CN106295319B - Operating system safety protecting method - Google Patents
Operating system safety protecting method Download PDFInfo
- Publication number
- CN106295319B CN106295319B CN201610622913.6A CN201610622913A CN106295319B CN 106295319 B CN106295319 B CN 106295319B CN 201610622913 A CN201610622913 A CN 201610622913A CN 106295319 B CN106295319 B CN 106295319B
- Authority
- CN
- China
- Prior art keywords
- state
- operating system
- main body
- trusted status
- protecting method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Abstract
The present invention proposes a kind of operating system safety protecting method, i.e. authentic authentication method, which is mainly used for taking precautions against the rogue program of destruction system;Its basic principle is to determine the trust state of all subject and objects in operating system, and according to the trust state of subject and object, control the operating right of main object, the permission of rogue program is limited by each trust state, minimize the damage capability of rogue program, while ease for use to operating system and stability etc. will not affect greatly.The operating system safety protecting method can be applied in multiple system versions such as linux, unix, embedded system, android and FreeBSD;Compared to the forced symmetric centralization of linux, credible measurement technology etc., the operating system safety protecting method is while easy-to-use, effectively crime prevention system it can be modified and be destroyed by rogue program, and hardly cause anything to influence the aspect of performance of system.
Description
Technical field
The present invention relates to computer system security field, in particular to crime prevention system is destroyed and is modified by rogue program, prevents
Model rootkit etc..
Background technique
Operating system is the general pipeline of computer software and hardware resource and data, is responsible for the huge resource pipe of computer system
Reason, the critical functions such as communication between frequent input and output control and continual user's biconditional operation system.System safety
The problem of having become one can not be ignored, operating system security problem can not be ignored.It is directed to the attack means of operating system at present
It is more and more, the complicated multiplicity of mode.They carry out malicious sabotage using operating system itself loophole, and resource distribution is caused to be usurped
Change, rogue program is implanted execution, utilizes the illegal adapter tube super authority etc. of buffer overflow attack.
The purpose of hacker attack operating system two nothing but: first is that stealing the private data of user.Second is that operating system
It carries out malice and breaks ring, make it that can not act normal function.The common attack means of hacker are exactly that buffer-overflow vulnerability is utilized to plant
Enter rogue program, and illegally obtain the super authority of system, and then steals the private data of user or operating system is carried out
Malicious sabotage.
For above-mentioned problem, operating system manufacturer or third party developer take some measures and pacify to operating system
It is complete to reinforce;Such as: technologies such as LSM frame, credible measurement etc. are introduced in Linux system;Under LSM frame, consumer process is held
It is whether legal come decision access according to access control policy module when row system is called.But the Access control strategy management of LSM
Get up complex, and general user can not accomplish at all in addition to technical professional.Credible measurement technology passes through hash algorithm
Whether detection program is illegally distorted before program executes, and frequent Hash operation has seriously affected the performance of system.
Therefore, it is necessary to propose a kind of operating system safety protecting method, can system performance is not caused it is larger
Under the premise of influence, system safety is effectively ensured, and provide for user and facilitate flexible application approach.
Summary of the invention
The present invention is directed the problem of operating system is by malicious sabotage, before not affected greatly to system performance
It puts, system safety is effectively ensured, and provide for user and facilitate flexible application approach.
The purpose of the present invention is to provide a kind of operating system safety protecting method, take precautions against operating system by malicious modification and
It destroys, while being significantly affected to that will not be brought in terms of the performance and stability of system.
Its technical solution used are as follows: determine the trust state of all subject and objects in operating system, and according to
The trust state of subject and object controls the operating right of main object.
Wherein, the operating right of main object is controlled, comprising: the write-in of control main object execution is deleted or repaired
Change operation.
