WO2015184891A1 - Procédé de gestion et de contrôle de sécurité, appareil et système pour système android - Google Patents

Procédé de gestion et de contrôle de sécurité, appareil et système pour système android Download PDF

Info

Publication number
WO2015184891A1
WO2015184891A1 PCT/CN2015/074647 CN2015074647W WO2015184891A1 WO 2015184891 A1 WO2015184891 A1 WO 2015184891A1 CN 2015074647 W CN2015074647 W CN 2015074647W WO 2015184891 A1 WO2015184891 A1 WO 2015184891A1
Authority
WO
WIPO (PCT)
Prior art keywords
security management
android
terminal
trusted
kernel
Prior art date
Application number
PCT/CN2015/074647
Other languages
English (en)
Chinese (zh)
Inventor
张敏
何剑
罗志云
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2015184891A1 publication Critical patent/WO2015184891A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Definitions

  • the invention relates to the technical field of security management and control of an Android system, and in particular to a security management and control method, device and system thereof for an Android system.
  • the smart terminal device adopting the Android system not only exhibits explosive growth in the number of terminals, but also has various types of terminals involved.
  • the Android system is not only applied to smart phone devices, but also can be applied to a television set top box.
  • Terminal devices such as car navigation devices and wearable devices.
  • Android is an open source mobile operating system based on Linux platform announced by Google (Google Inc.) on November 5, 2007.
  • the platform consists of operating system, middleware, user interface and application software. It adopts the architecture of Software Stack (aka Software Stack), which is mainly divided into three parts.
  • the underlying layer is based on the work of the Linux kernel. It is developed by the C language and provides only basic functions.
  • the middle layer includes the library and the virtual machine Virtual Machine, which are usually developed in C++.
  • the top layer is a variety of application software, including call programs, SMS programs, etc., the application software is developed by each company, usually with Java as part of the program.
  • the related art 1 discloses a security monitoring system for an Android system, the system comprising: a configuration management unit configured to configure a security policy; and a centralized management unit configured to be secure A policy to perform security detection; and a plurality of detection units, each of the detection units being configured to detect, by the centralized management unit, whether the application to be executed is secure, wherein the plurality of detection units are located at different levels in the Android system.
  • the technical solution can effectively prevent unauthorized non-secure acquisition of resources, data and access behavior of the Android system, and greatly improve the security of the Android system.
  • its disadvantage is that the technical solution is only The local and local hardening of the kernel and the system will make the software system of the entire terminal tend to be solidified, and it is impossible to perform a trusted upgrade of the software version function or dynamically adjust the security policy.
  • Related Art 2 discloses a security access control method based on an Android terminal, the method comprising: first setting a security policy publisher on a primary server side, and setting a security policy loader on an Android terminal; the security policy loader adopting an air interface protocol And the HTTP protocol communicates with the security policy publisher, receives the message pushed by the security policy publisher; secondly configures the global security policy in the Android terminal; finally, the primary server issues an instruction to the Android terminal, and the Android terminal receives and executes the instruction issued by the primary server, The method does not require the participation of Android terminal users, and automatically loads the global security policy when booting to ensure the minimum security target of the system.
  • the related art 2 prevents the tampering by writing the security policy loader to the kernel on the Android terminal, and then receives the message pushed by the security policy publisher, and then deploys the security policy.
  • its shortcomings are: First, it does not achieve more in-depth research on the anti-tampering of the terminal system, and can not avoid the risk of cracking caused by the entire software kernel being completely brushed; secondly, there is no solution between the security policy issuer and the security policy issuer.
  • the network communication security problem, the so-called security policy publisher may be forged; in addition, the technical solution does not mention how the security policy loader is upgraded with the kernel.
  • Related Art 3 discloses a smart device having a mobile terminal operating system and a desktop operating system.
  • a desktop operating system and a mobile terminal operating system interactive verification operation mode are introduced, and the disadvantage thereof is that it cannot Solve the problem of safe startup of the terminal device after the network is disconnected, and the security of the terminal is greatly reduced when the terminal is operated independently.
  • an object of the embodiments of the present invention is to provide a security management and control method and apparatus for an Android system and a system thereof.
  • a security management method for an Android system for security management of a server including:
  • the security management policy refers to a trusted operation behavior applied to the Android system and the KERNEL kernel included in the Android terminal.
  • the security management policy includes one or more of the following: installing a trusted application, forcibly uninstalling an illegal application, and modifying the SELinux permission rule of the KERNEL kernel and the iptables network firewall rule to improve security purposes. Monitor the illegal cracking behavior of the Android terminal and alarm, scan the peripherals of the Android terminal for viruses, trigger the Android terminal to upgrade the trusted software version.
  • the method before the step of dynamically sending the corresponding security management policy file to the target Android terminal according to the security management policy adjustment instruction, the method further includes:
  • the step of dynamically transmitting the corresponding security management policy file to the target Android terminal according to the security management policy adjustment instruction includes:
  • the security management policy file does not modify the trusted kernel of the target Android terminal, and does not need to modify the key file protected by the trusted kernel in the Android system, the security management policy file is directly delivered to the security management policy file.
  • the method further includes: if the security management policy file is modified to a trusted kernel of the target Android terminal and/or a protected portion of the Android system, calculating a kernel digital summary after implementing the security management policy And the Android system file monitoring credentials, and the new kernel digital summary and Android system file monitoring credentials are encrypted with a private password, and the digital certificate of the server certificate is digitally signed, and then the core digital summary and Android system file monitoring will be encrypted after the signature.
  • the credential is sent to the security management agent module of the target Android terminal.
  • a security management method for an Android system for security management of a server including:
  • the terminal software version upgrade file includes: a new trusted kernel, a new Android version of the IMA file verification policy, and a new trusted kernel.
  • the method further includes
  • a security management method for an Android system for an Android terminal including:
  • the current security management status information is reported in real time.
  • the security management policy refers to a trusted operation behavior applied to an Android system and a KERNEL kernel that are at least included in the Android terminal.
  • the security management policy includes one or more of the following: installing a trusted application, forcibly uninstalling an illegal application, and modifying the SELinux permission rule of the KERNEL kernel and the iptables network firewall rule to improve security purposes. Monitor the illegal cracking behavior of the Android terminal and alarm, scan the peripherals of the Android terminal for viruses, trigger the Android terminal to upgrade the trusted software version.
