CN107480522B - ELF file execution control system and method - Google Patents
ELF file execution control system and method Download PDFInfo
- Publication number
- CN107480522B CN107480522B CN201710692002.5A CN201710692002A CN107480522B CN 107480522 B CN107480522 B CN 107480522B CN 201710692002 A CN201710692002 A CN 201710692002A CN 107480522 B CN107480522 B CN 107480522B
- Authority
- CN
- China
- Prior art keywords
- file
- characteristic value
- elf file
- elf
- characteristic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 230000008569 process Effects 0.000 claims description 40
- 230000004048 modification Effects 0.000 claims description 19
- 238000012986 modification Methods 0.000 claims description 19
- 230000008859 change Effects 0.000 claims description 10
- 238000012544 monitoring process Methods 0.000 claims description 7
- 238000012217 deletion Methods 0.000 claims description 6
- 230000037430 deletion Effects 0.000 claims description 6
- 238000004364 calculation method Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses an ELF file execution control system and a method, which comprises a dynamic characteristic value collection module, a characteristic database and a white list database, wherein the dynamic characteristic value collection module is used for collecting the characteristic value of an ELF file on a current system, generating and storing the characteristic value into the characteristic database, comparing the stored characteristic value of the ELF file on the current system with the characteristic value in the white list database, and obtaining the credible ELF file of the current system; and the application program execution control module is used for strategy issuing and execution control of the ELF file. Compared with the prior art, the ELF file execution control system and the method reduce the dependence of ELF execution control products on the influence of user environment, provide product competitiveness and have strong practicability.
Description
Technical Field
The invention relates to the field of operating system security, in particular to an ELF file execution control system and method.
Background
In the Linux operating system in the prior art, application program control is mainly controlled through attributes such as certificates, characteristic values, file names, paths, users and the like. Since Linux has no certificate information, it is mainly controlled by characteristic values. In order to accelerate program startup, according to the startup loading mode of an ELF (abbreviation of Executable and Linkable Format Linux), an operating system Executable and connectable file format, a pre-link Prelink technology is provided. By the technology, the loading speed of the dynamic library depended by the executable file is increased, and the starting speed of the executable file is improved. But the technique may modify portions of the contents of the dependent libraries that are executable. Causing the eigenvalues to be erroneous during the calculation. Especially, when the hash value of the ELF file changes, the calculation error of the feature value caused by the Prelink technology is large, and further the execution and loading control of the ELF file is influenced.
In view of the above, a technique for effectively eliminating the influence of Prelink technology in the system is needed.
Disclosure of Invention
The technical task of the invention is to provide an ELF file execution control system and method aiming at the defects.
An ELF file execution control system includes,
the dynamic characteristic value collection module is used for collecting characteristic values of the ELF files on the current system, generating and storing the characteristic values into a characteristic library, and the characteristic library is also provided with a white list library which records the characteristic values of the credible ELF files and compares the stored characteristic values of the ELF files on the current system with the characteristic values in the white list library to obtain the credible ELF files of the current system;
and the application program execution control module is used for strategy issuing and execution control of the ELF file, wherein the strategy issuing refers to that a trusty ELF file in the feature library is acquired, and then an application program corresponding to the trusty ELF file is executed and controlled.
In the feature library generated by the dynamic feature value collection module, the process of storing the collected file feature values is as follows: after an ELF file is collected and acquired, whether a Prelink is started for the file is judged, if the Prelink is started, a characteristic value after the Prelink and a characteristic value of an original file before the Prelink are collected, and the two characteristic values are stored in a characteristic library; if the Prelink is not enabled, directly saving the original characteristic value of the ELF file, namely the current characteristic value; correspondingly, when the ELF file which can be trusted by the current system is determined, comparing the original characteristic value of the ELF file on the current system with the characteristic value in the white list library to judge whether the ELF file is trusted: if the file exists, the characteristic value of the current ELF file is credible, the corresponding ELF file is a credible file, and if the file does not exist, the file is an untrusted file.
The dynamic characteristic value collection module is also used for monitoring the current system in real time, when the ELF file in the system changes, whether the ELF file is credible or not is judged according to the characteristic value, namely the original characteristic value of the ELF file is compared with the credible characteristic value recorded in the white list library in the characteristic library, if the original characteristic value of the ELF file is the same as the credible characteristic value, the ELF file is credible, otherwise, the ELF file is not credible.
The change of the ELF file in the system refers to the change of creation, deletion and/or modification of the ELF file in the execution process of the application program, and correspondingly, the dynamic characteristic value collection module automatically judges the trust level of the ELF file when the ELF file is changed to determine whether the ELF file is trusted or not.
The strategy issuing implemented by the application program execution control module specifically comprises the following steps: firstly, obtaining an ELF file characteristic value trusted by a current file system from a characteristic library, if the ELF file is modified by a Prelink, loading the modified file characteristic value, and otherwise, loading the file characteristic value before modification.
The system also comprises a log and result feedback module which is used for timely notifying a user of a log generated in the execution process of the application program and an operation log of the system or storing the log in the log of the operation system, wherein the log generated in the execution process of the application program and the operation log of the system comprise a log for recording the control process of the current ELF file, a log for recording the change process of the ELF file in the system and a log for recording the starting and loading processes of the ELF file.
Based on the system, the ELF file execution control method comprises the following steps,
firstly, searching an ELF file on a current system through a dynamic characteristic value collection module, acquiring a characteristic value of the ELF file, and comparing and judging the ELF file with a credible characteristic value recorded in a white list library to acquire specific information of the credible ELF file on the current system;
secondly, the application program execution control module executes and controls the corresponding application program through the acquired specific information of the trusted ELF file;
and thirdly, the log generated in the execution process of the application program and the operation log of the system are timely notified to a user or stored in the log of the operating system through a log and result feedback module.
In the first step, the method further comprises the step of monitoring the current file system, and the process is as follows: in the execution process of the application program, when the ELF file is changed in creation, deletion and/or modification, the characteristic value of the ELF file is obtained again, and whether the ELF file is credible or not is judged again by comparing the characteristic value with the credible characteristic value recorded in the white list library.
In the first step, after the ELF file on the current system is collected, the specific process of judging whether the ELF file is authentic is as follows:
firstly, judging whether the file enables a Prelink, if so, collecting a characteristic value of an ELF file after the Prelink and a characteristic value of an original file before the Prelink, and storing the corresponding relation between the two characteristic values and the file name of the characteristic values into a characteristic library;
if the Prelink is not started, directly collecting an original characteristic value, namely a current characteristic value, of the ELF file, and storing the corresponding relation between the file characteristic value and the file name in a characteristic library;
in the feature library, whether the stored original feature value exists in the white list library or not is inquired, if so, the current feature value is credible, the corresponding ELF file is not tampered and is a credible ELF file and can be operated.
The specific process of the second step is that,
acquiring specific information of a trusted ELF file: firstly, acquiring an ELF file characteristic value trusted by a current system from a characteristic library, if the ELF file is modified by a Prelink, loading the modified file characteristic value, and if not, loading the file characteristic value before modification;
executing the application program: firstly, judging whether the system allows the application program to be loaded, judging whether the characteristic value of the ELF file to be loaded at present is calculated according to the judgment, comparing the characteristic value with the acquired characteristic value of the trustable ELF file, if the characteristic value is trustable, allowing the ELF file to be executed, and if the characteristic value is not trustable, not allowing the ELF file to be executed. Whether execution is allowed or not generates a startup-related log.
Compared with the prior art, the ELF file execution control system and method provided by the invention have the following beneficial effects:
the invention discloses an ELF file execution control system and method, which form a mechanism for judging the trust level of an ELF file in a Linux system, particularly judge how to judge the trust level of the ELF file after starting a Prelink function, so that the behavior of changing the hash value of the file caused by the modification of the Prelink to the ELF file does not influence the execution and loading control process of the ELF file, reduce the dependence of ELF execution control products on the influence of user environment, provide product competitiveness, have strong practicability, wide application range and are easy to popularize.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a diagram of an embodiment of a dynamic eigenvalue collection module of the present invention.
FIG. 2 is a diagram of an embodiment of an application execution control module according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to specific embodiments in order to make the technical field better understand the scheme of the present invention. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1 and 2, an ELF file execution control system includes,
the dynamic characteristic value collection module is used for collecting characteristic values of the ELF files on the current system, generating and storing the characteristic values into a characteristic library, and the characteristic library is also provided with a white list library which records the characteristic values of the credible ELF files and compares the stored characteristic values of the ELF files on the current system with the characteristic values in the white list library to obtain the credible ELF files of the current system;
and the application program execution control module is used for strategy issuing and execution control of the ELF file, wherein the strategy issuing refers to that a trusty ELF file in the feature library is acquired, and then an application program corresponding to the trusty ELF file is executed and controlled.
