CN112131565A - Transparent encryption and decryption anti-cracking method and management equipment thereof - Google Patents
Transparent encryption and decryption anti-cracking method and management equipment thereof Download PDFInfo
- Publication number
- CN112131565A CN112131565A CN202011032042.5A CN202011032042A CN112131565A CN 112131565 A CN112131565 A CN 112131565A CN 202011032042 A CN202011032042 A CN 202011032042A CN 112131565 A CN112131565 A CN 112131565A
- Authority
- CN
- China
- Prior art keywords
- trust
- module
- cracking
- decryption
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 298
- 238000005336 cracking Methods 0.000 title claims abstract description 136
- 238000001514 detection method Methods 0.000 claims abstract description 22
- 238000005516 engineering process Methods 0.000 claims description 27
- 230000002265 prevention Effects 0.000 claims description 25
- 238000013475 authorization Methods 0.000 claims description 4
- 238000012544 monitoring process Methods 0.000 abstract description 7
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 5
- 238000001914 filtration Methods 0.000 description 2
- 238000002347 injection Methods 0.000 description 2
- 239000007924 injection Substances 0.000 description 2
- 230000006870 function Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a transparent encryption and decryption anti-cracking method and management equipment thereof, wherein the method comprises the following steps: establishing a first anti-cracking module, monitoring each non-trust process by the first anti-cracking module, performing trust detection on an executable program generated by each non-trust process, and determining the non-trust process corresponding to the executable program which passes the trust detection as a malicious process; and a second anti-cracking module is created, monitors each non-trust process, judges whether a target module injected by the non-trust process is a trust module or not, and determines the target module judged to be the trust process as a malicious process. The invention has the beneficial effects that: meanwhile, various processes of maliciously reading the plaintext content of the encrypted file are avoided, so that the safety of the office file is effectively ensured.
Description
Technical Field
The invention relates to the field of file encryption and decryption, in particular to a transparent encryption and decryption anti-cracking method and management equipment thereof.
Background
At present, office business systems of various companies usually adopt a transparent encryption and decryption mode to ensure the security of electronic documents of the companies. The transparent process means that the encryption and decryption process is not perceived by a user in the process of operating a file by the user, and the whole encryption and decryption operation process is automatically completed; the transparent encryption and decryption system can judge whether the file needs to be encrypted and decrypted according to preset strategies comprising the file type to be protected, an encryption algorithm and an encryption key, and automatically complete the encryption and decryption of the file.
However, the current encryption and decryption products have a trusted process list, and the trusted process list has rules. When a lawbreaker needs to acquire the plaintext content of the encrypted file, the encryption and decryption product can be broken through the rule of acquiring the credit, so that the plaintext content of the encrypted file is acquired.
The plaintext content of the encrypted file can be obtained by the lawless person at present through the following method:
firstly, pretending to be a credit process, and reading the plaintext content of an encrypted file;
second, injecting or loading into a trusted process, reads the plaintext content of the encrypted file.
Therefore, the encryption and decryption products in the prior art cannot effectively prevent the document, the program and the like from being maliciously tampered, so that the security guarantee of the file is low.
Disclosure of Invention
Aiming at the problems in the prior art, a transparent encryption and decryption anti-cracking method and a management device thereof are provided.
The specific technical scheme is as follows:
a transparent encryption and decryption anti-cracking method comprises the following steps:
step S1, a first anti-cracking module is created, the first anti-cracking module monitors each non-trust process, trust detection is carried out on an executable program generated by each non-trust process, and the non-trust process corresponding to the executable program which passes the trust detection is determined to be a malicious process;
step S2, a second anti-cracking module is created, the second anti-cracking module monitors each non-trust process, the second anti-cracking module judges whether a target module injected by the non-trust process is a trust module, and the target module judged as the trust module is determined as a malicious process.
Preferably, the method for preventing transparent encryption and decryption from being cracked, wherein the step S1 specifically includes: when the non-trust process is started, a first anti-cracking module is injected into the non-trust process, the first anti-cracking module modifies a corresponding interface by adopting a hook technology, the first anti-cracking module judges whether an executable program obtained by the non-trust process by adopting the corresponding interface passes trust detection or not, and the non-trust process corresponding to the executable program passing the trust detection is determined as a malicious process.
Preferably, the transparent encryption and decryption method is a method for preventing cracking, wherein,
step S1 specifically includes the following steps:
step S11, when the non-trust process is started, a first anti-cracking module is injected into the non-trust process, and the first anti-cracking module modifies a first interface by adopting a hook technology;
step S12, the first anti-cracking module judges whether the executable program generated by the non-trust process by adopting the first interface is the trust program;
if so, determining that the non-trust process is a malicious process;
if not, determining that the non-trusted process is a non-malicious process.
Preferably, the transparent encryption and decryption method is a method for preventing cracking, wherein,
step S1 specifically includes the following steps:
step S13, when the non-trust process is started, a first anti-cracking module is injected into the non-trust process, and the first anti-cracking module modifies a second interface by adopting a hook technology;
step S14, the attribute characteristics of the executable program are modified by the non-trust process by adopting a second interface;
step S15, the first anti-cracking module carries out credit granting check on the modified attribute characteristics;
when the attribute characteristics pass trust checking, determining that the non-trust process is a malicious process;
and when the attribute characteristics do not pass the trust check, determining that the non-trusted process is a non-malicious process.
Preferably, the transparent encryption and decryption method is a method for preventing cracking, wherein,
step S1 further includes the steps of:
step S16, when the non-trust process is started, a first anti-cracking module is adopted to detect each item of trust information in the non-trust process, and the trust information comprises the trust information of the executable program;
when all the credit information in the non-credit process passes the credit detection, the non-credit process is proved to be an authorization process;
and when at least one item of trust information in the non-trust process fails to pass the detection, the non-trust process is proved to be a malicious process.
Preferably, the transparent encryption and decryption method is a method for preventing cracking, wherein,
step S2 specifically includes the following steps:
step S21, when the non-trust process is started, a second anti-cracking module is injected into the non-trust process, and the second anti-cracking module adopts a hook technology to modify a third interface;
step S22, the non-trust process adopts a third interface to access the target module;
step S23, the second anti-cracking module judges whether the target module is a credit granting module;
if so, determining that the non-trusted process corresponding to the target module is a malicious process;
if not, determining that the non-trust process corresponding to the target module is a non-malicious process.
Preferably, the transparent encryption and decryption method is a method for preventing cracking, wherein,
step S2 specifically includes the following steps:
step S24, when the credit granting process is started, injecting a second anti-cracking module into the credit granting process, wherein the second anti-cracking module adopts a hook technology to modify a fourth interface;
step S25, the second anti-cracking module judges whether the module loaded by the fourth interface is legal or not;
if yes, allowing the trust process to continue loading by adopting a fourth interface;
and if not, the credit granting process is not allowed to continue loading by adopting the fourth interface.
Preferably, the method for preventing transparent encryption and decryption from being cracked further comprises the following steps:
and step S3, creating a third cracking prevention module, and arranging the third cracking prevention module on the upper layer of the cracking prevention system so as to encrypt and decrypt the office files through the third cracking prevention module.
Preferably, the transparent encryption and decryption method is a method for preventing cracking, wherein,
step S3 includes: the third prevention cracking module is arranged on the application layer, and the office files are encrypted and decrypted by the third prevention cracking module through a hook technology.
The transparent encryption and decryption anti-cracking management device comprises a memory and a processor, wherein a transparent encryption and decryption anti-cracking program capable of running on the processor is stored on the memory, and the transparent encryption and decryption anti-cracking program can realize the transparent encryption and decryption anti-cracking method when being executed by the processor.
The technical scheme has the following advantages or beneficial effects:
when the malicious process reads the plaintext content of the encrypted file by being disguised as a credit granting process, the executable program generated by each non-credit granting process can be monitored through the first anti-cracking module so as to identify the malicious process disguised as the credit granting process;
when the malicious process reads the plaintext content of the encrypted file by injecting or loading the malicious process into the trusted process, monitoring the injected target module of each non-trusted process through a first anti-cracking module so as to identify the malicious module injected or loaded into the trusted process;
when the malicious process reads the plaintext content of the encrypted file through the filter driving layer, the third cracking prevention module arranged on the upper layer of the cracking prevention system can be used for preventing the malicious process from reading the plaintext content of the encrypted file through the filter driving layer.
