CN113094699A - Safety monitoring method, electronic equipment and computer readable storage medium - Google Patents

Safety monitoring method, electronic equipment and computer readable storage medium Download PDF

Info

Publication number
CN113094699A
CN113094699A CN202110345820.4A CN202110345820A CN113094699A CN 113094699 A CN113094699 A CN 113094699A CN 202110345820 A CN202110345820 A CN 202110345820A CN 113094699 A CN113094699 A CN 113094699A
Authority
CN
China
Prior art keywords
target
application program
verification information
operating system
running
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110345820.4A
Other languages
Chinese (zh)
Inventor
吴会军
郭晓勃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN202110345820.4A priority Critical patent/CN113094699A/en
Publication of CN113094699A publication Critical patent/CN113094699A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Stored Programmes (AREA)

Abstract

The embodiment of the application discloses a safety monitoring method, which comprises the following steps: if the starting of the target application program is detected through the first running system, target identification information of the target application program is obtained through the first running system; acquiring target verification information from a safety hardware module for operating a second operating system through a first operating system; the first operation system is different from the second operation system, and the second operation system is used for guiding the first operation system to enter into operation; matching the target identification information through the first running system based on the target verification information, and determining target operation aiming at the target application program; the target operation comprises an allowing operation for allowing the target application program to continue to run or a prohibiting operation for prohibiting the target application program from continuing to run; the target operation is executed by the first operating system. The embodiment of the application also discloses the electronic equipment and a computer readable storage medium.

Description

Safety monitoring method, electronic equipment and computer readable storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a security monitoring method, an electronic device, and a computer-readable storage medium.
Background
At present, with the rapid development of internet technology, computer equipment is widely applied in various industries. In the information era, information leakage also becomes a serious problem. In order to reduce the leakage of information in computer equipment, most computer equipment is provided with an information protection application program, such as a virus killing application program. At present, the policy adopted in the implementation process of the antivirus application is non-black or white, that is, the started application is matched with the virus library, and once the matching fails, the application is safe by default.
When the security of the computer device is protected by the antivirus application program at present, the mode of protecting the security of the computer device is single at present, and a user needs to continuously update the virus library of the antivirus application program to continuously maintain the virus feature library, once the user chooses not to update the virus library of the antivirus application program, the protection function of the antivirus application program is reduced, the risk that the computer device is attacked is increased, and the computer device needs to occupy a large amount of resources of the computer device when running the antivirus application program.
Content of application
In order to solve the foregoing technical problem, embodiments of the present application desirably provide a security monitoring method, an electronic device, and a computer-readable storage medium, and a technical solution of the present application is implemented as follows:
in a first aspect, a safety monitoring method includes:
if the starting of a target application program is detected through a first running system, target identification information of the target application program is obtained through the first running system;
acquiring target verification information from a security hardware module for operating a second operating system through the first operating system; the first operation system is different from the second operation system, and the second operation system is used for guiding the first operation system to enter into operation;
matching the target identification information through the first running system based on the target verification information, and determining target operation aiming at the target application program; wherein the target operation comprises an allowing operation for allowing the target application program to continue running or a prohibiting operation for prohibiting the target application program from continuing running;
executing the target operation through the first running system.
Optionally, before the first operating system obtains the target identification information of the target application program if the first operating system detects that the target application program is started, the method further includes:
acquiring reference verification information through the first operating system;
performing identity authentication processing on the reference verification information through the first operating system to obtain the target verification information;
and writing the target verification information into a target storage area of the secure hardware module through the first operating system.
Optionally, before the matching processing is performed on the target identification information by the first running system based on the target verification information and the target operation for the target application is determined, the method further includes:
performing identity authentication processing on the target verification information through the first operating system;
correspondingly, the verifying the target identification information by the first running system based on the target verification information to determine the target operation for the target application program includes:
and if the target verification information passes the identity authentication processing, verifying the target identification information through the first running system based on the target verification information, and determining the target operation of the target application program.
Optionally, if it is detected that the target application is started through the first operating system, acquiring, through the first operating system, target identification information of the target application, includes:
if the target application program is detected to be started through the first running system, determining a target type of the target application program through the first running system;
determining, by the first operating system, a target acquisition manner for acquiring the target identification information based on the target type;
and acquiring the target identification information of the target application program based on the target acquisition mode through the first running system.
Optionally, the determining, by the first operating system, a target obtaining manner for obtaining the target identification information based on the target type includes:
if the target type is the application type, determining that the target acquisition mode is a registration process callback function through the first operation system;
and if the target type is the driving type, determining that the target acquisition mode is a registered image callback function through the first operation system.
Optionally, after the first running system performs matching processing on the target identification information based on the target verification information and determines a target operation for the target application, the method further includes:
counting, by the first operating system, the number of times of use of the target verification information for matching processing between the time of obtaining the target verification information from the secure hardware module and the current time;
if the number of times of use is larger than or equal to a number threshold, destroying the target verification information acquired by the first operation system through the first operation system;
or counting the target duration from the acquisition time of the target verification information acquired from the security hardware module to the current time through the first operating system;
and if the target duration is greater than or equal to a duration threshold, destroying the target verification information acquired by the first operation system through the first operation system.
Optionally, the target verification information includes information of an application program that is allowed to run and/or information of an application program that is prohibited from running.
Optionally, the first operating system includes an operating system, and the second operating system includes a bios.
In a second aspect, an electronic device, the electronic device comprising: a secure hardware module and a processor; wherein:
the target hardware module is used for operating a second operating system and storing target verification information;
the processor is configured to operate a first operating system, where the first operating system is different from the second operating system, and the second operating system is configured to guide the first operating system to enter into operation, so as to implement the following steps:
if the starting of the target application program is detected, acquiring target identification information of the target application program;
acquiring the target verification information from the safety hardware module;
matching the target identification information based on the target verification information, and determining target operation aiming at the target application program; wherein the target operation comprises an allowing operation for allowing the target application program to continue running or a prohibiting operation for prohibiting the target application program from continuing running;
and executing the target operation.
In a third aspect, a computer readable storage medium has stored thereon a security monitoring program, which when executed by a processor implements the steps of the security monitoring method as described above.
The embodiment of the application provides a security monitoring method, electronic equipment and a computer readable storage medium, if a target application program is detected to be started through a first operation system, after target identification information of the target application program is obtained through the first operation system, target verification information is obtained from a security hardware module for operating a second operation system through the first operation system, the target identification information is matched and processed through the first operation system based on the target verification information, and target operation aiming at the target application program is determined.
Drawings
Fig. 1 is a schematic flow chart of a safety monitoring method according to an embodiment of the present disclosure;
fig. 2 is a schematic flow chart of another safety monitoring method provided in the embodiment of the present application;
fig. 3 is a schematic flow chart of another safety monitoring method provided in the embodiment of the present application;
fig. 4 is a schematic flow chart of a safety monitoring method according to another embodiment of the present application;
fig. 5 is a schematic flow chart of another safety monitoring method according to another embodiment of the present application;
fig. 6 is a schematic system architecture diagram of an electronic device according to an embodiment of the present application;
fig. 7 is a flowchart illustrating another safety monitoring method according to another embodiment of the present application;
fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
An embodiment of the present application provides a safety monitoring method, which is applied to an electronic device and shown in fig. 1, and includes the following steps:
step 101, if the first operating system detects that the target application program is started, acquiring target identification information of the target application program through the first operating system.
In this embodiment, the electronic device may be a device having a first operating system and a second operating system, where the first operating system and the second operating system operate on different hardware modules, and may be various types of computer devices, such as a notebook computer, a desktop computer, and an industrial personal computer. The target application may be any type of application installed in the electronic device. The target identification information of the target application may be identification information for uniquely identifying the target application. The detection of the target application program launching by the first running system can be realized by detecting a launching operation of the target application program by a user, such as clicking a shortcut icon of the target application program.
Step 102, obtaining target verification information from a security hardware module for operating a second operating system through a first operating system.
The first operation system is different from the second operation system, and the second operation system is used for guiding the first operation system to enter into operation.
In the embodiment of the present application, the target verification information may be pre-stored in the secure hardware module, and is used to identify which applications are allowed to run and/or which applications are not allowed to run. The security level of the secure hardware module is higher than the security level of the hardware module running the first running system.
And 103, matching the target identification information through the first running system based on the target verification information, and determining target operation aiming at the target application program.
The target operation comprises an allowing operation for allowing the target application program to continue running or a prohibiting operation for prohibiting the target application program from continuing running.
In the embodiment of the application, the electronic device verifies the target identification information according to the target verification information through the first running system, and determines whether to run the target application program.
And 104, executing the target operation through the first running system.
In the embodiment of the application, after the first running system determines the target operation, the target operation is executed for the target application program, so that the management of the target application program is realized, and when the target application program is an illegal application program, the safety of the electronic equipment is effectively ensured.
According to the safety monitoring method provided by the embodiment of the application, if the target application program is detected to be started through the first operation system, after the target identification information of the target application program is obtained through the first operation system, the target verification information is obtained through the first operation system from the safety hardware module for operating the second operation system, the target identification information is matched and processed through the first operation system based on the target verification information, the target operation aiming at the target application program is determined, the problem that the existing safety protection mode for computer equipment is single is solved, the safety protection mode for the computer equipment is enriched, the risk of attacking the computer equipment is effectively reduced, and the resource consumption of the computer equipment is reduced.
Based on the foregoing embodiments, an embodiment of the present application provides a safety monitoring method, which is applied to an electronic device and shown in fig. 2, and includes the following steps:
step 201, obtaining reference verification information through a first operating system.
Wherein the first operating system comprises an operating system.
In the embodiment of the present application, the electronic device may be any type of computer device applied to some specific places, for example, a multimedia computer device in a multimedia classroom of a school, or a computer device used in a gas station, etc. The first operating system of the electronic device may be obtained from a server that maintains the authentication information over an internet network. The electronic device may not currently store the reference verification information, that is, the electronic device may store the reference verification information for the first time, or the electronic device may also store the historical verification information, but the server currently maintaining the verification information has updated target verification information, that is, a process of updating the verification information. The reference verification information may be set by a developer according to user requirements, or may be specifically customized for a user according to different user requirements, that is, the reference verification information may have universality or specific pertinence.
Step 202, performing identity authentication processing on the reference verification information through the first operating system to obtain target verification information.
In the embodiment of the application, the electronic device performs identity authentication processing on the reference verification information through the first operating system to determine whether the reference verification information is reliable, and encrypts the reference verification information after performing identity authentication on the reference verification information to obtain encrypted target verification information, that is, the identity authentication processing includes an identity authentication process of the reference verification information and an encryption processing process of the reference verification information. Or, only the reference verification information is encrypted through the first operating system, namely, the identity authentication process only comprises the encryption process of the reference verification information. Thus, the reliability of the obtained target verification information is ensured.
And step 203, writing the target verification information into a target storage area of the safety hardware module through the first running system.
In this embodiment, the secure hardware module may be a controller (ESIO) chip combining an Input/Output function and a function of an Embedded controller, or a Basic Input/Output System (BIOS) chip. After the first operating system performs the identity authentication processing on the target verification information, the obtained encrypted target verification information is written into a target storage area of the secure hardware module, where the target storage area is a specific storage area determined in the secure hardware module, and usually, other operating systems or application programs cannot access the specific storage area at will.
