
|---|---|
| JP (1) | JP2007058862A (en) |
| CN (1) | CN1921474A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110012038A (en) * | 2019-05-29 | 2019-07-12 | 中国人民解放军战略支援部队信息工程大学 | A network attack defense method and system |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP6352140B2 (en) * | 2013-10-22 | 2018-07-04 | キヤノン電子株式会社 | Web system, server switching device, server switching method and program |
| CA3027728A1 (en) * | 2016-06-16 | 2017-12-21 | Virsec Systems, Inc. | Systems and methods for remediating memory corruption in a computer application |
-
2006
- 2006-08-11 CN CN200610110765.6A patent/CN1921474A/en active Pending
- 2006-08-23 JP JP2006226045A patent/JP2007058862A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110012038A (en) * | 2019-05-29 | 2019-07-12 | 中国人民解放军战略支援部队信息工程大学 | A network attack defense method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| JP2007058862A (en) | 2007-03-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6522707B2 (en) | Method and apparatus for coping with malware | |
| CN109918916B (en) | Dual-system trusted computing system and method | |
| US11340890B2 (en) | Integrity assurance and rebootless updating during runtime | |
| CN1265598C (en) | Dynamic network security device and method for network processor | |
| US7278019B2 (en) | Method of hindering the propagation of a computer virus | |
| US10162661B2 (en) | Interdependent virtual machine management | |
| CN110505246B (en) | Client network communication detection method, device and storage medium | |
| WO2006110426A2 (en) | System and method for foreign code detection | |
| CN1818876A (en) | System and method for executing a process on a microprocessor-enabled device | |
| CN1921474A (en) | Method or apparatus for managing a server process in a computer system | |
| KR101998205B1 (en) | Apparatus and method for analyzing malicious file using distributed virtual environment | |
| Huang et al. | Relocate: a container based moving target defense approach | |
| EP1758021A2 (en) | Method or apparatus for managing a server process in a computer system | |
| CN110912936B (en) | Media file security situation perception method and firewall | |
| KR20250142200A (en) | Communication Modem | |
| HK1219790A1 (en) | Systems and methods for using a reputation indicator to facilitate malware scanning |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20070228 |