CN104573506A - Virtual machine based real-time monitoring method and device for process behavior - Google Patents
Virtual machine based real-time monitoring method and device for process behavior Download PDFInfo
- Publication number
- CN104573506A CN104573506A CN201510005352.0A CN201510005352A CN104573506A CN 104573506 A CN104573506 A CN 104573506A CN 201510005352 A CN201510005352 A CN 201510005352A CN 104573506 A CN104573506 A CN 104573506A
- Authority
- CN
- China
- Prior art keywords
- subprocess
- resource information
- sensitive resource
- sensitive
- call
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses virtual machine based real-time monitoring method and device for process behavior. The method comprises the steps of monitoring resource information transferred by each process and sub-process thereof; determining whether the sensitive resource information transferred by the process or the sub-process meets the management and control strategy when the resource information is the sensitive resource information; stopping transferring the sensitive resource by the process or the sub-process when the sensitive resource information transferred by the process or the sub-process does not meet the management and control strategy. According to the method, the behavior of each virtual machine process is monitored on real time, so that the use of each process to the system resource can be monitored, and as a result, the risk on the system platform source can be reduced at the system level, the sensitive resource of the system is monitored on real time.
Description
Technical field
The present invention relates to mobile message technical field, be specifically related to a kind of method of process behavior being monitored in real time based on virtual machine and device.
Background technology
At present, smart mobile phone becomes the carrier of the various information of user, stores a large amount of important information, therefore also becomes the preferred object of malicious attack.The security threat of smart mobile phone very most of from individual privacy divulge a secret and various malice is deducted fees software.These Malwares utilize the leak of authority mechanism in the past abuse authority opponent machine to attack, and What is more in Background scheduling hardware pry privacy.
The method of existing solution Android application behavior monitoring the process mechanism: the APK bag the inside of each application program includes an AndroidMainifest.xml file, this file, except enumerating application program run-time library, operation dependence etc., also can enumerate out the system access needed for this application program in detail.During software development, carry out explicitly to android system application access rights by the uses-permission field arranging this file, successful installation after the user approval.When the program is started, Dalvik virtual machine can verify permission list wherein, thus imports corresponding class libraries, for program.Conventional method adds hook when verifying permission list to audit, reminding user simultaneously.Allow user confirm, then start this program.The method program start in carried out once auditing, when examination & verification by after, be can not audit the behavior of this program in the operational process of program.
The behavior of said method application programs to a certain extent detects, but it is only limitted to detection time program starts, it having been done to a behavior, will no longer monitor the behavior of program after user allows.The monitoring of this sample loading mode very general, the program that cannot monitor in the middle of program is run calls situation to the various resource of system.The requirement of the secret protection of user cannot be met so under many circumstances.Give an example, if a process has camera authority and always at running background, meanwhile also has other process also to have the rights of using of camera.But system only has a camera, now system cannot know which program is taking this camera example on earth.So there is very large drawback in this traditional process monitoring method.And the program behavior monitoring method of this extensive style cannot meet user in real time to the demand that the behavior of process is monitored in a lot of scene.
Summary of the invention
For defect of the prior art, the invention provides a kind of method of process behavior being monitored in real time based on virtual machine and device, the method achieve and real-time monitoring is carried out to the sensitive resource of system.
First aspect, the invention provides a kind of method monitored in real time process behavior based on virtual machine, described method comprises:
Monitor the resource information that each process and subprocess thereof call;
When described resource information is sensitive resource information, judge whether the sensitive resource information that described process or described subprocess call meets management and control strategy;
When the sensitive resource information that described process or described subprocess are called does not meet management and control strategy, described process or subprocess is stoped to call this sensitive resource.
Optionally, before the resource information that each process of described monitoring and subprocess thereof call, described method also comprises:
The management and control strategy of the sensitive resource information that default described process or described subprocess call.
Optionally, after the resource information that each process of described monitoring and subprocess thereof call, described method also comprises:
After monitoring described process or described subprocess and calling resource information, real time record is carried out to the behavior of described process or described subprocess, and store the resource information that described process or described subprocess take.
Optionally, described method also comprises:
Real time record is carried out to the behavior of described process or described subprocess, builds holder's list of sensitive resource, the process in described list or subprocess are monitored.
Optionally, described sensitive resource information comprises:
The bag name of the time of the sensitive resource of each process transfer described, the type of sensitive resource, sensitive resource.
Second aspect, present invention also offers a kind of device monitored in real time process behavior based on virtual machine, described device comprises:
Monitoring module, for monitoring the resource information that each process and subprocess thereof call;
Policy validation module, for when described resource information is sensitive resource information, judges whether the sensitive resource information that described process or described subprocess call meets management and control strategy;
Stoping module, when the sensitive resource information for calling in described process or described subprocess does not meet management and control strategy, stoping described process or subprocess to call this sensitive resource.
Optionally, described device also comprises:
Strategy setting module, for monitor resource information that each process and subprocess thereof call at described monitoring module before, presets the management and control strategy of the sensitive resource information that described process or described subprocess call.
Optionally, described device also comprises:
Monitor message memory module, for monitor resource information that each process and subprocess thereof call at described monitoring module after, carries out real time record to the behavior of described process or described subprocess, and stores the resource information that described process or described subprocess take.
Optionally, described device also comprises:
Sensitive resource holder list builder module, for carrying out real time record to the behavior of described process or described subprocess, building holder's list of sensitive resource, monitoring the process in described list or subprocess.
Optionally, described sensitive resource information comprises:
The bag name of the time of the sensitive resource of each process transfer described, the type of sensitive resource, sensitive resource.
As shown from the above technical solution, a kind of method of process behavior being monitored in real time based on virtual machine provided by the invention and device, the method is by monitoring the behavior of each virtual machine process in real time, and then monitor taking of each demand for system resources, reduce the threat of system platform resource from system level, achieve and real-time monitoring is carried out to the sensitive resource of system.
In instructions of the present invention, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Last it is noted that above each embodiment is only in order to illustrate technical scheme of the present invention, be not intended to limit; Although with reference to foregoing embodiments to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein some or all of technical characteristic; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the scope of various embodiments of the present invention technical scheme, it all should be encompassed in the middle of the scope of claim of the present invention and instructions.
Accompanying drawing explanation
Fig. 1 for one embodiment of the invention provide based on the schematic flow sheet of virtual machine to the method that process behavior is monitored in real time;
Schematic diagram process behavior monitored in real time based on virtual machine that Fig. 2 provides for one embodiment of the invention;
Fig. 3 for one embodiment of the invention provide based on the structural representation of virtual machine to the device that process behavior is monitored in real time.
Embodiment
Below in conjunction with accompanying drawing, the embodiment of invention is further described.Following examples only for technical scheme of the present invention is clearly described, and can not limit the scope of the invention with this.
The security threat of smart mobile phone very major part comes from divulging a secret of individual privacy and various malice and to deduct fees software.These Malwares utilize the leak of authority mechanism in the past abuse authority opponent machine to attack, and What is more in Background scheduling hardware pry privacy.
Resource security problem for android system conducts a research, from Dalvik virtual machine, a control end and calling of system service application programs process hardware resource is utilized to monitor, utilize the start-up course of application program and invoked procedure to monitor, build the method for the real-time monitoring of new Android process.Make the original security of android system promotes, add the new monitoring mechanism of one deck (as can select time control, network control etc.), reduce the security threat of this platform from system level, and real-time monitoring is carried out to the calling of hardware resource of system.
In android system, program process is all hatched out by Zygote process, and Zygote process is by Init process initiation.Zygote process can create a Dalvik virtual machine instance when starting, whenever the program process that its hatching one is new, this Dalvik virtual machine instance copies to inside new program process and goes by capital, thus makes each program process have an independently Dalvik virtual machine instance.
Zygote process is in the process started, except creating a Dalvik virtual machine instance, also java runtime storehouse can be loaded into process, and go in the next Dalvik virtual machine instance created above of the JNI method registering some Android core classes.Time a program process is hatched out by Zygote process, not only can obtain the Dalvik virtual machine instance copy in Zygote process, also can share java runtime storehouse together with Zygote.Generally speaking, each application program can be run by as a Dalvik virtual machine instance in Android running environment, and the system resource of each process carries out dividing (fork) from first Zygote started of system to obtain.
All system class libraries can import wherein by the Zygote process of the first startup of system.Carry out dividing when (fork) creates Dalvik virtual machine the class libraries needed in corresponding process and resource can be imported in this Dalvik virtual machine by proloadClasses () and proloadResource () in Zygote process.
Zygote process is an android system all set Dalvik virtual machine instance, it self Dalvik virtual machine instance, when establishment Android program process, just can copy in new establishment Android program process and go by later Zygote process.Zygote process is when establishment Android program process, except the Dalvik virtual machine instance of self can being copied to the new Android program process created, Java core classes and Android core classes can also be shared with the Android program process newly created, and their JNI method.In the real operational process of program, then the java class of specifying can be found by function F indClass; Call function GetMethodID can obtain the member function of a java class, and can by similar CallObjectMethod function come indirect call it, call function GetFieldID can obtain the member variable of a java class, and can be arranged its value by the function of similar SetIntField.
Start-up course according to Android Zygote mechanism and Dalvik virtual machine can know that all Dalvik virtual machines are all divided by the virtual machine generated at first to obtain.All need when program needs call function to obtain corresponding class through FindClass () in the operational process of meanwhile Dalvik virtual machine, call this function by CallObjectMethod () method again, the embodiment of the present invention utilizes this several feature to build Dalvik virtual machine to process behavior real-time monitoring system exactly.Once carry out when some sensitivity functions of program addressable or some sensitive resources of addressing monitoring just can be real-time to get be which process uses which resource, get some sensitive resources which process is just taking system simultaneously.But also by controlling this process, can more accurately, effectively can control the system resource of self.
Just because of above reason, so select Android Dalvik virtual machine modify and expand, utilize a system bottom service to monitor the behavior of each virtual machine process in real time, then by a system application, real-time monitored results is shown to cellphone subscriber.Thus realize the use of each demand for system resources of Real-Time Monitoring, the behavior of real-time analysis process, reduce the security threat of this system platform from system level, meanwhile accurately can determine which process is using certain system resource, the behavior of monitoring process.
It is a kind of based on the schematic flow sheet of virtual machine to the method that process behavior is monitored in real time that Fig. 1 shows that the embodiment of the present invention provides, and as shown in Figure 1, described method comprises the steps:
101, the resource information that each process and subprocess thereof call is monitored;
102, when described resource information is sensitive resource information, judge whether the sensitive resource information that described process or described subprocess call meets management and control strategy;
The time of the sensitive resource of each process transfer described in this sensitive resource information can be understood as, the type of sensitive resource, the bag name of sensitive resource.
Sensitive resource can be understood as the first-class resource of such as shooting in terminal.
103, when the sensitive resource information called in described process or described subprocess does not meet management and control strategy, described process or subprocess is stoped to call this sensitive resource.
Monitor the resource information that each process and subprocess thereof call in above-mentioned steps 101 before, said method also comprises unshowned step in Fig. 1:
100, the management and control strategy of the sensitive resource information that described process or described subprocess call is preset.
After above-mentioned steps 101 monitors the resource information that each process and subprocess thereof call, described method also comprises unshowned step in Fig. 1:
104, after monitoring described process or described subprocess and calling resource information, real time record is carried out to the behavior of described process or described subprocess, and store the resource information that described process or described subprocess take.
105, real time record is carried out to the behavior of described process or described subprocess, build holder's list of sensitive resource, the process in described list or subprocess are monitored.
The method is optimized for android system in the past increases a kind of method utilizing Dalvik virtual machine process monitoring, it is supported in when android system Dalvik virtual machine runs monitor in real time system sensitive resource, which process can specifically monitor is at the sensitive resource when calling which kind of system.Which process some sensitive resources of system can also be being taken by by Obtaining Accurate in certain moment, as camera, bluetooth, recording etc.
In addition due to user's group of Service DalMonitor be the process that produced by init process so its user's group is root, PManager's is system-level application program simultaneously.Effectively ensure that integrality and the security of whole monitoring mechanism, and can effective monitoring Android wooden horse and viral invasion in real time.
Because this monitoring mechanism is audited when GetMethodID () calls, only have when system sensitive resource being used effectively to prevent privacy leakage by examination & verification, and the generation of the leakage of a state or party secret.
Fig. 2 shows the schematic diagram monitored in real time process behavior based on virtual machine that the embodiment of the present invention provides, as shown in Figure 2,
First, in the process of system start-up initialisation init.c, a system monitoring service DalMonitor is run.System service DalMonitor pre-reads the responsive behavior management and control strategy of systematic conservation program in systems in which.
When system cloud gray model Android Runtime generates Zygote process, it automatically by by the Dalvik virtual machine import system after our expansion, can trigger DalMonitor simultaneously and starts to monitor Dalvik (1) process; When certain application A starts, can divide Dalvik (2) process from process Dalvik (1), now Dalvik (2) starts virtual machine internal monitoring.When certain sensitive resource of Dalvik (2) process transfer time, Dalvik (2) virtual machine can use GetMethodID () function to go to obtain the function in its respective class.Dalvik (2) virtual machine verifies whether this function belongs to sensitive resource.
Now, GetMethodID () does not directly return correct value, and whether DalMonitor examination & verification meets management and control strategy, but sends request to this self-defined system service of DalMonitor.DalMonitor the isAllow () function called in its inner classes StrategyChk reads the configuration of sensitive resource, and feeds back to GetMethodID ().Waiting status is at the function of the feedback not obtaining DalMonitor service, through time-out or to obtain result be false, obtain the function of example and return sky, only have the rreturn value obtaining true at the appointed time scope, just understand and return correct value to application program.
After DalMonitor service feedback returns corresponding value, DalMonitor sends sensitive resource recalls information to monitoring application program PMonitor and (comprises type, resource, time, routine package name etc.), after watchdog routine PMonitor receives this information, by this information write into Databasce MonitorDb.
When user opens monitoring application program PMonitor, PMonitor sends request getMonitorResource () to DalMonitor.Holder's list of sensitive resource is now returned to PMonitor program by DalMonitor, and displays it to user by PMonitor program.If after user clicks monitoring record, also it is shown to interface to reading database MonitorDb.
Meanwhile, when process is wanted to call some more sensitive functions or resource, the pid of this event and this process is informed to DalMonitor by Dalvik virtual machine.DalMonitor carries out real time record to the behavior of this process, and identifies this process and now take certain sensitive resource.
DalMonitor builds holder's list (comprise and call sensitive resource type, the time, bag name etc.) of a sensitive resource, and enters monitor state.
When the function of above-mentioned real-time monitoring in the corresponding class libraries of Dalvik virtual machine call GetMethodID () addressing, directly do not return correct value, and whether DalMonitor examination & verification meets management and control strategy, but send request to this self-defined system service of DalMonitor.DalMonitor the isAllow () function called in its inner classes StrategyChk reads the configuration of sensitive resource, and feeds back to GetMethodID ().
User's group due to Service DalMonitor be the process that produced by init process so its user's group is root, PManager's is system-level application program simultaneously.Effectively ensure that integrality and the security of whole monitoring mechanism, and can effective monitoring Android wooden horse and viral invasion in real time.Because the use of this monitoring mechanism, only have when system sensitive resource being used effectively to prevent privacy leakage by examination & verification, and the generation of the leakage of a state or party secret.
It is a kind of based on the structural representation of virtual machine to the device that process behavior is monitored in real time that Fig. 3 shows that the embodiment of the present invention provides, and as shown in Figure 3, described device comprises:
Monitoring module 31, for monitoring the resource information that each process and subprocess thereof call;
When process is wanted to call some more sensitive functions or resource, the pid of this event and this process is informed to DalMonitor by Dalvik virtual machine.And wait for the feedback that DalMonitor serves, and the resource transfer that this application program continues is controlled.
Policy validation module 32, for when described resource information is sensitive resource information, judges whether the sensitive resource information that described process or described subprocess call meets management and control strategy;
For example, described sensitive resource information comprises: the bag name of the time of the sensitive resource of each process transfer described, the type of sensitive resource, sensitive resource.
Audit current Dalvik virtual machine and whether management and control strategy is met to calling of sensitive data.And this result is returned to Dalvik communication module, provide control foundation to it.After DalMonitor service feedback returns corresponding value, DalMonitor is also responsible for sending sensitive resource recalls information (comprising type, resource, the time, routine package name etc.) to monitoring application program PMonitor.
Wherein, StrategyChk, read the use strategy of the sensitive information arranged by monitoring program module, and whether current calling meets strategy to use wherein isAllow () to verify, provide interface to the checking of monitor service, what ensure that policy validation module correctly can verify Dalvik program process efficiently calls the use strategy whether meeting sensitive information.
Stoping module 33, when the sensitive resource information for calling in described process or described subprocess does not meet management and control strategy, stoping described process or subprocess to call this sensitive resource.
Described device also comprises in Fig. 3 unshowned:
Strategy setting module 34, for monitor resource information that each process and subprocess thereof call at described monitoring module before, presets the management and control strategy of the sensitive resource information that described process or described subprocess call.
Primary responsibility by system monitoring service to the monitor message of sensitive information stored in database, and the service condition of monitor message and real-time system sensitive resource is shown to user, and by the unique use strategy arranging system sensitive data of this module.
Monitor message memory module 35, for monitor resource information that each process and subprocess thereof call at described monitoring module after, real time record is carried out to the behavior of described process or described subprocess, and stores the resource information that described process or described subprocess take.
Sensitive resource holder list builder module 36, for carrying out real time record to the behavior of described process or described subprocess, building holder's list of sensitive resource, monitoring the process in described list or subprocess.
Apparatus and method of the present invention are one to one, and the implementation procedure of the method is consistent with this device, will no longer be described in detail in a device.
Claims (10)
1. based on the method that virtual machine is monitored in real time to process behavior, it is characterized in that, described method comprises:
Monitor the resource information that each process and subprocess thereof call;
When described resource information is sensitive resource information, judge whether the sensitive resource information that described process or described subprocess call meets management and control strategy;
When the sensitive resource information that described process or described subprocess are called does not meet management and control strategy, described process or subprocess is stoped to call this sensitive resource.
2. method according to claim 1, is characterized in that, before the resource information that each process of described monitoring and subprocess thereof call, described method also comprises:
The management and control strategy of the sensitive resource information that default described process or described subprocess call.
3. method according to claim 1, is characterized in that, after the resource information that each process of described monitoring and subprocess thereof call, described method also comprises:
After monitoring described process or described subprocess and calling resource information, real time record is carried out to the behavior of described process or described subprocess, and store the resource information that described process or described subprocess take.
4. method according to claim 3, is characterized in that, described method also comprises:
Real time record is carried out to the behavior of described process or described subprocess, builds holder's list of sensitive resource, the process in described list or subprocess are monitored.
5. method according to any one of claim 1 to 4, is characterized in that, described sensitive resource information comprises:
The bag name of the time of the sensitive resource of each process transfer described, the type of sensitive resource, sensitive resource.
6. based on the device that virtual machine is monitored in real time to process behavior, it is characterized in that, described device comprises:
Monitoring module, for monitoring the resource information that each process and subprocess thereof call;
Policy validation module, for when described resource information is sensitive resource information, judges whether the sensitive resource information that described process or described subprocess call meets management and control strategy;
Stoping module, when the sensitive resource information for calling in described process or described subprocess does not meet management and control strategy, stoping described process or subprocess to call this sensitive resource.
7. device according to claim 6, is characterized in that, described device also comprises:
Strategy setting module, for monitor resource information that each process and subprocess thereof call at described monitoring module before, presets the management and control strategy of the sensitive resource information that described process or described subprocess call.
8. device according to claim 6, is characterized in that, described device also comprises:
Monitor message memory module, for monitor resource information that each process and subprocess thereof call at described monitoring module after, carries out real time record to the behavior of described process or described subprocess, and stores the resource information that described process or described subprocess take.
9. device according to claim 8, is characterized in that, described device also comprises:
Sensitive resource holder list builder module, for carrying out real time record to the behavior of described process or described subprocess, building holder's list of sensitive resource, monitoring the process in described list or subprocess.
10. the device according to any one of claim 6 to 9, is characterized in that, described sensitive resource information comprises:
The bag name of the time of the sensitive resource of each process transfer described, the type of sensitive resource, sensitive resource.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510005352.0A CN104573506A (en) | 2015-01-06 | 2015-01-06 | Virtual machine based real-time monitoring method and device for process behavior |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510005352.0A CN104573506A (en) | 2015-01-06 | 2015-01-06 | Virtual machine based real-time monitoring method and device for process behavior |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104573506A true CN104573506A (en) | 2015-04-29 |
Family
ID=53089545
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510005352.0A Pending CN104573506A (en) | 2015-01-06 | 2015-01-06 | Virtual machine based real-time monitoring method and device for process behavior |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104573506A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105912930A (en) * | 2016-04-11 | 2016-08-31 | 北京奇虎科技有限公司 | Mobile terminal and system resource safety control method thereof |
| CN105912931A (en) * | 2016-05-23 | 2016-08-31 | 北京北信源软件股份有限公司 | Method and system for repairing off-line virtual machine bug under virtualization environment |
| CN109947576A (en) * | 2017-12-21 | 2019-06-28 | 上海盛霄云计算技术有限公司 | A kind of method of virtual machine internal broker program management |
| CN114676424A (en) * | 2022-05-25 | 2022-06-28 | 杭州默安科技有限公司 | Container escape detection and blocking method, device, equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7797733B1 (en) * | 2004-01-08 | 2010-09-14 | Symantec Corporation | Monitoring and controlling services |
| CN103870747A (en) * | 2014-03-31 | 2014-06-18 | 可牛网络技术(北京)有限公司 | Method and device for monitoring and processing application program |
-
2015
- 2015-01-06 CN CN201510005352.0A patent/CN104573506A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7797733B1 (en) * | 2004-01-08 | 2010-09-14 | Symantec Corporation | Monitoring and controlling services |
| CN103870747A (en) * | 2014-03-31 | 2014-06-18 | 可牛网络技术(北京)有限公司 | Method and device for monitoring and processing application program |
Non-Patent Citations (1)
| Title |
|---|
| 严勇: ""基于动态监控的Android恶意软件检测方法"", 《信息安全与通信保密》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105912930A (en) * | 2016-04-11 | 2016-08-31 | 北京奇虎科技有限公司 | Mobile terminal and system resource safety control method thereof |
| CN105912931A (en) * | 2016-05-23 | 2016-08-31 | 北京北信源软件股份有限公司 | Method and system for repairing off-line virtual machine bug under virtualization environment |
| CN109947576A (en) * | 2017-12-21 | 2019-06-28 | 上海盛霄云计算技术有限公司 | A kind of method of virtual machine internal broker program management |
| CN109947576B (en) * | 2017-12-21 | 2022-12-06 | 上海盛霄云计算技术有限公司 | Method for managing internal agent program of virtual machine |
| CN114676424A (en) * | 2022-05-25 | 2022-06-28 | 杭州默安科技有限公司 | Container escape detection and blocking method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105164644B (en) | Hook frame | |
| US11159577B2 (en) | Method and apparatus for interworking of cloud platform and security tools | |
| CN102279765B (en) | Pre-compiling hosted managed code | |
| EP1703432A2 (en) | Access controller and access control method | |
| CN110096424B (en) | Test processing method and device, electronic equipment and storage medium | |
| CN104573506A (en) | Virtual machine based real-time monitoring method and device for process behavior | |
| CN112394917B (en) | Cross-platform security service software construction method, device, equipment and storage medium | |
| CN110532025B (en) | Data processing method, device and equipment based on micro-service architecture and storage medium | |
| CA3167549A1 (en) | Method and apparatus for authority control, computer device and storage medium | |
| CN110968437A (en) | Method, device, equipment and medium for parallel execution of single contract based on Java intelligent contract | |
| CN111813646B (en) | Method and device for injecting application probe in docker container environment | |
| CN107220074A (en) | To the access of supporting layer software function, upgrade method and device | |
| CN109923547B (en) | Program behavior monitoring device, distributed object generation management device, storage medium, and program behavior monitoring system | |
| CN110221845A (en) | Using dispositions method, device, equipment and medium | |
| CN112115117B (en) | Big data blockchain authority management method and system for covering data full life cycle | |
| CN111651169B (en) | Block chain intelligent contract operation method and system based on web container | |
| CN115495107A (en) | Version deployment method and device and electronic equipment | |
| CN114006815B (en) | Automatic deployment method and device for cloud platform nodes, nodes and storage medium | |
| CN114661427B (en) | Node management method and system for computing cluster for deploying containerized application service | |
| CN108628620B (en) | POS application development implementation method and device, computer equipment and storage medium | |
| US9348667B2 (en) | Apparatus for managing application program and method therefor | |
| CN115617668A (en) | Compatibility testing method, device and equipment | |
| CN114791884A (en) | Test environment construction method and device, storage medium and electronic equipment | |
| CN114386047A (en) | Application vulnerability detection method and device, electronic equipment and storage medium | |
| CN112988353A (en) | Operation control method and device for application program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150429 |