CN112733149A - Method for self-learning credible static measurement strategy in operating system - Google Patents
Method for self-learning credible static measurement strategy in operating system Download PDFInfo
- Publication number
- CN112733149A CN112733149A CN202110035755.5A CN202110035755A CN112733149A CN 112733149 A CN112733149 A CN 112733149A CN 202110035755 A CN202110035755 A CN 202110035755A CN 112733149 A CN112733149 A CN 112733149A
- Authority
- CN
- China
- Prior art keywords
- program
- reference value
- file
- credible
- learning
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
Abstract
The invention provides a method for self-learning a credible static measurement strategy in an operating system, which comprises the following steps: when the operating system creates a file or executes a program, intercepting from a file filter driver, and suspending the system behavior of creating the file or executing the program; calling a strategy service process and checking a learning mode strategy; if the learning mode is not started, judging whether the program is allowed to run according to the credible reference value; if the learning mode is started, judging whether the current program file is applied for execution or created and executed again; and judging whether the program is allowed to run or not according to the judgment result and the credible reference value. The invention has the beneficial effects that: by adopting the learning method for the credible reference value, the method for dynamically adding the credible reference value in the running process of the system is realized, the usability of the system under specific conditions is ensured, and the limitation of the system on the execution program when the credible reference value is used in emergency is avoided.
Description
Technical Field
The invention relates to the technical field of computer safe operation, in particular to a self-learning method of a credible static measurement strategy in an operating system.
Background
Trusted computing technology is a technology for protecting the operation security of a computer. The technology completes measurement and judgment of system behaviors according to a security policy, and identifies and prevents malicious behaviors according to a judgment result. The accuracy, usability and flexibility of the security policy configuration determine the quality of the security protection effect.
The credible static measurement is a basic technology of credible calculation, and the function needs to be measured and controlled according to a credible reference value. The existing method for establishing the trusted reference value strategy is usually completed when a system is initialized, namely a set of complete trusted reference value strategy is provided before a program runs. And the trusted computing security module completes measurement and control according to a trusted reference value strategy preset by the system. If the program file applied for starting is in the credible reference value, allowing the program to start; and if the program applying for starting is not in the credible reference value, the program is prevented from starting. However, currently, the trusted reference value policy is pre-established, and only a fixed policy can be used for control during program execution, and in actual operation, many programs are generated in real time or are not preset in the trusted reference value in advance, but the programs are also legal programs and should be allowed to be executed. In this case, the original scheme lacks flexibility, and the service efficiency is affected to a certain extent.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a method for self-learning a credible static measurement strategy in an operating system.
The problem that the existing credible reference value strategy configuration mode is pre-established, the control can be carried out only according to a fixed strategy when a program is executed, in the actual work, a plurality of programs are generated in real time or are not preset in the credible reference value in advance, but the program is allowed to be executed by a legal program, and under the condition that the original scheme lacks flexibility and the service efficiency is influenced to a certain extent is solved.
The invention is realized by the following technical scheme:
the invention provides a method for self-learning a credible static measurement strategy in an operating system, which is characterized by comprising the following steps:
s01, when the operating system creates the file or the executive program, the operating system intercepts the file from the file filter driver and suspends the system behavior of creating the file or the executive program;
s02, calling a strategy service process and checking a learning mode strategy;
s03, if the learning mode is not opened, judging whether the program is allowed to run according to the credible reference value;
s04, if the learning mode is started, judging whether the current program file is applied for execution or created and executed again;
and S05, judging whether the program is allowed to run according to the judgment result of S04 and the credible reference value.
Preferably, S01 includes the steps of:
s01.1, the operating system creates a new program file to execute or executes an existing program file;
s01.2, file filtering driving; and the file filtering driver intercepts the program file in the S01.1.
Preferably, S03 includes the steps of:
s03.1, if the learning mode is not started, checking whether the program file is in a credible reference value;
s03.2, if the program file is in the credible reference value, allowing the program to run;
s03.3, if the program file is not in the temporary credibility reference value, checking whether the program is in the temporary credibility reference value;
s03.4, if the temporary credible reference value exists, adding the program into the credible reference value and allowing the program to run;
and S03.5, if the temporary credible reference value does not exist, the program is prevented from running.
Preferably, S05 includes the steps of:
s05.1, if the current program file is applied for execution, checking whether the program file is in a trusted reference value, and if the program file is in the trusted reference value, allowing the program to be executed;
s05.2, if the current program file is not in the credible reference value, adding the program into the credible reference value and allowing the program to be executed;
s05.3, if the current program is applied for creating a file and executing, directly adding the created program file into a temporary trusted reference value, and allowing the program to execute;
the program file added to the temporary trusted reference value in S05.4, S05.3 is added to the trusted reference value at regular time.
The invention has the beneficial effects that: by adopting the learning method for the credible reference value, the method for dynamically adding the credible reference value in the running process of the system is realized, the usability of the system under specific conditions is ensured, and the limitation of the system on the execution program when the credible reference value is used in emergency is avoided.
Drawings
Fig. 1 is a schematic step diagram of a method for self-learning a trusted static metric policy in an operating system according to an embodiment of the present invention.
Detailed Description
The following detailed description of specific embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present invention, are given by way of illustration and explanation only, not limitation.
Firstly, in order to facilitate understanding of a method for self-learning a trusted static metric strategy in an operating system, an application scenario of the method is explained first, and the method for self-learning the trusted static metric strategy in the operating system is used for providing a system capable of automatically learning and adding a trusted reference value; the existing trusted reference value strategy configuration mode is pre-established, control can be performed only according to a fixed strategy when a program is executed, in actual work, many programs are generated in real time or are not preset in the trusted reference value in advance, but the program is also allowed to be executed by a legal program, and under the condition, the original scheme lacks flexibility and can influence service efficiency to a certain extent. The following describes a method for self-learning a trusted static metric policy in an operating system according to an embodiment of the present application with reference to the accompanying drawings.
Referring to fig. 1, fig. 1 is a schematic diagram illustrating steps of a method for trusted static metric policy self-learning in an operating system according to an embodiment of the present invention. As can be seen from fig. 1, the present invention provides a method for self-learning a trusted static metric policy in an operating system, where the steps of the method for self-learning a trusted static metric policy in an operating system include: and S01, when the operating system creates the file or the executive program, intercepting the file from the file filter driver, and suspending the system behavior of creating the file or the executive program.
Further, when S01 is embodied, it can be divided into two steps, specifically, with reference to fig. 1, S01 includes S01.1 according to fig. 1, the operating system creates a new program file to execute or executes an existing program file; s01.2, file filtering driving; and the file filtering driver intercepts the program file in the S01.1.
And S02, calling a strategy service process and checking the learning mode strategy.
And S03, if the learning mode is not opened, judging whether the program is allowed to run according to the credible reference value.
Further, when S03 is embodied, the method may be divided into five steps, specifically, with reference to fig. 1, as can be seen from fig. 1, S03 includes S03.1, and if the learning mode is not opened, it is checked whether the program file is in the trusted reference value; s03.2, if the program file is in the credible reference value, allowing the program to run; s03.3, if the program file is not in the temporary credibility reference value, checking whether the program is in the temporary credibility reference value; s03.4, if the temporary credible reference value exists, adding the program into the credible reference value and allowing the program to run; and S03.5, if the temporary credible reference value does not exist, the program is prevented from running. Specifically, if the learning mode is not started, checking whether the program file is in a trusted reference value; if the program file is in the credible reference value, allowing the program to run; if the program file is not in the temporary credibility reference value, checking whether the program is in the temporary credibility reference value; and if the temporary credible reference value exists, adding the program to the credible reference value and allowing the program to run.
Based on the step S02, S04, if the learning mode is turned on, it is necessary to determine again whether the current program file is requested for execution or created and executed.
And S05, judging whether the program is allowed to run according to the judgment result of S04 and the credible reference value.
Further, when the S05 is embodied, the method may be divided into four steps, specifically, with continued reference to fig. 1, as can be seen from fig. 1, S05 includes S05.1, if the program file is currently requested to be executed, checking whether the program file is in a trusted reference value, and if the program file is in the trusted reference value, allowing the program to be executed; s05.2, if the current program file is not in the credible reference value, adding the program into the credible reference value and allowing the program to be executed; s05.3, if the current program is applied for creating a file and executing, directly adding the created program file into a temporary trusted reference value, and allowing the program to execute; the program file added to the temporary trusted reference value in S05.4, S05.3 is added to the trusted reference value at regular time. Specifically, if the learning mode is started, whether the current program file is applied for execution or created and executed needs to be judged again; if the current program file is directly executed, checking whether the program file is in a credible reference value, and if the program file is in the credible reference value, allowing the program to be executed; if the program is not in the credible reference value, adding the program into the credible reference value and allowing the program to execute; returning to the step S04, if the current program is a file that is applied for creating and is executed, directly adding the created program file to the temporary trusted reference value, while allowing the program to execute; the program files added to the temporary trusted reference value in step S05.3 are added to the trusted reference value at regular times.
All the components in the invention of the present application are the components commonly used in the prior art.
In the above embodiment, the method for self-learning the trusted static metric policy in the operating system provided by the embodiment of the present application can implement a method for dynamically adding the trusted reference value in the running process of the system by using a learning method for the trusted reference value, ensure the availability of the system under a specific condition, avoid the limitation of the system on an execution program when the system uses the trusted reference value in an emergency, and ensure the flexibility of application of the trusted reference value.
The above-described embodiments are merely illustrative of the preferred embodiments of the present invention and do not limit the spirit and scope of the present invention. Various modifications and improvements of the technical solutions of the present invention may be made by those skilled in the art without departing from the design concept of the present invention, and the technical contents of the present invention are all described in the claims.
Claims (4)
1. A method for self-learning a credible static measurement strategy in an operating system is characterized by comprising the following steps:
s01, when the operating system creates the file or the executive program, the operating system intercepts the file from the file filter driver and suspends the system behavior of creating the file or the executive program;
s02, calling a strategy service process and checking a learning mode strategy;
s03, if the learning mode is not opened, judging whether the program is allowed to run according to the credible reference value;
s04, if the learning mode is started, judging whether the current program file is applied for execution or created and executed again;
and S05, judging whether the program is allowed to run according to the judgment result of S04 and the credible reference value.
2. The method for self-learning the trusted static metric policy in the operating system according to claim 1, wherein the step S01 comprises the following steps:
s01.1, the operating system creates a new program file to execute or executes an existing program file;
s01.2, file filtering driving; and the file filtering driver intercepts the program file in the S01.1.
3. The method for self-learning the trusted static metric policy in the operating system according to claim 1, wherein the step S03 comprises the following steps:
s03.1, if the learning mode is not started, checking whether the program file is in a credible reference value;
s03.2, if the program file is in the credible reference value, allowing the program to run;
s03.3, if the program file is not in the temporary credibility reference value, checking whether the program is in the temporary credibility reference value;
s03.4, if the temporary credible reference value exists, adding the program into the credible reference value and allowing the program to run;
and S03.5, if the temporary credible reference value does not exist, the program is prevented from running.
4. The method for self-learning the trusted static metric policy in the operating system according to claim 1, wherein the step S05 comprises the following steps:
s05.1, if the current program file is applied for execution, checking whether the program file is in a trusted reference value, and if the program file is in the trusted reference value, allowing the program to be executed;
s05.2, if the current program file is not in the credible reference value, adding the program into the credible reference value and allowing the program to be executed;
s05.3, if the current program is applied for creating a file and executing, directly adding the created program file into a temporary trusted reference value, and allowing the program to execute;
the program file added to the temporary trusted reference value in S05.4, S05.3 is added to the trusted reference value at regular time.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110035755.5A CN112733149A (en) | 2021-01-12 | 2021-01-12 | Method for self-learning credible static measurement strategy in operating system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110035755.5A CN112733149A (en) | 2021-01-12 | 2021-01-12 | Method for self-learning credible static measurement strategy in operating system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112733149A true CN112733149A (en) | 2021-04-30 |
Family
ID=75590603
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110035755.5A Pending CN112733149A (en) | 2021-01-12 | 2021-01-12 | Method for self-learning credible static measurement strategy in operating system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112733149A (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103226676A (en) * | 2013-03-04 | 2013-07-31 | 北京密安网络技术股份有限公司 | Mixed method for measuring creditability of application software |
CN106599679A (en) * | 2016-12-14 | 2017-04-26 | 中标软件有限公司 | Application program credibility measurement method and device |
CN111159713A (en) * | 2019-12-23 | 2020-05-15 | 北京工业大学 | SELinux-based self-learning credible strategy construction method and system |
-
2021
- 2021-01-12 CN CN202110035755.5A patent/CN112733149A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103226676A (en) * | 2013-03-04 | 2013-07-31 | 北京密安网络技术股份有限公司 | Mixed method for measuring creditability of application software |
CN106599679A (en) * | 2016-12-14 | 2017-04-26 | 中标软件有限公司 | Application program credibility measurement method and device |
CN111159713A (en) * | 2019-12-23 | 2020-05-15 | 北京工业大学 | SELinux-based self-learning credible strategy construction method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10534915B2 (en) | System for virtual patching security vulnerabilities in software containers | |
US8555061B2 (en) | Transparent code | |
CN108647513B (en) | TrustZone-based shared library security isolation method and system | |
WO2021114794A1 (en) | Automatic driving control system, control method and device | |
JP6588945B2 (en) | System and method for analyzing malicious files in a virtual machine | |
EP1693752B1 (en) | Method for controlling a process resource access via a parent process | |
US10474812B2 (en) | System and method for secure execution of script files | |
CN108388793B (en) | Virtual machine escape protection method based on active defense | |
JP6029553B2 (en) | Vehicle control device | |
JP2016173821A5 (en) | ||
EP3040854A1 (en) | Method, apparatus and storage medium for dynamically patching function | |
CN113051034A (en) | Container access control method and system based on kprobes | |
EP2748755A1 (en) | Computer device with anti-tamper resource security | |
TW201610672A (en) | Debugging in a data processing apparatus | |
JP5975923B2 (en) | Vehicle control device | |
CN112733149A (en) | Method for self-learning credible static measurement strategy in operating system | |
CN112668008A (en) | Method for realizing dynamic system call hijacking based on LSM | |
US11029662B2 (en) | System and method for enabling data to be transmitted between program modules based on compliance with rules | |
WO2023226421A1 (en) | Security reinforcement method and apparatus, device, and medium | |
CN112363797B (en) | Virtual machine safe operation method, electronic equipment and storage medium | |
CN112580015A (en) | Processing system including trust anchor computing instrument and corresponding method | |
CN109947673B (en) | Memory protection method, protection device and single chip microcomputer | |
CN112187824B (en) | SDN-based virtual network access method and device and SDN controller | |
US20220080989A1 (en) | Information processing apparatus, information processing method, and recording medium | |
US11663333B2 (en) | Cloud-based systems and methods for detecting and removing rootkit |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210430 |