CN113220329A - Method and device for dynamically tracking white list library of industrial control software updating program - Google Patents
Method and device for dynamically tracking white list library of industrial control software updating program Download PDFInfo
- Publication number
- CN113220329A CN113220329A CN202110569166.5A CN202110569166A CN113220329A CN 113220329 A CN113220329 A CN 113220329A CN 202110569166 A CN202110569166 A CN 202110569166A CN 113220329 A CN113220329 A CN 113220329A
- Authority
- CN
- China
- Prior art keywords
- software
- program
- self
- white list
- tracking
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
Abstract
The invention discloses a method and a device for dynamically tracking a white list library of an industrial control software updating program. Loading program white list control software on an industrial control host, completing the creation of a program white list library, and configuring a starting file of self-upgrading software to the program white list control software; detecting the starting of the self-upgrading software and tracking the updating behavior of the self-upgrading software; and analyzing the updating behavior of the self-upgrading software, and updating the program white list library according to the analysis result. By adopting the technical scheme of the invention, the industrial control host is protected by the white list control software in the whole working process, and the non-white list program can not be started, so that a feasible solution is provided for updating the industrial control software while the safety of the industrial control host is considered.
Description
Technical Field
The invention relates to the field of industrial control program protection, in particular to a method and a device for dynamically tracking a white list library of an industrial control software updating program.
Background
With the trend of industry 4.0 and convergence, the network security (referred to as industrial control security) problem of the traditional industrial control system has become a serious challenge for the security of enterprises and countries, and the industrial control system has been developed after undergoing a closed state for a long time due to more and more enterprise and government concerns.
In the early days, because the industrial control system usually does not upgrade the patch due to the worry of the system compatibility problem, the program white list technology under the industrial control environment is introduced aiming at the specific environment of the industrial control. Under the security protection of the white list technology, programs which are not in the white list library cannot be executed, and meanwhile, the programs in the white list library cannot be randomly modified.
But inevitably, the application will have some software upgrade requirements. Particularly in an industrial field, when industrial control software is started, a software library management server is checked whether a new version or a patch package exists or not; if so, it is downloaded and updated first. And restarting the industrial control software before the updating process is completed. The industrial control software version continuously adds the program white list in an updating mode. At this time, a way for dynamically tracking the white list library of the industrial control software updating program is needed.
Disclosure of Invention
The invention provides a method for dynamically tracking a white list library of an industrial control software updating program, which comprises the following steps:
loading program white list control software on an industrial control host, completing the creation of a program white list library, and configuring a starting file of self-upgrading software to the program white list control software;
detecting the starting of the self-upgrading software and tracking the updating behavior of the self-upgrading software;
and analyzing the updating behavior of the self-upgrading software, and updating the program white list library according to the analysis result.
The method for dynamically tracking the white list library of the industrial control software updating program, wherein the white list of the program stores the program which is identified as safe and allowed to run on the industrial control host and the executable component used for running the program; and organizing feature codes of executable program files of all program white lists into a program white list library according to a certain mode, and intercepting the starting of non-white list programs.
The method for dynamically tracking the white list library of the industrial control software update program is characterized in that the program installation detection component in the program white list control software detects the starting behavior of the self-upgrading software, and the program installation analysis component in the program white list control software tracks the updating behavior of the self-upgrading software.
The method for dynamically tracking the white list library of the industrial control software updating program as described above, wherein the self-upgrade software updating behavior includes a self-upgrade software specific process and an updating behavior of a newly created or changed file and directory of the self-upgrade software subprocess.
The method for dynamically tracking the white list library of the industrial control software updating program, wherein the detecting of the self-updating software starting and the tracking of the self-updating software updating behavior specifically comprise:
detecting whether self-upgrade software is started;
if the starting behavior of the self-upgrading software is monitored, tracking the specific process of the self-upgrading software and the behavior of newly created or changed files and directories of the software subprocess, and adding the behaviors into a tracking process group;
and detecting the process exit behavior of the tracking process group, and transmitting the process exit behavior information to the program installation analysis component.
The method for dynamically tracking the white list library of the industrial control software updating program as described above, wherein the self-upgrade software file on the current industrial control host is configured in a specific manner in advance, then the program white list control software analyzes the feature codes of the configuration items, the feature codes are added into the self-upgrade software list library, and the program installation detection component detects whether the feature codes of the started software are in the configured self-upgrade software list library, so as to use the feature codes in the self-upgrade software list library to lock which started programs are self-upgrade software.
The method for dynamically tracking the whitelisted list library of the industrial control software updating program, wherein the program installation detection component tracks the behaviors of a specific process of self-upgrade software and newly created or changed files and directories of the software subprocess and adds the behaviors into a tracking process group, and specifically comprises the following substeps:
creating a specific tracking process group according to the process of the self-upgrading software, tracking the subprocess created by the self-upgrading software, adding the subprocess created by the process in the tracking process group into the tracking process group, and transmitting the behavior information of the newly created subprocess to a program installation analysis component;
tracking the process updating behaviors of the process group, and transmitting the process updating behaviors to the program installation analysis component;
and adding the newly-built executable file and the installation package file into a temporary white list, tracking programs started in the temporary white list, adding the programs into a tracking process group, and transmitting the behavior information of the newly-built subprocess to a program installation analysis component.
The method for dynamically tracking the white list library of the industrial control software updating program, wherein the self-upgrading software updating behavior is analyzed, and the white list library of the program is updated according to the analysis result, specifically comprising:
judging whether the file is newly created or modified executable file or not from the behavior information of file modification, and if the file is newly created or modified executable file, adding the executable file into a white list knowledge base;
scanning the newly created directory, and adding an executable file in the new directory into a white list knowledge base;
and judging whether the self-upgrade software file is changed or not, if the self-upgrade software file is changed, calculating the feature code of the changed file, and updating the feature code into a self-upgrade software list library.
The invention also provides a device for dynamically tracking the white list library of the industrial control software updating program, which is characterized in that the dynamic tracking device comprises a self-upgrading software module and a program white list control software module; the dynamic tracking device executes the method for dynamically tracking the white list library of the industrial control software updating program.
The device for dynamically tracking the white list library of the industrial control software update program, wherein the white list control software module specifically comprises a program installation detection component and a program installation analysis component; a starting file of a self-upgrading software module is configured in a program white list control software module, whether a self-upgrading software program is started or not is detected through a program installation detection part, and the updating behavior of the self-upgrading software is tracked; and analyzing the behavior process of the whole self-upgrading software through the program installation analysis component.
The present invention also provides a computer-readable storage medium, wherein the computer storage medium contains one or more program instructions for executing, by a processor, any one of the above methods for dynamically tracking white list library of industrial control software update.
The invention has the beneficial effects that: by adopting the technical scheme of the invention, the industrial control host is protected by the white list control software in the whole working process, and the non-white list program can not be started, so that a feasible solution is provided for updating the industrial control software while the safety of the industrial control host is considered.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without inventive efforts, wherein:
FIG. 1 is a schematic diagram of the dynamic tracking apparatus of the present invention;
FIG. 2 is a flow chart of the updating of the self-upgrade software of the present invention;
FIG. 3 is a flowchart of a method of dynamically tracking a whitelist library of industrial control software updates in accordance with the present invention;
FIG. 4 is a detailed tracking process flow diagram;
FIG. 5 is a flowchart of a process for performing a duplicate upgrade.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example one
The embodiment of the invention provides a method for dynamically tracking a white list library of an industrial control software updating program, which is applied to a device for dynamically tracking the white list library of the industrial control software updating program, wherein the device can be an industrial control host, and can realize the automatic software updating of the industrial control host and the capability of automatically tracking the white list library of the industrial control software updating program. As shown in fig. 1, the apparatus 100 includes a self-upgrade software module 110 and a program white list control software module 120, wherein:
the self-upgrade software module 110 comprises industrial control software which has self-upgrade capability and contains a starting detection feature code in an industrial control host, can request version check and update from a server, downloads a new version of an installation package, and automatically installs the self-upgrade software of the new version of the installation package;
wherein, the updating of self-upgrade software is as shown in fig. 2, a certain software main program in the industrial control host is started, and the upgrade agent software is started to perform the automatic upgrade operation of the software, which specifically comprises the following steps: downloading a patch or an installation program from a server, decompressing the patch if the patch is the patch, and replacing an old file with a new file, and starting the new installation program if the patch is the installation program, and replacing the old file with the new file; and then starting the upgraded file.
A program white list control software module 120, which is program white list control software having functions of intercepting illegal programs, detecting self-upgrade of programs, and updating a program white list library according to self-upgrade behavior; specifically, the program installation detection unit 121 and the program installation analysis unit 122 are included; a start file of the self-upgrading software module 110 is configured in the program white list control software module 120, whether a self-upgrading software program is started or not is detected through the program installation detection part 121, and the updating behavior of the self-upgrading software is tracked; the behavior process of the entire self-upgrade software is analyzed by the program installation analyzing section 122.
As shown in fig. 3, the method for dynamically tracking the white list library of the industrial control software update program includes:
the program white list stores the program which is identified as safe and allowed to run on the industrial control host and the executable component used for running the program; organizing feature codes of executable program files of all program white lists into a program white list library (also called a program white list knowledge library) according to a certain mode, and intercepting the starting of non-white list programs; and the program white list control software judges whether the started program is a program white list or not according to the characteristic information of the program white list library so as to intercept illegal program starting.
The method comprises the following steps that program white list program software is installed on an industrial personal computer in an automatic or manual mode, and a specific starting file of self-upgrading software is configured to the program white list control software in an automatic or manual mode, so that under the protection of the program white list control software, executable files which are not in a program white list are guaranteed to be intercepted during starting and cannot be started in the whole working process of the industrial personal computer.
It should be noted that, since the industrial control software needs to be updated continuously, when a new version is deployed to the server, the industrial control host opens the industrial control software again, and the processing is continued from step 320 because the industrial control software is protected by the white list control software of the loaded program.
after the program white list control software is installed on the industrial control host, a program installation detection component in the program white list control software detects the starting behavior of the self-upgrading software, and a program installation analysis component in the program white list control software tracks the specific process of the self-upgrading software and the new creation of the subprocess of the self-upgrading software or the updating behavior of a modified file and a directory;
the method comprises the following steps of detecting the starting of the self-upgrading software and tracking the updating behavior of the self-upgrading software, and specifically comprises the following substeps:
step 321, detecting whether self-upgrade software is started, if the starting behavior of the self-upgrade software is monitored, executing step 322, otherwise, continuing to execute step 321;
the method comprises the steps that a self-upgrade software file on a current industrial host is configured in a specific mode by an administrator of program white list control software in advance, feature codes of configuration items are analyzed by the program white list control software, the feature codes are added into a self-upgrade software list library, and a program installation detection part detects whether the feature codes of started software are in the configured self-upgrade software list library or not, so that the feature codes in the self-upgrade software list library are used for locking which started programs are self-upgrade software.
Step 322, tracking the behavior of newly created or changed files and directories of the self-upgrading software specific process and the software subprocess, and adding the behavior into a tracking process group;
in the embodiment of the invention, the program installation detection part tracks the self-upgrade software, and various behaviors of the self-upgrade software are added into a tracking process group, and the method specifically comprises the following substeps:
step1, creating a specific tracking process group according to the process of the self-upgrading software, tracking the sub-process created by the self-upgrading software, adding the sub-process created by the process in the tracking process group into the tracking process group, and transmitting the behavior information of the newly created sub-process to a program installation analysis component.
Step2, tracking the process updating behaviors of the process group, and transmitting the process updating behaviors to a program installation analysis component; wherein, the process update behavior includes but is not limited to a create file (directory) behavior, a modify file (directory) behavior, a delete file (directory) behavior, a rename file (directory) behavior, and the like.
Step3, adding the new executable file and the installation package file into a temporary white list, tracking programs started in the temporary white list, adding the programs into a tracking process group, and transmitting the behavior information of the newly created sub-process to a program installation analysis component.
Step 323, detecting and tracking the process exit behavior of the process group, and transmitting the information of the process exit behavior to a program installation analysis component;
specifically, the program installation detection component detects the process exit behavior of the tracking process group, transmits the process exit behavior information to the program installation analysis component, and indicates that the whole tracking process is finished after the last process exits.
