WO2018049977A1 - Method and device for guaranteeing system security - Google Patents

Method and device for guaranteeing system security Download PDF

Info

Publication number
WO2018049977A1
WO2018049977A1 PCT/CN2017/099338 CN2017099338W WO2018049977A1 WO 2018049977 A1 WO2018049977 A1 WO 2018049977A1 CN 2017099338 W CN2017099338 W CN 2017099338W WO 2018049977 A1 WO2018049977 A1 WO 2018049977A1
Authority
WO
WIPO (PCT)
Prior art keywords
file
specified
security
security configuration
module
Prior art date
Application number
PCT/CN2017/099338
Other languages
French (fr)
Chinese (zh)
Inventor
费立华
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2018049977A1 publication Critical patent/WO2018049977A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Definitions

  • the present application relates to the field of communications, for example, to a method and apparatus for securing a system.
  • IPTV Internet Protocol TV or Interactive Personal TV
  • Broadband network provides various real-time and non-real-time multimedia services to TV, PC, mobile terminals and other users.
  • EPG Electronic Program Guide
  • the hardening strategy in the related technologies is based on the security hardening of the Linux device. That is, the security of the Linux device is hardened, so that the hacker cannot crack the login mode of the Linux device and cannot log in. However, the related security hardening still has risks. Once the login method is not updated for a long time, it is artificially leaked or hacked. Once the hacker can log in to the EPG device, the program can be arbitrarily tampering and deleted.
  • the embodiments of the present disclosure provide a method and apparatus for securing a system to at least solve the problem that the EPG device has a low security level in the related art.
  • a method for securing a system including:
  • the security configuration file includes a file access path
  • the legality check of the detected file operation according to the security configuration file includes:
  • Determining whether the file corresponding to the file operation is located in the file access path wherein, if the file is not located in the file access path, determining that the file operation is a legal operation.
  • the security configuration file further includes a specified file in the file access path, and performs legality check on the detected file operation according to the security configuration file, including:
  • the security configuration file further includes a specified operation process corresponding to the specified file, and determining whether the file corresponding to the file operation is the specified file includes:
  • the method further includes:
  • the update information is loaded into the LKM to form updated security configuration information
  • an apparatus for securing a system including:
  • a loading module configured to load a security configuration file into the dynamically loadable kernel module LKM, wherein the LKM is disposed in a Linux system, wherein the security configuration file includes a legality check for file operations Rule
  • the checking module is configured to perform a legality check on the detected file operation according to the security configuration file, and perform the file operation when determining that the file operation is a legal operation.
  • the checking module is further configured to determine whether a file corresponding to the file operation is located in the file access path, where If the file is not located in the file access path, it is determined that the file operation is a legal operation.
  • the checking module is further configured to determine whether the file corresponding to the file operation is the specified file, where And if the file does not belong to the specified file, determining that the file operation is a legal operation.
  • the checking module is further configured to determine whether the first operation process corresponding to the file operation is the Specifying an operation process, wherein, in a case where the first operation process is the specified operation process, determining that a file operation performed on the specified file by the first operation process is a legal operation.
  • the checking module is configured to trigger an alarm after determining that the file operation is an illegal operation after performing the legality check on the detected file operation according to the security configuration file.
  • the security profile has update information
  • the update information is loaded into the LKM to form updated security configuration information; and the detected security profile is detected according to the updated File operations are checked for legality.
  • a storage medium is also provided.
  • the storage medium is arranged to store program code for performing the following steps:
  • the program code is embodied as computer executable instructions, and the computer executable instructions are Set to perform the above method.
  • the device further includes: a monitoring module configured to monitor the loading module or the checking module, and restart the loading module if an abnormality occurs in the loading module or the checking module Or the inspection module.
  • a monitoring module configured to monitor the loading module or the checking module, and restart the loading module if an abnormality occurs in the loading module or the checking module Or the inspection module.
  • An embodiment of the present disclosure further provides an electronic device, including:
  • At least one processor At least one processor
  • the memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to cause the at least one processor to perform the method described above.
  • a dynamically loadable kernel module LKM is set in the Linux system of the EPG device, and the pre-configured security configuration file is loaded into the LKM.
  • the file operation is performed, the file is first detected according to the security configuration file. Whether the operation is legal. If it is determined that the file operation is legal, the file operation is performed. Otherwise, the above file operation is refused.
  • the problem of low security level of the EPG device in the related technology is solved, and the security of the EPG device is greatly improved.
  • FIG. 1 is a flow chart of a method for securing a system in accordance with an embodiment of the present disclosure
  • FIG. 2 is a schematic diagram of an LKM in accordance with an embodiment of the present disclosure
  • FIG. 3 is a schematic diagram of a file system kernel function rewriting in accordance with an embodiment of the present disclosure
  • FIG. 4 is a schematic flow chart of implementing file tamper prevention according to an embodiment of the present disclosure
  • FIG. 5 is a structural block diagram of an apparatus for securing a system according to an embodiment of the present disclosure
  • FIG. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
  • the technical solution of the present application can be run on an EPG device in an IPTV service system, that is, the technical solution in the application file is executed in a Linux system in the EPG device.
  • FIG. 1 is a flowchart of a method for securing a system according to an embodiment of the present disclosure. As shown in FIG. 1 , the process includes:
  • Step S102 loading the security configuration file into the dynamically loadable kernel module LKM, wherein the LKM is set in the Linux system, wherein the security configuration file includes a rule for checking the legality of the file operation;
  • Step S104 Perform a legality check on the detected file operation according to the security configuration file, and perform the file operation when determining that the file operation is a legal operation.
  • the file operations described in the above steps include modifying files, deleting files, moving files, and the like.
  • the security configuration file includes a file access path, and determines whether the file corresponding to the file operation is located in the file access path, wherein, if the file is not located in the file access path, determining that the file operation is Legal operation.
  • the file access path included in the security configuration file may also be a path that can perform file operations, and other file paths except these paths are not accessible. In fact, this is in addition to the above optional embodiment. There is essentially no difference in the technical solution.
  • the security configuration file further includes a specified file in the file access path, and determines whether the file corresponding to the file operation is the specified file, where the file is determined if the file does not belong to the specified file.
  • the operation is a legal operation.
  • the specified file in the optional embodiment may also be a specified file type, that is, the specified file type in the access path is within the protection scope, and may not be modified by random operations.
  • the security configuration file further includes a specified operation process corresponding to the specified file, and determines whether the first operation process corresponding to the file operation is the specified operation process, where the first operation process is the specified operation.
  • the file operation performed on the specified file by the first operation process is a legal operation. For example, a file in a location on the C drive can be copied and cannot be deleted.
  • the alarm is triggered, and the related alarm log is generated for reference by the user, and the monitoring process is further increased. Monitor whether the above method steps are performed normally and find that the abnormal restart.
  • the update information is loaded into the LKM to form updated security configuration information.
  • the legality check of the detected file operation is performed according to the updated security configuration file.
  • the embodiment of the present disclosure provides a security hardening method for prohibiting malicious tampering.
  • the service implementation provided by the EPG device in the IPTV service system only the specified process is allowed to operate the specified file type or specified file in the specified directory, that is, as long as the EPG device
  • the security hardening program is deployed. Even if the user logs in to the system as the root user, data and file modifications cannot be performed.
  • LKM Linux dynamically loadable kernel module
  • the core technology of this application file is to implement a Linux dynamically loadable kernel module LKM (Loadable Kernel Modules): rewrite the kernel function of the file system.
  • LKM Linux dynamically loadable Kernel Modules
  • the kernel function of the rewriting file system performs the legality check according to the loaded security configuration file rule, and the rule is considered to be a legal file operation, and the original file operation is continued for the legal operation; If the rule is not satisfied, it is considered to be an illegal file operation, and interception and alarm are given.
  • the Linux file system call process is divided into two parts: user space processing and kernel space processing.
  • the user space processing part is the process of system call switching from user mode to kernel mode.
  • the library function enters the 0x80 interrupt after saving the system call number and corresponding parameters. At this point, the processing of the system call in user space is complete.
  • the kernel space processing part is the whole process of system calls handled in the Linux kernel. After the ox80 interrupt handler takes over, it first checks its system call number, then looks up the system call table according to the system call number, and gets the kernel function that handles the system call from the system call table, then passes the parameters and runs the function. At this point the kernel really started processing the system call.
  • LKM Linux kernel module
  • the security configuration file is a criterion for the LKM kernel module to implement file operation security.
  • LKM determines whether the file is allowed to operate according to the configuration in the security configuration file.
  • the security profile can contain the following components:
  • the specified file or specified file type in the specified path included in the program supports wildcards, multiple files or file types are available, and split. Such as: *.jsp, *.jpg.
  • the contents of 1, 2, and 3 can be used: splitting.
  • the configuration in the security profile :
  • LKM can be understood as a custom implementation. Any file operation enters the kernel mode and calls the 0x80 interrupt operation. It will enter the custom program entry in LKM. The custom program will determine whether to allow file operations. If it is not allowed, it will be rejected.
  • FIG. 3 is a schematic diagram of a file system kernel function rewriting according to an embodiment of the present disclosure, as shown in FIG. 3, including the following steps:
  • Step one the user mode has a file operation, enters the kernel state ox80 interrupt call operation, and enters the custom program LKM.
  • Step 2 LKM first determines whether the security configuration content in the LKM memory is empty. If it is empty, the above file operation is allowed, and no restrictions are imposed.
  • Step 3 If it is not empty, and then judge whether the file to be operated is in the security configuration, determine that the logic in the security configuration needs to include the following:
  • Step 4 If the file of the operation is not set in the security configuration, the operation is allowed without any restriction processing.
  • Step 5 If the file of the operation is set in the security configuration, the process name of the file operation is obtained.
  • Step 6 According to the rules set in the security configuration, determine whether the process is allowed to do this operation on the file. If it is allowed, continue the file operation without any restrictions.
  • Step 7 If the operation is not allowed, an alarm is generated and an alarm log is generated.
  • FIG. 4 is a schematic diagram of a process for implementing file tampering according to an embodiment of the present disclosure. As shown in FIG. 4, after the operating system is deployed, the LKM is effective for the security configuration file, and the implementation process of implementing the file tamper-proof is as follows:
  • the tamper-proof program can deploy two processes and one alarm module on the device.
  • the two processes can be defined as the tamper-proof monitoring process and the tamper-resistant security operation process.
  • the process is as follows:
  • Step 1 The anti-tampering program starts two processes, one is a monitoring process, one is used for a security operation process, and the monitoring process monitors a security process. If the security process is suspended or killed, the monitoring starts the security process.
  • Step 2 LKM finds that the file operation is not allowed. When an alarm is to be sent, the message is sent to the security operation process, and the process is sent to the alarm module.
  • Step 3 The security operation process can monitor the security configuration file in real time. If the security configuration file is found to be modified, the security configuration file is considered to be updated.
  • step 4 the security operation process can also periodically read the updated security configuration file content and send the updated content to the LKM.
  • the method according to the above embodiments can be implemented by means of software plus a general hardware platform, and of course, can also be implemented by hardware.
  • the technical solution of the present disclosure which is essential or contributes to the related art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk, CD-ROM).
  • the instructions include a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present disclosure.
  • a device for securing the system is provided, and the device is configured to implement the foregoing embodiments and implementation manners, and details are not described herein.
  • the term "module” may implement a combination of software and/or hardware of a predetermined function.
  • FIG. 5 is a structural block diagram of an apparatus for securing a system according to an embodiment of the present disclosure. As shown in FIG. 5, the apparatus includes:
  • the loading module 52 is configured to load the security configuration file into the dynamically loadable kernel module LKM, wherein the LKM is set in the Linux system, wherein the security configuration file includes rules for checking the legality of the file operation. ;
  • the checking module 54 connected to the loading module 52, is configured to perform a legality check on the detected file operation according to the security configuration file, and perform the file operation when it is determined that the file operation is a legal operation.
  • the checking module 54 is further configured to determine whether the file corresponding to the file operation is located in the file access path, where the file is not located in the file. In the case of an access path, it is determined that the file operation is a legitimate operation.
  • the checking module 54 is further configured to determine whether the file corresponding to the file operation is the specified file, wherein if the file does not belong to the specified file, it is determined that the file operation is a legal operation.
  • the checking module 54 is further configured to determine whether the first operation process corresponding to the file operation is the specified operation process, wherein, in the case that the first operation process is the specified operation process, it is determined that the file operation performed on the specified file by the first operation process is a legal operation.
  • the checking module 54 is configured to trigger an alarm after determining that the file operation is an illegal operation after performing the legality check on the detected file operation according to the security configuration file.
  • the security profile has update information
  • the update information is loaded into the LKM to form updated security configuration information; and the detected file operation is legal according to the updated security profile. Sex check.
  • the device further includes: a monitoring module configured to monitor the loading module or the checking module, and restart the loading module or the checking module if the loading module or the checking module is abnormal.
  • the monitoring module monitors the running state of the loading module or the checking module, that is, the two modules can normally perform the functional steps described in the foregoing embodiments.
  • the above modules may be implemented by software or hardware.
  • the foregoing may be implemented by, but not limited to, the above modules are all located in the same processor; or, the above modules are respectively located in different combinations. In the processor.
  • Embodiments of the present disclosure also provide a storage medium.
  • the foregoing storage medium may be configured to store program code for performing the following steps:
  • S2 Perform a legality check on the detected file operation according to the security configuration file, and perform the file operation when determining that the file operation is a legal operation.
  • the storage medium is a computer readable storage medium storing computer executable instructions arranged to perform the method of any of the above embodiments.
  • the computer readable storage medium may be a transitory computer readable storage medium or a non-transitory computer readable storage medium.
  • the foregoing storage medium may include, but not limited to, a USB flash drive, a Read-Only Memory (ROM), a Random Access Memory (RAM), a mobile hard disk, and a magnetic memory.
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • a mobile hard disk e.g., a hard disk
  • magnetic memory e.g., a hard disk
  • the processor performs the method steps in the foregoing optional embodiment according to the stored program code in the storage medium.
  • the embodiment of the present disclosure further provides a schematic structural diagram of an electronic device.
  • the electronic device includes:
  • At least one processor 60 which is exemplified by a processor 60 in FIG. 6; and a memory 61, may further include a communication interface 62 and a bus 63.
  • the processor 60, the communication interface 62, and the memory 61 can complete communication with each other through the bus 63.
  • Communication interface 62 can be used for information transfer.
  • Processor 60 may invoke logic instructions in memory 61 to perform the methods of the above-described embodiments.
  • logic instructions in the memory 61 described above may be implemented in the form of a software functional unit and sold or used as a stand-alone product, and may be stored in a computer readable storage medium.
  • the memory 61 is used as a computer readable storage medium for storing software programs, computer executable programs, and program instructions/modules corresponding to the methods in the embodiments of the present disclosure.
  • the processor 60 executes the function application and the data processing by running the software program, the instruction and the module stored in the memory 61, that is, the method for securing the system in the above method embodiment.
  • the memory 61 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function; the storage data area may be stored according to the use of the terminal device The data created, etc. Further, the memory 61 may include a high speed random access memory, and may also include a nonvolatile memory.
  • the technical solution of the embodiments of the present disclosure may be embodied in the form of a software product stored in a storage medium, including one or more instructions for causing a computer device (which may be a personal computer, a server, or a network) The device or the like) performs all or part of the steps of the method described in the embodiments of the present disclosure.
  • the foregoing storage medium may be a non-transitory storage medium, including: a USB flash drive, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like.
  • the various modules or steps of the present disclosure described above may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices. Alternatively, they may be calculated
  • the program code executable by the apparatus is implemented such that they may be stored in a storage device by the computing device, and in some cases, the steps shown or described may be performed in an order different than that herein, or They are fabricated separately into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated into a single integrated circuit module.
  • the disclosure is not limited to any specific combination of hardware and software.
  • the method and device for securing the system provided by the present application solve the problem of low security level of the EPG device in the related technology, and greatly improve the security of the EPG device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Automation & Control Theory (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
  • Debugging And Monitoring (AREA)

Abstract

Provided are a method and device for guaranteeing system security. The method comprises: providing a dynamically-loadable kernel module (LKM) in a Linux system of an EPG device; loading a pre-set security configuration file in the LKM; and when executing a file operation, firstly detecting whether a current file operation is legitimate according to the security configuration file, and where it is determined that the file operation is legitimate, executing the current file operation, and where it is determined that the file operation is illegitimate, refusing to execute the file operation. The method and device solves the problem in the relevant art that a security level of an EPG device is low, thereby greatly improving the security of an EPG device.

Description

保障系统安全的方法及装置Method and device for securing system 技术领域Technical field
本申请涉及通信领域,例如涉及一种保障系统安全的方法及装置。The present application relates to the field of communications, for example, to a method and apparatus for securing a system.
背景技术Background technique
交互式网络电视(Internet Protocol TV or Interactive Personal TV,简称为IPTV),是以电视机、电脑及手机设备为显示终端,将机顶盒、计算机或手机设备接入到互联网络,通过互联网络,特别是宽带网络,向TV、PC、移动终端等多种用户提供各种实时、非实时的多媒体业务。Internet Protocol TV or Interactive Personal TV (IPTV) is a display terminal for televisions, computers and mobile devices. It connects set-top boxes, computers or mobile devices to the Internet through the Internet, especially Broadband network provides various real-time and non-real-time multimedia services to TV, PC, mobile terminals and other users.
IPTV系统中一些核心设备都是部署在防火墙内,但是为用户提供服务的电子节目指南(Electronic Program Guide,简称为EPG)设备则必须部署在防火墙外的,经常遭到黑客攻击,导致程序被篡改或者被删除,直接导致IPTV业务异常,无法为用户提供服务。Some core devices in the IPTV system are deployed in the firewall, but the Electronic Program Guide (EPG) device that provides services for users must be deployed outside the firewall, often attacked by hackers, causing the program to be tampered with. Or it is deleted, which directly causes the IPTV service to be abnormal and cannot provide services for users.
相关技术中的加固策略都是基于Linux设备进行安全加固,即对Linux设备的登录方式进行安全加固,使得黑客无法破解Linux设备的登录方式,从而无法登录。但是相关的安全加固还是存在风险,一旦登录方式长期不更新被人为泄露或者被黑客攻破,一旦黑客可以登录到EPG设备上就可以对程序进行任意的篡改、删除。The hardening strategy in the related technologies is based on the security hardening of the Linux device. That is, the security of the Linux device is hardened, so that the hacker cannot crack the login mode of the Linux device and cannot log in. However, the related security hardening still has risks. Once the login method is not updated for a long time, it is artificially leaked or hacked. Once the hacker can log in to the EPG device, the program can be arbitrarily tampering and deleted.
针对相关技术中EPG设备安全级别低的问题,目前还没有有效的解决方案。In view of the low security level of EPG equipment in related technologies, there is currently no effective solution.
发明内容Summary of the invention
本公开实施例提供了一种保障系统安全的方法及装置,以至少解决相关技术中EPG设备安全级别低的问题。The embodiments of the present disclosure provide a method and apparatus for securing a system to at least solve the problem that the EPG device has a low security level in the related art.
根据本公开的一个实施例,提供了一种保障系统安全的方法,包括:According to an embodiment of the present disclosure, a method for securing a system is provided, including:
将安全配置文件加载到可动态加载的内核模块LKM中,其中,所述LKM设置于Linux系统中,其中,所述安全配置文件包括用于对文件操作进行合法性 170575Loading the security profile into the dynamically loadable kernel module LKM, wherein the LKM is set in the Linux system, wherein the security profile includes legality for file operations 170575
检查的规则;Rules of inspection;
依据所述安全配置文件对检测到的文件操作进行合法性检查,在确定所述文件操作为合法操作时,执行所述文件操作。Performing a legality check on the detected file operation according to the security configuration file, and performing the file operation when determining that the file operation is a legal operation.
可选地,所述安全配置文件中包含有文件访问路径;依据所述安全配置文件对检测到的文件操作进行合法性检查,包括:Optionally, the security configuration file includes a file access path, and the legality check of the detected file operation according to the security configuration file includes:
判断所述文件操作所对应的文件是否位于所述文件访问路径,其中,在所述文件未位于所述文件访问路径的情况下,确定所述文件操作为合法操作。Determining whether the file corresponding to the file operation is located in the file access path, wherein, if the file is not located in the file access path, determining that the file operation is a legal operation.
可选地,所述安全配置文件还包含所述文件访问路径下的指定文件,依据所述安全配置文件对检测到的文件操作进行合法性检查,包括:Optionally, the security configuration file further includes a specified file in the file access path, and performs legality check on the detected file operation according to the security configuration file, including:
判断所述文件操作所对应的文件是否为所述指定文件,其中,在所述文件未属于所述指定文件的情况下,确定所述文件操作为合法操作。Determining whether the file corresponding to the file operation is the specified file, wherein if the file does not belong to the specified file, determining that the file operation is a legal operation.
可选地,所述安全配置文件中还包括所述指定文件对应的指定操作进程,判断所述文件操作所对应的文件是否为所述指定文件,包括:Optionally, the security configuration file further includes a specified operation process corresponding to the specified file, and determining whether the file corresponding to the file operation is the specified file includes:
判断所述文件操作所对应的第一操作进程是否为所述指定操作进程,其中,在所述第一操作进程为所述指定操作进程的情况下,确定通过所述第一操作进程对所述指定文件执行的文件操作为合法操作。Determining whether the first operation process corresponding to the file operation is the specified operation process, where the first operation process is the specified operation process, determining that the first operation process is Specifies that the file operation performed by the file is a legal operation.
可选地,依据所述安全配置文件对检测到的文件操作进行合法性检查之后,所述方法还包括:Optionally, after performing the legality check on the detected file operation according to the security configuration file, the method further includes:
在确定所述文件操作为非法操作的情况下,触发告警。In the case where it is determined that the file operation is an illegal operation, an alarm is triggered.
可选地,在所述安全配置文件存在更新信息的情况下,将所述更新信息加载到所述LKM中,形成更新后的安全配置信息;Optionally, if the security profile has update information, the update information is loaded into the LKM to form updated security configuration information;
依据所述更新后的安全配置文件对检测到的文件操作进行合法性检查。Performing a legality check on the detected file operation according to the updated security configuration file.
根据本公开另一个实施例,还提供了一种保障系统安全的装置,包括:According to another embodiment of the present disclosure, an apparatus for securing a system is further provided, including:
加载模块,被配置为将安全配置文件加载到可动态加载的内核模块LKM中,其中,所述LKM设置于Linux系统中,其中,所述安全配置文件包括用于对文件操作进行合法性检查的规则; a loading module configured to load a security configuration file into the dynamically loadable kernel module LKM, wherein the LKM is disposed in a Linux system, wherein the security configuration file includes a legality check for file operations Rule
检查模块,被配置为依据所述安全配置文件对检测到的文件操作进行合法性检查,在确定所述文件操作为合法操作时,执行所述文件操作。The checking module is configured to perform a legality check on the detected file operation according to the security configuration file, and perform the file operation when determining that the file operation is a legal operation.
可选地,在所述安全配置文件中包含有文件访问路径的情况下,所述检查模块还被配置为判断所述文件操作所对应的文件是否位于所述文件访问路径,其中,在所述文件未位于所述文件访问路径的情况下,确定所述文件操作为合法操作。Optionally, in a case that the security configuration file includes a file access path, the checking module is further configured to determine whether a file corresponding to the file operation is located in the file access path, where If the file is not located in the file access path, it is determined that the file operation is a legal operation.
可选地,在所述安全配置文件还包含所述文件访问路径下的指定文件的情况下,所述检查模块还被配置为判断所述文件操作所对应的文件是否为所述指定文件,其中,在所述文件未属于所述指定文件的情况下,确定所述文件操作为合法操作。Optionally, in a case that the security profile further includes a specified file in the file access path, the checking module is further configured to determine whether the file corresponding to the file operation is the specified file, where And if the file does not belong to the specified file, determining that the file operation is a legal operation.
可选地,在所述安全配置文件中还包括所述指定文件对应的指定操作进程的情况下,所述检查模块还被配置为判断所述文件操作所对应的第一操作进程是否为所述指定操作进程,其中,在所述第一操作进程为所述指定操作进程的情况下,确定通过所述第一操作进程对所述指定文件执行的文件操作为合法操作。Optionally, in the case that the security configuration file further includes a specified operation process corresponding to the specified file, the checking module is further configured to determine whether the first operation process corresponding to the file operation is the Specifying an operation process, wherein, in a case where the first operation process is the specified operation process, determining that a file operation performed on the specified file by the first operation process is a legal operation.
可选地,所述检查模块被配置为依据所述安全配置文件对检测到的文件操作进行合法性检查之后,在确定所述文件操作为非法操作的情况下,触发告警。Optionally, the checking module is configured to trigger an alarm after determining that the file operation is an illegal operation after performing the legality check on the detected file operation according to the security configuration file.
可选地,在所述安全配置文件存在更新信息的情况下,将所述更新信息加载到所述LKM中,形成更新后的安全配置信息;依据所述更新后的安全配置文件对检测到的文件操作进行合法性检查。Optionally, if the security profile has update information, the update information is loaded into the LKM to form updated security configuration information; and the detected security profile is detected according to the updated File operations are checked for legality.
根据本公开的又一个实施例,还提供了一种存储介质。该存储介质设置为存储用于执行以下步骤的程序代码:According to still another embodiment of the present disclosure, a storage medium is also provided. The storage medium is arranged to store program code for performing the following steps:
将安全配置文件加载到可动态加载的内核模块LKM中,其中,所述LKM设置于Linux系统中,其中,所述安全配置文件包括用于对文件操作进行合法性检查的规则;Loading the security configuration file into the dynamically loadable kernel module LKM, wherein the LKM is set in the Linux system, wherein the security configuration file includes rules for checking the legality of the file operation;
依据所述安全配置文件对检测到的文件操作进行合法性检查,在确定所述文件操作为合法操作时,执行所述文件操作。Performing a legality check on the detected file operation according to the security configuration file, and performing the file operation when determining that the file operation is a legal operation.
通常,所述程序代码体现为计算机可执行指令,所述计算机可执行指令设 置为执行上述方法。Typically, the program code is embodied as computer executable instructions, and the computer executable instructions are Set to perform the above method.
可选地,所述装置还包括:监控模块,被配置为监控所述加载模块或者所述检查模块,并在所述加载模块或者所述检查模块出现异常的情况下,重新启动所述加载模块或者所述检查模块。Optionally, the device further includes: a monitoring module configured to monitor the loading module or the checking module, and restart the loading module if an abnormality occurs in the loading module or the checking module Or the inspection module.
本公开实施例还提供了一种电子设备,包括:An embodiment of the present disclosure further provides an electronic device, including:
至少一个处理器;以及At least one processor;
与所述至少一个处理器通信连接的存储器;其中,a memory communicatively coupled to the at least one processor; wherein
所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器执行上述的方法。The memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to cause the at least one processor to perform the method described above.
通过本公开,在EPG设备的Linux系统中设置有可动态加载的内核模块LKM,将预先设置好的安全配置文件加载到LKM中,在执行文件操作时,先依据上述安全配置文件检测本次文件操作是否合法,在确定文件操作是合法的情况下,执行本次文件操作,否则拒绝执行上述文件操作。解决了相关技术中EPG设备安全级别低的问题,大幅提升了EPG设备的安全性。Through the disclosure, a dynamically loadable kernel module LKM is set in the Linux system of the EPG device, and the pre-configured security configuration file is loaded into the LKM. When the file operation is performed, the file is first detected according to the security configuration file. Whether the operation is legal. If it is determined that the file operation is legal, the file operation is performed. Otherwise, the above file operation is refused. The problem of low security level of the EPG device in the related technology is solved, and the security of the EPG device is greatly improved.
附图概述BRIEF abstract
此处所说明的附图用来提供对本公开的理解,构成本申请的一部分,本公开的示意性实施例及其说明用于解释本公开,并不构成对本公开的不当限定。在附图中:The drawings described herein are intended to provide an understanding of the present disclosure, and are intended to be a part of the present disclosure. In the drawing:
图1是根据本公开实施例的一种保障系统安全的方法流程图;1 is a flow chart of a method for securing a system in accordance with an embodiment of the present disclosure;
图2是根据本公开实施例中的LKM的示意图;2 is a schematic diagram of an LKM in accordance with an embodiment of the present disclosure;
图3是根据本公开实施例中文件系统内核函数重写示意图;3 is a schematic diagram of a file system kernel function rewriting in accordance with an embodiment of the present disclosure;
图4是根据本公开实施例的实现文件防篡改的流程示意图;4 is a schematic flow chart of implementing file tamper prevention according to an embodiment of the present disclosure;
图5是根据本公开实施例的保障系统安全的装置的结构框图;以及5 is a structural block diagram of an apparatus for securing a system according to an embodiment of the present disclosure;
图6是根据本公开实施例的电子设备的结构示意图。 FIG. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
具体实施方式detailed description
下文中将参考附图并结合实施例来详细说明本公开。在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。The present disclosure will be described in detail below with reference to the drawings in conjunction with the embodiments. The embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
本公开的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。The terms "first", "second" and the like in the specification and claims of the present disclosure and the above-mentioned figures are used to distinguish similar objects, and are not necessarily used to describe a particular order or order.
实施例1Example 1
本申请文件的技术方案可以运行于IPTV业务系统中的EPG设备,即在EPG设备中的Linux系统中执行该申请文件中的技术方案。The technical solution of the present application can be run on an EPG device in an IPTV service system, that is, the technical solution in the application file is executed in a Linux system in the EPG device.
图1是根据本公开实施例的一种保障系统安全的方法流程图,如图1所示,该流程包括:FIG. 1 is a flowchart of a method for securing a system according to an embodiment of the present disclosure. As shown in FIG. 1 , the process includes:
步骤S102,将安全配置文件加载到可动态加载的内核模块LKM中,其中,该LKM设置于Linux系统中,其中,该安全配置文件包括用于对文件操作进行合法性检查的规则;Step S102, loading the security configuration file into the dynamically loadable kernel module LKM, wherein the LKM is set in the Linux system, wherein the security configuration file includes a rule for checking the legality of the file operation;
步骤S104,依据该安全配置文件对检测到的文件操作进行合法性检查,在确定该文件操作为合法操作时,执行该文件操作。Step S104: Perform a legality check on the detected file operation according to the security configuration file, and perform the file operation when determining that the file operation is a legal operation.
上述步骤中记载的文件操作包括修改文件,删除文件,移动文件等等。The file operations described in the above steps include modifying files, deleting files, moving files, and the like.
可选地,该安全配置文件中包含有文件访问路径,判断该文件操作所对应的文件是否位于该文件访问路径,其中,在该文件未位于该文件访问路径的情况下,确定该文件操作为合法操作。Optionally, the security configuration file includes a file access path, and determines whether the file corresponding to the file operation is located in the file access path, wherein, if the file is not located in the file access path, determining that the file operation is Legal operation.
在一个可选实施例中,也可以设置安全配置文件中包含的文件访问路径是可以执行文件操作的路径,除这些路径外的其他文件路径都不可以访问,其实这跟上面的可选实施例中的技术方案本质上没有什么区别。In an optional embodiment, the file access path included in the security configuration file may also be a path that can perform file operations, and other file paths except these paths are not accessible. In fact, this is in addition to the above optional embodiment. There is essentially no difference in the technical solution.
可选地,该安全配置文件还包含该文件访问路径下的指定文件,判断该文件操作所对应的文件是否为该指定文件,其中,在该文件未属于该指定文件的情况下,确定该文件操作为合法操作。该可选实施例中的指定文件还可以是指定文件类型,即在该访问路径中的指定文件类型都在保护范围内,都不可以被随意的操作修改。 Optionally, the security configuration file further includes a specified file in the file access path, and determines whether the file corresponding to the file operation is the specified file, where the file is determined if the file does not belong to the specified file. The operation is a legal operation. The specified file in the optional embodiment may also be a specified file type, that is, the specified file type in the access path is within the protection scope, and may not be modified by random operations.
可选地,该安全配置文件中还包括该指定文件对应的指定操作进程,判断该文件操作所对应的第一操作进程是否为该指定操作进程,其中,在该第一操作进程为该指定操作进程的情况下,确定通过该第一操作进程对该指定文件执行的文件操作为合法操作。例如,在C盘某一位置中的文件可以被复制,不可以被删除。Optionally, the security configuration file further includes a specified operation process corresponding to the specified file, and determines whether the first operation process corresponding to the file operation is the specified operation process, where the first operation process is the specified operation In the case of a process, it is determined that the file operation performed on the specified file by the first operation process is a legal operation. For example, a file in a location on the C drive can be copied and cannot be deleted.
对于上述三个可选实施例中的技术方案,分别是列举了三种合法性检测的详细情况。For the technical solutions in the above three alternative embodiments, the details of the three legality detections are respectively listed.
可选地,依据该安全配置文件对检测到的文件操作进行合法性检查之后,在确定该文件操作为非法操作的情况下,触发告警,并生成相关告警日志供用户参考,另增加监控进程,监控上述方法步骤是否正常执行,发现异常重新启动。Optionally, after performing the legality check on the detected file operation according to the security configuration file, if it is determined that the file operation is illegal, the alarm is triggered, and the related alarm log is generated for reference by the user, and the monitoring process is further increased. Monitor whether the above method steps are performed normally and find that the abnormal restart.
可选地,在该安全配置文件存在更新信息的情况下,将该更新信息加载到该LKM中,形成更新后的安全配置信息;Optionally, if the security profile has update information, the update information is loaded into the LKM to form updated security configuration information.
依据该更新后的安全配置文件对检测到的文件操作进行合法性检查。The legality check of the detected file operation is performed according to the updated security configuration file.
下面结合本公开实施例进行详细说明。The details are described below in conjunction with the embodiments of the present disclosure.
本公开实施例提供一种禁止恶意篡改的安全加固方法,根据IPTV业务系统中EPG设备提供的业务实现,只允许指定进程操作指定目录下的指定文件类型或者指定文件,也就是说,只要EPG设备上部署了该安全加固程序,即使用户以root用户登录系统,也无法进行数据、文件的修改。The embodiment of the present disclosure provides a security hardening method for prohibiting malicious tampering. According to the service implementation provided by the EPG device in the IPTV service system, only the specified process is allowed to operate the specified file type or specified file in the specified directory, that is, as long as the EPG device The security hardening program is deployed. Even if the user logs in to the system as the root user, data and file modifications cannot be performed.
本公开实施例中采用以下技术方案,使用事件触发技术,实现一个Linux可动态加载的内核模块LKM(Loadable Kernel Modules):重写文件系统的内核函数,对文件系统的操作进行修改时,先进行合法性检查,对于非法操作进行告警和拒绝,对于合法的操作继续原有的文件操作,以实现程序防篡改。The following technical solutions are adopted in the embodiment of the present disclosure, and an event triggering technology is used to implement a Linux dynamically loadable kernel module LKM (Loadable Kernel Modules): rewriting the kernel function of the file system, when modifying the operation of the file system, first Check the legality, alarm and reject the illegal operation, and continue the original file operation for the legal operation to implement the program tamper-proof.
本申请文件的核心技术在于实现一个Linux可动态加载的内核模块LKM(Loadable Kernel Modules):重写文件系统的内核函数。用户对文件系统的操作进行修改时,重写文件系统的内核函数根据加载的安全配置文件规则进行合法性检查,满足规则则认为是合法的文件操作,对于合法的操作继续原有的文件操作;不满足规则则认为是不合法的文件操作,给予拦截和告警。 The core technology of this application file is to implement a Linux dynamically loadable kernel module LKM (Loadable Kernel Modules): rewrite the kernel function of the file system. When the user modifies the operation of the file system, the kernel function of the rewriting file system performs the legality check according to the loaded security configuration file rule, and the rule is considered to be a legal file operation, and the original file operation is continued for the legal operation; If the rule is not satisfied, it is considered to be an illegal file operation, and interception and alarm are given.
以下是本公开实施例中的实施方式。The following are embodiments in the embodiments of the present disclosure.
首先介绍Linux的文件系统调用过程,Linux的文件系统调用过程分为2个部分:用户空间的处理和内核空间的处理。First, the Linux file system call process is introduced. The Linux file system call process is divided into two parts: user space processing and kernel space processing.
用户空间处理部分是系统调用从用户态切换到内核态的过程。当系统调用发生时,库函数在保存该系统调用号和相应参数后,进入0x80中断。这时系统调用在用户空间的处理就完成了。The user space processing part is the process of system call switching from user mode to kernel mode. When the system call occurs, the library function enters the 0x80 interrupt after saving the system call number and corresponding parameters. At this point, the processing of the system call in user space is complete.
内核空间处理部分则是系统调用在Linux内核中处理的整个过程。ox80中断处理程序接管执行后,先检查其系统调用号,然后根据系统调用号查找系统调用表,并从系统调用表中得到处理该系统调用的内核函数,之后传递参数并运行此函数。至此内核真正开始处理该系统调用。The kernel space processing part is the whole process of system calls handled in the Linux kernel. After the ox80 interrupt handler takes over, it first checks its system call number, then looks up the system call table according to the system call number, and gets the kernel function that handles the system call from the system call table, then passes the parameters and runs the function. At this point the kernel really started processing the system call.
其次介绍Linux可动态加载的内核模块LKM(Loadable Kernel Modules)实现安全配置文件。图2是根据本公开实施例中的LKM的示意图。安全配置文件是LKM内核模块实现文件操作安全性的判断准则,LKM按照安全配置文件中的配置来判断文件是否允许操作的。Secondly, the Linux kernel module LKM (Loadable Kernel Modules) can be used to implement the security configuration file. 2 is a schematic diagram of an LKM in accordance with an embodiment of the present disclosure. The security configuration file is a criterion for the LKM kernel module to implement file operation security. LKM determines whether the file is allowed to operate according to the configuration in the security configuration file.
安全配置文件可以包含如下组成:The security profile can contain the following components:
1、程序保护的指定全路径。1. The specified full path of program protection.
2、程序包含的指定路径下的指定文件或者指定文件类型,支持通配符,多个文件或文件类型可用,分割。如:*.jsp,*.jpg。2. The specified file or specified file type in the specified path included in the program supports wildcards, multiple files or file types are available, and split. Such as: *.jsp, *.jpg.
3、允许文件操作的进程名称,可配置多个进程,用,分割。如/bin/cp,/usr/bin/vi。3. The name of the process that allows file operations. Multiple processes can be configured, used, and split. Such as /bin/cp, /usr/bin/vi.
其中1、2、3中的内容可以使用:进行分割。例如安全配置文件中配置:The contents of 1, 2, and 3 can be used: splitting. For example, the configuration in the security profile:
/home/test:*.jsp,*.jpg:/bin/cp,/usr/bin/vi/home/test:*.jsp,*.jpg:/bin/cp, /usr/bin/vi
依据上述设定,可以得出上述语句表示/home/test目录下以jsp和jpg结尾的文件只允许/bin/cp,/usr/bin/vi进程操作,其他进程均不能操作。According to the above settings, it can be concluded that the file ending with jsp and jpg in the /home/test directory only allows /bin/cp, /usr/bin/vi process operation, and other processes cannot operate.
再介绍可动态加载的内核模块LKM,LKM可理解成一种自定义实现。任何的文件操作进入内核态调用0x80中断操作,会进入LKM中自定义程序入口,自定义程序要判断是否允许执行文件操作,如果不是允许操作,则直接拒绝。Introducing the dynamically loadable kernel module LKM, LKM can be understood as a custom implementation. Any file operation enters the kernel mode and calls the 0x80 interrupt operation. It will enter the custom program entry in LKM. The custom program will determine whether to allow file operations. If it is not allowed, it will be rejected.
下面将重点介绍该公开的核心技术,即Linux可动态加载的内核模块LKM 重写文件系统的内核函数时重写的实现以及安全配置文件的部署和生效。The following focuses on the core technology of the disclosure, namely Linux dynamically loadable kernel module LKM The implementation of rewriting the kernel function of the file system and the deployment and validation of the security configuration file.
图3是根据本公开实施例中文件系统内核函数重写示意图,如图3所示,包括以下步骤:3 is a schematic diagram of a file system kernel function rewriting according to an embodiment of the present disclosure, as shown in FIG. 3, including the following steps:
步骤一,用户态有进行文件操作,进入内核态的ox80中断调用操作,进入自定义程序LKM。Step one, the user mode has a file operation, enters the kernel state ox80 interrupt call operation, and enters the custom program LKM.
步骤二,LKM首先判断LKM内存中的安全配置内容是否为空,若为空,则允许上述文件操作,不做任何限制。Step 2: LKM first determines whether the security configuration content in the LKM memory is empty. If it is empty, the above file operation is allowed, and no restrictions are imposed.
步骤三,若不为空,再判断要操作的文件是否在安全配置中,判定在安全配置中的逻辑需同时包括下面几个:Step 3: If it is not empty, and then judge whether the file to be operated is in the security configuration, determine that the logic in the security configuration needs to include the following:
1)在安全配置的指定目录下;1) Under the specified directory of the security configuration;
2)是安全配置的指定文件类型或者指定文件;2) is the specified file type or specified file of the security configuration;
步骤四,操作的文件在安全配置中没有设置,则允许操作,不做任何限制处理。Step 4: If the file of the operation is not set in the security configuration, the operation is allowed without any restriction processing.
步骤五,操作的文件在安全配置中有设置,则获取文件操作的进程名称。Step 5: If the file of the operation is set in the security configuration, the process name of the file operation is obtained.
步骤六,根据安全配置中设置的规则判断,此进程是否被允许对此文件做此操作,若允许,则继续文件操作,不做任何限制。Step 6. According to the rules set in the security configuration, determine whether the process is allowed to do this operation on the file. If it is allowed, continue the file operation without any restrictions.
步骤七,若不允许操作,则触发告警,生成告警日志。Step 7: If the operation is not allowed, an alarm is generated and an alarm log is generated.
图4是根据本公开实施例的实现文件防篡改的流程示意图,如图4所示,安全配置文件在操作系统部署后,LKM对安全配置文件生效,实现文件防篡改的实现流程如下:FIG. 4 is a schematic diagram of a process for implementing file tampering according to an embodiment of the present disclosure. As shown in FIG. 4, after the operating system is deployed, the LKM is effective for the security configuration file, and the implementation process of implementing the file tamper-proof is as follows:
防篡改程序可以在设备上部署2个进程和1个告警模块,2个进程可分别定义为防篡改监控进程和防篡改安全操作进程。流程如下:The tamper-proof program can deploy two processes and one alarm module on the device. The two processes can be defined as the tamper-proof monitoring process and the tamper-resistant security operation process. The process is as follows:
步骤一,防篡改程序启动2个进程,一个是监控进程,一个用于安全操作进程,监控进程监控安全进程,如果安全进程挂起或被kill,监控将安全进程启动起来。Step 1. The anti-tampering program starts two processes, one is a monitoring process, one is used for a security operation process, and the monitoring process monitors a security process. If the security process is suspended or killed, the monitoring starts the security process.
步骤二,LKM发现不允许的文件操作,要进行告警时,发送消息给安全操作进程,此进程再发送给告警模块。 Step 2: LKM finds that the file operation is not allowed. When an alarm is to be sent, the message is sent to the security operation process, and the process is sent to the alarm module.
步骤三,安全操作进程可实时监控安全配置文件,如果发现安全配置文件有修改,则认为安全配置文件有更新。Step 3: The security operation process can monitor the security configuration file in real time. If the security configuration file is found to be modified, the security configuration file is considered to be updated.
步骤四,安全操作进程也可定时读取更新的安全配置文件内容,并发送更新后的内容给LKM。In step 4, the security operation process can also periodically read the updated security configuration file content and send the updated content to the LKM.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到根据上述实施例的方法可借助软件加通用硬件平台的方式来实现,当然也可以通过硬件来实现。基于这样的理解,本公开的技术方案本质上或者说对相关技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本公开各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by means of software plus a general hardware platform, and of course, can also be implemented by hardware. Based on such understanding, the technical solution of the present disclosure, which is essential or contributes to the related art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk, CD-ROM). The instructions include a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present disclosure.
实施例2Example 2
在本实施例中还提供了一种保障系统安全的装置,该装置被配置为实现上述实施例及实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。In the embodiment, a device for securing the system is provided, and the device is configured to implement the foregoing embodiments and implementation manners, and details are not described herein. As used below, the term "module" may implement a combination of software and/or hardware of a predetermined function. Although the devices described in the following embodiments are implemented in software, hardware, or a combination of software and hardware, is also possible and conceivable.
图5是根据本公开实施例的保障系统安全的装置的结构框图,如图5所示,该装置包括:FIG. 5 is a structural block diagram of an apparatus for securing a system according to an embodiment of the present disclosure. As shown in FIG. 5, the apparatus includes:
加载模块52,被配置为将安全配置文件加载到可动态加载的内核模块LKM中,其中,该LKM设置于Linux系统中,其中,该安全配置文件包括用于对文件操作进行合法性检查的规则;The loading module 52 is configured to load the security configuration file into the dynamically loadable kernel module LKM, wherein the LKM is set in the Linux system, wherein the security configuration file includes rules for checking the legality of the file operation. ;
检查模块54,连接至该加载模块52,被配置为依据该安全配置文件对检测到的文件操作进行合法性检查,在确定该文件操作为合法操作时,执行该文件操作。The checking module 54, connected to the loading module 52, is configured to perform a legality check on the detected file operation according to the security configuration file, and perform the file operation when it is determined that the file operation is a legal operation.
可选地,在该安全配置文件中包含有文件访问路径情况下,该检查模块54还被配置为判断该文件操作所对应的文件是否位于该文件访问路径,其中,在该文件未位于该文件访问路径的情况下,确定该文件操作为合法操作。Optionally, in a case that the security configuration file includes a file access path, the checking module 54 is further configured to determine whether the file corresponding to the file operation is located in the file access path, where the file is not located in the file. In the case of an access path, it is determined that the file operation is a legitimate operation.
可选地,在该安全配置文件还包含该文件访问路径下的指定文件的情况下, 该检查模块54还被配置为判断该文件操作所对应的文件是否为该指定文件,其中,在该文件未属于该指定文件的情况下,确定该文件操作为合法操作。Optionally, in the case that the security profile further includes a specified file under the file access path, The checking module 54 is further configured to determine whether the file corresponding to the file operation is the specified file, wherein if the file does not belong to the specified file, it is determined that the file operation is a legal operation.
可选地,在该安全配置文件中还包括该指定文件对应的指定操作进程的情况下,该检查模块54还被配置为判断该文件操作所对应的第一操作进程是否为该指定操作进程,其中,在该第一操作进程为该指定操作进程的情况下,确定通过该第一操作进程对该指定文件执行的文件操作为合法操作。Optionally, in the case that the security operation file further includes a specified operation process corresponding to the specified file, the checking module 54 is further configured to determine whether the first operation process corresponding to the file operation is the specified operation process, Wherein, in the case that the first operation process is the specified operation process, it is determined that the file operation performed on the specified file by the first operation process is a legal operation.
可选地,该检查模块54被配置为依据该安全配置文件对检测到的文件操作进行合法性检查之后,在确定该文件操作为非法操作的情况下,触发告警。Optionally, the checking module 54 is configured to trigger an alarm after determining that the file operation is an illegal operation after performing the legality check on the detected file operation according to the security configuration file.
可选地,在该安全配置文件存在更新信息的情况下,将该更新信息加载到该LKM中,形成更新后的安全配置信息;依据该更新后的安全配置文件对检测到的文件操作进行合法性检查。Optionally, if the security profile has update information, the update information is loaded into the LKM to form updated security configuration information; and the detected file operation is legal according to the updated security profile. Sex check.
可选地,该装置还包括:监控模块,被配置为监控该加载模块或者该检查模块,并在该加载模块或者该检查模块出现异常的情况下,重新启动该加载模块或者该检查模块。该监控模块监控的是加载模块或者检查模块的运行状态,即两个模块可以正常执行上述实施例中记载的功能步骤。Optionally, the device further includes: a monitoring module configured to monitor the loading module or the checking module, and restart the loading module or the checking module if the loading module or the checking module is abnormal. The monitoring module monitors the running state of the loading module or the checking module, that is, the two modules can normally perform the functional steps described in the foregoing embodiments.
上述各个模块是可以通过软件或硬件来实现的,对于后者,可以通过以下方式实现,但不限于此:上述模块均位于同一处理器中;或者,上述各个模块以任意组合的形式分别位于不同的处理器中。The above modules may be implemented by software or hardware. For the latter, the foregoing may be implemented by, but not limited to, the above modules are all located in the same processor; or, the above modules are respectively located in different combinations. In the processor.
实施例3Example 3
本公开的实施例还提供了一种存储介质。可选地,在本实施例中,上述存储介质可以被设置为存储用于执行以下步骤的程序代码:Embodiments of the present disclosure also provide a storage medium. Optionally, in the embodiment, the foregoing storage medium may be configured to store program code for performing the following steps:
S1,将安全配置文件加载到可动态加载的内核模块LKM中,其中,该LKM设置于Linux系统中,其中,该安全配置文件包括用于对文件操作进行合法性检查的规则;S1, loading the security configuration file into the dynamically loadable kernel module LKM, wherein the LKM is set in the Linux system, wherein the security configuration file includes a rule for checking the legality of the file operation;
S2,依据该安全配置文件对检测到的文件操作进行合法性检查,在确定该文件操作为合法操作时,执行该文件操作。S2: Perform a legality check on the detected file operation according to the security configuration file, and perform the file operation when determining that the file operation is a legal operation.
可选地,所述存储介质为计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令设置为执行上述任一实施例中的方法。 Optionally, the storage medium is a computer readable storage medium storing computer executable instructions arranged to perform the method of any of the above embodiments.
所述计算机可读存储介质可以是暂态计算机可读存储介质,也可以是非暂态计算机可读存储介质。The computer readable storage medium may be a transitory computer readable storage medium or a non-transitory computer readable storage medium.
可选地,在本实施例中,上述存储介质可以包括但不限于:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。Optionally, in this embodiment, the foregoing storage medium may include, but not limited to, a USB flash drive, a Read-Only Memory (ROM), a Random Access Memory (RAM), a mobile hard disk, and a magnetic memory. A variety of media that can store program code, such as a disc or a disc.
可选地,在本实施例中,处理器根据存储介质中已存储的程序代码执行上述可选实施例中的方法步骤。Optionally, in this embodiment, the processor performs the method steps in the foregoing optional embodiment according to the stored program code in the storage medium.
可选地,本实施例中的示例可以参考上述实施例及可选实施方式中所描述的示例,本实施例在此不再赘述。For example, the examples in this embodiment may refer to the examples described in the foregoing embodiments and the optional embodiments, and details are not described herein again.
本公开实施例还提供了一种电子设备的结构示意图。参见图6,该电子设备包括:The embodiment of the present disclosure further provides a schematic structural diagram of an electronic device. Referring to FIG. 6, the electronic device includes:
至少一个处理器(processor)60,图6中以一个处理器60为例;和存储器(memory)61,还可以包括通信接口(Communications Interface)62和总线63。其中,处理器60、通信接口62、存储器61可以通过总线63完成相互间的通信。通信接口62可以用于信息传输。处理器60可以调用存储器61中的逻辑指令,以执行上述实施例的方法。At least one processor 60, which is exemplified by a processor 60 in FIG. 6; and a memory 61, may further include a communication interface 62 and a bus 63. The processor 60, the communication interface 62, and the memory 61 can complete communication with each other through the bus 63. Communication interface 62 can be used for information transfer. Processor 60 may invoke logic instructions in memory 61 to perform the methods of the above-described embodiments.
此外,上述的存储器61中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。Furthermore, the logic instructions in the memory 61 described above may be implemented in the form of a software functional unit and sold or used as a stand-alone product, and may be stored in a computer readable storage medium.
存储器61作为一种计算机可读存储介质,可用于存储软件程序、计算机可执行程序,如本公开实施例中的方法对应的程序指令/模块。处理器60通过运行存储在存储器61中的软件程序、指令以及模块,从而执行功能应用以及数据处理,即实现上述方法实施例中的保障系统安全的方法。The memory 61 is used as a computer readable storage medium for storing software programs, computer executable programs, and program instructions/modules corresponding to the methods in the embodiments of the present disclosure. The processor 60 executes the function application and the data processing by running the software program, the instruction and the module stored in the memory 61, that is, the method for securing the system in the above method embodiment.
存储器61可包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序;存储数据区可存储根据终端设备的使用 所创建的数据等。此外,存储器61可以包括高速随机存取存储器,还可以包括非易失性存储器。The memory 61 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function; the storage data area may be stored according to the use of the terminal device The data created, etc. Further, the memory 61 may include a high speed random access memory, and may also include a nonvolatile memory.
本公开实施例的技术方案可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括一个或多个指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本公开实施例所述方法的全部或部分步骤。而前述的存储介质可以是非暂态存储介质,包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等多种可以存储程序代码的介质,也可以是暂态存储介质。The technical solution of the embodiments of the present disclosure may be embodied in the form of a software product stored in a storage medium, including one or more instructions for causing a computer device (which may be a personal computer, a server, or a network) The device or the like) performs all or part of the steps of the method described in the embodiments of the present disclosure. The foregoing storage medium may be a non-transitory storage medium, including: a USB flash drive, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like. A medium that can store program code, or a transitory storage medium.
上述的本公开的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本公开不限制于任何特定的硬件和软件结合。The various modules or steps of the present disclosure described above may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices. Alternatively, they may be calculated The program code executable by the apparatus is implemented such that they may be stored in a storage device by the computing device, and in some cases, the steps shown or described may be performed in an order different than that herein, or They are fabricated separately into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated into a single integrated circuit module. As such, the disclosure is not limited to any specific combination of hardware and software.
以上所述仅为本公开的实施例而已,并不用于限制本公开,对于本领域的技术人员来说,本公开可以有各种更改和变化。凡在本公开实施例的范围之内,所作的任何修改、等同替换、改进等,均应包含在本公开的保护范围之内。The above description is only for the embodiments of the present disclosure, and is not intended to limit the disclosure, and various changes and modifications may be made to the present disclosure. Any modifications, equivalent substitutions, improvements, etc., made within the scope of the present disclosure are intended to be included within the scope of the present disclosure.
工业实用性Industrial applicability
本申请提供的保障系统安全的方法及装置,解决了相关技术中EPG设备安全级别低的问题,大幅提升了EPG设备的安全性。 The method and device for securing the system provided by the present application solve the problem of low security level of the EPG device in the related technology, and greatly improve the security of the EPG device.

Claims (14)

  1. 一种保障系统安全的方法,包括:A method of securing a system, including:
    将安全配置文件加载到可动态加载的内核模块LKM中,其中,所述LKM设置于Linux系统中,其中,所述安全配置文件包括用于对文件操作进行合法性检查的规则;Loading the security configuration file into the dynamically loadable kernel module LKM, wherein the LKM is set in the Linux system, wherein the security configuration file includes rules for checking the legality of the file operation;
    依据所述安全配置文件对检测到的文件操作进行合法性检查,在确定所述文件操作为合法操作时,执行所述文件操作。Performing a legality check on the detected file operation according to the security configuration file, and performing the file operation when determining that the file operation is a legal operation.
  2. 根据权利要求1所述的方法,其中,所述安全配置文件中包含有文件访问路径;依据所述安全配置文件对检测到的文件操作进行合法性检查,包括:The method of claim 1, wherein the security profile includes a file access path; and the legality check of the detected file operation according to the security profile includes:
    判断所述文件操作所对应的文件是否位于所述文件访问路径,其中,在所述文件未位于所述文件访问路径的情况下,确定所述文件操作为合法操作。Determining whether the file corresponding to the file operation is located in the file access path, wherein, if the file is not located in the file access path, determining that the file operation is a legal operation.
  3. 根据权利要求2所述的方法,其中,所述安全配置文件还包含所述文件访问路径下的指定文件,依据所述安全配置文件对检测到的文件操作进行合法性检查,包括:The method of claim 2, wherein the security profile further includes a specified file in the file access path, and the legality check of the detected file operation according to the security profile includes:
    判断所述文件操作所对应的文件是否为所述指定文件,其中,在所述文件未属于所述指定文件的情况下,确定所述文件操作为合法操作。Determining whether the file corresponding to the file operation is the specified file, wherein if the file does not belong to the specified file, determining that the file operation is a legal operation.
  4. 根据权利要求3所述的方法,其中,所述安全配置文件中还包括所述指定文件对应的指定操作进程,判断所述文件操作所对应的文件是否为所述指定文件,包括:The method of claim 3, wherein the security configuration file further includes a specified operation process corresponding to the specified file, and determining whether the file corresponding to the file operation is the specified file includes:
    判断所述文件操作所对应的第一操作进程是否为所述指定操作进程,其中,在所述第一操作进程为所述指定操作进程的情况下,确定通过所述第一操作进程对所述指定文件执行的文件操作为合法操作。 Determining whether the first operation process corresponding to the file operation is the specified operation process, where the first operation process is the specified operation process, determining that the first operation process is Specifies that the file operation performed by the file is a legal operation.
  5. 根据权利要求1所述的方法,其中,依据所述安全配置文件对检测到的文件操作进行合法性检查之后,所述方法还包括:The method of claim 1, wherein after the legality check of the detected file operation according to the security profile, the method further comprises:
    在确定所述文件操作为非法操作的情况下,触发告警。In the case where it is determined that the file operation is an illegal operation, an alarm is triggered.
  6. 根据权利要求1所述的方法,其中,在所述安全配置文件存在更新信息的情况下,将所述更新信息加载到所述LKM中,形成更新后的安全配置信息;The method according to claim 1, wherein in the case that the security profile has update information, the update information is loaded into the LKM to form updated security configuration information;
    依据所述更新后的安全配置文件对检测到的文件操作进行合法性检查。Performing a legality check on the detected file operation according to the updated security configuration file.
  7. 一种保障系统安全的装置,包括:A device that secures a system, including:
    加载模块,被配置为将安全配置文件加载到可动态加载的内核模块LKM中,其中,所述LKM设置于Linux系统中,其中,所述安全配置文件包括用于对文件操作进行合法性检查的规则;a loading module configured to load a security configuration file into the dynamically loadable kernel module LKM, wherein the LKM is disposed in a Linux system, wherein the security configuration file includes a legality check for file operations rule;
    检查模块,被配置为依据所述安全配置文件对检测到的文件操作进行合法性检查,在确定所述文件操作为合法操作时,执行所述文件操作。The checking module is configured to perform a legality check on the detected file operation according to the security configuration file, and perform the file operation when determining that the file operation is a legal operation.
  8. 根据权利要求7所述的装置,其中,在所述安全配置文件中包含有文件访问路径的情况下,所述检查模块还被配置为判断所述文件操作所对应的文件是否位于所述文件访问路径,其中,在所述文件未位于所述文件访问路径的情况下,确定所述文件操作为合法操作。The apparatus according to claim 7, wherein, in a case where the security profile includes a file access path, the checking module is further configured to determine whether a file corresponding to the file operation is located in the file access a path, wherein the file operation is determined to be a legitimate operation if the file is not located in the file access path.
  9. 根据权利要求8所述的装置,其中,在所述安全配置文件还包含所述文件访问路径下的指定文件的情况下,所述检查模块还被配置为判断所述文件操作所对应的文件是否为所述指定文件,其中,在所述文件未属于所述指定文件的情况下,确定所述文件操作为合法操作。The apparatus according to claim 8, wherein, in a case where the security profile further includes a specified file under the file access path, the checking module is further configured to determine whether the file corresponding to the file operation is For the specified file, wherein the file operation is determined to be a legal operation if the file does not belong to the specified file.
  10. 根据权利要求9所述的装置,其中,在所述安全配置文件中还包括所述指定文件对应的指定操作进程的情况下,所述检查模块还被配置为判断所述 文件操作所对应的第一操作进程是否为所述指定操作进程,其中,在所述第一操作进程为所述指定操作进程的情况下,确定通过所述第一操作进程对所述指定文件执行的文件操作为合法操作。The apparatus according to claim 9, wherein, in the case that the security configuration file further includes a specified operation process corresponding to the specified file, the checking module is further configured to determine the Whether the first operation process corresponding to the file operation is the specified operation process, and if the first operation process is the specified operation process, determining to execute the specified file by the first operation process The file operation is a legal operation.
  11. 根据权利要求7所述的装置,其中,所述检查模块还被配置为依据所述安全配置文件对检测到的文件操作进行合法性检查之后,在确定所述文件操作为非法操作的情况下,触发告警。The apparatus according to claim 7, wherein the checking module is further configured to, after determining the legal operation of the detected file operation according to the security profile, in the case of determining that the file operation is an illegal operation, Trigger an alarm.
  12. 根据权利要求7所述的装置,其中,在所述安全配置文件存在更新信息的情况下,将所述更新信息加载到所述LKM中,形成更新后的安全配置信息;依据所述更新后的安全配置文件对检测到的文件操作进行合法性检查。The apparatus according to claim 7, wherein, in the case that the security profile has update information, the update information is loaded into the LKM to form updated security configuration information; The security profile checks the legality of the detected file operations.
  13. 根据权利要求7所述的装置,还包括:The apparatus of claim 7 further comprising:
    监控模块,被配置为监控所述加载模块或者所述检查模块,并在所述加载模块或者所述检查模块出现异常的情况下,重新启动所述加载模块或者所述检查模块。The monitoring module is configured to monitor the loading module or the inspection module, and restart the loading module or the inspection module if an abnormality occurs in the loading module or the inspection module.
  14. 一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令设置为执行权利要求1-6中任一项的方法。 A computer readable storage medium storing computer executable instructions arranged to perform the method of any of claims 1-6.
PCT/CN2017/099338 2016-09-14 2017-08-28 Method and device for guaranteeing system security WO2018049977A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610827022.4 2016-09-14
CN201610827022.4A CN107818260B (en) 2016-09-14 2016-09-14 Method and device for guaranteeing system safety

Publications (1)

Publication Number Publication Date
WO2018049977A1 true WO2018049977A1 (en) 2018-03-22

Family

ID=61600408

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/099338 WO2018049977A1 (en) 2016-09-14 2017-08-28 Method and device for guaranteeing system security

Country Status (2)

Country Link
CN (1) CN107818260B (en)
WO (1) WO2018049977A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110968356A (en) * 2018-09-29 2020-04-07 北京金山云网络技术有限公司 Method and device for acquiring configuration information
CN116257266A (en) * 2022-11-22 2023-06-13 浙江御安信息技术有限公司 Automatic safety reinforcement method and equipment for Linux system host

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101996154A (en) * 2009-08-10 2011-03-30 北京多思科技发展有限公司 General processor supporting reconfigurable safety design
US8272048B2 (en) * 2006-08-04 2012-09-18 Apple Inc. Restriction of program process capabilities
CN102930202A (en) * 2012-11-05 2013-02-13 曙光信息产业(北京)有限公司 Operation executing method in Linux system
CN103561045A (en) * 2013-11-21 2014-02-05 北京网秦天下科技有限公司 Safety monitoring system and method for Android system
CN103778006A (en) * 2014-02-12 2014-05-07 成都卫士通信息安全技术有限公司 Method for controlling progress of operating system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104102878B (en) * 2013-04-10 2017-02-08 中国科学院计算技术研究所 Malicious code analysis method and system under Linux platform
CN104866778A (en) * 2015-01-30 2015-08-26 武汉华工安鼎信息技术有限责任公司 Document safety access control method and device based on Linux kernel

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8272048B2 (en) * 2006-08-04 2012-09-18 Apple Inc. Restriction of program process capabilities
CN101996154A (en) * 2009-08-10 2011-03-30 北京多思科技发展有限公司 General processor supporting reconfigurable safety design
CN102930202A (en) * 2012-11-05 2013-02-13 曙光信息产业(北京)有限公司 Operation executing method in Linux system
CN103561045A (en) * 2013-11-21 2014-02-05 北京网秦天下科技有限公司 Safety monitoring system and method for Android system
CN103778006A (en) * 2014-02-12 2014-05-07 成都卫士通信息安全技术有限公司 Method for controlling progress of operating system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110968356A (en) * 2018-09-29 2020-04-07 北京金山云网络技术有限公司 Method and device for acquiring configuration information
CN110968356B (en) * 2018-09-29 2023-09-29 北京金山云网络技术有限公司 Method and device for acquiring configuration information
CN116257266A (en) * 2022-11-22 2023-06-13 浙江御安信息技术有限公司 Automatic safety reinforcement method and equipment for Linux system host

Also Published As

Publication number Publication date
CN107818260A (en) 2018-03-20
CN107818260B (en) 2023-04-25

Similar Documents

Publication Publication Date Title
CN105934927B (en) Dynamic filtering for SDN API calls across security boundaries
US10623440B2 (en) Method and system for protecting web applications against web attacks
CN111819556B (en) Container escape detection method, device, system and storage medium
US11288090B1 (en) Methods, systems, and media for injecting code into embedded devices
CN106778243B (en) Virtual machine-based kernel vulnerability detection file protection method and device
CN106778244B (en) Virtual machine-based kernel vulnerability detection process protection method and device
JP2016514319A (en) Context-based switching to a secure operating system environment
CN106778242B (en) Kernel vulnerability detection method and device based on virtual machine
CN106341732B (en) Management method of desktop starter and intelligent television
WO2020019971A1 (en) Active security protection method for operating system, system and terminal device
CN112995236B (en) Internet of things equipment safety management and control method, device and system
CN113138836A (en) Escape-proof honeypot system based on Docker container and method thereof
WO2018049977A1 (en) Method and device for guaranteeing system security
KR20140055897A (en) User terminal, reliability management server, and method and program for preventing unauthorized remote operation
CN111783087A (en) Method and device for detecting malicious execution of executable file, terminal and storage medium
CN111783082A (en) Process tracing method, device, terminal and computer readable storage medium
CN110941825A (en) Application monitoring method and device
TWI711939B (en) Systems and methods for malicious code detection
CN113836529A (en) Process detection method, device, storage medium and computer equipment
CN113297628A (en) Modification behavior auditing method, device, equipment and readable storage medium
CN112733091A (en) Control method and device for accessing external equipment by application program
CN113596600A (en) Security management method, device, equipment and storage medium for live broadcast embedded program
US11928205B1 (en) Systems and methods for implementing cybersecurity using blockchain validation
CN108287990B (en) File abnormal operation processing method, electronic equipment and computer readable storage medium
CN111385791B (en) Security threat detection method and terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17850179

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17850179

Country of ref document: EP

Kind code of ref document: A1