CN102819709A - Method and device for realizing system safety - Google Patents

Method and device for realizing system safety Download PDF

Info

Publication number
CN102819709A
CN102819709A CN2012102915631A CN201210291563A CN102819709A CN 102819709 A CN102819709 A CN 102819709A CN 2012102915631 A CN2012102915631 A CN 2012102915631A CN 201210291563 A CN201210291563 A CN 201210291563A CN 102819709 A CN102819709 A CN 102819709A
Authority
CN
China
Prior art keywords
bag
operating system
rescue
receiving
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2012102915631A
Other languages
Chinese (zh)
Other versions
CN102819709B (en
Inventor
万钰臻
孙鹏
汪文俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xiaomi Technology Co Ltd
Original Assignee
Beijing Xiaomi Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xiaomi Technology Co Ltd filed Critical Beijing Xiaomi Technology Co Ltd
Priority to CN201210291563.1A priority Critical patent/CN102819709B/en
Publication of CN102819709A publication Critical patent/CN102819709A/en
Application granted granted Critical
Publication of CN102819709B publication Critical patent/CN102819709B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Alarm Systems (AREA)

Abstract

The invention discloses a method for realizing system safety, which is used for improving the system safety. The method comprises the following steps of: receiving an application package by an operation system; determining a safety package which is responsible for the safety of the received application package by the operation system; and sending the received application package to the determined safety package by the operation system to indicate the safety package to carry out treatment of a safety aspect on the received application package. The invention further discloses a device for realizing the method.

Description

A kind of method and device of realizing security of system
Technical field
The present invention relates to computing machine and safety technique field, relate in particular to a kind of method and device of realizing security of system.
Background technology
Along with development of Communication Technique, electronic equipments such as computing machine and portable terminal are widely used.Thing followed security of system problem also becomes the focus of concern.
At present, the implementation procedure of security of system is following, referring to shown in Figure 1:
Case antivirus software on operating system in advance.
Step 101: the system entry table is revised in antivirus software operation back.Have only this antivirus software can carry out the virus killing function this moment, and other antivirus software can't be realized.
Step 102: antivirus software is monitored each port in real time.
Step 103: antivirus software finds to have application software to need to install through monitoring.
Step 104: antivirus software is looked into poison to application software to be installed.
Step 105: if do not find virus, then antivirus software allows application software to continue to install.
This shows that the system entry table is all antivirus software resources shared, in a period of time, can only take, move simultaneously so can't realize a plurality of antivirus softwares by an antivirus software.
Summary of the invention
The embodiment of the invention provides a kind of method and device of realizing security of system, is used to improve security of system.
A kind of method that realizes security of system may further comprise the steps: operating system receives uses bag; Operating system confirms to be used to the rescue bag of the application bag safety being responsible for receiving; The application bag that operating system will be received sends to definite rescue bag, the application bag of receiving is carried out the processing of secure context with the indication rescue bag.In the present embodiment each rescue bag no longer shared system go into oral thermometer, by the rescue bag active process use bag change into operating system initiatively the dispensing applications bag give rescue bag.Carry out overall scheduling by operating system, improved security of system.Operating system can be responsible for assigning application to a plurality of rescue bags through overall scheduling, thereby can realize that a plurality of rescue bags move simultaneously.
Preferably; The step that operating system confirms to be used to the rescue bag of the application bag safety being responsible for receiving comprises: operating system confirms to be used to the rescue bag of the application bag safety being responsible for receiving according to the descriptor of rescue bag; Wherein, Descriptor comprises the functional description of the secure context that rescue bag provides, and operating system obtains this descriptor in the installation process of installation kit.Operating system can be known the function of each rescue bag through descriptor in the present embodiment, and then can confirm the rescue bag of the said application bag of imputability safety more accurately.
Preferably, the operating system step of confirming to be used for the rescue bag of the application bag safety being responsible for receiving comprises: operating system confirms to be used to the rescue bag of the application bag safety being responsible for receiving from user configured rescue bag.
Preferably, use of comprising in installation procedure, file and the message or multinomial.Using bag in the present embodiment can be any data that need security monitoring that operating system receives.
A kind of method that realizes security of system may further comprise the steps: security module finds that through monitoring operating system receives the application bag; Security module receives the application bag that operating system is sent; Rescue bag carries out the processing of secure context to the application bag of receiving.No longer need revise the system entry table after the security module operation, receive and just can carry out safe handling after application is wrapped using bag.Mutual exclusion can not take place between a plurality of rescue bags, can move simultaneously.
Preferably, security module finds that through monitoring also comprise step: security module sends to operating system with descriptor in installation process before the operating system reception application bag, and wherein, descriptor comprises the functional description of the secure context that rescue bag provides.Security module offers operating system with the function of self supporting, so that operating system is dispatched security module more accurately.
A kind of device of realizing security of system comprises:
Interface module is used for receiving using and wraps;
Enquiry module is used to confirm to be used to the rescue bag of the application bag safety being responsible for receiving;
Distribution module is used for the application bag of receiving is sent to definite rescue bag, the application bag of receiving is carried out the processing of secure context with the indication rescue bag.
8, device as claimed in claim 7; It is characterized in that; Enquiry module confirms to be used to the rescue bag of the application bag safety being responsible for receiving according to the descriptor of rescue bag; Wherein, descriptor comprises the functional description of the secure context that rescue bag provides, and enquiry module obtains this descriptor through interface module in the installation process of installation kit.
Enquiry module confirms to be used to the rescue bag of the application bag safety being responsible for receiving from user configured rescue bag.
Use of comprising in installation procedure, file and the message or multinomial.
A kind of device of realizing security of system comprises:
Monitoring module is used for finding that through monitoring operating system receives the application bag;
Interface module is used to receive the application bag that operating system is sent;
Processing module is used for the application bag of receiving is carried out the processing of secure context.
Interface module also is used in installation process descriptor being sent to operating system, and wherein, descriptor comprises the functional description of the secure context that rescue bag provides.
Other features and advantages of the present invention will be set forth in instructions subsequently, and, partly from instructions, become obvious, perhaps understand through embodiment of the present invention.The object of the invention can be realized through the structure that in the instructions of being write, claims and accompanying drawing, is particularly pointed out and obtained with other advantages.
Through accompanying drawing and embodiment, technical scheme of the present invention is done further detailed description below.
Description of drawings
Accompanying drawing is used to provide further understanding of the present invention, and constitutes the part of instructions, is used to explain the present invention with embodiments of the invention, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the method flow diagram of antivirus software monitoring installation procedure in the prior art;
Fig. 2 is a method flow diagram of realizing operating system side in the security of system process in the embodiment of the invention;
Fig. 3 is a method flow diagram of realizing rescue bag side in the security of system process in the embodiment of the invention;
Fig. 4 is the implementation method process flow diagram of security of system when using bag for installation procedure in the embodiment of the invention;
Fig. 5 is the implementation method process flow diagram of security of system when using bag for note in the embodiment of the invention;
Fig. 6 is the structural drawing of operating system device in the embodiment of the invention;
Fig. 7 is the structural drawing of safety feature in the embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing the preferred embodiments of the present invention are described, should be appreciated that preferred embodiment described herein only is used for explanation and explains the present invention, and be not used in qualification the present invention.
In the present embodiment each rescue bag no longer shared system go into oral thermometer, by the rescue bag active process use bag change into operating system initiatively the dispensing applications bag give rescue bag.Carry out overall scheduling by operating system, improved security of system.Operating system can be responsible for assigning application to a plurality of rescue bags through overall scheduling, thereby can realize that a plurality of rescue bags move simultaneously.
Referring to Fig. 2, realize in the present embodiment that the method flow of operating system side in the security of system process is following:
Step 201: operating system receives uses bag.
Step 202: operating system confirms to be used to the rescue bag of the application bag safety being responsible for receiving.
Step 203: the application bag that operating system will be received sends to definite rescue bag, the application bag of receiving is carried out the processing of secure context with the indication rescue bag.
In step 202; Concrete implementation has multiple; Confirm to be used to the rescue bag of the application bag safety being responsible for receiving according to the descriptor of rescue bag like operating system; Wherein, descriptor comprises the functional description of the secure context that rescue bag provides, and operating system obtains this descriptor in the installation process of installation kit.And/or operating system confirms to be used to the rescue bag of the application bag safety being responsible for receiving from user configured rescue bag.That is to say that operating system is according to descriptor, from user configured rescue bag, confirm to be used to the rescue bag of the application bag safety being responsible for receiving.If from user configured rescue bag, can't confirm to be used to the rescue bag of the application bag safety being responsible for receiving, then operating system is selected from the rescue bag of other operation, does not perhaps select rescue bag, does not promptly carry out safe handling to using bag.
Application bag in the present embodiment comprises in installation procedure, file and the message one or multinomial.That is to say that any data of safe handling that need all belong to the application bag in the present embodiment.To different application bags multiple corresponding rescue bag can be arranged.For example use bag and be installation procedure or file (comprising text and multimedia file etc.), then rescue bag is an antivirus software.And for example use bag and be note, rescue bag is filtering short message device (can be independently safe control, also can belong to certain antivirus software).Perhaps, use bag and be web data, rescue bag is the home page filter device.
Owing to carry out the active scheduling by operating system in the present embodiment, therefore simplified the realization of rescue bag, introduce in the face of the implementation procedure of rescue bag side down.
Referring to Fig. 3, realize in the present embodiment that the method flow of rescue bag side in the security of system process is following:
Step 301: security module finds that through monitoring operating system receives the application bag.
Step 302: security module receives the application bag that operating system is sent.
Step 303: rescue bag carries out the processing of secure context to the application bag of receiving.
Security module is found through monitoring can also in installation process, descriptor be sent to operating system before the operating system reception application bag, and wherein, descriptor comprises the functional description of the secure context that rescue bag provides.
Come to introduce in detail implementation procedure through two exemplary embodiments below.
Referring to Fig. 4, the implementation method flow process of security of system is following when using bag for installation procedure in the present embodiment:
Step 401: operating system receives the install request of installation procedure.
Step 402: operating system is confirmed rescue bag according to install request.The rescue bag that should confirm can be for having the antivirus software that file carries out the checking and killing virus function is installed.
Step 403: operating system sends to rescue bag with the path of installation procedure.This step is equivalent to installation procedure is sent to rescue bag.
Step 404: rescue bag carries out checking and killing virus according to the path of receiving to installation procedure, and the killing result is returned to operating system.
If operating system sends to a plurality of rescue bags with the path in step 403, a plurality of rescue bag execution in step 404 can be arranged then.
If what operating system was received is not find that virus or virus removes extremely, then continues step 405, otherwise continue step 406.
Step 405: operating system allows installation procedure to continue to install.
Step 406: operating system refusal installation procedure continues to install.
Referring to Fig. 5, the implementation method flow process of security of system is following when using bag for note in the present embodiment:
Step 501: operating system receives note.
Step 502: operating system is confirmed rescue bag according to note.The rescue bag that should confirm can be for having the filtrator that note is carried out filtering function.
Step 503: operating system sends to rescue bag with note.
Step 504: rescue bag filters note, and filter result is returned to operating system.
If operating system sends to a plurality of rescue bags with note in step 503, a plurality of rescue bag execution in step 504 can be arranged then.
If what operating system was received is to filter the result who passes through, then continues step 505, otherwise continue step 506.
Step 505: operating system is exported short message prompt to the user.
Step 506: operating system is not exported short message prompt to the user.This moment, operating system can abandon this note, perhaps note was classified in the refuse messages.
Understood the implementation procedure of security of system through above description, this process can be realized by device, introduces in the face of the inner structure and the function of device down.
Referring to Fig. 6, the operating system device comprises in the present embodiment: interface module 601, enquiry module 602 and distribution module 603.
Interface module 601 is used for receiving using wraps.
Enquiry module 602 is used to confirm to be used to the rescue bag of the application bag safety being responsible for receiving.
Distribution module 603 is used for the application bag of receiving is sent to definite rescue bag, the application bag of receiving is carried out the processing of secure context with the indication rescue bag.
Preferable; Enquiry module 602 confirms to be used to the rescue bag of the application bag safety being responsible for receiving according to the descriptor of rescue bag; Wherein, Descriptor comprises the functional description of the secure context that rescue bag provides, and enquiry module 602 obtains this descriptor through interface module 601 in the installation process of installation kit.And/or enquiry module 602 confirms to be used to the rescue bag of the application bag safety being responsible for receiving from user configured rescue bag.
Use of comprising in installation procedure, file and the message or multinomial in the present embodiment.
Referring to Fig. 7, safety feature comprises in the present embodiment: monitoring module 701, interface module 702 and processing module 703.
Monitoring module 701 is used for finding that through monitoring operating system receives the application bag.
Interface module 702 is used to receive the application bag that operating system is sent.Interface module 702 also is used in installation process descriptor being sent to operating system, and wherein, descriptor comprises the functional description of the secure context that rescue bag provides.
Processing module 703 is used for the application bag of receiving is carried out the processing of secure context.
In the present embodiment each rescue bag no longer shared system go into oral thermometer, by the rescue bag active process use bag change into operating system initiatively the dispensing applications bag give rescue bag.Carry out overall scheduling by operating system, improved security of system.Operating system can be responsible for assigning application to a plurality of rescue bags through overall scheduling, thereby can realize that a plurality of rescue bags move simultaneously.Rescue bag in the present embodiment is not confined to antivirus software, can be any safe control, and use bag and also be not limited to installation procedure, can be the data that any need carry out security monitoring.Therefore present embodiment is applicable to the security monitoring of total system.Operating system in the present embodiment and security module can be applicable on the electronic equipments such as computing machine and portable terminal.
Those skilled in the art should understand that embodiments of the invention can be provided as method, system or computer program.Therefore, the present invention can adopt the form of the embodiment of complete hardware embodiment, complete software implementation example or combination software and hardware aspect.And the present invention can be employed in the form that one or more computer-usable storage medium (including but not limited to magnetic disk memory and optical memory etc.) that wherein include computer usable program code go up the computer program of implementing.
The present invention is that reference is described according to the process flow diagram and/or the block scheme of method, equipment (system) and the computer program of the embodiment of the invention.Should understand can be by the flow process in each flow process in computer program instructions realization flow figure and/or the block scheme and/or square frame and process flow diagram and/or the block scheme and/or the combination of square frame.Can provide these computer program instructions to the processor of multi-purpose computer, special purpose computer, Embedded Processor or other programmable data processing device to produce a machine, make the instruction of carrying out through the processor of computing machine or other programmable data processing device produce to be used for the device of the function that is implemented in flow process of process flow diagram or a plurality of flow process and/or square frame of block scheme or a plurality of square frame appointments.
These computer program instructions also can be stored in ability vectoring computer or the computer-readable memory of other programmable data processing device with ad hoc fashion work; Make the instruction that is stored in this computer-readable memory produce the manufacture that comprises command device, this command device is implemented in the function of appointment in flow process of process flow diagram or a plurality of flow process and/or square frame of block scheme or a plurality of square frame.
These computer program instructions also can be loaded on computing machine or other programmable data processing device; Make on computing machine or other programmable devices and to carry out the sequence of operations step producing computer implemented processing, thereby the instruction of on computing machine or other programmable devices, carrying out is provided for being implemented in the step of the function of appointment in flow process of process flow diagram or a plurality of flow process and/or square frame of block scheme or a plurality of square frame.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, belong within the scope of claim of the present invention and equivalent technologies thereof if of the present invention these are revised with modification, then the present invention also is intended to comprise these changes and modification interior.

Claims (12)

1. a method that realizes security of system is characterized in that, may further comprise the steps:
Operating system receives uses bag;
Operating system confirms to be used to the rescue bag of the application bag safety being responsible for receiving;
The application bag that operating system will be received sends to definite rescue bag, the application bag of receiving is carried out the processing of secure context with the indication rescue bag.
2. the method for claim 1; It is characterized in that; The step that operating system confirms to be used to the rescue bag of the application bag safety being responsible for receiving comprises: operating system confirms to be used to the rescue bag of the application bag safety being responsible for receiving according to the descriptor of rescue bag; Wherein, descriptor comprises the functional description of the secure context that rescue bag provides, and operating system obtains this descriptor in the installation process of installation kit.
3. according to claim 1 or claim 2 method; It is characterized in that the step that operating system confirms to be used for the rescue bag of the application bag safety being responsible for receiving comprises: operating system confirms to be used to the rescue bag of the application bag safety being responsible for receiving from user configured rescue bag.
4. the method for claim 1 is characterized in that, uses of comprising in installation procedure, file and the message or multinomial.
5. a method that realizes security of system is characterized in that, may further comprise the steps:
Security module finds that through monitoring operating system receives the application bag;
Security module receives the application bag that operating system is sent;
Rescue bag carries out the processing of secure context to the application bag of receiving.
6. method as claimed in claim 5; It is characterized in that; Security module is found before the operating system reception application bag through monitoring; Also comprise step: security module sends to operating system with descriptor in installation process, and wherein, descriptor comprises the functional description of the secure context that rescue bag provides.
7. a device of realizing security of system is characterized in that, comprising:
Interface module is used for receiving using and wraps;
Enquiry module is used to confirm to be used to the rescue bag of the application bag safety being responsible for receiving;
Distribution module is used for the application bag of receiving is sent to definite rescue bag, the application bag of receiving is carried out the processing of secure context with the indication rescue bag.
8. device as claimed in claim 7; It is characterized in that; Enquiry module confirms to be used to the rescue bag of the application bag safety being responsible for receiving according to the descriptor of rescue bag; Wherein, descriptor comprises the functional description of the secure context that rescue bag provides, and enquiry module obtains this descriptor through interface module in the installation process of installation kit.
9. like claim 7 or 8 described devices, it is characterized in that enquiry module confirms to be used to the rescue bag of the application bag safety being responsible for receiving from user configured rescue bag.
10. device as claimed in claim 7 is characterized in that, uses of comprising in installation procedure, file and the message or multinomial.
11. a device of realizing security of system is characterized in that, comprising:
Monitoring module is used for finding that through monitoring operating system receives the application bag;
Interface module is used to receive the application bag that operating system is sent;
Processing module is used for the application bag of receiving is carried out the processing of secure context.
12. device as claimed in claim 11 is characterized in that, interface module also is used in installation process descriptor being sent to operating system, and wherein, descriptor comprises the functional description of the secure context that rescue bag provides.
CN201210291563.1A 2012-08-15 2012-08-15 A kind of method and device realizing security of system Active CN102819709B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210291563.1A CN102819709B (en) 2012-08-15 2012-08-15 A kind of method and device realizing security of system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210291563.1A CN102819709B (en) 2012-08-15 2012-08-15 A kind of method and device realizing security of system

Publications (2)

Publication Number Publication Date
CN102819709A true CN102819709A (en) 2012-12-12
CN102819709B CN102819709B (en) 2016-03-30

Family

ID=47303819

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210291563.1A Active CN102819709B (en) 2012-08-15 2012-08-15 A kind of method and device realizing security of system

Country Status (1)

Country Link
CN (1) CN102819709B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060075052A1 (en) * 2004-09-17 2006-04-06 Jeroen Oostendorp Platform for Intelligent Email Distribution
CN101299660A (en) * 2007-04-30 2008-11-05 华为技术有限公司 Method, system and equipment for executing security control
CN101894225A (en) * 2004-11-08 2010-11-24 微软公司 The system and method for assembling the knowledge base of antivirus software applications

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060075052A1 (en) * 2004-09-17 2006-04-06 Jeroen Oostendorp Platform for Intelligent Email Distribution
CN101894225A (en) * 2004-11-08 2010-11-24 微软公司 The system and method for assembling the knowledge base of antivirus software applications
CN101299660A (en) * 2007-04-30 2008-11-05 华为技术有限公司 Method, system and equipment for executing security control

Also Published As

Publication number Publication date
CN102819709B (en) 2016-03-30

Similar Documents

Publication Publication Date Title
EP3241142B1 (en) Malware detection
US9141801B2 (en) Apparatus and method for analyzing permission of application for mobile devices and detecting risk
EP3716671A1 (en) Payment assistance method, apparatus and device
CN109338325B (en) Control method and system of coating equipment, coating equipment and storage medium
CN105446811B (en) Application process is associated with starting method and association starter
US10104063B2 (en) Android-based mobile equipment security protection method, and device
US20160103716A1 (en) Method for using shared device in apparatus capable of operating two operating systems
CN104020999A (en) Management method and system of application programs
CN104461747A (en) Distributed type task scheduling system
CN104468993A (en) Method for checking messages
CN108259243A (en) Data processing method, terminal and computer storage media based on micro services Technical Architecture
CN110704131B (en) Method and device for calling native application by HTML5 application
CN104915594B (en) Application program operation method and device
CN104252388B (en) Untrusted environment in mobile device and the switching between trusted context
WO2015184754A1 (en) Mobile terminal and method for exchanging calling cards between mobile terminals
CN101021891A (en) Process management method and device
CN105635231A (en) Calling method and apparatus of distributed system
CN106293962B (en) Method and device for calling system command
KR20140134987A (en) Device and method for securing computer
CN103034811A (en) File processing method and system and device
CN102819709A (en) Method and device for realizing system safety
CN106855824B (en) Task stopping method and device and electronic equipment
CN103490898A (en) E-mail collection authorization method, device and system
CN103294527A (en) Method, system, and server for processing network task
CN104994225A (en) Short message sending control method and short message sending control device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C53 Correction of patent of invention or patent application
CB02 Change of applicant information

Address after: 100085 Beijing city Haidian District Qinghe Street No. 68 Huarun colorful city shopping center two floor 13

Applicant after: Xiaomi Technology Co., Ltd.

Address before: 100102, No. 50, block B, building No. 12, winding stone world building, Wangjing West Road, Beijing, Chaoyang District

Applicant before: Beijing Xiaomi Technology Co., Ltd.

C14 Grant of patent or utility model
GR01 Patent grant