In the feature library generated by the dynamic feature value collection module, the process of storing the collected file feature values is as follows: after an ELF file is collected and acquired, whether a Prelink is started for the file is judged, if the Prelink is started, a characteristic value after the Prelink and a characteristic value of an original file before the Prelink are collected, and the two characteristic values are stored in a characteristic library; if the Prelink is not enabled, directly saving the original characteristic value of the ELF file, namely the current characteristic value; correspondingly, when the ELF file which can be trusted by the current system is determined, comparing the original characteristic value of the ELF file on the current system with the characteristic value in the white list library to judge whether the ELF file is trusted: if the file exists, the characteristic value of the current ELF file is credible, the corresponding ELF file is a credible file, and if the file does not exist, the file is an untrusted file.
The dynamic characteristic value collection module is also used for monitoring the current system in real time, when the ELF file in the system changes, whether the ELF file is credible or not is judged according to the characteristic value, namely the original characteristic value of the ELF file is compared with the credible characteristic value recorded in the white list library in the characteristic library, if the original characteristic value of the ELF file is the same as the credible characteristic value, the ELF file is credible, otherwise, the ELF file is not credible.
The change of the ELF file in the system refers to the change of creation, deletion and/or modification of the ELF file in the execution process of the application program, and correspondingly, the dynamic characteristic value collection module automatically judges the trust level of the ELF file when the ELF file is changed to determine whether the ELF file is trusted or not.
The strategy issuing implemented by the application program execution control module specifically comprises the following steps: firstly, obtaining an ELF file characteristic value trusted by a current file system from a characteristic library, if the ELF file is modified by a Prelink, loading the modified file characteristic value, and otherwise, loading the file characteristic value before modification.
The system also comprises a log and result feedback module which is used for timely notifying a user of a log generated in the execution process of the application program and an operation log of the system or storing the log in the log of the operation system, wherein the log generated in the execution process of the application program and the operation log of the system comprise a log for recording the control process of the current ELF file, a log for recording the change process of the ELF file in the system and a log for recording the starting and loading processes of the ELF file. Related report data can be generated according to the type of the log.
Based on the system, the method searches the modified position of the Prelink and restores the modified value in the calculation process of calculating the hash value of the ELF file according to the Prelink technology, and finally obtains the original hash value of the file, thereby effectively eliminating the influence caused by the Prelink technology in the system.
The method comprises the following steps of,
firstly, searching an ELF file on a current system through a dynamic characteristic value collection module, acquiring a characteristic value of the ELF file, and comparing and judging the ELF file with a credible characteristic value recorded in a white list library to acquire specific information of the credible ELF file on the current system;
secondly, the application program execution control module executes and controls the corresponding application program through the acquired specific information of the trusted ELF file;
and thirdly, the log generated in the execution process of the application program and the operation log of the system are timely notified to a user or stored in the log of the operating system through a log and result feedback module.
In the first step, the method further comprises the step of monitoring the current file system, and the process is as follows: in the execution process of the application program, when the ELF file is changed in creation, deletion and/or modification, the characteristic value of the ELF file is obtained again, and whether the ELF file is credible or not is judged again by comparing the characteristic value with the credible characteristic value recorded in the white list library.
In the first step, after the ELF file on the current system is collected, the specific process of judging whether the ELF file is authentic is as follows:
firstly, judging whether the file enables a Prelink, if so, collecting a characteristic value of an ELF file after the Prelink and a characteristic value of an original file before the Prelink, and storing the corresponding relation between the two characteristic values and the file name of the characteristic values into a characteristic library;
if the Prelink is not started, directly collecting an original characteristic value, namely a current characteristic value, of the ELF file, and storing the corresponding relation between the file characteristic value and the file name in a characteristic library;
in the feature library, whether the stored original feature value exists in the white list library or not is inquired, if so, the current feature value is credible, the corresponding ELF file is not tampered and is a credible ELF file and can be operated.
The specific process of the second step is that,
acquiring specific information of a trusted ELF file: firstly, acquiring an ELF file characteristic value trusted by a current system from a characteristic library, if the ELF file is modified by a Prelink, loading the modified file characteristic value, and if not, loading the file characteristic value before modification;
executing the application program: firstly, judging whether the system allows the application program to be loaded, namely, when the application program is executed, intercepting the loading process of the application program at the program image loading stage, judging whether the loading is allowed or not, calculating the characteristic value of the ELF file to be loaded currently according to the judgment basis, and comparing the characteristic value with the characteristic value of the trusted ELF file. If the trusted state is confirmed, the execution is allowed, and if the untrusted state is not confirmed, the execution is not allowed. Whether execution is allowed or not generates a startup-related log.
The original characteristic value of the ELF file is obtained through a Prelink command, the hash value of the current file is obtained and calculated through a sha1 algorithm, and the technology is common and is not described herein any more.
According to the method and the device, the modification of the ELF file in the Prelink running process is monitored, the characteristic value of the current file is judged according to the characteristic value of the original ELF file, the trust level is set, the implementation monitoring of the change of the hash value of the file is realized, and the accuracy of acquiring the characteristic value is ensured.
In the invention, the characteristic value and the original characteristic value of the ELF file which is changed are obtained by changing the Prelink of the file system, and the influence of the Prelink on the execution control of the ELF file is ensured to be 0 in real time.
In the program execution control process, the original characteristic value and the current characteristic value of the file can be calculated at the same time, and the specific use mode can be controlled by a switch.
The log report and report of the Prelink modification file system can be generated, and the modification frequency of the Prelink to the file system and the reason for modification can be evaluated.
A log and report of the loading of the startup and dynamic libraries may be generated.
The present invention can be easily implemented by those skilled in the art from the above detailed description. The principles and embodiments of the present invention are explained herein using specific examples, which are presented only to assist in understanding the method and its core concepts. It should be noted that, for those skilled in the art, it is possible to make various improvements and modifications to the present invention without departing from the principle of the present invention, and those improvements and modifications also fall within the scope of the claims of the present invention.
Claims (5)
1. An ELF file execution control system, comprising,
the dynamic characteristic value collection module is used for collecting characteristic values of the ELF files on the current system, generating and storing the characteristic values into a characteristic library, and the characteristic library is also provided with a white list library which records the characteristic values of the credible ELF files and compares the stored characteristic values of the ELF files on the current system with the characteristic values in the white list library to obtain the credible ELF files of the current system;
the application program execution control module is used for strategy issuing and execution control of the ELF file, wherein the strategy issuing refers to that a trusty ELF file in the feature library is acquired, and then an application program corresponding to the trusty ELF file is executed and controlled;
in the feature library generated by the dynamic feature value collection module, the process of storing the collected file feature values is as follows: after an ELF file is collected and acquired, whether a Prelink is started for the file is judged, if the Prelink is started, a characteristic value after the Prelink and a characteristic value of an original file before the Prelink are collected, and the two characteristic values are stored in a characteristic library; if the Prelink is not enabled, directly saving the original characteristic value of the ELF file, namely the current characteristic value; correspondingly, when the ELF file which can be trusted by the current system is determined, comparing the original characteristic value of the ELF file on the current system with the characteristic value in the white list library to judge whether the ELF file is trusted: if the file exists, the characteristic value of the current ELF file is credible, the corresponding ELF file is a credible file, and if not, the file is an untrusted file;
the dynamic characteristic value collection module is also used for monitoring the current system in real time, when the ELF file in the system changes, judging whether the ELF file is credible according to the characteristic value, namely comparing the original characteristic value of the ELF file with the credible characteristic value recorded in a white list library in a characteristic library, if the original characteristic value of the ELF file is the same as the credible characteristic value, judging that the ELF file is credible, otherwise, judging that the ELF file is not credible;
the change of the ELF file in the system refers to the change of creation, deletion and/or modification of the ELF file in the execution process of the application program, and correspondingly, the dynamic characteristic value collection module automatically judges the trust level of the ELF file when the ELF file is changed to determine whether the ELF file is trusted or not.
2. The ELF file execution control system according to claim 1, wherein the policy issuing implemented by the application program execution control module specifically is: firstly, obtaining an ELF file characteristic value trusted by a current file system from a characteristic library, if the ELF file is modified by a Prelink, loading the modified file characteristic value, and otherwise, loading the file characteristic value before modification.
3. The ELF file execution control system of claim 1 or 2, further comprising a log and result feedback module, which is configured to notify a user of a log generated in the application program execution process and an operation log of the system in time or store the log in a log of the operating system, where the log generated in the application program execution process and the operation log of the system include a log for recording a current ELF file control process, a log for recording an ELF file change process in the system, and a log for recording an ELF file start and load process.
4. An ELF file execution control method, based on the ELF file execution control system of any one of claims 1-3, comprising the steps of,
firstly, searching an ELF file on a current system through a dynamic characteristic value collection module, acquiring a characteristic value of the ELF file, and comparing and judging the ELF file with a credible characteristic value recorded in a white list library to acquire specific information of the credible ELF file on the current system;
step two, the application program execution control module executes and controls the corresponding application program through the acquired specific information of the trusted ELF file;
thirdly, a log and a result feedback module timely informs a user of a log generated in the execution process of the application program and an operation log of the system or stores the log in the log of the operation system;
in the first step, after the ELF file on the current system is collected, the specific process of judging whether the ELF file is authentic is as follows:
firstly, judging whether the file enables a Prelink, if so, collecting a characteristic value of an ELF file after the Prelink and a characteristic value of an original file before the Prelink, and storing the corresponding relation between the two characteristic values and the file name of the characteristic values into a characteristic library;
if the Prelink is not started, directly collecting an original characteristic value, namely a current characteristic value, of the ELF file, and storing the corresponding relation between the file characteristic value and the file name in a characteristic library;
in the feature library, whether a stored original feature value exists in the white list library or not is inquired, if so, the current feature value is credible, the corresponding ELF file is not tampered and is a credible ELF file and can be operated;
the specific process of the second step is that,
acquiring specific information of a trusted ELF file: firstly, acquiring an ELF file characteristic value trusted by a current system from a characteristic library, if the ELF file is modified by a Prelink, loading the modified file characteristic value, and if not, loading the file characteristic value before modification;
executing the application program: firstly, judging whether the system allows the application program to be loaded, judging whether the characteristic value of the ELF file to be loaded at present is calculated according to the judgment, comparing the characteristic value with the acquired characteristic value of the trustable ELF file, if the characteristic value is trustable, allowing the ELF file to be executed, and if the characteristic value is not trustable, not allowing the ELF file to be executed.
5. The ELF file execution control method of claim 4, wherein the first step further comprises a step of monitoring a current file system, which is performed by: in the execution process of the application program, when the ELF file is changed in creation, deletion and/or modification, the characteristic value of the ELF file is obtained again, and whether the ELF file is credible or not is judged again by comparing the characteristic value with the credible characteristic value recorded in the white list library.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710692002.5A CN107480522B (en) | 2017-08-14 | 2017-08-14 | ELF file execution control system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710692002.5A CN107480522B (en) | 2017-08-14 | 2017-08-14 | ELF file execution control system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107480522A CN107480522A (en) | 2017-12-15 |
| CN107480522B true CN107480522B (en) | 2020-05-08 |
Family
ID=60599330
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710692002.5A Active CN107480522B (en) | 2017-08-14 | 2017-08-14 | ELF file execution control system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107480522B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109960932B (en) * | 2017-12-22 | 2021-02-02 | 北京安天网络安全技术有限公司 | File detection method and device and terminal equipment |
| CN109977976B (en) * | 2017-12-28 | 2023-04-07 | 腾讯科技(深圳)有限公司 | Executable file similarity detection method and device and computer equipment |
| CN111191270A (en) * | 2019-10-09 | 2020-05-22 | 浙江中控技术股份有限公司 | Sensitive file access control method based on white list protection |
| CN112487413A (en) * | 2020-12-11 | 2021-03-12 | 北京中软华泰信息技术有限责任公司 | Linux-based white list program control system and method |
| CN113779576A (en) * | 2021-09-09 | 2021-12-10 | 安天科技集团股份有限公司 | Identification method and device for executable file infected virus and electronic equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102147743A (en) * | 2011-03-28 | 2011-08-10 | 博视联(苏州)信息科技有限公司 | Method for accelerating startup of embedded system application program |
| CN102779257A (en) * | 2012-06-28 | 2012-11-14 | 奇智软件(北京)有限公司 | Security detection method and system of Android application program |
| CN103927485A (en) * | 2014-04-24 | 2014-07-16 | 东南大学 | Android application program risk assessment method based on dynamic monitoring |
| CN104283860A (en) * | 2013-07-10 | 2015-01-14 | 全联斯泰克科技有限公司 | ELF file identification method and device based on code signature |
| CN104751048A (en) * | 2015-01-29 | 2015-07-01 | 中国科学院信息工程研究所 | Dynamic link library integrity measuring method under perlink mechanism |
| CN106557692A (en) * | 2015-12-28 | 2017-04-05 | 哈尔滨安天科技股份有限公司 | Linux kernel operating system ELF file characteristic computational methods and system |
| CN106874747A (en) * | 2017-02-21 | 2017-06-20 | 郑州云海信息技术有限公司 | A kind of Unix white list control methods based on hook technologies |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20100050098A (en) * | 2008-11-05 | 2010-05-13 | 삼성전자주식회사 | Image processing apparatus and control method thereof |
-
2017
- 2017-08-14 CN CN201710692002.5A patent/CN107480522B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102147743A (en) * | 2011-03-28 | 2011-08-10 | 博视联(苏州)信息科技有限公司 | Method for accelerating startup of embedded system application program |
| CN102779257A (en) * | 2012-06-28 | 2012-11-14 | 奇智软件(北京)有限公司 | Security detection method and system of Android application program |
| CN104283860A (en) * | 2013-07-10 | 2015-01-14 | 全联斯泰克科技有限公司 | ELF file identification method and device based on code signature |
| CN103927485A (en) * | 2014-04-24 | 2014-07-16 | 东南大学 | Android application program risk assessment method based on dynamic monitoring |
| CN104751048A (en) * | 2015-01-29 | 2015-07-01 | 中国科学院信息工程研究所 | Dynamic link library integrity measuring method under perlink mechanism |
| CN106557692A (en) * | 2015-12-28 | 2017-04-05 | 哈尔滨安天科技股份有限公司 | Linux kernel operating system ELF file characteristic computational methods and system |
| CN106874747A (en) * | 2017-02-21 | 2017-06-20 | 郑州云海信息技术有限公司 | A kind of Unix white list control methods based on hook technologies |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107480522A (en) | 2017-12-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107480522B (en) | ELF file execution control system and method | |
| JP4758479B2 (en) | Virus prevention method with safety chip | |
| US10642978B2 (en) | Information security techniques including detection, interdiction and/or mitigation of memory injection attacks | |
| CN101809566B (en) | Efficient file hash identifier computation | |
| US20100154026A1 (en) | Automated software restriction policy rule generation | |
| US11947670B2 (en) | Malicious software detection based on API trust | |
| US20130246837A1 (en) | System and method for mitigating repeated crashes of an application resulting from supplemental code | |
| CN111400723A (en) | TEE extension-based operating system kernel mandatory access control method and system | |
| CN107102929A (en) | The detection method and device of failure | |
| CN111857967A (en) | Container integrity checking method | |
| CN114756333B (en) | Mirror image processing method and device, electronic equipment and readable medium | |
| CN111177703A (en) | Method and device for determining data integrity of operating system | |
| KR101650287B1 (en) | File access control system based on volume guid and method thereof | |
| KR20150017925A (en) | A detect system against malicious processes by using the full path of access files | |
| CN108573153B (en) | Vehicle-mounted operating system and using method thereof | |
| US20210382704A1 (en) | Computer program trust assurance for internet of things (iot) devices | |
| CN106775451A (en) | A kind of method and device for processing logical volume | |
| CN113157543A (en) | Credibility measuring method and device, server and computer readable storage medium | |
| CN116484364B (en) | Hidden port detection method and device based on Linux kernel | |
| CN112784276A (en) | Method and device for realizing credibility measurement | |
| US11770395B2 (en) | Information processing apparatus, computer program product, and information processing system | |
| US20230229756A1 (en) | Rapid launch of secure executables in a virtualized environment | |
| KR101116053B1 (en) | File Backup Method and devices using the same | |
| CN117251874A (en) | Trusted security protection method, system and storage medium for container operation | |
| CN113591087A (en) | Process injection attack detection method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200413 Address after: 215100 No. 1 Guanpu Road, Guoxiang Street, Wuzhong Economic Development Zone, Suzhou City, Jiangsu Province Applicant after: SUZHOU LANGCHAO INTELLIGENT TECHNOLOGY Co.,Ltd. Address before: 450000 Henan province Zheng Dong New District of Zhengzhou City Xinyi Road No. 278 16 floor room 1601 Applicant before: ZHENGZHOU YUNHAI INFORMATION TECHNOLOGY Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |