CN105224862B - A kind of hold-up interception method and device of office shear plates - Google Patents
A kind of hold-up interception method and device of office shear plates Download PDFInfo
- Publication number
- CN105224862B CN105224862B CN201510624553.9A CN201510624553A CN105224862B CN 105224862 B CN105224862 B CN 105224862B CN 201510624553 A CN201510624553 A CN 201510624553A CN 105224862 B CN105224862 B CN 105224862B
- Authority
- CN
- China
- Prior art keywords
- office
- shear
- characteristic value
- api
- shear plate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/032—Protect output to user by software means
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a kind of hold-up interception method of office shear plates, this method includes:The application programming interface API for being used to obtain shear plate content in operating system is detected;When the process that detected calls the API, intercept the process and obtain current process allocating stack;Detect whether the characteristic value of office operation shear plates be present in the process allocating stack;If the characteristic value of the office operations shear plate be present, judge the operation of office shear plates in the process be present, and refuse the operation of the office shear plates.The invention provides a kind of blocking apparatus of office shear plates, including:Detection unit, storehouse acquiring unit, characteristic value detection unit and operation refusal unit.The present invention can be controlled to office shear plate processes, prevented that encryption data from illegally being copied out, efficiently solved the Security Control Problem of office shear plates.
Description
Technical field
The present invention relates to computer processing technology field, more particularly to a kind of hold-up interception method and dress of office shear plates
Put.
Background technology
In electronic document transparent encryption product, certain operation need to be carried out during opening and using to the document of encryption
Behavior is protected, and wherein shear plate is critically important one side.Common operation is to choose the content right button to be replicated to answer
Make or by lower keyboard Ctrl+C Macintosh, then right button is pasted or by lower keyboard Ctrl+V Macintosh in another process
The content chosen is pasted in other process.
What behavior more than in general text software was walked is the shear plate function interface of WINDOWS open systems, therefore only
Need that the function interface of correlation is carried out intercepting can to reach to prevent the problem of encryption data is by illegal examined out.But
It is the transmission that data are carried out by own shear plate mode that the duplication of Office softwares, which is pasted, so usual intercepting system is cut
Cutting plate function interface, which can not reach, prevents encryption data by illegal the problem of copying out.
Office is usual most commonly used office software, if its shear plate operation behavior can not be controlled accurately
System, then the encryption to office documents also just loses meaning because the data of encryption can with it is easy copy to it is non-
In the file of encryption.
The content of the invention
The defects of for prior art, the present invention provide a kind of hold-up interception method and device of office shear plates, can be right
Office shear plate processes are controlled, and are prevented that encryption data from illegally being copied out, are efficiently solved the peace of office shear plates
Full control problem.
In a first aspect, the invention provides a kind of hold-up interception method of office shear plates, this method includes:
The application programming interface API for being used to obtain shear plate content in operating system is detected;
When the process that detected calls the API, intercept the process and obtain current process allocating stack;
Detect whether the characteristic value of office operation shear plates be present in the process allocating stack;
If the characteristic value of the office operations shear plate be present, judge the behaviour of office shear plates in the process be present
Make, and refuse the operation of the office shear plates.
Preferably, this method also includes:
If operating the characteristic value of shear plate in the absence of the office, the process is let pass.
Preferably, the API for being used to obtain shear plate content in system is detected, including:
The API for being used to obtain shear plate content in system is detected using Hook Technique HOOK, and to calling institute
The process for stating API is intercepted.
Preferably, detect whether the characteristic value of office operation shear plates be present in the process allocating stack, including:
Using process stacks back trace technique, the characteristic value that office operates shear plate is detected in the process allocating stack.
Preferably, this method also includes:
Program corresponding to the office shear plates hold-up interception method is encapsulated into application extensions Dll interface documents.
Preferably, this method also includes:
The Dll interface documents are positioned over to the process that already present process to be protected is needed in the system and is newly started
In.
Second aspect, the invention provides a kind of blocking apparatus of office shear plates, the device includes:
Detection unit, for being detected to the API for being used to obtain shear plate content in operating system;
Storehouse acquiring unit, for when detect in process have call the API when, intercept the process and obtain current
Process allocating stack;
Characteristic value detection unit, for detecting whether office operation shear plates be present in the process allocating stack
Characteristic value;
Operation refusal unit, for when the characteristic value of the office operations shear plate be present, judging to deposit in the process
In the operation of office shear plates, and refuse the operation of the office shear plates.
Preferably, the device also includes clearance unit, is used for:
If operating the characteristic value of shear plate in the absence of the office, the process is let pass.
Preferably, the detection unit, is used for:
The API for being used to obtain shear plate content in system is detected using Hook Technique HOOK, and to calling institute
The process for stating API is intercepted.
Preferably, the characteristic value detection unit, is used for:
Using process stacks back trace technique, the characteristic value that office operates shear plate is detected in the process allocating stack.
As shown from the above technical solution, the present invention provides a kind of hold-up interception method and device of office shear plates, by right
The copy of office softwares is pasted behavior and analyzed, and combines process stacks back trace technique, efficiently solves office and cuts
The Security Control Problem of cutting plate, office shear plate processes can be controlled, prevent that encryption data from illegally being copied out.
Brief description of the drawings
, below will be to embodiment or existing in order to illustrate more clearly of the embodiment of the present disclosure or technical scheme of the prior art
There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
Some disclosed embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, can be with
Other accompanying drawings are obtained according to these figures.
Fig. 1 is a kind of schematic flow sheet of the hold-up interception method for office shear plates that one embodiment of the invention provides;
Fig. 2 is a kind of structural representation of the blocking apparatus for office shear plates that another embodiment of the present invention provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present disclosure, the technical scheme in the embodiment of the present disclosure is carried out clear, complete
Site preparation describes, it is clear that described embodiment is only disclosure part of the embodiment, rather than whole embodiments.It is based on
Embodiment in the disclosure, those of ordinary skill in the art are obtained every other under the premise of creative work is not made
Embodiment, belong to the scope of disclosure protection.
A kind of as shown in figure 1, flow signal of the hold-up interception method of the office shear plates provided for the embodiment of the disclosure one
Figure, this method comprise the following steps:
S1:To the application programming interface (Application for being used to obtain shear plate content in operating system
Programming Interface, abbreviation API) detected.
Specifically, the API (Get Clipboard Data) of the acquisition shear plate content of the offer of system can be carried out
HOOK.The API for being used to obtain shear plate content in system is detected using Hook Technique HOOK, and to described in calling
API process is intercepted.In this way, it is monitored and connects by the interface of pair correlation function, it is possible to achieve is soft to office
The copy of part is pasted behavior and analysed in depth.
S2:When the process that detected calls the API, intercept the process and obtain current process allocating stack.
S3:Detect whether the characteristic value of office operation shear plates be present in the process allocating stack.
Specifically, by inquiry in the process allocating stack that is obtained in above-mentioned steps with the presence or absence of office operation shearings
The characteristic value of plate, behavior can be pasted to office copy and be monitored, office shear plate processes can be controlled, prevented
Only encryption data is illegally copied out.
S4:If the characteristic value of the office operations shear plate be present, judge office shear plates in the process be present
Operation, and refuse the operation of the office shear plates.
It will be appreciated that this method also comprises the following steps:
If operating the characteristic value of shear plate in the absence of the office, the process is let pass.
Specifically, when the characteristic value that shear plate is operated in the absence of office, then show that the process is cut in the absence of office
The operation of cutting plate, therefore without forbidding or refusing operation to process progress is any.
As can be seen here, the technology that the present embodiment is intercepted using the system shear plate of generally use, but in the base of the technology
The behavioral analysis technology of software is added on plinth, and analysis result is modeled with Stack back trace technology with reference to anti-so as to realize
The target of shield.Compared with the system shear plate monitoring technology of generally use, what technical solution of the present invention will be complicated is more, is more than making
With API Interception Technologies, process stacks back trace technique and behavioural analysis experience have also been used.The complexity of logic on coding is realized
Property it is very big, it is necessary to which some details are done with tightened up analysis and processing.
Specifically, detect whether the spy of office operation shear plates be present in step S1 in the process allocating stack
Value indicative, specifically it may include:
Using process stacks back trace technique, the characteristic value that office operates shear plate is detected in the process allocating stack.
Further, this method also comprises the following steps:
Program corresponding to the office shear plates hold-up interception method is encapsulated into application extensions Dll interface documents.
In this way, the Dll interface documents obtained based on the step, are available for installation procedure to install it, realized to process
Protection.
Further, this method also comprises the following steps:
The Dll interface documents are positioned over to the process that already present process to be protected is needed in the system and is newly started
In.
As can be seen here, when installation procedure is installed to packaged logic module, Dll interface documents are injected all
Need in already present progress to be protected and the process newly started, when performing corresponding program every time, the Dll interface documents will
It is called, to realize that pasting behavior to the copy for encrypting office documents is monitored and protects.
A kind of hold-up interception method of office shear plates is present embodiments provided, by pasting row to the copy of office softwares
To be analyzed, and process stacks back trace technique is combined, efficiently solve the Security Control Problem of office shear plates, can
Office shear plate processes are controlled, prevent that encryption data from illegally being copied out.
As shown in Fig. 2 a kind of structure of the blocking apparatus of the office shear plates provided for another embodiment of the present invention is shown
It is intended to, the device includes:Detection unit 201, storehouse acquiring unit 202, characteristic value detection unit 203 and operation refusal unit
204.Wherein:
Detection unit 201, for being detected to the API for being used to obtain shear plate content in operating system;
Storehouse acquiring unit 202, for when detect in process have call the API when, intercept the process and worked as
Preceding process allocating stack;
Characteristic value detection unit 203, for detecting whether office operation shearings be present in the process allocating stack
The characteristic value of plate;
Operation refusal unit 204, for when the characteristic value of the office operations shear plate be present, judging in the process
The operation of office shear plates be present, and refuse the operation of the office shear plates.
In the present embodiment, the device also includes clearance unit, is used for:
If operating the characteristic value of shear plate in the absence of the office, the process is let pass.
In the present embodiment, the detection unit 201, it is used for:
The API for being used to obtain shear plate content in system is detected using Hook Technique HOOK, and to calling institute
The process for stating API is intercepted.
In the present embodiment, the characteristic value detection unit 203, it is used for:
Using process stacks back trace technique, the characteristic value that office operates shear plate is detected in the process allocating stack.
The blocking apparatus for the office shear plates that the present embodiment provides, solves one in office document uses well
Individual very big potential safety hazard, it is the essential technology of electronic document safety product defense controls, for electronic document safety
The development of product and improve significant.
For device embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, it is related
Part illustrates referring to the part of embodiment of the method.
It should be noted that in all parts of the system of the disclosure, according to the function that it to be realized to therein
Part has carried out logical partitioning, and still, the present disclosure is not limited thereto, all parts can be repartitioned as needed or
Person combines, for example, can be single part by some component combinations, or can be further broken into some parts more
Subassembly.
The all parts embodiment of the disclosure can realize with hardware, or to be run on one or more processor
Software module realize, or realized with combinations thereof.It will be understood by those of skill in the art that it can use in practice
Microprocessor or digital signal processor (DSP) realize some or all portions in the system according to the embodiment of the present disclosure
The some or all functions of part.The disclosure is also implemented as the part or complete for performing method as described herein
The equipment or program of device (for example, computer program and computer program product) in portion.Such program for realizing the disclosure
It can store on a computer-readable medium, or can have the form of one or more signal.Such signal can be with
Download and obtain from internet website, either provide on carrier signal or provided in the form of any other.
The disclosure is limited it should be noted that above-described embodiment illustrates rather than to the disclosure, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The disclosure can be by means of including the hardware of some different elements and being come by means of properly programmed computer real
It is existing.In if the unit claim of equipment for drying is listed, several in these devices can be by same hardware branch
To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame
Claim.
Embodiment of above is only suitable to the explanation disclosure, and is not the limitation to the disclosure, about the common of technical field
Technical staff, in the case where not departing from spirit and scope of the present disclosure, it can also make a variety of changes and modification, thus it is all
Equivalent technical scheme falls within the category of the disclosure, and the scope of patent protection of the disclosure should be defined by the claims.
Claims (10)
1. a kind of hold-up interception method of office shear plates, it is characterised in that this method includes:
The application programming interface API for being used to obtain shear plate content in operating system is detected;
When the process that detected calls the API, intercept the process and obtain current process allocating stack;
Detect whether the characteristic value of office operation shear plates be present in the process allocating stack;
If the characteristic value of the office operations shear plate be present, judge the operation of office shear plates in the process be present,
And refuse the operation of the office shear plates.
2. according to the method for claim 1, it is characterised in that this method also includes:
If operating the characteristic value of shear plate in the absence of the office, the process is let pass.
3. according to the method for claim 1, it is characterised in that it is described in system be used for obtain shear plate content
API is detected, including:
The API for being used to obtain shear plate content in system is detected using Hook Technique HOOK, and to calling the API
Process intercepted.
4. according to the method for claim 1, it is characterised in that detect whether exist in the process allocating stack
Office operates the characteristic value of shear plate, including:
Using process stacks back trace technique, the characteristic value that office operates shear plate is detected in the process allocating stack.
5. according to the method for claim 1, it is characterised in that this method also includes:
Program corresponding to the office shear plates hold-up interception method is encapsulated into application extensions Dll interface documents.
6. according to the method for claim 5, it is characterised in that this method also includes:
The Dll interface documents, which are positioned over, to be needed in the system in already present process to be protected and the process newly started.
7. a kind of blocking apparatus of office shear plates, it is characterised in that the device includes:
Detection unit, for being detected to the API for being used to obtain shear plate content in operating system;
Storehouse acquiring unit, for when detect in process have call the API when, intercept the process and obtain current process
Allocating stack;
Characteristic value detection unit, for the feature for detecting whether to have office operation shear plates in the process allocating stack
Value;
Operation refusal unit, for when the characteristic value of the office operations shear plate be present, judging exist in the process
The operation of office shear plates, and refuse the operation of the office shear plates.
8. device according to claim 7, it is characterised in that the device also includes clearance unit, is used for:
If operating the characteristic value of shear plate in the absence of the office, the process is let pass.
9. device according to claim 7, it is characterised in that the detection unit, be used for:
The API for being used to obtain shear plate content in system is detected using Hook Technique HOOK, and to calling the API
Process intercepted.
10. device according to claim 7, it is characterised in that the characteristic value detection unit, be used for:
Using process stacks back trace technique, the characteristic value that office operates shear plate is detected in the process allocating stack.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510624553.9A CN105224862B (en) | 2015-09-25 | 2015-09-25 | A kind of hold-up interception method and device of office shear plates |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510624553.9A CN105224862B (en) | 2015-09-25 | 2015-09-25 | A kind of hold-up interception method and device of office shear plates |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105224862A CN105224862A (en) | 2016-01-06 |
CN105224862B true CN105224862B (en) | 2018-03-27 |
Family
ID=54993825
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510624553.9A Active CN105224862B (en) | 2015-09-25 | 2015-09-25 | A kind of hold-up interception method and device of office shear plates |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105224862B (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106203077B (en) * | 2016-06-28 | 2019-06-07 | 珠海豹趣科技有限公司 | A kind of processing method of Copy Info, device and electronic equipment |
CN109409098B (en) * | 2017-10-24 | 2021-01-01 | 浙江华途信息安全技术股份有限公司 | Method and device for preventing data leakage of clipboard |
CN108846287A (en) * | 2018-06-26 | 2018-11-20 | 北京奇安信科技有限公司 | A kind of method and device of detection loophole attack |
CN108898016A (en) * | 2018-06-29 | 2018-11-27 | 北京奇虎科技有限公司 | Attack guarding method and device |
CN109784036A (en) * | 2018-12-12 | 2019-05-21 | 平安科技(深圳)有限公司 | Anti- processing method of divulging a secret, device, medium and the electronic equipment of application program |
CN109784037B (en) * | 2018-12-29 | 2021-04-23 | 360企业安全技术(珠海)有限公司 | Security protection method and device for document file, storage medium and computer equipment |
CN109783316B (en) * | 2018-12-29 | 2022-07-05 | 奇安信安全技术(珠海)有限公司 | Method and device for identifying tampering behavior of system security log, storage medium and computer equipment |
CN113239350A (en) * | 2021-06-11 | 2021-08-10 | 杭州安恒信息技术股份有限公司 | Method and device for preventing shear plate from being illegally tampered and electronic device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103605930A (en) * | 2013-11-27 | 2014-02-26 | 湖北民族学院 | Double file anti-divulging method and system based on HOOK and filtering driving |
CN103995990A (en) * | 2014-05-14 | 2014-08-20 | 江苏敏捷科技股份有限公司 | Method for preventing electronic documents from divulging secrets |
CN104268479A (en) * | 2014-09-29 | 2015-01-07 | 北京奇虎科技有限公司 | Text operation isolating method, device and mobile terminal |
-
2015
- 2015-09-25 CN CN201510624553.9A patent/CN105224862B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103605930A (en) * | 2013-11-27 | 2014-02-26 | 湖北民族学院 | Double file anti-divulging method and system based on HOOK and filtering driving |
CN103995990A (en) * | 2014-05-14 | 2014-08-20 | 江苏敏捷科技股份有限公司 | Method for preventing electronic documents from divulging secrets |
CN104268479A (en) * | 2014-09-29 | 2015-01-07 | 北京奇虎科技有限公司 | Text operation isolating method, device and mobile terminal |
Also Published As
Publication number | Publication date |
---|---|
CN105224862A (en) | 2016-01-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105224862B (en) | A kind of hold-up interception method and device of office shear plates | |
US9344457B2 (en) | Automated feedback for proposed security rules | |
US9888032B2 (en) | Method and system for mitigating the effects of ransomware | |
EP3225010B1 (en) | Systems and methods for malicious code detection accuracy assurance | |
US7587724B2 (en) | Kernel validation layer | |
US9372989B2 (en) | Robust malware detector | |
JP6100898B2 (en) | Method and device for processing messages | |
US10027689B1 (en) | Interactive infection visualization for improved exploit detection and signature generation for malware and malware families | |
US8793682B2 (en) | Methods, systems, and computer program products for controlling software application installations | |
US8443449B1 (en) | Silent detection of malware and feedback over a network | |
US20170078307A1 (en) | Anti-key logger apparatus, system, and method | |
US20060101128A1 (en) | System for preventing keystroke logging software from accessing or identifying keystrokes | |
WO2018045073A1 (en) | Systems and methods for identifying and mapping sensitive data on an enterprise | |
US10009370B1 (en) | Detection and remediation of potentially malicious files | |
US9323925B2 (en) | Method and system for prevention of windowless screen capture | |
CN107330328B (en) | Method and device for defending against virus attack and server | |
CN107832613A (en) | A kind of computer virus processing method | |
CN103514405B (en) | The detection method of a kind of buffer overflow and system | |
US8978150B1 (en) | Data recovery service with automated identification and response to compromised user credentials | |
CN109284636B (en) | Webpage tamper-proofing system and method | |
CN103870761A (en) | Leak prevention method and device based on local virtual environment | |
WO2019005395A2 (en) | Mitigation of malicious actions associated with graphical user interface elements | |
US10880316B2 (en) | Method and system for determining initial execution of an attack | |
CN106407815A (en) | Vulnerability detection method and device | |
CN105117642B (en) | Mounting-free ActiveX plug-in unit security detection device and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |