CN102971741A - 规范计算机系统行为的方法 - Google Patents
规范计算机系统行为的方法 Download PDFInfo
- Publication number
- CN102971741A CN102971741A CN201080067255XA CN201080067255A CN102971741A CN 102971741 A CN102971741 A CN 102971741A CN 201080067255X A CN201080067255X A CN 201080067255XA CN 201080067255 A CN201080067255 A CN 201080067255A CN 102971741 A CN102971741 A CN 102971741A
- Authority
- CN
- China
- Prior art keywords
- code snippet
- current operation
- operation request
- data structure
- call instruction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer And Data Communications (AREA)
- Organic Low-Molecular-Weight Compounds And Preparation Thereof (AREA)
- Devices For Executing Special Programs (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Stored Programmes (AREA)
Abstract
Description
Claims (10)
- 权 利 要 求1. 一种规范计算机系统行为的方法, 其特征在于, 包括:获取调用指令,基于所述调用指令获取调用指令要调用的下一代 码片断信息, 建立代码片断调用数据结构; 其中, 所述代码片断调用 数据结构为: 以调用指令所在的代码片断为节点、 以调用指令建立的 发起该调用指令的代码片断和被调用代码片断之间的调用关系为调 用路径而建立的代码片断调用数据结构;所述数据结构包括若干个子 数据结构;从所述数据结构中获取与当前操作请求关联的子数据结构,基于 所述子数据结构确定当前操作请求的发起者、 操作方法以及操作对 象;获取规范计算机系统行为的规则,将所述确定的当前操作请求的 发起者、操作方法以及操作对象与所述规则进行匹配, 判断当前操作 请求是否合法。
- 2. 如权利要求 1所述的规范计算机系统行为的方法, 其特征在于, 所述规范计算机系统行为的规则包括三要素, 分别为: 调用指令的发 起者, 调用指令的操作方法以及调用指令的操作对象;所述规范计算机系统行为的规则为当当前操作请求的发起者符 合规则要求时, 允许当前操作请求执行; 或者, 当当前操作请求的发 起者以及操作方法符合规则要求时, 允许当前操作请求执行; 或者, 当当前操作请求的发起者以及操作对象符合规则要求时,允许当前操 作请求执行; 或者, 当当前操作请求的发起者、 操作方法以及操作对 象符合规则要求时, 允许当前操作请求执行。
- 3. 如权利要求 1或 2所述的规范计算机系统行为的方法, 其特征在 于, 所述发起者为: 当前操作请求之前的、 与当前操作请求关联的所 有节点和调用路径组成的子数据结构。
- 4. 如权利要求 1所述的规范计算机系统行为的方法, 其特征在于, 所述操作对象为当前操作请求的被调用代码片断所要操作的内容。
- 5. 如权利要求 1所述的规范计算机系统行为的方法, 其特征在于, 所述操作方法为当前操作请求的被调用代码片断所要进行的操 作。
- 6. 如权利要求 1所述的规范计算机系统行为的方法, 其特征在于, 从所述数据结构中获取与当前操作请求关联的子数据结构包括: 预设获取子数据结构的条件;在所述当前操作请求满足所述预设条件时, 基于所述数据结构, 回溯与所述当前操作请求关联的节点和调用路径,获取与当前操作请 求关联的子数据结构。
- 7. 如权利要求 6所述的规范计算机系统行为的方法, 其特征在于, 还包括:将所述计算机运行的空间划分为至少两个子空间;所述预设的获取子数据结构的条件为:在某个子空间内的操作请 求将调用另一个子空间内的代码片断。
- 8. 如权利要求 1所述的规范计算机系统行为的方法, 其特征在于, 所述数据结构的建立方法包括:获取调用指令;获取发起所述调用指令的代码片断以及被调用代码片断; 以所述获取的发起所述调用指令的代码片断以及被调用代码片 断建立节点;建立发起所述调用指令的代码片断以及被调用代码片断之间的 调用关系,以所述建立的调用关系为调用节点和被调用节点之间的调 用路径。
- 9. 如权利要求 8所述的规范计算机系统行为的方法, 其特征在于, 所述调用指令为汇编指令, 所述获取调用指令包括:对运行的计算机代码进行二进制翻译以获取调用指令。
- 10. 如权利要求 8所述的规范计算机系统行为的方法, 其特征在于, 所述获取发起所述调用指令的代码片断以及被调用代码片断包括: 从调用参数中获取被调用代码片断的地址;基于所述被调用代码片断的地址获取被调用代码片断,所述调用 指令所在的代码片断为发起调用指令的代码片断。
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2010/080034 WO2012083521A1 (zh) | 2010-12-21 | 2010-12-21 | 规范计算机系统行为的方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102971741A true CN102971741A (zh) | 2013-03-13 |
Family
ID=46313022
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201080067255XA Pending CN102971741A (zh) | 2010-12-21 | 2010-12-21 | 规范计算机系统行为的方法 |
Country Status (5)
Country | Link |
---|---|
US (1) | US9230067B2 (zh) |
EP (1) | EP2657872A4 (zh) |
JP (1) | JP5615444B2 (zh) |
CN (1) | CN102971741A (zh) |
WO (1) | WO2012083521A1 (zh) |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101872400A (zh) * | 2009-04-24 | 2010-10-27 | 汪家祥 | 建立根据计算系统操作请求关联关系判断计算机操作请求安全性的计算机信息安全防护方法 |
Family Cites Families (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
IL132915A (en) * | 1999-11-14 | 2004-05-12 | Networks Assoc Tech Inc | Method for secure function execution by calling address validation |
US7076557B1 (en) * | 2000-07-10 | 2006-07-11 | Microsoft Corporation | Applying a permission grant set to a call stack during runtime |
BR0209497A (pt) | 2001-05-11 | 2005-08-30 | Computer Ass Think Inc | Método e sistema para a transformação de aplicações de software de legado em sistemas modernos orientados a objetos |
US7546587B2 (en) * | 2004-03-01 | 2009-06-09 | Microsoft Corporation | Run-time call stack verification |
US7966643B2 (en) * | 2005-01-19 | 2011-06-21 | Microsoft Corporation | Method and system for securing a remote file system |
US20060259947A1 (en) * | 2005-05-11 | 2006-11-16 | Nokia Corporation | Method for enforcing a Java security policy in a multi virtual machine system |
US8555061B2 (en) * | 2005-05-13 | 2013-10-08 | Microsoft Corporation | Transparent code |
JP2006330864A (ja) | 2005-05-24 | 2006-12-07 | Hitachi Ltd | サーバ計算機システムの制御方法 |
JP2008021274A (ja) * | 2006-06-15 | 2008-01-31 | Interlex Inc | プロセス監視装置及び方法 |
US7950056B1 (en) * | 2006-06-30 | 2011-05-24 | Symantec Corporation | Behavior based processing of a new version or variant of a previously characterized program |
US8156536B2 (en) * | 2006-12-01 | 2012-04-10 | Cisco Technology, Inc. | Establishing secure communication sessions in a communication network |
US20090210888A1 (en) | 2008-02-14 | 2009-08-20 | Microsoft Corporation | Software isolated device driver architecture |
CN101282332B (zh) | 2008-05-22 | 2011-05-11 | 上海交通大学 | 面向网络安全告警关联的攻击图生成系统 |
CN102144222B (zh) | 2008-07-02 | 2014-11-05 | 国立大学法人东京工业大学 | 执行时间估计方法、执行时间估计程序以及执行时间估计装置 |
US20100125830A1 (en) * | 2008-11-20 | 2010-05-20 | Lockheed Martin Corporation | Method of Assuring Execution for Safety Computer Code |
JP5155909B2 (ja) | 2009-03-06 | 2013-03-06 | Sky株式会社 | 操作監視システム及び操作監視プログラム |
US8468113B2 (en) * | 2009-05-18 | 2013-06-18 | Tufin Software Technologies Ltd. | Method and system for management of security rule set |
WO2011041871A1 (en) | 2009-10-08 | 2011-04-14 | Irdeto Canada Corporation | A system and method for aggressive self-modification in dynamic function call systems |
-
2010
- 2010-12-21 US US13/881,176 patent/US9230067B2/en not_active Expired - Fee Related
- 2010-12-21 WO PCT/CN2010/080034 patent/WO2012083521A1/zh active Application Filing
- 2010-12-21 JP JP2013538027A patent/JP5615444B2/ja not_active Expired - Fee Related
- 2010-12-21 CN CN201080067255XA patent/CN102971741A/zh active Pending
- 2010-12-21 EP EP10861216.9A patent/EP2657872A4/en not_active Withdrawn
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101872400A (zh) * | 2009-04-24 | 2010-10-27 | 汪家祥 | 建立根据计算系统操作请求关联关系判断计算机操作请求安全性的计算机信息安全防护方法 |
Also Published As
Publication number | Publication date |
---|---|
US9230067B2 (en) | 2016-01-05 |
JP5615444B2 (ja) | 2014-10-29 |
EP2657872A1 (en) | 2013-10-30 |
EP2657872A4 (en) | 2017-02-08 |
WO2012083521A1 (zh) | 2012-06-28 |
JP2013542536A (ja) | 2013-11-21 |
US20130219464A1 (en) | 2013-08-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102012987B (zh) | 自动二进制恶意代码行为分析系统 | |
CN110851241A (zh) | Docker容器环境的安全防护方法、装置及系统 | |
CN103020527B (zh) | 主动拦截恶意程序的方法、装置、系统 | |
CN103020526B (zh) | 恶意程序主动拦截方法和装置及客户端设备 | |
CN104239786B (zh) | 免root主动防御配置方法及装置 | |
CN104081404A (zh) | 使用动态优化框架的应用沙盒化 | |
CN105117645A (zh) | 基于文件系统过滤驱动实现沙箱虚拟机多样本运行的方法 | |
CN104506495A (zh) | 一种智能化网络apt攻击威胁分析方法 | |
CN113138836B (zh) | 一种使用基于Docker容器的防逃逸系统的防逃逸方法 | |
CN101872400A (zh) | 建立根据计算系统操作请求关联关系判断计算机操作请求安全性的计算机信息安全防护方法 | |
CN111859394A (zh) | 基于tee的软件行为主动度量方法及系统 | |
EP3531324A1 (en) | Identification process for suspicious activity patterns based on ancestry relationship | |
CN111787001B (zh) | 网络安全信息的处理方法、装置、电子设备和存储介质 | |
Michael et al. | Software decoys: Intrusion detection and countermeasures | |
Chen et al. | Efficient detection of the return-oriented programming malicious code | |
CN111107108A (zh) | 一种工业控制系统网络安全分析的方法 | |
Das et al. | CoRuM: collaborative runtime monitor framework for application security | |
CN103677746B (zh) | 指令重组方法及装置 | |
CN102971741A (zh) | 规范计算机系统行为的方法 | |
CN116582351A (zh) | 一种基于云环境的apt攻击的沙箱检测方法及系统 | |
WO2019136428A1 (en) | Systems and methods for detecting and mitigating code injection attacks | |
CN115296936A (zh) | 一种反网络犯罪辅侦的自动化方法及系统 | |
Filman et al. | Communicating security agents | |
CN103677769B (zh) | 指令重组方法及装置 | |
Mishra et al. | Multi tree view of complex attack–stuxnet |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C41 | Transfer of patent application or patent right or utility model | ||
COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100084 HAIDIAN, BEIJING TO: 100071 FENGTAI, BEIJING |
|
TA01 | Transfer of patent application right |
Effective date of registration: 20150123 Address after: 100071 Beijing city Fengtai District Xiaotun Road No. 89 aerospace standard tower Applicant after: The safe and sound Information Technology Co., Ltd in sky in Beijing Address before: 100084 C0803, 18 East Zhongguancun Road, Beijing, Haidian District Applicant before: Beijing Zhongtian Antai Technology Co., Ltd. |
|
CB02 | Change of applicant information |
Address after: 100071 Beijing city Fengtai District Xiaotun Road No. 89 aerospace standard tower Applicant after: Zhongtian Aetna (Beijing) Information Technology Co. Ltd. Address before: 100071 Beijing city Fengtai District Xiaotun Road No. 89 aerospace standard tower Applicant before: The safe and sound Information Technology Co., Ltd in sky in Beijing |
|
COR | Change of bibliographic data | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130313 |