KR20190100751A - System and method for terminal security based on the white list - Google Patents

Abstract

Disclosed are a white list-based security method for a terminal configured to easily generate and manage a white list required for security of a terminal, and a white list management system. According to one embodiment of the present invention, the white list-based security method for a terminal is configured to manage, by a computing system executed in a terminal, security of the terminal on the basis of a white list. The method comprises the steps of: (a) collecting files constituting software of a terminal and generating a white list, required for security of the terminal, for each software; (b) outputting, when an execution of a file that is not included in the whitelist is requested, an interactive user interface based on a hierarchical structure of the file requested for execution and a user language; and (c) adding the file requested for execution to the white list on the basis of a user selection through the user interface.

Description

Whitelist based terminal security method and system {SYSTEM AND METHOD FOR TERMINAL SECURITY BASED ON THE WHITE LIST}

The present invention relates to a terminal security method and system, and more particularly, to a terminal security method and system that can easily create and manage a white list required for terminal security.

As the use of the Internet increases, the number of cases of terminal infections increases. When a terminal is infected with malicious software such as a virus or malware, data stored in the terminal is destroyed or leaked to the outside. In particular, if the user's personal information is leaked it can be said to be more dangerous because it may lead to financial accidents.

As a security method to prevent the terminal from being infected by malicious software, for example, a black list based security method and a white list based security method may be used. The blacklist-based security method refers to a method of protecting a terminal by blocking execution of the corresponding software when the software to be executed in the terminal is software included in the blacklist. In contrast, the white list-based security method refers to a method of protecting a terminal by allowing execution of the corresponding software when the software to be executed in the terminal is software included in the white list.

While blacklist-based security methods only block software that has proven 'malicious', whitelist-based security methods have stronger security because they allow only those that have proven 'safe'.

Despite these advantages, white list-based security methods are limited. In the situation where the software used in the terminal is various and the identification of the software is not easy, it is difficult for the user to select the software and configure the whitelist, and frequent updates are made to improve security vulnerabilities and performance. In some situations, updating an existing whitelist is also not easy.

Korea Patent Publication 10-1277623 (Name of the invention: white list synchronization server and client device, registered date: June 17, 2013)

The problem to be solved by the present invention is to provide a terminal security method and system that can easily generate and manage the white list required for terminal security.

Problems to be solved by the present invention are not limited to the above-mentioned problems, and other problems not mentioned will be clearly understood by those skilled in the art from the following description.

In order to solve the above problems, a whitelist-based terminal security method according to an embodiment of the present invention is a method for managing the security of the terminal on a whitelist basis by a computing system running in the terminal, (a) the terminal Collecting files constituting the software of the device and generating a white list necessary for the terminal security by the software unit; (b) when an execution of a file not included in the whitelist is requested, outputting an interactive user interface based on a hierarchical structure of the requested file and a user language; And (c) adding the requested file to the whitelist based on a user selection through the user interface.

In some embodiments, the step (a) may collect files constituting the software through a removal program operated by an operating system installed in the terminal.

In some embodiments, the step (b) may include: (b-1) identifying a software hierarchy to which the requested file is executed by checking a hierarchy associated with the requested file; (b-2) if a whitelist corresponding to the identified software exists, changing the name of the identified software to a user language; And (b-3) outputting a user interface including a name of the software changed to the user language.

In some embodiments, the step (b) may include: determining whether the requested file is harmful; And including a hazard determination result in the user interface.

In some embodiments, the terminal security method comprises the steps of: (d) transmitting the whitelist to a server; And (e) automatically updating the whitelist by receiving an update file for the same software as the software from the server, wherein the update file is confirmed by the server as a whitelist for the same software from another terminal. It may further include an update step, as received.

Whitelist management method according to an embodiment of the present invention, a method for managing a whitelist stored in two or more terminals based on the whitelist in the server, from the first terminal, files constituting the software of the first terminal Receiving the collected whitelist; Receiving, from a second terminal, a white list in which files constituting the software of the second terminal are collected; Normalizing the white list collected from the first terminal and the second terminal in the same software unit; And distributing information of the added file to the second terminal when receiving information of a file added to the white list of the first terminal from the first terminal, wherein distributing the added file information. The operation may be performed when the white list of the first terminal and the white list of the second terminal correspond to the same software, and the information of the distributed file may be automatically added to the white list of the second terminal.

The white list management system according to an embodiment of the present invention is a white list management system for security of a terminal, which is a program executed in the terminal. Is generated in the software unit, and when the execution of the file not included in the whitelist is requested, an interactive user interface based on the hierarchical structure of the requested file and the user language is outputted. Adding the requested file to the whitelist based on a user selection through the program; And a server that receives the whitelist and the requested file for execution from the program and distributes the received file to another terminal having the same software-based whitelist as the software.

In some embodiments, the program may collect files constituting the software through an uninstall program operated by an operating system installed in the terminal.

In some embodiments, the program checks the hierarchy associated with the file requested to be executed to identify the software to which the file requested to be executed belongs, and if there is a whitelist corresponding to the identified software, The user name may be changed to a user language, and a user interface including the name of the software changed to the user language may be output.

In some embodiments, the program may be configured to determine whether the file requested to be executed is harmful, and to include the result of the determination on the user interface. In this case, the harmfulness determination may be performed using various algorithms such as analysis of existing malicious code. If the terminal 100 analyzes only the hierarchical structure of the file requested to be executed and determines whether to add the harmful file, the harmful file unintentionally created by the user may be added to the white list. Therefore, the user may intuitively recognize the file through the above-described epidemic determination and the interactive process, thereby preventing the unintentional file from being added to the whitelist.

Other specific details of the invention are included in the detailed description and drawings.

According to the present invention, the files collected by the terminal are grouped based on the hierarchy of the software to which the files belong, and the group name of each group is provided in an intuitive user language for the user to grasp. Therefore, the user can more easily set up files to be executed in the terminal and generate a white list.

In addition, the terminal may provide an interface environment that allows the user to update the whitelist more easily while updating the whitelist interactively with the terminal for the files provided in the user language as described above.

Furthermore, the server provides more flexible whitelist information by providing a whitelist information update service by automatically adding whitelist file information added to a specific program to a whitelist of another terminal while communicating with a plurality of terminals. Can be updated.

As the above-described stepwise whitelist update is repeated by communicating with a plurality of terminals, it is possible to provide each terminal with a whitelist updated with more secure and up-to-date information.

Effects of the present invention are not limited to the effects mentioned above, and other effects not mentioned will be clearly understood by those skilled in the art from the following description.

1 is a diagram illustrating a configuration of a white list-based terminal security system according to an embodiment of the present invention.
FIG. 2 is a diagram illustrating a configuration of a terminal and a server of FIG. 1.
3 to 4 are flowcharts illustrating a whitelist-based terminal security method according to an embodiment of the present invention.

Advantages and features of the present invention and methods for achieving them will be apparent with reference to the embodiments described below in detail with the accompanying drawings. However, the present invention is not limited to the embodiments disclosed below, but can be embodied in various different forms, and the present embodiments only make the disclosure of the present invention complete, and those of ordinary skill in the art to which the present invention belongs. It is provided to fully inform the skilled worker of the scope of the invention, which is defined only by the scope of the claims.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. In this specification, the singular also includes the plural unless specifically stated otherwise in the phrase. As used herein, "comprises" and / or "comprising" does not exclude the presence or addition of one or more other components in addition to the mentioned components. Like reference numerals refer to like elements throughout, and "and / or" includes each and all combinations of one or more of the mentioned components. Although "first", "second", etc. are used to describe various components, these components are of course not limited by these terms. These terms are only used to distinguish one component from another. Therefore, of course, the first component mentioned below may be a second component within the technical spirit of the present invention.

Unless otherwise defined, all terms used in the present specification (including technical and scientific terms) may be used in a sense that can be commonly understood by those skilled in the art. In addition, terms that are defined in a commonly used dictionary are not ideally or excessively interpreted unless they are specifically defined clearly.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is a diagram showing the configuration of a white list management system 1 according to an embodiment of the present invention.

Referring to FIG. 1, the white list management system 1 according to an embodiment includes a plurality of terminals 100 and a server 200.

The terminal 100 is a device used by a user. Examples of the terminal 100 include a desktop computer, a notebook, a smart phone, a tablet, a PDA, and a smart TV. However, the terminal 100 is not necessarily limited to those illustrated. If the user is a device capable of executing software or files, it can be regarded as being included in the terminal 100 of the present invention.

The terminal 100 generates an initial white list necessary for the terminal 100 security. According to an embodiment, the initial whitelist may be generated in software units. Specifically, the initial white list may be generated for each type and version of software installed in the terminal 100.

For example, it is assumed that the system software and application software are installed in the terminal 100, respectively. In this case, the terminal 100 may include an initial white list (hereinafter, referred to as a 'first initial white list') for system software, that is, an operating system (OS), and an initial white list for application software (hereinafter, referred to as 'second'). Initial whitelist).

As another example, it is assumed that at least one application software is installed in the terminal 100. In this case, the terminal 100 generates a second initial whitelist for each type and version of the application software. In order to generate the second initial whitelist for each type and version of the application software, the terminal 100 collects files constituting each application software. At this time, the terminal 100 may collect the corresponding files through the uninstall program of the operating system. As a result, the terminal 100 may collect files of software stored in the terminal 100 even if a separate installation file is not provided.

The terminal 100 stores the generated initial white list in the terminal 100 (localized DB) and transmits the generated whitelist to the server 200 (centered DB). Thereafter, when the terminal 100 executes a request for a predetermined file or program, the terminal 100 allows or blocks the execution of the file based on an initial whitelist previously stored. For example, if the information of the file requested to be executed is included in the initial whitelist, the terminal 100 allows execution of the file. If the information of the file requested to be executed is not included in the initial whitelist, the terminal 100 may block execution of the file.

In addition, the terminal 100 may manage the initial whitelist in the latest state with the support of the server 200. For example, when a new file is updated in the terminal 100, the terminal 100 adds the file to the initial whitelist according to a user's selection, thereby keeping the initial whitelist up to date. As another example, the terminal 100 automatically adds file information provided from the server 200 or another terminal to the initial white list, thereby keeping the initial white list up to date. As a result, the terminal 100 may automatically update the latest white list without the user's intention.

In addition, the terminal 100 configures and provides a user interface for the user's convenience in the process of generating or managing the initial whitelist. In this case, the user interface may be an interactive user interface based on a user language.

For example, when generating an initial whitelist based on the files collected by the terminal 100, the terminal 100 may group the collected files based on a hierarchy of software to which the corresponding files belong. For example, the terminal 100 may group the files according to the type and version of the software to which the collected files belong.

Then, the terminal 100 may determine the group name of each group based on the user language. The user language may be text converted to allow the user to intuitively recognize the name of an existing software or file, and may be, for example, text indicating a brand name of the corresponding software as a type of language mainly used by the user. For example, if the collected files are files included in a software (eg, an application) called 'Microsoft Office' and the user language is Korean, the group name of the group to which the files belong may be determined as 'Microsoft Office'.

Thereafter, the terminal 100 constructs a user interface including at least one of a group name of each group and information of files belonging to each group and provides the user to the white list through an interactive process. You can add The terminal 100 generates an initial whitelist based on the user's selection. As a result, the user can set the white list in group units, that is, software units, without having to check and set files to be executed in the terminal 100. In addition, since the group name of each group is provided in a user language, the user can intuitively recognize files to be executed in the terminal 100.

As another example, when a predetermined file is newly updated in the terminal 100 or a request for execution of a file that has not been collected during the initial file collection process for the corresponding application, the terminal 100 determines a hierarchy of the file. Search for the software to which the file belongs, and replace the name of the searched software with the user language. A user interface can be constructed and provided to the user that includes the software name replaced with the user language. Thereafter, the terminal 100 adds the file to the initial whitelist based on the user's selection. In this way, if the name of the software to which the file belongs is replaced by the user language and provided through the user interface, the user intuitively recognizes which software the file belongs to, as compared to simply presenting the file name of the file through the user interface. You can update the initial whitelist more easily.

The server 200 collects initial whitelists from the plurality of terminals 100 and normalizes the collected initial whitelists. For example, the server 200 generates a normalized whitelist by deleting duplicate file information for the initial whitelists for the same software among the collected initial whitelists. In addition, the server 200 collects change information of the initial whitelist from the predetermined terminal 100 and updates the normalized whitelist based on the collected change information. In addition, the server 200 distributes the collected change information to other terminals so that the change information is automatically added to the initial whitelist of the other terminal.

2 is a diagram illustrating the configuration of the terminal 100 and the configuration of the server 200 shown in FIG.

Referring to FIG. 2, the terminal 100 may include an agent unit 110, a storage unit 120, a user interface configuration unit 130, an output unit 140, and an input unit 150. For convenience of description, the subjects that perform their respective roles in the terminal 100 and the server 200 are shown in the form of ~, but the respective parts are subprograms that operate in the terminal 100 and the server 200. May be modules. Such program modules include, but are not limited to, routines, subroutines, programs, objects, components, data structures, etc. that perform respective operations or execute particular abstract data types.

The agent unit 110 generates an initial whitelist necessary for security of the terminal 100 in software units.

For example, the agent unit 110 collects files belonging to the application software through an operating program of the operating system, and groups the collected files according to the type and version of the application software to which the files belong. Then, the agent unit 110 determines the group name of each group based on the user language. Then, if a predetermined group is selected by the user, the agent unit 110 generates an initial whitelist based on file information of files belonging to the selected group.

In addition, the agent unit 110 manages the initial whitelist in the latest state. For example, the agent unit 110 monitors whether a software vendor has distributed a new file (eg, a patch file) related to a predetermined software. As a result of the monitoring, when a new file is updated in the terminal 100, the initial whitelist is managed in the latest state by adding the file to the initial whitelist according to the user's selection. As another example, the agent unit 100 manages the initial whitelist in the latest state by adding the file information provided from the server 200 to the initial whitelist.

In addition, the agent unit 110 allows or blocks execution of a predetermined file based on the initial whitelist.

The storage unit 120 stores the initial white list generated by the agent unit 110. The storage unit 120 may include a nonvolatile memory, a volatile memory, a hard disk drive (HDD), an optical disc drive (ODD), a magneto optic disk drive (MOD), and an SD. Card (Secure Digital Card), or a combination thereof.

The user interface constructing unit 130 configures a user interface necessary for generating or managing an initial whitelist. In this case, the user interface may be an interactive user interface based on a user language.

For example, when files constituting each application software are collected through an operating system uninstaller, the collected files are grouped based on the hierarchy of the application software to which the file belongs, and the group name of each group is determined based on the user language. do. The user interface 130 constructs a user interface including the determined group name and provides the same to the user. As a result, the user can easily select files to be executed in the terminal 100. However, the file selection process based on the hierarchical structure and the user language as described above may be omitted in the initial file collection process.

As another example, when a file related to a predetermined application software is newly updated or a file execution request that has not been collected for the same software is requested, the terminal 100 searches for the application software to which the file belongs using the hierarchy of the file. The user interface unit 130 replaces the retrieved software name with a user language, and constructs and provides a user interface including the software name replaced with the user language to the user. As a result, the user can intuitively recognize which application the newly updated file belongs to the terminal 100, and can easily determine whether to add the information of the file to the initial whitelist. .

The output unit 140 outputs the user interface configured by the user interface configuration unit 130 in the form of at least one of a visual signal, an audio signal, and an optical signal. To this end, the output unit 140 may include a display, a speaker, a light emitting device, or a combination thereof.

The input unit 150 receives a command and / or data from a user. To this end, the input unit 150 may include a touch input unit 150, a button input unit 150, a sound input unit 150, or a combination thereof. Examples of the touch input unit 150 include a touch pad and a touch panel. The touch panels may be stacked to form a touch screen for display of the above-described output unit 140. The button input unit 150 may be, for example, a keyboard and a mouse. The sound input unit 150 may be a microphone.

Referring to FIG. 2, the server 200 includes a collector 210, a normalizer 220, an updater 230, a database 240, and a service provider 250.

The collecting unit 210 collects an initial white list from the plurality of terminals 100. For example, the collection unit 210 collects at least one of the first initial white list and the second initial white list from each terminal 100. The first initial whitelist may include a file constituting an operating system, and the second initial whitelist may include a file constituting an application program. The collected initial whitelists are provided to the normalizer 220 to be described later.

In addition, the collection unit 210 collects the change information of the initial white list from the terminal 100. Collected change information is provided to the update unit 230 to be described later.

The normalizer 220 normalizes the initial whitelists collected by the collector 210. Specifically, the normalization unit 220 generates a normalized white list for the corresponding software by deleting duplicate file information for the initial whitelists for the same software among the collected initial whitelists.

The updater 230 updates the normalized whitelist by adding the change information of the initial whitelist collected by the collector 210 to the normalized whitelist.

The database 240 stores whitelists updated by the updater 230. The whitelists stored in the database 240 may be automatically provided to the plurality of terminals 100 or may be provided to the plurality of terminals 100 after approval of the administrator. In addition, the database 240 may store a well-known white list.

The service provider 250 distributes the change information of the initial white list collected by the collecting unit 210 to another terminal, so that the change information is automatically added to the initial white list of the other terminal.

3 to 4 are flowcharts illustrating a whitelist-based terminal security method according to an embodiment of the present invention.

Prior to description, it is assumed that the plurality of terminals 100_1 and 100_2 are devices in a clean state in which malicious software is not infected. In this state, the terminal 100_1 collects files constituting the software of the terminal 100_1 (S300).

Specifically, the step S300 may collect files belonging to the software installed in the terminal 100_1 through the uninstall program of the operating system installed in the terminal 100_1. As a result, the terminal 100_1 may collect files of software stored in the terminal 100_1 even if a separate installation file for identifying a file constituting the software is not provided.

The terminal 100_1 stores the initial whitelists generated in software units in the terminal 100_1 (S310) and transmits the initial whitelists to the server 200 (S320).

In addition, the server 200 may collect initial whitelists from the other terminal 100_2. In FIG. 3, two terminals are illustrated, but the present invention is not limited thereto, and the plurality of terminals 100 may communicate with the server 200 so that whitelists may be centralized in the server 200.

The server 200 collects initial whitelists from the terminal 100_1 and the other terminal 100_2, and normalizes the collected initial whitelists (S330). The step S330 may include generating a normalized whitelist for the software by deleting duplicate file information for the initial whitelists for the same software among the collected initial whitelists.

Meanwhile, the terminal 100_1 may be requested to execute a specific file by the user (340). Then, the terminal 100_1 may manage the whitelist and block or allow execution of the file based on the hierarchical structure of the file and an interactive interactive process.

4, the terminal 100_1 determines whether the requested file is a file included in an initial whitelist (S410). If the file is included in the initial whitelist, the terminal 100_1 may allow execution of the file (S440).

On the contrary, if the requested file is not a file included in the initial whitelist, the terminal 100_1 may check whether the file is hierarchically associated with the files included in the initial whitelist.

If the requested file is not included in the initial whitelist, for example, the requested file is a file that constitutes software that you do not intend to use (for example, software not included in the whitelist), or This may be a file that was intended but not included in the whitelist of the software. In particular, in the latter case, a missing file may exist in the process of collecting a file through the O / S removal program of the terminal 100_1, or a new file may be installed in the terminal 100_1 by patching the corresponding software.

In order to determine the above cases, the terminal 100_1 checks the hierarchical structure of the file requested to be executed and the files included in the white list to determine whether the file constitutes the same software (S430). The verification process of the hierarchical structure may be determined by, for example, verifying that files constituting the same software call each other or related files (eg, a parent-child relationship), but are not limited thereto. Do.

Meanwhile, in the above process, the terminal 100_1 may monitor whether the software vendor distributes a new file (for example, a patch file) related to a predetermined software, and determine whether the new file is updated in the terminal 100_1. .

As a result of the determination in step S430, if the file requested to be executed is not associated with the file included in the initial whitelist and the hierarchical structure, the terminal 100_1 considers the user to be a file of an unintended software and blocks execution of the file. (S440).

On the contrary, if the hierarchical structure of the file requested to be executed is associated with the hierarchical structure of the file included in the initial whitelist, the terminal 100_1 is a file of the software intended for use by the user, but is missing from the collection process, It is considered an updated case. Therefore, the terminal 100_1 configures an interactive interface based on the user language, and adds the file to the initial whitelist based on the user's selection (S450).

In this case, according to an embodiment, the terminal 100_1 may determine whether the execution file is harmful using various known hazard determination algorithms, and configure the user interface to include the determination result in the user interface. And output.

The step S450 may include identifying a software to which the file belongs based on the newly updated file hierarchy, replacing the identified software name with a user language, and a user interface including a software name replaced with the user language. The method may include configuring, adding a corresponding file to an initial whitelist based on a user selection made through a user interface, and storing the changed initial whitelist.

According to an embodiment, before allowing the execution of the file, the terminal 100_1 may check whether the file is changed or damaged based on the unique information of the file. Examples of file specific information include the file's hash value, name, size, publisher, and digital signature. As a result, when the requested file is not changed or damaged, the terminal 100 permits the execution of the file. If the file requested to be executed is changed or damaged, the terminal 100_1 blocks execution of the file.

3, it is determined whether the requested file is added to the white list (S360). If not added, the process of FIG. 3 may be terminated. If added, the terminal 100_1 transmits the change information of the initial whitelist to the server 200 (S370).

The server 200 updates the normalized white list based on the change information collected from the terminal 100_1 (S380). That is, when a missing file is added to the white list through the user interface, the server 200 receives the changed information from the terminal 100_1 to provide feedback that the file is in the same group (eg, the same software). You can get it.

Thereafter, the server 200 distributes the change information collected from the terminal 100 to another terminal 100_2 (S390). As a result, the change information collected from the terminal 100_1 may be automatically added to the initial white list of the other terminal 100_2.

According to the present invention, the files collected by the terminal are grouped based on the hierarchy of the software to which the files belong, and the group name of each group is provided in an intuitive user language for the user to grasp. Therefore, the user can more easily set up files to be executed in the terminal and generate a white list.

1 to 4, the user can more easily update the whitelist, and the whitelist is updated with more secure and up-to-date information as the stepwise whitelist update is repeated in communication with a plurality of terminals. The list can be provided to the user.

In the above, embodiments of the present invention have been described with reference to the accompanying drawings, but those skilled in the art to which the present invention pertains may realize the present invention in other specific forms without changing the technical spirit or essential features thereof. I can understand that. Therefore, it should be understood that the embodiments described above are exemplary in all respects and not restrictive.

100: terminal
200: server

Claims (10)

A method of white list-based management of a terminal by a computing system running on the terminal,
(a) collecting the files constituting the software of the terminal and generating a white list for the security of the terminal in the software unit;
(b) when an execution of a file not included in the whitelist is requested, outputting an interactive user interface based on a hierarchical structure of the requested file and a user language; And
(c) adding the requested file to the whitelist based on a user selection through the user interface. The method of claim 1,
In step (a),
And collecting files constituting the software through a removal program operated by an operating system installed in the terminal. The method of claim 1,
In step (b),
(b-1) identifying a software hierarchy to which the requested file is executed by checking a hierarchy related to the requested file;
(b-2) if a whitelist corresponding to the identified software exists, changing the name of the identified software to a user language; And
(b-3) outputting a user interface including a name of the software changed to the user language. The method of claim 3,
In step (b),
Determining whether the requested file is harmful; And
And including a hazard determination result included in the user interface. The method of claim 1,
(d) transmitting the whitelist to a server; And
(e) receiving an update file for the same software as the software from the server and automatically updating the whitelist, wherein the update file is received from the other terminal as a whitelist for the same software from another terminal. The whitelist-based terminal security method further comprising an update step. As a method of managing whitelists stored in two or more terminals on a whitelist based on a server,
Receiving, from a first terminal, a white list in which files constituting the software of the first terminal are collected;
Receiving, from a second terminal, a white list in which files constituting the software of the second terminal are collected;
Normalizing the white list collected from the first terminal and the second terminal in the same software unit; And
Distributing information of the added file to the second terminal when receiving information of a file added to the white list of the first terminal from the first terminal,
The distribution operation of the added file information is performed when the white list of the first terminal and the white list of the second terminal correspond to the same software, and the information of the distributed file is stored in the white list of the second terminal. Automatically added whitelist management method. As a white list management system for the security of the terminal,
As a program to be executed in the terminal, the files constituting the software of the terminal are collected to generate a white list necessary for the terminal security by the software unit, and when the execution of a file not included in the white list is requested, Outputting an interactive user interface based on a hierarchical structure of a file requested to be executed and a user language, and adding the requested file to the whitelist based on a user selection through the user interface; And
And a server for receiving the whitelist and the requested file for execution from the program and distributing the received file to another terminal having the same software-based whitelist as the software. The method of claim 7, wherein
The program,
And a file constituting the software through a removal program operated by an operating system installed in the terminal. The method of claim 7, wherein
The program,
Confirm the software to which the requested file is executed by checking a hierarchy associated with the requested file, and if a whitelist corresponding to the checked software exists, change the name of the checked software to a user language; A white list management system for outputting a user interface containing the name of the software changed in the user language. The method of claim 8,
The program may be configured to determine whether the file requested to be executed is harmful, and to include the result of the determination of harmfulness in the user interface, white list management system.

Images