CN108549810A - A kind of program white list service method and system based on OS Type - Google Patents
A kind of program white list service method and system based on OS Type Download PDFInfo
- Publication number
- CN108549810A CN108549810A CN201810288807.8A CN201810288807A CN108549810A CN 108549810 A CN108549810 A CN 108549810A CN 201810288807 A CN201810288807 A CN 201810288807A CN 108549810 A CN108549810 A CN 108549810A
- Authority
- CN
- China
- Prior art keywords
- white list
- program
- word bank
- request
- operating system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The program white list service method and system based on OS Type that the embodiment of the invention discloses a kind of, method include obtaining the program listing of operating system, formation operation system white list word bank;The version number of current operation system is obtained, and asks the white list word bank of current operation system;According to the white list word bank of return, in the level of trust for locally knowing operating system program.The present invention is when white list client is run, once obtain the white list of all programs of the operating system version, rather than the level of trust of program is obtained by sending program hash values one by one to white list service end, the broadband of nearly half is saved, white list service recognition efficiency is substantially increased.
Description
Technical field
The present invention relates to computer security technique field, the white name of specifically a kind of program based on OS Type
Single method of servicing and system.
Background technology
With the high speed development of internet, network environment becomes increasingly complex, and previous black list techniques are difficult to cope with zero
Safety problems, the white list technologies such as attack, specific objective attack are widely used in Initiative Defense field.
White list technology forms one primarily directed to the program of the executable file, library file, driving of known safe etc.
The total library of white list of safety, white list library Program allow to run, do not allow to run without the file in white list library, in this way
It can effectively prevent the operation of uneasy Whole Process.
Traditional initiative type safeguard technology based on white list, need the client according to institute's management and control program hash value (or
Hashing algorithm, also known as hash function), the level of trust of each program is obtained from the total library of white list by network.It is asking in this way
When need subsidiary program information (hash value), and return to the information that message also needs subsidiary program, occupy so big
The Internet resources of amount, and the level of trust identification of program can be very slow.
Invention content
A kind of program white list service method and system based on OS Type are provided in the embodiment of the present invention, with
It is low to solve the problems, such as that prior art Program new person's level identification process occupies a large amount of Internet resources, efficiency.
In order to solve the above-mentioned technical problem, the embodiment of the invention discloses following technical solutions:
First aspect present invention provides a kind of program white list service method based on OS Type, including following
Step:Obtain operating system program inventory, formation operation system white list word bank;The version number of current operation system is obtained, and
Ask the white list word bank of current operation system;According to the white list word bank of return, in the letter for locally knowing operating system program
Appoint rank.
With reference to first aspect, in first aspect in the first possible realization method, the operating system program inventory packet
The front and back executable file of operating system installation is included, each operating system version forms a white list word bank.
With reference to first aspect, in the first possible realization method in terms of ground, the packet in the white list word bank
The hash values and level of trust of program are included, the hash values of described program pass through the calculating acquisition to executable file.
With reference to first aspect, in second of possible realization method of first aspect, the method further includes request identification
Unknown program;Upon receiving a request, the type for first determining whether request, if the request based on operating system version, then return
The white list word bank of operating system version is asked, if the request of unknown program identification, then according to the hash of the unknown program
Value, its level of trust is inquired in the total library of white list.
With reference to first aspect, in the possible realization method of first aspect, unknown program is got by the total library of white list
Level of trust after, the level of trust of the program is recorded in local.
Second aspect of the present invention provides a kind of program white list service system based on OS Type, the system
Including white list service end and white list client, the white list client deployment on the user computer, the white list
Server-side includes programmed acquisition module and request processing module, and the white list client includes that data obtaining module and request are sent out
Send module;
Described program acquisition module forms white list word bank for obtaining operating system program inventory, at the request
The request type of module white list client for identification is managed, returns to the level of trust of white list word bank and unknown program to white name
Single client;Described information acquisition module is used to obtain the hash values of the version number and unknown program of current operation system, described
Request sending module is used to send the request of Program Trust rank to white list service end.
In conjunction with second aspect, in a kind of possible realization method of second aspect, described program acquisition module includes first
Collecting unit and the second collecting unit;
First collecting unit obtains holding in image file for the image file before the installation of scan operation system
Style of writing part, and the executable file is added in white list word bank;
Second collecting unit obtains pure installation for scanning the pure operating system installed with the image file
Executable file afterwards, and the executable file after pure installation is added in white list word bank.
The white list service system of second aspect of the present invention can realize each realization of first aspect and first aspect
Method in mode, and obtain identical effect.
