CN115098196A - Verification method and device, electronic equipment and storage medium - Google Patents
Verification method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115098196A CN115098196A CN202210603805.XA CN202210603805A CN115098196A CN 115098196 A CN115098196 A CN 115098196A CN 202210603805 A CN202210603805 A CN 202210603805A CN 115098196 A CN115098196 A CN 115098196A
- Authority
- CN
- China
- Prior art keywords
- verification
- application program
- certificate
- application
- kernel layer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012795 verification Methods 0.000 title claims abstract description 175
- 238000000034 method Methods 0.000 title claims abstract description 59
- 238000004590 computer program Methods 0.000 claims description 16
- 230000005540 biological transmission Effects 0.000 claims description 7
- 239000010410 layer Substances 0.000 description 77
- 238000012545 processing Methods 0.000 description 27
- 238000010586 diagram Methods 0.000 description 22
- 230000006870 function Effects 0.000 description 20
- 230000007123 defense Effects 0.000 description 12
- 238000004891 communication Methods 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 9
- 230000008569 process Effects 0.000 description 8
- 230000003287 optical effect Effects 0.000 description 5
- 230000005236 sound signal Effects 0.000 description 4
- 230000001133 acceleration Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000001902 propagating effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 229910052802 copper Inorganic materials 0.000 description 1
- 239000010949 copper Substances 0.000 description 1
- 239000012792 core layer Substances 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000003384 imaging method Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000001915 proofreading effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/448—Execution paradigms, e.g. implementations of programming paradigms
- G06F9/4482—Procedural
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Abstract
The disclosure relates to a verification method and device, an electronic device and a storage medium. The method comprises the following steps: under the condition that a preset interface of a system application layer is called by an application program, acquiring a verification certificate of the application program according to the type of the application program; transmitting the verification certificate to a system kernel layer; verifying the verification certificate through a system kernel layer to obtain a verification result; and when the verification result is that the verification is passed, allowing the application program to call a target interface of the system kernel layer. According to the verification method disclosed by the embodiment of the disclosure, the verification certificate of the application program can be obtained at the system application layer, when the application program calls the target interface of the system kernel layer, the verification certificate needs to be verified, and the application program can be allowed to access the target interface of the system kernel layer after the verification is passed. For the unknown application program or the program corresponding to the malicious code, the verification certificate cannot be obtained or the verification cannot be passed, so that the system cannot be attacked, and the safety of the system is improved.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a verification method and apparatus, an electronic device, and a storage medium.
Background
With the continuous development of network technology, the events of network attacks using malicious codes are in endless, and how to defend against malicious code attacks has become the focus of network defense nowadays. An attacker can utilize malicious codes to carry out various attacks such as information stealing, encryption lasso, data erasing and the like on a target system. Defense against malicious code is a key in today's network defense. By defending malicious codes, the damage of attackers to target assets can be reduced, the loss of the assets to be protected is reduced, even the attack means of the attackers is analyzed before the attackers do not cause substantial damage, and the vulnerabilities utilized by the attackers are repaired.
However, the malicious code defense technology in the related art mainly performs feature extraction on an existing malicious code sample to form a malicious code feature library, then performs feature detection on a suspected program, determines that the suspected program is a malicious code if the features are matched, and then performs defense and searching. However, the related art cannot effectively defend unknown malicious codes, that is, the related art can only detect the characteristics of known malicious codes, and if new malicious codes or variants of existing malicious codes occur, the characteristics of the new malicious codes are not contained in the characteristic library, the related art cannot effectively defend the new malicious codes.
Disclosure of Invention
The disclosure provides a verification method and device, electronic equipment and a storage medium.
According to an aspect of the present disclosure, there is provided a verification method including: under the condition that a preset interface of a system application layer is called by an application program, acquiring a verification certificate of the application program according to the type of the application program, wherein the type of the application program comprises an authorized application program; transmitting the check certificate to a system kernel layer; verifying the verification certificate through the system kernel layer to obtain a verification result; and allowing the application program to call a target interface of the system kernel layer corresponding to the preset interface under the condition that the verification result is that the verification is passed.
In a possible implementation manner, the obtaining the verification credential of the application includes: acquiring a stack of the application program; determining, in a stack of the application, at least one return address; and acquiring the verification certificate according to the return address.
In a possible implementation manner, obtaining the check credential according to the return address includes: searching a code segment with a specific byte length of the application program through the return address; determining the code segment with the specific byte length as the check certificate.
In one possible implementation, the system kernel layer stores a list of authorized application credentials.
In a possible implementation manner, the verifying the verification certificate through the system kernel layer to obtain a verification result includes: and verifying the verification certificate according to the authorized application program certificate list to obtain a verification result.
In one possible implementation, the type of the application further includes an unknown application; the method further comprises the following steps: and under the condition that the type of the application program is unknown, not acquiring the verification certificate of the application program.
In one possible implementation, the method further includes: and refusing the application program to call the target interface under the condition that the verification result is that the verification fails or the verification certificate is not acquired.
According to an aspect of the present disclosure, there is provided a verification apparatus including: the certificate acquisition module is used for acquiring a verification certificate of the application program according to the type of the application program under the condition that a preset interface of a system application layer is called by the application program, wherein the type of the application program comprises an authorized application program; the transmission module is used for transmitting the verification certificate to a system kernel layer; the verification module is used for verifying the verification certificate through the system kernel layer to obtain a verification result; and the calling module is used for allowing the application program to call the target interface of the system kernel layer corresponding to the preset interface under the condition that the verification result is that the verification is passed.
In one possible implementation manner, the credential obtaining module is further configured to: acquiring a stack of the application program; determining, in a stack of the application, at least one return address; and acquiring the verification certificate according to the return address.
In one possible implementation manner, the credential obtaining module is further configured to: searching a code segment with a specific byte length of the application program through the return address; determining the code segment with the specific byte length as the check certificate.
In one possible implementation, the system kernel layer stores a list of authorized application credentials.
In one possible implementation manner, the verification module is further configured to: and verifying the verification certificate according to the authorized application program certificate list to obtain a verification result.
In one possible implementation, the type of the application further includes an unknown application; the device further comprises: and the unknown application program judging module is used for not acquiring the verification certificate of the application program under the condition that the type of the application program is the unknown application program.
In one possible implementation, the apparatus further includes: and the rejection module is used for rejecting the application program to call the target interface under the condition that the verification result is that the verification fails or the verification certificate is not acquired.
According to an aspect of the present disclosure, there is provided an electronic device including: a processor; a memory for storing processor-executable instructions; wherein the processor is configured to invoke the memory-stored instructions to perform the above-described method.
According to an aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the above-described method.
According to the verification method of the embodiment of the disclosure, the verification certificate of the application program can be obtained at the system application layer, when the application program calls the target interface of the system kernel layer, the verification certificate needs to be verified, and the application program can be allowed to access the target interface of the system kernel layer after the verification is passed. For the program corresponding to the unknown application program or the malicious code, the verification certificate cannot be obtained or the verification cannot be passed, so that the program corresponding to the unknown application program or the malicious code cannot call the target interface, the system cannot be attacked, and the system safety is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure. Other features and aspects of the present disclosure will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and, together with the description, serve to explain the principles of the disclosure.
FIG. 1 shows a flow chart of a verification method according to an embodiment of the present disclosure;
FIG. 2 shows a schematic diagram of a defensive measure according to an embodiment of the disclosure;
FIG. 3 shows a schematic diagram of a defensive measure according to an embodiment of the disclosure;
FIG. 4 shows a schematic diagram of a defensive measure according to an embodiment of the disclosure;
FIG. 5 shows a block diagram of a verification device according to an embodiment of the present disclosure;
FIG. 6 shows a block diagram of an electronic device in accordance with an embodiment of the disclosure;
fig. 7 shows a block diagram of an electronic device in accordance with an embodiment of the disclosure.
Detailed Description
Various exemplary embodiments, features and aspects of the present disclosure will be described in detail below with reference to the accompanying drawings. In the drawings, like reference numbers can indicate functionally identical or similar elements. While the various aspects of the embodiments are presented in drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
The word "exemplary" is used exclusively herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.
The term "and/or" herein is merely an association relationship describing an associated object, and means that there may be three relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the term "at least one" herein means any combination of at least two of any one or more of a plurality, for example, including at least one of A, B, C, and may mean including any one or more elements selected from the group consisting of A, B and C.
Furthermore, in the following detailed description, numerous specific details are set forth in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, methods, means, elements and circuits that are well known to those skilled in the art have not been described in detail so as not to obscure the present disclosure.
Fig. 1 shows a flow chart of a verification method according to an embodiment of the present disclosure, as shown in fig. 1, the method includes:
in step S11, when the preset interface of the system application layer is called by an application program, obtaining a verification credential of the application program according to a type of the application program, where the type of the application program includes an authorized application program;
in step S12, transmitting the verification certificate to a system kernel layer;
in step S13, the system kernel layer verifies the verification certificate to obtain a verification result;
in step S14, if the verification result is that the verification passes, the application program is allowed to call the target interface of the system kernel layer corresponding to the preset interface.
According to the verification method of the embodiment of the disclosure, the verification certificate of the application program can be obtained at the system application layer, when the application program calls the target interface of the system kernel layer, the verification certificate needs to be verified, and the application program can be allowed to access the target interface of the system kernel layer after the verification is passed. For the program corresponding to the unknown application program or the malicious code, the verification certificate cannot be obtained or the verification cannot be passed, so that the program corresponding to the unknown application program or the malicious code cannot call the target interface, the system cannot be attacked, and the system safety is improved.
In one possible implementation, after a system (e.g., a computer system) accesses a network, the system may be accessed by various applications, and even some interfaces may be accessed by applications corresponding to malicious code, so that the configuration of the system is modified through the interfaces, information stored in the system is stolen, file contents in the system are modified, and the like, and not all applications include code in a malicious code sample library, which also makes it difficult for a defense tool (e.g., antivirus software) using the malicious code sample library to defend against unknown applications (e.g., unknown applications containing malicious code).
In a possible implementation manner, the system includes an application layer and a kernel layer, the application layer is an open hierarchy of the system, for example, a hierarchy that can be displayed to a user, and the user of the system can perform processing such as loading and running an application program, editing a file, and setting parameters in the application layer.
In a possible implementation manner, the kernel layer is a core layer that a system performs processing, for example, the kernel layer may have functions of task management, resource scheduling, protocol management, and the like, and the kernel layer may not be exposed to a user generally, that is, the user may only call an interface in the application layer in daily operation, and the interface in the application layer may have a corresponding relationship with the interface in the kernel layer, and the kernel layer may provide functions of task management, resource scheduling, protocol management, and the like for processing performed in the application layer through the corresponding interface, and may finally complete a task corresponding to the operation of the user in the application layer.
In one possible implementation, as described above, the system may be accessed by various applications, which may be known non-malicious applications, known malicious applications, unknown non-malicious applications, or unknown malicious applications. Where secure applications comprise only known non-malicious applications to the system, other applications (including unknown non-malicious applications) may be at risk, although they may not comprise malicious code.
In a possible implementation manner, insecure applications (including known malicious applications, unknown non-malicious applications, and unknown malicious applications) can be defended by setting certain defensive measures (e.g., verification measures) at the system Application layer and the system kernel layer, for example, the insecure applications are prevented from calling some sensitive interface APIs (Application programming interfaces), for example, interfaces that may pose security threats to the system, for example, interfaces that call passwords of certain accounts, or interfaces that modify or delete certain important files, and the like, and the specific type of the sensitive interfaces is not limited by the present disclosure.
Fig. 2 is a schematic diagram illustrating a defense measure according to an embodiment of the disclosure, and as shown in fig. 2, at a system application layer, defense may be performed through a lock protection measure, and at a system kernel layer, defense may be performed through a kernel verification measure.
In a possible implementation manner, in step S11, in the case that the preset interface of the system application layer is called by the application program, the locking protection measure may first prevent the application program from calling the preset interface, and obtain the check certificate of the application program according to the type of the application program. When an application calls a preset interface (e.g., a sensitive interface) of the system application layer, the locking protection measure of the system application layer may first determine the type of the application, and if the type of the application is an authorized application (e.g., a secure application, i.e., a known non-malicious application), the locking protection measure may obtain a verification credential of the application.
In one possible implementation, when obtaining the verification certificate, the verification certificate may be obtained in a variety of ways, a specific identifier may be added to the authorized application, the identifier of the authorized application may be obtained as the verification certificate, or the source of the application may be determined, for example, the application may be sourced from a local system or a secure website, and the application may be determined as the authorized application and a verification certificate indicating the security may be generated for the application. The generation mode of the verification certificate is not limited by the disclosure.
Fig. 3 shows a schematic diagram of a defense according to an embodiment of the present disclosure, and as shown in fig. 3, in addition to the above, the application itself may be used to generate the verification credential. Step S11 may include: acquiring a stack of the application program; determining, in a stack of the application, at least one return address; and acquiring the verification certificate according to the return address.
In one possible implementation, the application may include at least one process, and in order to support the execution of the process, the application may include at least one function, and the return address of the function may be stored in the stack of the application. Therefore, the stack of the application program can be obtained, and the function contained in the application program can be determined based on the return address in the stack, so as to judge whether the function runs with security threat, for example, a check certificate is generated by the function, and the check is carried out based on the check certificate. For example, the verification credentials may be generated based on a function name, function declaration information, code in a function, and so forth. The present disclosure does not limit the specific manner in which the verification credentials are generated.
In a possible implementation manner, taking generating a check credential through a code as an example, obtaining the check credential according to the return address may include: searching a code segment with a specific byte length of the application program through the return address; determining the code segment with the specific byte length as the check certificate.
In an example, a code segment with a specific byte length may be obtained according to a return address, in an example, the code segment with a specific byte length includes a code segment in a function, and the code segment with a specific byte length may include one instruction, a partial code of one instruction, multiple instructions, and a partial code of one instruction, and the disclosure does not limit the specific form and length of the code segment with a specific byte length.
In an example, the code segment of the particular byte length may serve as a check credential. The code segment may contain a variety of information, such as the type of interface called, the type of operation performed (e.g., modify operation, edit operation, etc.), the amount of computing resources required, etc., so that the code segment may be used as a kind of proof-reading credential to check, e.g., no exception may be made in the type of operation performed on the code segment, the amount of computing resources required is reasonable, etc., it may be determined that the check passed, otherwise, it may be determined that the check failed, etc.
In a possible implementation manner, the verification credential generated based on the code segment may also be verified in other manners. For example, the system kernel layer stores a list of authorized application credentials, upon which verification can be performed. The verification certificate obtained above may be transmitted to the system kernel layer in step S12, and the authorized application program may be allowed to call a preset interface of the system application layer. And in step S13, checking the check certificate through the system kernel layer to obtain a check result, wherein step S13 may include: and verifying the verification certificate according to the authorized application program certificate list to obtain a verification result.
In a possible implementation manner, the authorized application credential list may include all codes of non-malicious applications in applications known to the system, and of course, may also include some preset features of the codes of the non-malicious applications without storing all codes, so as to reduce the storage pressure.
In a possible implementation manner, before checking, although the authorized application program is allowed to call the preset interface of the system application layer, the kernel checking measure of the system kernel layer still does not allow any application to call the target interface of the kernel layer for the moment, but the call is allowed after the checking is passed.
In one possible implementation manner, in the verification process, the verification certificate (e.g., the code segment) may be compared with the code segment in the authorized application certificate list, and if the code segment in the verification certificate is included in the authorized application certificate list, the verification result is determined as verification passing. Alternatively, the predetermined feature of the verification certificate may be obtained and compared with the predetermined feature in the authorized application certificate list, and if the comparison is successful (for example, the feature similarity between a certain predetermined feature in the authorized application certificate list and the predetermined feature of the verification certificate is higher than or equal to the predetermined threshold), the verification result is determined as verification passing. Otherwise, determining that the verification result is that the verification fails.
In one possible implementation, after the verification, a verification result of the authorized application may be obtained, for example, the verification is successful or the verification passes. After obtaining the verification result, in step S14, the authorized application program may be allowed to call a target interface in the system kernel layer, where the target interface is an interface corresponding to a preset interface in the system application layer. For example, a specific process such as a process of loading an application, transferring a file, or the like can be performed by calling a target interface. The present disclosure does not limit the type of processing performed by the call target interface.
In one possible implementation, in another example, if the application calling the preset interface of the system application layer is an unknown application, it is risky to allow the unknown application to call the sensitive interface at will, although it cannot be determined whether malicious code is really present in the unknown application. Thus, unknown applications are not allowed to call sensitive interfaces.
Fig. 4 is a schematic diagram illustrating a defense according to an embodiment of the disclosure, as shown in fig. 4, an unknown application is being called, and the lock protection defense is not processed to obtain credential information based on the application being the type of the unknown application. Namely, the method further comprises: and under the condition that the type of the application program is unknown, not acquiring the verification certificate of the application program. Therefore, in the case where the type of the application is an unknown application, there is no check credential, and therefore, the check credential cannot be passed to the system kernel layer.
In one possible implementation, the unknown application may originate from an unknown web site, cannot be determined for its security, and is therefore unauthorized. The locking protection measures of the system application layer can judge the type of the application program, the application program is determined to be an unknown application program after the application program is determined to be unauthorized, and when the application program calls the preset interface of the system application layer, no processing is performed, namely, the unknown application program is not prevented from calling the preset interface of the system application layer, and the verification certificate of the application program is not acquired.
In a possible implementation, however, before checking, although the unknown application program is allowed to call the preset interface of the system application layer, the kernel checking measure of the system kernel layer still does not allow any application to call the target interface of the kernel layer for the moment, but needs to wait until the checking is passed before allowing the call. However, since the locking protection measure does not obtain any verification certificate, the kernel verification measure cannot perform verification, so that a verification result cannot be obtained (that is, a verification result that the verification passes cannot be obtained), and the unknown application program cannot be allowed to call the target interface of the system kernel layer.
In a possible implementation manner, if the application program calling the preset interface of the system application layer is a known malicious application program, the application program can be prevented from calling the preset interface at the system application layer by a locking protection measure, so that the malicious application program can be prevented without verification. Certainly, a known malicious application program may also be allowed to call a preset interface of the system application layer, but the verification credential of the malicious application program is not obtained, so that, in the system kernel layer, the malicious application program may be prevented from calling the target interface of the system kernel layer because verification cannot be performed, or the verification credential of the malicious application program may also be obtained, and in the verification processing of the system kernel layer, the obtained verification result is that verification fails, and therefore, the target interface of the system kernel layer cannot be called. Namely, the method further comprises: and refusing the application program to call the target interface under the condition that the verification result is that the verification fails or the verification certificate is not acquired.
In one possible implementation, the verification process may also prevent the target interface from being invoked after the authorized application has been tampered with. For example, an application originating from a secure website may be considered as a secure application and may be authorized, that is, the application is set as an authorized application, however, the application may be tampered, and when the application calls a preset interface of the system application layer, the application may be determined as a known application, and therefore, a verification certificate thereof may be obtained, but in the verification process of the system kernel layer, the verification certificate thereof cannot pass the verification, and therefore, the calling behavior of the application to a target interface of the system kernel layer may be prevented, thereby further improving the security of the system.
According to the verification method of the embodiment of the disclosure, the verification certificate of the application program can be obtained at the system application layer, when the application program calls the target interface of the system kernel layer, the verification certificate needs to be verified, and the application program can be allowed to access the target interface of the system kernel layer after the verification is passed. For the program corresponding to the unknown application program or the malicious code, the verification certificate cannot be obtained or the verification cannot be passed, so that the target interface cannot be called by the program corresponding to the unknown application program or the malicious code, the system cannot be attacked, the tampered authorized application program can be prevented from calling the target interface based on the verification processing, and the system safety is further improved.
It is understood that the above-mentioned method embodiments can be combined with each other to form a combined embodiment without departing from the principle logic, which is limited by the space, and the disclosure is not repeated herein. Those skilled in the art will appreciate that in the above methods of the specific embodiments, the specific order of execution of the steps should be determined by their function and possibly their inherent logic.
In addition, the present disclosure also provides a verification apparatus, an electronic device, a computer-readable storage medium, and a program, which can be used to implement any one of the verification methods provided by the present disclosure, and the corresponding technical solutions and descriptions and corresponding descriptions of the method portions are not repeated.
Fig. 5 shows a block diagram of a verification apparatus according to an embodiment of the present disclosure, as shown in fig. 5, the apparatus including:
the certificate acquisition module 11 is configured to acquire a verification certificate of an application program according to a type of the application program when a preset interface of a system application layer is called by the application program, where the type of the application program includes an authorized application program;
the transmission module 12 is configured to transmit the verification credential to a system kernel layer;
the checking module 13 is configured to check the checking certificate through the system kernel layer to obtain a checking result;
and the calling module 14 is configured to allow the application program to call a target interface of the system kernel layer corresponding to the preset interface when the verification result is that the verification passes.
In one possible implementation manner, the credential obtaining module is further configured to: acquiring a stack of the application program; determining, in a stack of the application, at least one return address; and acquiring the verification certificate according to the return address.
In one possible implementation manner, the credential obtaining module is further configured to: searching a code segment with a specific byte length of the application program through the return address; determining the code segment with the specific byte length as the check certificate.
In one possible implementation, the system kernel layer stores a list of authorized application credentials.
In one possible implementation, the verification module is further configured to: and verifying the verification certificate according to the authorized application program certificate list to obtain a verification result.
In one possible implementation, the type of the application further includes an unknown application; the device further comprises: and the unknown application program judging module is used for not acquiring the verification certificate of the application program under the condition that the type of the application program is the unknown application program.
In one possible implementation, the apparatus further includes: and the rejection module is used for rejecting the application program to call the target interface under the condition that the verification result is that the verification fails or the verification certificate is not acquired.
In some embodiments, functions or modules included in the apparatus provided in the embodiments of the present disclosure may be used to execute the method described in the above method embodiments, and for specific implementation, reference may be made to the description of the above method embodiments, and for brevity, details are not described here again.
Embodiments of the present disclosure also provide a computer-readable storage medium having stored thereon computer program instructions, which when executed by a processor, implement the above-mentioned method. The computer readable storage medium may be a non-volatile computer readable storage medium.
An embodiment of the present disclosure further provides an electronic device, including: a processor; a memory for storing processor-executable instructions; wherein the processor is configured to invoke the memory-stored instructions to perform the above-described method.
Embodiments of the present disclosure also provide a computer program product, which includes computer readable code, and when the computer readable code runs on a device, a processor in the device executes instructions for implementing the verification method provided in any of the above embodiments.
The embodiments of the present disclosure also provide another computer program product for storing computer readable instructions, which when executed cause a computer to perform the operations of the verification method provided in any of the above embodiments.
The electronic device may be provided as a terminal, server, or other form of device.
Fig. 6 illustrates a block diagram of an electronic device 800 in accordance with an embodiment of the disclosure. For example, the electronic device 800 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, a fitness device, a personal digital assistant, or the like terminal.
Referring to fig. 6, electronic device 800 may include one or more of the following components: processing component 802, memory 804, power component 806, multimedia component 808, audio component 810, input/output (I/O) interface 812, sensor component 814, and communication component 816.
The processing component 802 generally controls overall operation of the electronic device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing components 802 may include one or more processors 820 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interaction between the processing component 802 and other components. For example, the processing component 802 may include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.
The memory 804 is configured to store various types of data to support operations at the electronic device 800. Examples of such data include instructions for any application or method operating on the electronic device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read Only Memory (EEPROM), Erasable Programmable Read Only Memory (EPROM), Programmable Read Only Memory (PROM), Read Only Memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
The power supply component 806 provides power to the various components of the electronic device 800. The power components 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the electronic device 800.
The multimedia component 808 includes a screen that provides an output interface between the electronic device 800 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense an edge of a touch or slide action, but also detect a duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front facing camera and/or a rear facing camera. The front camera and/or the rear camera may receive external multimedia data when the electronic device 800 is in an operation mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.
The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the electronic device 800 is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may further be stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 also includes a speaker for outputting audio signals.
The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.
The communication component 816 is configured to facilitate communications between the electronic device 800 and other devices in a wired or wireless manner. The electronic device 800 may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 816 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short range communication. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.
In an exemplary embodiment, the electronic device 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.
In an exemplary embodiment, a non-transitory computer-readable storage medium, such as the memory 804, is also provided that includes computer program instructions executable by the processor 820 of the electronic device 800 to perform the above-described methods.
Fig. 7 illustrates a block diagram of an electronic device 1900 in accordance with an embodiment of the disclosure. For example, the electronic device 1900 may be provided as a server. Referring to fig. 7, electronic device 1900 includes a processing component 1922 further including one or more processors and memory resources, represented by memory 1932, for storing instructions, e.g., applications, executable by processing component 1922. The application programs stored in memory 1932 may include one or more modules that each correspond to a set of instructions. Further, the processing component 1922 is configured to execute instructions to perform the above-described method.
The electronic device 1900 may also include a power component 1926 configured to perform power management of the electronic device 1900, a wired or wireless network interface 1950 configured to connect the electronic device 1900 to a network, and an input/output (I/O) interface 1958. The electronic device 1900 may operate based on an operating system, such as Windows Server, stored in memory 1932 TM ,Mac OS X TM ,Unix TM ,Linux TM ,FreeBSD TM Or the like.
In an exemplary embodiment, a non-transitory computer readable storage medium, such as the memory 1932, is also provided that includes computer program instructions executable by the processing component 1922 of the electronic device 1900 to perform the above-described methods.
The present disclosure may be systems, methods, and/or computer program products. The computer program product may include a computer-readable storage medium having computer-readable program instructions embodied thereon for causing a processor to implement various aspects of the present disclosure.
The computer readable storage medium may be a tangible device that can hold and store the instructions for use by the instruction execution device. The computer readable storage medium may be, for example, but not limited to, an electronic memory device, a magnetic memory device, an optical memory device, an electromagnetic memory device, a semiconductor memory device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a Static Random Access Memory (SRAM), a portable compact disc read-only memory (CD-ROM), a Digital Versatile Disc (DVD), a memory stick, a floppy disk, a mechanical coding device, such as a punch card or a raised-in-groove structure having instructions stored thereon, and any suitable combination of the foregoing. Computer-readable storage media as used herein is not to be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission medium (e.g., optical pulses through a fiber optic cable), or electrical signals transmitted through electrical wires.
The computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to a respective computing/processing device, or to an external computer or external storage device via a network, such as the internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers. The network adapter card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in a computer-readable storage medium in the respective computing/processing device.
The computer program instructions for carrying out operations of the present disclosure may be assembler instructions, Instruction Set Architecture (ISA) instructions, machine-related instructions, microcode, firmware instructions, state setting data, or source or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer-readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, the electronic circuitry may execute computer-readable program instructions to implement aspects of the present disclosure by utilizing state information of the computer-readable program instructions to personalize a custom electronic circuit, such as a programmable logic circuit, a Field Programmable Gate Array (FPGA), or a Programmable Logic Array (PLA).
Various aspects of the present disclosure are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.
These computer-readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable medium storing the instructions comprises an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The computer program product may be embodied in hardware, software or a combination thereof. In an alternative embodiment, the computer program product is embodied in a computer storage medium, and in another alternative embodiment, the computer program product is embodied in a Software product, such as a Software Development Kit (SDK), or the like.
Having described embodiments of the present disclosure, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the disclosed embodiments. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen to best explain the principles of the embodiments, the practical application, or improvements made to the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.
Claims (10)
1. A method of verification, comprising:
under the condition that a preset interface of a system application layer is called by an application program, acquiring a verification certificate of the application program according to the type of the application program, wherein the type of the application program comprises an authorized application program;
transmitting the check certificate to a system kernel layer;
verifying the verification certificate through the system kernel layer to obtain a verification result;
and allowing the application program to call a target interface of the system kernel layer corresponding to the preset interface under the condition that the verification result is that the verification is passed.
2. The method of claim 1, wherein obtaining the verification credentials of the application comprises:
acquiring a stack of the application program;
determining, in a stack of the application, at least one return address;
and acquiring the verification certificate according to the return address.
3. The method of claim 2, wherein obtaining the verification credential based on the return address comprises:
searching a code segment with a specific byte length of the application program through the return address;
determining the code segment with the specific byte length as the check certificate.
4. The method of claim 1, wherein the system kernel layer stores a list of authorized application credentials.
5. The method of claim 4, wherein verifying the verification certificate through the system kernel layer to obtain a verification result comprises:
and verifying the verification certificate according to the authorized application program certificate list to obtain a verification result.
6. The method of claim 1, wherein the types of applications further comprise unknown applications;
the method further comprises the following steps:
and under the condition that the type of the application program is unknown, not acquiring the verification certificate of the application program.
7. The method of claim 6, further comprising:
and refusing the application program to call the target interface under the condition that the verification result is that the verification fails or the verification certificate is not acquired.
8. A verification apparatus, comprising:
the certificate acquisition module is used for acquiring a verification certificate of the application program according to the type of the application program under the condition that a preset interface of a system application layer is called by the application program, wherein the type of the application program comprises an authorized application program;
the transmission module is used for transmitting the verification certificate to a system kernel layer;
the verification module is used for verifying the verification certificate through the system kernel layer to obtain a verification result;
and the calling module is used for allowing the application program to call the target interface of the system kernel layer corresponding to the preset interface under the condition that the verification result is that the verification is passed.
9. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to invoke the memory-stored instructions to perform the method of any of claims 1 to 7.
10. A computer readable storage medium having computer program instructions stored thereon, wherein the computer program instructions, when executed by a processor, implement the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210603805.XA CN115098196A (en) | 2022-05-30 | 2022-05-30 | Verification method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210603805.XA CN115098196A (en) | 2022-05-30 | 2022-05-30 | Verification method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115098196A true CN115098196A (en) | 2022-09-23 |
Family
ID=83288125
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210603805.XA Pending CN115098196A (en) | 2022-05-30 | 2022-05-30 | Verification method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115098196A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170221019A1 (en) * | 2014-07-30 | 2017-08-03 | Wal-Mart Stores, Inc. | Apparatus and method for self-service voucher creation |
| CN107038369A (en) * | 2017-03-21 | 2017-08-11 | 深圳市金立通信设备有限公司 | The method and terminal of a kind of resources accessing control |
| CN111209561A (en) * | 2018-11-21 | 2020-05-29 | 成都鼎桥通信技术有限公司 | Application calling method and device of terminal equipment and terminal equipment |
| CN113703813A (en) * | 2021-09-07 | 2021-11-26 | 北京天融信网络安全技术有限公司 | Kernel upgrading method, device, equipment and computer readable storage medium |
-
2022
- 2022-05-30 CN CN202210603805.XA patent/CN115098196A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170221019A1 (en) * | 2014-07-30 | 2017-08-03 | Wal-Mart Stores, Inc. | Apparatus and method for self-service voucher creation |
| CN107038369A (en) * | 2017-03-21 | 2017-08-11 | 深圳市金立通信设备有限公司 | The method and terminal of a kind of resources accessing control |
| CN111209561A (en) * | 2018-11-21 | 2020-05-29 | 成都鼎桥通信技术有限公司 | Application calling method and device of terminal equipment and terminal equipment |
| CN113703813A (en) * | 2021-09-07 | 2021-11-26 | 北京天融信网络安全技术有限公司 | Kernel upgrading method, device, equipment and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wang et al. | Smartphone security challenges | |
| US20180367315A1 (en) | Method and apparatus for signing and verifying application installation package, and storage medium | |
| WO2017166582A1 (en) | Payment method and device | |
| RU2608243C2 (en) | Method and device for screen and terminal unlocking | |
| CN113343212B (en) | Device registration method and apparatus, electronic device, and storage medium | |
| Petracca et al. | {AWare}: Preventing Abuse of {Privacy-Sensitive} Sensors via Operation Bindings | |
| Wu et al. | Analysis of clickjacking attacks and an effective defense scheme for android devices | |
| EP3176719B1 (en) | Methods and devices for acquiring certification document | |
| KR20100126471A (en) | System and method of authorizing execution of software code based on at least one installed profile | |
| CN109446822B (en) | Authority management method and system | |
| CN110765434A (en) | Identity authentication method and device, electronic equipment and storage medium | |
| CN114598541A (en) | Security assessment method and device, electronic equipment and readable storage medium | |
| Leguesse et al. | Reducing the forensic footprint with Android accessibility attacks | |
| Zinkus et al. | Data security on mobile devices: Current state of the art, open problems, and proposed solutions | |
| Kaushik et al. | A novel approach to generate a reverse shell: Exploitation and Prevention | |
| Riadi et al. | Mobile Device Security Evaluation using Reverse TCP Method | |
| CN112784243A (en) | Authorization management method and device, electronic equipment and storage medium | |
| Zhao et al. | An overview of mobile devices security issues and countermeasures | |
| CN115098196A (en) | Verification method and device, electronic equipment and storage medium | |
| CN107302519B (en) | Identity authentication method and device for terminal equipment, terminal equipment and server | |
| CN111050209A (en) | Multimedia resource playing method and device | |
| Muzammal et al. | ScreenStealer: Addressing screenshot attacks on android devices | |
| CN112074838A (en) | Image capture device and method for secure image storage | |
| CN112953916B (en) | Anomaly detection method and device | |
| Xiao et al. | Privilege leakage and information stealing through the android task mechanism |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220923 |