CN104951708A - File measurement and protection method and device - Google Patents
File measurement and protection method and device Download PDFInfo
- Publication number
- CN104951708A CN104951708A CN201510320835.XA CN201510320835A CN104951708A CN 104951708 A CN104951708 A CN 104951708A CN 201510320835 A CN201510320835 A CN 201510320835A CN 104951708 A CN104951708 A CN 104951708A
- Authority
- CN
- China
- Prior art keywords
- application program
- file
- safety container
- current
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Abstract
The invention provides a file measurement and protection method and device. The method includes the steps that at least one secure container is arranged, application programs and files are stored in each secure container, access strategies are configured, when any first secure container is started, the application programs and the files stored in the first secure container are measured, whether the application programs and the files stored in the first secure container are tampered with or not is judged, and if yes, running of the corresponding application programs or opening of the corresponding files is stopped; when any first application program accesses the current file in the current secure container, if the first application program is not an application program in the current secure container, the first application program is not allowed to access the current file, otherwise, whether an access request of the first application program meets the access strategy of the current file or not is judged, if yes, the first application program is allowed to access the current file, and otherwise, the first application program is not allowed to access the current file. According to the scheme, the protection for the application programs and the files can be strengthened.
Description
Technical field
The present invention relates to computer security technique field, a kind of method of particularly Documents Metric and protection and device.
Background technology
Along with the development of computer technology is with universal, the safety problem of computing machine highlights thereupon, is more and more subject to the attention of user.Some disabled users carry out deleting or revising frequently by application programs or file; reach destruction system, steal the object of information; once application program in computing machine or file are by malicious modification or deletion; when these application programs of operation or when opening file; to cause computer operation exception or information stolen, for the server that some are important, if cisco unity malfunction or cause information leakage; to serious consequence be caused, bring huge loss to user.
At present, for the guard method of application program and file, mainly before application program is run, check the integrality of application program and file, if application program and file imperfect, then can not run this application program.
As can be seen here; prior art is for the guard method of application program and file; only before application program is run, application programs and file can carry out integrity checking; belong to the method afterwards processed; namely when checking out application program or file is imperfect; this application program or file have been modified, and therefore, the protection of existing application programs and file is lower.
Summary of the invention
The invention provides method and the device of a kind of Documents Metric and protection, the protection of application programs and file can be improved.
Embodiments provide a kind of method of Documents Metric and protection, comprising:
At least one safety container is set;
According to service conditions, in safety container described in each, store application program and file;
Configure the access strategy of described application program and file;
When starting any one first safety container, the application program stored in the first safety container and file are measured;
According to measurement results, judge whether the application program of storage in the first safety container and file are tampered;
If so, stop opening of the operation of corresponding application program or file, if not, then allow the normal operation of corresponding application program or normally opening of file;
When current file in any one first application program access current safety container, judge that whether described first application program is the application program in current safety container;
If not, do not allow described first application program to conduct interviews to current file, if so, judge whether the request of access of described first application program meets the access strategy of current file further;
If so, allow described first application program to the access of current file, if not, do not allow described first application program to conduct interviews to current file.
Preferably, described at least one safety container that arranges comprises: at the core layer reconstructed operation system access right of operating system, by mandatory Access Control Mechanism, credible at least one safety container of tolerance mechanism construction.
Preferably, the method comprises further: the alternative document beyond the application program access current safety container of forbidden storage in current safety container.
Preferably, described application program to storing in the first safety container and file carry out tolerance and comprise: when the first safety container starts, carry out Hash calculation to each application program stored in the first safety container and file, obtain current metric value.
Preferably, described according to measurement results, judge whether each application program of storing in the first safety container and file are tampered to comprise: the current metric value of each application program stored in the first safety container or file is compared with corresponding original baseline value, if current metric value is identical with corresponding original baseline value, then judge that corresponding application program or file are not tampered, if current metric value is not identical with corresponding original baseline value, then judge that corresponding application program or file are tampered.
The embodiment of the present invention additionally provides the device of a kind of Documents Metric and protection, comprising:
At least one safety container;
Storage unit, for according to service conditions, stores application program and file in described safety container;
Dispensing unit, for the access strategy of the application program and file that configure described cell stores;
Metric element, during for starting any one first safety container, measures the application program stored in the first safety container and file;
First judging unit, for the measurement results according to described metric element, judges whether the application program of storage in the first safety container and file are tampered;
First performance element, for the judged result according to described first judging unit, if so, stops opening of the operation of corresponding application program or file, if not, then allows the normal operation of corresponding application program or normally opening of file;
Second judging unit, for when current file in any one first application program access current safety container, judges that whether described first application program is the application program in current safety container;
3rd judging unit, for the judged result according to described second judging unit, if not, described first application program is not allowed to conduct interviews to current file, if so, judge whether the request of access of described first application program meets the access strategy of current file further;
Second performance element, for the judged result according to described 3rd judging unit, if so, allows described first application program to the access of current file, if not, does not allow described first application program to conduct interviews to current file.
Preferably, described safety container, adopts the core layer reconstructed operation system access right in operating system, is formed by mandatory Access Control Mechanism, credible tolerance mechanism construction.
Preferably, described safety container, accesses the alternative document beyond current safety container for the application program of forbidden storage in current safety container.
Preferably, described metric element, for when the first safety container starts, carries out Hash calculation to each application program stored in the first safety container and file, obtains current metric value.
Preferably, described first judging unit, for the current metric value of each application program stored in the first safety container or file is compared with corresponding original baseline value, if current metric value is identical with corresponding original baseline value, then judge that corresponding application program or file are not tampered, if current metric value is not identical with corresponding original baseline value, then judge that corresponding application program or file are tampered.
Embodiments provide method and the device of a kind of Documents Metric and protection, by arranging at least one safety container, application program or file is stored in safety container, and to the application program stored or file configuration access strategy, when safety container starts, first the application program stored in safety container and file are measured, judge whether it is tampered, if be tampered, the application program operation of prevention correspondence or opening of file, when any one application program will access the current file in current safety container, first judge whether this application program is the application program stored in current container, if not then forbidding its request of access, if it is judge whether this application program meets the access strategy of current file to the access of current file further, if do not met, forbid its request of access, by setting up safety container, each startup safety container all can be measured the application program stored in safety container and file, guarantee that it is not tampered rear just can carrying out and runs or open, application program and file are placed in an area of isolation, application program beyond current safety container can not access the file in current safety container, and when application program will access the file in same safety container, the access strategy that must meet this file can be accessed, like this, application program and file will be measured it before running or opening, application program and file are also protected in real time in operation or opening procedure, thus the protection of application programs and file can be improved.
Accompanying drawing explanation
Fig. 1 is the method flow diagram of a kind of Documents Metric of providing of the embodiment of the present invention and protection;
Fig. 2 is the method flow diagram of a kind of Documents Metric that the embodiment of the present invention provides;
Fig. 3 is the method flow diagram of a kind of file protection that the embodiment of the present invention provides;
Fig. 4 is the device schematic diagram of a kind of Documents Metric of providing of the embodiment of the present invention and protection.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described.Obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
As shown in Figure 1, one embodiment of the invention provides a kind of method of Documents Metric and protection, comprising:
Step 101: at least one safety container is set;
Step 102: according to service conditions, stores application program and file in safety container described in each;
Step 103: the access strategy configuring described application program and file;
Step 104: when starting any one first safety container, measures the application program stored in the first safety container and file;
Step 105: according to measurement results, judges whether the application program of storage in the first safety container and file are tampered, and if so, performs step 106, otherwise performs step 107;
Step 106: stop opening of the operation of corresponding application program or file, and terminate current process;
Step 107: allow the normal operation of corresponding application program or normally opening of file;
Step 108: when current file in any one first application program access current safety container, judges that whether described first application program is the application program in current safety container, if so, performs step 109, otherwise perform step 110;
Step 109: judge whether the request of access of described first application program meets the access strategy of current file further, if so, performs step 111, otherwise performs step 110;
Step 110: do not allow described first application program to conduct interviews to current file, and terminate current process;
Step 111: allow described first application program to the access of current file.
A kind of Documents Metric provided by the embodiment of the present invention and the method for protection, at least one safety container is set, application program or file is stored in safety container, and to the application program stored or file configuration access strategy, when safety container starts, first the application program stored in safety container and file are measured, judge whether it is tampered, if be tampered, the application program operation of prevention correspondence or opening of file, when any one application program will access the current file in current safety container, first judge whether this application program is the application program stored in current container, if not then forbidding its request of access, if it is judge whether this application program meets the access strategy of current file to the access of current file further, if do not met, forbid its request of access, by setting up safety container, each startup safety container all can be measured the application program stored in safety container and file, guarantee that it is not tampered rear just can carrying out and runs or open, application program and file are placed in an area of isolation, application program beyond current safety container can not access the file in current safety container, and when application program will access the file in same safety container, the access strategy that must meet this file can be accessed, like this, application program and file will be measured it before running or opening, application program and file are also protected in real time in operation or opening procedure, thus the protection of application programs and file can be improved.
In an embodiment of the invention; safety container adopts the core layer reconstructed operation system access right in operating system; by mandatory Access Control Mechanism and credible tolerance mechanism construction; can realize forcing to control user file, process file, user network and process etc.; thus avoid rogue program modify to the application program in container or file or destroy, improve the protection of application programs and file.
In an embodiment of the invention; be directed to a safety container; application program not only outside safety container can not file in access security container; application program in safety container can not file beyond access security container; so both ensure that the rogue program outside safety container can not enter safety container destruction application program family or file; the application program that it also avoid in safety container accesses the situation generation that outside unsafe file causes application program destroyed, and further application programs is protected with regard to file.
In an embodiment of the invention, when each safety container starts, capital is measured all application programs stored in safety container and file, by carrying out Hash calculation to all application programs and file, obtain all application programs and current metric value corresponding to file, compare by the original baseline value of this metric with corresponding application program and file thus determine whether corresponding application program or file are tampered, based on the feature of Hash calculation, even if there is very little change in file, corresponding Hash calculation measurement results also can change a lot, to guarantee that application program or file are be not tampered when running or opening like this, improve the reliability of tolerance.
In an embodiment of the invention, when application program or file are just stored in safety container, initial metric can be carried out to all application programs and file, form original baseline value, when original baseline value starts as later stage safety container, application programs and file carry out the criterion of measuring, if when current metric result is identical with original baseline value, then judge that corresponding application program or file are not tampered, if current metric result is different from original baseline value, then judge that corresponding application program or file are modified, can ensure that application program or file remain original state like this, if revised, can be found immediately, thus corresponding application program or file are processed.
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with drawings and the specific embodiments, the present invention is described in further detail.
As shown in Figure 2, embodiments provide a kind of method of Documents Metric, comprising:
Step 201: at least one safety container is set.
In an embodiment of the invention, according to actual conditions, the safety container of some is set, wherein, safety container is by the core layer reconstructed operation system access right in operating system, by mandatory Access Control Mechanism, credible tolerance mechanism construction.Such as, according to the service condition of reality, construct 3 safety containers, be respectively safety container 1 to safety container 3.
Step 202: store application program or file in safety container.
In an embodiment of the invention, according to actual conditions needs, the important application program or file that need protection are stored in safety container.Such as, in safety container 1, store application program 1 and file 1, in safety container 2, store application program 2 and file 2, in safety container 3, store application program 3 and file 3.
Step 203: measure each application program in safety container and file, obtains corresponding original baseline value.
In an embodiment of the invention, after application program and file are stored in safety container, first these application programs and file are measured, pass through Hash calculation, draw these application programs and original baseline value corresponding to file, application program and each self-corresponding original baseline value of file will judge the foundation whether application program or file are tampered as the later stage.Such as, Hash calculation is carried out by application programs 1 to 3 and file 1 to 3, obtain corresponding original baseline value, the wherein corresponding original baseline value 1 of application program 1, the corresponding original baseline value 2 of application program 2, the corresponding original baseline value 3 of application program 3, the corresponding original baseline value 4 of file 1, the corresponding original baseline value 5 of file 2, the corresponding original baseline value 6 of file 3.
Step 204: when starting safety container, first Hash calculation is carried out to the application program in safety container and file, obtain the current metric value of each application program and file.
In an embodiment of the invention, each to start safety container be all will measure all application programs comprised in safety container and file, obtains each application program and MD5 value corresponding to file, be current metric value by Hash calculation.Such as, when safety container 1 starts, first the application program 1 in safety container 1 and file 1 are measured, the MD5 value of application program 1 and file 1 correspondence is obtained by Hash calculation, namely respective current metric value, in like manner, when safety container 2 and safety container 3 start, also application programs 2 and file 2 and application program 3 and file 3 are measured respectively, obtain corresponding current metric value, wherein, the corresponding current metric value 1 of application program 1, the corresponding current metric value 2 of application program 2, the corresponding current metric value 3 of application program 3, the corresponding current metric value 4 of file 1, the corresponding current metric value 5 of file 2, the corresponding current metric value 6 of file 3.
Step 205: judge that whether the current metric value of each application program and file is identical with corresponding original baseline value, if so, performs step 206, if not, performs step 207.
In an embodiment of the invention, by the original baseline value obtained in the current metric value obtained in step 204 and step 203 is compared, determine whether application program or file are tampered, if the current metric value of correspondence is identical with original baseline value, then application program or file are not tampered, application program is allowed to run or File Open, if the current metric value of correspondence is different from original baseline value, then application program or file are tampered, and stop the operation of application program or opening of file.Such as, when safety container 1 to safety container 3 starts, respectively each application program and current metric value corresponding to file 1 to 6 are compared with original baseline value 1 to 6, wherein current metric value 1 is different from corresponding original baseline value with 4, other current metric values are all identical with corresponding original baseline value, so perform step 207 for the application program 1 in safety container 1 and file 1, perform step 206 for other application programs and file.
Step 206: allow the operation of application program or opening of file, and terminate current process.
In an embodiment of the invention, if the current metric value of application program or file and original baseline value keep identical, so illustrate that corresponding application program or file are not tampered, there is no potential danger, therefore allow the corresponding operation of application program or opening of file.Such as, judge through tolerance, application program 2, application program 3, file 2 and file 3 are not tampered, then do not stop them, allow the operation of application program 2 and application program 3, and the opening of file 2 and file 3.
Step 207: stop the operation of application program or opening of file, and point out this safety container dangerous.
In an embodiment of the invention, judge that the current metric value of application program or file is not identical with corresponding original baseline value through tolerance, then illustrate that this application program or file are modified, then the operation of this type of application program or opening of file are stoped, avoid destroying more application program or file.Such as, for application program 1 and file 2, because the current metric value 1 and 4 of its correspondence is different from initial value baseline value 1 and 4, then described application program 1 and file 2 are tampered, for avoiding causing other application programs or file to be destroyed further, the operation of organizations program 1 and opening of file 2, and the mark of safety container 1 correspondence is changed into redness, point out this safety container dangerous, need to process.
As shown in Figure 3, embodiments provide a kind of method of file protection, comprising:
Step 301: the access strategy of each application program and file in configuration safety container.
In an embodiment of the invention, after application program and file are stored in safety container, will to these application programs and file configuration access strategy, access strategy comprises the control of reading and writing for file and deletion.Such as, the access strategy only allowing to read is being configured to the file 1 in safety container 1, the file 2 in safety container 2 is being configured to the access strategy not allowing to delete, the file 3 in safety container 3 is being configured to the access strategy allowing various operation.
Step 302: when application program wants the file in access security container, judges whether this application program is arranged in same safety container with the file that will access, and if so, performs step 303, if not, performs step 305.
In an embodiment of the invention, for the application program judging not to be tampered through excess vol and file, when the file having application program to want in access security container, first judge that this application journey becomes whether to be arranged in same safety container with its file that will access, if this application program is in other safety container or not in safety container, so judged result is no, then forbid the request of access of this application program, if this application program and its file that will access are arranged in same safety container, so need to ask this application program further to judge, perform step 303.Such as, current accessed file is the file 1 in safety container 1, if what send request of access is application program 1 in safety container 1, because application program 1 and file 1 are arranged in same safety container, so perform step 303 for application program 1, if what send request of access is the application program 2 in safety container 2 or the application program in dangerous container 4, because these application programs and accessed file be not in same safety container, so send the application program of request of access for these, perform step 305.
Step 303: judge whether this application program meets the access strategy of accessed file to the access of file further, if so, performs step 304, if not, performs step 305.
In an embodiment of the invention, file in same safety container is accessed for application program, according to the access strategy of accessed file, judge whether the request of access of this application program meets the requirement of access strategy, if met, then allow this application program to the access of file, if do not met, then forbid the access of this application program to the valency of asking.Such as, what send request of access is application program 1 in safety container 1, accessed file is the file 1 in safety container 1, if the request of access of application program 1 reads file 1, because the access strategy of file 1 only allows to read, meet the access strategy of file 1, so for the request of access of application program 1, perform step 304, if the request of access of application program 1 is deleted file 1, because the access strategy of file 1 only allows to read, now the request of access of application program 1 does not meet the access strategy of file 1, so now perform step 305 for application program 1.
Step 304: allow application program to the access of file, and terminate current process.
In an embodiment of the invention, if the request of access of application program to file meets the access strategy of file, then allow this application program to the access of file, ensure that normal access is performed timely, and terminate current process.
Step 305: forbid the access of application program to file.
In an embodiment of the invention, if the request of access of application program to file does not meet the access strategy of file, then forbid the access of this application program to file, the safety of protected file, avoid being damaged.
It should be noted that, be arranged in application program and the file of safety container, the application program being arranged in same safety container is only allowed to conduct interviews according to the access strategy of file, meanwhile, the application program beyond the application program access place safety container in safety container and file is not allowed yet, comprise in other safety containers with safety container beyond application program and file, application program in safety container can be avoided so destroyed when accessing external file.
As shown in Figure 4, embodiments provide the device of a kind of Documents Metric and protection, comprising:
At least one safety container 401;
Storage unit 402, for according to service conditions, stores application program and file in described safety container 401;
Dispensing unit 403, for configuring the application program and the access strategy of file that described storage unit 402 stores;
Metric element 404, during for starting any one first safety container 401, measures the application program stored in the first safety container 401 and file;
First judging unit 405, for the measurement results according to described metric element 404, judges whether the application program of storage in the first safety container 401 and file are tampered;
First performance element 406, for the judged result according to described first judging unit 405, if so, stops opening of the operation of corresponding application program or file, if not, then allows the normal operation of corresponding application program or normally opening of file;
Second judging unit 407, for when current file in any one first application program access current safety container 401, judges that whether described first application program is the application program in current safety container 401;
3rd judging unit 408, for the judged result according to described second judging unit 407, if not, described first application program is not allowed to conduct interviews to current file, if so, judge whether the request of access of described first application program meets the access strategy of current file further;
Second performance element 409, for the judged result according to described 3rd judging unit 408, if so, allows described first application program to the access of current file, if not, does not allow described first application program to conduct interviews to current file.
In an embodiment of the invention, described safety container 401, adopts the core layer reconstructed operation system access right in operating system, is formed by mandatory Access Control Mechanism, credible tolerance mechanism construction.
In an embodiment of the invention, described safety container 401, accesses the alternative document beyond current safety container for the application program of forbidden storage in current safety container.
In an embodiment of the invention, described metric element 404, for when the first safety container starts, carries out Hash calculation to each application program stored in the first safety container and file, obtains current metric value.
In an embodiment of the invention, described first judging unit 405, for the current metric value of each application program stored in the first safety container or file is compared with corresponding original baseline value, if current metric value is identical with corresponding original baseline value, then judge that corresponding application program or file are not tampered, if current metric value is not identical with corresponding original baseline value, then judge that corresponding application program or file are tampered.
According to such scheme, a kind of Documents Metric that embodiments of the invention provide and the method for protection and device, at least have following beneficial effect:
1, in the embodiment of the present invention, at least one safety container is set, application program or file is stored in safety container, and to the application program stored or file configuration access strategy, when safety container starts, first the application program stored in safety container and file are measured, judge whether it is tampered, if be tampered, the application program operation of prevention correspondence or opening of file, when any one application program will access the current file in current safety container, first judge whether this application program is the application program stored in current container, if not then forbidding its request of access, if it is judge whether this application program meets the access strategy of current file to the access of current file further, if do not met, forbid its request of access, by setting up safety container, each startup safety container all can be measured the application program stored in safety container and file, guarantee that it is not tampered rear just can carrying out and runs or open, application program and file are placed in an area of isolation, application program beyond current safety container can not access the file in current safety container, and when application program will access the file in same safety container, the access strategy that must meet this file can be accessed, like this, application program and file will be measured it before running or opening, application program and file are also protected in real time in operation or opening procedure, thus the protection of application programs and file can be improved.
2, in the embodiment of the present invention, when the file having application program to want in access security container, only have with accessed file is that access program in same safety container could conduct interviews according to the access strategy of file, to ensure that file in safety container is not by the routine access beyond safety container, avoid rogue program to the destruction of file, in addition, for the application program in safety container, do not allow the file beyond its access place safety container, application program can be avoided like this when accessing the file beyond the safety container of place by malicious sabotage, further increase the protection of application programs and file.
3, in the embodiment of the present invention, the tolerance of application programs and file adopts the mode of Hash calculation, Hash calculation is carried out by application programs and file, obtain corresponding MD5 value, original MD5 value corresponding with application program and file for this MD5 value is compared, thus determines whether application program or file are tampered, based on the feature of Hash calculation, as long as very little change occurs for application program or file, cryptographic hash all can change, thus can improve the accuracy of tolerance judgement.
4, in the embodiment of the present invention; when application program access is arranged in the file of same safety container; when only having access acquaintance to meet the access strategy of this file; just allow this application program to the access of file; otherwise stop to the access of this application program; according to the service condition of file; configure its access strategy; ensure that file is while normal use; again can not by malicious modification or deletion; because application program is also exist in the form of a file in safety container, thus improve the protection of application programs and file.
The content such as information interaction, implementation between each unit in the said equipment, due to the inventive method embodiment based on same design, particular content can see in the inventive method embodiment describe, repeat no more herein.
It should be noted that, in this article, the relational terms of such as first and second and so on is only used for an entity or operation to separate with another entity or operational zone, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or equipment and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or equipment.When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, article or the equipment comprising described key element and also there is other same factor.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can have been come by the hardware that programmed instruction is relevant, aforesaid program can be stored in the storage medium of embodied on computer readable, this program, when performing, performs the step comprising said method embodiment; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium in.
Finally it should be noted that: the foregoing is only preferred embodiment of the present invention, only for illustration of technical scheme of the present invention, be not intended to limit protection scope of the present invention.All any amendments done within the spirit and principles in the present invention, equivalent replacement, improvement etc., be all included in protection scope of the present invention.
Claims (10)
1. a method for Documents Metric and protection, is characterized in that, comprising:
At least one safety container is set;
According to service conditions, in safety container described in each, store application program and file;
Configure the access strategy of described application program and file;
When starting any one first safety container, the application program stored in the first safety container and file are measured;
According to measurement results, judge whether the application program of storage in the first safety container and file are tampered;
If so, stop opening of the operation of corresponding application program or file, if not, then allow the normal operation of corresponding application program or normally opening of file;
When current file in any one first application program access current safety container, judge that whether described first application program is the application program in current safety container;
If not, do not allow described first application program to conduct interviews to current file, if so, judge whether the request of access of described first application program meets the access strategy of current file further;
If so, allow described first application program to the access of current file, if not, do not allow described first application program to conduct interviews to current file.
2. method according to claim 1, it is characterized in that, described at least one safety container that arranges comprises: at the core layer reconstructed operation system access right of operating system, by mandatory Access Control Mechanism, credible at least one safety container of tolerance mechanism construction.
3. method according to claim 2, is characterized in that, comprises further:
Alternative document beyond the application program access current safety container of forbidden storage in current safety container.
4. method according to claim 1, it is characterized in that, described application program to storing in the first safety container and file carry out tolerance and comprise: when the first safety container starts, Hash calculation is carried out to each application program stored in the first safety container and file, obtains current metric value.
5. method according to claim 4, it is characterized in that, described according to measurement results, judge whether each application program of storing in the first safety container and file are tampered to comprise: the current metric value of each application program stored in the first safety container or file is compared with corresponding original baseline value, if current metric value is identical with corresponding original baseline value, then judge that corresponding application program or file are not tampered, if current metric value is not identical with corresponding original baseline value, then judge that corresponding application program or file are tampered.
6. a device for Documents Metric and protection, is characterized in that, comprising:
At least one safety container;
Storage unit, for according to service conditions, stores application program and file in described safety container;
Dispensing unit, for the access strategy of the application program and file that configure described cell stores;
Metric element, during for starting any one first safety container, measures the application program stored in the first safety container and file;
First judging unit, for the measurement results according to described metric element, judges whether the application program of storage in the first safety container and file are tampered;
First performance element, for the judged result according to described first judging unit, if so, stops opening of the operation of corresponding application program or file, if not, then allows the normal operation of corresponding application program or normally opening of file;
Second judging unit, for when current file in any one first application program access current safety container, judges that whether described first application program is the application program in current safety container;
3rd judging unit, for the judged result according to described second judging unit, if not, described first application program is not allowed to conduct interviews to current file, if so, judge whether the request of access of described first application program meets the access strategy of current file further;
Second performance element, for the judged result according to described 3rd judging unit, if so, allows described first application program to the access of current file, if not, does not allow described first application program to conduct interviews to current file.
7. device according to claim 6, is characterized in that,
Described safety container, adopts the core layer reconstructed operation system access right in operating system, is formed by mandatory Access Control Mechanism, credible tolerance mechanism construction.
8. device according to claim 6, is characterized in that,
Described safety container, accesses the alternative document beyond current safety container for the application program of forbidden storage in current safety container.
9. device according to claim 6, is characterized in that,
Described metric element, for when the first safety container starts, carries out Hash calculation to each application program stored in the first safety container and file, obtains current metric value.
10. device according to claim 9, is characterized in that,
Described first judging unit, for the current metric value of each application program stored in the first safety container or file is compared with corresponding original baseline value, if current metric value is identical with corresponding original baseline value, then judge that corresponding application program or file are not tampered, if current metric value is not identical with corresponding original baseline value, then judge that corresponding application program or file are tampered.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510320835.XA CN104951708A (en) | 2015-06-11 | 2015-06-11 | File measurement and protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510320835.XA CN104951708A (en) | 2015-06-11 | 2015-06-11 | File measurement and protection method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104951708A true CN104951708A (en) | 2015-09-30 |
Family
ID=54166356
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510320835.XA Pending CN104951708A (en) | 2015-06-11 | 2015-06-11 | File measurement and protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104951708A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105869309A (en) * | 2016-03-24 | 2016-08-17 | 广州广电运通信息科技有限公司 | Drive module memory data monitoring method and device |
| CN105956493A (en) * | 2016-06-29 | 2016-09-21 | 乐视控股(北京)有限公司 | Mobile phone file protection method and mobile phone file protection device |
| CN106203159A (en) * | 2016-06-30 | 2016-12-07 | 乐视控股(北京)有限公司 | A kind of method and apparatus of application program operation file |
| CN106599679A (en) * | 2016-12-14 | 2017-04-26 | 中标软件有限公司 | Application program credibility measurement method and device |
| CN106778291A (en) * | 2016-11-22 | 2017-05-31 | 北京奇虎科技有限公司 | The partition method and isolating device of application program |
| CN107491693A (en) * | 2017-07-24 | 2017-12-19 | 南京南瑞集团公司 | A kind of industry control operating system active defense method with self-learning property |
| CN109213572A (en) * | 2018-09-10 | 2019-01-15 | 郑州云海信息技术有限公司 | A kind of confidence level based on virtual machine determines method and server |
| CN110046505A (en) * | 2019-04-28 | 2019-07-23 | 联想(北京)有限公司 | Vessel safety reinforcement means, system and storage medium |
| CN110135127A (en) * | 2019-04-11 | 2019-08-16 | 北京亿赛通科技发展有限责任公司 | A kind of Document distribution formula baselined system and importing and distribution method based on sandbox |
| CN114265663A (en) * | 2021-09-10 | 2022-04-01 | 云南电网有限责任公司信息中心 | Endogenous safety protection method for complete lifecycle of docker |
| CN115186300A (en) * | 2022-09-08 | 2022-10-14 | 粤港澳大湾区数字经济研究院(福田) | File security processing system and file security processing method |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007021764A2 (en) * | 2005-08-18 | 2007-02-22 | Interdigital Technology Corporation | Method and system for securing wireless transmission of an aggregated frame |
| CN101996154A (en) * | 2009-08-10 | 2011-03-30 | 北京多思科技发展有限公司 | General processor supporting reconfigurable safety design |
| CN101996286A (en) * | 2009-08-10 | 2011-03-30 | 北京多思科技发展有限公司 | Dynamic security measure implementation method, security measurement device and application system |
| CN102495988A (en) * | 2011-12-19 | 2012-06-13 | 北京诺思恒信科技有限公司 | Domain-based access control method and system |
| CN103501303A (en) * | 2013-10-12 | 2014-01-08 | 武汉大学 | Active remote attestation method for measurement of cloud platform virtual machine |
| CN104239802A (en) * | 2014-10-15 | 2014-12-24 | 浪潮电子信息产业股份有限公司 | Design method for trusted server on basis of cloud data center |
| CN104573507A (en) * | 2015-02-05 | 2015-04-29 | 浪潮电子信息产业股份有限公司 | Secure container and design method thereof |
-
2015
- 2015-06-11 CN CN201510320835.XA patent/CN104951708A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007021764A2 (en) * | 2005-08-18 | 2007-02-22 | Interdigital Technology Corporation | Method and system for securing wireless transmission of an aggregated frame |
| CN101996154A (en) * | 2009-08-10 | 2011-03-30 | 北京多思科技发展有限公司 | General processor supporting reconfigurable safety design |
| CN101996286A (en) * | 2009-08-10 | 2011-03-30 | 北京多思科技发展有限公司 | Dynamic security measure implementation method, security measurement device and application system |
| CN102495988A (en) * | 2011-12-19 | 2012-06-13 | 北京诺思恒信科技有限公司 | Domain-based access control method and system |
| CN103501303A (en) * | 2013-10-12 | 2014-01-08 | 武汉大学 | Active remote attestation method for measurement of cloud platform virtual machine |
| CN104239802A (en) * | 2014-10-15 | 2014-12-24 | 浪潮电子信息产业股份有限公司 | Design method for trusted server on basis of cloud data center |
| CN104573507A (en) * | 2015-02-05 | 2015-04-29 | 浪潮电子信息产业股份有限公司 | Secure container and design method thereof |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105869309A (en) * | 2016-03-24 | 2016-08-17 | 广州广电运通信息科技有限公司 | Drive module memory data monitoring method and device |
| CN105956493A (en) * | 2016-06-29 | 2016-09-21 | 乐视控股(北京)有限公司 | Mobile phone file protection method and mobile phone file protection device |
| CN106203159A (en) * | 2016-06-30 | 2016-12-07 | 乐视控股(北京)有限公司 | A kind of method and apparatus of application program operation file |
| CN106778291B (en) * | 2016-11-22 | 2019-09-17 | 北京安云世纪科技有限公司 | The partition method and isolating device of application program |
| CN106778291A (en) * | 2016-11-22 | 2017-05-31 | 北京奇虎科技有限公司 | The partition method and isolating device of application program |
| CN106599679A (en) * | 2016-12-14 | 2017-04-26 | 中标软件有限公司 | Application program credibility measurement method and device |
| CN107491693A (en) * | 2017-07-24 | 2017-12-19 | 南京南瑞集团公司 | A kind of industry control operating system active defense method with self-learning property |
| CN109213572A (en) * | 2018-09-10 | 2019-01-15 | 郑州云海信息技术有限公司 | A kind of confidence level based on virtual machine determines method and server |
| CN109213572B (en) * | 2018-09-10 | 2021-10-22 | 郑州云海信息技术有限公司 | Credibility determination method based on virtual machine and server |
| CN110135127A (en) * | 2019-04-11 | 2019-08-16 | 北京亿赛通科技发展有限责任公司 | A kind of Document distribution formula baselined system and importing and distribution method based on sandbox |
| CN110046505A (en) * | 2019-04-28 | 2019-07-23 | 联想(北京)有限公司 | Vessel safety reinforcement means, system and storage medium |
| CN110046505B (en) * | 2019-04-28 | 2021-07-16 | 联想(北京)有限公司 | Container security reinforcement method, system and storage medium |
| CN114265663A (en) * | 2021-09-10 | 2022-04-01 | 云南电网有限责任公司信息中心 | Endogenous safety protection method for complete lifecycle of docker |
| CN115186300A (en) * | 2022-09-08 | 2022-10-14 | 粤港澳大湾区数字经济研究院(福田) | File security processing system and file security processing method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104951708A (en) | File measurement and protection method and device | |
| CN105205413B (en) | A kind of guard method of data and device | |
| CN103530559A (en) | Integrity protection system of Android system | |
| CN107302586A (en) | A kind of Webshell detection methods and device, computer installation, readable storage medium storing program for executing | |
| CN103745166A (en) | Method and device for inspecting file attribute value | |
| CN111159762B (en) | Subject credibility verification method and system under mandatory access control | |
| CN111400723A (en) | TEE extension-based operating system kernel mandatory access control method and system | |
| CN106169035A (en) | A kind of high-security mobile storage system and method | |
| KR20190080591A (en) | Behavior based real- time access control system and control method | |
| CN105260653A (en) | Safe loading method and system of program on the basis of Linux | |
| CN108228353A (en) | resource access control method, device and corresponding terminal | |
| CN107092838A (en) | A kind of safety access control method of hard disk and a kind of hard disk | |
| CN107563198B (en) | Host virus prevention and control system and method for industrial control system | |
| CN102663313B (en) | Method for realizing information security of computer system | |
| CN107122663B (en) | Injection attack detection method and device | |
| CN108229162A (en) | A kind of implementation method of cloud platform virtual machine completeness check | |
| CN110543775A (en) | data security protection method and system based on super-fusion concept | |
| CN116595573B (en) | Data security reinforcement method and device for traffic management information system | |
| CN111090616B (en) | File management method, corresponding device, equipment and storage medium | |
| CN110457892B (en) | Embedded system authority management method and system | |
| CN107562514A (en) | A kind of physical memory access control and partition method | |
| CN108304222A (en) | Apparatus management/control system and method | |
| CN111259405A (en) | Computer safety coefficient based on artificial intelligence | |
| CN110647771B (en) | Mysql database storage integrity verification protection method and device | |
| CN105631310A (en) | Efficient trusted process authentication scheme |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150930 |
|
| WD01 | Invention patent application deemed withdrawn after publication |