The effect provided in invention content is only the effect of embodiment, rather than invents all whole effects, above-mentioned
A technical solution in technical solution has the following advantages that or advantageous effect:
The program listing information of operating system itself is generated into white list word bank, when white list client is run, once
The white list of all programs of the operating system version is obtained, rather than by sending program hash one by one to white list service end
Value obtains the level of trust of program, saves the broadband of nearly half, substantially increases white list service recognition efficiency.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, for those of ordinary skill in the art
Speech, without creative efforts, other drawings may also be obtained based on these drawings.
Fig. 1 is the flow diagram of the method for the present invention;
Fig. 2 is the flow diagram of present invention request processing;
Fig. 3 is the structural schematic diagram of present system.
Specific implementation mode
In order to clarify the technical characteristics of the invention, below by specific implementation mode, and its attached drawing is combined, to this hair
It is bright to be described in detail.Following disclosure provides many different embodiments or example is used for realizing the different knots of the present invention
Structure.In order to simplify disclosure of the invention, hereinafter the component of specific examples and setting are described.In addition, the present invention can be with
Repeat reference numerals and/or letter in different examples.This repetition is that for purposes of simplicity and clarity, itself is not indicated
Relationship between various embodiments and/or setting is discussed.It should be noted that illustrated component is not necessarily to scale in the accompanying drawings
It draws.Present invention omits the descriptions to known assemblies and treatment technology and process to avoid the present invention is unnecessarily limiting.
One computer for being equipped with operating system, wherein operating system install executable file, the library text generated later
The programs such as part, driving account for greatly (can up to tens of thousands of), and user oneself installation program then compare it is less.Base
In this, current operation system can be returned to by white list service by operating system version information where only sending client
The level of trust of itself program.And (this subprogram does not compare the program in operating system white list word bank in client
It is few), its level of trust can be obtained by traditional approach.
As shown in Figure 1, white list service method includes the following steps:
S1 obtains operating system program inventory, formation operation system white list word bank;
S2, obtains the version number of current operation system, and asks the white list word bank of current operation system;
S3, according to the white list word bank of return, in the level of trust for locally knowing operating system program.
In step S1, operating system program inventory includes the front and back executable file of operating system installation, each operation system
Version of uniting forms a white list word bank.White list service end is by scan operation system image file and with mirror image installation
Pure operating system program file, (Portable Executable formats are Microsoft Win32 environment portables to be held identification PE
Compose a piece of writing part, such as exe, dll, vxd, sys and vdm Standard File Format)/ELF (Executable and Linkable
It is Format, executable and format can be linked) file of format.For an operating system mirror image (often .iso files) decompression
Afterwards including many PE/ELF files, acquisition is added in the operating system white list word bank.After one PE/ELF installation
It is also possible that generating PE/ELF files, such as an installation procedure test.exe, generated again in installation folder after installation
The PE files such as new exe, thus the pure operating system host of the installation of the mirror image is scanned again obtain it is newly generated
PE/ELF files are added in the operating system white list word bank.The front and back program of operating system installation is added, to shape
At the white list word bank of operating system.Wherein these program informations can be also added in the total library of white list.
Information in white list word bank includes program name, the hash values of corresponding program and level of trust, Program
Hash values are obtained by the calculating of the executable file to acquisition, and specific hash algorithm can be sha1, md5 or sha256 etc.,
But it needs consistent with the algorithm of hash values in the total library of white list.
In step S2, after subscriber computer disposes white list service client, white list service client can obtain behaviour
Make the version number of system, and the version number is sent to white list service end, asks the white list word bank of current operation system.Behaviour
Make the acquisition of system version number:For example the acquisition of windows/linux versions can pass through corresponding API (Application
Programming Interface, application programming interface).
In step S3, after white list service termination receives the white list word bank request of operating system, current operation system is returned
Corresponding white list word bank, user are directly known from white list word bank by white list word bank when running operating system program
The level of trust of other system, without the level of trust of requestor one by one into the total library of white list at white list service end one by one,
The broadband for saving nearly half substantially increases the efficiency of white list service identification.
In actual application process, in computer can also include operating system except unknown program, such as Tencent QQ,
When the acquisition of such Program Trust rank, can conventionally it obtain.
As shown in Fig. 2, in the case that white list service end may receive different request types, workflow is:S41
The request of white list client is received, S42 judges the type of the request, if it is the request based on operating system version, if so,
The white list word bank that S43 returns to operating system is executed, executes the level of trust of S44 search programs in the total library of white list if not,
S45 returns to the level of trust of program.In step S42, if not the request based on OS Type, what is received is position journey
The level of trust of the unknown program is searched at the hash values of sequence, white list service end according to hash values from the total library of white list.
User preserves the Program Trust class information of the program after getting the level of trust of unknown program,
It is used after convenient.
