CN113360856A - Policy setting system and method based on authority control - Google Patents
Policy setting system and method based on authority control Download PDFInfo
- Publication number
- CN113360856A CN113360856A CN202110747098.7A CN202110747098A CN113360856A CN 113360856 A CN113360856 A CN 113360856A CN 202110747098 A CN202110747098 A CN 202110747098A CN 113360856 A CN113360856 A CN 113360856A
- Authority
- CN
- China
- Prior art keywords
- application program
- authority
- file
- policy
- control file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 230000001960 triggered effect Effects 0.000 claims description 16
- 230000006978 adaptation Effects 0.000 claims description 6
- 230000007246 mechanism Effects 0.000 claims description 5
- 230000006399 behavior Effects 0.000 abstract description 45
- 230000006870 function Effects 0.000 abstract description 16
- 230000009471 action Effects 0.000 abstract description 6
- 238000007726 management method Methods 0.000 description 183
- 230000004888 barrier function Effects 0.000 description 8
- 230000008901 benefit Effects 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 230000002155 anti-virotic effect Effects 0.000 description 3
- 238000012827 research and development Methods 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Abstract
The invention relates to a system and a method for setting a policy based on authority control, wherein the system at least comprises a server and a security control file, the security control file arranged at the initial operating position of an application program limits the authority of the application program according to a first policy configuration file pushed by the server, the security control file triggers the operation based on the operation of the application program, and the security control file correspondingly limits and controls the authority of the application program item by item according to list items of an authority policy list of the first policy configuration file. Aiming at the software containing the authority abuse or malicious behaviors, the invention cuts off the malicious behavior action according to the strategy, closes the authority with hidden danger, reserves other functions useful for the user, reserves and allows the execution of the functions, so that the software can meet the requirements of the user and ensure the information safety of the user.
Description
The invention discloses a system and a method for safely controlling software authority and behaviors, which have an application number of 201611095114.4, an application date of 2016, 12, month and 1 and an application type of divisional application.
Technical Field
The invention relates to the technical field of application program adaptation, in particular to a policy setting system and method based on authority control.
Background
With the development of software systems and the internet, application software with various functions appears in large quantity, and the abundant requirements of people on the software in work and life are met. But at the same time, malware and rogue software on computers, especially mobile devices, are layered endlessly and difficult for users to discriminate. Particularly, some APP provided by some manufacturers for free is seemingly functional and safe, but the software will collect the privacy information of the user in the background, such as: geographical position, address book content, SMS, photo etc to on secretly uploading the server of firm with these privacy information, cause the information to reveal the hidden danger.
For similar malicious software or rogue software, a common user cannot identify the authority and the behavior of the software on one hand, and on the other hand, even if the common user knows that the software has the privacy disclosure risk, many users have to compromise considering that the software has the functional advantage that other software is difficult to replace, and continue to run and collect information by the software.
At present, antivirus software and security guard type tools on the market monitor the software externally, once the software is found to have violation phenomena in the authority or behavior, the software is directly closed, even the software is unloaded, and the authority and the behavior of the software are difficult to be accurately controlled.
Chinese patent CN 105389263 a discloses an application software permission monitoring method, which includes: downloading a third-party application software installation package; analyzing the attributes of the third-party application software, the process name during starting and the applied authority, wherein the attributes at least comprise a package name, activity, services, broadcast and permission; generating a joba for comparison and verification according to the information obtained by analysis; and installing the generated jobs to a tested terminal with security software, and installing third-party application software by the tested terminal according to the description of the jobs and performing comparison and verification. Although the patent can monitor the access authority of the software, the user needs to install the security software in the operating system, and the software cannot realize the control of the authority and the behavior.
Chinese patent CN104298916A discloses an application management method, an application management system and a user device. The application management method includes the following steps. The original application program is received, and the usage right management program code is injected into the original application program through the repackaging program so as to generate the repackaging application program. The repackaged application is exposed for the user device to download and install the repackaged application, wherein the user device executes the client program. When the user device executes the repackaging application program, the right of use management program code sends out a right of use check request to start the client program to send out a right of use check response according to the right of use information of the repackaging application program. The usage rights check response indicates whether the repackaging application can continue execution. When the usage rights check response indicates that the repackaging application is not available for further execution, the usage rights management program code terminates the repackaging application.
Chinese patent CN104484599A discloses a behavior processing method and device based on application program, the method includes: when the starting operation of an application program is detected, behavior authority information corresponding to the application program is acquired; monitoring behavior information of the application program; and processing the behavior information according to the behavior authority information.
Chinese patent CN103761471A discloses a method and apparatus for installing application based on intelligent terminal device. The method comprises the following steps: in the process of installing the application program, after monitoring that the application program needs to read a configuration information file, loading an application program authorization permission list interface set for the application program to be installed, wherein the application program authorization permission list interface is an interface for providing an authorization permission list for modifying the application program, contains one or more behavior permissions selectively authorized by a user for the application program to be installed, and records the modification of the application program authorization permission list; and after the application program is installed, updating the behavior authority of the application program according to the modification record of the authorization authority list of the application program.
For software containing abuse of authority or malicious behaviors, the prior art manages and controls the software in a one-time prohibition mode.
The system provided by the invention can upgrade and produce a new safety control file according to the permission change of the application program aiming at the software containing the permission abuse or malicious behavior, and prevents the situation that the permission range is changed to influence the use safety of a user due to the remote authority calling of the application program. The invention does not simply and roughly forbid the operation and the use of the application program, but cuts off the action of malicious behavior according to the strategy and closes the authority with hidden danger, other functions useful for the user in the application program are reserved and allowed to be executed, antivirus software or security guard and other monitoring software do not need to be installed in an operating system by the user, the application program can realize the control of the authority and the security behavior,
disclosure of Invention
Aiming at the defects of the prior art, the invention provides a method for safely managing and controlling software authority and behaviors, which is characterized by comprising the following steps:
setting a security management and control file for managing and controlling the authority of the application program based on the policy configuration file in the form of codes at the initial position of the running of the application program in the form of program codes,
the security management file triggered based on the running of the application program limits the authority of the application program according to a first policy configuration file pushed by a server,
and the server generates and pushes a second policy configuration file to the security management and control file of the application program based on the authority information and the running condition of the application program fed back by the security management and control file.
According to a preferred embodiment, the server adjusts the first policy configuration file into the second policy configuration file based on the information of the authority to be controlled of the application program marked and fed back by the security control file,
the security management and control file limits the authority of the application program based on the authority policy list of the second policy configuration file.
According to a preferred embodiment, the security management and control file adjusts the permission policy list of the second policy configuration file based on the operation barrier of the application program so as to generate a third policy configuration file, and the security management and control file marks the third policy configuration file and version information of the application program corresponding to the third policy configuration file and pushes the third policy configuration file and the version information of the application program to the server for storage.
According to a preferred embodiment, the server selects a first policy configuration file, a second policy configuration file or a third policy configuration file matched with the version information of the application program fed back by the security management and control file according to the version information of the application program fed back by the security management and control file, and pushes the selected first policy configuration file, the second policy configuration file or the third policy configuration file to the security management and control file in the application program.
According to a preferred embodiment, the server pushes update information to the security management and control file according to the authority information of the failed management and control fed back by the security management and control file and the version information of the corresponding application program, so as to update the security management and control file.
According to a preferred embodiment, the step of setting a security management and control file for managing and controlling the application program authority based on a policy configuration file in the form of a code at an initial position of the application program running in the form of program code comprises:
disassembling, reversely assembling and/or reversely compiling the application program to be managed into program codes,
setting the code of the safety control file to an initial position or an initialization node position running in program codes,
and forward compiling the program code provided with the safety control file into an application program controlled by the safety control file.
According to a preferred embodiment, the security management and control file calculates and judges the number of times and time of starting the limit authority in the operation of the application program based on the policy requirement of the first policy configuration file or the second policy configuration file, and intercepts the limit information sent by the limit authority;
and the safety management and control file recalculates and judges the starting times and time of the limit authority in the operation of the application program based on the operation obstacle of the application program, so that a third strategy configuration file is generated, and the recalculated and judged starting times and time of the limit authority and the limit information are pushed to the server for storage.
According to a preferred embodiment, the security management and control file determines the limit authority by comparing the authority information listed in the authority policy list in the policy configuration file with the authority information applied by the application program,
the management and control instruction of the security management and control file is triggered based on the starting of the limit authority so as to prevent the starting of the limit authority and/or intercept the limit information sent by the limit authority.
According to a preferred embodiment, in the case that the security management and control file loses signal connection with the server, the security management and control file adds the to-be-managed authority information of the application program, which is not recorded in the authority policy list of the first policy profile, to the authority policy list and sets the to-be-managed authority information to a disabled state, thereby generating the second policy profile,
the security management and control file adjusts the permission policy list of the second policy configuration file based on the operation barrier of the application program so as to generate a third policy configuration file.
A system for safely managing and controlling software authority and behavior is characterized by comprising a server, a piece placing module, a compiling module and a safety management and control file,
the server stores code of a security management and control file and pushes a policy configuration file based on feedback information of the security management and control file,
the compiling module disassembles, reversely assembles and/or reversely compiles the application program to be managed into program codes,
the install-in module sets a security management and control file for managing and controlling the authority of the application program based on the policy configuration file in the form of code at the initial position of the running of the application program in the form of program code,
the security management file triggered based on the running of the application program limits the authority of the application program according to the first policy configuration file pushed by the server,
and the server generates and pushes a second policy configuration file to the security management and control file of the application program based on the authority information and the running condition of the application program fed back by the security management and control file.
The invention also provides a policy setting system based on authority control, which at least comprises a server and a security control file, wherein the security control file arranged at the initial operating position of the application program limits the authority of the application program according to the first policy configuration file pushed by the server, the security control file triggers the operation based on the operation of the application program, and the security control file correspondingly limits and controls the authority of the application program item by item according to the list items of the authority policy list of the first policy configuration file.
Preferably, the security management and control file is set in the form of code at an initial position where the application program in the form of program code runs.
Preferably, after the code of the security management and control file is set at the starting position or the initialization node position of the program operation, the operation mechanism of the application program is changed,
and when the application program runs to the initial position or the position of the initialization node, executing the code of the security control file, and returning to continue executing the subsequent encoding program of the application program after the code of the security control file is executed.
Preferably, the security management and control file feeds back the authority not shown in the authority policy list to the server, and the server adjusts the authority policy list of the pushed first policy configuration file based on the authority information and the operating condition of the application program fed back by the security management and control file, and adds a new authority, so as to generate a second policy configuration file containing an updated authority policy list and feed back the second policy configuration file to the security management and control file.
Preferably, the security management and control file calculates and judges the starting times and time of the limit authority in the operation of the application program based on the policy requirement of the first policy configuration file or the second policy configuration file, and intercepts the limit information sent by the limit authority; and the safety management and control file recalculates and judges the starting times and time of the limit authority in the operation of the application program based on the operation obstacle of the application program, so that a third strategy configuration file is generated, and the recalculated and judged starting times and time of the limit authority and the limit information are pushed to the server for storage.
The invention also provides a policy setting method of the policy setting system based on the authority control, which comprises the following steps:
the security management and control file arranged at the initial running position of the application program limits the authority of the application program according to the first policy configuration file pushed by the server, wherein,
and the security control file triggers the operation based on the operation of the application program, and correspondingly limits and controls the authority of the application program item by item according to the list items of the authority policy list of the first policy configuration file.
The invention also provides an adaptation system of the application program, which at least comprises a server, a placing module and a compiling module, wherein the compiling module disassembles, reversely assembles and/or reversely compiles the application program to be controlled into program codes, the placing module sets a security control file for controlling the authority of the application program based on the policy configuration file at an initial position of the running of the application program in the form of the program codes in the form of codes, and the security control file triggered based on the running of the application program limits the authority of the application program according to the first policy configuration file, the second policy configuration file or the third policy configuration file pushed by the server.
Preferably, after the code of the security management and control file is set at the starting position or the initialization node position of the program operation, the operation mechanism of the application program is changed,
and when the application program runs to the initial position or the position of the initialization node, executing the code of the security control file, and returning to continue executing the subsequent encoding program of the application program after the code of the security control file is executed.
The invention also provides an adaptation terminal of the application program, which at least comprises a setting module and a compiling module, wherein the compiling module disassembles, reversely assembles and/or reversely compiles the application program to be controlled into program codes, and the setting module sets a security control file for controlling the application program authority based on the policy configuration file at the initial position of the application program running in the form of the program codes in the form of codes.
Preferably, the terminal is connected to a server, and the security management and control file triggered based on the operation of the application program limits the authority of the application program according to the first policy configuration file, the second policy configuration file, or the third policy configuration file pushed by the server.
The invention has the beneficial technical effects that:
1. aiming at software containing permission abuse or malicious behaviors, the method does not simply and roughly forbid the operation and the use of the software, but cuts off the actions of the malicious behaviors and closes the permissions with hidden dangers according to the strategy. Other functions of the application that are useful to the user are retained and allowed to execute.
2. The application program can realize the control of the authority and the safety behavior without relying on the user to install antivirus software or monitoring software such as a safety guard and the like in an operating system.
3. The traditional method for manually setting the prohibited authority is one-sided, which easily causes running obstacles of some application programs or cannot prohibit the authority which is not set. The invention adjusts the authority relative to the running of the application program on the basis of manual setting, and further forbids other unnecessary authorities which are not set without influencing the running of the application program.
Drawings
FIG. 1 is a logic diagram of the method of the present invention; and
FIG. 2 is a logical schematic of the system of the present invention.
List of reference numerals
10: the server 20: the placement module 30: compiling module
40: security management and control file
Detailed Description
The following detailed description is made with reference to the accompanying drawings.
The content of the security control file comprises the type of the authority, the trust level, the name of the authority group and the functions related to the personal privacy information to be controlled under the authority group.
The application program in the invention is an application program provided by a third-party program developer and used for being installed on a user computer system or an intelligent device system. The computer system comprises a Windows system, an XP system and a Linux system. The intelligent equipment system comprises an IOS system and an Android system.
The server comprises a remote server and a cloud server.
As shown in fig. 1, the present invention provides a method for securely managing and controlling software permissions and behaviors, including:
s1: setting a security management and control file for managing and controlling the application program authority based on the policy configuration file at an initial running position of the application program in a program coding form in a code form;
s2: the security management and control file triggered based on the running of the application program limits the authority of the application program according to a first policy configuration file pushed by a server;
s3: and the server generates and pushes a second policy configuration file to the security management and control file of the application program based on the authority information and the running condition of the application program fed back by the security management and control file.
In the invention, the authority behaviors of the application program comprise: the real-time authority of behaviors such as dialing a call, sending a short message and/or a multimedia message, opening a 2G/3G/4G network privately, opening a WLAN network privately, opening a Bluetooth network privately, reading a contact person, reading a call record, reading a short message and/or a multimedia message, acquiring the position of a mobile phone, recording by using a microphone, opening a camera, writing/deleting a contact person, writing/deleting a call record, writing/deleting a short message and/or a multimedia message and the like. The invention is not limited to the kind of behavior, which may also include other kinds of behavior of the application.
The rights restrictions of the present invention include allowing access and prohibiting access. The safety control file sets different authorities according to different application programs. For example, for the application WeChat, the security management and control file sets an access permission for allowing access to the foreground running state of the WeChat, sets an access permission for forbidding access to the temporary running state of the WeChat, and sets a refined access permission for the background running state of the WeChat. Such as: for the background running state of the WeChat, the access authority for the GPS resource of the system resource can be set as permission to access, the access authority for the address book of the system resource is set as prohibition to access, and the like, and the method is not limited to the background running state of the WeChat.
The safety control file is a management file formed after a service team manually writes and repeatedly tests the safety control file. The safety control file can be a complete executable program or a section of code. The encoding language of the safety control file includes a PASCAL language, a C language, a FORTRAN language, a BASIC language, a COBOL language, a FOXBASE language, and the like.
Example 1
The embodiment provides a method for performing security control on software permission and behavior, which includes:
s1: setting a security management and control file for managing and controlling the authority of the application program based on the policy configuration file in the form of codes at the initial position of the running of the application program in the form of program codes,
s2: the security management file triggered based on the running of the application program limits the authority of the application program according to a first policy configuration file pushed by a server,
s3: and the server generates and pushes a second policy configuration file to the security management and control file of the application program based on the authority information and the running condition of the application program fed back by the security management and control file.
The present embodiment describes a method for securely managing and controlling software rights and behaviors as follows.
S1: and setting a security management and control file for managing and controlling the authority of the application program based on the policy configuration file in the form of codes at the initial position of the running of the application program in the form of program codes.
The application program to be installed can apply for various authorities during operation, such as acquiring a geographical position, reading an address list, accessing a camera, a microphone and the like. These rights and behaviors are not necessarily required for the functionality that the developer of the application claims to provide, may be code that the developer is in the position to gain additional added benefit, or may be post-injected by the vendor of the software download channel to be superimposed, and thus may be superfluous or even harmful to the end application user. For example: some developer makes a free game program, the game program only provides picture interactive intelligence-benefiting games, and the game program does not have the game function based on the geographic position or the online game function with communication friends, but the game program can be operated to apply for obtaining the authority of the geographic position of the system and the authority of accessing the address book, and the actual purpose is to upload user information to the server and sell the user information to other advertising companies for profit.
The application programs of the present invention include application programs that are published or not published by developers. When a user of the application program prepares to use the application program in a specific range and needs to ensure the safety and the controllability of the application program, the safety control file is set into the program code of the application program, so that the application program has the function of safely controlling the self authority, and then the application program with the safety control function is used in the specific range. The security management and control file is a universal version applicable to most applications. For a special application program discovered in a later stage, code confusion or encryption protection may be performed, and a code directly injected into a security management and control file may cause a failure of a monitoring function. Therefore, the safety control file can be modified perfectly and updated very after being upgraded, and better compatibility and universality are achieved.
Preferably, the step of setting a security management and control file for managing and controlling the authority of the application program based on the policy configuration file in the form of a code at an initial position of the running of the application program in the form of program code includes:
s11: disassembling, reversely assembling and/or reversely compiling the application program to be controlled into program codes;
s12: setting codes of the safety control file at an initial position or an initialization node position operated in a program code;
s13: and forward compiling the program code provided with the safety control file into an application program controlled by the safety control file.
And disassembling the application program to be managed and controlled into program codes. Or reversely compiling the application program needing to be managed into the program code in the form of SMALI or JAVA.
Finding the starting position of program operation in the program codes of the application program, and setting the codes of the security management and control file at the starting position of the program operation or the position of an initialization node. The setting of the safety control file is equivalent to changing the running mechanism of the application program. When the application program runs to the initial position or the position of the initialization node, the code of the safety control file is executed. And returning to continuously execute the subsequent encoding program of the application program after the code of the security management and control file is executed.
After the setting of the safety control file is completed, the changed and set application program is subjected to forward assembly or forward compiling again to form the application program which can be normally installed and operated and has the safety control function and is used for releasing in a specific range.
S2: the security management and control file triggered based on the running of the application program limits the authority of the application program according to a first policy configuration file pushed by a server.
The safety control file triggers the operation based on the operation of the application program. When the security control file runs, policy configuration file request information is sent to the server, and the server responds to the request of the security control file and pushes the latest first policy configuration file to the security control file. The first policy profile contains a list of permission policies. The authority policy list displays partial forbidding authority and permission of enabling so as to ensure the information security of the application program. And the safety control file correspondingly limits and controls the authority of the application program item by item according to the list items of the authority strategy list of the first strategy configuration file. Or when the application program tries to run the authority displayed in the authority policy list, the security management and control file monitors and triggers an interception action to intercept the information sent by the authority so as to ensure that the actual running behavior of the application program does not exceed the authority policy range specified by the server and achieve the goal of security management and control.
S3: and the server generates and pushes a second policy configuration file to the security management and control file of the application program based on the authority information and the running condition of the application program fed back by the security management and control file.
And under the condition that the security control file correspondingly controls the authority of the application program based on the first policy configuration file, the security control file feeds back the authority which is not shown in the authority policy list to the server, namely feeds back the authority which is not in the control range. The safety control file feeds back the authority information of the application program in the control range, the authority information of the application program not in the control range and the operation condition of the authority to the server. And the server adjusts the authority policy list of the pushed first policy configuration file based on the authority information and the operating condition of the application program fed back by the security management and control file, and adds new authority, thereby generating a second policy configuration file containing an updated authority policy list. And the server pushes the second policy configuration file to a security management and control file of the corresponding application program.
According to a preferred embodiment, the server adjusts the first policy configuration file to the second policy configuration file based on the information of the permission to be managed of the application program marked and fed back by the security management file. The security management and control file limits the authority of the application program based on the authority policy list of the second policy configuration file.
Preferably, in the process of feeding back the authority information to the server, the security management and control file marks the authority information to be managed and then sends the authority information to the server. And the server adjusts the authority policy list of the first policy configuration file according to the authority information to be controlled, which is marked and fed back by the security control file, and adds new authority, so that a second policy configuration file containing an updated authority policy list is generated and pushed to the corresponding security control file. For example, the newly added authority of the second policy profile is set to be prohibited. The security management and control file correspondingly limits and manages and controls the authority of the application program item by item based on the list items of the authority policy list of the second policy configuration file. Or when the application program tries to run the authority displayed in the authority policy list, the security management and control file monitors and triggers an interception action to intercept the information sent by the authority so as to ensure that the actual running behavior of the application program does not exceed the authority policy range specified by the server and achieve the goal of security management and control.
According to a preferred embodiment, the security management and control file adjusts the permission policy list of the second policy configuration file based on the operation barrier of the application program so as to generate a third policy configuration file, and the security management and control file marks the third policy configuration file and version information of the application program corresponding to the third policy configuration file and pushes the third policy configuration file and the version information of the application program to the server for storage.
After the security management and control file performs authority management and control according to the second policy configuration file, operation obstacles of the application program may be caused. Since some of the permissions are the ones that are necessary to start up the application while it is running. And the security management and control file adjusts the newly added management and control authorities in the authority strategy list of the second strategy configuration file one by one, and changes the limitation of the authorities until the application program can normally run. The security management and control file monitors the newly started authority and the information sent by the newly started authority and sends the newly started authority and the information to the server. And generating the second policy configuration file with the adjusted authority policy list into a third policy configuration file. The security management and control file adds a mark to the third policy configuration file and pushes the third policy configuration file and the version information of the corresponding application program to the server. And the server stores the marked third policy configuration file and the version information of the corresponding application program. When the security management and control file is installed in the application program with the same version information again, the server directly pushes a third policy configuration file with a mark to the security management and control file according to the version information of the application program fed back by the security management and control file. According to the invention, the control range of the application program can be enhanced by adjusting the policy configuration file. The management of the authority cannot be omitted due to the preset control range, and the running of the application program cannot be influenced due to the control authority, so that running obstacles are generated.
According to a preferred embodiment, the server selects a first policy configuration file, a second policy configuration file or a third policy configuration file matched with the version information of the application program fed back by the security management and control file according to the version information of the application program fed back by the security management and control file, and pushes the selected first policy configuration file, the second policy configuration file or the third policy configuration file to the security management and control file in the application program.
Different application programs are applicable to different authority control ranges. Some applications apply the first policy profile without adjustment. Some applications apply the adjusted second policy profile. Some applications apply the adjusted third policy profile. After the security management and control file is set into the application program, the security management and control file is triggered to be started based on the running of the application program. And sending the version information of the application program to the server after the safety control file is started. And if the version information of the application program and the record of the corresponding policy configuration file are stored in the server, sending the corresponding first policy configuration file, second policy configuration file or third policy configuration file to the security management and control file. And if the version information of the application program fed back by the server to the security management and control file is not recorded, sending a first policy configuration file with a pervasive range to the server.
According to a preferred embodiment, the server pushes update information to the security management and control file according to the authority information of the failed management and control fed back by the security management and control file and the version information of the corresponding application program, so as to update the security management and control file.
The security management and control file can be suitable for universal versions of various application programs. However, due to the diversity of the application programs, some application programs may be subjected to code obfuscation or encryption protection, and the code directly set in the security management and control file may cause a result of management and control failure. That is, the authority in the application program does not accept the control and limitation of the security control file. Therefore, the security management and control file feeds back the version information of the application program and the authority management and control condition to the server. And modifying and perfecting the safety control file by a research and development service team of the safety control file according to the version information of the application program recorded by the server and the authority control condition so as to achieve better compatibility and universality. The modified application may be fully compatible and applicable over a period of time.
According to a preferred embodiment, the security management and control file calculates and judges the number of times and time of starting the restriction right in the operation of the application program based on the policy requirement of the first policy configuration file or the second policy configuration file, and intercepts the restriction information sent by the restriction right. And the safety management and control file recalculates and judges the starting times and time of the limit authority in the operation of the application program based on the operation obstacle of the application program, so that a third strategy configuration file is generated, and the recalculated and judged starting times and time of the limit authority and the limit information are pushed to the server for storage.
Preferably, the security management and control file can determine the specific behavior of the malicious behavior in the application program. For example: the first policy profile or the second policy profile pushed by the server specifies: the mobile office application program cannot use the permission of acquiring the microphone recording, and the geographical position is acquired for no more than 1 time every day so as to prevent the range information from being leaked. When the application program runs, once the microphone is tried to be started, the safety control file monitors the behavior and immediately blocks the behavior. And the application program triggers the judgment and recording of the safety control file every time when acquiring the geographical position, and the recording, reporting and blocking operation are carried out when the triggering is carried out for more than 1 time in the time period of 00: 00-24: 00. If the authority regulation of the first policy configuration file hinders the operation of the application program and generates operation obstacles, the security management and control file adjusts an authority policy list in the policy configuration file to generate a third policy configuration file, and the starting times and time of the limit authority in the operation of the application program are calculated and judged again. Or, the security management and control file recalculates and judges the starting times and time of the limit authority which does not affect the operation of the application program based on the operation obstacle of the application program, so as to adjust the authority policy list in the policy configuration file and generate a third policy configuration file. And the safety control file pushes the starting times and time of the limit authority obtained by recalculation and judgment and the limit information to the server for storage.
According to a preferred embodiment, the security management and control file determines the restriction permission by comparing the permission information listed in the permission policy list in the policy configuration file with the permission information applied by the application program. The management and control instruction of the security management and control file is triggered based on the starting of the limit authority so as to prevent the starting of the limit authority and/or intercept the limit information sent by the limit authority.
For example, the authority policy list of the policy configuration file specifies that the authority to read the short message is prohibited. And the application program runs or applies for the permission of reading the short message in the running process. The security management and control file determines that the permission for reading the short message is a limit permission and should be prohibited by comparing the prohibition information of the permission for reading the short message listed in the permission policy list in the policy configuration file with the application permission for reading the short message. And triggering a control instruction of the security control file when the authority of the application program for reading the short message runs. The control instruction of the safety control file is triggered based on the starting of the permission of reading the short message, so that the starting of the permission of reading the short message is prevented and/or the information sent by the application program after reading the short message is intercepted.
According to a preferred embodiment, in the case that the security management and control file loses signal connection with the server, the security management and control file adds the to-be-managed authority information of the application program, which is not recorded in the authority policy list of the first policy configuration file, to the authority policy list and sets the to-be-managed authority information to a disabled state, so as to generate the second policy configuration file. The security management and control file adjusts the permission policy list of the second policy configuration file based on the operation barrier of the application program so as to generate a third policy configuration file.
After the security management and control file is set in the application program, the application program with the management and control function can be released and used independently from the association of the server. Under the condition that the safety control file is not in signal connection with the server, the safety control file does not need information pushed by the server and controls the application program. The security management and control file is provided with a default policy configuration file. The security management and control file can still manage and control the authority behaviors and the malicious behaviors of the application program according to the default policy configuration file.
And if the security control file finds that the application program has the authority information to be controlled, which is not recorded in the authority policy list of the first policy configuration file, adding the authority information to be controlled to the authority control list and setting the authority control list to be in a forbidden state, so as to generate the second policy configuration file. Applications create operational barriers because some of the necessary permissions are prohibited. And the security management and control file adjusts the authority policy list of the second policy configuration file based on the operation obstacle of the application program, and adjusts the newly added limit authority influencing the operation of the application program into an allowable state, so that the application program can normally operate. And generating a third policy configuration file by the adjusted second policy configuration file.
Example 2
This embodiment is a further improvement and description of embodiment 1, and repeated contents are not described again.
As shown in fig. 2, the present embodiment provides a system for securely managing and controlling software permissions and behaviors, which includes a server 10, a placing module 20, a compiling module 30, and a security management and control file 40.
Preferably, the first policy profile is formed by manual writing and repeated testing, rather than automatically generated by software or a system. The first policy file is stored in a server or configured in a security management file.
According to a preferred embodiment, the security management file is integrated into the placement module 20 before being installed into the application.
And the server stores codes of a security management and control file and pushes a policy configuration file based on feedback information of the security management and control file.
Preferably, the placement module 20 and the compiling module 30 are arranged on a remote server or a smart terminal which is wirelessly connected with the application program. Accordingly, the code of the security administration file is stored in the server 10 or in the mount module 20. The placement module 20 specifies the objects and time between placements by the user.
The intelligent terminal comprises a desktop computer, a notebook computer, an intelligent mobile phone, an intelligent bracelet, intelligent glasses and the like.
In general, a user cannot touch a code of a security management and control file, the user starts the compiling module 30 and the placing module 20 at the intelligent terminal through the wireless connection server 10, the compiling module 30 decodes a specified application program, and the placing module 20 sets the security management and control file for the specified application program. Finally, the compiling module 30 forwards compiles the application program provided with the security management and control file into an application program having a function of managing and controlling the authority of the application program.
And the user is connected with the server through the application program of the intelligent terminal and instructs to install the safety control file on the appointed application program. The server responds to the indication of the intelligent terminal and starts the compiling module 30. The compiling module 30 disassembles, reversely assembles and/or reversely compiles the application program to obtain a program code. After the compiling module 30 completes decoding of the application program, it sends a completion message to the component placement module 20. The setup module 20 starts to set the code of the security management and control file 40 to the program code of the application program in response to the information of the compiling module 20. After the setting module 20 sets the safety control file 40, a forward compiling instruction or information is sent to the compiling module 20. The compiling module 20 carries out forward compiling on the application program provided with the program code of the security management and control file.
Specifically, the operation of the system for securely managing software permissions and behaviors of the present invention is described below.
S1: the install module 20 sets a security management and control file for managing the authority of the application program based on the policy configuration file in the form of a code at an initial position where the application program in the form of program code runs.
Preferably, the step of setting, by the widget module 20, a security management and control file for managing and controlling the authority of the application based on the policy configuration file in the form of a code at an initial location where the application in the form of program code runs includes:
s11: the compiling module 30 disassembles, reversely compiles and/or reversely compiles the application program to be managed and controlled into program codes;
s12: the setting module 20 sets the code of the security management and control file at an initial position or an initialization node position running in a program code;
s13: the compiling module 30 forward compiles the program code provided with the security management and control file into an application program managed by the security management and control file.
The compiling module 30 disassembles the application program to be managed into program codes. Or the compiling module 30 inversely compiles or inversely compiles the application program to be managed into program code in the form of SMALI or JAVA.
The setting module 20 finds the starting position of the program running in the program code of the application program, and sets the code of the security management and control file at the starting position of the program running or the position of the initialization node.
After the setting of the security control file is completed, the compiling module 30 performs forward compilation or forward compiling on the changed and set application program again to form an application program with a security control function, which can be normally installed and operated, for issuing in a specific range.
S2: the security management and control file triggered based on the running of the application program limits the authority of the application program according to a first policy configuration file pushed by a server.
The security management file 40 triggers execution based on the execution of the application program. When the security management and control file 40 runs, policy profile request information is sent to the server 10, and the server 10 responds to the request of the security management and control file 40 and pushes the latest first policy profile to the security management and control file 40. The first policy profile contains a list of permission policies. The authority policy list displays partial forbidding authority and permission of enabling so as to ensure the information security of the application program. The security management and control file 40 correspondingly limits and manages the authority of the application program item by item according to the list items of the authority policy list of the first policy configuration file. Or when the application program tries to run the authority displayed in the authority policy list, the security management and control file monitors and triggers an interception action to intercept the information sent by the authority so as to ensure that the actual running behavior of the application program does not exceed the authority policy range specified by the server and achieve the goal of security management and control.
S3: and the server generates and pushes a second policy configuration file to the security management and control file of the application program based on the authority information and the operating condition of the application program fed back by the security management and control file.
And under the condition that the security control file correspondingly controls the authority of the application program based on the first policy configuration file, the security control file feeds back the authority which is not shown in the authority policy list to the server, namely feeds back the authority which is not in the control range. The safety control file feeds back the authority information of the application program in the control range, the authority information of the application program not in the control range and the operation condition of the authority to the server. And the server adjusts the authority policy list of the pushed first policy configuration file based on the authority information and the operating condition of the application program fed back by the security management and control file, and adds new authority, thereby generating a second policy configuration file containing an updated authority policy list. And the server pushes the second policy configuration file to a security management and control file of the corresponding application program.
According to a preferred embodiment, the server adjusts the first policy configuration file to the second policy configuration file based on the information of the permission to be managed of the application program marked and fed back by the security management file. The security management and control file limits the authority of the application program based on the authority policy list of the second policy configuration file.
According to a preferred embodiment, the security management and control file adjusts the permission policy list of the second policy configuration file based on the operation barrier of the application program so as to generate a third policy configuration file, and the security management and control file marks the third policy configuration file and version information of the application program corresponding to the third policy configuration file and pushes the third policy configuration file and the version information of the application program to the server for storage.
After the security management and control file performs authority management and control according to the second policy configuration file, operation obstacles of the application program may be caused. And the security management and control file adjusts the newly added management and control authorities in the authority strategy list of the second strategy configuration file one by one, and changes the limitation of the authorities until the application program can normally run. The security management and control file monitors the newly started authority and the information sent by the newly started authority and sends the newly started authority and the information to the server, and generates a second policy configuration file with the adjusted authority policy list into a third policy configuration file. The security management and control file adds a mark to the third policy configuration file and pushes the third policy configuration file and the version information of the corresponding application program to the server. And the server stores the marked third policy configuration file and the version information of the corresponding application program.
According to a preferred embodiment, the server selects a first policy configuration file, a second policy configuration file or a third policy configuration file matched with the version information of the application program fed back by the security management and control file according to the version information of the application program fed back by the security management and control file, and pushes the selected first policy configuration file, the second policy configuration file or the third policy configuration file to the security management and control file in the application program.
After the security management and control file is set into the application program, the security management and control file is triggered to be started based on the running of the application program. And sending the version information of the application program to the server after the safety control file is started. And if the version information of the application program and the record of the final corresponding policy configuration file are stored in the server, sending the corresponding first policy configuration file, second policy configuration file or third policy configuration file to the security management and control file. And if the version information of the application program fed back by the server to the security management and control file is not recorded, sending a first policy configuration file with a pervasive range to the server.
According to a preferred embodiment, the server pushes update information to the security management and control file according to the authority information of the failed management and control fed back by the security management and control file and the version information of the corresponding application program, so as to update the security management and control file.
And the safety control file feeds back the version information of the application program and the condition of failure of authority control to the server. And modifying and perfecting the safety control file according to the version information of the application program and the authority control condition recorded by the server by a research and development team of the safety control system so as to achieve better compatibility and universality. The modified application may be fully compatible and applicable over a period of time. The research and development team of the security management and control system sets the updated security management and control file in the server 10 or the component placement module 20. The install module 20 sets the latest security management and control file to the application after the update.
According to a preferred embodiment, the security management and control file calculates and judges the number of times and time of starting the restriction right in the operation of the application program based on the policy requirement of the first policy configuration file or the second policy configuration file, and intercepts the restriction information sent by the restriction right. And the safety management and control file recalculates and judges the starting times and time of the limit authority in the operation of the application program based on the operation obstacle of the application program, so that a third strategy configuration file is generated, and the recalculated and judged starting times and time of the limit authority and the limit information are pushed to the server for storage.
According to a preferred embodiment, the security management and control file determines the restriction permission by comparing the permission information listed in the permission policy list in the policy configuration file with the permission information applied by the application program. The management and control instruction of the security management and control file is triggered based on the starting of the limit authority so as to prevent the starting of the limit authority and/or intercept the limit information sent by the limit authority.
According to a preferred embodiment, in the case that the security management and control file loses signal connection with the server, the security management and control file adds the to-be-managed authority information of the application program, which is not recorded in the authority policy list of the first policy configuration file, to the authority policy list and sets the to-be-managed authority information to a disabled state, so as to generate the second policy configuration file. The security management and control file adjusts the permission policy list of the second policy configuration file based on the operation barrier of the application program so as to generate a third policy configuration file.
After the security management and control file is set in the application program, the application program with the management and control function can be released and used independently from the association of the server. Under the condition that the safety control file is not in signal connection with the server, the safety control file does not need information pushed by the server and controls the application program. The security management and control file is provided with a default policy configuration file. The security management and control file can still manage and control the authority behaviors and the malicious behaviors of the application program according to the default policy configuration file.
And if the security control file finds that the application program has the authority information to be controlled, which is not recorded in the authority policy list of the first policy configuration file, adding the authority information to be controlled to the authority control list and setting the authority control list to be in a forbidden state, so as to generate the second policy configuration file. Applications create operational barriers because some of the necessary permissions are prohibited. And the security management and control file adjusts the authority policy list of the second policy configuration file based on the operation obstacle of the application program, and adjusts the newly added limit authority influencing the operation of the application program into an allowable state, so that the application program can normally operate. And generating a third policy configuration file by the adjusted second policy configuration file.
Compared with a program which is managed by a security system, the system has the advantage that the application program is free from the defect of setting the authority by the security program. The application program processed by the system can actively control all permission requests of the application program without influencing the operation of the application program. The system does not need the user to actively manage the authority and the behavior of the application software, so that the user can operate the application program more conveniently and simply.
It should be noted that the above-mentioned embodiments are exemplary, and that those skilled in the art, having benefit of the present disclosure, may devise various arrangements that are within the scope of the present disclosure and that fall within the scope of the invention. It should be understood by those skilled in the art that the present specification and figures are illustrative only and are not limiting upon the claims. The scope of the invention is defined by the claims and their equivalents.
Claims (10)
1. A policy setting system based on authority control is characterized in that the system at least comprises a server and a security control file,
the security management and control file arranged at the initial running position of the application program limits the authority of the application program according to the first policy configuration file pushed by the server, wherein,
and the security control file triggers the operation based on the operation of the application program, and correspondingly limits and controls the authority of the application program item by item according to the list items of the authority policy list of the first policy configuration file.
2. The system for setting policies based on authority management and control according to claim 1, wherein the security management and control file is set in the form of code at an initial position where an application program in the form of program code runs.
3. The privilege management based policy setting system as claimed in claim 2,
after the code of the safety control file is set at the initial position or the initial node position of the program operation, the operation mechanism of the application program is changed,
and when the application program runs to the initial position or the position of the initialization node, executing the code of the security control file, and returning to continue executing the subsequent encoding program of the application program after the code of the security control file is executed.
4. The privilege management based policy setting system according to claim 3,
the security management and control file feeds back the authority which is not listed in the authority policy list to the server,
and the server adjusts the authority policy list of the pushed first policy configuration file based on the authority information and the operating condition of the application program fed back by the security management and control file, and adds a new authority, so that a second policy configuration file containing an updated authority policy list is generated and fed back to the security management and control file.
5. The system for setting policies based on authority management and control according to any one of claims 1 to 4, wherein the security management and control file calculates and judges the number of times and time of starting the limit authority during the operation of the application program based on the policy requirements of the first policy configuration file or the second policy configuration file, and intercepts the limit information sent by the limit authority;
and the safety management and control file recalculates and judges the starting times and time of the limit authority in the operation of the application program based on the operation obstacle of the application program, so that a third strategy configuration file is generated, and the recalculated and judged starting times and time of the limit authority and the limit information are pushed to the server for storage.
6. The method for setting the policy of the policy setting system based on the authority management and control according to any one of claims 1 to 5, wherein the method comprises the following steps:
the security management and control file arranged at the initial running position of the application program limits the authority of the application program according to the first policy configuration file pushed by the server, wherein,
and the security control file triggers the operation based on the operation of the application program, and correspondingly limits and controls the authority of the application program item by item according to the list items of the authority policy list of the first policy configuration file.
7. An adaptation system of an application program is characterized by at least comprising a server, a setting module and a compiling module,
the compiling module disassembles, reversely assembles and/or reversely compiles the application program to be managed into program codes,
the install-in module sets a security management and control file for managing and controlling the authority of the application program based on the policy configuration file in the form of code at the initial position of the running of the application program in the form of program code,
the security management and control file triggered based on the running of the application program limits the authority of the application program according to the first policy configuration file, the second policy configuration file or the third policy configuration file pushed by the server.
8. An adaptation system of an application program according to claim 7, wherein after the code of the security management and control file is set at the start position or the initialization node position of the program operation, the operation mechanism of the application program is changed,
and when the application program runs to the initial position or the position of the initialization node, executing the code of the security control file, and returning to continue executing the subsequent encoding program of the application program after the code of the security control file is executed.
9. An adaptation terminal for an application program, comprising at least a placement module and a compilation module,
the compiling module disassembles, reversely assembles and/or reversely compiles the application program to be managed into program codes,
the setting module sets a security management and control file for managing and controlling the authority of the application program based on the policy configuration file at an initial running position of the application program in a program code form in a code form.
10. Adapted terminal for applications according to claim 9, wherein said terminal is connected to a server,
the security management and control file triggered based on the running of the application program limits the authority of the application program according to the first policy configuration file, the second policy configuration file or the third policy configuration file pushed by the server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110747098.7A CN113360856A (en) | 2016-12-01 | 2016-12-01 | Policy setting system and method based on authority control |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110747098.7A CN113360856A (en) | 2016-12-01 | 2016-12-01 | Policy setting system and method based on authority control |
| CN201611095114.4A CN106778089B (en) | 2016-12-01 | 2016-12-01 | System and method for safely managing and controlling software authority and behavior |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611095114.4A Division CN106778089B (en) | 2016-12-01 | 2016-12-01 | System and method for safely managing and controlling software authority and behavior |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113360856A true CN113360856A (en) | 2021-09-07 |
Family
ID=58882839
Family Applications (3)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611095114.4A Active CN106778089B (en) | 2016-12-01 | 2016-12-01 | System and method for safely managing and controlling software authority and behavior |
| CN202110747098.7A Pending CN113360856A (en) | 2016-12-01 | 2016-12-01 | Policy setting system and method based on authority control |
| CN202110759334.7A Pending CN113378121A (en) | 2016-12-01 | 2016-12-01 | System and method for adjusting application program permission based on assembly |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611095114.4A Active CN106778089B (en) | 2016-12-01 | 2016-12-01 | System and method for safely managing and controlling software authority and behavior |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110759334.7A Pending CN113378121A (en) | 2016-12-01 | 2016-12-01 | System and method for adjusting application program permission based on assembly |
Country Status (1)
| Country | Link |
|---|---|
| CN (3) | CN106778089B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107608660B (en) * | 2017-08-31 | 2021-07-06 | 科大讯飞股份有限公司 | Shared skill application method and system |
| CN107832590A (en) * | 2017-11-06 | 2018-03-23 | 珠海市魅族科技有限公司 | Terminal control method and device, terminal and computer-readable recording medium |
| CN108427886B (en) * | 2018-01-25 | 2020-06-02 | 上海掌门科技有限公司 | Method, system, device and readable medium for setting access authority of application program |
| CN108513300A (en) * | 2018-07-11 | 2018-09-07 | 北京奇安信科技有限公司 | A kind of processing method and terminal of management and control wifi connections |
| CN111353132A (en) * | 2018-12-20 | 2020-06-30 | 中移(杭州)信息技术有限公司 | Method and device for limiting use of application program |
| CN110222480A (en) * | 2019-06-13 | 2019-09-10 | 红鼎互联(广州)信息科技有限公司 | The system and method that a kind of pair of software permission and behavior carry out security management and control |
| CN111488569B (en) * | 2020-04-09 | 2022-12-27 | 支付宝(杭州)信息技术有限公司 | Authority determining and managing method, device, equipment and medium |
| CN112181476A (en) * | 2020-08-31 | 2021-01-05 | 北京达佳互联信息技术有限公司 | Application program control method, device, server and storage medium |
| CN114710312B (en) * | 2022-02-16 | 2023-12-19 | 大连九锁网络有限公司 | Mobile phone application program safety control method based on smart watch authorization |
Family Cites Families (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7392246B2 (en) * | 2003-02-14 | 2008-06-24 | International Business Machines Corporation | Method for implementing access control for queries to a content management system |
| CN101359355B (en) * | 2007-08-02 | 2010-07-14 | 芯微技术(深圳)有限公司 | Method for raising user's authority for limitation account under Windows system |
| CN103473232B (en) * | 2012-06-06 | 2018-02-13 | 北京三星通信技术研究有限公司 | The autonomous management devices and methods therefor of application program |
| TWI499932B (en) * | 2013-07-17 | 2015-09-11 | Ind Tech Res Inst | Method for application management, corresponding system, and user device |
| CN103839000B (en) * | 2014-02-21 | 2017-04-26 | 北京奇付通科技有限公司 | Application program installation method and device based on intelligent terminal equipment |
| CN103761472B (en) * | 2014-02-21 | 2017-05-24 | 北京奇虎科技有限公司 | Application program accessing method and device based on intelligent terminal |
| CN103761471A (en) * | 2014-02-21 | 2014-04-30 | 北京奇虎科技有限公司 | Application program installation method and device based on intelligent terminal |
| CN103927476B (en) * | 2014-05-07 | 2017-09-15 | 上海联彤网络通讯技术有限公司 | Realize the intelligence system and method for application program rights management |
| CN104102880B (en) * | 2014-06-30 | 2016-10-05 | 华中科技大学 | A kind of application program rewrite method detecting the attack of Android privilege-escalation and system |
| CN104239764B (en) * | 2014-10-15 | 2017-07-07 | 北京奇虎科技有限公司 | The management-control method and device of terminal device and its systemic-function |
| CN104408366B (en) * | 2014-11-26 | 2017-11-21 | 清华大学 | Android application program authority usage behavior tracking based on Program instrumentation |
| CN104484599B (en) * | 2014-12-16 | 2017-12-12 | 北京奇虎科技有限公司 | A kind of behavior treating method and apparatus based on application program |
| CN105491523A (en) * | 2015-12-08 | 2016-04-13 | 小米科技有限责任公司 | Method and device for acquiring position information |
-
2016
- 2016-12-01 CN CN201611095114.4A patent/CN106778089B/en active Active
- 2016-12-01 CN CN202110747098.7A patent/CN113360856A/en active Pending
- 2016-12-01 CN CN202110759334.7A patent/CN113378121A/en active Pending
Also Published As
| Publication number | Publication date |
|---|---|
| CN106778089A (en) | 2017-05-31 |
| CN106778089B (en) | 2021-07-13 |
| CN113378121A (en) | 2021-09-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106778089B (en) | System and method for safely managing and controlling software authority and behavior | |
| CN103839000B (en) | Application program installation method and device based on intelligent terminal equipment | |
| US9165139B2 (en) | System and method for creating secure applications | |
| US8955142B2 (en) | Secure execution of unsecured apps on a device | |
| US9787718B2 (en) | Policy-based runtime control of a software application | |
| US8812868B2 (en) | Secure execution of unsecured apps on a device | |
| Stevens et al. | Asking for (and about) permissions used by android apps | |
| US8549656B2 (en) | Securing and managing apps on a device | |
| US20170346824A1 (en) | Methods and systems for mobile device risk management | |
| US20140282829A1 (en) | Incremental compliance remediation | |
| US9967284B2 (en) | Processing device and method of operation thereof | |
| WO2015124017A1 (en) | Method and apparatus for application installation based on intelligent terminal device | |
| KR20100106535A (en) | Method and apparatus for managing policies for time-based licenses on mobile devices | |
| WO2012109512A1 (en) | Systems and methods for regulating access to resources at application run time | |
| CN103761472A (en) | Application program accessing method and device based on intelligent terminal | |
| CN106557669A (en) | A kind of authority control method and device of application program installation process | |
| US20150358357A1 (en) | Processing device and method of operation thereof | |
| US20160055344A1 (en) | Data loss prevention during app execution using e-mail enforcement on a mobile device | |
| US20050204127A1 (en) | Mobile wireless device with protected file system | |
| CN104462997A (en) | Method, device and system for protecting work data in mobile terminal | |
| CN106557687A (en) | A kind of authority control method and device of application program installation process | |
| Kern et al. | Permission tracking in Android | |
| US9672353B2 (en) | Securing and managing apps on a device using policy gates | |
| CN111095206B (en) | Method for verifying medical application program, end user device and medical system | |
| US20210409454A1 (en) | Dynamic application-level compliance enforcement |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |