CN102880815B - Based on means of defence and the system of application program temporary memory space - Google Patents
Based on means of defence and the system of application program temporary memory space Download PDFInfo
- Publication number
- CN102880815B CN102880815B CN201210299831.4A CN201210299831A CN102880815B CN 102880815 B CN102880815 B CN 102880815B CN 201210299831 A CN201210299831 A CN 201210299831A CN 102880815 B CN102880815 B CN 102880815B
- Authority
- CN
- China
- Prior art keywords
- program
- memory space
- temporary memory
- protected
- shared
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The invention provides a kind of means of defence based on application program temporary memory space and system.According to described means of defence, the relevant information of the temporary memory space of program shared by operational process that first Real-time Obtaining is protected; Then; based on the relevant information of obtained temporary memory space; the temporary memory space shared by program whether monitoring has not protected program to attempt read/write to protect, if so, then stops the temporary memory space shared by program that not protected program read/write is protected.Because this programme is the relevant information monitoring the temporary memory space in the instruction of the not protected program read/write temporary memory space operated in computer equipment based on the relevant information of the temporary memory space shared by institute's defence program, determine whether that not protected program attempts the problem that the mode clear portion that can solve when encipheror runs in internal memory of the temporary memory space shared by program that read/write is protected still can be stolen.
Description
Technical field
The present invention relates to a kind of means of defence of program, particularly relate to a kind of method and system being carried out guard process by the internal memory shared by watchdog routine.
Background technology
Along with the development of enterprise, enterprise more and more payes attention to encryption and the management of internal document.Usually, enterprise staff, when being used the internal document of encryption by computer equipment, is decoded to document by the program opening this internal document, then in dedicating employee to.This mode can effectively prevent external staff from reading or copy document.But; which can only protect document itself; when the document is opened by program; program will inevitably store document or document information when running in shared internal memory; at this moment the document stored in internal memory or document information are plaintext version, even if this makes the document through encryption also have with the possibility expressly occurred.This document being enterprises leaks and provides possibility.
In order to more fully protect enterprises document, need a kind of measure can protected the storage space such as internal memory shared by the program running document, to be read by rogue program to prevent from being stored in cleartext information in internal memory or distort.
Summary of the invention
The shortcoming of prior art in view of the above, the object of the present invention is to provide a kind of means of defence based on application program temporary memory space and system, to be read to prevent from being stored in cleartext information in internal memory or distorts by rogue program.
For achieving the above object and other relevant objects, the invention provides a kind of means of defence based on application program temporary memory space, it at least comprises: the 1) relevant information of the temporary memory space that the program protected of Real-time Obtaining is shared in operational process; 2) based on the relevant information of obtained temporary memory space; the temporary memory space shared by program whether monitoring has not protected program to attempt read/write to protect; if; then stop the temporary memory space shared by program that not protected program read/write is protected; if not, then the corresponding temporary memory space of not protected program read/write is allowed.
Preferably; in described step 2) in the monitoring mode that whether has not protected program to attempt the temporary memory space shared by program that read/write is protected comprise: the instruction monitoring the read/write temporary memory space that not protected program sends; and the relevant information of the relevant information of the temporary memory space in described instruction with the temporary memory space shared by current the obtained program protected is mated, and determine whether to stop not protected program read/write temporary memory space based on matching result.
Preferably, when not finding the matching result matched with the relevant information of the temporary memory space shared by current the obtained program protected, described step 2) also comprise: based on the relevant information of temporary memory space in described instruction, obtain other relevant informations relevant to the relevant information of temporary memory space in described instruction, and the relevant information of other obtained relevant informations with the temporary memory space shared by protected program is mated, and determine whether to stop not protected program read/write temporary memory space based on matching result;
When also not obtaining the matching result matched; continue to obtain other relevant informations relevant to other relevant informations that the last coupling cycle obtains; and by the relevant information repeated matching of other current obtained relevant informations with the temporary memory space shared by the program protected; until other current obtained relevant informations are the information be stored in internal memory, and determine whether to stop not protected program read/write temporary memory space based on matching result.
Preferably, in described step 2) when stoping not protected program read/write temporary memory space, described method also comprises: the information sending the temporary memory space failure shared by program that not protected program read/write protects to user.
Preferably, described temporary memory space at least comprises following one: memory headroom, stack space.
Preferably, the relevant information of described temporary memory space at least comprises following one: the address information of the internal memory that the information that the program protected operationally stores in shared internal memory, the program protected are operationally shared, the pointer information pointing to the memory address shared by program protected, storage point to the stack address of the pointer information of the memory address shared by program protected.
Based on above-mentioned purpose, the present invention also provides a kind of guard system based on application program temporary memory space, and it comprises: acquisition module, the relevant information of the temporary memory space that the program protected for Real-time Obtaining is shared in operational process; Monitoring module; for the relevant information based on obtained temporary memory space; the temporary memory space shared by program whether monitoring has not protected program to attempt read/write to protect; if; then stop the temporary memory space shared by program that not protected program read/write is protected; if not, then the corresponding temporary memory space of not protected program read/write is allowed.
Preferably; described monitoring module comprises: the first sub-monitoring module; for monitoring the instruction of the read/write temporary memory space that not protected program sends; and the relevant information of the relevant information of the temporary memory space in described instruction with the temporary memory space shared by current the obtained program protected is mated, and determine whether to stop not protected program read/write temporary memory space based on matching result.
Preferably, when not finding the matching result matched with the relevant information of the temporary memory space shared by current the obtained program protected, described first sub-monitoring module also comprises: the second sub-monitoring module, for the relevant information based on temporary memory space in described instruction, obtain other relevant informations relevant to the relevant information of temporary memory space in described instruction, and the relevant information of other obtained relevant informations with the temporary memory space shared by protected program is mated, and determine whether to stop not protected program read/write temporary memory space based on matching result,
When also not obtaining the matching result matched; described second sub-monitoring module continues to obtain other relevant informations relevant to other relevant informations that the last coupling cycle obtains; and by the relevant information repeated matching of other current obtained relevant informations with the temporary memory space shared by the program protected; until other current obtained relevant informations are the information be stored in internal memory, and determine whether to stop not protected program read/write temporary memory space based on matching result.
Preferably; when described monitoring module stops not protected program read/write temporary memory space; described system also comprises: display module, attempts the information of the temporary memory space failure shared by program that read/write protects for sending not protected program to user.
Preferably, the relevant information of described temporary memory space at least comprises following one: the address information of the internal memory that the information that the program protected operationally stores in shared internal memory, the program protected are operationally shared, the pointer information pointing to the memory address shared by program protected, storage point to the stack address of the pointer information of the memory address shared by program protected.
As mentioned above, means of defence based on application program temporary memory space of the present invention and system, there is following beneficial effect: the relevant information based on the temporary memory space shared by the obtained program protected monitors the not protected program in computer equipment of operating in and the mutual instruction of temporary memory space, so determine whether the temporary memory space shared by program that not protected program is attempted read/write and protected, the problem which clear portion that can thoroughly solve when encipheror runs in internal memory still can be stolen; In addition, when stop not protected program read/write to be protected program shared by temporary memory space time, to user prompting have program to attempt the information of the temporary memory space shared by another program of read/write, so that user processes invasion program.
Accompanying drawing explanation
Fig. 1 is shown as the process flow diagram of the means of defence based on application program temporary memory space of the present invention.
Fig. 2 is shown as a kind of process flow diagram preferred embodiment of the means of defence based on application program temporary memory space of the present invention.
Another process flow diagram preferred embodiment that Fig. 3 is shown as the means of defence based on application program temporary memory space of the present invention.
Fig. 4 is shown as the structural representation of the guard system based on application program temporary memory space of the present invention.
Fig. 5 is shown as a kind of structural representation preferred embodiment of the guard system based on application program temporary memory space of the present invention.
Element numbers explanation
1 guard system
11 acquisition modules
12 monitoring modules
121 first sub-monitoring modules
122 second sub-monitoring modules
13 display modules
S1 ~ S3, S20-S23, S20 '-S27 ' step
Embodiment
Below by way of specific instantiation, embodiments of the present invention are described, those skilled in the art the content disclosed by this instructions can understand other advantages of the present invention and effect easily.The present invention can also be implemented or be applied by embodiments different in addition, and the every details in this instructions also can based on different viewpoints and application, carries out various modification or change not deviating under spirit of the present invention.
Fig. 1 is the process flow diagram of a kind of means of defence based on application program temporary memory space of the present invention.The described means of defence based on application program temporary memory space performs primarily of guard system.Described guard system is the application module be arranged in computer equipment.This computer equipment be a kind of can according to the program stored in advance, automatically, carry out the modernization intelligent electronic device of massive values computation and various information processing at high speed, its hardware includes but not limited to microprocessor, embedded device etc.Described guard system starts along with described computer equipment start.
In step sl, the relevant information of the temporary memory space that the program protected of described guard system Real-time Obtaining is shared in operational process.Wherein, the program protected refers to the claimed program that described guard system presets; it includes but not limited to: the application program of document class, the application program etc. of communication class; when protected program starts, described guard system starts the relevant information of the temporary memory space of program shared by operational process that Real-time Obtaining is protected.The application program of described document class comprises but is not limited to: word program, Adobe program etc., the application program of described communication class comprises but is not limited to: instant communication software etc.Such as, when a word document is opened, described guard system starts the relevant information of Real-time Obtaining word program temporary memory space shared in operational process.Described temporary memory space comprise any in described program operation process the shared and storage space that discharges when program is not reruned, it includes but not limited to: stack space, memory headroom etc.The relevant information of described temporary memory space comprises any information that directly or indirectly can indicate the content stored in internal memory; preferably, the relevant information of described temporary memory space includes but not limited to: the operationally shared memory address of the information stored in shared internal memory when the program protected is run, the program protected, point to the pointer information of the memory address shared by program protected, store the stack address etc. of the pointer information pointing to the memory address shared by program protected.
Particularly; the relevant information of the temporary memory space that the program that described guard system utilizes the interface Real-time Obtaining preset to protect is shared in operational process; with toilet protection program open up in operational process/discharge temporary memory space time, relevant information described in real-time update.
It should be noted that, it should be appreciated by those skilled in the art that described guard system utilizes and preset interface obtains the mode of the relevant information of the program the protected temporary memory space shared by operational process, be not described in detail in this.
Such as, described guard system utilize the interface preset every 5ms obtains the program protected in operational process shared by the relevant information of temporary memory space.
And for example, the program protected utilizes default interface that the relevant information of shared temporary memory space is supplied to described guard system in real time in operational process.
In step s 2; described guard system is based on the relevant information of obtained temporary memory space; the temporary memory space shared by program whether monitoring has not protected program to attempt read/write to protect; if; then stop the temporary memory space shared by program that not protected program read/write is protected; if not, then the corresponding temporary memory space of not protected program read/write is allowed.
Particularly, described step S2 comprises step S20-step S25.
In step S20; the instruction of the read/write temporary memory space that the not protected program of described guard system monitoring sends, and the relevant information of the relevant information of temporary memory space in described instruction with the temporary memory space shared by current the obtained program protected is mated.
In the step s 21, the temporary memory space shared by the program that described guard system determines whether to stop not protected program read/write to protect based on matching result, if so, proceeds to step S22, if not, proceeds to step S23.
In step S22, the temporary memory space shared by program that described guard system stops not protected program read/write to be protected, preferably, continues step S3.
In step S23, described guard system allows the corresponding temporary memory space of not protected program read/write.
In step s3, described guard system sends the information of the temporary memory space failure shared by program that not protected program read/write protects to user.
Such as, described guard system gets the temporary memory space shared by protected program b relevant information based on step S1 is the memory address section b1-b20 shared by program b, point to the pointer information of the memory address section b1-b20 shared by described program b, described guard system from the instruction monitored from program a the instruction monitoring the read/write temporary memory space that not protected program sends is also now: when reading the instruction of the pointer information pointing to memory address b3, the pointer information of described instruction middle finger to memory address b3 mates with the relevant information of the temporary memory space shared by program b by described guard system one by one, and when finding the matching result matched with " pointing to the pointer information of memory address b3 " in " pointing to the pointer information of the memory address section b1-b20 shared by described program b ", described program a is stoped to read the pointer information pointing to memory address b3, and the information stoping described program a to read the pointer information pointing to memory address b3 is presented on the display screen of described guard system said computer.
More preferably, as shown in Figure 3, described step S2 comprises: step S20 '-S27 '.
It should be noted that, those skilled in the art should understand that, in embodiment shown in step S20 ' shown in Fig. 3-step S22 ' Yu Fig. 2, step S20-step S22 is same or similar, step S23 in embodiment shown in step S27 ' described in Fig. 3 Yu Fig. 2 is same or similar, is not described in detail in this.
When described guard system does not find the matching result matched with the relevant information of the temporary memory space shared by current the obtained program protected yet in step S21 ', enter step S23 '.
In step S23 '; described guard system is based on the relevant information of temporary memory space in described instruction; obtain other relevant informations relevant to the relevant information of temporary memory space in described instruction, and the relevant information of other obtained relevant informations with the temporary memory space shared by protected program is mated.
In step S24 ', described guard system determines whether to stop not protected program read/write temporary memory space based on matching result, if so, proceeds to step S22 ', if not, proceeds to step S25 '.
In step S25 '; other relevant informations that described guard system obtained based on the last coupling cycle; continue to obtain other relevant informations relevant to other relevant informations that the last coupling cycle obtains, and by the relevant information repeated matching of other current obtained relevant informations with the temporary memory space shared by the program protected.
In step S26 ', described guard system judges whether other current obtained relevant informations are the information be stored in internal memory, if not, then proceed to step S24 ', if so, then enter step S27 '.
Such as, the relevant information that described guard system gets the temporary memory space shared by protected program c ' based on step S1 is: the information stored in address field the c1 '-c20 ' of internal memory, in the instruction of read/write temporary memory space that described guard system now also sends in the not protected program of monitoring, the instruction monitored from program d ' is: the instruction of reading stack address D1 ', wherein, depositing in described stack address D1 ' and pointing to memory address is c18 '-c20 ', and memory address is the pointer information of d30 ', stack address D1 ' in described instruction first mates with the relevant information of the temporary memory space shared by program c ' by described guard system, and obtain failing the matching result that mates, then, described guard system obtains institute in described stack address D1 ' based on the last coupling cycle and deposits that to point to memory address be c18 '-c20 ', the pointer information of d30 ', again the relevant information of described pointer information with the temporary memory space shared by program c ' is mated, and obtain failing the matching result that mates, the memory address that then described guard system continues to obtain described pointer information corresponding is separately c18 '-c20 ', the storage information stored in d30 ', again obtained described storage information is mated with the relevant information of the temporary memory space shared by program c ', and obtain the matching result of the storage information match that memory address stores in address field the c18 '-c20 ' of shared internal memory for the storage information that stores in c18 '-c20 ' and program c ', then, described guard system stops program d ' reading storage to point to the stack address that memory address is the pointer information of c18 '-c20 ' based on described matching result.
As shown in Figure 4, the present invention also provides a kind of guard system based on application program temporary memory space.Described guard system 1 comprises: acquisition module 11, monitoring module 12.
The relevant information of the temporary memory space that the program protected for Real-time Obtaining of described acquisition module 11 is shared in operational process.Wherein, the program protected refers to the claimed program that described acquisition module 11 presets; it includes but not limited to: the application program of document class, the application program etc. of communication class; when protected program starts, described acquisition module 11 starts the relevant information of the temporary memory space of program shared by operational process that Real-time Obtaining is protected.The application program of described document class comprises but is not limited to: word program, Adobe program etc., the application program of described communication class comprises but is not limited to: instant communication software etc.Such as, when a word document is opened, described guard system starts the relevant information of Real-time Obtaining office program temporary memory space shared in operational process.Described temporary memory space comprise any in described program operation process the shared and storage space that discharges when program is not reruned, it includes but not limited to: stack space, memory headroom etc.The relevant information of described temporary memory space comprises any information that directly or indirectly can indicate the content stored in internal memory; preferably, the relevant information of described temporary memory space includes but not limited to: the operationally shared memory address of the information stored in shared internal memory when the program protected is run, the program protected, point to the pointer information of the memory address shared by program protected, store the stack address etc. of the pointer information pointing to the memory address shared by program protected.
Particularly; the relevant information of the temporary memory space that the program that described acquisition module 11 utilizes the interface Real-time Obtaining preset to protect is shared in operational process; with toilet protection program open up in operational process/discharge temporary memory space time, relevant information described in real-time update.
It should be noted that, it should be appreciated by those skilled in the art that described acquisition module 11 utilizes and preset interface obtains the mode of the relevant information of the program the protected temporary memory space shared by operational process, be not described in detail in this.
Such as, described acquisition module 11 utilize the interface preset every 5ms obtains the program protected in operational process shared by the relevant information of temporary memory space.
And for example, the program protected utilizes default interface that the relevant information of shared temporary memory space is supplied to described acquisition module 11 in real time in operational process.
Described monitoring module 12 is for the relevant information based on obtained temporary memory space; the temporary memory space shared by program whether monitoring has not protected program to attempt read/write to protect; if; then stop the temporary memory space shared by program that not protected program read/write is protected; if not, then the corresponding temporary memory space of not protected program read/write is allowed.Particularly, as shown in Figure 4, described monitoring module 12 comprises the first sub-monitoring module 121.
The instruction of read/write temporary memory space of described first sub-monitoring module 121 for monitoring not protected program and sending, and the relevant information of the relevant information of temporary memory space in described instruction with the temporary memory space shared by current the obtained program protected is mated, and the temporary memory space shared by the program determining whether to stop not protected program read/write to protect based on matching result, if, then stop the temporary memory space shared by program that not protected program read/write is protected, if not, then allow the corresponding temporary memory space of not protected program read/write.
Such as, described first sub-monitoring module 121 gets the temporary memory space shared by protected program b relevant information based on described acquisition module 11 is the memory address section b1-b20 shared by program b, point to the pointer information of the memory address section b1-b20 shared by described program b, described first sub-monitoring module 121 from the instruction monitored from program a the instruction monitoring the read/write temporary memory space that not protected program sends is also now: when reading the instruction of the pointer information pointing to memory address b3, the pointer information of described instruction middle finger to memory address b3 mates with the relevant information of the temporary memory space shared by program b by described first sub-monitoring module 121 one by one, and when finding the matching result matched with " pointing to the pointer information of memory address b3 " in " pointing to the pointer information of the memory address section b1-b20 shared by described program b ", described program a is stoped to read the pointer information pointing to memory address b3.
Preferably, as shown in Figure 5, described monitoring module 12 also comprises the second sub-monitoring module 122.
When described first sub-monitoring module 121 does not find the matching result matched with the relevant information of the temporary memory space shared by current the obtained program protected, described second sub-monitoring module 122 is for the relevant information based on temporary memory space in described instruction, obtain other relevant informations relevant to the relevant information of temporary memory space in described instruction, and the relevant information of other obtained relevant informations with the temporary memory space shared by protected program is mated, and determine whether to stop not protected program read/write temporary memory space based on matching result,
When also not obtaining the matching result matched; described second sub-monitoring module 122 is also based on other relevant informations that the last coupling cycle obtains; continue to obtain other relevant informations relevant to other relevant informations that the last coupling cycle obtains; and by the relevant information repeated matching of other current obtained relevant informations with the temporary memory space shared by the program protected; until other current obtained relevant informations are the information be stored in internal memory, and determine whether to stop not protected program read/write temporary memory space based on matching result.
Such as, described first sub-monitoring module 121 gets protected program c based on described acquisition module 11: the information of the address field c1-c20 of stored memory, point to the pointer information of the memory address section c1-c20 shared by described program c, in the instruction of the read/write temporary memory space that described first sub-monitoring module 121 now also sends in monitored not protected program, the instruction monitored from program d is: read and store that to point to memory address be c18-c20, and memory address is the instruction of the stack address D1 of the pointer information of d30, described first sub-monitoring module 121 first mates with the relevant information of the temporary memory space shared by obtained program c based on the stack address D1 in described instruction, obtain the matching result of failing to match, then, described second sub-monitoring module 122 obtains the pointer information stored in the storehouse corresponding to described stack address D1, again the relevant information of described pointer information with the temporary memory space shared by the described program c of current obtained sensing is mated, and obtaining pointing to memory address the matching result that the pointer information that is c18-c20 matches with the pointer information of the memory address section c1-c20 shared by described program c, then described second sub-monitoring module 122 stops described program d to read to store the stack address that sensing memory address is the pointer information of c18-c20.
And for example, the relevant information that described first sub-monitoring module 121 gets the temporary memory space shared by protected program c ' based on described acquisition module 11 is: the information stored in address field the c1 '-c20 ' of internal memory, in the instruction of read/write temporary memory space that described first sub-monitoring module 121 now also sends in the not protected program of monitoring, the instruction monitored from program d ' is: the instruction of reading stack address D1 ', wherein, depositing in described stack address D1 ' and pointing to memory address is c18 '-c20 ', and memory address is the pointer information of d30 ', stack address D1 ' in described instruction first mates with the relevant information of the temporary memory space shared by program c ' by described guard system, and obtain failing the matching result that mates, then, described second sub-monitoring module 122 obtains institute in described stack address D1 ' based on the last coupling cycle and deposits that to point to memory address be c18 '-c20 ', the pointer information of d30 ', again the relevant information of described pointer information with the temporary memory space shared by program c ' is mated, and obtain failing the matching result that mates, the memory address that then described second sub-monitoring module 122 continues to obtain described pointer information corresponding is separately c18 '-c20 ', the storage information stored in d30 ', again obtained described storage information is mated with the relevant information of the temporary memory space shared by program c ', and obtain the matching result of the storage information match that memory address stores in address field the c18 '-c20 ' of shared internal memory for the storage information that stores in c18 '-c20 ' and program c ', then, described second sub-monitoring module 122 stops program d ' reading storage to point to the stack address that memory address is the pointer information of c18 '-c20 ' based on described matching result.
More preferably, when described monitoring module 12 stops not protected program read/write temporary memory space, described guard system 1 also comprises: display module 13.
Described display module 13 sends the information of the temporary memory space failure shared by the program that not protected program read/write protects to user.
Such as, when described monitoring module 12 stops the content in the internal memory shared by program e fetch program f, the information of the content in the internal memory stoped shared by program e fetch program f is illustrated on the display interface of described display module 13 place computer equipment with the form of pop-up box, so that user knows rear operation etc. of program e being killed to process operation or bolt down procedure e by described display module 13.
In sum, means of defence based on application program temporary memory space of the present invention and system, the not protected program in computer equipment of operating in and the mutual instruction of temporary memory space can be monitored based on the relevant information of the temporary memory space shared by the obtained program protected, so determine whether the temporary memory space shared by program that not protected program is attempted read/write and protected, the problem which clear portion that can thoroughly solve when encipheror runs in internal memory still can be stolen; In addition, when stop not protected program read/write to be protected program shared by temporary memory space time, to user prompting have program to attempt the information of the temporary memory space shared by another program of read/write, so that user processes invasion program.So the present invention effectively overcomes various shortcoming of the prior art and tool high industrial utilization.
Above-described embodiment is illustrative principle of the present invention and effect thereof only, but not for limiting the present invention.Any person skilled in the art scholar all without prejudice under spirit of the present invention and category, can modify above-described embodiment or changes.Therefore, such as have in art usually know the knowledgeable do not depart from complete under disclosed spirit and technological thought all equivalence modify or change, must be contained by claim of the present invention.
Claims (4)
1. based on a means of defence for application program temporary memory space, it is characterized in that, at least comprise:
1) relevant information of the temporary memory space that the program protected of Real-time Obtaining is shared in operational process; Wherein, the relevant information of described temporary memory space at least comprises following one: the address information of the internal memory that the information that the program protected operationally stores in shared internal memory, the program protected are operationally shared, the pointer information pointing to the memory address shared by program protected, storage point to the stack address of the pointer information of the memory address shared by program protected;
2) based on the relevant information of obtained temporary memory space, the temporary memory space shared by program whether monitoring has not protected program to attempt read/write to protect, if, then stop the temporary memory space shared by program that not protected program read/write is protected, if not, then the corresponding temporary memory space of not protected program read/write is allowed; And the mode whether described monitoring has not protected program to attempt the temporary memory space shared by program that read/write is protected comprises: the instruction monitoring the read/write temporary memory space that not protected program sends, and the relevant information of the relevant information of the temporary memory space in described instruction with the temporary memory space shared by current the obtained program protected is mated, and determine whether to stop not protected program read/write temporary memory space based on matching result;
Wherein, when also not finding the matching result matched with the relevant information of the temporary memory space shared by current the obtained program protected, described step 2) also comprise:
Based on the relevant information of temporary memory space in described instruction, obtain other relevant informations relevant to the relevant information of temporary memory space in described instruction, and the relevant information of other obtained relevant informations with the temporary memory space shared by protected program is mated, and determine whether to stop not protected program read/write temporary memory space based on matching result;
When also not obtaining the matching result matched; continue to obtain other relevant informations relevant to other relevant informations that the last coupling cycle obtains; and by the relevant information repeated matching of other current obtained relevant informations with the temporary memory space shared by the program protected; until other current obtained relevant informations are the information be stored in internal memory, and determine whether to stop not protected program read/write temporary memory space based on matching result.
2. the means of defence based on application program temporary memory space according to claim 1; it is characterized in that; in described step 2) when stoping not protected program read/write temporary memory space, described method also comprises: send to user the information that not protected program attempts the temporary memory space failure shared by program that read/write protects.
3. based on a guard system for application program temporary memory space, it is characterized in that, at least comprise: acquisition module, the relevant information of the temporary memory space that the program protected for Real-time Obtaining is shared in operational process; Wherein, the relevant information of described temporary memory space at least comprises following one: the address information of the internal memory that the information that the program protected operationally stores in shared internal memory, the program protected are operationally shared, the pointer information pointing to the memory address shared by program protected, storage point to the stack address of the pointer information of the memory address shared by program protected;
Monitoring module, for the relevant information based on obtained temporary memory space, the temporary memory space shared by program whether monitoring has not protected program to attempt read/write to protect, if, then stop the temporary memory space shared by program that not protected program read/write is protected, if not, then the corresponding temporary memory space of not protected program read/write is allowed; Described monitoring module comprises:
First sub-monitoring module, for monitoring the instruction of the read/write temporary memory space that not protected program sends, and the relevant information of the relevant information of the temporary memory space in described instruction with the temporary memory space shared by current the obtained program protected is mated, and determine whether to stop not protected program read/write temporary memory space based on matching result;
Wherein, when described first sub-monitoring module does not find the matching result matched with the relevant information of the temporary memory space shared by current the obtained program protected, described monitoring module also comprises:
Second sub-monitoring module, for the relevant information based on temporary memory space in described instruction, obtain other relevant informations relevant to the relevant information of temporary memory space in described instruction, and the relevant information of other obtained relevant informations with the temporary memory space shared by protected program is mated, and determine whether to stop not protected program read/write temporary memory space based on matching result;
When also not obtaining the matching result matched; described second sub-monitoring module continues to obtain other relevant informations relevant to other relevant informations that the last coupling cycle obtains; and by the relevant information repeated matching of other current obtained relevant informations with the temporary memory space shared by the program protected; until other current obtained relevant informations are the information be stored in internal memory, and determine whether to stop not protected program read/write temporary memory space based on matching result.
4. the guard system based on application program temporary memory space according to claim 3; it is characterized in that; when described monitoring module stops not protected program read/write temporary memory space; described system also comprises: display module, attempts the information of the temporary memory space failure shared by program that read/write protects for sending not protected program to user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210299831.4A CN102880815B (en) | 2012-08-21 | 2012-08-21 | Based on means of defence and the system of application program temporary memory space |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210299831.4A CN102880815B (en) | 2012-08-21 | 2012-08-21 | Based on means of defence and the system of application program temporary memory space |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102880815A CN102880815A (en) | 2013-01-16 |
| CN102880815B true CN102880815B (en) | 2016-02-03 |
Family
ID=47482137
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210299831.4A Expired - Fee Related CN102880815B (en) | 2012-08-21 | 2012-08-21 | Based on means of defence and the system of application program temporary memory space |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102880815B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1511286A (en) * | 2001-04-04 | 2004-07-07 | 先进微装置公司 | Method and apparatus for securing portions of memory |
| CN101110044A (en) * | 2007-08-28 | 2008-01-23 | 中兴通讯股份有限公司 | Method and system for internal memory monitoring management |
| CN101561775A (en) * | 2009-05-12 | 2009-10-21 | 华为技术有限公司 | Method and device for monitoring memory |
| CN102375947A (en) * | 2010-08-16 | 2012-03-14 | 伊姆西公司 | Method and system for isolating computing environment |
-
2012
- 2012-08-21 CN CN201210299831.4A patent/CN102880815B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1511286A (en) * | 2001-04-04 | 2004-07-07 | 先进微装置公司 | Method and apparatus for securing portions of memory |
| CN101110044A (en) * | 2007-08-28 | 2008-01-23 | 中兴通讯股份有限公司 | Method and system for internal memory monitoring management |
| CN101561775A (en) * | 2009-05-12 | 2009-10-21 | 华为技术有限公司 | Method and device for monitoring memory |
| CN102375947A (en) * | 2010-08-16 | 2012-03-14 | 伊姆西公司 | Method and system for isolating computing environment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102880815A (en) | 2013-01-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10853491B2 (en) | Security agent | |
| US9536113B2 (en) | Information processing apparatus, information processing system, and computer program product | |
| US8656135B2 (en) | Optimized memory configuration deployed prior to execution | |
| KR101835250B1 (en) | Detection of unauthorized memory modification and access using transactional memory | |
| CA2856268C (en) | Methods of detection of software exploitation | |
| EP3055808B1 (en) | Event model for correlating system component states | |
| US20140075556A1 (en) | Threat Detection for Return Oriented Programming | |
| CN108027860A (en) | For carrying out the hardening event counter of abnormality detection | |
| WO2014074169A1 (en) | Optimized memory configuration deployed on executing code | |
| WO2012088109A3 (en) | Providing a security boundary | |
| WO2014074168A1 (en) | Memory usage configuration based on observations | |
| CN102436566A (en) | Dynamic trusted measurement method and safe embedded system | |
| WO2014074162A1 (en) | Optimized settings in a configuration database with boundaries | |
| JP2009508259A5 (en) | ||
| CN103164643A (en) | Method and device using hardware to debug | |
| CN103632088A (en) | Method and device for detecting Trojan horses | |
| US20170168902A1 (en) | Processor state integrity protection using hash verification | |
| CN104583961B (en) | Side-channel attack based on software prevents | |
| RU2014151557A (en) | NETWORK PROTECTED DATA SET | |
| WO2017009597A1 (en) | Secure mode state data access tracking | |
| Rajput et al. | Remote non-intrusive malware detection for plcs based on chain of trust rooted in hardware | |
| CN107871079A (en) | A kind of suspicious process detection method, device, equipment and storage medium | |
| EP4016343A1 (en) | Processor arrangement for monitoring control-flow integrity | |
| CN102880815B (en) | Based on means of defence and the system of application program temporary memory space | |
| Dong et al. | Kims: kernel integrity measuring system based on trustzone |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20170908 Address after: 214125. -20-403, 58 embroidered Road, Binhu District, Binhu District, Jiangsu, Wuxi Patentee after: JIANGSU CINSEC INFORMATION TECHNOLOGY CO., LTD. Address before: 200433, room 1, building 335, No. 6006, National Road, Shanghai, Yangpu District Patentee before: Shanghai Cinsec Information Technology Co., Ltd. |
|
| TR01 | Transfer of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160203 Termination date: 20190821 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |