CN104573501A - Safety software protection interface device and method on basis of UEFI (Unified Extensible Firmware Interface) - Google Patents
Safety software protection interface device and method on basis of UEFI (Unified Extensible Firmware Interface) Download PDFInfo
- Publication number
- CN104573501A CN104573501A CN201410457647.7A CN201410457647A CN104573501A CN 104573501 A CN104573501 A CN 104573501A CN 201410457647 A CN201410457647 A CN 201410457647A CN 104573501 A CN104573501 A CN 104573501A
- Authority
- CN
- China
- Prior art keywords
- software
- party
- protection
- dynamic binding
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 238000004891 communication Methods 0.000 claims abstract description 16
- 238000001514 detection method Methods 0.000 claims description 9
- 238000004321 preservation Methods 0.000 claims description 8
- 230000002159 abnormal effect Effects 0.000 claims description 3
- 230000003993 interaction Effects 0.000 claims description 3
- 238000005259 measurement Methods 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 claims description 3
- 238000000638 solvent extraction Methods 0.000 abstract 1
- 238000007726 management method Methods 0.000 description 6
- 241000700605 Viruses Species 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000007429 general method Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000026676 system process Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/101—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
Abstract
The invention discloses a safety software protection interface device and a method on the basis of a UEFI (Unified Extensible Firmware Interface) and belongs to the technical field of computer safety. The interface device comprises a dynamic binding protection driving module, a third-party dynamic binding protection system client main program and a software dynamic binding protection system server side, wherein the dynamic binding protection driving module accords with the specification of UEFI firmware; the third-party dynamic binding protection system client main program operates in an operation system; the dynamic binding protection driving module provides real-time protection on the dynamic binding protection system client main program; real-time protection of software on the third-party dynamic binding protection system client main program is implemented by interfaces of a firmware layer and an operation system layer, files of the client main program can be guaranteed not to be tampered or deleted and the client main program can be guaranteed to correctly operate; the software dynamic binding protection system server side comprises a software and feature value storage service, a software protection strategy management service and a network communication service. The safety software protection interface device and the method on the basis of the UEFI can solve the problem that third-party software cannot be protected in the process of replacing a hard disk and partitioning again.
Description
Technical field
The invention belongs to computer security technique field, relate to a kind of based on UEFI firmware, in the process of operating system, method third party software protected by fail-safe software protection interface.
Background technology
At present, in the art, the guard method of program is mainly protected software at operating system layer, prevent unloading and delete.General method is, sets up a finger daemon in an operating system, by configuration, enables finger daemon navigate to protected process, and detects protected process, judge whether it is in legal running status.In an operating system, there is following deficiency by software approach protection application-specific, mainly comprise:
(1), change the device of the protected program of the storage such as hard disk, Flash at computing equipment after, automatically can not reinstall and recover protected program.
(2) after carrying out again subregion to the storage space of the protected program such as hard disk, Flash, computing equipment automatically can not be reinstalled and recover protected program.
(3) after formaing the storage space of the protected program such as hard disk, Flash, computing equipment automatically can not be reinstalled and recover protected program.
(4) when protected software do not belong to operating system carry software when, after computing equipment reinstalls operating system, automatically can not reinstall and recover protected program.
(5) legal terminal can not be stoped to use user unlawfully to unload the application specific software that this terminal is run.
(6) the specific software file in the operating system of terminal, can not start-up and operation legally by virus or after wooden horse distorts and delete.
(7) before os starting, can not determine whether specific software document exists.As this software (as audit software etc.) must run after os starting, then software document deleted after, can not normal start-up and operation.
(8) remotely, dynamically can not bind new software application, and ensure its legal operation in an operating system.
Summary of the invention
The object of the invention is the defect in order to overcome prior art, in order to solve the problem cannot protecting third party software at replacing hard disk, again subregion, proposing a kind of fail-safe software protection interface apparatus and method based on UEFI.
Based on a fail-safe software protection interface device of UEFI, described interface arrangement comprises dynamic binding protection driver module, the third party's dynamic binding protection system client master routine running on operating system, software dynamic binding protection system service end three parts of meeting UEFI firmware specification;
Described dynamic binding protection driver module meets UEFI specification, and garrison the driver in firmware layer, this driver module can provide the real-time guard to dynamic binding protection system client master routine;
Third party's dynamic binding protection system client master routine runs in operating system, by guarding in real time of the Interface realization software of firmware layer and operating system layer, can ensure that the file of client master routine can not be tampered and delete, and the true(-)running of client master routine can be ensured; Third party's dynamic binding protection system client comprises third party software interface sub-module, software security guards submodule, communication interface submodule, enciphering/deciphering submodule, state interface submodule, regularly submodule; Client master routine by third party software interface sub-module, is formed with third party software and protects binding function, can prevent file from distorting for third party's defence program provides, file erase, and guarantee third party program can not by abort and true(-)running; Software security guards submodule by the running status by third party software interface sub-module monitoring third party software, and protects third party software to be stopped or to close; Communication interface submodule is used for client master routine and service end carries out data interaction; Enciphering/deciphering submodule is used for encrypting and decrypting data; Security strategy submodule is for storing the Preservation tactics to third party software; Timing submodule is used for calling software dynamic protection driver module in both fixed cycles;
Described software dynamic binding protection system service end comprises software and eigenwert repository service, software protection tactical management service and network communication services; Software and eigenwert repository service are used for, to client software distribution, eigenwert management, when third party's defence program is tampered and deletes, to be recovered third party's defence program by network; Software protection tactical management is used for the Security Techniques of setting terminal; Network communication services is used for providing communication support.
Method of the present invention is achieved through the following technical solutions,
After step one, start power on, in the UEFI vectoring phase, load and drive accordingly;
Whether step 2, dynamic binding protection driver module detects the client master program file in hard disk in firmware layer, check and be tampered and delete, if file is abnormal, recover; If file is correct, proceed to next step;
Step 3, os starting;
Step 4, client master routine are with operating system self-starting;
Step 5, client master routine communicate with service end, detect and upgrade the need of to protected third party software; If need to upgrade, download from server; If do not need to upgrade, proceed to next step;
Whether step 6, client master routine detect third party software and to install and bound and guard; If bound protection, proceeds to next step; Otherwise from service end download or from local recovery software;
Step 7, client master routine carry out integrity measurement according to configuration file to third party software file;
If step 8 protected file is complete, then proceed to next step; If file is imperfect, recovered by service end or this locality;
Whether step 9, detection protected software are run; If run, proceed to step 10, otherwise restart protected program according to configuration file;
Whether step 10, detection protected software running status be correct; If running status is correct, proceed to next step; If running status is incorrect, then by service end or this locality protected software is recovered and restart;
Whether step 11, detection receive halt instruction, if do not receive halt instruction, then proceed to step 7; If receive halt instruction, then flow process is protected to terminate.
Beneficial effect:
1, the present invention is by meeting the firmware module (safe preservation platform driver module) of UEFI interface specification, can, in start process, operating system process, protect protected program can not be tampered, close.Recover client master routine by safe preservation platform driver module, recover protected program by client master routine, can creation facilities program (CFP) trust and protection step by step.If find that protected program is tampered, can automatically recover by network and local storage medium and start.
2, change the device of the protected program of the storage such as hard disk, Flash at computing equipment after, automatically can reinstall and recover protected program.
3, after carrying out again subregion to the storage space of the protected program such as hard disk, Flash, computing equipment automatically can be reinstalled and recover protected program.
4, after formaing the storage space of the protected program such as hard disk, Flash, computing equipment automatically can be reinstalled and recover protected program.
5, when protected software do not belong to operating system carry software when, after computing equipment reinstalls operating system, still automatically can reinstall and recover protected program.
6, legal terminal can be stoped to use user unlawfully to unload the application specific software that this terminal is run.When terminal uses user to wish to unload protected application, if conflicted mutually with safe preservation platform service end Security Techniques, protected application cannot be unloaded.The modes such as timely replacing hard disk or employing refitting system, also still can be recovered again.
7, the specific software file in the operating system of terminal, by virus or after wooden horse distorts and delete, automatically will carry out recovering by safe preservation platform, start-up and operation.
8, after starting up, before os starting, can determine whether specific software document exists; Remotely, dynamically can bind new software application by safe preservation platform, and ensure its legal operation in an operating system.
Accompanying drawing explanation
Fig. 1 is general frame structural drawing of the present invention;
Fig. 2 is the system flowchart of dynamic binding of the present invention.
Embodiment
To develop simultaneously embodiment below in conjunction with accompanying drawing, describe the present invention.
As shown in Figure 1, the invention provides a kind of fail-safe software protection interface device based on UEFI, described interface arrangement comprises dynamic binding protection driver module, the third party's dynamic binding protection system client master routine running on operating system, software dynamic binding protection system service end three parts of meeting UEFI firmware specification;
Described dynamic binding protection driver module meets UEFI specification, and garrison the driver in firmware layer, this driver module can provide the real-time guard to dynamic binding protection system client master routine;
Third party's dynamic binding protection system client master routine runs in operating system, by guarding in real time of the Interface realization software of firmware layer and operating system layer, can ensure that the file of client master routine can not be tampered and delete, and the true(-)running of client master routine can be ensured; Third party's dynamic binding protection system client comprises third party software interface sub-module, software security guards submodule, communication interface submodule, enciphering/deciphering submodule, state interface submodule, regularly submodule; Client master routine by third party software interface sub-module, is formed with third party software and protects binding function, can prevent file from distorting for third party's defence program provides, file erase, and guarantee third party program can not by abort and true(-)running; Software security guards submodule by the running status by third party software interface sub-module monitoring third party software, and protects third party software to be stopped or to close; Communication interface submodule is used for client master routine and service end carries out data interaction; Enciphering/deciphering submodule is used for encrypting and decrypting data; Security strategy submodule is for storing the Preservation tactics to third party software; Timing submodule is used for calling software dynamic protection driver module in both fixed cycles;
Described software dynamic binding protection system service end comprises software and eigenwert repository service, software protection tactical management service and network communication services; Software and eigenwert repository service are used for, to client software distribution, eigenwert management, when third party's defence program is tampered and deletes, to be recovered third party's defence program by network; Software protection tactical management is used for the Security Techniques of setting terminal; Network communication services is used for providing communication support.
Before application, need to dispose in advance at terminal, the method that can select comprises in the present invention:
(1) in UEFI kernel image, driver module is added.
(2) carry Option ROM module in UEFI kernel image.
(3) can carry driver module in other peripherals such as letter card.
As shown in Figure 2, the step that the present invention realizes is as follows,
After step one, start power on, in the UEFI vectoring phase, load and drive accordingly;
Whether step 2, dynamic binding protection driver module detects the client master program file in hard disk in firmware layer, check and be tampered and delete, if file is abnormal, recover; If file is correct, proceed to next step;
Step 3, os starting;
Step 4, client master routine are with operating system self-starting;
Step 5, client master routine communicate with service end, detect and upgrade the need of to protected third party software; If need to upgrade, download from server; If do not need to upgrade, proceed to next step;
Whether step 6, client master routine detect third party software and to install and bound and guard; If bound protection, proceeds to next step; Otherwise from service end download or from local recovery software;
Step 7, client master routine carry out integrity measurement according to configuration file to third party software file;
If step 8 protected file is complete, then proceed to next step; If file is imperfect, recovered by service end or this locality;
Whether step 9, detection protected software are run; If run, proceed to step 10, otherwise restart protected program according to configuration file;
Whether step 10, detection protected software running status be correct; If running status is correct, proceed to next step; If running status is incorrect, then by service end or this locality protected software is recovered and restart;
Whether step 11, detection receive halt instruction, if do not receive halt instruction, then proceed to step 7; If receive halt instruction, then flow process is protected to terminate.
In sum, these are only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (2)
1. the fail-safe software protection interface device based on UEFI, it is characterized in that, described interface arrangement comprises dynamic binding protection driver module, the third party's dynamic binding protection system client master routine running on operating system, software dynamic binding protection system service end three parts of meeting UEFI firmware specification;
Described dynamic binding protection driver module meets UEFI specification, and garrison the driver in firmware layer, this driver module can provide the real-time guard to dynamic binding protection system client master routine;
Described third party's dynamic binding protection system client master routine runs in operating system, by guarding in real time of the Interface realization software of firmware layer and operating system layer, can ensure that the file of client master routine can not be tampered and delete, and the true(-)running of client master routine can be ensured; Third party's dynamic binding protection system client comprises third party software interface sub-module, software security guards submodule, communication interface submodule, enciphering/deciphering submodule, state interface submodule, regularly submodule; Client master routine by third party software interface sub-module, is formed with third party software and protects binding function, can prevent file from distorting for third party's defence program provides, file erase, and guarantee third party program can not by abort and true(-)running; Software security guards submodule by the running status by third party software interface sub-module monitoring third party software, and protects third party software to be stopped or to close; Communication interface submodule is used for client master routine and service end carries out data interaction; Enciphering/deciphering submodule is used for encrypting and decrypting data; Security strategy submodule is for storing the Preservation tactics to third party software; Timing submodule is used for calling software dynamic protection driver module in both fixed cycles;
Described software dynamic binding protection system service end comprises software and eigenwert repository service, software protection tactical management service and network communication services; Software and eigenwert repository service are used for, to client software distribution, eigenwert management, when third party's defence program is tampered and deletes, to be recovered third party's defence program by network; Software protection tactical management is used for the Security Techniques of setting terminal; Network communication services is used for providing communication support.
2., as claimed in claim 1 based on the fail-safe software protection interface device of UEFI, it is characterized in that, performing step is as follows:
After step one, start power on, in the UEFI vectoring phase, load and drive accordingly;
Whether step 2, dynamic binding protection driver module detects the client master program file in hard disk in firmware layer, check and be tampered and delete, if file is abnormal, recover; If file is correct, proceed to next step;
Step 3, os starting;
Step 4, client master routine are with operating system self-starting;
Step 5, client master routine communicate with service end, detect and upgrade the need of to protected third party software; If need to upgrade, download from server; If do not need to upgrade, proceed to next step;
Whether step 6, client master routine detect third party software and to install and bound and guard; If bound protection, proceeds to next step; Otherwise from service end download or from local recovery software;
Step 7, client master routine carry out integrity measurement according to configuration file to third party software file;
If step 8 protected file is complete, then proceed to next step; If file is imperfect, recovered by service end or this locality;
Whether step 9, detection protected software are run; If run, proceed to step 10, otherwise restart protected program according to configuration file;
Whether step 10, detection protected software running status be correct; If running status is correct, proceed to next step; If running status is incorrect, then by service end or this locality protected software is recovered and restart;
Whether step 11, detection receive halt instruction, if do not receive halt instruction, then proceed to step 7; If receive halt instruction, then flow process is protected to terminate.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410457647.7A CN104573501A (en) | 2014-09-10 | 2014-09-10 | Safety software protection interface device and method on basis of UEFI (Unified Extensible Firmware Interface) |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410457647.7A CN104573501A (en) | 2014-09-10 | 2014-09-10 | Safety software protection interface device and method on basis of UEFI (Unified Extensible Firmware Interface) |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104573501A true CN104573501A (en) | 2015-04-29 |
Family
ID=53089541
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410457647.7A Pending CN104573501A (en) | 2014-09-10 | 2014-09-10 | Safety software protection interface device and method on basis of UEFI (Unified Extensible Firmware Interface) |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104573501A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040078680A1 (en) * | 2002-03-20 | 2004-04-22 | Legend (Beijing) Limited | Method for implementing data backup and recovery in computer hard disk |
| CN1952885A (en) * | 2005-10-19 | 2007-04-25 | 联想(北京)有限公司 | A computer system and method to check completely |
| CN102262574A (en) * | 2011-06-20 | 2011-11-30 | 奇智软件(北京)有限公司 | Boot protecting method and device of operating system |
| CN102722671A (en) * | 2012-06-01 | 2012-10-10 | 北京理工大学 | Data defense system in windows operation system |
-
2014
- 2014-09-10 CN CN201410457647.7A patent/CN104573501A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040078680A1 (en) * | 2002-03-20 | 2004-04-22 | Legend (Beijing) Limited | Method for implementing data backup and recovery in computer hard disk |
| CN1952885A (en) * | 2005-10-19 | 2007-04-25 | 联想(北京)有限公司 | A computer system and method to check completely |
| CN102262574A (en) * | 2011-06-20 | 2011-11-30 | 奇智软件(北京)有限公司 | Boot protecting method and device of operating system |
| CN102722671A (en) * | 2012-06-01 | 2012-10-10 | 北京理工大学 | Data defense system in windows operation system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3374922B1 (en) | Systems and methods for protecting backed-up data from ransomware attacks | |
| US9852289B1 (en) | Systems and methods for protecting files from malicious encryption attempts | |
| US10007795B1 (en) | Detection and recovery of documents that have been compromised by malware | |
| US9003546B2 (en) | Secured deletion of information | |
| US9064120B2 (en) | Systems and methods for directing application updates | |
| CN100504899C (en) | Software watchdog system and method | |
| US20190065736A1 (en) | Systems and methods for preventing malicious applications from exploiting application services | |
| CN102880828B (en) | Intrusion detection and recovery system aiming at virtualization support environment | |
| US10210330B1 (en) | Systems and methods for detecting malicious processes that encrypt files | |
| US8701195B2 (en) | Method for antivirus in a mobile device by using a mobile storage and a system thereof | |
| KR101369251B1 (en) | Apparatus, method, terminal and system for recovery protection of system files | |
| US9342550B1 (en) | Systems and methods for preventing data loss via temporary-file generating applications | |
| CN106909829A (en) | Suitable for the Software security protection system of Godson desktop computer and its guard method | |
| CN110245495B (en) | BIOS checking method, configuration method, device and system | |
| US10237266B2 (en) | Privileged shared account password sanitation | |
| CN104573499A (en) | Executable program file protection system and method on basis of UEFI (Unified Extensible Firmware Interface) | |
| US9323518B1 (en) | Systems and methods for modifying applications without user input | |
| CN104573417A (en) | UEFI (Unified Extensible Firmware Interface)-based software whole-process protection system and UEFI-based software whole-process protection method | |
| US11216559B1 (en) | Systems and methods for automatically recovering from malware attacks | |
| US9501649B2 (en) | Systems and methods for determining potential impacts of applications on the security of computing systems | |
| US9323541B2 (en) | Method, apparatus, system, and machine readable storage medium for providing software security | |
| CN104573501A (en) | Safety software protection interface device and method on basis of UEFI (Unified Extensible Firmware Interface) | |
| US11288361B1 (en) | Systems and methods for restoring applications | |
| US10437683B1 (en) | Systems and methods for protecting data affected by system changes | |
| US11588847B2 (en) | Automated seamless recovery |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150429 |
|
| WD01 | Invention patent application deemed withdrawn after publication |