CN106919581A - The means of defence and device of a kind of browser - Google Patents
The means of defence and device of a kind of browser Download PDFInfo
- Publication number
- CN106919581A CN106919581A CN201510991443.6A CN201510991443A CN106919581A CN 106919581 A CN106919581 A CN 106919581A CN 201510991443 A CN201510991443 A CN 201510991443A CN 106919581 A CN106919581 A CN 106919581A
- Authority
- CN
- China
- Prior art keywords
- extension element
- operating right
- current
- browser
- component
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/957—Browsing optimisation, e.g. caching or content distillation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
- G06F9/44526—Plug-ins; Add-ons
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
Abstract
This application discloses the means of defence and device of a kind of browser.The method includes:Start the Safety Examination engine in browser main program;When current extensions component is received to the currently operation requests of protection point, by the configuration file of browser described in the Safety Examination engine calling, information of the current extensions component to each protection operating right is included in the configuration file;According to the configuration file, operating right of the current extensions component to the current protection point is determined, the browser is protected according to the identified operating right.Due to protecting the information of point operating right to each comprising current extensions in configuration file, and operating right of the current extensions to current protection point is thereby determined that, the protection of browser has been realized according to the operating right.So as to solve in the prior art, after illegal extension element changes mark realization loading, it is impossible to the problem protected browser.
Description
Technical field
The application is related to computer security technique field, more particularly to a kind of browser means of defence and device.
Background technology
With flourishing for internet, people more and more process miscellaneous service using network, at this
Common tool of the browser usually as Business Processings such as web page browsing, search during individual.In browser
Numerous extension elements (Extension) are occurred in that during use, these extension elements are browsed by calling
Application programming interface (Application Programming Interface, API) in device increasing or
Strengthen a certain function of browser.However, browser extension element is while being widely used, occur
Numerous illegal extension elements, these illegal extension elements would generally cause the browser of user to collapse even to use
Family leakage of personal information.
Prior art mainly judges the security of extension element, extension element by the extension element storehouse for creating
Storehouse is generally used for recording the mark (extension element title, version information etc.) and extension element of extension element
Corresponding safe description information.After browser receives the load request of extension element, by the extension element
Content recorded in mark and extension element storehouse is compared, and is then carried out accordingly according to the result for comparing
Treatment.But during practical application, some illegal extension elements would generally be by changing the shape for identifying
Formula, is able to bypass the content of extension element place record so as to realize loading.When illegal extension element more dehorn
Know realize loading after, how browser protect be industry need solve problem.
The content of the invention
The embodiment of the present application provides a kind of means of defence and device of browser, for solving in the prior art,
After illegal extension element changes mark realization loading, it is impossible to realize the problem of browser protection.
The embodiment of the present application provides a kind of means of defence of browser, including:
Start the Safety Examination engine in browser main program;
When current extensions component is received to the currently operation requests of protection point, by the Safety Examination engine
The configuration file of the browser is called, comprising the current extensions component to each protection in the configuration file
The information of point operating right, the protection point is the indication set-point in the browser;
According to the configuration file, operating right of the current extensions component to the current protection point is determined,
The browser is protected according to the identified operating right.
Preferably, extension element storehouse is also included in the configuration file, the extension element storehouse is used to record institute
The security of each extension element in extension element storehouse is stated, methods described also includes:
Other outside the current extensions component is the extension element recorded in the extension element storehouse
During extension element, the current extensions component is set to corresponding behaviour to the operating right of each protection point
Make authority.
Preferably, the extension element storehouse specifically includes white list;Then, when the current extensions component is institute
When stating other extension elements outside the extension element recorded in extension element storehouse, by the current extensions group
Part is set to corresponding operating right and specifically includes to the operating right of each protection point:When the current expansion
When exhibition component is other extension elements outside the extension element recorded in the white list, will be described current
Extension element is set to forbid to the operating right of each protection point.
Preferably, the extension element storehouse specifically includes blacklist;Then, when the current extensions component is institute
When stating other extension elements outside the extension element recorded in extension element storehouse, by the current extensions group
Part is set to corresponding operating right and specifically includes to the operating right of each protection point:When the current expansion
When exhibition component is other extension elements outside the extension element recorded in the blacklist, will be described current
Extension element is positioned to allow for the operating right of each protection point.
Preferably, the operating right determined by the basis carries out protection and specifically includes to the browser:
When the identified operating right is to allow, it is allowed to which the current extensions component is to described current anti-
Shield point is operated;And/or,
When the identified operating right is to forbid, forbid the current extensions component to described current anti-
Shield point is operated.
The embodiment of the present application also provides a kind of protector of browser, including:
Start unit, call unit and protective unit, wherein:
Start unit, for starting the Safety Examination engine in browser main program;
Call unit, for when current extensions component is received to the currently operation requests of protection point, by institute
The configuration file of browser described in Safety Examination engine calling is stated, the current expansion is included in the configuration file
To the information of each protection point operating right, the protection point is the indication set-point in the browser to exhibition component;
Protective unit, for according to the configuration file, determining the current extensions component to described current anti-
The operating right of point is protected, the browser is protected according to the identified operating right.
Preferably, extension element storehouse is also included in the configuration file, the extension element storehouse is used to record institute
The security of each extension element in extension element storehouse is stated, described device also includes:Setting unit, for working as
It is other extension elements outside the extension element recorded in the extension element storehouse to state current extensions component
When, the current extensions component is set to corresponding operating right to the operating right of each protection point.
Preferably, the extension element storehouse specifically includes white list, and the setting unit specifically includes first and sets
Unit is put, for its outside being the extension element recorded in the white list when the current extensions component
During its extension element, the current extensions component is set to forbid to the operating right of each protection point.
Preferably, the extension element storehouse specifically includes blacklist, and the setting unit specifically includes second and sets
Unit is put, for its outside being the extension element recorded in the blacklist when the current extensions component
During its extension element, the current extensions component is positioned to allow for the operating right of each protection point.
Preferably, the protective unit includes the first protective unit, for the operating right determined by
During to allow, it is allowed to which the current extensions component is operated to the current protection point;And/or,
Second protective unit, for when the identified operating right is to forbid, forbidding the current expansion
Exhibition component is operated to the current protection point.
Above-mentioned at least one technical scheme that the embodiment of the present application is used can reach following beneficial effect:
Due to when current extensions component is received to the currently operation requests of protection point, by Safety Examination engine
The configuration file of browser is called, and current extensions are included in configuration file to each protection point operating right
Information, it is thus determined that current extensions are realized according to the operating right to the operating rights of current protection point
The protection of browser.So as to solve in the prior art, change mark when illegal extension element and realize loading
Afterwards, it is impossible to the problem protected browser.
Brief description of the drawings
Accompanying drawing described herein is used for providing further understanding of the present application, constitutes the part of the application,
The schematic description and description of the application does not constitute the improper limit to the application for explaining the application
It is fixed.In the accompanying drawings:
Fig. 1 is that a kind of flow that implements of the means of defence of browser that the embodiment of the present application 1 is provided is illustrated
Figure;
Fig. 2 is that the flow that implements of the means of defence of another browser that the embodiment of the present application 2 is provided is shown
It is intended to;
Fig. 3 is a kind of concrete structure schematic diagram of the protector of browser that the embodiment of the present application 3 is provided.
Specific embodiment
It is specifically real below in conjunction with the application to make the purpose, technical scheme and advantage of the application clearer
Apply example and corresponding accompanying drawing is clearly and completely described to technical scheme.Obviously, it is described
Embodiment is only some embodiments of the present application, rather than whole embodiments.Based on the implementation in the application
Example, the every other implementation that those of ordinary skill in the art are obtained under the premise of creative work is not made
Example, belongs to the scope of the application protection.
Below in conjunction with accompanying drawing, the technical scheme that each embodiment of the application is provided is described in detail.
Embodiment 1
Embodiment 1 provides a kind of means of defence of browser, for solving in the prior art when illegal extension
Unit replacement mark is realized after loading, it is impossible to realize the problem of browser protection.The idiographic flow of the method
Schematic diagram is as shown in figure 1, comprise the steps:
Step S11:Start the Safety Examination engine in browser.
Browser main program refers to the basic program for being independently provided out of browser, and it can call and browse
Device subprogram, without being called by any browser subprogram.Therefore browser main program is the browser
Core.
Herein, Safety Examination engine refers to dedicated for examining the extension to be loaded in browser main program
The engine of the security of component.In actual applications, the Safety Examination engine of browser can be browsed
An independent module under device main program, the function of the standalone module is that extension element security is examined
Look into.
Generally can be, when browser main program starts, to start Safety Examination engine, if carried out certainly
Under the conditions of test etc., the Safety Examination engine can also be started by other means.
Step S12:When current extensions component is received to the currently operation requests of protection point, by the peace
The full configuration file for examining browser described in engine calling, includes the current extensions group in the configuration file
To the information of each protection point operating right, the protection point is the indication set-point in the browser to part.
Extension element is typically to be operated in the aspect of browser, is entered using HTML and Javascript language
Row exploitation, for increasing or strengthening a certain function of browser.
Generally, the configuration file of browser refers to user when using the browser, and the browser is the user
The setting and the set of file to be loaded required environment.Herein, the current expansion is included in configuration file
To the information of each protection point operating right, protection point is the indication set-point in the browser to exhibition component, is set
Point refers to the point that parameter can be expanded component modification in the browser.In actual applications, browser can be with
Have multiple protection points as needed, these protection points be generally all illegal extension element using point and represent a little,
It can be considered that protection point is the point that the browser needs to lay special stress on protecting.Certain can as the case may be specified
A little set-points are protection point, such as when the parameter of the more a certain set-point to browser of illegal extension element
When modifying, the set-point can be appointed as protecting point.Some common protection points have:Browser
Official's navigation page, Newtab pages, official expansion management page, official's search, upgrading sets extension element automatically
Put with external loading etc..
Specifically, whether operating right typically refers to operate, can include allowing in actual applications and
Forbid, wherein, it is allowed to refer to allow operation, it refers to quiescing to forbid.It is various due to generally occurring
The new extension element of various kinds, therefore may be not comprising these new extension elements to each protection in configuration file
The information of point operating right.At this time can be according to default setting, by these new extension elements to each protection
Point operating right is set to forbid, it is also possible to be positioned to allow for according to actual needs or other modes.
When current extensions component is received to the currently operation requests of protection point, by the Safety Examination engine
Call the configuration file of the browser.In actual applications, it will usually there is extension element and meanwhile need it is right
The situation that multiple protection is operated, therefore current protection point can be that some all protected in point is prevented
Multiple protection points in shield point, or all protection point.
Step S13:According to the configuration file, determine the current extensions component to the current protection point
Operating right, the browser is protected according to the identified operating right.
The letter of operating right is put to each protection according to the current extensions component included in the configuration file
Breath, determines operating right of the current extensions component to the current protection point, then according to determined by
The operating right is protected the browser.
In actual applications, the browser protect according to the identified operating right generally has
Two kinds of specific modes, including when the identified operating right is to allow, it is allowed to the current extensions
Component is operated to the current protection point;When the identified operating right is to forbid, forbid institute
Current extensions component is stated to operate the current protection point.
The means of defence of the browser provided using embodiment 1, due to receiving current extensions component to current
When protecting the operation requests of point, by the configuration file of Safety Examination engine calling browser, and text is configured
Comprising current extensions to the information of each protection point operating right in part, it is thus determined that current extensions are to current anti-
The operating right of point is protected, the protection of browser is realized according to the operating right.So as to solve prior art
In, after illegal extension element changes mark realization loading, it is impossible to the problem protected browser.
It should be noted that the executive agent that embodiment 1 provides each step of method may each be same and set
It is standby, or, each step of the method can also be by distinct device as executive agent.Such as, step 11
Can be equipment 1 with the executive agent of step 12;Again such as, the executive agent of step 11 can be equipment
1, the executive agent of step 12 sum can be equipment 2;Etc..
Embodiment 2
Comprising current extensions component to each protection point operating right in the configuration file mentioned in embodiment 1
Information, the extension included when extension element new in actual applications occurs in fact, or in configuration file
When component is not updated to the information of each protection point operating right, extension is increased generally in configuration file
Component Gallery, setting is updated by extension element storehouse to the operating right of extension element, is constituted
Embodiments herein 2.The idiographic flow schematic diagram of the method is as shown in Fig. 2 comprise the steps:
Step S21:Start the Safety Examination engine in browser main program.
Step S21 is identical with step S11, just no longer goes to live in the household of one's in-laws on getting married chat here.
Step S22:When current extensions component is received to the currently operation requests of protection point, by the peace
The full configuration file for examining browser described in engine calling, in the configuration file comprising extension element storehouse and
The current extensions component to the information of each protection point operating right, during the protection point is the browser
Giving directions set-point, the extension element storehouse is used to record the security of each extension element in the extension element storehouse.
In actual applications, due to new extension element generally occurs, the extension is received so as to appear in
When component is to the operation requests for protecting point, not necessarily comprising the extension element storehouse to each protection point in configuration file
The information of operating right, a kind of common settling mode is that the extension element storehouse is to each anti-in this case
Shield point sets unified default privilege, and default privilege can be to allow or forbid.But, due to new extension
The speed that component occurs, and extension element version updating, the mode of this set default privilege is not
Being capable of solve problem well.Therefore, extension element storehouse is increased generally in configuration file, by expanded set
Part storehouse sets extension element to each protection point operating right, and can be by updating the side in extension element storehouse
Formula solves the above problems.The extension element storehouse is used to record the peace of each extension element in the extension element storehouse
Quan Xing.
Step S23:When the current extensions component be extension element recorded in the extension element storehouse it
During outer other extension elements, the current extensions component is set to the operating right of each protection point
Corresponding operating right.
It is that the current extensions component setting is right when the current extensions component is not included in extension element storehouse
The operating right answered.
In practical application, the provider of extension element generally includes three classes, and the first kind is carried for Development of Web Browser side
The extension element of confession, the extension element that Equations of The Second Kind is provided for the affiliate of browser, the 3rd class is third party
The extension element of offer.As a rule, the first kind and Equations of The Second Kind extension element are safer, therefore extension element
Storehouse can be white list, and each extension element recorded in the white list is confirmed as safety;At this time walk
Rapid S23 can be step S231.
Step S231:Outside being the extension element recorded in the white list when the current extensions component
During other extension elements, the current extensions component is set to forbid to the operating right of each protection point.
In addition, when the current extensions component is the extension element recorded in the white list, will be described
Current extensions component is positioned to allow for the operating right of each protection point.
Particularly, generally also operating right can be set by way of blacklist is set in actual applications,
Each extension element recorded in the blacklist is confirmed as the presence of risk, and such step S23 can also be
Step S232.
Step S232:Outside being the extension element recorded in the blacklist when the current extensions component
During other extension elements, the current extensions component is positioned to allow for the operating right of each protection point.
When the current extensions component is the extension element recorded in the blacklist, by the current expansion
Exhibition component is set to forbid to the operating right of each protection point.
Certainly, can also simultaneously be used by white and black list in actual applications, carry out extension element and set
Put operating right.The extension element being so usually in white list allows each protection point of operation, blacklist
Each protection point of interior extension element quiescing, for the extension element not in white and black list,
Operating right to each protection point can be according to actual needs set, for example, be positioned to allow for, forbidden or portion
Divide and forbid.
Step S24:According to the configuration file, determine the current extensions component to the current protection point
Operating right, the browser is protected according to the identified operating right.
The method provided using embodiment 2, increased extension element storehouse in configuration file, when configuration text
When the extension element included in part is not updated to the information of each protection point operating right, by the expansion
Exhibition library is updated setting to the information of each protection point operating right, and by the more newly-installed result
It is final to realize protecting the browser.
Embodiment 3
Embodiment 3 provides a kind of protector of browser, for solving in the prior art when illegal extension
Unit replacement mark is realized after loading, it is impossible to realize the problem of browser protection.As shown in figure 3, the dress
Putting 300 includes:
Start unit 301, call unit 302 and protective unit 303, wherein:
Start unit 301, for starting the Safety Examination engine in browser main program;
Call unit 302, for when current extensions component is received to the currently operation requests of protection point, leading to
The configuration file of browser described in the Safety Examination engine calling is crossed, is worked as comprising described in the configuration file
To the information of each protection point operating right, the protection point is that the indication in the browser sets to preceding extension element
Put a little;
Protective unit 303, for according to the configuration file, determining that the current extensions component is worked as to described
The operating right of preceding protection point, protects the browser according to the identified operating right.
The protector of the browser provided using embodiment 3, due to receiving current extensions component to current
When protecting the operation requests of point, in calling the configuration file of browser, and configuration file by call unit
Comprising current extensions to the information of each protection point operating right, it is thus determined that current extensions are to current protection point
Operating right, the protection of browser is realized according to the operating right.So as to solve in the prior art,
After illegal extension element changes mark realization loading, it is impossible to the problem protected browser.
Due in actual applications, it will usually new extension element occur so that what is included in configuration file should
Extension element is not updated in time to the information of each protection point operating right, can increase in configuration file
Plus extension element storehouse, and operating right of the extension to each protection point is set by extension element storehouse, should
Extension library can be in time updated by network.Therefore, extension element is also included in the configuration file
Storehouse, the extension element storehouse is used to record the security of each extension element in the extension element storehouse, the dress
Putting 30 also includes:Setting unit 304, for when the current extensions component for the extension element storehouse in institute
During other extension elements outside the extension element of record, by the current extensions component to each protection point
Operating right be set to corresponding operating right.
Particularly, because the provider of extension element is usually browser provider, therefore extension element storehouse can
So that including white list, each extension element recorded in the white list is confirmed as safety.
At this time, the setting unit 304 specifically includes the first setting unit 3041, for when described current
When extension element is other extension elements outside the extension element recorded in the white list, described will work as
Preceding extension element is set to forbid to the operating right of each protection point.
For the defence line problem that the extension element that third party provides is likely to occur, generally can be in extension element storehouse
Middle increase blacklist, each extension element recorded in the blacklist is confirmed as the presence of risk.
At this time, the setting unit 304 specifically includes the second setting unit 3042, for when described current
When extension element is other extension elements outside the extension element recorded in the blacklist, described will work as
Preceding extension element is positioned to allow for the operating right of each protection point.
The protective unit 303 includes the first protective unit 3031, for the operating right determined by
During to allow, it is allowed to which the current extensions component is operated to the current protection point;And/or,
Second protective unit 3032, for when the identified operating right is to forbid, forbidding described working as
Preceding extension element is operated to the current protection point.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or meter
Calculation machine program product.Therefore, the application can be using complete hardware embodiment, complete software embodiment or knot
Close the form of the embodiment in terms of software and hardware.And, the application can be used and wherein wrapped at one or more
Containing computer usable program code computer-usable storage medium (including but not limited to magnetic disk storage,
CD-ROM, optical memory etc.) on implement computer program product form.
The application is produced with reference to the method according to the embodiment of the present application, equipment (system) and computer program
The flow chart and/or block diagram of product is described.It should be understood that can by computer program instructions realize flow chart and
/ or block diagram in each flow and/or the flow in square frame and flow chart and/or block diagram and/
Or the combination of square frame.These computer program instructions to all-purpose computer, special-purpose computer, insertion can be provided
The processor of formula processor or other programmable data processing devices is producing a machine so that by calculating
The instruction of the computing device of machine or other programmable data processing devices is produced for realizing in flow chart one
The device of the function of being specified in individual flow or multiple one square frame of flow and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in can guide computer or the treatment of other programmable datas to set
In the standby computer-readable memory for working in a specific way so that storage is in the computer-readable memory
Instruction produce include the manufacture of command device, the command device realization in one flow of flow chart or multiple
The function of being specified in one square frame of flow and/or block diagram or multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices, made
Obtain and series of operation steps is performed on computer or other programmable devices to produce computer implemented place
Reason, so as to the instruction performed on computer or other programmable devices is provided for realizing in flow chart one
The step of function of being specified in flow or multiple one square frame of flow and/or block diagram or multiple square frames.
In a typical configuration, computing device includes one or more processors (CPU), input/defeated
Outgoing interface, network interface and internal memory.
Internal memory potentially includes the volatile memory in computer-readable medium, random access memory
And/or the form, such as read-only storage (ROM) or flash memory (flash RAM) such as Nonvolatile memory (RAM).
Internal memory is the example of computer-readable medium.
Computer-readable medium includes that permanent and non-permanent, removable and non-removable media can be by appointing
What method or technique realizes information Store.Information can be computer-readable instruction, data structure, program
Module or other data.The example of the storage medium of computer includes, but are not limited to phase transition internal memory
(PRAM), static RAM (SRAM), dynamic random access memory (DRAM), its
The random access memory (RAM) of his type, read-only storage (ROM), electrically erasable are read-only
Memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc read-only storage
(CD-ROM), digital versatile disc (DVD) or other optical storages, magnetic cassette tape, tape magnetic
Disk storage or other magnetic storage apparatus or any other non-transmission medium, can be used for storage can be calculated
The information of equipment operation.Defined according to herein, computer-readable medium does not include temporary computer-readable matchmaker
Body (transitory media), such as data-signal and carrier wave of modulation.
Also, it should be noted that term " including ", "comprising" or its any other variant be intended to it is non-
It is exclusive to include, so that process, method, commodity or equipment including a series of key elements are not only wrapped
Include those key elements, but also other key elements including being not expressly set out, or also include for this process,
Method, commodity or the intrinsic key element of equipment.In the absence of more restrictions, by sentence " including
One ... " limit key element, it is not excluded that in the process including key element, method, commodity or equipment
Also there is other identical element.
It will be understood by those skilled in the art that embodiments herein can be provided as method, system or computer journey
Sequence product.Therefore, the application can using complete hardware embodiment, complete software embodiment or combine software and
The form of the embodiment of hardware aspect.And, the application can be used and wherein include calculating at one or more
Machine usable program code computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM,
Optical memory etc.) on implement computer program product form.
Embodiments herein is these are only, the application is not limited to.For people in the art
For member, the application can have various modifications and variations.It is all to be made within spirit herein and principle
Any modification, equivalent substitution and improvements etc., within the scope of should be included in claims hereof.
Claims (10)
1. a kind of means of defence of browser, it is characterised in that including:
Start the Safety Examination engine in browser;
When current extensions component is received to the operation requests for protecting point, by the Safety Examination engine calling
The configuration file of the browser, comprising the current extensions component to each protection point behaviour in the configuration file
Make the information of authority, the protection point is the indication set-point in the browser;
According to the configuration file, operating right of the current extensions component to the current protection point is determined,
The browser is protected according to the identified operating right.
2. the method for claim 1, it is characterised in that also comprising extension in the configuration file
Component Gallery, the extension element storehouse is used to record the security of each extension element in the extension element storehouse, institute
Stating method also includes:
Other outside the current extensions component is the extension element recorded in the extension element storehouse
During extension element, the current extensions component is set to corresponding behaviour to the operating right of each protection point
Make authority.
3. method as claimed in claim 2, it is characterised in that the extension element storehouse specifically includes white
List;Then, outside the current extensions component is the extension element recorded in the extension element storehouse
During other extension elements, the current extensions component is set to correspondence to the operating right of each protection point
Operating right specifically include:When the current extensions component is the extension element recorded in the white list
Outside other extension elements when, by the current extensions component to it is each it is described protection point operating right set
To forbid.
4. method as claimed in claim 2, it is characterised in that the extension element storehouse specifically includes black
List;Then, outside the current extensions component is the extension element recorded in the extension element storehouse
During other extension elements, the current extensions component is set to correspondence to the operating right of each protection point
Operating right specifically include:When the current extensions component is the extension element recorded in the blacklist
Outside other extension elements when, by the current extensions component to it is each it is described protection point operating right set
To allow.
5. the method for claim 1, it is characterised in that the operation determined by the basis
Authority carries out protection and specifically includes to the browser:
When the identified operating right is to allow, it is allowed to which the current extensions component is to described current anti-
Shield point is operated;And/or,
When the identified operating right is to forbid, forbid the current extensions component to described current anti-
Shield point is operated.
6. a kind of protector of browser, it is characterised in that including:
Start unit, call unit and protective unit, wherein:
Start unit, for starting the Safety Examination engine in browser main program;
Call unit, for when current extensions component is received to the currently operation requests of protection point, by institute
The configuration file of browser described in Safety Examination engine calling is stated, the current expansion is included in the configuration file
To the information of each protection point operating right, the protection point is the indication set-point in the browser to exhibition component;
Protective unit, for according to the configuration file, determining the current extensions component to described current anti-
The operating right of point is protected, the browser is protected according to the identified operating right.
7. device as claimed in claim 6, it is characterised in that expanded set is also included in the configuration file
Part storehouse, the extension element storehouse is used to record the security of each extension element in the extension element storehouse, described
Device also includes:Setting unit, for being recorded in the extension element storehouse when the current extensions component
Extension element outside other extension elements when, by the current extensions component to it is each it is described protection point behaviour
Make priority assignation for corresponding operating right.
8. device as claimed in claim 7, it is characterised in that the extension element storehouse specifically includes white name
Single, the setting unit specifically includes the first setting unit, for being described white when the current extensions component
During other extension elements outside the extension element recorded in list, by the current extensions component to each institute
The operating right for stating protection point is set to forbid.
9. device as claimed in claim 7, it is characterised in that the extension element storehouse specifically includes black name
Single, the setting unit specifically includes the second setting unit, for being described black when the current extensions component
During other extension elements outside the extension element recorded in list, by the current extensions component to each institute
The operating right for stating protection point is positioned to allow for.
10. device as claimed in claim 6, it is characterised in that the protective unit includes the first protection
Unit, for when the identified operating right is to allow, it is allowed to which the current extensions component is to described
Current protection point is operated;And/or,
Second protective unit, for when the identified operating right is to forbid, forbidding the current expansion
Exhibition component is operated to the current protection point.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510991443.6A CN106919581A (en) | 2015-12-24 | 2015-12-24 | The means of defence and device of a kind of browser |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510991443.6A CN106919581A (en) | 2015-12-24 | 2015-12-24 | The means of defence and device of a kind of browser |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106919581A true CN106919581A (en) | 2017-07-04 |
Family
ID=59459024
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510991443.6A Pending CN106919581A (en) | 2015-12-24 | 2015-12-24 | The means of defence and device of a kind of browser |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106919581A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108182357A (en) * | 2017-12-28 | 2018-06-19 | 深圳Tcl数字技术有限公司 | Browser altering detecting method, embedded device and computer readable storage medium |
CN109413098A (en) * | 2018-12-04 | 2019-03-01 | 北京达佳互联信息技术有限公司 | Method, apparatus, terminal and the storage medium that web page element is shown |
CN109558730A (en) * | 2018-12-29 | 2019-04-02 | 360企业安全技术(珠海)有限公司 | A kind of safety protecting method and device of browser |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040153644A1 (en) * | 2003-02-05 | 2004-08-05 | Mccorkendale Bruce | Preventing execution of potentially malicious software |
CN103023976A (en) * | 2012-11-19 | 2013-04-03 | 北京奇虎科技有限公司 | Device and method for extending browser application plug-ins |
CN103036871A (en) * | 2012-11-19 | 2013-04-10 | 北京奇虎科技有限公司 | Support device and method of application plug-in of browser |
CN103761114A (en) * | 2013-10-18 | 2014-04-30 | 北京奇虎科技有限公司 | Method and device for loading extensions and/or plugins on browser side |
US8732794B2 (en) * | 2007-08-13 | 2014-05-20 | Trusteer Ltd. | Browser plug-in firewall |
CN103823873A (en) * | 2014-02-27 | 2014-05-28 | 北京奇虎科技有限公司 | Reading/writing method, device and system of browser setting item |
US20150347200A1 (en) * | 2014-05-29 | 2015-12-03 | Apple Inc. | Sharing extension points to allow an application to share content via a sharing extension |
-
2015
- 2015-12-24 CN CN201510991443.6A patent/CN106919581A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040153644A1 (en) * | 2003-02-05 | 2004-08-05 | Mccorkendale Bruce | Preventing execution of potentially malicious software |
US8732794B2 (en) * | 2007-08-13 | 2014-05-20 | Trusteer Ltd. | Browser plug-in firewall |
CN103023976A (en) * | 2012-11-19 | 2013-04-03 | 北京奇虎科技有限公司 | Device and method for extending browser application plug-ins |
CN103036871A (en) * | 2012-11-19 | 2013-04-10 | 北京奇虎科技有限公司 | Support device and method of application plug-in of browser |
CN103761114A (en) * | 2013-10-18 | 2014-04-30 | 北京奇虎科技有限公司 | Method and device for loading extensions and/or plugins on browser side |
CN103823873A (en) * | 2014-02-27 | 2014-05-28 | 北京奇虎科技有限公司 | Reading/writing method, device and system of browser setting item |
US20150347200A1 (en) * | 2014-05-29 | 2015-12-03 | Apple Inc. | Sharing extension points to allow an application to share content via a sharing extension |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108182357A (en) * | 2017-12-28 | 2018-06-19 | 深圳Tcl数字技术有限公司 | Browser altering detecting method, embedded device and computer readable storage medium |
CN108182357B (en) * | 2017-12-28 | 2022-01-04 | 深圳Tcl数字技术有限公司 | Browser tampering detection method, embedded device and computer-readable storage medium |
CN109413098A (en) * | 2018-12-04 | 2019-03-01 | 北京达佳互联信息技术有限公司 | Method, apparatus, terminal and the storage medium that web page element is shown |
CN109558730A (en) * | 2018-12-29 | 2019-04-02 | 360企业安全技术(珠海)有限公司 | A kind of safety protecting method and device of browser |
CN109558730B (en) * | 2018-12-29 | 2020-10-16 | 360企业安全技术(珠海)有限公司 | Safety protection method and device for browser |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9069986B2 (en) | Providing access control for public and private document fields | |
BR112019016655A2 (en) | configurable annotations for sensitive user content about privacy | |
CN109818937A (en) | For the control method of Android permission, device and storage medium, electronic device | |
CN107943949A (en) | A kind of method and server of definite web crawlers | |
CN107665306B (en) | A kind of method, apparatus, client and the server of the injection of detection illegal file | |
US8452740B2 (en) | Method and system for security of file input and output of application programs | |
US10474812B2 (en) | System and method for secure execution of script files | |
CN107480029A (en) | A kind of monitoring method and device of function call time | |
CN107102944A (en) | The analysis method and device of a kind of call function | |
US11336650B1 (en) | Systems and methods for producing access control list caches including effective information access permissions across disparate storage devices | |
CN106033461A (en) | Sensitive information query method and apparatus | |
CN104951708A (en) | File measurement and protection method and device | |
CN106201856A (en) | A kind of multi version performance test methods and device | |
CN106919581A (en) | The means of defence and device of a kind of browser | |
CN110135129A (en) | Code segment protection method, device, computer equipment and storage medium | |
EP2937803B1 (en) | Control flow flattening for code obfuscation where the next block calculation needs run-time information | |
CN103970574B (en) | The operation method and device of office programs, computer system | |
CN107122663A (en) | A kind of detection method for injection attack and device | |
CN109376530B (en) | Process mandatory behavior control method and system based on mark | |
US20080295145A1 (en) | Identifying non-orthogonal roles in a role based access control system | |
CN104298922A (en) | Method and device of stopping vulnerability exploiting | |
CN104598554B (en) | Webpage loading method and device | |
CN106896990A (en) | The discharging method and device of a kind of application program | |
CN113449330B (en) | Method for transmitting Javascript encrypted file | |
CN106919829A (en) | The means of defence and device of a kind of browser |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170704 |
|
RJ01 | Rejection of invention patent application after publication |