The total library of white list includes white list word bank, and the presence of white list word bank is to be able to quick response white list clothes
Be engaged in client request (after client sends the request of an operating system white list word bank, can be immediately by white name accordingly
List library returns, and the program of specific operation system version number is met without being extracted from the total library of white list again, forms one
Operating system white list word bank).The total library of white list is one constantly in the library increased accumulation, and can pass through program behavior analysis and obtain
Whether program is secure and trusted, and result is added to the total library of white list.The operations such as windows/centos/ubuntu system can be passed through
The update of system official website, obtains program information and corresponding level of trust.In the total library of white list, including information can be relatively comprehensive,
Publisher including program, program name, program hash values, operating system version number (if any) etc..
As shown in figure 3, white list service system includes white list client and the white list service end by http communication,
On the user computer, white list service end includes programmed acquisition module and request processing module to white list client deployment, in vain
List client includes data obtaining module and request sending module.Programmed acquisition module is clear for obtaining operating system program
Single, and form white list word bank, the request type of request processing module white list client for identification returns to white list word bank
White list client is given with the level of trust of unknown program;Data obtaining module be used for obtain current operation system version number and
The hash values of unknown program, request sending module are used to send the request of Program Trust rank to white list service end.
The white list word bank that white list service is formed has multiple, one white list word bank of each operating system version correspondence.
The information of white list word bank is added in the total library of white list while forming white list word bank.In current operation system not
Know that program is the application program that user voluntarily installs, may have multiple.
Programmed acquisition module includes the first collecting unit and the second collecting unit;First collecting unit is used for scan operation system
Image file before system installation, obtains the executable file in image file, and the executable file is added to white list
In word bank;Second collecting unit is for scanning the pure operating system installed with the image file, after obtaining pure installation
Executable file, and the executable file after pure installation is added in white list word bank.
The above is the preferred embodiment of the present invention, for those skilled in the art,
Without departing from the principles of the invention, several improvements and modifications can also be made, these improvements and modifications are also regarded as this hair
Bright protection domain.
Claims (7)
1. a kind of program white list service method based on OS Type, it is characterized in that:Include the following steps:
Obtain the program listing of operating system, formation operation system white list word bank;
The version number of current operation system is obtained, and asks the white list word bank of current operation system;
According to the white list word bank of return, in the level of trust for locally knowing operating system program.
2. a kind of program white list service method based on OS Type according to claim 1, it is characterized in that:Institute
It includes the front and back executable file of operating system installation to state operating system program inventory, and each operating system version forms one in vain
List word bank.
3. a kind of program white list service method based on OS Type according to claim 2, it is characterized in that:Institute
The hash values and level of trust that the information in white list word bank includes program are stated, the hash values of described program pass through to executable text
The calculating of part obtains.
4. a kind of program white list service method based on OS Type according to claim 1, it is characterized in that:Institute
The method of stating further includes request identification unknown program;Upon receiving a request, the type of request is first determined whether, if based on operation system
It unites the request of version, then the white list word bank of request operating system version is returned to, if the request of unknown program identification, then basis
The hash values of the unknown program inquire its level of trust in the total library of white list.
5. a kind of program white list service method based on OS Type according to claim 4, it is characterized in that:It is logical
It crosses after the total library of white list gets the level of trust of unknown program, the level of trust of the program is recorded in local.
6. a kind of program white list service system based on OS Type, it is characterized in that:The system comprises white list clothes
Business end and white list client, on the user computer, the white list service end includes journey to the white list client deployment
Sequence acquisition module and request processing module, the white list client includes data obtaining module and request sending module;
Described program acquisition module forms white list word bank for obtaining operating system program inventory, and the request handles mould
The request type of block white list client for identification, the level of trust for returning to white list word bank and unknown program give white list visitor
Family end;Described information acquisition module is used to obtain the hash values of the version number and unknown program of current operation system, the request
Sending module is used to send the request of Program Trust rank to white list service end.
7. a kind of program white list service system based on OS Type according to claim 6, it is characterized in that:Institute
It includes the first collecting unit and the second collecting unit to state programmed acquisition module;
First collecting unit obtains the executable text in image file for the image file before the installation of scan operation system
Part, and the executable file is added in white list word bank;
Second collecting unit is for scanning the pure operating system installed with the image file, after obtaining pure installation
Executable file, and the executable file after pure installation is added in white list word bank.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810288807.8A CN108549810A (en) | 2018-04-03 | 2018-04-03 | A kind of program white list service method and system based on OS Type |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810288807.8A CN108549810A (en) | 2018-04-03 | 2018-04-03 | A kind of program white list service method and system based on OS Type |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108549810A true CN108549810A (en) | 2018-09-18 |
Family
ID=63513885
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810288807.8A Pending CN108549810A (en) | 2018-04-03 | 2018-04-03 | A kind of program white list service method and system based on OS Type |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108549810A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110162962A (en) * | 2019-05-30 | 2019-08-23 | 苏州浪潮智能科技有限公司 | Program security recognition methods, device, equipment and computer readable storage medium |
CN110390195A (en) * | 2019-06-26 | 2019-10-29 | 苏州浪潮智能科技有限公司 | A kind of virtual environment intermediate range sort run management-control method and system |
CN111741078A (en) * | 2020-05-29 | 2020-10-02 | 深圳市伟众信息技术有限公司 | White list platform message system and method |
CN111966682A (en) * | 2020-08-14 | 2020-11-20 | 苏州浪潮智能科技有限公司 | White list protection matching method, system, terminal and storage medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106997435A (en) * | 2017-04-14 | 2017-08-01 | 广东浪潮大数据研究有限公司 | A kind of method of operating system security prevention and control, apparatus and system |
CN107480528A (en) * | 2017-08-16 | 2017-12-15 | 郑州云海信息技术有限公司 | A kind of method of operating system anti-virus |
-
2018
- 2018-04-03 CN CN201810288807.8A patent/CN108549810A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106997435A (en) * | 2017-04-14 | 2017-08-01 | 广东浪潮大数据研究有限公司 | A kind of method of operating system security prevention and control, apparatus and system |
CN107480528A (en) * | 2017-08-16 | 2017-12-15 | 郑州云海信息技术有限公司 | A kind of method of operating system anti-virus |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110162962A (en) * | 2019-05-30 | 2019-08-23 | 苏州浪潮智能科技有限公司 | Program security recognition methods, device, equipment and computer readable storage medium |
CN110390195A (en) * | 2019-06-26 | 2019-10-29 | 苏州浪潮智能科技有限公司 | A kind of virtual environment intermediate range sort run management-control method and system |
CN110390195B (en) * | 2019-06-26 | 2021-05-25 | 苏州浪潮智能科技有限公司 | Method and system for managing and controlling program operation in virtual environment |
CN111741078A (en) * | 2020-05-29 | 2020-10-02 | 深圳市伟众信息技术有限公司 | White list platform message system and method |
CN111966682A (en) * | 2020-08-14 | 2020-11-20 | 苏州浪潮智能科技有限公司 | White list protection matching method, system, terminal and storage medium |
CN111966682B (en) * | 2020-08-14 | 2022-06-14 | 苏州浪潮智能科技有限公司 | White list protection matching method, system, terminal and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108549810A (en) | A kind of program white list service method and system based on OS Type | |
US9215211B1 (en) | System and method for automatically detecting and then self-repairing corrupt, modified or non-existent files via a communication medium | |
US11805136B2 (en) | Scanning container images and objects associated with building the container images | |
EP3178011B1 (en) | Method and system for facilitating terminal identifiers | |
CN106815031B (en) | Kernel module loading method and device | |
EP2441026B1 (en) | Anti-virus trusted files database | |
US20180082061A1 (en) | Scanning device, cloud management device, method and system for checking and killing malicious programs | |
US20120002839A1 (en) | Malware image recognition | |
US10216510B2 (en) | Silent upgrade of software with dependencies | |
US11175909B2 (en) | Software discovery using exclusion | |
CN109165514B (en) | A kind of risk checking method | |
US7953984B1 (en) | Enhanced malware detection utilizing transparently integrated searching | |
CN103180863A (en) | Computer system analysis method and apparatus | |
EP2417551B1 (en) | Providing information to a security application | |
US11372908B1 (en) | Computer-implemented methods, systems comprising computer-readable media, and electronic devices for narrative-structured representation of and intervention into a network computing environment | |
US20230224325A1 (en) | Distributed endpoint security architecture enabled by artificial intelligence | |
US20220141029A1 (en) | Using multi-factor and/or inherence-based authentication to selectively enable performance of an operation prior to or during release of code | |
US8453242B2 (en) | System and method for scanning handles | |
US20170004307A1 (en) | Method and device for virus identification, nonvolatile storage medium, and device | |
KR102042045B1 (en) | Apparatus, method and system for detecting malicious code | |
CN110543756B (en) | Device identification method and device, storage medium and electronic device | |
US8418170B2 (en) | Method and system for assessing deployment and un-deployment of software installations | |
CN111538566A (en) | Mirror image file processing method, device and system, electronic equipment and storage medium | |
KR20120116295A (en) | Apparatus and method for managing name of document file | |
CN113409051B (en) | Risk identification method and device for target service |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180918 |