CN111259348B - Method and system for safely running executable file - Google Patents

Method and system for safely running executable file Download PDF

Info

Publication number
CN111259348B
CN111259348B CN202010104230.8A CN202010104230A CN111259348B CN 111259348 B CN111259348 B CN 111259348B CN 202010104230 A CN202010104230 A CN 202010104230A CN 111259348 B CN111259348 B CN 111259348B
Authority
CN
China
Prior art keywords
executable file
acl
digital signature
main body
operation instruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010104230.8A
Other languages
Chinese (zh)
Other versions
CN111259348A (en
Inventor
赵明明
廖逍
李科
马皓
许勇刚
刘欣
张津明
刘圣龙
冯亮星
刘晓曦
赵建伟
刘柱
李文璞
白景坡
曾令康
张喆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Siji Network Security Beijing Co ltd
State Grid Information and Telecommunication Co Ltd
Original Assignee
State Grid Siji Network Security Beijing Co ltd
State Grid Information and Telecommunication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Siji Network Security Beijing Co ltd, State Grid Information and Telecommunication Co Ltd filed Critical State Grid Siji Network Security Beijing Co ltd
Priority to CN202010104230.8A priority Critical patent/CN111259348B/en
Publication of CN111259348A publication Critical patent/CN111259348A/en
Application granted granted Critical
Publication of CN111259348B publication Critical patent/CN111259348B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/125Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/564Static detection by virus signature recognition
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

The invention discloses a method and a system for safely operating an executable file, which are characterized in that when the executable file is detected to be called, the executable file, a calling main body of the executable file and an operation instruction of the calling main body to the executable file are obtained, when the operation instruction of the calling main body to the executable file is determined to be effective, whether the executable file, the calling main body and the operation instruction exist in a preset ACL is further verified, whether the executable file is tampered or not is verified by matching a digital signature of the executable file with a digital signature of the corresponding executable file in the ACL, whether the digital signature of the executable file is credible or not is verified, the executable file is loaded when all the verifications pass, and a new process is started to operate the executable file. Before the executable file is operated, the executable file is verified for many times, the executable file carrying viruses and/or malicious programs is filtered, and the safe operation of the executable file is realized.

Description

Method and system for safely running executable file
Technical Field
The invention relates to the technical field of computers, in particular to a method and a system for safely operating an executable file.
Background
With the integration of industrialization and informatization in national power grids and the rapid development of network communication technologies in recent years, the network application is greatly developed, and meanwhile, the openness of the network also brings huge potential safety hazards, so that the risk of virus attack exists. Because computer viruses gradually change from highly relying on the zero-day bug to highly customized special viruses which do not depend on the zero-day bug, how to intercept the viruses becomes an important condition for guaranteeing the safe operation of the power internet of things.
At present, virus interception is mainly a virus characteristic detection technology, and virus is intercepted in a targeted manner by detecting virus characteristics, so that virus propagation is prevented. However, a large number of varieties of viruses exist, and the security requirements of terminals of the internet of things in new situations cannot be met by adopting a virus characteristic detection mode to prevent virus propagation.
Disclosure of Invention
In view of this, the present invention discloses a method and a system for safely running an executable file, so as to implement multiple verifications on the executable file before running the executable file, and filter out the executable file carrying viruses and/or malicious programs, thereby implementing safe running of the executable file.
A method of securely running an executable file, comprising:
when detecting that the executable file is called, acquiring the executable file, a calling main body of the executable file and an operation instruction of the calling main body on the executable file;
judging whether the operation instruction of the calling main body to the executable file is effective or not;
if yes, intercepting the operation instruction executed by the calling main body on the executable file;
judging whether the executable file, the calling main body and the operation instruction exist in a preset ACL, wherein the content in the ACL comprises: a subject, an object and an operating instruction;
if yes, judging whether the digital signature of the executable file is matched with the digital signature of the executable file corresponding to the ACL;
if yes, judging whether the digital signature of the executable file is credible;
and if so, loading the executable file and starting a new process to run the executable file.
Optionally, the method further includes:
and when the calling main body is invalid to the operation instruction of the executable file, or the executable file, the calling main body and the operation instruction do not exist in the ACL, or the digital signature of the executable file is not matched with the digital signature of the corresponding executable file in the ACL, or the digital signature of the executable file is not credible, the executable file is prohibited from running.
Optionally, after the executable file is loaded and a new process is started to run the executable file, the method further includes:
and storing the running executable file to a pre-constructed trusted cloud database.
Optionally, the method further includes:
when detecting that the executable file stored in the trusted cloud database is changed, generating a new ACL based on the changed executable file;
carrying out data signature on the new ACL to obtain a target ACL;
and writing the target ACL into a block chain distributed account book.
Optionally, the method further includes:
and synchronously sending the block chain distributed account book written in the target ACL to the trusted cloud database and the client.
A system for securely running an executable file, comprising:
the obtaining unit is used for obtaining the executable file, a calling main body of the executable file and an operation instruction of the calling main body on the executable file when the fact that the executable file is called is detected;
a first judging unit, configured to judge whether the operation instruction of the executable file by the calling main body is valid;
the intercepting unit is used for intercepting the operation instruction executed by the calling main body on the executable file under the condition that the first judging unit judges that the operation instruction is positive;
a second judging unit, configured to judge whether the executable file, the call main body, and the operation instruction exist in a preset ACL, where contents in the ACL include: a subject, an object and an operating instruction;
a third judging unit configured to judge whether the digital signature of the executable file matches the digital signature of the corresponding executable file in the ACL, if the second judging unit judges yes;
a fourth judging unit, configured to judge whether the digital signature of the executable file is authentic when the third judging unit judges yes;
and the loading unit is used for loading the executable file and starting a new process to run the executable file under the condition that the fourth judging unit judges that the executable file is available.
Optionally, the method further includes:
and the forbidding unit is used for forbidding the executable file to run when the calling main body is invalid to the operation instruction of the executable file, or the executable file, the calling main body and the operation instruction do not exist in the ACL, or the digital signature of the executable file is not matched with the digital signature of the corresponding executable file in the ACL, or the digital signature of the executable file is not credible.
Optionally, the method further includes:
and the storage unit is used for storing the running executable file to a pre-constructed trusted cloud database after the executable file is loaded and a new process is started to run the executable file by the loading unit.
Optionally, the method further includes:
the generating unit is used for generating a new ACL based on the changed executable file after detecting that the executable file stored in the credible cloud database is changed;
the signature unit is used for carrying out data signature on the new ACL to obtain a target ACL;
and the writing unit is used for writing the target ACL into the block chain distributed account book.
Optionally, the method further includes:
and the sending unit is used for synchronously sending the block chain distributed account book written in the target ACL to the trusted cloud database and the client.
According to the technical scheme, the executable file, the calling main body of the executable file and the operation instruction of the calling main body to the executable file are obtained when the executable file is detected to be called, when the calling main body is determined to be effective to the operation instruction of the executable file, the operation instruction is not executed, whether the executable file, the calling main body and the operation instruction exist in a preset ACL is further verified, whether the executable file is tampered or not is verified by matching the digital signature of the executable file with the digital signature of the corresponding executable file in the ACL, whether the digital signature of the executable file is authentic is verified, the executable file is loaded when all verification is passed, a new process is started to run the executable file, and the executable file is forbidden to run if any verification is not passed. Because the executable file is verified for a plurality of times before the executable file is operated, the executable file carrying viruses and/or malicious programs can be filtered, thereby realizing the safe operation of the executable file.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the disclosed drawings without creative efforts.
FIG. 1 is a flowchart of a method for securely running an executable file according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a system for safely running an executable file according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention discloses a method and a system for safely operating an executable file, wherein when the executable file is detected to be called, the executable file, a calling main body of the executable file and an operation instruction of the calling main body to the executable file are obtained, when the operation instruction of the calling main body to the executable file is determined to be valid, the operation instruction is not executed, whether the executable file, the calling main body and the operation instruction exist in a preset ACL is further verified, whether the executable file is tampered or not is verified by matching a digital signature of the executable file with a digital signature of the corresponding executable file in the ACL, whether the digital signature of the executable file is trusted or not is verified, the executable file is loaded when all verifications are passed, a new process is started to operate the executable file, and the executable file is prohibited from operating when any verification is failed. Because the executable file is verified for a plurality of times before the executable file is operated, the executable file carrying viruses and/or malicious programs can be filtered, thereby realizing the safe operation of the executable file.
Referring to fig. 1, an embodiment of the present invention discloses a flowchart of a method for safely running an executable file, where the method is applied to a client, and the method includes the steps of:
step S101, when detecting that the executable file is called, acquiring the executable file, a calling main body of the executable file and an operation instruction of the calling main body to the executable file;
specifically, in practical applications, when a user calls a certain executable file, the executable file, a calling subject of the executable file, and an operation instruction of the calling subject to the executable file are obtained, where the calling subject is also a calling account of a subject to be executed, and the operation instruction of the calling subject to the executable file, such as execution, reading, writing, and the like.
Wherein, the executable file comprises an application program.
Step S102, judging whether the operation instruction of the calling main body to the executable file is effective, if so, executing step S103, and if not, executing step S108;
specifically, when a user calls a certain executable file, the operating system sends the executable file, the call main body, and the operation instruction to the operating system kernel, and the operating system kernel determines whether the call main body is valid for the operation instruction of the executable file, and the specific determination process may refer to the existing mature scheme, which is not described herein again. And when the calling body is determined to be valid for the operation instruction of the executable file, the security module in the operating system can perform Hook operation, and perform second verification on the executable file, the calling body and the operation instruction.
The operating system kernel refers to a core part of most operating systems. It consists of those parts of the operating system that are used to manage memory, files, peripherals, and system resources. The operating system kernel typically runs processes and provides inter-process communication.
Hook is an operating system debugging interrupt mechanism, and Chinese is translated into a 'Hook' or a 'Hook'. After a hook event has occurred for a particular system event, the program that made the hook event will be notified by the system upon the occurrence of the hook event, and can then respond to the event at a first time.
In this embodiment, a Hook module is arranged in the operating system, and the Hook module is used to intercept operations of the system such as reading, writing, and executing of a file.
Step S103, intercepting the operation instruction executed by the calling main body on the executable file;
in practical application, an interception Module may be set in an operating system, and the interception Module is used to call an LSM security Module interface, where the LSM is a Linux security Module for short. The interception module is a lightweight universal access control framework and is suitable for realizing various access control models on the interception module in the shape of a kernel loadable module.
The intercepting module consists of an access file driver and an access process driver, and can intercept file reading, writing and executing operations.
An Access Control List (ACL) is set in the interception module, and the ACL can support coarse-grained read, write and execution operations and can also support fine-grained operations at the system OP instruction level. The content in the ACL includes: the host comprises: any one or more combination of accounts, processes, and IPs, objects may include: files, processes, services, disks, devices, networks, and the like.
In this embodiment, the subject refers to a calling subject of the executable file, and the object refers to the executable file. In practical applications, the default ACL is a program whitelist, i.e., a set of operational behavior descriptions that are allowed to be executed.
It should be noted that, in this embodiment, a Hook technology of an operating system kernel is used to control the invocation of an execution file and the process running control of the operating system, so as to obtain the control right of the operating system, and a Root user cannot bypass the control of the interception module. The key effect of the step is to control the application program entry, when a user needs to call an executable file, and an operating system receives an operating instruction of the user on the executable file, namely when the operating system detects that the executable file is called, the native permission is judged firstly, namely whether the operating instruction of a calling main body on the executable file is effective or not is judged, if yes, when the operating instruction is called, the Hook technology is intercepted at the moment, namely, even if the native permission passes verification, the executable file cannot be executed in the operating system at will.
Step S104, judging whether the executable file, the calling main body and the operation instruction exist in a preset ACL, if so, executing step S105, and if not, executing step S108;
it should be noted that in this embodiment, a program white list is generated through the trusted cloud database, where the program white list is also an ACL, and an operating system of the terminal can only execute an executable file in the ACL.
Wherein the generated ACL may be derived as a white list.
The security module of the terminal can import the ACL.
In practical applications, the ACL may import Access Control models, such as Role Based Access Control (RBAC), mandatory Access Control (MAC), attribute Based Access Control (ABAC), and other security policies.
Step S105, judging whether the digital signature of the executable file is matched with the digital signature of the corresponding executable file in the ACL, if so, executing step S106, and if not, executing step S108;
specifically, the interception module performs digital signature on the object in the ACL by using a one-way hash function, and the digital signature is specifically an MD5 digital signature.
One-way hash function: also known as one-way Hash function, a function for changing an input message string of an arbitrary length into an output string of a fixed length, and making it difficult to obtain the input string from the output string.
In the embodiment, whether the executable file is tampered or not is determined by matching the digital signature of the executable file with the digital signature of the executable file corresponding to the ACL, and when the two are matched, it is indicated that the digital signature of the executable file is not tampered, otherwise, when the two are not matched, it is indicated that the digital signature of the executable file is tampered, and at this time, the executable file is prohibited from running.
Step S106, judging whether the digital signature of the executable file is credible, if so, executing step S107, and if not, executing step S108;
the determination of whether the digital signature of the executable file is trusted may be made by determining whether the digital signature of the executable file is generated when the digital signature of the executable file is not tampered, which may be referred to an existing mature scheme specifically, and is not described herein again.
And S107, loading the executable file, and starting a new process to run the executable file.
And step S108, prohibiting the executable file from running.
In summary, the method for safely running the executable file disclosed by the invention obtains the executable file, the calling main body of the executable file and the operation instruction of the calling main body to the executable file when detecting that the executable file is called, does not execute the operation instruction when determining that the operation instruction of the calling main body to the executable file is valid, but further verifies whether the executable file, the calling main body and the operation instruction exist in the preset ACL, verifies whether the executable file is tampered by matching the digital signature of the executable file with the digital signature of the corresponding executable file in the ACL, verifies whether the digital signature of the executable file is authentic, loads the executable file when all the verifications are passed, starts a new process to run the executable file, and prohibits the executable file from running when any one of the verifications is not passed. Because the executable file is verified for a plurality of times before the executable file is operated, the executable file carrying viruses and/or malicious programs can be filtered, thereby realizing the safe operation of the executable file.
To further optimize the above embodiment, after step S107, the method may further include:
and storing the running executable file to a pre-constructed trusted cloud database.
The executable files stored in the trusted cloud database all have digital signatures, and the data signatures can be MD5 digital signatures generated by adopting a Hash algorithm.
It should be noted that the present invention maintains all the execution files that may be executed in the terminal by establishing the trusted cloud database. The execution files are managed, published, updated and the like through the trusted cloud database, so that the operating system of the terminal can only execute programs in the files in a more detailed mode through the trusted cloud database.
According to the invention, all application programs which need to run at the generic Internet of things terminal are uniformly sorted and collected by storing the verified executable file into the renewable cloud database.
In practical application, when a trusted cloud database is constructed, a cloud architecture can be adopted to construct a management platform of a trusted program, and management is performed by using a WEB UI developed by H5. The trusted cloud database can perform functions of new program release, program update, program management, version management, file synchronization, backup restoration, download control and the like.
In order to ensure the safety of the ACL and prevent the ACL from being tampered, the invention carries out block chaining on the ACL.
Therefore, to further optimize the above embodiment, the method for safely running the executable file may further include the steps of:
when detecting that the executable file stored in the trusted cloud database is changed, generating a new ACL based on the changed executable file;
carrying out data signature on the new ACL to obtain a target ACL;
and writing the target ACL into a block chain distributed account book.
To further optimize the above embodiment, the method may further include:
and synchronously sending the block chain distributed account book written in the target ACL to the trusted cloud database and the client.
The client can perform access control of files and processes according to the target ACL.
It should be particularly noted that all communications required for block chaining of the ACL are transmitted by using an HTTPS (Hyper Text Transfer Protocol over secure session Layer) encryption manner.
To further optimize the above embodiment, the method may further include:
1) Establishing an interception module, wherein the interception module consists of an access file driver and an access process driver and is used for intercepting an operation instruction executed by a calling main body on an executable file;
2) Establishing a basic module;
wherein the base module comprises: the system comprises an ACL synchronization sub-module, a Hash calculation sub-module, an access control sub-module and a chain data read-write sub-module.
The ACL synchronization submodule is used for receiving an ACL white list rule issued through a block chain;
the Hash calculation submodule is used for carrying out digital signature on the executable file called by the operating system and judging whether the digital signature of the executable file is matched with the digital signature of the corresponding executable file in the ACL so as to determine whether the executable file is tampered;
the access control submodule is used for determining whether the executable file currently operated by the operating system is allowed or not according to the ACL so as to determine whether the executable file is allowed to operate or refused to operate;
and the chain data reading and writing submodule is used for acquiring ACL information in the block chain distributed account book and recording software installation and change contents of an operating system into the block chain distributed account book.
3) Establishing an application module;
wherein the application module comprises: the log sending submodule, the safety updating submodule, the downloading submodule and the safety execution submodule;
the log sending submodule is used for storing log data generated by the client and sending the log data to a preset position;
the safety updating sub-module is used for monitoring the software version in the credible cloud database and executing updating operation when detecting a new software version;
the downloading submodule is used for downloading updated software from the trusted cloud database;
and the safety execution submodule is used for detecting the execution condition of each submodule of the client and discharging the operation fault of the found client.
In summary, the method for safely running the executable file disclosed by the invention obtains the executable file, the calling main body of the executable file and the operation instruction of the calling main body to the executable file when detecting that the executable file is called, does not execute the operation instruction when determining that the operation instruction of the calling main body to the executable file is valid, but further verifies whether the executable file, the calling main body and the operation instruction exist in the preset ACL, verifies whether the executable file is tampered or not by matching the digital signature of the executable file with the digital signature of the corresponding executable file in the ACL, verifies whether the digital signature of the executable file is trusted or not, loads the executable file when all verifications are passed, starts a new process to run the executable file, and prohibits the executable file from running if any verification is failed. Because the executable file is verified for a plurality of times before the executable file is operated, the executable file carrying viruses and/or malicious programs can be filtered, thereby realizing the safe operation of the executable file.
Secondly, the invention adopts a trusted cloud database to release new software, carries out unified maintenance and management, generates new ACL after executable files stored in the trusted cloud database are changed, adopts an ACL management system of a block chain technology, can write the ACL into a block chain distributed account book, can fully track and backtrack the iterative process of the software, and can obtain the ACL from the block chain by each terminal system and update the software from the trusted cloud database, thereby realizing that the software environment of the whole distribution and transformation network is the main.
In addition, since the present invention can be operated only by ACL addition, even if privileges such as Root are obtained by a zero-day attack, the program cannot be executed at will.
Corresponding to the embodiment of the method, the invention also discloses a system for safely operating the executable file.
Referring to fig. 2, an embodiment of the present invention discloses a schematic structural diagram of a system for safely running an executable file, where the system is applied to a client, and the system includes:
an obtaining unit 201, configured to obtain an executable file, a call subject of the executable file, and an operation instruction of the call subject on the executable file when it is detected that the executable file is called;
specifically, in an actual application, when a user calls a certain executable file, the executable file, a calling main body of the executable file, and an operation instruction of the calling main body to the executable file are obtained, where the calling main body is also a calling account of a main body to be executed, and the operation instruction of the calling main body to the executable file, for example, execution, reading, writing, and the like.
Wherein, the executable file comprises an application program.
A first judging unit 202, configured to judge whether the operation instruction of the executable file by the calling main body is valid;
specifically, when a user calls a certain executable file, the operating system sends the executable file, the call main body, and the operation instruction to the operating system kernel, and the operating system kernel determines whether the call main body is valid for the operation instruction of the executable file, and the specific determination process may refer to the existing mature scheme, which is not described herein again. And when the calling body is determined to be valid for the operation instruction of the executable file, the security module in the operating system can perform Hook operation, and perform second verification on the executable file, the calling body and the operation instruction.
The operating system kernel refers to a core part of most operating systems. It consists of those parts of the operating system that are used to manage memory, files, peripherals, and system resources. The operating system kernel typically runs processes and provides inter-process communication.
Hook is an operating system debugging interrupt mechanism, and Chinese is translated into a 'Hook' or a 'Hook'. After a hook event has occurred for a particular system event, the program that made the hook event will be notified by the system upon the occurrence of the hook event, and can then respond to the event at a first time.
In this embodiment, a Hook module is arranged in the operating system, and the Hook module is used to intercept operations of the system such as reading, writing, and executing of a file.
The intercepting unit 203, configured to intercept the operation instruction executed by the calling main body on the executable file if the first determining unit 202 determines that the operation instruction is yes;
in practical application, an interception Module may be set in an operating system, and the interception Module is used to call an LSM security Module interface, where the LSM is a Linux security Module for short. The interception module is a lightweight universal access control framework and is suitable for realizing various access control models on the interception module in the shape of a kernel loadable module.
The intercepting module consists of an access file driver and an access process driver, and can intercept file reading, writing and executing operations.
An Access Control List (ACL) is set in the interception module, and the ACL can support coarse-grained read, write and execution operations and can also support fine-grained operations at the system OP instruction level. The content in the ACL includes: the host comprises: any one or more combination of accounts, processes, and IPs, objects may include: files, processes, services, disks, devices, networks, and the like.
In this embodiment, the subject refers to a calling subject of the executable file, and the object refers to the executable file. In practical applications, the default ACL is a program whitelist, i.e., a set of operational behavior descriptions that are allowed to be executed.
It should be noted that, in this embodiment, a Hook technology of an operating system kernel is used to control the invocation of an execution file and the process running control of the operating system, so as to obtain the control right of the operating system, and a Root user cannot bypass the control of the interception module. The key effect of the step is to control the application program entry, when a user needs to call an executable file, and an operating system receives an operating instruction of the user on the executable file, namely when the operating system detects that the executable file is called, the native permission is judged firstly, namely whether the operating instruction of a calling main body on the executable file is effective or not is judged, if yes, when the operating instruction is called, the Hook technology is intercepted at the moment, namely, even if the native permission passes verification, the executable file cannot be executed in the operating system at will.
A second judging unit 204, configured to judge whether the executable file, the call subject, and the operation instruction exist in a preset ACL, where contents in the ACL include: a subject, an object and an operating instruction;
it should be noted that, in this embodiment, a program white list is generated through the trusted cloud database, where the program white list is also an ACL, and an operating system of the terminal can only execute an executable file in the ACL.
Wherein the generated ACL may be derived as a white list.
The security module of the terminal may import the ACL.
In practical applications, the ACL may import Access Control models, such as Role Based Access Control (RBAC), mandatory Access Control (MAC), attribute Based Access Control (ABAC), and other security policies.
A third judging unit 205, configured to judge whether the digital signature of the executable file matches the digital signature of the corresponding executable file in the ACL if the second judging unit 204 judges yes;
specifically, the interception module performs digital signature on the object in the ACL by using a one-way hash function, and the digital signature is specifically an MD5 digital signature.
One-way hash function: also known as one-way Hash function, a function for changing an input message string of an arbitrary length into an output string of a fixed length, and making it difficult to obtain the input string from the output string.
In the embodiment, whether the executable file is tampered or not is determined by matching the digital signature of the executable file with the digital signature of the executable file corresponding to the ACL, and when the two are matched, it is indicated that the digital signature of the executable file is not tampered, otherwise, when the two are not matched, it is indicated that the digital signature of the executable file is tampered, and at this time, the executable file is prohibited from running.
A fourth judging unit 206, configured to judge whether the digital signature of the executable file is authentic when the third judging unit 205 judges yes;
the determination of whether the digital signature of the executable file is trusted may be made by determining whether the digital signature of the executable file is generated when the digital signature of the executable file is not tampered, which may be referred to an existing mature scheme specifically, and is not described herein again.
A loading unit 207, configured to load the executable file and start a new process to run the executable file when the fourth determining unit 206 determines that the executable file is not a new executable file.
In summary, the system for safely running the executable file disclosed by the invention obtains the executable file, the calling main body of the executable file and the operation instruction of the calling main body to the executable file when detecting that the executable file is called, does not execute the operation instruction when determining that the operation instruction of the calling main body to the executable file is valid, but further verifies whether the executable file, the calling main body and the operation instruction exist in the preset ACL, verifies whether the executable file is tampered by matching the digital signature of the executable file with the digital signature of the corresponding executable file in the ACL, verifies whether the digital signature of the executable file is authentic, loads the executable file when all the verifications are passed, starts a new process to run the executable file, and prohibits the executable file from running when any one of the verifications is not passed. Because the executable file is verified for a plurality of times before the executable file is operated, the executable file carrying viruses and/or malicious programs can be filtered, thereby realizing the safe operation of the executable file.
Therefore, to further optimize the above embodiment, the above system may further include:
and the forbidding unit is used for forbidding the executable file to run when the calling main body is invalid to the operation instruction of the executable file, or the executable file, the calling main body and the operation instruction do not exist in the ACL, or the digital signature of the executable file is not matched with the digital signature of the corresponding executable file in the ACL, or the digital signature of the executable file is not credible.
To further optimize the above embodiment, the system may further include:
and the storage unit is configured to store the executed executable file to a pre-constructed trusted cloud database after the loading unit 207 loads the executable file and starts a new process to run the executable file.
The executable files stored in the trusted cloud database all have digital signatures, and the data signatures can be MD5 digital signatures generated by adopting a Hash algorithm.
It should be noted that the present invention maintains all execution files that may be executed in the terminal by establishing the trusted cloud database. The execution files are managed, published, updated and the like through the trusted cloud database, so that the operating system of the terminal can only execute programs in the files in a more detailed mode through the trusted cloud database.
According to the invention, all application programs which need to run at the generic Internet of things terminal are uniformly sorted and collected by storing the verified executable file into the renewable cloud database.
In practical application, when a trusted cloud database is constructed, a cloud architecture can be adopted to construct a management platform of a trusted program, and management is performed by using a WEB UI developed by H5. The trusted cloud database can perform functions of new program release, program update, program management, version management, file synchronization, backup and restoration, download control and the like.
In order to ensure the safety of the ACL and prevent the ACL from being tampered, the invention carries out block chaining on the ACL.
Therefore, to further optimize the above embodiment, the above system may further include:
the generating unit is used for generating a new ACL based on the changed executable file after detecting that the executable file stored in the trusted cloud database is changed;
the signature unit is used for carrying out data signature on the new ACL to obtain a target ACL;
and the writing unit is used for writing the target ACL into the block chain distributed account book.
To further optimize the above embodiment, the system may further include:
and the sending unit is used for synchronously sending the block chain distributed account book written in the target ACL to the trusted cloud database and the client.
The client can perform access control of files and processes according to the target ACL.
It should be particularly noted that all communications required for block chaining of the ACL are transmitted by using an HTTPS (Hyper Text Transfer Protocol over secure session Layer) encryption manner.
In summary, the system for safely running the executable file disclosed by the invention obtains the executable file, the calling main body of the executable file and the operation instruction of the calling main body to the executable file when detecting that the executable file is called, does not execute the operation instruction when determining that the operation instruction of the calling main body to the executable file is valid, but further verifies whether the executable file, the calling main body and the operation instruction exist in the preset ACL, verifies whether the executable file is tampered by matching the digital signature of the executable file with the digital signature of the corresponding executable file in the ACL, verifies whether the digital signature of the executable file is authentic, loads the executable file when all the verifications are passed, starts a new process to run the executable file, and prohibits the executable file from running when any one of the verifications is not passed. Because the executable file is verified for a plurality of times before the executable file is operated, the executable file carrying viruses and/or malicious programs can be filtered, thereby realizing the safe operation of the executable file.
Secondly, the invention adopts the trusted cloud database to release new software, carries out unified maintenance and management, generates a new ACL after an executable file stored in the trusted cloud database is changed, adopts the ACL management system of the block chain technology, can write the ACL into a block chain distributed account book, can fully call the iterative process of tracking and backtracking the software, and can obtain the ACL from the block chain by each terminal system and update the software from the trusted cloud database, thereby realizing that the software environment of the whole distribution and transformation network is the main one.
In addition, since the present invention can be operated only by ACL addition, even if privileges such as Root are obtained by a zero-day attack, the program cannot be executed at will.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A method for securely running an executable file, comprising:
when detecting that the executable file is called, acquiring the executable file, a calling main body of the executable file and an operation instruction of the calling main body on the executable file;
judging whether the operation instruction of the calling main body to the executable file is effective or not;
if yes, intercepting the operation instruction executed by the calling main body on the executable file;
judging whether the executable file, the calling main body and the operation instruction exist in a preset ACL, wherein the content in the ACL comprises: a subject, an object and an operating instruction;
if yes, judging whether the digital signature of the executable file is matched with the digital signature of the executable file corresponding to the ACL, wherein when the digital signature of the executable file is matched with the digital signature of the executable file corresponding to the ACL, the digital signature of the executable file is indicated to be not tampered;
if yes, judging whether the digital signature of the executable file is credible;
and if so, loading the executable file and starting a new process to run the executable file.
2. The method of claim 1, further comprising:
and when the calling main body is invalid to the operation instruction of the executable file, or the executable file, the calling main body and the operation instruction do not exist in the ACL, or the digital signature of the executable file is not matched with the digital signature of the corresponding executable file in the ACL, or the digital signature of the executable file is not credible, the executable file is prohibited from running.
3. The method of claim 1, after the loading the executable file and initiating a new process to run the executable file, further comprising:
and storing the running executable file to a pre-constructed trusted cloud database.
4. The method of claim 3, further comprising:
when detecting that the executable file stored in the trusted cloud database is changed, generating a new ACL based on the changed executable file;
carrying out data signature on the new ACL to obtain a target ACL;
and writing the target ACL into a block chain distributed account book.
5. The method of claim 4, further comprising:
and synchronously sending the block chain distributed account book written in the target ACL to the trusted cloud database and the client.
6. A system for securely running an executable file, comprising:
the obtaining unit is used for obtaining the executable file, a calling main body of the executable file and an operation instruction of the calling main body on the executable file when the executable file is called;
a first judging unit, configured to judge whether the operation instruction of the executable file by the calling main body is valid;
the intercepting unit is used for intercepting the operation instruction executed by the calling main body on the executable file under the condition that the first judging unit judges that the operation instruction is positive;
a second judging unit, configured to judge whether the executable file, the call main body, and the operation instruction exist in a preset ACL, where contents in the ACL include: a subject, an object and an operating instruction;
a third judging unit, configured to judge whether the digital signature of the executable file matches the digital signature of the executable file corresponding to the ACL, if the second judging unit judges yes, where when the digital signature of the executable file matches the digital signature of the executable file corresponding to the ACL, it indicates that the digital signature of the executable file has not been tampered with;
a fourth judging unit, configured to judge whether the digital signature of the executable file is authentic when the third judging unit judges that the digital signature of the executable file is authentic;
and the loading unit is used for loading the executable file and starting a new process to run the executable file under the condition that the fourth judging unit judges that the executable file is available.
7. The system of claim 6, further comprising:
and the forbidding unit is used for forbidding the executable file to run when the calling main body is invalid to the operation instruction of the executable file, or the executable file, the calling main body and the operation instruction do not exist in the ACL, or the digital signature of the executable file is not matched with the digital signature of the corresponding executable file in the ACL, or the digital signature of the executable file is not credible.
8. The system of claim 6, further comprising:
and the storage unit is used for storing the running executable file to a pre-constructed trusted cloud database after the loading unit loads the executable file and starts a new process to run the executable file.
9. The system of claim 8, further comprising:
the generating unit is used for generating a new ACL based on the changed executable file after detecting that the executable file stored in the trusted cloud database is changed;
the signature unit is used for carrying out data signature on the new ACL to obtain a target ACL;
and the writing unit is used for writing the target ACL into the block chain distributed account book.
10. The system of claim 9, further comprising:
and the sending unit is used for synchronously sending the block chain distributed account book written in the target ACL to the trusted cloud database and the client.
CN202010104230.8A 2020-02-20 2020-02-20 Method and system for safely running executable file Active CN111259348B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010104230.8A CN111259348B (en) 2020-02-20 2020-02-20 Method and system for safely running executable file

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010104230.8A CN111259348B (en) 2020-02-20 2020-02-20 Method and system for safely running executable file

Publications (2)

Publication Number Publication Date
CN111259348A CN111259348A (en) 2020-06-09
CN111259348B true CN111259348B (en) 2023-03-07

Family

ID=70949633

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010104230.8A Active CN111259348B (en) 2020-02-20 2020-02-20 Method and system for safely running executable file

Country Status (1)

Country Link
CN (1) CN111259348B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111541553B (en) * 2020-07-08 2021-08-24 支付宝(杭州)信息技术有限公司 Trusted starting method and device of block chain all-in-one machine
CN112491812B (en) 2020-07-08 2022-03-01 支付宝(杭州)信息技术有限公司 Hash updating method and device of block chain all-in-one machine
CN113536242A (en) * 2021-07-09 2021-10-22 深圳市元征未来汽车技术有限公司 Dynamic library calling method and device, terminal equipment and storage medium
CN114091023A (en) * 2021-11-23 2022-02-25 国汽智控(北京)科技有限公司 Executable file checking method, device, equipment and storage medium
WO2023112170A1 (en) * 2021-12-14 2023-06-22 日本電信電話株式会社 Log output device, log output method, and log output program
CN115129677B (en) * 2022-08-30 2022-11-22 睿云奇智(青岛)科技有限公司 Operator document synchronization method and device
CN116680696B (en) * 2023-08-04 2024-02-13 深圳市科力锐科技有限公司 Virus program detection method, device and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102004879A (en) * 2010-11-22 2011-04-06 北京北信源软件股份有限公司 Method for identifying credible progress
CN102542182A (en) * 2010-12-15 2012-07-04 苏州凌霄科技有限公司 Device and method for controlling mandatory access based on Windows platform
CN104735091A (en) * 2015-04-17 2015-06-24 三星电子(中国)研发中心 Linux system-based user access control method and device
CN106295319A (en) * 2016-08-02 2017-01-04 中标软件有限公司 Operating system safety protecting method
CN109063480A (en) * 2018-07-25 2018-12-21 郑州云海信息技术有限公司 A kind of the executable file starting control method and system of oneself signature

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7707620B2 (en) * 2005-05-06 2010-04-27 Cisco Technology, Inc. Method to control and secure setuid/gid executables and processes
WO2011099972A1 (en) * 2010-02-11 2011-08-18 Hewlett-Packard Company, L. P. Executable identity based file access

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102004879A (en) * 2010-11-22 2011-04-06 北京北信源软件股份有限公司 Method for identifying credible progress
CN102542182A (en) * 2010-12-15 2012-07-04 苏州凌霄科技有限公司 Device and method for controlling mandatory access based on Windows platform
CN104735091A (en) * 2015-04-17 2015-06-24 三星电子(中国)研发中心 Linux system-based user access control method and device
CN106295319A (en) * 2016-08-02 2017-01-04 中标软件有限公司 Operating system safety protecting method
CN109063480A (en) * 2018-07-25 2018-12-21 郑州云海信息技术有限公司 A kind of the executable file starting control method and system of oneself signature

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
操作系统安全技术研究及优化设计;王昆;《中国优秀博硕士学位论文全文数据库(硕士) 信息科技辑》;20060615(第06期);第32-35,58-60页 *

Also Published As

Publication number Publication date
CN111259348A (en) 2020-06-09

Similar Documents

Publication Publication Date Title
CN111259348B (en) Method and system for safely running executable file
US9860263B2 (en) System and method for assessing data objects on mobile communications devices
JP6019484B2 (en) Systems and methods for server-bound malware prevention
US9740852B2 (en) System and method for assessing an application to be installed on a mobile communications device
US9100389B2 (en) Assessing an application based on application data associated with the application
US8875289B2 (en) System and method for preventing malware on a mobile communication device
US7530106B1 (en) System and method for security rating of computer processes
KR101565230B1 (en) System and method for preserving references in sandboxes
KR20180097527A (en) Dual Memory Introspection to Protect Multiple Network Endpoints
EP3168770B1 (en) Executing process monitoring
US9811665B1 (en) Static and dynamic security analysis of apps for mobile devices
JP6134395B2 (en) System and method for risk-based rules for application control
JP2014509421A (en) Security measures for extended USB protocol stack of USB host system
US20210264030A1 (en) Integrated application analysis and endpoint protection
US20230134122A1 (en) Continuous risk assessment for electronic protected health information
Chaugule et al. A specification based intrusion detection framework for mobile phones
RU101233U1 (en) SYSTEM OF RESTRICTION OF RIGHTS OF ACCESS TO RESOURCES BASED ON THE CALCULATION OF DANGER RATING
JP2006107505A (en) Api for access authorization
US9219728B1 (en) Systems and methods for protecting services
US8640242B2 (en) Preventing and detecting print-provider startup malware
CN111783087A (en) Method and device for detecting malicious execution of executable file, terminal and storage medium
Chang et al. Towards a multilayered permission‐based access control for extending Android security
Kim et al. Linux based unauthorized process control
He Research on Security Architecture of Mobile System
Zhao et al. Development Analysis of Trusted Computing Technology of Smart Mobile Terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant