CN101802805B - Method for verifying application programs and controlling the execution thereof - Google Patents
Method for verifying application programs and controlling the execution thereof Download PDFInfo
- Publication number
- CN101802805B CN101802805B CN2008801016476A CN200880101647A CN101802805B CN 101802805 B CN101802805 B CN 101802805B CN 2008801016476 A CN2008801016476 A CN 2008801016476A CN 200880101647 A CN200880101647 A CN 200880101647A CN 101802805 B CN101802805 B CN 101802805B
- Authority
- CN
- China
- Prior art keywords
- application program
- execution
- verification data
- dll
- subscriber computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/16—Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Abstract
Disclosed is a method for verifying and controlling execution of application programs which searches for the application programs, such as P2P program or messenger programs, or game files not permitted by an administrator, such as parents, subjected to being prevented from arbitrary execution so as to control whether to intercept or permit the execution of the application program, and classifies the application programs for every category so as to control the interception or the permission of the execution of the application program according to the environment setting policy set for every category, said method comprises: the steps of establishing an application program verification data DB, in which the collected application program files are classified for every program category so as to generate the application program verification data DB; transmitting the application program verification data DB to a user's computer; postponing the execution of the application program of the user's computer when the execution of the application program of the user's computer is initialized, and extracting the verification data of the executed application program; and searching for the application program verification data DB with the verification data with respect to the application program desired to be used in the user's computer and controlling the interception or permission of the execution of the application program according to the environment settling policy for every category.
Description
Technical field
The present invention relates to being installed on the control of the application program in the subscriber computer; And relate in particular to a kind of system and method that is used for the execution of controlling application program; This system and method judges in subscriber computer, to carry out which kind of application program, and the execution that the application program that comprises in the classification is set is controlled.
Background technology
In the various application programs in being installed on subscriber computer, not only have the file of downloading and installing according to user's request, also have the user to the accurate essence of program and unwitting situation under wrong Virus or the application process file of installing.And such situation possibly take place: in the computing machine (like the computing machine that uses in family) by a plurality of user captures and use, it is not the program execute file that main user knew that child user has been installed.Especially, possibly carry out very likely for children the relevant program execute file of the P2P in the path that obtains harmful information or messenger programs are provided, or not by game file that keeper such as father and mother allowed.Therefore, the demand for a kind of like this system or method increases gradually: this system and method provides search will be prevented from the program of controlled execution not and has prevented to carry out the ability of this program.
Review provides the prior art of this ability; A solution has been proposed; In this scheme; Periodic search is stored in the execute file name (xxx.exe) or the specific character string of the specific part of whole procedure or application program in the disk of subscriber computer, if the program that searches out subsequently corresponding to program controlled, then should be deleted this program.In alternative solution; The execute file name (xxx.exe) or the specific character string of the whole procedure that search is in real time carried out in subscriber computer or the specific part of application program; If the program that searches out subsequently corresponding to program controlled, then should be tackled this program implementation.
Yet the execute file name (xxx.exe) of application program can be by random change, thereby has limited the effect of the prior art of search execute file name (xxx.exe) unfriendly.And the specific part of analyzing whole procedure or program has following problem with the prior art of search specific character string: wherein, in the step of executive process, have sizable burden being used to carry out on the processor of each program.In addition, prior art can not provide a kind of like this classification control: wherein, various application programs can be divided into several classifications, and judge execution or interception application program according to each classification.
Summary of the invention
Technical matters
Therefore; The present invention is devoted to solve the problems referred to above that exist in the prior art; And the invention provides a kind of method that is used for the execution of controlling application program file; This method at first comprises based on the verification msg of unique existence in the application file sets up application program classification validation database for each classification, and verification msg is to collect through the various application program execute files of acquisitions such as the Internet through analyzing.And; The said method that is used to control further comprises: the application program validation database of classifying is downloaded to subscriber computer (for example PC); In subscriber computer, make the execution of application program postpone a bit of time before the executive utility; From application program, extract verification msg; And whether judge the verification msg that extracts, thereby can realize controlling according to the execution of the application programs of judging as a result corresponding to each project that is stored in the application program verification data database in the subscriber computer.
In addition; The present invention also is devoted to solve the problems referred to above that exist in the prior art, and the invention provides a kind of be used for the distinguishing classification of the application program of carrying out at subscriber computer and the method for coming the execution of application programs to allow or tackle according to the control sequence that is directed against each classification setting.
Technical scheme
According to a scheme of the present invention, a kind of also method of the execution of controlling application program that is used to verify is provided, may further comprise the steps:
Set up application program verification data DB; Wherein, the analysis of application program verification server is for the required DLL (dynamic link library) of process of each application file executive utility of collecting through the Internet etc., if there is the DLL that can distinguish application program among the DLL that loads; Then extract unique DLL; If do not have the DLL that can distinguish application program among the DLL that loads, the metamessage that then extracts application program is as identifier, and be each program classification generation application program verification data DB;
Send application program verification data DB, wherein, the application program verification data DB that will in the step of setting up application program verification data DB, generate sends to subscriber computer;
Extract the application program verification data of subscriber computer, wherein, when initialization is carried out in the execution of application program in to subscriber computer, postpone the execution of application program, the DLL or the metamessage that extract application program subsequently are as the program verification data; And
The execution of the application program of checking and control subscriber computer; Wherein, Utilization is desirably in the verification msg of the application program of using in the subscriber computer and comes search for application verification msg DB; If there is not corresponding project, the execution of the application program that then allows to be postponed, and the verification msg that extracts sent to the application program verification server; And if have corresponding project, interception or the permission then carried out among the application program verification data DB according to the execution of controlling application programs to the environment Provisioning Policy of each classification.
Beneficial effect
The application process file of installing when mistake, Virus, program execute file that main user did not expect, very likely for children execute file that the P2P in the path of acquisition harmful information is correlated with or messenger programs are provided, in the time of can not being carried out by game file that keeper such as father and mother allowed etc.; Effect of the present invention is: if in subscriber computer, detect the execution of application program; Then make this execution postpone a bit of time; Whether from application program, extract verification msg that verification msg extracts with search corresponding to each project that is stored in the application program classification validation database in the subscriber computer; And should prevent by the program of random execution according to Search Results search, tackle or allow thereby control the whether execution of application programs.In addition, effect of the present invention also is: classify to each classification application programs, thereby the environment Provisioning Policy that is provided with according to being directed against each classification is controlled interception or permission that the execution of application programs is carried out.
Description of drawings
Fig. 1 is the process flow diagram that an example embodiment of the present invention is shown;
Fig. 2 is the process flow diagram that illustrates according to an example embodiment of the step of the extra execution that comprises records application program of the present invention/interception history;
Fig. 3 is the process flow diagram that specifically illustrates the step of the renewal application program verification data DB that accordings to another example embodiment of the present invention;
Fig. 4 is the process flow diagram that specifically illustrates according to the step of setting up application program verification data DB of an example embodiment of the present invention;
Fig. 5 is the process flow diagram that specifically illustrates according to a process of an example embodiment of the present invention; In this process; By the step S300 of the application program verification data that are stored in the Agent execution extraction subscriber computer in the subscriber computer, and the step S400 of the execution of the application program of checking and control subscriber computer;
Fig. 6 is the diagrammatic sketch of system that is constructed to implement said method that illustrates according to an example embodiment of the present invention;
Fig. 7 be illustrate according to an example embodiment of the present invention be used to verify and the diagrammatic sketch of the Agent of the execution of controlling application program;
Fig. 8 is the diagrammatic sketch that the file of verification msg DB is shown according to the present invention.
<brief description of the Reference numeral in the accompanying drawing >
S100: set up application program verification data DB
S200: send application program verification data DB
S300: the application program verification data of extracting subscriber computer
S400: the checking and the execution of the application program of control subscriber computer
S500: the execution of records application program/interception is historical
S110: carry out Agent
S120: executive utility
S130: extract the DLL that loads
S140: the DLL that has unique loading?
S150: extract metamessage
S160: add project to verification msg DB
100: the application program verification server
110: (authentication server) application program verification data DB
200: subscriber computer
210: (subscriber computer) application program verification data DB 210
Embodiment
Below, will structure and step according to the execution of the checking of an example embodiment of the present invention and controlling application program be described with reference to accompanying drawing.
Referring to Fig. 1 to Fig. 6, according to an example embodiment of the present invention be used to verify and the method for the execution of controlling application program comprises:
Step S100 sets up application program verification data DB, wherein; Application program verification server 100 is analyzed the required DLL of process for each application file executive utility of collecting through the Internet etc.; If there is the DLL that can distinguish application program among the DLL that loads, then extract unique DLL, if do not have the DLL that can distinguish application program among the DLL that loads; The metamessage that then extracts application program is as identifier, and is that each program classification generates application program verification data DB;
Step S200 sends application program verification data DB, and wherein, the application program verification data DB that will in the step S100 that sets up application program verification data DB, generate sends to subscriber computer 200;
Step S300; Extract the application program verification data of subscriber computer, wherein, when initialization is carried out in the execution of application program in to subscriber computer 200; Postpone the execution of this application program, the DLL or the metamessage that extract application program subsequently are as the program verification data; And
Step S400; The execution of the application program of checking and control subscriber computer; Wherein, utilize the verification msg that is desirably in the application program of using in the subscriber computer to come search for application verification msg DB, if there is not corresponding project; The execution of the application program that then allows to be postponed; And the verification msg that extracts sent to application program verification server 100, and if have corresponding project, interception or the permission then carried out among the application program verification data DB according to the execution of controlling application programs to the environment Provisioning Policy of each classification.
Fig. 2 shows an example embodiment of the historical step of the extra execution that comprises records application program/interception; As shown in Figure 2; Preferably, after the step S400 of control checking and execution, further comprise step S500: the execution of records application program/interception is historical; Wherein, the permission that the execution of record application programs is carried out in the application program verification data DB of subscriber computer or the history of interception.
More specifically, in the step S100 that sets up application program verification data DB, analyze the required DLL of executive utility, wherein, the verification msg DB that distinguishes application program is made up of the information of the DLL that loads.For example, at general messenger programs of analysis such as MSN, during the executive process of NateOn etc., load specific unique DLL to carry out this program.In addition, the patch even universal program gets beat up, the reformed possibility of this unique DLL is also very little, thus advantageously, the application program verification data DB that comprises unique DLL does not need frequent updating.
In addition; In application program is not load under the situation of program of its unique DLL; For example be present in Card Games in the Windows auxiliary routine, Freecell (Freecell) etc.; Said program is mounted with the common DLL that uses in other program, thereby is difficult to extract unique DLL information of corresponding program.Yet in the present invention, the metamessage (title of Windows, the image name of execute file etc.) that extracts application program is as the verification msg that can distinguish application program.
Each classification to program is classified to the verification msg (unique DLL or metamessage) that extracts; And set up application program verification data DB 110; The input of the particular hash value that DLL and the metamessage of the message pick-up that comprises among the DB through handler file obtains; And through application program verification data DB being sent to the step S200 of subscriber computer 200; The application program verification data DB 110 that will in authentication server 100, generate is stored among the application program verification data DB 210 of subscriber computer 200, thereby the execution of various types of application programs of carrying out in can the 210 pairs of subscriber computers of application program verification data DB based on subscriber computer 200 is controlled.
Simultaneously; Fig. 3 has specifically illustrated the step according to the renewal application program verification data DB of another example embodiment of the present invention, and is as shown in Figure 3, more preferably; Be used to verify that also the method for the execution of controlling application program further comprises step S600: upgrade application program verification data DB; Wherein, when starting subscriber computer 200, carry out Agent, and the application program verification data DB 210 of subscriber computer and the application program verification data DB 110 of application program verification server 100 are compared; If the application program verification data DB 210 of subscriber computer is up-to-date; Then it will be identified, and if these application program verification data DB 210 is not up-to-date, then upgrade application program verification data DB210.
The above-mentioned step S100 that sets up application program verification data DB is implemented by the Agent that is stored in the application program verification server 100; And; Fig. 4 shows the concrete steps of setting up application program verification data DB according to an example embodiment of the present invention, and is as shown in Figure 4, preferably includes: the step S110 that carries out Agent; Wherein, carry out Agent; The step S120 of executive utility, wherein, executive utility; Extract the step S130 of the DLL that loads, wherein, carry out the DLL that is used for the required basic loading of executive utility; Judge the step S140 of unique DLL, wherein, judge in the DLL of the basic loading that extracts, whether there is unique DLL that can distinguish application program; Extract the step S150 of metamessage, wherein, do not have unique DLL, then extract the metamessage of application program if determine according to the result of step S140; And the step S160 that adds verification msg DB search item; Wherein, the application program metamessage that the unique DLL that in the step S130 that extracts the DLL that loads, extracts is perhaps extracted in the step S150 that extracts metamessage adds verification msg DB to as search item.
The application program metamessage that in step S150, extracts can comprise the Windows title of application program, the filename of execution reflection etc.
In addition, the step S400 of the execution of the application program of the step S300 of the application program verification data of extraction subscriber computer and checking and control subscriber computer can be carried out by the Agent that is stored in the subscriber computer.
Describe step S300 and S400 in detail with reference to Fig. 5, the step S300 that extracts the application program verification data of subscriber computer comprises: step S310, detect the starting point that application program is carried out in the subscriber computer; Step S320 postpones the execution of application program; Step S330 extracts the required DLL of executive utility from application program; And step S340, from application program, extract metamessage.
Step S310 and S320 are described particularly; The opertaing device that operation is implemented with the form of Agent when starting subscriber computer; Load verification msg DB; Begin to detect the operation that application program is carried out, and if in subscriber computer, detect the starting point that application program is carried out, the then at first execution of delay routine.
In addition; In step S300, extract the process of the DLL that loads and use such method: be utilized in the DLL that the relevant api function of process that is provided with among the Windows extracts loading; And the application program metamessage that in step S340, extracts can comprise the Windows title of application program, the filename of execution reflection etc.
And; As shown in Figure 5; The step S400 of execution of the application program of checking and control subscriber computer comprises: step S410, search from the application program of subscriber computer, extract as the DLL of verification msg or metamessage whether corresponding to the project of the application program verification data DB 210 of subscriber computer; Step S420 if the result is for being in step S410, then classifies to each classification application programs among the verification msg DB; Step S430 is according to judging that to the control strategy of each classification of in step S420, being classified whether the execution of application programs is tackled; Step S440 and S450, the execution of application programs allows or tackles; And step S460 and S470, if the result then sends to application program verification server 100 with verification msg, and the execution of application program in the subscriber computer is allowed for not in step S410.
The file that comprises among the application program verification data DB 110 and 210 can be subdivided into P2P program classification PR10, games classification PR20, messenger programs classification PR30, other program classification PR40 etc. to each classification, and is extremely shown in Figure 8 like Fig. 6.In addition; In the step S440 and S450 that allow according to the execution of judging step S430 that the whether execution of application programs is tackled and application programs to the control strategy of each classification of in step S420, being classified or tackle; Only whether can be provided with through user's environment setting the execution of the application program that comprises among the games classification PR20 is tackled; The execution of the application program that perhaps application program that comprises among the games classification PR20 is comprised in P2P messenger programs classification PR10, messenger programs classification PR30 etc. is tackled, thereby can satisfy user's various demands.In addition; Even under carrying out not only by the situation of tackling but also being allowed to; It is also write down and is stored for the execution of each other application program of application class and the history of interception, so that can be used as statistical data through the historical step S500 of the execution/interception of records application program.
Referring to Fig. 6; A kind of system that accordings to the execution of checking of the present invention and controlling application program comprises: application program verification server 100; It is used to analyze the required DLL of process for the application program executive utility file of collecting through the Internet etc.; If have the DLL that can distinguish application program among the DLL that loads, then extract unique DLL, if application program does not comprise this DLL; Then extract among the DLL that loads and to distinguish the metamessage of application program, and be that each program classification generates and renewal application program verification data DB 110; And subscriber computer 200; It comprises the application program verification data DB 210 that sends to subscriber computer from the application program verification server; And checking and execution control module 220; Checking and carry out the execution that control module 220 is used for when the execution of subscriber computer application program is initialised, postponing application program, and the DLL and the metamessage that extract performed application program be as verification msg, the verification msg that utilization extracts is come search for application verification msg DB; If there is not corresponding project; Then the execution of application programs remove to postpone and the verification msg that extracts is sent to authentication server, and if have corresponding project among the application program verification data DB, then come the execution of application programs to tackle or allow according to environment Provisioning Policy to each classification.
According to example embodiment of the present invention, preferably, checking and execution control module 220 are implemented with the form of software, and by being used to verify that also the Agent of the execution of controlling application program is implemented.As shown in Figure 7; Preferably; Be used to verify and the Agent of the execution of controlling application program further comprises: for the permission/interception control setting unit 221 of each classification, it is used for by the user is that each classification is provided with permission or the interception that the execution of application programs is carried out in advance; Program executive real-time detecting unit 222, it is used for detecting the initialization that the subscriber computer application program is carried out; Carry out to allow or interception historical record unit 223, the permission that it is used for the execution of application programs is carried out or the historical record of interception are to application program verification data DB 220; Verification msg DB updating block 224, it is used for the application program verification data DB 210 of subscriber computer and the application program verification data DB110 of application program verification server 100 are compared to upgrade; And carry out and interception notification unit 225, it is used for giving the user with execution or interception notice.
Although illustrated and described technical spirit of the present invention, this description does not limit the present invention, but the preferred embodiments of the present invention only have been described.And, it will be appreciated by those skilled in the art that under the prerequisite that does not break away from technical spirit of the present invention and scope, can carry out variations and modifications.
In addition, scope of the present invention claim but not the scope of detailed instructions limit, and, should be appreciated that all changes that are derived from claim or modification and equivalents thereof all belong to scope of the present invention.
Claims (6)
1. one kind is used to verify the also method of the execution of controlling application program, may further comprise the steps:
(S100) set up application program verification data DB; Wherein, the analysis of application program verification server is for the required DLL of process of each application file executive utility of collecting via the Internet, if there is the DLL that can distinguish application program among the DLL that loads; Then extract unique DLL; If do not have the DLL that can distinguish application program among the DLL that loads, the metamessage that then extracts application program is as identifier, and be each program classification generation application program verification data DB;
(S200) send application program verification data DB, wherein, the application program verification data DB that will in the step of setting up application program verification data DB (S100), generate sends to subscriber computer;
(S300) the application program verification data of extraction subscriber computer; Wherein, When initialization is carried out in the execution of application program in to subscriber computer, postpone the execution of said application program, the DLL or the metamessage that extract application program subsequently are as the application program verification data;
(S400) execution of the application program of checking and control subscriber computer; Wherein, Utilization is desirably in the application program verification data of the application program of using in the subscriber computer and comes search for application verification msg DB; If there is not corresponding project, the execution of the application program that then allows to be postponed, and the application program verification data that extract are sent to said application program verification server; And if have corresponding project, interception or the permission then carried out among the application program verification data DB according to the execution of controlling application programs to the control strategy of each classification of in application program verification data DB, being classified; And
(S500) execution of records application program/interception is historical, wherein, in the step (400) of controlling checking and carrying out afterwards, the permission that the execution of record application programs is carried out in the application program verification data DB of subscriber computer or the history of interception.
2. the method for claim 1; Further comprise step (S600): upgrade application program verification data DB; Wherein, When starting subscriber computer, the application program verification data DB of subscriber computer and the application program verification data DB of application program verification server are compared to upgrade.
3. method as claimed in claim 2, wherein, the step (S100) of setting up application program verification data DB may further comprise the steps:
(S110) carry out Agent, wherein, carry out Agent;
(S120) executive utility, wherein, executive utility;
(S130) extract the DLL that loads, wherein, carry out the DLL that is used for the required basic loading of executive utility;
(S140) judge unique DLL, wherein, judge in the DLL of the basic loading that extracts, whether there is unique DLL that can distinguish application program;
(S150) extract metamessage, wherein, do not have unique DLL, then extract the metamessage of application program if determine according to the result of step (S140); And
(S160) add application program verification data DB search item; Unique DLL that wherein, will in the step (S130) of extracting the DLL that loads, extract or the application program metamessage that in the step (S150) of extracting metamessage, extracts add application program verification data DB to as search item.
4. method as claimed in claim 3, wherein, the application program metamessage that in the step (S150) of extracting metamessage, extracts comprises the Windows title of application program, the filename of execution reflection.
5. method as claimed in claim 2; Wherein, The step (S400) of the execution of the application program of the step (S300) of the application program verification data of extraction subscriber computer and checking and control subscriber computer is carried out by the Agent that is stored in the subscriber computer
The step (S300) of extracting the application program verification data of subscriber computer may further comprise the steps:
(S310) detect the starting point that application program is carried out in the subscriber computer;
(S320) execution of delay application program;
(S330) from application program, extract the required DLL of executive utility; And
(S340) from application program, extract metamessage, and
The step (S400) of the execution of the application program of checking and control subscriber computer may further comprise the steps:
(S410) search from the application program of subscriber computer, extract as the DLL of application program verification data or metamessage whether corresponding to the project of the application program verification data DB of subscriber computer;
(S420) if the result is for being in step (S410), then classify to each classification application programs among the application program verification data DB;
(S430) according to judging that to the control strategy of each classification of in step (S420), being classified whether the execution of application programs is tackled;
The execution of (S440 and S450) application programs allows or tackles; And
(S460 and S470) is if the result then sends to the application program verification server with the application program verification data, and the execution of application program in the subscriber computer is allowed for not in step (S410).
6. method as claimed in claim 5, wherein, the application program metamessage that in step (S340), extracts comprises the Windows title of application program, the filename of execution reflection.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| KR1020070077657A KR100918626B1 (en) | 2007-08-02 | 2007-08-02 | Method for verifying application programs and controlling the execution thereof |
| KR10-2007-0077657 | 2007-08-02 | ||
| PCT/KR2008/004485 WO2009017382A2 (en) | 2007-08-02 | 2008-08-01 | Method for verifying application programs and controlling the execution thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101802805A CN101802805A (en) | 2010-08-11 |
| CN101802805B true CN101802805B (en) | 2012-07-18 |
Family
ID=40305069
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008801016476A Expired - Fee Related CN101802805B (en) | 2007-08-02 | 2008-08-01 | Method for verifying application programs and controlling the execution thereof |
Country Status (4)
| Country | Link |
|---|---|
| KR (1) | KR100918626B1 (en) |
| CN (1) | CN101802805B (en) |
| TW (1) | TWI419005B (en) |
| WO (1) | WO2009017382A2 (en) |
Families Citing this family (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100970567B1 (en) * | 2009-08-24 | 2010-07-16 | 윤성진 | Method for firewalling using program database |
| KR101138746B1 (en) * | 2010-03-05 | 2012-04-24 | 주식회사 안철수연구소 | Apparatus and method for preventing malicious codes using executive files |
| KR101369250B1 (en) * | 2011-12-29 | 2014-03-06 | 주식회사 안랩 | Server, client and method for verifying integrity of data in peer to peer based network |
| AU2013207269A1 (en) * | 2012-01-06 | 2014-07-24 | Optio Labs, LLC | Systems and methods for enforcing security in mobile computing |
| KR101995260B1 (en) * | 2012-04-30 | 2019-07-02 | 삼성전자 주식회사 | Method and system for providing app service |
| JP5533935B2 (en) * | 2012-05-10 | 2014-06-25 | トヨタ自動車株式会社 | Software distribution system and software distribution method |
| KR101594643B1 (en) * | 2012-11-22 | 2016-02-16 | 단국대학교 산학협력단 | Method for detecting software piracy and theft based on partial information of executable file, and apparatus therefor |
| CN103092604B (en) * | 2012-12-13 | 2016-09-21 | 上海欧拉网络技术有限公司 | A kind of application program sorting technique and device |
| CN102968338B (en) * | 2012-12-13 | 2016-12-21 | 上海欧拉网络技术有限公司 | Method, device and the electronic equipment classified for the application program of electronic equipment |
| CN103246595B (en) * | 2013-04-08 | 2016-06-08 | 小米科技有限责任公司 | Application management method, device, server and terminating unit |
| CN103366104A (en) * | 2013-07-22 | 2013-10-23 | 腾讯科技(深圳)有限公司 | Method and device for controlling accessing of application |
| KR101593899B1 (en) | 2014-04-03 | 2016-02-15 | 주식회사 엘지씨엔에스 | Cloud computing method, clould computing server performing the same and storage media storing the same |
| KR101654973B1 (en) * | 2014-04-30 | 2016-09-06 | 단국대학교 산학협력단 | Apparatus and method for software filtering |
| KR101700413B1 (en) * | 2015-09-24 | 2017-02-13 | 주식회사 오앤파트너스 | Method and system for integrity check of integrit of program |
| KR101899149B1 (en) * | 2018-04-30 | 2018-09-14 | 에스엠테크놀러지(주) | Abnormal Process Monitoring and Controlling System and Method, Recording Medium for Performing the Method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1581144A (en) * | 2003-07-31 | 2005-02-16 | 上海市电子商务安全证书管理中心有限公司 | Digital certificate local identification method and system |
| CN1629819A (en) * | 2003-12-20 | 2005-06-22 | 鸿富锦精密工业(深圳)有限公司 | System and method for centralized monitoring of limited program |
| CN1759564A (en) * | 2003-03-10 | 2006-04-12 | 索尼株式会社 | Access control processing method |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7093135B1 (en) * | 2000-05-11 | 2006-08-15 | Cybersoft, Inc. | Software virus detection methods and apparatus |
| US7363657B2 (en) * | 2001-03-12 | 2008-04-22 | Emc Corporation | Using a virus checker in one file server to check for viruses in another file server |
| US7600222B2 (en) * | 2002-01-04 | 2009-10-06 | Microsoft Corporation | Systems and methods for managing drivers in a computing system |
| KR100611679B1 (en) * | 2004-07-30 | 2006-08-10 | 주식회사 뉴테크웨이브 | A system for early prevention of computer virus and a method therefor |
| JP4733509B2 (en) * | 2005-11-28 | 2011-07-27 | 株式会社野村総合研究所 | Information processing apparatus, information processing method, and program |
-
2007
- 2007-08-02 KR KR1020070077657A patent/KR100918626B1/en active IP Right Grant
-
2008
- 2008-08-01 WO PCT/KR2008/004485 patent/WO2009017382A2/en active Application Filing
- 2008-08-01 TW TW097129402A patent/TWI419005B/en not_active IP Right Cessation
- 2008-08-01 CN CN2008801016476A patent/CN101802805B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1759564A (en) * | 2003-03-10 | 2006-04-12 | 索尼株式会社 | Access control processing method |
| CN1581144A (en) * | 2003-07-31 | 2005-02-16 | 上海市电子商务安全证书管理中心有限公司 | Digital certificate local identification method and system |
| CN1629819A (en) * | 2003-12-20 | 2005-06-22 | 鸿富锦精密工业(深圳)有限公司 | System and method for centralized monitoring of limited program |
Non-Patent Citations (1)
| Title |
|---|
| JP特开2007-148805A 2007.06.14 |
Also Published As
| Publication number | Publication date |
|---|---|
| KR100918626B1 (en) | 2009-09-25 |
| WO2009017382A2 (en) | 2009-02-05 |
| KR20090013483A (en) | 2009-02-05 |
| CN101802805A (en) | 2010-08-11 |
| WO2009017382A3 (en) | 2009-04-16 |
| TWI419005B (en) | 2013-12-11 |
| TW200912696A (en) | 2009-03-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101802805B (en) | Method for verifying application programs and controlling the execution thereof | |
| Bayer et al. | Scalable, behavior-based malware clustering. | |
| RU2444056C1 (en) | System and method of speeding up problem solving by accumulating statistical information | |
| US9537897B2 (en) | Method and apparatus for providing analysis service based on behavior in mobile network environment | |
| US8667583B2 (en) | Collecting and analyzing malware data | |
| RU2568295C2 (en) | System and method for temporary protection of operating system of hardware and software from vulnerable applications | |
| US7870612B2 (en) | Antivirus protection system and method for computers | |
| US11086983B2 (en) | System and method for authenticating safe software | |
| US8898775B2 (en) | Method and apparatus for detecting the malicious behavior of computer program | |
| US20070220518A1 (en) | Thread Interception and Analysis | |
| CN102413142A (en) | Active defense method based on cloud platform | |
| WO2012022251A1 (en) | Whitelist-based inspection method for malicious process | |
| KR101676366B1 (en) | Attacks tracking system and method for tracking malware path and behaviors for the defense against cyber attacks | |
| CN101788915A (en) | White list updating method based on trusted process tree | |
| KR101132197B1 (en) | Apparatus and Method for Automatically Discriminating Malicious Code | |
| US20110219454A1 (en) | Methods of identifying activex control distribution site, detecting security vulnerability in activex control and immunizing the same | |
| US10091225B2 (en) | Network monitoring method and network monitoring device | |
| CN103428212A (en) | Malicious code detection and defense method | |
| Zhao et al. | A large-scale empirical analysis of the vulnerabilities introduced by third-party components in IoT firmware | |
| CN108809950B (en) | Wireless router protection method and system based on cloud shadow system | |
| KR100611679B1 (en) | A system for early prevention of computer virus and a method therefor | |
| RU2697951C2 (en) | System and method of terminating functionally restricted application, interconnected with website, launched without installation | |
| CN103106366A (en) | Dynamic maintenance method of sample database based on cloud | |
| KR100632204B1 (en) | Attack detection device on network and method | |
| Bayer | Large-scale dynamic malware analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120718 Termination date: 20170801 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |