CN104318171B - Android private data guard methods and system based on rights label - Google Patents
Android private data guard methods and system based on rights label Download PDFInfo
- Publication number
- CN104318171B CN104318171B CN201410527988.7A CN201410527988A CN104318171B CN 104318171 B CN104318171 B CN 104318171B CN 201410527988 A CN201410527988 A CN 201410527988A CN 104318171 B CN104318171 B CN 104318171B
- Authority
- CN
- China
- Prior art keywords
- file
- android
- application
- rights label
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of Android private data guard methods based on rights label and system.This method is:1) set application to access the access strategy rule of file, and be loaded into the kernel module of mobile terminal operating system;2) when installing each application on the mobile terminal operating system, the application process and its file that the bag management services module of application framework layer calls kernel layer interface to be the application stamp rights label;3) when the application in the mobile terminal accesses a certain file, kernel module accesses operation or denied access according to access strategy rule and application process rights label, the rights label of this document of the application, Predicated execution;If 4) allow to perform access operation, after the application success accesses this document, kernel module updates this document rights label according to action type is accessed.Revealed present invention effectively prevents private data in inner nuclear layer, further increase the access to inner nuclear layer and implement control.
Description
Technical field
The invention belongs to mobile terminal safety field, the private data guard of Android platform is related generally to, more properly
It is be related to a kind of method that Android private datas are protected based on rights label, and it is a kind of based on rights label
Android private data guard systems.
Background technology
Android as one of mainstream operation system of mobile terminal in occupation of market huge share, and also by
Year increases.Shown according to the Market Research Corporation of America Gartner newest reports issued, be based on Android operation system within 2014
The equipment such as flat board, mobile phone shipment amount nearly 1,200,000,000, increased by 26% compared with 2013.In face of so huge Android user
Group, its security situation is also more severe.Issued according to Baidu security laboratory《Second quarter mobile security report in 2014》,
1,820,000 sections are added up to by the Malware and high-risk software on second quarter end in 2014, Android platform, wherein disliking
Meaning software has 640,000 sections, is three times of same period last year quantity.In these Malwares, although class of maliciously deducting fees software is still accounted for
According to very big proportion, but privacy steals class Malware and has showed the trend rapidly gone up, and its rising range has reached 57%.
The privacy information stolen is in addition to many in addition to user geographical position, address list, short message, photograph album photo, recording video etc.
User account information that the information related to user's pecuniary benefit, such as mobile payment are related to, payment cipher, have seriously threatened use
Family personal secrets, while also having fettered the development of the applications such as mobile payment.
Android system itself provides a set of authority mechanism to control to system protection resource such as network, GPS, short disappear
The access of breath, contact person etc., all applications all must show the authority of its needs of request to user in a pre-installation, and only obtain
Obtaining user authorizes rear to may have access to respective resources.It will be apparent that from the point of view of the security threat that Android platform is increasingly presented,
Android authority mechanisms do not reach the target of its anticipation.To find out its cause, except the requested many authorities of application developer, use
Family is not understood outside the transient causes such as authority implication, and a main substantive reason is exactly that the authority mechanism can be bypassed, its allusion quotation
It is exactly that privilege-escalation attack, i.e. Malware can equally obtain system sensitive money in the case where no user authorizes that type, which is represented,
Source.Privilege-escalation is attacked in specific implementation process, both can be Malware by calling the normal use with authority soft
Part or the open interface of system service are realized or two Malwares pass through and conspire the side that communication merges both authorities
Formula realizes that its result will all threaten terminal system and privacy of user safety.
The implementation control of Android authority mechanisms is the application framework layer completion in Android, therefore, currently for
The scheme of privilege-escalation attack is realized in application framework layer, is mainly manifested in by being introduced such as in authority decision plan
The dynamic factors such as time, position constrain access of the application component to resource, or the authority of integrated communication component carries out authority
Stipulations are with expansion of control assembly authority etc..However, the means of communication between component in application framework layer except mutually calling group
Outside part interface, traditional linux Interprocess Communication Mechanisms of inner nuclear layer are equally applicable.Its result is exactly, even in application framework layer
Prevent unauthorized to apply authorizes the interface applied come access system resources by calling, and unauthorized application may also pass through file
System etc. is with authorizing application communication to obtain the resource that should not be accessed.Search to the bottom, mainly also reside in Android authority mechanisms
Control be confined to application framework layer, application component inner nuclear layer can directly bypass upper strata authority judge, carried so as to reach
Rise the purpose of authority acquiring resource private data.Therefore, revealed to be prevented effectively from private data in inner nuclear layer, it is necessary to should
Inner nuclear layer is extended to the authority of ccf layer, access of the authority to inner nuclear layer is based further on and implements to control.
The content of the invention
In view of the above-mentioned problems, it is an object of the invention to provide a kind of private data guard method based on rights label.
Android authority mechanisms are extended to inner nuclear layer by this method, and combine inner nuclear layer mandatory Access Control Mechanism, will be applied as master
Body, file system is as object, and respectively Subjective and Objective stamps rights label, and sets access strategy based on rights label, to control
The access of main object processed, so as to prevent unauthorized is applied from obtaining private data by file system.
It is another object of the present invention to provide a kind of private data guard system based on rights label.System master
The private data for being to provide inner nuclear layer accesses protection, is that application and file stamp corresponding authority mark automatically according to application permission
Label, it is ensured that private data will not be circulated via file system to unauthorized application.
Private data guard method of the technical scheme based on rights label, its step is:
1) set application to access the access strategy rule of file, form access strategy file, restart system by access strategy
It is loaded onto Android kernel modules;
2) when installation Android is applied, the bag management services module of application framework layer calls kernel layer interface to be it automatically
Application process and file stamp rights label;
3) when application accesses file, Android kernel modules are accessed according to application process and the matching of the rights label of file
Strategy, and access operation or denied access are performed based on policy decision outcome;
4) after application success accesses file, Android kernel modules update file permission mark according to action type is accessed
Label.
Further, the label referred in the inventive method is a rendezvous value, and its set element is authority, for application
Its label shows the privacy authority that the application has for process, and its label shows that requirement accesses this document for file
Using the privacy authority that should have.
Further, the Android kernel modules being related in above-mentioned steps, refer to SELinuxLSM (Linux
Security Module) module.
Further, access strategy rule is defined as follows:
S represents that its label value is designated as set P using main body is accesseds;O represents file i.e. object, and its label value is designated as collection
Close Po;A represents that accessing operation reads or writes, and is designated as a ∈ { r, w };<s,a,o>∈ { T, F } represents that s carries out a to o and operates successfully or lose
Lose:
Rule 1:IfThen<s,r,o>=T, even includes file o authority mark using s rights label value
Then application s can implement read operation to label value to file o;
Rule 2:<s,w,o>=T, i.e. application s directly can implement write operation to file o.
Further, for not meeting regular access request described above, it is rejected by default.
Further, the work that strategy is loaded onto to kernel module is the init processes by Android in initialization
Implement in the lump during system.
Further, bag management services module sets the method for rights label value as follows:
The rights label of the application process is the subset that application obtains user's authorization privilege set, i.e., that therefrom extracts should
Use privacy authority set;
The rights label value of the file is sky.
Further, the authority records that the application obtains user's mandate assure reason in the configuration file that application is carried
Service module directly reads this document and can obtained.
Optionally, the application privacy authority extracting method is as follows:
P1 represents that P2 represents user-defined privacy authority set using the authority set that user authorizes is obtained, then from
The application privacy authority extracted in P1 is P1 ∩ P2.
Further, P2 depend on user privacy requirements, independently defined by user, such as comprising accessing address list, short message,
The authority of the private datas such as position.
Further, the bag management services module sets the number that the rights label of file itself is included only for application
According to file, the new file created for application process in communication sets its authority by kernel module after document creation success
Label is sky.Sky is set to when initial, is to ensure that original document can be accessed by other application.File is carried out once having and applying
Write operation, then file label can change, be designated as the intersection using label and file current label.
Further, the rights label of application process such as above-mentioned method no longer change after setting, and the rights label of file
Such as the only initial value that above-mentioned method is set, its rights label value can also change after application success accesses this document,
It updates operation and completed by kernel module.
Further, the rights label of file updates regular as follows:
Set PoRepresent that file o is employed the label value before s is accessed, set Po' represent that file o is employed the mark after s is accessed
Label value:
If<s,a,o>==T&&a==w, then Po'=Po∪Ps, otherwise Po'=Po, it is even real to file o successes using s
Write operation is applied, then file o rights label value is updated to the intersection of original value and application s rights label values;Otherwise file o
Rights label value remains unchanged.
The invention also provides the Android private data guard systems based on rights label, including:
Label setup module, for setting application process and its rights label of file when application is installed, in new file
File label is set during establishment, and file label is updated after application accesses file;
Policy development module, for formulate application access file policing rule, its rule be based primarily upon application process and
The rights label setting of file;
Tactful determination module, when application request accesses file, according to application process and the rights label and tool of file
The access operation requests of body, match corresponding policing rule, provide the result of determination for whether allowing to access;
Policy enforcement module, is implemented according to the result of determination of tactful determination module, using direct if allowing to access
Corresponding operating can be carried out to file, otherwise refusal application is accessed.
Further, the Android private data guard systems based on rights label also have following characteristic:
The label setup module includes two parts, bag management service of the part positioned at Android application frameworks layer
Module, the application process being responsible for when application is installed and its label setting work from tape file;Another part is located in Android
The kernel module of stratum nucleare, is responsible for when new file is created and application accesses the label setting work after file.
The policy development module is located at Android application layers, and its strategy generated is loaded onto by Androidinit processes
Kernel;
The tactful determination module and policy enforcement module are located at the kernel module of Android inner nuclear layers, in application request
Triggered when accessing file.
Further, the bag management services module in the label setup module is the kernel text provided based on SElinux
Part system access interface sets application process and its label from tape file.
Further, the kernel module in the label setup module, tactful determination module and policy enforcement module be
Realized in the Hook Function that SElinux is provided, file label is set in the Hook Function of establishment file and written document, read
Tactful judgement is carried out in the Hook Function of file and written document and controls to implement file access operation.
Beneficial effects of the present invention:
The present invention proposes the private data guard side based on rights label for the personal secrets problem of android system
Method, and private data guard system is constructed with this, the generation that can effectively prevent inner nuclear layer privilege-escalation from attacking, it is ensured that do not award
Power application can not be by file system with authorizing application communication to obtain private data.The present invention is by Android application frameworks
The authority mechanism of layer extends to inner nuclear layer, is application process and the corresponding rights label of communication file setting, and rely on these to mark
Access rule of generating strategy is signed, its strategy implement forced symmetric centralization is based on when application accesses file.The present invention sets application
Process label is different from the method for file label, and application process label is depended primarily on to be carried from applying and obtaining user's authorization privilege
The privacy authority taken, and file label is mainly based upon successful access and crosses the application permission label of this document and specific access
Operation, prevents the application with privacy authority that private data is transmitted to without corresponding authority by way of document communication with this
Application, it is ensured that the safety of system privacy data.
Brief description of the drawings
Fig. 1 is private data guard system module structural representation of the embodiment of the present invention.
Fig. 2 is private data guard method schematic flow sheet of the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is to be understood that described embodiment is only a part of embodiment of the invention, rather than whole implementation
Example.Based on the embodiment in the present invention, it is all that those skilled in the art are obtained under the premise of creative work is not made
Other embodiment, belongs to the scope of protection of the invention.
As shown in Fig. 2 being private data guard method schematic flow sheet in the embodiment of the present invention.It is automatic using meeting when installing
Be that application process and its file carried stamp corresponding label, for the file that newly creates then when creating it is tagged.Should
When accessing file with request, difference is performed according to the difference of access action type, if using being that file is read in request, first basis should
Corresponding policing rule is matched with the label of file with process, can be no with successful implementation read operation if policing rule is met
Then refuse read access;If using being request written document, write operation can be done directly, and basis should after write operation completion
File label is updated with process label.
In above-mentioned flow implementation procedure, several modules are related generally to, as shown in Figure 1.Priority assignation module is responsible for should
Rights label is set with process and its from tape file, policy development module is responsible to define the policing rule based on rights label, plan
Slightly determination module and policy enforcement module are responsible for controlling access of the application to file according to policing rule, ensure that unauthorized should with this
With will not via file system obtain private data.
In the present embodiment, the function of priority assignation module is by Android application bag management services
PackageManagerService and SElinux Hook Functions are completed jointly.PackageManagerService is responsible for
All apk applications of system, can read to apply from its AndroidManifest.xml configuration file when application is installed and obtain
The user's authorization privilege taken, according to user-defined privacy authority, therefrom extracts and applies privacy authority, in this, as the application
The rights label of its application process after success is installed, then directly sky is labeled as the file that the application is carried by its label.
SElinux Hook Functions can be intercepted and captured using any operation to file, if identification file operation is new files, in file
After creating successfully, directly by the label of new file also labeled as sky;If recognizing, file operation is write operation, in application success
Implement to the write operation of file after, using implement write operation application process label merge with the current label of file in the lump as
The new label of file;If identification file operation is read operation, file label remains original constant.
The function of policy development module realizes completion by a single apk application, and mainly setting application accesses text
The policing rule of part, and generate corresponding strategy file.Wherein, it is allowed to which the premise that application carries out read operation to file is to expire
Sufficient file label is the subset of application process label, i.e., application process label includes file label, corresponding to ensure only to have
The application of authority could obtain the content of file.And for mark of the application to the write operation, then application processes and file of file
Label are without any requirement, using can directly implement the write operation to file., it is necessary to restart after strategy file generation
Android system, kernel is loaded onto by system initialization process init by strategy.
The function of tactful determination module and policy enforcement module is all completed by SElinux Hook Functions.Hook letter
When number intercepting and capturing file operation is read operation, application process and the rights label of file are first read respectively, is then gone according to the label
Matching strategy rule, if rule, which is the application for allowing the label, accesses corresponding file, allows execution read operation, using can
To smoothly complete the read operation to file, it otherwise will directly refuse file access;It is write operation that Hook Function, which intercepts and captures file operation,
When, using directly can smoothly completing the write operation to file.
The Android private data guards based on rights label that the present invention is provided are described above by simple illustration
Scheme, it should be appreciated by those skilled in the art in the case of without departing from spirit and scope of the present invention, can modify.
Claims (9)
1. a kind of Android private data guard methods based on rights label, its step is:
1)Set application to access the access strategy rule of file, and be loaded into the interior of mobile terminal operating system Android
In core module;
2)When every Android is installed on the mobile terminal operating system applying, the bag management services module of application framework layer is adjusted
Rights label is stamped with the application process that kernel layer interface is Android applications and its from tape file;Wherein, application process
Rights label is the privacy authority set that the application has, and the rights label of file is to require that the application for accessing this document should have
Privacy authority set;
3)When the application in the mobile terminal accesses a certain file, Android kernel modules are advised according to the access strategy
Application process rights label, the rights label of this document then with the application, Predicated execution access operation or denied access;
4)If allowing to perform access operation, after the Android application success accesses this document, Android kernel moulds
Root tuber updates this document rights label according to action type is accessed;
Wherein, the access strategy rule includes:
Rule 1:Android applications s can be right if Android applications s rights label value of the rights label value comprising file o
File o implements read operation;
Rule 2:Android applications s directly can implement write operation to file o.
2. the method as described in claim 1, it is characterised in that the bag management services module calls kernel layer interface to be somebody's turn to do
The application process of Android applications and its method for stamping rights label from tape file are:The bag management services module is extracted
The authority set P1 that the user that Android applications are obtained when installing authorizes, then takes P1 and user-defined privacy authority collection
P2 common factor is closed as the rights label value of the Android application processes, the rights label initial value of file is sky.
3. method as claimed in claim 2, it is characterised in that the authority records that the user that the Android applications are obtained authorizes
In its configuration file, the bag management services module reads the configuration file and obtains corresponding authority.
4. method as claimed in claim 1 or 2, it is characterised in that the Android kernel modules are according to access action type
Update this document rights label method be:If Android applications s write operation, file o power to file o successful implementations
Limit label value is updated to the intersection of original value and Android application s rights label values;Otherwise file o rights label value is maintained
It is constant.
5. the method as described in claim 1, it is characterised in that the Android kernel modules are for application process in communication
The new file of establishment, it is sky to set its rights label.
6. a kind of Android private data guard systems based on rights label, it is characterised in that mould is set including rights label
Block, policy development module, tactful determination module and policy enforcement module;Wherein,
The rights label setup module, including positioned at the bag management services module of Android application frameworks layer, be responsible for
Application process when Android applications are installed and its rights label setting work from tape file;And Android kernel moulds
Block, is responsible for when new file is created and Android applications access the rights label setting work after file;
The policy development module, positioned at Android inner nuclear layers, being formulated for the rights label based on application process and file should
With the access strategy rule for accessing file;
The tactful determination module, positioned at Android inner nuclear layers, for when Android application requests access file, according to this
Application process and the rights label of file and specifically access operation requests that Android is applied, matching is corresponding to access plan
It is slightly regular, provide the result of determination for whether allowing to access;
The policy enforcement module, is implemented according to the result of determination of tactful determination module, the Android if allowing to access
Using directly corresponding operating can be carried out to file, otherwise refuse Android application access;
Wherein, the access strategy rule includes:
Rule 1:Android applications s can be right if Android applications s rights label value of the rights label value comprising file o
File o implements read operation;
Rule 2:Android applications s directly can implement write operation to file o.
7. system as claimed in claim 6, it is characterised in that when the bag management services module extracts Android application installations
The authority set P1 that the user of acquisition authorizes, then takes P1 and user-defined privacy authority set P2 common factor to be used as this
The rights label value of Android application processes, the rights label initial value of file is sky.
8. system as claimed in claim 6, it is characterised in that the Android kernel modules are corresponding according to action type is accessed
File permission label after being accessed with process is updated:If Android applications s write operations to file o successful implementations, text
Part o rights label value is updated to the intersection of original value and Android application s rights label values;Otherwise file o rights label
Value remains unchanged.
9. the system as described in claim 6 or 8, it is characterised in that the Android kernel modules are for application process logical
The new file created during letter, it is sky to set its rights label.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410527988.7A CN104318171B (en) | 2014-10-09 | 2014-10-09 | Android private data guard methods and system based on rights label |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410527988.7A CN104318171B (en) | 2014-10-09 | 2014-10-09 | Android private data guard methods and system based on rights label |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104318171A CN104318171A (en) | 2015-01-28 |
CN104318171B true CN104318171B (en) | 2017-11-07 |
Family
ID=52373402
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410527988.7A Expired - Fee Related CN104318171B (en) | 2014-10-09 | 2014-10-09 | Android private data guard methods and system based on rights label |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104318171B (en) |
Families Citing this family (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104683336B (en) * | 2015-02-12 | 2018-11-13 | 中国科学院信息工程研究所 | A kind of Android private data guard method and system based on security domain |
CN104702620A (en) * | 2015-03-26 | 2015-06-10 | 浪潮集团有限公司 | Website protection method based on file mandatory access control |
CN104992081B (en) * | 2015-06-24 | 2018-02-27 | 华中科技大学 | A kind of safe Enhancement Method of Android application programs third party code |
CN105046146B (en) * | 2015-06-30 | 2018-05-04 | 中标软件有限公司 | A kind of resource access method of Android system |
CN105072255A (en) * | 2015-07-10 | 2015-11-18 | 北京奇虎科技有限公司 | Mobile equipment privacy authority control method, mobile equipment privacy authority control device and corresponding mobile phone equipment |
CN105426754B (en) * | 2015-11-13 | 2018-04-27 | 上海斐讯数据通信技术有限公司 | A kind of right management method and system |
CN107103245B (en) * | 2016-02-23 | 2022-08-02 | 中兴通讯股份有限公司 | File authority management method and device |
CN105956493A (en) * | 2016-06-29 | 2016-09-21 | 乐视控股(北京)有限公司 | Mobile phone file protection method and mobile phone file protection device |
CN108205630A (en) * | 2016-12-20 | 2018-06-26 | 中国移动通信有限公司研究院 | Resource access method and device based on SeLinux under a kind of multi-user |
CN107622203B (en) * | 2017-09-30 | 2020-12-22 | Oppo广东移动通信有限公司 | Sensitive information protection method and device, storage medium and electronic equipment |
CN109324873A (en) * | 2018-09-21 | 2019-02-12 | 郑州云海信息技术有限公司 | The equipment and storage medium for virtualizing method for managing security, running kernel-driven |
CN109583228B (en) * | 2018-10-30 | 2021-05-07 | 中国科学院信息工程研究所 | Privacy information management method, device and system |
CN109347845B (en) * | 2018-10-30 | 2020-08-07 | 中国科学院信息工程研究所 | Information transfer method, device and system |
CN109618121B (en) * | 2018-11-29 | 2020-12-25 | 苏州市科远软件技术开发有限公司 | Video conference information security processing method and device |
CN110222480A (en) * | 2019-06-13 | 2019-09-10 | 红鼎互联(广州)信息科技有限公司 | The system and method that a kind of pair of software permission and behavior carry out security management and control |
CN111131189A (en) * | 2019-12-09 | 2020-05-08 | 维沃移动通信有限公司 | Data protection method and electronic equipment |
CN115134104B (en) * | 2021-03-25 | 2023-09-29 | 北京字跳网络技术有限公司 | Information processing method, information display method and information display device |
CN113626835B (en) * | 2021-06-25 | 2022-06-17 | 荣耀终端有限公司 | Data access method and electronic equipment |
CN114979131B (en) * | 2022-04-07 | 2024-04-19 | 中国科学院深圳先进技术研究院 | Cloud computing-oriented communication method and device for labeled von neumann architecture |
CN115174222A (en) * | 2022-07-06 | 2022-10-11 | 北京神州安付科技股份有限公司 | Information security protection method and system based on mobile device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101997912A (en) * | 2010-10-27 | 2011-03-30 | 苏州凌霄科技有限公司 | Mandatory access control device based on Android platform and control method thereof |
CN102200922A (en) * | 2011-04-06 | 2011-09-28 | 宇龙计算机通信科技(深圳)有限公司 | Application program installation method and terminal |
CN103577747A (en) * | 2013-10-16 | 2014-02-12 | 北京奇虎科技有限公司 | Mobile equipment privacy protection device and method |
CN103581187A (en) * | 2013-11-05 | 2014-02-12 | 曙光云计算技术有限公司 | Method and system for controlling access rights |
CN103971067A (en) * | 2014-05-30 | 2014-08-06 | 中国人民解放军国防科学技术大学 | Operating system nucleus universal access control method supporting entities inside and outside nucleus |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8544065B2 (en) * | 2008-01-23 | 2013-09-24 | International Business Machines Corporation | Dataspace protection utilizing virtual private networks on a multi-node computer system |
-
2014
- 2014-10-09 CN CN201410527988.7A patent/CN104318171B/en not_active Expired - Fee Related
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101997912A (en) * | 2010-10-27 | 2011-03-30 | 苏州凌霄科技有限公司 | Mandatory access control device based on Android platform and control method thereof |
CN102200922A (en) * | 2011-04-06 | 2011-09-28 | 宇龙计算机通信科技(深圳)有限公司 | Application program installation method and terminal |
CN103577747A (en) * | 2013-10-16 | 2014-02-12 | 北京奇虎科技有限公司 | Mobile equipment privacy protection device and method |
CN103581187A (en) * | 2013-11-05 | 2014-02-12 | 曙光云计算技术有限公司 | Method and system for controlling access rights |
CN103971067A (en) * | 2014-05-30 | 2014-08-06 | 中国人民解放军国防科学技术大学 | Operating system nucleus universal access control method supporting entities inside and outside nucleus |
Also Published As
Publication number | Publication date |
---|---|
CN104318171A (en) | 2015-01-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104318171B (en) | Android private data guard methods and system based on rights label | |
CN106326699B (en) | Server reinforcing method based on file access control and process access control | |
US11270267B2 (en) | Sensitive information management | |
US8839354B2 (en) | Mobile enterprise server and client device interaction | |
CN102034052B (en) | Operation system architecture based on separation of permissions and implementation method thereof | |
WO2015096695A1 (en) | Installation control method, system and device for application program | |
CN106330958B (en) | Secure access method and device | |
CN103544447B (en) | A kind of method preventing confidential information from revealing based on Android system and terminal | |
CN108243175B (en) | Access control method and device based on bucket policy | |
CN104680079A (en) | Electronic document security management system and electronic document security management method | |
CN106534148A (en) | Access control method and device for application | |
CN102495989A (en) | Subject-label-based access control method and system | |
CN107077565A (en) | The collocation method and equipment of a kind of safe configured information | |
US20140281499A1 (en) | Method and system for enabling communications between unrelated applications | |
DE112011103580B4 (en) | A method, secure entity, system, and computer program product for securely managing user access to a file system | |
WO2007001046A1 (en) | Method for protecting confidential file of security countermeasure application and confidential file protection device | |
CN110995657A (en) | Data access method, server and system based on data label | |
US20150012980A1 (en) | Systems and methods for secure singular computing environment | |
CN101739361A (en) | Access control method, access control device and terminal device | |
CN104866772A (en) | Computer access control method and system based on physical environment perception | |
CN110766850B (en) | Visitor information management method, access control system, server and storage medium | |
CN110443050B (en) | Method and system for processing counterfeit process in file transparent encryption and decryption system | |
CN108388779A (en) | A kind of Portable Automatic stamper machine and management system and its management control method | |
CN106411814A (en) | Strategy management method and system | |
WO2023241366A1 (en) | Data processing method and system, and electronic device and computer-readable storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20171107 Termination date: 20191009 |
|
CF01 | Termination of patent right due to non-payment of annual fee |