  • the method further includes:
  • the file is executed after receiving the security management policy file delivered by the security management server.
  • the method further includes:
  • the new kernel digital digest is injected into the trusted BOOT of the Android terminal, and the new Android system file monitoring credentials are injected. Go to the trusted kernel of the Android terminal;
  • the trusted BOOT and trusted kernel of the Android terminal decrypt and trust the new digital digest and file monitoring credentials by a private password.
  • the step of guiding the verification is further included:
  • the hardware trust root After the Android terminal is powered on, the hardware trust root performs digital digest verification on the trusted BOOT of the Android terminal, and the trusted BOOT of the Android terminal verifies the trusted kernel, and the trusted kernel of the Android terminal Timed or on-demand file integrity verification of the security management agent part and the Android regular framework.
  • the hardware trust root controls the conventional hardware to perform a power-off operation or prevents the Android terminal from continuing the boot-up operation on the software.
  • a security management method for an Android system for an Android terminal including:
  • the current security management status information is reported in real time.
  • the method further includes:
  • the security management agent module of the Android terminal After receiving the software version upgrade file, the security management agent module of the Android terminal acquires an upgrade license of the Android terminal;
  • the security management agent module of the Android terminal injects a new trusted kernel digital digest into the trusted BOOT of the Android terminal, decrypts by a private password, and from the hardware trust root of the Android terminal. Obtain a certificate and verify the new kernel;
  • the Android terminal downloads a new kernel version, an Android version, and a new security management agent module to the peripheral device of the Android terminal through a website downloading manner, and performs a system on the Android terminal through a website-directed brush operation. upgrade;
  • the new trusted kernel is successfully started by the trusted BOOT, and the Android terminal also loads a new Android version and a new terminal security management agent module.
  • An Android terminal includes: a network management protocol terminal module, a security management agent module, a trusted boot device BOOT, and a hardware trust root, wherein
  • the network management protocol terminal module is configured to: collect the terminal information and the security management server Communication interaction;
  • the security management agent module is configured to: receive and execute a security management policy issued by the security management server, and feed back the security control status of the terminal to the security management server;
  • the hardware trust root is configured to: store the unique identity information of the terminal and the issuing root certificate of the security management server digital certificate.
  • the hardware trust root is the trusted BOOT.
  • the terminal further includes a trusted boot device BOOT and a trusted kernel, where
  • the hardware trust root is further configured to: store digital summary information of the trusted BOOT;
  • the trusted BOOT is configured to: store digital summary information of the trusted kernel;
  • the trusted kernel is configured to verify the integrity of the Android system file and the integrity of the security management agent module.
  • the security management and control method of the technical solution of the present invention forms a complete and firm trust chain from the hardware trust root to the digital certificate center of the security management server, through a trusted interaction process between modules, and Compared with related technologies, it not only achieves the unbreakable effect of the Android terminal on the software, but also achieves the flexibility of flexibly adjusting the terminal security policy and the trusted upgrade terminal software version, ensuring the security management and control while improving the user experience and reducing the follow-up. The cost of upgrading maintenance.
  • FIG. 1 is a schematic structural diagram of a module of an Android terminal device according to an embodiment of the present invention.
  • FIG. 2 is a schematic structural diagram of a module of a server in an embodiment of the present invention.
  • FIG. 3 is a schematic flowchart of a method for performing secure boot verification in an Android terminal device booting startup process and implementing security monitoring in continuous operation according to an embodiment of the present invention
  • FIG. 4 is a diagram of the security management and control policy on the terminal that needs to be initiated on the server in the embodiment of the present invention. Or initiating a software version update of the terminal, and a schematic diagram of the implemented method flow;
  • a security management policy is implemented, that is, a schematic diagram of an implementation process of installing a trusted application store
  • FIG. 6 is a schematic diagram of another implementation manner of the security management method provided by the present invention. After the trusted boot of the old version of the Android terminal is ensured, the implementation process of triggering the upgrade of the trusted software is performed on the entire terminal.
  • the embodiment of the present invention provides a trusted dynamic interaction between the hardware root of the terminal device and the remote security management server. Method and system for safety control. Therefore, while the hardware-based terminal Android software system is unbreakable, the security status of the terminal can be reported in real time, and the security management policy of the terminal is dynamically adjusted through the remote server, and the terminal device is allowed to perform the function upgrade of the trusted software version. .
  • the hardware trust root of the terminal device forms a complete trust chain between the digital certificate center of the remote control server, and the security management policy of the terminal device can be flexibly and credibly adjusted remotely;
  • the method of issuing the private password after the encryption process can modify the digest credentials from the hardware to the kernel integrity check when the terminal device starts, so that the terminal device can trust the new version/new function modification and implement the version/function upgrade.
  • the security management system of the embodiment of the present invention includes a terminal part of the Android system and a security management server part. The two are connected through a network, and the security management server can simultaneously manage and maintain multiple Android system terminals.
  • the specific module structure is as follows:
  • an Android system terminal device includes:
  • the conventional Android framework software system 101 includes a CPU, a memory unit, a wireless module, and the like.
  • the Android system terminal device further includes:
  • the network management protocol terminal module 103 is configured to: collect terminal device information and perform communication interaction with the network management protocol server module of the security management server.
  • the network management protocol terminal module 103 optionally implements interaction with the management server by using a terminal of the TR069 network management protocol system.
  • the security management agent module 104 is configured to: receive and execute a security management policy delivered by the security management server, and feed back the security management status of the terminal to the security management server.
  • the security management policy refers to trusted operation behaviors applied to other components such as the Android system and the KERNEL kernel, including but not limited to: installing trusted applications, forcibly uninstalling illegal applications, SELinux permission rules for the kernel, and iptables network firewall rules. Make beneficial modifications to improve security purposes, monitor terminal illegal cracking behaviors and alarms, scan peripherals for viruses, and trigger terminals to upgrade trusted software versions.
  • the hardware trust root 105 is configured to: store the unique identity information of the terminal, manage the issuing root certificate of the server digital certificate, and the digital summary information of the trusted boot (BOOT) 106 used to verify the BOOT.
  • BOOT trusted boot
  • the hardware trust root 105 stores the above content using a trusted chip or card peripheral provided by the hardware.
  • the hardware trust root 105 can store these contents in the form of fingerprints or irises.
  • Trusted Bootstrap (BOOT) 106 A digital digest complete check of the Trusted Bootstrap (BOOT) 106 by the hardware trust root 105 is therefore trusted. At the same time, the trusted boot (BOOT) 106 contains digital summary information of the trusted kernel, which can be used to verify the kernel when the system boots.
  • the trusted boot (BOOT) 106 has been considered sufficiently secure, the functionality of the hardware trust root 105 can be integrated into the trusted boot (BOOT) 106, The Bootable Boot (BOOT) 106 is considered to be a trusted root and does not need to be verified.
  • the Trusted Bootstrap (BOOT) 106 can directly carry the signed root certificate of the security management server digital certificate and the unique identity information of the terminal.
  • the trusted KERNEL kernel 107 which has been digitally verified by the trusted boot (BOOT) 106, is therefore a trusted kernel. It is configured to perform timing verification or access verification on the integrity of the Android system file and the integrity of the security management proxy module 104.
  • the verification mechanism optionally adopts an IMA (integrity measurement architecture) technology. Provides integrity measurement and verification of system critical files/directories and block devices, including the security management agent module 104.
  • the security management server end of the embodiment of the present invention includes: a security management server and a secure digital authentication center 205, wherein:
  • the security management server includes a network management protocol server module 201, a security policy management module 202, a terminal general management module 203, and a background database module 204, wherein
  • the network management protocol server module 201 can implement the network management protocol for coordinated management of multiple terminal devices on the server side.
  • the network management protocol server module 201 can adopt the implementation of the TR069 protocol on the server side, and can support the management of the status of a large number of Android terminals (for example, up to hundreds of thousands of terminals).
  • the security policy management module 202 analyzes and processes the security policy requirements, arranges an execution plan, and collects feedback results.
  • the terminal general management module 203 is configured to: collect information, manage classification, online status, log collection management, and the like on the basic state of the terminal device.
  • the background database module 204 is configured to: provide a database service such as a storage query to the security management server.
  • the secure digital certificate center 205 is configured to: store and maintain digital certificates, private keys, private passwords, etc. of the security management server, and unify the digital certificate revocation and release of the terminal device.
  • the digital certificate authority can be properly isolated from the security management server to ensure its security.
  • the network management protocol terminal module 103 is connected to the security management proxy module 104 to provide the capability of interacting with the security management server, and the Android terminal device can read the digital certificate information from the hardware trust root 105. And thus the SSL encryption connection process The identity of the security management server is verified, and the hardware trust root 105 is also accessed, and the terminal identity information in the hardware trust root 105 is managed by the security management server.
  • the hardware trust root 105 performs a digital digest check on the trusted boot (BOOT) 106, the trusted boot (BOOT) 106 in turn verifies the trusted KERNEL kernel 107, and the trusted KERNEL kernel 107 re-administers the security management proxy module 104.
  • the Android regular framework for timing or on-demand file integrity verification.
  • the hardware trust root 105 and the conventional hardware 102 are also associated, and the power can be turned off in time when a security exception occurs.
  • the function of the security management agent module 104 has a core meaning in the embodiment of the present invention. On the one hand, it can access other modules of the terminal, and applies specific security management policies. On the other hand, it can also be obtained from the security management server.
  • a new version of the integrity check credential that has been privately signed by the private password and the server (integrity check credentials include BOOT's digital digest, kernel's digital digest, and digital summary information for Android system files), and the signed new The version integrity check credentials are injected into the hardware trust root 105, the trusted boot BOOT 106, and the trusted KERNEL kernel 107, respectively, so that the new version is accepted.
  • the background database module 204 and the secure digital certificate center 205 are located in the background, and provide services for the security policy management module 202 and the terminal general management module 203.
  • the two management modules of the backend database module 204 and the secure digital certificate center 205 are While providing the user with an operation interface, the network management protocol server module 201 is also used to obtain contact with the Android terminal device.
  • the above server-side architecture is only for explaining the basic principle structure of the present invention.
  • the server has many additional functions, such as a web service, a remote access service, a file download service, etc., and the actual interaction between these modules is also It will be more complicated, and these are extensions of specific implementations, and those skilled in the art can implement the extension based on the invention and common general knowledge of the present invention, and details are not described herein again.
  • the boot verification process includes the following steps:
  • Step 301 The terminal device is powered on, and the hardware trust root 105 and the conventional hardware 102 start to operate.
  • the hardware trust root does not have to be started immediately upon power up.
  • Step 302 The hardware trust root 105 calculates and compares the integrity of the trusted director BOOT according to the trusted director (BOOT) digital digest value.
  • Step 303 If the hardware trust root 105 finds that the trusted director BOOT 106 has been tampered with, the conventional hardware 102 is contacted to turn off the power supply, and the boot process is interrupted, and the process proceeds to step 305. If the trusted boot BOOT 106 has not been tampered with, then go to step 304.
  • Step 304 The trusted KERNEL kernel 107 is normally loaded, the trusted boot BOOT 106 starts and starts to boot the trusted KERNEL kernel 107, and the trusted boot BOOT 106 calculates and compares the integrity of the kernel with the digital digest value of the trusted KERNEL kernel. Sex.
  • Step 305 Terminate the system loading process.
  • Step 306 Determine whether the trusted KERNEL kernel 107 has been tampered with. If the trusted boot device BOOT 106 finds that the trusted KERNEL kernel 107 has been tampered with, then go to step 305, restart the device or lock the system to pop up a user prompting alarm; if the trusted KERNEL If the kernel 107 has not been tampered with, then go to step 307.
  • Step 307 After the trusted KERNEL kernel 107 is loaded, the security management agent module 104 of the Android and Android terminals continues to be loaded.
  • Step 308 The terminal security management agent module 104 starts, reads the digital certificate information from the hardware trust root, and obtains the SSL authentication encryption link with the security management server by using the TR069 network management protocol.
  • Step 309 The trusted KERNEL kernel 107 initiates a file integrity verification mechanism.
  • the IMA monitoring mechanism may be used, and the Android system key file and the security management agent module 104 may be monitored for tampering by timing monitoring or by access.
  • Step 310 Determine whether the key file of the Android system has been tampered with, and if yes, perform steps 311-312; otherwise, go to step 313.
  • Step 311 If the key file of the Android system is found to have been tampered with, the file tampering information is encrypted by the security management agent module 104 through the private password and SSL, and then sent to the security management server to confirm whether it is a false alarm.
  • Step 312 If the security management server is not available for a certain period of time or the security management server does not exempt the modification, the trusted KERNEL kernel 107 issues an alarm to the user or locks the system. In other application scenarios, the server may also be pre- The sent security policy selects the log or does not process it for the time being.
  • Step 313 Determine whether the security management proxy module 104 has been tampered with. If yes, the trusted KERNEL kernel 107 is required to immediately issue an alarm to the user or immediately lock the system. If the security management server exempts the Android system file modification, Then continue normal operation, go to step 314.
  • Step 314 If the security management agent module 104 itself has not been tampered with, and the Android system key files have not been tampered with or falsified by the security management server, the Android system maintains a normal running state.
  • Step 400 When the security management server detects that the security management policy of the terminal needs to be adjusted, it determines that the target scope of the terminal needs to be executed, and starts to actively access the specified terminal device.
  • Step 401 Determine whether the new security management policy will be modified to the kernel or the protected file of the Android system. If yes, go to step 403. Otherwise, go to step 402.
  • Step 402 If the new security management policy does not modify the trusted kernel of the terminal, and does not need to modify the key files protected by the trusted kernel of the Android system. Then, the security management server directly issues the management policy to the security management agent module, and the security management agent module executes the implementation after receiving the process, and the process ends.
  • Step 403 If the new security management policy is modified to the KERNEL kernel, or the protected portion of the Android system, the security management server calculates the kernel digital digest and the Android system file monitoring credentials after implementing the security policy in advance.
  • Step 404 The security management server side monitors the new kernel digital digest and the system file (the system file monitoring credential in the embodiment may be a digital digest information of a series of monitored files maintained by the IMA file monitoring system), and these Encrypt with a private password and use the server license The private key of the book is digitally signed.
  • the system file monitoring credential in the embodiment may be a digital digest information of a series of monitored files maintained by the IMA file monitoring system
  • Step 405 The security management server sends the above calculation result to the security management agent module of the terminal through the SSL secure channel.
  • Step 406 The security management agent module injects a new kernel digital digest into the trusted director BOOT. Inject new Android system file monitoring credentials into the KERNEL kernel.
  • Step 407 The terminal BOOT and KERNEL kernel of the terminal decrypt and trust the new digital digest and file monitoring credentials by the above private password.
  • Step 408 The security management server sends a new terminal security management policy, modifies the KERNEL kernel and the Android file, and modifies the KERNEL kernel and the Android file, that is, the method of directly modifying the security control proxy module, and also allows the terminal user to After downloading the new version of the software on a specific website, it can be updated and modified by other means by brushing into the terminal device. At the time of the next device reboot and file security verification, new summaries and credentials will be adopted, so no falsification of false positives will occur.
  • the method shown in FIG. 4 may also be used, and the description will be omitted.
  • the control method in the software version upgrade may also adopt the method as shown in FIG. 6 .
  • Step 501 Referring to the process of FIG. 1, the terminal starts according to the level-by-level integrity verification from the hardware trust root to the kernel, and the trusted kernel starts to use the IMA to continuously monitor the integrity of the terminal Android system file, and the security management agent module passes the network management protocol server. The module makes SSL connections to the management server.
  • Step 502 The security management server side calculates the file monitoring credentials of the application store in advance, and the kernel digital summary after installing the digital certificate, to obtain a calculation result.
  • Step 503 Encrypt the calculation result with a private password, and simultaneously use the certificate of the management server. Line signature.
  • the security management agent module delivered to the terminal through SSL encryption.
  • Step 504 The security management agent module of the terminal sends the application store file summary information to the kernel IMA file monitoring system, and sends the kernel digital summary after the application of the digital certificate to the boot device BOOT.
  • Step 505 The IMA and the BOOT decrypt the private password and obtain the root certificate of the server-side certificate from the hardware trust root, verify the information of the application store file, and also use the kernel after installing the new mall certificate.
  • Step 506 After the security management server confirms that the terminal has received the information, the security management agent module of the terminal downloads and implements installing a new application store and modifying the kernel injection application to verify the digital certificate.
  • Step 507 After the modification, the new kernel has been adopted by BOOT, and can be correctly booted, and the new application store can also operate normally, because it also incorporates the integrity protection of the new kernel IMA file monitoring system.
  • the method can be applied to the security management and control method when the security management policy is changed, that is, the method described in FIG. 4, and can also be applied to the security management and control method in the software version upgrade, that is, the method described in FIG. 6, and details are not described herein again. .
  • the management server end triggers a trusted upgrade of the software version of the entire terminal, that is, the software modules except the BOOT in this embodiment are all Need to be replaced. It is worth noting that the general system upgrade does not need to modify the upgrade BOOT.
  • Step 601 Referring to the process of FIG. 1, the terminal starts according to the level-by-level integrity verification from the hardware trust root to the kernel, and the trusted kernel starts to use the IMA to continuously monitor the integrity of the terminal Android system file, and the security management agent module passes the network management protocol server. The module makes SSL connections to the management server.
  • Step 602 The security management server prepares a new trusted kernel in advance, and the new Android version of the IMA file verification policy is to be merged into the new trusted kernel.
  • Step 603 The security management server calculates the digital summary information of the new version of the trusted kernel, encrypts the calculation result with a private password, and simultaneously signs the certificate of the management server.
  • the security management agent module delivered to the terminal through SSL encryption.
  • Step 604 The security management agent module of the terminal knows that the entire system is about to be updated, and obtains an upgrade license of the terminal user through a pop-up interface.
  • Step 605 After the user permits, the security management agent module of the terminal injects a new trusted kernel digital digest into the BOOT, decrypts the private password and obtains the certificate from the hardware trust root, and verifies the new kernel.
  • Step 606 The user downloads the new kernel version, the Android version, and the new security management agent module to the peripherals such as the U disk and the TF card through the website downloading manner, and performs system upgrade through the website-driven brush operation.
  • Step 607 After the machine is flashed, the new trusted kernel is picked up by the BOOT and started normally. At the same time, the new Android version and the security management agent module of the terminal are also loaded. The new trusted kernel normally performs IMA tamper-proof monitoring on the new Android file system and the terminal security management agent module.
  • the embodiment of the invention discloses a security management and control method for an Android system, including:
  • the security management policy refers to a trusted operation behavior applied to the Android system and the KERNEL kernel that are included in the terminal device.
  • the security management policy includes: installing a trusted application, forcibly uninstalling an illegal application, modifying the SELinux permission rule of the KERNEL kernel, and modifying the security rule of the iptables network firewall rule, monitoring the illegal cracking behavior of the terminal device, and alerting Scan the peripherals of the terminal device for viruses, trigger the terminal device to upgrade the trusted software version.
  • the embodiment of the invention also discloses a computer program, comprising program instructions, when the program instruction is executed by a computer, enabling the computer to perform the security control of any of the above Android systems. method.
  • the embodiment of the invention also discloses a carrier carrying the computer program.
  • the embodiment of the invention also discloses a security management device for an Android system, comprising an instruction receiving unit and a processing unit, wherein:
  • the instruction receiving unit is configured to: receive an adjustment instruction of a security management policy or a terminal software version upgrade instruction;
  • the processing unit is configured to dynamically send the security management policy file or the terminal software version upgrade file corresponding to the instruction to the target terminal device according to the adjustment instruction of the security management policy or the terminal software version upgrade instruction.
  • the security management policy refers to a trusted operation behavior applied to the Android system and the KERNEL kernel that are included in the terminal device.
  • the security management policy includes: installing a trusted application, forcibly uninstalling an illegal application, modifying the SELinux permission rule of the KERNEL kernel, and modifying the security rule of the iptables network firewall rule, monitoring the illegal cracking behavior of the terminal device, and alerting Scan the peripherals of the terminal device for viruses, trigger the terminal device to upgrade the trusted software version.
  • the embodiment of the invention also discloses a server, which comprises the security management device of any Android system described above.
  • the embodiment of the invention also discloses a security management and control method for the Android system, including:
  • the current security management status information is reported in real time.
  • the security management policy refers to that the terminal device includes at least a trusted operation behavior applied to the Android system and the KERNEL kernel.
  • the security management policy includes: installing a trusted application, forcibly uninstalling an illegal application, modifying the SELinux permission rule of the KERNEL kernel, and modifying the security rule of the iptables network firewall rule, monitoring the illegal cracking behavior of the terminal device, and alerting Scan the peripherals of the terminal device for viruses, trigger the terminal device to upgrade the trusted software version.
  • the method before performing the foregoing step of dynamically receiving the security management policy file or the terminal software version upgrade file, the method further includes:
  • the hardware trust root After the terminal device is powered on, the hardware trust root performs digital digest verification on the trusted boot device BOOT, the trusted boot device BOOT verifies the KERNEL kernel, and the KERNEL kernel performs regular or on-demand security management agent and Android regular framework. File integrity check.
  • the method further includes:
  • the hardware trust root controls the conventional hardware to perform a power down operation or to prevent the device from continuing to boot the boot operation.
  • the embodiment of the invention further discloses a computer program, comprising program instructions, which when executed by the computer, enable the computer to execute the security management method of any of the above Android systems.
  • the embodiment of the invention also discloses a carrier carrying the computer program.
  • the embodiment of the invention further discloses a security management device for an Android system, comprising a file receiving unit and a reporting unit, wherein
  • the file receiving unit is configured to: dynamically receive a security management policy file or a terminal software version upgrade file, and perform a security management policy or a terminal software version upgrade corresponding to the file;
  • the reporting unit is configured to: report current security management status information in real time.
  • the security management policy refers to a trusted operation behavior applied to the Android system and the KERNEL kernel that are included in the terminal device.
  • the security management policy includes: installing a trusted application, forcibly uninstalling an illegal application, modifying the SELinux permission rule of the KERNEL kernel, and modifying the security rule of the iptables network firewall rule, monitoring the illegal cracking behavior of the terminal device, and alerting Scan the peripherals of the terminal device for viruses, trigger the terminal device to upgrade the trusted software version.
  • the device further includes a verification unit, wherein
  • the verification unit is configured to: after the terminal device is powered on, the hardware trust root performs digital digest verification on the trusted boot device BOOT, the trusted boot device BOOT verifies the KERNEL kernel, and the KERNEL kernel re-administers the security control proxy portion. And the Android regular framework for timing or on-demand file integrity verification.
  • the device further includes a security execution unit, wherein
  • the security execution unit is configured to notify the hardware trust root to control the conventional hardware to perform the power-off operation when it is determined that an abnormality occurs during the boot verification process.
  • the embodiment of the invention further discloses a terminal device, which comprises the security management device of any Android system described above.
  • the embodiment of the invention also discloses a security management system for an Android system, comprising a server and a terminal device, wherein:
  • the server is configured to: receive a security management policy adjustment instruction or a terminal software version upgrade instruction, and dynamically send a security management policy file or a terminal software version upgrade corresponding to the instruction according to the security management policy adjustment instruction or the terminal software version upgrade instruction.
  • the terminal device is configured to: dynamically receive the security management policy file or the terminal software version upgrade file, and perform the security management policy or the terminal software version upgrade corresponding to the file, and report the current security management state information in real time.
  • the security management and control method of the technical solution of the present invention forms a complete and firm trust chain from the hardware trust root to the digital certificate center of the security management server, and through the trusted interaction process between the modules, compared with related technologies, It not only achieves the unbreakable effect of the Android terminal on the software, but also achieves the flexibility of flexibly adjusting the terminal security policy and the trusted upgrade terminal software version, ensuring the security management and control while improving the user experience and reducing the cost of subsequent upgrade maintenance. Therefore, the present invention has strong industrial applicability.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

L'invention concerne un procédé de gestion et de contrôle de sécurité, un appareil et un système pour un système Android. Le procédé consiste : à recevoir une instruction d'actualisation de politique de gestion et de contrôle de sécurité ou une instruction de mise à niveau de version de logiciel de terminal ; et à envoyer dynamiquement un fichier de politique de gestion et de contrôle de sécurité correspondant ou un fichier de mise à niveau de version de logiciel de terminal correspondant à un dispositif terminal cible en fonction de l'instruction de réglage de politique de gestion et de contrôle de sécurité ou de l'instruction de mise à niveau de version de logiciel de terminal. Dans le procédé de gestion et de contrôle de sécurité fourni par la solution technique de la présente invention, une chaîne complète et forte de confiance est formée à partir de la racine matérielle de confiance au centre du certificat numérique d'un serveur de gestion et de contrôle de sécurité, et au moyen de processus d'interaction fiables entre les modules, la présente invention, par rapport à l'état de la technique, permet d'obtenir l'effet que le logiciel dans un terminal Android ne peut pas être craqué, et peut actualiser de manière flexible la politique de sécurité de terminal, améliore la mise à niveau fiable de la version de logiciel de terminal, garantit la gestion et le contrôle de sécurité et en même temps améliore l'expérience utilisateur, et réduit les coûts de mise à niveau et de maintenance ultérieurs.
PCT/CN2015/074647 2014-11-20 2015-03-19 Procédé de gestion et de contrôle de sécurité, appareil et système pour système android WO2015184891A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410668359.6 2014-11-20
CN201410668359.6A CN105656860A (zh) 2014-11-20 2014-11-20 Android系统的安全管控方法、装置及其系统

Publications (1)

Publication Number Publication Date
WO2015184891A1 true WO2015184891A1 (fr) 2015-12-10

Family

ID=54766116

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/074647 WO2015184891A1 (fr) 2014-11-20 2015-03-19 Procédé de gestion et de contrôle de sécurité, appareil et système pour système android

Country Status (2)

Country Link
CN (1) CN105656860A (fr)
WO (1) WO2015184891A1 (fr)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108540498A (zh) * 2018-06-21 2018-09-14 咪付(广西)网络技术有限公司 一种金融支付中安全策略版本下发的方法和系统
CN110046497A (zh) * 2018-01-16 2019-07-23 腾讯科技(深圳)有限公司 一种函数挂钩实现方法、装置和存储介质
CN110543769A (zh) * 2019-08-29 2019-12-06 武汉大学 一种基于加密tf卡的可信启动方法
CN110764827A (zh) * 2018-07-27 2020-02-07 中标软件有限公司 计算机外围设备的管控系统及方法
CN113297121A (zh) * 2021-06-16 2021-08-24 深信服科技股份有限公司 一种接口管理方法、装置、设备及可读存储介质
CN113495504A (zh) * 2020-03-18 2021-10-12 杭州海康威视数字技术股份有限公司 智能管控设备、监控系统和智能管控方法
CN113591075A (zh) * 2021-07-26 2021-11-02 深信服科技股份有限公司 终端安全管控方法、装置及存储介质
CN113923170A (zh) * 2021-09-30 2022-01-11 深信服科技股份有限公司 一种应用识别管理方法及系统
CN114065180A (zh) * 2021-11-26 2022-02-18 国网宁夏电力有限公司信息通信公司 一种基于可信计算3.0的感知设备安全验证系统

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106384053A (zh) * 2016-09-14 2017-02-08 江苏北弓智能科技有限公司 移动操作系统可信启动方法和装置
CN106845243A (zh) * 2016-12-13 2017-06-13 北京元心科技有限公司 提高启动安全的方法和系统
CN106713030B (zh) * 2016-12-21 2019-11-15 无锡江南计算技术研究所 基于安全管控的软件源管理方法以及软件功能管理系统
CN106775903B (zh) * 2017-02-24 2021-02-09 北京小米移动软件有限公司 安全策略文件更新方法及装置
CN107294962B (zh) * 2017-06-14 2020-09-29 福州汇思博信息技术有限公司 一种配置防火墙安全策略的方法及终端
CN108241798B (zh) * 2017-12-22 2021-04-02 北京车和家信息技术有限公司 防止刷机的方法、装置及系统
CN108710801B (zh) * 2018-05-29 2019-03-22 北京迪诺益佳信息科技有限公司 一种移动应用动态加载代码的行为管控方法
CN109241783B (zh) * 2018-08-14 2021-04-06 中国科学院信息工程研究所 移动终端管控策略的实施方法及装置
CN109409032A (zh) * 2018-10-24 2019-03-01 山东超越数控电子股份有限公司 一种安全关键系统的系统内核安全判断方法
CN112243226A (zh) * 2020-10-14 2021-01-19 广东汉鼎蜂助手网络技术有限公司 一种云sim卡无线网络远程管控方法、系统及服务端装置
CN113901473B (zh) * 2021-09-10 2023-11-03 苏州浪潮智能科技有限公司 一种服务器安全启动的方法、装置、设备及可读介质
CN115134172B (zh) * 2022-08-30 2022-11-25 北京亿赛通科技发展有限责任公司 一种用于终端文件透明加解密的自动配置系统和方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067392A (zh) * 2012-12-28 2013-04-24 中国人民解放军理工大学 一种基于Android终端的安全访问控制方法
CN103646214A (zh) * 2013-12-18 2014-03-19 国家电网公司 一种在配电终端中建立可信环境的方法
CN103729597A (zh) * 2014-01-16 2014-04-16 宇龙计算机通信科技(深圳)有限公司 系统启动校验方法、系统启动校验装置和终端

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103020531B (zh) * 2012-12-06 2015-05-27 中国科学院信息工程研究所 Android智能终端运行环境可信控制方法及系统
CN103560902A (zh) * 2013-10-10 2014-02-05 中兴通讯股份有限公司 服务器、智能终端及其远程管理方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067392A (zh) * 2012-12-28 2013-04-24 中国人民解放军理工大学 一种基于Android终端的安全访问控制方法
CN103646214A (zh) * 2013-12-18 2014-03-19 国家电网公司 一种在配电终端中建立可信环境的方法
CN103729597A (zh) * 2014-01-16 2014-04-16 宇龙计算机通信科技(深圳)有限公司 系统启动校验方法、系统启动校验装置和终端

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110046497A (zh) * 2018-01-16 2019-07-23 腾讯科技(深圳)有限公司 一种函数挂钩实现方法、装置和存储介质
CN108540498A (zh) * 2018-06-21 2018-09-14 咪付(广西)网络技术有限公司 一种金融支付中安全策略版本下发的方法和系统
CN108540498B (zh) * 2018-06-21 2023-05-05 咪付(广西)网络技术有限公司 一种金融支付中安全策略版本下发的方法和系统
CN110764827A (zh) * 2018-07-27 2020-02-07 中标软件有限公司 计算机外围设备的管控系统及方法
CN110764827B (zh) * 2018-07-27 2023-05-30 中标软件有限公司 计算机外围设备的管控系统及方法
CN110543769A (zh) * 2019-08-29 2019-12-06 武汉大学 一种基于加密tf卡的可信启动方法
CN110543769B (zh) * 2019-08-29 2023-09-15 武汉大学 一种基于加密tf卡的可信启动方法
CN113495504B (zh) * 2020-03-18 2023-01-31 杭州海康威视数字技术股份有限公司 智能管控设备、监控系统和智能管控方法
CN113495504A (zh) * 2020-03-18 2021-10-12 杭州海康威视数字技术股份有限公司 智能管控设备、监控系统和智能管控方法
CN113297121A (zh) * 2021-06-16 2021-08-24 深信服科技股份有限公司 一种接口管理方法、装置、设备及可读存储介质
CN113297121B (zh) * 2021-06-16 2024-02-23 深信服科技股份有限公司 一种接口管理方法、装置、设备及可读存储介质
CN113591075A (zh) * 2021-07-26 2021-11-02 深信服科技股份有限公司 终端安全管控方法、装置及存储介质
CN113591075B (zh) * 2021-07-26 2023-11-07 深信服科技股份有限公司 终端安全管控方法、装置及存储介质
CN113923170A (zh) * 2021-09-30 2022-01-11 深信服科技股份有限公司 一种应用识别管理方法及系统
CN114065180A (zh) * 2021-11-26 2022-02-18 国网宁夏电力有限公司信息通信公司 一种基于可信计算3.0的感知设备安全验证系统

Also Published As

Publication number Publication date
CN105656860A (zh) 2016-06-08

Similar Documents

Publication Publication Date Title
WO2015184891A1 (fr) Procédé de gestion et de contrôle de sécurité, appareil et système pour système android
CN108810894B (zh) 终端授权方法、装置、计算机设备和存储介质
US10153906B2 (en) Systems and methods for implementing computer security
CN112417379B (zh) 一种集群许可证管理方法、装置、授权服务器及存储介质
EP3453136B1 (fr) Procédés et appareil d'authentification de dispositif et d'échange sécurisé de données entre une application serveur et un dispositif
US8856544B2 (en) System and method for providing secure virtual machines
US8528062B1 (en) Method and service for securing a system networked to a cloud computing environment from malicious code attacks
US8789037B2 (en) Compatible trust in a computing device
KR101190479B1 (ko) 티켓 인증 보안 설치 및 부트
US8332631B2 (en) Secure software licensing and provisioning using hardware based security engine
US9858422B2 (en) Securely booting a computer from a user trusted device
US20070047735A1 (en) Method, system and computer program for deploying software packages with increased security
US9154299B2 (en) Remote management of endpoint computing device with full disk encryption
CN111414612B (zh) 操作系统镜像的安全保护方法、装置及电子设备
CN109863475A (zh) 一种安全元件中的应用的升级方法及相关设备
US11003435B2 (en) Manifest trialing techniques
US20060150246A1 (en) Program execution control device, OS, client terminal, server, program execution control system, program execution control method and computer program execution control program
WO2016165215A1 (fr) Procédé et appareil pour le chargement de signature de code sur des applications
US20190166123A1 (en) User terminal using cloud service, integrated security management server for user terminal, and integrated security management method for user terminal
JP2009169841A (ja) 情報処理装置および携帯電話装置
US20230119196A1 (en) Information processing apparatus, authenticity verification method, and program
CN111258615A (zh) 工控主机及其软件升级的方法、装置及移动存储介质
KR101711024B1 (ko) 부정조작방지 장치 접근 방법 및 그 방법을 채용한 단말 장치
KR20150030047A (ko) 애플리케이션 인증 방법 및 그 시스템
US20240037216A1 (en) Systems And Methods For Creating Trustworthy Orchestration Instructions Within A Containerized Computing Environment For Validation Within An Alternate Computing Environment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15803017

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15803017

Country of ref document: EP

Kind code of ref document: A1