CN109831419B - Method and device for determining permission of shell program - Google Patents
Method and device for determining permission of shell program Download PDFInfo
- Publication number
- CN109831419B CN109831419B CN201811640611.7A CN201811640611A CN109831419B CN 109831419 B CN109831419 B CN 109831419B CN 201811640611 A CN201811640611 A CN 201811640611A CN 109831419 B CN109831419 B CN 109831419B
- Authority
- CN
- China
- Prior art keywords
- program
- shell
- shell program
- behavior
- operating system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The application discloses a method and a device for determining the permission of a shell program, computer equipment and a computer storage medium, which relate to the technical field of computer security and can reduce the security risk of a computer system and improve the security of an operating system. The method comprises the following steps: acquiring a main program of a shell program in an operating system; distributing an execution authority to the shell program according to the authority information of the main program in an operating system, so that the shell program inherits the execution authority of the main program; monitoring a behavior of calling a shell program to execute a preset operation, and judging whether the shell program has a permission to execute the preset operation according to an execution permission distributed by the shell program; if not, intercepting and calling the behavior of the shell program for executing the preset operation.
Description
Technical Field
The invention relates to the technical field of computer security, in particular to a method and a device for determining shell program permission, computer equipment and a computer storage medium.
Background
shell programs are colloquially called command interpreters, for example, cmd.exe and powershell.exe in a Windows system, and bash in a Linux system are important programs for interaction between a user and an operating system. Generally, a shell program file defines program parameters, such as program paths, program permissions, and variables such as language libraries, when initialized.
However, in the operating system, because the shell program has many functions and permissions, the whole operating system can be controlled, and an attacker often utilizes a bug to obtain the control right of the shell program, so as to control the operating system, so that a computer system has great potential safety hazards, and the security of the operating system is reduced.
Disclosure of Invention
In view of this, the present invention provides a method and an apparatus for determining a shell program permission, a computer device, and a computer storage medium, and mainly aims to reduce a security risk existing in a computer system and improve security of an operating system.
According to one aspect of the invention, a method for determining the authority of a shell program is provided, and the method comprises the following steps:
acquiring a main program of a shell program in an operating system;
distributing an execution authority to the shell program according to the authority information of the main program in an operating system, so that the shell program inherits the execution authority of the main program;
monitoring a behavior of calling a shell program to execute a preset operation, and judging whether the shell program has a permission to execute the preset operation according to an execution permission distributed by the shell program;
if not, intercepting and calling the behavior of the shell program for executing the preset operation.
Further, the acquiring a main program of the shell program in the operating system includes:
searching a main process called and executed by the shell program by traversing the program file in the system directory;
and acquiring the main program of the shell program in an operating system according to the main process of the shell program which is called and executed.
Further, before the allocating the execution permission to the shell program according to the permission information of the main program in the operating system, the method further includes:
and collecting behavior operation of the main program in the operating system, and determining authority information of the main program in the operating system according to the behavior operation.
Further, the main body program includes at least one process, the collecting behavior operation of the main body program in the operating system, and the determining, according to the behavior operation, the authority information that the main body program has in the operating system includes:
the method comprises the steps of monitoring behavior operation of each process belonging to a main program in an operating system, and recording authority information of each process belonging to the main program for executing the behavior operation;
and determining the authority information of the main program in the operating system according to the authority information of each process executing behavior operation.
Further, after monitoring a behavior of calling a shell program to execute a preset operation and judging whether the shell program has a permission to execute the preset operation according to an execution permission distributed by the shell program, the method further includes:
and if so, starting the behavior of calling the shell program to execute the preset operation.
Further, after the starting the behavior of calling the shell program to execute the preset operation, the method further comprises the following steps:
judging whether a task flow when a behavior of calling a shell program to execute a preset operation occurs conforms to flow validity or not through a task flow set collected in advance, wherein the task flow set comprises the task flow when the shell program executes the operation behavior;
and if so, allowing the calling shell program to execute the behavior of the preset operation, and otherwise, intercepting the behavior of the calling shell program for executing the preset operation.
Further, the monitoring and calling the behavior of the shell program for executing the preset operation, and the judging whether the shell program has the authority for executing the preset operation according to the execution authority distributed by the shell program comprises the following steps:
monitoring the behavior of calling the shell program to execute the preset operation by utilizing a hook function;
and when the behavior of calling the shell program to execute the preset operation is monitored, judging whether the shell program has the authority of executing the preset operation according to the execution authority distributed by the shell program.
According to another aspect of the present invention, there is provided an apparatus for determining a permission of a shell program, the apparatus comprising:
the acquisition unit is used for acquiring a main program of the shell program in the operating system;
the distribution unit is used for distributing execution permission to the shell program according to the permission information of the main program in the operating system so that the shell program inherits the execution permission of the main program;
the first judging unit is used for monitoring the behavior of calling a shell program to execute the preset operation and judging whether the shell program has the authority of executing the preset operation according to the execution authority distributed by the shell program;
and the determining unit is used for intercepting the behavior of calling the shell program to execute the preset operation if the shell program does not have the authority of executing the preset operation.
Further, the acquisition unit includes:
the searching module is used for searching the main process called and executed by the shell program by traversing the program file in the system directory;
and the acquisition module is used for acquiring the main program of the shell program in the operating system according to the main process called and executed by the shell program.
Further, the device also comprises
And the collecting unit is used for collecting the behavior operation of the main program in the operating system before the execution permission is distributed to the shell program according to the permission information of the main program in the operating system, and determining the permission information of the main program in the operating system according to the behavior operation.
Further, the main body program includes at least one process, and the collection unit includes:
the recording module is used for recording authority information of each process belonging to the main program for executing the behavior operation by monitoring the behavior operation of each process belonging to the main program in the operating system;
and the determining module is used for determining the authority information of the main program in the operating system according to the authority information of the behavior operation executed by each process.
Further, the determining unit is further configured to start a behavior of calling the shell program to execute a preset operation if the shell program has a permission to execute the preset operation.
Further, the apparatus further comprises:
a second judging unit, configured to, after the starting of the behavior for calling the shell program to perform the preset operation, judge, through a task flow set collected in advance, whether a task flow occurring when the behavior for calling the shell program to perform the preset operation meets flow validity, where the task flow set includes a task flow when the shell program performs the operation behavior;
the second judging unit is specifically configured to allow the calling shell program to execute the behavior of the preset operation if the task flow meets the flow validity when the behavior of calling the shell program to execute the preset operation occurs, and otherwise, intercept the behavior of calling the shell program to execute the preset operation.
Further, the first judgment unit includes:
the monitoring module is used for monitoring the behavior of calling the shell program to execute the preset operation by utilizing the hook function;
and the judging module is used for judging whether the shell program has the authority for executing the preset operation according to the execution authority distributed by the shell program when the behavior of calling the shell program to execute the preset operation is monitored.
According to yet another aspect of the present invention, there is provided a computer device comprising a memory storing a computer program and a processor implementing the steps of the method for determining the permissions of a shell program when the processor executes the computer program.
According to a further aspect of the present invention, there is provided a computer storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method for determining a permission of a shell program.
By means of the technical scheme, the method and the device for determining the permission of the shell program are characterized in that the execution permission is distributed to the shell program according to the permission information of the main program in the operating system, so that the shell program inherits the execution permission of the main program to manage the permission of the shell program, and therefore when the behavior that the shell program is called to execute the preset operation is monitored, the shell program can intercept the behavior which does not have the execution preset operation permission. Compared with the prior art that the shell program permission determining mode does not have an interception mechanism, the shell program has a plurality of functions and permissions, and if the shell program is not managed, an attacker can easily control the whole operating system by using system bugs.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a schematic flowchart illustrating a method for determining a shell program permission according to an embodiment of the present invention;
fig. 2 is a schematic flow chart illustrating another method for determining the permission of the shell program according to the embodiment of the present invention;
fig. 3 is a schematic structural diagram illustrating a device for determining a shell program permission according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram illustrating another device for determining a shell program right according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
An embodiment of the present invention provides a method for determining a shell program permission, which can reduce a security risk existing in a computer system, and as shown in fig. 1, the method includes:
101. and acquiring a main program of the shell program in the operating system.
The shell program is a program with special functions, mainly provides an interface for a user to interact with a kernel, reads a command through an input device, converts the command into a mechanical code which can be known by a computer, and then executes the mechanical code.
In general, different operating systems have their own shell programs, for example, a shell program in a Windows system is a cmd.com file, a user can input a command which needs to be executed by the user, and when a program is executed, the command first finds an executable file according to the file name by inputting the executable file name of the program, and then loads the program of the executable file into a memory.
For the embodiment of the invention, after a user logs in an operating system, the system can start a user shell program, and in the user shell program, shell command statement variables can be used, and a shell script program can also be created and run. When the shell script program is run, the system creates a sub-shell program. At this time, the hell programs in the system are respectively a shell program started by the system during login and a shell program created by the system during script program running. When a script program is finished, its script shell is terminated, and the program can return to the shell program before executing the script. Here, a user may have a plurality of shell programs, each shell program is derived from a certain shell program, and a certain program of the derived shell programs is equivalent to a main program of the shell program in an operating system.
It should be noted that the essence of the main program is also a shell program, which also has the same characteristics as the shell program, but the shell program and the main program are completely independent, and the shell program can only inherit some attributes of the main program, such as the current working directory, environment variables, standard input and output, error output, and the like.
102. And distributing an execution authority for the shell program according to the authority information of the main program in the operating system, so that the shell program inherits the execution authority of the main program.
Since the main program and the shell program are both given the execution authority at the time of creation, and the authority information given to the main program may not be the same as the authority information given to the shell program, for example, the main program prohibits a commands or operations at the time of creation, while the shell program does not prohibit a commands or operations at the time of creation, and the shell program does not inherit the authority information of the main program.
In an operating system, when a user logs in the system, a shell program process is created, and the uid and gid of the corresponding user are obtained to uniquely mark the user, and when a kernel executes a file access request of a user process, the uid and gid of the process are compared with an access mode bit of a file, so that whether the process has operation authority on the file or not is determined. For the embodiment of the invention, the permission information of the main program can be determined according to the identification information of the user when the main program is created, and then the shell program is distributed with the execution permission which is the same as that of the main program. It should be noted that, a user with zero uid is a super user, and may manage any resource, which may cause incompleteness of system security, and once an attacker occupies the super user right, the security risk of the operating system is increased.
103. And monitoring the behavior of calling the shell program to execute the preset operation, and judging whether the shell program has the authority of executing the preset operation according to the execution authority distributed by the shell program.
The preset operation behavior may be a behavior of calling a shell program to create a system account, a behavior of calling the shell program to delete a file, and the like, and the preset operation behavior is not limited herein. When the behavior of calling the shell program to execute the preset operation is monitored, because the shell program inherits the execution permission of the main program, not all the behaviors of the operation can be executed, and whether the shell program has the permission of executing the preset operation needs to be judged.
According to the embodiment of the invention, by monitoring the execution behavior of the preset operation of the shell program, whether the shell program has the execution authority can be judged before the execution of the preset operation of the shell program, so that the preset operation behavior of the shell program which is not in the authority can be intercepted in time, and the execution safety of the shell program is improved.
104. If not, intercepting and calling the behavior of the shell program for executing the preset operation.
For the embodiment of the invention, if the shell program does not have the authority for executing the preset operation, the main program does not have the authority for executing the preset operation, and the shell program inherits the authority of the main program, so that the behavior of the shell program for executing the preset operation is intercepted.
When a shell program is created, the content of the shell program, the running environment of the shell program and the executed command line are set, and executable rights are added to the shell program, wherein the executable rights can limit the visitor of the shell program, for example, anyone is allowed to access the shell program, the users in the affiliated group are allowed to access the shell program, and the like. However, the executable authority added by the shell program is that if the execution authority of the shell program is not managed properly, an attacker can easily acquire the execution authority of the shell program and inject a malicious system command into a normal command, so that command execution attack is caused. According to the embodiment of the invention, the shell program inherits the authority information of the main program, so that the execution authority of the shell program can be more finely controlled, and the safety of an operating system is improved.
The invention provides a method for determining the authority of a shell program, which is characterized in that the execution authority is distributed to the shell program according to the authority information of a main program in an operating system, so that the shell program inherits the execution authority of the main program to manage the authority of the shell program, and therefore when the behavior of calling the shell program to execute the preset operation is monitored, the shell program can intercept the behavior which does not have the execution preset operation authority. Compared with the prior art that the shell program permission determining mode does not have an interception mechanism, the shell program has a plurality of functions and permissions, and if the shell program is not managed, an attacker can easily control the whole operating system by using system bugs.
An embodiment of the present invention provides another method for determining a shell program permission, which can reduce a security risk existing in a computer system, and as shown in fig. 2, the method includes:
201. and searching the main process called and executed by the shell program by traversing the program file in the system directory.
Generally, each process on the system has certain authority, for example, a statepad can read and write a file, but cannot perform network connection, and some programs need to call a shell program in the running process, where a main body calling the shell program is called a main body program.
For the embodiment of the present invention, program files providing various functions, for example, a program file providing a search function, and a program file providing a scan function, are recorded in the system directory. And the main process of the shell program can call the shell program in the execution process, so that the called and executed main process of the shell program can be searched by traversing the program files in the system directory.
It should be noted that a plurality of shell program files may exist in one system, and command syntaxes supported by different shell program files are different, and the shell program files stored in the system directory may be specifically viewed through different commands.
202. And acquiring the main program of the shell program in an operating system according to the main process of the shell program which is called and executed.
For the embodiment of the invention, when the main process calls the shell program, the main process called and executed by the shell program is recorded to the system directory, and the main process of the shell program in the operating system can be further obtained according to the called main process of the shell program.
It should be noted that, in general, the shell program is created by default without an execution authority, and needs to be executed after an executable authority is given by using a command, and the execution authority of the shell program is not limited to the same authority as that of the main process.
203. And collecting behavior operation of the main program in the operating system, and determining authority information of the main program in the operating system according to the behavior operation.
The behavior operation of the main body program in the operating system can be file content query, file resource access, file creation and the like, and the behavior operation of the main body program in the operating system is collected, so that the behavior operation of the main body program can indicate that the main body program has the authority to execute the behavior operation, and further the authority information of the main body program in the operating system is determined according to the behavior operation of the main body program.
For example, if the main program can execute the authority to create the user account, it indicates that the main program has the authority to execute the creation of the user account, and if the main program cannot execute the operation to create the system account, it indicates that the main program does not have the authority to execute the creation of the account.
204. And distributing an execution authority for the shell program according to the authority information of the main program in the operating system, so that the shell program inherits the execution authority of the main program.
For the embodiment of the present invention, an execution permission is allocated to the shell program according to the permission information of the main program in the operating system, so that a specific implementation process of the shell program inheriting the execution permission of the main program may be referred to in step 102, which is not described herein again.
For the embodiment of the invention, when a certain main program calls and executes the shell program, the shell program and the sub-process created by the shell program inherit the authority of the main program, for example, when a statepad process calls and executes the shell program, the shell program inherits the authority of the statepad program, namely, the file can be read and written, but network connection cannot be carried out.
205. And monitoring the behavior of calling the shell program to execute the preset operation, and judging whether the shell program has the authority of executing the preset operation according to the execution authority distributed by the shell program.
For the embodiment of the invention, the behavior of the calling shell program for executing the preset operation can be monitored by utilizing the hook function, when the hook function is created, the Windows creates a data structure in the memory, the data structure comprises the relevant information of the hook function, and the message of the behavior of the calling shell program for executing the preset operation is captured through the relevant information.
The hook function is a first part of a Windows message processing mechanism, and can capture events in a process or other processes by setting the hook function, for this embodiment, a message for calling a shell program to execute a preset operation behavior can be specifically acquired by the hook function, and whether the shell program has a behavior permission for executing the preset operation is judged by using an execution permission allocated by the shell program.
It should be noted that the hook function has no interruption function of the system, and cannot arbitrarily intercept the bottom layer function of the system, the hook function is only a monitoring point set in the Windows message mechanism, and can capture a preset behavior occurring in a process, and once the preset behavior is monitored, different processing functions can be realized by calling other processing functions.
In addition, when the behavior of calling the shell program to execute the preset operation is monitored, before the step of judging whether the shell program has the authority to execute the preset operation according to the execution authority distributed by the shell program is executed, whether the behavior of the preset operation is in the set range of the minimum behavior authority set or not can be judged in advance, if the operation of the preset behavior is in the set range of the minimum behavior authority set, the operation of the preset behavior is allowed to be executed, and if not, whether the shell program has the authority to execute the preset operation or not can be further judged according to the execution authority distributed by the main program for the shell program.
The setting range of the minimum behavior permission set can ensure that uncontrollable dangers can be avoided to the maximum extent, meanwhile, the normal operation of the system and the third-party application program is influenced to the minimum extent, and the normal operation of a user in using the system and the application program is not disturbed.
206a, if not, intercepting the behavior of calling the shell program to execute the preset operation.
For the embodiment of the invention, if the shell program does not have the authority of executing the preset operation, the behavior of the preset operation is not authorized by the main program, and the main program cannot execute the preset operation, so that the behavior of calling the shell program to execute the preset operation is intercepted.
And step 206b corresponds to step 206a, and if so, the behavior of calling the shell program to execute the preset operation is started.
For the embodiment of the invention, if the shell program does not have the authority of executing the preset operation, the behavior of the preset operation is authorized by the main program, and the main program can execute the preset operation, so that the shell program is started to be called to execute the behavior of the preset operation.
207b, judging whether the task flow when the behavior of calling the shell program to execute the preset operation occurs accords with the flow validity or not through a task flow set collected in advance.
The task flow set comprises a task flow when the shell program executes the operation behavior, for example, the task flow when the shell program is called to delete the file may comprise a path for searching the target file, the target file to be deleted is searched according to the path of the target file, and the shell program is started to delete the target file, where the task flow is not particularly limited.
208b, if so, allowing the calling shell program to execute the behavior of the preset operation, otherwise, intercepting the behavior of the calling shell program for executing the preset operation.
For the embodiment of the invention, only the operation behavior conforming to the flow validity allows the calling shell program to execute the behavior of the preset operation, otherwise, the behavior of the calling shell program executing the preset operation is intercepted, and an alarm is given.
The invention provides another method for determining the authority of a shell program, which is characterized in that the execution authority is distributed to the shell program according to the authority information of a main program in an operating system, so that the shell program inherits the execution authority of the main program to manage the authority of the shell program, and therefore when the behavior of calling the shell program to execute the preset operation is monitored, the shell program can intercept the behavior which does not have the execution preset operation authority. Compared with the prior art that the shell program permission determining mode does not have an interception mechanism, the shell program has a plurality of functions and permissions, and if the shell program is not managed, an attacker can easily control the whole operating system by using system bugs.
Further, as a specific implementation of the method shown in fig. 1, an embodiment of the present invention provides an apparatus for determining a shell program permission, where as shown in fig. 3, the apparatus includes: an acquisition unit 31, an allocation unit 32, a first judgment unit 33, and a determination unit 34.
An obtaining unit 31, configured to obtain a main program of a shell program in an operating system;
the allocating unit 32 may be configured to allocate an execution permission to the shell program according to permission information of the main program in the operating system, so that the shell program inherits the execution permission of the main program;
the first determining unit 33 may be configured to monitor a behavior of calling a shell program to perform a preset operation, and determine whether the shell program has a permission to perform the preset operation according to an execution permission allocated to the shell program;
the determining unit 34 may be configured to intercept a behavior of calling the shell program to perform a preset operation if the shell program does not have a permission to perform the preset operation.
The invention provides a device for determining the authority of a shell program, which is characterized in that the execution authority is distributed to the shell program according to the authority information of a main program in an operating system, so that the shell program inherits the execution authority of the main program to manage the authority of the shell program, and therefore when the behavior of calling the shell program to execute the preset operation is monitored, the shell program can intercept the behavior which does not have the execution preset operation authority. Compared with the prior art that the shell program permission determining mode does not have an interception mechanism, the shell program has a plurality of functions and permissions, and if the shell program is not managed, an attacker can easily control the whole operating system by using system bugs.
As a further description of the device for determining the program permission shown in fig. 4, fig. 4 is a schematic structural diagram of another device for determining the program permission according to an embodiment of the present invention, and as shown in fig. 4, the device further includes:
a collecting unit 35, configured to collect behavior operations of the main program in an operating system before the execution permission is allocated to the shell program according to the permission information of the main program in the operating system, and determine, according to the behavior operations, permission information that the main program has in the operating system;
a second determining unit 36, configured to determine, after the starting of the behavior for calling the shell program to perform the preset operation, whether a task flow occurring when the behavior for calling the shell program to perform the preset operation occurs meets flow correctness or not according to a task flow set collected in advance, where the task flow set includes a task flow when the shell program performs the operation behavior;
the second determining unit 36 may be specifically configured to allow the calling shell program to execute the behavior of the preset operation if the task flow meets the flow validity when the behavior of calling the shell program to execute the preset operation occurs, and otherwise intercept the behavior of calling the shell program to execute the preset operation.
Further, the determining unit 34 may be further configured to start a behavior of calling the shell program to execute a preset operation if the shell program has a right to execute the preset operation.
Further, the acquiring unit 31 includes:
the searching module 311 may be configured to search for a main process that the shell program is called to execute by traversing the program file in the system directory;
the obtaining module 312 may be configured to obtain a main program of the shell program in the operating system according to the main process called and executed by the shell program.
Further, the main body program includes at least one process, and the collection unit 35 includes:
the recording module 351 may be configured to record permission information for performing the behavior operation by each process belonging to the main program by monitoring the behavior operation of each process belonging to the main program in the operating system;
the determining module 352 may be configured to determine, according to the authority information of the behavior operation executed by each process, the authority information that the main program has in the operating system.
It should be noted that other corresponding descriptions of the functional units related to the determining device for determining the program permission in the present embodiment may refer to the corresponding descriptions in fig. 1 and fig. 2, and are not described herein again.
Further, the first judgment unit 33 includes:
the monitoring module 331 may be configured to monitor a behavior of calling a shell program to execute a preset operation by using a hook function;
the determining module 332 may be configured to, when monitoring a behavior of calling a shell program to execute a preset operation, determine whether the shell program has a permission to execute the preset operation according to an execution permission allocated to the shell program.
Based on the above method shown in fig. 1 and fig. 2, correspondingly, the present embodiment further provides a storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the method for determining the permission of the shell program shown in fig. 1 and fig. 2 is implemented.
Based on such understanding, the technical solution of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.), and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the implementation scenarios of the present application.
Based on the method shown in fig. 1 and fig. 2 and the virtual device embodiment shown in fig. 3 and fig. 4, in order to achieve the above object, an embodiment of the present application further provides a computer device, which may specifically be a personal computer, a server, a network device, and the like, where the entity device includes a storage medium and a processor; a storage medium for storing a computer program; and a processor, configured to execute a computer program to implement the method for determining the permission of the shell program as shown in fig. 1 and fig. 2.
Optionally, the computer device may also include a user interface, a network interface, a camera, Radio Frequency (RF) circuitry, sensors, audio circuitry, a WI-FI module, and so forth. The user interface may include a Display screen (Display), an input unit such as a keypad (Keyboard), etc., and the optional user interface may also include a USB interface, a card reader interface, etc. The network interface may optionally include a standard wired interface, a wireless interface (e.g., a bluetooth interface, WI-FI interface), etc.
Those skilled in the art will appreciate that the determined physical device structure of the shell program authority provided in the present embodiment does not constitute a limitation to the physical device, and may include more or fewer components, or combine some components, or arrange different components.
The storage medium may further include an operating system and a network communication module. The operating system is a program that manages the hardware and software resources of the computer device described above, supporting the operation of information handling programs and other software and/or programs. The network communication module is used for realizing communication among components in the storage medium and other hardware and software in the entity device.
Through the above description of the embodiments, those skilled in the art will clearly understand that the present application can be implemented by software plus a necessary general hardware platform, and can also be implemented by hardware. By applying the technical scheme of the application, compared with the prior art, the shell program has a plurality of functions and permissions, and if the shell program is not managed, an attacker can easily control the whole operating system by using system bugs.
Those skilled in the art will appreciate that the figures are merely schematic representations of one preferred implementation scenario and that the blocks or flow diagrams in the figures are not necessarily required to practice the present application. Those skilled in the art will appreciate that the modules in the devices in the implementation scenario may be distributed in the devices in the implementation scenario according to the description of the implementation scenario, or may be located in one or more devices different from the present implementation scenario with corresponding changes. The modules of the implementation scenario may be combined into one module, or may be further split into a plurality of sub-modules.
The above application serial numbers are for description purposes only and do not represent the superiority or inferiority of the implementation scenarios. The above disclosure is only a few specific implementation scenarios of the present application, but the present application is not limited thereto, and any variations that can be made by those skilled in the art are intended to fall within the scope of the present application.
Claims (10)
1. A method for determining the permission of a shell program is characterized by comprising the following steps:
acquiring a main program of a shell program in an operating system;
distributing an execution authority to the shell program according to the authority information of the main program in an operating system, so that the shell program inherits the execution authority of the main program;
monitoring a behavior of calling a shell program to execute a preset operation, and judging whether the shell program has a permission to execute the preset operation according to an execution permission distributed by the shell program;
if not, intercepting the behavior of calling the shell program to execute the preset operation;
the acquiring of the main program of the shell program in the operating system comprises the following steps:
by traversing the program files in the system directory,
searching a main process which is called and executed by the shell program;
and acquiring the main program of the shell program in an operating system according to the main process of the shell program which is called and executed.
2. The method according to claim 1, wherein before the assigning the execution permission to the shell program according to the permission information of the main program in the operating system, the method further comprises:
and collecting behavior operation of the main program in the operating system, and determining authority information of the main program in the operating system according to the behavior operation.
3. The method of claim 2, wherein the subject program comprises at least one process, wherein the collecting of the behavior operation of the subject program in the operating system comprises:
the method comprises the steps of monitoring behavior operation of each process belonging to a main program in an operating system, and recording authority information of each process belonging to the main program for executing the behavior operation;
and determining the authority information of the main program in the operating system according to the authority information of each process executing behavior operation.
4. The method according to any one of claims 1-3, wherein after the monitoring the behavior of calling the shell program to execute the preset operation and judging whether the shell program has the authority to execute the preset operation according to the execution authority distributed by the shell program, the method further comprises:
and if so, starting the behavior of calling the shell program to execute the preset operation.
5. An apparatus for determining a program privilege of a shell, the apparatus comprising:
the acquisition unit is used for acquiring a main program of the shell program in the operating system;
the distribution unit is used for distributing execution permission to the shell program according to the permission information of the main program in the operating system so that the shell program inherits the execution permission of the main program;
the judging unit is used for monitoring the behavior of calling the shell program to execute the preset operation and judging whether the shell program has the authority of executing the preset operation according to the execution authority distributed by the shell program;
the determining unit is used for intercepting and calling the behavior of the shell program for executing the preset operation if the shell program does not have the authority of executing the preset operation;
the acquisition unit includes:
the searching module is used for searching the main process called and executed by the shell program by traversing the program file in the system directory;
and the acquisition module is used for acquiring the main program of the shell program in the operating system according to the main process called and executed by the shell program.
6. The apparatus of claim 5, further comprising
And the collecting unit is used for collecting the behavior operation of the main program in the operating system before the execution permission is distributed to the shell program according to the permission information of the main program in the operating system, and determining the permission information of the main program in the operating system according to the behavior operation.
7. The apparatus of claim 6, wherein the subject program comprises at least one process, and wherein the collecting unit comprises:
the recording module is used for recording authority information of each process belonging to the main program for executing the behavior operation by monitoring the behavior operation of each process belonging to the main program in the operating system;
and the determining module is used for determining the authority information of the main program in the operating system according to the authority information of the behavior operation executed by each process.
8. The apparatus according to any one of claims 5-7,
the determining unit is further configured to start a behavior of calling the shell program to execute a preset operation if the shell program has a permission to execute the preset operation.
9. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 4 when executing the computer program.
10. A computer storage medium on which a computer program is stored, characterized in that the computer program, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 4.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810420369.6A CN108683652A (en) | 2018-05-04 | 2018-05-04 | A kind of method and device of the processing attack of Behavior-based control permission |
| CN2018104203696 | 2018-05-04 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109831419A CN109831419A (en) | 2019-05-31 |
| CN109831419B true CN109831419B (en) | 2021-10-01 |
Family
ID=63802917
Family Applications (9)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810420369.6A Pending CN108683652A (en) | 2018-05-04 | 2018-05-04 | A kind of method and device of the processing attack of Behavior-based control permission |
| CN201811645263.2A Active CN109714350B (en) | 2018-05-04 | 2018-12-29 | Permission control method and device of application program, storage medium and computer equipment |
| CN201811640217.3A Active CN109873804B (en) | 2018-05-04 | 2018-12-29 | Behavior-based service identification method, behavior-based service identification device, behavior-based service identification equipment and readable storage medium |
| CN201811640613.6A Active CN109831420B (en) | 2018-05-04 | 2018-12-29 | Method and device for determining kernel process permission |
| CN201811640611.7A Active CN109831419B (en) | 2018-05-04 | 2018-12-29 | Method and device for determining permission of shell program |
| CN201811640216.9A Active CN109873803B (en) | 2018-05-04 | 2018-12-29 | Permission control method and device of application program, storage medium and computer equipment |
| CN201811645260.9A Pending CN109818935A (en) | 2018-05-04 | 2018-12-29 | User authority control method and device, storage medium, computer equipment |
| CN201811640483.6A Active CN109743315B (en) | 2018-05-04 | 2018-12-29 | Behavior identification method, behavior identification device, behavior identification equipment and readable storage medium for website |
| CN201811646168.4A Pending CN109818937A (en) | 2018-05-04 | 2018-12-29 | For the control method of Android permission, device and storage medium, electronic device |
Family Applications Before (4)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810420369.6A Pending CN108683652A (en) | 2018-05-04 | 2018-05-04 | A kind of method and device of the processing attack of Behavior-based control permission |
| CN201811645263.2A Active CN109714350B (en) | 2018-05-04 | 2018-12-29 | Permission control method and device of application program, storage medium and computer equipment |
| CN201811640217.3A Active CN109873804B (en) | 2018-05-04 | 2018-12-29 | Behavior-based service identification method, behavior-based service identification device, behavior-based service identification equipment and readable storage medium |
| CN201811640613.6A Active CN109831420B (en) | 2018-05-04 | 2018-12-29 | Method and device for determining kernel process permission |
Family Applications After (4)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811640216.9A Active CN109873803B (en) | 2018-05-04 | 2018-12-29 | Permission control method and device of application program, storage medium and computer equipment |
| CN201811645260.9A Pending CN109818935A (en) | 2018-05-04 | 2018-12-29 | User authority control method and device, storage medium, computer equipment |
| CN201811640483.6A Active CN109743315B (en) | 2018-05-04 | 2018-12-29 | Behavior identification method, behavior identification device, behavior identification equipment and readable storage medium for website |
| CN201811646168.4A Pending CN109818937A (en) | 2018-05-04 | 2018-12-29 | For the control method of Android permission, device and storage medium, electronic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (9) | CN108683652A (en) |
Families Citing this family (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108683652A (en) * | 2018-05-04 | 2018-10-19 | 北京奇安信科技有限公司 | A kind of method and device of the processing attack of Behavior-based control permission |
| WO2020132877A1 (en) * | 2018-12-25 | 2020-07-02 | 奇安信安全技术(珠海)有限公司 | Operation detection method and system, and electronic device |
| CN110990844B (en) * | 2019-10-25 | 2022-04-08 | 浙江大华技术股份有限公司 | Cloud data protection method based on kernel, cloud server and system |
| CN110781491B (en) * | 2019-10-25 | 2022-02-18 | 苏州浪潮智能科技有限公司 | Method and device for controlling process to access file |
| CN110930234B (en) * | 2019-11-18 | 2024-03-12 | 河南城建学院 | Financial management method with remote access function |
| JP7424028B2 (en) * | 2019-12-16 | 2024-01-30 | 株式会社デンソーウェーブ | robot operation terminal |
| CN111444118B (en) * | 2020-03-23 | 2022-04-05 | 数网金融有限公司 | Process protection method, device, terminal equipment and storage medium |
| CN111756808A (en) * | 2020-05-28 | 2020-10-09 | 西安万像电子科技有限公司 | Data processing method and system |
| CN111783082A (en) * | 2020-06-08 | 2020-10-16 | Oppo广东移动通信有限公司 | Process tracing method, device, terminal and computer readable storage medium |
| CN112003835B (en) * | 2020-08-03 | 2022-10-14 | 奇安信科技集团股份有限公司 | Security threat detection method and device, computer equipment and storage medium |
| CN114237630A (en) * | 2020-09-09 | 2022-03-25 | 中国电信股份有限公司 | Privacy permission detection method and device |
| CN112689002B (en) * | 2020-12-18 | 2023-06-20 | 北京易车互联信息技术有限公司 | app behavior monitoring system |
| CN112738100B (en) * | 2020-12-29 | 2023-09-01 | 北京天融信网络安全技术有限公司 | Authentication method, device, authentication equipment and authentication system for data access |
| CN113190836A (en) * | 2021-03-29 | 2021-07-30 | 贵州电网有限责任公司 | Web attack behavior detection method and system based on local command execution |
| CN113505351A (en) * | 2021-06-23 | 2021-10-15 | 湖南惠而特科技有限公司 | Identity authentication-based process industry white list access method and system |
| CN113672974A (en) * | 2021-07-29 | 2021-11-19 | 北京奇艺世纪科技有限公司 | Authority management method, device, equipment and storage medium |
| CN115118476B (en) * | 2022-06-21 | 2023-02-28 | 拉扎斯网络科技(上海)有限公司 | User permission verification method and device, electronic equipment and readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101872397A (en) * | 2010-06-08 | 2010-10-27 | 用友软件股份有限公司 | Authorization role succession method |
| CN102663318A (en) * | 2012-03-22 | 2012-09-12 | 百度在线网络技术(北京)有限公司 | Browser and client |
| CN102915417A (en) * | 2012-09-18 | 2013-02-06 | 鸿富锦精密工业(深圳)有限公司 | Application monitoring system and application monitoring method |
| CN104268470A (en) * | 2014-09-26 | 2015-01-07 | 酷派软件技术(深圳)有限公司 | Security control method and security control device |
Family Cites Families (45)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1763710A (en) * | 2004-10-22 | 2006-04-26 | 中国人民解放军国防科学技术大学 | Privilege minimizing method based on capability |
| US8286243B2 (en) * | 2007-10-23 | 2012-10-09 | International Business Machines Corporation | Blocking intrusion attacks at an offending host |
| CN101246536A (en) * | 2008-03-06 | 2008-08-20 | 北京鼎信高科信息技术有限公司 | Method for encrypting and decrypting computer files based on process monitoring |
| CN101504604A (en) * | 2009-03-13 | 2009-08-12 | 张昊 | Authority management validation application method |
| CN101917448A (en) * | 2010-08-27 | 2010-12-15 | 山东中创软件工程股份有限公司 | Control method for realizing RBAC access permission in application on basis of.NET |
| CN101997912A (en) * | 2010-10-27 | 2011-03-30 | 苏州凌霄科技有限公司 | Mandatory access control device based on Android platform and control method thereof |
| CN102542182A (en) * | 2010-12-15 | 2012-07-04 | 苏州凌霄科技有限公司 | Device and method for controlling mandatory access based on Windows platform |
| CN102147845A (en) * | 2011-04-18 | 2011-08-10 | 北京思创银联科技股份有限公司 | Process monitoring method |
| US20130198466A1 (en) * | 2012-01-27 | 2013-08-01 | Hitachi, Ltd. | Computer system |
| CN103516680A (en) * | 2012-06-25 | 2014-01-15 | 上海博腾信息科技有限公司 | Authority management system of office system and realizing method thereof |
| CN102930205A (en) * | 2012-10-10 | 2013-02-13 | 北京奇虎科技有限公司 | Monitoring unit and method |
| CN103812958B (en) * | 2012-11-14 | 2019-05-07 | 中兴通讯股份有限公司 | Processing method, NAT device and the BNG equipment of NAT technology |
| CN102970299B (en) * | 2012-11-27 | 2015-06-03 | 西安电子科技大学 | File safe protection system and method thereof |
| CN103268451B (en) * | 2013-06-08 | 2017-12-05 | 上海斐讯数据通信技术有限公司 | A kind of dynamic permission management system based on mobile terminal |
| CN103617381B (en) * | 2013-11-21 | 2018-03-16 | 北京奇安信科技有限公司 | The authority configuring method and authority configuration system of equipment |
| CN103679007B (en) * | 2013-12-19 | 2017-01-04 | 深圳全智达通信股份有限公司 | A kind of manage the method for application program authority, device and mobile device |
| CN103778006B (en) * | 2014-02-12 | 2017-02-08 | 成都卫士通信息安全技术有限公司 | Method for controlling progress of operating system |
| US9614851B1 (en) * | 2014-02-27 | 2017-04-04 | Open Invention Network Llc | Security management application providing proxy for administrative privileges |
| CN103927476B (en) * | 2014-05-07 | 2017-09-15 | 上海联彤网络通讯技术有限公司 | Realize the intelligence system and method for application program rights management |
| CN104008337B (en) * | 2014-05-07 | 2019-08-23 | 广州华多网络科技有限公司 | A kind of active defense method and device based on linux system |
| CN104125219B (en) * | 2014-07-07 | 2017-06-16 | 四川中电启明星信息技术有限公司 | For authorization management method in the identity set of power information system |
| US9916475B2 (en) * | 2014-08-11 | 2018-03-13 | North Carolina State University | Programmable interface for extending security of application-based operating system |
| US9026840B1 (en) * | 2014-09-09 | 2015-05-05 | Belkin International, Inc. | Coordinated and device-distributed detection of abnormal network device operation |
| CN105516055B (en) * | 2014-09-23 | 2020-07-14 | 腾讯科技(深圳)有限公司 | Data access method, access device, target device and management server |
| CN104484594B (en) * | 2014-11-06 | 2017-10-31 | 中国科学院信息工程研究所 | A kind of franchise distribution method of the Linux system based on capability mechanism |
| CN104503880A (en) * | 2014-12-16 | 2015-04-08 | 新余兴邦信息产业有限公司 | Method and device for realizing MySQL database monitoring option script |
| CN104484599B (en) * | 2014-12-16 | 2017-12-12 | 北京奇虎科技有限公司 | A kind of behavior treating method and apparatus based on application program |
| KR101619414B1 (en) * | 2015-01-06 | 2016-05-10 | 한국인터넷진흥원 | System for detecting abnomal behaviors using personalized early use behavior pattern analsis |
| CN104820791B (en) * | 2015-05-19 | 2017-12-15 | 大唐网络有限公司 | The authority control method and system of application software |
| CN105049592B (en) * | 2015-05-27 | 2020-02-14 | 中国科学院信息工程研究所 | Mobile intelligent terminal voice safety protection method and system |
| CN106650438A (en) * | 2015-11-04 | 2017-05-10 | 阿里巴巴集团控股有限公司 | Method and device for detecting baleful programs |
| CN105491063A (en) * | 2015-12-30 | 2016-04-13 | 深圳市深信服电子科技有限公司 | Network intrusion prevention method and device |
| EP3398291A4 (en) * | 2015-12-31 | 2019-06-26 | Cyber 2.0 (2015) Ltd. | Monitoring traffic in a computer network |
| CN106127031A (en) * | 2016-06-23 | 2016-11-16 | 北京金山安全软件有限公司 | Method and device for protecting process and electronic equipment |
| CN106228059A (en) * | 2016-07-22 | 2016-12-14 | 南京航空航天大学 | Based on three Yuans management and the role access control method of expansion |
| CN106603509B (en) * | 2016-11-29 | 2020-07-07 | 中科曙光信息技术无锡有限公司 | Enterprise document management method |
| CN106778345B (en) * | 2016-12-19 | 2019-10-15 | 网易(杭州)网络有限公司 | The treating method and apparatus of data based on operating right |
| CN106650418A (en) * | 2016-12-21 | 2017-05-10 | 天津大学 | Android access control system and method based onmulti-strategy |
| CN106650435A (en) * | 2016-12-28 | 2017-05-10 | 郑州云海信息技术有限公司 | Method and apparatus of protecting system |
| CN107018140B (en) * | 2017-04-24 | 2021-06-04 | 深信服科技股份有限公司 | Authority control method and system |
| CN107517103B (en) * | 2017-08-23 | 2021-06-01 | 西安万像电子科技有限公司 | Authority verification method, device and system |
| CN107506646B (en) * | 2017-09-28 | 2021-08-10 | 努比亚技术有限公司 | Malicious application detection method and device and computer readable storage medium |
| CN107832590A (en) * | 2017-11-06 | 2018-03-23 | 珠海市魅族科技有限公司 | Terminal control method and device, terminal and computer-readable recording medium |
| CN108280349A (en) * | 2018-01-10 | 2018-07-13 | 维沃移动通信有限公司 | Protect method, mobile terminal and the computer readable storage medium of system kernel layer |
| CN108683652A (en) * | 2018-05-04 | 2018-10-19 | 北京奇安信科技有限公司 | A kind of method and device of the processing attack of Behavior-based control permission |
-
2018
- 2018-05-04 CN CN201810420369.6A patent/CN108683652A/en active Pending
- 2018-12-29 CN CN201811645263.2A patent/CN109714350B/en active Active
- 2018-12-29 CN CN201811640217.3A patent/CN109873804B/en active Active
- 2018-12-29 CN CN201811640613.6A patent/CN109831420B/en active Active
- 2018-12-29 CN CN201811640611.7A patent/CN109831419B/en active Active
- 2018-12-29 CN CN201811640216.9A patent/CN109873803B/en active Active
- 2018-12-29 CN CN201811645260.9A patent/CN109818935A/en active Pending
- 2018-12-29 CN CN201811640483.6A patent/CN109743315B/en active Active
- 2018-12-29 CN CN201811646168.4A patent/CN109818937A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101872397A (en) * | 2010-06-08 | 2010-10-27 | 用友软件股份有限公司 | Authorization role succession method |
| CN102663318A (en) * | 2012-03-22 | 2012-09-12 | 百度在线网络技术(北京)有限公司 | Browser and client |
| CN102915417A (en) * | 2012-09-18 | 2013-02-06 | 鸿富锦精密工业(深圳)有限公司 | Application monitoring system and application monitoring method |
| CN104268470A (en) * | 2014-09-26 | 2015-01-07 | 酷派软件技术(深圳)有限公司 | Security control method and security control device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109743315A (en) | 2019-05-10 |
| CN109831420B (en) | 2021-10-22 |
| CN109714350B (en) | 2021-11-23 |
| CN109714350A (en) | 2019-05-03 |
| CN109831419A (en) | 2019-05-31 |
| CN109873803A (en) | 2019-06-11 |
| CN109831420A (en) | 2019-05-31 |
| CN109873804B (en) | 2021-07-23 |
| CN109873804A (en) | 2019-06-11 |
| CN109818937A (en) | 2019-05-28 |
| CN108683652A (en) | 2018-10-19 |
| CN109818935A (en) | 2019-05-28 |
| CN109873803B (en) | 2021-07-20 |
| CN109743315B (en) | 2021-10-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109831419B (en) | Method and device for determining permission of shell program | |
| CN109711168B (en) | Behavior-based service identification method, behavior-based service identification device, behavior-based service identification equipment and readable storage medium | |
| CN102651061B (en) | System and method of protecting computing device from malicious objects using complex infection schemes | |
| CN107622203B (en) | Sensitive information protection method and device, storage medium and electronic equipment | |
| CN108205623B (en) | Method and apparatus for sharing a directory | |
| CN104392176A (en) | Mobile terminal and method for intercepting device manager authority thereof | |
| CN111416811A (en) | Unauthorized vulnerability detection method, system, equipment and storage medium | |
| US11269663B2 (en) | Method and apparatus for adapting handle device to third-party application, and storage medium | |
| CN108898012B (en) | Method and apparatus for detecting illegal program | |
| US20220276878A1 (en) | Method and apparatus for generating image file and computer-readable storage medium | |
| CN108763951A (en) | A kind of guard method of data and device | |
| CN110909373A (en) | Access control method, device, system and storage medium | |
| CN109815700A (en) | Processing method and processing device, storage medium, the computer equipment of application program | |
| CN110851824B (en) | Detection method for malicious container | |
| CN113467895A (en) | Docker operation method, device, server and storage medium | |
| CN106919812B (en) | Application process authority management method and device | |
| CN112580041A (en) | Malicious program detection method and device, storage medium and computer equipment | |
| CN110955885A (en) | Data writing method and device | |
| KR101650287B1 (en) | File access control system based on volume guid and method thereof | |
| KR101591076B1 (en) | Method and apparatus for checking integrity of resource | |
| KR101582420B1 (en) | Method and apparatus for checking integrity of processing module | |
| CN110929249B (en) | Screen recording method, device, equipment and storage medium for automatic test | |
| CN109933990B (en) | Multi-mode matching-based security vulnerability discovery method and device and electronic equipment | |
| CN109800580B (en) | Permission control method and device of system process, storage medium and computer equipment | |
| US11153318B2 (en) | Altering device behavior with limited purpose accounts |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 519085 No. 501, 601, building 14, kechuangyuan, Gangwan No. 1, Jintang Road, Tangjiawan Town, high tech Zone, Zhuhai City, Guangdong Province Patentee after: Qianxin Safety Technology (Zhuhai) Co.,Ltd. Patentee after: Qianxin Technology Group Co., Ltd Address before: 519085 No. 501, 601, building 14, kechuangyuan, Gangwan No. 1, Jintang Road, Tangjiawan Town, high tech Zone, Zhuhai City, Guangdong Province Patentee before: 360 ENTERPRISE SECURITY TECHNOLOGY (ZHUHAI) Co.,Ltd. Patentee before: Beijing Qianxin Technology Co., Ltd |
|
| CP01 | Change in the name or title of a patent holder |