Further, the object includes file or resource, and the trust state of the object includes: strong trusted status, weak
Trusted status or insincere state, wherein there is the legal object of executable permission and source to be in the strong trusted status;Nothing
The legal or unknown object of executable permission and source is in the weak trusted status;With executable permission and source it is unknown
Object be in the insincere state.
Further, the main body includes process, and the trust state of the main body includes: strong trusted status or insincere shape
State, wherein the trust state of the main body by parent process the corresponding executable file of trust state and process trust state
It determines.
Further, guarantee that root process is in strong trusted status first, in system all main bodys (process) by root into
What journey directly or indirectly derived from;By taking Linux system as an example, after kernel loads, the root process of user's space will start
(init process), hereafter, the postrun all processes of system are that root process (init process) directly or indirectly derives from.
Further, when the main body derives from a subprocess, subprocess inherits the trust state of parent process;When described
When main body executes an executable program or script, when the main body and the object are strong trusted status, newly
The trust state of process is set to strong trusted status, and otherwise, the trust state of new process is set to insincere state.
Further, on the basis of the existing permission bits of the file, increase by one for marking the letter of the file
Appoint the permission bits of state.
Further, when making the image file of operating system, by the trust state of the All Files in operating system
It is initialized.
Further, when the main body creates an object, if the main body is strong trusted status, newly created visitor
Body is then otherwise strong trusted status is set to weak trusted status if there is executing permission and setting;When the main body is insincere state
When, newly created object is then otherwise insincere state is set to weak trusted status if there is executing permission and setting.
Further, when the main object carries out write-in or delete operation, if the main body is insincere shape
State, object are strong trusted status, otherwise quiescing allows to operate.
Further, when the executable permission of main body modification object, what state be in regardless of object, when and only
When the main body is strong trusted status, allow to operate, otherwise, quiescing.
Beneficial effects of the present invention:
Setting through the invention determines the trust state of all subject and objects in operating system, and according to main body
With the trust state of object, the operating right of main object is controlled, the operating system safety protecting method is in easy-to-use
Meanwhile it can effectively by rogue program modification and be destroyed crime prevention system by each trust state, while to operating system
Ease for use and stability etc. will not affect greatly.
Specific embodiment
All main bodys and visitor the purpose of the present invention is to provide a kind of operating system safety protecting method, in operating system
Body has different trust states, and according to the trust state of subject and object, controls the operating right of main object;Prevention
Operating system is by malicious modification and destroys, while significantly affecting to that will not bring in terms of the performance and stability of system.
Control main object operating right include: control main object execute write operation, delete operation and
Modification operation.
Authentic authentication technology is mainly for the malicious act for destroying and modifying system and user data;Go out on the market at present
The rogue program of existing destruction system, it is super that their conventional means usually utilize system vulnerability implantation malicious code illegally to obtain
Permission modifies system file, destroys the normal function of operating system or leaves back door for the malicious act of next step.
The object includes file or resource, the trust state of the object include: strong trusted status, weak trusted status or
Insincere state, wherein there is the legal object of executable permission and source to be in the strong trusted status;Without executable permission
And the legal or unknown object in source is in the weak trusted status;It is in the unknown object of executable permission and source
The insincere state.
In the systems such as UNIX, linux, VWS, the access right of file is controlled by 9 permission bits, can be weighed at 9
Expand the trust state for being used to identify file in limit, in the image file of manufacturing system, to the institute in operating system
Documentary trust state is once initialized, by legal executable in other sources such as kernel file, init program file
The trust state of file is set as strong trusted status;It will be set as weak trusted status without the file for executing permission, source is unknown
Executable file be set as insincere state.
The main body includes process, and the main body includes strong credible trust state and insincere credential according to trust state
State.Subject and object is different, and main body is dynamic, and object is static.For example, the file and resource in operating system exist
After each system reboot, what the content and attribute of file and resource were no variation in, and the process in system restart every time with
It can all re-create afterwards, so the trust state definition of main body is different with object.The trust state of main body be main body (into
Journey) creation when for its definition, there are two the elements of definition: the trust state of parent process;The corresponding executable file of process (into
The code of journey) trust state.Therefore, the trust state of the main body corresponding is held by the trust state and process of parent process
The trust state of style of writing part determines.
Guarantee that root process be in strong trusted status first, in system all main bodys (process) by root process it is direct or
Connect derivation;By taking Linux system as an example, after kernel loads, the root process (init process) of user's space will start, this
Afterwards, the postrun all processes of system are that root process (init process) directly or indirectly derives from.
When the main body calls one subprocess of fork function creation, subprocess inherits the trust state of parent process;
When the main body calls exec to run a new process, and if only if the main body and executable program object
When (file) is strong trusted status, the trust state of new process is set to strong trusted status, and otherwise, the trust state of new process is set
For insincere state.
The main body creates an object, and when the main body is strong trusted status, newly created object is if there is executing
Permission is set to strong trusted status, otherwise, is set to weak trusted status;
When the main body is insincere state, newly created object is set to insincere state if there is executing permission, no
Then, it is set to weak trusted status.
When process exec executes a new process, rule is as follows:
If main body (process) be strong trusted status, object (program file of new process) also be strong trusted status, newly into
Journey is set to strong trusted status;If object is insincere state, new process is set to insincere state;
If main body (process) is insincere state, no matter whether object is trusted status, and new process is uniformly set to can not
Letter state.
When main body (process) creates new object (file) in system, rule is as follows:
If main body (process) is strong trusted status, newly created object (file) is strong credible if there is execution permission is set to
Otherwise state is set to weak trusted status;
If main body (process) is insincere state, newly created object (file) is insincere if there is execution permission is set to
Otherwise state is set to weak trusted status.
Write operation is executed to object based on embodiment 1:
By taking linux operating system as an example, the LSM module of kernel is extended, the pressure based on trust state is introduced and visits
Ask control module, when main body (process) executes write operation to the object (file) in system, kernel obtains main body first
Then trust state obtains the trust state of object, if main body (process) is insincere state, object (file) is by force may be used
Letter state forbids being written;In other situations, allow to be written.
Delete operation is executed to object based on embodiment 2:
When main body (process) executes delete operation to the object (file) in system, kernel obtains the trust of main body first
Then state obtains the trust state of object, if main body (process) is insincere state, object (file) is strong credible shape
State, deletion disabled;In other situations, allow to delete.
Modification operation is executed to object based on embodiment 3:
When main body (process) executes modification operation to the object (file) in system, kernel obtains the trust of main body first
Then state obtains the trust state of object, what state be in regardless of object, and if only if the main body be credible shape by force
When state, allow to operate, otherwise, quiescing.
Process and file in insincere trust state not necessarily have damage capability, and some may be friendly, and
And in system use process, user may install new software, if these programs are taken as insincere trust state
When file, it may not be possible to it operates normally, influences the availability of system, according to control rule, the generation in insincere trust state
Code derives from the process of insincere trust state, and the parent process of insincere trust state derives from the subprocess of insincere trust state,
The process of insincere trust state although credible normal operation, but the permissions such as the write-in, deletion and modification of system are limited,
So that them is lost destruction chance, reduces the damage capability of rogue program.
Setting through the invention determines the trust state of all subject and objects in operating system, and according to main body
With the trust state of object, the operating right of main object is controlled, the permission of rogue program is limited by each trust state, is made
The damage capability of rogue program minimizes, while ease for use to operating system and stability etc. will not affect greatly;
Also, the operating system safety protecting method can be applied to linux, unix, embedded system, android and FreeBSD etc.
In multiple system versions;Compared to the forced symmetric centralization of linux, credible measurement technology etc., the operating system safety protecting side
Method effectively crime prevention system can be modified and be destroyed by rogue program while easy-to-use, and to the property of system
Energy aspect hardly causes anything to influence.
Although so it is not limited to it should be noted that the present invention is illustrated using above-mentioned preferred embodiment
Protection scope of the present invention, anyone skilled in the art are not departing within the spirit and scope of the present invention, relatively above-mentioned reality
It applies example to carry out various variations and modify the range for still belonging to the present invention and being protected, therefore protection scope of the present invention is with claims
Subject to being defined.
Claims (8)
1. a kind of operating system safety protecting method, which is characterized in that determine the letter of all subject and objects in operating system
Appoint state, and according to the trust state of subject and object, controls the operating right of main object;
Control the operating right of main object, comprising: operation is deleted or modified in the write-in of control main object progress;
The object includes file or resource, and the trust state of the object includes: strong trusted status, weak trusted status or can not
Letter state, wherein there is the legal object of executable permission and source to be in the strong trusted status;Without executable permission and come
The legal or unknown object in source is in the weak trusted status;It is in described with the unknown object of executable permission and source
Insincere state.
2. operating system safety protecting method as described in claim 1, which is characterized in that the main body includes process, described
The trust state of main body includes: strong trusted status or insincere state, wherein the trust state of the main body by parent process letter
State and the trust state of the corresponding executable file of process is appointed to determine.
3. operating system safety protecting method as claimed in claim 2, which is characterized in that when the main body derive from a son into
Cheng Shi, subprocess inherit the trust state of parent process;When the main body executes a new process, and if only if the main body
When being strong trusted status with the object, the trust state of new process is set to strong trusted status, otherwise, the credential of new process
State is set to insincere state.
4. operating system safety protecting method as described in claim 1, which is characterized in that in the existing permission bits of the file
On the basis of, increase the permission bits of a trust state for marking the file.
5. operating system safety protecting method as described in claim 1, which is characterized in that in the image text of production operating system
When part, the trust state of the All Files in operating system is initialized.
6. operating system safety protecting method as claimed in claim 2, which is characterized in that when the main body creates an object
When, if the main body is strong trusted status, newly created object is strong trusted status if there is executing if permission is set, otherwise,
It is set to weak trusted status;When the main body is insincere state, be then set to can not if there is executing permission for newly created object
Otherwise letter state is set to weak trusted status.
7. operating system safety protecting method as claimed in claim 2, which is characterized in that when the main object is write
Enter or when delete operation, if the main body is insincere state, object is strong trusted status, otherwise quiescing allows to grasp
Make.
8. operating system safety protecting method as claimed in claim 2, which is characterized in that when the main body is to the visitor in system
When body executes modification operation, regardless of what state object is in, when the main body is strong trusted status, allow to grasp
Make, otherwise, quiescing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610622913.6A CN106295319B (en) | 2016-08-02 | 2016-08-02 | Operating system safety protecting method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610622913.6A CN106295319B (en) | 2016-08-02 | 2016-08-02 | Operating system safety protecting method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106295319A CN106295319A (en) | 2017-01-04 |
| CN106295319B true CN106295319B (en) | 2019-07-19 |
Family
ID=57664014
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610622913.6A Active CN106295319B (en) | 2016-08-02 | 2016-08-02 | Operating system safety protecting method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106295319B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107491693A (en) * | 2017-07-24 | 2017-12-19 | 南京南瑞集团公司 | A kind of industry control operating system active defense method with self-learning property |
| CN110837437A (en) * | 2018-08-17 | 2020-02-25 | 中标软件有限公司 | Power-down protection method based on general computer operating system |
| CN109918907B (en) * | 2019-01-30 | 2021-05-25 | 国家计算机网络与信息安全管理中心 | Method, controller and medium for obtaining evidence of malicious codes in process memory of Linux platform |
| CN111259348B (en) * | 2020-02-20 | 2023-03-07 | 国网信息通信产业集团有限公司 | Method and system for safely running executable file |
| CN112257059B (en) * | 2020-10-12 | 2023-03-28 | 麒麟软件有限公司 | Dynamic trusted file execution control method and system |
| CN113407940A (en) * | 2021-06-21 | 2021-09-17 | 成都欧珀通信科技有限公司 | Script detection method and device, storage medium and computer equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1854961A (en) * | 2005-04-28 | 2006-11-01 | 中国科学院软件研究所 | Strategy and method for realizing minimum privilege control in safety operating system |
| CN101727545A (en) * | 2008-10-10 | 2010-06-09 | 中国科学院研究生院 | Method for implementing mandatory access control mechanism of security operating system |
| CN104036166A (en) * | 2014-06-11 | 2014-09-10 | 中国人民解放军国防科学技术大学 | User privilege escalation method supporting mandatory access control |
| CN105046146A (en) * | 2015-06-30 | 2015-11-11 | 中标软件有限公司 | Resource access method of Android system |
-
2016
- 2016-08-02 CN CN201610622913.6A patent/CN106295319B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1854961A (en) * | 2005-04-28 | 2006-11-01 | 中国科学院软件研究所 | Strategy and method for realizing minimum privilege control in safety operating system |
| CN101727545A (en) * | 2008-10-10 | 2010-06-09 | 中国科学院研究生院 | Method for implementing mandatory access control mechanism of security operating system |
| CN104036166A (en) * | 2014-06-11 | 2014-09-10 | 中国人民解放军国防科学技术大学 | User privilege escalation method supporting mandatory access control |
| CN105046146A (en) * | 2015-06-30 | 2015-11-11 | 中标软件有限公司 | Resource access method of Android system |
Non-Patent Citations (2)
| Title |
|---|
| "可信操作系统中可信客体的研究";谭良;《计算机应用》;20080501;第1186页摘要、第1186页左栏第一段-第1188页右栏最后一段 |
| "易用的操作系统安全模型的设计和实现";刘尊等;《计算机应用》;20090901;第2319页摘要、第2319页左栏第一段-第2322页右栏最后一段,第2326页上接2322页部分 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106295319A (en) | 2017-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106295319B (en) | Operating system safety protecting method | |
| EP3207485B1 (en) | Code pointer authentication for hardware flow control | |
| US20210294879A1 (en) | Securing executable code integrity using auto-derivative key | |
| Sparks | A security assessment of trusted platform modules | |
| KR20130114726A (en) | System and method for tamper-resistant booting | |
| CN106682497A (en) | System and method of secure execution of code in hypervisor mode | |
| EP3485416B1 (en) | Bios security | |
| US20210124829A1 (en) | Enhanced secure boot | |
| CN104484594B (en) | A kind of franchise distribution method of the Linux system based on capability mechanism | |
| CN104751063A (en) | Operation system trusted guide method based on real mode technology | |
| US11513698B2 (en) | Root of trust assisted access control of secure encrypted drives | |
| US10848305B2 (en) | Key generation information trees | |
| EP2126770A2 (en) | Trusted computing entities | |
| CN105930728B (en) | A kind of application checking method and device | |
| CN106570395A (en) | Security protection method for operation system command | |
| WO2020187206A1 (en) | Implementation scheme of trusted computing system based on solid-state disk master controller | |
| CN104361298A (en) | Method and device for information safety and confidentiality | |
| KR102386111B1 (en) | Techniques for Preserving Protected Secrets Across Secure Boot Updates | |
| CN109977665B (en) | Cloud server starting process anti-theft and anti-tampering method based on TPCM | |
| KR102028670B1 (en) | Mobile device applying clark-wilson model and operating method thereof | |
| CN107305607B (en) | One kind preventing the independently operated method and apparatus of backstage rogue program | |
| Yao et al. | Configuration | |
| Yao et al. | Proactive Firmware Security Development | |
| Guldberg | A Password Capability-Based System with an Integrated Capability-Based Cryptographic File System | |
| Mappings | CWE-361: Time and State |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |