CN102663321B - For security enhancement system and the method for software - Google Patents

For security enhancement system and the method for software Download PDF

Info

Publication number
CN102663321B
CN102663321B CN201210123531.0A CN201210123531A CN102663321B CN 102663321 B CN102663321 B CN 102663321B CN 201210123531 A CN201210123531 A CN 201210123531A CN 102663321 B CN102663321 B CN 102663321B
Authority
CN
China
Prior art keywords
main body
software
access
security
security attribute
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210123531.0A
Other languages
Chinese (zh)
Other versions
CN102663321A (en
Inventor
宾彬
王屿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Beijing Baidu Netcom Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Baidu Netcom Science and Technology Co Ltd filed Critical Beijing Baidu Netcom Science and Technology Co Ltd
Priority to CN201210123531.0A priority Critical patent/CN102663321B/en
Publication of CN102663321A publication Critical patent/CN102663321A/en
Application granted granted Critical
Publication of CN102663321B publication Critical patent/CN102663321B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of security enhancement system for software, comprising: configuration module, described configuration module is for the security attribute of the object of the main body and described software that configure described software; Filtering module, described filtering module is used for filtering the access of described main body to described object according to predetermined policy and described security attribute; Access modules, described access modules is used for calling the described object after described filtering module process.The present invention meets and minimizes authority principle, can guarantee the possibility strengthening software security, and have higher versatility.The invention also discloses a kind of security Enhancement Method for software.

Description

For security enhancement system and the method for software
Technical field
The present invention relates to technical field of the computer network, particularly a kind of security enhancement system for software and method.
Background technology
Current WindowsXp and IE is still mainstream operation system and the browser of most of netizen use.The safe access control mechanism of WindowsXp itself has its natural defect.For the operation of domestic consumer, a lot of function is unavailable again even cannot be started, so most of user is when using WindowsXp system, run with keeper's highest weight limit, as long as thus cause the code in browser or other software or plug-in unit to start a leak, so whole system will control by viral wooden horse.And the security protection of User space is insignificant substantially, because be easy to just be broken, such as hook technology is easy to just be resumed or directly walked around at User space.
The safe access control mechanism of traditional Windows can think ACL (AccessControlList, the Access Control List (ACL)) access control to WindowsXp itself.In the safe access control mechanism of Windows, there are two objects: one is main body, have the access token (token) that describes the authority that it has; Another is object, have one main body is described can the security descriptor (SECURITY_DESCRIPTOR) of operating right to it.Table 1 shows the structure of access token (main body).
Token source
Imitate type
Token ID
Certification ID
Amendment ID
Expired time
Main group that gives tacit consent to
The DACL of acquiescence
User account SID
Group 1SID
······
Group n SID
Limited SID1
······
Limited SIDn
Privilege 1
······
Privilege n
Table 1
Table 2 shows the structure of security descriptor (object).
Table 2
WindowsXp comprises two kinds of access control forms: self contained navigation and privilege access control.
(1) self contained navigation: authorized by the owner of object object (as file) or refused other people and access these objects.When user signs in in Windows system, they can obtain one group of security credence (access token).When they attempt access object time, the Access Control List (ACL) (DACL) on their security credence and object that they will access can compare, to determine whether to allow this user to access object object by system.Wherein, the security attribute of object object and security descriptor freely can be configured by owning user.
(2) privilege access controls:
Privilege refers to that an account performs the authority of certain operation relevant to system, such as, shuts down computer or changes time of system.Many operations that process performs in operational process cannot control authorization control by object accesses, because these operations are not come into contacts with a specific object.Privilege information is kept in main body (process) security credence (access token).Different privileges is defined by different assemblies, and also forced to use by these assemblies.Such as, debugging privilege is checked by process manager, and it makes a process can walk around safety inspection (self contained navigation) when utilizing WindowsAPI function OpenProcess to open the handle of another process.
In addition, the mandatory Access Control Mechanism MIC (MandatoryIntegrityControl) of Microsoft, although strengthen the security of Windows to a great extent, but this mechanism be only applicable to Windowsvista after system, and be unsuitable for the higher Windowsxp system of application popularization.
In sum, the safe machine of Windowsxp itself is shaped with a lot of limitation, mainly contains following 2 points:
(1) abuse of authority
The interactive session that Windows user's process is normally created by user.After authentication is passed through, LSA (local security authority subsystem) logs in session and an access token for user generates one, and the process that then logs in starts a Shell, normally Explorer.exe process for user.This process has the token of user, performs all working by with the identity of this user.When user call CreateProcessAPI start new process time, this process is inherited from the token of Explorer.exe process.
Therefore, the access token that most of consumer process of same user have, causes there are identical access rights to same object object.For definite functions and different consumer process, but have identical access rights, authority usually can be caused to be abused.
(2) authority is illegally promoted
Privilege and the use of privilege process can cause the illegal lifting of authority, before mention, privilege can walk around self contained navigation.As utilized SeLoadDriverPrivilege privilege can load driver program, and driver runs with System high rights account, causes authority to be promoted; Utilize SeDebug privilege can open any one process in system, carry out the injection of remote thread; Profit list, obtains the access right of object object.
The improper illegal lifting causing authority of priority assignation.Because third party software and user are not security expert, so it is extended often to there will be priority assignation, this also can cause authority to be promoted.The entitlement of any one object of protection can be obtained by SeTakeOwnership privilege, and then can self contained navigation be revised.Cause the reason of above defect to be in the access control mechanisms of Windows, the different processes of same user have identical access token, namely have identical access rights.In self contained navigation, the security attribute of object is determined by the object owner completely, namely can revise arbitrarily the access rights of object, and user often can not arrange object security attribute exactly.Generally speaking, the access control mechanisms of current Windows does not observe authority minimization principle.For the mandatory Access Control Mechanism MIC that Windowsvista occurs later, although security and ease for use are very strong, but only effective for the later system of vista, this, does not have any effect also using the user of windowsxp concerning major part.And this machine-processed scope is still excessive, can not arbitrarily configure.
Summary of the invention
Object of the present invention is intended at least solve one of above-mentioned technological deficiency.
First object of the present invention is to provide a kind of security enhancement system for software, and this system meets and minimizes authority principle, can guarantee the possibility strengthening software security, and have higher versatility.Second object of the present invention is to provide a kind of security Enhancement Method for software.
For achieving the above object, the embodiment of first aspect present invention proposes a kind of security enhancement system for software, comprising: configuration module, and described configuration module is for the security attribute of the object of the main body and described software that configure described software; Filtering module, described filtering module is used for filtering the access of described main body to described object according to predetermined policy and described security attribute; Access modules, described access modules is used for calling the described object after described filtering module process.
According to the security enhancement system for software of the embodiment of the present invention, feasibility and the security of system can be guaranteed, and use advanced system architecture, ensure that the portability of system, more meet and minimize authority principle, authority from up to down flows, and has strict control.Further, the present invention under the prerequisite of normal work, still can obtain extraordinary security control in the program of guarantee, and Control granularity is thinner, and security is stronger and have very strong versatility.
