TWI801856B - Method of application control for child-program execution - Google Patents

Method of application control for child-program execution Download PDF

Info

Publication number
TWI801856B
TWI801856B TW110115776A TW110115776A TWI801856B TW I801856 B TWI801856 B TW I801856B TW 110115776 A TW110115776 A TW 110115776A TW 110115776 A TW110115776 A TW 110115776A TW I801856 B TWI801856 B TW I801856B
Authority
TW
Taiwan
Prior art keywords
program
application
parent
control unit
sub
Prior art date
Application number
TW110115776A
Other languages
Chinese (zh)
Other versions
TW202244724A (en
Inventor
陳弘儒
劉孝葳
Original Assignee
精品科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 精品科技股份有限公司 filed Critical 精品科技股份有限公司
Priority to TW110115776A priority Critical patent/TWI801856B/en
Publication of TW202244724A publication Critical patent/TW202244724A/en
Application granted granted Critical
Publication of TWI801856B publication Critical patent/TWI801856B/en

Links

Images

Landscapes

  • Information Transfer Between Computers (AREA)
  • Stored Programmes (AREA)
  • Programmable Controllers (AREA)

Abstract

A system of application control for child-program execution includes specifying an application control unit as a whitelist program; executing the application control unit to generate child-programs. Based on the inheritance relationship between the child-programs and the application control unit, the solved child-programs are whitelist programs. And, the parent program of the child-programs is checked. If the parent program is the application control unit, then the child-programs are executed.

Description

依於子程式執行之應用程式控管方法 Application Control Method Based on Subroutine Execution

本發明涉及一種應用程式控管之技術領域,特別是一種依於子程式執行之應用程式控管方法。 The present invention relates to the technical field of application program control, in particular to an application program control method based on subroutine execution.

隨著資訊化的發展,出現了大量的應用程式(APP)。同一個廠商可以提供多個應用程式。即使是不同的應用程式,尤其是同一個廠商提供的多個應用程式,可能存在相似的功能。為了適應技術發展或業務需要,常常需要對應用程式進行升級或換代,例如,新版本應用程式的發佈頻率可能大於1次/周。當發佈的新版本應用程式出現了錯誤或者業務出現故障時,需要用戶端的應用程式緊急回到指定版本的應用程式,才能夠滿足用戶的基本使用需求。 With the development of informatization, a large number of application programs (APP) have emerged. Multiple applications can be provided by the same vendor. Even different applications, especially multiple applications provided by the same vendor, may have similar functions. In order to adapt to technological development or business needs, it is often necessary to upgrade or replace the application program. For example, the release frequency of a new version of the application program may be greater than once per week. When an error occurs in the released new version of the application or the business fails, the user-side application needs to return to the specified version of the application in an emergency to meet the basic needs of the user.

現有的應用程式通常會限定可合法使用它的電腦裝置,避免應用程式被複製到其它未經合法授權的電腦裝置上使用。為達到這個目的,目前已有綁定硬體資訊的保護機制。在此機制中,應用程式一旦被啟動就會先讀取並驗證安裝它的電腦裝置中的硬體資訊,例如中央處理器編碼、硬碟序號等等,並只在驗證通過時才允許該電腦裝置正常執行它。這種機制雖可將應用程式與可正常執行它的合法電腦裝置綁定在一起,但因硬體資訊缺乏動態變化,故容易遭到破 解。 Existing application programs usually limit the computer devices that can legally use it to prevent the application program from being copied to other computer devices that are not legally authorized. To achieve this goal, there is currently a protection mechanism for binding hardware information. In this mechanism, once the application is started, it will first read and verify the hardware information in the computer device where it is installed, such as the CPU code, hard disk serial number, etc., and only allow the computer to The device executes it normally. Although this mechanism can bind the application program to a legitimate computer device that can execute it normally, it is vulnerable to damage due to the lack of dynamic changes in hardware information. untie.

此外,在網際網路普及的情形之下,在企業內通常都會建構與網際網路的連接,以取得各式各樣的應用程式。然而,從網際網路擷取的各種資訊或應用程式,可能也會有接收到惡意程式的情形發生。一旦惡意程式進入到資訊處理裝置,將會破壞其中的軟體或者是盜取其中的資訊,對於企業內的資訊安全造成莫大的傷害。 In addition, with the popularity of the Internet, connections to the Internet are usually established in enterprises to obtain various applications. However, various information or application programs retrieved from the Internet may also receive malicious programs. Once the malicious program enters the information processing device, it will destroy the software or steal the information therein, causing great harm to the information security in the enterprise.

另一方面,對於企業而言,在享受網際網路便利性的同時也應盡可能地將這些可能存在的惡意程式的威脅排除。關連於應用程式所實行的限制,傳統上係使用黑名單的控管方式來實施。因為全球的程式太多,因此以黑名單的控管方式已不符使用。 On the other hand, for enterprises, while enjoying the convenience of the Internet, they should also eliminate the threats of these possible malicious programs as much as possible. Restrictions related to the implementation of applications have traditionally been implemented using blacklist controls. Because there are too many programs in the world, the blacklist control method is no longer suitable for use.

近來駭客常使用本機上原有的程式,做為攻擊的程式,而不是使用駭客自己寫的程式。這樣會造成一個問題,例如Windows上內建的程式是常會被使用者使用的程式,但也是駭客最愛用的程式;如此,這些內建的程式是否可以設為應用程式控管,也是一大問題所在。 Recently, hackers often use the original programs on the machine as attack programs instead of using programs written by hackers themselves. This will cause a problem. For example, the built-in programs on Windows are programs that are often used by users, but they are also favorite programs for hackers; so, whether these built-in programs can be set as application control is also a big problem problem lies in.

再者,應用程式控管有強大的防護力,驅使本發明提供一種新穎的應用程式控管方法。 Furthermore, the application program control has a strong protection force, which drives the present invention to provide a novel application program control method.

本發明之目的在於提供一種依於子程式執行之應用程式控管方法。 The purpose of the present invention is to provide an application program control method based on subroutine execution.

本發明的依於子程式執行之應用程式控管方法可以大大地降低檢測的時間成本與提高資訊安全的檢測效率。 The application program control method based on subroutine execution of the present invention can greatly reduce the time cost of detection and improve the detection efficiency of information security.

本發明之依於子程式執行之應用程式控管方法,包括:指定一應用程式控管單元為一白名單程式;執行該應用程式控管單元,以產生子行程程式,基於該子行程程式與應用程式控管單元之繼承關係,其解出的子行程程式為白名單程式;以及,檢查該子行程程式之父行程,若該父行程為應用程式控管單元,則執行該子行程程式。 The application program control method based on subprogram execution of the present invention includes: specifying an application program control unit as a whitelist program; executing the application program control unit to generate a subroutine program, based on the subroutine program and The inheritance relationship of the application control unit, the sub-routine program solved by it is a whitelist program; and, the parent process of the sub-routine program is checked, and if the parent process is an application control unit, the sub-routine program is executed.

其中指定一應用程式控管單元為一白名單程式係透過一指定單元來執行。 Designating an application program control unit as a white list program is executed through a designated unit.

其中檢查該子行程程式之父行程係透過一檢查單元來執行。檢查該子行程程式之父行程係檢查該應用程式控管單元是否有勾選子程式繼承的項目。 The parent process of checking the child process program is executed through a checking unit. To check the parent process of the sub-program is to check whether the control unit of the application program has checked the sub-program inheritance item.

其中檢查單元具有勾選子行程繼承父行程的功能,以及檢查父行程為何之功能。 Among them, the checking unit has the function of checking whether the child stroke inherits the parent stroke, and the function of checking what the parent stroke is.

本發明之依於子程式執行之應用程式控管方法,包括:指定一安裝程式為一白名單程式;執行該安裝程式,以產生子行程程式,基於該子行程程式與安裝程式之繼承關係,其解出的該子行程程式為白名單程式;以及,檢查該子行程程式之父行程,若該父行程為安裝程式,則執行該子行程程式。 The application program control method based on subprogram execution of the present invention includes: specifying an installation program as a whitelist program; executing the installation program to generate a subroutine program, based on the inheritance relationship between the subroutine program and the installation program, The sub-routine program that it solves is a white list program; and, check the parent process of the sub-routine program, if the parent process is an installation program, then execute the sub-routine program.

其中該指定一安裝程式為一白名單程式係透過一指定單元來執行。其中該檢查該子行程程式之父行程係檢查該安裝程式是否有勾選子程式繼承的項目。 Wherein, specifying an installation program as a white list program is executed through a specified unit. Wherein, checking the parent process of the sub-program is to check whether the installer has checked the sub-program inheritance item.

110:ProcExp.Exe 110:ProcExp.Exe

120:ProcExp64.Exe 120:ProcExp64.Exe

130,220:檢查子行程之父行程為何 130,220: Check what is the parent process of the child process

200:安裝程式 200: Install program

210:子程式 210: Subroutine

〔第一圖〕顯示本發明之應用程式控管單元執行其子行程及檢查該子行程程式之父行程之示意圖。 [The first figure] is a schematic diagram showing that the application control unit of the present invention executes its sub-routine and checks the parent process of the sub-routine program.

〔第二圖〕顯示本發明之安裝程式執行其子行程及檢查該子行程程式之父行程之示意圖。 [The second figure] shows the schematic diagram of the installation program of the present invention executing its sub-routine and checking the parent process of the sub-routine program.

此處本發明將針對發明具體實施例及其觀點加以詳細描述,此類描述為解釋本發明之結構或步驟流程,其係供以說明之用而非用以限制本發明之申請專利範圍。因此,除說明書中之具體實施例與較佳實施例外,本發明亦可廣泛施行於其他不同的實施例中。以下藉由特定的具體實施例說明本發明之實施方式,熟悉此技術之人士可藉由本說明書所揭示之內容輕易地瞭解本發明之 功效性與其優點。且本發明亦可藉由其他具體實施例加以運用及實施,本說明書所闡述之各項細節亦可基於不同需求而應用,且在不悖離本發明之精神下進行各種不同的修飾或變更。 Herein, the present invention will be described in detail with respect to specific embodiments of the invention and its viewpoints. Such descriptions are for explaining the structure or step flow of the present invention, and are for illustration rather than limiting the patent scope of the present invention. Therefore, except for the specific embodiments and preferred embodiments in the description, the present invention can also be widely implemented in other different embodiments. The implementation of the present invention is described below through specific specific examples, and those who are familiar with this technology can easily understand the principles of the present invention through the contents disclosed in this specification. Efficacy and its advantages. Moreover, the present invention can also be used and implemented through other specific embodiments, and various details described in this specification can also be applied based on different needs, and various modifications or changes can be made without departing from the spirit of the present invention.

本發明提出一種依於子程式執行之應用程式控管方法,其中透過指定父行程(Parent Process)為應用程式控管單元(程式)。在電腦領域之中,父行程係指已建立一個或多個子行程的行程。父行程程式在執行時會生出一些小程式去執行部份功能,其子行程繼承了父行程的大部分屬性,例如檔案描述符。 The present invention proposes an application program control method based on the execution of sub-programs, in which the parent process (Parent Process) is designated as the application program control unit (program). In computing, a parent journey is one that has created one or more child journeys. When the parent process program is executed, some small programs will be generated to perform some functions, and its child processes inherit most of the attributes of the parent process, such as file descriptors.

在本發明之中,於執行子行程時,系統會自動檢查該子行程的父行程是誰。若檢查出來的父行程有定義或者有勾選子行程(程式)繼承,基於該父行程(程式)為應用程式控管單元,該子行程(程式)有繼承關係,所以也自動成為應用程式控管單元。亦即,以被信任的父行程去執行子行程程式,則子行程也成為被信任的執行程式。白名單的子程式可以繼承為白名單。父行程為白名單,則繼承的子行程也為白名單。 In the present invention, when executing a sub-journey, the system will automatically check who is the parent of the sub-journey. If the checked parent process has a definition or checks the child process (program) inheritance, based on the parent process (program) as the application control unit, the child process (program) has an inheritance relationship, so it will automatically become the application control unit. pipe unit. That is, if the child process is executed by the trusted parent process, the child process also becomes the trusted execution program. Subroutines in the whitelist can inherit the whitelist. If the parent itinerary is whitelisted, the inherited child itinerary is also whitelisted.

本發明係以白名單做為控管方案,以取代傳統的黑名單控管方式。強大的白名單功能,足以阻斷大部份的駭客攻擊。在實際上的操作上而言,我們可以利用使用者的行為,去判別、分別執行的程式是正常使用的程式或者是駭客的程式。若是正常使用的程式即為應用程式控管的白名單,反之即為黑名單。 The present invention uses a white list as a control solution to replace the traditional black list control method. The powerful white list function is enough to block most hacker attacks. In terms of actual operation, we can use the user's behavior to judge whether the programs to be executed are normal programs or hacker programs. If the program is in normal use, it is the white list controlled by the application, otherwise it is the black list.

第一圖描繪了本發明之應用程式控管單元執行其子行程之示意圖。應用程式控管單元係於伺服器、電腦或計算機裝置之中執行。首先,透過伺服器之一指定單元以指定應用程式控管單元,其為特定的白名單程式。然後,執行該應用程式控管單元,以產生子行程程式,基於該子行程程式與應用程式控管單元之繼承關係,其解出的該子行程程式為白名單程式。之後,透過一檢查單元以檢查該子行程程式之父行程,若該父行程為應用程式控管單元,則執行該子行程程式。舉例而言,本實施例之中應用程式控管單元為ProcExp.Exe 110,其係為ProcExp64.Exe 120之父行程。亦即,ProcExp.Exe 110在Win64之下會執行ProcExp64.Exe 120,而ProcExp64.Exe 120即成為ProcExp.Exe 110之子行程。於執行子行程ProcExp64.Exe 120時,系統會執行步驟130,自動檢查該子行程ProcExp64.Exe 120的父行程為何。由於父行程ProcExp.Exe 110有定義或者有勾選子行程(程式)繼承,則由父行程ProcExp.Exe 110所解出的子行程ProcExp64.Exe 120可以繼承父行程ProcExp.Exe 110的大部分屬性。基於該父行程ProcExp.Exe 110為應用程式控管單元,該子行程ProcExp64.Exe 120也自動成為應用程式控管單元。亦即,以被信任的父行程ProcExp.Exe 110去執行子行程ProcExp64.Exe 120程式之後,則子行程ProcExp64.Exe 120也成為被信任的執行程式。換言之,父行程ProcExp.Exe 110白名單之子行程ProcExp64.Exe 120程式可以繼承為白名單。父行程ProcExp.Exe 110為白名單,則繼承的子行程ProcExp64.Exe 120因為是繼承的關係,所以也為白名單。在Win64之下,系統會執行子行程ProcExp64.Exe 120以取代原ProcExp.Exe。 The first figure depicts a schematic diagram of the sub-routine executed by the application control unit of the present invention. The application control unit is implemented in a server, computer or computer device. Firstly, an application program control unit is designated through a designated unit of the server, which is a specific white list program. Then, execute the application control unit to generate a sub-routine program. Based on the inheritance relationship between the sub-routine program and the application program control unit, the sub-routine program is a whitelist program. Afterwards, a check unit is used to check the parent process of the child process program, and if the parent process is an application program control unit, the child process program is executed. For example, the application control unit in this embodiment is ProcExp.Exe 110 , which is the parent process of ProcExp64.Exe 120 . That is, ProcExp.Exe 110 will execute ProcExp64.Exe 120 under Win64, and ProcExp64.Exe 120 becomes a child process of ProcExp.Exe 110 . When the sub-routine ProcExp64.Exe 120 is executed, the system will execute step 130 to automatically check the parent process of the sub-routine ProcExp64.Exe 120 . Since the parent process ProcExp.Exe 110 is defined or the child process (program) inheritance is checked, the child process ProcExp64.Exe 120 solved by the parent process ProcExp.Exe 110 can inherit most of the properties of the parent process ProcExp.Exe 110 . Since the parent process ProcExp.Exe 110 is an application control unit, the child process ProcExp64.Exe 120 also automatically becomes an application control unit. That is, after the trusted parent process ProcExp.Exe 110 executes the child process ProcExp64.Exe 120 program, the child process ProcExp64.Exe 120 also becomes a trusted execution program. In other words, the child process ProcExp64.Exe 120 of the white list of the parent process ProcExp.Exe 110 can inherit the white list. The parent process ProcExp.Exe 110 is on the white list, and the inherited child process ProcExp64.Exe 120 is also on the white list because of the relationship of inheritance. Under Win64, the system will execute the sub-process ProcExp64.Exe 120 to replace the original ProcExp.Exe.

ProcExp.Exe為强大的進程管理器,可以用於便利地管理程序進 程,也可以執行或强行關閉任何程序。除此之外,ProcExp.Exe還可詳盡地顯示計算機信息:中央處理單元(CPU)、記憶體使用情况、動態連結函式庫(Dynamic-link library:DLL)、控制代碼、查看進程父子關係、結束指定進程,..等等。 ProcExp.Exe is a powerful process manager that can be used to manage programs conveniently program, and can execute or force close any program. In addition, ProcExp.Exe can also display computer information in detail: central processing unit (CPU), memory usage, dynamic link library (Dynamic-link library: DLL), control code, view process parent-child relationship, End the specified process, .. etc.

參考第一圖,在另一例子中,若系統單獨執行ProcExp64.Exe 120程式,而缺乏確認ProcExp64.Exe 120的父行程是誰的程序,則系統將無法判定ProcExp64.Exe 120是否為某一父行程的子行程,並且也缺乏父行程是否為白名單的檢查程序。因此,系統無法判定ProcExp64.Exe 120是否為白名單,而將其視為非白名單。 Referring to the first figure, in another example, if the system executes the ProcExp64.Exe 120 program independently, but lacks a program for confirming who the parent process of ProcExp64.Exe 120 is, the system will not be able to determine whether ProcExp64.Exe 120 is a certain parent A child itinerary of a itinerary, and also lacks a check to see if the parent is whitelisted. Therefore, the system cannot determine whether ProcExp64.Exe 120 is in the whitelist, and regards it as not in the whitelist.

舉一實施例而言,子行程ProcExp64.Exe 120係透過一檢查單元以檢查其父行程為何。亦即,父行程ProcExp.Exe 110是經過檢查單元的檢查之後,確定其為子行程ProcExp64.Exe 120的父行程。舉例而言,檢查單元具有勾選子行程繼承父行程的功能或選項,以及檢查父行程為何之功能。當一應用程式或套裝軟體被檢查單元勾選子行程繼承,則於執行其子行程之後,其解出的子行程即具有白名單之功能。當然,執行子行程時,檢查單元也會執行檢查子行程之父行程為何130之功能。 As an example, the child process ProcExp64.Exe 120 checks its parent process through a check unit. That is, the parent process ProcExp.Exe 110 is determined to be the parent process of the child process ProcExp64.Exe 120 after being inspected by the checking unit. For example, the checking unit has the function or option of checking that the child process inherits the parent process, and the function of checking what the parent process is. When an application program or package software is checked by the inspection unit to check sub-routine inheritance, after executing its sub-routine, the sub-routine it solves will have the whitelist function. Certainly, when executing the sub-routine, the checking unit will also perform the function of checking 130 what is the parent of the sub-routine.

由上述可知,若父行程程式已經被確認其為應用程式控管程式,則由父行程程式所執行的子行程程式也是應用程式控管程式;此外,該子行程若所執行的子行程程式也是應用程式控管程式,可以往下類推N代。反之,若只是單獨執行子行程程式,則不是應用程式控管。 As can be seen from the above, if the parent process program has been confirmed as an application program control program, then the child process program executed by the parent process program is also an application program control program; in addition, if the child process program executed by the child process program is also The application program control program can be deduced down to N generations. Conversely, if the sub-routine program is only executed independently, it is not controlled by the application program.

另外,本發明可以透過一指定單元以指定特定的白名單程式,而該白名單程式所執行的子程式直接認可為應用程式控管程式。 In addition, the present invention can designate a specific whitelist program through a designation unit, and the subroutines executed by the whitelist program are directly recognized as application program control programs.

第二圖描繪了本發明之另一實施例之應用程式控管單元執行其子行程之示意圖。在本實施例之中,應用程式控管單元係為電腦或計算機裝置之一安裝程式200。在第二圖之中,應用程式控管單元為安裝程式200,其透過一指定單元以指定為白名單程式。安裝程式200於安裝時,也會執行安裝子程式210;而安裝程式200即成為其子程式210的父程式。同樣地,於執行子程式210時,系統會執行步驟220,自動檢查該子程式210的父程式為何。由於父行程安裝程式200有定義或者有勾選子行程(程式)繼承,則由父行程安裝程式200所解出的子程式210可以繼承父行程安裝程式200的大部分屬性。基於該父行程安裝程式200為應用程式控管單元,該子程式210也自動成為應用程式控管單元。亦即,以被信任的父行程安裝程式200去執行子程式210之後,則子程式210也成為被信任的執行程式。換言之,父行程安裝程式200白名單之子程式210可以繼承為白名單。父行程安裝程式200為白名單,則繼承的子程式210因為是繼承的關係,所以也為白名單。 The second figure depicts a schematic diagram of the application control unit executing its sub-routines in another embodiment of the present invention. In this embodiment, the application control unit is an installation program 200 of a computer or a computer device. In the second figure, the application control unit is the installation program 200, which is designated as a whitelist program through a designation unit. When the installer 200 is installed, it also executes the installer subroutine 210 ; and the installer 200 becomes the parent program of its subroutine 210 . Similarly, when the subroutine 210 is executed, the system will execute step 220 to automatically check what the parent program of the subroutine 210 is. Since the parent process installation program 200 has a definition or checks the child process (program) inheritance, the child program 210 solved by the parent process installation program 200 can inherit most of the properties of the parent process installation program 200 . Since the parent process installer 200 is an application control unit, the subprogram 210 also automatically becomes an application control unit. That is, after the trusted parent process installation program 200 executes the sub-program 210, the sub-program 210 also becomes a trusted execution program. In other words, the child programs 210 of the white list of the parent process installation program 200 can inherit the white list. The parent process installation program 200 is on the white list, and the inherited child program 210 is also on the white list because of the inheritance relationship.

本發明可以指定特定的程式有繼承的屬性,使得其子程式變成白名單。相較於習知的黑名單控管方式,本發明提出依於子程式執行之應用程式控管方法,利用指定的應用程式控管單元來確定可執行的白名單,對於資訊安全的檢測效率大大地得到提升。 The present invention can designate a specific program to have inherited attributes, so that its subprograms become a white list. Compared with the conventional blacklist control method, the present invention proposes an application program control method based on subroutine execution, using a designated application program control unit to determine the executable white list, which greatly improves the detection efficiency of information security be enhanced.

在不脫離本文範疇之情況下,可對上述依於子程式執行之應用程式控管方法做出改變。因此,應當注意,包含在以上描述中並且在附圖中示出之內容應當被解釋為說明性的而非限制性之意義。以下申請專利範圍旨在涵蓋本文中所描述之所有一般特徵及特定特徵,以及本發明依於子程式執行之應用程式控管方法之範疇的所有陳述,其在語言上可被說成落在其間。 Variations may be made to the above method of subroutine execution-dependent application control without departing from the scope of this document. It is therefore to be noted that all matter contained in the above description and shown in the accompanying drawings shall be interpreted in an illustrative rather than a restrictive sense. The following claims are intended to cover all general and specific features described herein, as well as all statements of the scope of the present invention's method of controlling applications executed by subroutines, which language may be said to fall therebetween .

110:ProcExp.Exe 110:ProcExp.Exe

120:ProcExp64.Exe 120:ProcExp64.Exe

130:檢查子行程之父行程為何 130: Check what is the parent process of the child process

Claims (10)

一種依於子程式執行之應用程式控管方法,包括:利用一伺服器端以指定一應用程式控管單元為一白名單程式;執行該應用程式控管單元,以產生子行程程式,基於該子行程程式與該應用程式控管單元之繼承關係,其解出的該子行程程式為白名單程式;以及利用該伺服器端以檢查該子行程程式之父行程程式,若該父行程程式為該應用程式控管單元,則由該父行程程式所執行的該子行程程式也是該應用程式控管單元,若只是單獨執行該子行程程式,則不是該應用程式控管單元。 An application control method based on subprogram execution, including: using a server to designate an application control unit as a whitelist program; executing the application control unit to generate a subprogram, based on the The inheritance relationship between the sub-program and the application control unit, the sub-program is a whitelist program; and the server is used to check the parent program of the sub-program, if the parent program is For the application control unit, the sub-routine program executed by the parent program is also the application control unit, and if the sub-routine program is only executed independently, it is not the application control unit. 如請求項1所述的依於子程式執行之應用程式控管方法,其中該指定一應用程式控管單元為一白名單程式係透過一指定單元來執行。 The application control method based on subprogram execution as described in claim 1, wherein the designation of an application control unit as a whitelist program is executed through a designation unit. 如請求項1所述的依於子程式執行之應用程式控管方法,其中該檢查該子行程程式之父行程係透過一檢查單元來執行。 The application program control method based on subprogram execution as described in Claim 1, wherein the checking of the parent routine of the subprogram is executed through a checking unit. 如請求項3所述的依於子程式執行之應用程式控管方法,其中該檢查單元具有勾選子行程繼承父行程的功能,以及檢查父行程為何之功能。 The application program control method based on sub-program execution as described in claim 3, wherein the checking unit has the function of checking whether the sub-program inherits from the parent program, and the function of checking what the parent program is. 如請求項1所述的依於子程式執行之應用程式控管方法,其中該檢查該子行程程式之父行程係檢查該應用程式控管單元是否有勾選子程式繼承的項目。 The application program control method based on subprogram execution as described in claim 1, wherein the checking of the parent program of the subprogram is to check whether the application control unit has checked the subprogram inheritance item. 一種依於子程式執行之應用程式控管方法,包括:利用一伺服器端以指定一應用程式控管單元為一白名單程式,該應用程式控管單元為安裝程式;執行該安裝程式,以產生子行程程式,基於該子行程程式與該安裝程式之繼承關係,其解出的該子行程程式為白名單程式;以及利用該伺服器端以檢查該子行程程式之父行程程式,若該父行程程式為該應用程式控管單元,則由該父行程程式所執行的該子行程程式也是該應用程式控管單元,若只是單獨執行該子行程程式,則不是該應用程式控管單元。 An application control method based on subprogram execution, comprising: using a server to designate an application control unit as a whitelist program, and the application control unit is an installation program; executing the installation program to Generate a sub-routine program, based on the inheritance relationship between the sub-routine program and the installation program, the sub-routine program that it solves is a whitelist program; and use the server to check the parent program of the sub-routine program, if the If the parent program is the control unit of the application, the child program executed by the parent program is also the control unit of the application. If the child program is only executed independently, it is not the control unit of the application. 如請求項6所述的依於子程式執行之應用程式控管方法,其中該指定一應用程式控管單元為一白名單程式係透過一指定單元來執行。 The application control method based on subprogram execution as described in claim 6, wherein the designation of an application control unit as a whitelist program is executed through a designation unit. 如請求項6所述的依於子程式執行之應用程式控管方法,其中該檢查該子行程程式之父行程係透過一檢查單元來執行。 The method for controlling an application program based on subprogram execution as described in Claim 6, wherein the checking of the parent routine of the subprogram is executed through a checking unit. 如請求項8所述的依於子程式執行之應用程式控管方法,其中該檢查單元具有勾選子行程繼承父行程的功能,以及檢查父行程為何之功能。 The application program control method based on subprogram execution as described in Claim 8, wherein the checking unit has the function of checking whether the subprogram inherits from the parent procedure, and the function of checking what the parent procedure is. 如請求項6所述的依於子程式執行之應用程式控管方法,其中該檢查該子行程程式之父行程係檢查該安裝程式是否有勾選子程式繼承的項 目。 The application program control method based on subprogram execution as described in request item 6, wherein the checking of the parent program of the subprogram is to check whether the installation program has checked the subprogram inheritance item head.
TW110115776A 2021-04-30 2021-04-30 Method of application control for child-program execution TWI801856B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110115776A TWI801856B (en) 2021-04-30 2021-04-30 Method of application control for child-program execution

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110115776A TWI801856B (en) 2021-04-30 2021-04-30 Method of application control for child-program execution

Publications (2)

Publication Number Publication Date
TW202244724A TW202244724A (en) 2022-11-16
TWI801856B true TWI801856B (en) 2023-05-11

Family

ID=85793028

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110115776A TWI801856B (en) 2021-04-30 2021-04-30 Method of application control for child-program execution

Country Status (1)

Country Link
TW (1) TWI801856B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI556129B (en) * 2014-11-07 2016-11-01 財團法人工業技術研究院 Management server and method and user client device and monitoring method thereof
TWI560571B (en) * 2012-02-16 2016-12-01 Samsung Electronics Co Ltd Method and apparatus for protecting digital content using device authentication
US20190080081A1 (en) * 2017-09-08 2019-03-14 Avecto Limited Computer Device and Method for Controlling Process Components
US20190318100A1 (en) * 2018-04-17 2019-10-17 Oracle International Corporation High granularity application and data security in cloud environments
US20200242236A1 (en) * 2011-12-02 2020-07-30 Invincea, Inc. Methods and apparatus for control and detection of malicious content using a sandbox environment
US20200242239A1 (en) * 2016-08-03 2020-07-30 Sophos Limited Mitigation of return-oriented programming attacks

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200242236A1 (en) * 2011-12-02 2020-07-30 Invincea, Inc. Methods and apparatus for control and detection of malicious content using a sandbox environment
TWI560571B (en) * 2012-02-16 2016-12-01 Samsung Electronics Co Ltd Method and apparatus for protecting digital content using device authentication
TWI556129B (en) * 2014-11-07 2016-11-01 財團法人工業技術研究院 Management server and method and user client device and monitoring method thereof
US20200242239A1 (en) * 2016-08-03 2020-07-30 Sophos Limited Mitigation of return-oriented programming attacks
US20190080081A1 (en) * 2017-09-08 2019-03-14 Avecto Limited Computer Device and Method for Controlling Process Components
US20190318100A1 (en) * 2018-04-17 2019-10-17 Oracle International Corporation High granularity application and data security in cloud environments

Also Published As

Publication number Publication date
TW202244724A (en) 2022-11-16

Similar Documents

Publication Publication Date Title
JP5420734B2 (en) Software system with controlled access to objects
US6779117B1 (en) Authentication program for a computer operating system
KR102255767B1 (en) Systems and methods for virtual machine auditing
US9195823B1 (en) System and method for intercepting process creation events
US8001596B2 (en) Software protection injection at load time
RU2679175C1 (en) Method of behavioral detection of malicious programs using a virtual interpreter machine
JP4870937B2 (en) Method and system for limiting software updates
US7516477B2 (en) Method and system for ensuring that computer programs are trustworthy
US20180006999A1 (en) Computer security architecture and related computing method
US7665143B2 (en) Creating secure process objects
US7243348B2 (en) Computing apparatus with automatic integrity reference generation and maintenance
US8458673B2 (en) Computer-implemented method and system for binding digital rights management executable code to a software application
US8271803B2 (en) Anti-debugging protection of binaries with proxy code execution
US20070011723A1 (en) Method for maintaining application compatibility within an application isolation policy
JP2005129066A (en) Operating system resource protection
US7890756B2 (en) Verification system and method for accessing resources in a computing environment
US11966461B2 (en) Virtual environment type validation for policy enforcement
US8447975B2 (en) Workstation application server programming protection via classloader policy based visibility control
US7076557B1 (en) Applying a permission grant set to a call stack during runtime
Sze et al. A portable user-level approach for system-wide integrity protection
TWI801856B (en) Method of application control for child-program execution
US20240152610A1 (en) Methods and systems for detecting and blocking malicious actions in operating system
Caillat et al. Prison: Tracking process interactions to contain malware
CN115270117A (en) Application program control and management method executed according to subprogram
TWI801855B (en) System and method of application control based on root node