CN1512355A - Code signature verifying method of ELF file form - Google Patents
Code signature verifying method of ELF file form Download PDFInfo
- Publication number
- CN1512355A CN1512355A CNA021281254A CN02128125A CN1512355A CN 1512355 A CN1512355 A CN 1512355A CN A021281254 A CNA021281254 A CN A021281254A CN 02128125 A CN02128125 A CN 02128125A CN 1512355 A CN1512355 A CN 1512355A
- Authority
- CN
- China
- Prior art keywords
- file
- signature
- rank
- code
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The present invention discloses the verifying method of code signature in ELF file format. After the user requests executing ELF file, the system judges the level of system verification and determines the level of file verification of the executed file. For 0-level system verification, no code signature is not verified. For non-zero level, incomplete or complete signature value of the executed file is verified. During verification, the signer's public key is taken out from the kernel space chain table to decipher signature data and primary abstract data while available file is used to calculate the corresponding abstract data. The two pieces of abstract data are compared, and when they are the same, the verification is successful, or else failed. The present invention has the advantages of raised system safety resisting virus attack, optimal balance between safety and efficiency of the operation system and effective protection of software resource.
Description
Technical field
The present invention relates to a kind of technical method that prevents to calculate virus and the invasion of other malicious code, definitely saying so to relate to a kind ofly can prevent effectively that the ELF file layout from easily being utilized by the hacker and carry out virus or the code signature verifying method of computer security is attacked, guaranteed to other malicious code.
Background technology
The ELF file layout is topmost one of the binary file format of carrying out of Unix environment, this file layout is full disclosure, anyone can both understand its concrete form, thereby is easy to be utilized by the hacker, just can reach the purpose of invasion computing machine by direct modification binary file.Virus under many Unix is arranged in history, realize invading by this method.Traditional Unix system can't carry out integrality and legitimacy and detect to the code of carrying out, thereby allows a lot of Viruses and trojan horse program have an opportunity to take advantage of.In addition, have a lot of softwares to follow the GPL agreement under the Unix, anyone can obtain the source code of software, and therefore distribution once more also is easy to be utilized by the hacker after revising, after revising and pretend to be some publisher to issue.If the user installs and carried out such distributed software, so just invaded probably.
Code signature and checking are a kind of methods that can effectively prevent virus and the invasion of other malicious codes.At present, the code signature technology of ELF file layout had only some scattered researchs, also there is not unified standard, the project that some open source codes are also arranged, but mostly all only in a certain respect or several respects, do not have total solution, and efficient is very low, has had a strong impact on performance of computer systems.
Summary of the invention
The objective of the invention is to: in present most of code signature methods, the serious unbalance situation of security and efficient provides a kind of and can guarantee computer security, makes operating system efficient and security performance obtain optimum balance, effectively prevent that the ELF file is utilized the code signature verifying method that carries out illegal invasion.
The objective of the invention is to realize by the enforcement following technical proposals:
A kind of ELF file layout code signature verifying method, it is characterized in that: when the user asks to carry out the ELF file, " system verification rank " at first judged by system, according to " the system verification rank " determined, determine to be performed " the file verification rank " of file, be decided to be 0 grade for the system verification rank, need not the Validation Code signature, directly carry out the ELF file routine; For definite " system verification rank " is non-0 grade, can have 0,1,2 three kind " file verification rank ", corresponds respectively to not verify that being performed file or checking is performed the incomplete signature value of file or signature value fully; When verifying, at first from core space PKI chained list, extract corresponding signer PKI, and with these PKI decrypted signature data, obtain the summary data of raw data, system utilizes the existing file data computation to go out corresponding summary data then, system contrasts these two summary datas, if identical then be proved to be successful, can carry out the ELF file; Otherwise authentication failed does not allow to carry out the ELF file.
Additional technical feature is: 1. described " system verification rank " is provided with level Four, respectively by 0,1,2,3 expressions; 0 grade of expression unprotect level is carried out all programs, does not verify; 1 grade of low protected level of expression is verified the signature value that is performed file according to " file verification rank "; Protected level in 2 expressions, " file verification rank " is 0 o'clock, is performed the signature value of file according to " system verification rank " checking; " file verification rank " is not 0 o'clock, is performed the signature value of file according to " file verification rank " checking; The high protected level of 3 expressions verifies that all are performed the value of signature fully of file.
2. " system verification rank " also can be provided with as required, and concrete set-up mode is determined by concrete condition.
3. described " file verification rank " is the checking rank that is provided with for single file, sets up 3 grades separately, respectively by 0,1,2 expressions; Represent the unprotect level for 0 grade, do not verify the signature value of this document; Protected level in 1 grade of expression, the incomplete signature value of checking this document; 2 grades of high protected levels of expression, the value of signature fully of checking this document, the checking rank of certain file are provided with regulation as required;
4. describedly will verify the incomplete signature value that is performed file, be with raw data, comprising: the file header of the ELF file of being signed; Version identifier, source document size, signer PKI sign 1D; Signature algorithm identifier, signature time, the signer essential information, above data calculate digital digest by hash operations, and obtain digital digest with the encryption of signer certificate private key; Verifying the value of signature fully that is performed file, is with raw data, comprising: all code datas of the ELF file of being signed; Version identifier, source document size, signer PKI sign 1D; Signature algorithm identifier, the signature time, the signer essential information, above data calculate digital digest by hash operations, and obtain digital digest with the encryption of signer certificate private key.Employed core space PKI chained list during 5. described checking is that one of configuration records the PKI chained list that all are trusted in system core space; When the signature value of system verification code, can directly from this table, extract corresponding PKI, if do not have corresponding public key in the PKI chained list, then the signer of this code is not trusted, thereby authentication failed.
The invention has the advantages that: can prevent effectively that 1. virus and trojan horse program etc. from utilizing the ELF file layout to carry out malicious code and attacking, thereby the security that has improved operating system.The invasion of resisting malicious code is the main purpose of code signature and checking.After the ELF file is signed, preserved the signing messages and the signature value of signer in this document, these information all are whether believable bases of checking this document.The signature value of each file all is after unique, same file was signed in the different time, and the signature value is also different.The advantage of this method is: after file that a quilt is signed is modified, even the change of a bit (bit), all can't pass through during the signature of checking this document.Like this, just can prevent that other people are by revising the purpose that the ELF file reaches invasion.In addition, be not that short of just be modified of all ELF files of being signed can be by correct verification, but the ELF file that has only believable signer to sign could pass through checking.Like this, just can prevent to attack from incredible software publisher's malicious code.2. different with the unbalance situation of security and efficient in present most of code signature mechanism, this method can make operating system obtain the optimum balance of security and verification efficiency; This method has dual mode to the protection of system, and a kind of is real-time protection, and another kind is the protection of non real-time.Real-time guard is meant system when executive summary is calculated, and this computation process will consume certain system resource.Therefore, under the real-time guard pattern, if there is heap file to need to carry out, the performance of system will inevitably be affected so.In order to average out between security and efficient, this method provides cover configuration flexibly, can adapt to the demand of different level of securitys.Proposed " signature value fully " and " not exclusively signature value " two notions and document handling methods in the method: " signature value fully " has been meant to all data computation of whole ELF file the resulting signature value in summary back, and " not exclusively signature value " has been meant to a part of data computation of ELF file the resulting signature value in summary back.In addition, " system verification rank " and " file verification rank " two notions and to the way of file differentiated control have also been proposed." system verification rank " is meant system-level checking rank, and it is applicable to ELF files all in the system, and " file verification rank " is meant the checking rank of single ELF file, and it only is applicable to certain ELF file of appointment.By the combination of " system verification rank " and " file verification rank ", we can obtain adapting to the allocation plan of various level of securitys, as shown in Figure 4.3. protect the interests of open source software developer or publisher, protection software user's interests.Though fundamental purpose is the safety of protection computer system,, still can protect the interests of software developer, publisher by code signature and authentication.Especially concerning the developer and publisher of open source software,, can protect reputation and the interests of oneself conscientiously by the code of oneself issuing is signed.For most of open source softwares, generally anyone can use its source code, and anyone can revise or distribution once more.Therefore, utilized by the hacker probably, they are issued to the user after can revising once more, thereby allow the user move the program that those have malicious code.But the user can not believe the software that each software publishing person is issued easily, generally only believes authoritative or well-known publisher.Therefore, the hacker will pretend to be those to be issued the malicious code of oneself by the software publishing person of users to trust naturally, and the user just may be confused and be invaded.Like this, both damage user's interests, also influenced those software publishing persons' that assumed another's name reputation simultaneously.But; if the software publishing person signs the code of oneself distribution; the software user verifies the signature value of code when installing or moving these codes, so just can effectively stop the invasion of malicious code, has also protected software publishing person's reputation and interests simultaneously.In addition; for the software publishing person code of oneself issuing is signed; the software user verifies the signature value of code when installing or moving these codes, so just can effectively stop the invasion of malicious code, has also protected software publishing person's reputation and interests simultaneously.And for the software user, if he is when losing faith in certain software publishing person, only needs the certificate of this publisher deleted from the certificate configuration file of being trusted and get final product.4. finish checking at operating system kernel, security is higher: this checking to the code signature value is carried out at operating system kernel, thereby security is higher, can more effective prevention malicious code.
Description of drawings
Fig. 1 is a system verification rank table
Fig. 2 is a file verification rank table
Fig. 3 is system-level signature value verification mode table
Fig. 4 is for adapting to the allocation plan table of various level of securitys
Fig. 5 is system-level signature verification process flow diagram
Fig. 6 is concrete applicating example
Embodiment
Providing a realization based on (SuSE) Linux OS below gives an example.
1, function module design
This mainly comprises following six functional modules for example:
1, signature blocks
2, core layer authentication module
3, application-layer authentication module
4, public key management module
5, system verification rank administration module
6, file verification rank administration module
2, functional module
1, signature blocks
Signature blocks is a relatively independent module, and it provides the module of using to the software publishing person, is mainly used in the ELF file is signed.
This module functions has: to specifying the ELF file signature, to all the ELF file signatures under the assigned catalogue, and generate the signature report.Simultaneously, this module also has basic abnormality processing function, as: whether whether can discern by signature file is the ELF file, can discern by signature file by signature etc.
2, core layer authentication module
The core layer authentication module is meant in the operating system kernel space, the module that the ELF file that request is carried out is verified.This module is at first carried out alternately with system verification rank administration module and file verification rank administration module, obtains system verification rank and corresponding file verification rank, according to authentication policy the signature value of file is verified then.During checking, this module also needs to carry out alternately with the public key management module, obtains signer PKI required when verifying.
3, application-layer authentication module
The application-layer authentication module is meant the module of the ELF file being verified in application layer, and it provides to the software user and is used for the instrument of authenticating documents signature value voluntarily.During checking, this module need be carried out alternately with the public key management module, obtains signer PKI required when verifying.
This module functions has; To specifying the ELF file to verify, all the ELF files under the assigned catalogue are verified, and generated the checking report.Simultaneously, this module also has basic abnormality processing function, as: whether can discern and be verified file is ELF file etc.
4, public key management module
The public key management module functions is the management signer PKI of being trusted, and keeps a trusted public key chained list at operating system kernel, so that PKI that can very fast extraction signer during the certifying signature value.
This module functions has: configuration file management and analysis, certain PKI is inquired about, obtains, inserts and deleted to initialization core PKI chained list in core PKI chained list.
5, system verification rank administration module
System verification rank administration module mainly is responsible for control " system verification rank ".Major function comprises: initialization system checking rank, the system verification rank is set, and management and maintenance system checking rank are checked the system verification rank.
6, file verification rank administration module
File verification rank administration module mainly is responsible for control " file verification rank ".Major function comprises: the file verification rank is set, and management is provided with by other ELF file of file verification level, and the file verification rank is obtained and detected to the file verification rank of inquiring about certain file.This module also has the function that the file verification rank that prevents the ELF file is modified.
3, applicating example
Be one below this realization is applied to example in the reality, as shown in Figure 6.
Applicating example
This practical application for convenience of description, we suppose that this application satisfied following precondition:
1. software user and software publishing person (or developer) have the certificate issued office of a common trust;
2. the software publishing person has obtained legal code signature certificate from this licence issuing authority;
3. the software publishing person has installed the code signature verifying kit, wherein comprises the code signature instrument at least;
4. the software user has installed the code signature verifying kit, wherein comprises signature value verification tool at least;
5. the software user has installed the core bag of support code signature mechanism.
Owing to satisfied above condition, then the step of this application implementation is as follows:
The certificate that 1 software publishing person uses the code signature instrument and obtains from licence issuing authority, to forthcoming code file signature, the software that will sign with certain form is issued to the software user together together with the public key certificate of oneself then;
2. the software user obtains the public key certificate of this software and publisher thereof with certain form;
3. the user utilizes the root certificate of being trusted licence issuing authority, and whether the public key certificate of checking publisher trusted;
If the certificate of publisher be verified by, and the user trusts this certificate, the user then will be injected in the PKI chained list of own trust by the PKI of configuration with this certificate so;
5. so far, the software user can select configuration mode according to the Fig. 4 in the technical scheme.The software user can be provided with instrument by the system verification rank system verification rank is set, and also can the checking rank that instrument is provided with file be set by the file verification rank simultaneously.
Above-mentioned configuration tool, verification tool and signature instrument etc. all are instruments indispensable in this scheme, and corresponding realization is all arranged in this example.
Claims (6)
1, a kind of ELF file layout code signature verifying method, it is characterized in that: when the user asks to carry out the ELF file, " system verification rank " at first judged by system, according to " the system verification rank " determined, determine to be performed " the file verification rank " of file, be decided to be 0 grade for the system verification rank, need not the Validation Code signature, directly carry out the ELF file routine; For definite " system verification rank " is non-0 grade, can have 0,1,2 three kind " file verification rank ", corresponds respectively to not verify that being performed file or checking is performed the incomplete signature value of file or signature value fully; When verifying, at first from core space PKI chained list, extract corresponding signer PKI, and with these PKI decrypted signature data, obtain the summary data of raw data, system utilizes the existing file data computation to go out corresponding summary data then, system contrasts these two summary datas, if identical then be proved to be successful, can carry out the ELF file; Otherwise authentication failed does not allow to carry out the ELF file.
2, according to the described ELF file layout of claim 1 code signature verifying method, it is characterized in that: described " system verification rank " is provided with level Four, respectively by 0,1,2,3 expressions; 0 grade of expression unprotect level is carried out all programs, does not verify; 1 grade of low protected level of expression is verified the signature value that is performed file according to " file verification rank "; Protected level in 2 expressions, " file verification rank " is 0 o'clock, is performed the signature value of file according to " system verification rank " checking; " file verification rank " is not 0 o'clock, is performed the signature value of file according to " file verification rank " checking; The high protected level of 3 expressions verifies that all are performed the value of signature fully of file.
3, according to the described ELF file layout of claim 1 code signature verifying method, it is characterized in that: " system verification rank " also can be provided with as required, and concrete set-up mode is determined by concrete condition.
4, according to the described ELF file layout of claim 1 code signature verifying method, it is characterized in that: described " file verification rank " is the checking rank that is provided with for single file, sets up 3 grades separately, respectively by 0,1,2 expressions; Represent the unprotect level for 0 grade, do not verify the signature value of this document; Protected level in 1 grade of expression, the dangerous signature value of checking this document; 2 grades of high protected levels of expression, the value of signature fully of checking this document, the checking rank of certain file are provided with regulation as required.
5, according to the described ELF file layout of claim 1 code signature verifying method, it is characterized in that: describedly will verify the incomplete signature value that is performed file, be with raw data, comprising: the file header of the ELF file of being signed; Version identifier, source document size, signer PKI sign 1D; Signature algorithm identifier, signature time, the signer essential information, above data calculate digital digest by hash operations, and obtain digital digest with the encryption of signer certificate private key; Verifying the value of signature fully that is performed file, is with raw data, comprising: all code datas of the ELF file of being signed; Version identifier, source document size, signer PKI sign 1D; Signature algorithm identifier, the signature time, the signer essential information, above data calculate digital digest by hash operations, and obtain digital digest with the encryption of signer certificate private key.
6, according to the described ELF file layout of claim 1 code signature verifying method, it is characterized in that: employed core space PKI chained list during described checking is that one of configuration records the PKI chained list that all are trusted in system core space; When the signature value of system verification code, can directly from this table, extract corresponding PKI, if do not have corresponding public key in the PKI chained list, then the signer of this code is not trusted, thereby authentication failed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 02128125 CN1234078C (en) | 2002-12-30 | 2002-12-30 | Code signature verifying method of ELF file form |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 02128125 CN1234078C (en) | 2002-12-30 | 2002-12-30 | Code signature verifying method of ELF file form |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1512355A true CN1512355A (en) | 2004-07-14 |
CN1234078C CN1234078C (en) | 2005-12-28 |
Family
ID=34231235
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 02128125 Expired - Fee Related CN1234078C (en) | 2002-12-30 | 2002-12-30 | Code signature verifying method of ELF file form |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN1234078C (en) |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100459495C (en) * | 2004-08-01 | 2009-02-04 | 常志文 | Password dynamic enciphering inputmethod of public emipering mode |
CN102375956A (en) * | 2010-08-19 | 2012-03-14 | 北京市国路安信息技术有限公司 | Method of constructing Unix trusted platform based on Unix system call redirected mechanism |
CN102460426A (en) * | 2009-04-23 | 2012-05-16 | Kl网络公司 | Electronic template converting method, apparatus, and recording medium |
CN103544411A (en) * | 2013-10-16 | 2014-01-29 | 深圳全智达通信股份有限公司 | Software package certificate protection method and device |
CN103632093A (en) * | 2013-09-17 | 2014-03-12 | 中国人民解放军61599部队计算所 | Trojan detection method |
CN103995992A (en) * | 2014-05-28 | 2014-08-20 | 全联斯泰克科技有限公司 | Method and device for protecting software |
CN104283860A (en) * | 2013-07-10 | 2015-01-14 | 全联斯泰克科技有限公司 | ELF file identification method and device based on code signature |
CN104573490A (en) * | 2013-10-29 | 2015-04-29 | 桂林电子科技大学 | Method for protecting installed software on Android platform |
CN105426749A (en) * | 2015-11-03 | 2016-03-23 | 浪潮电子信息产业股份有限公司 | Method for controlling running of ELF files on basis of signature mechanism |
CN103632093B (en) * | 2013-09-17 | 2016-11-30 | 中国人民解放军61599部队计算所 | Trojan detecting method |
CN106330812A (en) * | 2015-06-15 | 2017-01-11 | 腾讯科技(深圳)有限公司 | File security identification method and device |
CN106375340A (en) * | 2016-10-11 | 2017-02-01 | 北京元心科技有限公司 | Method and system for improving security of certificate authentication |
CN107135074A (en) * | 2016-02-29 | 2017-09-05 | 中兴通讯股份有限公司 | A kind of advanced security method and apparatus |
CN109635522A (en) * | 2018-11-13 | 2019-04-16 | 许继集团有限公司 | A kind of tamper resistant method and device of dynamic base |
WO2020140257A1 (en) * | 2019-01-04 | 2020-07-09 | Baidu.Com Times Technology (Beijing) Co., Ltd. | Method and system for validating kernel objects to be executed by a data processing accelerator of a host system |
CN111783072A (en) * | 2020-07-15 | 2020-10-16 | 北京同源华安软件科技有限公司 | Security control method and device under Linux system |
CN113468485A (en) * | 2021-07-05 | 2021-10-01 | 桂林电子科技大学 | Digital signature and certificate verification program protection method based on Linux operating system |
-
2002
- 2002-12-30 CN CN 02128125 patent/CN1234078C/en not_active Expired - Fee Related
Cited By (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100459495C (en) * | 2004-08-01 | 2009-02-04 | 常志文 | Password dynamic enciphering inputmethod of public emipering mode |
CN102460426A (en) * | 2009-04-23 | 2012-05-16 | Kl网络公司 | Electronic template converting method, apparatus, and recording medium |
CN102375956B (en) * | 2010-08-19 | 2016-05-25 | 北京市国路安信息技术有限公司 | The method of the mechanism construction Unix credible platform based on Unix redirection of system call |
CN102375956A (en) * | 2010-08-19 | 2012-03-14 | 北京市国路安信息技术有限公司 | Method of constructing Unix trusted platform based on Unix system call redirected mechanism |
CN104283860A (en) * | 2013-07-10 | 2015-01-14 | 全联斯泰克科技有限公司 | ELF file identification method and device based on code signature |
CN103632093A (en) * | 2013-09-17 | 2014-03-12 | 中国人民解放军61599部队计算所 | Trojan detection method |
CN103632093B (en) * | 2013-09-17 | 2016-11-30 | 中国人民解放军61599部队计算所 | Trojan detecting method |
CN103544411A (en) * | 2013-10-16 | 2014-01-29 | 深圳全智达通信股份有限公司 | Software package certificate protection method and device |
CN104573490A (en) * | 2013-10-29 | 2015-04-29 | 桂林电子科技大学 | Method for protecting installed software on Android platform |
CN103995992A (en) * | 2014-05-28 | 2014-08-20 | 全联斯泰克科技有限公司 | Method and device for protecting software |
CN106330812A (en) * | 2015-06-15 | 2017-01-11 | 腾讯科技(深圳)有限公司 | File security identification method and device |
CN106330812B (en) * | 2015-06-15 | 2019-07-05 | 腾讯科技(深圳)有限公司 | File security recognition methods and device |
CN105426749B (en) * | 2015-11-03 | 2018-08-14 | 浪潮电子信息产业股份有限公司 | A method of ELF running papers are controlled based on signature mechanism |
CN105426749A (en) * | 2015-11-03 | 2016-03-23 | 浪潮电子信息产业股份有限公司 | Method for controlling running of ELF files on basis of signature mechanism |
CN107135074A (en) * | 2016-02-29 | 2017-09-05 | 中兴通讯股份有限公司 | A kind of advanced security method and apparatus |
CN107135074B (en) * | 2016-02-29 | 2021-11-02 | 中兴通讯股份有限公司 | Advanced security method and device |
CN106375340A (en) * | 2016-10-11 | 2017-02-01 | 北京元心科技有限公司 | Method and system for improving security of certificate authentication |
CN106375340B (en) * | 2016-10-11 | 2020-03-31 | 北京元心科技有限公司 | Method and system for improving certificate verification security |
CN109635522A (en) * | 2018-11-13 | 2019-04-16 | 许继集团有限公司 | A kind of tamper resistant method and device of dynamic base |
WO2020140257A1 (en) * | 2019-01-04 | 2020-07-09 | Baidu.Com Times Technology (Beijing) Co., Ltd. | Method and system for validating kernel objects to be executed by a data processing accelerator of a host system |
US11392687B2 (en) | 2019-01-04 | 2022-07-19 | Baidu Usa Llc | Method and system for validating kernel objects to be executed by a data processing accelerator of a host system |
CN111783072A (en) * | 2020-07-15 | 2020-10-16 | 北京同源华安软件科技有限公司 | Security control method and device under Linux system |
CN113468485A (en) * | 2021-07-05 | 2021-10-01 | 桂林电子科技大学 | Digital signature and certificate verification program protection method based on Linux operating system |
Also Published As
Publication number | Publication date |
---|---|
CN1234078C (en) | 2005-12-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1234078C (en) | Code signature verifying method of ELF file form | |
CN1097772C (en) | Method and apparatus for protecting application data in secure storage areas | |
CN1315017C (en) | Method for software copyright protection | |
US7694139B2 (en) | Securing executable content using a trusted computing platform | |
US7546587B2 (en) | Run-time call stack verification | |
Dunn et al. | Cloaking malware with the trusted platform module | |
US6611925B1 (en) | Single point of entry/origination item scanning within an enterprise or workgroup | |
CA2400940C (en) | Controlling access to a resource by a program using a digital signature | |
KR100267872B1 (en) | Support for portable trusted software | |
US6148401A (en) | System and method for providing assurance to a host that a piece of software possesses a particular property | |
US7591014B2 (en) | Program authentication on environment | |
US20070186112A1 (en) | Controlling execution of computer applications | |
US20060174334A1 (en) | Controlling computer applications' access to data | |
CN104283860A (en) | ELF file identification method and device based on code signature | |
CN1855110A (en) | System and method for enhanced layer of security to protect a file system from malicious programs | |
CA2493732A1 (en) | Authentication in a distributed computing environment | |
US20080065893A1 (en) | Schema signing | |
JP2005167589A (en) | Information processing unit and method therefor, server unit and method therefor, and unit mountable program | |
CA2632590A1 (en) | Method to verify the integrity of components on a trusted platform using integrity database services | |
CN1818919A (en) | Permission verification and verifying system for electronic file | |
JP2010205270A (en) | Device for providing tamper evident property to executable code stored in removable medium | |
Falcarin et al. | Exploiting code mobility for dynamic binary obfuscation | |
US20040243807A1 (en) | Runtime digital signatures | |
CN112817608A (en) | Program package installation method of trusted computing industrial personal computer | |
CN100343775C (en) | Licensing file generating method, software product protection method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20051228 Termination date: 20191230 |