And further, a plurality of methods for maliciously reading the plaintext contents of the encrypted file are avoided, so that the safety of the office file is effectively ensured.
Drawings
Embodiments of the present invention will now be described more fully hereinafter with reference to the accompanying drawings. The drawings are, however, to be regarded as illustrative and explanatory only and are not restrictive of the scope of the invention.
FIG. 1 is a flow chart of an embodiment of a transparent encryption and decryption tamper-resistant method of the present invention;
FIG. 2 is a functional block diagram of a masquerading trust process of the prior art;
3A-3C are functional block diagrams of step S1 of an embodiment of the transparent encryption and decryption tamper-resistant method of the present invention;
FIG. 4 is a functional block diagram of a prior art masquerading injection or loading into a trusted process;
5A-5B are functional block diagrams of step S2 of an embodiment of the transparent encryption and decryption tamper-resistant method of the present invention;
fig. 6 is a schematic block diagram of the anti-cracking system of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
The invention is further described with reference to the following drawings and specific examples, which are not intended to be limiting.
The invention comprises a method for preventing transparent encryption and decryption from cracking, which comprises the following steps as shown in figure 1:
step S1, a first anti-cracking module is created, the first anti-cracking module monitors each non-trust process, trust detection is carried out on an executable program generated by each non-trust process, and the non-trust process corresponding to the executable program which passes the trust detection is determined to be a malicious process;
step S2, a second anti-cracking module is created, the second anti-cracking module monitors each non-trust process, the second anti-cracking module judges whether a target module injected by the non-trust process is a trust module, and the target module judged as the trust module is determined as a malicious process.
In the above embodiment, step S1 and step S2 are in parallel relationship, i.e., they may be executed sequentially or simultaneously;
when the malicious process reads the plaintext content of the encrypted file by masquerading as a trust process, the malicious process masquerading as a trust process may be identified through step S1;
when a malicious process reads the plaintext contents of the encrypted file by being injected or loaded into the trusted process, the malicious process injected into the trusted process may be identified through step S2.
In the present application, step S1 and step S2 may be adopted simultaneously to avoid malicious reading of the plaintext content of the encrypted file, thereby effectively ensuring the security of the office file.
Further, when the malicious process creates or modifies the disguised credit granting process, the disguised credit granting process enters the transparent encryption and decryption step as the real credit granting process, so that the disguised credit granting process of the malicious process can read the plaintext content of the encrypted file, as shown in fig. 2.
Further, in the above embodiment, step S1 specifically includes: when the non-trust process is started, a first anti-cracking module is injected into the non-trust process, the first anti-cracking module modifies a corresponding interface by adopting a hook technology, the first anti-cracking module judges whether an executable program obtained by the non-trust process by adopting the corresponding interface passes trust detection or not, and the non-trust process corresponding to the executable program passing the trust detection is determined as a malicious process.
At this time, the non-trusted process may be prohibited from creating a new trusted process by processing from the root in any of the following two preferable embodiments of step S1;
further, as a first embodiment of the preferred step S1,
as shown in figure 3A of the drawings,
when a malicious process wants to create a trust process, the malicious process can directly create a new executable program by adopting a first interface, and the new executable program is a malicious process;
step S1 at this time may specifically include the following steps:
step S11, when the non-trust process is started, a first anti-cracking module is injected into the non-trust process, and the first anti-cracking module modifies a first interface by adopting a hook technology;
step S12, the first anti-cracking module judges whether the executable program generated by the non-trust process by adopting the first interface is the trust program;
if so, determining that the non-trust process is a malicious process;
if not, determining that the non-trusted process is a non-malicious process.
Hook technology (hook technology) is a special message processing mechanism that can monitor various event messages in a system or process, intercept messages sent to a target window and process the messages. Therefore, the hooks can be customized in the system and used for monitoring the occurrence of specific events in the system to complete specific functions.
In the preferred embodiment, when the non-trusted process is started, the first anti-cracking module is injected into the non-trusted process, so that the monitoring of the non-trusted process through the first anti-cracking module is realized;
the first anti-cracking module modifies a first Interface by adopting a hook technology, the first Interface is an Interface (API) for writing an executable file, so that a non-trusted process can write the executable file through the first Interface to generate an executable program, and because the first Interface is obtained by modifying the first anti-cracking module by adopting the hook technology, only the executable file generated by a malicious process through the first Interface can be forged into a trusted program, and the executable file generated by the non-malicious process through the first Interface is the non-trusted program; therefore, the first anti-cracking module judges whether the executable program is a credit granting program to determine whether the non-credit granting process is a malicious process; thereby forbidding the malicious process to create a new trust process.
Further, when the malicious process creates or modifies the disguised credit granting process, the disguised credit granting process enters the transparent encryption and decryption step as the real credit granting process, so that the disguised credit granting process of the malicious process can read the plaintext content of the encrypted file, as shown in fig. 2.
In this case, the feature attribute of the executable program may be prohibited from being modified by the non-trusted process by processing from the root in the second embodiment of step S1;
further, as a second preferred embodiment of step S1, as shown in fig. 3B,
when the malicious process wants to modify the feature attribute of the executable program, the malicious process can obtain the modified executable program by modifying the feature attribute of the executable program through a second interface, and the modified executable program is the malicious process;
step S1 at this time may specifically include the following steps:
step S13, when the non-trust process is started, a first anti-cracking module is injected into the non-trust process, and the first anti-cracking module modifies a second interface by adopting a hook technology;
step S14, the attribute characteristics of the executable program are modified by the non-trust process by adopting a second interface;
step S15, the first anti-cracking module carries out credit granting check on the modified attribute characteristics;
when the attribute characteristics pass trust checking, determining that the non-trust process is a malicious process;
and when the attribute characteristics do not pass the trust check, determining that the non-trusted process is a non-malicious process.
In the preferred embodiment, when the non-trusted process is started, the first anti-cracking module is injected into the non-trusted process, so that the monitoring of the non-trusted process through the first anti-cracking module is realized;
the first anti-cracking module modifies the second interface by adopting a hook technology, the second interface is an interface for modifying the attribute characteristics of the executable program, so that the attribute characteristics of the executable program can be modified by the non-trust process through the second interface, and because the second interface is obtained by modifying the first anti-cracking module by adopting the hook technology, only the attribute characteristics of the executable program modified by the malicious process through the second interface can be checked by trust, but the attribute characteristics of the executable program modified by the non-malicious process through the second interface cannot be checked by trust; therefore, when the first anti-cracking module judges the modified attribute characteristics, whether the non-trusted process is a malicious process or not can be determined through trusted inspection; thereby forbidding the malicious process to create a new trust process.
Further, when the malicious process creates or modifies the disguised credit granting process, the disguised credit granting process enters the transparent encryption and decryption step as the real credit granting process, so that the disguised credit granting process of the malicious process can read the plaintext content of the encrypted file, as shown in fig. 2.
In this case, the detection of each item of trust information in the trust process may be strengthened by the third embodiment of step S1;
further, as a third preferred embodiment of step S1, as shown in fig. 3C,
step S1 further includes the steps of:
step S16, when the non-trust process is started, a first anti-cracking module is adopted to detect each item of trust information in the non-trust process, and the trust information comprises the trust information of the executable program;
when all the credit information in the non-credit process passes the credit detection, the non-credit process is proved to be an authorization process;
and when at least one item of trust information in the non-trust process fails to pass the detection, the non-trust process is proved to be a malicious process.
In the above preferred embodiment, the trust information may include: process names, feature attributes, trust information for the executable program, file fingerprints, etc., and the trust information for the executable program may include executable program signatures. And only when all the credit information passes the credit detection, the non-credit process is proved to be an authorization process.
Further, when the malicious module is injected or loaded into the trust process, the trust process injected or loaded with the malicious module enters the transparent encryption and decryption step, so that the trust process injected or loaded with the malicious module can read the plaintext content of the encrypted file, as shown in fig. 4.
Remote injection of malicious modules can now be prevented by the first embodiment of the following preferred step S2;
further, as a first preferred embodiment of step S2, as shown in fig. 5A,
when the malicious process wants to inject remotely, step S2 may specifically include the following steps:
step S21, when the non-trust process is started, a second anti-cracking module is injected into the non-trust process, and the second anti-cracking module adopts a hook technology to modify a third interface;
step S22, the non-trust process adopts a third interface to access the target module;
step S23, the second anti-cracking module judges whether the target module is a credit granting module;
if so, determining that the non-trusted process corresponding to the target module is a malicious process;
if not, determining that the non-trust process corresponding to the target module is a non-malicious process.
In the preferred embodiment, when the non-trusted process is started, the second anti-cracking module is injected into the non-trusted process, so that the monitoring of the non-trusted process through the second anti-cracking module is realized;
the second anti-cracking module modifies a third interface by adopting a hook technology, the third interface is an interface injected remotely, so that a non-trust process can be injected into a target module through the third interface, and because the third interface is obtained by modifying the second anti-cracking module by adopting the hook technology, only the target module injected by a malicious process through the third interface can be a trust program, and the target module injected by the non-malicious process through the third interface is the non-trust process; therefore, the second anti-cracking module judges whether the target module is a credit granting module to determine whether the non-credit granting process is a malicious process; thereby prohibiting the malicious process from injecting a new trusted process (which is also a malicious process).
Further, when the malicious module is injected or loaded into the trust process, the trust process injected or loaded with the malicious module enters the transparent encryption and decryption step, so that the trust process injected or loaded with the malicious module can read the plaintext content of the encrypted file, as shown in fig. 4.
At this time, loading of a malicious module can be prevented by either of the following two preferred embodiments of step S2;
further, as a second preferred embodiment of step S2, as shown in fig. 5B,
when the malicious module is obtained by loading, the adopted second anti-cracking module can be set as a second anti-cracking module;
step S2 specifically includes the following steps:
step S24, when the credit granting process is started, injecting a second anti-cracking module into the credit granting process, wherein the second anti-cracking module adopts a hook technology to modify a fourth interface;
step S25, the second anti-cracking module judges whether the module loaded by the fourth interface is legal or not;
if yes, allowing the trust process to continue loading by adopting a fourth interface;
and if not, the credit granting process is not allowed to continue loading by adopting the fourth interface.
In the preferred embodiment, when the non-trusted process is started, the second anti-cracking module is injected into the non-trusted process, so that the monitoring of the non-trusted process through the second anti-cracking module is realized;
the second anti-cracking module modifies a fourth interface by using a hook technology, and the fourth interface is an interface of a loading module, so that a non-trusted process can load the module through the fourth interface; therefore, the second anti-cracking module judges whether the loaded module is legal or not to determine whether the non-trust process continues to load or not; therefore, the malicious process is prevented from loading the malicious module.
Further, the lawbreaker can also read the plaintext content of the encrypted file through the filter driver layer, that is, when the malicious process reads the plaintext content of the encrypted file through the filter driver layer, the malicious process can be prevented from reading the plaintext content of the encrypted file through step S3.
Further, in the above embodiment, in step S3, a third cracking prevention module is created, and the third cracking prevention module is disposed on an upper layer of the cracking prevention system, so that the office file is encrypted and decrypted by the third cracking prevention module.
Further, as a preferred embodiment, step S3 includes: the third prevention cracking module is arranged on the application layer, and the office files are encrypted and decrypted by the third prevention cracking module through a hook technology.
In the above embodiment, step S1, step S2, and step S3 are in a parallel relationship;
when the malicious process reads the plaintext content of the encrypted file through the filter driver layer, it can be avoided by step S3 that the malicious process reads the plaintext content of the encrypted file through the filter driver layer.
In the above preferred embodiment, as shown in fig. 6, the anti-cracking system sequentially includes an application layer, a first layer filter driver layer, a second layer filter driver layer … …, an nth layer filter driver layer, and an encrypted file layer; the upper filtering driving layer can acquire the file content returned by the lower filtering driving layer and the plaintext content written by the application program; the third cracking prevention module can be arranged in the application layer, so that malicious processes can be prevented from acquiring plaintext contents of the encrypted file through other filter driving layers.
The transparent encryption and decryption anti-cracking management device comprises a memory and a processor, wherein a transparent encryption and decryption anti-cracking program capable of running on the processor is stored on the memory, and the transparent encryption and decryption anti-cracking program can realize the transparent encryption and decryption anti-cracking method when being executed by the processor.
The specific implementation of the transparent encryption/decryption anti-cracking management device of the invention is basically the same as that of each embodiment of the transparent encryption/decryption anti-cracking method, and is not described herein again.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention.
Claims (10)
1. A transparent encryption and decryption anti-cracking method is characterized by comprising the following steps:
step S1, a first anti-cracking module is created, the first anti-cracking module monitors each non-trust process, trust detection is carried out on an executable program generated by each non-trust process, and the non-trust process corresponding to the executable program which passes the trust detection is determined as a malicious process;
step S2, a second anti-cracking module is created, the second anti-cracking module monitors each non-trust process, the second anti-cracking module judges whether a target module injected by the non-trust process is a trust module, and the target module judged as the trust module is determined as a malicious process.
2. The method for preventing transparent encryption and decryption as claimed in claim 1, wherein the step S1 specifically comprises: when the non-trust process is started, the first anti-cracking module is injected into the non-trust process, the first anti-cracking module modifies a corresponding interface by adopting a hook technology, the first anti-cracking module judges whether the executable program obtained by the non-trust process by adopting the corresponding interface passes trust detection or not, and the non-trust process corresponding to the executable program passing the trust detection is determined as a malicious process.
3. The method of transparent encryption and decryption to prevent hacking as claimed in claim 2,
step S1 specifically includes the following steps:
step S11, when the non-trust process is started, the first anti-cracking module is injected into the non-trust process, and the first anti-cracking module adopts a hook technology to modify a first interface;
step S12, the first anti-cracking module judges whether the executable program generated by the non-trust process by adopting the first interface is the trust program;
if so, determining that the non-trusted process is a malicious process;
if not, determining that the non-trusted process is a non-malicious process.
4. The method of transparent encryption and decryption to prevent hacking as claimed in claim 2,
step S1 specifically includes the following steps:
step S13, when the non-trust process is started, the first anti-cracking module is injected into the non-trust process, and the first anti-cracking module adopts a hook technology to modify a second interface;
step S14, the non-trust process adopts the second interface to modify the attribute characteristics of the executable program;
step S15, the first anti-cracking module carries out credit granting check on the modified attribute characteristics;
when the attribute characteristics pass trust checking, determining that the non-trust process is a malicious process;
and when the attribute characteristics do not pass trust checking, determining that the non-trust process is a non-malicious process.
5. The transparent encryption/decryption method of claim 1,
step S1 further includes the steps of:
step S16, when the non-trust process is started, the first anti-cracking module is adopted to detect each trust information in the non-trust process, and the trust information comprises the trust information of the executable program;
when all the credit information in the non-credit process passes the credit detection, the non-credit process is proved to be an authorization process;
and when at least one item of the credit information in the non-credit process fails to pass the detection, the non-credit process is proved to be a malicious process.
6. The transparent encryption/decryption method of claim 1,
step S2 specifically includes the following steps:
step S21, when the non-trust process is started, the second anti-cracking module is injected into the non-trust process, and the second anti-cracking module adopts a hook technology to modify a third interface;
step S22, the non-trust process adopts the third interface to access the target module;
step S23, the second anti-cracking module judges whether the target module is a credit granting module;
if so, determining that the non-trusted process corresponding to the target module is a malicious process;
if not, determining that the non-trust process corresponding to the target module is a non-malicious process.
7. The transparent encryption/decryption method of claim 1,
step S2 specifically includes the following steps:
step S24, when the trust process is started, the second anti-cracking module is injected into the trust process, and the second anti-cracking module adopts hook technology to modify a fourth interface;
step S25, the second anti-cracking module judges whether the module loaded by the fourth interface is legal or not;
if yes, allowing the trust process to continue loading by adopting the fourth interface;
and if not, the credit granting process is not allowed to continue loading by adopting the fourth interface.
8. The method of claim 1, further comprising:
and step S3, creating a third cracking prevention module, and arranging the third cracking prevention module on the upper layer of the cracking prevention system so as to encrypt and decrypt the office file through the third cracking prevention module.
9. The transparent encryption/decryption tamper-resistant method according to claim 8,
the step S3 includes: the third cracking prevention module is arranged on an application layer, so that the office file is encrypted and decrypted by the third cracking prevention module through a hook technology.
10. A transparent encryption and decryption cracking prevention management device, which comprises a memory and a processor, wherein the memory stores a transparent encryption and decryption cracking prevention program capable of running on the processor, and the transparent encryption and decryption cracking prevention program realizes the transparent encryption and decryption cracking prevention method according to any one of claims 1 to 9 when executed by the processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011032042.5A CN112131565A (en) | 2020-09-27 | 2020-09-27 | Transparent encryption and decryption anti-cracking method and management equipment thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011032042.5A CN112131565A (en) | 2020-09-27 | 2020-09-27 | Transparent encryption and decryption anti-cracking method and management equipment thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112131565A true CN112131565A (en) | 2020-12-25 |
Family
ID=73839950
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011032042.5A Pending CN112131565A (en) | 2020-09-27 | 2020-09-27 | Transparent encryption and decryption anti-cracking method and management equipment thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112131565A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104156662A (en) * | 2014-08-28 | 2014-11-19 | 北京奇虎科技有限公司 | Process monitoring method and device and intelligent terminal |
| CN104660606A (en) * | 2015-03-05 | 2015-05-27 | 中南大学 | Method for remotely monitoring safety of application program |
| CN109657490A (en) * | 2018-11-20 | 2019-04-19 | 福建亿榕信息技术有限公司 | A kind of transparent encryption and decryption method and system of office document |
| CN109753791A (en) * | 2018-12-29 | 2019-05-14 | 北京奇虎科技有限公司 | Malware detection methods and device |
| CN110443050A (en) * | 2019-07-26 | 2019-11-12 | 武汉天喻软件股份有限公司 | A kind of processing method and system of forgery process in file transparent encrypting and deciphering system |
-
2020
- 2020-09-27 CN CN202011032042.5A patent/CN112131565A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104156662A (en) * | 2014-08-28 | 2014-11-19 | 北京奇虎科技有限公司 | Process monitoring method and device and intelligent terminal |
| CN104660606A (en) * | 2015-03-05 | 2015-05-27 | 中南大学 | Method for remotely monitoring safety of application program |
| CN109657490A (en) * | 2018-11-20 | 2019-04-19 | 福建亿榕信息技术有限公司 | A kind of transparent encryption and decryption method and system of office document |
| CN109753791A (en) * | 2018-12-29 | 2019-05-14 | 北京奇虎科技有限公司 | Malware detection methods and device |
| CN110443050A (en) * | 2019-07-26 | 2019-11-12 | 武汉天喻软件股份有限公司 | A kind of processing method and system of forgery process in file transparent encrypting and deciphering system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9305159B2 (en) | Secure system for allowing the execution of authorized computer program code | |
| US8245042B2 (en) | Shielding a sensitive file | |
| US20140230012A1 (en) | Systems, methods, and media for policy-based monitoring and controlling of applications | |
| CN101324913B (en) | Method and apparatus for protecting computer file | |
| US10521613B1 (en) | Adaptive standalone secure software | |
| CN112434270B (en) | Method and system for enhancing data security of computer system | |
| CN116595573B (en) | Data security reinforcement method and device for traffic management information system | |
| US20240163264A1 (en) | Real-time data encryption/decryption security system and method for network-based storage | |
| US20240070303A1 (en) | File Encapsulation Validation | |
| CN112131565A (en) | Transparent encryption and decryption anti-cracking method and management equipment thereof | |
| CN112131566A (en) | Transparent encryption and decryption anti-cracking method for file and management equipment thereof | |
| Saxena et al. | Security and privacy issues in UK healthcare | |
| Viswanathan et al. | Dynamic monitoring of website content and alerting defacement using trusted platform module | |
| CN111222125A (en) | Client and server safety protection system of enterprise browser | |
| CN113408004A (en) | Ethernet-based asset information security protection method and device | |
| Shields | An introduction to information assurance | |
| da Silveira Serafim et al. | Restraining and repairing file system damage through file integrity control | |
| Dave Blackshaw | Information Security-Glossary | |
| Kemmerer | An Introduction to Computer Security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |