CN102592076B - Data tamper-proof method and device - Google Patents
Data tamper-proof method and device Download PDFInfo
- Publication number
- CN102592076B CN102592076B CN201110430654.4A CN201110430654A CN102592076B CN 102592076 B CN102592076 B CN 102592076B CN 201110430654 A CN201110430654 A CN 201110430654A CN 102592076 B CN102592076 B CN 102592076B
- Authority
- CN
- China
- Prior art keywords
- data
- application program
- security strategy
- judge
- comprised
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a data tamper-proof method and a device, which are used for solving the problems that data security can't be effectively guaranteed by existing technologies, and data security is decreased. The data tamper-proof method includes that the Linux operating system kernel receives a data modifying request sent by a first application program, confirms data which need to be modified by the first application, judges if the modification operation of the first application program on the data is legal according to pre-saved security policy, performing a system call corresponding to the modification operation to achieve the modification operation if the modification operation is legal, and otherwise refusing the modification operation. According to an embodiment of the data tamper-proof method and the device, before performing the corresponding system call, the Linux system kernel judges if the modification operation is legal according to the pre-saved security policy, so that the protection of a driver layer at kernel level on data is achieved. Compared with a method of the protection of an application layer on data in existing technologies, the data tamper-proof method can be used for effectively guaranteeing data security and improving data security.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of anti-tamper method of data and device.
Background technology
Along with the development of network technology, WEB server network providing various web page content information serve becomes more and more universal.All kinds of attacks for WEB server also get more and more, due to the system vulnerability of WEB server itself or the misspecification etc. of network manager, hackers can become comprise the content of fallacious message by the unwarranted data modification by WEB server, as wooden horse or extension horse, bring loss to the owner of WEB server and user.
In the prior art, the method generally by arranging authority to user prevents the data in WEB server from illegally being distorted.Concrete; first corresponding authority is arranged to each user; then some is specified to need the data of protection; for the data that these are specified; the user only with higher-rights can carry out read-write operation to it; other users then can not carry out read-write operation to rising, to reach the object of these data of protection.
But; this by arrange authority realize prevent data by the method for illegally distorting; the setting of authority arranges in the application program of WEB server, and also namely prior art protects data in the application layer of WEB server, and the protection of application layer is easy to be broken.Such as, can be modified to the authority that each user is arranged by the user with higher authority, the authority each user arranged all changes to can carry out read-write operation to the data of specifying, and each like this user can distort these data.Therefore, prevent data from effectively can not be ensured the safety of data by the method for illegally distorting in prior art, reduce the security of data.
Summary of the invention
A kind of method that the embodiment of the present invention provides data anti-tamper and device, effectively can not ensure the safety of data, reduce the problem of the security of data in order to solve prior art.
The method that a kind of data that the embodiment of the present invention provides are anti-tamper, comprising:
Linux operating system nucleus receives the amendment request of the Update Table that the first application program sends; And
According to described amendment request, determine the data that described first application program will be revised;
Described linux operating system nucleus, according to the security strategy of preserving in advance, judges whether described first application program is valid operation to the retouching operation of the described data determined; And
When being judged as valid operation, described linux operating system nucleus carries out system call corresponding to described retouching operation, to realize described first application program to the retouching operation of described data;
Otherwise, refuse described first application program to the retouching operation of described data.
The device that a kind of data that the embodiment of the present invention provides are anti-tamper, comprising:
Receiver module, for receiving the amendment request of the Update Table that the first application program sends;
Determination module, for according to described amendment request, determines the data that described first application program will be revised;
Judge module, for according to the security strategy of preserving in advance, judges whether described first application program is valid operation to the retouching operation of the described data determined;
Processing module, for when being judged as valid operation, carries out the system call that described retouching operation is corresponding, to realize described first application program to the retouching operation of described data, otherwise, refuse described first application program to the retouching operation of described data.
A kind of method that the embodiment of the present invention provides data anti-tamper and device, the method linux operating system nucleus receives the amendment request of the Update Table that the first application program sends, and determine the data that the first application program will be revised, according to the security strategy of preserving in advance, judge that whether the first application program is legal to the retouching operation of these data, if legal, then carry out system call corresponding to this retouching operation, to realize this retouching operation, otherwise refuse this retouching operation.Because linux operating system nucleus in the embodiment of the present invention is before carrying out corresponding system call; security strategy according to preserving judges that whether retouching operation is legal; thus achieve kernel level other drive layer data are protected; compared to the method that prior art is protected data in application layer; effectively can ensure the safety of data, improve the security of data.
Accompanying drawing explanation
The process that the data that Fig. 1 provides for the embodiment of the present invention are anti-tamper;
The detailed process that the data that Fig. 2 provides for the embodiment of the present invention are anti-tamper;
The apparatus structure schematic diagram that the data that Fig. 3 provides for the embodiment of the present invention are anti-tamper.
Embodiment
In actual applications, application program is mostly carried out corresponding system call by linux operating system nucleus to the retouching operation that data are carried out and is completed.Wherein, linux operating system nucleus is positioned at driving layer, and application program is positioned at application layer, and system call refers to that application program needs the service run to the request of linux operating system nucleus.Also namely, application layer completes by driving layer to carry out corresponding system call the amendment of data.Owing to being easy to be broken in the protection of application layer to data, therefore, as long as breach in the protection of application layer to data, application layer just directly can indicate and drive layer to carry out corresponding system call, with the amendment of complete paired data.
But; the driving layer at linux operating system nucleus place is but difficult to be broken; therefore abandoned in the embodiment of the present invention in prior art in the method that application layer is protected data; and in kernel level, other drives layer to protect data; before linux operating system nucleus carries out system call; first judge whether to the retouching operation of data be valid operation; if legal; then carry out corresponding system call; the retouching operation of complete paired data; if illegal, then refusal carries out system call, also namely refuses this retouching operation.Even if adopt the method application layer to be broken; but when application-level request drives layer to carry out a system call; if drive layer to judge that this operation is illegal; still illegally distorting of absolute data can be refused; compared to the method only resting on application layer in prior art and protect data; the data tamper resistant method that the embodiment of the present invention provides more effectively can ensure the safety of data, improves the security of data.
Below in conjunction with Figure of description, the embodiment of the present invention is described in detail.
The process that the data that Fig. 1 provides for the embodiment of the present invention are anti-tamper, specifically comprises the following steps:
S101:linux operating system nucleus receives the amendment request of the Update Table that the first application program sends.
In embodiments of the present invention, user is modified to data by this first application program, this first application program then sends the amendment request of Update Table to linux operating system nucleus, request linux operating system nucleus carries out corresponding system call, to complete retouching operation.Wherein, this first application program is the application program being positioned at application layer.
S102: ask according to this amendment, determines the data that the first application program will be revised.
Linux operating system nucleus, after receiving amendment request, does not carry out corresponding system call at once, but first asks according to this amendment, determines the data that the first application program will be revised.Wherein, carry the mark of the data that the first application program will be revised, store path and data type in this amendment request, linux operating system nucleus can determine the data that the first application program will be revised accordingly.
S103:linux operating system nucleus, according to the security strategy of preserving in advance, judges whether the first application program is valid operation to the retouching operation of these data determined, if so, then carries out step S104, otherwise carries out step S105.
In embodiments of the present invention; after linux operating system receives amendment request; do not carry out corresponding system call at once; but first judge whether the retouching operation carried out these data is valid operation according to above-mentioned steps S102 and S103; if valid operation then allows amendment; otherwise refusal amendment, also namely in kernel level, other drives in layer the protection realized data.Wherein, security strategy can specifically set as required, and is kept in advance in linux operating system nucleus.
S104:linux operating system nucleus carries out system call corresponding to this retouching operation, to realize the retouching operation of the first application program to these data.
When judging that this retouching operation is valid operation, then performing normal flow process, carrying out corresponding system call, complete the retouching operation to these data.
S105: refuse the retouching operation of the first application program to these data.
When judging that this retouching operation is illegal operation, then not carrying out system call, refusing this retouching operation.
In above process, linux operating system nucleus receives the amendment request of the Update Table that the first application program sends, and determine the data that the first application program will be revised, according to the security strategy of preserving in advance, judge that whether the first application program is legal to the retouching operation of these data, if legal, then carry out system call corresponding to this retouching operation, to realize this retouching operation, otherwise refuse this retouching operation.Because linux operating system nucleus in the embodiment of the present invention is before carrying out corresponding system call, security strategy according to preserving judges that whether retouching operation is legal, thus achieve kernel level other drive layer data are protected, due to linux operating system nucleus will be entered, and its security strategy of preserving is modified need very high authority, and, entering to be positioned to drive the linux operating system nucleus of layer and revise security strategy also needs assailant very familiar to linux operating system nucleus, therefore, the driving layer of linux operating system is difficult to be broken, even if application layer is broken, drive layer still can effective protected data, and then only rest on compared to prior art the method that application layer protects data, effectively can ensure the safety of data, improve the security of data.
In the process shown in above-mentioned Fig. 1, linux operating system nucleus, after receiving amendment request, be not carry out system call, but the method for first carrying out step S102 and S103 is realized by the method for hook at once.Concrete, hook operation is carried out in each system call that linux operating system nucleus is corresponding to retouching operation in advance, make linux operating system nucleus before carrying out corresponding system call according to the amendment request received, first carry out the process of step S102 and S103, also namely first carry out asking according to this amendment, determine the data that the first application program will be revised, and according to the security strategy of preserving in advance, judge that whether the first application program is the step of valid operation to the retouching operation of these data.
Because existing linux operating system nucleus is all carry out corresponding system call after receiving amendment request at once, hook method then can make linux operating system nucleus before carrying out system call, first carry out the process of particular step, therefore, by above-mentioned method of each system call being carried out to hook operation, just can at existing linux operating system nucleus before carrying out system call, first perform step S102 and S103, to judge that whether retouching operation is legal, then carry out respective handling according to judged result.
In embodiments of the present invention, the security strategy of setting can be kept in linux operating system nucleus by the second application program, also namely by application layer by security strategy write driver layer.Wherein, the second application program is also the application program being positioned at application layer, and in order to ensure the security of data further, this second application program can be default application program trusty.And, application layer can be realized due to netlink mode and drive the full duplex instant messaging of layer, adopt netlink mode security strategy write driver layer can be improved the efficiency of write security strategy, therefore, in the embodiment of the present invention, linux operating system nucleus is preserved the method for security strategy and is specially: linux operating system nucleus receives security strategy that the second application program issued by netlink mode and preserves.Certainly, the second application program can also adopt other modes to issue security strategy to linux operating system nucleus.
In embodiments of the present invention; specifically can comprise in the security strategy arranged: the identification information etc. of the store path of protected data, the data type of protected data, application program trusty; wherein one or more can certainly be only included; wherein; the content comprised in security strategy is more, and the security of data is also higher.Adopt said method; then can to the setting needing the data of protection to carry out batch; such as set the html type under certain path, txt type, jsp type, jpeg type data be protected data; and one or several application program trusty can be set; the identification information of application program trusty can be the title of application program; in order to avoid unauthorized applications adopts identical title to distort protected data, the identification information of application program trusty can also be the routing information of application program.
If the data that the first application program will be revised are the data of the specified type under specified path, so only have when the first application program is the application program trusty of specifying, just can modify to these data, otherwise refusal amendment.If the data that the first application program will be revised are not the data under specified path; or not the data of specified type; the data that namely the first application program will be revised are not the protected datas of specifying yet; so no matter whether the first application program is the application program trusty of specifying, and all can modify to these data.
Comprise the store path of protected data for security strategy, the data type of protected data, the identification information of application program trusty be described.The data under data that the first application program will be revised are the store path of the protected data comprised in this security strategy are judged when linux operating system nucleus; and; judge that the data type of these data is the data type of the protected data comprised in security strategy; and; when judging that the identification information of the first application program is the identification information of the application program trusty comprised in security strategy, judge that the first application program is valid operation to the retouching operation of these data.The data under these data are not the store paths of the protected data comprised in security strategy are judged when linux operating system nucleus; or; when the data type judging these data is not the data type of the protected data comprised in security strategy, judge that the first application program is valid operation to the retouching operation of these data.The data under these data are the store path of the protected data comprised in security strategy are judged when linux operating system nucleus; and; judge that the data type of these data is the data type of the protected data comprised in security strategy; and; when judging that the identification information of the first application program is not the identification information of the application program trusty comprised in security strategy, judge that the first application program is illegal operation to the retouching operation of these data.
In addition; in order to ensure the security of data further; can also be as required; for each protected data in security strategy; concrete arranges the action type allowing or refuse to carry out this protected data; such as refuse to carry out write operation, retouching operation, rename operation to this protected data, allow to carry out read operation etc. to this protected data, can each protected data of more fine-grained protection.
Wherein, the security strategy of preserving in linux operating system nucleus is tampered, and this security strategy also will be protected as protected data itself, to improve the security of data further.
In above process, be modified to point out the protected data of specifying in security strategy, to improve the security of data further, the data under these data are the store path of the protected data comprised in security strategy are judged when linux operating system nucleus, and, judge that the data type of these data is the data type of the protected data comprised in security strategy, and, when judging that the identification information of the first application program is the identification information of the application program trusty comprised in security strategy, after linux operating system nucleus carries out system call corresponding to this retouching operation, also warning information will be produced, and the warning information of generation is returned the second application program by netlink mode, be modified to point out the protected data of specifying.Concrete; can be kept in the alarm log of the second application program by unified for the warning information of generation; be used for when going wrong because protected data is modified, keeper can inquire about corresponding warning information in alarm log, follows the trail of and solve produced problem.
The detailed process that the data that Fig. 2 provides for the embodiment of the present invention are anti-tamper, specifically comprises the following steps:
S201:linux operating system nucleus receives security strategy that the second application program issued by netlink mode and preserves, and hook operation is carried out in each system call corresponding to retouching operation.
Wherein, the object of carrying out hook operation is before linux operating system nucleus carries out system call, first carries out the whether legal judgement of retouching operation, carries out respective handling according to judged result.
S202:linux operating system nucleus receives the amendment request of the Update Table that the first application program sends.
S203: according to amendment request, determine the data that the first application program will be revised.
S204: judge that whether these data are the data under the store path of the protected data comprised in security strategy, if so, then carry out step S205, otherwise carry out step S207.
S205: judge that whether the data type of these data is the data type of the protected data comprised in security strategy, if so, then carry out step S206, otherwise carry out step S207.
S206: judge that whether the identification information of the first application program is the identification information of the application program trusty comprised in security strategy, if so, then carry out step S207, otherwise carry out step S209.
S207: carry out the system call that this retouching operation is corresponding, to realize the retouching operation of the first application program to these data.
S208: produce warning information, and the warning information of generation is returned the second application program by netlink mode.
S209: do not carry out system call, refuses the retouching operation of the first application program to these data.
The apparatus structure schematic diagram that the data that Fig. 3 provides for the embodiment of the present invention are anti-tamper, specifically comprises:
Receiver module 301, for receiving the amendment request of the Update Table that the first application program sends;
Determination module 302, for according to described amendment request, determines the data that described first application program will be revised;
Judge module 303, for according to the security strategy of preserving in advance, judges whether described first application program is valid operation to the retouching operation of the described data determined;
Processing module 304, for when being judged as valid operation, carries out the system call that described retouching operation is corresponding, to realize described first application program to the retouching operation of described data, otherwise, refuse described first application program to the retouching operation of described data.
Described device also comprises:
Insert module 305, hook operation is carried out for each system call corresponding to retouching operation, make described processing module 304 in the amendment request of the Update Table sent according to the first application program received, before carrying out corresponding system call, determination module 302 is asked according to described amendment, determine the data that described first application program will be revised, and judge module 303 is according to the security strategy of preserving in advance, judge whether described first application program is valid operation to the retouching operation of the described data determined.
Described judge module 303 specifically for, receive security strategy that the second application program issued by netlink mode and preserve.
Described judge module 303 specifically for, when judging the data under described data are the store path of the protected data comprised in described security strategy, and, judge that the data type of described data is the data type of the protected data comprised in described security strategy, and, when judging that the identification information of described first application program is the identification information of the application program trusty comprised in described security strategy, judge that the retouching operation of described first application program to the described data determined is valid operation; When judging the data under described data are not the store path of the protected data comprised in described security strategy, or, when the data type judging described data is not the data type of the protected data comprised in described security strategy, judge that the retouching operation of described first application program to the described data determined is valid operation; When judging the data under described data are the store path of the protected data comprised in described security strategy, and, judge that the data type of described data is the data type of the protected data comprised in described security strategy, and, when judging that the identification information of described first application program is not the identification information of the application program trusty comprised in described security strategy, judge that the retouching operation of described first application program to the described data determined is illegal operation; Wherein, described security strategy comprises: the identification information of the store path of protected data, the data type of protected data, application program trusty.
Described device also comprises:
Alarm module 306, for judging that when described judge module 303 described data are the data under the store path of the protected data comprised in described security strategy, and, judge that the data type of described data is the data type of the protected data comprised in described security strategy, and, when judging that the identification information of described first application program is the identification information of the application program trusty comprised in described security strategy, after described processing module 304 carries out system call corresponding to described retouching operation, produce warning information, and the warning information of generation is returned the second application program by netlink mode.
The device that concrete above-mentioned data are anti-tamper can be arranged in linux operating system nucleus.
A kind of method that the embodiment of the present invention provides data anti-tamper and device, the method linux operating system nucleus receives the amendment request of the Update Table that the first application program sends, and determine the data that the first application program will be revised, according to the security strategy of preserving in advance, judge that whether the first application program is legal to the retouching operation of these data, if legal, then carry out system call corresponding to this retouching operation, to realize this retouching operation, otherwise refuse this retouching operation.Because linux operating system nucleus in the embodiment of the present invention is before carrying out corresponding system call; security strategy according to preserving judges that whether retouching operation is legal; thus achieve kernel level other drive layer data are protected; compared to the method that prior art is protected data in application layer; effectively can ensure the safety of data, improve the security of data.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.
Claims (8)
1. the method that data are anti-tamper, is characterized in that, comprising:
Linux operating system nucleus receives the amendment request of the Update Table that the first application program sends; And
According to described amendment request, determine the data that described first application program will be revised;
Described linux operating system nucleus is according to the security strategy of preserving in advance, judge whether described first application program is valid operation to the retouching operation of the described data determined, described security strategy specifically comprises: the identification information of the store path of protected data, the data type of protected data, application program trusty; And
When being judged as valid operation, described linux operating system nucleus carries out system call corresponding to described retouching operation, to realize described first application program to the retouching operation of described data;
Otherwise, refuse described first application program to the retouching operation of described data;
Wherein, described linux operating system nucleus is according to the security strategy of preserving in advance, judge whether described first application program is valid operation to the retouching operation of the described data determined, specifically comprise: judge the data under described data are the store path of the protected data comprised in described security strategy when described linux operating system nucleus, and, judge that the data type of described data is the data type of the protected data comprised in described security strategy, and, when judging that the identification information of described first application program is the identification information of the application program trusty comprised in described security strategy, judge that the retouching operation of described first application program to the described data determined is valid operation, and when described linux operating system nucleus judges that described data are not the data under the store path of the protected data comprised in described security strategy, or, when the data type judging described data is not the data type of the protected data comprised in described security strategy, judge that the retouching operation of described first application program to the described data determined is valid operation, and when described linux operating system nucleus judges that described data are the data under the store path of the protected data comprised in described security strategy, and, judge that the data type of described data is the data type of the protected data comprised in described security strategy, and, when judging that the identification information of described first application program is not the identification information of the application program trusty comprised in described security strategy, judge that the retouching operation of described first application program to the described data determined is illegal operation.