Referring back to fig. 2, step 330, analyzing the updating behavior of the self-upgrading software, and updating the program white list library according to the analysis result;
in the embodiment of the present invention, the analyzing of the self-upgrading software updating behavior by the program installation analyzing component and the updating of the program white list library according to the analysis result specifically include:
judging whether the file is newly created or modified executable file or not from the behavior information of file modification, and if the file is newly created or modified executable file, adding the executable file into a white list knowledge base;
scanning the newly created directory, and adding an executable file in the new directory into a white list knowledge base;
and thirdly, judging whether the self-upgrading software file is changed or not, if the self-upgrading software file is changed, calculating the feature code of the changed file, and updating the feature code into a self-upgrading software list library.
Fig. 4 shows a specific tracking process, after the self-upgrade software is started, detecting whether the feature code of the software is in the self-upgrade software list library, if so, setting a tracking root process mark for the self-upgrade software, setting a tracking mark for the starting process of the self-upgrade software, setting a tracking mark which is the same as that of a parent process for a child process of the process with the tracking mark, recording file information started by a special process with the tracking mark into a file updating table, judging the type of the updated file, if the feature code is in the self-upgrading software list library, the feature code of the new software is calculated and added into the self-upgrading software list library, if the file is an executable file, the file is added into the program white name list library, and if the file in the file updating table has a directory, the executable file of the directory is added into the program white name list library.
Fig. 5 shows that the process of repeated upgrade is performed, the self-upgrade software is started, and after the new software is successfully installed and added into the program whitename list library and the self-upgrade software list library, if there is a repeated upgrade operation, that is, the new version software is started again, the new version software can be successfully started because it is in the program whitename list library, and the new version software is in the self-upgrade software list library, so that the next update upgrade can be performed.
By adopting the technical scheme of the invention, the following technical effects can be achieved:
(1) the embodiment of the invention provides a method for dynamically tracking a white list library of an industrial control software updating program, which tracks the updating process of self-updating software for multiple times, adds an updated executable file into a white list knowledge base, and adds learned self-updating feature information into the self-updating software list library, so that the updated software is ensured to have the capability of updating the file into the white list knowledge base;
(2) the uniqueness of the software can be effectively identified by using the feature codes, and the capability of updating files to a white list knowledge base of the untrusted software due to misoperation or virus invasion is effectively avoided.
Corresponding to the foregoing embodiments, an embodiment of the present invention provides a dynamic tracking apparatus, including: at least one memory and at least one processor;
the memory is used for storing one or more program instructions;
and the processor is used for running one or more program instructions and executing a method for dynamically tracking the white list library of the industrial control software updating program.
In accordance with the embodiments described above, embodiments of the present invention provide a computer-readable storage medium, where one or more program instructions are included, and the one or more program instructions are used for a processor to execute a method for dynamically tracking a white list library of industrial control software updates.
The disclosed embodiments of the present invention provide a computer-readable storage medium having stored therein computer program instructions which, when run on a computer, cause the computer to perform the above-described method.
In an embodiment of the invention, the processor may be an integrated circuit chip having signal processing capability. The Processor may be a general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete Gate or transistor logic device, discrete hardware component.
The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The processor reads the information in the storage medium and completes the steps of the method in combination with the hardware.
The storage medium may be a memory, for example, which may be volatile memory or nonvolatile memory, or which may include both volatile and nonvolatile memory.
The nonvolatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory.
The volatile Memory may be a Random Access Memory (RAM) which serves as an external cache. By way of example, and not limitation, many forms of RAM are available, such as Static Random Access Memory (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), SLDRAM (SLDRAM), and Direct Rambus RAM (DRRAM).
The storage media described in connection with the embodiments of the invention are intended to comprise, without being limited to, these and any other suitable types of memory.
Those skilled in the art will appreciate that the functionality described in the present invention may be implemented in a combination of hardware and software in one or more of the examples described above. When software is applied, the corresponding functionality may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
The above-mentioned embodiments, objects, technical solutions and advantages of the present invention are further described in detail, it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the present invention should be included in the scope of the present invention.
Claims (10)
1. A method for dynamically tracking a white list library of an industrial control software updating program is characterized by comprising the following steps:
loading program white list control software on an industrial control host, completing the creation of a program white list library, and configuring a starting file of self-upgrading software to the program white list control software;
detecting the starting of the self-upgrading software and tracking the updating behavior of the self-upgrading software;
and analyzing the updating behavior of the self-upgrading software, and updating the program white list library according to the analysis result.
2. The method for dynamically tracking the white list library of the industrial control software updating program according to claim 1, wherein the white list of the program stores the programs which are identified as safe and allowed to run on the industrial control host and the executable components used for running the programs; and organizing feature codes of executable program files of all program white lists into a program white list library according to a certain mode, and intercepting the starting of non-white list programs.
3. The method of claim 1, wherein the startup behavior of the self-upgrade software is detected by a program installation detection component in the program white list control software, and the tracking of the self-upgrade software update behavior is tracked by a program installation analysis component in the program white list control software.
4. The method for dynamically tracking the white list library of the industrial control software updating program according to claim 3, wherein the steps of detecting the start of the self-updating software and tracking the updating behavior of the self-updating software specifically comprise:
detecting whether self-upgrade software is started;
if the starting behavior of the self-upgrading software is monitored, tracking the specific process of the self-upgrading software and the behavior of newly created or changed files and directories of the software subprocess, and adding the behaviors into a tracking process group;
and detecting the process exit behavior of the tracking process group, and transmitting the process exit behavior information to the program installation analysis component.
5. The method of claim 4, wherein the self-upgrade software files on the current industrial host are pre-configured in a specific manner, the program white list control software analyzes the feature codes of the configuration items and adds the feature codes to the self-upgrade software list library, and the program installation detection unit detects whether the feature codes of the started software are in the configured self-upgrade software list library, so as to use the feature codes in the self-upgrade software list library to lock which started programs are self-upgrade software.
6. The method for dynamically tracking the whitelist library of the industrial control software update program according to claim 4, wherein the program installation detection component tracks the behavior of a specific process of the self-upgrade software and a new created or changed file and directory of the software subprocess, and adds the behavior to the tracking process group, and the method specifically comprises the following sub-steps:
creating a specific tracking process group according to the process of the self-upgrading software, tracking the subprocess created by the self-upgrading software, adding the subprocess created by the process in the tracking process group into the tracking process group, and transmitting the behavior information of the newly created subprocess to a program installation analysis component;
tracking the process updating behaviors of the process group, and transmitting the process updating behaviors to the program installation analysis component;
and adding the newly-built executable file and the installation package file into a temporary white list, tracking programs started in the temporary white list, adding the programs into a tracking process group, and transmitting the behavior information of the newly-built subprocess to a program installation analysis component.
7. The method for dynamically tracking the white list library of the industrial control software updating program according to claim 1, wherein the step of analyzing the updating behavior of the self-upgrading software and updating the white list library of the program according to the analysis result comprises the following steps:
judging whether the file is newly created or modified executable file or not from the behavior information of file modification, and if the file is newly created or modified executable file, adding the executable file into a white list knowledge base;
scanning the newly created directory, and adding an executable file in the new directory into a white list knowledge base;
and judging whether the self-upgrade software file is changed or not, if the self-upgrade software file is changed, calculating the feature code of the changed file, and updating the feature code into a self-upgrade software list library.
8. A device for dynamically tracking a white list library of an industrial control software updating program is characterized in that the dynamic tracking device comprises a self-upgrading software module and a program white list control software module; the dynamic tracking device executes the method for dynamically tracking the white list library of the industrial control software updating program according to any one of claims 1 to 8.
9. The apparatus for dynamically tracking a white list library of industrial control software updates as recited in claim 8, wherein the white list control software module comprises in particular a program installation detection component and a program installation analysis component; a starting file of a self-upgrading software module is configured in a program white list control software module, whether a self-upgrading software program is started or not is detected through a program installation detection part, and the updating behavior of the self-upgrading software is tracked; and analyzing the behavior process of the whole self-upgrading software through the program installation analysis component.
10. A computer readable storage medium containing one or more program instructions for executing by a processor a method for dynamically tracking white list libraries of industrial control software updates as claimed in any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110569166.5A CN113220329A (en) | 2021-05-25 | 2021-05-25 | Method and device for dynamically tracking white list library of industrial control software updating program |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110569166.5A CN113220329A (en) | 2021-05-25 | 2021-05-25 | Method and device for dynamically tracking white list library of industrial control software updating program |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113220329A true CN113220329A (en) | 2021-08-06 |
Family
ID=77098147
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110569166.5A Pending CN113220329A (en) | 2021-05-25 | 2021-05-25 | Method and device for dynamically tracking white list library of industrial control software updating program |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113220329A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101788915A (en) * | 2010-02-05 | 2010-07-28 | 北京工业大学 | White list updating method based on trusted process tree |
| WO2016121391A1 (en) * | 2015-01-28 | 2016-08-04 | Ricoh Company, Limited | Information processing device, program, and recording medium |
| CN109145532A (en) * | 2018-08-20 | 2019-01-04 | 北京广成同泰科技有限公司 | A kind of program white list management method and system for supporting on-line software updating |
| CN111158736A (en) * | 2019-12-25 | 2020-05-15 | 北京珞安科技有限责任公司 | Method for intelligently capturing patch update file of WINDOWS operating system |
-
2021
- 2021-05-25 CN CN202110569166.5A patent/CN113220329A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101788915A (en) * | 2010-02-05 | 2010-07-28 | 北京工业大学 | White list updating method based on trusted process tree |
| WO2016121391A1 (en) * | 2015-01-28 | 2016-08-04 | Ricoh Company, Limited | Information processing device, program, and recording medium |
| CN109145532A (en) * | 2018-08-20 | 2019-01-04 | 北京广成同泰科技有限公司 | A kind of program white list management method and system for supporting on-line software updating |
| CN111158736A (en) * | 2019-12-25 | 2020-05-15 | 北京珞安科技有限责任公司 | Method for intelligently capturing patch update file of WINDOWS operating system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8230479B2 (en) | Security deployment system | |
| US8140839B2 (en) | Method and system of file manipulation during early boot time by accessing user-level data | |
| US10162965B2 (en) | Portable media system with virus blocker and method of operation thereof | |
| CN110325994B (en) | Apparatus and method for enhancing control flow integrity of software applications | |
| CN108228077B (en) | Storage area management method, operation method, device, equipment and readable medium | |
| CN114186239A (en) | Program white list method and device based on path information | |
| CN112579202A (en) | Method, device, equipment and storage medium for editing service program of Windows system | |
| CN110837383B (en) | Application installation-free upgrading method and device | |
| CN113220329A (en) | Method and device for dynamically tracking white list library of industrial control software updating program | |
| CN111046377A (en) | Method and device for loading dynamic link library, electronic equipment and storage medium | |
| US20220318393A1 (en) | Trusted Boot-Loader Authentication | |
| CN116150739A (en) | Automatic stack overflow defense method based on dynamic protection of key address | |
| EP3940566A1 (en) | Using a variable write profile for detecting intrusion of a computer program | |
| US11893113B2 (en) | Return-oriented programming protection | |
| CN112860287A (en) | System program upgrading method and device, computer equipment and storage medium | |
| CN112527371A (en) | Boot loader upgrading method and device, electronic equipment and storage medium | |
| KR101862382B1 (en) | Method and device for managing application data in Android | |
| CN115080966B (en) | Dynamic white list driving method and system | |
| US11816211B2 (en) | Active signaling in response to attacks on a transformed binary | |
| CN116628767B (en) | Method for preventing flash system firmware attack after system start and flash controller | |
| US20230129942A1 (en) | Method for locking a rewritable non-volatile memory and electronic device implementing said method | |
| CN114611105A (en) | Harmful script identification method, device, equipment and storage medium | |
| CN116842524A (en) | Application safety real-time hot-patch method and device | |
| CN117688551A (en) | Startup path white list updating method and device, electronic equipment and storage medium | |
| KR20230100441A (en) | Method for self integrity verification of dynamic library and apparatus thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |