CN105656860A - Safety management and control method, apparatus and system for Android system - Google Patents
Safety management and control method, apparatus and system for Android system Download PDFInfo
- Publication number
- CN105656860A CN105656860A CN201410668359.6A CN201410668359A CN105656860A CN 105656860 A CN105656860 A CN 105656860A CN 201410668359 A CN201410668359 A CN 201410668359A CN 105656860 A CN105656860 A CN 105656860A
- Authority
- CN
- China
- Prior art keywords
- security management
- terminal
- control
- kernel
- control strategy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Abstract
The invention discloses a safety management and control method, apparatus and system for an Android system. The method comprises the steps of receiving a safety management and control strategy regulation instruction or a terminal software version upgrade instruction; and according to the safety management and control strategy regulation instruction or the terminal software version upgrade instruction, dynamically sending a corresponding safety management and control strategy file or terminal software version upgrade file to a target terminal device. According to the safety management and control method disclosed by the invention, a complete and firm trust chain is formed between a hardware trust root and a digital certificate center of a safety management and control server; and compared with the prior art, by the credible interaction process between modules, not only is an effect that an Android terminal cannot be cracked on software achieved, but also the progresses of flexibly regulating a terminal safety strategy and credibly upgrading a terminal software version are obtained, user experience is improved when safety management and control are ensured, and cost of subsequent upgrade and maintenance is reduced.
Description
Technical field
The present invention relates to intelligent terminal operation system technology field, in particular to oneSecurity management and control method, device and the system thereof of Android system.
Background technology
Current, the intelligent terminal of employing Android system not only presents explosion type on terminal quantityIncrease, its related terminal kind is also comparatively various, and for example, described Android system is not only applied toSmart mobile phone equipment also can be applicable to TV set-top box, in-vehicle navigation apparatus, wearable device etc. simultaneouslyTerminal device.
Android be Google (Google) on November 05th, 2007 announce based on LinuxThe Mobile operating system of increasing income of platform, this platform is soft by operating system, middleware, user interface and applicationPart composition. The framework that it adopts software heap layer (SoftwareStack has another name called software lamination), mainly dividesBe three parts. Bottom, taking linux kernel work as basis, by C language development, only provides basic function;Intermediate layer comprises function library Library and virtual machine VirtualMachine, conventionally develops with C++. Go up mostLayer is various application software, comprises voice procedure, note program etc., and application software is by each company voluntarilyExploitation, the part using Java as coding conventionally.
But in the middle of practical application, just because of the too open of Android system causes system highest weightLimit (ROOT) can be obtained arbitrarily, so that backstage virus is peeped Malwares such as stealing privacy, advertisement fee suctionBehavior remains incessant after repeated prohibition.
In order to improve the security of system, prior art 1 has disclosed a kind of peace for Android systemFull monitoring system, described system comprises: configuration management element, is configured to security strategy to be configured;Centralized management unit, is configured to carry out safety detection according to security strategy; And multiple detecting units,Each detecting unit is configured to detect whether safety of the application that will carry out by centralized management unit,Wherein, multiple detecting units are arranged in the different levels of Android system. Adopt this technical scheme, energyEnough unauthorized non-security obtaining effectively preventing Android system resource, data, access behavior,Greatly improve the security of Android system. But the shortcoming of its existence is: this technical scheme is only rightKernel and system are carried out the reinforcing of terminal this locality, can make the software systems of whole terminal be tending towards curing, nothingMethod is carried out the credible upgrading of software version function or is dynamically adjusted security strategy.
Prior art 2 has disclosed a kind of safety access control method based on Android terminal, described methodComprise: first at master server end, security strategy distributor is set, in Android terminal, security strategy is setLoader; Described security strategy loader is by air protocol and http protocol and security strategy distributorCommunication, receives the message that security strategy distributor pushes; Secondly in Android terminal, configure global safetyStrategy; Last master server issuing command is to Android terminal, and Android terminal receives and carry out main clothesThe instruction that business device is issued, the method participates in without Android terminal user, and start loads overall situation peace automaticallyFull strategy, ensures system bottom line Security Target.
The prior art 2, by security strategy loader being write to kernel in Android terminal, prevents from distorting,Receive afterwards the message that security strategy distributor pushes, then carry out the deployment of security strategy. But its existenceShortcoming be: first, it does not realize more deep research in terminal system aspect anti-tamper, can notAvoid whole software kernel thoroughly to be brushed machine and cause crack risk; Secondly, also do not solve and safetyNetwork communication safety problem between policy issue device, so-called security strategy distributor may be forged;In addition, this technical scheme is not mentioned security strategy loader how along with the problem of kernel upgrading yet.
Prior art 3 has disclosed a kind of intelligence with mobile terminal operating system and desktop operating systemEquipment, in this technical scheme, has introduced desktop operating system and mobile terminal operating system validation-crossThe method of operation, the shortcoming of its existence is: it cannot solve the clean boot in suspension later terminal deviceProblem, when terminal independent operating, security reduces greatly.
Summary of the invention
For at least one in solving the problems of the technologies described above, the object of the embodiment of the present invention is to provide onePlant security management and control method, device and the system thereof of Android system.
The embodiment of the present invention realizes by the following technical solutions:
A security management and control method for Android system, comprising:
Receive security management and control strategy and adjust instruction or terminal software edition upgrading instruction;
Dynamically send phase according to described security management and control strategy adjustment instruction or terminal software edition upgrading instructionThe security management and control strategy file of answering or terminal software edition upgrading file are to target terminal equipment.
Preferably, described security management and control strategy refer to Android system that terminal device is at least comprised andKERNEL kernel and the trusted operations behavior that applies.
Preferably, described security management and control strategy comprises: installation trusted application, forced unloading are illegally applied journeyOrder, the SELinux rules of competence and iptables network firewall rule to KERNEL kernel are carriedRise useful amendment, the monitoring terminal equipment of security purpose and illegally crack behavior alarm, end of scan equipmentPeripheral hardware whether have virus, triggering terminal equipment to carry out trusted software edition upgrading.
A security management and control device for Android system, comprising:
Command reception unit, for receiving, security management and control strategy is adjusted instruction or terminal software edition upgrading refers toOrder;
Processing unit, for referring to according to described security management and control strategy adjustment instruction or terminal software edition upgradingOrder dynamically sends corresponding security management and control strategy file or terminal software edition upgrading file to target terminalEquipment.
Preferably, described security management and control strategy refer to Android system that terminal device is at least comprised andKERNEL kernel and the trusted operations behavior that applies.
Preferably, described security management and control strategy comprises: installation trusted application, forced unloading are illegally applied journeyOrder, the SELinux rules of competence and iptables network firewall rule to KERNEL kernel are carriedRise useful amendment, the monitoring terminal equipment of security purpose and illegally crack behavior alarm, end of scan equipmentPeripheral hardware whether have virus, triggering terminal equipment to carry out trusted software edition upgrading.
A kind of server, comprises the security management and control device of above-mentioned Android system, and described device comprises:
Command reception unit, for receiving, security management and control strategy is adjusted instruction or terminal software edition upgrading refers toOrder;
Processing unit, for referring to according to described security management and control strategy adjustment instruction or terminal software edition upgradingOrder dynamically sends corresponding security management and control strategy file or terminal software edition upgrading file to target terminalEquipment.
A security management and control method for Android system, comprising:
Dynamically receive security management and control strategy file or terminal software edition upgrading file, and carry out accordingly phaseThe security management and control strategy of answering or terminal software edition upgrading;
The security management and control status information that real-time report is current.
Preferably, described security management and control strategy refer to Android system that terminal device is at least comprised andKERNEL kernel and the trusted operations behavior that applies.
Preferably, described security management and control strategy comprises: installation trusted application, forced unloading are illegally applied journeyOrder, the SELinux rules of competence and iptables network firewall rule to KERNEL kernel are carriedRise useful amendment, the monitoring terminal equipment of security purpose and illegally crack behavior alarm, end of scan equipmentPeripheral hardware whether have virus, triggering terminal equipment to carry out trusted software edition upgrading.
Preferably, before carrying out above-mentioned steps, the security management and control method of described Android system is also wrappedDraw together guiding checking procedure:
After terminal device powers on, hardware root of trust carries out digital digest verification to trusted bootstrap device BOOT,Trusted bootstrap device BOOT carries out verification to KERNEL kernel, and KERNEL kernel is again to security management and control generationThe conventional framework of reason part and Android carries out timing or file integrality verification as required.
Preferably, in certain embodiment, if trusted bootstrap device BOOT is considered to safe enough, alsoThe function merger of hardware root of trust can be entered among trusted bootstrap device BOOT. In addition, KERNEL kernelExcept security management and control agency part and the conventional framework of Android are carried out to timing or file integrality as requiredVerification, carries out the mode of verification and carries out file integrality verification can also be accessed by file time.
Preferably, determine that generation is abnormal in guiding checking procedure time, the conventional hardware of hardware root of trust controlCarry out power operation or the operation of prevention equipment continuation guiding startup on software.
A security management and control device for Android system, comprising:
File receiving element, for dynamically receiving security management and control strategy file or terminal software edition upgradingFile, and carry out accordingly corresponding security management and control strategy or terminal software edition upgrading;
Report unit, for the current security management and control status information of real-time report.
Preferably, described security management and control strategy refer to Android system that terminal device is at least comprised andKERNEL kernel and the trusted operations behavior that applies.
Preferably, described security management and control strategy comprises: installation trusted application, forced unloading are illegally applied journeyOrder, the SELinux rules of competence and iptables network firewall rule to KERNEL kernel are carriedRise useful amendment, the monitoring terminal equipment of security purpose and illegally crack behavior alarm, end of scan equipmentPeripheral hardware whether have virus, triggering terminal equipment to carry out trusted software edition upgrading.
Preferably, the security management and control device of described Android system also comprises:
Verification unit, after powering at terminal device, hardware root of trust enters trusted bootstrap device BOOTThe verification of row digital digest, trusted bootstrap device BOOT carries out verification, KERNEL to KERNEL kernelKernel again security management and control is acted on behalf of to part and the conventional framework of Android carries out timing or file is as required completeProperty verification.
Preferably, the security management and control device of described Android system also comprises:
Safe executing unit, in the time that guiding checking procedure determines that generation is abnormal, notice hardware is trustedThe conventional hardware implement power operation of root control.
A kind of terminal device, comprises the security management and control device of Android system as above, described deviceComprise:
File receiving element, for dynamically receiving security management and control strategy file or terminal software edition upgradingFile, and carry out accordingly corresponding security management and control strategy or terminal software edition upgrading;
Report unit, for the current security management and control status information of real-time report.
A security management and control system for Android system, comprising:
Server, adjusts instruction or terminal software edition upgrading instruction for receiving security management and control strategy, andDynamically send accordingly according to described security management and control strategy adjustment instruction or terminal software edition upgrading instructionSecurity management and control strategy file or terminal software edition upgrading file are to target terminal equipment;
Terminal device, for dynamically receiving security management and control strategy file or terminal software edition upgrading file,And carry out accordingly corresponding security management and control strategy or terminal software edition upgrading, and the current peace of real-time reportFull management and control status information.
Compared with the prior art, security management and control method of the present invention, from hardware root of trust to security management and controlBetween the digital certificate center of server, form complete firmly trust chain, by can between each moduleThe interaction of letter, compared with prior art, has not only reached Android terminal and can not crack on softwareEffect, obtained can flexible modulation terminal security strategy simultaneously, the entering of credible upgrading terminals software versionStep, has improved user's experience when ensureing security management and control, has reduced the cost that subsequent upgrade is safeguarded.
Brief description of the drawings
Fig. 1 is the modular structure schematic diagram of Android terminal device in the embodiment of the present invention.
Fig. 2 is the modular structure schematic diagram of server in the embodiment of the present invention.
Fig. 3 is in the embodiment of the present invention, and the safety in Android terminal device guides start-up course opensMoving checking and the method flow schematic diagram of realizing security monitoring in continuous service.
Fig. 4 is in the embodiment of the present invention, need to initiate to revise the security management and control plan in terminal in service endSlightly, or the software version update of initiating terminal, the method flow schematic diagram of implementing.
Fig. 5 is a specific embodiment of described security management and control method provided by the invention, is ensureingAfter Android trusted end-user guiding starts, then implement a security management and control strategy, install one credibleThe implementing procedure schematic diagram in application shop.
Fig. 6 is another specific embodiment of described security management and control method provided by the invention, is ensureing alwaysAfter version Android trusted end-user guiding, the implementing procedure that triggers whole terminal and carry out trusted software upgradingSchematic diagram.
Realization, functional characteristics and the excellent effect of the object of the invention, below in conjunction with specific embodiment andAccompanying drawing is described further.
Detailed description of the invention
Below in conjunction with the drawings and specific embodiments, technical scheme of the present invention is done further to retouch in detailState, can be implemented so that those skilled in the art can better understand the present invention also, but the reality of liftingExecute example not as a limitation of the invention.
In order to overcome security risk problem that the Android system that exists in prior art can crack and existingHave the too rigid defect of protection strategy, the embodiment of the present invention provide a kind of terminal device hardware root of trust andBetween telesecurity management and control server, carry out the method and system of the security management and control of credible dynamic interaction. TherebyIn ensureing that based on hardware terminal Android software systems can not crack, again can be by security state of terminalReal-time report, and regulate dynamically by remote server the security management and control strategy that terminal is concrete, withTime allow terminal device to carry out believable software version function upgrading.
In embodiments of the present invention, the hardware root of trust of terminal device is to remote-control server numeral certificateBetween center, form complete trust chain, can be flexibly and authentic remote regulate the bursting tube of terminal deviceControl strategy; In addition, the mode issuing after processing by server numeral signature and with privately owned password encryption,Summary authority from hardware to kernel integrity verification can revise terminal device startup time, therefore makes endEnd equipment can be trusted new version/new function amendment, implements version/function upgrading.
Concrete, the embodiment of the present invention realizes by the following technical solutions:
Security management and control system described in the embodiment of the present invention comprises Android system terminal part and safetyManagement and control server section, both are connected by network, and management maintenance is many simultaneously for security management and control service endIndividual Android system terminal, concrete modular structure is as follows:
Shown in figure 1, Android system terminal equipment comprises:
Conventional Android Framework system 101, and conventional hardware 102, for example, described routine is hardPart 102 comprises CPU, internal storage location, wireless module etc.
In addition, described Android system terminal equipment also comprises:
Network management protocol terminal module 103, for acquisition terminal facility information and service end network management protocol moduleCarry out communication mutual. In one embodiment, this network management protocol terminal module 103 preferably adopts TR069The terminal of network management protocol system realizes with management and control server carries out alternately.
Security management and control proxy module 104, the concrete peace issuing for receiving and carry out security management and control serverFull management and control strategy, simultaneously can be by the security management and control feedback of status of terminal to management and control server end.
Described security management and control strategy refers to be executed miscellaneous parts such as Android system and KERNEL kernelsThe trusted operations behavior adding, comprises and being not limited to: trusted application is installed, forced unloading unauthorized applications,The SELinux rules of competence to kernel and iptables network firewall rule promote having of security purposeBenefit amendment, monitor terminal illegally crack behavior alarm, whether scanning peripheral hardware has virus, triggering terminal to enterRow trusted software edition upgrading etc.
Hardware root of trust 105, provides the chip of hardware credibility or the storage of plug-in card peripheral hardware for adopting, innerThe content of face mainly contains: unique terminal identity information, management and control server numeral certificate sign and issue root certificate,The digital digest information of trusted bootstrap device (BOOT) 106.
Trusted bootstrap device (BOOT) 106: this trusted bootstrap device (BOOT) 106 can be trusted by hardwareRoot 105 carries out digital digest complete checks, is therefore believable. The numeral that it comprises trusted kernel simultaneouslySummary info, can be in the time that system guides the digital digest information of validation of kernel.
Preferably, if in certain embodiment, trusted bootstrap device (BOOT) 106 has been considered to enoughIn the situation of safety, the Function Integration Mechanism of described hardware root of trust 105 can be entered to trusted bootstrap device (BOOT)In 106, credible guide (BOOT) 106 is considered to root of trust, does not need by verification, credibleGuide (BOOT) 106 can directly carry digital certificate and the unique identity information of terminal.
Credible KERNEL kernel 107, this is credible KERNEL kernel 107 is by trusted bootstrap device (BOOT)106 carried out digital digest checking, were therefore trusted kernel. It has complete to Android system fileThe integrality of whole property and security management and control proxy module 104 carry out timing verification or by access verification function,In one embodiment, this verification scheme preferably adopts IMA (integritymeasurementarchitecture)Technology, provides system core file/catalogue and block device including security management and control proxy module 104Integrity measurement and checking.
With reference to figure 2, security management and control server comprises:
Network management protocol service end module 201, the network management protocol that can coordinate and manage multiple terminal devicesIn the realization of server end. In one embodiment, this network management protocol service end module 201 preferably adoptsTR069 agreement, in the realization of server end, can be supported the state of a large amount of Android terminals to manage(for example can reach tens of multifarious).
Security policy manager module 202, this module is carried out analyzing and processing to described security strategy demand, arrangesDistribute executive plan, and collect feedback result.
Terminal Routine Management module 203: this module is for adopting the basic status information of carrying out of terminal deviceCollection, management classification, presence, log collection management etc.
Back-end data library module 204, for providing the database clothes such as storing queries to security management and control serverBusiness.
Secure digital certificate center 205, for the digital certificate to security management and control server, private key, privately ownedPasswords etc. carry out storage system maintenance, and the digital certificate of integration terminal device is revoked issue etc. Preferably, shouldDigital certificate center can be suitable with security administration server isolation, to guarantee its security.
Wherein, in Android terminal device, described network management protocol terminal module 103 and security management and control generationReason module 104 is connected, and to provide to the ability of the interactive access of security management and control server, it can be from hardwareIn root of trust 105, read digital certificate information, thus authenticating security management and control in SSL encryption connection processThe identity of server, also wants the terminal identity information in access hardware root of trust 105 to transfer to bursting tube simultaneouslyControl server admin.
Hardware root of trust 105 carries out digital digest verification to trusted bootstrap device (BOOT) 106, credible drawingLead device (BOOT) 106 and again credible KERNEL kernel 107 is carried out to verification, in credible KERNELCore 107 is again to security management and control proxy module 104, and the conventional framework of Android carries out timing or file is as required completeThe verification of whole property.
Hardware root of trust 105 and conventional hardware also will contact to some extent, can be timely in the time that security exception occursPower cutoff.
The function of security management and control proxy module 104 has core meaning in the present invention, and it can be visited on the one handAsk all the other modules of terminal, apply concrete described security management and control strategy, on the other hand, it also canEnough the complete of the redaction crossed through privately owned password and server digital signature that obtain from security management and control service endProperty verification authority (digital digest information) is injected into respectively hardware root of trust 105, trusted bootstrap deviceIn BOOT106, credible KERNEL kernel 107, accept and believe thereby allow new version obtain.
In security management and control server, 205, back-end data library module 204 and secure digital certificate centerIn backstage, service is provided to security policy manager module 202 and terminal Routine Management module 203, these are two years oldIndividual administration module is in providing operation interface to user, also by network management protocol service end module 201Come to get in touch with terminal device. The framework of above server end is just of the present invention substantially former in order to illustrateReason structure, in specific embodiment, server has a lot of extra functions, such as web services, far awayJourney access service, file download service etc., the reality between these modules alternately also can more complicated, thisA little all belong to the expansion in concrete enforcement, those skilled in the art based on summary of the invention of the present invention andCommon practise can realize described expansion.
Shown in figure 3, the security management and control method of utilizing the present invention to disclose, when on Android terminal deviceWhen electricity starts, guiding checking procedure comprises the following steps:
Step 301: terminal device powers on, hardware root of trust and conventional hardware entry into service. Preferably, existIn an embodiment, if trusted bootstrap device (BOOT) is considered to safe enough, do not need verification,Hardware root of trust also needn't be activated at once in the time powering on so.
Step 302: hardware root of trust calculates and compares according to trusted bootstrap device (BOOT) digital digest valueThe integrality of trusted bootstrap device BOOT.
Step 303: BOOT is tampered if hardware root of trust is found trusted bootstrap device, and contact is normalThe supply of rule hardware powered-down, interrupts bootup process. If trusted bootstrap device BOOT is not tampered,Go to step 304, otherwise. Go to step 305.
Step 304: normal load is credible KERNEL kernel, trusted bootstrap device BOOT starts and startsGuide credible KERNEL kernel loads, trusted bootstrap device BOOT calculates and compares credible KERNELThe integrality of the digital digest value validation of kernel of kernel.
Step 305: termination system loading procedure.
Step 306: judge whether credible KERNEL kernel is tampered, if trusted bootstrap device BOOTFind that credible KERNEL kernel is tampered, go to step 305, restarting equipment or locked system bulletGo out user's prompt alarm; If credible not being tampered of credible KERNEL kernel, goes to step 307.
Step 307: credible KERNEL kernel loads is complete, continues to load Android and security management and controlTerminal agent module.
Step 308: terminal security management and control proxy module starts, reads digital certificate letter from hardware root of trustBreath, adopts TR069 network management protocol and security management and control server to obtain SSL authenticated encryption and contacts.
Step 309: credible KERNEL kernel initiating document completeness check mechanism, preferred, canAdopt IMA monitoring mechanism, access monitoring Android system core file and peace are monitored or are pressed in timingWhether full management and control proxy module has occurred to distort.
Step 310: judge that whether Android system core file is tampered, and if so, goes to step311, otherwise, go to step 313. Step 311: if find that Android system core file has occurredDistort, via security management and control proxy module, file is distorted to information exchange is crossed privately owned password and SSL encryptedAfter rear transmission, to security management and control server, be confirmed whether to belong to wrong report.
Step 312: if cannot contact within a certain period of time security management and control server or security management and controlServer is not exempted this amendment, and credible KERNEL kernel sends alarm or locked system to user,Under other application scenarios, the security strategy that also can issue in advance according to server is selected temporarily not locateReason.
Step 313: judge whether security management and control proxy module is tampered, if so, need credibleKERNEL kernel sends alarm or locked system at once to user at once, goes to step 312, if peaceFull management and control server has been exempted this Android system file amendment, continues normal operation, goes to step 314.
Step 314: if security management and control proxy module is not tampered itself, Android system core fileAlso be not tampered or distort by security management and control server and exempt, Android system keeps normal fortuneRow state.
Shown in figure 4, utilize security management and control method of the present invention, when the bursting tube on terminal deviceControl strategy need change, or the software version of terminal device need to upgrade upgrade time, adopt following realityExecute step:
Step 400: security management and control server finds to need to adjust the security management and control to terminal through management and control personnelStrategy, or find to need the upgrading of initiating terminal software version, determine the object range that needs to carry out terminal,Start initiatively to access designated terminal equipment.
Step 401: judge whether new security management and control strategy can be modified to kernel or Android system is subject toThe file of protection, if so, goes to step 403, otherwise, go to step 402.
Step 402: if new security management and control strategy can't be revised the trusted kernel of terminal, not simultaneouslyNeed to revise the critical file that Android system is subject to trusted kernel protection. Security management and control server can be directlyIssue this management and control strategy to security management and control proxy module, after security management and control proxy module receives, carried outImplement, flow process finishes.
Step 403: if new security management and control strategy or overall edition upgrading meeting are modified to KERNELKernel, or the protected part of Android system, security management and control server calculated in advance goes out to implement to be somebody's turn to do soKernel digital digest after security strategy or edition upgrading and Android system file monitoring authority.
Step 404: security management and control server is to new kernel digital digest and system file monitoring authority (instituteStating system file monitoring authority can be a series of prison that IMA file watching system is safeguarded in an embodimentThe digital digest information of control file), these,, with privately owned password encryption, are used to the private of server certificate simultaneouslyKey carries out digital signature.
Step 405: security management and control service end is passed through SSL escape way by calculating above-mentioned after ciphering signatureResult is handed down to the security management and control proxy module of terminal.
Step 406: new kernel digital digest is injected into trusted bootstrap device by security management and control proxy moduleIn BOOT. New Android system file monitoring authority is injected among KERNEL kernel.
Step 407: the guide BOOT of terminal and KERNEL kernel are by above-mentioned privately owned password solutionClose and trust this new digital digest and file monitor authority. To the success of security management and control service end feedback.
Step 408: security management and control server issues new terminal security management and control strategy, amendment KERNELKernel and Android file, the mode of amendment KERNEL kernel and Android file, comprises logicalCross the directly mode of amendment of security management and control proxy module, also comprise and allow terminal use to download to specific websiteAfter new version software, brush by other means into terminal device and upgrade amendment. Descended at that time secondary device againWhen guiding and file security checking, will adopt new summary and authority, therefore can not distort wrong report.
For technical scheme of the present invention is better described, below in conjunction with accompanying drawing, by 2 concrete realitiesExecute example, the present invention will be further described:
In one embodiment, need to be in ensureing the credible startup operation of Android terminal security, alsoNeed to load in the above install a new application store application (can safety by this application store underCarry other application program), this application store also needs a digital certificate install to enter in kernel, with to businessSchool label are carried out in other application of inside the city downloading.
Shown in figure 5, the concrete implementation step of this embodiment is as follows:
Step 501: with reference to the process of figure 1, complete step by step according to from hardware root of trust to kernel of terminalProperty checking starts, and trusted kernel starts to adopt IMA to continue the complete of monitor terminal Android system fileProperty, security management and control proxy module carries out SSL by webmaster module and has been connected to management and control service end.
Step 502: the file monitor authority in security management and control service end application computed in advance shop, andKernel digital digest after digital certificate is installed.
Step 503: to privately owned password encryption for result of calculation, simultaneously enter with the certificate of management and control serverRow signature. Encrypt and be handed down to terminal management and control agency by SSL.
Step 504: application shop document information is handed down to kernel IMA file by terminal management and control agencyMonitoring system, is handed down to guide BOOT by the kernel digital digest of installing after Applied Digital certificate.
Step 505:IMA and BOOT have obtained clothes by privately owned password to decipher and from hardware root of trustThe root certificate of business end certificate, this application shop fileinfo has been accepted and believed in checking, has has also accepted and believed installation simultaneously newKernel after the certificate of store.
Step 506: after security management and control service end confirms that terminal has been accepted and believed, by the bursting tube of terminalControl agency, downloads and implements to install new application shop and digital certificate is signed in amendment kernel injection application school.
Step 507: after amendment, new kernel is is accepted and believed by BOOT, can be correctly directed, with stylishApplication shop also can normally move because the IMA file watching system that it has also included new kernel in has been subject toWhole property protection.
In another embodiment, need to ensure what the startup of Android terminal early version secure and trusted movedMeanwhile, also need to implement credible upgrading to the software version of whole terminal by management and control server triggers, existSoftware module in this embodiment except BOOT all needs to be replaced. It should be noted that and general beSystem upgrading is without amendment upgrading BOOT.
Shown in figure 6, the concrete implementation step of this embodiment is as follows:
Step 601: with reference to the process of figure 1, complete step by step according to from hardware root of trust to kernel of terminalProperty checking starts, and trusted kernel starts to adopt IMA to continue the complete of monitor terminal Android system fileProperty, security management and control proxy module carries out SSL by webmaster module and has been connected to management and control service end
Step 602: security management and control service end is ready to new trusted kernel in advance, new Android versionIMA file verification strategy will merge in this new trusted kernel.
Step 603: security management and control service end calculates the digital digest information of the trusted kernel of redaction,To privately owned password encryption for result of calculation, sign with the certificate of management and control server simultaneously. Pass through SSLEncryption is handed down to terminal management and control agency.
Step 604: terminal management and control agency recognizes that whole system is about to be updated, obtains by ejecting interfaceGet terminal use's upgrading license.
Step 605: after user license, terminal management and control agency by new trusted kernel digital digest inject toBOOT, obtains certificate by privately owned password to decipher and from hardware root of trust, and new kernel is accepted and believed in checking.
Step 606: the mode that user downloads by website, by new kernel version, Android version,And new security management and control proxy module downloads in the peripheral hardware such as USB flash disk, TF card, the brush instructing by websiteMachine operation carries out system upgrade.
Step 607: after brush machine, new trusted kernel is accepted and believed by BOOT, normally starts, and also adds simultaneouslyCarry new Android version and management and control proxy module. New trusted kernel is normally to new Android fileSystem and management and control agency normally do the anti-tamper monitoring of IMA.
The foregoing is only the preferred embodiments of the present invention, not thereby limit the scope of the claims of the present invention,Every equivalent structure or conversion of equivalent flow process that utilizes description of the present invention and accompanying drawing content to do, or directlyOr be indirectly used in other relevant technical fields, be all in like manner included in scope of patent protection of the present invention.
Claims (19)
1. a security management and control method for Android system, is characterized in that, comprising:
Receive security management and control strategy and adjust instruction or terminal software edition upgrading instruction;
Dynamically send according to described security management and control strategy adjustment instruction or terminal software edition upgrading instructionCorresponding security management and control strategy file or terminal software edition upgrading file are to target terminal equipment.
2. the security management and control method of Android system as claimed in claim 1, is characterized in that, instituteState security management and control strategy and refer to Android system and KERNEL kernel that terminal device is at least comprisedAnd the trusted operations behavior applying.
3. the security management and control method of Android system as claimed in claim 2, is characterized in that, instituteStating security management and control strategy comprises: trusted application, forced unloading unauthorized applications are installed, to KERNELThe SELinux rules of competence of kernel and iptables network firewall rule promote having of security purposeWhether benefit amendment, monitoring terminal equipment illegally crack the peripheral hardware of behavior alarm, end of scan equipment illPoison, triggering terminal equipment carry out trusted software edition upgrading.
4. a security management and control device for Android system, is characterized in that, comprising:
Command reception unit, for receiving, security management and control strategy is adjusted instruction or terminal software edition upgrading refers toOrder;
Processing unit, for referring to according to described security management and control strategy adjustment instruction or terminal software edition upgradingOrder dynamically sends corresponding security management and control strategy file or terminal software edition upgrading file to target terminalEquipment.
5. the security management and control device of Android system as claimed in claim 4, is characterized in that, instituteState security management and control strategy and refer to Android system and KERNEL kernel that terminal device is at least comprisedAnd the trusted operations behavior applying.
6. the security management and control device of Android system as claimed in claim 5, is characterized in that, instituteStating security management and control strategy comprises: trusted application, forced unloading unauthorized applications are installed, to KERNELThe SELinux rules of competence of kernel and iptables network firewall rule promote having of security purposeWhether benefit amendment, monitoring terminal equipment illegally crack the peripheral hardware of behavior alarm, end of scan equipment illPoison, triggering terminal equipment carry out trusted software edition upgrading.
7. a server, is characterized in that, comprises as claim 4 to 6 any one claimThe security management and control device of described Android system.
8. a security management and control method for Android system, is characterized in that, comprising:
Dynamically receive security management and control strategy file or terminal software edition upgrading file, and carry out accordingly phaseThe security management and control strategy of answering or terminal software edition upgrading;
The security management and control status information that real-time report is current.
9. the security management and control method of Android system as claimed in claim 8, is characterized in that, instituteState security management and control strategy and refer to Android system and KERNEL kernel that terminal device is at least comprisedAnd the trusted operations behavior applying.
10. the security management and control method of Android system as claimed in claim 9, is characterized in that,Described security management and control strategy comprises: trusted application, forced unloading unauthorized applications are installed, to KERNELThe SELinux rules of competence of kernel and iptables network firewall rule promote having of security purposeWhether benefit amendment, monitoring terminal equipment illegally crack the peripheral hardware of behavior alarm, end of scan equipment illPoison, triggering terminal equipment carry out trusted software edition upgrading.
The security management and control method of 11. Android systems as claimed in claim 8, is characterized in that,Before carrying out above-mentioned steps, also comprise guiding checking procedure:
After terminal device powers on, hardware root of trust carries out digital digest verification to trusted bootstrap device BOOT,Trusted bootstrap device BOOT carries out verification to KERNEL kernel, and KERNEL kernel is again to security management and controlThe conventional framework of agency's part and Android carries out timing or file integrality verification as required.
The security management and control method of 12. Android systems as claimed in claim 8, is characterized in that,Determine that generation is abnormal in guiding checking procedure time, the conventional hardware implement power operation of hardware root of trust controlOr prevention equipment continues the operation that guiding starts on software.
The security management and control device of 13. 1 kinds of Android systems, is characterized in that, comprising:
File receiving element, for dynamically receiving security management and control strategy file or terminal software edition upgradingFile, and carry out accordingly corresponding security management and control strategy or terminal software edition upgrading;
Report unit, for the current security management and control status information of real-time report.
The security management and control device of 14. Android systems as claimed in claim 13, is characterized in that,Described security management and control strategy refers in the Android system and KERNEL that terminal device is at least comprisedCore and the trusted operations behavior that applies.
The security management and control device of 15. Android systems as claimed in claim 14, is characterized in that,Described security management and control strategy comprises: trusted application, forced unloading unauthorized applications are installed, to KERNELThe SELinux rules of competence of kernel and iptables network firewall rule promote having of security purposeWhether benefit amendment, monitoring terminal equipment illegally crack the peripheral hardware of behavior alarm, end of scan equipment illPoison, triggering terminal equipment carry out trusted software edition upgrading.
The security management and control device of 16. Android systems as claimed in claim 13, is characterized in that,Also comprise:
Verification unit, after powering at terminal device, hardware root of trust enters trusted bootstrap device BOOTThe verification of row digital digest, trusted bootstrap device BOOT carries out verification, KERNEL to KERNEL kernelKernel again security management and control is acted on behalf of to part and the conventional framework of Android carries out timing or file is as required completeProperty verification.
The security management and control device of 17. Android systems as claimed in claim 13, is characterized in that,Also comprise:
Safe executing unit, in the time that guiding checking procedure determines that generation is abnormal, notice hardware is trustedThe conventional hardware implement power operation of root control.
18. 1 kinds of terminal devices, is characterized in that, comprise as described in claim 13 to 17 any oneThe security management and control device of Android system.
The security management and control system of 19. 1 kinds of Android systems, is characterized in that, comprising:
Server, adjusts instruction or terminal software edition upgrading instruction for receiving security management and control strategy, andDynamically send accordingly according to described security management and control strategy adjustment instruction or terminal software edition upgrading instructionSecurity management and control strategy file or terminal software edition upgrading file are to target terminal equipment;
Terminal device, for dynamically receiving security management and control strategy file or terminal software edition upgrading literary compositionPart, and carry out accordingly corresponding security management and control strategy or terminal software edition upgrading, and real-time report is currentSecurity management and control status information.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410668359.6A CN105656860A (en) | 2014-11-20 | 2014-11-20 | Safety management and control method, apparatus and system for Android system |
| PCT/CN2015/074647 WO2015184891A1 (en) | 2014-11-20 | 2015-03-19 | Security management and control method, apparatus, and system for android system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410668359.6A CN105656860A (en) | 2014-11-20 | 2014-11-20 | Safety management and control method, apparatus and system for Android system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105656860A true CN105656860A (en) | 2016-06-08 |
Family
ID=54766116
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410668359.6A Withdrawn CN105656860A (en) | 2014-11-20 | 2014-11-20 | Safety management and control method, apparatus and system for Android system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105656860A (en) |
| WO (1) | WO2015184891A1 (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106384053A (en) * | 2016-09-14 | 2017-02-08 | 江苏北弓智能科技有限公司 | Trusted boot method and apparatus for mobile operation system |
| CN106713030A (en) * | 2016-12-21 | 2017-05-24 | 无锡江南计算技术研究所 | Software source management method based on safety management and control and software function management system |
| CN106775903A (en) * | 2017-02-24 | 2017-05-31 | 北京小米移动软件有限公司 | Java.policy update method and device |
| CN106845243A (en) * | 2016-12-13 | 2017-06-13 | 北京元心科技有限公司 | Improve the method and system for starting safety |
| CN107294962A (en) * | 2017-06-14 | 2017-10-24 | 福州汇思博信息技术有限公司 | A kind of method and terminal for configuring firewall security policy |
| CN108241798A (en) * | 2017-12-22 | 2018-07-03 | 北京车和家信息技术有限公司 | Prevent the method, apparatus and system of brush machine |
| CN108710801A (en) * | 2018-05-29 | 2018-10-26 | 北京迪诺益佳信息科技有限公司 | A kind of behavior management-control method of mobile application dynamic load code |
| CN109241783A (en) * | 2018-08-14 | 2019-01-18 | 中国科学院信息工程研究所 | Mobile terminal manages implementation of strategies method and device |
| CN109409032A (en) * | 2018-10-24 | 2019-03-01 | 山东超越数控电子股份有限公司 | A kind of system kernel analysis method of Safety-Critical System |
| CN112243226A (en) * | 2020-10-14 | 2021-01-19 | 广东汉鼎蜂助手网络技术有限公司 | Cloud SIM card wireless network remote control method, system and server device |
| CN113901473A (en) * | 2021-09-10 | 2022-01-07 | 苏州浪潮智能科技有限公司 | Method, device and equipment for safely starting server and readable medium |
| CN115134172A (en) * | 2022-08-30 | 2022-09-30 | 北京亿赛通科技发展有限责任公司 | Automatic configuration system and method for transparent encryption and decryption of terminal file |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110046497B (en) * | 2018-01-16 | 2023-06-20 | 腾讯科技(深圳)有限公司 | Function hook realization method, device and storage medium |
| CN108540498B (en) * | 2018-06-21 | 2023-05-05 | 咪付(广西)网络技术有限公司 | Method and system for issuing security policy version in financial payment |
| CN110764827B (en) * | 2018-07-27 | 2023-05-30 | 中标软件有限公司 | Control system and method for computer peripheral equipment |
| CN110543769B (en) * | 2019-08-29 | 2023-09-15 | 武汉大学 | Trusted starting method based on encrypted TF card |
| CN113495504B (en) * | 2020-03-18 | 2023-01-31 | 杭州海康威视数字技术股份有限公司 | Intelligent control equipment, monitoring system and intelligent control method |
| CN113297121B (en) * | 2021-06-16 | 2024-02-23 | 深信服科技股份有限公司 | Interface management method, device, equipment and readable storage medium |
| CN113591075B (en) * | 2021-07-26 | 2023-11-07 | 深信服科技股份有限公司 | Terminal security management and control method, device and storage medium |
| CN113923170A (en) * | 2021-09-30 | 2022-01-11 | 深信服科技股份有限公司 | Application identification management method and system |
| CN114065180A (en) * | 2021-11-26 | 2022-02-18 | 国网宁夏电力有限公司信息通信公司 | Perception equipment safety verification system based on trusted computing 3.0 |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103020531A (en) * | 2012-12-06 | 2013-04-03 | 中国科学院信息工程研究所 | Method and system for trusted control of operating environment of Android intelligent terminal |
| CN103067392A (en) * | 2012-12-28 | 2013-04-24 | 中国人民解放军理工大学 | Security access control method based on Android terminal |
| CN103560902A (en) * | 2013-10-10 | 2014-02-05 | 中兴通讯股份有限公司 | Server, intelligent terminal and remote management method of intelligent terminal |
| CN103646214A (en) * | 2013-12-18 | 2014-03-19 | 国家电网公司 | Method for establishing trusted environment in power distribution terminal |
| CN103729597A (en) * | 2014-01-16 | 2014-04-16 | 宇龙计算机通信科技(深圳)有限公司 | System starting verifying method and device and terminal |
-
2014
- 2014-11-20 CN CN201410668359.6A patent/CN105656860A/en not_active Withdrawn
-
2015
- 2015-03-19 WO PCT/CN2015/074647 patent/WO2015184891A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103020531A (en) * | 2012-12-06 | 2013-04-03 | 中国科学院信息工程研究所 | Method and system for trusted control of operating environment of Android intelligent terminal |
| CN103067392A (en) * | 2012-12-28 | 2013-04-24 | 中国人民解放军理工大学 | Security access control method based on Android terminal |
| CN103560902A (en) * | 2013-10-10 | 2014-02-05 | 中兴通讯股份有限公司 | Server, intelligent terminal and remote management method of intelligent terminal |
| CN103646214A (en) * | 2013-12-18 | 2014-03-19 | 国家电网公司 | Method for establishing trusted environment in power distribution terminal |
| CN103729597A (en) * | 2014-01-16 | 2014-04-16 | 宇龙计算机通信科技(深圳)有限公司 | System starting verifying method and device and terminal |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106384053A (en) * | 2016-09-14 | 2017-02-08 | 江苏北弓智能科技有限公司 | Trusted boot method and apparatus for mobile operation system |
| CN106845243A (en) * | 2016-12-13 | 2017-06-13 | 北京元心科技有限公司 | Improve the method and system for starting safety |
| CN106713030A (en) * | 2016-12-21 | 2017-05-24 | 无锡江南计算技术研究所 | Software source management method based on safety management and control and software function management system |
| CN106775903A (en) * | 2017-02-24 | 2017-05-31 | 北京小米移动软件有限公司 | Java.policy update method and device |
| CN107294962B (en) * | 2017-06-14 | 2020-09-29 | 福州汇思博信息技术有限公司 | Method and terminal for configuring firewall security policy |
| CN107294962A (en) * | 2017-06-14 | 2017-10-24 | 福州汇思博信息技术有限公司 | A kind of method and terminal for configuring firewall security policy |
| CN108241798A (en) * | 2017-12-22 | 2018-07-03 | 北京车和家信息技术有限公司 | Prevent the method, apparatus and system of brush machine |
| CN108710801A (en) * | 2018-05-29 | 2018-10-26 | 北京迪诺益佳信息科技有限公司 | A kind of behavior management-control method of mobile application dynamic load code |
| CN109241783A (en) * | 2018-08-14 | 2019-01-18 | 中国科学院信息工程研究所 | Mobile terminal manages implementation of strategies method and device |
| CN109409032A (en) * | 2018-10-24 | 2019-03-01 | 山东超越数控电子股份有限公司 | A kind of system kernel analysis method of Safety-Critical System |
| CN112243226A (en) * | 2020-10-14 | 2021-01-19 | 广东汉鼎蜂助手网络技术有限公司 | Cloud SIM card wireless network remote control method, system and server device |
| CN113901473A (en) * | 2021-09-10 | 2022-01-07 | 苏州浪潮智能科技有限公司 | Method, device and equipment for safely starting server and readable medium |
| CN113901473B (en) * | 2021-09-10 | 2023-11-03 | 苏州浪潮智能科技有限公司 | Method, device, equipment and readable medium for safely starting server |
| CN115134172A (en) * | 2022-08-30 | 2022-09-30 | 北京亿赛通科技发展有限责任公司 | Automatic configuration system and method for transparent encryption and decryption of terminal file |
| CN115134172B (en) * | 2022-08-30 | 2022-11-25 | 北京亿赛通科技发展有限责任公司 | Automatic configuration system and method for transparent encryption and decryption of terminal file |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2015184891A1 (en) | 2015-12-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105656860A (en) | Safety management and control method, apparatus and system for Android system | |
| US11784823B2 (en) | Object signing within a cloud-based architecture | |
| CN109412812B (en) | Data security processing system, method, device and storage medium | |
| CN110011848B (en) | Mobile operation and maintenance auditing system | |
| CN103403669A (en) | Securing and managing APPs on a device | |
| CN102521548A (en) | Method for managing using rights of function and mobile terminal | |
| CN105099705B (en) | A kind of safety communicating method and its system based on usb protocol | |
| CN105843653A (en) | TA (trusted application) configuration method and device | |
| CN111414612B (en) | Security protection method and device for operating system mirror image and electronic equipment | |
| US11003435B2 (en) | Manifest trialing techniques | |
| CN108319857B (en) | Trusted application locking and unlocking method and system | |
| CN103970540B (en) | Key Functions secure calling method and device | |
| KR101097103B1 (en) | Method and system for preventing outflow in software source code | |
| CN111600701B (en) | Private key storage method, device and storage medium based on blockchain | |
| CN108347411B (en) | Unified security guarantee method, firewall system, equipment and storage medium | |
| KR20150030047A (en) | Method and system for application authentication | |
| CN116032484A (en) | Method and device for safely starting communication equipment and electronic equipment | |
| KR20150072007A (en) | Method for accessing temper-proof device and apparatus enabling of the method | |
| CN113868628A (en) | Signature verification method and device, computer equipment and storage medium | |
| KR20130125245A (en) | Method and system for maintaining integrity of software installed in mobile device | |
| CN108228219B (en) | Method and device for verifying BIOS validity during in-band refreshing of BIOS | |
| CN114444080A (en) | Server configuration method and computer readable storage medium | |
| JP5835022B2 (en) | Distribution apparatus, distribution processing method and program, information processing apparatus, information processing method and program | |
| Guo et al. | Research on risk analysis and security testing technology of mobile application in power system | |
| CN109885430B (en) | Method, device, system, equipment and medium for repairing system potential safety hazard |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20160608 |
|
| WW01 | Invention patent application withdrawn after publication |