The embodiment of second aspect present invention provides a kind of security Enhancement Method for software, comprises the steps:
Configure the main body of described software and the security attribute of object;
The access of described main body to described object is filtered according to predetermined policy and described security attribute; And
Described object after filtering is called.
According to the security Enhancement Method for software of the embodiment of the present invention, feasibility and the security of system can be guaranteed, and use advanced system architecture, ensure that the portability of system, more meet and minimize authority principle, authority from up to down flows, and has strict control.Further, the present invention under the prerequisite of normal work, still can obtain extraordinary security control in the program of guarantee, and Control granularity is thinner, and security is stronger and have very strong versatility.
The aspect that the present invention adds and advantage will part provide in the following description, and part will become obvious from the following description, or be recognized by practice of the present invention.
Accompanying drawing explanation
The present invention above-mentioned and/or additional aspect and advantage will become obvious and easy understand from the following description of the accompanying drawings of embodiments, wherein:
Fig. 1 is the schematic diagram of the security enhancement system for software according to the embodiment of the present invention;
Fig. 2 is the Organization Chart of the security enhancement system for software according to the embodiment of the present invention;
Fig. 3 is the process flow diagram of the security Enhancement Method for software according to the embodiment of the present invention;
Fig. 4 is the overall schematic of the security Enhancement Method for software according to the embodiment of the present invention;
Fig. 5 is the process flow diagram of the software initial start-up host process according to the embodiment of the present invention;
Fig. 6 is the process flow diagram started according to the host process of the embodiment of the present invention;
Fig. 7 is the process flow diagram according to the limited subprocess of the establishment of the embodiment of the present invention;
Fig. 8 is the process flow diagram notified according to the acquisition access control of the embodiment of the present invention;
Fig. 9 is the process flow diagram of catching subprocess establishment according to the embodiment of the present invention; And
Figure 10 is the controlled subprocess control flow chart according to the embodiment of the present invention.
Embodiment
Be described below in detail embodiments of the invention, the example of described embodiment is shown in the drawings, and wherein same or similar label represents same or similar element or has element that is identical or similar functions from start to finish.Being exemplary below by the embodiment be described with reference to the drawings, only for explaining the present invention, and can not limitation of the present invention being interpreted as.
Disclosing hereafter provides many different embodiments or example is used for realizing different structure of the present invention.Of the present invention open in order to simplify, hereinafter the parts of specific examples and setting are described.Certainly, they are only example, and object does not lie in restriction the present invention.In addition, the present invention can in different example repeat reference numerals and/or letter.This repetition is to simplify and clearly object, itself does not indicate the relation between discussed various embodiment and/or setting.In addition, the various specific technique that the invention provides and the example of material, but those of ordinary skill in the art can recognize the property of can be applicable to of other techniques and/or the use of other materials.In addition, fisrt feature described below second feature it " on " structure can comprise the embodiment that the first and second features are formed as directly contact, also can comprise other feature and be formed in embodiment between the first and second features, such first and second features may not be direct contacts.
In describing the invention, it should be noted that, unless otherwise prescribed and limit, term " installation ", " being connected ", " connection " should be interpreted broadly, such as, can be mechanical connection or electrical connection, also can be the connection of two element internals, can be directly be connected, also indirectly can be connected by intermediary, for the ordinary skill in the art, the concrete meaning of above-mentioned term can be understood as the case may be.
With reference to description below and accompanying drawing, these and other aspects of embodiments of the invention will be known.Describe at these and in accompanying drawing, specifically disclose some particular implementation in embodiments of the invention, representing some modes of the principle implementing embodiments of the invention, but should be appreciated that the scope of embodiments of the invention is not limited.On the contrary, embodiments of the invention comprise fall into attached claims spirit and intension within the scope of all changes, amendment and equivalent.
Below with reference to Fig. 1 and Fig. 2, the security enhancement system for software according to the embodiment of the present invention is described.The security enhancement system that the embodiment of the present invention provides will force integrity control, and forced symmetric centralization and self contained navigation have carried out suitable fusion, are incorporated in the security control process of software.In an example of the present invention, software can be browser or other applications client.
As shown in Figure 1, the security enhancement system 1000 for software that the embodiment of the present invention provides, comprising: configuration module 100, filtering module 200 and access modules 300.The security enhancement system for software of the embodiment of the present invention is applicable to the operating system such as WindowsXp and WindowsVista, Windows7.
Configuration module 100 is for the security attribute of the main body of configuration software and the object of software.In one embodiment of the invention, main body comprises subprocess and the thread that the host process of software and thread, the limited subprocess of software creation and thread, software need to put forward power, and other carry power subprocess and thread.Object comprises the object that software needs call.
In an example of the present invention, object is passive entity of accepting the interview.Wherein, passive entity of accepting the interview can comprise file, registration table, process and other windows kernel objects.
In yet another embodiment of the present invention, the security attribute of object can be the white list of object, and namely the white list of configuration module 100 pairs of objects is configured.Wherein, the object that white list records is that the ACL that can walk around the security enhancement system for software of the present invention strengthens the object of safety inspection, and main body can random access or create object in white list.Wherein, can adjust the white list of object according to the needs of main body.
In an embodiment of the present invention, configuration module 100 can reload configuration item by DeviceIoControl order, add new object or adjustment object security attribute white list is set.Wherein, the object in white list is identified by the security attribute of object.
Filtering module 200 for according to predetermined policy and security attribute filtration body to the access of object.Particularly, process id and the unmatched process of theme filter by filtering module 200.In one embodiment of the invention, filtering module 200 can be multiple, and the access of corresponding main body to different objects is filtered respectively.Such as: ObjectHook filtering module (ObjectHookFilter), for filtering the access of main body to ObjectHook; Registration table filtering module (RegFilter), for filtering the access of main body to registration table; File filter module (FileFilter), filters for the access of main body to file.Be understandable that, above-mentioned polytype filtering module only for exemplary purposes, instead of in order to limit the present invention.Filtering module 200 can also comprise the filtering module of other types to filter the access of main body to other objects.
Access modules 300, for calling the object after filtering module 200 processes, is namely called the object after filtering module 200 filtration.Particularly, the interface of access modules 300 can be called by each filtering module 200, by role hierarchy inspection and scene access access authoritychecking, carries out the final decision of main object access rights.Judge the access of refusal main object according to final decision or agree to the access of main object.
In one embodiment of the invention, if object is arranged in white list, then access modules 300 agrees to the access of main object, otherwise determines whether main body can access object according to the security attribute of subject and object.Be understandable that, configuration module 100 can adjust the white list of object according to the needs of main body.
As shown in Figure 2, the security enhancement system 1000 for software that the embodiment of the present invention provides also comprises main body manager, Object Manager, configuration manager, filtration manager, ACL manager, access control asynchronous notifications module, Ring0 device control module.Wherein, main body manager is used for managing main body, and Object Manager is used for managing object.Particularly, main body manager can store main body, inquires about, adds and delete.Object Manager can store object, inquires about, adds and delete.
Filter manager and filter Windows for the mode of the access of object for arranging, and filter enabling and stopping of the filtering module (Filter) that manager can control to specify, and the dynamic interpolation function of Filter.In an example of the present invention, filtering manager can be single-piece.
Configuration module 100, by calling the interface of Object Manager, adds again to object.And configuration module 100 can when software initial start-up, and add the method for software host process main body, the process that the method can be filtered module 200 correspondence is called.
The interface of access modules 300 is by calling the Interface realization of main body manager and Object Manager to the inquiry of the security attribute of Subjective and Objective object.
Equipment controls asynchronous notifications module and utilizes the asynchronous overlapping I/O interface of Windows, access control notice is sent to the host process of software, the host process of such as browser.The host process of software obtains access control notice.It should be noted that, software host process can only obtain the notice of the process group relevant to self.
In one embodiment of the invention, access control notice can be asynchronous notifications queue.Wherein, this asynchronous notifications queue is relevant to host process.In other words, the host process of each software includes an independently asynchronous notifications queue.
ACL manager, for providing the inner establishment object acl feature used, adds, deletes and inquire about the associative operation of ACE (ACE) and SID (SecurityIdentifiers, secure identifier).
Ring0 device control module can realize most of external system interface, and what the control of responsible reception above-mentioned configuration module 100, filtering module 200 and access modules 300, realization configured reloads, main body RoleLevel finely tunes and the interpolation of object.Wherein, the corresponding Ring3ACL of configuration module 100, filtering module 200 and access modules 300 strengthens function.Wherein, Ring0 represents kernel state, Ring3 representative of consumer state.
Below in conjunction with Fig. 2, the function of the modules of the security enhancement system 1000 for software of the embodiment of the present invention is described.
DeviceIoControl control code is sent to Ring0 device control module.After control code that Ring0 device control module receives receiving " loading configuration ", call configuration module 100 by Ring0 device control module and read configuration from internal memory or registration table.If file configuration, then the deciphering of configuration module 100 calling data verifies configuration file with integrity checking submodule.Configuration file is read by data deciphering and integrity checking submodule.
In one embodiment of the invention, data deciphering and integrity checking submodule can adopt MD5 (MessageDigestAlgorithmMD5, Message Digest Algorithm 5) algorithm or Sha1 (SecureHashAlgorithm, Secure Hash Algorithm) algorithm.
In one embodiment of the invention, the configuration file that data deciphering and integrity checking submodule read is the file encrypted, and comprises the security information of main body and the security information of object.
Configuration module 100 calls Object Manager interface after obtaining configuration, creates relevant object, and comprising the security attribute creating object, current object is stateless.Object Manager calls the interface of ACL manager with the security attribute of initialization object.Access modules 300 to be correlated with object security information by Object Manager interface polls, and access modules 300 can pass through main body manager interface polls relative subject security information.Filtration manager calls access modules 300 and carries out relevant Decision.Access modules 300, by calling the interface of access control asynchronous notifications, produces access control asynchronous notifications.Ring0 device control module obtains access control asynchronous notifications from access control asynchronous notifications module.
In one embodiment of the invention, the security enhancement system 1000 for software of the embodiment of the present invention also comprises supplemental functionality, for other subsidiary functions such as generating log informations.
According to the security enhancement system for software of the embodiment of the present invention, realize the ACL secure access checking mechanism of the more careful and accurate reinforcement Windows of kernel-driven.The present invention can be applied to browser, while strengthening browser security in use, do not affect the normal use of user, and coordinate with User space program and set up a layer stereo system of defense, improve the success ratio that defence rogue program destroys, the risk of further reduction security breaches, makes up the deficiency of original security mechanism.Particularly, the security enhancement system for software of the embodiment of the present invention has following characteristics:
(1) adopt based on comparatively ripe safety theory and system (integrity control is forced in access control), ensure that system feasibility.
(2) with WRK (Windows increase income kernel) for reference to basis, guarantee the reliability and stability of system.
(3) loosely-coupled design and the lower data structure of the system degree of correlation is adopted, each functional module function is as far as possible single, and possesses reusability, is convenient to plug and connects, thus the possibility possessed to highest version Windows or 64 Windows operating system transplantation, ensure that portability.
(4) take into full account that the high frequency of system resource access is forthright, have employed a series of technological means, such as HASHTABLE, buffer memory reinforcement pond and efficient resource Read-Write Locks are synchronous, ensure that the high-performance of system.
(5) more meet and minimize authority principle.Particularly, the owner of resource can not change the security attribute of object, avoid the defect (abuse of authority and the illegal lifting of authority) of Windows security mechanism, only the host process (high authority process) of software can adjust the security attribute of Subjective and Objective.Authority from up to down flows, and has strict control.
Ensureing under the prerequisite that third party's subprocess (as Acrobatreader, Flashplayer etc.) normally works, third party's subprocess still can be made controlled, prevent third party's subprocess leak by malicious exploitation.Namely the Control granularity of Ring0ACL enhancing is thinner, and security is stronger.Thus, the possibility strengthening secure browser is guaranteed.
(6) security module of multiple client is applicable to, the versatility that tool is higher.
Below with reference to Fig. 3 to Figure 10, the security Enhancement Method for software of the embodiment of the present invention is described.The security Enhancement Method for software of the embodiment of the present invention is applicable to the operating system such as WindowsXp and WindowsVista, Windows7.
As shown in Figure 3, the security Enhancement Method for software of the embodiment of the present invention, comprises the steps:
S301: the main body of configuration software and the security attribute of object.
In one embodiment of the invention, main body comprises subprocess and the thread that the host process of software and thread, the limited subprocess of software creation and thread, software need to put forward power, and other carry power subprocess and thread.Object comprises the object that software needs call.
In an embodiment of the present invention, object is passive entity of accepting the interview.Wherein, passive entity of accepting the interview can comprise file, registration table, process and other windows kernel objects.
In yet another embodiment of the present invention, the security attribute of object can be the white list of object.Wherein, the object that white list records is to walk around the object that the security Enhancement Method for software of the present invention checks, main body can random access or create object in white list.
In an embodiment of the present invention, configuration item can be reloaded by DeviceIoControl order, add new object or adjustment object security attribute white list is set.Wherein, the object in white list is identified by the security attribute of object.
S302: according to predetermined policy and security attribute filtration body to the access of object.
Particularly, according to predetermined policy and security attribute filtration body to the access of object, comprise and process id and the unmatched process of theme are filtered.Can according to the difference of object, the access of corresponding main body to different objects is filtered respectively.Such as: ObjectHook filters and filters the access of reply main body to different object object; Registration table filters and filters the access of reply main body to registration table; The access of the corresponding main body of file filter to file is filtered.
S303: the object after filtering is called.
Particularly, by role hierarchy inspection and scene access access authoritychecking, carry out the final decision of main object access rights, according to final decision, object is called.As shown in Figure 4, judge the access of refusal main object according to final decision or agree to the access of main object.
In one embodiment of the invention, if object is arranged in white list, then agree to the access of main object, otherwise determine whether main body can access object according to the security attribute of subject and object.Be understandable that, the needs according to main body can adjust the white list of object.
Below with reference to Fig. 5, the flow process of software initial start-up host process is described.Wherein, software is described for browser.Wherein, the security of the above embodiment of the present invention step S301 to step S303 strengthens flow process is kernel-driven.Therefore, when software (such as browser) initiating switchup, need to load this driving and configuration item.
S501: user logs in the first time startup of browser host process.
S502: start ACL and strengthen Ring0 function.
S503: browser host process adjusts the default secure attribute of own body by DeviceIoControl.
S504: browser host process reloads configuration item by DeviceIoControl, the security attribute of initialization object.
In one embodiment of the invention, the security attribute of initialization object comprises the overall white list of initialization object.
S505: the security attribute of browser host process adjustment object.
In one embodiment of the invention, the security attribute of browser host process adjustment object comprises self-defined white list.Particularly, according to main body need adjust white list.
It should be noted that, step S505 is optional step.If browser host process does not need the security attribute adjusting object, then skip this step.
After software initial start-up, close this software, again start software, then do not need to load above-mentioned driving.Because this driving is resident, load for the first time.Now, the host process of software only needs to driving amendment response message.Below with reference to Fig. 6, the flow process that software host process starts is described.
S601: browser host process starts.
S602: browser host process adjusts the default secure attribute of own body by DeviceIoControl.
S603: the security attribute of browser host process adjustment subprocess.
S604: the security attribute of browser host process adjustment object.
In one embodiment of the invention, the security attribute of browser host process adjustment object comprises self-defined white list.Particularly, according to main body need adjust white list.
It should be noted that, step S603 and S604 is optional step.If browser host process does not need the security attribute adjusting subprocess and object, then skip corresponding step.
The security of above-described embodiment step S301 to step S303 strengthens requirements of process and limits according to process, and therefore the establishment of limited subprocess needs notice to drive.Below with reference to Fig. 7, the flow process creating limited subprocess is described.
S701: browser host process arranges the default secure attribute of the main body subprocess that the next one is created by DeviceIoControl.
S702: browser host process creates limited subprocess or carries power subprocess.
S703: the security attribute of browser host process adjustment subprocess.
It should be noted that, step S703 is optional step.If browser host process does not need the security attribute adjusting subprocess, then skip this step.
According to debugging and performance test requirement, need the notice obtaining access control.Below with reference to Fig. 8, the flow process obtaining access control notice is described.
S801: browser host process initiated access controls notice and obtains thread.
S802: access control notice obtains thread and controls notice by asynchronous IO read access.
S803: the display access of browser host process controls notice.
Strengthen in kernel in above-mentioned safety, automatically can catch subprocess and create, thus determine whether allow create and arrange default security attribute.Below with reference to Fig. 9, the flow process of catching subprocess establishment is described.
S901:Filter process catches the establishment of correlator process.
S902: the association main body of searching the ID of this correlator process.If can find, then carry out the cleaning work of being correlated with.
S903: according to object white list and Subjective and Objective security attribute, judges whether this subprocess can create.
S904: if passable, then Filter process is according to the default secure attribute of next subprocess or white list security attribute, arranges the security attribute of current controlled subprocess.
Below with reference to Figure 10, the control flow of controlled subprocess is described.
S1001: browser main body (controlled subprocess), when browsing Web, accesses object resource.
S1002:Filter process captures opening of browser main object or creates access.
S1003: first search object white list, if this object is in white list, then allows principal access.
If this white list object is process, then this object still can become controlled subprocess after creating.
S1004: if be not white list object, then judge whether main body can access object according to the security attribute of subject and object.
According to the security Enhancement Method for software of the embodiment of the present invention, realize the ACL secure access checking mechanism of the more careful and accurate reinforcement Windows of kernel-driven.The present invention can be applied to browser, while strengthening browser security in use, do not affect the normal use of user, and coordinate with User space program and set up a layer stereo system of defense, improve the success ratio that defence rogue program destroys, the risk of further reduction security breaches, makes up the deficiency of original security mechanism.Particularly, the security Enhancement Method for software of the embodiment of the present invention has following characteristics:
(1) adopt based on comparatively ripe safety theory and system (integrity control is forced in access control), ensure that system feasibility.
(2) with WRK (Windows increase income kernel) for reference to basis, guarantee the reliability and stability of system.
(3) loosely-coupled design and the lower data structure of the system degree of correlation is adopted, each functional module function is as far as possible single, and possesses reusability, is convenient to plug and connects, thus the possibility possessed to highest version Windows or 64 Windows operating system transplantation, ensure that portability.
(4) take into full account that the high frequency of system resource access is forthright, have employed a series of technological means, such as HASHTABLE, buffer memory reinforcement pond and efficient resource Read-Write Locks are synchronous, ensure that the high-performance of system.
(5) more meet and minimize authority principle.Particularly, the owner of resource can not change the security attribute of object, avoid the defect (abuse of authority and the illegal lifting of authority) of Windows security mechanism, only the host process (high authority process) of software can adjust the security attribute of Subjective and Objective.Authority from up to down flows, and has strict control.
Ensureing under the prerequisite that third party's subprocess (as Acrobatreader, Flashplayer etc.) normally works, third party's subprocess still can be made controlled, prevent third party's subprocess leak by malicious exploitation.Namely the Control granularity of Ring0ACL enhancing is thinner, and security is stronger.Thus, the possibility strengthening secure browser is guaranteed.
(6) security module of multiple client is applicable to, the versatility that tool is higher.
Describe and can be understood in process flow diagram or in this any process otherwise described or method, represent and comprise one or more for realizing the module of the code of the executable instruction of the step of specific logical function or process, fragment or part, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can not according to order that is shown or that discuss, comprise according to involved function by the mode while of basic or by contrary order, carry out n-back test, this should understand by embodiments of the invention person of ordinary skill in the field.
In flow charts represent or in this logic otherwise described and/or step, such as, the sequencing list of the executable instruction for realizing logic function can be considered to, may be embodied in any computer-readable medium, for instruction execution system, device or equipment (as computer based system, comprise the system of processor or other can from instruction execution system, device or equipment instruction fetch and perform the system of instruction) use, or to use in conjunction with these instruction execution systems, device or equipment.With regard to this instructions, " computer-readable medium " can be anyly can to comprise, store, communicate, propagate or transmission procedure for instruction execution system, device or equipment or the device that uses in conjunction with these instruction execution systems, device or equipment.The example more specifically (non-exhaustive list) of computer-readable medium comprises following: the electrical connection section (electronic installation) with one or more wiring, portable computer diskette box (magnetic device), random access memory (RAM), ROM (read-only memory) (ROM), erasablely edit ROM (read-only memory) (EPROM or flash memory), fiber device, and portable optic disk ROM (read-only memory) (CDROM).In addition, computer-readable medium can be even paper or other suitable media that can print described program thereon, because can such as by carrying out optical scanning to paper or other media, then carry out editing, decipher or carry out process with other suitable methods if desired and electronically obtain described program, be then stored in computer memory.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, multiple step or method can with to store in memory and the software performed by suitable instruction execution system or firmware realize.Such as, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: the discrete logic with the logic gates for realizing logic function to data-signal, there is the special IC of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is that the hardware that can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, this program perform time, step comprising embodiment of the method one or a combination set of.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, also can be that the independent physics of unit exists, also can be integrated in a module by two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and the form of software function module also can be adopted to realize.If described integrated module using the form of software function module realize and as independently production marketing or use time, also can be stored in a computer read/write memory medium.
The above-mentioned storage medium mentioned can be ROM (read-only memory), disk or CD etc.
In the description of this instructions, specific features, structure, material or feature that the description of reference term " embodiment ", " some embodiments ", " example ", " concrete example " or " some examples " etc. means to describe in conjunction with this embodiment or example are contained at least one embodiment of the present invention or example.In this manual, identical embodiment or example are not necessarily referred to the schematic representation of above-mentioned term.And the specific features of description, structure, material or feature can combine in an appropriate manner in any one or more embodiment or example.
Although illustrate and describe embodiments of the invention, for the ordinary skill in the art, be appreciated that and can carry out multiple change, amendment, replacement and modification to these embodiments without departing from the principles and spirit of the present invention, scope of the present invention is by claims and equivalency thereof.

Claims (10)

1. for a security enhancement system for software, it is characterized in that, comprising:
Configuration module, described configuration module is for the security attribute of the object of the main body and described software that configure described software, wherein, the security attribute of the main body and object that configure described software comprises the white list configuring described object, wherein, described main body comprises subprocess and the thread that the host process of described software and thread, the limited subprocess of described software creation and thread and described software need to put forward power, and described object comprises the object that described software needs call;
Filtering module, described filtering module is used for filtering the access of described main body to described object according to predetermined policy and described security attribute; And
Access modules, described access modules is used for calling the described object after described filtering module process, wherein, if described object is arranged in white list, then described access modules agrees to the access of described main body to described object, if described object is not arranged in white list, then according to the security attribute of described main body and described object, described access modules determines whether described main body can access described object.
2. system according to claim 1, is characterized in that, described object is passive entity of accepting the interview.
3. system according to claim 2, is characterized in that, described passive entity of accepting the interview comprises file, registration table and process.
4. system according to claim 1, is characterized in that, described access modules needs according to described main body the white list adjusting described object.
5. system according to claim 1, is characterized in that, process id and the unmatched process of described main body filter by described filtering module.
6., for a security Enhancement Method for software, it is characterized in that, comprise the following steps:
Configure the main body of described software and the security attribute of object, wherein, the security attribute of the main body and object that configure described software comprises the white list configuring described object, wherein, described main body comprises subprocess and the thread that the host process of described software and thread, the limited subprocess of described software creation and thread and described software need to put forward power, and described object comprises the object that described software needs call;
The access of described main body to described object is filtered according to predetermined policy and described security attribute; And
Described object after filtering is called, wherein, if described object is arranged in white list, then agree to the access of described main body to described object, if described object is not arranged in white list, then determine whether described main body can access described object according to the security attribute of described main body and described object.
7. method according to claim 6, is characterized in that, described object is passive entity of accepting the interview.
8. method according to claim 7, is characterized in that, described passive entity of accepting the interview comprises file, registration table and process.
9. method according to claim 6, is characterized in that, needs according to described main body the white list adjusting described object.
10. method according to claim 6, is characterized in that, filters the access of described main body to described object comprise and process id and the unmatched process of described main body being filtered according to predetermined policy and described security attribute.
CN201210123531.0A 2012-04-24 2012-04-24 For security enhancement system and the method for software Active CN102663321B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210123531.0A CN102663321B (en) 2012-04-24 2012-04-24 For security enhancement system and the method for software

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210123531.0A CN102663321B (en) 2012-04-24 2012-04-24 For security enhancement system and the method for software

Publications (2)

Publication Number Publication Date
CN102663321A CN102663321A (en) 2012-09-12
CN102663321B true CN102663321B (en) 2016-01-13

Family

ID=46772807

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210123531.0A Active CN102663321B (en) 2012-04-24 2012-04-24 For security enhancement system and the method for software

Country Status (1)

Country Link
CN (1) CN102663321B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104036166B (en) * 2014-06-11 2017-12-15 中国人民解放军国防科学技术大学 The user of forced symmetric centralization is supported to put forward power method
CN109684824B (en) * 2014-12-29 2021-09-03 北京奇虎科技有限公司 Process permission configuration method and device
KR101716690B1 (en) * 2015-05-28 2017-03-15 삼성에스디에스 주식회사 Unauthorized data access blocking method and computing apparatus having Unauthorized data access blocking function
CN105072111A (en) * 2015-08-07 2015-11-18 新浪网技术(中国)有限公司 Method and device for java security verification in PaaS system
CN111008041B (en) * 2019-12-04 2022-03-11 北京百度网讯科技有限公司 Command processing method and device for host, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006127497A (en) * 2004-10-29 2006-05-18 Microsoft Corp Efficient white listing of user-modifiable file
CN101256570A (en) * 2008-02-22 2008-09-03 山东中创软件工程股份有限公司 File protection technique based on Windows system files filtering drive
CN102194074A (en) * 2011-04-26 2011-09-21 北京思创银联科技股份有限公司 Computer protection method based on process right
CN102375956A (en) * 2010-08-19 2012-03-14 北京市国路安信息技术有限公司 Method of constructing Unix trusted platform based on Unix system call redirected mechanism

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8381297B2 (en) * 2005-12-13 2013-02-19 Yoggie Security Systems Ltd. System and method for providing network security to mobile devices
CN101778109A (en) * 2010-01-13 2010-07-14 苏州国华科技有限公司 Construction method for access control policy and system thereof
CN101827091A (en) * 2010-03-26 2010-09-08 浪潮电子信息产业股份有限公司 Method for detecting Solaris system fault by utilizing mandatory access control
CN101977111B (en) * 2010-10-15 2012-08-15 北京工业大学 Anti-spam method based on privacy protection

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006127497A (en) * 2004-10-29 2006-05-18 Microsoft Corp Efficient white listing of user-modifiable file
CN101256570A (en) * 2008-02-22 2008-09-03 山东中创软件工程股份有限公司 File protection technique based on Windows system files filtering drive
CN102375956A (en) * 2010-08-19 2012-03-14 北京市国路安信息技术有限公司 Method of constructing Unix trusted platform based on Unix system call redirected mechanism
CN102194074A (en) * 2011-04-26 2011-09-21 北京思创银联科技股份有限公司 Computer protection method based on process right

Also Published As

Publication number Publication date
CN102663321A (en) 2012-09-12

Similar Documents

Publication Publication Date Title
US10348774B2 (en) Method and system for managing security policies
RU2678496C2 (en) Device policy manager
EP3671508B1 (en) Customizing operating system kernels with secure kernel modules
CN102112990B (en) Granting least privilege access for computing processes
US7529931B2 (en) Managing elevated rights on a network
CN102663321B (en) For security enhancement system and the method for software
CN112118224A (en) Trusted mechanism authority management method and system for big data block chain
US20120124675A1 (en) Apparatus and method for managing digital rights through hooking a kernel native api
Benzel et al. Design principles for security
JP2007128205A (en) Confidential file protection method
CN105827645B (en) Method, equipment and system for access control
CN104318176A (en) Terminal and data management method and device thereof
US7203697B2 (en) Fine-grained authorization using mbeans
CN108228353A (en) resource access control method, device and corresponding terminal
CN103778379B (en) Application in management equipment performs and data access
Pramanik et al. Security policies to mitigate insider threat in the document control domain
CN107566375B (en) Access control method and device
US8132261B1 (en) Distributed dynamic security capabilities with access controls
US9231955B1 (en) Multiparty authorization for controlling resource access
CN115186269A (en) Vulnerability mining method and device, storage medium and electronic equipment
JP2007004610A (en) Complex access approval method and device
CN114861160A (en) Method, device, equipment and storage medium for improving non-administrator account authority
Jaidi et al. The problem of integrity in RBAC-based policies within relational databases: synthesis and problem study
Hameed et al. A Blockchain-based Decentralised and Dynamic Authorisation Scheme for the Internet of Things
CN104809392A (en) Systemic protection method and systemic protecting device based on Windows progress

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant