TW200912696A - Method for verifying application programs and controlling the execution thereof - Google Patents

Method for verifying application programs and controlling the execution thereof Download PDF

Info

Publication number
TW200912696A
TW200912696A TW097129402A TW97129402A TW200912696A TW 200912696 A TW200912696 A TW 200912696A TW 097129402 A TW097129402 A TW 097129402A TW 97129402 A TW97129402 A TW 97129402A TW 200912696 A TW200912696 A TW 200912696A
Authority
TW
Taiwan
Prior art keywords
application
execution
verification data
user
computer
Prior art date
Application number
TW097129402A
Other languages
Chinese (zh)
Other versions
TWI419005B (en
Inventor
Sang-Kwon Jung
Sang-Wan Kim
Dong-Geun Lee
Original Assignee
Planty Net Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Planty Net Co Ltd filed Critical Planty Net Co Ltd
Publication of TW200912696A publication Critical patent/TW200912696A/en
Application granted granted Critical
Publication of TWI419005B publication Critical patent/TWI419005B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability

Abstract

Disclosed is a method for verifying and controlling execution of application programs which searches for the application programs, such as P2P program or messenger programs, or game files not permitted by an administrator, such as parents, subjected to being prevented from arbitrary execution so as to control whether to intercept or permit the execution of the application program, and classifies the application programs for every category so as to control the interception or the permission of the execution of the application program according to the environment setting policy set for every category. The method includes: the steps of establishing an application program verification data DB in which the collected application program files are classified for every program category so as to generate the application program verification data DB; transmitting the application program verification data DB to a user's computer; postponing the execution of the application program of the user's computer when the execution of the application program of the user's computer is initialized, and extracting the verification data of the executed application program; and searching for the application program verification data DB with the verification data with respect to the application program desired to be used in the user's computer and controlling the interception or permission of the execution of the application program according to the environment settling policy for every category.

Description

200912696 九、發明說明: 【發明所屬之技術領域】 本發明係關於安裝於使用者之電腦中之應用程式之控 制,且更特定言之係關於一種控制應用程式之執行的系統 及方法,其決定在使用者之電腦中執行哪種應用程式且控 制一設定類別中所包括之應用程式的執行。 【先前技術】 不僅可以存在依據使用者之需要所下載及安裝之檔案, 而且存在其中使用者不知道一使用者之電腦中所安裝之各 種應用程式中之程式之準確物質的情況下錯誤安裝的應用 程序檔案或病毒程式。此外,可能發生其中次要使用者在 許多使用者所存取及使用之電腦(例如家中所使用之電腦) 中安裝不為主要使用者所知之程式執行檔案的情況。尤其 可月b執行與P2P或訊息程式相關具有為兒童提供用於獲得 有害資訊之路線之高可能性的程式執行檔案、或管理者 (例如父母)不允許之遊戲檔案。因此,對一種搜尋欲防止 免於任意執行之程式且提供防止程式之執行之能力的系統 或方法之要求已逐漸增加。 檢視提供此能力之習知技術中,已提出若干技術,其中 週期性搜尋儲存於使用者之電腦之碟片中的應用程式之執 行檔案名(xxx.exe)或分析全部程式或程式之一特定部分以 搜哥-特定字元串’且若所搜尋之程式對應於經受以用於 控制之程式,則可以刪除該等程式,或即時搜尋該等應用 私式之執行檔案名(xxx.exe)或分析全部程式或程式之一特 133472.doc 200912696 定部分以搜尋-特定字元串,且若所搜尋之程式對應於經 受以用於控制之程式,則攔截該程式之執行。 不過,應用程式之執行權案名(xxx.exe)可以任意變化因 而搜尋執行檔案名(孤叫之習知技術之效應不利受限 制。此外,分析全部程式或程式之一特定部分以搜尋一特 定字元串之習知技術具有以下一問題:執行該程序之步驟 中用於運行每—程式之處理器上有很大負擔。此外,習知 技術無法提供各類別之分類控制,該分類控制針對每一類 別將各種應用程式分類且決定該等應用程式之執行或搁 戴。 【發明内容】 因此,已進行本發明以解決先前技術中出現的上面提及 之問題,且本發明提供-種控制應用程式檔案之執行的構 件^其分析透過網際網路或類似者所獲得之各種應用程式 執灯檔案;收集該等應用程式 料;針對每-類別將該收隼資料建:二存在之驗證資 叹果貝科建立成一資料庫;將一應 ^式分類驗證資料庫下載至一使用者之電腦(例如Pc)';、、 二亥使I:之電腦中執行該應用程式之前使該應用程式之 :執仃推遲一會兒;從該應用程式操取該驗證資料·及決 疋該已擷取驗證資料是 、 ^ ^ ^ ^ 7應於°亥使用者之電腦中所儲存 之忒等應用程式驗證資料資 用程式之該執行。4貝抖庫之各項目,以便控制該應 =,已進行本發明以解決先前技術中出現 之問續’且本發明提供-種判別該使用者之電腦中所執行 133472.doc 200912696 之該應用程式之—類別且依據 ^ 町耵母—類別所設定之一控 制方法允許或攔截該應用程式之該執行的構件。 依據本發明之—祥雖,妈^ , 7 供—種驗證及控制應用程式執 订的方法,其包含以下步驟:建立一應用程式驗證資料 加’其中-應❹式驗證祠服器分析相對於透過網際網 路或類似者所㈣之各㈣程式料,執行該等應用程式 之一程序所需要的胤,若能_㈣應用程式之DLL存 在於載入之DLL中’則擷取一唯一DLL,若能夠判別該應 用程式之DLL不存在於載人耻中,則操取該應用程式之 元資訊做唯—識別項,及針對每-程式類別產生該應用程 式驗證貢料DB;發送該應用程式驗證資料Μ,其中將建 立該應m驗證資料DB之師財所產生之該應用程 式驗證資料DB發送至一使用者之電冑;擷取該使用者之 電腦之應用程式驗證資料,*中,在初始化該使用者之電 腦中之該制程式之執行時,推遲該制程式之該執行, 然後作為該程式驗證資_取該應用程式之該DLL及該元 資訊;以及驗證及控制該使用者之電腦之該應用程式該執 行’其中採用需要用於該使用者之電腦中之該應用程式之 該驗證資料,搜尋該應用程式驗證資料DB,若無相對應 項目’則允許該已推遲應用程式之該執行,且將該已擷取 驗證資料發送至該應用程式驗證伺服器,及若該應用程式 驗證 > 料DB中存在一相對應項目,則依據針對每一類別 之一環境设疋政策,控制該應用程式之該執行之攔截或允 許。 133472.doc 200912696 【實施方式】 下文將參考附圖說明依據本發明之一範例性具體實施例 的—種驗證應用程式及控制其執行的結構及步驟。 參考圖1至6,依據本發明之一範例性具體實施例的一種 驗證及控制應用程式執行的方法包括:建立—應用程式驗 邊資料DB的步驟S100,其中一應用程式驗證伺服器1〇〇分 析相對於透過網際網路或類似者所收集之各應用程式槽案 執行該等應用程式之-程序所f要的肌,若能夠判別該 應用程式之DLL存在於載入DLL中則擷取一唯一 dll,若 能夠判別該應用程式之DLL不存在於載入DLL中則擷取該 應用程狀元資則故唯一識別項,及針對每一程式類別產 生該應用程式驗證資料DB ;發送該應用程式驗證資料db 的步驟S200,其中將建立該應用程式驗證資料db之步驟 S100中所產生之該應用程式驗證資料DB發送至一使用者 之電腦200 ;擷取該使用者之電腦之應用程式驗證資料的 步驟S300,其中,初始化該使用者之電腦2〇〇中之該應用 程式之執行時,推遲該應用程式之該執行’然後作為該程 式驗證資料擷取該應用程式之該DLL及該元資訊;以及驗 證及控制該使用者之電腦之該應用程式該執行的步驟 S400 ’其中採用需要用於該使用者之電腦中的該應用程式 之該驗證資料搜尋該應用程式驗證資料DB,若無相對應 項目,則允許該已推遲應用程式之該執行且將該已擷取驗 證資料發送至該應用程式驗證伺服器1〇〇,及若該應用程 式驗證資料DB中存在一相對應項目,則依據針對每一類 133472.doc -10· 200912696 別之一環境設定政策控制該應用程式之該執行之攔截或允 許。 如解說另外包括記錄一應用程式執行/攔截歷史之—步 驟的一範例性具體實施例之圖2所示,宜在控制驗證及執 行之步驟S400之後進一步包括記錄該應用程式執行/攔截 歷史的步驟S500,其中在使用者之電腦的應用程式驗證資 料DB中§己錄該應用程式執行允許或攔截之歷史。 更明確言之,在建立應用程式驗證資料DB之步驟Μ 中’分析執行該應用程式所需要之組,其中判別該應用 程式之驗證資料DB係由該等載入DLL之資訊構成。例如, 分析一普通訊息程式(例如MSN(程式C1)、Nate〇n(程式Ο) 或類似程式)之執行程序時,載入特定唯一DLL以用於執行 該程式。此外,即使修補該等普通程式該唯一 dll具有 小的變化可能性’因而包括唯一DLL之應用程式驗證資料 DB有利地不需要頻繁更新。 此外,在其中該應用程式係—未載入其存在於Windows 輔助程式中之唯一 DLL之程式㈣口,撲克牌遊戲、Freecell (程式B3)或類似程式)的情況下,該程式載入其他程式共同 使用之DLL ’因而難以擷取相制程式之唯―脱資訊。 不k在本心日月中’掏取該等應用程式之元資訊(Wind〇ws 標題名、執行檔案之影像名或類似者)作為能夠判別該應 用程式之驗證資料。 已擷取驗證資料(唯-DLL或元資訊)係針對程式之每一 類別加以分類,且建立應用程式驗證資料〇β U0,加中 133472.doc 200912696 所包括之資訊接收藉由處理程式檔案之DLL及元資訊所獲 得之一特定雜湊值的輸入,且驗證伺服器1 〇〇中所產生之 應用程式驗證資料DB 110係透過將應用程式驗證資料DB 發送至使用者之電腦2〇〇的步驟S200而儲存於使用者之電 月® 2 0 0的應用程式驗證資料db 210中,以便可以基於使用 者之電腦200的應用程式驗證資料db 2 10來控制使用者之 電腦中所執行之各種應用程式的執行。 同時,如明確解說依據本發明之另一範例性具體實施例 的一更新應用程式驗證資料DB之步驟之圖3所示,更佳地 驗證及控制應用程式執行的方法進一步包括更新應用程式 驗證資料DB之步驟S600,其中啟動使用者之電腦2〇〇時執 行代理程式’且將使用者之電腦的應用程式驗證資料DB 210與應用程式驗證伺服器100之應用程式驗證資料DB 11〇 作比較’識別使用者之電腦的應用程式驗證資料DB 21 〇是 否最新,且若應用程式驗證資料DB 21〇不為最新的,則更 新應用程式驗證資料DB 2 1 0。 上述建立應用程式驗證資料DB之步驟si〇〇係藉由儲存 於應用程式驗證伺服器100中之代理程式來實施且,如解 說依據本發明之s亥範例性具體實施例的建立應用程式驗證 資料DB之特定步驟之圖4所示,其宜包括:執行代理程式 之步驟SU0,在該步驟S110中執行代理程式;執行應用程 式之步驟S120,在該步驟8120中執行應用程式;擷取載入 dll之步驟S130,在步驟S130中擷取執行應用程式所需要 之基本載入DLL;決定唯一DLL之步驟Sl4〇,在步驟sl4〇 133472.doc •12· 200912696 中決定能夠判別應用程式之唯一 DLL是否存在於已擷取基 本載入DLL中;擷取元資訊之步驟S150,在步驟S150中, 若依據步驟S140之結果決定唯一 DLL不存在,則擷取應用 程式之元資訊;及添加一驗證資料DB搜尋項目之步驟 S160,在步驟S160中將擷取載入DLL之步驟S130中所擷取 的唯一 DLL或擷取元資訊之步驟S150中所擷取的應用程式 元資訊作為搜尋項目添加至驗證資料DB。200912696 IX. Description of the Invention: [Technical Field of the Invention] The present invention relates to the control of an application installed in a user's computer, and more particularly to a system and method for controlling the execution of an application, the decision Which application is executed on the user's computer and controls the execution of the application included in a set category. [Prior Art] There are not only files that are downloaded and installed according to the needs of the user, but also erroneously installed in the case where the user does not know the accurate substance of the programs in various applications installed in a user's computer. Application file or virus program. In addition, it may happen that a secondary user installs a program executable file that is not known to the primary user in a computer that is accessed and used by many users, such as a computer used in a home. In particular, the program execution file associated with the P2P or the message program having a high probability of providing the child with a route for obtaining harmful information, or a game file not permitted by the manager (e.g., parent) may be executed. Therefore, there has been an increasing demand for a system or method for searching for a program that is intended to prevent arbitrary execution and to provide the ability to prevent execution of the program. In the prior art of providing this capability, several techniques have been proposed in which the execution file name (xxx.exe) of an application stored on a user's computer disc is periodically searched or one of the programs or programs is analyzed. Some of them are search-specific character strings' and if the programs searched for correspond to programs that are subject to control, they can be deleted or search for the executable file name (xxx.exe) of the applications. Or analyze one of the programs or programs to search for a specific string of characters, and if the program being searched for corresponds to a program that is subject to control, intercept the execution of the program. However, the application's execution rights name (xxx.exe) can be arbitrarily changed to search for the executable file name (the effect of the known technology of lone calls is unfavorable. In addition, analyzing a specific part of a program or program to search for a specific The conventional technique of character strings has the following problem: there is a great burden on the processor for running each program in the step of executing the program. Moreover, the prior art cannot provide classification control for each category, and the classification control is directed to Each category classifies various applications and determines the execution or shelving of such applications. SUMMARY OF THE INVENTION Accordingly, the present invention has been made to solve the above-mentioned problems occurring in the prior art, and the present invention provides The component of the execution of the application file, which analyzes various application license files obtained through the Internet or the like; collects the application materials; and builds the received data for each category: Singer Beco establishes a database; downloads a categorized verification database to a user's computer (eg Pc)'; : The application is executed in the computer before the application is executed: the execution is postponed for a while; the verification data is obtained from the application, and the verification data is determined, ^ ^ ^ ^ 7 should be in ° Hai The execution of the application verification data application program stored in the user's computer, etc., in order to control the response, the present invention has been implemented to solve the problem in the prior art. The present invention provides a component that determines the type of the application of the application 133472.doc 200912696 executed in the user's computer and controls or blocks the execution of the application according to one of the control methods set by the ^machi-mother-category. According to the present invention, the method of verifying and controlling the application of the application, the method includes the following steps: establishing an application verification data plus 'where----------------------- For each of the four (4) programs of the Internet or similar (4), execute the program required by one of the applications. If the DLL of the application exists in the loaded DLL, then select The unique DLL, if it can be determined that the DLL of the application does not exist in the smug, the operator's meta information is used as the only identification item, and the application verification treasury DB is generated for each program category; The application verification data, wherein the application verification data DB generated by the teacher's financial office of the verification data DB is sent to a user's computer; and the application verification data of the user's computer is retrieved. In the execution of the program in the user's computer, the execution of the program is postponed, and then the program is used to verify the DLL and the meta information of the application; and the verification and control The application of the user's computer should execute the verification data of the application in the user's computer, and search for the application verification data DB. If there is no corresponding item, the application is allowed to be postponed. The execution of the application, and the captured verification data is sent to the application verification server, and if the application verification > material DB exists in a phase Should the project, one for each category based on the environmental policy set piece goods, control of intercepting the execution of the application or allow. 133472.doc 200912696 [Embodiment] Hereinafter, a structure and a procedure for verifying an application and controlling execution thereof according to an exemplary embodiment of the present invention will be described with reference to the accompanying drawings. Referring to FIGS. 1 through 6, a method for verifying and controlling application execution according to an exemplary embodiment of the present invention includes the step of establishing an application edge check data DB S100, wherein an application verification server 1〇〇 Analyze the muscles of the application that are executed by the application through the Internet or similar applications. If it can be determined that the DLL of the application exists in the loading DLL, then take one. The only dll, if it can be determined that the DLL of the application does not exist in the loading DLL, then the application identifier is uniquely identified, and the application verification data DB is generated for each program category; the application is sent Step S200 of verifying the data db, wherein the application verification data DB generated in step S100 of establishing the application verification data db is sent to a user's computer 200; and the application verification data of the user's computer is retrieved. Step S300, wherein, when the execution of the application in the user's computer is initialized, the execution of the application is postponed' then The DLL and the meta-information of the application for the program verification data; and the step S400 of the application for verifying and controlling the user's computer, wherein the application is required for the user's computer Searching the application verification data DB by the verification data of the application, if there is no corresponding item, allowing the execution of the deferred application and sending the captured verification data to the application verification server 1 , and If there is a corresponding item in the application verification data DB, the interception or permission of the execution of the application is controlled according to one of the 133472.doc -10·200912696 environment setting policies. As shown in FIG. 2, which is an exemplary embodiment of the steps of recording an application execution/intercept history, it is preferred to further include the step of recording the execution/intercept history of the application after the step S400 of controlling verification and execution. S500, wherein the application execution data DB of the user's computer has recorded the history of permission or interception of the application. More specifically, in the step of establishing an application verification data DB, 'analyze the group required to execute the application, wherein the verification data DB identifying the application is composed of the information of the load DLL. For example, when analyzing an executable program of a normal message program (such as MSN (Program C1), Nate〇n (Program) or the like), a specific unique DLL is loaded for execution of the program. Moreover, even if the ordinary dll is patched, the unique dll has a small possibility of change' so that the application verification material DB including the unique DLL advantageously does not require frequent updates. In addition, in the case where the application is a program that does not load its unique DLL that exists in the Windows helper program (4), poker game, Freecell (program B3) or the like, the program loads other programs. The DLL that is used together is thus difficult to capture the unique information of the phase program. Not in the heart of the month, the source information of these applications (Wind〇ws title name, image name of the execution file or the like) is taken as a verification data capable of discriminating the application. The verification data (only - DLL or meta information) is classified for each category of the program, and the application verification data is established 〇β U0, and the information included in the 133472.doc 200912696 is received by the processing program file. The DLL and the meta-information obtain a specific hash value input, and the application verification data DB 110 generated in the verification server 1 is sent to the user's computer through the application verification data DB 2 The S200 is stored in the application verification data db 210 of the user's e-month® 200, so that the application executed on the user's computer can be controlled based on the application verification data db 2 10 of the user's computer 200. Execution of the program. Meanwhile, as shown in FIG. 3 of the step of updating the application verification data DB according to another exemplary embodiment of the present invention, the method for more successfully verifying and controlling the execution of the application further includes updating the application verification data. Step S600 of the DB, in which the user's computer is started to execute the agent' and the application verification data DB 210 of the user's computer is compared with the application verification data DB 11 of the application verification server 100. The application verification data DB 21 of the user's computer is updated, and if the application verification data DB 21 is not up to date, the application verification data DB 2 1 0 is updated. The step of establishing the application verification data DB is implemented by the agent stored in the application verification server 100, and the application verification data is set up according to the exemplary embodiment of the present invention. As shown in FIG. 4 of the specific steps of the DB, it preferably includes: executing the agent step SU0, executing the agent in the step S110; executing the application step S120, executing the application in the step 8120; Step S130 of dll, in step S130, the basic load DLL required to execute the application is retrieved; step S14 of determining the unique DLL, and determining the unique DLL of the application in step sl4〇133472.doc •12·200912696 Whether it exists in the captured basic loading DLL; in step S150, in step S150, if it is determined according to the result of step S140 that the unique DLL does not exist, the meta information of the application is retrieved; and a verification is added. Step S160 of the data DB search item, in step S160, the unique DLL retrieved in step S130 of the loading DLL or the step S150 of capturing the meta information is taken in step S160. App yuan to take the information added as a search for items to verify information DB.

步驟S150中所擷取之應用程式元資訊可以包括應用程式 之Windows標題名、執行影像之檔案名、或類似者。 此外,擷取使用者之電腦之應用程式驗證資料的步驟 S300與驗證及控制使用者之電腦之應用程式執行的步驟 S400可以藉由儲存於使用者之電腦中的代理程式來實行。 欲參考圖5詳細說明步驟S300與S400,擷取使用者之電 腦之應用程式驗證資料的步驟S300包括:偵測使用者之電 腦中之應用程式之執行之一開始點的步驟S31〇 ;推遲應用 程式之執行步驟S320;從應用程式擷取執行應用程式所需 要之dll的步驟S33G;及從應用程式操取w訊的步驟 S340 〇 欲明確說明步驟S3 10與S320 休用代理程式之形式所 實施的控制裝置係在啟動使用者之電腦的同時加以操作, 載入驗證資料dB,開始债測應用程式之執行的操作,、及: 使用者之電腦貞測到應用程式之執行之開始點 : 遲程式執行。 自尤推 此外,步驟测中鮮載人DLL之程序採用—使用 133472.doc 13 200912696The application meta-information captured in step S150 may include the Windows title name of the application, the file name of the execution image, or the like. In addition, the step S300 of extracting the application verification data of the user's computer and the step S400 of executing the application of the computer for verifying and controlling the user can be performed by an agent stored in the user's computer. Steps S300 and S400 are described in detail with reference to FIG. 5. Step S300 of extracting application verification data of the user's computer includes: step S31 of detecting a start point of execution of the application in the user's computer; delaying application Step S320 of executing the program; step S33G of extracting the dll required for executing the application from the application; and step S340 of fetching the information from the application program to explicitly explain the form of the step S3 10 and the S320 idle agent The control device is operated while the user's computer is activated, the verification data is loaded, the execution of the debt measurement application is started, and: the user's computer detects the start of execution of the application: late Program execution. In addition, the procedure for measuring the fresh-loaded DLL in the step-by-step test is to use 133472.doc 13 200912696

Windows中所提供之程序相關API函數擷取載入DLL的方法 且步驟S34〇中所擷取之應用程式元資訊可以包括應用程式 之Windows標題名、執行影像之檔案名、或類似者。 此外,如圖5所示,驗證及控制使用者之電腦之應用程 式執行的步驟S400包括:搜尋從使用者之電腦之應用程式 所擷取的用作驗證資料之DLL或元資訊是否對應於使用者 之電知之應用程式驗證資訊DB 210之項目的步驟步 驟S410中對應之條件下針對驗證資料db中之每一類別分 類應用程式的步驟S420 ;依據步驟842〇中所分類之每—類 別之控制政策決定是否攔截應用程式之執行的步驟§43〇 ; 允許或攔截應用程式之執行的步驟844〇與S45〇 ;及步驟 S410中不對應之條件下將驗證資料發送至應用程式驗證伺 服器100,且允許使用者之電腦中應用程式之執行的步驟 S460與 S470 ° 對於各類別,應用程式驗證資料DB 11〇與21〇中所包名 U 之檀案可以詳細分類成P2P程式類別PR10、遊戲程式❹ 、訊息程式類別PR30、其他程式類別PR40、或❹ 者,如圖6至8所示。此外,依據步驟S420中所分類之每一 類別之控制政策決定是否攔截應用程式之執行的步驟⑽ 以及允許或織應、_式之執行的步驟⑷績_中,可 二^是否透過使用者所設定之環境僅攔截遊戲程式類別 中所包括之應用程式之執行或隨同咖訊息程式類別 PR10、訊息程式類別p 、 式-起攔截遊戲程式類別。R2=:括中所包括之應用程 汉宁所包括之應用程式之執 I33472.doc -14- 200912696 行’以便可以滿足使用者之各種要求。此外,即使在其中 不僅攔截而且允許執行的情況下,也透過記錄應用程式之 執行/攔截之歷史的步驟S500來記錄及儲存各應用程式類 別之應用程式之執行與攔截之歷史以便其可以用作統計材 料。 參考圖6,依據本發明的一種驗證及控制應用程式執行 的系統包括:該應用程式驗證伺服器丨〇〇,其係用於分析 相對於透過網際網路或類似者所收集之應用程式執行應用 耘式檔案之程序所需要之DLL,若能夠判別應用程式之 DLL存在於載入DLL中則擷取該唯一DLL,若應用程式不 包括DLL則擷取載入DLL中能夠判別應用程式之元資訊, 以及針對各程式類別產生及更新應用程式驗證資料DR 11 〇,及該使用者之電腦2〇〇,其包括從應用程式驗證伺服 器發送至使用者之電腦的應用程式驗證資料DB 21〇及一驗 '^與執行控制單元220,該驗證與執行控制單元22〇係在使 1, 帛权電腦中初始化應用程式之執行時推遲應用程式之執 行且作為驗證資料擷取已執行應用程式之DLL及元資訊, 料DB,若無相The program-related API function provided in Windows retrieves the method of loading the DLL and the application element information retrieved in step S34 can include the Windows title name of the application, the file name of the execution image, or the like. In addition, as shown in FIG. 5, the step S400 of verifying and controlling the application execution of the user's computer includes: searching whether the DLL or meta information used as the verification data retrieved from the application of the user's computer corresponds to the use. Step S420 of classifying the application for each category in the verification data db under the condition of the step S410 of the application verification information DB 210; the control of each category classified according to step 842 The policy determines whether to intercept the execution of the application, §43〇; allow or intercept the execution of the application, steps 844〇 and S45〇; and the verification data is sent to the application verification server 100 under the condition that the step S410 does not correspond, Steps S460 and S470 are allowed to execute the application in the user's computer. For each category, the application verification data DB 11〇 and 21〇 can be classified into the P2P program category PR10 and the game program. ❹ , message program category PR30, other program category PR40, or ,, as shown in Figures 6-8. In addition, according to the control policy of each category classified in step S420, it is determined whether to intercept the execution of the application (10) and the step (4) of allowing or compliant, and the execution of the _ type can be The setting environment only intercepts the execution of the application included in the game program category or the accompanying coffee program category PR10, the message program category p, and the type of the game program. R2=: The application included in the package The application of the application included in Hanning I33472.doc -14- 200912696 line 'to meet the various requirements of the user. Further, even in the case where not only interception but also execution is permitted, the history of execution and interception of the application of each application category is recorded and stored by the step S500 of recording the history of execution/interception of the application so that it can be used as Statistical material. Referring to FIG. 6, a system for verifying and controlling application execution according to the present invention includes: the application verification server, which is used to analyze an application executed relative to an application collected through the Internet or the like. The DLL required by the program of the file type, if it can discriminate that the DLL of the application exists in the loading DLL, the unique DLL is retrieved, and if the application does not include the DLL, the source information of the application can be discriminated in the loading DLL. And the generation and update of the application verification data DR 11 and the user's computer 2, which includes the application verification data DB 21 from the application verification server to the user's computer. Detecting and executing the control unit 220, the verification and execution control unit 22 delays the execution of the application when the execution of the application is initialized in the computer, and retrieves the executed application DLL as the verification data. And yuan information, material DB, if there is no phase

程式之執行。 採用已擷取驗證資料搜尋應用程式驗證資料 對應項目則釋放應用程式之執行之推遲且將亡Execution of the program. Search for application verification data using captured verification data. The corresponding project releases the execution delay of the application and will die.

133472.doc 15 200912696 控制應用程式執行的代理程式來實施。如圖7所示,較佳 地用於驗證及控制應用程式執行的代理程式進_步包I 每一類別之允許/攔截之控制設定單元221,其係藉由使用 者預先設定各類別之應用程式之執行的允許或搁截;—程 式執行即時偵測單元2 2 2,其係用於制使用者之電腦中 應用程式之執仃之初始化;一執行允許或搁載歷史記錄單 心3 ’其係用於將應用程式之執行之允許或攔截的歷史 此錄至應用程式驗證資料DB 22〇; 一驗證資料Μ更新單 儿224,其係用於將使用者之電腦的應用程式驗證資料DB 210與應用程式驗證伺服11100之應用程式驗證資料DB 110 作比較以更新;及一執行與攔截通知單元225,其係用於 通知使用者該執行與攔截。 、 由於可能執行錯誤安裝之應用程序檔案、病毒程式、主 要使用者不需要之程式執行楷案、與p2p或訊息程式相關 具有為兒童提供用以獲得有害資訊之路線之高可能性的執 2檔案、管理者(例如父母)不允許之遊戲檔案、或類似 者,所以本發明具有以下效應:若於使用者之電腦中债測 -_程式之執彳了則使該執行推遲—會兒,從應用程式掏 =證資料以搜尋已掏取驗證資料是否對應於使用者之電 ==存之應用程式分類驗證資料庫之各項目,及依據 :否I::搜術防止免於任意執行之程式,藉此控制 =攔截或允許應用程式之執行。此外,本發明具有以下 針對每一類別分類應用程式以便依據針對每一類別 斤狄疋之環境設定政策控制應❹式之執行之攔截或允 133472.doc •16- 200912696 許。 儘管已參考附圖說明本發明之技術精神,但該說明不限 制本發明而僅僅解釋本發明之較佳具體實施例。此外,熟 %此項技術者應明白,可以於此進行各種變更與修改而不 背離本發明之技術精神與範脅。 此外,申凊專利範圍之範疇而非詳細說明定義本發明之 範疇’且應瞭解,由申請專利範圍之意義與範疇以及等效 概念所導出之每一變更與修改屬於本發明之範疇。 【圖式簡單說明】 本發明的以上及其它目標、特徵及優點可從上面連同附 圖的詳細說明而更明白,其中: 圖1係解說本發明之一範例性具體實施例的一流程圖; 圖2係解說依據本發明之一範例性具體實施例的一流程 圖’該具體實施例另外包括一記錄應用程式執行/攔截歷 史之步驟; 圖3係明確解說依據本發明之另一範例性具體實施例之 更新應用程式驗證資料DB之步驟的流程圖; 圖係月確解說依據本發明之一範例性具體實施例之一 建立應用程式驗證資料DB之步驟的流程圖; 圖5係明確解說依據本發明之一範例性具體實施例之— = = 在該程序中’搁取使用者之電腦之應用程 工貝;斗的步驟S300與驗證及控制使用者之電腦 程式執行的步㈣彻係、藉由儲存於使用者之電 : 理程式來實行; 巧—代 133472.doc -17- 200912696 圖6係解說一經構造用於實施依據本發明之一範例性具 體實施例之方法的系統之圖式; 圖7係解說依據本發明之一範例性具體實施例之一驗證 及控制應用程式執行的代理程式之圖式;及 圖8係解說依據本發明之一驗證資料DB之檔案的圖式。 【主要元件符號說明】 100 應用程式驗證伺服器 110 V' 應用程式驗證資料DB 200 使用者之電腦 210 應用程式驗證資料DB 220 驗證與執行控制單元 221 每一類別之允許/攔截之控制設定單元 222 程式執行即時偵測單元 223 執行允許或攔截歷史記錄單元 224 驗證資料DB更新單元 / 225 執行與攔截通知單元 PR10 P2P程式類別 PR20 遊戲程式類別 PR30 訊息程式類別 PR40 其他程式類別 133472.doc -18-133472.doc 15 200912696 Controls the execution of the application by the application. As shown in FIG. 7, the permission/interception control setting unit 221 of each category of the agent program for verifying and controlling the application execution is configured by the user to preset the application of each category. The execution or execution of the program is executed; the program executes the instant detection unit 2 2 2, which is used to initialize the execution of the application in the user's computer; an execution allows or posts the history single 3 ' It is used to record the history of permission or interception of application execution to the application verification data DB 22〇; a verification data update unit 224, which is used to verify the application DB of the user's computer. 210 is compared with the application verification data DB 110 of the application verification server 11100 for updating; and an execution and interception notification unit 225 is used to notify the user of the execution and interception. Due to possible execution of incorrectly installed application files, virus programs, programs that are not required by major users, and files that are associated with p2p or message programs and have a high probability of providing children with a route to obtain harmful information. The game file or the like is not allowed by the manager (for example, the parent), so the present invention has the following effect: if the debt test of the user's computer is blocked, the execution is postponed - at the time, from Application 掏=Certificate data to search for the items that have been retrieved for verification data corresponding to the user's electricity == stored application classification verification database, and based on: No I:: Search to prevent free execution of the program To control = intercept or allow the execution of the application. In addition, the present invention has the following classification application for each category to control the interception or permission of the execution of the policy according to the environment setting policy for each category. 133472.doc •16- 200912696. While the technical spirit of the present invention has been described with reference to the drawings, the description is not intended to limit the invention, but merely to explain the preferred embodiments of the invention. In addition, it should be understood by those skilled in the art that various changes and modifications may be made therein without departing from the spirit and scope of the invention. In addition, the scope of the invention is to be construed as being limited to the scope of the invention and the scope of the invention is intended to be BRIEF DESCRIPTION OF THE DRAWINGS The above and other objects, features and advantages of the present invention will become more apparent from 2 is a flow chart illustrating an exemplary embodiment of the present invention. The specific embodiment further includes a step of recording an application execution/intercept history. FIG. 3 is a diagram illustrating another exemplary embodiment in accordance with the present invention. Flowchart of the steps of updating the application verification data DB of the embodiment; FIG. 5 is a flow chart illustrating the steps of establishing an application verification data DB according to one exemplary embodiment of the present invention; FIG. 5 is a clear explanation basis. An exemplary embodiment of the present invention - = = in the program 'takes the user's computer application work; the step S300 of the bucket and the step of verifying and controlling the user's computer program execution (four) Executed by the user's electricity: program; 巧-代133472.doc -17- 200912696 Figure 6 is a diagram for constructing one of the embodiments according to the present invention FIG. 7 is a diagram illustrating an agent that verifies and controls execution of an application in accordance with an exemplary embodiment of the present invention; and FIG. 8 illustrates a method in accordance with the present invention. One of the schemas for verifying the file DB. [Description of Main Component Symbols] 100 Application Verification Server 110 V' Application Verification Data DB 200 User's Computer 210 Application Verification Data DB 220 Verification and Execution Control Unit 221 Permission/Intercept Control Setting Unit 222 for each category Program execution immediate detection unit 223 Execution permission or interception history unit 224 Verification data DB update unit / 225 Execution and interception notification unit PR10 P2P program category PR20 Game program category PR30 Message program category PR40 Other program category 133472.doc -18-

Claims (1)

200912696 十、申請專利範圍: 1. 一種驗證及控制應用程式執行的方法,其包含以下步 驟: (S 100)建立—應用程式驗證資料DB,其中一應用程式 驗證词服器分析相對於透過網際網路或類似者所收集之 各應用程式檔案執行該等應用程式之一程序所需要的 DLL ’若能夠判別該應用程式之DLL存在於載入DLL 中’則擷取一唯一 DLL ’若能夠判別該應用程式之dll 不存在於載入DLL中,則擷取該應用程式之元資訊做唯 一識別項,及針對每一程式類別產生該應用程式驗證資 料DB ; (S200)發送„亥應用程式驗證資料,其中將在建立該 應用程式驗證資料DB之步驟(sl〇〇)中所產生之該應用程 式驗證資料DB發送至一使用者之電腦;200912696 X. Patent application scope: 1. A method for verifying and controlling application execution, comprising the following steps: (S100) establishing an application verification data DB, wherein an application verification word server analysis is relative to the Internet The DLLs required by the application files collected by the road or the like to execute one of the applications 'If you can determine that the DLL of the application exists in the load DLL', then retrieve a unique DLL' if it can discriminate If the application dll does not exist in the loading DLL, the application's meta-information is used as the unique identification item, and the application verification data DB is generated for each program category; (S200) sending the "Hui application verification data" The application verification data DB generated in the step (sl〇〇) of establishing the application verification data DB is sent to a user's computer; (S300)擷取該使用者之電腦之應用程式驗證資料,其 中,在初始化該使用者之電腦中之該應用程式之執行 時’推遲該應用程式之該執行’錢擷取該應用程式之 該DLL及該元資訊作為該程式驗證資料;以及 (S400)驗證及控制該使用者之電腦之該應用程式該執 行,其巾採用需要用於該使用者之電腦中之該應用程式 之該驗•貝料’搜尋該應用程式驗證資料db,若無相對 應項目,則允許該已推遲應用程式之該執行,且將該已 擷取驗證資料發送至該應用 用程式驗證資料DB中存在一 程式驗證伺服器,及若該應 相對應項目,則依據針對每 133472.doc 200912696 一類別之一環境設定政策’控制該應用程式之該執行之 攔截或允許。 2.如請求項1之方法’其在控制該驗證及執行之步驟(S4〇〇) 之後進一步包含(S500)記錄一應用程式執行/攔截歷史之 一步驟’其中在該使用者之電腦之該應用程式驗證資料 DB中記錄該應用程式執行允許或攔截之該歷史。 3·如請求項1或2之方法,進一步包含(S600)更新該應用程 式驗證資料DB之一步驟,其中,在啟動該使用者之電腦 時’比較該使用者之電腦之該應用程式驗證資料DB與該 應用程式驗證伺服器之該應用程式驗證資料Db以加以更 新。 4.如請求項3之方法,其中(S100)建立該應用程式驗證資料 DB之該步驟包含以下步驟: (S110)執行該代理程式,在步驟(sno)中執行該代理 程式; (S 120)執行該應用程式’在步驟(§ 12〇)中執行該應用 程式; (S130)擷取該載入DLL,在步驟(sl3〇)中擷取執行該 應用程式所需要之該基本載入DLL ; (S 140)決定該唯一 DLL,在步驟(s 140)中決定能夠判 別該應用程式之該唯一 DLL是否存在於該已擷取基本載 入DLL中; (S150)擷取該元資訊,在步驟(S15〇)中,若依據步驟 (S140)之該結果決定該唯一DLL不存在,則擷取該應用 133472.doc 200912696 程式之該元資訊;及 (S160)添加一驗證資料]^搜尋項目,在(Sl6〇)中將擷 取該載入DLL之步驟(S 130)中所擷取之該唯一 DLL或擷 取該元資訊之步驟(S 150)中所擷取之該應用程式元資訊 添加至該驗證資料DB作為該搜尋項目。 5.如請求項4之方法,其中(S150)擷取該元資訊之該步驟中 所擷取之該應用程式元資訊可以包括該應用程式之一 Windows標題名、一執行影像之一檔案名,或類似者。 6,如請求項3之方法,其中(S3〇〇)擷取該使用者之電腦之該 應用程式驗證資料的該步驟與(S4〇〇)驗證及控制該使用 者之電版)之a玄應用程式執行的該步驟係藉由儲存於該使 用者之電腦中的該代理程式來實行,且(S3〇〇)擷取該使 用者之電細之该應用程式驗證賢料的該步驟包含以下步 驟: (S3 1 0)偵測該使用者之電腦中之該應用程式之該執行 之一開始點; (S320)推遲該應用程式之該執行; (S33 0)從該應用程式擁取執行該應用程式所需要之該 DLL ;及 (S 3 4 0)從該應用程式擷取該元資訊,及 (S400)驗證及控制該使用者之電腦之該應用程式該執 行的該步驟包含以下步驟: (S41 0)搜尋從該使用者之電腦之該應用程式所擷取之 用作該驗證資料之該DLL或該元資訊是否對應於該使用 133472.doc 200912696 者之電腦之該應用程式驗證資訊〇3之該項目. ⑽)若於步驟(S4爾對應,則針^驗證資獅 中之每一類別分類該應用程式; /㈣)依據步驟(_)中所分類之每—類別之控制政 朿,決定是否攔截該應用程式之該執行; (S440與S450)允許或攔截該應用程式之該執行;及 力(S460與S470)若於步驟(以1〇)中不對應,則將該驗證 資料發送至該應用程式驗證伺服器,且允許該使用者之 電腦中該應用程式之該執行。 如°月求項6之方法’其中步驟(S340)中所擷取之該應用程 式凡貝況可以包括該應用程式之該wind〇ws標題名、該 執行影像之該檔案名,或類似者。 133472.doc(S300) extracting application verification data of the user's computer, wherein the application of the application is deferred from the execution of the application in the user's computer, and the application is debited The DLL and the meta-information are used as the verification data of the program; and (S400) the application for verifying and controlling the user's computer is executed, and the towel is used for the application in the user's computer. The item 'searches the application verification data db, if there is no corresponding item, allows the execution of the deferred application, and sends the captured verification data to the application verification data DB to have a program verification servo And, if the corresponding item is to be selected, the interception or permission of the execution of the application is controlled according to an environmental setting policy for each of the categories of 133472.doc 200912696. 2. The method of claim 1, wherein after the step of controlling the verification and execution (S4), further comprising (S500) recording one of an application execution/intercept history step, wherein the user's computer is in the The application verification data DB records the history of the application's execution permission or interception. 3. The method of claim 1 or 2, further comprising the step of (S600) updating the application verification data DB, wherein the application verification data of the user's computer is compared when the user's computer is activated The DB and the application verify the application verification data Db of the server to be updated. 4. The method of claim 3, wherein the step of (S100) establishing the application verification data DB comprises the steps of: (S110) executing the agent, executing the agent in step (sno); (S120) Executing the application 'execute the application in step (§ 12〇); (S130) extracting the load DLL, and extracting the basic load DLL required to execute the application in step (sl3〇); (S140) determining the unique DLL, determining, in step (s140), whether the unique DLL of the application is present in the captured basic load DLL; (S150) extracting the meta information in the step (S15〇), if it is determined according to the result of the step (S140) that the unique DLL does not exist, the meta information of the application 133472.doc 200912696 is retrieved; and (S160) a verification data is added] Adding, in (S16), the unique DLL retrieved in the step of loading the DLL (S130) or the application element information extracted in the step (S150) of capturing the meta information (S150) The verification data DB is used as the search item. 5. The method of claim 4, wherein the application element information retrieved in the step of extracting the meta information (S150) may include a Windows title name of the application, and a file name of an execution image. Or similar. 6. The method of claim 3, wherein (S3〇〇) extracting the application verification data of the user's computer and (S4〇〇) verifying and controlling the electronic version of the user) The step performed by the application is performed by the agent stored in the user's computer, and (S3) the step of extracting the user's power to verify the application includes the following steps: Step: (S3 1 0) detecting a start point of the execution of the application in the user's computer; (S320) deferring the execution of the application; (S33 0) executing the execution from the application The DLL required by the application; and (S 3 4 0) extracting the meta information from the application, and (S400) verifying and controlling the application of the user's computer. The step of performing the step comprises the following steps: (S41 0) Querying whether the DLL or the meta-information used by the application of the user's computer for the verification data corresponds to the application verification information of the computer using the 133472.doc 200912696 3 of the project. (10)) If the step (S4 Correspondence, the needle ^ verifies each category of the lion to classify the application; / (4)) According to the control policy of each category classified in the step (_), decide whether to intercept the execution of the application (S440 and S450) permit or intercept the execution of the application; and force (S460 and S470) if the step (in 1) does not correspond, the verification data is sent to the application verification server, and Allow the application to execute on the user's computer. The method of the method of claim 6 wherein the step (S340) captures the application may include the wind 〇 ws title name of the application, the file name of the execution image, or the like. 133472.doc
TW097129402A 2007-08-02 2008-08-01 Method for verifying application programs and controlling the execution thereof TWI419005B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020070077657A KR100918626B1 (en) 2007-08-02 2007-08-02 Method for verifying application programs and controlling the execution thereof

Publications (2)

Publication Number Publication Date
TW200912696A true TW200912696A (en) 2009-03-16
TWI419005B TWI419005B (en) 2013-12-11

Family

ID=40305069

Family Applications (1)

Application Number Title Priority Date Filing Date
TW097129402A TWI419005B (en) 2007-08-02 2008-08-01 Method for verifying application programs and controlling the execution thereof

Country Status (4)

Country Link
KR (1) KR100918626B1 (en)
CN (1) CN101802805B (en)
TW (1) TWI419005B (en)
WO (1) WO2009017382A2 (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100970567B1 (en) * 2009-08-24 2010-07-16 윤성진 Method for firewalling using program database
KR101138746B1 (en) * 2010-03-05 2012-04-24 주식회사 안철수연구소 Apparatus and method for preventing malicious codes using executive files
KR101369250B1 (en) * 2011-12-29 2014-03-06 주식회사 안랩 Server, client and method for verifying integrity of data in peer to peer based network
US9712530B2 (en) * 2012-01-06 2017-07-18 Optio Labs, Inc. Systems and methods for enforcing security in mobile computing
KR101995260B1 (en) * 2012-04-30 2019-07-02 삼성전자 주식회사 Method and system for providing app service
JP5533935B2 (en) * 2012-05-10 2014-06-25 トヨタ自動車株式会社 Software distribution system and software distribution method
KR101594643B1 (en) * 2012-11-22 2016-02-16 단국대학교 산학협력단 Method for detecting software piracy and theft based on partial information of executable file, and apparatus therefor
CN102968338B (en) * 2012-12-13 2016-12-21 上海欧拉网络技术有限公司 Method, device and the electronic equipment classified for the application program of electronic equipment
CN103092604B (en) * 2012-12-13 2016-09-21 上海欧拉网络技术有限公司 A kind of application program sorting technique and device
CN103246595B (en) * 2013-04-08 2016-06-08 小米科技有限责任公司 Application management method, device, server and terminating unit
CN103366104A (en) * 2013-07-22 2013-10-23 腾讯科技(深圳)有限公司 Method and device for controlling accessing of application
KR101593899B1 (en) 2014-04-03 2016-02-15 주식회사 엘지씨엔에스 Cloud computing method, clould computing server performing the same and storage media storing the same
KR101654973B1 (en) * 2014-04-30 2016-09-06 단국대학교 산학협력단 Apparatus and method for software filtering
KR101700413B1 (en) * 2015-09-24 2017-02-13 주식회사 오앤파트너스 Method and system for integrity check of integrit of program
KR101899149B1 (en) * 2018-04-30 2018-09-14 에스엠테크놀러지(주) Abnormal Process Monitoring and Controlling System and Method, Recording Medium for Performing the Method

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7093135B1 (en) * 2000-05-11 2006-08-15 Cybersoft, Inc. Software virus detection methods and apparatus
US7363657B2 (en) * 2001-03-12 2008-04-22 Emc Corporation Using a virus checker in one file server to check for viruses in another file server
US7600222B2 (en) * 2002-01-04 2009-10-06 Microsoft Corporation Systems and methods for managing drivers in a computing system
JP4487490B2 (en) * 2003-03-10 2010-06-23 ソニー株式会社 Information processing apparatus, access control processing method, information processing method, and computer program
CN1581144A (en) * 2003-07-31 2005-02-16 上海市电子商务安全证书管理中心有限公司 Digital certificate local identification method and system
CN100395721C (en) * 2003-12-20 2008-06-18 鸿富锦精密工业(深圳)有限公司 System and method for centralized monitoring of limited program
KR100611679B1 (en) * 2004-07-30 2006-08-10 주식회사 뉴테크웨이브 A system for early prevention of computer virus and a method therefor
JP4733509B2 (en) * 2005-11-28 2011-07-27 株式会社野村総合研究所 Information processing apparatus, information processing method, and program

Also Published As

Publication number Publication date
CN101802805A (en) 2010-08-11
TWI419005B (en) 2013-12-11
KR20090013483A (en) 2009-02-05
WO2009017382A3 (en) 2009-04-16
CN101802805B (en) 2012-07-18
KR100918626B1 (en) 2009-09-25
WO2009017382A2 (en) 2009-02-05

Similar Documents

Publication Publication Date Title
TW200912696A (en) Method for verifying application programs and controlling the execution thereof
Chen et al. Tokenscope: Automatically detecting inconsistent behaviors of cryptocurrency tokens in ethereum
JP4807970B2 (en) Spyware and unwanted software management through autostart extension points
US9424428B2 (en) Method and system for real time classification of events in computer integrity system
US6981279B1 (en) Method and apparatus for replicating and analyzing worm programs
KR101441472B1 (en) Access monitoring method, information processing apparatus, and computer-readable medium storing access monitoring program
KR101260028B1 (en) Automatic management system for group and mutant information of malicious code
Zhan et al. Research on third-party libraries in android apps: A taxonomy and systematic literature review
Gianazza et al. Puppetdroid: A user-centric ui exerciser for automatic dynamic analysis of similar android applications
US20060005148A1 (en) System and method for content-based filtering of popup objects
CN110119614B (en) System and method for detecting hidden behavior of browser extension
WO2012022251A1 (en) Whitelist-based inspection method for malicious process
Thiyagarajan et al. Improved real‐time permission based malware detection and clustering approach using model independent pruning
US11475135B2 (en) Orchestration of vulnerability scanning and issue tracking for version control technology
EP2728472B1 (en) User terminal, reliability management server, and method and program for preventing unauthorized remote operation
Hong et al. xVDB: A high-coverage approach for constructing a vulnerability database
Kang et al. Androtracker: Creator information based android malware classification system
Chew et al. ESCAPADE: Encryption-type-ransomware: System call based pattern detection
Bui et al. Detection of inconsistencies in privacy practices of browser extensions
JP3840508B1 (en) Information collection software management system, management server and management program
KR20160031589A (en) Malicious application detecting method and computer program executing the method
Heid et al. Android Data Storage Locations and What App Developers Do with It from a Security and Privacy Perspective.
Chae et al. Effective and efficient detection of software theft via dynamic API authority vectors
JP5851311B2 (en) Application inspection device
Liu et al. Correlating ui contexts with sensitive api calls: Dynamic semantic extraction and analysis

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees