WO2015081829A1 - Method, device and system for preventing execution of remote codes of application operation in a browser - Google Patents

Method, device and system for preventing execution of remote codes of application operation in a browser Download PDF

Info

Publication number
WO2015081829A1
WO2015081829A1 PCT/CN2014/092724 CN2014092724W WO2015081829A1 WO 2015081829 A1 WO2015081829 A1 WO 2015081829A1 CN 2014092724 W CN2014092724 W CN 2014092724W WO 2015081829 A1 WO2015081829 A1 WO 2015081829A1
Authority
WO
WIPO (PCT)
Prior art keywords
browser
codes
page codes
calling
action
Prior art date
Application number
PCT/CN2014/092724
Other languages
French (fr)
Inventor
Ke SU
Min Fang
Original Assignee
Tencent Technology (Shenzhen) Company Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology (Shenzhen) Company Limited filed Critical Tencent Technology (Shenzhen) Company Limited
Publication of WO2015081829A1 publication Critical patent/WO2015081829A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2119Authenticating web pages, e.g. with suspicious links

Definitions

  • the present disclosure relates to Internet technologies, and more particularly, to a method, device and system for preventing execution of remote codes of application operation in a browser.
  • a mobile phone browser in order to extend a kernel’s capability, a mobile phone browser usually may login a Java class by the addJavascriptInterface method, provide the Java class for web pages, and then call the kernel’s function by JavaScript.
  • the mobile phone browser’s extending of the kernel’s capability may produce a kind of bug that may cause a typical malicious attack occasion as follows: the browser first provides a web page, after a user clicks on the web page, JavaScript of the browser may execute malicious codes by searching for a class name and a method name, and the malicious codes program from the JavaScript may consequently completely take over the mobile phone.
  • the mobile phone browser will open some functions of the kernel such as the switch full-screen and night-mode switching function to the web page by a Js2Java mechanism.
  • the browser cannot define a white list for this kind of generic JavaScript interface.
  • An object of the present disclosure is to provide a method, device and system for preventing execution of remote codes of application operation in a browser for browser security improvement.
  • An aspect of the disclosure is to provide a method for preventing execution of remote codes of application operation in a browser.
  • the method includes at least the operations of: in response to receiving an application operating instruction from a client, triggering a browser to execute page codes; and monitoring whether the page codes request to perform an action of calling a query class related interface during a process of executing the page codes by the browser; if yes, intercepting the action.
  • the device include: at least a processor with circuitry operating in conjunction with at least a memory storing codes to be executed to request to perform functions as a plurality of modules, wherein the plurality of modules include at least a response-triggering module and an intercept module.
  • the response-triggering module causes the device to respond to an application operating instruction from a client and trigger a browser to execute page codes; and the intercept module causes the device to monitor whether the page codes request to perform an action of calling a query class related interface during the process of executing the page codes by the browser, if yes, the intercept module being, which causes the device to intercept the action.
  • Another aspect of the disclosure is to provide a system which may be embedded with a device, and the system may be formed by a client interacting with a browser of the device, and the system may trigger the browser to execute page codes for preventing execution of remote codes of an application operation in the browser.
  • Yet another aspect of the disclosure provides a non-transitory computer-readable storage medium, wherein the computer readable storage medium stores a program which comprises codes or instructions, when executed, causes a processor circuitry to request to perform preventing execution of remote codes of application operation in a browser of a device, the operations include: in response to receiving an application operating instruction from a client, triggering a browser to execute page codes; and monitoring whether the page codes request to perform an action of calling a query class related interface during a process of executing the page codes by the browser; if yes, intercepting the action.
  • the browser may monitor whether the page codes request to perform an action of calling a query class related interface while executing the page codes; if yes, the browser intercepts the action, thereby preventing remote codes from being executed by the application on browsers of a device, such as mobile phones, tablet PCs and other mobile terminal devices.
  • a device such as mobile phones, tablet PCs and other mobile terminal devices.
  • such operations fixes a bug which may execute remote malicious codes which may cause a malicious codes program to take over the device, which may tamper and delete content of the mobile phone by other bugs, thus further improve the security of operating an application on a browser.
  • the present disclosure does not restrict the browser from extending the kernel’s capability, and does not affect the call to the addJavascriptInterface function made by a third-party product interacting with JavaScript of the browser.
  • FIG. 1 is an exemplary schematic view of a mobile terminal, according to an embodiment of the present disclosure
  • FIG. 2 is a flow chart illustrating an exemplary method for preventing execution of remote codes of application operation in a browser, according to an embodiment of the present disclosure
  • FIG. 3 is an exemplary functional block diagram illustrating a device for preventing execution of remote codes of application operation in a browser, according to an embodiment of the present disclosure.
  • FIG. 4 is a schematic chart illustrating an exemplary system for preventing execution of remote codes of application operation in a browser, according to an embodiment of the present disclosure.
  • Hardware executing environments related in the embodiments of the present disclosure may be mobile phones, tablet PCs and other mobile terminals which may install all kinds of client applications and load a variety of mobile terminal browsers.
  • the embodiment of the present disclosure is achieved by the following solution: when an application in a mobile terminal executes page codes through a browser, the browser may monitor whether the page codes request to perform an action of calling a query class related interface, if yes, the browser intercept the action, which prevents remote codes from being executed by an application on browsers of mobile phones, tablet PCs and other mobile terminal devices, and effectively fixes a bug that the remote codes is executed to cause content of the mobile terminal to be maliciously tampered and deleted.
  • FIG. 1 is an exemplary schematic view of a mobile terminal, according to an embodiment of the present disclosure.
  • the mobile terminal may be the device itself with a browser which implements the method for preventing execution of remote codes of application operation in the browser.
  • the mobile terminal (1200) may include components such as a Radio Frequency (RF) circuit 110, a storage (120) having one or more computer-readable media, an input unit (130) , a display unit (140) , a sensor (150) , an audio circuit (160) , a Wireless Fidelity (WiFi) module (170) , a processor (180) having one or more processing units, and a power source (190) .
  • RF Radio Frequency
  • a storage having one or more computer-readable media
  • an input unit (130) a display unit (140)
  • a sensor 150
  • an audio circuit 160
  • WiFi Wireless Fidelity
  • processor 180
  • the structure of the mobile terminal shown in Fig. 1 is not intended to limit the mobile terminal, and the mobile terminal may include more or less components, or some of the above components may be combined, or the arrangement of the components may be different.
  • the RF circuit (110) may receive and send signals during message receiving and sending processes or during calls, and particularly, to receive downlink messages from a base station and send the messages to one or more processors (180) for processing, and to send uplink data to the base station.
  • the RF circuit includes but not limited to an antenna, at least one amplifier, a tuner, one or more oscillators, a subscriber identity module card (SIM card) , a transceiver, a coupler, a low noise amplifier (LNA) , and a duplexer.
  • SIM card subscriber identity module card
  • LNA low noise amplifier
  • the RF circuit (110) may communicate with other devices by wireless communication and network.
  • the wireless communication may utilize any communication standard or protocol, including but not limited to Global System of Mobile communication (GSM) , General Packet Radio Service (GPRS) , codes Division Multiple Access (CDMA) , Wideband codes Division Multiple Access (WCDMA) , Long Term Evolution (LTE) , E-mail, and Short Messaging Service (SMS) .
  • GSM Global System of Mobile communication
  • GPRS General Packet Radio Service
  • CDMA Code Division Multiple Access
  • WCDMA Wideband codes Division Multiple Access
  • LTE Long Term Evolution
  • E-mail E-mail
  • SMS Short Messaging Service
  • the storage (120) may store software programs and modules, and the processor (180) may request to perform various kinds of functional applications and data processing by running the software programs and modules stored in the storage (120) .
  • the storage (120) may mainly include a program storage area and a data storage area; the program storage area may store the operating system, at least one application required for functions (such as sound playing functions, image playing functions) , etc; the data storage area may store the data created according to the usage of the mobile terminal (1200) (such as audio data and phone books) , etc.
  • the storage (120) may further include a high-speed random access storage and a non-volatile storage, such as at least one disk storage, flash storage, and other volatile solid state storages.
  • the storage (120) may also include a memory controller to provide an access of the processor (180) and the input unit (130) to the storage (120) .
  • the input unit (130) may receive input numbers or string information, and generate signal inputs associated with user settings and function controls, such as from a keyboard, a mouse, a stylus, a track pad or a trackball.
  • the input unit (130) may include a touch-sensitive surface (131) and other input devices (132) .
  • the touch-sensitive surface (131) may also be known as a touch screen or touch pad, which may collect user’s touch operations on or adjacent to the touch-sensitive surface (131) (such as the operations on the touch-sensitive surface (131) or adjacent to the touch-sensitive surface (131) from the user by using any suitable object or accessory such as a finger or a touch pen) and drive the corresponding connection device according to preset formulas.
  • the touch-sensitive surface (131) may include a touch detecting device and a touch controller.
  • the touch detecting device detects the orientation of the touch from the user, detects the signal generated from the touch, and transmits the signal to the touch controller; the touch controller receives touch information from the touch detecting device, converts the touch information to contact coordinates, transmits the contact coordinates to the processor (180) , and executes the command from the processor (180) .
  • the touch-sensitive surface (131) may be a resistive type, a capacitive type, a RF type, and a surface acoustic wave type of touch-sensitive surface (131) .
  • the input unit (130) may further include other input devices (132) or input commands such as voice commands or motion commands, to name a few.
  • other input devices include but not limited to one or more of a physical keyboard, a function button (such as a volume control button and a switch button) , a trackball, a mouse, an operation rod, a stylus or a wand.
  • a function button such as a volume control button and a switch button
  • a trackball such as a mouse
  • an operation rod such as a stylus or a wand.
  • the display unit (140) may display information input by the user or information provided to the user and various kinds of graphical user interfaces from the mobile terminal (1200) , which is made up of a graph, a text, an icon, a video and any combination of these elements.
  • the display unit (140) may include a display panel (141) ; alternatively, the display panel (141) may be a Liquid Crystal Display (LCD) or an Organic Light-Emitting Diode (OLED) display.
  • LCD Liquid Crystal Display
  • OLED Organic Light-Emitting Diode
  • the touch-sensitive surface (131) may cover the display panel (141) ; after detecting a touch operation on the touch-sensitive surface (131) or adjacent to the touch-sensitive surface (131) , the touch-sensitive surface (131) may transmit the touch operation to the processor (180) for determining the type of the touch event, and the processor (180) then provides a corresponding visual output on the display panel (141) according to the type of the touch event.
  • the touch-sensitive surface (131) and the display panel (141) are two separated elements for realizing the input and output functions of the mobile terminal, in some embodiments, the touch-sensitive surface (131) and the display panel (141) may be integrally formed to realize the input and output functions of the mobile terminal.
  • the mobile terminal may further include at least one kind of sensor (150) , such as an optical sensor, a motion sensor and other sensors.
  • the optical sensor may include an ambient light sensor and a proximity sensor; the ambient light sensor may adjust the brightness of the display panel (141) according to the darkness of the ambient light, and the proximity sensor may turn off the display panel (141) and /or the backlight when the mobile terminal (1200) gets close to the user’s ear.
  • an accelerometer may detect a value of an acceleration in each direction (being generally three axis) , detect the value and direction of the gravity when being still, and may be used in applications of identifying gestures of the mobile terminal (such as a switch between the portrait orientation and landscape orientation, associated games, and a magnetometer gesture calibration) and in associated vibration-identified functions (such as a pedometer and knocking) , etc. ; the mobile terminal (1200) may further be, which causes the device with other sensors, such as a gyroscope, a barometer, a moisture meter, a thermometer and a RF sensor, which is not given in detail herein.
  • sensors such as a gyroscope, a barometer, a moisture meter, a thermometer and a RF sensor, which is not given in detail herein.
  • the audio circuit (160) , the loudspeaker (161) , and the microphone (162) may provide audio interfaces between the user and the mobile terminal (1200) .
  • the audio circuit (160) may transmit electrical signals converted from the received audio data to the loudspeaker (161) to be input as voice signals by the loudspeaker (161) ; in addition, the microphone (162) may convert the collected voice signals to electrical signals which are received and converted to audio data by the audio circuit (160) ; the audio data is then output to the processor (180) for processing and is further transmitted to, for example, another mobile terminal, or to the storage (120) for further processing via the RF circuit (110) .
  • the audio circuit (160) may further include an earphone jack to provide communications between an external earphone and the mobile terminal (1200) .
  • WiFi is a short-range wireless transmission technology
  • the mobile terminal (1200) may assist the user in sending and receiving E-mails, browsing web pages, and accessing stream media through the WiFi module (170) , which may provide the user with wireless access to the Internet.
  • Fig. 1 shows the WiFi module (170)
  • the WiFi module is not the essential component of the mobile terminal (1200) and may be omitted according to requirements without departing from the spirit of the present disclosure.
  • the processor (180) is the control center of the mobile terminal (1200) .
  • the processor (180) connects each part of the mobile terminal using various kinds of interfaces and circuitries, and request to performs various kinds of functions of the mobile terminal and processing data by running or executing the software programs and/or modules stored in the storage (120) and calling the data stored in the storage (120) , thereby realizing overall monitoring of the mobile terminal.
  • the processor (180) may include one or more processing units; preferably, the processor (180) integrates an application processor and a modulation and demodulation processor; the application processor mainly processes the operation system, user interfaces, and application programs, etc., and the modulation and demodulation processor mainly processes wireless communications. It may be understood that the modulation and demodulation processor cannot be integrated in the processor (180) .
  • the mobile terminal (1200) may further include a power source (190) (such as a battery) for supplying power to each component; preferably, the power source may be logically connected to the processor (180) via a power management system, thereby managing the charging, discharging, and power consumption functions via the power management system.
  • the power source (190) may further include one or more direct current or alternating current power sources, a recharge system, a power source failure detection circuit, a power supply converter or an inverter, a battery status indicator and any other component.
  • the mobile terminal (1200) may further include a camera and a Bluetooth module, etc., which is not given in detail herein.
  • the display unit of the mobile terminal (1200) is a touch screen; the mobile terminal (1200) may further include storage which one or more programs which are stored in the storage and are executed by one or more, which causes the device processors.
  • FIG. 2 is a flow chart illustrating an exemplary method for preventing execution of remote codes of application operation in a browser of the device (e. g., a mobile terminal (1200) ) , according to an embodiment of the present disclosure. More specifically, reference designations to the elements in Fig. 4 may be referred to in order to better help understand the description of the flow chart in Fig. 2.
  • the method includes at least the following steps:
  • step S101 in response to receiving an application operating instruction from a client (such as client (402) in Fig. 4) , triggering a browser (such as browser (401) in Fig. 4) to execute page codes.
  • a browser such as browser (401) in Fig. 4
  • the browser may execute the page codes, such as JavaScript, to load, click, and close relevant page operations according to the user’s operating instructions.
  • the query class related interface may include but not limited to an interface of a query class function, and an interface of a method under a query class.
  • the addJavascriptInterface method mainly aims at exporting a Java class or method such that JavaScript of the browser (401) may call the Java class or method.
  • JavaScript may execute arbitrary Java codes via reflection.
  • the browser (401) generally may register a Java class via the addJavascriptInterface method which may provide the Java class for web pages and call the kernel’s function by JavaScript.
  • Such addJavascriptInterface method may lead to a kind of bug, such as in a browser (401) .
  • the browser (401) may provide application web pages after the user clicks on the web pages.
  • JavaScript of the browser (401) may search for a class name by calling an interface of a query class function, or search for a method name by calling an interface of a method under a query class in order to execute malicious codes, thereby causing the malicious codes program to completely take over the mobile phone.
  • the action may be intercepted, thus preventing remote codes from being executed in application operation and improving the security of operating an application on a browser (401) .
  • the browser (401) may intercept the remote codes call made by the page codes via a query class and a method name while executing the page codes which may be applicable in the following several application scenes as examples.
  • the browser (401) may monitor whether the page codes request to perform an action of calling an interface of a query class function while executing the page codes; if yes, the browser (401) may return invalid calling information and report unusual calling of the page codes.
  • the query class function is getClass ()
  • all class names registered via the addJavascriptInterface method may be needed to be obtained from the getClass ();as a method provided by the Android system, the getClass () cannot be reloaded or deleted. Therefore, it just needs to intercept the call to the getClass () function when the getClass () is called.
  • invalid information may be returned and an execution exception of JavaScript may be reported, thereby causing the malicious codes to lose an ability of querying the registered class name.
  • the browser (401) may monitor whether the page codes request to perform an action of calling an interface of a method under a query class while executing the page codes; if yes, the browser (401) may return invalid calling information to the page codes and report unusual calling of the page codes.
  • the malicious codes may directly call a method of a static type and thus execute the remote codes.
  • an effective interception is thus requested to perform in all methods under the query class.
  • An Android system may provide a forName () for querying all methods under a class, so invalid information (null) may be returned when the forName () is called, and an execution exception of JavaScript may be reported, thereby causing the malicious codes to lose an ability of querying the injected class name.
  • the browser (401) may monitor whether the page codes request to perform an action of calling an interface of a query class function, while executing the page codes. If yes, the browser (401) may return invalid calling information to the page codes and reporting unusual calling of the page codes. Otherwise, when the page codes do not request to perform the action of calling an interface of a query class function, the browser (401) may monitor whether the page codes request to perform an action of calling an interface of a method under a query class; if yes, the browser (401) may return invalid calling information to the page codes and report unusual calling of the page codes.
  • the program may completely intercept the remote codes call made by JavaScript via a query class and a method name.
  • the malicious codes may directly call a method of a static type and thus execute the remote codes.
  • An effective interception should therefore be requested to perform in all methods under the query class.
  • An Android system may provide a forName () for querying all methods under a class, thus, when the forName () may be called, null may be directly returned and an execution exception of JavaScript may be reported, thereby causing the malicious codes to lose an ability of querying the injected class name.
  • the general approach is to establish a white list.
  • a white list may be checked each time when the browser (401) is used, an additional burden may be imposed to the browser (401) when the browser (401) opens the page, therefore the speed of a first screen may be reduced, and certain negative experiences may be brought to users.
  • the kernel’s capability of the browser (401) is extended, the browser (401) may not be able to define a white list for such generic JavaScript interfaces.
  • the method of the embodiment may effectively fix a bug in the Android JavaScript2Java mechanism, solve a security problem that remote codes may be executed due to the reflection class call made by JavaScript via a query class and a method name, and improves the security of operating an application on a browser (401) .
  • the method of the embodiment may not restrict the browser (401) from extending the kernel’s capability, and therefore may not affect the call to addJavascriptInterface function made by a third-party product interacting with JavaScript of the browser (401) .
  • the method of the embodiment may also avoid a defect that an additional burden may be imposed to the browser (401) when the browser (401) opens the page by adopting the white list method.
  • FIG. 3 is an exemplary functional block diagram illustrating a device (300) for preventing execution of remote codes of application operation in a browser (401) , according to an embodiment of the present disclosure.
  • the device (300) may include at least a processor with circuitry (317) operating in conjunction with at least a memory (318) storing codes to be executed to perform functions as a plurality of modules, wherein the plurality of modules may include at least a response-triggering module (301) and an intercept module (302) .
  • the response-triggering module (301) in response to receiving an application operating instruction from a client (such as client (402) in Fig. 4) , may causes the device (300) to trigger a browser (401) to execute page.
  • a client such as client (402) in Fig. 4
  • the intercept module (302) may cause the device to monitor whether the page codes request to perform an action of calling a query class related interface during a process of executing the page codes by the browser (401) ; if yes, causes the device to intercept the action, wherein, the query class related interface may include one or both of: an interface of a query class function and an interface of a method under a query class.
  • the intercept module (302) in addition to causing the device to monitor whether the page codes perform the action of calling a query class related interface during the process of executing the page codes by the browser (401) ; if yes, causes the device to intercept the action, and further causes the device to return invalid calling information to the page codes and report unusual calling of the page code.
  • the intercept module (302) in addition to causing the device to monitor whether the page codes perform the action of calling the interface of the method under the query class, when it is monitored that the page codes do not request to perform the action of calling the interface of the query class function, if yes, the intercept module further causes the device to return invalid calling information to the page codes and report unusual calling of the page code.
  • the intercept module (302) in addition to causing the device to monitor whether the page codes perform the action of calling the interface of the method under the query class during the process of executing the page codes by the browser (401) , if yes, the intercept module (302) further causes the device to return invalid calling information to the page codes and report unusual calling of the page code.
  • the response-triggering module (301) of the browser (401) may execute the page codes, such as JavaScript, to load, click, and close relevant page operations according to the user’s operating instructions.
  • the intercept module (302) may monitor whether the page codes request to perform an action of calling a query class related interface; if yes, the action may be intercepted to avoid a bug which the remote malicious codes may be executed to cause the malicious codes program to take over the device (300) or the mobile phone in order to tamper with and delete contents of the mobile phone by other bugs.
  • FIG. 4 is a schematic chart illustrating an exemplary system (400) for preventing execution of remote codes of application operation.
  • the system (400) included at least a browser (401) and a client (402) . More specifically, the system (400) may be a combination of hardware and software, embedded within the device (300) for performing preventing execution of remote codes of application operation in the browser (401) .
  • the client (402) may be a client application with program codes which may be executed by the processor circuitry (317) and interacts with the browser (401) of the device (300) .
  • the client (402) may be configured to operate an application and trigger the browser (401) to execute page codes.
  • the browser (401) may be configured to respond to application operating instructions from the client (402) , trigger the execution of the page codes, and monitor whether the page codes request to perform an action of calling a query class related interface while executing the page codes; if yes, the browser (401) may intercept the action.
  • the browser (401) may execute the page codes such as JavaScript, to load, click, and close relevant page operations according to the user’s operating instructions.
  • the browser (401) may monitors whether the page codes request to perform an action of calling a query class related interface when executing the page codes; if yes, the browser (401) may intercepts the action.
  • a query class related interface includes but not limited to an interface of a query class function, and an interface of a method under a query class.
  • the browser (401) may monitors whether the page codes request to perform an action of calling a query class related interface when executing the page codes; if yes, the browser (401) may intercept the action to avoid a bug which the remote malicious codes may be executed to cause the malicious codes program to take over the mobile phone device (300) in order to tamper with and delete content of the mobile phone device (300) and avoid damages caused by other bugs.
  • the above solutions described in embodiments of the method, device and system effectively fix a bug in the Android JavaScript2Java mechanism, solve a security problem that remote codes may be executed due to the reflection class call made by JavaScript via a query class and a method name, and improves the security of operating an application on a browser.
  • the method of the embodiment may not restrict the browser from extending the kernel’s capability, and therefore may not affect the call to addJavascriptInterface function made by a third-party product interacting with JavaScript of the browser.
  • the method of the embodiment may also avoid a defect that an additional burden may be imposed to the browser when the browser opens the page by adopting the white list method.
  • the terms “include” , “comprise” or other similar expressions mean to contain other than consist of, so that the process, method, item, or device having a number of elements does not only has these elements, but also has other elements that are not clearly listed, or further has the inherent element/elements of this process, method, item, or device.
  • the element limited by phase “includes a/an ...” does not exclude other same element exists in this process, method, item, or device having this element.
  • each embodiment of the present disclosure is only for description and is not intend to represent the merits of the corresponding embodiment.
  • the sequence numbers of the above-mentioned embodiments may be intended only for description, instead of indicating the relative merits of the embodiments.
  • all or some of the steps of the foregoing embodiments may be implemented by hardware, or software program codes stored on a non-transitory computer-readable storage medium with computer-executable commands stored within.
  • the disclosure may be implemented as an algorithm as codes stored in a program module or a system with multi-program-modules.
  • the computer-readable storage medium may be, for example, nonvolatile memory such as compact disc, hard drive. ROM or flash memory.
  • the computer-executable commands may enable a computer, a server, a smart phone, a tablet or any similar computing device to render clustering of phishing webpages operations.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephone Function (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

A method, device and system for preventing execution of remote codes of application operation in a browser are disclosed. The method includes: in response to receiving an application operating instruction from a client, triggering a browser to execute page codes; and monitoring whether the page codes request to perform an action of calling a query class related interface during a process of executing the page codes by the browser; if yes, intercepting the action. The method fixes a bug caused by executing remote malicious codes in application operations on mobile phones, tablet PCs and other mobile terminal devices, which may cause content of the mobile phone to be tampered and deleted, thus improving the security of operating an application on a browser. The method does not restrict the browser from extending kernel's capability, and does not affect calling to the add Java script lnterface function made by third-party product interacting with Java Script of the browser.

Description

METHOD, DEVICE AND SYSTEM FOR PREVENTING EXECUTION OF REMOTE CODES OF APPLICATION OPERATION IN A BROWSER
CROSS-REFERENCE TO RELATED APPLICATIONS
The application claims priority to Chinese Patent Application No. 2013106591513, filed on December 6, 2013, which is incorporated by reference in its entirety.
FIELD OF THE TECHNOLOGY
The present disclosure relates to Internet technologies, and more particularly, to a method, device and system for preventing execution of remote codes of application operation in a browser.
BACKGROUND
There is an addJavascriptInterface method in a WebView component of the Android system which mainly aims at exporting a Java class or a method for JavaScript’s calls. However, when calling the exported Java class, JavaScript may execute arbitrary Java codes through reflection.
Additionally, in order to extend a kernel’s capability, a mobile phone browser usually may login a Java class by the addJavascriptInterface method, provide the Java class for web pages, and then call the kernel’s function by JavaScript. In effect, the mobile phone browser’s extending of the kernel’s capability may produce a kind of bug that may cause a typical malicious attack occasion as follows: the browser first provides a web page, after a user clicks on the web page, JavaScript of the browser may execute malicious codes by searching for a class name and a method name, and the malicious codes program from the JavaScript may consequently completely take over the mobile phone.
In order to fix the above-mentioned bug in the mobile phone browser, currently a general approach is to establish a white list. When a web page may be loaded in a browser, the browser may make a judgment for the web page URL based on the white list. Only domains existed in the white list may be allowed to export or call the relevant Java class or method.
However, in order to extend a kernel’s capability, the mobile phone browser will open some functions of the kernel such as the switch full-screen and night-mode switching function to the web page by a Js2Java mechanism. The browser cannot define a white list for this kind of generic JavaScript interface.
Meanwhile, every time when a web page is loaded in the browser, a lot of externally-linked  JavaScript interfaces may be injected into the browser. If a white list is checked each time when the browser is used, an additional burden may be imposed to the browser when the browser opens the web page, the speed of a first screen may be reduced, and certain negative experiences may be brought to users.
SUMMARY OF THE DISCLOSURE
An object of the present disclosure is to provide a method, device and system for preventing execution of remote codes of application operation in a browser for browser security improvement.
An aspect of the disclosure is to provide a method for preventing execution of remote codes of application operation in a browser. The method includes at least the operations of: in response to receiving an application operating instruction from a client, triggering a browser to execute page codes; and monitoring whether the page codes request to perform an action of calling a query class related interface during a process of executing the page codes by the browser; if yes, intercepting the action.
Another aspect of the disclosure is to provide a device for preventing execution of remote codes of application operation in a browser. The device include: at least a processor with circuitry operating in conjunction with at least a memory storing codes to be executed to request to perform functions as a plurality of modules, wherein the plurality of modules include at least a response-triggering module and an intercept module.
The response-triggering module causes the device to respond to an application operating instruction from a client and trigger a browser to execute page codes; and the intercept module causes the device to monitor whether the page codes request to perform an action of calling a query class related interface during the process of executing the page codes by the browser, if yes, the intercept module being, which causes the device to intercept the action.
Another aspect of the disclosure is to provide a system which may be embedded with a device, and the system may be formed by a client interacting with a browser of the device, and the system may trigger the browser to execute page codes for preventing execution of remote codes of an application operation in the browser.
Yet another aspect of the disclosure provides a non-transitory computer-readable storage medium, wherein the computer readable storage medium stores a program which comprises codes or instructions, when executed, causes a processor circuitry to request to perform preventing execution of remote codes of application operation in a browser of a device, the operations include: in response to  receiving an application operating instruction from a client, triggering a browser to execute page codes; and monitoring whether the page codes request to perform an action of calling a query class related interface during a process of executing the page codes by the browser; if yes, intercepting the action.
In implementing the method, device and system for preventing execution of remote codes of application operation in a browser provided in the present disclosure: when a client operates an application and triggers a browser to execute page codes, the browser may monitor whether the page codes request to perform an action of calling a query class related interface while executing the page codes; if yes, the browser intercepts the action, thereby preventing remote codes from being executed by the application on browsers of a device, such as mobile phones, tablet PCs and other mobile terminal devices. In effect, such operations fixes a bug which may execute remote malicious codes which may cause a malicious codes program to take over the device, which may tamper and delete content of the mobile phone by other bugs, thus further improve the security of operating an application on a browser. At the same time, the present disclosure does not restrict the browser from extending the kernel’s capability, and does not affect the call to the addJavascriptInterface function made by a third-party product interacting with JavaScript of the browser.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is an exemplary schematic view of a mobile terminal, according to an embodiment of the present disclosure;
FIG. 2 is a flow chart illustrating an exemplary method for preventing execution of remote codes of application operation in a browser, according to an embodiment of the present disclosure;
FIG. 3 is an exemplary functional block diagram illustrating a device for preventing execution of remote codes of application operation in a browser, according to an embodiment of the present disclosure; and
FIG. 4 is a schematic chart illustrating an exemplary system for preventing execution of remote codes of application operation in a browser, according to an embodiment of the present disclosure.
DETAILED DESCRIPTION OF THE DISCLOSURE
The various embodiments of the disclosure may be further described in details in combination with attached drawings and embodiments below. It should be understood that the specific embodiments described here may be used only to explain the disclosure, and may not be used to limit the disclosure. In addition, for the sake of keeping description brief and concise, the newly added features, or features  which may be different from those previously described in each new embodiment will be described in details. Similar features may be referenced back to the prior descriptions in a prior numbered drawing or referenced ahead to a higher numbered drawing. Unless otherwise specified, all technical and scientific terms herein may have the same meanings as understood by a person skilled in the art.
Hardware executing environments related in the embodiments of the present disclosure may be mobile phones, tablet PCs and other mobile terminals which may install all kinds of client applications and load a variety of mobile terminal browsers. The embodiment of the present disclosure is achieved by the following solution: when an application in a mobile terminal executes page codes through a browser, the browser may monitor whether the page codes request to perform an action of calling a query class related interface, if yes, the browser intercept the action, which prevents remote codes from being executed by an application on browsers of mobile phones, tablet PCs and other mobile terminal devices, and effectively fixes a bug that the remote codes is executed to cause content of the mobile terminal to be maliciously tampered and deleted.
FIG. 1 is an exemplary schematic view of a mobile terminal, according to an embodiment of the present disclosure. The mobile terminal may be the device itself with a browser which implements the method for preventing execution of remote codes of application operation in the browser.
Referring to Fig. 1, the mobile terminal (1200) may include components such as a Radio Frequency (RF) circuit 110, a storage (120) having one or more computer-readable media, an input unit (130) , a display unit (140) , a sensor (150) , an audio circuit (160) , a Wireless Fidelity (WiFi) module (170) , a processor (180) having one or more processing units, and a power source (190) . One having ordinary skill in the art will appreciate that the structure of the mobile terminal shown in Fig. 1 is not intended to limit the mobile terminal, and the mobile terminal may include more or less components, or some of the above components may be combined, or the arrangement of the components may be different.
The RF circuit (110) may receive and send signals during message receiving and sending processes or during calls, and particularly, to receive downlink messages from a base station and send the messages to one or more processors (180) for processing, and to send uplink data to the base station. Generally, the RF circuit includes but not limited to an antenna, at least one amplifier, a tuner, one or more oscillators, a subscriber identity module card (SIM card) , a transceiver, a coupler, a low noise amplifier (LNA) , and a duplexer. Furthermore, the RF circuit (110) may communicate with other devices by wireless communication and network. The wireless communication may utilize any  communication standard or protocol, including but not limited to Global System of Mobile communication (GSM) , General Packet Radio Service (GPRS) , codes Division Multiple Access (CDMA) , Wideband codes Division Multiple Access (WCDMA) , Long Term Evolution (LTE) , E-mail, and Short Messaging Service (SMS) .
The storage (120) may store software programs and modules, and the processor (180) may request to perform various kinds of functional applications and data processing by running the software programs and modules stored in the storage (120) . The storage (120) may mainly include a program storage area and a data storage area; the program storage area may store the operating system, at least one application required for functions (such as sound playing functions, image playing functions) , etc; the data storage area may store the data created according to the usage of the mobile terminal (1200) (such as audio data and phone books) , etc. In addition, the storage (120) may further include a high-speed random access storage and a non-volatile storage, such as at least one disk storage, flash storage, and other volatile solid state storages. Correspondingly, the storage (120) may also include a memory controller to provide an access of the processor (180) and the input unit (130) to the storage (120) .
The input unit (130) may receive input numbers or string information, and generate signal inputs associated with user settings and function controls, such as from a keyboard, a mouse, a stylus, a track pad or a trackball. In detail, the input unit (130) may include a touch-sensitive surface (131) and other input devices (132) . The touch-sensitive surface (131) , may also be known as a touch screen or touch pad, which may collect user’s touch operations on or adjacent to the touch-sensitive surface (131) (such as the operations on the touch-sensitive surface (131) or adjacent to the touch-sensitive surface (131) from the user by using any suitable object or accessory such as a finger or a touch pen) and drive the corresponding connection device according to preset formulas.
Alternatively, the touch-sensitive surface (131) may include a touch detecting device and a touch controller. The touch detecting device detects the orientation of the touch from the user, detects the signal generated from the touch, and transmits the signal to the touch controller; the touch controller receives touch information from the touch detecting device, converts the touch information to contact coordinates, transmits the contact coordinates to the processor (180) , and executes the command from the processor (180) . Furthermore, the touch-sensitive surface (131) may be a resistive type, a capacitive type, a RF type, and a surface acoustic wave type of touch-sensitive surface (131) . Other than the touch-sensitive surface (131) , the input unit (130) may further include other input devices (132) or input commands such as voice commands or motion commands, to name a few.
Specifically, other input devices (132) include but not limited to one or more of a physical keyboard, a function button (such as a volume control button and a switch button) , a trackball, a mouse, an operation rod, a stylus or a wand.
The display unit (140) may display information input by the user or information provided to the user and various kinds of graphical user interfaces from the mobile terminal (1200) , which is made up of a graph, a text, an icon, a video and any combination of these elements. The display unit (140) may include a display panel (141) ; alternatively, the display panel (141) may be a Liquid Crystal Display (LCD) or an Organic Light-Emitting Diode (OLED) display.
Furthermore, the touch-sensitive surface (131) may cover the display panel (141) ; after detecting a touch operation on the touch-sensitive surface (131) or adjacent to the touch-sensitive surface (131) , the touch-sensitive surface (131) may transmit the touch operation to the processor (180) for determining the type of the touch event, and the processor (180) then provides a corresponding visual output on the display panel (141) according to the type of the touch event. Although in Fig. 1 the touch-sensitive surface (131) and the display panel (141) are two separated elements for realizing the input and output functions of the mobile terminal, in some embodiments, the touch-sensitive surface (131) and the display panel (141) may be integrally formed to realize the input and output functions of the mobile terminal.
The mobile terminal may further include at least one kind of sensor (150) , such as an optical sensor, a motion sensor and other sensors. Specifically, the optical sensor may include an ambient light sensor and a proximity sensor; the ambient light sensor may adjust the brightness of the display panel (141) according to the darkness of the ambient light, and the proximity sensor may turn off the display panel (141) and /or the backlight when the mobile terminal (1200) gets close to the user’s ear. As a motion sensor, an accelerometer may detect a value of an acceleration in each direction (being generally three axis) , detect the value and direction of the gravity when being still, and may be used in applications of identifying gestures of the mobile terminal (such as a switch between the portrait orientation and landscape orientation, associated games, and a magnetometer gesture calibration) and in associated vibration-identified functions (such as a pedometer and knocking) , etc. ; the mobile terminal (1200) may further be, which causes the device with other sensors, such as a gyroscope, a barometer, a moisture meter, a thermometer and a RF sensor, which is not given in detail herein.
The audio circuit (160) , the loudspeaker (161) , and the microphone (162) may provide audio interfaces between the user and the mobile terminal (1200) . The audio circuit (160) may transmit  electrical signals converted from the received audio data to the loudspeaker (161) to be input as voice signals by the loudspeaker (161) ; in addition, the microphone (162) may convert the collected voice signals to electrical signals which are received and converted to audio data by the audio circuit (160) ; the audio data is then output to the processor (180) for processing and is further transmitted to, for example, another mobile terminal, or to the storage (120) for further processing via the RF circuit (110) . The audio circuit (160) may further include an earphone jack to provide communications between an external earphone and the mobile terminal (1200) .
WiFi is a short-range wireless transmission technology, the mobile terminal (1200) may assist the user in sending and receiving E-mails, browsing web pages, and accessing stream media through the WiFi module (170) , which may provide the user with wireless access to the Internet. Although Fig. 1 shows the WiFi module (170) , it may be understood that the WiFi module is not the essential component of the mobile terminal (1200) and may be omitted according to requirements without departing from the spirit of the present disclosure.
The processor (180) is the control center of the mobile terminal (1200) . The processor (180) connects each part of the mobile terminal using various kinds of interfaces and circuitries, and request to performs various kinds of functions of the mobile terminal and processing data by running or executing the software programs and/or modules stored in the storage (120) and calling the data stored in the storage (120) , thereby realizing overall monitoring of the mobile terminal. Alternatively, the processor (180) may include one or more processing units; preferably, the processor (180) integrates an application processor and a modulation and demodulation processor; the application processor mainly processes the operation system, user interfaces, and application programs, etc., and the modulation and demodulation processor mainly processes wireless communications. It may be understood that the modulation and demodulation processor cannot be integrated in the processor (180) .
The mobile terminal (1200) may further include a power source (190) (such as a battery) for supplying power to each component; preferably, the power source may be logically connected to the processor (180) via a power management system, thereby managing the charging, discharging, and power consumption functions via the power management system. The power source (190) may further include one or more direct current or alternating current power sources, a recharge system, a power source failure detection circuit, a power supply converter or an inverter, a battery status indicator and any other component.
Although not shown, the mobile terminal (1200) may further include a camera and a Bluetooth  module, etc., which is not given in detail herein. In the embodiments of the present disclosure, the display unit of the mobile terminal (1200) is a touch screen; the mobile terminal (1200) may further include storage which one or more programs which are stored in the storage and are executed by one or more, which causes the device processors.
Based on the schematic view of a mobile terminal shown in Fig. 1, FIG. 2 is a flow chart illustrating an exemplary method for preventing execution of remote codes of application operation in a browser of the device (e. g., a mobile terminal (1200) ) , according to an embodiment of the present disclosure. More specifically, reference designations to the elements in Fig. 4 may be referred to in order to better help understand the description of the flow chart in Fig. 2.
In an embodiment of the present disclosure, the method includes at least the following steps:
At step S101, in response to receiving an application operating instruction from a client (such as client (402) in Fig. 4) , triggering a browser (such as browser (401) in Fig. 4) to execute page codes. When a user operates an application (such as loading, clicking, and closing twitter, games and other applications) on a mobile terminal (such as mobile terminal (1200) in Fig. 1, or device (300) in Figs. 3 and 4) . The browser (401) may execute the page codes, such as JavaScript, to load, click, and close relevant page operations according to the user’s operating instructions.
At step S102, monitoring whether the page codes request to perform an action of calling a query class related interface during a process of executing the page codes by the browser (401) ; if yes, intercepting the action. In the embodiment of the present disclosure, the query class related interface may include but not limited to an interface of a query class function, and an interface of a method under a query class.
During the process of executing the page codes by the browser (401) , there is a monitoring of whether the page codes request to perform an action of calling a query class related interface or not; if yes, the action may be intercepted to avoid a bug which remote malicious codes may be executed to cause the malicious codes program to take over the mobile phone in order to tamper with and delete content of the mobile phone by other bugs.
Take an Android phone as an example, as described above, there is an addJavascriptInterface method in a WebView component of the Android system. The addJavascriptInterface method mainly aims at exporting a Java class or method such that JavaScript of the browser (401) may call the Java class or method. However, when calling the exported Java class, JavaScript may execute arbitrary Java codes  via reflection.
Additionally, in order to extend a kernel’s capability, the browser (401) generally may register a Java class via the addJavascriptInterface method which may provide the Java class for web pages and call the kernel’s function by JavaScript. Such addJavascriptInterface method may lead to a kind of bug, such as in a browser (401) . The browser (401) may provide application web pages after the user clicks on the web pages. JavaScript of the browser (401) may search for a class name by calling an interface of a query class function, or search for a method name by calling an interface of a method under a query class in order to execute malicious codes, thereby causing the malicious codes program to completely take over the mobile phone.
During the process of executing the page codes by the browser (401) , when it is monitored that the page codes request to perform an action of calling a query class related interface, the action may be intercepted, thus preventing remote codes from being executed in application operation and improving the security of operating an application on a browser (401) .
More specifically, in the specific implementation, for the above interface of a query class function and the interface of a method under a query class, the browser (401) may intercept the remote codes call made by the page codes via a query class and a method name while executing the page codes which may be applicable in the following several application scenes as examples.
In a first application scene (for an interface of a query class function) : the browser (401) may monitor whether the page codes request to perform an action of calling an interface of a query class function while executing the page codes; if yes, the browser (401) may return invalid calling information and report unusual calling of the page codes.
Take the Android phone as an example, if the query class function is getClass () , all class names registered via the addJavascriptInterface method may be needed to be obtained from the getClass ();as a method provided by the Android system, the getClass () cannot be reloaded or deleted. Therefore, it just needs to intercept the call to the getClass () function when the getClass () is called. When it is determined that JavaScript calls the getClass () , invalid information (null) may be returned and an execution exception of JavaScript may be reported, thereby causing the malicious codes to lose an ability of querying the registered class name.
In a second application scene (for an interface of a method under a query class) : the browser (401) may monitor whether the page codes request to perform an action of calling an interface of a  method under a query class while executing the page codes; if yes, the browser (401) may return invalid calling information to the page codes and report unusual calling of the page codes.
Take an Android phone as an example as well, in order to prevent malicious codes from bypassing a query class and directly finding out a method under the query class, the malicious codes may directly call a method of a static type and thus execute the remote codes. In this regard, an effective interception is thus requested to perform in all methods under the query class.
An Android system may provide a forName () for querying all methods under a class, so invalid information (null) may be returned when the forName () is called, and an execution exception of JavaScript may be reported, thereby causing the malicious codes to lose an ability of querying the injected class name.
In a third application scene (for a combination of an interface of a query class function and an interface of a method under a query class) : the browser (401) may monitor whether the page codes request to perform an action of calling an interface of a query class function, while executing the page codes. If yes, the browser (401) may return invalid calling information to the page codes and reporting unusual calling of the page codes. Otherwise, when the page codes do not request to perform the action of calling an interface of a query class function, the browser (401) may monitor whether the page codes request to perform an action of calling an interface of a method under a query class; if yes, the browser (401) may return invalid calling information to the page codes and report unusual calling of the page codes.
Take an Android phone as an example, through the following two steps, the program may completely intercept the remote codes call made by JavaScript via a query class and a method name.
First, all class names registered via the addJavascriptInternetface method are needed to be obtained by the getClass () . As a method provided by Android system, the getClass () cannot be reloaded or deleted. Therefore, it just needs to intercept the call to the getClass () method when the getClass () is called. When it is determined that JavaScript calls the getClass () , null is returned and an execution exception of JavaScript is reported, thereby causing the malicious codes to lose an ability of querying the injected class name.
Second, in order to prevent malicious codes from bypassing a query class and directly finding out a method under the query class, for example, the malicious codes may directly call a method of a static type and thus execute the remote codes. An effective interception should therefore be requested  to perform in all methods under the query class.
An Android system may provide a forName () for querying all methods under a class, thus, when the forName () may be called, null may be directly returned and an execution exception of JavaScript may be reported, thereby causing the malicious codes to lose an ability of querying the injected class name.
In the current technology for fixing a bug in Android JavaScript2Java mechanism, the general approach is to establish a white list. Each time when a browser (401) loads a web page, a lot of externally-linked JavaScript interfaces may be injected into the browser (401) . If the white list may be checked each time when the browser (401) is used, an additional burden may be imposed to the browser (401) when the browser (401) opens the page, therefore the speed of a first screen may be reduced, and certain negative experiences may be brought to users. Moreover, in the case that the kernel’s capability of the browser (401) is extended, the browser (401) may not be able to define a white list for such generic JavaScript interfaces.
Through the above solution, the method of the embodiment may effectively fix a bug in the Android JavaScript2Java mechanism, solve a security problem that remote codes may be executed due to the reflection class call made by JavaScript via a query class and a method name, and improves the security of operating an application on a browser (401) . At the same time, the method of the embodiment may not restrict the browser (401) from extending the kernel’s capability, and therefore may not affect the call to addJavascriptInterface function made by a third-party product interacting with JavaScript of the browser (401) . Moreover, the method of the embodiment may also avoid a defect that an additional burden may be imposed to the browser (401) when the browser (401) opens the page by adopting the white list method.
FIG. 3 is an exemplary functional block diagram illustrating a device (300) for preventing execution of remote codes of application operation in a browser (401) , according to an embodiment of the present disclosure. The device (300) may include at least a processor with circuitry (317) operating in conjunction with at least a memory (318) storing codes to be executed to perform functions as a plurality of modules, wherein the plurality of modules may include at least a response-triggering module (301) and an intercept module (302) .
The response-triggering module (301) in response to receiving an application operating instruction from a client (such as client (402) in Fig. 4) , may causes the device (300) to trigger a browser (401) to execute page.
The intercept module (302) may cause the device to monitor whether the page codes request to perform an action of calling a query class related interface during a process of executing the page codes by the browser (401) ; if yes, causes the device to intercept the action, wherein, the query class related interface may include one or both of: an interface of a query class function and an interface of a method under a query class.
Further, the intercept module (302) , in addition to causing the device to monitor whether the page codes perform the action of calling a query class related interface during the process of executing the page codes by the browser (401) ; if yes, causes the device to intercept the action, and further causes the device to return invalid calling information to the page codes and report unusual calling of the page code.
Further, the intercept module (302) , in addition to causing the device to monitor whether the page codes perform the action of calling the interface of the method under the query class, when it is monitored that the page codes do not request to perform the action of calling the interface of the query class function, if yes, the intercept module further causes the device to return invalid calling information to the page codes and report unusual calling of the page code.
Further, the intercept module (302) , in addition to causing the device to monitor whether the page codes perform the action of calling the interface of the method under the query class during the process of executing the page codes by the browser (401) , if yes, the intercept module (302) further causes the device to return invalid calling information to the page codes and report unusual calling of the page code.
Specifically, when the user operates an application in the device (300) or the mobile terminal (such as loading, clicking, and closing twitter, games and other applications) , the response-triggering module (301) of the browser (401) may execute the page codes, such as JavaScript, to load, click, and close relevant page operations according to the user’s operating instructions.
During the process of executing the page codes by the browser (401) , the intercept module (302) may monitor whether the page codes request to perform an action of calling a query class related interface; if yes, the action may be intercepted to avoid a bug which the remote malicious codes may be executed to cause the malicious codes program to take over the device (300) or the mobile phone in order to tamper with and delete contents of the mobile phone by other bugs.
FIG. 4 is a schematic chart illustrating an exemplary system (400) for preventing execution of  remote codes of application operation. The system (400) included at least a browser (401) and a client (402) . More specifically, the system (400) may be a combination of hardware and software, embedded within the device (300) for performing preventing execution of remote codes of application operation in the browser (401) . The client (402) may be a client application with program codes which may be executed by the processor circuitry (317) and interacts with the browser (401) of the device (300) .
The client (402) may be configured to operate an application and trigger the browser (401) to execute page codes. The browser (401) may be configured to respond to application operating instructions from the client (402) , trigger the execution of the page codes, and monitor whether the page codes request to perform an action of calling a query class related interface while executing the page codes; if yes, the browser (401) may intercept the action.
Specifically, when a user operates some applications (such as loading, clicking, and closing twitter, games and other applications) on an interface of the client (402) of a mobile terminal device (300) , the browser (401) may execute the page codes such as JavaScript, to load, click, and close relevant page operations according to the user’s operating instructions.
The browser (401) may monitors whether the page codes request to perform an action of calling a query class related interface when executing the page codes; if yes, the browser (401) may intercepts the action.
In the embodiment of the present disclosure, a query class related interface includes but not limited to an interface of a query class function, and an interface of a method under a query class.
The browser (401) may monitors whether the page codes request to perform an action of calling a query class related interface when executing the page codes; if yes, the browser (401) may intercept the action to avoid a bug which the remote malicious codes may be executed to cause the malicious codes program to take over the mobile phone device (300) in order to tamper with and delete content of the mobile phone device (300) and avoid damages caused by other bugs.
The above solutions described in embodiments of the method, device and system effectively fix a bug in the Android JavaScript2Java mechanism, solve a security problem that remote codes may be executed due to the reflection class call made by JavaScript via a query class and a method name, and improves the security of operating an application on a browser. At the same time, the method of the embodiment may not restrict the browser from extending the kernel’s capability, and therefore may not affect the call to addJavascriptInterface function made by a third-party product interacting with  JavaScript of the browser. Moreover, the method of the embodiment may also avoid a defect that an additional burden may be imposed to the browser when the browser opens the page by adopting the white list method.
It should be noted that in the present disclosure, the terms “include” , “comprise” or other similar expressions mean to contain other than consist of, so that the process, method, item, or device having a number of elements does not only has these elements, but also has other elements that are not clearly listed, or further has the inherent element/elements of this process, method, item, or device. Without any further limitation, the element limited by phase “includes a/an …” does not exclude other same element exists in this process, method, item, or device having this element.
The serial number of each embodiment of the present disclosure is only for description and is not intend to represent the merits of the corresponding embodiment. The sequence numbers of the above-mentioned embodiments may be intended only for description, instead of indicating the relative merits of the embodiments. It should be understood by those with ordinary skill in the art that all or some of the steps of the foregoing embodiments may be implemented by hardware, or software program codes stored on a non-transitory computer-readable storage medium with computer-executable commands stored within. For example, the disclosure may be implemented as an algorithm as codes stored in a program module or a system with multi-program-modules. The computer-readable storage medium may be, for example, nonvolatile memory such as compact disc, hard drive. ROM or flash memory. The computer-executable commands may enable a computer, a server, a smart phone, a tablet or any similar computing device to render clustering of phishing webpages operations.

Claims (16)

  1. A method for preventing execution of remote codes of application operation in a browser, comprising:
    in response to receiving an application operating instruction from a client, triggering a browser to execute page codes; and
    monitoring whether the page codes request to perform an action of calling a query class related interface during a process of executing the page codes by the browser; if yes, intercepting the action.
  2. The method of claim 1, wherein the query class related interface comprises one or both of: an interface of a query class function and an interface of a method under a query class.
  3. The method of claim 2, wherein the monitoring of whether the page codes request to perform the action of calling the query class related interface during the process of executing the page codes by the browser; and if yes, intercepting the action, comprises:
    monitoring whether the page codes request to perform the action of calling the interface of the query class function during the process of executing the page codes by the browser; if yes, intercepting the action, returning invalid calling information to the page codes and reporting unusual calling of the page codes.
  4. The method of claim 3, wherein the monitoring of whether the page codes request to perform the action of calling the query class related interface during the process of executing the page codes by the browser; and if yes, intercepting the action, further comprises:
    when the page codes do not request to perform the action of calling the query class related interface, monitoring whether the page codes request to perform the action of calling the interface of the method under the query class; if yes, returning the invalid calling information to the page codes and reporting the unusual calling of the page codes.
  5. The method of claim 2, wherein the monitoring of whether the page codes request to perform the action of calling the query class related interface during the process of executing the page codes by the browser; and if yes, intercepting the action, further comprises:
    monitoring whether the page codes request to perform the action of calling the interface of the method under the query class during the process of executing the page codes by the browser; if yes, returning the invalid calling information to the page codes and reporting the unusual calling of the page codes.
  6. A device for preventing execution of remote codes of application operation in a browser, at least a processor with circuitry operating in conjunction with at least a memory storing codes to be executed to request to perform functions as a plurality of modules, wherein the plurality of modules comprise:
    a response-triggering module, which in response to receiving an application operating instruction from a client, causes the device to trigger a browser to execute page codes; and
    an intercept module, which causes the device to monitor whether the page codes request to perform an action of calling a query class related interface during a process of executing the page codes by the browser; if yes, causes the device to intercept the action.
  7. The device of claim 6, wherein the query class related interface comprises one or both of: an interface of a query class function and an interface of a method under a query class.
  8. The device of claim 7, wherein the intercept module, in addition to causing the device to monitor whether the page codes request to perform the action of calling a query class related interface during the process of executing the page codes by the browser; if yes, causes the device to intercept the action, and further causes the device to return invalid calling information to the page codes and report unusual calling of the page codes.
  9. The device of claim 8, wherein the intercept module, in addition to causing the device to monitor whether the page codes request to perform the action of calling the interface of the method under the query class, when it is monitored that the page codes do not request to perform the action of calling the interface of the query class function, if yes, the intercept module further causes the device to return invalid calling information to the page codes and report unusual calling of the page codes.
  10. The device of claim 7, wherein the intercept module, in addition to causing the device to monitor whether the page codes request to perform the action of calling the interface of the method under the query class during the process of executing the page codes by the browser, if yes, the intercept module further causes the device to return invalid calling information to the page codes and report  unusual calling of the page codes.
  11. The device in anyone of claims 6-10, comprises a client to form a system for preventing execution of remote codes of application operation in the browser of the device, wherein:
    the client causes the device to operate the application and trigger the browser to execute page codes in the device.
  12. A non-transitory computer-readable storage medium, wherein the computer readable storage medium stores a program which comprises codes or instructions, when executed, causes a processor circuitry to request to perform preventing execution of remote codes of application operation in a browser of a device, the operations comprising:
    in response to receiving an application operating instruction from a client, triggering a browser to execute page codes; and
    monitoring whether the page codes request to perform an action of calling a query class related interface during a process of executing the page codes by the browser; if yes, intercepting the action.
  13. The non-transitory computer-readable storage medium according to claim 12, wherein the query class related interface comprises one or both of: an interface of a query class function and an interface of a method under a query class.
  14. The non-transitory computer-readable storage medium according to claim 13, wherein the monitoring of whether the page codes request to perform the action of calling the query class related interface during the process of executing the page codes by the browser; and if yes, intercepting the action, comprises:
    monitoring whether the page codes request to perform the action of calling the interface of the query class function during the process of executing the page codes by the browser; if yes, intercepting the action, returning invalid calling information to the page codes and reporting unusual calling of the page codes.
  15. The non-transitory computer-readable storage medium according to claim 14, wherein the monitoring of whether the page codes request to perform the action of calling the query class related interface during the process of executing the page codes by the browser; and if yes, intercepting the  action, further comprises:
    when the page codes do not request to perform the action of calling the query class related interface, monitoring whether the page codes request to perform the action of calling the interface of the method under the query class; if yes, returning the invalid calling information to the page codes and reporting the unusual calling of the page codes.
  16. The non-transitory computer-readable storage medium according to claim 13, wherein the monitoring of whether the page codes request to perform the action of calling the query class related interface during the process of executing the page codes by the browser; and if yes, intercepting the action, further comprises:
    monitoring whether the page codes request to perform the action of calling the interface of the method under the query class during the process of executing the page codes by the browser; if yes, returning the invalid calling information to the page codes and reporting the unusual calling of the page codes.
PCT/CN2014/092724 2013-12-06 2014-12-01 Method, device and system for preventing execution of remote codes of application operation in a browser WO2015081829A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310659151.3 2013-12-06
CN201310659151.3A CN104700031B (en) 2013-12-06 2013-12-06 Method, device and system for preventing remote code from being executed in application operation

Publications (1)

Publication Number Publication Date
WO2015081829A1 true WO2015081829A1 (en) 2015-06-11

Family

ID=53272881

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/092724 WO2015081829A1 (en) 2013-12-06 2014-12-01 Method, device and system for preventing execution of remote codes of application operation in a browser

Country Status (3)

Country Link
CN (1) CN104700031B (en)
TW (1) TW201523321A (en)
WO (1) WO2015081829A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109885430A (en) * 2019-02-20 2019-06-14 广州视源电子科技股份有限公司 Restorative procedure, device, repair system, equipment and the medium of system security risk

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107798244B (en) * 2016-09-07 2020-09-04 杭州萤石网络有限公司 Method and device for detecting remote code execution vulnerability

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102868690A (en) * 2012-09-13 2013-01-09 北京航空航天大学 Method and system for WEB service isolation and detection
CN103207969A (en) * 2013-04-12 2013-07-17 百度在线网络技术(北京)有限公司 Device and method for detecting Android malware

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007117582A2 (en) * 2006-04-06 2007-10-18 Smobile Systems Inc. Malware detection system and method for mobile platforms
US8201245B2 (en) * 2007-12-05 2012-06-12 International Business Machines Corporation System, method and program product for detecting computer attacks
KR100961146B1 (en) * 2008-02-01 2010-06-08 주식회사 안철수연구소 Method and system for decoding malicious script code
CN101964026A (en) * 2009-07-23 2011-02-02 中联绿盟信息技术(北京)有限公司 Method and system for detecting web page horse hanging
CN102164138A (en) * 2011-04-18 2011-08-24 奇智软件(北京)有限公司 Method for ensuring network security of user and client
CN102831358B (en) * 2012-09-21 2016-03-30 北京奇虎科技有限公司 A kind of method and device preventing webpage tamper
CN103020266B (en) * 2012-12-25 2016-06-29 北京奇虎科技有限公司 The method and apparatus that webpage text content is extracted

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102868690A (en) * 2012-09-13 2013-01-09 北京航空航天大学 Method and system for WEB service isolation and detection
CN103207969A (en) * 2013-04-12 2013-07-17 百度在线网络技术(北京)有限公司 Device and method for detecting Android malware

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109885430A (en) * 2019-02-20 2019-06-14 广州视源电子科技股份有限公司 Restorative procedure, device, repair system, equipment and the medium of system security risk

Also Published As

Publication number Publication date
TW201523321A (en) 2015-06-16
CN104700031A (en) 2015-06-10
CN104700031B (en) 2019-12-13

Similar Documents

Publication Publication Date Title
US11099900B2 (en) Memory reclamation method and apparatus
US10187872B2 (en) Electronic device and method of providing notification by electronic device
US9800609B2 (en) Method, device and system for detecting malware in a mobile terminal
US20220357845A1 (en) Split-screen display method and electronic device
US10186244B2 (en) Sound effect processing method and device, plug-in unit manager and sound effect plug-in unit
US9584476B2 (en) Safety protection method, firewall, terminal device and computer-readable storage medium
US20170199662A1 (en) Touch operation method and apparatus for terminal
WO2015096747A1 (en) Operation response method, client, browser and system
WO2019218124A1 (en) Method for automatically switching sim cards, and electronic apparatus
WO2014206143A1 (en) Method, apparatus and device for displaying number of unread messages
EP2979177B1 (en) Method for controlling process of application and computer system
KR102475230B1 (en) Method for controlling communication network connection, storage medium and electronic device therefor
US20150169874A1 (en) Method, device, and system for identifying script virus
US20190213241A1 (en) Web page display method and apparatus, mobile terminal, and storage medium
WO2014161353A1 (en) Method for starting process of application and computer system
WO2014173167A1 (en) Method, apparatus and system for filtering data of web page
WO2015078264A1 (en) Safety protection method and device, and terminal
CN106547844A (en) A kind for the treatment of method and apparatus of user interface
WO2018024138A1 (en) Method, device, terminal and computer storage medium for detecting malicious website
US9582584B2 (en) Method, apparatus and system for filtering data of web page
JP5997848B2 (en) Mobile terminal resource processing method, apparatus, client-side computer, server, mobile terminal, program, and recording medium
US9742901B2 (en) Method, apparatus and terminal device for obtaining call log
US20160314036A1 (en) Method and Apparatus for Repairing Dynamic Link Library File
WO2015081829A1 (en) Method, device and system for preventing execution of remote codes of application operation in a browser
US10599866B2 (en) Method and system for protecting personal information based on mobile terminal and the mobile terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14867124

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC ( EPO FORM 1205A DATED 04/11/2016 )

122 Ep: pct application non-entry in european phase

Ref document number: 14867124

Country of ref document: EP

Kind code of ref document: A1