CN105959272A - Unauthorized encrypted and compressed file outward transmission monitoring system and unauthorized encrypted and compressed file outward transmission monitoring method - Google Patents

Abstract

The invention provides an unauthorized encrypted and compressed file outward transmission monitoring system and an unauthorized encrypted and compressed file outward transmission monitoring method, and belongs to the mobile terminal safety field. The unauthorized encrypted and compressed file outward transmission monitoring system comprises an authorization strategy configuration module and a data channel control module. The unauthorized encrypted and compressed file outward transmission monitoring method is characterized in that a DCC attempts to read configuration file information of an APC from a designated position; when an SPCF exists, the DCC starts a configuration analysis function, and when the SPCF does not exist, the DCC is used to transmit a message to the APC by a designated SOCKET; a user can carry out DC and SP configuration by an APC configuration interface, and the DC and SP configuration is stored in the SPCF; the DCC starts the configuration analysis function; the DCC starts a data channel monitor function; the DCC starts a file check function; the FC is firstly used to analyze TF basic information, and is used to acquire two basic information, namely file types and encryption states; when the file is not encrypted, the FC is used to continue the subsequent transmitting behavior of the file, and the detection process is ended.

Description

A kind of unauthorized encryption and compressed file externally send monitoring system and method

Technical field

The present invention relates to mobile terminal safety field, particularly relate to a kind of unauthorized encryption and compressed file is external Send monitoring system and method.

Background technology

It is currently based on illegally application, program or the service such as the virus of terminal, malicious code, can use on backstage The significant datas such as acquisition terminal secret, privacy, the information then these collected, by encrypting and relevant The mode of transform format, is formed to add and compresses the file adding transform format, escape the detection of fail-safe software, Reach to be carried out these information by external communication channel the purpose of unauthorized theft.Current safety detection Mechanism, externally sends behavior to this file by encryption mode, in order to avoid too much computing cost And task, the controlling behavior often taked allows its transmission behavior exactly, is not added with too much control action.This The direct result that situation is brought is namely based on the illegally application such as the wooden horse of terminal, malicious code, service, module, Will utilize the shortcoming in this mechanism, some are crucial, secret and sensitive data, by cipher mode pair Need the file sent to process, directly avoid due safety detection, file is sent.

Summary of the invention

It is an object of the invention to provide a kind of unauthorized encryption and compressed file externally sends monitoring system And method, thus solve foregoing problems present in prior art.

To achieve these goals, the technical solution used in the present invention is as follows:

A kind of unauthorized encryption and compressed file externally send monitoring system, it is characterised in that include authorizing plan Slightly configuration module and data channel control module；Described delegated strategy configuration module i.e. Authority Policy Configuration, takes initial and is referred to as APC, described data channel control module i.e. Data Channel Control, takes initial and is referred to as DCC；

Described APC uses Java and Android SDK to develop realization, and described DCC uses C++ and Android NDK realizes.

Preferably, described APC realizes data channel configuration and controls security strategy configuration；The described data that realize are led to Road configuration i.e. Data Channel Setting, takes initial and is referred to as DCS, and described control security strategy configures I.e. Control Security Policy Configuration, takes initial and is referred to as CSPC；

Preferably, the data channel needing monitoring is selected and configures by described DCS, and definition needs monitoring Data channel；

Preferably, described data channel includes: bluetooth, infrared, Wifi, GPRS, USB etc..

Preferably, described CSPC generates one or more strategy, it is provided that use to DCC；Described strategy is i.e. Security Policy, takes initial and is referred to as SP；

Whether preferably, every described SP includes three elements: file type, the most directly forbid and inquire, Wherein, each described file type can only set a described SP.

Preferably, described DCC realizes configuring, to arranged by described DCS with the security strategy of described CSPC The file of data channel transmission is monitored and manages, by the definition of described SP, after determining transmission file Continue for.

A kind of unauthorized encryption and compressed file externally send monitoring method, comprise the following steps:

S1, after system normally starts, enables described DCC and described APC；

S2, described DCC attempt from the profile information specifying position to read described APC；

Described profile information i.e. SP Configuration File, takes initial and is referred to as SPCF；

If described SPCF exists, then jump to S4 and start to perform configuration loading procedure；If described SPCF is not Existing, the most described DCC sends message by specifying SOCKET to described APC；

After S3, described APC receive described DCC message, it is desirable to user passes through described APC configuration interface, carries out DC and described SP configuration, and be saved in described SPCF；

S4, described DCC enable Command Line Parsing function；

Described Command Line Parsing function i.e. Configuration Analysis, takes initial and is referred to as CA；

Described CA reads described SPCF, resolves the described DC information needing monitoring, forms DC list in internal memory, With the described SP information of parsing, internal memory forms SP list；

Described DC list i.e. DC Link, takes initial and is referred to as DCL, described SP list i.e. SP Link, take head Letter referred to as SPL；

S5, described DCC enable data channel control function, run in Service mode, according to described DCL pair Respective channel is monitored；

Described data channel control function i.e. Data Channel Monitor, takes initial and is referred to as DCM；

S6, described DCM monitor the passage defined in described DCL have transmission file behavior when, by institute State SOCKET and send message to described DCC；

Described transmission file i.e. Transferred File, takes initial and is referred to as TF；

S7, after described DCC receives message, enables file detection function, during taking over described TF transmission Follow-up behavior；

Described file detection function i.e. File Check, takes initial and is referred to as FC；

First S8, described FC analyze described TF essential information, obtain file type, encrypted state two substantially Information, if file will continue the follow-up transmission behavior of file without encryption, described FC, this time inspection Survey process terminates；If file is through encryption, continue subsequent detection action；

S9, described FC order reads described SPL, obtains the described SP matched with described TF file type；

S10, described FC read " the most directly forbidding " configuration in described SP, if setting value is "Yes", Described FC will directly terminate the transport behavior of described TF, and by operation process recording in daily record；If set Value is "No", continues subsequent detection；

S11, described FC read " whether inquiring " configuration in described SP, if setting value is "No", described FC will allow described TF to continue to send；If setting value is "Yes", described FC passes through described SOCKET by described TF relevant information and require that inquiry message passes to described APC, after described APC receives message, is inquired by ejection The mode of dialog box, prompts the user whether to allow described TF to send behavior, and wherein, described AD includes described TF filename, transmission source and user's select button；

Described dialog box i.e. Answer Dialog, takes initial and is referred to as AD；

The selection result of user is returned to described FC by described SOCKET by S12, described AD；

Described selection result i.e. Action Choice, takes initial and is referred to as AC；

S13, if described AC is "Yes", described FC will allow the follow-up transmission behavior of described TF, and by phase Pass information record is in daily record；If described AC is "No", described FC will forbid the follow-up transmission row of described TF For, and will forbid that the result record sent is in daily record；

S14, in described APC running, when described DC and described SP configures and changes, described APC To notify that the described DCL in internal memory and described SPL is updated by described DCC, it is ensured that latest configuration can obtain Application；

S15, the journal file of record leaves specific bit in described SD in by clear-text way to be put.

The invention has the beneficial effects as follows: the present invention is directed to the file security problem that above-mentioned mobile terminal easily occurs, Propose to need the mechanism of user intervention, when meeting encryption, compression, any one form of transform format File is copied any one mode carried out outwards by wireless network, mobile network, bluetooth, infrared or USB During propagation, user will be pointed out to participate in alternately by system message mode, confirm that this file whether can be to Outer propagation, by increasing manual confirmation mechanism, reduces secret, privacy and sensitive content by unofficial biography of illegally moving under water The risk brought, or, by the unified security mechanism set, the file of this mode of total ban transmits, From stopping the risk that confidential content leaks at all.

Accompanying drawing explanation

Fig. 1 is that encryption file sends monitoring logic.

Detailed description of the invention

In order to make the purpose of the present invention, technical scheme and advantage clearer, below in conjunction with accompanying drawing, right The present invention is further elaborated.Should be appreciated that detailed description of the invention described herein only in order to Explain the present invention, be not intended to limit the present invention.

The present invention realizes and work process is as follows:

The most whole realization is made up of two parts, delegated strategy configuration module (APC, Authority Policy And two masters of data channel control module (DCC, Data Channel Control) Configuration) Function is wanted to form；APC uses Java and Android SDK to develop realization, and DCC uses C++ and Android NDK realizes；

2.APC realizes data channel configuration (DCS, Data Channel Setting) and control security strategy is joined Put (CSPC, Control Security Policy Configuration)；The DCS data to needing monitoring Passage selects and configures, and definition needs the data channel of monitoring, including: bluetooth, infrared, Wifi, GPRS、USB；CSPC generates one or more strategy (SP, Security Policy), it is provided that enter to DCC Exercise and use；Every SP is elementary composition by three, and SP=<file type the most directly forbids whether inquiring>, its In, each file type can only set a SP；

3.DCC realizes configuring with the security strategy of CSPC, the file to the data channel transmission arranged by DCS It is monitored and manages, by the definition of SP, determining the follow-up behavior of transmission file；

4., after system normally starts, enable DCC and APC；

5.DCC attempts from profile information (SPCF, the SP Configuration specifying position to read APC File), if SPCF exists, start to perform configuration loading procedure from step 7；If SPCF does not exists, DCC By specifying SOCKET to send message to APC；

After 6.APC receives DCC message, it is desirable to user passes through APC configuration interface, carry out DC and SP configuration, and It is saved in SPCF；

7.DCC enables Command Line Parsing function (CA, Configuration Analysis), and CA reads SPCF, Resolve the DC information needing monitoring, internal memory is formed DC list (DCL, DC Link), and, resolve SP letter Breath, forms SP list (SPL, SP Link) in internal memory；

8.DCC enables data channel control function (DCM, Data Channel Monitor), with Service Mode is run, and is monitored respective channel according to DCL；

9.DCM monitors the passage defined in DCL transmission file (TF, Transferred File) behavior When, send message by SOCKET to DCC；

After 10.DCC receives message, enabling file detection function (FC, File Check), adapter TF sends During follow-up behavior；

First 11.FC analyzes TF essential information, obtains file type, two essential informations of encrypted state, if File will continue the follow-up transmission behavior of file without encryption, FC, and this time detection process terminates；As Really file is through encryption, continues subsequent detection action；

12.FC order reads SPL, obtains the SP matched with TF file type；

13.FC reads " the most directly forbidding " configuration in SP, if setting value is "Yes", FC will directly eventually The only transport behavior of TF, and by operation process recording in daily record；If setting value is "No", continue follow-up Detection；

14.FC reads " whether inquiring " configuration in SP, if setting value is "No", FC will allow TF to continue Send；If setting value is "Yes", FC by TF relevant information and requires that inquiry message passes to APC by SOCKET, After APC receives message, by ejecting the mode of inquiry session frame (AD, Answer Dialog), prompting is used Whether family allows TF to send behavior, and wherein, AD includes TF filename, transmission source and user's select button；

The selection result (AC, Action Choice) of user is returned to FC by SOCKET by 15.AD；

If 16. AC are "Yes", FC will allow the follow-up transmission behavior of TF, and by relevant information record in day In will；If AC is "No", FC will forbid the follow-up transmission behavior of TF, and will forbid the result record sent In daily record；

17. in APC running, and when DC and SP configuration changes, APC will notify that DCC is in internal memory DCL and SPL be updated, it is ensured that latest configuration can be applied；

The journal file of 18. records leaves specific bit in SD in by clear-text way to be put, e.g., /sdcard/pm/monitor.log；

By using technique scheme disclosed by the invention, obtain following beneficial effect:

The present invention is directed to the file security problem that above-mentioned mobile terminal easily occurs, propose to need user intervention Mechanism, when meet encryption, compression, any one form of transform format file by wireless network, Mobile network, bluetooth, infrared or USB copy any one mode when outwards propagating, and will pass through system Message mode, prompting user participates in alternately, confirms whether this file can outwards be propagated, by increasing people Work affirmation mechanism, reduces the risk that secret, privacy and sensitive content are brought by unofficial biography of illegally moving under water, or, By the unified security mechanism set, the file transmission of this mode of total ban, from stopping in secret at all Hold the risk leaked.

The above is only the preferred embodiment of the present invention, it is noted that common for the art For technical staff, under the premise without departing from the principles of the invention, it is also possible to make some improvements and modifications, These improvements and modifications also should regard protection scope of the present invention.

Claims (8)

1. a unauthorized encryption and compressed file externally send monitoring system, it is characterised in that include authorizing Strategy configuration module and data channel control module；

Described delegated strategy configuration module i.e. Authority Policy Configuration, takes initial letter It is referred to as APC, described data channel control module i.e. Data Channel Control, takes initial and be referred to as DCC；

Described APC uses Java and Android SDK to develop realization, and described DCC uses C++ and Android NDK realizes.

The unauthorized encryption of one the most according to claim 1 and compressed file externally send monitoring system, It is characterized in that, described APC realizes data channel configuration and controls security strategy configuration；

Described realize data channel configuration i.e. Data Channel Setting, take initial and be referred to as DCS, institute State control security strategy configuration i.e. Control Security Policy Configuration, take initial letter It is referred to as CSPC.

The unauthorized encryption of one the most according to claim 2 and compressed file externally send monitoring system, It is characterized in that, the data channel needing monitoring is selected and configures by described DCS, and definition needs monitoring Data channel.

The unauthorized encryption of one the most according to claim 2 and compressed file externally send monitoring system, It is characterized in that, described CSPC generates one or more strategy, it is provided that use to DCC；

Described strategy i.e. Security Policy, takes initial and is referred to as SP.

The unauthorized encryption of one the most according to claim 3 and compressed file externally send monitoring system, It is characterized in that, described data channel includes: bluetooth, infrared, Wifi, GPRS, USB.

The unauthorized encryption of one the most according to claim 4 and compressed file externally send monitoring system, Whether it is characterized in that, every described SP includes three elements: file type, the most directly forbid and inquire, Wherein, each described file type can only set a described SP.

The unauthorized encryption of one the most according to claim 4 and compressed file externally send monitoring system, It is characterized in that, described DCC realizes configuring, to arranged by described DCS with the security strategy of described CSPC The file of described data channel transmission is monitored and manages, and determines transmission file by the definition of described SP Follow-up behavior.

8. a unauthorized encryption and compressed file externally send monitoring method, it is characterised in that include following Step:

S1, after system normally starts, enables described DCC and described APC；

S2, described DCC attempt from the profile information specifying position to read described APC；

Described profile information i.e. SP Configuration File, takes initial and is referred to as SPCF；

If described SPCF exists, then jump to S4 and start to perform configuration loading procedure；If described SPCF is not Existing, the most described DCC sends message by specifying SOCKET to described APC；

After S3, described APC receive described DCC message, it is desirable to user passes through described APC configuration interface, carries out DC and described SP configuration, and be saved in described SPCF；

S4, described DCC enable Command Line Parsing function；

Described Command Line Parsing function i.e. Configuration Analysis, takes initial and is referred to as CA；

Described CA reads described SPCF, resolves the described DC information needing monitoring, forms DC list in internal memory, With the described SP information of parsing, internal memory forms SP list；

Described DC list i.e. DC Link, takes initial and is referred to as DCL, described SP list i.e. SP Link, take head Letter referred to as SPL；

S5, described DCC enable data channel control function, run in Service mode, according to described DCL pair Respective channel is monitored；

Described data channel control function i.e. Data Channel Monitor, takes initial and is referred to as DCM；

S6, described DCM monitor the passage defined in described DCL have transmission file behavior when, by institute State SOCKET and send message to described DCC；

Described transmission file i.e. Transferred File, takes initial and is referred to as TF；

S7, after described DCC receives message, enables file detection function, during taking over described TF transmission Follow-up behavior；

Described file detection function i.e. File Check, takes initial and is referred to as FC；

First S8, described FC analyze described TF essential information, obtain file type, encrypted state two substantially Information, if file will continue the follow-up transmission behavior of file without encryption, described FC, this time inspection Survey process terminates；If file is through encryption, continue subsequent detection action；

S9, described FC order reads described SPL, obtains the described SP matched with described TF file type；

S10, described FC read " the most directly forbidding " configuration in described SP, if setting value is "Yes", Described FC will directly terminate the transport behavior of described TF, and by operation process recording in daily record；If set Value is "No", continues subsequent detection；

S11, described FC read " whether inquiring " configuration in described SP, if setting value is "No", described FC will allow described TF to continue to send；If setting value is "Yes", described FC passes through described SOCKET by described TF relevant information and require that inquiry message passes to described APC, after described APC receives message, is inquired by ejection The mode of dialog box, prompts the user whether to allow described TF to send behavior, and wherein, described AD includes described TF filename, transmission source and user's select button；

Described dialog box i.e. Answer Dialog, takes initial and is referred to as AD；

The selection result of user is returned to described FC by described SOCKET by S12, described AD；

Described selection result i.e. Action Choice, takes initial and is referred to as AC；

S13, if described AC is "Yes", described FC will allow the follow-up transmission behavior of described TF, and by phase Pass information record is in daily record；If described AC is "No", described FC will forbid the follow-up transmission row of described TF For, and will forbid that the result record sent is in daily record；

S14, in described APC running, when described DC and described SP configures and changes, described APC To notify that the described DCL in internal memory and described SPL is updated by described DCC, it is ensured that latest configuration can obtain Application；

S15, the journal file of record leaves specific bit in described SD in by clear-text way to be put.