CN103020515A - Application program execution permission control method for operating system - Google Patents
Application program execution permission control method for operating system Download PDFInfo
- Publication number
- CN103020515A CN103020515A CN2012105736900A CN201210573690A CN103020515A CN 103020515 A CN103020515 A CN 103020515A CN 2012105736900 A CN2012105736900 A CN 2012105736900A CN 201210573690 A CN201210573690 A CN 201210573690A CN 103020515 A CN103020515 A CN 103020515A
- Authority
- CN
- China
- Prior art keywords
- application program
- operating system
- program
- running status
- classification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses an application program execution permission control method for an operating system. The application program execution permission control method for the operating system comprises the following implementation steps of: 1) classifying self-contain application programs and foreign application programs of the operating system; 2) setting running status information in the operating system, wherein the running statuses at least comprise two system running statuses, and respectively setting execution rules for controlling application program execution permissions according to the classification of the application programs for the system running statuses; and 3) after the operating system is started up, entering a default system running status according to default running status information, and switching the current system running status of the operating system during running according to user commands; and when an execution request of an application program is received, checking the current system running status of the operating system, permitting or forbidding the execution request of the application program according to the execution rule corresponding the current system running status and the classification of the application program. The application program execution permission control method for the operating system has the advantages that the malicious software preventing ability is strong, the security and the reliability are high, the stability is high, the generality is good and the extendibility is strong.
Description
Technical field
The present invention relates to computer safety field, be specifically related to a kind of application program that is used for operating system for preventing malice software and carry out authority control method.
Background technology
Current, along with deepening continuously of the level of informatization, the computer viruses such as virus, wooden horse, worm are day by day serious to the destruction of infosystem, and how guarantee information system is avoided destroying extremely urgent.Can find by analyzing, nearly all computer virus is all owing to the user has a mind to or be not intended to carry out rogue program cause.Usually disguise oneself as normal procedure or be tied in the normal program of rogue program brings out the user and carries out the rogue program that was tampered and reach demolition purpose.Therefore installing with operation has the software of potential safety hazard very easily the security of infosystem to be damaged, and gently then destroys Systems balanth, affects the normal operation of system, heavy then cause the security incident such as information leakage.Therefore, the installation of software is most important with execution in the restricted information system.
In the operating system of prior art individual node in infosystem, restricted software is installed with execution and is comprised following method:
1) technical scheme of prior art is controlled the installation of software, such as by modes such as certificate, software signature or completeness checks software being carried out validity checking, reaches the purpose of control illegal software.But, these methods can't fundamentally be controlled the execution of illegal software or code, the user still may pass through the approach such as network, USB mobile storage and infect malicious code or download illegal software, even the user can initiatively write some programs and reaches some illegal objective.Simultaneously, in a single day the interior important software of operating system infect virus or be tampered, and so again moves these softwares and just may bring potential safety hazard.Although security protection software can check and stop the execution of some Malware to a certain extent, because it can only take precautions against known Malware, so its security protection ability also is limited.
2) to utilize reliable computing technology to carry out integrity checking also be software to be carried out control to the technical scheme of prior art.Before software is carried out, check the integrality of software by integrity measurement, carry out with the software that prevents from being tampered.But the integrality detection method that is based on credible calculating need to support with trusted computing chips such as TPM, and all software is all carried out can causing very large impact to system performance based on the integrity detection of trusted computing chip.Simultaneously; because what software installation, software upgrading etc. caused reconfigures; may be so that have entered in the past the illegal software of system and moved, the execution control of therefore carrying out software based on credible calculating also exists certain potential safety hazard, effectively protection system safety.
Summary of the invention
The technical problem to be solved in the present invention provides the application program that is used for operating system that a kind of Malware prevention ability is strong, safe and reliable, stability is high, versatility good, extendability is strong and carries out authority control method.
In order to solve the problems of the technologies described above, the technical solution used in the present invention is:
A kind of application program for operating system is carried out authority control method, and implementation step is as follows:
1) to operating system carry application program and external application program is classified;
2) running state information is set in operating system, the type of described running state information comprises at least two kinds of system running states, is provided for respectively carrying out according to the classification controlling application program of application program the executing rule of authority for described system running state;
3) enter the system running state of acquiescence according to default acquiescence running state information behind the os starting, when operation according to the current system running status of user instruction switching operating system; When receiving the execution request of application program, check the current system running status of operating system, allow or forbid the execution request of described application program according to the classification of executing rule corresponding to current system running status and application program.
Be used for the further improvement of the application program execution authority control method of operating system as the present invention:
The detailed step of described step 1) is as follows:
1.1) with the carrying application program classification and be labeled as the unessential inessential program of system of the essential system's necessary program of operating system, operating system and be used for the software erecting tools that management software is installed of operating system, the mark of described classification is stored in the extension attribute of application program;
1.2) external application program is categorized as legal external program or illegal external program according to key words sorting in the extension attribute that is stored in application program.
Running state information is set in operating system described step 2) comprises developing operation state, normal operating condition, three kinds of system running states of sealing running status; For described developing operation state, normal operating condition, that the sealing running status arranges respectively executing rule is as follows: the executing rule under the described developing operation state is for allowing whole application programs to carry out; Executing rule under the described normal operating condition is for only allowing system's necessary program, software erecting tools, legal external program to carry out; Executing rule under the described sealing running status is for only allowing system's necessary program, legal external program to carry out.
As follows according to the detailed step of the current system running status of user instruction switching operating system in when operation in the described step 3): during at operating system, according to user instruction and the system running state that comprises the dual user licensing scheme switching operating system of first user mandate, the second subscriber authorisation, computing machine can only switch between developing operation state, the normal operating condition or switch between normal operating condition, sealing running status arbitrarily, when switching to normal operating condition from the developing operation state, directly switch; When switching to the sealing running status from normal operating condition, only under the first user mandate, just switch; When switching to the developing operation state from normal operating condition, only under the second subscriber authorisation, just switch; When switching to normal operating condition from the sealing running status, only satisfy at the same time under first user mandate and the second subscriber authorisation and just switch; When being directly switch into the developing operation state from the sealing running status, do not respond the switching user instruction.
Allow according to the classification of executing rule corresponding to current system running status and application program in the described step 3) or forbid that the detailed step of execution request of described application program is as follows: when the current system running status is in normal operating condition, obtain the mark of application program classification, if any one in the system that the is labeled as necessary program of application program classification, software erecting tools, the legal external program, then allow application program to carry out, otherwise forbid the application program execution; When the current system running status is in the sealing running status, obtain the mark of application program classification, if the system that the is labeled as necessary program of application program classification, any one in the legal external program then allow application program to carry out, otherwise forbid the application program execution.
Described first user mandate, the second subscriber authorisation are the subscriber authorisation based on ukey.
Described step 3) also comprises when operating system and detects the step that application programs is made amendment, if detect destination application classification to be revised be labeled as the software erecting tools, then forbid the modification to described destination application; Otherwise detect the type except illegal external program of being labeled as of destination application to be revised classification, then the automatic mark that described application program is classified is revised as illegal external program.
The present invention has following advantage:
1, the application program for operating system provided by the invention carry out authority control method by to operating system carry application program and external application program is classified, can classify according to application program source attribute in the operating system, can effectively identify external illegal program, have advantages of that the Malware prevention ability is strong, safe and reliable.
2, application program for operating system provided by the invention is carried out authority control method and in operating system running state information is set, the type of running state information comprises at least two kinds of system running states, be provided for respectively carrying out according to the classification controlling application program of application program the executing rule of authority for system running state, mark according to the application program classification, the executing rule of system running state and application program, realized carrying out control based on the program of classification, can effectively prevent the illegal program operation, realize the platform stable under the system sealing running status, have a Malware prevention ability strong, safe and reliable, the advantage that stability is high.
3, the present invention further is stored in the classification of application program respectively in the extension attribute of application program, adopt the mark of extended attribute space storage program classification, therefore as long as goal systems platform support program extended attribute, just can use application program of the present invention to carry out control method, kylin operating system and linux system both can have been supported, equally also can support the operating system of other support program extended attribute, diversity that can supporting platform has advantages of that versatility is good, extendability is strong.
4, the present invention further also comprises when operating system and detects the step that application programs is made amendment, if detect destination application classification to be revised be labeled as the software erecting tools, then forbid this modification; Otherwise detect the type except illegal external program of being labeled as of destination application to be revised classification, then be illegal external program automatically with application modification, therefore can detect the program that is tampered, can after application program is tampered, automatically adapt to new executing rule, can further strengthen the Malware prevention ability of the present embodiment.
Description of drawings
Fig. 1 is the basic procedure schematic diagram of the embodiment of the invention.
Fig. 2 is the schematic flow sheet of in the embodiment of the invention software package of external application program being signed.
Fig. 3 is the schematic flow sheet that in the embodiment of the invention software package of external application program is carried out signature verification.
Fig. 4 is the switching schematic diagram of system running state in the embodiment of the invention.
Embodiment
As shown in Figure 1, the present embodiment is as follows for the implementation step of the application program execution authority control method of operating system:
1) to operating system carry application program and external application program is classified;
2) running state information is set in operating system, the type of running state information comprises at least two kinds of system running states, is provided for respectively carrying out according to the classification controlling application program of application program the executing rule of authority for system running state;
3) enter the system running state of acquiescence according to default acquiescence running state information behind the os starting, when operation according to the current system running status of user instruction switching operating system; When receiving the execution request of application program, check the current system running status of operating system, allow or forbid the execution request of application program according to the classification of executing rule corresponding to current system running status and application program.
Referring to above-mentioned steps 1)~step 3), the application program that is used for operating system that the present embodiment provides carry out authority control method by to operating system carry application program and external application program is classified, can classify according to application program source attribute in the operating system, can effectively identify external illegal program, have advantages of that the Malware prevention ability is strong, safe and reliable; The application program that is used for operating system that the present embodiment provides is carried out authority control method and in operating system running state information is set, the type of running state information comprises at least two kinds of system running states, be provided for respectively carrying out according to the classification controlling application program of application program the executing rule of authority for system running state, mark according to the application program classification, the executing rule of system running state and application program, realized carrying out control based on the program of classification, can effectively prevent the illegal program operation, and realize platform stable under the system sealing running status, have a Malware prevention ability strong, safe and reliable, the advantage that stability is high.
In the present embodiment, the detailed step of step 1) is as follows:
1.1) with the software erecting tools I that application program is classified and is labeled as the unessential inessential program C of system of operating system essential the necessary program S of system, operating system and installs for management software that carries of operating system, the mark of classifying is stored in the extension attribute of application program;
1.2) external application program is categorized as legal external program V or illegal external program U according to key words sorting in the extension attribute that is stored in application program.
The present embodiment is divided three classes all programs: the first kind is the system program with the original installation of operating system; Equations of The Second Kind is the external program through legitimate verification; The 3rd class is other the external programs without legitimate verification.
Type 1 programming is divided into again the unessential inessential program of system (being labeled as C) of operating system essential system's necessary program (being labeled as S), operating system and is used for the software erecting tools (being labeled as I) that management software is installed.Wherein, the system's necessary program that is labeled as S is non-limited program, and system's necessary program is normally to move requisite program by the assurance system; The inessential program of system that is labeled as C is limited program, secure configuration file when the limited program tabulation is installed by system is determined, the inessential program of system refers to that these application programs can not be performed for the needs that satisfy exploitation or debugging allow the just application program of needs during service operation; The software erecting tools that is labeled as I specifically refers to the software erecting tools kysoft of kylin operating system, kysoft is responsible for the installation control of software package, summary and signature by proving program in installation process are realized reliability of software and integrity checking, guarantee to only have legal software just can be mounted.
Equations of The Second Kind is labeled as V through the legal external program of legitimate verification.
The 3rd class is labeled as U without the illegal external program of legitimate verification.
The operating system environment of the present embodiment is the kylin operating system that computing machine institute of the National University of Defense technology develops, kylin operating system can be supported the mark by the extension attributive classification of application program, in addition, the present embodiment equally also can be supported the operating system of other support program extended attribute, the diversity of supporting platform has advantages of that versatility is good, extendability is strong; In addition, also can adopt as required the mark of the form storage application program classification such as file, database, internal memory, and can preferably adopt the mode of encryption to store.The present embodiment utilizes the safety label of the file extent property store program of operating system support, and the extended attribute space is named as security.exectl, and the mark of classification is stored among the extension attribute space security.exectl of application program.In the operating system installation process, all programs and file at first are marked as S, the limited program tabulation that should be labeled as C is listed in secure configuration file/etc/exectlfilelist, in system's installation process, these files are carried out heavy label, the software erecting tools of kylin operating system is kysoft, also in secure configuration file/etc/exectlfilelist, list, and in system's installation process, be I with its heavy label.After operating system installation is finished, the installation of subsequent software needs to install via the software erecting tools, the program of after software erecting tools checking legitimacy, installing, and operating system nucleus automatically its mark is set to V, the file that is namely created by the program of I mark, it is labeled as V; Any other external programs of installing without software erecting tools checking, operating system nucleus is labeled as U with it automatically, such as the file of being come in by copies such as usb equipment, CDs, by the file of network download etc., is operated system kernel and is labeled as U.Secure configuration file/etc/exectlfilelist is protected by the security mechanism of kylin operating system, can only be made amendment by the safety officer.
In the present embodiment, each legal external program needs the step through software package signature and signature verification in advance.Carry out the step of software package signature as shown in Figure 2, the software package of each legal external program issues by the software dispatch center, the summary of computation software package at first before issuing, then the private key that uses the software dispatch center is signed to the software summary, and software package and the software summary of sign are issued together as in advance by signing and carrying the software package that software is made a summary; Use step that the software erecting tools carries out signature verification as shown in Figure 3, the software erecting tools is when carrying out the software package installation, at first software for calculation is made a summary, and the software of being signed in software dispatch center summary and the software summary that calculates pass to operating system nucleus together, carries out signature verification by operating system nucleus; Operating system nucleus is when carrying out signature verification, the software summary that the PKI that at first uses the software dispatch center was signed to the software dispatch center of examining outer software erecting tools and transmitting into is decrypted operation, and compare with software summary that software erecting tools that the outer software erecting tools of kernel transmits into calculates, judge if both are identical signature verification by then allow the software erecting tools to install, and the legal external program V that is labeled as of external application program classification after the installation is set, be stored in the extension attribute of application program; If both differences then judge that signature verification do not pass through, thereby forbid that the software erecting tools installs.Any external program of installing without software erecting tools checking then automatic mark is in U and the extension attribute that is stored in application program, is classified into illegal external program.
In the present embodiment, step 2) in running state information is set in operating system and comprises developing operation state, normal operating condition, three kinds of system running states of sealing running status; For developing operation state, normal operating condition, that the sealing running status arranges respectively executing rule is as follows: the executing rule under the developing operation state is for allowing whole application programs to carry out; Executing rule under the normal operating condition is for only allowing the necessary program S of system, software erecting tools I, legal external program V to carry out; Executing rule under the sealing running status is for only allowing the necessary program S of system, legal external program V to carry out.In developing operation state, normal operating condition, three kinds of system running states of sealing running status, normal operating condition is the general business running status, allows the installation and operation of legal procedure under this state; The sealing running status is the service operation state under the sealed environment, no longer allows the operation of any afterwards program under this state, does not also allow the software erecting tools that any software is installed; The developing operation state is the running status of business development or debug phase, the not operation of limiting program under this state, and system's limited program can provide necessary development environment support for business development.The initial running status of system is determined when operating system installation.
In the present embodiment, as follows according to the detailed step of the current system running status of user instruction switching operating system in when operation in the step 3): during at operating system, according to user instruction and the system running state that comprises the dual user licensing scheme switching operating system of first user mandate, the second subscriber authorisation, computing machine can only switch between developing operation state, the normal operating condition or switch between normal operating condition, sealing running status arbitrarily, when switching to normal operating condition from the developing operation state, directly switch; When switching to the sealing running status from normal operating condition, only under the first user mandate, just switch; When switching to the developing operation state from normal operating condition, only under the second subscriber authorisation, just switch; When switching to normal operating condition from the sealing running status, only satisfy at the same time under first user mandate and the second subscriber authorisation and just switch; When being directly switch into the developing operation state from the sealing running status, do not respond the switching user instruction.
As shown in Figure 4, the present embodiment system running state switching law is: computing machine can only switch between developing operation state, the normal operating condition or switch between normal operating condition, sealing running status arbitrarily; The permission system switches to normal operating condition by the developing operation state; Forbid switching to the developing operation state by normal operating condition; Permission switches to the sealing running status by normal operating condition; Permission switches to normal operating condition by the sealing running status; Keep before switching in the system and two kinds of system running states after switching, system running state switches can not exceed this two states that system keeps, initially do not carry out under any system running state switch instances, two kinds of system running states that keep are consistent, are current system running state.Can arrive normal operating condition such as the sealing running status, but can not continue again to switch to the developing operation state by normal operating condition.That is to say, not only forbid being directly switch into the developing operation state by the sealing running status, can not indirectly switch to the developing operation state.In like manner, normal operating condition can switch to the developing operation state, but can not switch to the sealing running status after switching to normal operating condition again again, namely can not directly or indirectly change between developing operation state and sealing running status.The present embodiment can conveniently be realized the system running state control based on Computer Role by the strategy of the current system running status of above-mentioned switching operating system.For example, use computing machine for exploitation, controlling it can only switch between developing operation state, normal operating condition; Use computing machine for producing, then controlling it can only switch between normal operating condition, sealing running status, guarantees to produce with computing machine and can only carry out the program that is labeled as S, V, more safe and reliable.
When system running state switches, need satisfy certain safety condition, in the present embodiment, adopt based on the identity of ukey and differentiated the safety condition of changing as system running state.The present embodiment has defined 2 ukey user A and B, bind respectively normal operating condition (ukey user A) and sealing running status (ukey user B), corresponding private key for user is contained in each ukey inside, the ukey of authentication of users B is the first user mandate, the ukey of authentication of users A is the second subscriber authorisation, and the ukey of authentication of users B and A satisfies first user mandate and the second subscriber authorisation simultaneously.When system enters the developing operation state by the normal operating condition conversion, the ukey of palpus authentication of users A; When entering the sealing running status by the normal operating condition conversion; the ukey of palpus authentication of users B; when entering normal operating condition by the sealing running state conversion, authentication of users B and user A two people's ukey, the detailed process of authentication of users ukey does not belong to the technology category of the present invention's protection.Step 3) is by comprising the dual user licensing scheme of first user mandate, the second subscriber authorisation in the present embodiment, realized the empowerment management mechanism that the system for computer running status is switched, realized authentication, forced the security mechanisms such as access control and keeper's fraction, had advantages of safe and reliable; And the first user mandate of the present embodiment, the second subscriber authorisation be the subscriber authorisation based on ukey, authorizes by the ukey with hardware entities, and easy to use, security also more easily is protected.
In the present embodiment, step 3) also comprises when operating system and detects the step that application programs is made amendment, if detect destination application classification to be revised be labeled as software erecting tools I, then forbid the modification to destination application; Otherwise detect the type except illegal external program U of being labeled as of destination application to be revised classification, then the automatic mark that application program is classified is revised as illegal external program U.In a single day the program of any non-U mark is illegally modified, and operating system nucleus is automatically converted to U with its mark.Because the file that the software erecting tools creates is the file of V mark, therefore, in the present embodiment, the file of I mark does not allow to be modified.
Referring to Fig. 1, allow according to the classification of executing rule corresponding to current system running status and application program in the present embodiment step 3) or forbid that the detailed step of execution request of application program is as follows: when the current system running status is in normal operating condition, obtain the mark of application program classification, if the necessary program S of the system that is labeled as, the software erecting tools I of application program classification, any one among the legal external program V, then allow application program to carry out, otherwise forbid the application program execution; When the current system running status is in the sealing running status, obtain the mark of application program classification, if the necessary program S of the system that is labeled as of application program classification, any one among the legal external program V then allow application program to carry out, otherwise forbid the application program execution.Step 3) is controlled program implementation according to system running state and program origin marking information, under normal operating condition, is labeled as the legal credible of S, I and V and comes source program to carry out, the program that is labeled as C, the U execution that is under an embargo; Under the sealing running status, the program that is labeled as S, V can be carried out, the program that is labeled as I, C and the U execution that is under an embargo; Under the developing operation state, markd program all can be carried out, and carries out authority by application program and the external application program control of classifying that carries to operating system, has advantages of that the Malware prevention ability is strong, safe and reliable.
The present embodiment passes through above-mentioned steps, can identify illegal external program and limit illegal external program implementation, can identify illegal software, and can be by the execution of system running state and program origin marking restriction illegal software, realize the execution control of application programs, can effectively guarantee Security of the system and reliability.
The above only is preferred implementation of the present invention, and protection scope of the present invention also not only is confined to above-described embodiment, and all technical schemes that belongs under the thinking of the present invention all belong to protection scope of the present invention.Should be pointed out that for those skilled in the art, in the some improvements and modifications that do not break away under the principle of the invention prerequisite, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (7)
1. an application program that is used for operating system is carried out authority control method, it is characterized in that implementation step is as follows:
1) to operating system carry application program and external application program is classified;
2) running state information is set in operating system, the type of described running state information comprises at least two kinds of system running states, is provided for respectively carrying out according to the classification controlling application program of application program the executing rule of authority for described system running state;
3) enter the system running state of acquiescence according to default acquiescence running state information behind the os starting, when operation according to the current system running status of user instruction switching operating system; When receiving the execution request of application program, check the current system running status of operating system, allow or forbid the execution request of described application program according to the classification of executing rule corresponding to current system running status and application program.
2. the application program for operating system according to claim 1 is carried out authority control method, and it is characterized in that: the detailed step of described step 1) is as follows:
1.1) with the carrying application program classification and be labeled as the unessential inessential program of system of the essential system's necessary program of operating system, operating system and be used for the software erecting tools that management software is installed of operating system, the mark of described classification is stored in the extension attribute of application program;
1.2) external application program is categorized as legal external program or illegal external program according to key words sorting in the extension attribute that is stored in application program.
3. the application program for operating system according to claim 2 is carried out authority control method, it is characterized in that described step 2) in running state information be set in operating system comprise developing operation state, normal operating condition, three kinds of system running states of sealing running status; For described developing operation state, normal operating condition, that the sealing running status arranges respectively executing rule is as follows: the executing rule under the described developing operation state is for allowing whole application programs to carry out; Executing rule under the described normal operating condition is for only allowing system's necessary program, software erecting tools, legal external program to carry out; Executing rule under the described sealing running status is for only allowing system's necessary program, legal external program to carry out.
According to claim 2 or 3 described application programs for operating system carry out authority control methods, it is characterized in that, as follows according to the detailed step of the current system running status of user instruction switching operating system in when operation in the described step 3): during at operating system, according to user instruction with comprise the first user mandate, the system running state of the dual user licensing scheme switching operating system of the second subscriber authorisation, computing machine can only be at the developing operation state arbitrarily, switch between the normal operating condition or at normal operating condition, switch between the sealing running status, when switching to normal operating condition from the developing operation state, directly switch; When switching to the sealing running status from normal operating condition, only under the first user mandate, just switch; When switching to the developing operation state from normal operating condition, only under the second subscriber authorisation, just switch; When switching to normal operating condition from the sealing running status, only satisfy at the same time under first user mandate and the second subscriber authorisation and just switch; When being directly switch into the developing operation state from the sealing running status, do not respond the switching user instruction.
5. the application program for operating system according to claim 4 is carried out authority control method, it is characterized in that, allow according to the classification of executing rule corresponding to current system running status and application program in the described step 3) or forbid that the detailed step of execution request of described application program is as follows: when the current system running status is in normal operating condition, obtain the mark of application program classification, if the system that the is labeled as necessary program of application program classification, the software erecting tools, in the legal external program any one, then allow application program to carry out, otherwise forbid the application program execution; When the current system running status is in the sealing running status, obtain the mark of application program classification, if the system that the is labeled as necessary program of application program classification, any one in the legal external program then allow application program to carry out, otherwise forbid the application program execution.
6. the application program for operating system according to claim 5 is carried out authority control method, and it is characterized in that: described first user mandate, the second subscriber authorisation are the subscriber authorisation based on ukey.
7. the application program for operating system according to claim 6 is carried out authority control method, it is characterized in that: described step 3) also comprises the step that the detection application programs is made amendment when operating system, if what detect destination application to be revised classification is labeled as the software erecting tools, then forbid the modification to described destination application; Otherwise detect the type except illegal external program of being labeled as of destination application to be revised classification, then the automatic mark that described application program is classified is revised as illegal external program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210573690.0A CN103020515B (en) | 2012-12-26 | 2012-12-26 | Application program execution permission control method for operating system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210573690.0A CN103020515B (en) | 2012-12-26 | 2012-12-26 | Application program execution permission control method for operating system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103020515A true CN103020515A (en) | 2013-04-03 |
| CN103020515B CN103020515B (en) | 2015-07-22 |
Family
ID=47969111
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210573690.0A Active CN103020515B (en) | 2012-12-26 | 2012-12-26 | Application program execution permission control method for operating system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103020515B (en) |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103544411A (en) * | 2013-10-16 | 2014-01-29 | 深圳全智达通信股份有限公司 | Software package certificate protection method and device |
| CN103632073A (en) * | 2013-12-05 | 2014-03-12 | 北京网秦天下科技有限公司 | Method and device used for controlling terminal application permission |
| CN104462958A (en) * | 2014-11-06 | 2015-03-25 | 东莞宇龙通信科技有限公司 | Intersystem switching method and device of terminal |
| CN104462950A (en) * | 2014-12-17 | 2015-03-25 | 中国人民解放军国防科学技术大学 | Application program executing permission control method used for operating system |
| CN104766005A (en) * | 2015-04-15 | 2015-07-08 | 小米科技有限责任公司 | Management method and device for application software access authority |
| CN105095049A (en) * | 2015-08-17 | 2015-11-25 | 安一恒通(北京)科技有限公司 | Method and device used for monitoring application operation |
| CN105451233A (en) * | 2014-08-18 | 2016-03-30 | 北京壹人壹本信息科技有限公司 | Anti-monitoring method and system and mobile terminal |
| CN106204047A (en) * | 2016-06-30 | 2016-12-07 | 成都生辉电子科技有限公司 | A kind of mobile terminal payment device |
| CN106462398A (en) * | 2014-06-11 | 2017-02-22 | 三菱电机株式会社 | Program edit device, program management device, program edit program, and program management program |
| CN107092505A (en) * | 2017-03-31 | 2017-08-25 | 努比亚技术有限公司 | The erecting device and method of a kind of application program, storage medium, terminal |
| CN108549798A (en) * | 2018-04-12 | 2018-09-18 | 珠海市魅族科技有限公司 | Terminal equipment control method and device, terminal device and computer readable storage medium |
| CN108804911A (en) * | 2017-04-28 | 2018-11-13 | 华为技术有限公司 | A kind of acquisition methods and device of implicit identification's symbol |
| CN108833690A (en) * | 2018-05-31 | 2018-11-16 | 努比亚技术有限公司 | authority control method, terminal and computer readable storage medium |
| CN110178135A (en) * | 2017-01-17 | 2019-08-27 | 微软技术许可有限责任公司 | Application security is changed to support to access immediately |
| CN110781490A (en) * | 2018-07-30 | 2020-02-11 | 中兴通讯股份有限公司 | Information processing method, terminal and computer readable storage medium |
| CN111625814A (en) * | 2020-05-12 | 2020-09-04 | 卓尔智联(武汉)研究院有限公司 | Processing device, processing method, processing device and storage medium for wind control calculation |
| CN113268723A (en) * | 2021-06-24 | 2021-08-17 | 广东电网有限责任公司计量中心 | Electric energy meter software platform application program authority control method and related device |
| CN114035812A (en) * | 2021-11-05 | 2022-02-11 | 安天科技集团股份有限公司 | Application software installation and/or operation method, device, electronic equipment and storage medium |
| CN114547593A (en) * | 2020-11-18 | 2022-05-27 | 成都鼎桥通信技术有限公司 | Terminal application authentication method, device and equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050223223A1 (en) * | 2004-04-01 | 2005-10-06 | Fujitsu Limited | Authentication apparatus and authentication method |
| CN101937500A (en) * | 2009-06-29 | 2011-01-05 | 深圳市联软科技有限公司 | Computer terminal security protection method and system |
-
2012
- 2012-12-26 CN CN201210573690.0A patent/CN103020515B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050223223A1 (en) * | 2004-04-01 | 2005-10-06 | Fujitsu Limited | Authentication apparatus and authentication method |
| CN101937500A (en) * | 2009-06-29 | 2011-01-05 | 深圳市联软科技有限公司 | Computer terminal security protection method and system |
Non-Patent Citations (1)
| Title |
|---|
| 庞国安等: "Linux启动过程分析", 《计算机与现代化》, no. 174, 19 April 2010 (2010-04-19) * |
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103544411A (en) * | 2013-10-16 | 2014-01-29 | 深圳全智达通信股份有限公司 | Software package certificate protection method and device |
| CN103632073A (en) * | 2013-12-05 | 2014-03-12 | 北京网秦天下科技有限公司 | Method and device used for controlling terminal application permission |
| CN106462398A (en) * | 2014-06-11 | 2017-02-22 | 三菱电机株式会社 | Program edit device, program management device, program edit program, and program management program |
| CN105451233A (en) * | 2014-08-18 | 2016-03-30 | 北京壹人壹本信息科技有限公司 | Anti-monitoring method and system and mobile terminal |
| CN105451233B (en) * | 2014-08-18 | 2019-03-15 | 北京壹人壹本信息科技有限公司 | A kind of anti-method monitored, system and mobile terminal |
| CN104462958A (en) * | 2014-11-06 | 2015-03-25 | 东莞宇龙通信科技有限公司 | Intersystem switching method and device of terminal |
| CN104462958B (en) * | 2014-11-06 | 2018-01-09 | 东莞宇龙通信科技有限公司 | The inter-system switching method and device of a kind of terminal |
| CN104462950A (en) * | 2014-12-17 | 2015-03-25 | 中国人民解放军国防科学技术大学 | Application program executing permission control method used for operating system |
| CN104766005A (en) * | 2015-04-15 | 2015-07-08 | 小米科技有限责任公司 | Management method and device for application software access authority |
| CN105095049A (en) * | 2015-08-17 | 2015-11-25 | 安一恒通(北京)科技有限公司 | Method and device used for monitoring application operation |
| CN105095049B (en) * | 2015-08-17 | 2018-02-13 | 安一恒通(北京)科技有限公司 | Method and apparatus for monitoring application operation |
| CN106204047A (en) * | 2016-06-30 | 2016-12-07 | 成都生辉电子科技有限公司 | A kind of mobile terminal payment device |
| CN110178135B (en) * | 2017-01-17 | 2023-04-21 | 微软技术许可有限责任公司 | Altering application security to support instant access |
| CN110178135A (en) * | 2017-01-17 | 2019-08-27 | 微软技术许可有限责任公司 | Application security is changed to support to access immediately |
| CN107092505A (en) * | 2017-03-31 | 2017-08-25 | 努比亚技术有限公司 | The erecting device and method of a kind of application program, storage medium, terminal |
| CN108804911B (en) * | 2017-04-28 | 2021-05-04 | 华为技术有限公司 | Method and device for acquiring recessive identifier |
| CN108804911A (en) * | 2017-04-28 | 2018-11-13 | 华为技术有限公司 | A kind of acquisition methods and device of implicit identification's symbol |
| CN108549798A (en) * | 2018-04-12 | 2018-09-18 | 珠海市魅族科技有限公司 | Terminal equipment control method and device, terminal device and computer readable storage medium |
| CN108549798B (en) * | 2018-04-12 | 2023-11-07 | 珠海市魅族科技有限公司 | Terminal equipment control method and device, terminal equipment and computer readable storage medium |
| CN108833690B (en) * | 2018-05-31 | 2021-11-16 | 努比亚技术有限公司 | Authority control method, terminal and computer readable storage medium |
| CN108833690A (en) * | 2018-05-31 | 2018-11-16 | 努比亚技术有限公司 | authority control method, terminal and computer readable storage medium |
| CN110781490A (en) * | 2018-07-30 | 2020-02-11 | 中兴通讯股份有限公司 | Information processing method, terminal and computer readable storage medium |
| CN111625814A (en) * | 2020-05-12 | 2020-09-04 | 卓尔智联(武汉)研究院有限公司 | Processing device, processing method, processing device and storage medium for wind control calculation |
| CN114547593A (en) * | 2020-11-18 | 2022-05-27 | 成都鼎桥通信技术有限公司 | Terminal application authentication method, device and equipment |
| CN113268723A (en) * | 2021-06-24 | 2021-08-17 | 广东电网有限责任公司计量中心 | Electric energy meter software platform application program authority control method and related device |
| CN114035812A (en) * | 2021-11-05 | 2022-02-11 | 安天科技集团股份有限公司 | Application software installation and/or operation method, device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103020515B (en) | 2015-07-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103020515B (en) | Application program execution permission control method for operating system | |
| CN104462950A (en) | Application program executing permission control method used for operating system | |
| US9712530B2 (en) | Systems and methods for enforcing security in mobile computing | |
| Eggers | A novel approach for analyzing the nuclear supply chain cyber-attack surface | |
| CN105408911A (en) | Hardware and software execution profiling | |
| CN102880828B (en) | Intrusion detection and recovery system aiming at virtualization support environment | |
| Bing | Analysis and research of system security based on android | |
| CN103154925A (en) | Disabling communication in a multiprocessor system | |
| CN105683990A (en) | Method and apparatus for protecting dynamic libraries | |
| CN102667712A (en) | System, method and apparatus for simultaneous definition and enforcement of access-control and integrity policies | |
| CN103970540B (en) | Key Functions secure calling method and device | |
| CN103902884A (en) | System and method for protecting data of virtual machine | |
| Siddiqui et al. | Establishing cyber resilience in embedded systems for securing next-generation critical infrastructure | |
| CN115310084A (en) | Tamper-proof data protection method and system | |
| CN107122664B (en) | Safety protection method and device | |
| CN101458748B (en) | Method for loading into kernel component to establish computing environment | |
| CN107766061A (en) | The installation method and installation system of a kind of Android application program | |
| Toffalini et al. | Careful-packing: A practical and scalable anti-tampering software protection enforced by trusted computing | |
| CN104866761B (en) | A kind of high security Android intelligent terminal | |
| CN114095227A (en) | Credible authentication method and system for data communication gateway and electronic equipment | |
| Turhan et al. | The Trust Model For Multi-tenant 5G Telecom Systems Running Virtualized Multi-component Services | |
| Denzler et al. | Identification of security threats, safety hazards, and interdependencies in industrial edge computing | |
| Xia et al. | Android security overview: A systematic survey | |
| KR101530532B1 (en) | Apparatus and Method for Detecting Rooting a Mobile Terminal | |
| CN114338166A (en) | Edge device risk processing method, device, equipment and cloud server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |