CN102567175B - Application safety monitoring method and system based on resource declaration - Google Patents
Application safety monitoring method and system based on resource declaration Download PDFInfo
- Publication number
- CN102567175B CN102567175B CN201110402870.8A CN201110402870A CN102567175B CN 102567175 B CN102567175 B CN 102567175B CN 201110402870 A CN201110402870 A CN 201110402870A CN 102567175 B CN102567175 B CN 102567175B
- Authority
- CN
- China
- Prior art keywords
- application
- resource
- resources
- statement
- operating system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000012544 monitoring process Methods 0.000 title claims abstract description 38
- 230000008569 process Effects 0.000 claims description 23
- 238000001514 detection method Methods 0.000 claims description 16
- 238000012360 testing method Methods 0.000 claims description 13
- 230000006870 function Effects 0.000 claims description 5
- 238000013507 mapping Methods 0.000 claims description 4
- 238000009434 installation Methods 0.000 claims description 3
- 238000004064 recycling Methods 0.000 claims description 3
- 238000011897 real-time detection Methods 0.000 claims description 2
- 238000013475 authorization Methods 0.000 claims 1
- 238000007726 management method Methods 0.000 description 33
- 238000011161 development Methods 0.000 description 7
- 230000002159 abnormal effect Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000011990 functional testing Methods 0.000 description 3
- 230000010354 integration Effects 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000011056 performance test Methods 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000011084 recovery Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000035699 permeability Effects 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 238000013468 resource allocation Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000011076 safety test Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses an application safety monitoring method and system based on a resource declaration. The method is used for safety publication and safety operation of third-party applications of a television operating system, and the method comprises the following steps of: (1) generating the resource declaration of a certain third-party application, wherein the resource declaration is used for indicating maximum terminal resources required for operation of the application; (2) when the application is operated, firstly reading the resource declaration; (3) judging whether resources for which the third-party application applies to the embedded terminal television operating system or the resources occupied during the operation of the third-party application exceed the maximum resources indicated in the resource declaration or not; and (4) if not, continuing implementing the application till the end of the operation, and otherwise, stopping the implementation of the application and releasing the corresponding resources. According to the application safety monitoring method and system disclosed by the invention, safety monitoring can be fast performed on the television operating system, and the safety of the embedded terminal operating system and built-in services can be ensured during the operation of the third-party application.
Description
Technical Field
The invention relates to the field of information security and embedded systems, in particular to a security monitoring method for an application developed in an embedded terminal television operating system software operating environment and oriented to open type services, namely, the invention provides an application security monitoring method and system based on resource declaration.
Background
The construction of the next generation broadcast television network is an important measure for implementing the national strategy of the integration of the three networks in the broadcast and television industry, the three networks are oriented to the integration, the broadcast and television services and the telecommunication services enter in two ways, a new service development space is opened for the cable television network, and the cable television network becomes a nationwide operation network of full-service full media through two-way transformation and network integration, so that the original broadcast television and interactive television services can be provided, and value-added telecommunication services and partial basic telecommunication services can be provided. The NGB construction will greatly increase the bidirectional and broadband permeability of the cable television network, the operation requirements of the whole service, the whole media and the whole network.
In order to realize the rapid development of services based on different platforms, the embedded television operating system provides requirements for open services and safe operation of the services. The hardware independence of the third-party application development must be ensured, and a third-party application developer can develop the value-added application independently of the hardware without using a compiling environment of a target terminal, so that the flexibility of the application development is improved; meanwhile, the standardization and the expandability of the third-party application development interface must be ensured, the standardized development interface is provided for a third-party application developer, the development of various applications can be supported, and a new interface can be expanded aiming at the future application.
Meanwhile, the introduction of openness also puts higher requirements on service safety, and an embedded terminal television operating system requires that when a third-party application runs, if an abnormal condition occurs, the abnormal condition cannot be transmitted so as to improve the robustness of terminal software; meanwhile, the method also needs to guarantee the quick response to the application scheduling, the resource operation efficiency of the third-party application, the user experience of the third-party application and the execution efficiency of the third-party application. In order to ensure the running safety of the open service, the embedded terminal television operating system must have a mechanism, namely, a safety processing mechanism when the open service is changed and a recovery processing mechanism of corresponding resources are applied in the running process of the open service in the television operating system.
At present, the third party application safety monitoring in the running environment of the television operating system of the embedded terminal in China is still in the research and development stage, a unified standard does not exist yet, corresponding optimization is not performed aiming at the characteristics of the television, and when the third party application is run, the damage to the embedded terminal operating system and the built-in service of the embedded terminal operating system during the running of the third party service cannot be guaranteed. The invention provides a resource statement-based application security monitoring method and system for a television operating system.
Disclosure of Invention
The invention aims to provide an application safety monitoring method and system based on resource declaration in order to solve the safety problem in the running process of open service in an embedded terminal television operating system in the prior art.
In order to achieve the above object, the present invention provides an application security monitoring method based on resource declaration, which is used for secure publishing and secure running of third-party applications of a television operating system, and the method includes:
(1) generating a resource declaration for a third-party application, the resource declaration indicating a maximum amount of terminal resources required by the application at runtime;
(2) when the application is operated, firstly reading the resource statement;
(3) judging whether the resource applied by the third-party application to the embedded terminal television operating system or the resource occupied by running the third-party application exceeds the maximum value of the resource usage indicated in the resource statement;
(4) if not, the application is continuously executed until the running is finished, otherwise, the application is terminated to be executed, and corresponding resources are released.
In the above technical solution, each application is monitored safely by using a separate process.
The method of the above technical solution further comprises the steps of: and judging whether the application uses the resources of the television operating system which are not declared in the resource declaration, and closing the process and recycling the corresponding resources when the application is determined to use the resources of the television operating system but not declared in the resource declaration. And monitoring the occupation of the application on the specific resource in real time in the process of running the application, and terminating the running of the application and releasing the corresponding resource once the occupation amount of the application on the specific resource is determined to exceed the maximum amount in the resource statement.
And the step (2) further comprises converting the resource declaration into a fine-grained resource declaration required by the television operating system when the application is run.
Based on the above method, the present invention further provides a resource declaration-based application security monitoring system, which is used for secure publishing and secure running of third-party applications of a television operating system, and the system comprises:
for users to register and submit application registration servers to be published,
a detection center for performing the security detection of the television operating system only for the application with the digital signature,
a security management and control server for registering and signing the application software to be issued by the security management and control server after the detection is passed, and
the publishing server is used for uploading the application which is registered and authorized by signature, and the application positioned on the publishing server can be further provided for legal terminal users to download and install anytime and anywhere;
characterized in that the system further comprises: a resource declaration generating and sending module for generating a coarse-grained resource declaration for the software when developing a third-party application;
after the third-party application is developed, uploading software and the coarse-grained resource statement corresponding to the application to a registration server, and handing the software and the coarse-grained resource statement to a detection center by the registration server;
the detection center carries out safety detection on the application and generates a fine-grained resource statement required by the operation of the application;
after the detection is passed, the security management and control server registers and signs and authorizes the application to be issued, and then uploads the application to the issuing server to provide legal terminal users with downloading and installation anytime and anywhere; and
and the judgment decision module is used for judging whether the resource applied by the third-party application to the embedded terminal television operating system or the resource occupied by running the third-party application exceeds the maximum value of the resource usage amount indicated in the resource statement or not, if not, continuing to execute the application until the running is finished, otherwise, terminating to execute the application and releasing the corresponding resource.
In the above technical solution, the specific steps of generating the fine-grained resource declaration include: the detection center runs the third-party software on the set top box of the television operating system for testing to test the occupation condition of the third-party software on the B-type resources, estimates the maximum usage amount of the resources and writes a fine-grained resource statement; according to the mapping relation between the functional components and the A-type resources, the coarse-grained resource statement can be converted into the A-type resource statement, and the fine-grained resource statement is written in; the CPU, the memory and the network bandwidth of the embedded digital television terminal are B-type resources, and the resources of the rest digital television terminals are A-type resources. And a separate process is adopted for each application to realize safety monitoring.
The decision-making judgment module is further configured to: and judging whether the application uses the resources of the television operating system which are not declared in the resource declaration, and closing the process and recycling the corresponding resources when the application is determined to use the resources of the television operating system but not declared in the resource declaration. And monitoring the occupation of the application on the specific resource in real time in the process of running the application, and terminating the running of the application and releasing the corresponding resource once the occupation amount of the application on the specific resource is determined to exceed the maximum amount in the resource statement.
Compared with the prior art, the invention has the advantages that:
1) the invention belongs to the field of embedded terminal television operating systems, can quickly perform safety monitoring by a television operating system according to resource statement information of applications (services), and can be used for ensuring the safety of the embedded terminal operating system and built-in services thereof when third-party applications are operated.
2) The minimum trust base in the invention comprises a system management framework, when the application has illegal resource occupation, the system management framework can quickly terminate the running of the application and release the corresponding resource, so that the released corresponding resource can be used for the foreground application process. Wherein, the minimum trust base is the core of the whole security architecture and is responsible for ensuring the integrity of the system. Device resources are fully accessible and are a fully trusted part of the operating system. The trusted computing base should be as small as possible, and it has the highest privileges, which is related to the stability of the whole television operating system.
Drawings
FIG. 1 is a block diagram of a secure distribution system according to the present invention;
fig. 2 is a flow diagram of the secure operation based on resource declaration according to the present invention.
Detailed Description
The invention is described in further detail below with reference to the figures and the detailed description.
The invention provides an application safety monitoring method based on resource declaration, which is used in an embedded terminal television operating system and comprises the following steps:
(1) generating resource declaration information for a certain third-party application, wherein the resource declaration information contains the maximum amount of embedded terminal resources required by the third-party application during running; (2) when the application of the third party is operated, firstly reading the resource statement; (3) judging whether the resource applied by the third-party application to the embedded terminal or the resource of the embedded terminal occupied by the operation exceeds the maximum value of the resource usage indicated in the resource statement; (4) if not, the application is continuously executed until the running is finished, otherwise, the application is terminated to be executed, and corresponding resources are released.
According to the application security monitoring method, the security monitoring is realized by adopting a separate process for each application.
According to the application security monitoring method, whether the application uses the resources of the television operating system which are not declared in the resource declaration is judged, and when the application is determined to use the resources of the television operating system and is not declared in the resource declaration, the process is closed and the corresponding resources are recycled.
The application security monitoring method according to the present invention, wherein the step (2) further comprises converting the resource declaration into a fine-grained resource declaration required by the television operating system when running the application.
The application safety monitoring method comprises the following steps: and monitoring the occupation of the application on the specific resource in real time in the process of running the application, and terminating the running of the application and releasing the corresponding resource once the occupation amount of the application on the specific resource is determined to exceed the maximum amount in the resource statement.
As shown in fig. 1, the figure is a system structure diagram proposed by the secure distribution method according to the present invention. Specifically, the security release system of the television operating system (TVOS) provided by the invention comprises a registration server, a detection center, a security management and control server and a release server. Wherein,
and the registration server is used for registering and submitting the application to be issued by the user.
And the detection center only carries out the safety detection of the television operating system on the application with the digital signature. Any third party application must go through the security check of the checking center of the television operating system before being released. The safety test of the application software mainly comprises a functional test, a performance test and an abnormity-based detection. The abnormal detection technology is to define a set of numerical values of the normal condition of the system, compare the numerical values of the system in operation with the defined normal condition, and detect whether the application of the television operating system has memory leakage, illegal use of resources and the like through the method.
And the safety control server registers and signs and authorizes the application software to be issued after the detection is passed.
The publishing server is used for uploading the application which is registered by the software and authorized by signature, and the application on the publishing server can be further provided for legal terminal users to download and install at any time and any place.
The specific implementation mode of the invention is as follows:
1. making resource statements
The television operating system (TVOS) is based on a LINUX operating system and is divided into a system management framework and a resource management framework, the system management framework implements process scheduling of application, and the resource management framework implements resource allocation, resource monitoring and resource recovery. The operating system faces to a converged network, is open to applications, has a built-in service program, and supports downloading and running of third-party software. The application may be mutated or unexpected logic errors may occur during execution, and further illegal access is performed on the resources of the television operating system, and finally the security of the television operating system is threatened. The invention adopts a resource declaration method to solve the problem and protect the safety of the system. The resource declaration method employs a resource declaration for indicating a maximum usage amount of terminal resources required for a certain application to run.
The technical scheme of the invention is as follows: before a specific application runs on a television operating system, a resource statement of software corresponding to the application on digital television terminal resources needs to be provided. The digital television terminal resources comprise: CPU, memory, network bandwidth, graphics resources, audio/video decoders, tuner modules and/or disk storage space, etc. When a system management framework of a television operating system schedules a specific application, a resource statement of the application is read first, and a required resource is applied to the resource management framework. If the resource application is successful, the application will be executed. If the application has illegal request or occupation of resources in the execution process, the system management framework terminates the application and releases the corresponding resources.
For convenience of description, in the embodiments of the present invention, the resources of the digital television terminal are first classified into a class a and a class B, which are defined as:
a type resource: the resources of the usage amount can be counted according to the calling situation in the application code.
B type resources: it is difficult to count the usage amount, but the resource of the used condition can be known through real-time monitoring.
According to the above definition, the CPU, the memory and the network bandwidth are B-type resources, and the resources of the rest of the digital television terminals are a-type resources.
2. Resource declaration generation method
Applications running on television operating systems fall into two categories: built-in applications and third-party software. According to the preferred embodiment of the present invention, the resource declaration methods for these two types of applications are different, and are described in detail below.
(1) Built-in application:
developers with built-in applications use the SDK of the embedded terminal chip, the system call of the LINUX kernel, the C language library function and the like to develop applications. The class a resources occupied by the built-in application may be counted by the developer of the application. The B-type resource occupied by the built-in application needs to run the built-in application on the terminal and use real-time testing to obtain corresponding resource occupation information. The built-in application needs to be strictly tested for software security before release. The software safety test mainly comprises a functional test, a performance test and an abnormity-based detection.
The functional test is used for verifying whether the behavior of the program code is expected under certain typical conditions; the method also comprises product quality and content inspection, and mainly comprises whether the software is frequently halted, whether the software content is legal, the influence of the software on other components of the television operating system and the like. The performance test is to simulate various normal, peak and abnormal load conditions by an automated test tool to test various performance indexes of the system, such as a load test and a pressure test.
The anomaly-based detection technology firstly defines the numerical values of the normal conditions of a group of systems, such as CPU utilization rate, memory utilization rate, file checksum and the like, and then compares the numerical values of the systems in operation with the defined normal conditions to obtain whether the signs of attack exist or not. By the method, whether the application of the television operating system has memory leakage, illegal use of resources and the like is detected.
And obtaining resource occupation information during the operation of the application according to the result of the security test. And counting the maximum occupation values of the built-in application to the resources of the class A and the class B, thereby obtaining the resource statement of the built-in application.
(2) A third party application:
the third party software is written in a platform independent language such as JAVA and executed by the execution engine of the television operating system. The third-party software can call the functional components on the television operating system, and the functional components access the A-type resources through the resource management framework. For example, the DVB functional component may access the radio frequency tuning and demodulation module, the demultiplexing module, the standard definition or high definition audio/video decoder, the graphics resource through the resource management framework.
The developer of the third-party software does not know the type A resources called by the functional components, and the third-party software cannot be tested on the television terminal to count the occupation situation of the third-party software on the type B resources. Thus, the resource declaration of the third-party software contains only the functional components it calls. The security framework of the television operating system is responsible for converting the resource declaration (component declaration, i.e. coarse-grained resource declaration) of the third-party software into the resource declaration (specific hardware resource, i.e. fine-grained resource declaration) required by the television operating system when running the application as follows:
after the third-party software is developed, the third-party software is released according to the flow (i.e. the flow of fig. 1, the software must be released after being detected and authenticated). According to one embodiment of the invention, a secure distribution system is included in the security framework of the television operating system, as shown in FIG. 1. The security publishing system of fig. 1 is composed of a registration server, a detection center, a security management and control server, and a publishing server, where the registration server is used for registering a user and submitting an application to be published.
After the third-party software is developed, the software and the coarse-grained resource declaration need to be uploaded to the registration server (the user in fig. 1) together, the registration server hands the software and the coarse-grained resource declaration to the detection center, and the detection center performs security detection on the software and generates a fine-grained resource declaration required by the operation of the software. To generate a fine-grained resource statement, the detection center runs third-party software on a set top box of a television operating system for testing to test the occupation condition of B-type resources, estimates the maximum usage amount of the resources, and writes the fine-grained resource statement. According to the mapping relation between the functional components and the A-type resources, the coarse-grained resource declaration can be converted into the A-type resource declaration, and the fine-grained resource declaration is written. After the detection is passed, the security management and control server registers and signs and authorizes the software to be issued, and then uploads the software to the issuing server to provide legal terminal users with downloading and installation anytime and anywhere.
The fine-grained resource declaration of the third-party software also consists of resource declarations of the A type and the B type.
3. Safe operation flow based on resource declaration
As an example, a single application resource declaration based secure operation flow is shown in FIG. 2.
When an application is to be run, resource declaration information of the application, namely declared component information, is firstly analyzed and obtained, and the running access controller obtains a corresponding relation table of capabilities and permissions (for example, fixed, which indicates which capabilities a certain permission has) according to the corresponding relation table of the capabilities and the resources in the embedded television operation; by comparison with rules, it can be known whether this application has the rights required by the capabilities it needs; thereby deciding whether the application can be run.
Step 1: when the system management framework determines that an application is to be run, the resource declaration of the application, i.e. the declared component information, is first read and converted into a fine-grained resource declaration required by the television operating system when running the application, for example, the tuning module may be further fine-grained to tune/DEMOD/DEMUX (tuning/demodulation/demultiplexing) resources.
Step 2: the resource declaration is provided to a resource management framework.
And step 3: the resource management framework counts the currently available resources.
And 4, step 4: and comparing with the maximum value of each resource declared by the application; when there are not enough available resources, it is determined not to execute the application.
And 5: when there are sufficient resources available, it is determined to run the application.
Step 6: next, the resource management framework dynamically applies for a class a resource;
and 7: then judging whether the applied A-type resources exceed the maximum value of the statement; if the judgment result does not exceed the preset threshold, the corresponding resources can be continuously applied, and the application can be normally operated.
And 8: otherwise, the resource management frame sends an alarm message to the system management frame to indicate that the application has illegal resource access, and the system management frame informs the resource management frame to recycle the resources occupied by the application and terminate the operation of the application after receiving the alarm message.
And step 9: in addition, in order to realize the real-time detection of resources such as a memory, a thread and the like by the resource management framework, certain functions such as the LINUX standard library libc, the pthread and the like are specifically modified, and corresponding identification information is added in the functions, so that when the functions are called by a system, the use conditions of the resources such as the memory and the like are subjected to detailed statistics, and the real-time monitoring of the resources is realized; in the application execution process, the occupation of the B-type resources by the application is monitored in real time by the resource management framework.
Step 10: and judging whether the usage of the application to the B-type resources exceeds a statement value or not, if not, normally running the application, and otherwise, turning to the step 8.
In summary, the invention provides an application security monitoring method based on resource declaration for an embedded terminal television operating system, and a system management framework performs security monitoring according to resource declaration information of application. The television operating system realizes the monitoring of resources by specifically modifying the LINUX standard library. The system management framework runs in the background and can close other processes (such as application exception) at any time and release corresponding resources. The system management framework is realized by adopting a separate process for each application, for allocable resources such as memory and the like, when the applied resources exceed the declared resources when a certain application runs, or for the resources which can only be monitored, the resource monitoring module monitors the application in real time, and when the occupation amount of the application on the resources exceeds the declared value, the system management framework quits the application and releases corresponding resource information. Also, when an application uses some component modules of the television operating system without declaring the corresponding component modules, the system management framework also closes the process and reclaims the corresponding resources.
The resources recovered by the system management framework can be applied to other foreground process applications.
The above embodiments are merely intended to illustrate the technical solution of the present invention, not to limit it, and the application can be extended to other modifications, variations, applications and implementations, and all such modifications, variations, applications and implementations are considered to be within the scope of the present invention.
Claims (5)
1. A resource declaration based application security monitoring method is used for the secure publishing and secure running of third-party applications of a television operating system, and comprises the following steps:
step 1: when the system management framework determines that an application is to be run, firstly reading a resource statement of the application, namely declared component information, and converting the resource statement into a fine-grained resource statement required by a television operating system when the application is run;
step 2: providing the resource declaration to a resource management framework;
and step 3: the resource management framework counts the current available resources;
and 4, step 4: and comparing with the maximum value of each resource declared by the application; determining not to execute the application when there are insufficient available resources;
and 5: determining to run the application when there are sufficient available resources;
step 6: next, the resource management framework dynamically applies for a class a resource;
and 7: then judging whether the applied A-type resources exceed the maximum value of the statement; if the judgment result does not exceed the preset value, the corresponding resources can be continuously applied, and the application can be normally operated;
and 8: otherwise, the resource management framework sends an alarm message to the system management framework to indicate that the application has illegal resource access, and the system management framework informs the resource management framework to recycle the resources occupied by the application and terminates the operation of the application after receiving the alarm message;
and step 9: in addition, in order to realize the real-time detection of resources such as memory, threads and the like by the resource management framework, corresponding identification information is added to the functions of libc and pthread of the LINUX standard library, so that the real-time monitoring of the resources is realized; in the application execution process, the occupation of the B-type resources by the application is monitored in real time by the resource management framework;
step 10: judging whether the usage of the application to the B-type resources exceeds a statement value, if not, normally running the application, otherwise, turning to the step 8;
in order to generate a fine-grained resource statement, the detection center runs third-party software on a set top box of a television operating system for testing to test the occupation condition of B-type resources, estimates the maximum usage amount of the resources and writes the fine-grained resource statement; converting the coarse-grained resource statement into an A-type resource statement according to the mapping relation between the functional component and the A-type resource, and writing the fine-grained resource statement; the CPU, the memory and the network bandwidth of the embedded digital television terminal are B-type resources, and the resources of the rest digital television terminals are A-type resources.
2. An application security monitoring system based on resource declaration, the system is used for the secure publishing and secure operation of the third party service of the television operating system, the system comprises:
for users to register and submit application registration servers to be published,
a detection center for performing the security detection of the television operating system only for the application with the digital signature,
a security management and control server for registering and signing the application software to be issued by the security management and control server after the detection is passed, and
the publishing server is used for uploading the application which is subjected to software registration and signature authorization, and the application positioned on the publishing server can be further provided for legal terminal users to download and install anytime and anywhere;
characterized in that the system further comprises: a resource declaration generating and sending module for generating a coarse-grained resource declaration for the application when third-party software is developed;
after the third-party application is developed, uploading software and the coarse-grained resource statement corresponding to the application to a registration server, and handing the software and the coarse-grained resource statement to a detection center by the registration server;
the detection center carries out safety detection on the application and generates a fine-grained resource statement required by the operation of the application;
after the detection is passed, the security management and control server registers and signs and authorizes the application to be issued, and then uploads the application to the issuing server to provide legal terminal users with downloading and installation anytime and anywhere; and
the judging and deciding module is used for judging whether the resource applied by the third-party application to the embedded terminal television operating system or the resource occupied by running the third-party application exceeds the maximum value of the resource usage amount indicated in the resource statement or not, if not, the application is continuously executed until the running is finished, otherwise, the application is stopped to be executed, and the corresponding resource is released;
the specific steps of generating the fine-grained resource statement are as follows: the detection center runs third-party software on a set top box provided with a television operating system to test the occupation condition of the third-party software on B-type resources, estimates the maximum usage amount of the resources and writes fine-grained resource statements; according to the mapping relation between the functional components and the A-type resources, the coarse-grained resource statement can be converted into the A-type resource statement, and the fine-grained resource statement is written in;
the CPU, the memory and the network bandwidth of the embedded digital television terminal are B-type resources, and the resources of the rest digital television terminals are A-type resources.
3. The application security monitoring system of claim 2, wherein security monitoring is implemented using a separate process for each application.
4. The application security monitoring system of claim 3, wherein the decision-making module is further configured to: and judging whether the application uses some resources of the television operating system which are not declared in the resource declaration, and closing the process and recycling the corresponding resources when the application is determined to use some resources of the television operating system but not declared in the resource declaration.
5. The application security monitoring system of claim 2, wherein the decision-making module is further configured to: and monitoring the occupation of the application on the specific resource in real time in the process of running the application, and terminating the running of the application and releasing the corresponding resource once the occupation amount of the application on the specific resource is determined to exceed the maximum amount in the resource statement.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110402870.8A CN102567175B (en) | 2010-12-08 | 2011-12-07 | Application safety monitoring method and system based on resource declaration |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010590573 | 2010-12-08 | ||
| CN201010590573.6 | 2010-12-08 | ||
| CN201110402870.8A CN102567175B (en) | 2010-12-08 | 2011-12-07 | Application safety monitoring method and system based on resource declaration |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102567175A CN102567175A (en) | 2012-07-11 |
| CN102567175B true CN102567175B (en) | 2014-12-31 |
Family
ID=46412647
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110402870.8A Active CN102567175B (en) | 2010-12-08 | 2011-12-07 | Application safety monitoring method and system based on resource declaration |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102567175B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107329742B (en) * | 2017-06-14 | 2021-01-29 | 北京小米移动软件有限公司 | Software development kit calling method and device |
| CN110955462B (en) * | 2019-11-29 | 2022-04-01 | 珠海豹趣科技有限公司 | Resource acquisition method and device and computer readable storage medium |
| CN112988266B (en) * | 2021-02-10 | 2024-04-19 | 北京奇艺世纪科技有限公司 | Resource management method and device, electronic equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100433667C (en) * | 2002-05-29 | 2008-11-12 | 华为技术有限公司 | Method for assigning user access resources of private network in conversion of network addresses |
-
2011
- 2011-12-07 CN CN201110402870.8A patent/CN102567175B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN102567175A (en) | 2012-07-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11816222B2 (en) | Detecting vulnerabilities in managed client devices | |
| CN103593605B (en) | A kind of Android platform application program dynamic analysis system based on authority usage behavior | |
| US8011006B2 (en) | Access controller and access control method | |
| US9165136B1 (en) | Supervising execution of untrusted code | |
| CN106203113A (en) | The privacy leakage monitoring method of Android application file | |
| US20170010952A1 (en) | Selecting application wrapper logic components for wrapping a mobile application based on wrapper performance feedback from user electronic devices | |
| CN103440456A (en) | Method and device for evaluating safety of application program | |
| CN111581084A (en) | Process testing method and device based on intelligent electric meter operating system | |
| CN102567175B (en) | Application safety monitoring method and system based on resource declaration | |
| CN111191226A (en) | Method, device, equipment and storage medium for determining program by using privilege-offering vulnerability | |
| CN115185777A (en) | Abnormity detection method and device, readable storage medium and electronic equipment | |
| CN114500039B (en) | Instruction issuing method and system based on safety control | |
| CN112464176B (en) | Authority management method and device, electronic equipment and storage medium | |
| CN110826074A (en) | Application vulnerability detection method and device and computer readable storage medium | |
| CN112463266A (en) | Execution policy generation method and device, electronic equipment and storage medium | |
| CN111783091A (en) | Malicious process detection method, device, terminal and computer readable storage medium | |
| CN107766061A (en) | The installation method and installation system of a kind of Android application program | |
| CN111324887A (en) | Installation control method and device for application program | |
| CN113596600B (en) | Security management method, device, equipment and storage medium for live broadcast embedded program | |
| CN116127415A (en) | Privacy protection detection method, device, equipment and computer readable storage medium | |
| US11882104B2 (en) | Security systems and methods for remote technical support | |
| CN115296874A (en) | Computer network security system, method, medium, equipment and terminal | |
| CN114327981A (en) | Safety verification system, method and device of function safety mechanism | |
| CN116522318B (en) | Container authority detection method, device, equipment and medium | |
| CN116028371B (en) | Application program detection method and device, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210730 Address after: Room 1601, 16th floor, East Tower, Ximei building, No. 6, Changchun Road, high tech Industrial Development Zone, Zhengzhou, Henan 450001 Patentee after: Zhengzhou xinrand Network Technology Co.,Ltd. Address before: 100190, No. 21 West Fourth Ring Road, Beijing, Haidian District Patentee before: INSTITUTE OF ACOUSTICS, CHINESE ACADEMY OF SCIENCES |