CN106096418A - SELinux-based startup security level selection method and device and terminal equipment - Google Patents
SELinux-based startup security level selection method and device and terminal equipment Download PDFInfo
- Publication number
- CN106096418A CN106096418A CN201610389141.6A CN201610389141A CN106096418A CN 106096418 A CN106096418 A CN 106096418A CN 201610389141 A CN201610389141 A CN 201610389141A CN 106096418 A CN106096418 A CN 106096418A
- Authority
- CN
- China
- Prior art keywords
- safe class
- selinux
- terminal unit
- selection
- safe
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000010187 selection method Methods 0.000 title abstract description 7
- 238000000034 method Methods 0.000 claims description 33
- 230000007246 mechanism Effects 0.000 claims description 23
- 238000005516 engineering process Methods 0.000 claims description 10
- 238000005259 measurement Methods 0.000 claims description 10
- 230000006870 function Effects 0.000 description 13
- 230000008569 process Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 5
- 230000004899 motility Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 230000007613 environmental effect Effects 0.000 description 2
- 238000003860 storage Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000012938 design process Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 238000003825 pressing Methods 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a startup security level selection method and device based on SELinux and terminal equipment. The security level selection method comprises the following steps: when the terminal equipment is started, displaying a safety level display interface, wherein the safety level display interface comprises options corresponding to different safety levels; receiving user selection of different security levels; and loading a pre-specified corresponding SELinux policy file according to the selection of the user on different security levels. According to the security level selection method, the user can select the security level, and the flexibility of security control is improved.
Description
Technical field
The present invention relates to terminal unit security technology area, in particular to a kind of start safety based on SELinux
Hierarchical selection method, device and terminal unit.
Background technology
SELinux (Security-Enhanced Linux, enhanced security Linux) is a kind of U.S.National Security Agency
(NSA) implementation method for forced symmetric centralization (MAC) formulated, is secure subsystem new in (SuSE) Linux OS.When
After terminal unit is loaded with SELinux secure subsystem, it is possible to be greatly enhanced the safe class of its operating system.
SELinux is as a kind of mandatory Access Control Mechanism, and it is for managing the resource point level of confidentiality in system and class
Reason, to ensure that each user can only have access to be indicated the resource that can be accessed by.Briefly, at forced symmetric centralization
Under, process (or other main bodys) and file (or other objects) are all marked with fixing security strategy (such as level of security, access
Authority etc.), access every time occur time, system detection security strategy is to determine a user whether one file of Internet access.
Namely to force access be by system control, user can not directly perception or be controlled.This fine-grained protection mechanism is permissible
Make security of system higher.
But when reality is applied, user may have different demands to safe class, such as needing the safest making
With under environment, it is desirable to only allow the certain applications program of terminal unit or function to be used.But current SELinux mechanism cannot
Realize this function.
Be only used for strengthening the understanding to the background of the present invention in information above-mentioned disclosed in described background section, therefore it
Can include not constituting the information to prior art known to persons of ordinary skill in the art.
Summary of the invention
In view of this, the present invention provides a kind of start safe class system of selection based on SELinux, device and terminal to set
Standby, it is possible to by user, safe class to be selected, increase the motility of security control.
Other characteristics of the present invention and advantage will be apparent from by detailed description below, or partially by the present invention
Practice and acquistion.
According to an aspect of the present invention, it is provided that a kind of start safe class system of selection based on SELinux, including:
When terminal unit is activated, showing safe class display interface, described safe class display interface includes corresponding different peace
The option of congruence level;Receive user's selection to different described safe classes;And according to user to different described safety
The selection of grade, loads preassigned corresponding SELinux strategy file.
According to an embodiment of the present invention, when described terminal unit is activated, said method also includes: use based on
The credible tolerance mechanism of hardware measures the integrity of described terminal unit;And when the integrity measurement of described terminal unit passes through
Time, show described safe class display interface.
According to an embodiment of the present invention, described safe class includes: high safety grade, common safe class and without peace
Congruence level;Wherein under described high safety grade, only allowing high safety applications to be used, described high safety applications includes: pay
Apply and dial code phone;Under described common safe class, based on corresponding described SELinux strategy file, it is allowed to institute
Application is had to be used;Described without safe class under, be not loaded with described SELinux strategy file.
According to an embodiment of the present invention, described credible tolerance mechanism is reliable hardware based on TrustZone technology
Tolerance mechanism.
According to an embodiment of the present invention, described method is implemented on the start guiding journey of described terminal unit operating system
In sequence Systemd.
According to a further aspect in the invention, it is provided that a kind of start safe class based on SELinux selects device, bag
Including: interface display module, for when terminal unit is activated, show safe class display interface, described safe class shows
Interface includes the option of corresponding different safe class;Select receiver module, for receiving user to different described safety etc.
The selection of level;And strategy load-on module, for according to user's selection to different described safe classes, load and preassign
Corresponding SELinux strategy file.
According to an embodiment of the present invention, said apparatus also includes: integrity measurement module, for setting when described terminal
For when being activated, hardware based credible tolerance mechanism is used to measure the integrity of described terminal unit;Described interface display mould
Block is additionally operable to, when the integrity measurement of described terminal unit passes through, show described safe class display interface.
According to an embodiment of the present invention, described safe class includes: high safety grade, common safe class and without peace
Congruence level;Wherein under described high safety grade, only allowing high safety applications to be used, described high safety applications includes: pay
Apply and dial code phone;Under described common safe class, based on corresponding described SELinux strategy file, it is allowed to institute
Application is had to be used;Described without safe class under, be not loaded with described SELinux strategy file.
According to an embodiment of the present invention, described credible tolerance mechanism is reliable hardware based on TrustZone technology
Tolerance mechanism.
According to an embodiment of the present invention, described device is implemented on the start guiding journey of described terminal unit operating system
In sequence Systemd.
In accordance with a further aspect of the present invention, it is provided that a kind of terminal unit, including processor;And memorizer, it is used for depositing
Store up the executable instruction of described processor;Wherein said processor is configured to by performing below described executable instruction performs
Operation: when terminal unit is activated, shows safe class display interface, and described safe class display interface includes corresponding different
The option of safe class;Receive user's selection to different described safe classes;And according to user to described in different
The selection of safe class, loads preassigned corresponding SELinux strategy file.
According to the start safe class system of selection based on SELinux of the present invention, can starting up when by
User selects the different safety class needing to enter, such that it is able to adapt to different security contexts, adds SELinux and forces to visit
Ask the motility of control.
It addition, according to some embodiments, the start safe class system of selection based on SELinux of the present invention, further
Use the integrity of hardware based credible tolerance mechanism tolerance terminal unit, thus ensure that the safety of kernel so that this is opened
Machine safe class system of selection is high safety, even if using super administrator right to carry out the operating system of terminal unit
Amendment, namely the operating system of terminal unit is by root, does not also result in threat.
It should be appreciated that it is only exemplary that above general description and details hereinafter describe, can not be limited this
Invention.
Accompanying drawing explanation
Describing its example embodiment in detail by referring to accompanying drawing, above and other target of the present invention, feature and advantage will
Become more fully apparent.
Fig. 1 is according to a kind of based on SELinux the start safe class system of selection shown in an illustrative embodiments
Flow chart.
Fig. 2 is according to start based on the SELinux safe class selecting party of the another kind shown in an illustrative embodiments
The flow chart of method.
Fig. 3 is to select device according to a kind of based on SELinux the start safe class shown in an illustrative embodiments
Block diagram.
Fig. 4 is to select dress according to start based on the SELinux safe class of the another kind shown in an illustrative embodiments
The block diagram put.
Detailed description of the invention
It is described more fully with example embodiment referring now to accompanying drawing.But, example embodiment can be with multiple shape
Formula is implemented, and is not understood as limited to example set forth herein;On the contrary, it is provided that these embodiments make the present invention will more
Fully and completely, and by the design of example embodiment those skilled in the art is conveyed to all sidedly.Accompanying drawing is only the present invention
Schematic illustrations, be not necessarily drawn to scale.Reference identical in figure represents same or similar part, thus
Repetition thereof will be omitted.
Additionally, described feature, structure or characteristic can be combined in one or more enforcement in any suitable manner
In mode.In the following description, it is provided that many details thus be given and embodiments of the present invention fully understood.So
And, it will be appreciated by persons skilled in the art that and can put into practice technical scheme and omit in described specific detail one
Or more, or other method, constituent element, device, step etc. can be used.In other cases, it is not shown in detail or describes
Known features, method, device, realize or operate avoiding that a presumptuous guest usurps the role of the host and each aspect of the present invention is thickened.
Fig. 1 is according to a kind of based on SELinux the start safe class system of selection shown in an illustrative embodiments
Flow chart.As it is shown in figure 1, the method 10 includes:
In step s 102, when terminal unit is activated, shows safe class display interface, select difference for user
Safe class.
This safe class display interface includes the option of corresponding different safe class, and safe class such as can be wrapped
Include: high safety grade, common safe class and without safe class.
In this safe class display interface, can only show the option of different safety class, it is also possible to show not Tongan City
The help information of congruence level.Such as, when user not can determine which kind of safe class of this selection, user such as can be by selecting
Help options, displays for a user the details of different safety class, as under high safety grade, only allows which function/should
With being performed, thus assist user that safe class is selected.
In step S104, receive user's selection to different safety class.
By detection user to the touching of different safety class option or pressing operation, determine and receive user to not Tongan City
The selection of congruence level.
In step s 106, according to user's selection to different safety class, the corresponding SELinux pre-established is loaded
Strategy file.
SELinux is a set of security system based on strategy.In its security strategy, realized main by the setting of label
The body control to object.Wherein main body can be each process run in terminal unit, and object is then all moneys in system
Source, including: file system, catalogue, file, file start designator, port, message interface and network interface etc..Each process
It is owned by the label of oneself, and each object object is also owned by the label of oneself.By the SELinux security strategy write,
Control process label can object object tag be conducted interviews, such as file access, read-write and SOCKET operation etc..Such as,
Configured by strategy, it is allowed to label is that the process of A is written and read operation to the file that label is B;Or, it is allowed to label is C's
Process carries out SOCKET communication etc. to the message interface that label is D.When terminal unit is activated, by SELinux strategy file
Import in kernel, thus realize the forced symmetric centralization of follow-up SELinux.
For different safe classes, different SELinux strategy files, SELinux strategy file example can be prepared in advance
As for binary file.As high safety grade is that user uses when needing the safest state, as answered in payment
With, dial code phone, enter secret unit time, only allow and pay application, dial code phone or entrance secret unit
The use of corresponding function/application, then prohibits the use of for other function/application.Namely under high safety grade, the most fair
Being permitted high safety applications to be used, high safety applications includes: pays application, dial code phone etc..It can be by formulating
SELinux strategy controls.For allowing the function/application used, strategy file is configured to allow entering of these function/application
Journey accesses corresponding object object, arranges the label of coupling the most as mentioned above for process and object object;And for not allowing
Function/the application used, then be configured to not allow the process of these function/application to access corresponding object pair by strategy file
As.
For common safe class, the most do not affect the normal use of user, i.e. for the commonly used function of user/should
With, by the configuration of strategy file, perform corresponding forced symmetric centralization.And without as in high safety grade, positive closing portion
Divide the use of function/application.
For without safe class, then any SELinux strategy file can be not loaded with, hence for any function/should
Demand for system in the access of resource, do not limited by SELinux.
In certain embodiments, in said method can be embodied in Systemd system start-up bootstrap.Systemd
Bootstrap is a kind of Starting mode of (SuSE) Linux OS, and it can accelerate the toggle speed of linux system.
The start safe class system of selection based on SELinux of embodiment of the present invention, can starting up time
Wait the different safety class being selected to need entrance by user, such that it is able to adapt to different security contexts, add SELinux strong
System accesses the motility controlled.
It will be clearly understood that present disclosure describe how to be formed and use particular example, but the principle of the present invention is not limited to
Any details of these examples.On the contrary, teaching based on present disclosure, these principles can be applied to many other
Embodiment.
Fig. 2 is according to start based on the SELinux safe class selecting party of the another kind shown in an illustrative embodiments
The flow chart of method.As in figure 2 it is shown, the method 20 includes:
In step S202, when terminal unit is activated, hardware based credible tolerance mechanism tolerance terminal is used to set
Standby integrity, thus ensure the safety of kernel.
SELinux strategy file needs to be loaded in system kernel and uses, thereby ensure that Kernel security, further increases
The safety of SELinux security mechanism.
Above-mentioned credible tolerance mechanism guides such as can be based on TrustZone technology.TrustZone is that ARM is for electronics
A kind of hardware structure that equipment safety is proposed, this hardware structure is the extension of security system, mesh in whole system design process
Mark is to take precautions against the multiple threat that electronic equipment can suffer from.
TrustZone key problem in technology is introduce credible execution environment and commonly perform environment, and it can be commonly holding
Row is environmentally isolated, and creates the credible execution environment of credible startup (trusted boot).Credible startup commonly performs ring in startup
Credible execution environmental operation system is initialized before the operating system of border.Afterwards, can be by authentication, key and Password Management etc.
Trusted application is arranged in credible execution environment operation.
Terminal unit is reset in security context by the credible startup of TrustZone, by only read the form of internal memory from
Immutable hardware starts, and accesses believable hardware resource (such as hardware unique key, random number generator, counting
Device, timer and credible internal memory etc.).The thorough design of TrustZone technology, empirical tests credible Booting sequence is to ensure that equipment
The basis of integrity.Credible execution environmental operation system can start in advance as a part for credible Booting sequence, then guides
The common os starting performing environment.
In step S204, when integrity measurement passes through, show safe class display interface, select difference for user
Safe class.
Safe class such as may include that high safety grade, common safe class and without safe class.
In step S206, receive user's selection to different safety class.
In step S208, according to user's selection to different safety class, load the corresponding SELinux pre-established
Strategy file.
It should be noted that step S204 in present embodiment~S208 and step S102 in method 10~S106 phase
With, do not repeat them here.
The start safe class system of selection based on SELinux of embodiment of the present invention, uses further based on hardware
The integrity of credible tolerance mechanism tolerance terminal unit, thus ensure that the safety of kernel so that this start safe class is selected
Selection method is high safety, even if using super administrator right to be modified the operating system of terminal unit, namely eventually
The operating system of end equipment, by root, does not results in threat yet.
It will be appreciated by those skilled in the art that all or part of step realizing above-mentioned embodiment is implemented as being held by CPU
The computer program of row.When this computer program is performed by CPU, it is above-mentioned that the said method that performing the present invention provides is limited
Function.Described program can be stored in a kind of computer-readable recording medium, and this storage medium can be read only memory,
Disk or CD etc..
Further, it should be noted that above-mentioned accompanying drawing is only according to included by the method for exemplary embodiment of the invention
Process schematically illustrates rather than limits purpose.It can be readily appreciated that above-mentioned process shown in the drawings is not intended that or limits these
The time sequencing processed.It addition, be also easy to understand, these process can be such as either synchronously or asynchronously to perform in multiple modules
's.
Following for apparatus of the present invention embodiment, may be used for performing the inventive method embodiment.Real for apparatus of the present invention
Execute the details not disclosed in example, refer to the inventive method embodiment.
Fig. 3 is to select device according to a kind of based on SELinux the start safe class shown in an illustrative embodiments
Block diagram.As it is shown on figure 3, this device 30 includes: interface display module 302, selection receiver module 304 and strategy load-on module
306。
Interface display module 302, for when terminal unit is activated, shows safe class display interface, described safety etc.
Level display interface includes the option of corresponding different safe class.
In certain embodiments, described safe class includes: high safety grade, common safe class and without safe class;
Wherein under described high safety grade, only allowing high safety applications to be used, described high safety applications includes: pays application and dials
Play code phone;Under described common safe class, based on corresponding described SELinux strategy file, it is allowed to all application quilts
Use;Described without safe class under, be not loaded with described SELinux strategy file.
Select receiver module 304 for receiving user's selection to different described safe classes.
Strategy load-on module 306 is for according to user's selection to different described safe classes, loading preassigned
Corresponding SELinux strategy file.
In certain embodiments, this device 30 is implemented on the boot of described terminal unit operating system
In Systemd.
The start safe class based on SELinux of embodiment of the present invention selects device, can starting up time
Wait the different safety class being selected to need entrance by user, such that it is able to adapt to different security contexts, add SELinux strong
System accesses the motility controlled.
Fig. 4 is to select dress according to start based on the SELinux safe class of the another kind shown in an illustrative embodiments
The block diagram put.As shown in Figure 4, this device 40 includes: interface display module 402, selection receiver module 404, strategy load-on module
406 and integrity measurement module 408.
Integrity measurement module 408, for when described terminal unit is activated, uses hardware based credible tolerance machine
The integrity of terminal unit described in system amount.
In certain embodiments, described credible tolerance mechanism is reliable hardware based on TrustZone technology tolerance mechanism.
Interface display module 402, for when the integrity measurement of described terminal unit passes through, shows described safe class
Display interface.
Select receiver module 404 for receiving user's selection to different described safe classes.
In certain embodiments, described safe class includes: high safety grade, common safe class and without safe class;
Wherein under described high safety grade, only allowing high safety applications to be used, described high safety applications includes: pays application and dials
Play code phone;Under described common safe class, based on corresponding described SELinux strategy file, it is allowed to all application quilts
Use;Described without safe class under, be not loaded with described SELinux strategy file.
Strategy load-on module 406 is for according to user's selection to different described safe classes, loading preassigned
Corresponding SELinux strategy file.
In certain embodiments, this device 40 is implemented on the boot of described terminal unit operating system
In Systemd.
The start safe class based on SELinux of embodiment of the present invention selects device, uses based on hardware further
The integrity of credible tolerance mechanism tolerance terminal unit, thus ensure that the safety of kernel so that this start safe class is selected
Selection method is high safety, even if using super administrator right to be modified the operating system of terminal unit, namely eventually
The operating system of end equipment, by root, does not results in threat yet.
It should be noted that the block diagram shown in above-mentioned accompanying drawing is functional entity, it is not necessary to must with physically or logically
Independent entity is corresponding.Can use software form to realize these functional entitys, or in one or more hardware modules or
Integrated circuit realizes these functional entitys, or realizes in heterogeneous networks and/or processor device and/or microcontroller device
These functional entitys.
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented
Mode can be realized by software, it is also possible to realizes by the way of software combines necessary hardware.Therefore, according to the present invention
The technical scheme of embodiment can embody with the form of software product, this software product can be stored in one non-volatile
In property storage medium (can be CD-ROM, USB flash disk, portable hard drive etc.) or on network, including some instructions so that a calculating
Equipment (can be personal computer, server, mobile terminal or the network equipment etc.) performs according to embodiment of the present invention
Method.
More than it is particularly shown and described the illustrative embodiments of the present invention.It should be appreciated that the present invention does not limits
In detailed construction described herein, set-up mode or implementation method;It is included in claims on the contrary, it is intended to contain
Spirit and scope in various amendments and equivalence arrange.
Claims (11)
1. a start safe class system of selection based on SELinux, it is characterised in that including:
When terminal unit is activated, showing safe class display interface, described safe class display interface includes corresponding different
The option of safe class;
Receive user's selection to different described safe classes;And
According to user's selection to different described safe classes, load preassigned corresponding SELinux strategy file.
Method the most according to claim 1, it is characterised in that when described terminal unit is activated, also include:
Hardware based credible tolerance mechanism is used to measure the integrity of described terminal unit;And
When the integrity measurement of described terminal unit passes through, show described safe class display interface.
Method the most according to claim 2, it is characterised in that described safe class includes: high safety grade, common safety
Grade and without safe class;Wherein under described high safety grade, high safety applications is only allowed to be used, described high safety applications
Including: pay application and dial code phone;Under described common safe class, based on corresponding described SELinux strategy literary composition
Part, it is allowed to all application are used;Described without safe class under, be not loaded with described SELinux strategy file.
Method the most according to claim 2, it is characterised in that described credible tolerance mechanism is based on TrustZone technology
Reliable hardware tolerance mechanism.
5. according to the method described in any one of claim 1-4, it is characterised in that described method is implemented on described terminal unit behaviour
Make in the boot Systemd of system.
6. a start safe class based on SELinux selects device, it is characterised in that including:
Interface display module, for when terminal unit is activated, shows safe class display interface, and described safe class shows
Interface includes the option of corresponding different safe class;
Select receiver module, for receiving user's selection to different described safe classes;And
Strategy load-on module, for according to user's selection to different described safe classes, load preassigned accordingly
SELinux strategy file.
Device the most according to claim 6, it is characterised in that also include: integrity measurement module, for when described terminal
When equipment is activated, hardware based credible tolerance mechanism is used to measure the integrity of described terminal unit;Described interface display
Module is additionally operable to, when the integrity measurement of described terminal unit passes through, show described safe class display interface.
Device the most according to claim 7, it is characterised in that described safe class includes: high safety grade, common safety
Grade and without safe class;Wherein under described high safety grade, high safety applications is only allowed to be used, described high safety applications
Including: pay application and dial code phone;Under described common safe class, based on corresponding described SELinux strategy literary composition
Part, it is allowed to all application are used;Described without safe class under, be not loaded with described SELinux strategy file.
Device the most according to claim 7, it is characterised in that described credible tolerance mechanism is based on TrustZone technology
Reliable hardware tolerance mechanism.
10. according to the device described in any one of claim 6-9, it is characterised in that described device is implemented on described terminal unit
In the boot Systemd of operating system.
11. 1 kinds of terminal units, it is characterised in that including:
Processor;And
Memorizer, for storing the executable instruction of described processor;
Wherein said processor is configured to by performing described executable instruction to perform following operation:
When terminal unit is activated, showing safe class display interface, described safe class display interface includes corresponding different
The option of safe class;
Receive user's selection to different described safe classes;And
According to user's selection to different described safe classes, load preassigned corresponding SELinux strategy file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610389141.6A CN106096418B (en) | 2016-06-02 | 2016-06-02 | SELinux-based startup security level selection method and device and terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610389141.6A CN106096418B (en) | 2016-06-02 | 2016-06-02 | SELinux-based startup security level selection method and device and terminal equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106096418A true CN106096418A (en) | 2016-11-09 |
| CN106096418B CN106096418B (en) | 2019-01-04 |
Family
ID=57447151
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610389141.6A Active CN106096418B (en) | 2016-06-02 | 2016-06-02 | SELinux-based startup security level selection method and device and terminal equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106096418B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106453413A (en) * | 2016-11-29 | 2017-02-22 | 北京元心科技有限公司 | Method and device for applying SELinux security policy in multi-system |
| CN106534147A (en) * | 2016-11-29 | 2017-03-22 | 北京元心科技有限公司 | Method and device for selecting and applying SELinux security policy in multi-system |
| CN106845243A (en) * | 2016-12-13 | 2017-06-13 | 北京元心科技有限公司 | Improve the method and system for starting safety |
| CN109522720A (en) * | 2018-11-29 | 2019-03-26 | 北京元心科技有限公司 | Method, apparatus, electronic equipment and the computer readable storage medium of dynamic measurement |
| CN110362983A (en) * | 2019-05-31 | 2019-10-22 | 北京中电飞华通信股份有限公司 | A kind of method, apparatus and electronic equipment guaranteeing dual domain system conformance |
| CN112463203A (en) * | 2020-10-29 | 2021-03-09 | 苏州浪潮智能科技有限公司 | SELinux management configuration method, system, equipment and medium |
| CN117874773A (en) * | 2024-03-12 | 2024-04-12 | 麒麟软件有限公司 | Operating system safe starting method and device based on safety level control strategy |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102592092A (en) * | 2012-01-09 | 2012-07-18 | 中标软件有限公司 | Strategy adaptation system and method based on SELinux (Security-Enhanced Linux) security subsystem |
-
2016
- 2016-06-02 CN CN201610389141.6A patent/CN106096418B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102592092A (en) * | 2012-01-09 | 2012-07-18 | 中标软件有限公司 | Strategy adaptation system and method based on SELinux (Security-Enhanced Linux) security subsystem |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106453413A (en) * | 2016-11-29 | 2017-02-22 | 北京元心科技有限公司 | Method and device for applying SELinux security policy in multi-system |
| CN106534147A (en) * | 2016-11-29 | 2017-03-22 | 北京元心科技有限公司 | Method and device for selecting and applying SELinux security policy in multi-system |
| CN106453413B (en) * | 2016-11-29 | 2019-06-25 | 北京元心科技有限公司 | Method and device for applying SELinux security policy in multi-system |
| CN106534147B (en) * | 2016-11-29 | 2019-08-27 | 北京元心科技有限公司 | Method and device for selecting and applying SELinux security policy in multi-system |
| CN106845243A (en) * | 2016-12-13 | 2017-06-13 | 北京元心科技有限公司 | Improve the method and system for starting safety |
| CN109522720A (en) * | 2018-11-29 | 2019-03-26 | 北京元心科技有限公司 | Method, apparatus, electronic equipment and the computer readable storage medium of dynamic measurement |
| CN110362983A (en) * | 2019-05-31 | 2019-10-22 | 北京中电飞华通信股份有限公司 | A kind of method, apparatus and electronic equipment guaranteeing dual domain system conformance |
| CN112463203A (en) * | 2020-10-29 | 2021-03-09 | 苏州浪潮智能科技有限公司 | SELinux management configuration method, system, equipment and medium |
| CN117874773A (en) * | 2024-03-12 | 2024-04-12 | 麒麟软件有限公司 | Operating system safe starting method and device based on safety level control strategy |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106096418B (en) | 2019-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106096418A (en) | SELinux-based startup security level selection method and device and terminal equipment | |
| Sun et al. | TrustOTP: Transforming smartphones into secure one-time password tokens | |
| US10735427B2 (en) | Method and apparatus for managing program of electronic device | |
| CN105453102B (en) | The system and method for the private cipher key leaked for identification | |
| CN103748594B (en) | For ARM*TRUSTZONETMThe credible platform module based on firmware realized | |
| CN104995627B (en) | Cipher key revocation in system-on-chip apparatus | |
| CN1645288B (en) | Ensuring that a software update may be installed or run only on a specific device or class of devices | |
| CN106133743B (en) | System and method for optimizing the scanning of pre-installation application program | |
| Mellado et al. | Applying a security requirements engineering process | |
| CN107679393B (en) | Android integrity verification method and device based on trusted execution environment | |
| CN101276389B (en) | Separation of logical trusted platform modules within a single physical trusted platform module | |
| CN104217139B (en) | Processing system | |
| US9483636B2 (en) | Runtime application integrity protection | |
| EP3591552B1 (en) | Protection system including machine learning snapshot evaluation | |
| US10546126B2 (en) | Method for detecting the tampering of application code and electronic device supporting the same | |
| KR20130084671A (en) | Application usage policy enforcement | |
| US20170255775A1 (en) | Software verification systems with multiple verification paths | |
| CN104537302B (en) | A kind of safe starting method of terminal, device and terminal | |
| TWI737172B (en) | Computer system, computer program product and computer implement method for incremental decryption and integrity verification of a secure operating system image | |
| CN103530578A (en) | Method for constructing STPM of android system | |
| CN111177703B (en) | Method and device for determining data integrity of operating system | |
| CN110447033A (en) | The certification of limitation is accessed based on client | |
| CN112560110A (en) | Signing method and device of authorization protocol, electronic equipment and storage medium | |
| EP4081917A1 (en) | System and method for protecting software licensing information via a trusted platform module | |
| CN113448681B (en) | Registration method, equipment and storage medium of virtual machine monitor public key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210129 Address after: 101300 room 153, 1 / F, building 17, 16 Caixiang East Road, Nancai Town, Shunyi District, Beijing Patentee after: Yuanxin Information Technology Group Co.,Ltd. Address before: 100176 room 2222, building D, building 33, 99 Kechuang 14th Street, Beijing Economic and Technological Development Zone, Beijing Patentee before: BEIJING YUANXIN SCIENCE & TECHNOLOGY Co.,Ltd. |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20161109 Assignee: Beijing Yuanxin Junsheng Technology Co.,Ltd. Assignor: Yuanxin Information Technology Group Co.,Ltd. Contract record no.: X2021110000018 Denomination of invention: SELinux based power on security level selection method, device and terminal equipment Granted publication date: 20190104 License type: Common License Record date: 20210531 |