CN112597487B - Netlike-based access right management method, device and equipment - Google Patents
Netlike-based access right management method, device and equipment Download PDFInfo
- Publication number
- CN112597487B CN112597487B CN202011554987.3A CN202011554987A CN112597487B CN 112597487 B CN112597487 B CN 112597487B CN 202011554987 A CN202011554987 A CN 202011554987A CN 112597487 B CN112597487 B CN 112597487B
- Authority
- CN
- China
- Prior art keywords
- program
- access
- thread execution
- current thread
- execution stack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The invention discloses a net-based access right management method, which comprises the following steps: acquiring current thread execution stack information of an access program; analyzing whether the current thread execution stack information has a calling authority or not; if the calling authority exists, reading code signature information of a program set corresponding to the access program, otherwise, stopping the operation of the access program or prompting abnormal operation; and verifying whether the code signature information is in a preset white list, if so, continuing to execute the access program. The method can prevent the program code method from being maliciously used by a third-party program during the running of the program, and ensure the safety of the program code and data.
Description
Technical Field
The invention relates to the technical field of software processing, in particular to a net-based access right management method, a net-based access right management device and equipment.
Background
The net-based program has rich code runtime information, including information such as the class, method and attribute of a specific source code, and is very easy to be stolen from the outside. Although the program can be prevented from being maliciously modified by the code obfuscation technology, it still cannot be prevented that a third party acquires the program data in a code injection manner, so that important codes in the program are used by the third party program code to cause data leakage.
Therefore, there is a need to propose a simpler, more efficient and more secure way to protect the management of access rights based on executable programs under the NET.
Disclosure of Invention
The invention provides a net-based access right management method, a net-based access right management device and a net-based access right management device, which can ensure that when a program runs, program code methods are prevented from being maliciously used by third-party programs, namely, any non-trusted code cannot access specific methods in the program, so that the safety of the program code and data is ensured.
In order to achieve the above object, the present invention provides a net-based access right management method, including:
acquiring current thread execution stack information of an access program;
analyzing whether the current thread execution stack information has a calling authority or not;
if the calling authority exists, reading code signature information of a program set corresponding to the access program, otherwise, stopping the operation of the access program or prompting abnormal operation;
and verifying whether the code signature information is in a preset white list, if so, continuing to execute the access program.
Preferably, before the obtaining the stack information of the current thread of the access program, the method further includes:
defining a specific program with an identification corresponding to the access right;
authorizing access to the specified object of the particular program.
Preferably, the specific program is defined by the Attribute class provided by the net.
Preferably, the obtaining of the current thread execution stack information of the access program further includes:
the create instance is performed using the provided StackTrace class of the net to obtain the current thread execution stack information of the accessor.
Preferably, the analyzing whether the current thread execution stack information has a call authority further includes:
and circularly detecting each acquired StackFrame in the current thread execution stack through the StackTrace.GetFrames, and jumping out of the loop and continuously executing subsequent steps until the detected StackFrame has a calling right.
Preferably, the verifying whether the code signature information is in a preset white list further includes:
and judging whether the code signature information is matched with the corresponding digital certificate information.
To achieve the above object, the present invention also provides a net-based access right management apparatus, comprising:
the acquiring unit is used for acquiring current thread execution stack information of the access program;
the analysis unit is used for analyzing whether the current thread execution stack information has a calling authority or not;
the reading unit is used for reading the code signature information of the program set corresponding to the access program if the calling authority exists, and otherwise, stopping the operation of the access program or prompting abnormal operation;
and the verification unit is used for verifying whether the code signature information is in a preset white list or not, and if so, continuing to execute the access program.
Preferably, the apparatus further comprises:
a definition unit for defining a specific program having an identifier corresponding to the access right;
and the authorization unit is used for authorizing the specified object for accessing the specific program.
To achieve the above object, the present invention further proposes a net-based access right management device, comprising a processor, a memory, and a computer program stored in the memory, the computer program being capable of being executed by the processor to implement a net-based access right management method as described in the above embodiments.
In order to achieve the above object, the present invention further provides a computer-readable storage medium, which is characterized in that the computer-readable storage medium includes a stored computer program, wherein when the computer program runs, the apparatus controlling the computer-readable storage medium performs the method for managing the access right based on the network according to the above embodiment.
In summary, in the above solution, current thread execution stack information of an access program is obtained, whether call authority exists in the current thread execution stack information is analyzed, if call authority exists, code signature information of a program set corresponding to the access program is read, otherwise, operation of the access program is suspended or operation exception is prompted, whether the code signature information is in a preset white list is verified, if yes, the access program is executed continuously, and it can be ensured that a program code method is prevented from being maliciously used by a third-party program when the program runs, that is, any untrusted code cannot access a specific method in the program, so as to ensure security of program codes and data.
In addition, the specific program with the access right corresponding to the identifier is defined, the specified object for accessing the specific program is authorized, any access program calling the specific program can be authorized, and the safety of program codes and data can be ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart illustrating a net-based access right management method according to an embodiment of the present invention.
Fig. 2 is a flowchart illustrating a net-based access right management method according to another embodiment of the present invention.
Fig. 3 is a schematic structural diagram of a network-based access right management apparatus according to an embodiment of the present invention.
Fig. 4 is a schematic structural diagram of a net-based access right management device according to another embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings of the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention. Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
The present invention will be described in detail with reference to the following examples.
The invention provides a net-based access right management method, which can prevent a program code method from being maliciously used by a third-party program when the program runs, namely, any untrusted code cannot access a specific method in the program, so that the safety of the program code and data is ensured.
Fig. 1 is a schematic flow chart of a net-based access right management method according to an embodiment of the present invention.
In this embodiment, the method includes:
and S11, acquiring the current thread execution stack information of the access program.
Before the obtaining of the stack information of the current thread of the access program, the method further includes:
defining a specific program having an identifier corresponding to the access right;
authorizing access to a specified object of the particular program.
In the embodiment, a permission Attribute class is defined through an Attribute function provided by the net, and the Attribute class is used for identifying whether a specified method has a calling permission for accessing a specific program; authorization is then performed using the defined permission Attribute class.
Wherein, the obtaining of the current thread execution stack information of the access program further includes:
the create instance is performed using the provided StackTrace class of the net to obtain the current thread execution stack information of the accessor.
And S12, analyzing whether the current thread execution stack information has a calling authority or not.
Wherein, the analyzing whether the current thread execution stack information has a call authority further includes:
and circularly detecting each acquired StackFrame in the current thread execution stack through the StackTrace.GetFrames, and jumping out of the loop and continuously executing subsequent steps until the detected StackFrame has a calling right.
In the embodiment, firstly, an instance is created by using a StackTrace class provided by net to acquire the current thread execution stack information; each StackFrame in the current thread execution stack is then retrieved through stacktrace.
Specifically, the method comprises the following steps: acquiring current thread execution stack information MethodBase of a corresponding access program through a StackFrame, acquiring Attributes members of the access program through the MethodBase, checking whether the Attributes members contain authority Attribute, namely, matching whether the type of the object is consistent with the authority Attribute type and the authority Attribute identification of the object by enumerating sub-item Attribute objects of the Attribute members, if not, taking the next StackFrame through StackTrace. GetFrames to continue checking, and if so, jumping out of circulation.
And S13, reading code signature information of a program set corresponding to the access program if the calling authority exists, otherwise, stopping the operation of the access program or prompting abnormal operation.
In this embodiment, in the case that the check in step S12 is passed, after recording the current thread execution stack information MethodBase of the corresponding access program, the metadata information is acquired by using the GetType method provided by the obtained legal MethodBase to further obtain the corresponding Assembly, where the Assembly is the program set corresponding to the access program code, and then the certificate information is obtained by using the getsignercrtification () method provided by the Assembly. In particular, the set of programs must be code signed by a legitimate digital certificate to facilitate authentication of the program. In addition, if the check at step S12 fails, a false is returned directly, indicating that the untrusted access program calls and exits and cancels the subsequent processing.
And S14, verifying whether the code signature information is in a preset white list, and if so, continuing to execute the access program.
Wherein the verifying whether the code signature information is in a preset white list further comprises:
and judging whether the code signature information is matched with the corresponding digital certificate information.
In this embodiment, the code signature information of the program set is obtained in step S13, whether a white list exists is searched for, and the corresponding digital certificate information is matched, if so, true is returned, otherwise, false is returned. The white list may be embedded in the program code or stored in an external file, which is not limited in this embodiment.
It can be seen that the above scheme can ensure that the program runs to prevent the program code method from being maliciously used by a third-party program, that is, any untrusted code cannot access a specific method in the program, thereby ensuring the security of the program code and data.
Fig. 2 is a schematic flow chart of a net-based access right management method according to another embodiment of the present invention.
In this embodiment, the method includes:
s21, defining a specific program having an identifier corresponding to the access right.
Defining a permission Attribute class by an Attribute function provided by the net, the Attribute class being used to identify whether a specified method has a call permission to access a particular program; authorization is then performed using the defined permission Attribute class.
In this embodiment, for example, the definition of the Attribute class may be implemented by the following codes, but is not limited thereto (excerpt definition code):
and S22, authorizing the specified object for accessing the specific program.
In this embodiment, the method authorization is performed by using the defined permission Attribute class, and the permission Attribute and the Attribute identification information need to be filled in through the header of the method name. For example, authorization may be achieved by, but is not limited to:
in this section of code, [ Access method ("sensitive method B") ] represents authorization to access sensitive method B, where Access method represents the rights Attribute and sensitive method B represents the rights Attribute Attribute identity.
And S23, acquiring the current thread execution stack information of the access program.
As described above in S11, and will not be described herein.
And S24, analyzing whether the current thread execution stack information has a calling authority or not.
As described above in S12, and will not be described herein.
And S25, reading code signature information of a program set corresponding to the access program if the calling authority exists, otherwise, stopping the operation of the access program or prompting abnormal operation.
As described above in S13, which is not described herein.
And S26, verifying whether the code signature information is in a preset white list, and if so, continuing to execute the access program.
As described above in S14, and will not be described herein.
The invention provides a net-based access authority management device which can ensure that a program code method is prevented from being maliciously used by a third-party program when the program runs, namely, any untrusted code cannot access a specific method in the program, so that the safety of the program code and data is ensured.
Fig. 3 is a schematic structural diagram of a net-based access right management device according to an embodiment of the present invention.
In the present embodiment, the apparatus 30 includes:
and an obtaining unit 31, configured to obtain current thread execution stack information of the access program.
Optionally, the obtaining unit 31 further includes:
the create instance is performed using the provided StackTrace class of the net to obtain the current thread execution stack information of the accessor.
And the analyzing unit 32 is configured to analyze whether the current thread execution stack information has a call authority.
Optionally, the parsing unit 32 further includes:
and circularly detecting each acquired StackFrame in the current thread execution stack through the StackTrace.GetFrames, and jumping out of the loop and continuously executing subsequent steps until the detected StackFrame has a calling right.
A reading unit 33, configured to read code signature information of a program set corresponding to the access program if the calling authority exists, and otherwise, suspend operation of the access program or prompt an operation exception.
And the verification unit 34 is configured to verify whether the code signature information is in a preset white list, and if so, continue to execute the access program.
Optionally, the verification unit 34 further includes:
and judging whether the code signature information is matched with the corresponding digital certificate information.
Fig. 4 is a schematic structural diagram of a net-based access right management device according to another embodiment of the present invention. Unlike the previous embodiment, the apparatus 40 of the present embodiment further includes:
a definition unit 41 for defining a specific program having an identification corresponding to the access right;
an authorization unit 42 for authorizing access to the specified object of the specific program.
Each unit module of the apparatus 30/40 can respectively execute the corresponding steps in the above method embodiments, and therefore, the detailed description of each unit module is omitted here, and please refer to the description of the corresponding steps above.
Embodiments of the present invention further provide a net-based access right management device, including a processor, a memory, and a computer program stored in the memory, where the computer program is executable by the processor to implement the net-based access right management method according to the above embodiments.
An embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium includes a stored computer program, where when the computer program runs, the apparatus where the computer-readable storage medium is located is controlled to execute the method for managing access rights based on the network according to the foregoing embodiment.
Illustratively, the computer program may be divided into one or more units, which are stored in the memory and executed by the processor to accomplish the present invention. The one or more units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution process of the computer program in the net-based access right management device.
The net access right management device may include, but is not limited to, a processor, a memory. It will be appreciated by those skilled in the art that the schematic diagram is merely an example of a net based access rights management device and does not constitute a limitation of a net based access rights management device, and may include more or fewer components than illustrated, or some components may be combined, or different components, such as the net based access rights management device may also include input output devices, network access devices, buses, and the like.
The Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like, the control center of the net-based access rights management device utilizing various interfaces and lines to connect the various parts of the entire net-based access rights management device.
The memory may be used to store the computer programs and/or modules, and the processor may implement the various functions of the network-based access rights management device by running or executing the computer programs and/or modules stored in the memory, as well as invoking data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. In addition, the memory may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
The net-based access right management device integrated unit can be stored in a computer readable storage medium if it is implemented in the form of a software functional unit and sold or used as a separate product. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc.
The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, U.S. disk, removable hard disk, magnetic diskette, optical disk, computer Memory, read-Only Memory (ROM), random Access Memory (RAM), electrical carrier wave signal, telecommunications signal, and software distribution medium, etc. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
It should be noted that the above-described device embodiments are merely illustrative, where the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. In addition, in the drawings of the embodiment of the apparatus provided by the present invention, the connection relationship between the modules indicates that there is a communication connection between them, and may be specifically implemented as one or more communication buses or signal lines. One of ordinary skill in the art can understand and implement without inventive effort.
The embodiments in the above embodiments can be further combined or replaced, and the embodiments are only used for describing the preferred embodiments of the present invention, and do not limit the concept and scope of the present invention, and various changes and modifications made to the technical solution of the present invention by those skilled in the art without departing from the design idea of the present invention belong to the protection scope of the present invention.
Claims (7)
1. A net-based access right management method, the method comprising:
acquiring current thread execution stack information of an access program;
analyzing whether the current thread execution stack information has a calling authority or not; further comprising:
circularly detecting each StackFrame in the acquired current thread execution stack through the StackTrace.GetFrames, and jumping out of the circulation and continuously executing the subsequent steps until the detected StackFrame has a calling right;
specifically, the method comprises the following steps: acquiring current thread execution stack information MethodBase of a corresponding access program through the StackFrame, acquiring Attributes members of the access program through the MethodBase, checking whether the Attributes members contain authority Attribute, if not, taking the next StackFrame through the StackTrace. GetFrames to continue checking, and if so, jumping out of circulation;
if the calling authority exists, reading code signature information of a program set corresponding to the access program, otherwise, stopping the operation of the access program or prompting abnormal operation;
verifying whether the code signature information is in a preset white list, if so, continuing to execute the access program;
before the obtaining the current thread execution stack information of the access program, the method further includes:
defining a specific program having an identifier corresponding to the access right;
authorizing access to the specified object of the particular program.
2. The method of claim 1, wherein the specific program is defined by an Attribute class provided by the. Net.
3. The method for managing access rights based on the network of claim 1, wherein the obtaining the current thread execution stack information of the access program further comprises:
the instance is created using the provided StackTrace class of the net to obtain current thread execution stack information of the accessing program.
4. The method for managing access rights based on the network of claim 1, wherein the verifying whether the code signature information is in a preset white list further comprises:
and judging whether the code signature information is matched with the corresponding digital certificate information.
5. A net-based access right management apparatus, the apparatus comprising:
the acquiring unit is used for acquiring current thread execution stack information of the access program;
the analysis unit is used for analyzing whether the current thread execution stack information has a calling authority or not; further comprising:
circularly detecting each StackFrame in the acquired current thread execution stack through the StackTrace.GetFrames, and jumping out of the circulation and continuously executing the subsequent steps until the detected StackFrame has a calling right;
specifically, the method comprises the following steps: acquiring current thread execution stack information MethodBase of a corresponding access program through a StackFrame, acquiring Attributes members of the access program through the MethodBase, checking whether the Attributes members contain authority Attributes, if not, taking the next StackFrame through a StackTrace.GetFrames to continue checking, and if so, jumping out of a loop;
the reading unit is used for reading the code signature information of the program set corresponding to the access program if the calling authority exists, and otherwise, stopping the operation of the access program or prompting abnormal operation;
the verification unit is used for verifying whether the code signature information is in a preset white list or not, and if so, the access program is continuously executed; the device, still include:
a definition unit for defining a specific program having an identifier corresponding to the access right;
an authorization unit configured to authorize access to a specified object of the specific program.
6. A net-based access rights management device, comprising a processor, a memory, and a computer program stored in the memory, the computer program being executable by the processor to implement a net-based access rights management method as claimed in any one of claims 1 to 4.
7. A computer-readable storage medium, comprising a stored computer program, wherein the computer program, when executed, controls an apparatus in which the computer-readable storage medium is located to perform a.net-based access right management method according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011554987.3A CN112597487B (en) | 2020-12-24 | 2020-12-24 | Netlike-based access right management method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011554987.3A CN112597487B (en) | 2020-12-24 | 2020-12-24 | Netlike-based access right management method, device and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112597487A CN112597487A (en) | 2021-04-02 |
| CN112597487B true CN112597487B (en) | 2023-03-31 |
Family
ID=75202048
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011554987.3A Active CN112597487B (en) | 2020-12-24 | 2020-12-24 | Netlike-based access right management method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112597487B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102955915A (en) * | 2011-08-23 | 2013-03-06 | 中国移动通信集团公司 | Method and device for controlling safety access to Java applications |
| CN109558734A (en) * | 2018-11-28 | 2019-04-02 | 北京梆梆安全科技有限公司 | A kind of detection method and device, the mobile device of storehouse safety |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6138238A (en) * | 1997-12-11 | 2000-10-24 | Sun Microsystems, Inc. | Stack-based access control using code and executor identifiers |
| US8572727B2 (en) * | 2009-11-23 | 2013-10-29 | International Business Machines Corporation | System, method and apparatus for simultaneous definition and enforcement of access-control and integrity policies |
| CN106778239B (en) * | 2015-11-24 | 2019-10-29 | 阿里巴巴集团控股有限公司 | For improving the method and device of Java sandbox safety |
| US9928365B1 (en) * | 2016-10-31 | 2018-03-27 | International Business Machines Corporation | Automated mechanism to obtain detailed forensic analysis of file access |
-
2020
- 2020-12-24 CN CN202011554987.3A patent/CN112597487B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102955915A (en) * | 2011-08-23 | 2013-03-06 | 中国移动通信集团公司 | Method and device for controlling safety access to Java applications |
| CN109558734A (en) * | 2018-11-28 | 2019-04-02 | 北京梆梆安全科技有限公司 | A kind of detection method and device, the mobile device of storehouse safety |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112597487A (en) | 2021-04-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2015124018A1 (en) | Method and apparatus for application access based on intelligent terminal device | |
| US20230110179A1 (en) | System Function Invoking Method and Apparatus, and Terminal | |
| US20090193211A1 (en) | Software authentication for computer systems | |
| KR101503785B1 (en) | Method And Apparatus For Protecting Dynamic Library | |
| CN108763951B (en) | Data protection method and device | |
| US9798981B2 (en) | Determining malware based on signal tokens | |
| US10986103B2 (en) | Signal tokens indicative of malware | |
| US20160350525A1 (en) | Application Program Management Method, Device, Terminal, and Computer Storage Medium | |
| WO2015124017A1 (en) | Method and apparatus for application installation based on intelligent terminal device | |
| US20160087998A1 (en) | Detecting a malware process | |
| US9374377B2 (en) | Mandatory protection control in virtual machines | |
| WO2020019971A1 (en) | Active security protection method for operating system, system and terminal device | |
| CN111400723A (en) | TEE extension-based operating system kernel mandatory access control method and system | |
| TW202044079A (en) | Kernel security check method, apparatus, and device, and storage medium | |
| CN106295336B (en) | Malicious program detection method and device | |
| CN114117539A (en) | Data protection method and device | |
| CN112597487B (en) | Netlike-based access right management method, device and equipment | |
| CN108647516B (en) | Method and device for defending against illegal privilege escalation | |
| CN107368738B (en) | Root prevention method and Root prevention device for intelligent equipment | |
| CN113836529A (en) | Process detection method, device, storage medium and computer equipment | |
| CN108052803B (en) | Access control method and device and electronic equipment | |
| CN112733091A (en) | Control method and device for accessing external equipment by application program | |
| CN111523115B (en) | Information determining method, function calling method and electronic equipment | |
| CN113449278A (en) | Method, device and system for protecting device calling authority based on biological recognition | |
| CN114692157A (en) | Method and system for judging malicious execution of shellcode |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |