CN113779562A - Zero trust based computer virus protection method, device, equipment and medium - Google Patents
Zero trust based computer virus protection method, device, equipment and medium Download PDFInfo
- Publication number
- CN113779562A CN113779562A CN202111106071.6A CN202111106071A CN113779562A CN 113779562 A CN113779562 A CN 113779562A CN 202111106071 A CN202111106071 A CN 202111106071A CN 113779562 A CN113779562 A CN 113779562A
- Authority
- CN
- China
- Prior art keywords
- application program
- zero
- trust
- user terminal
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 241000700605 Viruses Species 0.000 title claims abstract description 86
- 238000000034 method Methods 0.000 title claims abstract description 72
- 230000002155 anti-virotic effect Effects 0.000 claims abstract description 29
- 238000009434 installation Methods 0.000 claims description 100
- 238000011156 evaluation Methods 0.000 claims description 28
- 244000035744 Hura crepitans Species 0.000 claims description 19
- 238000004088 simulation Methods 0.000 claims description 17
- 238000004590 computer program Methods 0.000 claims description 6
- 230000004044 response Effects 0.000 claims description 6
- 230000008569 process Effects 0.000 abstract description 13
- 239000002699 waste material Substances 0.000 abstract description 7
- 230000005540 biological transmission Effects 0.000 description 10
- 230000006870 function Effects 0.000 description 9
- 230000001419 dependent effect Effects 0.000 description 7
- 230000001960 triggered effect Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 4
- 238000001514 detection method Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000005457 optimization Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 2
- 230000009545 invasion Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
Abstract
The embodiment of the application discloses a zero trust-based computer virus protection method, a device, equipment and a medium, which are applied to a user terminal provided with a zero trust application program, wherein the method comprises the following steps: responding to the running operation of a target application program in the user terminal, and acquiring an application program white list in the user terminal determined based on the zero-trust application program; if the application program white list comprises the target application program, operating the target application program; by the technical scheme, under the condition that the normal operation of the terminal system is not influenced, the computing resource waste caused by the antivirus process is effectively reduced, and the virus protection capability of the terminal system is considered.
Description
Technical Field
The embodiment of the application relates to the technical field of networks, in particular to a computer virus protection method, device, equipment and medium based on zero trust.
Background
A computer virus is a set of instructions or program code that an author inserts into a computer program, that destroys computer system functions or data, that affects the use of the computer system, and that replicates itself. Computer viruses have great harm to operating systems, and in recent years, the computer viruses have gradually developed to become one of important factors for destroying computer networks and data.
With the increasing influence of computer viruses, a plurality of security protection means based on virus searching and killing also come into play, and a plurality of means such as virus killing software, virus prevention network management, port closing and the like are comprehensively managed, so that extra calculation burden is brought to the originally scarce computing power of the computer. For example, a computer is typically in an extremely stuck state when performing virus kills. In addition, for some sub-terminal computers (such as automatic teller machines of banks, police law enforcement terminals, industrial control systems, etc.) which are engaged in single work and are long in the years, the method for installing and deploying antivirus software is less feasible because the system is subjected to standard customization processing.
Therefore, there is a need for improvement in view of the problems in the prior art.
Disclosure of Invention
The application provides a computer virus protection method, a device, equipment and a medium based on zero trust, so that the virus protection capability of a computer system is considered under the condition of avoiding influencing the normal operation of the computer system.
In a first aspect, an embodiment of the present application provides a zero trust based computer virus protection method, which is applied to a user terminal installed with a zero trust application program, and the method includes:
responding to the running operation of a target application program in the user terminal, and acquiring an application program white list in the user terminal determined based on the zero-trust application program;
and if the white list of the application program comprises the target application program, operating the target application program.
In a second aspect, an embodiment of the present application provides a zero trust-based computer virus protection method, which is applied to a zero trust server, and includes:
performing security evaluation on at least one candidate application program based on a preset antivirus application program;
adding the candidate application program which runs safely into the white list application store according to the evaluation result;
acquiring standard zero trust safety information of each application program in the white list application store based on a sandbox simulation tool;
and sending the standard zero trust safety information to a user terminal provided with a zero trust application program, so that the user terminal generates an application program white list according to the standard zero trust safety information.
In a third aspect, an embodiment of the present application provides a zero-trust-based computer virus protection device configured in a user terminal installed with a zero-trust application, where the device includes:
a white list acquisition module, configured to, in response to an operation on a target application in the user terminal, acquire an application white list in the user terminal determined based on the zero-trust application;
and the program control operation module is used for operating the target application program if the white list of the application program comprises the target application program.
In a fourth aspect, an embodiment of the present application provides a zero-trust-based computer virus protection apparatus, configured in a zero-trust server, including:
the safety evaluation module is used for carrying out safety evaluation on at least one candidate application program based on a preset antivirus application program;
the white list determining module is used for adding the candidate application program which runs safely into a white list application store according to the evaluation result;
the sandbox simulation module is used for acquiring standard zero trust safety information of each application program in the white list application store based on a sandbox simulation tool;
and the safety criterion sending module is used for sending the standard zero trust safety information to a user terminal provided with a zero trust application program so that the user terminal generates an application program white list according to the standard zero trust safety information.
In a fifth aspect, an embodiment of the present application further provides an electronic device, where the electronic device includes:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement any one of the zero trust based computer virus protection methods as provided in embodiments of the first or second aspects.
In a sixth aspect, this embodiment of the present application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements any one of the zero trust-based computer virus protection methods as provided in the first aspect or the second aspect.
The method and the device are applied to a user terminal provided with a zero trust application program, and the user terminal responds to the operation of a target application program in the user terminal to obtain an application program white list in the user terminal determined based on the zero trust application program; and if the white list of the application program comprises the target application program, operating the target application program. By the technical scheme, the user terminal provided with the zero trust application program can realize the control operation of the application program to be operated in the terminal system and stop the operation of all non-trust application programs based on the application program white list in the user terminal determined by the zero trust application program, so that the introduction of virus programs is stopped from the source, the waste of computing resources caused by the virus killing process is effectively reduced under the condition that the normal operation of a computer is not influenced, and the virus protection capability of the terminal system is considered.
Drawings
FIG. 1 is a flowchart of a zero trust-based computer virus protection method according to an embodiment of the present disclosure;
fig. 2 is a flowchart of a zero trust based computer virus protection method according to a second embodiment of the present application;
fig. 3 is a flowchart of a zero trust-based computer virus protection method according to a third embodiment of the present application;
fig. 4 is a flowchart of a zero trust based computer virus protection method according to a fourth embodiment of the present application;
fig. 5 is a flowchart of a zero trust based computer virus protection method according to a fifth embodiment of the present application;
FIG. 6 is a schematic diagram of a zero trust based computer virus protection apparatus according to a sixth embodiment of the present application;
FIG. 7 is a schematic diagram of a zero trust based computer virus protection apparatus according to a seventh embodiment of the present application;
fig. 8 is a schematic view of an electronic device according to an eighth embodiment of the present application.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the application and are not limiting of the application. It should be further noted that, for the convenience of description, only some of the structures related to the present application are shown in the drawings, not all of the structures.
Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the steps as a sequential process, many of the steps can be performed in parallel, concurrently or simultaneously. In addition, the order of the steps may be rearranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.
Example one
Fig. 1 is a flowchart of a zero trust-based computer virus protection method according to an embodiment of the present disclosure. The method and the device for controlling the application program running in the user terminal can be suitable for controlling the application program running in the user terminal. The method can be executed by a zero trust-based computer virus protection device, which is configured in a user terminal provided with a zero trust application program, can be realized by software and/or hardware, and is specifically configured in an electronic device, wherein the electronic device can be a mobile terminal or a fixed terminal.
Referring to fig. 1, the zero trust based computer virus protection method provided in the embodiment of the present application is applied to a user terminal installed with a zero trust application, and includes:
s110, responding to the operation of the target application program in the user terminal, and acquiring an application program white list in the user terminal determined based on the zero-trust application program.
The target application refers to an application to be run in the user terminal, and the application to be run may be an application to be started in the user terminal.
The application white list means that the applications in the application white list are confirmed to be harmless or non-virus applications, that is, the applications in the application white list are safe.
The zero-trust application program is an application program with a specific function, and can determine an application program white list in the user terminal and store the application program white list.
Alternatively, the zero-trust application may be installed in the user terminal to which the user belongs based on an installation operation of the zero-trust application by the user.
Or alternatively, when the system is installed at the user terminal, the zero trust application program is actively installed.
In this embodiment, the user terminal may be a mobile phone, a desktop computer, a tablet computer, a sub-terminal computer (such as an automatic teller machine of a bank, a civil police law enforcement terminal, an industrial control system, and the like), and various application programs, including office application programs, business application programs, life application programs, entertainment application programs, and the like, may be installed in the user terminal.
It can be understood that the user terminals are divided according to the service types, and different types of user terminals can be installed with different application programs.
In this embodiment, the user terminal installed with the zero-trust application program may respond to the operation of the target application program in the user terminal, and may implement the control operation of the target application program based on the application program white list by acquiring the application program white list in the user terminal determined based on the zero-trust application program.
And S120, if the application program white list comprises the target application program, operating the target application program.
Optionally, if the application white list does not include the target application, the running of the target application is prohibited, that is, all applications except the application white list are rejected from running on the user terminal.
The method and the device are applied to a user terminal provided with a zero trust application program, and the user terminal responds to the operation of a target application program in the user terminal to obtain an application program white list in the user terminal determined based on the zero trust application program; and if the white list of the application program comprises the target application program, operating the target application program. By the technical scheme, the user terminal provided with the zero trust application program can realize the control operation of the application program to be operated in the terminal system and stop the operation of all non-trust application programs based on the application program white list in the user terminal determined by the zero trust application program, so that the introduction of virus programs is stopped from the source, the waste of computing resources caused by the virus killing process is effectively reduced under the condition that the normal operation of a computer is not influenced, and the virus protection capability of the terminal system is considered.
Example two
Fig. 2 is a flowchart of a zero trust-based computer virus protection method according to a second embodiment of the present application, where the present embodiment is an optimization of the foregoing scheme based on the foregoing embodiment.
Further, adding operation "based on the zero trust application program, obtaining standard zero trust security information from the zero trust server; and responding to scanning operation in the zero trust application program by a user, acquiring current zero trust safety information of a local installed application program, performing information matching on the current zero trust safety information and the standard zero trust safety information, and generating an application program white list according to a matching result to clarify a determination process of the application program white list.
Wherein explanations of the same or corresponding terms as those of the above-described embodiments are omitted.
Referring to fig. 2, the method for protecting a computer virus based on zero trust provided in this embodiment includes:
s210, acquiring standard zero trust safety information from a zero trust server based on the zero trust application program.
The standard zero trust security information refers to program running characteristics included when a secure application (i.e., an application that is determined to be harmless) runs. The standard zero trust security information includes, but is not limited to, standard installation list information, standard installation file information, standard dependent service information, and standard open port information.
Specifically, the installation list information, that is, the installation directory information, refers to list information of a plurality of files that is presented after the application program is installed in the user terminal, and the installation list information includes upper and lower installation list information; the installation file information comprises information such as installation file names and installation file hash values; the dependent service information refers to a service program which is depended on when the application program runs, for example, the dependent service information has the authority of opening a user album; the open port information refers to a port number that the application program is made to run.
In this embodiment, the zero trust server refers to a remote server that can provide a specific service function, for example, the zero trust server may send standard zero trust security information stored remotely to a zero trust application program in a user terminal. The zero trust server may be connected to the zero trust application via a wired network or a wireless network.
Typically, the zero trust server may be a server, a server cluster composed of several servers, or a cloud computing service center.
Optionally, the obtaining standard zero trust security information from the zero trust server based on the zero trust application includes: responding to a data synchronization request sent by the zero trust server when standard zero trust security information changes, and receiving the latest standard zero trust security information sent by the zero trust server; or responding to a synchronous instruction triggered in the zero-trust application program, and sending a data acquisition request to the zero-trust server so as to acquire the latest standard zero-trust security information from the zero-trust server.
Specifically, the synchronization operation may be a synchronization instruction triggered in the zero-trust application after the zero-trust application is installed when the user terminal first installs the zero-trust application; alternatively, the synchronization operation may also be a user-triggered synchronization operation; alternatively, the synchronization operation may also be a synchronization operation triggered based on a timing mechanism set at the zero trust application.
The timing mechanism may be a default preset time interval or a preset time interval manually set by the user in the zero-trust application program, for example, the preset time interval may be one day, one week, and the like.
It can be understood that the updating synchronization of the standard zero trust security information is realized through the active synchronization operation based on the zero trust server or the active synchronization operation based on the zero trust application program, the accuracy of the standard zero trust security information is ensured, and the virus protection capability of the user terminal is enhanced.
In some embodiments, before the zero-trust application in the user terminal obtains the standard zero-trust security information from the zero-trust server, the user terminal may first determine locally installed application information in the user terminal, and send the locally installed application information to the zero-trust server based on the zero-trust application, so that the zero-trust server may send the standard zero-trust security information corresponding to the installed application.
It can be understood that, at this time, all standard zero trust security information stored in the zero trust server is not transmitted between the zero trust application program and the zero trust server, but part of standard zero trust security information corresponding to the installed application program is selected from all standard zero trust security information, and by acquiring the standard zero trust security information corresponding to the application program, the data transmission amount is reduced, and the data transmission efficiency is improved.
S220, responding to the scanning operation of the user based on the zero trust application program, and acquiring the current zero trust safety information of the local installed application program.
Wherein the current zero trust security information is a program running characteristic included when the locally installed application program runs.
In this embodiment, a scan button may be set in the zero-trust application, and when the scan button is triggered by a user, the scan of the locally installed application in the user terminal may be started to obtain the current zero-trust security information of the installed application in the user terminal.
For example, an application program a, an application program B and an application program C are installed in a user terminal, when a user triggers a scanning operation, zero trust security information of the application program a, zero trust security information of the application program B and zero trust security information of the application program C are obtained, and the zero trust security information of the application program a, the application program B and the application program C are taken as current zero trust security information together.
In some embodiments, current zero trust security information for a locally installed application may also be obtained in response to a timed scan operation in the zero trust application.
It can be understood that by setting a default timing scanning operation in the zero trust application program, the current zero trust security information in the user terminal is obtained regularly, and a data basis is provided for subsequently determining the white list of the application program.
And S230, performing information matching on the current zero trust safety information and the standard zero trust safety information, and generating an application program white list according to a matching result.
Specifically, for each locally installed application in the user terminal, the current installation list information, the current installation file information, the current dependent service information, and the current open port information in the current zero trust security information may be subjected to information matching one by one with the standard installation list information, the standard installation file information, the standard dependent service information, and the standard open port information corresponding to the application in the standard zero trust security rule, so as to obtain a matching result. According to the matching result, when the installation list information, the installation file information, the dependent service information and the open port information are successfully matched one by one, the current zero trust safety information and the standard zero trust safety information can be confirmed to be successfully matched.
In this embodiment, when the current zero trust security information is successfully matched with the standard zero trust security information, the application program corresponding to the current zero trust security information may be added to the application program white list.
Optionally, the application white list is updated according to a system application in the user terminal.
In this embodiment, it is considered that before the zero-trust application is installed in the user terminal, some secure system applications (such as a calculator, a calendar, a clock, and the like) and other applications of the terminal system may exist in the user terminal. Therefore, in order not to affect the normal use of the user terminal, after the application white list is generated, the user terminal may further automatically collect a local application white list formed by locally installed programs based on the zero-trust application, and update the application white list through the local application white list.
It can be understood that the application white list can be more complete by updating the application white list, and the application in the user terminal can be better protected.
Specifically, the updating the application white list according to the system application in the user terminal includes: taking the application program white list generated according to the matching result as a current application program white list; determining a white list of local application programs according to the system application programs in the user terminal; and merging the local application program white list and the current application program white list, and determining a merged final application program white list.
Specifically, a union set of the local application white list and the current application white list may be taken, and the merged application white list may be determined as a final application white list.
Optionally, the updating the application white list according to the system application in the user terminal further includes: taking the application program white list generated according to the matching result as a current application program white list; according to a system application program in the user terminal; determining a white list of local application programs according to the system application programs in the user terminal; and determining a final application program white list according to the local application program white list and the common application program white list of the application program white list.
The common application refers to that the application appears in the local application white list and also appears in the current application white list.
It can be understood that the intersection of the local application white list and the current application white list is taken as the final application white list, so that the accuracy of determining the application white list is improved.
In some embodiments, the application white list may also be updated based on a selection operation of the user. For example, the user may add portions of the application to the application whitelist based on a manual checkup operation. Of course, the user may also remove a portion of the application from the application white list based on the manual check operation.
It can be understood that the application white list is updated according to the selection will of the user.
S240, responding to the operation of the target application program in the user terminal, and acquiring the application program white list in the user terminal determined based on the zero trust application program.
And S250, if the white list of the application programs comprises the target application program, operating the target application program.
On the basis of the embodiment, the determination process of the application program white list is determined, and standard zero trust safety information is obtained from the zero trust server based on the zero trust application program; and responding to scanning operation in the zero trust application program by a user, acquiring current zero trust safety information of a local installed application program, performing information matching on the current zero trust safety information and the standard zero trust safety information, and generating an application program white list according to a matching result. Through the technical scheme, the determination of the application program white list is realized through the interaction of the zero trust application program and the zero trust server in the user terminal, the access rule can be established between the application program in the user terminal and the kernel of the terminal system through the established application program white list based on the zero trust application program, the permission of program operation is taken over, the control operation of the application program to be operated in the terminal system is realized, the operation of all untrusted application programs is stopped, the introduction of virus programs is stopped from the source, the waste of computing resources caused by the virus killing process is effectively reduced under the condition that the normal operation of a computer is not influenced, and the virus protection capability of the terminal system is considered.
EXAMPLE III
Fig. 3 is a flowchart of a zero trust-based computer virus protection method according to a third embodiment of the present application, where the present embodiment is an optimization of the foregoing scheme based on the foregoing embodiments.
Further, an adding operation "acquires installation data of an application to be installed from a white list application store of the zero trust server in response to an application installation request sent based on the zero trust application; and installing the application program to be installed in the user terminal according to the installation data, and updating the application program white list' according to the application program to be installed so as to install the application program in the user terminal through the zero trust application program.
Wherein explanations of the same or corresponding terms as those of the above-described embodiments are omitted.
Referring to fig. 3, the method for protecting a computer virus based on zero trust provided in this embodiment includes:
s310, responding to the operation of the target application program in the user terminal, and acquiring the application program white list in the user terminal determined based on the zero trust application program.
And S320, if the white list of the application programs comprises the target application program, operating the target application program.
S330, responding to an application program installation request sent by the zero-trust application program, and acquiring installation data of the application program to be installed from a white list application store of the zero-trust server.
The white list application store comprises safe and harmless application programs determined by the zero-trust server.
Specifically, the zero-trust server may implement security evaluation on the application program based on a preset antivirus application program. The preset antivirus application program comprises at least one antivirus software of an antivirus type, for example, the zero trust server can simultaneously evaluate the safety of the application program based on the antivirus software of a Trojan horse study and judgment class, the antivirus software of a software package detection class and the antivirus software of a system protection class.
In this embodiment, an installation button may be set in the zero-trust application, and when a user triggers the installation button, installation of the application to be installed may be started, an application installation request may be initiated, and installation data of the application to be installed may be obtained from a white-list application store of the zero-trust server.
The application program to be installed may be an application program actively selected by the user from zero-trust application programs and determined to be installed in the user terminal.
Optionally, the installation data at least includes an installation package of the application to be installed, and data support is improved for candidate installation of the application in the user terminal.
And S340, installing the application program to be installed in the user terminal according to the installation data, and updating the application program white list according to the application program to be installed.
In this embodiment, since the installation data is obtained from the white list application store of the zero trust server, which is equivalent to that the application to be installed is safe, the application to be installed may be added to the application white list while the application to be installed is installed in the user terminal, so as to update the application white list.
Optionally, the installation data comprises an installation package and a standard hash of the installation package; correspondingly, the installing the application program to be installed in the user terminal according to the installation data includes: generating hash to be verified according to the installation package; and if the hash to be verified is consistent with the standard hash, installing the application program to be installed in the user terminal.
Specifically, based on a hash function tool, hash operation may be performed on the installation package to obtain the hash to be verified of the installation package. In this embodiment, before the application to be installed is installed, the hash to be verified of the downloaded installation package may be locally verified in the user terminal, so that the hash to be verified is compared with the standard hash issued from the zero trust server, and it is ensured that the installation package is not damaged or changed in the transmission process.
It can be understood that, by performing hash check on the installation package transmitted to the user terminal based on the standard hash of the installation package in the installation data, it can be ensured that the installation package is not maliciously changed, mixed with viruses, or damaged in the transmission process.
In some embodiments, the transmission of the installation data in the zero-trust application program and the zero-trust server of the user terminal can be further realized based on preset encryption and decryption technologies, so as to improve the security of data transmission.
It should be noted that, in the embodiment of the present application, the execution sequence of the above S310-S320 and S330-S340 is not limited, and S310-S320 may be executed before S330-S340, or after S330-S340 is executed, S310-S320 may be executed.
On the basis of the embodiment, the embodiment of the application realizes that the application program is installed in the user terminal through the zero trust application program, and the installation data of the application program to be installed is acquired from the white list application store of the zero trust server through responding to the application program installation request sent based on the zero trust application program; and installing the application program to be installed in the user terminal according to the installation data, and updating the application program white list according to the application program to be installed. By the technical scheme, when the user terminal has a new software installation requirement, the installation data can be acquired from the zero trust server through the zero trust application program, and the installation data subjected to safety certification is downloaded, so that the installed new software is safe and harmless in the user terminal, the installation of new software with virus invasion risk in the user terminal is avoided, and the protection capability of the user terminal on viruses is improved.
Example four
Fig. 4 is a flowchart of a zero trust based computer virus protection method according to the fourth embodiment of the present application. The method and the device for sending the zero trust safety information are applicable to the situation that the standard zero trust safety information is sent to the zero trust application program through the zero trust server. The method can be executed by a zero trust-based computer virus protection device, which is configured in a zero trust server, can be realized by software and/or hardware, and is specifically configured in an electronic device, which can be a mobile terminal or a fixed terminal.
Referring to fig. 4, the zero trust based computer virus protection method provided in the embodiment of the present application is applied to a zero trust server, and includes:
s410, based on the preset antivirus application program, safety evaluation is carried out on at least one candidate application program.
The preset antivirus application program comprises at least one antivirus software of an antivirus type, for example, the zero trust server can simultaneously evaluate the safety of the application program based on the antivirus software of a Trojan horse judgment class, the antivirus software of a software package detection class and the antivirus software of a system protection class.
The candidate application is an application that the user terminal does need. The type and number of candidate applications may also be different for user terminals of different service types.
Therefore, in this embodiment, a corresponding appropriate preset antivirus application may be set for different user terminals, so as to implement security evaluation on the candidate application.
And S420, adding the candidate application program which runs safely into the white list application store according to the evaluation result.
The white list application store is used for loading the application program which is subjected to security certification and is determined to be safe and harmless to operate.
Specifically, if the detection result of the preset antivirus application to the candidate application is unsafe or harmful, the candidate application is not added to the white list application store.
It will be appreciated that through the security evaluation of candidate applications by third-party antivirus applications, it can be ensured that applications logged into the whitelist application store are harmless and secure.
And S430, acquiring standard zero trust safety information of each application program in the white list application store based on the sandbox simulation tool.
The sandbox simulation tool is a tool for testing behaviors of untrusted files or applications and the like in an isolated environment.
In this embodiment, based on the sandbox simulation tool, in the sandbox environment, standard zero trust security information of the application program during simulation operation may be acquired for each application program in the white list application store.
The standard zero trust security information refers to program running characteristics included when a secure application (i.e., an application that is determined to be harmless) runs.
In this embodiment, the standard zero trust security information includes, but is not limited to, standard installation list information, standard installation file information, standard dependent service information, and standard open port information.
S440, sending standard zero trust safety information to the user terminal provided with the zero trust application program, so that the user terminal generates an application program white list according to the standard zero trust safety information.
Optionally, the sending standard zero trust security information to the user terminal installed with the zero trust application includes: if the standard zero trust safety information changes, the zero trust server can actively send a data synchronization request to the user terminal and send the latest standard zero trust safety information to the user terminal; or responding to a data acquisition request sent by the zero-trust application program, and sending the latest standard zero-trust safety information to the user terminal.
Specifically, when a new candidate application program is entered into the zero trust server, the security evaluation operation on the candidate application program may be triggered, and the latest application program running safely is determined, at this time, the standard zero trust security information may be affected to change, and if the standard zero trust security information changes, the zero trust server may actively send a data synchronization request to the user terminal, and send the latest standard zero trust security information to the user terminal.
Certainly, the zero trust server may also perform security evaluation on at least one candidate application program based on a timing mechanism and a preset antivirus application program, determine a latest application program running safely, and may affect the change of the standard zero trust security information at this time.
It can be understood that the updating synchronization of the standard zero trust security information is realized through the active synchronization operation based on the zero trust server or the active synchronization operation based on the zero trust application program, the accuracy of the standard zero trust security information is ensured, and the capability of providing virus protection for the user terminal by the zero trust server is enhanced.
In some embodiments, the zero trust server may send the standard zero trust security information and the standard zero trust security information corresponding to the installed application program to the user terminal according to the installed application program in the user terminal, so as to reduce the data transmission amount and improve the data transmission efficiency.
The embodiment of the application is applied to the zero trust server, and safety evaluation is carried out on at least one candidate application program based on the preset antivirus application program by applying the zero trust server; adding the candidate application program which runs safely into the white list application store according to the evaluation result; acquiring standard zero trust safety information of each application program in the white list application store based on a sandbox simulation tool; and sending the standard zero trust safety information to a user terminal provided with a zero trust application program, so that the user terminal generates an application program white list according to the standard zero trust safety information. By the technical scheme, the safe application program is simulated and operated through the sandbox to obtain the standard zero trust safety information, the standard zero trust safety information is sent to the user terminal provided with the zero trust application program, so that the user terminal generates the application program white list according to the standard zero trust safety information, the control operation of the application program to be operated in the terminal system is realized, the operation of all untrusted application programs is stopped, the introduction of the virus program is stopped from the source, the waste of computing resources caused by the virus killing process is effectively reduced under the condition that the normal operation of a computer is not influenced, and the virus protection capability of the terminal system is considered.
EXAMPLE five
Fig. 5 is a flowchart of a zero trust-based computer virus protection method according to a fifth embodiment of the present application, where the present embodiment is an optimization of the foregoing scheme based on the foregoing embodiment.
Further, an adding operation "responding to an installation request sent by the user terminal based on the zero trust application, sending installation data of an application to be installed in the white list application store to the user terminal, so that the user terminal installs the application to be installed and updates the application white list according to the installation data", so as to send installation data to the user terminal through the zero trust server.
Wherein explanations of the same or corresponding terms as those of the above-described embodiments are omitted.
Referring to fig. 5, the method for protecting a computer virus based on zero trust provided in this embodiment includes:
s510, based on the preset antivirus application program, safety evaluation is carried out on at least one candidate application program.
And S520, adding the candidate application program which runs safely into the white list application store according to the evaluation result.
S530, acquiring standard zero trust safety information of each application program in the white list application store based on the sandbox simulation tool.
And S540, sending standard zero trust safety information to the user terminal provided with the zero trust application program so that the user terminal generates an application program white list according to the standard zero trust safety information.
And S550, responding to an installation request sent by the user terminal based on the zero trust application program, sending installation data of the application program to be installed in the white list application store to the user terminal, so that the user terminal installs the application program to be installed according to the installation data and updates the application program white list.
It is to be understood that, in the embodiment of the present application, the execution sequence of S540 and S550 is not limited, and S540 may be executed before S550, or S540 may be executed after S550 is executed.
Optionally, the installation data comprises an installation package and a standard hash of the installation package; and the standard hash is used for controlling the application program to be installed in the user terminal and controlling the application program to be installed according to the application program white list when the standard hash is consistent with the hash to be verified generated by the user terminal according to the installation package.
It can be understood that, by performing hash check on the installation package transmitted to the user terminal based on the standard hash of the installation package in the installation data, it can be ensured that the installation package is not maliciously changed, mixed with viruses, or damaged in the transmission process.
On the basis of the embodiment, the embodiment of the application realizes that the installation data is sent to the user terminal through the zero trust server, and the installation data of the application program to be installed in the white list application store is sent to the user terminal through responding to the installation request sent by the user terminal based on the zero trust application program, so that the user terminal installs the application program to be installed and updates the application program white list according to the installation data. By the technical scheme, when the user terminal has a new software installation requirement, the zero trust server sends the installation data of the application program to be installed in the white list application store to the user terminal so as to ensure that the new software installed in the user terminal is safe and harmless, avoid installing new software with virus invasion risk in the user terminal, and strengthen the capability of providing virus protection for the user terminal by the zero trust server.
EXAMPLE six
Fig. 6 is a schematic structural diagram of a zero trust based computer virus protection apparatus according to a sixth embodiment of the present application. Referring to fig. 6, a zero trust based computer virus protection apparatus provided in an embodiment of the present application is configured in a user terminal installed with a zero trust application, and the apparatus includes: a white list acquisition module 610 and a program control execution module 620.
A white list obtaining module 610, configured to, in response to an operation on a target application in the user terminal, obtain an application white list in the user terminal determined based on the zero-trust application;
a program control running module 620, configured to run the target application program if the application program white list includes the target application program.
The method and the device are applied to a user terminal provided with a zero trust application program, and the user terminal responds to the operation of a target application program in the user terminal to obtain an application program white list in the user terminal determined based on the zero trust application program; and if the white list of the application program comprises the target application program, operating the target application program. By the technical scheme, the user terminal provided with the zero trust application program can realize the control operation of the application program to be operated in the terminal system and stop the operation of all non-trust application programs based on the application program white list in the user terminal determined by the zero trust application program, so that the introduction of virus programs is stopped from the source, the waste of computing resources caused by the virus killing process is effectively reduced under the condition that the normal operation of a computer is not influenced, and the virus protection capability of the terminal system is considered.
Further, the apparatus comprises:
the security criterion acquisition module is used for acquiring standard zero trust security information from the zero trust server based on the zero trust application program;
the scanning information acquisition module is used for responding to the scanning operation of the user based on the zero trust application program and acquiring the current zero trust safety information of the locally installed application program;
and the information matching module is used for performing information matching on the current zero trust safety information and the standard zero trust safety information and generating the application program white list according to a matching result.
Further, the security criteria obtaining module includes:
the safety criterion acquisition unit is used for responding to a data synchronization request sent by the zero trust server when standard zero trust safety information changes, and receiving the latest standard zero trust safety information sent by the zero trust server; or responding to a synchronous instruction triggered in the zero-trust application program, and sending a data acquisition request to the zero-trust server so as to acquire the latest standard zero-trust security information from the zero-trust server.
Further, the apparatus further comprises:
and the white list updating module is used for updating the application program white list according to the system application program in the user terminal.
Further, the apparatus further comprises:
the installation data acquisition module is used for responding to an application program installation request sent based on the zero trust application program and acquiring installation data of the application program to be installed from a white list application store of the zero trust server;
and the program installation module is used for installing the application program to be installed in the user terminal according to the installation data and updating the application program white list according to the application program to be installed.
Further, the installation data comprises an installation package and a standard hash of the installation package; correspondingly, the program installation module comprises:
the file hash operation unit is used for generating hash to be verified according to the installation package;
and the program installation unit is used for installing the application program to be installed in the user terminal if the hash to be verified is consistent with the standard hash.
The zero trust-based computer virus protection device provided by the embodiment of the application can execute the zero trust-based computer virus protection method provided by any embodiment of the application, and has corresponding functional modules and beneficial effects of the execution method.
EXAMPLE seven
Fig. 7 is a schematic structural diagram of a zero trust based computer virus protection apparatus according to a seventh embodiment of the present application. Referring to fig. 7, an embodiment of the present application provides a zero trust based computer virus protection apparatus configured in a zero trust server, where the apparatus includes: a security assessment module 710, a white list determination module 720, a sandbox simulation module 730, and a security criteria transmission module 740.
A security evaluation module 710, configured to perform security evaluation on at least one candidate application based on a preset antivirus application;
a white list determining module 720, configured to add the candidate application program that runs safely to a white list application store according to the evaluation result;
the sandbox simulation module 730 is configured to obtain standard zero trust security information of each application program in the white list application store based on a sandbox simulation tool;
the security criterion sending module 740 is configured to send the standard zero trust security information to a user terminal installed with a zero trust application, so that the user terminal generates an application white list according to the standard zero trust security information.
The embodiment of the application is applied to the zero trust server, and safety evaluation is carried out on at least one candidate application program based on the preset antivirus application program by applying the zero trust server; adding the candidate application program which runs safely into the white list application store according to the evaluation result; acquiring standard zero trust safety information of each application program in the white list application store based on a sandbox simulation tool; and sending the standard zero trust safety information to a user terminal provided with a zero trust application program, so that the user terminal generates an application program white list according to the standard zero trust safety information. By the technical scheme, the safe application program is simulated and operated through the sandbox to obtain the standard zero trust safety information, the standard zero trust safety information is sent to the user terminal provided with the zero trust application program, so that the user terminal generates the application program white list according to the standard zero trust safety information, the control operation of the application program to be operated in the terminal system is realized, the operation of all untrusted application programs is stopped, the introduction of the virus program is stopped from the source, the waste of computing resources caused by the virus killing process is effectively reduced under the condition that the normal operation of a computer is not influenced, and the virus protection capability of the terminal system is considered.
Further, the apparatus further comprises:
and the installation data sending module is used for responding to an installation request sent by the user terminal based on the zero trust application program, and sending installation data of the application program to be installed in the white list application store to the user terminal, so that the user terminal installs the application program to be installed according to the installation data and updates the application program white list.
Further, the installation data comprises an installation package and a standard hash of the installation package; and the standard hash is used for controlling the application program to be installed in the user terminal and controlling the application program to be installed according to the application program white list when the standard hash is consistent with the hash to be verified generated by the user terminal according to the installation package.
Further, the apparatus further comprises: the safety criterion updating module is used for sending a data synchronization request to the user terminal and sending the latest standard zero trust safety information to the user terminal if the standard zero trust safety information changes; or responding to a data acquisition request sent by the zero-trust application program, and sending the latest standard zero-trust safety information to the user terminal.
The zero trust-based computer virus protection device provided by the embodiment of the application can execute the zero trust-based computer virus protection method provided by any embodiment of the application, and has corresponding functional modules and beneficial effects of the execution method.
Example eight
Fig. 8 is a structural diagram of an electronic device according to an eighth embodiment of the present application. FIG. 8 illustrates a block diagram of an exemplary electronic device 812 suitable for use in implementing embodiments of the present application. The electronic device 812 shown in fig. 8 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 8, electronic device 812 is in the form of a general purpose computing device. Components of electronic device 812 may include, but are not limited to: one or more processors or processing units 816, a system memory 828, and a bus 818 that couples various system components including the system memory 828 and the processing unit 816.
The system memory 828 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)830 and/or cache memory 832. The electronic device 812 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 834 may be used to read from or write to non-removable, nonvolatile magnetic media (not shown in FIG. 8, often referred to as a "hard disk drive"). Although not shown in FIG. 8, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to the bus 818 by one or more data media interfaces. System memory 828 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the application.
A program/utility 840 having a set (at least one) of program modules 842, which may be stored, for example, in system memory 828, such program modules 842 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 842 generally perform the functions and/or methodologies of embodiments described herein.
The electronic device 812 may also communicate with one or more external devices 814 (e.g., keyboard, pointing device, display 824, etc.), with one or more devices that enable a user to interact with the electronic device 812, and/or with any devices (e.g., network card, modem, etc.) that enable the electronic device 812 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 822. Also, the electronic device 812 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the internet) via the network adapter 820. As shown, the network adapter 820 communicates with the other modules of the electronic device 812 over the bus 818. It should be appreciated that although not shown in FIG. 8, other hardware and/or software modules may be used in conjunction with electronic device 812, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The processing unit 816 executes various functional applications and data processing, such as implementing any of the zero trust based computer virus protection methods provided by embodiments of the present application, by executing at least one of the other programs stored in the system memory 828.
Example nine
An embodiment ninth of the present application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a zero trust-based computer virus protection method provided in any embodiment of the present application:
that is, if the zero trust based computer virus protection method is applied to a user terminal installed with a zero trust application program, the program is executed by a processor to implement: responding to the running operation of a target application program in the user terminal, and acquiring an application program white list in the user terminal determined based on the zero-trust application program; and if the white list of the application program comprises the target application program, operating the target application program.
Or, if the zero trust-based computer virus protection method is applied to a zero trust server, the program is implemented when executed by a processor: performing security evaluation on at least one candidate application program based on a preset antivirus application program; adding the candidate application program which runs safely into the white list application store according to the evaluation result; acquiring standard zero trust safety information of each application program in the white list application store based on a sandbox simulation tool; and sending the standard zero trust safety information to a user terminal provided with a zero trust application program, so that the user terminal generates an application program white list according to the standard zero trust safety information.
From the above description of the embodiments, it is obvious for those skilled in the art that the present application can be implemented by software and necessary general hardware, and certainly can be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods described in the embodiments of the present application.
It should be noted that, in the above embodiment of the zero-trust based computer virus protection apparatus, the included units and modules are only divided according to the functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only used for distinguishing one functional unit from another, and are not used for limiting the protection scope of the application.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present application and the technical principles employed. It will be understood by those skilled in the art that the present application is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the application. Therefore, although the present application has been described in more detail with reference to the above embodiments, the present application is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present application, and the scope of the present application is determined by the scope of the appended claims.
Claims (12)
1. A computer virus protection method based on zero trust is characterized in that the method is applied to a user terminal provided with a zero trust application program, and comprises the following steps:
responding to the running operation of a target application program in the user terminal, and acquiring an application program white list in the user terminal determined based on the zero-trust application program;
and if the white list of the application program comprises the target application program, operating the target application program.
2. The method of claim 1, wherein the application white list is determined based on:
acquiring standard zero trust safety information from the zero trust server based on the zero trust application program;
responding to scanning operation of a user based on the zero-trust application program, and acquiring current zero-trust safety information of the locally installed application program;
and performing information matching on the current zero trust safety information and the standard zero trust safety information, and generating the application program white list according to a matching result.
3. The method of claim 2, further comprising:
and updating the application program white list according to the system application program in the user terminal.
4. The method of claim 1, further comprising:
in response to an application program installation request sent based on the zero-trust application program, acquiring installation data of an application program to be installed from a white list application store of the zero-trust server;
and installing the application program to be installed in the user terminal according to the installation data, and updating the application program white list according to the application program to be installed.
5. The method of claim 4, wherein the installation data comprises an installation package and a standard hash of the installation package;
correspondingly, the installing the application program to be installed in the user terminal according to the installation data includes:
generating hash to be verified according to the installation package;
and if the hash to be verified is consistent with the standard hash, installing the application program to be installed in the user terminal.
6. A computer virus protection method based on zero trust is characterized in that the method is applied to a zero trust server and comprises the following steps:
performing security evaluation on at least one candidate application program based on a preset antivirus application program;
adding the candidate application program which runs safely into the white list application store according to the evaluation result;
acquiring standard zero trust safety information of each application program in the white list application store based on a sandbox simulation tool;
and sending the standard zero trust safety information to a user terminal provided with a zero trust application program, so that the user terminal generates an application program white list according to the standard zero trust safety information.
7. The method of claim 6, further comprising:
and responding to an installation request sent by the user terminal based on the zero-trust application program, and sending installation data of the application program to be installed in the white list application store to the user terminal, so that the user terminal installs the application program to be installed according to the installation data and updates the application program white list.
8. The method of claim 7, wherein the installation data comprises an installation package and a standard hash of the installation package;
and the standard hash is used for controlling the application program to be installed in the user terminal and controlling the application program to be installed according to the application program white list when the standard hash is consistent with the hash to be verified generated by the user terminal according to the installation package.
9. A zero trust based computer virus guard configured in a user terminal having a zero trust application installed therein, comprising:
a white list acquisition module, configured to, in response to an operation on a target application in the user terminal, acquire an application white list in the user terminal determined based on the zero-trust application;
and the program control operation module is used for operating the target application program if the white list of the application program comprises the target application program.
10. A zero trust based computer virus guard, configured in a zero trust server, comprising:
the safety evaluation module is used for carrying out safety evaluation on at least one candidate application program based on a preset antivirus application program;
the white list determining module is used for adding the candidate application program which runs safely into a white list application store according to the evaluation result;
the sandbox simulation module is used for acquiring standard zero trust safety information of each application program in the white list application store based on a sandbox simulation tool;
and the safety criterion sending module is used for sending the standard zero trust safety information to a user terminal provided with a zero trust application program so that the user terminal generates an application program white list according to the standard zero trust safety information.
11. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement a zero trust based computer virus protection method as recited in any one of claims 1-5 or 6-8.
12. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a zero trust based computer virus protection method according to any one of claims 1 to 5 or 6 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111106071.6A CN113779562A (en) | 2021-09-22 | 2021-09-22 | Zero trust based computer virus protection method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111106071.6A CN113779562A (en) | 2021-09-22 | 2021-09-22 | Zero trust based computer virus protection method, device, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113779562A true CN113779562A (en) | 2021-12-10 |
Family
ID=78852555
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111106071.6A Pending CN113779562A (en) | 2021-09-22 | 2021-09-22 | Zero trust based computer virus protection method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113779562A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114697230A (en) * | 2022-03-18 | 2022-07-01 | 国网浙江省电力有限公司绍兴市上虞区供电公司 | Energy station safety monitoring system and method based on zero trust |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103875003A (en) * | 2011-10-17 | 2014-06-18 | 迈克菲股份有限公司 | System and method for whitelisting applications in a mobile network environment |
| CN107491697A (en) * | 2017-09-29 | 2017-12-19 | 南京宏海科技有限公司 | server security maintaining method based on dynamic white list |
| CN108052407A (en) * | 2017-12-13 | 2018-05-18 | 深圳乐信软件技术有限公司 | A kind of application crash means of defence, device, equipment and storage medium |
| US20190044958A1 (en) * | 2017-08-01 | 2019-02-07 | PC Pitstop, Inc | System, Method, and Apparatus for Computer Security |
| CN109460660A (en) * | 2018-10-18 | 2019-03-12 | 广州市网欣计算机科技有限公司 | A kind of mobile device safety management system |
| CN110929259A (en) * | 2019-11-14 | 2020-03-27 | 腾讯科技(深圳)有限公司 | Process security verification white list generation method and device |
-
2021
- 2021-09-22 CN CN202111106071.6A patent/CN113779562A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103875003A (en) * | 2011-10-17 | 2014-06-18 | 迈克菲股份有限公司 | System and method for whitelisting applications in a mobile network environment |
| US20190044958A1 (en) * | 2017-08-01 | 2019-02-07 | PC Pitstop, Inc | System, Method, and Apparatus for Computer Security |
| CN107491697A (en) * | 2017-09-29 | 2017-12-19 | 南京宏海科技有限公司 | server security maintaining method based on dynamic white list |
| CN108052407A (en) * | 2017-12-13 | 2018-05-18 | 深圳乐信软件技术有限公司 | A kind of application crash means of defence, device, equipment and storage medium |
| CN109460660A (en) * | 2018-10-18 | 2019-03-12 | 广州市网欣计算机科技有限公司 | A kind of mobile device safety management system |
| CN110929259A (en) * | 2019-11-14 | 2020-03-27 | 腾讯科技(深圳)有限公司 | Process security verification white list generation method and device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114697230A (en) * | 2022-03-18 | 2022-07-01 | 国网浙江省电力有限公司绍兴市上虞区供电公司 | Energy station safety monitoring system and method based on zero trust |
| CN114697230B (en) * | 2022-03-18 | 2023-12-15 | 国网浙江省电力有限公司绍兴市上虞区供电公司 | Zero trust-based energy station safety monitoring system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10657251B1 (en) | Multistage system and method for analyzing obfuscated content for malware | |
| CN107533608B (en) | Trusted updates | |
| CN106682497B (en) | The system and method for secure execution code under supervisor mode | |
| EP2732397B1 (en) | Computing device including a port and a guest domain | |
| EP3039609B1 (en) | Systems and methods for identifying private keys that have been compromised | |
| KR101503785B1 (en) | Method And Apparatus For Protecting Dynamic Library | |
| US11086983B2 (en) | System and method for authenticating safe software | |
| US9756007B1 (en) | Systems and methods for detecting compromised messaging accounts | |
| EP3017392A1 (en) | Process evaluation for malware detection in virtual machines | |
| CN105531692A (en) | Security policies for loading, linking, and executing native code by mobile applications running inside of virtual machines | |
| US20170185785A1 (en) | System, method and apparatus for detecting vulnerabilities in electronic devices | |
| US20060053492A1 (en) | Software tracking protection system | |
| CN110445769B (en) | Access method and device of business system | |
| CN111416811A (en) | Unauthorized vulnerability detection method, system, equipment and storage medium | |
| CN110278192B (en) | Method and device for accessing intranet by extranet, computer equipment and readable storage medium | |
| CN102110213A (en) | Detection of hided object in computer system | |
| US11080402B2 (en) | Methods and apparatus to validate and restore machine configurations | |
| US10339307B2 (en) | Intrusion detection system in a device comprising a first operating system and a second operating system | |
| US10771462B2 (en) | User terminal using cloud service, integrated security management server for user terminal, and integrated security management method for user terminal | |
| CN109818972B (en) | Information security management method and device for industrial control system and electronic equipment | |
| US10169584B1 (en) | Systems and methods for identifying non-malicious files on computing devices within organizations | |
| CN105659247A (en) | Context-aware proactive threat management system | |
| CN113779562A (en) | Zero trust based computer virus protection method, device, equipment and medium | |
| KR20200041639A (en) | In-vehicle software update system and method for controlling the same | |
| CN110659478B (en) | Method for detecting malicious files preventing analysis in isolated environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |