CN102880815A - Application program temporary storage space-based protection method and system - Google Patents
Application program temporary storage space-based protection method and system Download PDFInfo
- Publication number
- CN102880815A CN102880815A CN2012102998314A CN201210299831A CN102880815A CN 102880815 A CN102880815 A CN 102880815A CN 2012102998314 A CN2012102998314 A CN 2012102998314A CN 201210299831 A CN201210299831 A CN 201210299831A CN 102880815 A CN102880815 A CN 102880815A
- Authority
- CN
- China
- Prior art keywords
- storage space
- program
- interim storage
- protected
- shared
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides an application program temporary storage space-based protection method and an application program temporary storage space-based protection system. The protection method comprises the following steps of: acquiring related information about a temporary storage space occupied by a protected program in a running process; and monitoring whether an unprotected program tries to read/write the temporary storage space occupied by the protected program or not based on the acquired related information about the temporary storage space, and if the unprotected program tries to read/write the temporary storage space occupied by the protected program, stopping the unprotected program reading/writing the temporary storage space occupied by the protected program. According to the scheme, whether the unprotected program tries to read/write the temporary storage space occupied by the protected program or not is judged by monitoring the related information about the temporary storage space in an instruction of reading/writing the temporary storage space by the unprotected program running in computer equipment on the basis of the related information about the temporary storage space occupied by the protected program, so that the problem that a clear text part in a memory can be stolen during the running of an encryption program can be solved.
Description
Technical field
The present invention relates to a kind of means of defence of program, particularly relate to a kind of method and system of coming guard process by the shared internal memory of watchdog routine.
Background technology
Along with the development of enterprise, enterprise more and more payes attention to encryption and the management of internal document.Usually, enterprise staff is decoded to document by the program of opening this internal document when using the internal document of encrypting by computer equipment, is and dedicates the employee to.This mode can prevent effectively that the external staff from reading or copying document.Yet; this mode can only be protected document itself; when the document is opened by program; will inevitably in shared internal memory, store document or document information during the program operation; at this moment the document of storing in the internal memory or document information are the plaintext forms, even this is so that the document that process is encrypted also has the possibility expressly to occur.This document for enterprises leaks provides possibility.
In order more fully to protect the enterprises document, need a kind of measure that can protect the shared storage spaces such as internal memory of program of operation document, read or distort by rogue program with the cleartext information that prevents from being stored in the internal memory.
Summary of the invention
The shortcoming of prior art the object of the present invention is to provide a kind of means of defence based on the interim storage space of application program and system in view of the above, is read or distorts by rogue program with the cleartext information that prevents from being stored in the internal memory.
Reach for achieving the above object other relevant purposes, the invention provides a kind of means of defence based on the interim storage space of application program, it comprises at least: the 1) relevant information of program shared interim storage space in operational process of protecting of Real-time Obtaining; 2) based on the relevant information of the interim storage space that obtains; whether monitoring has not protected program to attempt the shared interim storage space of program that read/write is protected; if; the shared interim storage space of program that then stops not protected program read/write to be protected; if not, then allow the corresponding interim storage space of not protected program read/write.
Preferably; in described step 2) in the monitoring mode that whether has not protected program to attempt the shared interim storage space of program that read/write protects comprise: monitor the instruction of the interim storage space of read/write that not protected program sends; and the relevant information of the interim storage space that the relevant information of the interim storage space in the described instruction and the current program of protecting of obtaining is shared mates, and determines whether to stop the interim storage space of not protected program read/write based on matching result.
Preferably, when matching result that the relevant information that does not find with the shared interim storage space of the current program of protecting of obtaining is complementary, described step 2) also comprises: based on the relevant information of interim storage space in the described instruction, obtain other relevant informations relevant with the relevant information of interim storage space in the described instruction, and the relevant information of the interim storage space that other relevant informations of obtaining and the program of protecting is shared mates, and determines whether to stop the interim storage space of not protected program read/write based on matching result;
When the matching result that also do not obtain being complementary; continue to obtain other relevant relevant informations of other relevant informations of obtaining with the last coupling cycle; and the relevant information repeated matching of the interim storage space that current other relevant informations of obtaining and the program of protecting is shared; until current other relevant informations of obtaining are the information that is stored in the internal memory, and determine whether to stop the interim storage space of not protected program read/write based on matching result.
Preferably, in described step 2) when stoping the interim storage space of not protected program read/write, described method also comprises: information from the shared interim storage space failure of program that not protected program read/write protects to the user that send.
Preferably, described interim storage space comprises following a kind of at least: memory headroom, stack space.
Preferably, the relevant information of described interim storage space comprises following a kind of at least: the program of protecting in the address information of when operation shared internal memory when canned data, the program protected are in operation in shared internal memory, pointer information, the storage of pointing to the shared memory address of the program protected point to the stack address of the pointer information of the shared memory address of the program protected.
Based on above-mentioned purpose, the present invention also provides a kind of guard system based on the interim storage space of application program, and it comprises: acquisition module is used for program that Real-time Obtaining protects in the relevant information of the shared interim storage space of operational process; Monitoring module; be used for the relevant information based on the interim storage space that obtains; whether monitoring has not protected program to attempt the shared interim storage space of program that read/write is protected; if; the shared interim storage space of program that then stops not protected program read/write to be protected; if not, then allow the corresponding interim storage space of not protected program read/write.
Preferably; described monitoring module comprises: the first sub-monitoring module; be used for the instruction of the interim storage space of read/write that the not protected program of monitoring sends; and the relevant information of the interim storage space that the relevant information of the interim storage space in the described instruction and the current program of protecting of obtaining is shared mates, and determines whether to stop the interim storage space of not protected program read/write based on matching result.
Preferably, when matching result that the relevant information that does not find with the shared interim storage space of the current program of protecting of obtaining is complementary, the described first sub-monitoring module also comprises: the second sub-monitoring module, be used for the relevant information based on the interim storage space of described instruction, obtain other relevant informations relevant with the relevant information of interim storage space in the described instruction, and the relevant information of the interim storage space that other relevant informations of obtaining and the program of protecting is shared mates, and determines whether to stop the interim storage space of not protected program read/write based on matching result;
When the matching result that also do not obtain being complementary; the described second sub-monitoring module continues to obtain other relevant relevant informations of other relevant informations of obtaining with the last coupling cycle; and the relevant information repeated matching of the interim storage space that current other relevant informations of obtaining and the program of protecting is shared; until current other relevant informations of obtaining are the information that is stored in the internal memory, and determine whether to stop the interim storage space of not protected program read/write based on matching result.
Preferably; when described monitoring module stops the interim storage space of not protected program read/write; described system also comprises: display module is used for sending the information that not protected program is attempted the shared interim storage space failure of program that read/write protects to the user.
Preferably, the relevant information of described interim storage space comprises following a kind of at least: the program of protecting in the address information of when operation shared internal memory when canned data, the program protected are in operation in shared internal memory, pointer information, the storage of pointing to the shared memory address of the program protected point to the stack address of the pointer information of the shared memory address of the program protected.
As mentioned above, means of defence and system based on the interim storage space of application program of the present invention, has following beneficial effect: monitor the mutual instruction of the not protected program that operates in the computer equipment and interim storage space based on the relevant information of the shared interim storage space of the program of protecting of obtaining, determine whether that so not protected program attempts the shared interim storage space of program that read/write is protected, this mode can thoroughly solve the problem that the part of the plaintext in internal memory still can be stolen when encipheror moves; In addition, when stop not protected program read/write to be protected the shared interim storage space of program the time, have program to attempt the information of the shared interim storage space of another program of read/write to user's prompting, so that the user processes the invasion program.
Description of drawings
Fig. 1 is shown as the process flow diagram of the means of defence based on the interim storage space of application program of the present invention.
Fig. 2 is shown as a kind of process flow diagram preferred embodiment of the means of defence based on the interim storage space of application program of the present invention.
Fig. 3 is shown as another process flow diagram preferred embodiment of the means of defence based on the interim storage space of application program of the present invention.
Fig. 4 is shown as the structural representation of the guard system based on the interim storage space of application program of the present invention.
Fig. 5 is shown as a kind of structural representation preferred embodiment of the guard system based on the interim storage space of application program of the present invention.
The element numbers explanation
1 guard system
11 acquisition modules
12 monitoring modules
121 first sub-monitoring modules
122 second sub-monitoring modules
13 display modules
S1 ~ S3, S20-S23, S20 '-S27 ' step
Embodiment
Below by specific instantiation explanation embodiments of the present invention, those skilled in the art can understand other advantages of the present invention and effect easily by the disclosed content of this instructions.The present invention can also be implemented or be used by other different embodiment, and the every details in this instructions also can be based on different viewpoints and application, carries out various modifications or change under the spirit of the present invention not deviating from.
Fig. 1 is the process flow diagram of a kind of means of defence based on the interim storage space of application program of the present invention.Described means of defence based on the interim storage space of application program is mainly carried out by guard system.Described guard system is the application module that is installed in the computer equipment.This computer equipment is a kind ofly can carry out automatically, at high speed the modernized intelligent electronic device of massive values computation and various information processings according to the program of prior storage, and its hardware includes but not limited to microprocessor, embedded device etc.Described guard system starts along with described computer equipment start.
In step S1, the relevant information of program shared interim storage space in operational process that described guard system Real-time Obtaining is protected.Wherein, the program of protecting refers to the predefined claimed program of described guard system; it includes but not limited to: the application program of document class, the application program of communication class etc.; when the program start protected, described guard system begins the relevant information of program shared interim storage space in operational process that Real-time Obtaining protects.The application program of described document class comprises but is not limited to: word program, Adobe program etc., the application program of described communication class comprises but is not limited to: instant communication software etc.For example, when a word document was opened, described guard system began the relevant information of Real-time Obtaining word program shared interim storage space in operational process.Described interim storage space comprise any in described program operation process the shared and storage space that when program is not reruned, discharges, it includes but not limited to: stack space, memory headroom etc.The relevant information of described interim storage space comprises any information that can directly or indirectly indicate the content of storing in the internal memory; preferably, the relevant information of described interim storage space includes but not limited to: during the operation of the program protected in shared internal memory canned data, the program protected shared memory address, pointer information, the storage of pointing to the shared memory address of the program protected when operation point to the stack address etc. of the pointer information of the shared memory address of the program protected.
Particularly; the relevant information of program shared interim storage space in operational process that the default interface Real-time Obtaining of described guard system utilization is protected; program with toilet protection opens up in operational process/when discharging interim storage space, and the described relevant information of real-time update.
Need to prove, it should be appreciated by those skilled in the art that described guard system utilization is default that interface obtains the mode of program relevant information of shared interim storage space in operational process of protecting, be not described in detail in this.
For example, the default interface of described guard system utilization obtains the relevant information of program shared interim storage space in operational process of protecting every 5ms.
And for example, the program of protecting utilizes default interface that the relevant information of shared interim storage space is offered described guard system in real time in operational process.
In step S2; described guard system is based on the relevant information of the interim storage space of obtain; whether monitoring has not protected program to attempt the shared interim storage space of program that read/write is protected; if; the shared interim storage space of program that then stops not protected program read/write to be protected; if not, then allow the corresponding interim storage space of not protected program read/write.
Particularly, described step S2 comprises step S20-step S25.
In step S20; the instruction of the interim storage space of read/write that the not protected program of described guard system monitoring is sent, and the relevant information of the interim storage space that the relevant information of interim storage space in the described instruction and the current program of protecting of obtaining is shared is mated.
In step S21, the interim storage space that the program that described guard system determines whether to stop not protected program read/write to protect based on matching result is shared, if, change step S22 over to, if not, change step S23 over to.
In step S22, the shared interim storage space of program that described guard system stops not protected program read/write to be protected preferably, continues step S3.
In step S23, described guard system allows the corresponding interim storage space of not protected program read/write.
In step S3, described guard system sends the information of the shared interim storage space failure of program that not protected program read/write protects to the user.
For example; described guard system based on the relevant information that step S1 gets access to the shared interim storage space of the program b that protects is: the memory address section b1-b20 that program b is shared; point to the pointer information of the shared memory address section b1-b20 of described program b; the instruction that monitors from program a the instruction of the interim storage space of read/write that described guard system this moment also sends from the not protected program of monitoring is: when reading the instruction of the pointer information that points to memory address b3; described guard system mates described instruction middle finger one by one to the relevant information of the shared interim storage space of the pointer information of memory address b3 and program b; and when in " pointing to the pointer information of the shared memory address section b1-b20 of described program b ", finding the matching result that is complementary with " pointing to the pointer information of memory address b3 "; stop described program a to read the pointer information that points to memory address b3, and the information that will stop described program a to read the pointer information that points to memory address b3 is presented on the affiliated computer screen of described guard system.
More preferably, as shown in Figure 3, described step S2 comprises: step S20 '-S27 '.
Need to prove, those skilled in the art should understand that, step S20-step S22 is same or similar among step S20 ' shown in Fig. 3-step S22 ' and the embodiment shown in Figure 2, step S27 ' described in Fig. 3 is same or similar with the step S23 among the embodiment shown in Figure 2, is not described in detail in this.
When described guard system does not find the matching result that the relevant information with the shared interim storage space of the current program of protecting of obtaining is complementary yet in step S21 ', enter step S23 '.
In step S23 '; described guard system is based on the relevant information of interim storage space in the described instruction; obtain other relevant informations relevant with the relevant information of interim storage space in the described instruction, and the relevant information of the interim storage space that other relevant informations of obtaining and the program of protecting is shared is mated.
In step S24 ', described guard system determines whether to stop the interim storage space of not protected program read/write based on matching result, if, change step S22 ' over to, if not, change step S25 ' over to.
In step S25 '; other relevant informations that described guard system obtained based on the last coupling cycle; continue to obtain other relevant relevant informations of other relevant informations of obtaining with the last coupling cycle, and the relevant information repeated matching of the interim storage space that current other relevant informations of obtaining and the program of protecting is shared.
In step S26 ', described guard system judges whether current other relevant informations of obtaining are the information that is stored in the internal memory, if not, then change step S24 ' over to, if then enter step S27 '.
For example; described guard system based on the relevant information that step S1 gets access to the shared interim storage space of the program c ' that protects is: canned data among the address field c1 ' of internal memory-c20 '; the instruction that described guard system also monitors from program d ' in the instruction of the interim storage space of read/write that the not protected program of monitoring is sent at this moment is: the instruction of reading stack address D1 '; wherein; depositing among the described stack address D1 ' and pointing to memory address is c18 '-c20 '; and memory address is the pointer information of d30 '; the described guard system first relevant information of the interim storage space that the stack address D1 ' in the described instruction and program c ' is shared mates; and obtain the matching result of failing to mate; then; described guard system obtains among the described stack address D1 ' institute based on the last coupling cycle and deposits that to point to memory address be c18 '-c20 '; the pointer information of d30 '; the relevant information of the interim storage space that described pointer information and program c ' is shared is mated again; and obtain the matching result of failing to mate; then described guard system continue to obtain described pointer information separately corresponding memory address be c18 '-c20 '; the storage information of storing among the d30 '; the relevant information of the interim storage space that the described storage information obtained and program c ' is shared is mated again; and the matching result that is complementary of the storage information of to obtain memory address be the storage information of storing among c18 '-c20 ' and program c ' storage in the address field c18 ' of shared internal memory-c20 '; then, described guard system stop program d ' to read storage based on described matching result to point to memory address be the stack address of the pointer information of c18 '-c20 '.
As shown in Figure 4, the present invention also provides a kind of guard system based on the interim storage space of application program.Described guard system 1 comprises: acquisition module 11, monitoring module 12.
Described acquisition module 11 is used for program that Real-time Obtaining protects in the relevant information of the shared interim storage space of operational process.Wherein, the program of protecting refers to described acquisition module 11 predefined claimed programs; it includes but not limited to: the application program of document class, the application program of communication class etc.; when the program start protected, the relevant information of program shared interim storage space in operational process that described acquisition module 11 beginning Real-time Obtainings are protected.The application program of described document class comprises but is not limited to: word program, Adobe program etc., the application program of described communication class comprises but is not limited to: instant communication software etc.For example, when a word document was opened, described guard system began the relevant information of Real-time Obtaining office program shared interim storage space in operational process.Described interim storage space comprise any in described program operation process the shared and storage space that when program is not reruned, discharges, it includes but not limited to: stack space, memory headroom etc.The relevant information of described interim storage space comprises any information that can directly or indirectly indicate the content of storing in the internal memory; preferably, the relevant information of described interim storage space includes but not limited to: during the operation of the program protected in shared internal memory canned data, the program protected shared memory address, pointer information, the storage of pointing to the shared memory address of the program protected when operation point to the stack address etc. of the pointer information of the shared memory address of the program protected.
Particularly; the relevant information of program shared interim storage space in operational process that the default interface Real-time Obtaining of described acquisition module 11 utilizations is protected; program with toilet protection opens up in operational process/when discharging interim storage space, and the described relevant information of real-time update.
Need to prove, it should be appreciated by those skilled in the art that described acquisition module 11 utilizes default interface to obtain the mode of program relevant information of shared interim storage space in operational process of protecting, is not described in detail in this.
For example, described acquisition module 11 utilizes default interface to obtain the relevant information of program shared interim storage space in operational process of protecting every 5ms.
And for example, the program of protecting utilizes default interface that the relevant information of shared interim storage space is offered described acquisition module 11 in real time in operational process.
The relevant information that described monitoring module 12 is used for based on the interim storage space of obtain; whether monitoring has not protected program to attempt the shared interim storage space of program that read/write is protected; if; the shared interim storage space of program that then stops not protected program read/write to be protected; if not, then allow the corresponding interim storage space of not protected program read/write.Particularly, as shown in Figure 4, described monitoring module 12 comprises the first sub-monitoring module 121.
The described first sub-monitoring module 121 is used for the instruction of the interim storage space of read/write that the not protected program of monitoring sends; and the relevant information of the interim storage space that the relevant information of interim storage space in the described instruction and the current program of protecting of obtaining is shared is mated; and the shared interim storage space of program that determines whether to stop not protected program read/write to protect based on matching result; if; the shared interim storage space of program that then stops not protected program read/write to be protected; if not, then allow the corresponding interim storage space of not protected program read/write.
For example; the described first sub-monitoring module 121 based on the relevant information that described acquisition module 11 gets access to the shared interim storage space of the program b that protects is: the memory address section b1-b20 that program b is shared; point to the pointer information of the shared memory address section b1-b20 of described program b; the instruction that monitors from program a the instruction of the interim storage space of read/write that 121 this moments of the described first sub-monitoring module also send from the not protected program of monitoring is: when reading the instruction of the pointer information that points to memory address b3; the described first sub-monitoring module 121 mates described instruction middle finger one by one to the relevant information of the shared interim storage space of the pointer information of memory address b3 and program b; and when in " pointing to the pointer information of the shared memory address section b1-b20 of described program b ", finding the matching result that is complementary with " pointing to the pointer information of memory address b3 ", stop described program a to read the pointer information that points to memory address b3.
Preferably, as shown in Figure 5, described monitoring module 12 also comprises the second sub-monitoring module 122.
When the described first sub-monitoring module 121 does not find the matching result that the relevant information with the shared interim storage space of the current program of protecting of obtaining is complementary, the relevant information that the described second sub-monitoring module 122 is used for based on the interim storage space of described instruction, obtain other relevant informations relevant with the relevant information of interim storage space in the described instruction, and the relevant information of the interim storage space that other relevant informations of obtaining and the program of protecting is shared mates, and determines whether to stop the interim storage space of not protected program read/write based on matching result;
When the matching result that also do not obtain being complementary; other relevant informations that the described second sub-monitoring module 122 also obtains based on the last coupling cycle; continue to obtain other relevant relevant informations of other relevant informations of obtaining with the last coupling cycle; and the relevant information repeated matching of the interim storage space that current other relevant informations of obtaining and the program of protecting is shared; until current other relevant informations of obtaining are the information that is stored in the internal memory, and determine whether to stop the interim storage space of not protected program read/write based on matching result.
For example, the described first sub-monitoring module 121 gets access to the program c that protects based on described acquisition module 11: the information of the address field c1-c20 of stored memory, point to the pointer information of the shared memory address section c1-c20 of described program c, the instruction that the described first sub-monitoring module 121 also monitors from program d in the instruction of the interim storage space of read/write that the not protected program of monitoring is sent at this moment is: reading storage sensing memory address is c18-c20, and memory address is the instruction of stack address D1 of the pointer information of d30, the described first sub-monitoring module 121 mates based on the relevant information of the shared interim storage space of the stack address D1 in the described instruction and the program c that obtains first, obtains the matching result of failing to be complementary; Then, the described second sub-monitoring module 122 obtains the pointer information of storing in the corresponding storehouse of described stack address D1, the relevant information of the interim storage space that described pointer information and the described program c of current sensing of obtaining is shared is mated again, and the matching result that is complementary of the pointer information that obtains pointing to the shared memory address section c1-c20 of pointer information that memory address is c18-c20 and described program c, then the described second sub-monitoring module 122 stop described program d to read storage to point to memory address be the stack address of the pointer information of c18-c20.
And for example; the described first sub-monitoring module 121 based on the relevant information that described acquisition module 11 gets access to the shared interim storage space of the program c ' that protects is: canned data among the address field c1 ' of internal memory-c20 '; the instruction that the described first sub-monitoring module 121 also monitors from program d ' in the instruction of the interim storage space of read/write that the not protected program of monitoring is sent at this moment is: the instruction of reading stack address D1 '; wherein; depositing among the described stack address D1 ' and pointing to memory address is c18 '-c20 '; and memory address is the pointer information of d30 '; the described guard system first relevant information of the interim storage space that the stack address D1 ' in the described instruction and program c ' is shared mates; and obtain the matching result of failing to mate; then; the described second sub-monitoring module 122 obtains among the described stack address D1 ' institute based on the last coupling cycle and deposits that to point to memory address be c18 '-c20 '; the pointer information of d30 '; the relevant information of the interim storage space that described pointer information and program c ' is shared is mated again; and obtain the matching result of failing to mate; then the described second sub-monitoring module 122 continue to obtain described pointer information separately corresponding memory address be c18 '-c20 '; the storage information of storing among the d30 '; the relevant information of the interim storage space that the described storage information obtained and program c ' is shared is mated again; and the matching result that is complementary of the storage information of to obtain memory address be the storage information of storing among c18 '-c20 ' and program c ' storage in the address field c18 ' of shared internal memory-c20 '; then, the described second sub-monitoring module 122 stop program d ' to read storage based on described matching result to point to memory address be the stack address of the pointer information of c18 '-c20 '.
More preferably, when described monitoring module 12 stoped the interim storage space of not protected program read/write, described guard system 1 also comprised: display module 13.
Described display module 13 sends the information of the shared interim storage space failure of program that not protected program read/write protects to the user.
For example, when described monitoring module 12 stops content in the shared internal memory of program e fetch program f, the information that described display module 13 will stop the content in the shared internal memory of program e fetch program f is illustrated on the display interface of described display module 13 place computer equipments with the form of pop-up box, so that the user knows rear operation of program e being killed process operation or bolt down procedure e etc.
In sum, means of defence and system based on the interim storage space of application program of the present invention, can monitor the mutual instruction of the not protected program that operates in the computer equipment and interim storage space based on the relevant information of the shared interim storage space of the program of protecting of obtaining, determine whether that so not protected program attempts the shared interim storage space of program that read/write is protected, this mode can thoroughly solve the problem that the part of the plaintext in internal memory still can be stolen when encipheror moves; In addition, when stop not protected program read/write to be protected the shared interim storage space of program the time, have program to attempt the information of the shared interim storage space of another program of read/write to user's prompting, so that the user processes the invasion program.So the present invention has effectively overcome various shortcoming of the prior art and the tool high industrial utilization.
Above-described embodiment is illustrative principle of the present invention and effect thereof only, but not is used for restriction the present invention.Any person skilled in the art scholar all can be under spirit of the present invention and category, and above-described embodiment is modified or changed.Therefore, have in the technical field under such as and know that usually the knowledgeable modifies or changes not breaking away from all equivalences of finishing under disclosed spirit and the technological thought, must be contained by claim of the present invention.
Claims (10)
1. the means of defence based on the interim storage space of application program is characterized in that, comprises at least:
1) relevant information of program shared interim storage space in operational process of protecting of Real-time Obtaining;
2) based on the relevant information of the interim storage space that obtains; whether monitoring has not protected program to attempt the shared interim storage space of program that read/write is protected; if; the shared interim storage space of program that then stops not protected program read/write to be protected; if not, then allow the corresponding interim storage space of not protected program read/write.
2. the means of defence based on the interim storage space of application program according to claim 1 is characterized in that, in described step
2) mode that whether monitoring has not protected program to attempt the shared interim storage space of program that read/write protects in comprises: monitor the instruction of the interim storage space of read/write that not protected program sends; and the relevant information of the interim storage space that the relevant information of the interim storage space in the described instruction and the current program of protecting of obtaining is shared mates, and determines whether to stop the interim storage space of not protected program read/write based on matching result.
3. the means of defence based on the interim storage space of application program according to claim 2; it is characterized in that; when matching result that the relevant information that does not also find with the shared interim storage space of the current program of protecting of obtaining is complementary, described step 2) also comprise:
Relevant information based on interim storage space in the described instruction, obtain other relevant informations relevant with the relevant information of interim storage space in the described instruction, and the relevant information of the interim storage space that other relevant informations of obtaining and the program of protecting is shared mates, and determines whether to stop the interim storage space of not protected program read/write based on matching result;
When the matching result that also do not obtain being complementary; continue to obtain other relevant relevant informations of other relevant informations of obtaining with the last coupling cycle; and the relevant information repeated matching of the interim storage space that current other relevant informations of obtaining and the program of protecting is shared; until current other relevant informations of obtaining are the information that is stored in the internal memory, and determine whether to stop the interim storage space of not protected program read/write based on matching result.
4. the means of defence based on the interim storage space of application program according to claim 1; it is characterized in that; in described step 2) when stoping the interim storage space of not protected program read/write, described method also comprises: send the information that not protected program is attempted the shared interim storage space failure of program that read/write protects to the user.
5. the means of defence based on the interim storage space of application program according to claim 1; it is characterized in that, the relevant information of described interim storage space comprises following a kind of at least: the program of protecting in the address information of when operation shared internal memory when canned data, the program protected are in operation in shared internal memory, pointer information, the storage of pointing to the shared memory address of the program protected point to the stack address of the pointer information of the shared memory address of the program protected.
6. the guard system based on the interim storage space of application program is characterized in that, comprises at least:
Acquisition module is used for program that Real-time Obtaining protects in the relevant information of the shared interim storage space of operational process; Monitoring module; be used for the relevant information based on the interim storage space that obtains; whether monitoring has not protected program to attempt the shared interim storage space of program that read/write is protected; if; the shared interim storage space of program that then stops not protected program read/write to be protected; if not, then allow the corresponding interim storage space of not protected program read/write.
7. the guard system based on the interim storage space of application program according to claim 6 is characterized in that, described monitoring module comprises:
The first sub-monitoring module; be used for the instruction of the interim storage space of read/write that the not protected program of monitoring sends; and the relevant information of the interim storage space that the relevant information of the interim storage space in the described instruction and the current program of protecting of obtaining is shared mates, and determines whether to stop the interim storage space of not protected program read/write based on matching result.
8. the guard system based on the interim storage space of application program according to claim 7; it is characterized in that; when the described first sub-monitoring module did not find the matching result that the relevant information with the shared interim storage space of the current program of protecting of obtaining is complementary, described monitoring module also comprised:
The second sub-monitoring module, be used for the relevant information based on the interim storage space of described instruction, obtain other relevant informations relevant with the relevant information of interim storage space in the described instruction, and the relevant information of the interim storage space that other relevant informations of obtaining and the program of protecting is shared mates, and determines whether to stop the interim storage space of not protected program read/write based on matching result;
When the matching result that also do not obtain being complementary; the described second sub-monitoring module continues to obtain other relevant relevant informations of other relevant informations of obtaining with the last coupling cycle; and the relevant information repeated matching of the interim storage space that current other relevant informations of obtaining and the program of protecting is shared; until current other relevant informations of obtaining are the information that is stored in the internal memory, and determine whether to stop the interim storage space of not protected program read/write based on matching result.
9. the guard system based on the interim storage space of application program according to claim 6; it is characterized in that; when described monitoring module stops the interim storage space of not protected program read/write; described system also comprises: display module is used for sending the information that not protected program is attempted the shared interim storage space failure of program that read/write protects to the user.
10. the guard system based on the interim storage space of application program according to claim 6; it is characterized in that, the relevant information of described interim storage space comprises following a kind of at least: the program of protecting in the address information of when operation shared internal memory when canned data, the program protected are in operation in shared internal memory, pointer information, the storage of pointing to the shared memory address of the program protected point to the stack address of the pointer information of the shared memory address of the program protected.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210299831.4A CN102880815B (en) | 2012-08-21 | 2012-08-21 | Based on means of defence and the system of application program temporary memory space |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210299831.4A CN102880815B (en) | 2012-08-21 | 2012-08-21 | Based on means of defence and the system of application program temporary memory space |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102880815A true CN102880815A (en) | 2013-01-16 |
| CN102880815B CN102880815B (en) | 2016-02-03 |
Family
ID=47482137
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210299831.4A Expired - Fee Related CN102880815B (en) | 2012-08-21 | 2012-08-21 | Based on means of defence and the system of application program temporary memory space |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102880815B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1511286A (en) * | 2001-04-04 | 2004-07-07 | 先进微装置公司 | Method and apparatus for securing portions of memory |
| CN101110044A (en) * | 2007-08-28 | 2008-01-23 | 中兴通讯股份有限公司 | Method and system for internal memory monitoring management |
| CN101561775A (en) * | 2009-05-12 | 2009-10-21 | 华为技术有限公司 | Method and device for monitoring memory |
| CN102375947A (en) * | 2010-08-16 | 2012-03-14 | 伊姆西公司 | Method and system for isolating computing environment |
-
2012
- 2012-08-21 CN CN201210299831.4A patent/CN102880815B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1511286A (en) * | 2001-04-04 | 2004-07-07 | 先进微装置公司 | Method and apparatus for securing portions of memory |
| CN101110044A (en) * | 2007-08-28 | 2008-01-23 | 中兴通讯股份有限公司 | Method and system for internal memory monitoring management |
| CN101561775A (en) * | 2009-05-12 | 2009-10-21 | 华为技术有限公司 | Method and device for monitoring memory |
| CN102375947A (en) * | 2010-08-16 | 2012-03-14 | 伊姆西公司 | Method and system for isolating computing environment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102880815B (en) | 2016-02-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9536113B2 (en) | Information processing apparatus, information processing system, and computer program product | |
| Schwarz et al. | JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks. | |
| US8954752B2 (en) | Building and distributing secure object software | |
| CN105224864B (en) | A kind of progress of work method of randomization and system for resisting code reuse attack | |
| CN101261664B (en) | A method for realizing software protection based on the program code stored in the software protection device | |
| US9135435B2 (en) | Binary translator driven program state relocation | |
| CN105393255A (en) | Process evaluation for malware detection in virtual machines | |
| CN103842971A (en) | System and method for indirect interface monitoring and plumb-lining | |
| US9037823B2 (en) | Protecting IAT/EAT hooks from rootkit attacks using new CPU assists | |
| CN107430555B (en) | Cache and data organization for memory protection | |
| CN103679060B (en) | Encryption method and encryption device | |
| CN109558372B (en) | Apparatus and method for secure processor | |
| CN103164643A (en) | Method and device using hardware to debug | |
| US10185633B2 (en) | Processor state integrity protection using hash verification | |
| KR20090051107A (en) | System and method for securely saving a program context to a shared memory | |
| CN103116715A (en) | API (application programming interface) delay import protection method for executable files of Windows platform | |
| Krishnan et al. | Secure intermittent computing protocol: Protecting state across power loss | |
| CN110096871A (en) | A kind of multi-core environment process kernel stack guard method based on hardware virtualization | |
| CN112384914A (en) | Protecting artificial intelligence models using virtual security models | |
| CN105659247B (en) | The proactive Threat Management system of context-aware | |
| CN107045605A (en) | A kind of real-time metrics method and device | |
| CN107330336B (en) | Instant encryption and decryption method and system for memory page of Linux operating system | |
| CN116776394A (en) | Equipment safety protection method, system, equipment and medium | |
| CN102880815A (en) | Application program temporary storage space-based protection method and system | |
| WO2018233321A1 (en) | Data determination method applied to distributed storage system and distributed storage system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20170908 Address after: 214125. -20-403, 58 embroidered Road, Binhu District, Binhu District, Jiangsu, Wuxi Patentee after: JIANGSU CINSEC INFORMATION TECHNOLOGY CO., LTD. Address before: 200433, room 1, building 335, No. 6006, National Road, Shanghai, Yangpu District Patentee before: Shanghai Cinsec Information Technology Co., Ltd. |
|
| TR01 | Transfer of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160203 Termination date: 20190821 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |