CN112463266A - Execution policy generation method and device, electronic equipment and storage medium - Google Patents
Execution policy generation method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN112463266A CN112463266A CN202011458685.6A CN202011458685A CN112463266A CN 112463266 A CN112463266 A CN 112463266A CN 202011458685 A CN202011458685 A CN 202011458685A CN 112463266 A CN112463266 A CN 112463266A
- Authority
- CN
- China
- Prior art keywords
- calling
- interface
- environment information
- execution
- current environment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 230000000903 blocking effect Effects 0.000 claims description 14
- 238000012544 monitoring process Methods 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims description 6
- 230000006399 behavior Effects 0.000 description 13
- 238000011161 development Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 7
- 230000003287 optical effect Effects 0.000 description 6
- 238000013475 authorization Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 238000011084 recovery Methods 0.000 description 2
- 230000001105 regulatory effect Effects 0.000 description 2
- 239000000126 substance Substances 0.000 description 2
- 201000004569 Blindness Diseases 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000003062 neural network model Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/448—Execution paradigms, e.g. implementations of programming paradigms
- G06F9/4482—Procedural
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
Abstract
The invention discloses an execution strategy generation method, an execution strategy generation device, electronic equipment and a storage medium. The method comprises the following steps: receiving current environment information of a calling interface sent by a terminal; identifying a calling risk value of the current environment information according to a preset identification model, and determining a calling risk level according to the calling risk value; and generating an execution strategy corresponding to the calling risk level according to the calling risk level, and sending the execution strategy to the terminal so that the terminal executes the execution strategy when calling an interface. By the technical scheme of the embodiment of the invention, the specific situation that the application calls the environment information of each interface is timely obtained, risk calling disposal is realized, the safety of application operation is enhanced, and the personal information safety is ensured.
Description
Technical Field
The embodiment of the invention relates to the technical field of mobile application, in particular to an execution strategy generation method and device, electronic equipment and a storage medium.
Background
At present, the authority control granularity of a mobile operating system is relatively rough, only authorization, denial or permanent denial is usually adopted, and once authorization is finished, when the APP continues to be called by the sensitive authority cannot be accurately sensed and controlled. For example, once the APP address book is granted, the user cannot sense when the APP reads or writes the address book; if the operating system controls the authority to single authorization, the operating system will disturb users to a certain extent during the use process, and most users lack relevant basic knowledge, and certain blindness exists in authorization decision.
Meanwhile, some SDK vendors may use some hot update techniques to dynamically modify compiled code in order to facilitate problem repair of released versions. This presents a security risk beyond version management for APP vendors that integrate the use of this SDK.
Disclosure of Invention
The invention provides an execution strategy generation method, an execution strategy generation device, electronic equipment and a storage medium, so that the specific situation that the application calls environment information of each interface, risk calling and disposal are obtained in time, the application running safety is enhanced, and the personal information safety is guaranteed.
In a first aspect, an embodiment of the present invention provides an execution policy generation method, which is applied to a server, and the method includes:
receiving current environment information of a calling interface sent by a terminal;
identifying a calling risk value of the current environment information according to a preset identification model, and determining a calling risk level according to the calling risk value;
and generating an execution strategy corresponding to the calling risk level according to the calling risk level, and sending the execution strategy to the terminal so that the terminal executes the execution strategy when calling an interface.
In a second aspect, an embodiment of the present invention further provides an execution policy generation method, applied to a terminal, where the method includes:
when monitoring the calling information of an application interface, acquiring the current environment information of the calling interface and sending the current environment information to a server;
and receiving an execution strategy corresponding to the current environment information sent by the server, and executing the execution strategy when the current environment information is called by the calling interface.
In a third aspect, an embodiment of the present invention further provides an execution policy generation apparatus, which is applied to a server, and the apparatus includes:
the current environment information receiving module is used for receiving current environment information of a calling interface sent by the terminal;
the calling risk level determining module is used for identifying a calling risk value of the current environment information according to a preset identification model and determining a calling risk level according to the calling risk value;
and the execution strategy generation module is used for generating an execution strategy corresponding to the calling risk level according to the calling risk level and sending the execution strategy to the terminal so that the terminal executes the execution strategy when calling an interface.
In a fourth aspect, an embodiment of the present invention further provides an execution policy generation apparatus, which is applied to a terminal, and the apparatus includes:
the current environment information sending module is used for acquiring current environment information of a calling interface when the calling information of the application to the interface is monitored, and sending the current environment information to the server;
and the execution strategy receiving module is used for receiving the execution strategy corresponding to the current environment information sent by the server and executing the execution strategy when the current environment information is called by the calling interface.
In a fifth aspect, an embodiment of the present invention further provides an electronic device, where the electronic device includes:
one or more processors;
a storage device for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement an execution policy generation method as provided by any embodiment of the present invention.
In a sixth aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the execution policy generation method provided in any embodiment of the present invention.
The invention receives the current environment information of the calling interface sent by the terminal; identifying a calling risk value of the current environment information according to a preset identification model, and determining a calling risk level according to the calling risk value; and generating an execution strategy corresponding to the calling risk level according to the calling risk level, and sending the execution strategy to the terminal so that the terminal executes the execution strategy when calling an interface. By the technical scheme of the embodiment of the invention, the specific situation that the application calls the environment information of each interface is known in time, risk calling disposal is realized, the safety of application operation is enhanced, and the personal information safety is ensured.
Drawings
In order to more clearly illustrate the technical solutions of the exemplary embodiments of the present invention, a brief description is given below of the drawings used in describing the embodiments. It should be clear that the described figures are only views of some of the embodiments of the invention to be described, not all, and that for a person skilled in the art, other figures can be derived from these figures without inventive effort.
Fig. 1 is a schematic flowchart of an execution policy generation method according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of an execution policy generation method according to a second embodiment of the present invention;
fig. 3 is an interaction flow diagram of an execution policy generation method according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of an execution policy generation apparatus according to a fourth embodiment of the present invention;
fig. 5 is a schematic structural diagram of an execution policy generation apparatus according to a fifth embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to a sixth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a flowchart of an execution policy generation method according to an embodiment of the present invention, which is applicable to determining a situation that a call interface of an application calls environment information. The embodiment mainly embodies a server-side execution method in the application execution policy generation process. The method may be performed by an execution policy generation apparatus, which may be implemented by means of software and/or hardware.
Before the technical solution of the embodiment of the present invention is introduced, an application scenario of the embodiment is introduced exemplarily: the current application contains a large number of directly invoked package-integrated development kits to implement specific functions. Since each development kit is a complete package, the internal details of the kit are not clear to the user using the development kit. In order to facilitate problem recovery of a released version of a development kit, some hot-update techniques are usually used to dynamically modify compiled code, so that users who integrate and use the development kit may have security risks beyond version management. In order to solve the above problems, in the technical solution of this embodiment, a control module is arranged at a server end and is used to receive current environment information of each calling interface sent by a user terminal, generate an execution policy corresponding to the environment information according to the environment information, and send the execution policy to the user terminal, so that the user terminal executes the execution policy when calling each interface, thereby enabling a user to timely obtain specific information of the application calling interface, and improving the security performance of application operation.
As shown in fig. 1, the method specifically includes the following steps:
and S110, receiving the current environment information of the calling interface sent by the terminal.
In the embodiment of the invention, the current environment information comprises system variable information and call parameter information of a call interface for calling the current application. Specifically, the system variable information includes component information such as an Activity component or a Services component, and the call parameter information includes variable information such as a function call chain. Specifically, the current environment information of the calling interface sent by the receiving terminal can be received through wireless communication modes such as bluetooth and WIFI when information transmission is detected, and the receiving terminal is not limited to sending the current environment information in this embodiment.
And S120, identifying the calling risk value of the current environment information according to the preset identification model, and determining the calling risk level according to the calling risk value.
The preset identification model may be a preset neural network model, or may be another network model for identifying the call risk value of the current environment information, and the type of the identification model is not limited in this embodiment. And calling the risk value is an output result of the recognition model and is used for representing the risk condition of the current environment information. The calling risk level is a calling risk level correspondingly set according to the calling risk value.
Specifically, the received current environment information of the calling interface is input into a preset identification model, an output result expressed by numerical values is obtained, and the output result is used as a calling risk value. For example, the value range of the call risk value may be 0-100, and when the range of the call risk value is 70-100, the corresponding risk level is a high-level risk, which indicates that the call interface currently has a large risk (for example, a third party malicious call), and does not meet the regulatory requirement; when the calling risk value ranges from 40 to 70, the corresponding risk level is a medium risk, which indicates that the calling interface currently has a risk that the user needs to be carefully called (for example, calling of the very common page position information under the situation that the user authority is authorized), and meets the supervision requirement; when the calling risk value ranges from 0 to 40, the corresponding risk level is low-level risk, which indicates that the calling interface has almost no risk and meets the regulatory requirement.
S130, generating an execution strategy corresponding to the calling risk level according to the calling risk level, and sending the execution strategy to the terminal so that the terminal executes the execution strategy when calling the interface.
The execution strategy comprises a blocking strategy, a prompting strategy and a releasing strategy, wherein the risk levels corresponding to the blocking strategy, the prompting strategy and the releasing strategy are sequentially reduced.
Optionally, when the call risk level is determined to be a high-level risk, a blocking policy for blocking the call behavior of the interface is generated. And when the calling risk level is determined to be the intermediate risk, generating a prompt strategy for prompting that the calling behavior of the interface has the risk. And when the calling risk level is determined to be low-level risk, generating a releasing strategy for releasing the calling behavior of the interface.
Specifically, after the corresponding execution strategy is generated according to the calling risk level, the corresponding execution strategy is sent to the terminal according to the risk level identified by the preset identification model, so that the terminal executes the execution strategy when calling the interface.
The invention receives the current environment information of the calling interface sent by the terminal; identifying a calling risk value of the current environment information according to a preset identification model, and determining a calling risk level according to the calling risk value; and generating an execution strategy corresponding to the calling risk level according to the calling risk level, and sending the execution strategy to the terminal so that the terminal executes the execution strategy when calling the interface. By the technical scheme of the embodiment of the invention, the specific situation that the application calls the environment information of each interface is known in time, risk calling disposal is realized, the safety of application operation is enhanced, and the personal information safety is ensured.
Example two
Fig. 2 is a flowchart of an execution policy generation method according to a second embodiment of the present invention, which is applicable to determining a situation that a call interface of an application calls environment information. On the basis of the foregoing embodiments, the present embodiment mainly embodies a method executed by a terminal in an application execution policy generation process. The method may be performed by an execution policy generation apparatus, which may be implemented by means of software and/or hardware.
Before the technical solution of the embodiment of the present invention is introduced, an application scenario of the embodiment is introduced exemplarily: the current application contains a large number of directly invoked package-integrated development kits to implement specific functions. Since each development kit is a complete package, the internal details of the kit are not clear to the user using the development kit. In order to facilitate problem recovery of a released version of a development kit, some hot-update techniques are usually used to dynamically modify compiled code, so that users who integrate and use the development kit may have security risks beyond version management. In order to solve the above problem, according to the technical solution of this embodiment, a management and control module is established inside an application of a terminal, and the management and control module is connected to each interface. Specifically, a management and control module is established for monitoring interface calling information of each application, transmitting environment information when each interface is called to a server, receiving and executing an execution strategy issued by the server, so as to acquire the specific condition of the environment information of each calling interface in time, execute a corresponding execution strategy in time according to the specific condition of the environment information of each calling interface in time, and enhance the safety performance of application operation.
As shown in fig. 2, the method specifically includes the following steps:
s210, when the calling information of the application to the interface is monitored, the current environment information of the calling interface is obtained, and the current environment information is sent to a server.
In the embodiment of the invention, the management and control module monitors the calling behavior information of the current application interface in real time. And judging that the current calling behavior of the calling interface is a sensitive interface calling behavior according to a preset judgment method. When the current interface calling is determined to be a sensitive interface calling behavior, the current environment information of the calling interface can be acquired through a system Context object and function calling access, and the acquired current environment information is sent to a server so as to generate an execution strategy corresponding to the current environment information.
S220, receiving an execution strategy corresponding to the current environment information sent by the server, and executing the execution strategy when the current environment information is called by the calling interface.
Specifically, an execution strategy corresponding to the current call risk level generated according to the current environment information and sent by the server is received. And when the current calling interface calls the current environment information, executing the received execution strategy by adopting the management and control module. Specifically, when the calling risk level is determined to be a high-level risk, a blocking strategy for blocking the interface calling behavior is executed; when the calling risk level is determined to be a middle risk, executing a prompt strategy for prompting that the interface calling behavior has a risk; and executing a releasing strategy for releasing the interface calling behavior when the calling risk level is determined to be low-level risk.
When monitoring the calling information of the application interface, the invention obtains the current environment information of the calling interface and sends the current environment information to the server; and receiving an execution strategy corresponding to the current environment information sent by the server, and executing the execution strategy when the current environment information is called by the calling interface. By the technical scheme of the embodiment of the invention, the corresponding execution strategy is timely executed according to the specific situation of the environment information of each calling interface, and the safety performance of application operation is enhanced.
EXAMPLE III
Fig. 3 is a schematic flowchart of a method for generating an execution policy according to a third embodiment of the present invention, which is applicable to determining a situation that an application call interface calls environment information. On the basis of the above embodiments, the present embodiment mainly embodies an interaction process between the terminal and the server in the application execution policy generation process. As shown in fig. 3, the method specifically includes the following steps:
s310, when monitoring the calling information of the application to the interface, the terminal acquires the current environment information of the calling interface and sends the current environment information to a server;
and S320, the server receives the current environment information of the calling interface sent by the terminal.
S330, the server identifies the call risk value of the current environment information according to the preset identification model, and determines the call risk level according to the call risk value.
S340, the server generates an execution strategy corresponding to the calling risk level according to the calling risk level.
And S350, sending the execution strategy to the terminal so that the terminal executes the execution strategy when calling the interface.
And S360, the terminal receives the execution strategy corresponding to the current environment information sent by the server and executes the execution strategy when the current environment information is called by the calling interface.
According to the technical scheme of the embodiment, the specific situation of the environment information of each calling interface is timely acquired, the corresponding execution strategy is timely executed according to the specific situation of the environment information of each calling interface, and the safety performance of application operation is enhanced.
The following is an embodiment of an execution policy generation apparatus provided in an embodiment of the present invention, which belongs to the same inventive concept as the execution policy generation methods of the above embodiments, and details that are not described in detail in the embodiment of the execution policy generation apparatus may refer to the embodiment of the execution policy generation method.
Example four
Fig. 4 is a schematic structural diagram of an execution policy generation apparatus according to a fourth embodiment of the present invention, which is applicable to determining a situation that a call interface of an application calls environment information. On the basis of the foregoing embodiments, the present embodiment mainly embodies a device executed by a server in an application execution policy generation process. The specific structure of the execution policy generation device includes: a current environment information receiving module 410, a call risk level determining module 420 and an execution policy generating module 430; wherein the content of the first and second substances,
a current environment information receiving module 410, configured to receive current environment information of a calling interface sent by a terminal;
the calling risk level determining module 420 is configured to identify a calling risk value of the current environment information according to a preset identification model, and determine a calling risk level according to the calling risk value;
and the execution policy generating module 430 is configured to generate an execution policy corresponding to the calling risk level according to the calling risk level, and send the execution policy to the terminal, so that the terminal executes the execution policy when calling the interface.
The invention receives the current environment information of the calling interface sent by the terminal; identifying a calling risk value of the current environment information according to a preset identification model, and determining a calling risk level according to the calling risk value; and generating an execution strategy corresponding to the calling risk level according to the calling risk level, and sending the execution strategy to the terminal so that the terminal executes the execution strategy when calling the interface. By the technical scheme of the embodiment of the invention, the specific situation that the application calls the environment information of each interface is known in time, risk calling disposal is realized, the safety of application operation is enhanced, and the personal information safety is ensured.
On the basis of the technical scheme, the current environment information comprises system variable information and calling parameter information.
On the basis of the technical scheme, the execution strategy comprises a blocking strategy, a prompting strategy and a releasing strategy, wherein the risk levels corresponding to the blocking strategy, the prompting strategy and the releasing strategy are sequentially reduced.
On the basis of the above technical solution, the policy generation module 430 is executed, and includes:
and the first generation unit is used for generating a blocking strategy for blocking the calling behavior of the interface when the calling risk level is determined to be the high-level risk.
And the second generating unit is used for generating a prompt strategy for prompting that the interface calling behavior has risks when the calling risk level is determined to be the intermediate risk.
And a third generating unit, configured to generate a release policy for releasing the interface call behavior when the call risk level is determined to be a low-level risk.
The execution policy generation device provided by the embodiment of the invention can execute the execution policy generation method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
It should be noted that, in the embodiment of the execution policy generation apparatus, each included unit and module are only divided according to functional logic, but are not limited to the above division as long as the corresponding function can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
EXAMPLE five
Fig. 5 is a schematic structural diagram of an execution policy generation apparatus according to a fifth embodiment of the present invention, which is applicable to determining a situation that a call interface of an application calls environment information. On the basis of the foregoing embodiments, the present embodiment mainly embodies a device executed by a terminal in an application execution policy generation process. The specific structure of the execution policy generation device includes: a current environment information transmitting module 510 and an execution policy receiving module 520; wherein the content of the first and second substances,
the current environment information sending module 510 is configured to, when monitoring call information of an application to an interface, obtain current environment information of the call interface, and send the current environment information to a server.
The execution policy receiving module 520 is configured to receive an execution policy corresponding to the current environment information sent by the server, and execute the execution policy when the current environment information is called by the called interface.
When monitoring the calling information of the application interface, the invention obtains the current environment information of the calling interface and sends the current environment information to the server; and receiving an execution strategy corresponding to the current environment information sent by the server, and executing the execution strategy when the current environment information is called by the calling interface. By the technical scheme of the embodiment of the invention, the corresponding execution strategy is timely executed according to the specific situation of the environment information of each calling interface, and the safety performance of application operation is enhanced.
On the basis of the above technical solution, the current apparatus further includes:
and the management and control module establishing module is used for establishing the management and control module, is connected with each interface, and is used for monitoring interface calling information of each application, transmitting the environment information when each interface is called to the server, and receiving and executing the execution strategy issued by the server.
The execution policy generation device provided by the embodiment of the invention can execute the execution policy generation method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
It should be noted that, in the embodiment of the execution policy generation apparatus, each included unit and module are only divided according to functional logic, but are not limited to the above division as long as the corresponding function can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
EXAMPLE six
Fig. 6 is a schematic structural diagram of an electronic device according to a sixth embodiment of the present invention. FIG. 6 illustrates a block diagram of an exemplary electronic device 12 suitable for use in implementing embodiments of the present invention. The electronic device 12 shown in fig. 6 is only an example and should not bring any limitation to the function and the scope of use of the embodiment of the present invention.
As shown in FIG. 6, electronic device 12 is embodied in the form of a general purpose computing electronic device. The components of electronic device 12 may include, but are not limited to: one or more processors or processing units 16, a system memory 28, and a bus 18 that couples various system components including the system memory 28 and the processing unit 16.
The system memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)30 and/or cache memory 32. The electronic device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 6, and commonly referred to as a "hard drive"). Although not shown in FIG. 6, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 18 by one or more data media interfaces. System memory 28 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored, for example, in system memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 42 generally carry out the functions and/or methodologies of the described embodiments of the invention.
The processing unit 16 executes various functional applications and sample data acquisition by running the program stored in the system memory 28, for example, implementing the steps of an execution policy generation method provided by the embodiment of the present invention, where the execution policy generation method includes:
receiving current environment information of a calling interface sent by a terminal;
identifying a calling risk value of the current environment information according to a preset identification model, and determining a calling risk level according to the calling risk value;
and generating an execution strategy corresponding to the calling risk level according to the calling risk level, and sending the execution strategy to the terminal so that the terminal executes the execution strategy when calling an interface.
The execution policy generation method further includes:
when monitoring the calling information of an application interface, acquiring the current environment information of the calling interface and sending the current environment information to a server;
and receiving an execution strategy corresponding to the current environment information sent by the server, and executing the execution strategy when the current environment information is called by the calling interface.
Of course, those skilled in the art can understand that the processor may also implement the technical solution of the sample data obtaining method provided in any embodiment of the present invention.
EXAMPLE seven
The seventh embodiment provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements, for example, the steps of an execution policy generation method provided in this embodiment, where the execution policy generation method includes:
receiving current environment information of a calling interface sent by a terminal;
identifying a calling risk value of the current environment information according to a preset identification model, and determining a calling risk level according to the calling risk value;
and generating an execution strategy corresponding to the calling risk level according to the calling risk level, and sending the execution strategy to the terminal so that the terminal executes the execution strategy when calling an interface.
The execution policy generation method further includes:
when monitoring the calling information of an application interface, acquiring the current environment information of the calling interface and sending the current environment information to a server;
and receiving an execution strategy corresponding to the current environment information sent by the server, and executing the execution strategy when the current environment information is called by the calling interface.
Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer-readable storage medium may be, for example but not limited to: an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It will be understood by those skilled in the art that the modules or steps of the invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of computing devices, and optionally they may be implemented by program code executable by a computing device, such that it may be stored in a memory device and executed by a computing device, or it may be separately fabricated into various integrated circuit modules, or it may be fabricated by fabricating a plurality of modules or steps thereof into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (10)
1. An execution policy generation method applied to a server includes:
receiving current environment information of a calling interface sent by a terminal;
identifying a calling risk value of the current environment information according to a preset identification model, and determining a calling risk level according to the calling risk value;
and generating an execution strategy corresponding to the calling risk level according to the calling risk level, and sending the execution strategy to the terminal so that the terminal executes the execution strategy when calling an interface.
2. The method of claim 1, wherein the current context information comprises system variable information and call-in argument information.
3. The method of claim 1, wherein the enforcement policy comprises a blocking policy, a prompting policy, and a releasing policy, and wherein the risk levels corresponding to the blocking policy, the prompting policy, and the releasing policy decrease in sequence.
4. The method according to claim 3, wherein the generating the execution policy corresponding to the call risk level according to the call risk level comprises:
when the calling risk level is determined to be a high-level risk, generating a blocking strategy for blocking the interface calling behavior;
when the calling risk level is determined to be a middle risk, generating a prompt strategy for prompting that the interface calling behavior has risks;
and when the calling risk level is determined to be low-level risk, generating a releasing strategy for releasing the interface calling behavior.
5. An execution policy generation method, applied to a terminal, includes:
when monitoring the calling information of an application interface, acquiring the current environment information of the calling interface and sending the current environment information to a server;
and receiving an execution strategy corresponding to the current environment information sent by the server, and executing the execution strategy when the current environment information is called by the calling interface.
6. The method of claim 5, wherein before obtaining the current context information of the calling interface, further comprising:
and establishing a control module, wherein the control module is connected with each interface and is used for monitoring interface calling information of each application, transmitting environment information when each interface is called to a server, and receiving and executing an execution strategy issued by the server.
7. An execution policy generation apparatus, applied to a server, includes:
the current environment information receiving module is used for receiving current environment information of a calling interface sent by the terminal;
the calling risk level determining module is used for identifying a calling risk value of the current environment information according to a preset identification model and determining a calling risk level according to the calling risk value;
and the execution strategy generation module is used for generating an execution strategy corresponding to the calling risk level according to the calling risk level and sending the execution strategy to the terminal so that the terminal executes the execution strategy when calling an interface.
8. An execution policy generation apparatus, applied to a terminal, includes:
the current environment information sending module is used for acquiring current environment information of a calling interface when the calling information of the application to the interface is monitored, and sending the current environment information to the server;
and the execution strategy receiving module is used for receiving the execution strategy corresponding to the current environment information sent by the server and executing the execution strategy when the current environment information is called by the calling interface.
9. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the execution policy generation method of any one of claims 1-4 or 5-6.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out an execution policy generation method according to any one of claims 1 to 4 or 5 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011458685.6A CN112463266A (en) | 2020-12-11 | 2020-12-11 | Execution policy generation method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011458685.6A CN112463266A (en) | 2020-12-11 | 2020-12-11 | Execution policy generation method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112463266A true CN112463266A (en) | 2021-03-09 |
Family
ID=74802852
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011458685.6A Pending CN112463266A (en) | 2020-12-11 | 2020-12-11 | Execution policy generation method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112463266A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113536319A (en) * | 2021-07-07 | 2021-10-22 | 上海浦东发展银行股份有限公司 | Interface risk prediction method and device, computer equipment and storage medium |
| CN113807750A (en) * | 2021-11-19 | 2021-12-17 | 中国气象局公共气象服务中心(国家预警信息发布中心) | Service decision device and method based on environment elements |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104956715A (en) * | 2013-01-25 | 2015-09-30 | 高通股份有限公司 | Adaptive observation of behavioral features on a mobile device |
| US9584378B1 (en) * | 2015-12-22 | 2017-02-28 | International Business Machines Corporation | Computer-implemented command control in information technology service environment |
| CN106650418A (en) * | 2016-12-21 | 2017-05-10 | 天津大学 | Android access control system and method based onmulti-strategy |
| CN107992747A (en) * | 2016-10-27 | 2018-05-04 | 中国电信股份有限公司 | The malicious act detection method and system of shell adding application |
| CN109471782A (en) * | 2018-11-20 | 2019-03-15 | 北京芯盾时代科技有限公司 | A kind of risk detecting system and risk checking method |
| CN109618121A (en) * | 2018-11-29 | 2019-04-12 | 苏州市科远软件技术开发有限公司 | The processing method and processing device of video conference information security |
| CN110610083A (en) * | 2018-06-15 | 2019-12-24 | 上海巍擎信息技术有限责任公司 | Method for judging pollution of monitoring data and corresponding device |
| CN111131235A (en) * | 2019-12-23 | 2020-05-08 | 杭州安恒信息技术股份有限公司 | Safety maintenance method, device, equipment and storage medium of business system |
| CN111259382A (en) * | 2018-11-30 | 2020-06-09 | 中国电信股份有限公司 | Malicious behavior identification method, device and system and storage medium |
| CN111428237A (en) * | 2020-03-06 | 2020-07-17 | 支付宝(杭州)信息技术有限公司 | Attack risk identification method, system and device and electronic equipment |
| CN111538978A (en) * | 2019-02-07 | 2020-08-14 | 卡巴斯基实验室股份制公司 | System and method for executing tasks based on access rights determined from task risk levels |
| CN111614624A (en) * | 2020-04-24 | 2020-09-01 | 支付宝(杭州)信息技术有限公司 | Risk detection method, device, system and storage medium |
| CN111931166A (en) * | 2020-09-24 | 2020-11-13 | 中国人民解放军国防科技大学 | Application program anti-attack method and system based on code injection and behavior analysis |
-
2020
- 2020-12-11 CN CN202011458685.6A patent/CN112463266A/en active Pending
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104956715A (en) * | 2013-01-25 | 2015-09-30 | 高通股份有限公司 | Adaptive observation of behavioral features on a mobile device |
| US9584378B1 (en) * | 2015-12-22 | 2017-02-28 | International Business Machines Corporation | Computer-implemented command control in information technology service environment |
| CN107992747A (en) * | 2016-10-27 | 2018-05-04 | 中国电信股份有限公司 | The malicious act detection method and system of shell adding application |
| CN106650418A (en) * | 2016-12-21 | 2017-05-10 | 天津大学 | Android access control system and method based onmulti-strategy |
| CN110610083A (en) * | 2018-06-15 | 2019-12-24 | 上海巍擎信息技术有限责任公司 | Method for judging pollution of monitoring data and corresponding device |
| CN109471782A (en) * | 2018-11-20 | 2019-03-15 | 北京芯盾时代科技有限公司 | A kind of risk detecting system and risk checking method |
| CN109618121A (en) * | 2018-11-29 | 2019-04-12 | 苏州市科远软件技术开发有限公司 | The processing method and processing device of video conference information security |
| CN111259382A (en) * | 2018-11-30 | 2020-06-09 | 中国电信股份有限公司 | Malicious behavior identification method, device and system and storage medium |
| CN111538978A (en) * | 2019-02-07 | 2020-08-14 | 卡巴斯基实验室股份制公司 | System and method for executing tasks based on access rights determined from task risk levels |
| CN111131235A (en) * | 2019-12-23 | 2020-05-08 | 杭州安恒信息技术股份有限公司 | Safety maintenance method, device, equipment and storage medium of business system |
| CN111428237A (en) * | 2020-03-06 | 2020-07-17 | 支付宝(杭州)信息技术有限公司 | Attack risk identification method, system and device and electronic equipment |
| CN111614624A (en) * | 2020-04-24 | 2020-09-01 | 支付宝(杭州)信息技术有限公司 | Risk detection method, device, system and storage medium |
| CN111931166A (en) * | 2020-09-24 | 2020-11-13 | 中国人民解放军国防科技大学 | Application program anti-attack method and system based on code injection and behavior analysis |
Non-Patent Citations (1)
| Title |
|---|
| 张波云: "《计算机网络安全与管理研究》", 30 June 2020, 武汉大学出版社, pages: 243 - 248 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113536319A (en) * | 2021-07-07 | 2021-10-22 | 上海浦东发展银行股份有限公司 | Interface risk prediction method and device, computer equipment and storage medium |
| CN113536319B (en) * | 2021-07-07 | 2022-12-13 | 上海浦东发展银行股份有限公司 | Interface risk prediction method and device, computer equipment and storage medium |
| CN113807750A (en) * | 2021-11-19 | 2021-12-17 | 中国气象局公共气象服务中心(国家预警信息发布中心) | Service decision device and method based on environment elements |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110310205B (en) | Block chain data monitoring method, device, equipment and medium | |
| US10944758B1 (en) | Computer resource vulnerability assessment and remediation | |
| CN110738473B (en) | Wind control method, system, device and equipment | |
| CN110138767B (en) | Transaction request processing method, device, equipment and storage medium | |
| CN111416811A (en) | Unauthorized vulnerability detection method, system, equipment and storage medium | |
| US20210382986A1 (en) | Dynamic, Runtime Application Programming Interface Parameter Labeling, Flow Parameter Tracking and Security Policy Enforcement | |
| CN112463266A (en) | Execution policy generation method and device, electronic equipment and storage medium | |
| EP3021250B1 (en) | Electronic device and method for suggesting response manual in occurrence of denial | |
| CN114065196A (en) | Java memory horse detection method and device, electronic equipment and storage medium | |
| CN110704131B (en) | Method and device for calling native application by HTML5 application | |
| CN107315947A (en) | Pay class application management method, device and mobile terminal | |
| KR101716690B1 (en) | Unauthorized data access blocking method and computing apparatus having Unauthorized data access blocking function | |
| CN112417402B (en) | Authority control method, authority control device, authority control equipment and storage medium | |
| US10783020B2 (en) | Method for invoking component, and terminal | |
| CN113450149A (en) | Information processing method and device, electronic equipment and computer readable medium | |
| US11194904B2 (en) | Security actions based on monitored computer and user physical activities | |
| CN113360916A (en) | Risk detection method, device, equipment and medium for application programming interface | |
| CN111598544A (en) | Method and apparatus for processing information | |
| CN112543195A (en) | Information security assessment method and device for intelligent networked automobile and electronic equipment | |
| CN115277046B (en) | 5G capability open security control method, device, equipment and storage medium | |
| CN113641966B (en) | Application integration method, system, equipment and medium | |
| CN107567627B (en) | Device with test execution environment | |
| CN112149106B (en) | Login method, device, equipment and medium of enterprise private applet | |
| CN116074118B (en) | API access control method, system, intelligent terminal and storage medium | |
| CN111124627A (en) | Method, device, terminal and storage medium for determining application program caller |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |