CN104318156A - Progress access safety method and system - Google Patents
Progress access safety method and system Download PDFInfo
- Publication number
- CN104318156A CN104318156A CN201410566662.5A CN201410566662A CN104318156A CN 104318156 A CN104318156 A CN 104318156A CN 201410566662 A CN201410566662 A CN 201410566662A CN 104318156 A CN104318156 A CN 104318156A
- Authority
- CN
- China
- Prior art keywords
- access
- change
- changes
- strategy
- generation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention provides a progress access safety method and system. The method includes: monitoring changes in a progress ID (identifier); in case of any changes in the progress ID, acquiring the information of a progress with the ID changed, with the information including a pre-change ID and its access permission and a post-change ID and its access permission; according to a preset access strategy and the information of the progress with the ID changed, determining handling of the progress with the ID changed. The preset access strategy includes a range allowing access permission changes. The progress access safety method and system according to the technical scheme has the advantages that unlawful permission escalations of the progress can be prevented and detected, the system can be protected from malware, which gains access to, alter and expose its important resources and data by elevating the progress access rights, and system safety is greatly improved.
Description
Technical field
The present invention relates to a kind of computer security technique, particularly relate to a kind of process access security method and system.
Background technology
In computer systems, which, all application programs are all run in the mode of process, and process operationally can access corresponding resource according to the needs of application program.Different application programs operationally can have different resource access demands, access rights, and accordingly, process operationally can have different access rights.Usually, the access rights of process are determined when process creation, but when process is run, also can change the access rights of process dynamically.Rogue program also can obtain or operate more resource by the access rights changing process.
Because the access rights by changing process obtain the continuous increase of the rogue program to the higher access rights of system, the safety of computer system is subject to more and more serious threat.When rogue program obtains enough access rights, existing security of system preventing mechanism cannot stop valuable source in malevolence program from accessing, amendment, leakage system and data, and this security of system brings huge threat.In the mobile terminal adopting android system, this threat is especially obvious.In specific situation, the rogue programs such as virus or wooden horse are easy to utilize the leak in system to obtain system superuser right, thus control mobile terminal completely, so that steal telephone expenses on mobile terminals, steal the privacy of user such as note, address list and even monitor call, very harmful.
Given this, how in the system of mobile terminal, to ensure the security that process access is limit, thus protection system safety just becomes those skilled in the art's problem demanding prompt solution.
Summary of the invention
The shortcoming of prior art in view of the above, the object of the present invention is to provide a kind of process access security method and system, for solving the problem of the process access limit safety precaution of prior art Computer operating system.
For achieving the above object and other relevant objects, the invention provides a kind of process access security system, described process access security system comprises trusted module and process access control module, wherein: trusted module, comprises trusted service unit; Described trusted service unit is used for providing believable software service for described process access control module; Process access control module, comprises process detection control module and access strategy administrative unit; Described process detection control module is used for monitoring the change of process ID, when detecting that the ID of process changes, obtain the information of the process that described ID changes, comprise the ID after the ID before change and access rights thereof, change and access rights thereof, the information of the process changed by described ID sends to described access strategy administrative unit; Described access strategy administrative unit, is connected with described trusted service unit, for the progress information changed according to the access strategy preset and described generation ID, determines the process to the process that described generation ID changes; Described access strategy comprises the scope allowing access rights to change.
Alternatively, described trusted module also comprises integrity measurement unit, and described integrity measurement unit is used for carrying out integrity verification to described process access control module;
Alternatively, described ID comprises any one in UID or EUID.
Alternatively, described trusted module realizes based on TrustZone technology.
Alternatively, described the process of process that described generation ID changes to be comprised: when the process access limit before the described change in the progress information that described generation ID changes be less than the process access limit after described change and not in described access strategy allowed band time, remove the process that described generation ID changes.
Alternatively, described access control control module also comprises access strategy modified module, and described access strategy modified module, for receiving policy control order, revises described access strategy according to described policy control order.
Alternatively, described policy control order comprises the policy control order sent by described trusted service unit.
The present invention also provides a kind of process access security method, and described process access security method comprises: monitor the change of process ID; When detecting that the ID of process changes, obtaining the information of process that described ID changes, comprising the ID after the ID before change and access rights thereof, change and access rights thereof; According to the progress information that the access strategy preset and described generation ID change, determine the process to the process that described generation ID changes; Described access strategy comprises the scope allowing access rights to change.
Alternatively, described ID comprises any one in UID or EUID.
Alternatively, described the process of process that described generation ID changes to be comprised: when the process access limit before the described change in the progress information that described generation ID changes be less than the process access limit after described change and not in described access strategy allowed band time, remove the process that described generation ID changes.
Alternatively, described method also comprises: receive policy control order, revise described access strategy according to described policy control order.
Alternatively, described process access security method realizes based on the trusted service of TrustZone technique construction.
As mentioned above; a kind of process access security method and system of the present invention; there is following beneficial effect: can prevent and detect that the improper of process proposes power behavior; by rogue program, by improving, process access limit does not obtain, revises protection system, valuable source in leakage system and data, thus substantially increases the security of system.
Accompanying drawing explanation
Fig. 1 is shown as the module diagram of an embodiment of a kind of process access security of the present invention system.
Fig. 2 is shown as the method flow schematic diagram of an embodiment of a kind of process access security method of the present invention.
Element numbers explanation
1 process access security system
11 trusted modules
111 trusted service unit
112 integrity measurement unit
12 process access control modules
121 process detection control modules
122 access strategy administrative units
123 access strategy amendment unit
S1 ~ S3 step
Embodiment
Below by way of specific instantiation, embodiments of the present invention are described, those skilled in the art the content disclosed by this instructions can understand other advantages of the present invention and effect easily.The present invention can also be implemented or be applied by embodiments different in addition, and the every details in this instructions also can based on different viewpoints and application, carries out various modification or change not deviating under spirit of the present invention.
It should be noted that, the diagram provided in the present embodiment only illustrates basic conception of the present invention in a schematic way, then only the assembly relevant with the present invention is shown in graphic but not component count, shape and size when implementing according to reality is drawn, it is actual when implementing, and the kenel of each assembly, quantity and ratio can be a kind of change arbitrarily, and its assembly layout kenel also may be more complicated.
The invention provides a kind of process access security system.As shown in Figure 1, in one embodiment, described process access security system 1 comprises trusted module 11 and process detection control module 12.Wherein:
Trusted module 11, comprises trusted service unit 111; Described trusted service unit 111 is for providing believable software service for described process access control module 12.In one embodiment, described trusted module 11 builds based on reliable hardware, and described reliable hardware is based on TrustZone technology.TrustZone (TM) technology appears at ARMv6KZ and compared with in the application core framework in late period.It provide a kind of scheme of low cost, add exclusive security kernel in system single chip (SoC), support two virtual processors by the access control mode of hardware construction.This mode can make application core can switch between two states (usually renaming as field (worlds) to avoid obscuring with the title of other functional areas), and information can be avoided under this framework to leak to more unsafe field from more believable core realm.Switching between this kernel field normally with the complete onrelevant of other functions of processor (orthogonal), therefore every field can independent work but still can use same kernel separately.Therefore internal memory and peripheral device also can learn field that current kernel operates why, and can provide for this mode and carry out access control to the secret of device and coding.The application of typical TrustZone technology is intactly executive operating system under wanting to lack the environment of security at, and can have the coding of less security in a trustable environment.
Process access control module 12, comprises process detection control module 121, access strategy administrative unit 122.Described process detection control module 121 is for monitoring the change of process ID, when detecting that the ID of process changes, obtain the information of the process that described ID changes, comprise the ID after the ID before change and access rights thereof, change and access rights thereof, the information of the process changed by described ID sends to described access strategy administrative unit 122.In one embodiment, the UID (user ID) that described process ID (Identity, identification number) is process, in another embodiment, described process ID is the EUID (valid user-id) of process.When process ID changes; the access rights of process also usually can change; now; process detection control module 121 obtains the information that the process that process ID changes occurs; comprise the process ID before there is process ID change and process access limit, the process ID after process ID change and process access limit occur.
The monitoring of Programmable detection control module 121 pairs of processes scans with all processes of certain cycle to system cloud gray model, and all information of record the process, comprise the ID of process, user profile etc.When next cycle arrives, Programmable detection control module 121 can continue to scan whole progress information, and compares with the process scanning result of last time.Now, if comparative result has newly-increased root consumer process, then Programmable detection control module 121 can do further process to this process.If comparative result has the ID of a certain process to change, and the user of this process becomes root user, then Programmable detection control module 121 can do further process to this process.If result is without exception, be left intact.
Above-mentioned record the process information is not limited only to the ID of process, and user also comprises the startup command of this process, the details such as start-up time, parent process.2 scanning results in front and back, all sort with process ID, find newly-increased process ID and the process ID of disappearance.If no, result is without exception.If had, continue.Compare newly-increased process and disappearance progress information, if all unchanged before and after the information such as the startup command of a certain process, start-up time, parent process, only process ID changes, be then designated as this process ID and change.Further, if the user profile of this process also changes, and become root user, then further process is done to this process.All the other newly-increased processes, if user profile is not root user, do not process.If root user, then further process is done to this process.
Access strategy administrative unit 122, is connected with described process detection control module 121, for the progress information changed according to the access strategy preset and described generation ID, determines the process to the process that described generation ID changes; Described access strategy comprises the scope allowing access rights to change.Particularly, described access strategy includes the scope that system allows access rights to change, as the situation that system allows: the process access before change is limited to can access for which resource, and the process access after change is limited to can access for which resource.In one embodiment, described the process of process that described generation ID changes to be comprised: when the process access limit before the described change in the progress information that described generation ID changes be less than the process access limit after described change and not in described access strategy allowed band time, remove the process that described generation ID changes.If the process access limit before changing described in the progress information that described generation ID changes is less than the process access limit after described change, when this change is in access strategy allowed band, namely system allows this situation to occur, and now, does not remove the process that described generation ID changes.If the process access limit before changing described in the progress information that described generation ID changes is more than or equal to the process access limit after described change, do not remove the process that described generation ID changes.
The access strategy that access strategy administrative unit 122 performs is when system starts, and according to the system convention preset, the authority access list that each process is corresponding, this list is preset, for the resource access of restriction system process.Such as: A process, when system, only can access bluetooth equipment, cannot access wifi equipment.So, this access rule is had in the permissions list of A process.If A process has the scope having surmounted permissions list defined, be then the process of going beyond one's commission depending on this process.Permissions list scope is not limited only to the access to device resource, also comprises the restriction to the access of user's sensitive data.
In one embodiment, described trusted module 11 also comprises integrity measurement unit 112, and described integrity measurement unit 112 is for carrying out integrity verification to described process access control module 12.In one embodiment, described integrity measurement program 112 mainly verifies the integrality of process access control module 12 when system starts, and comprises and adopts hash algorithm or other algorithms, verify the process access control module that namely will load.When adopt hash algorithm time, if hash and initial value inconsistent, then illustrative system may be destroyed and occur serious problems, and now system is by out of service.If consistent, continue.
In one embodiment, described access control control module 12 also comprises access strategy modified module 123, and described access strategy modified module 123, for receiving policy control order, revises described access strategy according to described policy control order.In one embodiment, described policy control order comprises the policy control order sent by described trusted service unit 112.The interface that described policy control order can comprise user or application program to be provided by trusted service unit 112 sends.When described access strategy modified module 123 receives described policy control order, described access strategy will be revised according to described policy control order.Namely the scope that the process access limit that system of revising allows changes.
The present invention also provides a kind of process access security method.In one embodiment, described process access security method realizes based on the trusted service of TrustZone technique construction.As shown in Figure 2, in one embodiment, described process access security method comprises:
Step S1, monitors the change of process ID.Particularly, described process ID comprises the one in process UID (user ID) and EUID (valid user-id).In one embodiment, the described change to process ID is monitored is that trusted service based on TrustZone technique construction realizes.
Step S2, when detecting that the ID of process changes, obtains the information of process that described ID changes, and comprises the ID after the ID before change and access rights thereof, change and access rights thereof.Particularly, when detecting that the ID of process changes, obtaining the information of process that described ID changes, comprising the ID after the ID before change and access rights thereof, change and access rights thereof.In one embodiment, the UID (user ID) that described process ID (Identity, identification number) is process, in another embodiment, described process ID is the EUID (valid user-id) of process.When process ID changes; the access rights of process also usually can change; now; process detection control module 121 obtains the information that the process that process ID changes occurs; comprise the process ID before there is process ID change and process access limit, the process ID after process ID change and process access limit occur.
Step S3, according to the progress information that the access strategy preset and described generation ID change, determines the process to the process that described generation ID changes; Described access strategy comprises the scope allowing access rights to change.Particularly, described access strategy includes the scope that system allows access rights to change, as the situation that system allows: the process access before change is limited to can access for which resource, and the process access after change is limited to can access for which resource.In one embodiment, described the process of process that described generation ID changes to be comprised: when the process access limit before the described change in the progress information that described generation ID changes be less than the process access limit after described change and not in described access strategy allowed band time, remove the process that described generation ID changes.If the process access limit before changing described in the progress information that described generation ID changes is less than the process access limit after described change, when this change is in access strategy allowed band, namely system allows this situation to occur, and now, does not remove the process that described generation ID changes.If the process access limit before changing described in the progress information that described generation ID changes is more than or equal to the process access limit after described change, do not remove the process that described generation ID changes.
In one embodiment, described method also comprises: receive policy control order, revise described access strategy according to described policy control order.In one embodiment, described policy control order is comprised and being sent by described trusted service interface.When receiving described policy control order, described access strategy will be revised according to described policy control order.Namely the scope that the process access limit that system of revising allows changes.
In sum; a kind of process access security of the present invention method and system; can prevent and detect that the improper of process proposes power behavior; by rogue program, by improving, process access limit does not obtain, revises protection system, valuable source in leakage system and data, thus substantially increases the security of system.So the present invention effectively overcomes various shortcoming of the prior art and tool high industrial utilization.
Above-described embodiment is illustrative principle of the present invention and effect thereof only, but not for limiting the present invention.Any person skilled in the art scholar all without prejudice under spirit of the present invention and category, can modify above-described embodiment or changes.Therefore, such as have in art usually know the knowledgeable do not depart from complete under disclosed spirit and technological thought all equivalence modify or change, must be contained by claim of the present invention.
Claims (12)
1. a process access security system, is characterized in that, described process access security system comprises trusted module and process access control module, wherein:
Trusted module, comprises trusted service unit; Described trusted service unit is used for providing believable software service for described process access control module;
Process access control module, comprises process detection control module and access strategy administrative unit;
Described process detection control module is used for monitoring the change of process ID, when detecting that the ID of process changes, obtain the information of the process that described ID changes, comprise the ID after the ID before change and access rights thereof, change and access rights thereof, the information of the process changed by described ID sends to described access strategy administrative unit;
Described access strategy administrative unit, is connected with described trusted service unit, for the progress information changed according to the access strategy preset and described generation ID, determines the process to the process that described generation ID changes; Described access strategy comprises the scope allowing access rights to change.
2. process access security system according to claim 1, is characterized in that: described trusted module also comprises integrity measurement unit, and described integrity measurement unit is used for carrying out integrity verification to described process access control module.
3. process access security system according to claim 1, is characterized in that: described ID comprises any one in UID or EUID.
4. process access security system according to claim 1, is characterized in that: described trusted module realizes based on TrustZone technology.
5. process access security system according to claim 1, it is characterized in that: described the process of process that described generation ID changes to be comprised: when the process access limit before the described change in the progress information that described generation ID changes be less than the process access limit after described change and not in described access strategy allowed band time, remove the process that described generation ID changes.
6. process access security system according to claim 1, it is characterized in that: described access control control module also comprises access strategy modified module, described access strategy modified module, for receiving policy control order, revises described access strategy according to described policy control order.
7. process access security system according to claim 6, is characterized in that: described policy control order comprises the policy control order sent by described trusted service unit.
8. a process access security method, is characterized in that: described process access security method comprises:
The change of process ID is monitored;
When detecting that the ID of process changes, obtaining the information of process that described ID changes, comprising the ID after the ID before change and access rights thereof, change and access rights thereof;
According to the progress information that the access strategy preset and described generation ID change, determine the process to the process that described generation ID changes; Described access strategy comprises the scope allowing access rights to change.
9. process access security method according to claim 8, is characterized in that: described ID comprises any one in UID or EUID.
10. process access security method according to claim 8, it is characterized in that: described the process of process that described generation ID changes to be comprised: when the process access limit before the described change in the progress information that described generation ID changes be less than the process access limit after described change and not in described access strategy allowed band time, remove the process that described generation ID changes.
11. process access security methods according to claim 8, is characterized in that: described method also comprises: receive policy control order, revise described access strategy according to described policy control order.
12. process access security methods according to claim 8, is characterized in that: described process access security method realizes based on the trusted service of TrustZone technique construction.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410566662.5A CN104318156B (en) | 2014-10-22 | 2014-10-22 | A kind of process access safety method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410566662.5A CN104318156B (en) | 2014-10-22 | 2014-10-22 | A kind of process access safety method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104318156A true CN104318156A (en) | 2015-01-28 |
CN104318156B CN104318156B (en) | 2017-07-25 |
Family
ID=52373387
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410566662.5A Active CN104318156B (en) | 2014-10-22 | 2014-10-22 | A kind of process access safety method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104318156B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105468976A (en) * | 2015-12-08 | 2016-04-06 | 北京元心科技有限公司 | Container-based multi-system intrusion monitoring method and device |
CN106022128A (en) * | 2016-05-13 | 2016-10-12 | 北京奇虎科技有限公司 | Method and device for detecting process access right and mobile terminal |
CN106650438A (en) * | 2015-11-04 | 2017-05-10 | 阿里巴巴集团控股有限公司 | Method and device for detecting baleful programs |
CN106778284A (en) * | 2016-11-28 | 2017-05-31 | 北京奇虎科技有限公司 | The method and device of kernel leak rear end detection |
WO2019033973A1 (en) * | 2017-08-18 | 2019-02-21 | 阿里巴巴集团控股有限公司 | Privilege escalation prevention detection method and device |
CN111783082A (en) * | 2020-06-08 | 2020-10-16 | Oppo广东移动通信有限公司 | Process tracing method, device, terminal and computer readable storage medium |
CN112199673A (en) * | 2020-10-10 | 2021-01-08 | 北京微步在线科技有限公司 | Method and device for detecting authority lifting behavior and readable storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101739361A (en) * | 2008-11-12 | 2010-06-16 | 联想(北京)有限公司 | Access control method, access control device and terminal device |
US20120233692A1 (en) * | 2009-11-03 | 2012-09-13 | Ahnlab., Inc. | Apparatus and method for detecting malicious sites |
CN103294940A (en) * | 2013-05-23 | 2013-09-11 | 广东欧珀移动通信有限公司 | Android system authority control method and intelligent mobile terminal |
CN103455756A (en) * | 2013-08-02 | 2013-12-18 | 国家电网公司 | Dependable computing based process control method |
WO2013189008A1 (en) * | 2012-06-18 | 2013-12-27 | Honeywell International Inc. | Design pattern for secure store |
CN103826215A (en) * | 2014-02-11 | 2014-05-28 | 北京奇虎科技有限公司 | Method and apparatus for carrying out root authority management at terminal equipment |
-
2014
- 2014-10-22 CN CN201410566662.5A patent/CN104318156B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101739361A (en) * | 2008-11-12 | 2010-06-16 | 联想(北京)有限公司 | Access control method, access control device and terminal device |
US20120233692A1 (en) * | 2009-11-03 | 2012-09-13 | Ahnlab., Inc. | Apparatus and method for detecting malicious sites |
WO2013189008A1 (en) * | 2012-06-18 | 2013-12-27 | Honeywell International Inc. | Design pattern for secure store |
CN103294940A (en) * | 2013-05-23 | 2013-09-11 | 广东欧珀移动通信有限公司 | Android system authority control method and intelligent mobile terminal |
CN103455756A (en) * | 2013-08-02 | 2013-12-18 | 国家电网公司 | Dependable computing based process control method |
CN103826215A (en) * | 2014-02-11 | 2014-05-28 | 北京奇虎科技有限公司 | Method and apparatus for carrying out root authority management at terminal equipment |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106650438A (en) * | 2015-11-04 | 2017-05-10 | 阿里巴巴集团控股有限公司 | Method and device for detecting baleful programs |
CN105468976A (en) * | 2015-12-08 | 2016-04-06 | 北京元心科技有限公司 | Container-based multi-system intrusion monitoring method and device |
CN105468976B (en) * | 2015-12-08 | 2019-11-12 | 北京元心科技有限公司 | A kind of method for monitoring instruction and device of the multisystem based on container |
CN106022128A (en) * | 2016-05-13 | 2016-10-12 | 北京奇虎科技有限公司 | Method and device for detecting process access right and mobile terminal |
CN106022128B (en) * | 2016-05-13 | 2019-03-08 | 北京奇虎科技有限公司 | Method, device and mobile terminal for detection procedure access authority |
CN106778284A (en) * | 2016-11-28 | 2017-05-31 | 北京奇虎科技有限公司 | The method and device of kernel leak rear end detection |
CN106778284B (en) * | 2016-11-28 | 2021-03-26 | 北京奇虎科技有限公司 | Method and device for detecting kernel vulnerability back end |
WO2019033973A1 (en) * | 2017-08-18 | 2019-02-21 | 阿里巴巴集团控股有限公司 | Privilege escalation prevention detection method and device |
CN111783082A (en) * | 2020-06-08 | 2020-10-16 | Oppo广东移动通信有限公司 | Process tracing method, device, terminal and computer readable storage medium |
CN112199673A (en) * | 2020-10-10 | 2021-01-08 | 北京微步在线科技有限公司 | Method and device for detecting authority lifting behavior and readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN104318156B (en) | 2017-07-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104318156A (en) | Progress access safety method and system | |
CN109871695B (en) | Trusted computing platform with computing and protection parallel dual-architecture | |
EP2795829B1 (en) | Cryptographic system and methodology for securing software cryptography | |
US10788984B2 (en) | Method, device, and system for displaying user interface | |
US8726386B1 (en) | Systems and methods for detecting malware | |
US20150220455A1 (en) | Methods and apparatus for protecting operating system data | |
CN104268470B (en) | Method of controlling security and safety control | |
WO2014143029A1 (en) | Generic privilege escalation prevention | |
CN107111511B (en) | Access control method, device and system | |
CN104463013A (en) | Mobile terminal and data encryption method thereof | |
Li et al. | Android-based cryptocurrency wallets: Attacks and countermeasures | |
CN102222292A (en) | Mobile phone payment protection method | |
CN110245495A (en) | BIOS method of calibration, configuration method, equipment and system | |
CN108985096B (en) | Security enhancement and security operation method and device for Android SQLite database | |
CN104955043A (en) | Intelligent terminal safety protection system | |
CN107066872B (en) | Plug-in right control method and device and plug-in system | |
Guo et al. | Enforcing multiple security policies for android system | |
Bousquet et al. | Mandatory access control for the android dalvik virtual machine | |
CN109495436B (en) | Trusted cloud platform measurement system and method | |
CN112948824B (en) | Program communication method, device and equipment based on privacy protection | |
Oluwatimi et al. | An application restriction system for bring-your-own-device scenarios | |
CN102930222B (en) | Antibonding disc recording method and system | |
CN113836529A (en) | Process detection method, device, storage medium and computer equipment | |
CN111159714B (en) | Method and system for verifying credibility of main body in operation in access control | |
Yang et al. | Research on non-authorized privilege escalation detection of android applications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
EXSB | Decision made by sipo to initiate substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
PP01 | Preservation of patent right |
Effective date of registration: 20180313 Granted publication date: 20170725 |
|
PP01 | Preservation of patent right | ||
PD01 | Discharge of preservation of patent |
Date of cancellation: 20210313 Granted publication date: 20170725 |
|
PD01 | Discharge of preservation of patent | ||
PP01 | Preservation of patent right |
Effective date of registration: 20210313 Granted publication date: 20170725 |
|
PP01 | Preservation of patent right |