It should be noted that the processes corresponding to steps 201 to 203 are processes for storing the target verification information in the secure hardware module.
And 204, if the first running system detects that the target application program is started, acquiring target identification information of the target application program through the first running system.
In the embodiment of the application, when the first operating system of the electronic device detects that the target application program is started, the first operating system determines the target identification information of the target application program.
Step 205, obtaining target verification information from a security hardware module for operating a second operating system through a first operating system.
The target verification information comprises running-allowed application information and/or running-forbidden application information; the first operation system is different from the second operation system, and the second operation system is used for guiding the first operation system to enter into operation; the second operating system includes a basic input output system.
In the embodiment of the application, the target verification information is acquired from the secure hardware module of the second running system through the target application which can access the secure hardware module in the first running system. Because the target verification information is acquired from the safety hardware module, the reliability of the target verification information acquired by the first running system is effectively ensured.
It should be noted that, the process of acquiring the target identification information of the target application program by the first running system in step 204 and step 205 may be executed simultaneously, or step 205 may also be executed before the process of acquiring the target identification information of the target application program by the first running system in step 204, where the execution sequence between the two is not particularly limited, and may be specifically determined according to an actual application scenario.
And step 206, matching the target identification information through the first running system based on the target verification information, and determining target operation aiming at the target application program.
The target operation comprises an allowing operation for allowing the target application program to continue running or a prohibiting operation for prohibiting the target application program from continuing running.
In the embodiment of the present application, the target verification information may be blacklist information of the prohibited application programs and/or white list information of the allowed application programs, or may also be verification information of some other allowed or still-running application programs.
Illustratively, when the target verification information includes white list information indicating applications allowed to run, if the target information belongs to the white list information, determining that the target operation is an allowed operation allowing the target application to run; and if the target information does not belong to the white list information, determining that the target operation is a forbidden operation for forbidding the running of the target application program.
Or when the target verification information comprises blacklist information used for indicating an application program which is prohibited to run, if the target information does not belong to the blacklist information, determining that the target operation is an allowable operation which allows the target application program to run; and if the target information belongs to the blacklist information, determining that the target operation is a forbidden operation for forbidding the running of the target application program.
Or, if the target verification information includes white list information used for indicating the application program which is allowed to run and includes black list information used for indicating the application program which is forbidden to run, determining that the target operation is the allowed operation which allows the target application program to run if the target information belongs to the white list information; and if the target information belongs to the blacklist information, or if the target information does not belong to the white list information or the blacklist information, determining the target operation as a forbidden operation for forbidding the running of the target application program.
And step 207, executing the target operation through the first running system.
In the embodiment of the application, after the target operation is determined, the corresponding target operation is executed for the target application, that is, when the target operation is an operation for allowing the target application to run, the target application is continuously allowed to run after the target application is started, and if the target operation is an operation for prohibiting the target application from running, the target application is prohibited from running continuously after the target application is started.
In some application scenes, if the target operation is an operation for prohibiting the target application program from continuously running, and if the target application program is detected to be started to run again within a preset time length, generating prompt information for indicating whether the target application program is allowed to run; the prompt information is used for being displayed in a display area corresponding to the electronic equipment and used for a user to perform selection operation; if the operation instruction is determined to be used for indicating that the target application program is allowed to run, running the target application program; the determining instruction is obtained by the user through corresponding selection operation based on the prompt information; if the operation instruction is determined to be used for indicating that the target application program is forbidden to run, the target application program is forbidden to run; and if the blacklist information for indicating the application program which is forbidden to run exists, updating the blacklist information based on the target information of the target application program.
Based on the foregoing embodiment, in another embodiment of the present application, referring to fig. 3, before the electronic device performs step 206, the electronic device is further configured to perform step 208:
and step 208, performing identity authentication processing on the target verification information through the first operating system.
In the embodiment of the application, the electronic device acquires the target verification information from the secure hardware module through the first operating system, and therefore, the target verification information acquired from the secure hardware module needs to be subjected to identity authentication processing, and thus, it is effectively ensured that the first operating system adopts reliable and effective target verification information to perform subsequent judgment processing on the target identification information of the target application program. The identity authentication process in step 208 is determined by the identity authentication process in step 202, and if step 202 includes an identity authentication process with reference to the verification information and an encryption process with reference to the verification information, the identity authentication process in step 208 may also include an identity authentication process with respect to the target verification information and a corresponding decryption process with respect to the target verification information, or a corresponding decryption process with respect to only the target verification information. If step 202 includes an encryption process for referring to the verification information, the corresponding identity authentication process of step 208 includes a corresponding decryption process.
Correspondingly, step 206 may be implemented by step 206 a:
and step 206a, if the target verification information passes the identity authentication processing, verifying the target identification information through the first running system based on the target verification information, and determining the target operation of the target application program.
In the embodiment of the application, if the target verification information does not pass the identity authentication processing, the subsequent operation is not executed. And if the target verification information passes the identity authentication processing, the electronic equipment verifies the target identification information according to the characteristics of the target verification information, so that the target operation of the target application program is determined.
Based on the foregoing embodiments, in other embodiments of the present application, step 204 may be implemented by steps 204a to 204 c:
step 204a, if the first operating system detects that the target application program is started, determining the target type of the target application program through the first operating system.
In the embodiment of the present application, the types of the target application include a driver type and an application type. The first operating system may determine the target type of the target application through the attribute information of the target application.
And 204b, determining a target acquisition mode for acquiring the target identification information based on the target type through the first operation system.
In the embodiment of the application, the target identification information of the target application program is acquired in different ways under different types of application programs.
And 204c, acquiring the target identification information of the target application program through the first running system based on the target acquisition mode.
Based on the foregoing embodiments, in other embodiments of the present application, step 204b may be implemented by step a11 or step a 12:
step a11, if the target type is the application type, determining the target acquisition mode as a registration process callback function through the first operation system.
Step a12, if the target type is the driving type, determining the target obtaining mode as the register image callback function through the first operation system.
Based on the foregoing embodiments, in other embodiments of the present application, referring to fig. 4, after the electronic device performs step 207, the electronic device is further configured to perform steps 209 to 210:
and 209, counting the use times of matching processing by using the target verification information between the acquisition time of acquiring the target verification information from the security hardware module and the current time by using the first operating system.
In the embodiment of the application, the number of times of using the statistical target verification information for matching is initialized to 0 at the time of obtaining the target verification information, and then 1 is added to the number of times of using the statistical target verification information for matching each time, so that the corresponding number of times of using can be directly determined at the current time.
And 210, if the using times are larger than or equal to the time threshold value, destroying the target verification information acquired by the first operation system through the first operation system.
In the embodiment of the present application, the threshold of the number of times may be an empirical value obtained through a large number of experiments, or an empirical value set by the user. Therefore, in the one-time use process from power-on to power-off of the electronic equipment, the target verification information is destroyed immediately after the target verification information is used for the threshold times, and the reliability of the target verification information is effectively ensured. When the time threshold is 1, the corresponding application scene is the target verification information which is destroyed after the electronic equipment takes the target verification information once.
Therefore, the safety of the target verification information in the using process is effectively guaranteed.
Based on the foregoing embodiments, in other embodiments of the present application, referring to fig. 5, after the electronic device performs step 207, the electronic device is further configured to perform steps 211 to 212:
and step 211, counting a target time length from the acquisition time of the target verification information acquired from the security hardware module to the current time through the first operating system.
And step 212, if the target duration is greater than or equal to the duration threshold, destroying the target verification information acquired by the first operation system through the first operation system.
In the embodiment of the present application, the duration threshold may be an empirical value obtained through a large number of experiments, or may be an empirical value set by the user according to actual needs. Therefore, the safety of the target verification information in the using process is effectively guaranteed.
Based on the foregoing embodiments, an embodiment of the present application provides a system architecture of an electronic device, as shown in fig. 6, the system architecture of the electronic device includes: an application layer, a core layer and a BIOS layer; the application layer comprises various types of application programs, the core layer corresponds to the operating system, and the BIOS layer mainly corresponds to the BIOS chip. Based on the system architecture shown in fig. 6, the implementation steps of the implemented security monitoring method may be as follows: when a certain application program in the application programs is started, acquiring target identification information of the certain application program; a process and thread manager in the core layer acquires white list information from a corresponding security storage area in the BIOS layer; the process and thread manager in the core layer performs identity authentication on the acquired white list information based on the security module; after the white list information passes the identity authentication, judging whether the target identification information is in the white list information; if the target identification information is in the white list information, allowing the certain application program to continue to run; if the target identification information is not in the white list information, the process and thread monitoring program in the core layer forbids the certain application program to continue to operate, and in some cases, after the certain application program is forbidden to continue to operate, alarm prompt information can be generated, for example, the alarm prompt information content is 'monitoring that the certain application program is an abnormal application program, and operation is forbidden'.
As shown in fig. 7, the security monitoring program determines the type of the target application program, and if the type of the target application program is the application type, the security monitoring program obtains application information, i.e., target identification information, of the target application program through a registration process callback function, and then verifies the application information through the obtained verified target verification information; if the target application program is credible, allowing the target application program to run, and ending the operation; and if the target application program is not credible, preventing the target application program from running, and ending the operation. If the type of the target application program is a driving type, the safety monitoring program acquires application information, namely target identification information, of the target application program through a registration image callback function, and then verifies the application information through the acquired verified target verification information; if the target application program is credible, allowing the target application program to run, and ending the operation; and if the target application program is not credible, preventing the target application program from running, and ending the operation.
It should be noted that, for the descriptions of the same steps and the same contents in this embodiment as those in other embodiments, reference may be made to the descriptions in other embodiments, which are not described herein again.
According to the safety monitoring method provided by the embodiment of the application, if the target application program is detected to be started through the first operation system, after the target identification information of the target application program is obtained through the first operation system, the target verification information is obtained through the first operation system from the safety hardware module for operating the second operation system, the target identification information is matched and processed through the first operation system based on the target verification information, the target operation aiming at the target application program is determined, the problem that the existing safety protection mode for computer equipment is single is solved, the safety protection mode for the computer equipment is enriched, the risk of attacking the computer equipment is effectively reduced, and the resource consumption of the computer equipment is reduced.
Based on the foregoing embodiments, an embodiment of the present application provides an electronic device, which may be applied to the security monitoring method provided in the embodiments corresponding to fig. 1 to 5, and as shown in fig. 8, the electronic device 3 may include a security hardware module 31 and a processor 32, where:
the target hardware module is used for operating the second operating system and storing target verification information;
the processor is used for operating a first operating system, the first operating system is different from a second operating system, and the second operating system is used for guiding the first operating system to enter into operation so as to realize the following steps:
if the starting of the target application program is detected, acquiring target identification information of the target application program;
acquiring target verification information from a security hardware module;
matching the target identification information based on the target verification information, and determining target operation aiming at the target application program; the target operation comprises an allowing operation for allowing the target application program to continue to run or a prohibiting operation for prohibiting the target application program from continuing to run;
the target operation is executed.
In other embodiments of the present application, the processor is further configured to, if the processor executes the step of detecting that the target application is started by the first operating system, before the target identification information of the target application is acquired by the first operating system, execute the following steps:
acquiring reference verification information through a first operating system;
performing identity authentication processing on the reference verification information through the first operating system;
if the reference verification information passes the identity authentication processing, obtaining target verification information;
and writing the target verification information into a target storage area of the safety hardware module through the first running system.
In other embodiments of the present application, the processor performs, by the first running system, matching, based on the target verification information, the target identification information, and before determining the target operation for the target application, further performs the following steps:
performing identity authentication processing on the target verification information through a first operation system;
correspondingly, the processor executing step is implemented by performing verification processing on the target identification information through the first running system based on the target verification information, and when determining the target operation for the target application program, the processor executing step may be implemented by:
and if the target verification information passes the identity authentication processing, verifying the target identification information through the first running system based on the target verification information, and determining the target operation of the target application program.
In other embodiments of the present application, if the processor executes the step of detecting that the target application is started by the first operating system, and when the target identification information of the target application is acquired by the first operating system, the step of executing the target application may be implemented by:
if the starting of the target application program is detected through the first running system, determining the target type of the target application program through the first running system;
determining a target acquisition mode for acquiring target identification information based on the target type through a first operation system;
and acquiring target identification information of the target application program through the first running system based on the target acquisition mode.
In other embodiments of the present application, when the processor determines, by the first operating system, the target obtaining manner for obtaining the target identification information based on the target type, the step of executing the first operating system may be implemented by:
if the target type is the application type, determining that the target acquisition mode is a registration process callback function through the first operation system;
and if the target type is the driving type, determining that the target acquisition mode is a registered image callback function through the first operation system.
In other embodiments of the present application, the processor executes the steps of performing, by the first running system, matching processing on the target identification information based on the target verification information, and after determining a target operation for the target application, further executing the following steps:
counting the use times of matching processing by using the target verification information between the acquisition time of acquiring the target verification information from the security hardware module and the current time by using the first operation system;
if the using times are larger than or equal to the time threshold value, destroying the target verification information acquired by the first operation system through the first operation system;
or counting the target duration from the acquisition time of the target verification information acquired from the safety hardware module to the current time through the first operating system;
and if the target duration is greater than or equal to the duration threshold, destroying the target verification information acquired by the first operation system through the first operation system.
In other embodiments of the present application, the target verification information includes information of applications that are allowed to run and/or information of applications that are prohibited from running.
In other embodiments of the present application, the first operating system comprises an operating system and the second operating system comprises a bios.
It should be noted that, in this embodiment, a specific implementation process of the step executed by the target hardware module may refer to an implementation process in the safety monitoring method provided in the embodiments corresponding to fig. 1 to 5, and details are not described here.
According to the electronic device provided by the embodiment of the application, if the target application program is detected to be started through the first operation system, after the target identification information of the target application program is obtained through the first operation system, the target verification information is obtained from the safety hardware module used for operating the second operation system through the first operation system, the target identification information is matched and processed through the first operation system based on the target verification information, the target operation aiming at the target application program is determined, the problem that the existing safety protection mode for the computer device is single is solved, the safety protection mode for the computer device is enriched, the risk that the computer device is attacked is effectively reduced, and the resource consumption of the computer device is reduced.
Based on the foregoing embodiments, embodiments of the present application provide a computer-readable storage medium, which may be referred to as a storage medium for short, where the computer-readable storage medium stores one or more programs, and the one or more programs can be executed by one or more processors to implement the implementation process of the security monitoring method provided in the embodiments corresponding to fig. 1 to 5, and details are not described here.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present application, and is not intended to limit the scope of the present application.

Claims (10)

1. A security monitoring method, comprising:
if the starting of a target application program is detected through a first running system, target identification information of the target application program is obtained through the first running system;
acquiring target verification information from a security hardware module for operating a second operating system through the first operating system; the first operation system is different from the second operation system, and the second operation system is used for guiding the first operation system to enter into operation;
matching the target identification information through the first running system based on the target verification information, and determining target operation aiming at the target application program; wherein the target operation comprises an allowing operation for allowing the target application program to continue running or a prohibiting operation for prohibiting the target application program from continuing running;
executing the target operation through the first running system.
2. The method according to claim 1, wherein before the first operating system acquires the target identification information of the target application program if the first operating system detects that the target application program is started, the method further comprises:
acquiring reference verification information through the first operating system;
performing identity authentication processing on the reference verification information through the first operating system to obtain the target verification information;
and writing the target verification information into a target storage area of the secure hardware module through the first operating system.
3. The method according to claim 1 or 2, wherein before the matching processing is performed on the target identification information by the first running system based on the target verification information and the target operation for the target application is determined, the method further comprises:
performing identity authentication processing on the target verification information through the first operating system;
correspondingly, the verifying the target identification information by the first running system based on the target verification information to determine the target operation for the target application program includes:
and if the target verification information passes the identity authentication processing, verifying the target identification information through the first running system based on the target verification information, and determining the target operation of the target application program.
4. The method according to claim 1, wherein if the first operating system detects that the target application is started, acquiring, by the first operating system, target identification information of the target application, includes:
if the target application program is detected to be started through the first running system, determining a target type of the target application program through the first running system;
determining, by the first operating system, a target acquisition manner for acquiring the target identification information based on the target type;
and acquiring the target identification information of the target application program based on the target acquisition mode through the first running system.
5. The method of claim 4, wherein determining, by the first operating system based on the target type, a target acquisition manner for acquiring the target identification information comprises:
if the target type is the application type, determining that the target acquisition mode is a registration process callback function through the first operation system;
and if the target type is the driving type, determining that the target acquisition mode is a registered image callback function through the first operation system.
6. The method according to any one of claims 1 to 5, wherein after the matching processing is performed on the target identification information by the first running system based on the target verification information, and a target operation for the target application is determined, the method further comprises:
counting, by the first operating system, the number of times of use of the target verification information for matching processing between the time of obtaining the target verification information from the secure hardware module and the current time;
if the number of times of use is larger than or equal to a number threshold, destroying the target verification information acquired by the first operation system through the first operation system;
or counting the target duration from the acquisition time of the target verification information acquired from the security hardware module to the current time through the first operating system;
and if the target duration is greater than or equal to a duration threshold, destroying the target verification information acquired by the first operation system through the first operation system.
7. The method according to any one of claims 1, 2 and 4, wherein the target verification information comprises information of applications allowed to run and/or information of applications forbidden to run.
8. The method of any of claims 1-2, 4-5, the first operating system comprising an operating system, the second operating system comprising a basic input output system.
9. An electronic device, the electronic device comprising: a secure hardware module and a processor; wherein:
the target hardware module is used for operating a second operating system and storing target verification information;
the processor is configured to operate a first operating system, where the first operating system is different from the second operating system, and the second operating system is configured to guide the first operating system to enter into operation, so as to implement the following steps:
if the starting of the target application program is detected, acquiring target identification information of the target application program;
acquiring the target verification information from the safety hardware module;
matching the target identification information based on the target verification information, and determining target operation aiming at the target application program; wherein the target operation comprises an allowing operation for allowing the target application program to continue running or a prohibiting operation for prohibiting the target application program from continuing running;
and executing the target operation.
10. A computer readable storage medium having a security monitoring program stored thereon, which when executed by a processor implements the steps of the security monitoring method of any of claims 1 to 8.
CN202110345820.4A 2021-03-31 2021-03-31 Safety monitoring method, electronic equipment and computer readable storage medium Pending CN113094699A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110345820.4A CN113094699A (en) 2021-03-31 2021-03-31 Safety monitoring method, electronic equipment and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110345820.4A CN113094699A (en) 2021-03-31 2021-03-31 Safety monitoring method, electronic equipment and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN113094699A true CN113094699A (en) 2021-07-09

Family

ID=76671910

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110345820.4A Pending CN113094699A (en) 2021-03-31 2021-03-31 Safety monitoring method, electronic equipment and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN113094699A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114020340A (en) * 2021-11-02 2022-02-08 联想(北京)信息技术有限公司 Server system and data processing method thereof

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114020340A (en) * 2021-11-02 2022-02-08 联想(北京)信息技术有限公司 Server system and data processing method thereof
CN114020340B (en) * 2021-11-02 2024-05-24 联想(北京)信息技术有限公司 Server system and data processing method thereof

Similar Documents

Publication Publication Date Title
US11100214B2 (en) Security enhancement method and electronic device therefor
US9990490B2 (en) Generic privilege escalation prevention
EP3779745A1 (en) Code pointer authentication for hardware flow control
EP3198399B1 (en) Detecting a change to system management mode bios code
US9516056B2 (en) Detecting a malware process
EP2262259A1 (en) Method for monitoring execution of data processing program instructions in a security module
EP3270318B1 (en) Dynamic security module terminal device and method for operating same
US11593473B2 (en) Stack pivot exploit detection and mitigation
CN109117201B (en) Program exiting method and related equipment
KR20150059564A (en) Method for integrity verification of electronic device, machine-readable storage medium and electronic device
US11170077B2 (en) Validating the integrity of application data using secure hardware enclaves
US10339307B2 (en) Intrusion detection system in a device comprising a first operating system and a second operating system
CN114238947A (en) Software protection method, system, equipment and medium for Windows system
CN113094699A (en) Safety monitoring method, electronic equipment and computer readable storage medium
CN113486413A (en) Anti-screenshot processing method, computing device and readable storage medium
KR20210001057A (en) Method for detecting and blocking ransomware
JP7483927B2 (en) Method and apparatus for detecting malicious non-executable files by modifying the execution flow of application programs
LIU et al. Online detection of SQL injection attacks based on ECA rules and dynamic taint analysis
US20200244461A1 (en) Data Processing Method and Apparatus
WO2022093186A1 (en) Code execution using trusted code record
US20220366070A1 (en) Securing Sensitive Data Executed By Program Scripts In A Computing Device
US12001545B2 (en) Detecting stack pivots using stack artifact verification
US11314855B2 (en) Detecting stack pivots using stack artifact verification
CN115242495A (en) Network service monitoring method, network service monitoring device, image forming apparatus, and storage medium
Cuppens et al. Experimenting Similarity-Based Hijacking Attacks Detection and Response in Android Systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination