CN104462950A - Application program executing permission control method used for operating system - Google Patents
Application program executing permission control method used for operating system Download PDFInfo
- Publication number
- CN104462950A CN104462950A CN201410780494.XA CN201410780494A CN104462950A CN 104462950 A CN104462950 A CN 104462950A CN 201410780494 A CN201410780494 A CN 201410780494A CN 104462950 A CN104462950 A CN 104462950A
- Authority
- CN
- China
- Prior art keywords
- application program
- performs
- authority control
- control strategy
- operating system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The the invention discloses an application program executing permission control method used for an operating system. The method includes the following steps: classifying application programs in the operating system; establishing an executing permission control strategy of the application programs; when the application programs execute requests, checking classifying marks of the application programs, verifying completeness of the application programs if the classifying marks allow all users to execute or are protected and are tampering-proof, executing if verification passes, and refusing to execute if verification fails; if the classifying marks allow or refuse part of users to execute, inquiring the executing permission control strategy on the basis of inherent information of the application programs, executing if the executing permission control strategy returned by inquiring allows the application programs to be executed, and refusing to execute if not; if the classifying marks are empty or refuse all users to execute, refusing toe execute the application programs. The application program executing permission control method has the advantages of high malicious software preventing capability, safety, reliability, high stability, high universality and high expandability.
Description
Technical field
The present invention relates to computer safety field, be specifically related to a kind of application program for operating system and perform authority control method.
Background technology
Current, along with deepening continuously of the level of informatization, computer virus is day by day serious to the destruction of infosystem, how guarantee information system secure and trusted, and guaranteeing that the integrality of application program is not damaged has been the important embodiment of one ensureing security of system.Existing computer virus great majority all cause because user has a mind to or be not intended to perform rogue program.Rogue program disguises oneself as normal procedure or binding amendment normal procedure usually, brings out user and performs the program that was tampered to reach demolition purpose, damage, cause the security incidents such as information leakage to the security of infosystem.Therefore guarantee that the integrality of system application is most important to guard system safety.
Prior art in single terminal operating system, guarantees system application integrality in infosystem.It is also perform software to control that the technical scheme of prior art utilizes reliable computing technology to carry out integrity checking.Before software performs, checked the integrality of software by integrity measurement, perform to prevent the software be tampered.But the integrality detection method based on trust computing needs to support with trusted computing chips such as TPM, and all carries out to cause very large impact to system performance based on the integrity detection of trusted computing chip on all software.Simultaneously; what cause due to software installation, software upgrading etc. reconfigures; the illegal software having entered system before may making is run, and the execution therefore carrying out software based on trust computing controls also there is certain potential safety hazard, can not protection system safety effectively.
Summary of the invention
The technical problem to be solved in the present invention is: for the above-mentioned technical matters of prior art, provides the application program for operating system that a kind of Malware prevention ability is strong, safe and reliable, stability is high, versatility good, extendability is strong to perform authority control method.
In order to solve the problems of the technologies described above, the technical solution used in the present invention is:
Application program for operating system performs an authority control method, and implementation step is as follows:
1) application program in operating system is categorized as allow all users to perform, protected and anti-tamper, to allow or refusal certain customers perform, refuse all users and perform four classes and the key words sorting being stored as application program respectively; Simultaneously, for the application program in operating system, the execution authority control strategy of application program is set up respectively according to the intrinsic information of application program, described execution authority control strategy is configured to add and revise all need administrator right just can operate, and each record in described execution authority control strategy comprises for the intrinsic information of specifying and designated user permission or forbids the information that application program performs;
2) intercept and capture application program when operating system and perform request, when application program performs request, redirect performs next step;
3) key words sorting of application program is checked, if key words sorting is for allowing all users to perform or protected and anti-tamper, then carry out completeness check for application program, if verification by; allow executive utility, if verification by; refuse executive utility; If key words sorting is for allowing or the execution of refusal certain customers, intrinsic information then based on application program inquires about described execution authority control strategy, if inquire about the execution authority control strategy returned to perform for allowing application program, executive utility, otherwise refusal executive utility; If key words sorting is empty or is all user's execution of refusal, then refuse executive utility.
Preferably, in described step 1), the key words sorting of application program is specifically stored in the extension attribute space of application program.
Preferably, the detailed step of the execution authority control strategy of application program is set up according to the intrinsic information of application program in described step 1) as follows:
1.1) set permission respectively according to the publisher of application program or forbid the information that application program performs, and adding the execution authority control strategy of application program to;
1.2) set permission respectively according to the installation path of application program or forbid the information that application program performs, and adding the execution authority control strategy of application program to;
1.3) set permission respectively according to the program name of application program or forbid the information that application program performs, and adding the execution authority control strategy of application program to;
1.4) set permission respectively according to the program hash proof test value of application program or forbid the information that application program performs, and adding the execution authority control strategy of application program to.
Preferably, the detailed step of described execution authority control strategy is inquired about based on the intrinsic information of application program in described step 3) as follows:
3.1) described execution authority control strategy is inquired about according to the publisher of application program, judge whether allow or forbid that application program performs, if Query Result is for forbidding that application program performs, then inquiring about described execution authority control strategy to terminate, returning final Query Result for forbidding that application program performs; If Query Result performs for allowing application program, then redirect performs next step;
3.2) described execution authority control strategy is inquired about according to the installation path of application program, judge whether allow or forbid that application program performs, if Query Result is for forbidding that application program performs, then inquiring about described execution authority control strategy to terminate, returning final Query Result for forbidding that application program performs; If Query Result performs for allowing application program, then redirect performs next step;
3.3) described execution authority control strategy is inquired about according to the program name of application program, judge whether allow or forbid that application program performs, if Query Result is for forbidding that application program performs, then inquiring about described execution authority control strategy to terminate, returning final Query Result for forbidding that application program performs; If Query Result performs for allowing application program, then redirect performs next step;
3.4) described execution authority control strategy is inquired about according to the program hash proof test value of application program, judge whether allow or forbid that application program performs, if Query Result is for forbidding that application program performs, then inquiring about described execution authority control strategy to terminate, returning final Query Result for forbidding that application program performs; If Query Result performs for allowing application program, then inquire about described execution authority control strategy and terminate, return final Query Result and perform for allowing application program.
Preferably, described step 2) step new application program of installing detected by software erecting tools is also comprised when operating system, detailed step is as follows:
2.1) first detect current sessions user and whether there is administrator right, if current sessions user does not have administrator right, exit the installation of application program; If current sessions user has administrator right, redirect performs next step;
2.2) detect the publisher carried in the software package of application program to be installed, judge that whether publisher is legal, if publisher does not conform to the installation that rule exits application program, otherwise redirect performs next step;
2.3) software private key is issued to decipher by what specify the encryption software summary detecting and carry in the software package of application program to be installed, obtain the priginal soft summary of application program to be installed, simultaneously for application program to be installed generates new software summary, priginal soft summary and new software summary are compared, if both are inconsistent, judge that application integrity verification to be installed is not passed through, exit the installation of application program; If both unanimously, judge that application integrity verification to be installed is passed through, redirect performs next step;
2.4) being installed in operating system by application program to be installed, is that new application program of installing is added and performed authority control strategy by having the user of administrator right.
Preferably, described step 2) step detecting application program and be modified also is comprised when operating system, detailed step is as follows:
A) application file in monitor operating system, when detecting that current application program is modified, redirect performs next step;
B) the main body application program that current application program is modified is obtained;
C) detect described main body application program and whether be accompanied with key words sorting, if main body application program is accompanied with key words sorting, then allow this main body application program to modify to current application program; If main body application program does not attach key words sorting, then refuse this main body application program and current application program is modified.
The application program execution authority control method that the present invention is used for operating system has following advantage:
1, the present invention application program in operating system is categorized as allow all users to perform, protected and anti-tamper, to allow or refusal certain customers perform, refuse all users and perform four classes and the key words sorting being stored as application program respectively; the key words sorting of application program is checked when application program performs request; and make different process according to key words sorting; can the effectively legitimacy of recognizer and integrality, there is the advantage that Malware prevention ability is strong, safe and reliable.
2, the present invention is directed to the application program in operating system, the execution authority control strategy of application program is set up respectively according to the intrinsic information of application program, if key words sorting is for allowing or the execution of refusal certain customers, then based on the intrinsic information query execution control of authority strategy of application program, if inquire about the execution authority control strategy returned to perform for allowing application program, executive utility, otherwise refusal executive utility; The program achieved based on intrinsic information classification performs control, can effectively prevent illegal program from running, realize the platform stabilization under system sealing running status, have the advantage that stability is high; And the present invention is by setting up the execution authority control strategy of application program according to the intrinsic information of application program, the key words sorting of connected applications program, combined comprehensive control that can effectively promote application program in operating system by two kinds of modes, thus the comprehensive control to process operation in operating system can be realized.
3, application program in operating system is categorized as and allows all users to perform by the present invention, protected and anti-tamper, allow or the execution of refusal certain customers, refuse all users and perform four classes and the key words sorting being stored as application program respectively, the key words sorting of application program of the present invention is stored in the extension attribute space of application program further, adopt the mark of extended attribute space storage program classification, as long as therefore goal systems platform support program extended attribute, application program of the present invention just can be used to perform control method, both kylin operating system and Linux system can be supported, equally also can support the operating system of other support program extended attribute, can the diversity of supporting platform, there is versatility good, the advantage that extendability is strong.
Accompanying drawing explanation
Fig. 1 is the implementing procedure schematic diagram of the embodiment of the present invention.
Embodiment
As shown in Figure 1, the present embodiment is as follows for the implementation step of the application program execution authority control method of operating system:
1) application program in operating system is categorized as allows all users to perform P, protected and anti-tamper X, permission or refusal certain customers to perform L, refuse all users and perform U tetra-class and be stored as the key words sorting of application program respectively; Simultaneously, for the application program in operating system, the execution authority control strategy of application program is set up respectively according to the intrinsic information of application program, perform authority control strategy to be configured to add and revise all need administrator right just can operate, each record performed in authority control strategy comprises for the intrinsic information of specifying and designated user permission or forbids the information that application program performs;
2) intercept and capture application program when operating system and perform request, when application program performs request, redirect performs next step;
3) key words sorting of application program is checked, if key words sorting performs P or protected and anti-tamper X for allowing all users, then carry out completeness check for application program, if verification by; allow executive utility, if verification by; refuse executive utility; If key words sorting is for allowing or refusal certain customers execution L, then based on the intrinsic information query execution control of authority strategy of application program, if inquire about the execution authority control strategy returned to perform for allowing application program, executive utility, otherwise refusal executive utility; If key words sorting performs U for sky or for refusing all users, then refuse executive utility.
See above-mentioned steps 1) ~ step 3), the present embodiment is by classifying to the application program of operating system, build the execution authority control strategy based on intrinsic information and designated user, classification can be carried out according to different user in operating system and application program source attribute to control, by setting up the execution authority control strategy of application program according to the intrinsic information of application program, the key words sorting of connected applications program, comprehensive control that can effectively promote application program in operating system is combined by two kinds of modes, thus the comprehensive control that can realize process operation in operating system, can effectively identify external illegal program, there is Malware prevention ability strong, safety is controlled, the advantage of good stability, and the function of the control of authority and the file integrality protection of secret password is performed in an operating system by application programs, the application program achieved based on user performs control, can the integrality of available protecting application program, there is Malware prevention ability strong, application program is anti-tamper, independently controlled advantage.
In the present embodiment, in step 1), the key words sorting of application program is specifically stored in the extension attribute space of application program.The operating system environment of the present embodiment is the kylin operating system that School of Computer Science of the National University of Defense technology develops, kylin operating system can be supported to store key words sorting by the extension attribute of application program, in addition, the present embodiment equally also can support the operating system of other support program extended attribute, the diversity of supporting platform, has the advantage that versatility is good, extendability is strong; In addition, the forms such as file, database, internal memory also can be adopted as required to store the mark of application program classification, and can preferably adopt the mode of encryption to store.The safety label of the file extent property store program that the present embodiment utilizes operating system to support, extended attribute space is named as security.exectl, and key words sorting is stored in the extension attribute space security.exectl of application program.In operating system installation process, all systems carry protected application program and are labeled P, are to allow all users to perform; All external program initializations are labeled as L, and be limited class mark, this class method is the user needing specific permission to perform, and builds unique user to the execution authority of program, allow or the execution of refusal certain customers; Other rogue program is unmarked or hand labeled is U, this class method is that any user of refusal performs, by carrying out classification control to perform authority to carry application program and the external application program of operating system, have that Malware prevention ability is strong, safety is controlled, put advantages such as distorting.Application program is categorized as and allows all users to perform P, protected and anti-tamper X, permission or refusal certain customers to perform L, refuse all users and perform U tetra-class by the present embodiment; be mainly used for performing according to the trusted sources custom-built system of system application the initial default control strategy controlled; for system user provides basic execution authority, the key words sorting of the execution control strategy that current system runs and application program allows or forbids the execution request of application program.When operating system, checked the execution authority of application program by the key words sorting of application program; Namely the execution authority of the program of this application is judged according to application program marker bit, if the key words sorting of application program is P, X, L, then allow this program to perform or restricted execution, if the key words sorting of application program is U, other key words sortings or for empty, then refuses this program and perform.
In the present embodiment, the detailed step setting up the execution authority control strategy of application program in step 1) according to the intrinsic information of application program is as follows:
1.1) set permission respectively according to the publisher of application program or forbid the information that application program performs, and adding the execution authority control strategy of application program to;
1.2) set permission respectively according to the installation path of application program or forbid the information that application program performs, and adding the execution authority control strategy of application program to;
1.3) set permission respectively according to the program name of application program or forbid the information that application program performs, and adding the execution authority control strategy of application program to;
1.4) set permission respectively according to the program hash proof test value of application program or forbid the information that application program performs, and adding the execution authority control strategy of application program to.
Above-mentioned steps 1.2) according to the installation path of application program set respectively allow or forbid the information that application program performs, and when adding the execution authority control strategy of application program to, comprise the execution authority controlling subroutine under this program name or this file according to the installation path of application program, and add to and perform authority control strategy.In conjunction with above-mentioned steps 1.1) ~ 1.4) known, in the present embodiment, perform authority control strategy and comprise publisher, installation path, program name, program hash proof test value four kinds of basic granularities, define complete execution authority control law based on publisher, installation path, program name, program hash proof test value four kinds of basic granularities.The software group that the execution authority controlling this class method according to publisher can provide according to software package, carry out unifying to arrange execution authority, the software namely realized this software package provides carries out unified rights control, has the features such as versatility; Control according to installation path the execution authority that this program execution rights can limit single program, realize different user and authority is performed to the difference of same program, there is the feature such as diversity, extendability; Guarantee the integrality of this program according to program hash proof test value and perform authority, realizing the uniqueness of application programs, there is the features such as anti-tamper.
In the present embodiment, the detailed step of the intrinsic information query execution control of authority strategy based on application program in step 3) is as follows:
3.1) according to publisher's query execution control of authority strategy of application program, judge whether allow or forbid that application program performs, if Query Result is for forbidding that application program performs, then query execution control of authority strategy terminates, and returns final Query Result for forbidding that application program performs; If Query Result performs for allowing application program, then redirect performs next step;
3.2) according to the installation path query execution control of authority strategy of application program, judge whether allow or forbid that application program performs, if Query Result is for forbidding that application program performs, then query execution control of authority strategy terminates, and returns final Query Result for forbidding that application program performs; If Query Result performs for allowing application program, then redirect performs next step;
3.3) according to the program name query execution control of authority strategy of application program, judge whether allow or forbid that application program performs, if Query Result is for forbidding that application program performs, then query execution control of authority strategy terminates, and returns final Query Result for forbidding that application program performs; If Query Result performs for allowing application program, then redirect performs next step;
3.4) according to the program hash proof test value query execution control of authority strategy of application program, judge whether allow or forbid that application program performs, if Query Result is for forbidding that application program performs, then query execution control of authority strategy terminates, and returns final Query Result for forbidding that application program performs; If Query Result performs for allowing application program, then query execution control of authority strategy terminates, and returns final Query Result and performs for allowing application program.
The present embodiment is by above-mentioned steps 3.1) ~ 3.4) effectively realize the pool process defining complete execution authority control law based on publisher, installation path, program name, program hash proof test value four kinds of basic granularities, if publisher, installation path, program name, program hash proof test value four kinds of basic granularities all allow application program to perform the execution of ability final permission application program, otherwise application program will be refused perform, thus effectively realize the control that application program performs authority.
In the operating system of application the present embodiment, each legal external program needs the step through software package signature and signature verification in advance, the software package of each legal external program issues by software dispatch center, the summary of first computation software package before issuing, then use the private key at software dispatch center to sign to software summary, and issue as in advance by signing and carrying the software package that software makes a summary together with software package and the software of sign are made a summary.
Therefore, the present embodiment step 2) step new application program of installing detected by software erecting tools is also comprised when operating system, detailed step is as follows:
2.1) first detect current sessions user and whether there is administrator right, if current sessions user does not have administrator right, exit the installation of application program; If current sessions user has administrator right, redirect performs next step;
2.2) detect the publisher carried in the software package of application program to be installed, judge that whether publisher is legal, if publisher does not conform to the installation that rule exits application program, otherwise redirect performs next step;
2.3) software private key is issued to decipher by what specify the encryption software summary detecting and carry in the software package of application program to be installed, obtain the priginal soft summary of application program to be installed, simultaneously for application program to be installed generates new software summary, priginal soft summary and new software summary are compared, if both are inconsistent, judge that application integrity verification to be installed is not passed through, exit the installation of application program; If both unanimously, judge that application integrity verification to be installed is passed through, redirect performs next step;
2.4) being installed in operating system by application program to be installed, is that new application program of installing is added and performed authority control strategy by having the user of administrator right.
The present embodiment is by above-mentioned steps 2.1) ~ 2.4), efficiently solve the safety problem of external application program in operating system, any external application program all needs to use software erecting tools to install, software erecting tools is when the software package carrying out legal external program is installed, first administration authority is needed to confirm, then verification software bag obtains legitimacy and integrality, if by verification, allows to install, and adds this user and be limited to permission control strategy to this software right of execution; If not by verification, install failure.Any external program without software erecting tools checking installation then automatic powder adding is added to refusal execution control strategy.
In the present embodiment, step 2) step detecting application program and be modified also is comprised when operating system, detailed step is as follows: A) application file in monitor operating system, when detecting that current application program is modified, redirect performs next step; B) the main body application program that current application program is modified is obtained; C) detect main body application program and whether be accompanied with key words sorting, if main body application program is accompanied with key words sorting, then allow this main body application program to modify to current application program; If main body application program does not attach key words sorting, then refuse this main body application program and current application program is modified.The present embodiment is by above-mentioned steps A) ~ C) record detect the step that application program is modified when operating system, the application program in operating system can be effectively prevented to be illegally modified, can the integrality of recognition application and legitimacy, and the execution of illegal software can be limited by system running state and program origin marking, what realize application programs performs control, effectively can ensure the safety and reliability of system.
The above is only the preferred embodiment of the present invention, protection scope of the present invention be not only confined to above-described embodiment, and all technical schemes belonged under thinking of the present invention all belong to protection scope of the present invention.It should be pointed out that for those skilled in the art, some improvements and modifications without departing from the principles of the present invention, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (6)
1. the application program for operating system performs an authority control method, it is characterized in that implementation step is as follows:
1) application program in operating system is categorized as allow all users to perform, protected and anti-tamper, to allow or refusal certain customers perform, refuse all users and perform four classes and the key words sorting being stored as application program respectively; Simultaneously, for the application program in operating system, the execution authority control strategy of application program is set up respectively according to the intrinsic information of application program, described execution authority control strategy is configured to add and revise all need administrator right just can operate, and each record in described execution authority control strategy comprises for the intrinsic information of specifying and designated user permission or forbids the information that application program performs;
2) intercept and capture application program when operating system and perform request, when application program performs request, redirect performs next step;
3) key words sorting of application program is checked, if key words sorting is for allowing all users to perform or protected and anti-tamper, then carry out completeness check for application program, if verification by; allow executive utility, if verification by; refuse executive utility; If key words sorting is for allowing or the execution of refusal certain customers, intrinsic information then based on application program inquires about described execution authority control strategy, if inquire about the execution authority control strategy returned to perform for allowing application program, executive utility, otherwise refusal executive utility; If key words sorting is empty or is all user's execution of refusal, then refuse executive utility.
2. the application program for operating system according to claim 1 performs authority control method, and it is characterized in that, in described step 1), the key words sorting of application program is specifically stored in the extension attribute space of application program.
3. the application program for operating system according to claim 2 performs authority control method, and it is characterized in that, the detailed step setting up the execution authority control strategy of application program in described step 1) according to the intrinsic information of application program is as follows:
1.1) set permission respectively according to the publisher of application program or forbid the information that application program performs, and adding the execution authority control strategy of application program to;
1.2) set permission respectively according to the installation path of application program or forbid the information that application program performs, and adding the execution authority control strategy of application program to;
1.3) set permission respectively according to the program name of application program or forbid the information that application program performs, and adding the execution authority control strategy of application program to;
1.4) set permission respectively according to the program hash proof test value of application program or forbid the information that application program performs, and adding the execution authority control strategy of application program to.
4. the application program for operating system according to claim 3 performs authority control method, it is characterized in that, inquires about the detailed step of described execution authority control strategy as follows in described step 3) based on the intrinsic information of application program:
3.1) described execution authority control strategy is inquired about according to the publisher of application program, judge whether allow or forbid that application program performs, if Query Result is for forbidding that application program performs, then inquiring about described execution authority control strategy to terminate, returning final Query Result for forbidding that application program performs; If Query Result performs for allowing application program, then redirect performs next step;
3.2) described execution authority control strategy is inquired about according to the installation path of application program, judge whether allow or forbid that application program performs, if Query Result is for forbidding that application program performs, then inquiring about described execution authority control strategy to terminate, returning final Query Result for forbidding that application program performs; If Query Result performs for allowing application program, then redirect performs next step;
3.3) described execution authority control strategy is inquired about according to the program name of application program, judge whether allow or forbid that application program performs, if Query Result is for forbidding that application program performs, then inquiring about described execution authority control strategy to terminate, returning final Query Result for forbidding that application program performs; If Query Result performs for allowing application program, then redirect performs next step;
3.4) described execution authority control strategy is inquired about according to the program hash proof test value of application program, judge whether allow or forbid that application program performs, if Query Result is for forbidding that application program performs, then inquiring about described execution authority control strategy to terminate, returning final Query Result for forbidding that application program performs; If Query Result performs for allowing application program, then inquire about described execution authority control strategy and terminate, return final Query Result and perform for allowing application program.
5. the application program for operating system according to claim 1 or 2 or 3 or 4 performs authority control method, it is characterized in that, described step 2) step new application program of installing detected by software erecting tools is also comprised when operating system, detailed step is as follows:
2.1) first detect current sessions user and whether there is administrator right, if current sessions user does not have administrator right, exit the installation of application program; If current sessions user has administrator right, redirect performs next step;
2.2) detect the publisher carried in the software package of application program to be installed, judge that whether publisher is legal, if publisher does not conform to the installation that rule exits application program, otherwise redirect performs next step;
2.3) software private key is issued to decipher by what specify the encryption software summary detecting and carry in the software package of application program to be installed, obtain the priginal soft summary of application program to be installed, simultaneously for application program to be installed generates new software summary, priginal soft summary and new software summary are compared, if both are inconsistent, judge that application integrity verification to be installed is not passed through, exit the installation of application program; If both unanimously, judge that application integrity verification to be installed is passed through, redirect performs next step;
2.4) being installed in operating system by application program to be installed, is that new application program of installing is added and performed authority control strategy by having the user of administrator right.
6. the application program for operating system according to claim 5 performs authority control method, it is characterized in that, described step 2) step detecting application program and be modified also is comprised when operating system, detailed step is as follows:
A) application file in monitor operating system, when detecting that current application program is modified, redirect performs next step;
B) the main body application program that current application program is modified is obtained;
C) detect described main body application program and whether be accompanied with key words sorting, if main body application program is accompanied with key words sorting, then allow this main body application program to modify to current application program; If main body application program does not attach key words sorting, then refuse this main body application program and current application program is modified.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410780494.XA CN104462950A (en) | 2014-12-17 | 2014-12-17 | Application program executing permission control method used for operating system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410780494.XA CN104462950A (en) | 2014-12-17 | 2014-12-17 | Application program executing permission control method used for operating system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104462950A true CN104462950A (en) | 2015-03-25 |
Family
ID=52908975
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410780494.XA Pending CN104462950A (en) | 2014-12-17 | 2014-12-17 | Application program executing permission control method used for operating system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104462950A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105426749A (en) * | 2015-11-03 | 2016-03-23 | 浪潮电子信息产业股份有限公司 | Method for controlling running of ELF files on basis of signature mechanism |
| CN105760750A (en) * | 2016-02-01 | 2016-07-13 | 北京华胜天成科技股份有限公司 | Software falsification recognition method and system |
| CN107305569A (en) * | 2016-04-21 | 2017-10-31 | 北京搜狗科技发展有限公司 | A kind of information processing method and device |
| CN108171052A (en) * | 2017-12-28 | 2018-06-15 | 北京亿赛通科技发展有限责任公司 | A kind of guard method of Linux server safety and system |
| CN109376553A (en) * | 2018-09-04 | 2019-02-22 | 深圳技术大学(筹) | The verification method and system of website background picture resource integrity |
| CN110520861A (en) * | 2017-04-19 | 2019-11-29 | 大陆汽车系统公司 | Method and apparatus for carrying out rapid authentication program by using safety element |
| CN110633196A (en) * | 2018-06-21 | 2019-12-31 | 亿度慧达教育科技(北京)有限公司 | Automatic use case execution method and device of application program |
| WO2020047736A1 (en) * | 2018-09-04 | 2020-03-12 | 深圳技术大学(筹) | Method and system for verifying integrity of website backend picture resource |
| CN112632474A (en) * | 2020-12-28 | 2021-04-09 | 湖北亿咖通科技有限公司 | Vehicle-mounted machine software and hardware activation method |
| CN113268723A (en) * | 2021-06-24 | 2021-08-17 | 广东电网有限责任公司计量中心 | Electric energy meter software platform application program authority control method and related device |
| CN113626835A (en) * | 2021-06-25 | 2021-11-09 | 荣耀终端有限公司 | Data access method and electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217368A (en) * | 2007-12-29 | 2008-07-09 | 亿阳安全技术有限公司 | A network logging on system and the corresponding configuration method and methods for logging on the application system |
| CN103020515A (en) * | 2012-12-26 | 2013-04-03 | 中国人民解放军国防科学技术大学 | Application program execution permission control method for operating system |
| US20130086675A1 (en) * | 2010-06-09 | 2013-04-04 | Canon Kabushiki Kaisha | Information processing apparatus and method of executing an application in the apparatus |
-
2014
- 2014-12-17 CN CN201410780494.XA patent/CN104462950A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217368A (en) * | 2007-12-29 | 2008-07-09 | 亿阳安全技术有限公司 | A network logging on system and the corresponding configuration method and methods for logging on the application system |
| US20130086675A1 (en) * | 2010-06-09 | 2013-04-04 | Canon Kabushiki Kaisha | Information processing apparatus and method of executing an application in the apparatus |
| CN103020515A (en) * | 2012-12-26 | 2013-04-03 | 中国人民解放军国防科学技术大学 | Application program execution permission control method for operating system |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105426749A (en) * | 2015-11-03 | 2016-03-23 | 浪潮电子信息产业股份有限公司 | Method for controlling running of ELF files on basis of signature mechanism |
| CN105426749B (en) * | 2015-11-03 | 2018-08-14 | 浪潮电子信息产业股份有限公司 | A method of ELF running papers are controlled based on signature mechanism |
| CN105760750A (en) * | 2016-02-01 | 2016-07-13 | 北京华胜天成科技股份有限公司 | Software falsification recognition method and system |
| CN107305569A (en) * | 2016-04-21 | 2017-10-31 | 北京搜狗科技发展有限公司 | A kind of information processing method and device |
| CN110520861A (en) * | 2017-04-19 | 2019-11-29 | 大陆汽车系统公司 | Method and apparatus for carrying out rapid authentication program by using safety element |
| CN110520861B (en) * | 2017-04-19 | 2023-04-25 | 大陆汽车系统公司 | Method and apparatus for rapid authentication of a program by using a secure element |
| CN108171052A (en) * | 2017-12-28 | 2018-06-15 | 北京亿赛通科技发展有限责任公司 | A kind of guard method of Linux server safety and system |
| CN110633196A (en) * | 2018-06-21 | 2019-12-31 | 亿度慧达教育科技(北京)有限公司 | Automatic use case execution method and device of application program |
| WO2020047736A1 (en) * | 2018-09-04 | 2020-03-12 | 深圳技术大学(筹) | Method and system for verifying integrity of website backend picture resource |
| CN109376553A (en) * | 2018-09-04 | 2019-02-22 | 深圳技术大学(筹) | The verification method and system of website background picture resource integrity |
| CN112632474A (en) * | 2020-12-28 | 2021-04-09 | 湖北亿咖通科技有限公司 | Vehicle-mounted machine software and hardware activation method |
| CN113268723A (en) * | 2021-06-24 | 2021-08-17 | 广东电网有限责任公司计量中心 | Electric energy meter software platform application program authority control method and related device |
| CN113626835A (en) * | 2021-06-25 | 2021-11-09 | 荣耀终端有限公司 | Data access method and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104462950A (en) | Application program executing permission control method used for operating system | |
| CN103020515B (en) | Application program execution permission control method for operating system | |
| Jang et al. | Secret: Secure channel between rich execution environment and trusted execution environment. | |
| US7546587B2 (en) | Run-time call stack verification | |
| KR101503785B1 (en) | Method And Apparatus For Protecting Dynamic Library | |
| CA3023939C (en) | Method and apparatus for dynamic executable verification | |
| CN102592083B (en) | Storage protecting controller and method for improving safety of SOC (system on chip) | |
| US20080162932A1 (en) | Authenticating suspect data using key tables | |
| KR101414580B1 (en) | A Secured Linux Operationg System Using Multi-level Security | |
| CN111400723A (en) | TEE extension-based operating system kernel mandatory access control method and system | |
| Song et al. | Appis: Protect android apps against runtime repackaging attacks | |
| CN105912953A (en) | Trusted booting based data protecting method of virtual machine | |
| CN101238470B (en) | Method for operating computing device, method for manufacturing software | |
| CN115310084A (en) | Tamper-proof data protection method and system | |
| CN108429746B (en) | Privacy data protection method and system for cloud tenants | |
| Strandberg et al. | Resilient shield: Reinforcing the resilience of vehicles against security threats | |
| CN103530555B (en) | Prevent the method and apparatus that program performs malicious operation | |
| CN114095227A (en) | Credible authentication method and system for data communication gateway and electronic equipment | |
| Kong et al. | PtmxGuard: An Improved Method for Android Kernel to Prevent Privilege Escalation Attack | |
| CN105631317A (en) | System calling method and apparatus | |
| US20150113281A1 (en) | Multiple application platform owner keys in a secure object computer system | |
| CN104715175A (en) | Computer system safety protection method and device | |
| CN106355085B (en) | Trusted application operation safety control method | |
| Suciu et al. | Droidsentry: Efficient code integrity and control flow verification on trustzone devices | |
| KR101588533B1 (en) | Method and Apparatus for Tightening Security of Application in Android System |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150325 |
|
| RJ01 | Rejection of invention patent application after publication |