CN112597487A - Netlike-based access right management method, device and equipment - Google Patents
Netlike-based access right management method, device and equipment Download PDFInfo
- Publication number
- CN112597487A CN112597487A CN202011554987.3A CN202011554987A CN112597487A CN 112597487 A CN112597487 A CN 112597487A CN 202011554987 A CN202011554987 A CN 202011554987A CN 112597487 A CN112597487 A CN 112597487A
- Authority
- CN
- China
- Prior art keywords
- program
- access
- net
- current thread
- thread execution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a net-based access right management method, which comprises the following steps: acquiring current thread execution stack information of an access program; analyzing whether the current thread execution stack information has a calling authority or not; if the calling authority exists, reading code signature information of a program set corresponding to the access program, otherwise, stopping the operation of the access program or prompting abnormal operation; and verifying whether the code signature information is in a preset white list, if so, continuing to execute the access program. The method can prevent the program code method from being maliciously used by a third-party program during program running, and ensure the safety of program codes and data.
Description
Technical Field
The invention relates to the technical field of software processing, in particular to a net-based access right management method, a net-based access right management device and equipment.
Background
The net-based program has rich code runtime information, including information such as classes, methods and attributes of specific source codes, and is very easy to be stolen from the outside. Although the program can be prevented from being maliciously modified by the code obfuscation technology, it still cannot be prevented that a third party acquires the program data in a code injection manner, so that important codes in the program are used by the third party program code to cause data leakage.
Therefore, there is a need to propose a simpler, more efficient and more secure way to protect the management of access rights based on executable programs under the NET.
Disclosure of Invention
The invention provides a net-based access right management method, a net-based access right management device and a net-based access right management device, which can ensure that when a program runs, program code methods are prevented from being maliciously used by third-party programs, namely, any non-trusted code cannot access specific methods in the program, so that the safety of the program code and data is ensured.
In order to achieve the above object, the present invention provides a net-based access right management method, comprising:
acquiring current thread execution stack information of an access program;
analyzing whether the current thread execution stack information has a calling authority or not;
if the calling authority exists, reading code signature information of a program set corresponding to the access program, otherwise, stopping the operation of the access program or prompting abnormal operation;
and verifying whether the code signature information is in a preset white list, if so, continuing to execute the access program.
Preferably, before the obtaining of the stack information of the current thread of the access program, the method further includes:
defining a specific program having an identifier corresponding to the access right;
authorizing access to a specified object of the particular program.
Preferably, the specific program is defined by the Attribute class provided by the net.
Preferably, the obtaining of the current thread execution stack information of the access program further includes:
the create instance is performed using the provided StackTrace class of the net to obtain the current thread execution stack information of the accessor.
Preferably, the analyzing whether the current thread execution stack information has a call authority further includes:
and circularly detecting each acquired StackFrame in the current thread execution stack through the StackTrace.GetFrames, and jumping out of the loop and continuously executing subsequent steps until the detected StackFrame has a calling right.
Preferably, the verifying whether the code signature information is in a preset white list further includes:
and judging whether the code signature information is matched with the corresponding digital certificate information.
To achieve the above object, the present invention also provides a net-based access right management apparatus, comprising:
the acquiring unit is used for acquiring current thread execution stack information of the access program;
the analysis unit is used for analyzing whether the current thread execution stack information has a calling authority or not;
the reading unit is used for reading the code signature information of the program set corresponding to the access program if the calling authority exists, and otherwise, stopping the operation of the access program or prompting abnormal operation;
and the verification unit is used for verifying whether the code signature information is in a preset white list or not, and if so, continuing to execute the access program.
Preferably, the apparatus further comprises:
a definition unit for defining a specific program having an identifier corresponding to the access right;
an authorization unit configured to authorize access to a specified object of the specific program.
To achieve the above object, the present invention further proposes a net-based access right management device, comprising a processor, a memory, and a computer program stored in the memory, the computer program being capable of being executed by the processor to implement a net-based access right management method as described in the above embodiments.
In order to achieve the above object, the present invention further provides a computer-readable storage medium, which is characterized in that the computer-readable storage medium includes a stored computer program, wherein when the computer program runs, the apparatus controlling the computer-readable storage medium performs the method for managing the access right based on the network according to the above embodiment.
In summary, in the above solution, current thread execution stack information of an access program is obtained, whether the current thread execution stack information has a call authority is analyzed, if the call authority exists, code signature information of a program set corresponding to the access program is read, otherwise, operation of the access program is suspended or an abnormal operation is prompted, whether the code signature information is in a preset white list is verified, if the code signature information is in the preset white list, the access program is continuously executed, and it can be ensured that a program code method is prevented from being maliciously used by a third-party program during program operation, that is, any untrusted code cannot access a specific method in the program, so as to ensure safety of program codes and data.
In addition, the specific program with the access right corresponding to the identifier is defined, the specified object for accessing the specific program is authorized, any access program calling the specific program can be authorized, and the safety of program codes and data can be ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart illustrating a net-based access right management method according to an embodiment of the present invention.
Fig. 2 is a flowchart illustrating a net-based access right management method according to another embodiment of the present invention.
Fig. 3 is a schematic structural diagram of a net-based access right management device according to an embodiment of the present invention.
Fig. 4 is a schematic structural diagram of a net-based access right management device according to another embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings of the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention. Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
The present invention will be described in detail with reference to the following examples.
The invention provides a net-based access right management method, which can prevent a program code method from being maliciously used by a third-party program when the program runs, namely, any untrusted code cannot access a specific method in the program, so that the safety of the program code and data is ensured.
Fig. 1 is a schematic flow chart of a net-based access right management method according to an embodiment of the present invention.
In this embodiment, the method includes:
and S11, acquiring the current thread execution stack information of the access program.
Before the obtaining of the stack information of the current thread of the access program, the method further includes:
defining a specific program having an identifier corresponding to the access right;
authorizing access to a specified object of the particular program.
In the embodiment, a permission Attribute class is defined through an Attribute function provided by the net, and the Attribute class is used for identifying whether a specified method has a calling permission for accessing a specific program; authorization is then performed using the defined permission Attribute class.
Wherein, the obtaining of the current thread execution stack information of the access program further includes:
the create instance is performed using the provided StackTrace class of the net to obtain the current thread execution stack information of the accessor.
And S12, analyzing whether the current thread execution stack information has a calling authority.
Wherein, the analyzing whether the current thread execution stack information has a call authority further includes:
and circularly detecting each acquired StackFrame in the current thread execution stack through the StackTrace.GetFrames, and jumping out of the loop and continuously executing subsequent steps until the detected StackFrame has a calling right.
In the embodiment, firstly, an instance is created by using a StackTrace class provided by net to acquire the current thread execution stack information; each StackFrame in the current thread execution stack is then retrieved through stacktrace.
Specifically, the method comprises the following steps: acquiring current thread execution stack information MethodBase of a corresponding access program through a StackFrame, acquiring Attributes members of the access program through the MethodBase, checking whether the Attributes members contain authority Attribute, namely, matching whether the type of the object is consistent with the authority Attribute type and the authority Attribute identification of the object by enumerating sub-item Attribute objects of the Attribute members, if not, taking the next StackFrame through StackTrace. GetFrames to continue checking, and if so, jumping out of circulation.
And S13, if the calling authority exists, reading the code signature information of the program set corresponding to the access program, otherwise, stopping the operation of the access program or prompting abnormal operation.
In this embodiment, when the check in step S12 is passed, after recording the current thread execution stack information MethodBase of the corresponding access program, the metadata information is acquired by the GetType method provided by the obtained legal MethodBase, and the corresponding Assembly, which is the program set corresponding to the access program code, is further acquired, and then the certificate information is acquired by the getsignercriticate () method provided by the Assembly. In particular, the set of programs must be code signed by a legitimate digital certificate to facilitate authentication of the program. In addition, if the check at step S12 fails, a false is returned directly indicating that the untrusted access program called and exited and cancelled subsequent processing.
And S14, verifying whether the code signature information is in a preset white list, and if so, continuing to execute the access program.
Wherein the verifying whether the code signature information is in a preset white list further comprises:
and judging whether the code signature information is matched with the corresponding digital certificate information.
In this embodiment, the code signature information of the assembly is obtained in step S13, whether the white list exists is searched for, and the corresponding digital certificate information is matched, if so, true is returned, otherwise, false is returned. The white list may be embedded in the program code or stored in an external file, which is not limited in this embodiment.
It can be seen that the above scheme can ensure that the program runs to prevent the program code method from being maliciously used by a third-party program, that is, any untrusted code cannot access a specific method in the program, thereby ensuring the security of the program code and data.
Fig. 2 is a schematic flow chart of a net-based access right management method according to another embodiment of the present invention.
In this embodiment, the method includes:
s21, defining a specific program having an identifier corresponding to the access right.
In the embodiment, a permission Attribute class is defined through an Attribute function provided by the net, and the Attribute class is used for identifying whether a specified method has a calling permission for accessing a specific program; authorization is then performed using the defined permission Attribute class.
In this embodiment, for example, the definition of the Attribute class may be implemented by the following codes, but is not limited thereto (excerpt definition code):
s22, authorizing access to the specified object of the specific program.
In this embodiment, the method authorization is performed by using the defined authority Attribute class, and the authority Attribute and the Attribute identification information need to be filled in through a method name header. For example, authorization may be achieved by, but is not limited to:
in this section of code, [ Access method ("sensitive method B") ] represents authorization to access sensitive method B, where Access method represents the rights Attribute and sensitive method B represents the rights Attribute Attribute identity.
And S23, acquiring the current thread execution stack information of the access program.
As described above in S11, and will not be described herein.
And S24, analyzing whether the current thread execution stack information has a calling authority.
As described above in S12, and will not be described herein.
And S25, if the calling authority exists, reading the code signature information of the program set corresponding to the access program, otherwise, stopping the operation of the access program or prompting abnormal operation.
As described above in S13, and will not be described herein.
And S26, verifying whether the code signature information is in a preset white list, and if so, continuing to execute the access program.
As described above in S14, and will not be described herein.
The invention provides a net-based access right management device which can prevent a program code method from being maliciously used by a third-party program when the program runs, namely, any untrusted code cannot access a specific method in the program, so that the safety of the program code and data is ensured.
Fig. 3 is a schematic structural diagram of a net-based access right management device according to an embodiment of the present invention.
In the present embodiment, the apparatus 30 includes:
and an obtaining unit 31, configured to obtain current thread execution stack information of the access program.
Optionally, the obtaining unit 31 further includes:
the create instance is performed using the provided StackTrace class of the net to obtain the current thread execution stack information of the accessor.
And the analysis unit 32 is configured to analyze whether the current thread execution stack information has a call authority.
Optionally, the parsing unit 32 further includes:
and circularly detecting each acquired StackFrame in the current thread execution stack through the StackTrace.GetFrames, and jumping out of the loop and continuously executing subsequent steps until the detected StackFrame has a calling right.
A reading unit 33, configured to read code signature information of a program set corresponding to the access program if the calling authority exists, and otherwise, suspend operation of the access program or prompt an operation exception.
And the verification unit 34 is configured to verify whether the code signature information is in a preset white list, and if so, continue to execute the access program.
Optionally, the verification unit 34 further includes:
and judging whether the code signature information is matched with the corresponding digital certificate information.
Fig. 4 is a schematic structural diagram of a net-based access right management device according to another embodiment of the present invention. Unlike the previous embodiment, the apparatus 40 of the present embodiment further includes:
a definition unit 41 for defining a specific program having an identification corresponding to the access right;
an authorization unit 42 for authorizing access to the specified object of the specific program.
Each unit module of the apparatus 30/40 can respectively execute the corresponding steps in the above method embodiments, and therefore, the detailed description of each unit module is omitted here, please refer to the description of the corresponding steps above.
Embodiments of the present invention further provide a net-based access right management device, including a processor, a memory, and a computer program stored in the memory, where the computer program is executable by the processor to implement the net-based access right management method according to the above embodiments.
An embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium includes a stored computer program, where when the computer program runs, the apparatus where the computer-readable storage medium is located is controlled to execute the method for managing access rights based on the network according to the foregoing embodiment.
Illustratively, the computer program may be divided into one or more units, which are stored in the memory and executed by the processor to accomplish the present invention. The one or more units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution process of the computer program in the net-based access right management device.
The net access right management device may include, but is not limited to, a processor, a memory. It will be understood by those skilled in the art that the schematic diagram is merely an example of a net-based access rights management device and does not constitute a limitation of a net-based access rights management device, which may include more or fewer components than those shown, or some components in combination, or different components, such as the net-based access rights management device may also include an input output device, a network access device, a bus, etc.
The Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like, the control center of the net-based access rights management device utilizing various interfaces and lines to connect the various parts of the entire net-based access rights management device.
The memory may be used to store the computer programs and/or modules, and the processor may implement the various functions of the network-based access rights management device by running or executing the computer programs and/or modules stored in the memory, as well as by invoking data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. In addition, the memory may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
The net-based access right management device integrated unit can be stored in a computer readable storage medium if it is implemented in the form of a software functional unit and sold or used as a separate product. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc.
The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
It should be noted that the above-described device embodiments are merely illustrative, where the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. In addition, in the drawings of the embodiment of the apparatus provided by the present invention, the connection relationship between the modules indicates that there is a communication connection between them, and may be specifically implemented as one or more communication buses or signal lines. One of ordinary skill in the art can understand and implement it without inventive effort.
The embodiments in the above embodiments can be further combined or replaced, and the embodiments are only used for describing the preferred embodiments of the present invention, and do not limit the concept and scope of the present invention, and various changes and modifications made to the technical solution of the present invention by those skilled in the art without departing from the design idea of the present invention belong to the protection scope of the present invention.
Claims (10)
1. A net-based access right management method, the method comprising:
acquiring current thread execution stack information of an access program;
analyzing whether the current thread execution stack information has a calling authority or not;
if the calling authority exists, reading code signature information of a program set corresponding to the access program, otherwise, stopping the operation of the access program or prompting abnormal operation;
and verifying whether the code signature information is in a preset white list, if so, continuing to execute the access program.
2. The net-based access right management method according to claim 1, further comprising, before said obtaining the current thread execution stack information of the access program:
defining a specific program having an identifier corresponding to the access right;
authorizing access to a specified object of the particular program.
3. The method of claim 2, wherein the specific program is defined by an Attribute class provided by the. net.
4. The method for managing access rights based on the network of claim 1, wherein the obtaining the current thread execution stack information of the access program further comprises:
the create instance is performed using the provided StackTrace class of the net to obtain the current thread execution stack information of the accessor.
5. The net-based access right management method according to claim 1, wherein said analyzing whether there is a call right in said current thread execution stack information further comprises:
and circularly detecting each acquired StackFrame in the current thread execution stack through the StackTrace.GetFrames, and jumping out of the loop and continuously executing subsequent steps until the detected StackFrame has a calling right.
6. The method for managing access rights based on the network of claim 1, wherein the verifying whether the code signature information is in a preset white list further comprises:
and judging whether the code signature information is matched with the corresponding digital certificate information.
7. A net-based access right management apparatus, the apparatus comprising:
the acquiring unit is used for acquiring current thread execution stack information of the access program;
the analysis unit is used for analyzing whether the current thread execution stack information has a calling authority or not;
the reading unit is used for reading the code signature information of the program set corresponding to the access program if the calling authority exists, and otherwise, stopping the operation of the access program or prompting abnormal operation;
and the verification unit is used for verifying whether the code signature information is in a preset white list or not, and if so, continuing to execute the access program.
8. A net-based access rights management device according to claim 7, further comprising:
a definition unit for defining a specific program having an identifier corresponding to the access right;
an authorization unit configured to authorize access to a specified object of the specific program.
9. A net-based access rights management device, comprising a processor, a memory, and a computer program stored in the memory, the computer program being executable by the processor to implement a net-based access rights management method as claimed in any one of claims 1 to 6.
10. A computer-readable storage medium, comprising a stored computer program, wherein the computer program, when executed, controls an apparatus in which the computer-readable storage medium is located to perform a.net-based access right management method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011554987.3A CN112597487B (en) | 2020-12-24 | 2020-12-24 | Netlike-based access right management method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011554987.3A CN112597487B (en) | 2020-12-24 | 2020-12-24 | Netlike-based access right management method, device and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112597487A true CN112597487A (en) | 2021-04-02 |
| CN112597487B CN112597487B (en) | 2023-03-31 |
Family
ID=75202048
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011554987.3A Active CN112597487B (en) | 2020-12-24 | 2020-12-24 | Netlike-based access right management method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112597487B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1298512A (en) * | 1998-02-26 | 2001-06-06 | 太阳微系统公司 | Stack-based access control |
| CN102667712A (en) * | 2009-11-23 | 2012-09-12 | 国际商业机器公司 | System, method and apparatus for simultaneous definition and enforcement of access-control and integrity policies |
| CN102955915A (en) * | 2011-08-23 | 2013-03-06 | 中国移动通信集团公司 | Method and device for controlling safety access to Java applications |
| CN106778239A (en) * | 2015-11-24 | 2017-05-31 | 阿里巴巴集团控股有限公司 | Method and device for improving Java sandbox securities |
| US9928365B1 (en) * | 2016-10-31 | 2018-03-27 | International Business Machines Corporation | Automated mechanism to obtain detailed forensic analysis of file access |
| CN109558734A (en) * | 2018-11-28 | 2019-04-02 | 北京梆梆安全科技有限公司 | A kind of detection method and device, the mobile device of storehouse safety |
-
2020
- 2020-12-24 CN CN202011554987.3A patent/CN112597487B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1298512A (en) * | 1998-02-26 | 2001-06-06 | 太阳微系统公司 | Stack-based access control |
| CN102667712A (en) * | 2009-11-23 | 2012-09-12 | 国际商业机器公司 | System, method and apparatus for simultaneous definition and enforcement of access-control and integrity policies |
| CN102955915A (en) * | 2011-08-23 | 2013-03-06 | 中国移动通信集团公司 | Method and device for controlling safety access to Java applications |
| CN106778239A (en) * | 2015-11-24 | 2017-05-31 | 阿里巴巴集团控股有限公司 | Method and device for improving Java sandbox securities |
| US9928365B1 (en) * | 2016-10-31 | 2018-03-27 | International Business Machines Corporation | Automated mechanism to obtain detailed forensic analysis of file access |
| CN109558734A (en) * | 2018-11-28 | 2019-04-02 | 北京梆梆安全科技有限公司 | A kind of detection method and device, the mobile device of storehouse safety |
Non-Patent Citations (1)
| Title |
|---|
| HYSTAR: ".NET安全系列之一:代码访问安全(CAS)", 《HTTPS://WWW.CNBLOGS.COM/LSXQW2004/ARCHIVE/2009/01/20/1378665.HTML 1/》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112597487B (en) | 2023-03-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2015124018A1 (en) | Method and apparatus for application access based on intelligent terminal device | |
| US20230110179A1 (en) | System Function Invoking Method and Apparatus, and Terminal | |
| KR101503785B1 (en) | Method And Apparatus For Protecting Dynamic Library | |
| US20090193211A1 (en) | Software authentication for computer systems | |
| US10986103B2 (en) | Signal tokens indicative of malware | |
| US9798981B2 (en) | Determining malware based on signal tokens | |
| CN108763951B (en) | Data protection method and device | |
| EP2262259A1 (en) | Method for monitoring execution of data processing program instructions in a security module | |
| WO2015124017A1 (en) | Method and apparatus for application installation based on intelligent terminal device | |
| US20160350525A1 (en) | Application Program Management Method, Device, Terminal, and Computer Storage Medium | |
| US9374377B2 (en) | Mandatory protection control in virtual machines | |
| WO2020019971A1 (en) | Active security protection method for operating system, system and terminal device | |
| CN111400723A (en) | TEE extension-based operating system kernel mandatory access control method and system | |
| TW202044079A (en) | Kernel security check method, apparatus, and device, and storage medium | |
| CN105335197A (en) | Starting control method and device for application program in terminal | |
| CN106295336B (en) | Malicious program detection method and device | |
| CN112597487B (en) | Netlike-based access right management method, device and equipment | |
| CN110348180B (en) | Application program starting control method and device | |
| CN108647516B (en) | Method and device for defending against illegal privilege escalation | |
| CN107368738B (en) | Root prevention method and Root prevention device for intelligent equipment | |
| CN113836529A (en) | Process detection method, device, storage medium and computer equipment | |
| CN108052803B (en) | Access control method and device and electronic equipment | |
| CN112733091A (en) | Control method and device for accessing external equipment by application program | |
| CN111176737A (en) | Access control method and device of credible Option ROM | |
| CN114816549B (en) | Method and system for protecting bootloader and environment variable thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |