摘要
RSAP技术是将防护模块自身注入到应用程序中,与应用程序融为一体,具有实时监测、阻断攻击的能力,成为关键信息基础设施的防护手段之一.通过分析RASP技术的检测原理并结合实例分析,列举了RASP技术存在的缺陷,并结合关键信息基础设施防护中的工作实践,总结出弥补RASP技术局限性的解决方案,该方案结合了RASP技术贴近攻击落脚点与基于白名单可信检测的优点,具有检测能力强、能预防未知威胁的特点,可以为关键信息基础设施提供更全面的防护,是公安部“三化六防”防护思路的技术实现.
RSAP technology injects the protection module itself into the application to integrate it with the application.It has the ability of real-time monitoring and blocking attacks,and becomes one of the protection means of key information infrastructure.By analyzing the detection principle of rasp technology and combining with the analysis of examples,this paper lists the defects of rasp technology.The solutions to make up for the limitations of rasp technology are summaried,which are combined with the work practice of key information infrastructure protection.The solutions combine the advantages of rasp technology close to the attack foothold and trusted detection based on white list,which has strong detection ability and can prevent unknown threats.It can provide more comprehensive protection for the key information infrastructure.And it is the technical realization of the Ministry of public security’s“three modernizations and six Preventions”protection idea.
作者
王奕钧
Wang Yijun(The First Research Institute of the Ministry of Public Security,Beijing 100048)
出处
《信息安全研究》
2021年第3期250-256,共7页
Journal of Information Security Research
关键词
RASP
局限性
关键信息基础设施
白名单
检测绕过
RASP
limitation
critical information infrastructure
white list
detection bypass
