CN105447386B - A kind of blocking-up method and device of hardware rootkit malicious act - Google Patents
A kind of blocking-up method and device of hardware rootkit malicious act Download PDFInfo
- Publication number
- CN105447386B CN105447386B CN201410339835.XA CN201410339835A CN105447386B CN 105447386 B CN105447386 B CN 105447386B CN 201410339835 A CN201410339835 A CN 201410339835A CN 105447386 B CN105447386 B CN 105447386B
- Authority
- CN
- China
- Prior art keywords
- hardware device
- voltage
- hardware
- mode
- monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
This application discloses the blocking-up methods and device of a kind of hardware rootkit malicious act, to solve in the prior art, there is no any preventive means to hardware rootkit, once hacker attack successfully can be distorted arbitrarily on hardware device in EEPROM the problem of storage content.Voltage switch is arranged in this method on hardware device, program voltage is controlled by the voltage switch, to control the write-in permission of hardware device EEPROM, monitoring device also can be used to manage one or more hardware devices, for hardware device, administrator password is set, when attacker input password mistake when, directly by the mode of operation of hardware device be set as can not write state, so as to effectively block malice tampering of the hardware rootkit to the content stored in EEPROM on hardware device.
Description
Technical field
This application involves the blocking-up method of field of computer technology more particularly to a kind of hardware rootkit malicious act and
Device.
Background technique
Rootkit is a kind of special attack pattern, and the rogue programs such as usual and wooden horse are used in combination, it is special by load
System kernel is modified in different driving, provides back door to be implanted into the rogue programs such as wooden horse of its carrying as attacker, and can be
Hidden its rogue program such as wooden horse being implanted into target of attack, thus rogue program of its implantation all have it is very strong hidden
Property.
Hardware rootkit refers to using rogue programs such as rootkit attack pattern implantation wooden horses, then passes through these malice
Band Electrically Erasable Programmable Read-Only Memory (Electrically Erasable Programmable on modification of program hardware device
Read-Only Memory, EEPROM) in the hardware relevant information and program that store, manipulate the hardware device to reach malice
Purpose.For example, the EEPROM of the EEPROM of the EEPROM of the EEPROM of computer motherboard, network interface card, video card, printer, router
EEPROM, EEPROM of industrial controlled machine of interchanger etc. may become target of attack.For can the erasable hardware device of electricity,
Hacker can arbitrarily distort binary system (binary, bin) file on hardware device by hardware rootkit, and user is complete
It is ignorant.
In the prior art, there is no any preventive means to hardware rootkit, once hacker attack successfully can be random
The content stored in EEPROM on hardware device is distorted, such as bin file, cyclic redundancy check code (Cyclic Redundancy
Check, CRC) etc., then malice manipulates and uses these hardware.Therefore need to increase preventive means to block hardware rootkit
The malicious act that the content stored in EEPROM on hardware device is arbitrarily distorted.
Summary of the invention
The embodiment of the present application provides the blocking-up method and device of a kind of hardware rootkit malicious act, existing to solve
In technology when being attacked by hardware rootkit, hardware rootkit can not be blocked to storing in the EEPROM on hardware device
The problem of malicious act that content is arbitrarily distorted.
A kind of blocking-up method of hardware rootkit malicious act provided by the embodiments of the present application, comprising:
For hardware device, voltage switch is set;
The voltage switch is used to control the program voltage of the hardware device;
When the program voltage is greater than predeterminated voltage, the hardware device is in can write state;
When the program voltage is not more than predeterminated voltage, the hardware device is in can not write state.
A kind of blocking-up method of hardware rootkit malicious act provided by the embodiments of the present application is provided on hardware device
For controlling the voltage switch of program voltage, this method comprises:
The hardware device receives write request;
Predeterminated voltage is greater than by the program voltage that the voltage switch controls when the hardware device determines, and is set by monitoring
The mode of operation of standby control be can write state when, execute the write request;
Predeterminated voltage is not more than by the program voltage that the voltage switch controls when the hardware device determines, or by supervising
Control equipment control mode of operation be can not write state when, refusal executes the write request.
A kind of blocking-up method of hardware rootkit malicious act provided by the embodiments of the present application is provided on hardware device
For controlling the voltage switch of program voltage, this method comprises:
Monitoring device judges whether the password of input is identical as preset password;
If so, set the mode of operation of the hardware device to can write state;
Otherwise, setting the mode of operation of the hardware device to can not write state;
Wherein, when the program voltage of the hardware device is greater than predeterminated voltage, and the mode of operation being arranged by monitoring device
For can write state when, allow execute write operation;
When the program voltage of the hardware device is no more than predeterminated voltage, or by the mode of operation that monitoring device is arranged
Can not write state when, refusal execute write operation.
A kind of hardware device provided by the embodiments of the present application, comprising:
Voltage switch, for controlling the program voltage of the hardware device;
When the program voltage is greater than predeterminated voltage, the hardware device is in can write state;
When the program voltage is not more than predeterminated voltage, the hardware device is in can not write state.
A kind of occluding device of hardware rootkit malicious act provided by the embodiments of the present application, comprising:
Switch module, the switch module are used to control the program voltage of the hardware device;
When the program voltage is greater than predeterminated voltage, the hardware device is in can write state;
When the program voltage is not more than predeterminated voltage, the hardware device is in can not write state.
A kind of occluding device of hardware rootkit malicious act provided by the embodiments of the present application is provided on hardware device
For controlling the voltage switch of program voltage, which includes:
Interface module, for receiving write request;
Execution module, for being greater than predeterminated voltage when the program voltage controlled by the voltage switch, and by monitoring device
The mode of operation of control be can write state when, execute the write request;
Module is blocked, for working as the program voltage controlled by the voltage switch no more than predeterminated voltage, or by monitoring
The mode of operation of equipment control be can not write state when, refusal executes the write request.
A kind of occluding device of hardware rootkit malicious act provided by the embodiments of the present application is provided on hardware device
For controlling the voltage switch of program voltage, which includes:
Whether first judgment module, the password for judging input are identical as preset password;
Setup module, for when the judging result of the first judgment module be when, by the operation of the hardware device
State be set as can write state, when the judging result of the first judgment module be it is no when, by the operation shape of the hardware device
State is set as can not write state;
Wherein, when the program voltage of the hardware device is greater than predeterminated voltage, and the mode of operation being arranged by monitoring device
For can write state when, allow to execute the write operation;
When the program voltage of the hardware device is no more than predeterminated voltage, or by the mode of operation that monitoring device is arranged
Can not write state when, refusal executes the write operation.
The embodiment of the present application provides the blocking-up method and device of a kind of hardware rootkit malicious act, and this method is in hardware
Voltage switch is set in equipment, program voltage is controlled by the voltage switch, to control the write-in power of hardware device EEPROM
Limit, also monitoring device can be used to manage one or more hardware devices, and administrator password is arranged for hardware device, when attacker inputs
When password mistake, directly by the mode of operation of hardware device be set as can not write state, so as to effectively block hardware
Malice tampering of the rootkit to the content stored in EEPROM on hardware device.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present application, constitutes part of this application, this Shen
Illustrative embodiments and their description please are not constituted an undue limitation on the present application for explaining the application.In the accompanying drawings:
Fig. 1 is the blocking process of hardware rootkit malicious act provided by the embodiments of the present application;
Fig. 2 is the blocking process of the hardware rootkit malicious act provided by the embodiments of the present application corresponding to Fig. 1;
Fig. 3 is the occluding device structural schematic diagram of hardware rootkit malicious act provided by the embodiments of the present application.
Fig. 4 is the occluding device structural schematic diagram of another hardware rootkit malicious act provided by the embodiments of the present application.
Specific embodiment
To keep the purposes, technical schemes and advantages of the application clearer, below in conjunction with the application specific embodiment and
Technical scheme is clearly and completely described in corresponding attached drawing.Obviously, described embodiment is only the application one
Section Example, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not doing
Every other embodiment obtained under the premise of creative work out, shall fall in the protection scope of this application.
The concept explained or limited in the present embodiment is suitable for following all embodiments.
In the embodiment of the present application, voltage switch can be set for hardware device, which sets for controlling the hardware
Standby program voltage.Wherein, voltage switch described in the embodiment of the present application refers to physical switch, rather than software switch.
Hardware device described in the embodiment of the present application refers to using EEPROM the hardware device for storing information, such as can
To be mainboard, network interface card, video card, hard disk, printer, router, interchanger, industrial personal computer etc..EEPROM is a kind of plug and play, is fallen
Data are not lost after electricity, and the erasable twin voltage storage chip write.Wherein, twin voltage refers to operating voltage and program voltage,
Eeprom chip can only execute read operation under operating voltage, only when program voltage is higher than predeterminated voltage, could run life
Producing producer is the write operation program that chip provides, to execute write operation.In general, the predeterminated voltage is higher than normal working voltage,
Depending on predeterminated voltage is with different eeprom chip models, generally 12~24V.
It is used to control the program voltage for the voltage switch of hardware device setting, predeterminated voltage is that eeprom chip entrance can
The voltage threshold of write state, by eeprom chip, manufacturer is determined, is somebody's turn to do when the program voltage added to eeprom chip is greater than
When voltage threshold, hardware device is subjected to write operation, otherwise only receives read operation.That is, when the programming controlled by voltage switch
Voltage be greater than predeterminated voltage when, the hardware device be in can write state, when program voltage be not more than predeterminated voltage when, hardware device
In can not write state.
As a result, by the way that the voltage switch for controlling program voltage is arranged on hardware device, as long as being opened by the voltage
Close control hardware device program voltage be not more than predeterminated voltage, so that it may make hardware device be in can not write state, so as to keep away
Exempt from the EEPROM that attacker distorts hardware device by hardware rootkit attack pattern, especially when attacker remotely passes through firmly
When part rootkit mode attacks hardware device, since it not can control the physical switch being arranged on hardware, also
EEPROM can not be distorted.
It in the embodiment of the present application, can be in such a way that voltage switch controls program voltage are as follows: when voltage switch is closed
When, program voltage is greater than predeterminated voltage;Conversely, program voltage is not more than predeterminated voltage when voltage switch disconnects.Certainly,
It may is that program voltage is greater than predeterminated voltage when voltage switch disconnects;Conversely, program voltage is not when voltage switch closure
Greater than predeterminated voltage.
Further, the physics realization means of circuit are connected to or cut off in practical application scene, on the circuit board of chip
It is realized generally by the mode of jumper switch, therefore, voltage switch described in the embodiment of the present application can be jumper switch,
That is, the circuit communication of program voltage, program voltage is greater than predeterminated voltage when jumper switch closure, eeprom chip enters
Can write state, when the jumper switch disconnects, the circuit of program voltage is disconnected, and program voltage is not more than predeterminated voltage, EEPROM
Chip enters can not write state.
In view of in practical application scene, attacker may also can slip into computer room, the electricity being arranged on hardware device
Compress switch closure, and the program voltage of hardware device is made to be greater than predeterminated voltage so that hardware device be in can write state, then lead to
The mode for crossing hardware rootkit distorts the EEPROM of hardware device, to be implanted into the rogue programs such as wooden horse.Therefore, in order to further
The malicious act of hardware rootkit is blocked, to be further ensured that the safety of hardware device, the embodiment of the present application is in addition in hardware
Voltage switch for controlling program voltage is set in equipment, other than the mode of operation for controlling hardware device, also can be used
Monitoring device controls the mode of operation of hardware device, as shown in Figure 1.
Fig. 1 is the blocking process of hardware rootkit malicious act provided by the embodiments of the present application, specifically includes following step
It is rapid:
S101: hardware device receives write request.
In the present embodiment, write request can be original information erasure or write-in both operation requests of new information.For example,
The request for deleting the operations such as file, newly-increased file, modification file, alternate file belongs to write request.
S102: hardware device judges whether the program voltage of voltage switch control is greater than predeterminated voltage, if so, executing step
Otherwise S103 executes step S105.
In the embodiment of the present application, after hardware device receives write request, the program voltage of itself can be checked, and judging should
Whether program voltage is greater than predeterminated voltage, wherein if voltage switch is off-state, program voltage is not more than predeterminated voltage,
If voltage switch is closed state, program voltage is greater than predeterminated voltage.
S103: hardware device judge by monitoring device control mode of operation whether be can write state, if so, executing step
Otherwise rapid S104 executes step S105.
In the embodiment of the present application, monitoring device can be a host or server, and monitoring device can be set with hardware
Standby upper control interface docks, and the hardware device is managed monitoring by the management and monitoring function of itself.Wherein, a prison
Control equipment can manage one or more hardware devices.
Specifically, corresponding password can be arranged for hardware device in advance, and the password and the password are set with the hardware
Standby corresponding relationship is stored in monitoring device, then when user (user may be normal user, it is also possible to attacker)
By the mode of operation of hardware device by can not write state be changed to can write state when, it is necessary first to will change request be sent to prison
Equipment is controlled, monitoring device can then require user to input the corresponding password of the hardware device, after the password for receiving user's input,
Judge that whether corresponding with hardware device the password preset password of input be identical, if they are the same, the mode of operation of hardware device is set
Be set to can write state, if it is different, then setting the mode of operation of hardware device to can not write state.
For hardware device, since in a step 102, it is default that hardware device has determined that its program voltage is greater than
Voltage, therefore in S103 step, hardware device can decide whether to execute according to the mode of operation controlled by monitoring device
Write request.
S104: the write request is executed.
S105: refusal executes the write request.
That is, only when the program voltage controlled by voltage switch is greater than predeterminated voltage, and the behaviour controlled by monitoring device
Make state be can write state when, hardware device could execute write operation, and when being not more than by the program voltage that voltage switch controls
Predeterminated voltage, or when the mode of operation controlled by monitoring device be can not write state when, hardware device refuse execution writes behaviour
Make.
To even if attacker slips into computer room, and the voltage switch being arranged on hardware device is closed, make hardware device
Program voltage be greater than predeterminated voltage, and if by monitoring device control mode of operation be can not write state, attacker is still
The EEPROM of hardware device can not be so distorted by way of hardware rootkit, to be implanted into the rogue programs such as wooden horse, therefore can be into
The safety of one step guarantee hardware device.
Method as shown in Figure 1 can be seen that when password not being arranged to hardware device, and hardware device only has voltage switch
A kind of this write permission of physical means control hardware device, and after being provided with password to hardware device, it is the equal of further through prison
Control equipment increases the write permission that a kind of software approach is used to control hardware device.And one as built in the general meeting of eeprom chip
A program (hereinafter referred to as control program) dedicated for executing write request, if hardware device cannot correctly execute this
Program is controlled, hardware device can not just execute any write request, and therefore, monitoring device controls the side of the mode of operation of hardware device
Method may is that monitoring device can determine whether the password of user's input is identical as preset password, be that this is hard further according to judging result
A mode of operation parameter is arranged in part equipment, the control program whether then can be performed with the state modulator hardware device, also
Control the whether executable write request of hardware device.
For example, when Password Input is correct, monitoring device passes through hard under the premise of the voltage switch of hardware device closure
The control interface of part equipment sends the first mode of operation parameter, which should for allowing hardware device to execute
Program is controlled, when Password Input mistake, monitoring device setting sends the second mode of operation by the control interface of hardware device
Parameter, the second mode of operation parameter is for forbidding hardware device to execute the control program.
Fig. 2 is the blocking process of the hardware rootkit malicious act provided by the embodiments of the present application corresponding to Fig. 1, specifically
The following steps are included:
S201: monitoring device receives the password of user's input.
S202: monitoring device judges whether the password of input is identical as preset password, if so, step S203 is executed, otherwise,
Execute step S204.
S203: setting the mode of operation of the corresponding hardware device of the preset password to can write state.
S204: setting the mode of operation of the corresponding hardware device of the preset password to can not write state.
Further, in the embodiment of the present application, can with after preset password input error can number of retries and again
Effective time interval is tried, then monitoring device can determine whether that the last time receives in the password and preset password difference for determining input
To the time interval at current time whether being greater than preset duration at the time of the password of input, (preset duration is preset retries
Effective time interval), if so, the number of retries of preservation is reset and adds 1, otherwise, the number of retries of preservation is added 1.
Also, when monitoring device save number of retries be more than it is preset can number of retries when, monitoring device sets hardware
Standby mode of operation is set as lock state.Wherein, when the mode of operation of hardware device is arranged to lock state, the hardware
Equipment refuses the mode of operation of any apparatus modifications hardware device, and refuses to execute write operation, the only life of the hardware device
Producing producer can unlock state.It is opposite, when the number of retries that monitoring device saves be less than it is preset can number of retries
When, monitoring device wouldn't set the mode of operation of hardware device to lock state, and user can still re-enter password.
Further, if not in monitoring device preset can number of retries, when monitoring device judge input password with
When preset password is not identical, both directly can set lock state for the mode of operation of the hardware device, also allow for user without
Limit time re-enters password.
In addition, in the embodiment of the present application, monitoring device carries out the specified data in hardware device by control interface
Monitoring, and periodically obtains monitoring record, when monitoring these specified data and changing, by the mark of the hardware device
Labeled as the mark for being tampered equipment and monitoring log is written, to provide subsequent audit basis.Wherein, specified data can be
The sensitive data that bin file, cyclic redundancy check etc. are easily distorted by attacker passes through auditing and supervisory when monitoring the change of these data
The information such as the modification time, the login user that record in log may determine whether to be caused by malicious act.
The above are the blocking-up methods of hardware rootkit malicious act provided by the embodiments of the present application, are based on same thinking,
The embodiment of the present application also provides the occluding devices of hardware rootkit malicious act, as shown in Figure 3, Figure 4.
Fig. 3 is the occluding device structural schematic diagram of hardware rootkit malicious act provided by the embodiments of the present application, specific to wrap
It includes:
Interface module 301, for receiving write request;
Execution module 302 for being greater than predeterminated voltage when the program voltage controlled by the voltage switch, and is set by monitoring
The mode of operation of standby control be can write state when, execute the write request;
Module 303 is blocked, for working as the program voltage controlled by the voltage switch no more than predeterminated voltage, or by supervising
Control equipment control mode of operation be can not write state when, refusal executes the write request.
Specific above-mentioned device as shown in Figure 3 can be located on hardware device.
Fig. 4 is the occluding device structural schematic diagram of another hardware rootkit malicious act provided by the embodiments of the present application,
It specifically includes:
Whether first judgment module 401, the password for judging input are identical as preset password;
Setup module 402, for when the judging result of the first judgment module be when, by the behaviour of the hardware device
As state be set as can write state, when the judging result of the first judgment module be it is no when, by the operation of the hardware device
State is set as can not write state;
Wherein, when the program voltage of the hardware device is greater than predeterminated voltage, and the mode of operation being arranged by monitoring device
For can write state when, allow to execute the write operation;
When the program voltage of the hardware device is no more than predeterminated voltage, or by the mode of operation that monitoring device is arranged
Can not write state when, refusal executes the write operation.
Second judgment module 403, when for determining the password and preset password difference of input when the first judgment module,
Judge whether be greater than setting duration to the time interval at current time at the time of the last time receives the password of input;
Locking module 404, for when the judging result of the second judgment module, which is, is, the number of retries of preservation to be reset simultaneously
Add 1, when the judging result of the second judgment module is no, the number of retries of preservation is added 1, when the number of retries of preservation is more than pre-
If can number of retries when, set lock state for the mode of operation of the hardware device;
Wherein, when the mode of operation of the hardware device is arranged to lock state, the hardware device refusal is any
Apparatus modifications mode of operation, and refuse to execute write operation.
Monitoring module 405, for monitoring the specified data in the hardware device, when monitoring in the hardware device
When specified data change, labeled as the mark for being tampered equipment and monitoring log is written into the mark of the hardware device.
Specific above-mentioned device as shown in Figure 4 can be located in monitoring device.
The embodiment of the present application provides the blocking-up method and device of a kind of hardware rootkit malicious act, and this method is in hardware
Voltage switch is set in equipment, program voltage is controlled by the voltage switch, to control the write-in power of hardware device EEPROM
Limit, also monitoring device can be used to manage one or more hardware devices, and administrator password is arranged for hardware device, when attacker inputs
When password mistake, directly by the mode of operation of hardware device be set as can not write state, so as to effectively block hardware
Malice tampering of the rootkit to the content stored in EEPROM on hardware device.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
In a typical configuration, calculating equipment includes one or more processors (CPU), input/output interface, net
Network interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves
State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable
Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM),
Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devices
Or any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculates
Machine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability
It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap
Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described want
There is also other identical elements in the process, method of element, commodity or equipment.
It will be understood by those skilled in the art that embodiments herein can provide as method, system or computer program product.
Therefore, complete hardware embodiment, complete software embodiment or embodiment combining software and hardware aspects can be used in the application
Form.It is deposited moreover, the application can be used to can be used in the computer that one or more wherein includes computer usable program code
The shape for the computer program product implemented on storage media (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
Formula.
The above description is only an example of the present application, is not intended to limit this application.For those skilled in the art
For, various changes and changes are possible in this application.All any modifications made within the spirit and principles of the present application are equal
Replacement, improvement etc., should be included within the scope of the claims of this application.
Claims (12)
1. a kind of blocking-up method of hardware rootkit malicious act characterized by comprising
For hardware device, voltage switch is set;The voltage switch specifically includes: jumper switch;
The voltage switch is used to control the program voltage of the hardware device;
Monitoring device judges whether the password of input is identical as preset password;
If so, set the mode of operation of the hardware device to can write state;
Otherwise, setting the mode of operation of the hardware device to can not write state;
When the program voltage be greater than predeterminated voltage when, and by monitoring device setting mode of operation be can write state when, it is described
Hardware device is in can write state;
When the program voltage is not more than predeterminated voltage, or being by the mode of operation of monitoring device setting can not write state
When, the hardware device is in can not write state.
2. the method as described in claim 1, which is characterized in that when voltage switch closure, the program voltage is greater than
The predeterminated voltage;
When the voltage switch disconnects, the program voltage is not more than the predeterminated voltage.
3. a kind of blocking-up method of hardware rootkit malicious act, which is characterized in that be provided on hardware device and compiled for controlling
The voltage switch of journey voltage, which comprises
The hardware device receives write request;
Predeterminated voltage is greater than by the program voltage that the voltage switch controls when the hardware device determines, and by monitoring device control
The mode of operation of system be can write state when, execute the write request;The monitoring device includes host or server, the monitoring
Equipment is docked with the control interface on the hardware device, and by the management and monitoring function of the monitoring device to the hardware
Equipment is managed monitoring;
When the hardware device determines that the program voltage controlled by the voltage switch is set no more than predeterminated voltage, or by monitoring
The mode of operation of standby control be can not write state when, refusal executes the write request.
4. a kind of blocking-up method of hardware rootkit malicious act, which is characterized in that be provided on hardware device and compiled for controlling
The voltage switch of journey voltage, which comprises
Monitoring device judges whether the password of input is identical as preset password;
If so, set the mode of operation of the hardware device to can write state;
Otherwise, setting the mode of operation of the hardware device to can not write state;
Wherein, when the program voltage of the hardware device be greater than predeterminated voltage, and by monitoring device setting mode of operation be can
When write state, allow to execute write operation;
When the hardware device program voltage be not more than predeterminated voltage, or by monitoring device setting mode of operation be can not
When write state, refusal executes write operation.
5. method as claimed in claim 4, which is characterized in that the method also includes:
The monitoring device monitors the specified data in the hardware device;
When monitoring the specified data in the hardware device and changing, by the mark of the hardware device labeled as being usurped
Change the mark of equipment and monitoring log is written.
6. method as claimed in claim 4, which is characterized in that when the monitoring device determines the password and preset password of input
When different, the method also includes:
Judge whether be greater than setting duration to the time interval at current time at the time of the last time receives the password of input;
If so, the number of retries of preservation is reset and adds 1;
Otherwise, the number of retries of preservation is added 1;
When the number of retries of preservation be more than it is default can number of retries when, set locking shape for the mode of operation of the hardware device
State;
Wherein, when the mode of operation of the hardware device is arranged to lock state, the hardware device refuses any equipment
Mode of operation is modified, and refuses to execute write operation.
7. a kind of hardware device characterized by comprising
Voltage switch, for controlling the program voltage of the hardware device;The voltage switch specifically includes: jumper switch;
Monitoring device judges whether the password of input is identical as preset password;
If so, set the mode of operation of the hardware device to can write state;
Otherwise, setting the mode of operation of the hardware device to can not write state;
When the program voltage be greater than predeterminated voltage when, and by monitoring device setting mode of operation be can write state when, it is described
Hardware device is in can write state;
When the program voltage is not more than predeterminated voltage, or being by the mode of operation of monitoring device setting can not write state
When, the hardware device is in can not write state.
8. hardware device as claimed in claim 7, which is characterized in that when the voltage switch in the closure state, it is described
Program voltage is greater than the predeterminated voltage;
When the voltage switch is in an off state, the program voltage is not more than the predeterminated voltage.
9. a kind of occluding device of the malicious act of hardware rootkit, which is characterized in that be provided on hardware device for controlling
The voltage switch of program voltage, described device include:
Interface module, for receiving write request;
Execution module for being greater than predeterminated voltage when the program voltage controlled by the voltage switch, and is controlled by monitoring device
Mode of operation be can write state when, execute the write request;The monitoring device includes host or server, and the monitoring is set
The standby control interface on the hardware device docks, and is set by the management and monitoring function of the monitoring device to the hardware
It is standby to be managed monitoring;
Module is blocked, for working as the program voltage controlled by the voltage switch no more than predeterminated voltage, or by monitoring device
The mode of operation of control be can not write state when, refusal executes the write request.
10. a kind of occluding device of the malicious act of hardware rootkit, which is characterized in that be provided on hardware device for controlling
The voltage switch of program voltage processed, described device include:
Whether first judgment module, the password for judging input are identical as preset password;
Setup module, for when the judging result of the first judgment module be when, by the mode of operation of the hardware device
Be set as can write state, when the judging result of the first judgment module be it is no when, the mode of operation of the hardware device is set
Being set to can not write state;
Wherein, when the program voltage of the hardware device be greater than predeterminated voltage, and by monitoring device setting mode of operation be can
When write state, allow to execute write operation;
When the hardware device program voltage be not more than predeterminated voltage, or by monitoring device setting mode of operation be can not
When write state, refusal executes the write operation.
11. device as claimed in claim 10, which is characterized in that described device further include:
Monitoring module, for monitoring the specified data in the hardware device, when monitoring the specified number in the hardware device
When according to changing, labeled as the mark for being tampered equipment and monitoring log is written into the mark of the hardware device.
12. device as claimed in claim 10, which is characterized in that described device further include:
Second judgment module, when for determining the password and preset password difference of input when the first judgment module, in judgement
Whether time interval at the time of once receiving the password of input to current time is greater than setting duration;
Locking module, for the number of retries of preservation when the judging result of the second judgment module, which is, is, to be reset to and added 1, when
When the judging result of second judgment module is no, the number of retries of preservation is added 1, when the number of retries of preservation is more than to preset to weigh
When trying number, lock state is set by the mode of operation of the hardware device;
Wherein, when the mode of operation of the hardware device is arranged to lock state, the hardware device refuses any equipment
Mode of operation is modified, and refuses to execute write operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410339835.XA CN105447386B (en) | 2014-07-16 | 2014-07-16 | A kind of blocking-up method and device of hardware rootkit malicious act |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410339835.XA CN105447386B (en) | 2014-07-16 | 2014-07-16 | A kind of blocking-up method and device of hardware rootkit malicious act |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105447386A CN105447386A (en) | 2016-03-30 |
| CN105447386B true CN105447386B (en) | 2019-02-22 |
Family
ID=55557550
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410339835.XA Active CN105447386B (en) | 2014-07-16 | 2014-07-16 | A kind of blocking-up method and device of hardware rootkit malicious act |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105447386B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111382433B (en) * | 2018-12-29 | 2022-12-13 | 龙芯中科技术股份有限公司 | Module loading method, device, equipment and storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102054141A (en) * | 2010-12-14 | 2011-05-11 | 黄忠林 | Method for protecting computer information security by utilizing hardware switches |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100552807C (en) * | 2007-05-28 | 2009-10-21 | 创见资讯股份有限公司 | Memory storage and its means of defence |
| CN101373458B (en) * | 2007-08-23 | 2011-06-22 | 创见资讯股份有限公司 | Writing-proof management module and method of storage apparatus |
| CN102243890A (en) * | 2010-05-12 | 2011-11-16 | 瀚宇彩晶股份有限公司 | Read-write protection circuit |
| CN103634293B (en) * | 2013-10-29 | 2017-02-08 | 暨南大学 | Secure data transmission method based dual hardware and secure data transmission system based dual hardware |
-
2014
- 2014-07-16 CN CN201410339835.XA patent/CN105447386B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102054141A (en) * | 2010-12-14 | 2011-05-11 | 黄忠林 | Method for protecting computer information security by utilizing hardware switches |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105447386A (en) | 2016-03-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10394492B2 (en) | Securing a media storage device using write restriction mechanisms | |
| JP6689992B2 (en) | System and method for modifying file backup in response to detecting potential ransomware | |
| US10033814B2 (en) | Vehicle security network device and design method therefor | |
| EP3486824B1 (en) | Determine malware using firmware | |
| EP3350741B1 (en) | Detecting software attacks on processes in computing devices | |
| CN107563192A (en) | A kind of means of defence for extorting software, device, electronic equipment and storage medium | |
| US9485271B1 (en) | Systems and methods for anomaly-based detection of compromised IT administration accounts | |
| JP6139028B2 (en) | System and method for instructing application updates | |
| KR102330622B1 (en) | Secure snapshot management for data storage devices | |
| US20160246957A1 (en) | Method and Apparatus for Controlling Debug Port of Terminal Device | |
| US20150341384A1 (en) | Randomizing Countermeasures For Fault Attacks | |
| CN102693399A (en) | System and method for on-line separation and recovery of electronic documents | |
| US10339307B2 (en) | Intrusion detection system in a device comprising a first operating system and a second operating system | |
| CN107679421A (en) | A kind of movable memory apparatus monitoring means of defence and system | |
| TW201939337A (en) | Behavior recognition, data processing method and apparatus | |
| CN109804598A (en) | System and method for storage administrator's secret in the encryption equipment that Management Controller is possessed | |
| CN104680055A (en) | Control method for performing management on U disk after access into industrial control system network | |
| JP2015052951A (en) | Security strengthening device | |
| KR20170119903A (en) | Apparatus and method for controlling malware including ransomware | |
| CN105447386B (en) | A kind of blocking-up method and device of hardware rootkit malicious act | |
| JP2015052950A (en) | Data storage device, secure io device | |
| CN117235735A (en) | Main and customer security access control method and system of trusted DCS controller system | |
| WO2009060328A1 (en) | Method and device for digital rights protection | |
| CN116415236A (en) | Distributed storage data safety state identification and protection method | |
| CN110932853A (en) | Key management device and key management method based on trusted module |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200918 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee after: Innovative advanced technology Co.,Ltd. Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee before: Advanced innovation technology Co.,Ltd. Effective date of registration: 20200918 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Patentee after: Advanced innovation technology Co.,Ltd. Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands Patentee before: Alibaba Group Holding Ltd. |