CN102208004B - 一种基于最小化特权原则的软件行为控制方法 - Google Patents
一种基于最小化特权原则的软件行为控制方法 Download PDFInfo
- Publication number
- CN102208004B CN102208004B CN2011101265237A CN201110126523A CN102208004B CN 102208004 B CN102208004 B CN 102208004B CN 2011101265237 A CN2011101265237 A CN 2011101265237A CN 201110126523 A CN201110126523 A CN 201110126523A CN 102208004 B CN102208004 B CN 102208004B
- Authority
- CN
- China
- Prior art keywords
- behavior
- monitoring
- file
- sandbox
- principle
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 96
- 230000008569 process Effects 0.000 claims abstract description 88
- 238000012544 monitoring process Methods 0.000 claims abstract description 60
- 244000035744 Hura crepitans Species 0.000 claims abstract description 31
- 238000001914 filtration Methods 0.000 claims abstract description 9
- 230000002159 abnormal effect Effects 0.000 claims abstract description 7
- 230000009471 action Effects 0.000 claims description 10
- 230000006399 behavior Effects 0.000 abstract description 68
- 230000003993 interaction Effects 0.000 abstract description 3
- 230000006870 function Effects 0.000 description 16
- 238000013461 design Methods 0.000 description 9
- 230000007246 mechanism Effects 0.000 description 7
- 238000004891 communication Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 5
- 230000006378 damage Effects 0.000 description 5
- 206010000117 Abnormal behaviour Diseases 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000012550 audit Methods 0.000 description 2
- 230000003542 behavioural effect Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000001256 tonic effect Effects 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- PLQDLOBGKJCDSZ-UHFFFAOYSA-N Cypromid Chemical compound C1=C(Cl)C(Cl)=CC=C1NC(=O)C1CC1 PLQDLOBGKJCDSZ-UHFFFAOYSA-N 0.000 description 1
- 241000196324 Embryophyta Species 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 230000004308 accommodation Effects 0.000 description 1
- 230000002547 anomalous effect Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000003139 buffering effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000013075 data extraction Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000009472 formulation Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
Description
Claims (1)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011101265237A CN102208004B (zh) | 2011-05-13 | 2011-05-13 | 一种基于最小化特权原则的软件行为控制方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011101265237A CN102208004B (zh) | 2011-05-13 | 2011-05-13 | 一种基于最小化特权原则的软件行为控制方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102208004A CN102208004A (zh) | 2011-10-05 |
CN102208004B true CN102208004B (zh) | 2013-07-03 |
Family
ID=44696832
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2011101265237A Expired - Fee Related CN102208004B (zh) | 2011-05-13 | 2011-05-13 | 一种基于最小化特权原则的软件行为控制方法 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102208004B (zh) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102436507B (zh) * | 2011-12-28 | 2014-07-16 | 奇智软件(北京)有限公司 | 一种浏览网页的方法及装置 |
CN102819711A (zh) * | 2012-08-21 | 2012-12-12 | 北京思创银联科技股份有限公司 | 磁盘还原保护方法 |
CN103902892B (zh) * | 2012-12-24 | 2017-08-04 | 珠海市君天电子科技有限公司 | 基于行为的病毒防御方法及系统 |
CN103164649B (zh) * | 2013-02-18 | 2016-08-17 | 北京神州绿盟信息安全科技股份有限公司 | 进程行为分析方法及系统 |
CN103077354B (zh) * | 2013-02-19 | 2015-03-25 | 成都索贝数码科技股份有限公司 | 一种控制Windows文件系统访问权限的方法 |
CN107315950B (zh) * | 2017-05-03 | 2020-10-09 | 北京大学 | 一种云计算平台管理员权限最小化的自动化划分方法及访问控制方法 |
CN110858170B (zh) * | 2018-08-23 | 2023-06-30 | 阿里巴巴集团控股有限公司 | 数据异常监控方法和装置 |
CN110516446A (zh) * | 2019-08-26 | 2019-11-29 | 南京信息职业技术学院 | 一种恶意软件家族归属判定方法、系统及存储介质 |
CN111556503B (zh) * | 2020-03-30 | 2024-06-18 | 三六零数字安全科技集团有限公司 | 一种基于Windows操作系统的个人WIFI热点管理方法 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1794645A (zh) * | 2005-08-24 | 2006-06-28 | 上海浦东软件园信息技术有限公司 | 基于程序行为的入侵检测方法与系统 |
CN1845120A (zh) * | 2006-05-16 | 2006-10-11 | 北京启明星辰信息技术有限公司 | 一种恶意代码自动分析系统及方法 |
US7448084B1 (en) * | 2002-01-25 | 2008-11-04 | The Trustees Of Columbia University In The City Of New York | System and methods for detecting intrusions in a computer system by monitoring operating system registry accesses |
CN101944167A (zh) * | 2010-09-29 | 2011-01-12 | 中国科学院计算技术研究所 | 识别恶意程序的方法及系统 |
-
2011
- 2011-05-13 CN CN2011101265237A patent/CN102208004B/zh not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7448084B1 (en) * | 2002-01-25 | 2008-11-04 | The Trustees Of Columbia University In The City Of New York | System and methods for detecting intrusions in a computer system by monitoring operating system registry accesses |
CN1794645A (zh) * | 2005-08-24 | 2006-06-28 | 上海浦东软件园信息技术有限公司 | 基于程序行为的入侵检测方法与系统 |
CN1845120A (zh) * | 2006-05-16 | 2006-10-11 | 北京启明星辰信息技术有限公司 | 一种恶意代码自动分析系统及方法 |
CN101944167A (zh) * | 2010-09-29 | 2011-01-12 | 中国科学院计算技术研究所 | 识别恶意程序的方法及系统 |
Non-Patent Citations (4)
Title |
---|
Koen Buyens et al..Resolving least privilege violations in software architectures.《Software Engineering for Secure Systems,2009.SESS"09.ICSE Workshop on》.2009,9-16页. |
Resolving least privilege violations in software architectures;Koen Buyens et al.;《Software Engineering for Secure Systems,2009.SESS"09.ICSE Workshop on》;20090519;9-16页 * |
李翔等.程序行为监控技术与"最小特权"原则.《信息安全与通信保密》.2008,97-98,102页. |
程序行为监控技术与"最小特权"原则;李翔等;《信息安全与通信保密》;20081231;97-98,102页 * |
Also Published As
Publication number | Publication date |
---|---|
CN102208004A (zh) | 2011-10-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102208004B (zh) | 一种基于最小化特权原则的软件行为控制方法 | |
CN109766699B (zh) | 操作行为的拦截方法及装置、存储介质、电子装置 | |
CN106326699B (zh) | 一种基于文件访问控制和进程访问控制的服务器加固方法 | |
Bernardes | Implementation of an intrusion detection system based on mobile agents | |
CN101496025B (zh) | 用于向移动设备提供网络安全的系统和方法 | |
Geiger et al. | An analysis of black energy 3, crashoverride, and trisis, three malware approaches targeting operational technology systems | |
Halme et al. | AINT misbehaving: A taxonomy of anti-intrusion techniques | |
CN108683652A (zh) | 一种基于行为权限的处理网络攻击行为的方法及装置 | |
Firoozjaei et al. | An evaluation framework for industrial control system cyber incidents | |
CN110855697A (zh) | 电力行业网络安全的主动防御方法 | |
WO2003058451A1 (en) | System and method for the managed security control of processes on a computer system | |
JP2003535414A (ja) | 情報を盗んだり及び/又は損害を引き起こしたりするかもしれない邪悪なプログラムに対するコンピュータの包括的一般的共通的保護のためのシステム及び方法 | |
Monge et al. | A novel self-organizing network solution towards crypto-ransomware mitigation | |
CN101594360A (zh) | 局域网系统和维护局域网信息安全的方法 | |
Shehod | Ukraine power grid cyberattack and US susceptibility: Cybersecurity implications of smart grid advancements in the US | |
CN100414554C (zh) | 用于计算机的电子数据取证方法和系统 | |
CN115314286A (zh) | 一种安全保障系统 | |
CN110401638A (zh) | 一种网络流量分析方法及装置 | |
CN109753796A (zh) | 一种大数据计算机网络安全防护装置及使用方法 | |
CN103430153B (zh) | 用于计算机安全的接种器和抗体 | |
CN108197468A (zh) | 一种移动存储介质的内网攻击智能防护系统 | |
CN109729089B (zh) | 一种基于容器的智能网络安全功能管理方法及系统 | |
CN108134792B (zh) | 基于虚拟化技术在计算机系统中实现防御网络病毒攻击的方法 | |
Filman et al. | Communicating security agents | |
McKay | Best practices in automation security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20111005 Assignee: Jiangsu Nanyou IOT Technology Park Ltd. Assignor: Nanjing Post & Telecommunication Univ. Contract record no.: 2016320000221 Denomination of invention: Method for controlling software behavior based on least privilege principle Granted publication date: 20130703 License type: Common License Record date: 20161129 |
|
LICC | Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model | ||
EE01 | Entry into force of recordation of patent licensing contract | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20111005 Assignee: Nanjing national Mdt InfoTech Ltd Assignor: Nanjing Post & Telecommunication Univ. Contract record no.: 2018320000013 Denomination of invention: Method for controlling software behavior based on least privilege principle Granted publication date: 20130703 License type: Common License Record date: 20180111 |
|
EC01 | Cancellation of recordation of patent licensing contract | ||
EC01 | Cancellation of recordation of patent licensing contract |
Assignee: Jiangsu Nanyou IOT Technology Park Ltd. Assignor: Nanjing Post & Telecommunication Univ. Contract record no.: 2016320000221 Date of cancellation: 20180116 |
|
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20180731 Address after: 211113 01 01 Lantian Road, Lu Kou street, Jiangning District, Nanjing, Jiangsu. Patentee after: Jiangsu Yun Mu pension Technology Co., Ltd. Address before: 210003 new model road, Nanjing, Nanjing, Jiangsu Patentee before: Nanjing Post & Telecommunication Univ. |
|
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130703 Termination date: 20190513 |