| The role of web anti-tamper system is resisting web-tampering attacks, detecting and recovering the web pages being tampering with. Now days more and more people and organizations have established their own web sites. The large-scale popularity of websites spawns the extensive network security needs. Recent years, the attacks to websites have increased gradually and trend to be concealed, wide-scale and benefiting. Both famous and influential enterprises and governments have been involved. The attacks of web-tampering have become a great threat to the normal order of websites and society. The technology of web anti-tampering is developed to solve the problem and has developed rapidly. It is universally acknowledged that the technology of web anti-tampering had experienced three generations:polling, webserver program embedding and the filter driver underlying kernel. Polling wastes too much computing resources. Webserver program embedding can do nothing about stopping web pages from being tampered but recovering the web pages. The filter driver underlying kernel cannot check the integrity of web pages. None of them can satisfy the complicated security needs of various web sites, especially the web sites that have heavily accesses and concurrency. To provide effective protection for websites with lower levels of resource use, a new detection and recovery mechanism of web tampering with high performance is addressed in this paper, and the key modules are detail designed and implemented.This paper focuses on the key technologies of web anti-tampering system, especially on the technology proposal of web anti-tampering with high performance and the web anti-tampering system that bases on Linux, Apache, netlink, inotify, system call hijack and so on. The system can stop the attacks when the hackers trying to and recovery the web pages tampered before them leak out. The system can also be the basis of web anti-tampering system with high performance. In this paper, the primary work includes:1. The paper researched and analyzed a variety of web-tampering detection and recovery technology, then contrasts their advantages and disadvantages.2. The paper studied and analyzed several technologies referring to the web anti-tampering system and addressed some specific technologies that clouded be used in the system. 3. The paper proposed a new detection and recovery mechanism of web tampering with high performance. The system can achieve a real-time protection for web pages, and adjusts the levels of resource use according with the load of webserver and the security situation of web pages.4. This paper studied Kernel Module, netfilter and inotify of the Linux system and Apache Module, and had a detailed analysis of real-time synchronization with inotify. The paper designs and implements the web anti-tampering system with the features of both active and passive defense, which is achieved by security policy, integrity check and real-time recovery.6. The paper analyzed the system in function and performance, the design achieved well in the demand. It also achieved good scalability and portability. |
PDF Full Text Request