2. the method for claim 1, is characterized in that, before linux operating system nucleus receives the amendment request of the Update Table that the first application program sends, described method also comprises:
Hook operation is carried out in each system call that described linux operating system nucleus is corresponding to retouching operation, make described linux operating system nucleus in the amendment request of the Update Table sent according to the first application program received, before carrying out corresponding system call, first carry out according to described amendment request, determine the data that described first application program will be revised, and according to the security strategy of preserving in advance, judge that whether described first application program is the step of valid operation to the retouching operation of the described data determined.
3. the method for claim 1, is characterized in that, described linux operating system nucleus preserves security strategy, specifically comprises:
Described linux operating system nucleus receives security strategy that the second application program issued by netlink mode and preserves.
4. the method for claim 1, it is characterized in that, the data under described data are the store path of the protected data comprised in described security strategy are judged when described linux operating system nucleus, and, judge that the data type of described data is the data type of the protected data comprised in described security strategy, and, when judging that the identification information of described first application program is the identification information of the application program trusty comprised in described security strategy, after described linux operating system nucleus carries out system call corresponding to described retouching operation, described method also comprises:
Produce warning information, and the described warning information produced is returned the second application program by netlink mode.
5. the device that data are anti-tamper, is characterized in that, comprising:
Receiver module, for receiving the amendment request of the Update Table that the first application program sends;
Determination module, for according to described amendment request, determines the data that described first application program will be revised;
Judge module, for the security strategy that basis is preserved in advance, judge whether described first application program is valid operation to the retouching operation of the described data determined, described security strategy specifically comprises: the identification information of the store path of protected data, the data type of protected data, application program trusty;
Processing module, for when being judged as valid operation, carries out the system call that described retouching operation is corresponding, to realize described first application program to the retouching operation of described data, otherwise, refuse described first application program to the retouching operation of described data;
Wherein, described judge module specifically for, when judging the data under described data are the store path of the protected data comprised in described security strategy, and, judge that the data type of described data is the data type of the protected data comprised in described security strategy, and, when judging that the identification information of described first application program is the identification information of the application program trusty comprised in described security strategy, judge that the retouching operation of described first application program to the described data determined is valid operation; When judging the data under described data are not the store path of the protected data comprised in described security strategy, or, when the data type judging described data is not the data type of the protected data comprised in described security strategy, judge that the retouching operation of described first application program to the described data determined is valid operation; When judging the data under described data are the store path of the protected data comprised in described security strategy, and, judge that the data type of described data is the data type of the protected data comprised in described security strategy, and, when judging that the identification information of described first application program is not the identification information of the application program trusty comprised in described security strategy, judge that the retouching operation of described first application program to the described data determined is illegal operation; Wherein, described security strategy comprises: the identification information of the store path of protected data, the data type of protected data, application program trusty.
6. device as claimed in claim 5, it is characterized in that, described device also comprises:
Insert module, hook operation is carried out for each system call corresponding to retouching operation, make described processing module in the amendment request of the Update Table sent according to the first application program received, before carrying out corresponding system call, determination module is asked according to described amendment, determine the data that described first application program will be revised, and judge module is according to the security strategy of preserving in advance, judges whether described first application program is valid operation to the retouching operation of the described data determined.
7. device as claimed in claim 5, is characterized in that, described judge module specifically for, receive security strategy that the second application program issued by netlink mode and preserve.
8. device as claimed in claim 5, it is characterized in that, described device also comprises:
Alarm module, for judging that when described judge module described data are the data under the store path of the protected data comprised in described security strategy, and, judge that the data type of described data is the data type of the protected data comprised in described security strategy, and, when judging that the identification information of described first application program is the identification information of the application program trusty comprised in described security strategy, after described processing module carries out system call corresponding to described retouching operation, produce warning information, and the warning information of generation is returned the second application program by netlink mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110430654.4A CN102592076B (en) | 2011-12-20 | 2011-12-20 | Data tamper-proof method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110430654.4A CN102592076B (en) | 2011-12-20 | 2011-12-20 | Data tamper-proof method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102592076A CN102592076A (en) | 2012-07-18 |
| CN102592076B true CN102592076B (en) | 2015-01-07 |
Family
ID=46480700
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110430654.4A Active CN102592076B (en) | 2011-12-20 | 2011-12-20 | Data tamper-proof method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102592076B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102902928B (en) * | 2012-09-21 | 2017-02-15 | 杭州迪普科技有限公司 | Method and device for webpage integrity assurance |
| CN102930205A (en) * | 2012-10-10 | 2013-02-13 | 北京奇虎科技有限公司 | Monitoring unit and method |
| CN102902909B (en) * | 2012-10-10 | 2015-09-16 | 北京奇虎科技有限公司 | A kind of system and method preventing file to be tampered |
| CN105827588B (en) * | 2015-12-23 | 2019-03-15 | 广东亿迅科技有限公司 | A kind of stream medium data dissemination system based on network driver layer |
| CN105844157A (en) * | 2016-04-20 | 2016-08-10 | 北京鼎源科技有限公司 | Monitoring method for App behaviors in Android system |
| CN107203716B (en) * | 2017-05-03 | 2020-05-22 | 中国科学院信息工程研究所 | Lightweight structured protection method and device for Linux kernel |
| CN111259417A (en) * | 2020-01-13 | 2020-06-09 | 奇安信科技集团股份有限公司 | File processing method and device |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1773413B (en) * | 2004-11-10 | 2010-04-14 | 中国人民解放军国防科学技术大学 | Character constant weight method |
| CN100401223C (en) * | 2005-04-28 | 2008-07-09 | 中国科学院软件研究所 | Strategy and method for realizing minimum privilege control in safety operating system |
| CN101727555A (en) * | 2009-12-04 | 2010-06-09 | 苏州昂信科技有限公司 | Access control method for operation system and implementation platform thereof |
| CN101901313B (en) * | 2010-06-10 | 2013-12-18 | 中科方德软件有限公司 | Linux file protection system and method |
-
2011
- 2011-12-20 CN CN201110430654.4A patent/CN102592076B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN102592076A (en) | 2012-07-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102592076B (en) | Data tamper-proof method and device | |
| CN106534148B (en) | Access control method and device for application | |
| CN104392188B (en) | A kind of secure data store method and system | |
| EP2656270B1 (en) | Tamper proof location services | |
| CN101833621B (en) | Terminal safety audit method and system | |
| WO2015180690A1 (en) | Method and device for reading verification information | |
| CN106330984B (en) | Dynamic updating method and device of access control strategy | |
| CN107508801B (en) | Method and device for preventing file from being tampered | |
| JP2003535414A (en) | Systems and methods for comprehensive and common protection of computers against malicious programs that may steal information and / or cause damage | |
| CN103268455A (en) | Method and device for accessing data | |
| CN102495989A (en) | Subject-label-based access control method and system | |
| CN103559437B (en) | Access control method and system for Android operation system | |
| CN104168291A (en) | Data access method, data access device and terminal | |
| JP2007011556A (en) | Method for protecting secret file of security measure application | |
| CN114553540A (en) | Zero-trust-based Internet of things system, data access method, device and medium | |
| KR101089157B1 (en) | System and method for logically separating servers from clients on network using virtualization of client | |
| CN105592039A (en) | Security equipment implementation system capable of setting authority, and implementation method thereof | |
| WO2019037521A1 (en) | Security detection method, device, system, and server | |
| CN101430749A (en) | Software permission monitoring method, system and electronic equipment | |
| CN114117539A (en) | Data protection method and device | |
| CN103023943B (en) | Task processing method and device, terminal unit | |
| CN106254442A (en) | A kind of cloud disk data transmission method based on virtual encryption disk and device | |
| CN106982428B (en) | Security configuration method, security control device and security configuration device | |
| CN104462898A (en) | Object file protecting method and device based on Android system | |
| CN110990873B (en) | Monitoring method for illegal operation, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200319 Address after: 610015 No.1, floor 2, building 6, No.39 Renhe street, hi tech Zone, Chengdu City, Sichuan Province Patentee after: Shenzhou Lvmeng Chengdu Technology Co., Ltd Address before: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building Patentee before: NSFOCUS INFORMATION TECHNOLOGY Co.,Ltd. |