CN110334516B - Method and device for updating trusted policy - Google Patents
Method and device for updating trusted policy Download PDFInfo
- Publication number
- CN110334516B CN110334516B CN201910605590.3A CN201910605590A CN110334516B CN 110334516 B CN110334516 B CN 110334516B CN 201910605590 A CN201910605590 A CN 201910605590A CN 110334516 B CN110334516 B CN 110334516B
- Authority
- CN
- China
- Prior art keywords
- policy
- sub
- object set
- similarity
- strategy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Abstract
The invention discloses a method and a device for updating a credible strategy. Wherein, the method comprises the following steps: dividing a credible strategy corresponding to a target application program into a plurality of sub-strategies according to a directory where an object is located; acquiring a first object set contained in the sub-strategy, wherein the first object set is a set of object objects corresponding to target application program execution target behaviors specified by the sub-strategy, and the object objects in the first object set are all in a directory corresponding to the sub-strategy; acquiring a second object set, wherein the second object set is a set of objects corresponding to target behaviors executed by a target application program in a trusted computing platform in a preset time, and the object objects in the second object set are all in a directory corresponding to a sub-policy; according to the strategy similarity of the operator strategy, summing the first object set and the second object set; and updating the sub-strategy with the minimum strategy similarity in the plurality of sub-strategies.
Description
Technical Field
The invention relates to the technical field of trusted management, in particular to a method and a device for updating a trusted policy.
Background
In the related art, trusted computing needs to perform trusted measurement according to a trusted policy, currently, the trusted policy is usually configured manually by a security administrator based on self-awareness of access behaviors of an application program, and if the trusted policy needs to be updated, the trusted policy is also configured manually by the security administrator for updating. However, in this way of manually updating the trusted policy by the security administrator, because the subjective consciousness dependency of the security administrator is large, when the trusted policy is updated, the trusted policy is often searched and supplemented for a specific bug, but the entire trusted policy cannot be effectively evaluated, and even the trusted policy cannot be updated in real time, so that the trusted policy cannot cover all behaviors of the application program, and the trusted policy is often blocked by mistake or does not intercept external attacks well in the security protection process, so that the update efficiency of the trusted policy is reduced, the accuracy of the trusted policy is also reduced, and the satisfaction of the user in using the trusted policy is reduced.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the invention provides a method and a device for updating a trusted policy, which are used for at least solving the technical problem that the user satisfaction is reduced due to the fact that a security administrator manually updates the trusted policy and the updating efficiency of the trusted policy is reduced.
According to an aspect of an embodiment of the present invention, there is provided a method for updating a trusted policy, including: dividing a credible strategy corresponding to a target application program into a plurality of sub-strategies according to a directory where an object is located, wherein the credible strategy is a strategy obtained by learning according to access behavior data of the target application program within preset time; acquiring a first object set contained in the sub-policies, wherein the first object set is a set of object objects corresponding to the target application program execution target behaviors specified by the sub-policies, and the object objects in the first object set are all in directories corresponding to the sub-policies; acquiring a second object set, where the second object set is a set of objects corresponding to the target application executing the target behavior in the trusted computing platform within the preset time, and all object objects in the second object set are in the directory corresponding to the sub-policy; calculating the strategy similarity of the sub-strategies according to the first object set and the second object set; and updating the sub-strategy with the minimum strategy similarity in the plurality of sub-strategies.
Optionally, calculating the policy similarity of the sub-policies according to the first object set and the second object set, including: calculating the strategy similarity of the sub-strategies through a preset formula, wherein the preset formula is as follows:
and obtaining the policy Similarity, wherein Similarity is the policy Similarity, X is the first object set, and X' is the second object set.
Optionally, updating the sub-policy with the smallest policy similarity in the multiple sub-policies, including: acquiring an intersection between the first object set and the second object set; when the difference between the first object set and the intersection reaches a first preset threshold value, reducing the object objects in the directory corresponding to the sub-policy with the minimum policy similarity; and when the difference between the second object set and the intersection reaches a second preset threshold value, increasing the object in the directory corresponding to the sub-policy with the minimum policy similarity, and/or adjusting the directory corresponding to the sub-policy with the minimum policy similarity.
Optionally, the target behavior comprises at least one of: a read operation behavior, a write operation behavior, and an execute operation behavior.
Optionally, the object is a subfile in each file directory in the trusted computing platform.
According to another aspect of the embodiments of the present invention, there is also provided an apparatus for updating a trusted policy, including: the system comprises a dividing unit, a judging unit and a judging unit, wherein the dividing unit is used for dividing a credible strategy corresponding to a target application program into a plurality of sub-strategies according to a directory where an object is located, and the credible strategy is a strategy obtained by learning according to access behavior data of the target application program within preset time; a first obtaining unit, configured to obtain a first object set included in the sub-policy, where the first object set is a set of object objects corresponding to target behaviors executed by the target application specified by the sub-policy, and the object objects in the first object set are all in a directory corresponding to the sub-policy; a second obtaining unit, configured to obtain a second object set, where the second object set is a set of objects corresponding to the target application executing the target behavior in the trusted computing platform within the preset time, and object objects in the second object set are all in a directory corresponding to the sub-policy; the calculating unit is used for calculating the strategy similarity of the sub-strategies according to the first object set and the second object set; and the updating unit is used for updating the sub-strategy with the minimum strategy similarity in the sub-strategies.
Optionally, the computing unit comprises: the calculating module is used for calculating the strategy similarity of the sub-strategies through a preset formula, wherein the preset formula is as follows:
wherein, similarity is the policy Similarity, X is the first object set, and X' is the second object set.
Optionally, the updating unit includes: an obtaining module, configured to obtain an intersection between the first object set and the second object set; a reducing module, configured to reduce, when a difference between the first object set and the intersection reaches a first predetermined threshold, an object in a directory corresponding to the sub-policy with the minimum policy similarity; and an increasing module, configured to increase the object in the directory corresponding to the sub-policy with the minimum policy similarity and/or adjust the directory corresponding to the sub-policy with the minimum policy similarity when a difference between the second object set and the intersection reaches a second predetermined threshold.
Optionally, the target behavior comprises at least one of: a read operation behavior, a write operation behavior, and an execute operation behavior.
Optionally, the object is a subfile in each file directory in the trusted computing platform.
According to another aspect of the embodiments of the present invention, there is also provided a storage medium for storing a program, where the program, when executed by a processor, controls a device in which the storage medium is located to execute any one of the above-mentioned update methods of the trust policy.
According to another aspect of the embodiments of the present invention, there is further provided a processor, where the processor is configured to execute a program, where the program executes the method for updating the trust policy according to any one of the above items.
In the embodiment of the invention, the credible strategy corresponding to the target application program is divided into a plurality of sub-strategies according to the directory where the object is located, then a first object set (a set of object objects corresponding to the target application program execution target behavior specified by the sub-strategies) and a second object set (a set of objects corresponding to the target application program execution target behavior in the credible computing platform) contained in the sub-strategies are obtained, the strategy similarity of the sub-strategies is summed according to the first object set and the second object set, the sub-strategy with the minimum strategy similarity in the plurality of sub-strategies is updated, so that the updating of the whole credible strategy is completed, the updating efficiency is improved, and the technical problem that the user satisfaction is reduced due to the fact that the credible strategy is manually updated by a security administrator is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention and do not constitute a limitation of the invention. In the drawings:
FIG. 1 is a flow diagram of an alternative method for updating a trusted policy according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an alternative updating apparatus for a trust policy according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in other sequences than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
An execution subject of the updating method of the trusted policy in each embodiment of the invention is a trusted security management platform, the trusted security management platform is used for supporting and maintaining a plurality of trusted computing platforms, each trusted computing platform comprises a computing subsystem and a protection subsystem which are parallel, wherein the computing subsystem is used for completing computing tasks, the protection subsystem is used for performing active measurement on the computing subsystem according to the trusted policy, the trusted computing platform is responsible for acquiring access behavior data of an application program and reporting the access behavior data to the trusted security management platform, the trusted security management platform learns the trusted policy based on the access behavior data to obtain the trusted policy, after obtaining the trusted policy, the trusted policy corresponding to the target application program can be divided into a plurality of sub-policies according to a directory where the object is located, then an object set (namely a first object set) in the sub-policies and an object set (namely a second object set) corresponding to the target behavior executed by the target application program in the trusted computing platform are obtained, the policy similarity of the sub-policies can be obtained based on the two sets, and the sub-policies with the minimum similarity (the similarity indicates that the security protection of the sub-policies does not conform to the actual operation, at this time, the protection behavior may be reduced), and updating of the trusted policies is performed so as to complete updating of the sub-policies with the smallest similarity. The present invention will be described in detail with reference to examples.
Example one
In accordance with an embodiment of the present invention, there is provided an embodiment of a method for updating a trust policy, it being noted that the steps illustrated in the flowchart of the drawings may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than presented herein.
The policy similarity (or called policy conformity) in the embodiment of the present invention is based on a subject (i.e., a target application), the similarity between an object set of a trusted policy and an object set corresponding to an actual operation behavior is measured from two aspects, one is that the trusted policy is required to cover all behaviors of a protected subject (i.e., the target application); another aspect is that there cannot be too much content in the trusted policy that is not related to the subject, and the trusted policy covers a situation where false blocking does not occur, for example, in a white list-based access control protection manner, in a white list-based defense manner, in order to ensure that a security administrator will often make the trusted policy too wide to smoothly execute application services, access control is often made to an upper-level directory or even a root directory, which makes it possible to reduce the false blocking rate while program execution seems to be ok, but this is a way of reducing security. A high-similarity or high-compliance trust policy cannot be either incomplete or overly broad, and is tailored around the target application.
In order to ensure that the security protection of the trusted policy on the target application program is optimal, the coverage of the trusted policy is evaluated by using the policy similarity, so that a suggestion of whether to update the trusted policy is given, and the security protection on the target application program is improved without interfering with the normal work of the target application program.
Fig. 1 is a flowchart of an alternative updating method of a trusted policy according to an embodiment of the present invention, as shown in fig. 1, the method includes the following steps:
step S102, dividing a credible strategy corresponding to a target application program into a plurality of sub-strategies according to a directory where an object is located, wherein the credible strategy is a strategy obtained by learning according to access behavior data of the target application program within preset time;
step S104, acquiring a first object set contained in the sub-policy, wherein the first object set is a set of object objects corresponding to target application program execution target behaviors specified by the sub-policy, and the object objects in the first object set are all in a directory corresponding to the sub-policy;
step S106, a second object set is obtained, wherein the second object set is a set of objects corresponding to the target application program executing the target behavior in the trusted computing platform within the preset time, and the object objects in the second object set are all in the directory corresponding to the sub-policy;
step S108, calculating the strategy similarity of the operator strategy according to the first object set and the second object set;
in step S110, the sub-policy with the minimum policy similarity among the plurality of sub-policies is updated.
Through the steps, a credible strategy corresponding to a target application program is divided into a plurality of sub-strategies according to a directory where the object is located, the credible strategy is obtained according to access behavior data of the target application program in a preset time, a first object set contained in the sub-strategies is obtained, the first object set is a set of object objects corresponding to target application program execution target behaviors specified by the sub-strategies, all the object objects in the first object set are under the directory corresponding to the sub-strategies, a second object set is obtained, the second object set is a set of objects corresponding to target application program execution target behaviors in a credible computing platform in the preset time, all the object objects in the second object set are under the directory operators corresponding to the sub-strategies, and the sub-strategy with the minimum strategy similarity among the sub-strategies is updated according to the strategy similarity between the first object set and the second object set. In this embodiment, the policy similarity of each sub-policy may be calculated based on an object set (i.e., a first object set) in each sub-policy and a set (i.e., a second object set) of an object corresponding to the target application executing the target behavior in the trusted computing platform, and the sub-policy with the minimum similarity is updated to complete updating of the trusted policy, so that the updating efficiency is improved, and thus the technical problem that the user satisfaction is reduced due to reduction in the updating efficiency of the trusted policy due to manual updating of the trusted policy by a security administrator is solved.
The present invention will be described in detail with reference to the respective steps.
Step S102, dividing a credible strategy corresponding to the target application program into a plurality of sub-strategies according to a directory where the object is located, wherein the credible strategy is a strategy obtained by learning according to access behavior data of the target application program in preset time.
Optionally, the object is a subfile in each file directory in the trusted computing platform.
The access behavior data in the embodiment of the present invention may refer to data of an operation behavior executed in a target application program, and behavior characteristics are obtained after statistics, induction, and analysis are performed on the access behavior data within a historical preset time, where the behavior characteristics may include a subject (the target application program), an object (subfiles under each file directory in a trusted computing platform), operation time, and a caller (a set of calling subjects). By analyzing the behavior characteristics, a credible strategy corresponding to the target application program can be obtained through learning.
After the credible strategy is learned, the credible strategy needs to be optimized (namely, the credible strategy is updated), the credible strategy set is divided into small sets based on the catalogue, evaluation is carried out based on the small sets, and the small sets are adjusted, so that the strategy similarity value is improved, and the credible strategy is updated.
Step S104, a first object set included in the sub-policy is obtained, where the first object set is a set of object objects corresponding to the target application program execution target behavior specified by the sub-policy, and the object objects in the first object set are all in the directory corresponding to the sub-policy.
Step S106, a second object set is obtained, where the second object set is a set of objects corresponding to the target application executing the target behavior in the trusted computing platform within a preset time, and all the object objects in the second object set are in the directory corresponding to the sub-policy.
In embodiments of the present invention, target behaviors include, but are not limited to: read operation behavior, write operation behavior, copy operation behavior, cut operation behavior, and execute operation behavior.
When determining the object set, it is determined for each action, for example, for the operation execution action, it may determine an object set (based on the object set of the sub-policy itself) corresponding to the operation execution action of the target application program specified by the sub-policy directory, to obtain a first object set, and at the same time, it may determine an object set (based on the object set of the target application program) of the target application program in the actual execution of the target action in each sub-policy directory, to obtain a second object set.
And aiming at a certain target behavior, determining an execution object set of the target application program under the sub-strategy and an execution object set under the actual target application program. And determining the strategy similarity by converting the target behaviors executed under the sub-strategy directory into object sets and then comparing the object sets.
Step S108, the strategy similarity of the operator strategy is summed up according to the first object set and the second object set.
Optionally, calculating a policy similarity of the sub-policy according to the first object set and the second object set, including: and calculating the strategy similarity of the sub-strategies through a preset formula, wherein the preset formula is as follows:
wherein, similarity is policy Similarity, X is a first object set, and X' is a second object set.
And sorting according to the simliarity value, if the sequence is positive, the strategy similarity arranged at the last is minimum, and if the sequence is reverse, the strategy similarity arranged at the first is minimum.
According to the embodiment of the invention, each time the credible strategy is updated, the sub-strategy with the minimum strategy similarity can be updated.
In step S110, the sub-policy with the minimum policy similarity among the plurality of sub-policies is updated.
As an optional embodiment of the present invention, updating the sub-policy with the smallest policy similarity among the plurality of sub-policies includes: acquiring an intersection between the first object set and the second object set; reducing the object objects in the directory corresponding to the sub-policy with the minimum policy similarity under the condition that the difference between the first object set and the intersection reaches a first preset threshold; and under the condition that the difference between the second object set and the intersection reaches a second preset threshold value, increasing the object objects in the directory corresponding to the sub-strategy with the minimum strategy similarity, and/or adjusting the directory corresponding to the sub-strategy with the minimum strategy similarity.
I.e. the following comparisons can be made:
x- (X ^ X '), wherein X is a first object set, X' is a second object set, after the intersection of the first object set and the second object set is obtained, the difference value between the intersection and the first object set is calculated, if the difference value reaches a first preset threshold value, invalid object files are made in the strategy, the files need to be deleted, and the object objects in the catalog corresponding to the sub-strategy with the minimum strategy similarity are reduced;
and X ' - (X ^ X ') is a first object set, X ' is a second object set, after intersection of the first object set and the second object set is obtained, a difference value between the intersection and the second object set is calculated, if the difference value reaches a second preset threshold value, the fact that the access behavior of the subject needs to be supplemented is omitted from the strategy, whether the catalogue or the object in the catalogue is omitted is judged according to the omitted element characteristics, the object in the catalogue corresponding to the sub-strategy with the minimum strategy similarity is added, and/or the catalogue corresponding to the sub-strategy with the minimum strategy similarity is adjusted.
Through the two modes, the updating of the sub-strategy is completed, and the strategy file and the file path of the updated trusted strategy are written into the database so as to be used subsequently by the trusted security management platform and the trusted computing platform.
According to another aspect of the embodiments of the present invention, there is also provided a storage medium for storing a program, where the program, when executed by a processor, controls a device in which the storage medium is located to execute the method for updating the trust policy of any one of the above.
According to another aspect of the embodiments of the present invention, there is also provided a processor, configured to execute a program, where the program executes an update method of the trust policy according to any one of the above.
The invention is illustrated below by means of a further alternative embodiment.
Example two
Fig. 2 is a schematic diagram of an alternative updating apparatus for a trust policy according to an embodiment of the present invention, and as shown in fig. 2, the updating apparatus may include: a dividing unit 21, a first obtaining unit 23, a second obtaining unit 25, a calculating unit 27, an updating unit 29, wherein,
the dividing unit 21 is configured to divide a trusted policy corresponding to the target application into a plurality of sub-policies according to a directory where the object is located, where the trusted policy is a policy obtained by learning access behavior data of the target application within a preset time;
a first obtaining unit 23, configured to obtain a first object set included in the sub-policy, where the first object set is a set of object objects corresponding to a target application execution target behavior specified by the sub-policy, and the object objects in the first object set are all in a directory corresponding to the sub-policy;
a second obtaining unit 25, configured to obtain a second object set, where the second object set is a set of objects corresponding to a target application executing a target behavior in the trusted computing platform within a preset time, and the object objects in the second object set are all in a directory corresponding to the sub-policy;
the calculating unit 27 is configured to sum the policy similarity of the operator policy according to the first object set and the second object set;
and an updating unit 29, configured to update the sub-policy with the smallest policy similarity among the multiple sub-policies.
The above-mentioned updating apparatus of the trusted policy may divide the trusted policy corresponding to the target application program into a plurality of sub-policies according to the directory where the object is located by the dividing unit 21, where the trusted policy is a policy learned according to access behavior data of the target application program within a preset time, and a first obtaining unit 23 obtains a first object set included in the sub-policies, where the first object set is a set of object objects corresponding to the target application program execution target behavior specified by the sub-policies, the object objects in the first object set are all in the directory corresponding to the sub-policies, and a second object set is obtained by a second obtaining unit 25, where the second object set is a set of objects corresponding to the target application program execution target behavior in the trusted computing platform within the preset time, and the object objects in the second object set are all in the directory corresponding to the sub-policies, and a computing unit 27 updates the sub-policies with the smallest similarity among the plurality of sub-policies according to the policy aggregation of the sub-policies. In this embodiment, the policy similarity of each sub-policy may be calculated based on an object set (i.e., a first object set) in each sub-policy and a set (i.e., a second object set) of an object corresponding to the target application executing the target behavior in the trusted computing platform, and the sub-policy with the minimum similarity is updated to complete updating of the trusted policy, so that the updating efficiency is improved, and thus the technical problem that the user satisfaction is reduced due to reduction in the updating efficiency of the trusted policy due to manual updating of the trusted policy by a security administrator is solved.
In an embodiment of the present invention, the calculation unit includes: the calculating module is used for calculating the strategy similarity of the sub-strategies through a preset formula, wherein the preset formula is as follows:
wherein, similarity is policy Similarity, X is a first object set, and X' is a second object set.
Another optional, the updating unit comprises: the acquisition module is used for acquiring an intersection between the first object set and the second object set; the reduction module is used for reducing the object objects in the directory corresponding to the sub-strategy with the minimum strategy similarity under the condition that the difference between the first object set and the intersection reaches a first preset threshold value; and the adding module is used for adding the object in the catalogue corresponding to the sub-strategy with the minimum strategy similarity and/or adjusting the catalogue corresponding to the sub-strategy with the minimum strategy similarity under the condition that the difference between the second object set and the intersection reaches a second preset threshold value.
Optionally, the target behavior comprises at least one of: a read operation behavior, a write operation behavior, and an execute operation behavior.
Optionally, the object is a subfile in each file directory in the trusted computing platform.
The above-mentioned updating device of the credible strategy may further include a processor and a memory, and the above-mentioned dividing unit 21, the first obtaining unit 23, the second obtaining unit 25, the calculating unit 27, the updating unit 29, and the like are all stored in the memory as program units, and the processor executes the above-mentioned program units stored in the memory to implement corresponding functions.
The processor comprises a kernel, and the kernel calls a corresponding program unit from the memory. The kernel can be set to be one or more, and the sub-strategy with the minimum strategy similarity in the plurality of sub-strategies is updated by adjusting the kernel parameters, so that the whole credible strategy is updated.
The memory may include volatile memory in a computer readable medium, random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip.
The present application further provides a computer program product adapted to perform a program for initializing the following method steps when executed on a data processing device: dividing a credible strategy corresponding to a target application program into a plurality of sub-strategies according to a directory where an object is located, wherein the credible strategy is a strategy obtained by learning according to access behavior data of the target application program within preset time; acquiring a first object set contained in the sub-strategy, wherein the first object set is a set of object objects corresponding to target application program execution target behaviors specified by the sub-strategy, and the object objects in the first object set are all in a directory corresponding to the sub-strategy; acquiring a second object set, wherein the second object set is a set of objects corresponding to target behaviors executed by a target application program in a trusted computing platform in a preset time, and the object objects in the second object set are all in a directory corresponding to a sub-policy; according to the strategy similarity of the operator strategy, summing the first object set and the second object set; and updating the sub-strategy with the minimum strategy similarity in the plurality of sub-strategies.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present invention, the description of each embodiment has its own emphasis, and reference may be made to the related description of other embodiments for parts that are not described in detail in a certain embodiment.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units may be a logical division, and in actual implementation, there may be another division, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and amendments can be made without departing from the principle of the present invention, and these modifications and amendments should also be considered as the protection scope of the present invention.
Claims (6)
1. A method for updating a trusted policy, comprising:
dividing a credible strategy corresponding to a target application program into a plurality of sub-strategies according to a directory where an object is located, wherein the credible strategy is a strategy obtained by learning according to access behavior data of the target application program within preset time;
acquiring a first object set contained in the sub-policy, wherein the first object set is a set of object objects corresponding to the target application program execution target behavior specified by the sub-policy, and the object objects in the first object set are all in a directory corresponding to the sub-policy;
acquiring a second object set, where the second object set is a set of objects corresponding to the target application executing the target behavior in the trusted computing platform within the preset time, and all object objects in the second object set are in the directory corresponding to the sub-policy;
calculating the policy similarity of the sub-policies according to the first object set and the second object set, including: calculating the strategy similarity of the sub-strategies through a preset formula, wherein the preset formula is as follows:
wherein, similarity is the policy Similarity, X is the first object set, and X' is the second object set;
updating the sub-policy with the minimum policy similarity in the plurality of sub-policies, including: acquiring an intersection between the first object set and the second object set, reducing the object in the directory corresponding to the sub-policy with the minimum policy similarity when the difference between the first object set and the intersection reaches a first predetermined threshold, and increasing the object in the directory corresponding to the sub-policy with the minimum policy similarity and/or adjusting the directory corresponding to the sub-policy with the minimum policy similarity when the difference between the second object set and the intersection reaches a second predetermined threshold.
2. The updating method of claim 1, wherein the target behavior comprises at least one of: a read operation behavior, a write operation behavior, and an execute operation behavior.
3. The update method of claim 1, wherein the object objects are subfiles under respective file directories in the trusted computing platform.
4. An apparatus for updating a trusted policy, comprising:
the system comprises a dividing unit, a judging unit and a judging unit, wherein the dividing unit is used for dividing a credible strategy corresponding to a target application program into a plurality of sub-strategies according to a directory where an object is located, and the credible strategy is a strategy obtained by learning according to access behavior data of the target application program within preset time;
a first obtaining unit, configured to obtain a first object set included in the sub-policy, where the first object set is a set of object objects corresponding to target behaviors executed by the target application specified by the sub-policy, and the object objects in the first object set are all in a directory corresponding to the sub-policy;
a second obtaining unit, configured to obtain a second object set, where the second object set is a set of objects corresponding to the target application executing the target behavior in the trusted computing platform within the preset time, and object objects in the second object set are all in a directory corresponding to the sub-policy;
a calculating unit, configured to calculate policy similarity of the sub-policies according to the first object set and the second object set, where the calculating unit includes: the calculating module is used for calculating the strategy similarity of the sub-strategies through a preset formula, wherein the preset formula is as follows:
wherein Similarity is the policy Similarity,
is the first object set, and X' is the second object set;
an updating unit, configured to update a sub-policy with a minimum policy similarity among the multiple sub-policies, where the updating unit includes: an obtaining module, configured to obtain an intersection between the first object set and the second object set, a decreasing module, configured to decrease an object in a directory corresponding to a sub-policy with a minimum policy similarity when a difference between the first object set and the intersection reaches a first predetermined threshold, and an increasing module, configured to increase an object in a directory corresponding to a sub-policy with a minimum policy similarity and/or adjust a directory corresponding to a sub-policy with a minimum policy similarity when a difference between the second object set and the intersection reaches a second predetermined threshold.
5. A storage medium storing a program, wherein the program, when executed by a processor, controls a device in which the storage medium is located to perform the method for updating the trust policy according to any one of claims 1 to 3.
6. A computer device comprising a processor and a memory, the memory storing a program product for execution by the processor to implement the method of updating a trust policy of any one of claims 1 to 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910605590.3A CN110334516B (en) | 2019-07-05 | 2019-07-05 | Method and device for updating trusted policy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910605590.3A CN110334516B (en) | 2019-07-05 | 2019-07-05 | Method and device for updating trusted policy |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110334516A CN110334516A (en) | 2019-10-15 |
| CN110334516B true CN110334516B (en) | 2023-02-24 |
Family
ID=68144786
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910605590.3A Active CN110334516B (en) | 2019-07-05 | 2019-07-05 | Method and device for updating trusted policy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110334516B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8505069B1 (en) * | 2012-08-10 | 2013-08-06 | Kaspersky Lab Zao | System and method for updating authorized software |
| CN103559591A (en) * | 2013-11-20 | 2014-02-05 | 北京可信华泰信息技术有限公司 | Software management system and management method based on trusted computing |
| CN103973556A (en) * | 2013-02-04 | 2014-08-06 | 无锡南理工科技发展有限公司 | Credible routing method of vehicular delay-tolerant network |
| CN109246693A (en) * | 2018-07-13 | 2019-01-18 | 维沃移动通信有限公司 | A kind of control method and terminal of application program |
| CN109918915A (en) * | 2019-03-14 | 2019-06-21 | 沈昌祥 | A kind of dynamic measurement method based on dual Architecture credible calculating platform |
-
2019
- 2019-07-05 CN CN201910605590.3A patent/CN110334516B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8505069B1 (en) * | 2012-08-10 | 2013-08-06 | Kaspersky Lab Zao | System and method for updating authorized software |
| CN103973556A (en) * | 2013-02-04 | 2014-08-06 | 无锡南理工科技发展有限公司 | Credible routing method of vehicular delay-tolerant network |
| CN103559591A (en) * | 2013-11-20 | 2014-02-05 | 北京可信华泰信息技术有限公司 | Software management system and management method based on trusted computing |
| CN109246693A (en) * | 2018-07-13 | 2019-01-18 | 维沃移动通信有限公司 | A kind of control method and terminal of application program |
| CN109918915A (en) * | 2019-03-14 | 2019-06-21 | 沈昌祥 | A kind of dynamic measurement method based on dual Architecture credible calculating platform |
Non-Patent Citations (1)
| Title |
|---|
| 一种基于软件行为分类的动态完整性度量模型;宋生宇;《通信技术》;20170910;第50卷(第9期);第2055-2059页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110334516A (en) | 2019-10-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2514140C1 (en) | System and method for improving quality of detecting malicious objects using rules and priorities | |
| CN106557697B (en) | System and method for generating a set of disinfection records | |
| US11657145B2 (en) | Vulnerability assessment of containerised installation | |
| JP6869347B2 (en) | Risk control event automatic processing method and equipment | |
| US20170061126A1 (en) | Process Launch, Monitoring and Execution Control | |
| CN111159713B (en) | SELinux-based self-learning credible strategy construction method and system | |
| CN110688653A (en) | Client security protection method and device and terminal equipment | |
| CN109753796A (en) | A kind of big data computer network security protective device and application method | |
| JP7019533B2 (en) | Attack detection device, attack detection system, attack detection method and attack detection program | |
| CN110334516B (en) | Method and device for updating trusted policy | |
| US20170126707A1 (en) | System and method for distributing most effective antivirus records to user devices | |
| CN110363007B (en) | Method and device for updating trusted policy | |
| CN111181979B (en) | Access control method, device, computer equipment and computer readable storage medium | |
| US10110625B2 (en) | Network security assessment system | |
| CN110298178B (en) | Trusted policy learning method and device and trusted security management platform | |
| CN111783099A (en) | Equipment safety analysis method, device and equipment | |
| CN106156574A (en) | A kind of Information Authentication method, Apparatus and system | |
| US10984105B2 (en) | Using a machine learning model in quantized steps for malware detection | |
| CN110334517B (en) | Trusted policy updating method and device and trusted security management platform | |
| CN108133136A (en) | Attack node detection device, method and computer readable storage medium thereof | |
| CN110781410A (en) | Community detection method and device | |
| CN106203121A (en) | Method and device for preventing malicious modification of kernel address and terminal | |
| CN114462038B (en) | Security protection method, device, equipment and computer readable storage medium | |
| CN115455414A (en) | Safety detection method and device | |
| CN113971285A (en) | Method, device and equipment for identifying malicious process of terminal and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |