KR101256453B1 - Apparatus and method for detecting rooting - Google Patents

Apparatus and method for detecting rooting Download PDF

Info

Publication number
KR101256453B1
KR101256453B1 KR1020120106847A KR20120106847A KR101256453B1 KR 101256453 B1 KR101256453 B1 KR 101256453B1 KR 1020120106847 A KR1020120106847 A KR 1020120106847A KR 20120106847 A KR20120106847 A KR 20120106847A KR 101256453 B1 KR101256453 B1 KR 101256453B1
Authority
KR
South Korea
Prior art keywords
routing
file
event
monitoring target
application
Prior art date
Application number
KR1020120106847A
Other languages
Korean (ko)
Inventor
이광우
김영수
정혜진
Original Assignee
주식회사 안랩
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 안랩 filed Critical 주식회사 안랩
Priority to KR1020120106847A priority Critical patent/KR101256453B1/en
Application granted granted Critical
Publication of KR101256453B1 publication Critical patent/KR101256453B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Telephone Function (AREA)

Abstract

In the present invention, in event-based real-time routing detection, set a directory or file list, etc. that are subject to routing monitoring, register with a file monitoring event provided by the OS of the portable terminal, and an event according to a file attribute change in the corresponding routing monitoring target. Routing detection is performed in real time whenever it occurs, enabling more accurate routing detection even in a custom kernel that dynamically performs routing or unrouting to bypass routing detection.

Description

Routing detection device and method {APPARATUS AND METHOD FOR DETECTING ROOTING}

The present invention relates to a method for detecting rooting, and in particular, in event-based real-time routing detection, operating a portable terminal by setting a directory or a file list to be monitored. By registering in the file observing event provided by the system and performing the routing detection in real time whenever an event occurs due to the change of the file property in the corresponding routing monitoring target, routing or unrouting to bypass the routing detection The present invention relates to a routing detection apparatus and method for more accurately performing routing detection even in a custom kernel that dynamically performs (unrooting).

In general, in the portable terminal equipped with Android as a terminal operating system, the sandbox concept is applied, and each application has a limited access to resources in addition to its own area, and also through each application's own signing Android terminal provides a basic defense against forgery and alteration.

However, forgery-sensitive applications such as banking applications of banks or securities firms' HTS (Home Trading System) applications have their own verification mechanisms for forgery and furthermore, financial trading applications have a defense against forgery. It is legally mandatory and is enacted as IT Compliance.

Therefore, in the case of a financial transaction application that wants to verify forgery and alteration, the mobile terminal checks whether the mobile terminal is rooted before checking forgery, and terminates the financial transaction service if it is determined that it is not. do. As such, rooting detection is an important and essential element for security-sensitive applications.

When the above-described routing detection operation is described in more detail, for example, when a banking application equipped with the routing detection module is executed, the routing detection module is executed first, and the routing detection module is usually executed when the root authority is acquired. It checks whether 'su' file exists or checks whether the adb (Android Debug Bridge) daemon is running as root authority. In this case, the application that receives a normal return is a method of providing a normal service.

However, in order to forge an application, a mobile terminal such as Android acquires system administrator authority through a rooting process, and then uses forgery to bypass the forgery verification module of the application.

In addition, the evolving routing terminals provide the ability to dynamically perform routing or unrouting to bypass routing detection, and use it as a routine for routing and unrouting before an application that detects the routing detection module is executed. After the application is executed and the routing detection module completes the routing detection, the routing detection can be performed again to bypass the routing detection module.

That is, in the case of the rooting terminal which provides the function to dynamically perform the routing and unrouting as above, the su file is created by creating the su file in an executable location (PATH environment variable), for example, when the routing is activated. You can use to get root privileges. You can also hide the su file when disabling the root (unroot) to disallow root privileges using the su file.

As described above, the recent routing terminal bypasses the existing routing detection module by providing a routing and unrouting function so as to be dynamically executed, and it is difficult to detect this.

Republic of Korea Patent Registration No. 10-1157537 Date of registration June 12, 2012 discloses a technology related to the system and method for preventing the spread of mobile malware.

Accordingly, in the event-based real-time routing detection, the present invention sets a directory or file list to be a routing monitoring target, registers a file monitoring event provided by the OS of the portable terminal, and changes a file attribute in the routing monitoring target. By performing routing detection in real time whenever an event occurs according to the present invention, a routing detection device and method for more accurately performing a routing detection can be performed even in a terminal or an OS that dynamically performs routing or unrouting to bypass the routing detection. .

The above-described present invention is a routing detection apparatus, comprising: a routing monitoring target setting unit for setting a routing monitoring target, a routing event registration unit for registering the routing monitoring target with an operating system (OS) of a portable terminal performing the routing detection; When receiving an event generated in the routing monitoring target from the OS, a routing checking unit for determining whether the event corresponds to a routing behavior, and if the routing behavior is determined from the routing checking unit, a routing behavior is generated to an application requesting the routing monitoring. The notification includes a routing alarm unit.

The routing event registration unit may register the routing monitoring target with a file monitoring event provided by an OS of the portable terminal.

The routing event registration unit may register the routing monitoring target with the file monitoring event by using an API provided by an OS.

The routing monitoring target may be set to a directory list or a file list that can be used as instruction information for determining whether to route.

The event may be generated when a change of a file attribute occurs in a directory list or a file list registered as the routing monitoring target.

The event may be generated when any file creation, deletion, file name change, file move, permission change, or file modification occurs in the directory list or the file list.

In addition, when the routing monitoring is requested, the routing checking unit checks whether a routing action is performed on the portable terminal using a predetermined routing detection policy before executing the application, and transmits a test result to the application. It features.

The directory list may include one or more of / system, / sbin or / bin.

The file list may include at least one of a su file and an adbd file.

In addition, the application is characterized in that the application for processing financial information or personal information.

In addition, the present invention provides a method for detecting a routing, comprising: setting a routing monitoring target when an application for which a routing monitoring is requested is executed, registering the routing monitoring target with an OS of a portable terminal; And determining whether the event corresponds to a routing behavior when receiving an event occurring in, and notifying the application of the occurrence of the routing behavior when the routing behavior is determined.

The routing monitoring target may be registered in a file monitoring event provided by the OS.

The routing monitoring target may be set to a directory list or a file list that can be used as instruction information for determining whether to route.

The event may be generated when a change of a file attribute occurs in a directory list or a file list registered as the routing monitoring target.

The event may be generated when any file creation, deletion, file name change, file movement, permission change, or file modification occurs in the directory list or the file list.

The method may further include checking whether a routing action is performed on the portable terminal by using a predetermined routing detection policy before the application is executed, and when the routing result is performed on the portable terminal. And transmitting the routing action to the application.

The present invention, in the event-based real-time routing detection, set a directory or file list that is the target of the routing monitoring to register the file monitoring event provided by the OS of the portable terminal, the event according to the file attribute changes in the routing monitoring target By performing routing detection in real time whenever it occurs, there is an advantage that it is possible to perform routing detection more accurately even in a custom kernel that dynamically performs routing or unrouting to bypass the routing detection.

1 is a detailed block diagram of a portable terminal to which a root detection device according to an embodiment of the present invention is applied;
2 is a detailed block diagram of a routing detection apparatus according to an embodiment of the present invention;
3 is a flow chart of event-based real-time routing detection control according to an embodiment of the present invention.

Hereinafter, with reference to the accompanying drawings will be described in detail the operating principle of the present invention. In the following description of the present invention, if it is determined that a detailed description of a known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted. The following terms are defined in consideration of the functions of the present invention, and may be changed according to the intentions or customs of the user, the operator, and the like. Therefore, the definition should be based on the contents throughout this specification.

Each block of the accompanying block diagrams and combinations of steps of the flowchart may be performed by computer program instructions. These computer program instructions may be loaded into a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus so that the instructions, which may be executed by a processor of a computer or other programmable data processing apparatus, And means for performing the functions described in each step are created.

These computer program instructions may be stored in a computer usable or computer readable memory that can be directed to a computer or other programmable data processing equipment to implement functionality in a particular manner, and thus the computer usable or computer readable memory. It is also possible for the instructions stored in to produce an article of manufacture containing instruction means for performing the functions described in each block or flowchart of each step of the block diagram.

Computer program instructions may also be mounted on a computer or other programmable data processing equipment, such that a series of operating steps may be performed on the computer or other programmable data processing equipment to create a computer-implemented process to create a computer or other programmable data. Instructions that perform processing equipment may also provide steps for performing the functions described in each block of the block diagram and in each step of the flowchart.

Also, each block or each step may represent a module, segment, or portion of code that includes one or more executable instructions for executing the specified logical function (s). It should also be noted that in some alternative embodiments, the functions mentioned in the blocks or steps may occur out of order. For example, the two blocks or steps shown in succession may in fact be executed substantially concurrently or the blocks or steps may sometimes be performed in the reverse order, depending on the functionality involved.

FIG. 1 illustrates a detailed block diagram of a portable terminal 100 to which a root detection device 110 according to an embodiment of the present invention is applied. The portable terminal 100 may include a terminal such as a smartphone and a tablet PC.

Hereinafter, each component of the portable terminal 100 and the operation of the routing detection apparatus 110 will be described in detail with reference to FIG. 1.

First, the key input unit 104 may be composed of a plurality of numeric keys and function keys for requesting various operations of the portable terminal 100, the control unit by generating a corresponding key data (keydata) when the user presses a predetermined key Output to (108). The key input unit 104 as described above has a difference in character arrangement by manufacturer and country. In addition, the key input unit 104 may be displayed on the display unit 102 in a touch screen format whenever necessary by a software method instead of a physical keypad in a smart phone, a tablet PC, or the like. have.

The communication unit 112 may be connected to the Internet via a wired or wireless network to perform data transmission and reception, and receive an application file downloaded and selected by a user from a site such as a play store. In addition, when an application 114 requiring routing detection, such as a banking application, communicates with a service server located at a remote place on a communication network, data for operation between the service server and the corresponding application may be transmitted and received.

The display unit 102 displays various information of the portable terminal 100 under the control of the controller 108, and receives and displays key data generated by the key input unit 104 and various information signals of the controller 108.

The controller 108 controls the overall operation of the portable terminal 100 according to the operation program stored in the memory unit 106. The operating program as described above connects the display unit 102 and the key input unit 104 as well as the basic operating system required for the operation of the terminal 100, manages input / output of data, or the terminal 100. It refers to software that is preprogrammed at the time of manufacture to operate the internal application of the same.

In addition, the controller 108 receives the application file selected by the user in the play store through the communication unit 112 and installs it to control the application to be executed in the portable terminal 100.

On the other hand, the application 114 that requires security, such as a banking application of the various applications installed in the portable terminal 100 as described above is checked whether the portable terminal 100 is a routing terminal before execution is checked as not a routing terminal. Only the application is implemented to operate normally.

At this time, as a method of checking whether the portable terminal 100 is a routing terminal, whether or not a su file exists or whether the root terminal is determined by a method of checking whether or not the authority of the Adbd is changed to the root authority is determined. As described above, since the routing terminal bypasses the routing detection by dynamically performing the routing or unrouting, the routing detection is not performed correctly.

Therefore, according to the present invention, for example, the routing detection device 110 mounted on the portable terminal 100 sets a directory or a file list, which is information that can be determined as a routing action, as a routing monitoring target. In order to cope with the routing detection bypass by registering with the OS 116 and performing the routing detection in real time whenever an event related to the routing behavior is received from the OS 116.

That is, when the routing detection device 110 receives a routing detection request from an application 114 that requires routing detection, such as a banking application, the routing detection device 110 sets a directory list or a file list, etc., as a target for monitoring the routing, by checking the routing behavior. The file monitoring event function is used to register with the OS 116 of the portable terminal 100. Accordingly, the OS 116 detects a file attribute change such as file creation, deletion, or file name change in a directory or file list that is set as a routing monitoring target, and detects that an event requiring confirmation on the routing monitoring target has occurred. Notified to the device.

Then, the routing detection device 110 checks, for example, a file property change, for a routing event occurring in the routing monitoring target to check whether a file necessary for the routing process is generated or a file property change corresponding to the routing occurs. Through this, it is determined whether a routing action has occurred, and if a routing action occurs, the application 114 is notified of the routing detection request so that personal information leakage due to routing can be prevented.

2 is a block diagram illustrating a detailed configuration of a routing detection device 110 for detecting a routing in a portable terminal 100 according to an embodiment of the present invention. The routing monitoring target setting unit 202 and the routing event registration unit 204 are illustrated. , The routing checking unit 206, the routing alarm unit 208, and the like.

Hereinafter, an operation of each part of the routing detection apparatus 110 of the present invention will be described in detail with reference to FIG. 2.

First, when an application 114 requiring routing detection, such as a banking application, is executed, the application 114 connects to the service network 200 on the communication network, etc., before executing an associated operation such as banking. The detection device 110 requests routing detection as to whether the portable terminal 100 on which the application 114 is executed is a routing terminal.

Accordingly, the routing monitoring target setting unit 202 in the routing detection apparatus 110 sets a directory list or a file list, etc., as a target for checking whether or not a routing action is performed in real time, as the routing monitoring target. At this time, the routing monitoring target setting unit 202 is a directory which is a routing monitoring target in conjunction with the OS 116 of the portable terminal 100 in which the routing detection apparatus 110 is performed for the routing monitoring target to perform the routing monitoring. You can set the file list.

At this time, the directory to be detected as a root may be, for example, / system, / sbin, or / bin, which is an indicator file such as a su file that can determine the rooting behavior. This is because such a directory is only an example and the directory list may be updated through an update process.

In addition, the list of files to be monitored for monitoring may be, for example, a su file or an Adbd file. Such a file list is only an example and may be updated through an update process like a directory.

The routing event registration unit 204 receives a directory or file list which is the routing monitoring target set by the routing monitoring target setting unit 202 and provides a file monitoring system for providing the corresponding routing monitoring target by the OS 116 of the portable terminal 100. Register for the event. In this case, when the OS 116 of the portable terminal 100 is Linux, the routing event registerer 204 may register a file event using an inotify API or the like. The registered directory or file may be set in the OS 116 to generate an event when a file attribute is changed, such as file creation or deletion, file name change, or the like. That is, it is possible to receive an event from the OS 116 as to whether a file necessary for the routing process is generated or a file attribute change corresponding to the routing occurs.

That is, the OS 116 detects that a file attribute change such as file creation, deletion, or file name change occurs for a directory list or a file list set as a root monitoring target, and an event requiring confirmation on the root monitoring target has occurred. The routing confirmation unit 206 is notified.

Then, when the routing checking unit 206 receives an event registered by the routing event registration unit 204 from the OS 116, the routing checking unit 206 confirms a routing monitoring target for which the corresponding event occurred, for example, a file attribute change in a directory list or a file list, and the like. By determining whether a file necessary for the routing process has been created or whether a file property change corresponding to the routing has occurred, it is determined whether a routing action has occurred, and if it is determined that the routing action has occurred, it is determined by the routing alarm unit 208. to provide.

Then, the routing alarm unit 208 notifies the fact that the routing action has occurred by responding to the application requesting the routing monitoring when a routing action occurs.

Accordingly, the application 114 that has been notified of the routing facts determines that the execution of the application 114 may be dangerous in the portable terminal 100 according to the occurrence of the routing action, thereby stopping the execution of the application 114. In this way, routing prevents sensitive personal information such as banking from being leaked.

3 illustrates an operation control flow for performing event-based real-time routing detection in the routing detection apparatus 110 according to an embodiment of the present invention. Hereinafter, embodiments of the present invention will be described in detail with reference to FIGS. 1, 2, and 3.

First, when there is a routing detection request from an application 114 requiring routing detection, such as a banking application, the routing detection device 110 first performs a portable terminal (or a conventional method) before executing the event-based real-time routing detection. 100 detects whether the routing terminal (S300). In this case, when the portable terminal 100 is inspected as a routing terminal (S302), the routing detection device 110 notifies the application 114 of the routing fact and does not perform event-based real-time routing detection.

However, if the portable terminal 100 is inspected as not routed in the routing detection performed before the execution of the application (S302), the routing detection device 110 switches to event-based real-time routing detection in the routing detection to execute the application. Event-based routing detection is performed during the process.

That is, the routing monitoring target setting unit 202 in the routing detecting apparatus 110 sets a file list, a directory list, and the like as a routing monitoring target to check whether the routing activity is performed in real time (S304). At this time, the routing monitoring target setting unit 202 is linked with the OS 116 of the portable terminal 100 in which the routing detection apparatus 110 is performed on the routing monitoring target to perform the routing monitoring, and the directory list to be the monitoring monitoring target. Or you can set the file list.

In addition, the directory to be monitored for routing may be, for example, / system, / sbin, or / bin, which indicates that an indicator file such as a su file that can determine the rooting behavior is generally created in the above-listed directory. This is because such a directory is only an example and the directory list may be updated through an update process. In addition, the list of files to be monitored for monitoring may be, for example, a su file or an Adbd file. Such a file list is only an example and may be updated through an update process like a directory.

Subsequently, the routing event registration unit 204 receives a directory list or a file list of the routing monitoring target set by the routing monitoring target setting unit 202 and provides the corresponding routing monitoring target in the OS 116 of the portable terminal 100. The file monitoring event is registered (S306).

The registered directory or file may be set in the OS 116 to generate an event when a file attribute is changed, such as file creation or deletion, file name change, or the like.

Accordingly, the OS 116 detects a file attribute change such as file creation, deletion, or file name change for a directory list or a file list set as a routing monitoring target, and generates an event requiring confirmation on the routing monitoring target. The routing confirmation unit 206 is notified.

Then, the routing checking unit 206 receives an event registered in the routing event registration unit 204 from the OS 116 (S308), and changes a file attribute in a routing monitoring target, for example, a directory list or a file list in which the corresponding event occurs. By checking whether a file necessary for the routing process is generated or a file property change corresponding to the routing has occurred, it is checked whether a routing action has occurred (S310).

As a result of the inspection, when it is determined that the routing behavior has occurred, the routing confirmation unit 206 transmits the fact that the portable terminal 100 is routed to the routing alarm unit 208.

Then, when the routing action occurs (S312), the routing alarm unit 208 responds to the application 114 requesting the routing monitoring to notify the fact that the routing action has occurred in the portable terminal (100) (S314).

Accordingly, the application 114 that has been notified of the routing facts determines that the execution of the application 114 may be dangerous in the portable terminal 100 according to the occurrence of the routing action, thereby stopping the execution of the application 114. In this way, routing prevents sensitive personal information such as banking from being leaked.

As described above, in the event-based real-time routing detection, in the event-based real-time routing detection, by setting a directory or file list that is the target of the routing monitoring target, registers the file monitoring event provided by the OS of the portable terminal, the file in the routing monitoring target Routing detection is performed in real time whenever an event occurs due to a property change, so that even more accurate routing detection can be performed in a custom kernel that dynamically performs routing or unrouting to bypass routing detection.

While the invention has been shown and described with reference to certain preferred embodiments thereof, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention. Accordingly, the scope of the invention should not be limited by the described embodiments but should be defined by the appended claims.

110: routing detection device 202: routing monitoring target setting unit
204: routing event register 206: routing confirmation unit

Claims (16)

A routing monitoring target setting unit for setting a routing monitoring target;
A routing event register configured to register the routing monitoring target with an operating system (OS) of a portable terminal performing routing detection;
A routing checking unit for determining whether the event corresponds to a routing behavior when receiving an event generated in the routing monitoring target from the OS;
Routing alarm unit for informing the occurrence of the routing behavior to the application requesting the routing monitoring when the routing behavior is determined from the routing confirmation unit
Rooting detection device comprising a.
The method of claim 1,
The routing event registration unit,
And the routing monitoring target is registered in a file monitoring event provided by an OS of the portable terminal.
3. The method of claim 2,
The routing event registration unit,
And the routing monitoring target is registered in the file monitoring event by using an API provided by the OS.
The method of claim 1,
The rooting monitoring target,
And a directory list or a file list which can be used as the indication information for determining whether to determine the routing.
The method of claim 1,
The event,
Routing detection device, characterized in that occurs when a change in the file attribute occurs in the directory list or file list registered as the monitoring target.
The method of claim 5, wherein
The event,
And generating a file, deleting, changing a file name, moving a file, changing a permission, or modifying a file in the directory list or the file list.
The method of claim 1,
The routing check unit,
When the routing monitoring is requested, a routing detection device, which checks whether a routing action is performed on the portable terminal using a predetermined routing detection policy before executing the application, and transmits a test result to the application.
The method of claim 5, wherein
The directory listing is,
Routing detection device comprising at least one of / system, / sbin or / bin.
The method of claim 5, wherein
The file list is,
Routing detection device comprising one or more of the su file or the Adbd file.
The method of claim 1,
The application,
Routing detection device, characterized in that the application for processing financial information or personal information.
Setting a routing watch target when an application that is requested to be monitored is running,
Registering the routing monitoring target with an OS of the portable terminal;
Determining whether the event corresponds to a routing behavior when receiving an event occurring in the routing monitoring target from the OS;
Informing the application of the occurrence of the routing behavior when the routing behavior is determined
Routing detection method comprising a.
The method of claim 11,
The rooting monitoring target,
Routing detection method, characterized in that registered in the file monitoring event provided by the OS.
12. The method of claim 11,
The rooting monitoring target,
Routing detection method characterized in that it is set to a directory list or a file list that can be used as the indication information for determining whether or not the routing.
The method of claim 11,
The event,
Routing detection method, characterized in that occurs when a file attribute change in the directory list or file list registered as the routing monitoring target.
15. The method of claim 14,
The event,
Routing detection method characterized in that occurs when any file in the directory or file list, file creation, deletion, file name change, file movement, permission change or file modification occurs.
The method of claim 11,
The method comprises:
Checking whether a routing action is being performed on the portable terminal using a predetermined routing detection policy before the application is executed;
Transmitting a routing action to the application when a routing action is being performed on the portable terminal as a result of the inspection;
Routing detection method further comprises.
KR1020120106847A 2012-09-26 2012-09-26 Apparatus and method for detecting rooting KR101256453B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020120106847A KR101256453B1 (en) 2012-09-26 2012-09-26 Apparatus and method for detecting rooting

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020120106847A KR101256453B1 (en) 2012-09-26 2012-09-26 Apparatus and method for detecting rooting

Publications (1)

Publication Number Publication Date
KR101256453B1 true KR101256453B1 (en) 2013-04-19

Family

ID=48443483

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020120106847A KR101256453B1 (en) 2012-09-26 2012-09-26 Apparatus and method for detecting rooting

Country Status (1)

Country Link
KR (1) KR101256453B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20160074832A (en) 2014-12-18 2016-06-29 주식회사 안랩 Method and apparatus for detection of rooting by analyzing elf binary

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101038048B1 (en) * 2009-12-21 2011-06-01 한국인터넷진흥원 Botnet malicious behavior real-time analyzing system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101038048B1 (en) * 2009-12-21 2011-06-01 한국인터넷진흥원 Botnet malicious behavior real-time analyzing system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20160074832A (en) 2014-12-18 2016-06-29 주식회사 안랩 Method and apparatus for detection of rooting by analyzing elf binary

Similar Documents

Publication Publication Date Title
KR101161493B1 (en) Method of Examining Malicious Codes and Dangerous Files in Android Terminal Platform
CN1322385C (en) Computer architecture for executing a program in a secure or insecure mode
CN107145782B (en) Abnormal application program identification method, mobile terminal and server
CN105531692A (en) Security policies for loading, linking, and executing native code by mobile applications running inside of virtual machines
JP6984710B2 (en) Computer equipment and memory management method
CN104143065A (en) Safety intelligent terminal equipment and information processing method
CN102289612A (en) System and method for n-ary locality in a security co-processor
CN111177708A (en) PLC credibility measuring method, system and measuring device based on TCM chip
CN109753793B (en) Hot patching method and hot patching device
Cho et al. Anti-debugging scheme for protecting mobile apps on android platform
Tang et al. Detecting permission over-claim of android applications with static and semantic analysis approach
Yang et al. {Iframes/Popups} Are Dangerous in Mobile {WebView}: Studying and Mitigating Differential Context Vulnerabilities
CN105745896A (en) Systems and methods for enhancing mobile security via aspect oriented programming
KR101256453B1 (en) Apparatus and method for detecting rooting
KR101256461B1 (en) Apparatus and method for detecting start point of process
JP2013222422A (en) Program, information processing device, and information processing method
JP2011145945A (en) Malware detecting device and malware detecting method
EP3136278B1 (en) Dynamically loaded code analysis device, dynamically loaded code analysis method, and dynamically loaded code analysis program
EP3853754B1 (en) Software policy engine in virtual environment
US11611570B2 (en) Attack signature generation
KR102358099B1 (en) A method for interception of hacker
KR101453357B1 (en) Method and apparatus for diagnosing and removing malware in portable device
CN111625784B (en) Anti-debugging method of application, related device and storage medium
KR101549342B1 (en) Method and apparatus for hacking protection of web browser
KR102556413B1 (en) Method and apparatus for managing a virtual machine using semaphore

Legal Events

Date Code Title Description
A201 Request for examination
A302 Request for accelerated examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20170417

Year of fee payment: 5

FPAY Annual fee payment

Payment date: 20180416

Year of fee payment: 6

FPAY Annual fee payment

Payment date: 20190415

Year of fee payment: 7