CN110362983B - Method and device for ensuring consistency of dual-domain system and electronic equipment - Google Patents
Method and device for ensuring consistency of dual-domain system and electronic equipment Download PDFInfo
- Publication number
- CN110362983B CN110362983B CN201910470549.XA CN201910470549A CN110362983B CN 110362983 B CN110362983 B CN 110362983B CN 201910470549 A CN201910470549 A CN 201910470549A CN 110362983 B CN110362983 B CN 110362983B
- Authority
- CN
- China
- Prior art keywords
- characteristic value
- application
- dual
- consistency
- starting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a method and a device for ensuring consistency of a dual-domain system and electronic equipment. The method comprises the following steps: when a first system is switched to a second system, calculating a characteristic value of the first system to obtain a system closing characteristic value and storing the system closing characteristic value; when the second system is switched to the first system again, the characteristic value of the first system is calculated again to obtain a system starting characteristic value; judging whether the system starting characteristic value is the same as the system closing characteristic value of the first system in the last closing process; if not, stopping the starting of the first system and sending out warning information. The method, the device and the electronic equipment can carry out consistency check on each system in the dual-domain system, and ensure the safety of the system.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method, an apparatus, and an electronic device for ensuring consistency of a dual-domain system.
Background
With the rapid development of terminal technology, in order to meet the needs of users, two independent systems, including a common system and a security system, need to be installed on the terminal device. In the common system, the user can perform common data processing, such as data storage and network access in daily life; in a security system a user can handle some important data, such as data that needs to be kept secret, communication, network access, etc. Patent 201610928340.X discloses a construction method of a ROM-based dual-domain mobile phone system, comprising that a dual-domain service configuration file is stored in a ramdisk file, the ramdisk file is decompressed by gunzip, the content of the dual-domain service configuration file is modified according to the dual-domain system design, and then the ramdisk file is regenerated by an mkbootfs command; if the service configuration file is stored in other positions during the design of the dual-domain system, corresponding modification is needed. However, when two sets of systems are switched, there may be cases where applications, framework programs, and the like in the systems are tampered with.
Disclosure of Invention
In view of this, an embodiment of the present invention provides a method, an apparatus, and an electronic device for guaranteeing consistency of a dual-domain system, which can perform consistency check on each system in the dual-domain system, so as to guarantee security of the system.
Based on the above object, the method for ensuring consistency of a dual-domain system provided by the embodiment of the present invention includes:
when a first system is switched to a second system, calculating a characteristic value of the first system to obtain a system closing characteristic value and storing the system closing characteristic value;
when the second system is switched to the first system again, the characteristic value of the first system is calculated again to obtain a system starting characteristic value;
judging whether the system starting characteristic value is the same as the system closing characteristic value of the first system in the last closing process;
if not, stopping the starting of the first system and sending out warning information.
Optionally, the method further includes: and when the first system is operated, recalculating the characteristic value at preset time intervals and comparing the recalculated characteristic value with the characteristic value stored last time.
Optionally, the performing feature value calculation on the first system includes: and respectively calculating the characteristic value of the framework program and the application program of the first system.
Optionally, the method further includes:
receiving an application installation request, and judging whether the application installation request corresponds to the first system;
and if so, executing the application installation request to install the application and creating a data directory, and meanwhile, calculating an application program corresponding to the application installation request to store.
Optionally, the determining whether the application installation request corresponds to the first system includes: and the installation service PackageManagerService judges whether the application program corresponds to the first system or not through a daemon instruction calling tool.
Optionally, the method further includes: receiving a task request;
and generating an application process according to the task request, and generating a handle according to the current running system to mark the application process.
Optionally, the method further includes:
receiving an application data access request;
and obtaining the storage directory corresponding to the application data access request through a SELinux technology for access.
Optionally, the method further includes: img, storing the generated digital signature into a kernel boot of the system, and storing a certificate containing a public key into a bootloader.
The embodiment of the invention also provides a device for ensuring the consistency of the dual-domain system, which comprises:
the first calculation module is used for calculating the characteristic value of the first system to obtain and store a system shutdown characteristic value when the first system is switched to a second system;
the second calculation module is used for recalculating the characteristic value of the first system to obtain a system starting characteristic value when the second system is switched to the first system again;
the judging module is used for judging whether the system starting characteristic value is the same as the system closing characteristic value of the first system in the last closing process;
and the warning module is used for stopping the starting of the first system and sending warning information when the judgment result of the judgment module is negative.
An embodiment of the present invention further provides an electronic device, including:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein, the first and the second end of the pipe are connected with each other,
the memory stores instructions executable by the at least one processor to cause the at least one processor to perform the method for ensuring dual domain system consistency as described in any of the above.
As can be seen from the foregoing, in the method, the apparatus, and the electronic device for ensuring consistency of a dual-domain system provided in the embodiments of the present invention, when a first system is switched to a second system, a feature value of the first system is calculated, when an operating system is switched to the first system again, the feature value is recalculated, and the recalculated feature value is compared with a feature value calculated when the first system was last turned off, that is, the feature value of the current system is recalculated every time the system is switched, and the feature value of the current system is compared with a feature value of the current system before the last turn off, and if the feature values are the same, it is verified that the first system is not tampered during system startup, and the system can continue to be started; if the two are different, the first system is tampered, and at the moment, the starting is stopped and the user needs to be warned; the consistency check is to carry out omnibearing check on the application, the security state, the virus and the like in the security system, prevent the application and the security system framework program in the security system from being tampered, prevent the check of the security management function state of information leakage, display the check result and the score in an intuitive mode, indicate the problem and give a warning, thereby ensuring the consistency of the system and avoiding the system from being tampered due to the use of the other system or other reasons in the two running periods of the current system.
Drawings
FIG. 1 is a flowchart of a method for ensuring consistency of a dual-domain system according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of data isolation for ensuring consistency of a dual-domain system according to an embodiment of the present invention;
FIG. 3 is a flowchart of a method for ensuring consistency of a dual-domain system according to an embodiment of the present invention;
FIG. 4 is a block diagram of an apparatus for guaranteeing dual domain system consistency according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device implementing the apparatus for ensuring consistency of a dual-domain system according to the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to specific embodiments and the accompanying drawings.
It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are used for distinguishing two entities with the same name but different names or different parameters, and it should be noted that "first" and "second" are merely for convenience of description and should not be construed as limitations of the embodiments of the present invention, and they are not described in any more detail in the following embodiments.
Fig. 1 is a flowchart of a method for ensuring consistency of a dual-domain system according to an embodiment of the present invention. The embodiment of the invention provides a method for ensuring consistency of a dual-domain system, which comprises the following steps:
And 102, when the second system is switched to the first system again, calculating the characteristic value of the first system again to obtain a system starting characteristic value.
And step 104, if not, stopping the starting of the first system and sending alarm information. If yes, the first system is continuously started.
The method for ensuring consistency of a dual-domain system in the embodiment of the invention comprises the steps that when a first system is switched to a second system, a characteristic value of the first system is calculated, when an operation system is switched to the first system again, the characteristic value of the first system is recalculated, the recalculated characteristic value is compared with a characteristic value calculated when the first system is closed last time, namely, the characteristic value of the current system is recalculated each time the system is switched, the characteristic value of the current system is compared with the characteristic value of the current system before the current system is closed last time, and if the characteristic value of the current system is the same as the characteristic value of the current system before the current system is closed last time, the first system is proved not to be tampered during system starting and can be continuously started; if the two are different, the first system is tampered, and at the moment, starting needs to be stopped and an alarm needs to be given to a user; the consistency check is to carry out omnibearing check on the application, the security state, the virus and the like in the security system, prevent the application and the security system framework program in the security system from being tampered, prevent the check of the security management function state of information leakage, display the check result and the score in an intuitive mode, indicate the problem and give a warning, thereby ensuring the consistency of the system and avoiding the system from being tampered due to the use of the other system or other reasons in the two running periods of the current system.
In this embodiment, the first system is a security system, and the second system is a normal system. To ensure the security of the security system, a consistency check of the security system is required each time the security system is activated.
In an alternative embodiment, the first system is a generic system and the second system is a security system, i.e. a consistency check is also performed each time the generic system is started, thereby ensuring the security of the generic system.
In another alternative embodiment, a consistency check is required each time the system, whether secure or normal, is started, to ensure that both systems are in a secure state, and that programs, data, etc. of both systems are not tampered with.
In some optional embodiments, the method for guaranteeing consistency of a dual-domain system according to the embodiment of the present invention further includes: and calculating and storing initial characteristic values of the first system when the first system is created. At system creation time, the characteristic values of the system in the initial state are computed and stored in a DataBase (DataBase) as the basis for subsequent consistency checks. Among them, the DataBase (DataBase) will be stored in TrustZone environment.
Optionally, the method further includes: when the first system runs, recalculating the characteristic value at preset time intervals, comparing the recalculated characteristic value with the characteristic value stored last time, judging the consistency of the first system according to the comparison result, and if the recalculated characteristic value is the same as the characteristic value stored last time, proving that the system is not tampered; if the difference is different, the system changes, and the user needs to be warned. And recalculating the first system characteristic value at preset time intervals, and storing or updating the first system characteristic value into the database, so that consistency check is continuously performed during the running period of the system, and the consistency and the safety of the system are ensured. In one specific embodiment, the consistency check is performed every five minutes for the feature values recalculated.
Optionally, the calculating the feature values of the first system in step 101 includes: and respectively calculating the characteristic value of the framework program and the application program of the first system. In this embodiment, when the feature value is calculated for the first system, not only the framework program calculation of the system but also the feature value of the application program are required to be calculated, that is, not only the consistency check is performed on the system program, but also the consistency check is performed on multiple application programs, including the security protection program of the system. If any of the characteristic values changes, the system may be tampered, so that the system needs to be checked to ensure the consistency and security of the system. In a specific embodiment, it is necessary to perform verification of contents such as preventing recording, preventing video recording, preventing screen capture, preventing USB connection, preventing network destruction, and preventing bluetooth transmission.
In some embodiments of the present invention, the method for guaranteeing consistency of a dual-domain system further comprises:
step 201, receiving an application installation request, and determining whether the application installation request corresponds to the first system. Wherein the determining whether the application installation request corresponds to the first system comprises: and the installation service PackageManagerService judges whether the application program corresponds to the first system or not through a daemon instruction calling tool.
And 202, if yes, executing the application installation request to install the application and create a data directory, and meanwhile, calculating an application program corresponding to the application installation request to store.
In the application installation process, as shown in fig. 2, the installation service PackageManagerService distinguishes whether the application installation comes from a common system or a security system through a daemon installd calling tool, and performs persistent storage on the attribute of the application, which is a security domain or a common domain, and creates data directories in different positions according to the domain attribute.
In other embodiments of the present invention, the method for guaranteeing consistency of a dual-domain system further comprises:
step 301, receiving a task request;
step 302, according to the task request, generating an application process, and according to the current running system, generating a handle to mark the application process. Wherein the handle is a special intelligent pointer. When an application references a block or object of memory managed by another system (e.g., a database, an operating system), the handle is used.
In the embodiment of the invention, the application processes of different systems are provided with handles for marking respective systems to distinguish the systems to which the task processes belong, the task stacks are isolated according to the domain handles, and the applications with the same domain handles can communicate with each other. For special cases, such as the delivery of messages between different domains via customized basic services, the sms application itself is isolated.
In other embodiments of the present invention, the method for guaranteeing consistency of a dual-domain system further comprises:
step 401, an application data access request is received.
Step 402, obtaining a storage directory corresponding to the application data access request through a SELinux technology to access. In this embodiment, through SELinux, the directory access permission of the application data storage is distinguished and limited.
In other optional embodiments, the method further comprises: img, storing the generated digital signature into a kernel boot of the system, and storing a certificate containing a public key into a bootloader.
In a specific embodiment, as shown in fig. 2, when the current system is closed last time, the system calculates its characteristic value H2 and stores it in the TrustZone environment through bootloader after encrypting; when the system is restarted, the system uses the public key to obtain the characteristic value H2 from the signature of the boot.img, simultaneously the system calculates a new characteristic value in the current starting state, compares the two characteristic values, if the two characteristic values are the same, the system is proved not to be tampered, and the boot.img starting system can be continuously loaded; if the two are different, the system is probably tampered, and the system is stopped to start and simultaneously alarms the user. The invention deeply analyzes the system starting principle and protects the safe loading of the system mirror image by adopting a layer-by-layer verification mode. And designing a safety mechanism from the aspects of system principle mirror image analysis, safe starting and the like, thereby protecting the system safety and preventing machine-flushing or Root.
The method for ensuring consistency of the dual-domain system in the embodiment of the invention carries out all-around consistency check on application, safety state, virus and the like in a safety system, prevents the application and a safety system framework program in the safety system from being tampered, prevents the check of the safety management function state of information leakage, displays the check result and score in a visual mode, points out the problem and gives an alarm; the application installation, the application task stack and the application data storage are respectively isolated, so that the safety of the system is ensured; adopting an anti-flash/anti-Root technology to sign a kernel boot.img (including kernel, ramdisk, dt) of an Android system, attaching the signature to the kernel boot.img, and then compiling a certificate (including a public key) of the signature into a boot loader, so as to protect the important guarantee of the security of a mobile phone system, deeply analyze the starting principle of the system, and protect the safe loading of a system mirror image by adopting a layer-by-layer verification mode; and various switching modes such as gestures, keys 95598#, a certain function key and the like are supported, and different service requirements are met.
Another aspect of the embodiments of the present invention provides an apparatus for guaranteeing consistency of a dual-domain system, as shown in fig. 3, including:
the first calculation module 11 is configured to, when a first system is switched to a second system, perform characteristic value calculation on the first system to obtain a system shutdown characteristic value, and store the system shutdown characteristic value;
the second calculating module 12 is configured to, when the second system is switched to the first system again, perform eigenvalue calculation on the first system again to obtain a system startup eigenvalue;
a judging module 13, configured to judge whether the system start characteristic value is the same as the system shutdown characteristic value of the first system when the first system was last shutdown;
and the warning module 14 is configured to stop the starting of the first system and send warning information when the determination result of the determining module is negative.
Optionally, the method further includes: and when the first system is operated, recalculating the characteristic value at preset time intervals and comparing the recalculated characteristic value with the characteristic value stored last time.
Optionally, the performing feature value calculation on the first system includes: and respectively calculating the characteristic value of the framework program and the application program of the first system.
Optionally, the method further includes:
receiving an application installation request, and judging whether the application installation request corresponds to the first system;
and if so, executing the application installation request to install the application and creating a data directory, and meanwhile, calculating an application program corresponding to the application installation request to store.
Optionally, the determining whether the application installation request corresponds to the first system includes: and the installation service PackageManagerService judges whether the application program corresponds to the first system or not through a daemon instruction calling tool.
Optionally, the method further includes: receiving a task request;
and generating an application process according to the task request, and generating a handle according to the current running system to mark the application process.
Optionally, the method further includes:
receiving an application data access request;
and obtaining the storage directory corresponding to the application data access request through a SELinux technology for access.
Optionally, the method further includes: img, storing the generated digital signature into a kernel boot of the system, and storing a certificate containing a public key into a bootloader.
The technical effect of the embodiment of the device for ensuring consistency of the dual-domain system is the same as or similar to that of any method embodiment.
In a third aspect of the embodiments of the present invention, an embodiment of an apparatus for performing the method for guaranteeing consistency of a dual-domain system is provided. Fig. 5 is a schematic hardware structure diagram of an embodiment of the apparatus for performing the method for guaranteeing consistency in a dual-domain system according to the present invention.
As shown in fig. 5, the apparatus includes:
one or more processors 901 and a memory 902, with one processor 901 being an example in fig. 5.
The apparatus for performing the method for guaranteeing consistency of a dual domain system may further include: an input device 903 and an output device 904.
The processor 901, the memory 902, the input device 903 and the output device 904 may be connected by a bus or other means, and fig. 4 illustrates the connection by a bus as an example.
The memory 902, which is a non-volatile computer-readable storage medium, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules, such as program instructions/modules (e.g., the first computing module 11, the second computing module 12, the determining module 13, and the warning module 14 shown in fig. 4) corresponding to the method for guaranteeing consistency of a dual-domain system in the embodiment of the present application. The processor 901 executes various functional applications of the server and data processing by running non-volatile software programs, instructions and modules stored in the memory 1002, that is, implements the method for guaranteeing dual-domain system consistency of the above method embodiments.
The memory 902 may include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of a device for guaranteeing dual domain system consistency, and the like. Further, the memory 902 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, memory 902 may optionally include memory located remotely from processor 901, which may be connected to the member user behavior monitoring device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 903 may receive input numeric or character information and generate key signal inputs related to user settings and function control that guarantee a two-domain system consistency device. The output device 904 may include a display device such as a display screen.
The one or more modules are stored in the memory 902 and when executed by the one or more processors 901 perform the method of ensuring dual domain system consistency in any of the method embodiments described above. The technical effect of the embodiment of the device for executing the method for ensuring consistency of the dual-domain system is the same as or similar to that of any method embodiment.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the idea of the invention, also features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the invention as described above, which are not provided in detail for the sake of brevity.
In addition, well known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures for simplicity of illustration and discussion, and so as not to obscure the invention. Furthermore, devices may be shown in block diagram form in order to avoid obscuring the invention, and also in view of the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the present invention is to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the invention, it should be apparent to one skilled in the art that the invention can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.
While the present invention has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those of ordinary skill in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic ram (dram)) may use the discussed embodiments.
The embodiments of the invention are intended to embrace all such alternatives, modifications and variances that fall within the broad scope of the appended claims. Therefore, any omissions, modifications, substitutions, improvements and the like that may be made without departing from the spirit and principles of the invention are intended to be included within the scope of the invention.
Claims (7)
1. A method for ensuring consistency in a dual-domain system, comprising:
when a first system is switched to a second system, calculating a characteristic value of the first system to obtain a system closing characteristic value and storing the system closing characteristic value; wherein one of the first system and the second system is a security system, and the other is a common system;
when the second system is switched to the first system again, the characteristic value of the first system is calculated again to obtain a system starting characteristic value;
judging whether the system starting characteristic value is the same as the system closing characteristic value of the first system when the first system is closed last time;
if not, stopping the starting of the first system and sending out warning information;
wherein the performing feature value computation on the first system comprises: respectively calculating characteristic values of the framework program and the application program of the first system;
further comprising: receiving an application installation request, and judging whether the application installation request corresponds to the first system; if so, executing the application installation request to install the application and creating a data directory, and meanwhile, calculating an application program corresponding to the application installation request to store;
the judging whether the application installation request corresponds to the first system comprises the following steps: and the installation service PackageManagerService judges whether the application program corresponds to the first system through a daemon installd calling tool, performs persistent storage on the attribute of the system to which the application program belongs, and creates data directories at different positions according to the attribute.
2. The method of claim 1, further comprising: and when the first system is operated, recalculating the characteristic value at preset time intervals and comparing the recalculated characteristic value with the characteristic value stored last time.
3. The method of claim 1, further comprising: receiving a task request;
and generating an application process according to the task request, and generating a handle mark for the application process according to the current operating system.
4. The method of claim 1, further comprising:
receiving an application data access request;
and obtaining the storage directory corresponding to the application data access request through a SELinux technology for access.
5. The method of claim 1, further comprising: img, storing the generated digital signature into a kernel boot of the system, and storing a certificate containing a public key into a bootloader.
6. An apparatus for guaranteeing dual domain system consistency, comprising:
the first calculation module is used for calculating the characteristic value of the first system to obtain and store a system shutdown characteristic value when the first system is switched to a second system; wherein one of the first system and the second system is a security system, and the other is a common system;
the second calculation module is used for recalculating the characteristic value of the first system to obtain a system starting characteristic value when the second system is switched to the first system again;
the judging module is used for judging whether the system starting characteristic value is the same as the system closing characteristic value of the first system in the last closing process;
the alarm module is used for stopping the starting of the first system and sending alarm information when the judgment result of the judgment module is negative;
wherein the performing feature value computation on the first system comprises: respectively calculating characteristic values of the framework program and the application program of the first system;
the apparatus is further configured to implement: receiving an application installation request, and judging whether the application installation request corresponds to the first system; if so, executing the application installation request to install the application and creating a data directory, and meanwhile, calculating a characteristic value of an application program corresponding to the application installation request to store;
the determining whether the application installation request corresponds to the first system includes: and the installation service PackageManagerService judges whether the application program corresponds to the first system through a daemon installd calling tool, performs persistent storage on the attribute of the system to which the application program belongs, and creates data directories at different positions according to the attribute.
7. An electronic device, comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of ensuring dual domain system consistency of any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910470549.XA CN110362983B (en) | 2019-05-31 | 2019-05-31 | Method and device for ensuring consistency of dual-domain system and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910470549.XA CN110362983B (en) | 2019-05-31 | 2019-05-31 | Method and device for ensuring consistency of dual-domain system and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110362983A CN110362983A (en) | 2019-10-22 |
| CN110362983B true CN110362983B (en) | 2022-06-17 |
Family
ID=68215600
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910470549.XA Active CN110362983B (en) | 2019-05-31 | 2019-05-31 | Method and device for ensuring consistency of dual-domain system and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110362983B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112540892B (en) * | 2020-12-08 | 2023-01-20 | 公安部第三研究所 | Mobile phone isolation detection system and method |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103532969A (en) * | 2013-10-23 | 2014-01-22 | 国家电网公司 | Zombie network detection method, device and processor |
| CN104408344A (en) * | 2014-11-14 | 2015-03-11 | 南京酷派软件技术有限公司 | System switching method, system switching device and terminal |
| CN104407892A (en) * | 2014-11-24 | 2015-03-11 | 南京酷派软件技术有限公司 | System switching method, system switching device and terminal |
| CN104516748A (en) * | 2013-09-27 | 2015-04-15 | 联想(北京)有限公司 | Information processing method, electronic device and switchable memory |
| CN104615927A (en) * | 2014-12-31 | 2015-05-13 | 宇龙计算机通信科技(深圳)有限公司 | Multisystem safe verification method, multisystem safe verification device and terminal |
| KR20150145996A (en) * | 2014-06-20 | 2015-12-31 | 고려대학교 산학협력단 | System and method of sharing device on trustzone virtual environment |
| CN108134676A (en) * | 2017-12-19 | 2018-06-08 | 上海闻泰电子科技有限公司 | Android system safe starting method and readable storage medium storing program for executing |
| CN108287999A (en) * | 2017-01-10 | 2018-07-17 | 厦门雅迅网络股份有限公司 | A kind of startup method that system based on TrustZone is credible |
| CN108595983A (en) * | 2018-04-24 | 2018-09-28 | 许昌学院 | A kind of hardware structure and application context integrity measurement method based on hardware security isolated execution environment |
| CN108647513A (en) * | 2018-03-22 | 2018-10-12 | 华中科技大学 | A kind of shared library security isolation method and system based on TrustZone |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120297177A1 (en) * | 2010-11-15 | 2012-11-22 | Ghosh Anup K | Hardware Assisted Operating System Switch |
| CN103686363A (en) * | 2013-12-06 | 2014-03-26 | 康佳集团股份有限公司 | Set top box supporting double operating systems and operating system switching method of set top box |
| CN104318182B (en) * | 2014-10-29 | 2017-09-12 | 中国科学院信息工程研究所 | A kind of intelligent terminal shielding system and method extended based on processor security |
| CN104360900B (en) * | 2014-11-03 | 2020-05-12 | 上海迈微软件科技有限公司 | Method for operating multiple operating systems, corresponding system and mobile device |
| CN106096418B (en) * | 2016-06-02 | 2019-01-04 | 北京元心科技有限公司 | SELinux-based startup security level selection method and device and terminal equipment |
| CN106778233A (en) * | 2016-12-26 | 2017-05-31 | 努比亚技术有限公司 | Control device and method that a kind of application is installed |
| CN106845238A (en) * | 2017-02-13 | 2017-06-13 | 郑州云海信息技术有限公司 | A kind of cloud host operating system reinforcement means |
-
2019
- 2019-05-31 CN CN201910470549.XA patent/CN110362983B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104516748A (en) * | 2013-09-27 | 2015-04-15 | 联想(北京)有限公司 | Information processing method, electronic device and switchable memory |
| CN103532969A (en) * | 2013-10-23 | 2014-01-22 | 国家电网公司 | Zombie network detection method, device and processor |
| KR20150145996A (en) * | 2014-06-20 | 2015-12-31 | 고려대학교 산학협력단 | System and method of sharing device on trustzone virtual environment |
| CN104408344A (en) * | 2014-11-14 | 2015-03-11 | 南京酷派软件技术有限公司 | System switching method, system switching device and terminal |
| CN104407892A (en) * | 2014-11-24 | 2015-03-11 | 南京酷派软件技术有限公司 | System switching method, system switching device and terminal |
| CN104615927A (en) * | 2014-12-31 | 2015-05-13 | 宇龙计算机通信科技(深圳)有限公司 | Multisystem safe verification method, multisystem safe verification device and terminal |
| CN108287999A (en) * | 2017-01-10 | 2018-07-17 | 厦门雅迅网络股份有限公司 | A kind of startup method that system based on TrustZone is credible |
| CN108134676A (en) * | 2017-12-19 | 2018-06-08 | 上海闻泰电子科技有限公司 | Android system safe starting method and readable storage medium storing program for executing |
| CN108647513A (en) * | 2018-03-22 | 2018-10-12 | 华中科技大学 | A kind of shared library security isolation method and system based on TrustZone |
| CN108595983A (en) * | 2018-04-24 | 2018-09-28 | 许昌学院 | A kind of hardware structure and application context integrity measurement method based on hardware security isolated execution environment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110362983A (en) | 2019-10-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110113167B (en) | Information protection method and system of intelligent terminal and readable storage medium | |
| JP5014726B2 (en) | Enhanced execution environment by preventing unauthorized boot loader execution | |
| US9021244B2 (en) | Secure boot administration in a Unified Extensible Firmware Interface (UEFI)-compliant computing device | |
| US10255433B2 (en) | Executing process code integrity verificaton | |
| JP5346608B2 (en) | Information processing apparatus and file verification system | |
| CN109657448B (en) | Method and device for acquiring Root authority, electronic equipment and storage medium | |
| CN112039894B (en) | Network access control method, device, storage medium and electronic equipment | |
| CN104462965A (en) | Method for verifying integrity of application program and network device | |
| US20150302201A1 (en) | Device and method for processing transaction request in processing environment of trust zone | |
| JP6293133B2 (en) | Network-based management of protected data sets | |
| CN108229144B (en) | Verification method of application program, terminal equipment and storage medium | |
| CN107944292B (en) | Privacy data protection method and system | |
| CN112231702B (en) | Application protection method, device, equipment and medium | |
| CN110245495B (en) | BIOS checking method, configuration method, device and system | |
| CN116305290A (en) | System log security detection method and device, electronic equipment and storage medium | |
| JP6063321B2 (en) | Server apparatus and hash value processing method | |
| CN110362983B (en) | Method and device for ensuring consistency of dual-domain system and electronic equipment | |
| EP1998575A2 (en) | Wireless Terminal Apparatus and Method of Protecting System Resources | |
| CN110941825A (en) | Application monitoring method and device | |
| CN111353150B (en) | Trusted boot method, trusted boot device, electronic equipment and readable storage medium | |
| US20200244461A1 (en) | Data Processing Method and Apparatus | |
| JP6284301B2 (en) | Maintenance work determination apparatus and maintenance work determination method | |
| JP6072584B2 (en) | Server apparatus and program management method | |
| CN108228219B (en) | Method and device for verifying BIOS validity during in-band refreshing of BIOS | |
| JP5955165B2 (en) | Management apparatus, management method, and management program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |