WO2017004918A1 - Security control method and device, and computer storage medium - Google Patents

Security control method and device, and computer storage medium Download PDF

Info

Publication number
WO2017004918A1
WO2017004918A1 PCT/CN2015/094227 CN2015094227W WO2017004918A1 WO 2017004918 A1 WO2017004918 A1 WO 2017004918A1 CN 2015094227 W CN2015094227 W CN 2015094227W WO 2017004918 A1 WO2017004918 A1 WO 2017004918A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
security domain
security
domain
belongs
Prior art date
Application number
PCT/CN2015/094227
Other languages
French (fr)
Chinese (zh)
Inventor
薛明星
Original Assignee
深圳市中兴微电子技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市中兴微电子技术有限公司 filed Critical 深圳市中兴微电子技术有限公司
Publication of WO2017004918A1 publication Critical patent/WO2017004918A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls

Definitions

  • the present invention relates to security control technologies in the field of communications, and in particular, to a security control method, apparatus, and computer storage medium.
  • the smart mobile terminal may include an electronic device such as a mobile phone or a tablet computer.
  • an electronic device such as a mobile phone or a tablet computer.
  • the office security problem is involved. If the office information is lost, information security and application security problems such as leakage of the company's business secrets may be caused.
  • virtualization technology is currently used for security isolation.
  • virtual machine technology is equivalent to running two systems on the same mobile terminal. This will increase the load on the system and increase the load.
  • a large amount of electric energy is consumed, and the application is applied to the smart mobile terminal, which may cause problems such as standby time of the smart mobile terminal, shortened battery life, and large system resource consumption.
  • embodiments of the present invention are directed to providing a security control method, apparatus, and computer storage medium to at least partially solve the problem of large load and high energy consumption of the security control system in the prior art.
  • a first aspect of the embodiments of the present invention provides a security control method, where the method includes:
  • the security domain includes a first security domain and a second security domain; a security level of the first security domain is higher than a security level of the second security domain;
  • the application of the second security domain is prohibited from accessing the application of the first security domain according to the security domain to which the application belongs.
  • the application of the second security domain is prohibited from accessing the application of the first security domain according to the security domain to which the application belongs, including:
  • the determining the security domain to which the application belongs includes:
  • the determining the security domain to which the application belongs includes:
  • the security domain to which the application belongs is determined.
  • the generating a security identifier according to the security level of the application includes:
  • the application of the second security domain is prohibited from accessing the application of the first security domain according to the security identifier, including:
  • the application of the second security domain is prohibited from passing interprocess communication or text.
  • the system accesses the application of the first security domain;
  • the application of the second security domain is prohibited from accessing the application of the first security domain by using a socket according to the total identifier.
  • the method further includes:
  • the application of the second security domain is prohibited from accessing the application of the first security domain according to the security domain to which the application belongs, including:
  • the application of the second security domain is prohibited from accessing the application of the first security domain through an internal communication component.
  • the method further includes:
  • the application of the first security level is allowed to access the application of the second security level according to the security domain to which the application belongs.
  • the method further includes:
  • the application of the second security level is installed in the second security domain.
  • a second aspect of the embodiments of the present invention further provides a security control apparatus, where the apparatus includes:
  • a determining unit configured to determine a security domain to which the application belongs; the security domain includes a first security domain and a second security domain; and the security level of the first security domain is higher than a security level of the second security domain;
  • the access control unit is configured to prohibit the application of the second security domain from accessing the application of the first security domain according to the security domain to which the application belongs.
  • the device further includes:
  • Generating a unit configured to generate a security identifier according to the security domain to which the application belongs;
  • the access control unit is configured to prohibit the second security domain according to the security identifier
  • the application accesses the application of the first security domain.
  • the determining unit includes:
  • the determining module is configured to determine a security domain to which the application belongs according to the installation certificate.
  • the device further includes:
  • a verification unit configured to verify the installation certificate to form a verification result
  • the determining unit is specifically configured to determine, according to the verification result, a security domain to which the application belongs.
  • the generating unit is configured to generate a security identifier for the kernel resource corresponding to the application according to the security domain to which the application belongs.
  • the access control unit includes:
  • the first access control module is configured to prohibit, according to the security identifier, an application of the second security domain from accessing an application of the first security domain by using an inter-process communication or a file system;
  • the second access control module is configured to prohibit the application of the second security domain from accessing the application of the first security domain by using a socket according to the total identifier.
  • the device further includes:
  • a component unit configured to divide an internal communication component of the application into a security domain in which the application is located according to a security domain to which the application belongs;
  • the access control unit is configured to prohibit an application of the second security domain from accessing an application of the first security domain by using an internal communication component.
  • the access control unit is further configured to allow an application of the first security domain to access an application of the second security domain according to a security domain to which the application belongs.
  • the device further includes:
  • an installation unit configured to install the application of the first security level in a first security domain; and install the application of the second security level in a second security domain.
  • the embodiment of the invention further provides a computer storage medium, wherein the computer storage medium stores computer executable instructions, and the computer executable instructions are used to perform at least one of the foregoing methods.
  • An embodiment of the present invention provides a security control method, apparatus, and computer storage medium, which are applied to a security domain of different security levels, and prohibit applications of a security domain with a low security level from accessing applications in a security domain with a high security level. This also achieves the purpose of isolation application, ensuring the application security and information security, and the system does not need to run two systems, thereby reducing the load of security control, reducing the power consumption of the terminal, and prolonging the standby time of the terminal.
  • FIG. 1 is a schematic flowchart of a security control method according to an embodiment of the present invention.
  • FIG. 2 is a schematic flowchart of determining a security domain to which an application belongs according to an embodiment of the present invention
  • FIG. 3 is a second schematic flowchart of a security control method according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a security control apparatus according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a safety control apparatus according to an example of the present invention.
  • FIG. 6 is a schematic flow chart of a security control method according to an example of the present invention.
  • FIG. 7 is a second schematic structural diagram of a safety control device according to an example of the present invention.
  • this embodiment provides a security control method, where the method includes:
  • Step S110 determining a security domain to which the application belongs; the security domain includes a first security domain and a second security domain; and the security level of the first security domain is higher than a security level of the second security domain;
  • Step S120 The application of the second security domain is prohibited from accessing the application of the first security domain according to the security domain to which the application belongs.
  • the security control method described in this embodiment can be applied to various terminals, and is particularly suitable for use in a mobile terminal, such as an electronic device such as a mobile phone or a tablet computer.
  • the system adopted by the electronic device in this embodiment may be various types of systems, such as an Android system.
  • the system of the electronic device may be divided into three domains, namely a system domain, a first security level domain, and a second security level domain.
  • the system domain is a system-level application that is self-contained for the system installation, and the applications installed in the first security level domain and the second security level domain are applications installed after the system is installed.
  • the security level of the first security domain is higher than the security level of the second security domain, and the security factor in the first security domain is higher.
  • the enterprise application is typically installed into the first secure domain and the personal application is installed into a second secure domain.
  • an application with high information security requirements or high application security requirements involved in the application process is generally installed in the first security domain, otherwise it is installed in the second security domain.
  • step S120 in order to access the application in the first security domain for the application in the second security domain, causing information leakage and low application security, the application access installation in the second security domain is restricted in step S120. In the first security domain, this is a good way to achieve application security isolation.
  • the application of the second security domain is prohibited from accessing the application in the first security domain in step S120.
  • the application is divided into security domains of different security levels, and mutual access between applications is controlled according to the security domain in which the application is located, so that two systems are operated by running as in the prior art.
  • the system burden will be reduced, energy consumption will be saved, and the standby time of the mobile terminal will be prolonged.
  • the application of the second security domain is prohibited from accessing the application of the first security domain according to the security domain to which the application belongs; but in a specific implementation, the method may further depend on the security of the application attribution.
  • the domain may allow applications in the first security domain to access each other; applications in the second security domain access each other, and applications of the first security domain are allowed to access applications of the second security domain. In this way, the terminal can satisfy the requirement of the user to access the application in the second security domain without exiting the first security domain.
  • applications installed in the first security domain include: enterprise mailboxes, virtual private networks (VPNs), enterprise contacts, and other applications.
  • Applications installed in the second security and installation include personal applications such as WeChat and QQ.
  • the user uses the Android phone to log in to the enterprise mailbox server using the enterprise mailbox in the VPN in the first security domain.
  • the process of checking the mail there is a link in the mail sent by the enterprise mailbox from its personal QQ mailbox.
  • the first security domain cannot access the application of the second security domain, then it is necessary to enter the second security domain to open the QQ mailbox.
  • the application of the first security domain can access the application of the second security domain, the user can use the QQ mailbox link in the enterprise mailbox to check the personal QQ mailbox, and use the security control method described in this embodiment.
  • the WeChat application can be opened, and the application security is ensured, and the application of the first security domain can be conveniently and quickly controlled to access the application of the second security domain.
  • the step S120 may include: generating a security identifier according to the security domain to which the application belongs; and prohibiting the application of the second security domain from accessing the application of the first security domain according to the security identifier.
  • the corresponding process is established at runtime, the corresponding memory resources are allocated, corresponding sockets are generated, and communication between applications is implemented by using a pipeline.
  • a corresponding security identifier will be generated in this embodiment.
  • the security identifier of the application corresponding kernel resource is determined by the security domain to which the application belongs. If the application belongs to the first security domain, the security identifier of the corresponding kernel resource is also corresponding to the first security domain. If the application belongs to the second security domain, the security identifier of the corresponding kernel resource is also corresponding to the second security domain.
  • Controlling the application's previous visit based on the security identifier when performing access control between applications ask. If the security identifiers of the kernel resources of the two applications that need to access each other indicate that the two applications belong to the same security domain, mutual access is allowed. If the security identifiers of the kernel resources of the two applications that need to access each other indicate that the two applications belong to different security domains, the application of the security domain of the high security level is allowed to access the application of the security domain of the low security level, and the low security level is prohibited. The application of the security domain accesses the application of the security domain with a high security level.
  • the step S110 may include:
  • Step S111 Acquire an installation certificate of the application.
  • Step S112 Determine, according to the installation certificate, a security domain to which the application belongs.
  • the installation certificate When an application is installed, it usually corresponds to the installation certificate of the installation package.
  • the installation certificate is a standard issued by the issuing organization and can be used to provide reference for security.
  • the installation certificate may include an enterprise publishing certificate and a general certificate. In general, if the installation certificate of the application is a certificate issued by the enterprise, it indicates that the application requires high application security level and information security level. If the installation certificate of the application is a normal certificate, it indicates that the application requires a relatively low application security level and information security level.
  • the security domain to which the application belongs is determined according to the installation certificate of the application.
  • the security domain to which the application belongs may also be determined according to an indication input by the user. For example, when the electronic device installs the application, a corresponding dialog box is popped up, asking whether the application being installed by the user is installed to the first security domain or the second security domain, receiving an indication input by the user, and installing the application according to the indication to the corresponding
  • the process of the security domain not only realizes the division of the security domain to which the application belongs, but also implements the installation of the application.
  • the method may include: installing the application of the first security level in a first security domain; and installing the application of the second security level in a second security domain.
  • the step S110 further includes: verifying the installation certificate to form a verification result.
  • the step S112 includes: determining, according to the verification result, a security domain to which the application belongs.
  • the installation certificate of the application is maliciously falsified, so that the application that should be installed in the first security domain is incorrectly installed in the second security domain, and the application that is incorrectly installed to the first security domain accesses the other application in the first security domain. The problem.
  • the verifying the installation certificate herein may include transmitting the installation certificate to the verification platform via the network for verification, and receiving the verification result from the verification platform.
  • the generating the security identifier according to the security level of the application includes: generating a security identifier for the kernel resource corresponding to the application according to the security domain to which the application belongs.
  • the kernel resources may include shared resources such as pipes, sockets, message queues, and shared memory that are available for inter-application access.
  • the pipeline in Linux is a very frequent communication mechanism.
  • a pipe is also a file that corresponds to a buffer with a fixed capacity.
  • the combination of the source IP address and the destination IP address and the source port number and the destination port number is called a socket. It is used to identify the servers and services requested by the client.
  • the IP is an abbreviation of Internet Protocol, and the corresponding Chinese is a network protocol.
  • the message queue is a container that holds messages during the transmission of a message.
  • kernel resources provide a way and means for applications to access each other.
  • a security identifier is generated for the kernel resource corresponding to the application, and the application of the second security domain is prohibited from accessing the application of the first security domain according to the security identifier.
  • the step S120 may specifically include:
  • the application of the second security domain is prohibited from accessing the application of the first security domain by using an inter-process communication or a file system;
  • the application of the second security domain is prohibited from accessing the application of the first security domain by using a socket according to the total identifier.
  • the application of the second security domain is prohibited from accessing the application of the first security domain through inter-process communication.
  • the firewall can be used to securely filter the socket according to the security identifier of the socket, so as to prevent the application of the second security domain from accessing the socket through the socket.
  • the application of the security domain can be used to securely filter the socket according to the security identifier of the socket, so as to prevent the application of the second security domain from accessing the socket through the socket.
  • the method further includes:
  • Step S111 According to the security domain to which the application belongs, the internal communication component of the application is divided into the security domain where the application is located;
  • the step S120 may include:
  • step S111 in this embodiment is performed.
  • the middleware divides the components into different security domains, and the lower security domain internal communication components cannot access applications in the higher security domain. That is, the internal communication component in the second security domain cannot access the application in the first security domain; of course, the application of the second security domain cannot access the internal communication component in the first security domain.
  • the method in this embodiment prohibits the application of the second security domain from using the inter-process communication, the internal communication component, and the socket to access the application of the first security domain, thereby ensuring the security of the application of the first security domain.
  • Information security and avoids the problem of high energy consumption and short standby time caused by the simultaneous operation of two sets of electronic devices.
  • the method in this embodiment further includes:
  • this embodiment provides a security control apparatus, where the apparatus includes:
  • the determining unit 110 is configured to determine a security domain to which the application belongs; the security domain includes a first security domain and a second security domain; and the security level of the first security domain is higher than a security level of the second security domain;
  • the access control unit 120 is configured to prohibit an application of the second security domain from accessing an application of the first security domain according to a security domain to which the application belongs.
  • the security control device in this embodiment may be part of the terminal itself or in the terminal.
  • the terminal may include an electronic device such as a mobile phone or a tablet computer.
  • the system of the terminal may include an Android system.
  • the specific structure of the determining unit 110 and the access control unit 120 may correspond to a processor or processing circuit having an information processing function in the terminal.
  • the processor may include a processor having an information processing function, such as an application processor, a central processing unit, a microprocessor, a digital signal processing, or a programmable array.
  • the processing circuit can include a dedicated integrated control circuit ASIC.
  • the processor can perform the corresponding function by performing execution of the specified code.
  • the device also includes:
  • Generating a unit configured to generate a security identifier according to the security domain to which the application belongs;
  • the access control unit 120 is configured to prohibit an application of the second security domain from accessing an application of the first security domain according to the security identifier.
  • the generating unit may include a processor or a processing circuit capable of generating the security identifier, and may further include a storage medium storing the security identifier.
  • the security identifier is stored by the storage medium, and the application of the second security domain is prohibited from accessing the application of the first security domain in subsequent use.
  • the determining unit includes:
  • a determining module configured to determine, according to the installation certificate, a security domain to which the application belongs.
  • the obtaining module may include a parser for obtaining the installation certificate by parsing an installation package or an installation file of the application.
  • the determining module may include a processor or processing circuit to determine a security domain to which the application belongs according to the installation certificate.
  • the device also includes:
  • a verification unit configured to verify the installation certificate to form a verification result
  • the determining unit 110 is configured to determine, according to the verification result, a security domain to which the application belongs.
  • the structure of the verification unit is different depending on the manner of verification. If the verification is performed by the verification platform, the verification unit includes a communication interface, and the communication interface may be a wired or wireless communication interface, and can communicate with the verification platform. And obtaining the verification result. If the terminal self-verifies the installation certificate, the verification unit may include a processor or processing circuit with verification processing. The structure of the processor and the processing circuit can be referred to the foregoing part and will not be repeated here.
  • the generating unit is configured to generate a security identifier for the kernel resource corresponding to the application according to the security domain to which the application belongs.
  • the kernel resource of the application is marked, and the identifier is the security identifier, and then the security identifier is used to allow or prohibit communication between applications according to the security identifier. .
  • the communication between the applications is prohibited, and the application of the second security domain is prohibited from accessing the application of the first security domain.
  • the access control unit 120 includes:
  • the first access control module is configured to prohibit, according to the security identifier, an application of the second security domain from accessing an application of the first security domain by using an inter-process communication or a file system;
  • the second access control module is configured to prohibit the application of the second security domain from accessing the application of the first security domain by using a socket according to the total identifier.
  • the access control unit 120 is divided into a first access control module and a second access.
  • the control module controls different access modes between applications.
  • the first access control module is configured to prevent the application of the second security domain from accessing the application of the first security domain by using the inter-process communication, for example, the application of the second security domain is prohibited from accessing the first security domain by using an IPC process.
  • Applications. The IPC process is performed based on an IPC object.
  • An IPC object is a tool that communicates between processes at the kernel level.
  • the IPC object can be any type of message queue or semaphore or shared memory.
  • the device further includes:
  • a component unit configured to divide an internal communication component of the application into a security domain in which the application is located according to a security domain to which the application belongs;
  • the access control unit 120 is configured to prohibit an application of the second security domain from accessing an application of the first security domain by using an internal communication component.
  • the internal communication component is also a communication mode for the mutual access between the applications.
  • the component unit divides the component into a corresponding security domain according to the security domain to which the application belongs; and according to the security of the internal communication component attribution.
  • the domain accesses the corresponding application.
  • the access control unit 120 is further configured to allow an application of the first security domain to access an application of the second security domain according to a security domain to which the application belongs.
  • the access control unit 120 allows the application of the first security domain without reducing the use security and information security of the application of the first security domain. Access to the application of the second security domain.
  • the device also includes:
  • an installation unit configured to install the application of the first security level in a first security domain; and install the application of the second security level in a second security domain.
  • the specific structure of the installation unit may include the foregoing processor or processing circuit, which is not repeated here.
  • the application with different application security and information security requirements is installed in the corresponding security domain in this embodiment, which improves. Application security and information security; and can reduce power consumption, Extend the standby time of the terminal.
  • This example provides a security control method based on SELinux.
  • the SELinux is an abbreviation of Security-Enhance Linux, and the corresponding Chinese is enhanced Linux. And use this SELinux with Android to provide application security and information security.
  • the application and data are divided into two parts: a second security domain and a security domain, wherein the second security domain manages private data and applications, including applications such as browsers and WeChat.
  • the first security domain manages enterprise data and applications, and employees manage their own address books, send and receive emails, manage corporate data, participate in phone calls, and video conferencing in a secure domain.
  • the application between the first security domain and the second security domain cannot communicate, or at least does not allow the second security domain to access the first security domain.
  • the kernel uses SELinux, even if the system is flashed, it cannot access the resources protected by the policy control.
  • the second security domain in this embodiment is equivalent to the second security domain in the foregoing embodiment; the security domain is equivalent to the first security domain in the foregoing embodiment.
  • the system of the terminal is divided into a kernel layer, a middleware layer, and an application layer.
  • the applications of the application layer are divided into personal applications and enterprise applications.
  • the enterprise application installation runs in the first security domain; the personal application installation runs in the second security domain.
  • the personal application may include an application such as WeChat, browser, QQ, and the like.
  • the enterprise application may include a mailbox, a contact book, and the like.
  • the enterprise application runs in the first security domain and is controlled by the enterprise network management equipment. After the employee accesses the company network through the VPN through the terminal, he can log in to the company mailbox in the first security domain to send and receive emails, participate in telephone and video conferences. The data of the enterprise application cannot be accessed by the second security domain. Data between enterprise applications in the first security domain is achievable.
  • the middleware layer includes a middleware layer control module and a policy control module.
  • the middleware layer control module is the security control part of the middleware layer on the Android system. If you control the communication between different components.
  • the policy control module divides the system into three domains, namely a system domain, a second security domain, and a first security domain.
  • the system domain is a pre-installed application.
  • the system domain can be accessed by the first security domain and the second security domain.
  • the first security domain and the second security domain may not access each other; or the first security domain may access the second security domain, but the second security domain cannot access the first security domain.
  • Each component also belongs to one of the domains, and mandatory access control is performed according to the established policy.
  • the policy control module also belongs to the middleware layer.
  • the policy control module further includes a policy management module, a firewall management module, and a kernel MAC management module.
  • the policy control module is responsible for dividing the newly installed application into access control between the first security domain and the second security domain and between different security domains according to the relevant certificate.
  • the policy control module guides the access control of the middleware layer control module and the kernel layer control module.
  • the middleware layer control module and the kernel layer control module prohibit communication between the first security domain and the second security domain according to policy rules of the policy control module, or allow communication between the first security domain and the second security domain.
  • the policy control module herein is equivalent to the determination unit 110 in the foregoing embodiment.
  • the middleware layer control module and the kernel layer control module may be components of the access control unit 120 in the foregoing embodiment.
  • the kernel layer control module is equivalent to the first access control module and the second access control module in the access control unit 120, and prohibits applications of the second security domain from accessing the first security domain by controlling interprocess communication and sockets. Applications.
  • the middleware layer control module is specifically configured to prohibit an application of the second security domain from accessing the application of the first security domain according to the policy of the policy management module.
  • the kernel layer control module belongs to the kernel layer.
  • the kernel layer control module is based on SELinux security control, and SELinux is a mandatory access control MAC system provided in the Linux kernel. Adding mandatory access control to the kernel can improve the security of the kernel.
  • the kernel control module can be divided into a firewall module and a kernel MAC module.
  • the firewall Modules are managed and controlled by the firewall management module.
  • the kernel MAC module is managed and controlled by the kernel MAC management module.
  • the firewall management module is specifically configured to prohibit an application of the second security domain from accessing the application of the first security domain through the socket according to the instruction and the record of the firewall management module.
  • the kernel MAC module is specifically configured to prohibit an application of the second security domain from accessing an application of the first security domain by using a file system or inter-process communication according to the instruction and record of the kernel MAC module.
  • the policy control module instructs the kernel layer control module to manage the communication security control, that is, assigns different security labels to the kernel resources of the kernel according to the domain division of the policy control module, and divides them into different domains to ensure the first security domain and the second security domain. Secure communication between.
  • Inter-application communication methods based on kernel resources include: communication methods based on pipes, message queues, sockets, shared memory, and file systems.
  • the access control of the SELinux kernel relies on the security policy file, which specifies the access rules between access entities.
  • the kernel layer control module is also used to periodically check whether the kernel layer has been modified to prevent tampering within the kernel.
  • the kernel layer control module also includes a firewall mechanism to prevent network entities between different domains from using local address communication.
  • Step S1 New application APK installation.
  • APK is the abbreviation of Android Package, which is the Android installation package.
  • the installation of a new app APK on Android is done by the installation package management module.
  • the installation package management module installs a new application APK, it will notify the policy management module that the new application is to be installed.
  • Step S2 The policy management module extracts a certificate from the APK.
  • the certificate here is equivalent to the installation package certificate in the previous embodiment.
  • the policy management module extracts the certificate of the new application APK in step S1, and the certificate indicates that the certificate is issued by the enterprise or a common certificate.
  • the issuing authority of the certificate serves as the standard for isolation.
  • the certificate issued by the enterprise, then the application is installed in the first security domain, if not Installed in the second security domain.
  • Step S3 The policy management module passes the certificate extracted in step 2 to the verification module to request verification.
  • Step S4 Performing verification, specifically: the verification module verifies whether the certificate of step 3 is an enterprise application or a personal application according to the verification rule, and generates a verification result to step 5. These verification rules are pre-stored in the verification module.
  • Step S5 The verification module of step 4 returns the verification result to the policy management module, and the policy management module performs security isolation and guides the kernel MAC management module and the firewall module to perform security isolation.
  • Step S6 Verification By adding the application to the first security domain, the verification does not pass the application to the second security domain.
  • Step S7 Notifying the kernel MAC management module.
  • the kernel resources such as kernel processes, sockets, and file systems generated by the application belong to the first security domain or the second security domain.
  • the kernel MAC management module securely identifies the kernel-level resources, and prohibits applications of the second security domain based on the kernel resources from accessing applications of the second security domain.
  • the kernel resources include: pipes, message queues, sockets, and the like.
  • Step S8 Notifying the firewall management module.
  • local applications can also communicate over network sockets. Therefore, in addition to securely isolating the remote network socket, the local network socket is also isolated.
  • the policy management module instructs the firewall management module to add a security token to the socket of the application according to the verification result of step S4.
  • the firewall management module records which application establishes which socket, whether the application is the first security domain or the second security domain.
  • Step S9 The policy management module notifies the installation package management module that the verification does not pass the installation in the second security domain by installing the application in the first security domain.
  • the policy management module notifies the installation package management module whether the application is an enterprise application or a personal application according to the verification result of step S4, and the installation package management module installs the application on the corresponding side according to the information, that is, the enterprise application security Installed in the first security domain, the personal application is installed in the second security domain.
  • the installation package management module herein is an integral part of the installation unit in the foregoing embodiment.
  • Step S10 Application installation is implemented by an installation package management module.
  • this example is based on a device that implements security control in SELinux.
  • the device is divided into a kernel layer, a middleware layer, and an application layer.
  • the application layer includes: an application A101 and an application B102.
  • the middleware layer includes a middleware layer control module 103, a policy management module 104, a firewall management module 105, and a MAC management module 106.
  • the kernel layer includes a kernel MAC layer 107 and a firewall module 108.
  • Application A101 an application running in a second security domain on the ordinary Android system. Generally belong to personal applications.
  • the application B102 runs an application of the first security domain on the ordinary Android system. Generally belong to enterprise-level applications.
  • the middleware layer control module 103 is a forced access control on the middleware layer of the Android system, and aims to prevent the non-secure application A101 from using the component to access the secure domain application B102.
  • Applications running inside the first security domain can access each other, that is, information within the enterprise can be shared.
  • Applications running inside the second security domain follow the permissions mechanism of the Android system itself, and can access each other upon applying for permission.
  • the policy management module 104 is a module belonging to the middleware layer, and is mainly responsible for controlling the middleware layer control module 103, the firewall management module 105, and the kernel MAC management module 106, and directs communication of each layer, that is, the first security domain and the second security domain. Can not communicate, or control the second security domain can not access the security domain.
  • the firewall management module 105 is a module belonging to the middleware layer, which is used to record which application's security identifier, the established socket of the application, and the IP address of the socket according to the instruction of the policy management module 104, so that the purpose is to let The firewall module 108 filters the application of the security domain and the second security domain. Applications use a local connection established by a socket to access each other.
  • the kernel MAC management module 106 is a module belonging to the middleware layer for converting to the security identifier of the kernel layer according to the instruction of the policy management module 104, and the kernel MAC module 107 prohibits the application A101 from accessing the application B 102 through the file system and inter-process communication.
  • the kernel MAC module 107 belongs to the kernel layer.
  • the kernel layer's mandatory access control is dependent on SELinux support, and based on the security indication of the kernel MAC management module 106, controls process-based communication between different security domains.
  • the file system-based communication is also controlled for different security applications.
  • the attribute of the identification file is the first security domain or the second security domain, and different domains cannot communicate with each other; or at least a security domain with a low security level. Applications cannot access applications with high security level security domains.
  • the firewall module 108 belongs to the kernel layer.
  • the firewall module 108 is configured to allow the application creation sockets between the security domains to communicate using the local address according to the records of the firewall management module 105, and to prohibit the application between the foreign domains from creating the network sockets to use the local address communication.
  • the local address here may include the IP address of the terminal and the like.
  • An embodiment of the present invention further provides a computer storage medium, where the computer storage medium stores computer executable instructions, where the computer executable instructions are used to perform at least one of the foregoing methods; specifically, as shown in FIG. 1 to FIG. Any of the methods shown.
  • the computer storage medium in this embodiment may include various types of storage media such as a hard disk, an optical disk, a flash disk or a USB disk, and optionally a non-transitory storage medium.
  • the disclosed apparatus and method may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner such as: multiple units or components may be combined, or Can be integrated into another system, or some features can be ignored or not executed.
  • the coupling, or direct coupling, or communication connection of the components shown or discussed may be through some connection.
  • the indirect coupling or communication connection of a port, device or unit may be electrical, mechanical or other form.
  • the units described above as separate components may or may not be physically separated, and the components displayed as the unit may or may not be physical units, that is, may be located in one place or distributed to multiple network units; Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing module, or each unit may be separately used as one unit, or two or more units may be integrated into one unit; the above integration
  • the unit can be implemented in the form of hardware or in the form of hardware plus software functional units.
  • the foregoing program may be stored in a computer readable storage medium, and the program is executed when executed.
  • the foregoing storage device includes the following steps: the foregoing storage medium includes: a mobile storage device, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk.
  • ROM read-only memory
  • RAM random access memory
  • magnetic disk or an optical disk.
  • optical disk A medium that can store program code.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed in an embodiment of the present invention are a security control method and device, the method comprising: determining a security domain to which an application belongs, wherein the security domain comprises a first security domain and a second security domain, and a security level of the first security domain is higher than a security level of the second security domain; and denying an application of the second security domain access to an application of the first security domain according to the security domain to which the application belongs. An embodiment of the present invention further provides a computer storage medium.

Description

安全控制方法、装置和计算机存储介质Safety control method, device and computer storage medium 技术领域Technical field
本发明涉及通信领域的安全控制技术,尤其涉及一种安全控制方法、装置和计算机存储介质。The present invention relates to security control technologies in the field of communications, and in particular, to a security control method, apparatus, and computer storage medium.
背景技术Background technique
随着各种通信技术和电子技术的发展,电子设备的功能越来越强大。具体如出现了品种繁多且功能强大的智能移动终端。所述智能移动终端可包括手机、平板电脑等电子设备。然而利用所述智能移动终端办公就涉及到办公安全问题,若办公信息丢失可能会导致公司的商业秘密等出现泄漏等信息安全和应用安全问题。With the development of various communication technologies and electronic technologies, the functions of electronic devices are becoming more and more powerful. Specifically, there are a variety of intelligent mobile terminals with powerful functions. The smart mobile terminal may include an electronic device such as a mobile phone or a tablet computer. However, when the smart mobile terminal is used for office work, the office security problem is involved. If the office information is lost, information security and application security problems such as leakage of the company's business secrets may be caused.
然而很多智能移动终端使用的安全等级较低的系统,如开放式的安卓系统等系统,这些系统由于其开放性,很容易被恶意代码植入、公私数据混合、信息泄密等问题。且这些系统还具体操作系统易被攻击、对于数据泄露缺乏保护机制及非常有限的控制及管理策略等问题。However, many smart mobile terminals use systems with lower security levels, such as open Android systems. These systems are vulnerable to malicious code embedding, public-private data mixing, and information leakage due to their openness. These systems also have specific operating systems that are vulnerable to attacks, lack of protection against data breaches, and very limited control and management strategies.
针对上述问题,目前利用虚拟化技术来进行安全隔离,但是虚拟机技术,相当于在同一个移动终端上运行两套系统,这样会终端因增加了一套系统的运行,会增加大量的负荷、且因增加的负荷会消耗大量的电能,应用在智能移动终端上,会导致智能移动终端的待机时长短、电池使用寿命缩短及系统资源消耗大等问题。In view of the above problems, virtualization technology is currently used for security isolation. However, virtual machine technology is equivalent to running two systems on the same mobile terminal. This will increase the load on the system and increase the load. Moreover, due to the increased load, a large amount of electric energy is consumed, and the application is applied to the smart mobile terminal, which may cause problems such as standby time of the smart mobile terminal, shortened battery life, and large system resource consumption.
发明内容Summary of the invention
有鉴于此,本发明实施例期望提供一种安全控制方法、装置和计算机存储介质,以至少部分解决现有技术中的安全控制系统负荷大、能耗大及 待机时长短的问题。In view of this, embodiments of the present invention are directed to providing a security control method, apparatus, and computer storage medium to at least partially solve the problem of large load and high energy consumption of the security control system in the prior art. The problem of the length of standby.
本发明实施例的技术方案是这样实现的:The technical solution of the embodiment of the present invention is implemented as follows:
本发明实施例第一方面提供一种安全控制方法,所述方法包括:A first aspect of the embodiments of the present invention provides a security control method, where the method includes:
确定应用归属的安全域;所述安全域包括第一安全域和第二安全域;所述第一安全域的安全等级高于所述第二安全域的安全等级;Determining a security domain to which the application belongs; the security domain includes a first security domain and a second security domain; a security level of the first security domain is higher than a security level of the second security domain;
依据应用归属的安全域,禁止所述第二安全域的应用访问所述第一安全域的应用。The application of the second security domain is prohibited from accessing the application of the first security domain according to the security domain to which the application belongs.
基于上述方案,所述依据应用归属的安全域,禁止所述第二安全域的应用访问所述第一安全域的应用,包括:Based on the foregoing solution, the application of the second security domain is prohibited from accessing the application of the first security domain according to the security domain to which the application belongs, including:
根据所述应用归属的安全域,生成安全标识;Generating a security identifier according to the security domain to which the application belongs;
根据所述安全标识,禁止所述第二安全域的应用访问所述第一安全域的应用。And the application of the second security domain is prohibited from accessing the application of the first security domain according to the security identifier.
基于上述方案,所述确定应用归属的安全域,包括:Based on the foregoing solution, the determining the security domain to which the application belongs includes:
获取所述应用的安装证书;Obtaining an installation certificate for the application;
依据所述安装证书,确定所述应用归属的安全域。Determining, according to the installation certificate, a security domain to which the application belongs.
基于上述方案,所述确定应用归属的安全域,还包括:Based on the foregoing solution, the determining the security domain to which the application belongs includes:
验证所述安装证书,形成验证结果;Verifying the installation certificate to form a verification result;
所述依据所述安装证书,确定所述应用归属的安全域,包括:Determining, according to the installation certificate, a security domain to which the application belongs, including:
基于所述验证结果,确定所述应用归属的安全域。Based on the verification result, the security domain to which the application belongs is determined.
基于上述方案,所述根据所述应用的安全等级,生成安全标识,包括:Based on the foregoing solution, the generating a security identifier according to the security level of the application includes:
依据所述应用归属的安全域,为所述应用对应的内核资源生成安全标识。Generating a security identifier for the kernel resource corresponding to the application according to the security domain to which the application belongs.
基于上述方案,所述根据所述安全标识,禁止所述第二安全域的应用访问所述第一安全域的应用,包括:Based on the foregoing solution, the application of the second security domain is prohibited from accessing the application of the first security domain according to the security identifier, including:
依据所述安全标识,禁止所述第二安全域的应用通过进程间通信或文 件系统访问所述第一安全域的应用;According to the security identifier, the application of the second security domain is prohibited from passing interprocess communication or text. The system accesses the application of the first security domain;
依据所述全标识,禁止所述第二安全域的应用通过套接字访问所述第一安全域的应用。And the application of the second security domain is prohibited from accessing the application of the first security domain by using a socket according to the total identifier.
基于上述方案,所述方法还包括:Based on the foregoing solution, the method further includes:
依据应用归属的安全域,将所述应用的内部通信组件划分到所述应用所在的安全域;Dividing, according to the security domain to which the application belongs, the internal communication component of the application to the security domain in which the application is located;
所述依据应用归属的安全域,禁止所述第二安全域的应用访问所述第一安全域的应用,包括:The application of the second security domain is prohibited from accessing the application of the first security domain according to the security domain to which the application belongs, including:
禁止第二安全域的应用通过内部通信组件访问所述第一安全域的应用。The application of the second security domain is prohibited from accessing the application of the first security domain through an internal communication component.
基于上述方案,所述方法还包括:Based on the foregoing solution, the method further includes:
依据所述应用归属的安全域,允许所述第一安全等级的应用访问所述第二安全等级的应用。The application of the first security level is allowed to access the application of the second security level according to the security domain to which the application belongs.
基于上述方案,所述方法还包括:Based on the foregoing solution, the method further includes:
将所述第一安全等级的应用安装在第一安全域;Installing the application of the first security level in the first security domain;
将所述第二安全等级的应用安装在第二安全域。The application of the second security level is installed in the second security domain.
本发明实施例第二方面还提供一种安全控制装置,所述装置包括:A second aspect of the embodiments of the present invention further provides a security control apparatus, where the apparatus includes:
确定单元,配置为确定应用归属的安全域;所述安全域包括第一安全域和第二安全域;所述第一安全域的安全等级高于所述第二安全域的安全等级;a determining unit, configured to determine a security domain to which the application belongs; the security domain includes a first security domain and a second security domain; and the security level of the first security domain is higher than a security level of the second security domain;
访问控制单元,配置为依据应用归属的安全域,禁止所述第二安全域的应用访问所述第一安全域的应用。The access control unit is configured to prohibit the application of the second security domain from accessing the application of the first security domain according to the security domain to which the application belongs.
基于上述方案,所述装置还包括:Based on the above solution, the device further includes:
生成单元,配置为根据所述应用归属的安全域,生成安全标识;Generating a unit, configured to generate a security identifier according to the security domain to which the application belongs;
所述访问控制单元,配置为根据所述安全标识,禁止所述第二安全域 的应用访问所述第一安全域的应用。The access control unit is configured to prohibit the second security domain according to the security identifier The application accesses the application of the first security domain.
基于上述方案,所述确定单元包括:Based on the above solution, the determining unit includes:
获取模块,配置为获取所述应用的安装证书;Obtaining a module, configured to obtain an installation certificate of the application;
确定模块,配置为据所述安装证书,确定所述应用归属的安全域。The determining module is configured to determine a security domain to which the application belongs according to the installation certificate.
基于上述方案,所述装置还包括:Based on the above solution, the device further includes:
验证单元,配置为验证所述安装证书,形成验证结果;a verification unit configured to verify the installation certificate to form a verification result;
所述确定单元,具体用于基于所述验证结果,确定所述应用归属的安全域。The determining unit is specifically configured to determine, according to the verification result, a security domain to which the application belongs.
基于上述方案,所述生成单元,配置为依据所述应用归属的安全域,为所述应用对应的内核资源生成安全标识。Based on the above solution, the generating unit is configured to generate a security identifier for the kernel resource corresponding to the application according to the security domain to which the application belongs.
基于上述方案,所述访问控制单元包括:Based on the foregoing solution, the access control unit includes:
第一访问控制模块,配置为依据所述安全标识,禁止所述第二安全域的应用通过进程间通信或文件系统访问所述第一安全域的应用;The first access control module is configured to prohibit, according to the security identifier, an application of the second security domain from accessing an application of the first security domain by using an inter-process communication or a file system;
第二访问控制模块,配置为依据所述全标识,禁止所述第二安全域的应用通过套接字访问所述第一安全域的应用。The second access control module is configured to prohibit the application of the second security domain from accessing the application of the first security domain by using a socket according to the total identifier.
基于上述方案,所述装置还包括:Based on the above solution, the device further includes:
组件单元,配置为依据应用归属的安全域,将所述应用的内部通信组件划分到所述应用所在的安全域;a component unit, configured to divide an internal communication component of the application into a security domain in which the application is located according to a security domain to which the application belongs;
所述访问控制单元,配置为禁止第二安全域的应用通过内部通信组件访问所述第一安全域的应用。The access control unit is configured to prohibit an application of the second security domain from accessing an application of the first security domain by using an internal communication component.
基于上述方案,所述访问控制单元,还配置为依据所述应用归属的安全域,允许所述第一安全域的应用访问所述第二安全域的应用。Based on the foregoing solution, the access control unit is further configured to allow an application of the first security domain to access an application of the second security domain according to a security domain to which the application belongs.
基于上述方案,所述装置还包括:Based on the above solution, the device further includes:
安装单元,配置为将所述第一安全等级的应用安装在第一安全域;及将所述第二安全等级的应用安装在第二安全域。 And an installation unit configured to install the application of the first security level in a first security domain; and install the application of the second security level in a second security domain.
本发明实施例还提供了一种计算机存储介质,所述计算机存储介质中存储有计算机可执行指令,所述计算机可执行指令用于执行上述方法的至少其中之一。The embodiment of the invention further provides a computer storage medium, wherein the computer storage medium stores computer executable instructions, and the computer executable instructions are used to perform at least one of the foregoing methods.
本发明实施例一种安全控制方法、装置和计算机存储介质,将应用归属到不同安全等级的安全域中,并禁止安全等级低的安全域的应用不能访问安全等级高的安全域中的应用,这样也达到了隔离应用,保证应用的使用安全和信息安全的目的,同时系统无需运行两套系统,从而减少了安全控制的负荷、降低了终端的功耗,延长了终端的待机时长。An embodiment of the present invention provides a security control method, apparatus, and computer storage medium, which are applied to a security domain of different security levels, and prohibit applications of a security domain with a low security level from accessing applications in a security domain with a high security level. This also achieves the purpose of isolation application, ensuring the application security and information security, and the system does not need to run two systems, thereby reducing the load of security control, reducing the power consumption of the terminal, and prolonging the standby time of the terminal.
附图说明DRAWINGS
图1为本发明实施例所述的安全控制方法的流程示意图之一;1 is a schematic flowchart of a security control method according to an embodiment of the present invention;
图2为本发明实施例所述确定应用归属的安全域的流程示意图;2 is a schematic flowchart of determining a security domain to which an application belongs according to an embodiment of the present invention;
图3为本发明实施例所述的安全控制方法的流程示意图之二;3 is a second schematic flowchart of a security control method according to an embodiment of the present invention;
图4为本发明实施例所述的安全控制装置的结构示意图之一;4 is a schematic structural diagram of a security control apparatus according to an embodiment of the present invention;
图5为本发明示例所述的安全控制装置的结构示意图之一;FIG. 5 is a schematic structural diagram of a safety control apparatus according to an example of the present invention; FIG.
图6为本发明示例所述的安全控制方法的流程示意图;6 is a schematic flow chart of a security control method according to an example of the present invention;
图7为本发明示例所述的安全控制装置的结构示意图之二。FIG. 7 is a second schematic structural diagram of a safety control device according to an example of the present invention.
具体实施方式detailed description
以下结合说明书附图及具体实施例对本发明的技术方案做进一步的详细阐述;应当理解,以下所说明的优选实施例仅用于说明和解释本发明,并不用于限定本发明。The present invention is further described in detail with reference to the accompanying drawings and specific embodiments.
方法实施例:Method embodiment:
如图1所示,本实施例提供一种安全控制方法,所述方法包括:As shown in FIG. 1 , this embodiment provides a security control method, where the method includes:
步骤S110:确定应用归属的安全域;所述安全域包括第一安全域和第二安全域;所述第一安全域的安全等级高于所述第二安全域的安全等级; Step S110: determining a security domain to which the application belongs; the security domain includes a first security domain and a second security domain; and the security level of the first security domain is higher than a security level of the second security domain;
步骤S120:依据应用归属的安全域,禁止所述第二安全域的应用访问所述第一安全域的应用。Step S120: The application of the second security domain is prohibited from accessing the application of the first security domain according to the security domain to which the application belongs.
本实施例所述的安全控制方法可以应用于各种终端中,尤其适用于移动终端中,譬如手机或平板电脑等电子设备。The security control method described in this embodiment can be applied to various terminals, and is particularly suitable for use in a mobile terminal, such as an electronic device such as a mobile phone or a tablet computer.
本实施例所述电子设备采用的系统可为各种类型的系统,如安卓系统等。在具体的实现过程中,所述电子设备的系统将可被划分为三个域,分别是系统域、第一安全等级域和第二安全等级域。所述系统域中为系统安装是自带的系统级应用,所述第一安全等级域和第二安全等级域中安装的应用为系统安装之后安装的应用。The system adopted by the electronic device in this embodiment may be various types of systems, such as an Android system. In a specific implementation process, the system of the electronic device may be divided into three domains, namely a system domain, a first security level domain, and a second security level domain. The system domain is a system-level application that is self-contained for the system installation, and the applications installed in the first security level domain and the second security level domain are applications installed after the system is installed.
在本实施例中所述第一安全域的安全等级是高于所述第二安全域的安全等级,第一安全域内的安全系数要高一些。通常将企业应用安装到所述第一安全域中,而将个人应用安装到第二安全域中。总之一般在使用过程中涉及的信息安全性要求高或应用安全要求高的应用安装到第一安全域中,否则安装到第二安全域中。In this embodiment, the security level of the first security domain is higher than the security level of the second security domain, and the security factor in the first security domain is higher. The enterprise application is typically installed into the first secure domain and the personal application is installed into a second secure domain. In short, an application with high information security requirements or high application security requirements involved in the application process is generally installed in the first security domain, otherwise it is installed in the second security domain.
在步骤S120中为了第二安全域中的应用访问到第一安全域中的应用,导致信息泄露及应用使用安全低的问题,在步骤S120中将限制所述第二安全域中的应用访问安装在第一安全域中的应用,这样就很好的实现了应用安全隔离作用。In step S120, in order to access the application in the first security domain for the application in the second security domain, causing information leakage and low application security, the application access installation in the second security domain is restricted in step S120. In the first security domain, this is a good way to achieve application security isolation.
在步骤S120中禁止第二安全域的应用访问第一安全域中的应用。在本实施例中将应用划分到不同安全等级的安全域中,并根据应用所在的安全域来控制应用之间的相互访问,这样的话,就避免了如现有技术中一样通过运行两套系统来实现访问安全控制,将少了系统负担、节省了能耗,延长了移动终端的待机时长。The application of the second security domain is prohibited from accessing the application in the first security domain in step S120. In this embodiment, the application is divided into security domains of different security levels, and mutual access between applications is controlled according to the security domain in which the application is located, so that two systems are operated by running as in the prior art. To achieve access security control, the system burden will be reduced, energy consumption will be saved, and the standby time of the mobile terminal will be prolonged.
依据应用归属的安全域,禁止所述第二安全域的应用访问所述第一安全域的应用;但是在具体实现时,所述方法还可依据所述应用归属的安全 域,可允许所述第一安全域内的应用相互访问;第二安全域中的应用相互访问,并且允许第一安全域的应用访问第二安全域的应用。这样的话,终端在不用退出所述第一安全域的情况下,就能满足用户访问第二安全域中应用的需求。譬如,在第一安全域中安装的应用包括:企业邮箱、虚拟专用网络(Virtual Private Network,VPN)、企业通信录等应用。在第二安全与中安装的应用包括微信、QQ等个人应用。若用户利用安卓手机在第一安全域中VPN利用企业邮箱登录到企业邮箱服务器。在查看邮件的过程中,企业邮箱发送的邮件中,有一个链接来自其个人的QQ邮箱。若第一安全域不能访问第二安全域的应用,这时需要进入第二安全域来打开QQ邮箱。但是若第一安全域的应用能够访问第二安全域的应用,这时用户可通过企业邮箱中的QQ邮箱链接,想查个人的QQ邮箱,利用本实施例所述的安全控制方法,用户不用控制电子设备退出第一安全域的情况下,就能打开微信应用,在保证了应用安全的同时,还能够方便快捷的控制第一安全域的应用实现对第二安全域的应用的访问。The application of the second security domain is prohibited from accessing the application of the first security domain according to the security domain to which the application belongs; but in a specific implementation, the method may further depend on the security of the application attribution. The domain may allow applications in the first security domain to access each other; applications in the second security domain access each other, and applications of the first security domain are allowed to access applications of the second security domain. In this way, the terminal can satisfy the requirement of the user to access the application in the second security domain without exiting the first security domain. For example, applications installed in the first security domain include: enterprise mailboxes, virtual private networks (VPNs), enterprise contacts, and other applications. Applications installed in the second security and installation include personal applications such as WeChat and QQ. If the user uses the Android phone to log in to the enterprise mailbox server using the enterprise mailbox in the VPN in the first security domain. In the process of checking the mail, there is a link in the mail sent by the enterprise mailbox from its personal QQ mailbox. If the first security domain cannot access the application of the second security domain, then it is necessary to enter the second security domain to open the QQ mailbox. However, if the application of the first security domain can access the application of the second security domain, the user can use the QQ mailbox link in the enterprise mailbox to check the personal QQ mailbox, and use the security control method described in this embodiment. When the control electronic device exits the first security domain, the WeChat application can be opened, and the application security is ensured, and the application of the first security domain can be conveniently and quickly controlled to access the application of the second security domain.
所述步骤S120可包括:根据所述应用归属的安全域,生成安全标识;及根据所述安全标识,禁止所述第二安全域的应用访问所述第一安全域的应用。The step S120 may include: generating a security identifier according to the security domain to which the application belongs; and prohibiting the application of the second security domain from accessing the application of the first security domain according to the security identifier.
一旦应用安装后,在运行时会建立相应的进程、分配对应的内存资源,生成对应的套接字、并采用管道实现应用之间通信等。Once the application is installed, the corresponding process is established at runtime, the corresponding memory resources are allocated, corresponding sockets are generated, and communication between applications is implemented by using a pipeline.
为了更加方便的控制访问,在本实施例中将生成对应的安全标识。应用对应的内核资源的安全标识决定于应用所归属于的安全域。若应用归属第一安全域,则应用对应的内核资源的安全标识也是与第一安全域相对应的。若应用归属第二安全域,则应用对应的内核资源的安全标识也是与第二安全域相对应的。In order to control access more conveniently, a corresponding security identifier will be generated in this embodiment. The security identifier of the application corresponding kernel resource is determined by the security domain to which the application belongs. If the application belongs to the first security domain, the security identifier of the corresponding kernel resource is also corresponding to the first security domain. If the application belongs to the second security domain, the security identifier of the corresponding kernel resource is also corresponding to the second security domain.
在进行应用间的访问控制时,根据所述安全标识来控制应用之前的访 问。若相互需要访问的两个应用的内核资源的安全标识表明这两个应用是属于同一个安全域的,则允许相互访问。若相互需要访问的两个应用的内核资源的安全标识表明这两个应用属于不同的安全域,则允许高安全等级的安全域的应用访问低安全等级的安全域的应用,并禁止低安全等级的安全域的应用访问高安全等级的安全域的应用。Controlling the application's previous visit based on the security identifier when performing access control between applications ask. If the security identifiers of the kernel resources of the two applications that need to access each other indicate that the two applications belong to the same security domain, mutual access is allowed. If the security identifiers of the kernel resources of the two applications that need to access each other indicate that the two applications belong to different security domains, the application of the security domain of the high security level is allowed to access the application of the security domain of the low security level, and the low security level is prohibited. The application of the security domain accesses the application of the security domain with a high security level.
如图2所示,所述步骤S110可包括:As shown in FIG. 2, the step S110 may include:
步骤S111:获取所述应用的安装证书;Step S111: Acquire an installation certificate of the application.
步骤S112:依据所述安装证书,确定所述应用归属的安全域。Step S112: Determine, according to the installation certificate, a security domain to which the application belongs.
在应用进行安装时,通常都对应有安装包的安装证书,安装证书是由发布机构发布的标准,可以用于对安全提供参考。所述安装证书可包括企业发布证书和普通证书。一般情况下,应用的安装证书为企业发布证书,则表明该应用要求应用安全等级和信息安全等级要求高。若应用的安装证书为普通证书,则表明该应用要求应用安全等级和信息安全等级要求相对较低。在本实施例中根据这一特点,根据应用的安装证书来确定应用归属的安全域。When an application is installed, it usually corresponds to the installation certificate of the installation package. The installation certificate is a standard issued by the issuing organization and can be used to provide reference for security. The installation certificate may include an enterprise publishing certificate and a general certificate. In general, if the installation certificate of the application is a certificate issued by the enterprise, it indicates that the application requires high application security level and information security level. If the installation certificate of the application is a normal certificate, it indicates that the application requires a relatively low application security level and information security level. In this embodiment, according to this feature, the security domain to which the application belongs is determined according to the installation certificate of the application.
在具体的实现过程中,也可以根据用户输入的指示来确定应用归属的安全域。具体如,电子设备在安装应用时,弹出对应的对话框,询问用户正在安装的应用是安装到第一安全域还是第二安全域,在接收用户输入的指示,根据指示将应用安装到对应的安全域的过程,既实现了对应用归属的安全域的划分,同时实现了应用的安装。具体如,在安装应用时,可包括:将所述第一安全等级的应用安装在第一安全域;及将所述第二安全等级的应用安装在第二安全域。In a specific implementation process, the security domain to which the application belongs may also be determined according to an indication input by the user. For example, when the electronic device installs the application, a corresponding dialog box is popped up, asking whether the application being installed by the user is installed to the first security domain or the second security domain, receiving an indication input by the user, and installing the application according to the indication to the corresponding The process of the security domain not only realizes the division of the security domain to which the application belongs, but also implements the installation of the application. For example, when the application is installed, the method may include: installing the application of the first security level in a first security domain; and installing the application of the second security level in a second security domain.
所述步骤S110还包括:验证所述安装证书,形成验证结果。所述步骤S112包括:基于所述验证结果,确定所述应用归属的安全域。The step S110 further includes: verifying the installation certificate to form a verification result. The step S112 includes: determining, according to the verification result, a security domain to which the application belongs.
在本实施例中为了进一步提高第一安全域的应用的安全性,避免有的 应用的安装证书被恶意篡改,导致原本应该安装在第一安全域的应用被错误的安装到第二安全域中,进而被错误安装到第一安全域的应用访问到第一安全域中其他应用的问题。In this embodiment, in order to further improve the security of the application of the first security domain, some are avoided. The installation certificate of the application is maliciously falsified, so that the application that should be installed in the first security domain is incorrectly installed in the second security domain, and the application that is incorrectly installed to the first security domain accesses the other application in the first security domain. The problem.
这里的验证所述安装证书可包括将所述安装证书通过网络发送到验证平台进行验证,并从验证平台接收所述验证结果。当然验证的方法还有很多,可以参见现有技术,在此就不再一一描述了。The verifying the installation certificate herein may include transmitting the installation certificate to the verification platform via the network for verification, and receiving the verification result from the verification platform. There are of course many methods for verification. See the prior art, and we will not describe them one by one here.
所述根据所述应用的安全等级,生成安全标识,包括:依据所述应用归属的安全域,为所述应用对应的内核资源生成安全标识。The generating the security identifier according to the security level of the application includes: generating a security identifier for the kernel resource corresponding to the application according to the security domain to which the application belongs.
所述内核资源可包括可用于应用间相互访问的管道、套接字、消息队列及共享内存等共享资源。The kernel resources may include shared resources such as pipes, sockets, message queues, and shared memory that are available for inter-application access.
所述管道:在Linux中是一种使用非常频繁的通信机制。从本质上说,管道也是一种文件,对应了一个容量固定的缓冲区。The pipeline: in Linux is a very frequent communication mechanism. In essence, a pipe is also a file that corresponds to a buffer with a fixed capacity.
所述源IP地址和目的IP地址以及源端口号和目的端口号的组合称为套接字。其用于标识客户端请求的服务器和服务。所述IP为Internet Protocol的缩写,对应的中文为网络协议。The combination of the source IP address and the destination IP address and the source port number and the destination port number is called a socket. It is used to identify the servers and services requested by the client. The IP is an abbreviation of Internet Protocol, and the corresponding Chinese is a network protocol.
所述消息队列是在消息的传输过程中保存消息的容器。The message queue is a container that holds messages during the transmission of a message.
这些内核资源可以为应用之间相互访问提供通道和方式。These kernel resources provide a way and means for applications to access each other.
在本实施例中为应用对应的内核资源生成安全标识,根据这些安全标识禁止第二安全域的应用访问第一安全域的应用。In this embodiment, a security identifier is generated for the kernel resource corresponding to the application, and the application of the second security domain is prohibited from accessing the application of the first security domain according to the security identifier.
应用之间的相互访问可包括利用Mutual access between applications can include utilization
所述步骤S120可具体包括:The step S120 may specifically include:
依据所述安全标识,禁止所述第二安全域的应用通过进程间通信或文件系统访问所述第一安全域的应用;According to the security identifier, the application of the second security domain is prohibited from accessing the application of the first security domain by using an inter-process communication or a file system;
依据所述全标识,禁止所述第二安全域的应用通过套接字访问所述第一安全域的应用。 And the application of the second security domain is prohibited from accessing the application of the first security domain by using a socket according to the total identifier.
这样的话,就禁止了第二安全域的应用通过进程间通信访问第一安全域的应用。In this case, the application of the second security domain is prohibited from accessing the application of the first security domain through inter-process communication.
同时,为了避免应用将通过套接字相互访问,在本实施例中可利用防火墙根据套接字的安全标识对套接字进行安全过滤,避免第二安全域的应用通过套接字访问第一安全域的应用。In the meantime, in order to prevent the application from being accessed by the sockets, in the embodiment, the firewall can be used to securely filter the socket according to the security identifier of the socket, so as to prevent the application of the second security domain from accessing the socket through the socket. The application of the security domain.
此外,如图3所示,所述方法还包括:In addition, as shown in FIG. 3, the method further includes:
步骤S111:依据应用归属的安全域,将所述应用的内部通信组件划分到所述应用所在的安全域;Step S111: According to the security domain to which the application belongs, the internal communication component of the application is divided into the security domain where the application is located;
所述步骤S120可包括:。The step S120 may include:
应用之间的访问还可以通过系统内部通信组件来进行访问,在本实施例中为了禁止第一安全域的应用被第二安全域的应用利用内部通信组件进行访问,在本实施例的步骤S111中会将组件划分到不同给的安全域,较低安全域内部通信组件是无法访问到较高安全域中的应用的。即第二安全域中的内部通信组件无法访问到第一安全域中的应用的;当然第二安全域的应用也无法访问到第一安全域中的内部通信组件。The access between the applications can also be accessed through the internal communication component of the system. In this embodiment, in order to prevent the application of the first security domain from being accessed by the application of the second security domain by using the internal communication component, step S111 in this embodiment is performed. The middleware divides the components into different security domains, and the lower security domain internal communication components cannot access applications in the higher security domain. That is, the internal communication component in the second security domain cannot access the application in the first security domain; of course, the application of the second security domain cannot access the internal communication component in the first security domain.
显然本实施例所述的方法,分别禁止了第二安全域的应用通过进程间通信、内部通信组件以及套接字访问第一安全域的应用,保证了第一安全域的应用的使用安全和信息安全,且避免了电子设备同时运行两套系统导致的能耗大、待机时间短的问题。It is obvious that the method in this embodiment prohibits the application of the second security domain from using the inter-process communication, the internal communication component, and the socket to access the application of the first security domain, thereby ensuring the security of the application of the first security domain. Information security, and avoids the problem of high energy consumption and short standby time caused by the simultaneous operation of two sets of electronic devices.
此外,为了进一步增强所述第一安全域的应用的使用安全和信息安全,本实施例所述方法还包括:In addition, in order to further enhance the usage security and information security of the application of the first security domain, the method in this embodiment further includes:
记录应用归属的安全域、组件归属的安全域及内核资源的安全标识等信息。Record information such as the security domain to which the application belongs, the security domain to which the component belongs, and the security identity of the kernel resource.
定期检测所述内核资源的安全标识是否被篡改、系统内核代码被篡改、组件归属的安全域及应用归属的安全域是否被非法篡改,防止安全标识和 内核代码被篡改导致的使用安全和信息安全风险的问题。Regularly detecting whether the security identifier of the kernel resource has been tampered with, the system kernel code has been tampered with, the security domain to which the component belongs, and the security domain to which the application belongs are illegally tampered to prevent security identification and The kernel code was tampered with the use of security and information security risks.
设备实施例:Equipment embodiment:
如图4所示,本实施例提供一种安全控制装置,所述装置包括:As shown in FIG. 4, this embodiment provides a security control apparatus, where the apparatus includes:
确定单元110,配置为确定应用归属的安全域;所述安全域包括第一安全域和第二安全域;所述第一安全域的安全等级高于所述第二安全域的安全等级;The determining unit 110 is configured to determine a security domain to which the application belongs; the security domain includes a first security domain and a second security domain; and the security level of the first security domain is higher than a security level of the second security domain;
访问控制单元120,配置为依据应用归属的安全域,禁止所述第二安全域的应用访问所述第一安全域的应用。The access control unit 120 is configured to prohibit an application of the second security domain from accessing an application of the first security domain according to a security domain to which the application belongs.
本实施例所述安全控制装置可为终端本身或终端中的部分结构。所述终端可包括手机或平板电脑等电子设备。所述终端的系统可包括安卓系统。The security control device in this embodiment may be part of the terminal itself or in the terminal. The terminal may include an electronic device such as a mobile phone or a tablet computer. The system of the terminal may include an Android system.
所述确定单元110及访问控制单元120的具体结构可对应于所述终端中具有信息处理功能的处理器或处理电路。所述处理器可包括应用处理器、中央处理器、微处理器、数字信号处理或可编程阵列等具有信息处理功能的处理器。所述处理电路可包括专用集成控制电路ASIC。所述处理器可通过执行指定代码的执行完成对应的功能。The specific structure of the determining unit 110 and the access control unit 120 may correspond to a processor or processing circuit having an information processing function in the terminal. The processor may include a processor having an information processing function, such as an application processor, a central processing unit, a microprocessor, a digital signal processing, or a programmable array. The processing circuit can include a dedicated integrated control circuit ASIC. The processor can perform the corresponding function by performing execution of the specified code.
所述装置还包括:The device also includes:
生成单元,配置为根据所述应用归属的安全域,生成安全标识;Generating a unit, configured to generate a security identifier according to the security domain to which the application belongs;
所述访问控制单元120,配置为根据所述安全标识,禁止所述第二安全域的应用访问所述第一安全域的应用。The access control unit 120 is configured to prohibit an application of the second security domain from accessing an application of the first security domain according to the security identifier.
所述生成单元可包括处理器或处理电路,能够生成所述安全标识,还可包括存储介质,存储所述安全标识。通过存储介质存储所述安全标识,在后续使用时能够有禁止第二安全域的应用访问第一安全域的应用。The generating unit may include a processor or a processing circuit capable of generating the security identifier, and may further include a storage medium storing the security identifier. The security identifier is stored by the storage medium, and the application of the second security domain is prohibited from accessing the application of the first security domain in subsequent use.
所述确定单元包括:The determining unit includes:
获取模块,配置为获取所述应用的安装证书;Obtaining a module, configured to obtain an installation certificate of the application;
确定模块,配置为依据所述安装证书,确定所述应用归属的安全域。 And a determining module, configured to determine, according to the installation certificate, a security domain to which the application belongs.
所述获取模块可包括解析器,用于通过解析所述应用的安装包或安装文件的方式获取到所述安装证书。The obtaining module may include a parser for obtaining the installation certificate by parsing an installation package or an installation file of the application.
所述确定模块可包括处理器或处理电路,根据安装证书确定所述应用归属的安全域。The determining module may include a processor or processing circuit to determine a security domain to which the application belongs according to the installation certificate.
所述装置还包括:The device also includes:
验证单元,配置为验证所述安装证书,形成验证结果;a verification unit configured to verify the installation certificate to form a verification result;
所述确定单元110,配置为基于所述验证结果,确定所述应用归属的安全域。The determining unit 110 is configured to determine, according to the verification result, a security domain to which the application belongs.
所述验证单元的结构因验证的方式不同而不同,若通过验证平台进行验证,则所述验证单元包括通信接口,所述通信接口可为有线或无线的通信接口,能够与验证平台进行通信,并获取所述验证结果。若终端自行对安装证书进行验证,则所述验证单元可包括具有验证处理的处理器或处理电路。所述处理器和处理电路的结构可参见前述部分,在此就不重复了。The structure of the verification unit is different depending on the manner of verification. If the verification is performed by the verification platform, the verification unit includes a communication interface, and the communication interface may be a wired or wireless communication interface, and can communicate with the verification platform. And obtaining the verification result. If the terminal self-verifies the installation certificate, the verification unit may include a processor or processing circuit with verification processing. The structure of the processor and the processing circuit can be referred to the foregoing part and will not be repeated here.
所述生成单元,具体用于依据所述应用归属的安全域,为所述应用对应的内核资源生成安全标识。The generating unit is configured to generate a security identifier for the kernel resource corresponding to the application according to the security domain to which the application belongs.
在本实施例中对应用的内核资源进行标记,这个标记即为所述安全标识,然后通过安全标识在以来内核资源进行的应用间通信时,可以依据所述安全标识允许或禁止应用间的通信。在本实施例中禁止应用间的通信,主要体现在禁止第二安全域的应用访问第一安全域的应用。In this embodiment, the kernel resource of the application is marked, and the identifier is the security identifier, and then the security identifier is used to allow or prohibit communication between applications according to the security identifier. . In the embodiment, the communication between the applications is prohibited, and the application of the second security domain is prohibited from accessing the application of the first security domain.
所述访问控制单元120包括:The access control unit 120 includes:
第一访问控制模块,配置为依据所述安全标识,禁止所述第二安全域的应用通过进程间通信或文件系统访问所述第一安全域的应用;The first access control module is configured to prohibit, according to the security identifier, an application of the second security domain from accessing an application of the first security domain by using an inter-process communication or a file system;
第二访问控制模块,用于依据所述全标识,禁止所述第二安全域的应用通过套接字访问所述第一安全域的应用。The second access control module is configured to prohibit the application of the second security domain from accessing the application of the first security domain by using a socket according to the total identifier.
在本实施例中访问控制单元120分为了第一访问控制模块和第二访问 控制模块,分别控制应用间间不同的访问方式。第一访问控制模块,至少能够用于禁止第二安全域的应用通过进程间通信访问所述第一安全域的应用,具体如禁止第二安全域的应用通过IPC进程访问所述第一安全域的应用。所述IPC进程为基于IPC对象的进行。IPC对象是活动在内核级别的一种进程间通信的工具。所述IPC对象可以是消息队列或信号量或共享存储器中的任意一种类型。In this embodiment, the access control unit 120 is divided into a first access control module and a second access. The control module controls different access modes between applications. The first access control module is configured to prevent the application of the second security domain from accessing the application of the first security domain by using the inter-process communication, for example, the application of the second security domain is prohibited from accessing the first security domain by using an IPC process. Applications. The IPC process is performed based on an IPC object. An IPC object is a tool that communicates between processes at the kernel level. The IPC object can be any type of message queue or semaphore or shared memory.
作为本实施例的进一步改进,所述装置还包括:As a further improvement of the embodiment, the device further includes:
组件单元,配置为依据应用归属的安全域,将所述应用的内部通信组件划分到所述应用所在的安全域;a component unit, configured to divide an internal communication component of the application into a security domain in which the application is located according to a security domain to which the application belongs;
所述访问控制单元120,配置为禁止第二安全域的应用通过内部通信组件访问所述第一安全域的应用。The access control unit 120 is configured to prohibit an application of the second security domain from accessing an application of the first security domain by using an internal communication component.
内部通信组件也是应用之间相互访问的一种通信方式,在本实施例中,所述组件单元会将组件按照应用归属的安全域,划分到对应的安全域;并根据内部通信组件归属的安全域访问对应的应用。The internal communication component is also a communication mode for the mutual access between the applications. In this embodiment, the component unit divides the component into a corresponding security domain according to the security domain to which the application belongs; and according to the security of the internal communication component attribution. The domain accesses the corresponding application.
所述访问控制单元120,还用于依据所述应用归属的安全域,允许所述第一安全域的应用访问所述第二安全域的应用。The access control unit 120 is further configured to allow an application of the first security domain to access an application of the second security domain according to a security domain to which the application belongs.
当然为了实现方便操作,提高终端的智能性及用户使用满意度,在不降低第一安全域的应用的使用安全和信息安全的前提下,所述访问控制单元120还是允许第一安全域的应用访问第二安全域的应用的。Of course, in order to achieve convenient operation, improve the intelligence of the terminal and the satisfaction of the user, the access control unit 120 allows the application of the first security domain without reducing the use security and information security of the application of the first security domain. Access to the application of the second security domain.
所述装置还包括:The device also includes:
安装单元,配置为将所述第一安全等级的应用安装在第一安全域;及将所述第二安全等级的应用安装在第二安全域。And an installation unit configured to install the application of the first security level in a first security domain; and install the application of the second security level in a second security domain.
所述安装单元的具体结构可包括前述的处理器或处理电路,在此就不重复了,总之本实施例中将有不同应用安全和信息安全要求的应用安装到对应的安全域中,提高了应用的使用安全和信息安全;且能够降低功耗, 延长终端的待机时长。The specific structure of the installation unit may include the foregoing processor or processing circuit, which is not repeated here. In general, the application with different application security and information security requirements is installed in the corresponding security domain in this embodiment, which improves. Application security and information security; and can reduce power consumption, Extend the standby time of the terminal.
以下结合上述实施例提供几个具体示例:Several specific examples are provided below in conjunction with the above embodiments:
示例一:Example 1:
本示例提供一种基于SELinux提供一种安全控制方法。所述SELinux为Security-Enhance Linux的缩写,对应的中文为加强性Linux。并将该SELinux与安卓系统结合使用,来提供应用安全和信息安全。This example provides a security control method based on SELinux. The SELinux is an abbreviation of Security-Enhance Linux, and the corresponding Chinese is enhanced Linux. And use this SELinux with Android to provide application security and information security.
将应用和数据分割在第二安全域和安全域两个部分,其中第二安全域管理私人数据和应用,包括浏览器、微信等应用。第一安全域管理企业数据和应用,员工在安全域管理自己的通讯录、收发邮件、管理企业资料、参加电话和视频会议等。第一安全域和第二安全域之间的应用不能通信,或者至少不允许第二安全域访问第一安全域。另外由于内核采用SELinux,所以即使系统被刷机后,还是不能访问其中的通过策略控制保护的资源。The application and data are divided into two parts: a second security domain and a security domain, wherein the second security domain manages private data and applications, including applications such as browsers and WeChat. The first security domain manages enterprise data and applications, and employees manage their own address books, send and receive emails, manage corporate data, participate in phone calls, and video conferencing in a secure domain. The application between the first security domain and the second security domain cannot communicate, or at least does not allow the second security domain to access the first security domain. In addition, because the kernel uses SELinux, even if the system is flashed, it cannot access the resources protected by the policy control.
本实施例中的第二安全域相当于前述实施例中第二安全域;所述安全域相当于前述实施例中第一安全域。The second security domain in this embodiment is equivalent to the second security domain in the foregoing embodiment; the security domain is equivalent to the first security domain in the foregoing embodiment.
如图5所示,终端的系统分为内核层、中间件层和应用层。As shown in FIG. 5, the system of the terminal is divided into a kernel layer, a middleware layer, and an application layer.
将所述应用层的应用分为个人应用和企业应用。企业应用安装运行在第一安全域;个人应用安装运行在第二安全域。The applications of the application layer are divided into personal applications and enterprise applications. The enterprise application installation runs in the first security domain; the personal application installation runs in the second security domain.
所述个人应用可包括微信、浏览器、QQ等应用。所述企业应用可包括邮箱及通信录等。The personal application may include an application such as WeChat, browser, QQ, and the like. The enterprise application may include a mailbox, a contact book, and the like.
企业应用,运行在第一安全域,受企业网管设备管控。员工通过终端一旦通过VPN接入公司网络后,可以在第一安全域登录公司邮箱收发邮件,参加电话和视频会议。企业应用的数据,是不能被第二安全域访问的。第一安全域的企业应用之间的数据是可以实现共享的。The enterprise application runs in the first security domain and is controlled by the enterprise network management equipment. After the employee accesses the company network through the VPN through the terminal, he can log in to the company mailbox in the first security domain to send and receive emails, participate in telephone and video conferences. The data of the enterprise application cannot be accessed by the second security domain. Data between enterprise applications in the first security domain is achievable.
中间件层包括中间件层控制模块和策略控制模块。The middleware layer includes a middleware layer control module and a policy control module.
中间件层控制模块是安卓系统上中间件层的安全控制部分,这部分主 要是控制不同组件之间的通信。The middleware layer control module is the security control part of the middleware layer on the Android system. If you control the communication between different components.
策略控制模块将系统分为3个域,分别是系统域、第二安全域及第一安全域。系统域是预先安装的应用。系统域可以被第一安全域和第二安全域访问。第一安全域和第二安全域之间可不能互相访问;也可以是第一安全域可访问第二安全域,但是第二安全域不能访问第一安全域。每个组件也属于其中的一个域,按照制定的策略进行强制访问控制。The policy control module divides the system into three domains, namely a system domain, a second security domain, and a first security domain. The system domain is a pre-installed application. The system domain can be accessed by the first security domain and the second security domain. The first security domain and the second security domain may not access each other; or the first security domain may access the second security domain, but the second security domain cannot access the first security domain. Each component also belongs to one of the domains, and mandatory access control is performed according to the established policy.
策略控制模块也属于中间件层。策略控制模块又包括策略管理模块、防火墙管理模块和内核MAC管理模块。The policy control module also belongs to the middleware layer. The policy control module further includes a policy management module, a firewall management module, and a kernel MAC management module.
策略控制模块负责将新安装的应用根据相关证书划分到第一安全域和第二安全域中以及不同安全域之间的访问控制。The policy control module is responsible for dividing the newly installed application into access control between the first security domain and the second security domain and between different security domains according to the relevant certificate.
策略控制模块指导中间件层控制模块和内核层控制模块的访问控制。中间件层控制模块和内核层控制模块依据策略控制模块的策略规则,禁止第一安全域和第二安全域之间通信,或允许第一安全域之间和第二安全域之间通信。The policy control module guides the access control of the middleware layer control module and the kernel layer control module. The middleware layer control module and the kernel layer control module prohibit communication between the first security domain and the second security domain according to policy rules of the policy control module, or allow communication between the first security domain and the second security domain.
这里的策略控制模块相当于前述实施例中的确定单元110。而所述中间件层控制模块和内核层控制模块都可为前述实施例中访问控制单元120的组成部分。所述内核层控制模块相当于所述访问控制单元120中第一访问控制模块和第二访问控制模块,通过控制进程间通信和套接字来禁止第二安全域的应用访问第一安全域中的应用。The policy control module herein is equivalent to the determination unit 110 in the foregoing embodiment. The middleware layer control module and the kernel layer control module may be components of the access control unit 120 in the foregoing embodiment. The kernel layer control module is equivalent to the first access control module and the second access control module in the access control unit 120, and prohibits applications of the second security domain from accessing the first security domain by controlling interprocess communication and sockets. Applications.
所述中间件层控制模块,具体用于根据所述策略管理模块的策略,禁止第二安全域的应用访问第一安全域的应用。The middleware layer control module is specifically configured to prohibit an application of the second security domain from accessing the application of the first security domain according to the policy of the policy management module.
内核层控制模块属于内核层。内核层控制模块是指在SELinux安全控制的基础上的,SELinux是Linux内核中提供的强制访问控制MAC系统。在内核中增加强制访问控制,可以提高内核的安全性。The kernel layer control module belongs to the kernel layer. The kernel layer control module is based on SELinux security control, and SELinux is a mandatory access control MAC system provided in the Linux kernel. Adding mandatory access control to the kernel can improve the security of the kernel.
所述内核控制模块有可分为防火墙模块和内核MAC模块。所述防火墙 模块被所述防火墙管理模块管理和控制。所述内核MAC模块被所述内核MAC管理模块管理和控制。所述防火墙管理模块具体用于根据所述防火墙管理模块的指令和记录,禁止第二安全域的应用通过套接字访问第一安全域的应用。所述内核MAC模块,具体用于根据所述内核MAC模块的指令和记录,禁止第二安全域的应用通过文件系统或进程间通信访问第一安全域的应用。The kernel control module can be divided into a firewall module and a kernel MAC module. The firewall Modules are managed and controlled by the firewall management module. The kernel MAC module is managed and controlled by the kernel MAC management module. The firewall management module is specifically configured to prohibit an application of the second security domain from accessing the application of the first security domain through the socket according to the instruction and the record of the firewall management module. The kernel MAC module is specifically configured to prohibit an application of the second security domain from accessing an application of the first security domain by using a file system or inter-process communication according to the instruction and record of the kernel MAC module.
策略控制模块指导内核层控制模块管理通信安全控制,即根据策略控制模块的域划分对内核的内核资源分配不同的安全标签,划分到不同的域中,确保第一安全域和第二安全域之间的安全通信。The policy control module instructs the kernel layer control module to manage the communication security control, that is, assigns different security labels to the kernel resources of the kernel according to the domain division of the policy control module, and divides them into different domains to ensure the first security domain and the second security domain. Secure communication between.
基于内核资源的应用间通信方式包括:基于管道,消息队列,套接字,共享内存等、文件系统等通信方式。SELinux内核的访问控制是依赖于安全策略文件的,安全策略文件中指明访问实体之间的访问规则。Inter-application communication methods based on kernel resources include: communication methods based on pipes, message queues, sockets, shared memory, and file systems. The access control of the SELinux kernel relies on the security policy file, which specifies the access rules between access entities.
为了进一步增强内核层的通信的安全性,内核层控制模块还用于周期性检查内核层是否内修改过,防止内核内篡改。内核层控制模块还包括防火墙机制,来禁止不同域之间网络实体使用本地地址通信。In order to further enhance the security of communication at the kernel layer, the kernel layer control module is also used to periodically check whether the kernel layer has been modified to prevent tampering within the kernel. The kernel layer control module also includes a firewall mechanism to prevent network entities between different domains from using local address communication.
示例二:Example two:
利用SELinux实现安全控制,包括:Secure control with SELinux, including:
步骤S1:新应用APK安装。APK是Android Package的缩写,即安卓安装包。在安卓系统上一个新应用APK的安装是由安装包管理模块完成的。安装包管理模块安装一个新应用APK的时候会通知策略管理模块新的应用要开始安装。Step S1: New application APK installation. APK is the abbreviation of Android Package, which is the Android installation package. The installation of a new app APK on Android is done by the installation package management module. When the installation package management module installs a new application APK, it will notify the policy management module that the new application is to be installed.
步骤S2:策略管理模块从APK提取证书。这里的证书相当于前述实施例中的安装包证书。策略管理模块会提取步骤S1中新应用APK的证书,该证书表明是企业发布的证书或者普通证书。由证书的发布机构作为隔离的标准。企业发布的证书,那么该应用就安装在第一安全域,如果不是就 安装在第二安全域。Step S2: The policy management module extracts a certificate from the APK. The certificate here is equivalent to the installation package certificate in the previous embodiment. The policy management module extracts the certificate of the new application APK in step S1, and the certificate indicates that the certificate is issued by the enterprise or a common certificate. The issuing authority of the certificate serves as the standard for isolation. The certificate issued by the enterprise, then the application is installed in the first security domain, if not Installed in the second security domain.
步骤S3:策略管理模块将步骤2中提取的证书交给验证模块请求验证。Step S3: The policy management module passes the certificate extracted in step 2 to the verification module to request verification.
步骤S4:进行验证,具体包括:验证模块对步骤3的证书根据验证规则验证是企业应用还是个人应用,产生一个验证结果给步骤5。这些验证规则是预先存储在验证模块中的。Step S4: Performing verification, specifically: the verification module verifies whether the certificate of step 3 is an enterprise application or a personal application according to the verification rule, and generates a verification result to step 5. These verification rules are pre-stored in the verification module.
步骤S5:步骤4的验证模块返回验证结果给策略管理模块,供策略管理模块做安全隔离以及指导内核MAC管理模块和防火墙模块进行安全隔离。Step S5: The verification module of step 4 returns the verification result to the policy management module, and the policy management module performs security isolation and guides the kernel MAC management module and the firewall module to perform security isolation.
步骤S6:验证通过将该应用加入第一安全域,验证不通过将该应用加入第二安全域。Step S6: Verification By adding the application to the first security domain, the verification does not pass the application to the second security domain.
步骤S7:通知内核MAC管理模块。这样的话,该应用所产生的内核进程、套接字和文件系统等内核资源是属于第一安全域的还是第二安全域的。内核MAC管理模块对内核级资源进行安全标识,禁止基于内核资源的第二安全域的应用访问第二安全域的应用。所述内核资源包括:管道、消息队列、套接字等。Step S7: Notifying the kernel MAC management module. In this case, the kernel resources such as kernel processes, sockets, and file systems generated by the application belong to the first security domain or the second security domain. The kernel MAC management module securely identifies the kernel-level resources, and prohibits applications of the second security domain based on the kernel resources from accessing applications of the second security domain. The kernel resources include: pipes, message queues, sockets, and the like.
步骤S8:通知防火墙管理模块。套接字除了和远程主机之间通讯,本地之间的应用也可以通过网络套接字进行通信。所以除了要安全隔离远程网络套接字,还要安全隔离本地网络套接字,策略管理模块根据步骤S4的验证结果指导防火墙管理模块给该应用的套接字添加安全标记。防火墙管理模块要记录哪一个应用建立哪一个套接字,该应用是第一安全域的还是第二安全域的。Step S8: Notifying the firewall management module. In addition to socket communication with remote hosts, local applications can also communicate over network sockets. Therefore, in addition to securely isolating the remote network socket, the local network socket is also isolated. The policy management module instructs the firewall management module to add a security token to the socket of the application according to the verification result of step S4. The firewall management module records which application establishes which socket, whether the application is the first security domain or the second security domain.
步骤S9:策略管理模块通知安装包管理模块,验证通过在第一安全域安装该应用,验证不通过在第二安全域安装该应用。策略管理模块根据步骤S4的验证结果,通知安装包管理模块该应用是企业应用还是个人应用,安装包管理模块根据这个信息将应用安装在相应的那一侧,即企业应用安 装在第一安全域,个人应用安装在第二安全域。这里的安装包管理模块为前述实施例中的安装单元的组成部分。Step S9: The policy management module notifies the installation package management module that the verification does not pass the installation in the second security domain by installing the application in the first security domain. The policy management module notifies the installation package management module whether the application is an enterprise application or a personal application according to the verification result of step S4, and the installation package management module installs the application on the corresponding side according to the information, that is, the enterprise application security Installed in the first security domain, the personal application is installed in the second security domain. The installation package management module herein is an integral part of the installation unit in the foregoing embodiment.
步骤S10:应用安装,由安装包管理模块来实现。Step S10: Application installation is implemented by an installation package management module.
示例三:Example three:
如图6所示,本示例基于SELinux实现安全控制的装置。所述装置分为内核层、中间件层及应用层。所述应用层包括:应用A101及应用B102。As shown in Figure 6, this example is based on a device that implements security control in SELinux. The device is divided into a kernel layer, a middleware layer, and an application layer. The application layer includes: an application A101 and an application B102.
中间件层包括中间件层控制模块103、策略管理模块104,防火墙管理模块105及MAC管理模块106。The middleware layer includes a middleware layer control module 103, a policy management module 104, a firewall management module 105, and a MAC management module 106.
内核层包括内核MAC层107及防火墙模块108。The kernel layer includes a kernel MAC layer 107 and a firewall module 108.
应用A101,运行于所述普通的安卓系统上的第二安全域的应用程序。一般属于个人应用。Application A101, an application running in a second security domain on the ordinary Android system. Generally belong to personal applications.
应用B102,运行于所述普通的安卓系统上的第一安全域的应用程序。一般属于企业级的应用。The application B102 runs an application of the first security domain on the ordinary Android system. Generally belong to enterprise-level applications.
中间件层控制模块103是安卓系统中间件层上强制存取控制,目的是阻止非安全应用A101使用组件进行访问安全域应用B102。运行在第一安全域内部的应用可以互相访问,即企业内部的资料等可以实现共享。运行在第二安全域内部的应用遵循安卓系统本身的权限机制,申请到权限就可以互相访问。The middleware layer control module 103 is a forced access control on the middleware layer of the Android system, and aims to prevent the non-secure application A101 from using the component to access the secure domain application B102. Applications running inside the first security domain can access each other, that is, information within the enterprise can be shared. Applications running inside the second security domain follow the permissions mechanism of the Android system itself, and can access each other upon applying for permission.
策略管理模块104是属于中间件层的模块,主要负责控制中间件层控制模块103、防火墙管理模块105以及内核MAC管理模块106,指导各层的通信,即第一安全域和第二安全域之间不能通信,或控制第二安全域不能访问安全域。The policy management module 104 is a module belonging to the middleware layer, and is mainly responsible for controlling the middleware layer control module 103, the firewall management module 105, and the kernel MAC management module 106, and directs communication of each layer, that is, the first security domain and the second security domain. Can not communicate, or control the second security domain can not access the security domain.
防火墙管理模块105是属于中间件层的模块,用于根据策略管理模块104的指示记录哪个应用的安全标识、该应用的建立的套接字,以及该套接字的IP等信息,目的是让防火墙模块108过滤安全域的应用和第二安全域 的应用使用套接字建立的本地连接进行相互访问。The firewall management module 105 is a module belonging to the middleware layer, which is used to record which application's security identifier, the established socket of the application, and the IP address of the socket according to the instruction of the policy management module 104, so that the purpose is to let The firewall module 108 filters the application of the security domain and the second security domain. Applications use a local connection established by a socket to access each other.
内核MAC管理模块106是属于中间件层的模块,用于根据策略管理模块104的指示转换成内核层的安全标识,利用内核MAC模块107禁止应用A101通过文件系统和进程间通信访问应用B102。The kernel MAC management module 106 is a module belonging to the middleware layer for converting to the security identifier of the kernel layer according to the instruction of the policy management module 104, and the kernel MAC module 107 prohibits the application A101 from accessing the application B 102 through the file system and inter-process communication.
内核MAC模块107是属于内核层的。内核层的强制存取控制是依赖SELinux支持的,根据内核MAC管理模块106的安全指示标识,控制不同安全域之间基于进程的通信。另外对不同安全于之间的应用基于文件系统的通信也同样控制,标识文件的属性为第一安全域或者第二安全域,不同的域之间不能互访;或至少低安全等级的安全域的应用不能访问高安全等级的安全域的应用。The kernel MAC module 107 belongs to the kernel layer. The kernel layer's mandatory access control is dependent on SELinux support, and based on the security indication of the kernel MAC management module 106, controls process-based communication between different security domains. In addition, the file system-based communication is also controlled for different security applications. The attribute of the identification file is the first security domain or the second security domain, and different domains cannot communicate with each other; or at least a security domain with a low security level. Applications cannot access applications with high security level security domains.
防火墙模块108属于内核层。防火墙模块108是根据防火墙管理模块105的记录,允许同安全域之间的应用创建套接字使用本地地址通信,禁止异域之间的应用创建网络套接字使用本地地址通信。这里的本地地址可包括终端的IP地址等。The firewall module 108 belongs to the kernel layer. The firewall module 108 is configured to allow the application creation sockets between the security domains to communicate using the local address according to the records of the firewall management module 105, and to prohibit the application between the foreign domains from creating the network sockets to use the local address communication. The local address here may include the IP address of the terminal and the like.
本发明实施例还提供了一种计算机存储介质,所述计算机存储介质中存储有计算机可执行指令,所述计算机可执行指令用于执行上述方法的至少其中之一;具体如图1至图3任一项所示的方法。本实施例所述的计算机存储介质可包括硬盘、光盘、闪盘或U盘等各种类型的存储介质,可选的为非瞬间存储介质。An embodiment of the present invention further provides a computer storage medium, where the computer storage medium stores computer executable instructions, where the computer executable instructions are used to perform at least one of the foregoing methods; specifically, as shown in FIG. 1 to FIG. Any of the methods shown. The computer storage medium in this embodiment may include various types of storage media such as a hard disk, an optical disk, a flash disk or a USB disk, and optionally a non-transitory storage medium.
在本申请所提供的几个实施例中,应该理解到,所揭露的设备和方法,可以通过其它的方式实现。以上所描述的设备实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,如:多个单元或组件可以结合,或可以集成到另一个系统,或一些特征可以忽略,或不执行。另外,所显示或讨论的各组成部分相互之间的耦合、或直接耦合、或通信连接可以是通过一些接 口,设备或单元的间接耦合或通信连接,可以是电性的、机械的或其它形式的。In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, such as: multiple units or components may be combined, or Can be integrated into another system, or some features can be ignored or not executed. In addition, the coupling, or direct coupling, or communication connection of the components shown or discussed may be through some connection. The indirect coupling or communication connection of a port, device or unit may be electrical, mechanical or other form.
上述作为分离部件说明的单元可以是、或也可以不是物理上分开的,作为单元显示的部件可以是、或也可以不是物理单元,即可以位于一个地方,也可以分布到多个网络单元上;可以根据实际的需要选择其中的部分或全部单元来实现本实施例方案的目的。The units described above as separate components may or may not be physically separated, and the components displayed as the unit may or may not be physical units, that is, may be located in one place or distributed to multiple network units; Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
另外,在本发明各实施例中的各功能单元可以全部集成在一个处理模块中,也可以是各单元分别单独作为一个单元,也可以两个或两个以上单元集成在一个单元中;上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing module, or each unit may be separately used as one unit, or two or more units may be integrated into one unit; the above integration The unit can be implemented in the form of hardware or in the form of hardware plus software functional units.
本领域普通技术人员可以理解:实现上述方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成,前述的程序可以存储于一计算机可读取存储介质中,该程序在执行时,执行包括上述方法实施例的步骤;而前述的存储介质包括:移动存储设备、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。A person skilled in the art can understand that all or part of the steps of implementing the above method embodiments may be completed by using hardware related to the program instructions. The foregoing program may be stored in a computer readable storage medium, and the program is executed when executed. The foregoing storage device includes the following steps: the foregoing storage medium includes: a mobile storage device, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk. A medium that can store program code.
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,凡按照本发明原理所作的修改,都应当理解为落入本发明的保护范围。 The above is only the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and modifications made in accordance with the principles of the present invention should be understood as falling within the scope of the present invention.

Claims (19)

  1. 一种安全控制方法,所述方法包括:A security control method, the method comprising:
    确定应用归属的安全域;所述安全域包括第一安全域和第二安全域;所述第一安全域的安全等级高于所述第二安全域的安全等级;Determining a security domain to which the application belongs; the security domain includes a first security domain and a second security domain; a security level of the first security domain is higher than a security level of the second security domain;
    依据应用归属的安全域,禁止所述第二安全域的应用访问所述第一安全域的应用。The application of the second security domain is prohibited from accessing the application of the first security domain according to the security domain to which the application belongs.
  2. 根据权利要求1所述的方法,其中,The method of claim 1 wherein
    所述依据应用归属的安全域,禁止所述第二安全域的应用访问所述第一安全域的应用,包括:The application of the second security domain is prohibited from accessing the application of the first security domain according to the security domain to which the application belongs, including:
    根据所述应用归属的安全域,生成安全标识;Generating a security identifier according to the security domain to which the application belongs;
    根据所述安全标识,禁止所述第二安全域的应用访问所述第一安全域的应用。And the application of the second security domain is prohibited from accessing the application of the first security domain according to the security identifier.
  3. 根据权利要求2所述的方法,其中,The method of claim 2, wherein
    所述确定应用归属的安全域,包括:The determining the security domain to which the application belongs includes:
    获取所述应用的安装证书;Obtaining an installation certificate for the application;
    依据所述安装证书,确定所述应用归属的安全域。Determining, according to the installation certificate, a security domain to which the application belongs.
  4. 根据权利要求3所述的方法,其中,The method of claim 3, wherein
    所述确定应用归属的安全域,还包括:The determining the security domain to which the application belongs includes:
    验证所述安装证书,形成验证结果;Verifying the installation certificate to form a verification result;
    所述依据所述安装证书,确定所述应用归属的安全域,包括:Determining, according to the installation certificate, a security domain to which the application belongs, including:
    基于所述验证结果,确定所述应用归属的安全域。Based on the verification result, the security domain to which the application belongs is determined.
  5. 根据权利要求2所述的方法,其中,The method of claim 2, wherein
    所述根据所述应用的安全等级,生成安全标识,包括:Generating a security identifier according to the security level of the application, including:
    依据所述应用归属的安全域,为所述应用对应的内核资源生成安全标 识。Generating a security standard for the kernel resource corresponding to the application according to the security domain to which the application belongs knowledge.
  6. 根据权利要求5所述的方法,其中,The method of claim 5, wherein
    所述根据所述安全标识,禁止所述第二安全域的应用访问所述第一安全域的应用,包括:The forbidding, by the security identifier, the application of the second security domain to access the application of the first security domain, including:
    依据所述安全标识,禁止所述第二安全域的应用通过进程间通信或文件系统访问所述第一安全域的应用;According to the security identifier, the application of the second security domain is prohibited from accessing the application of the first security domain by using an inter-process communication or a file system;
    依据所述全标识,禁止所述第二安全域的应用通过套接字访问所述第一安全域的应用。And the application of the second security domain is prohibited from accessing the application of the first security domain by using a socket according to the total identifier.
  7. 根据权利要求1所述的方法,其中,The method of claim 1 wherein
    所述方法还包括:The method further includes:
    依据应用归属的安全域,将所述应用的内部通信组件划分到所述应用所在的安全域;Dividing, according to the security domain to which the application belongs, the internal communication component of the application to the security domain in which the application is located;
    所述依据应用归属的安全域,禁止所述第二安全域的应用访问所述第一安全域的应用,包括:The application of the second security domain is prohibited from accessing the application of the first security domain according to the security domain to which the application belongs, including:
    禁止第二安全域的应用通过内部通信组件访问所述第一安全域的应用。The application of the second security domain is prohibited from accessing the application of the first security domain through an internal communication component.
  8. 根据权利要求1所述的方法,其中,The method of claim 1 wherein
    所述方法还包括:The method further includes:
    依据所述应用归属的安全域,允许所述第一安全等级的应用访问所述第二安全等级的应用。The application of the first security level is allowed to access the application of the second security level according to the security domain to which the application belongs.
  9. 根据权利要求1所述的方法,其中,The method of claim 1 wherein
    所述方法还包括:The method further includes:
    将所述第一安全等级的应用安装在第一安全域;Installing the application of the first security level in the first security domain;
    将所述第二安全等级的应用安装在第二安全域。The application of the second security level is installed in the second security domain.
  10. 一种安全控制装置,所述装置包括: A safety control device, the device comprising:
    确定单元,配置为确定应用归属的安全域;所述安全域包括第一安全域和第二安全域;所述第一安全域的安全等级高于所述第二安全域的安全等级;a determining unit, configured to determine a security domain to which the application belongs; the security domain includes a first security domain and a second security domain; and the security level of the first security domain is higher than a security level of the second security domain;
    访问控制单元,配置为依据应用归属的安全域,禁止所述第二安全域的应用访问所述第一安全域的应用。The access control unit is configured to prohibit the application of the second security domain from accessing the application of the first security domain according to the security domain to which the application belongs.
  11. 根据权利要求10所述的装置,其中,The device according to claim 10, wherein
    所述装置还包括:The device also includes:
    生成单元,配置为根据所述应用归属的安全域,生成安全标识;Generating a unit, configured to generate a security identifier according to the security domain to which the application belongs;
    所述访问控制单元,配置为根据所述安全标识,禁止所述第二安全域的应用访问所述第一安全域的应用。The access control unit is configured to prohibit an application of the second security domain from accessing an application of the first security domain according to the security identifier.
  12. 根据权利要求11所述的装置,其中,The apparatus according to claim 11, wherein
    所述确定单元包括:The determining unit includes:
    获取模块,配置为获取所述应用的安装证书;Obtaining a module, configured to obtain an installation certificate of the application;
    确定模块,配置为依据所述安装证书,确定所述应用归属的安全域。And a determining module, configured to determine, according to the installation certificate, a security domain to which the application belongs.
  13. 根据权利要求12所述的装置,其中,The device according to claim 12, wherein
    所述装置还包括:The device also includes:
    验证单元,配置为验证所述安装证书,形成验证结果;a verification unit configured to verify the installation certificate to form a verification result;
    所述确定单元,配置为基于所述验证结果,确定所述应用归属的安全域。The determining unit is configured to determine a security domain to which the application belongs based on the verification result.
  14. 根据权利要求11所述的装置,其中,The apparatus according to claim 11, wherein
    所述生成单元,配置为依据所述应用归属的安全域,为所述应用对应的内核资源生成安全标识。The generating unit is configured to generate a security identifier for the kernel resource corresponding to the application according to the security domain to which the application belongs.
  15. 根据权利要求14所述的装置,其中,The device according to claim 14, wherein
    所述访问控制单元包括:The access control unit includes:
    第一访问控制模块,配置为依据所述安全标识,禁止所述第二安全域 的应用通过进程间通信或文件系统访问所述第一安全域的应用;The first access control module is configured to prohibit the second security domain according to the security identifier The application accesses the application of the first security domain through an inter-process communication or a file system;
    第二访问控制模块,配置为依据所述全标识,禁止所述第二安全域的应用通过套接字访问所述第一安全域的应用。The second access control module is configured to prohibit the application of the second security domain from accessing the application of the first security domain by using a socket according to the total identifier.
  16. 根据权利要求10所述的装置,其中,The device according to claim 10, wherein
    所述装置还包括:The device also includes:
    组件单元,配置为依据应用归属的安全域,将所述应用的内部通信组件划分到所述应用所在的安全域;a component unit, configured to divide an internal communication component of the application into a security domain in which the application is located according to a security domain to which the application belongs;
    所述访问控制单元,配置为禁止第二安全域的应用通过内部通信组件访问所述第一安全域的应用。The access control unit is configured to prohibit an application of the second security domain from accessing an application of the first security domain by using an internal communication component.
  17. 根据权利要求10所述的装置,其中,The device according to claim 10, wherein
    所述访问控制单元,还配置为依据所述应用归属的安全域,允许所述第一安全域的应用访问所述第二安全域的应用。The access control unit is further configured to allow an application of the first security domain to access an application of the second security domain according to a security domain to which the application belongs.
  18. 根据权利要求10所述的装置,其中,The device according to claim 10, wherein
    所述装置还包括:The device also includes:
    安装单元,配置为将所述第一安全等级的应用安装在第一安全域;及将所述第二安全等级的应用安装在第二安全域。And an installation unit configured to install the application of the first security level in a first security domain; and install the application of the second security level in a second security domain.
  19. 一种计算机存储介质,所述计算机存储介质中存储有计算机可执行指令,所述计算机可执行指令用于执行权利要求1至9所述方法的至少其中之一。 A computer storage medium having stored therein computer executable instructions for performing at least one of the methods of claims 1-9.
PCT/CN2015/094227 2015-07-06 2015-11-10 Security control method and device, and computer storage medium WO2017004918A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510392718.4 2015-07-06
CN201510392718.4A CN106341369A (en) 2015-07-06 2015-07-06 Security control method and device

Publications (1)

Publication Number Publication Date
WO2017004918A1 true WO2017004918A1 (en) 2017-01-12

Family

ID=57684779

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/094227 WO2017004918A1 (en) 2015-07-06 2015-11-10 Security control method and device, and computer storage medium

Country Status (2)

Country Link
CN (1) CN106341369A (en)
WO (1) WO2017004918A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210055409A1 (en) * 2019-08-21 2021-02-25 Apical Limited Topological model generation

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106951795B (en) * 2016-01-07 2020-07-21 阿里巴巴集团控股有限公司 Application data access isolation method and device
CN106997434A (en) * 2017-03-28 2017-08-01 西安电子科技大学 Secret protection module and guard method based on android system
CN111542061B (en) * 2017-04-25 2023-07-18 北京五洲天宇认证中心 Information synchronization security authentication method
US11487906B2 (en) * 2019-03-08 2022-11-01 International Business Machines Corporation Storage sharing between a secure domain and a non-secure entity
CN111209081A (en) * 2019-12-31 2020-05-29 北京指掌易科技有限公司 Method for realizing double isolation security domains by VSA technology

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090103396A (en) * 2008-03-28 2009-10-01 티에스온넷(주) Mandatory process memory access control method using multi-level security, and computer readable recording medium having thereon programmed mandatory process memory access control method using multi-level security
CN102810139A (en) * 2012-06-29 2012-12-05 宇龙计算机通信科技(深圳)有限公司 Secure data operation method and communication terminal
CN104091071A (en) * 2014-07-09 2014-10-08 北京智谷睿拓技术服务有限公司 Risk determining method and device for application programs
CN104717653A (en) * 2015-03-12 2015-06-17 惠州Tcl移动通信有限公司 Network connection control method and system of mobile terminal
CN104850768A (en) * 2015-02-10 2015-08-19 数据通信科学技术研究所 Access control method and device on the basis of application security level

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102254123B (en) * 2011-06-22 2013-04-17 深圳市安盾椒图科技有限公司 Method and device for enhancing security of application software
CN104683336B (en) * 2015-02-12 2018-11-13 中国科学院信息工程研究所 A kind of Android private data guard method and system based on security domain

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090103396A (en) * 2008-03-28 2009-10-01 티에스온넷(주) Mandatory process memory access control method using multi-level security, and computer readable recording medium having thereon programmed mandatory process memory access control method using multi-level security
CN102810139A (en) * 2012-06-29 2012-12-05 宇龙计算机通信科技(深圳)有限公司 Secure data operation method and communication terminal
CN104091071A (en) * 2014-07-09 2014-10-08 北京智谷睿拓技术服务有限公司 Risk determining method and device for application programs
CN104850768A (en) * 2015-02-10 2015-08-19 数据通信科学技术研究所 Access control method and device on the basis of application security level
CN104717653A (en) * 2015-03-12 2015-06-17 惠州Tcl移动通信有限公司 Network connection control method and system of mobile terminal

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210055409A1 (en) * 2019-08-21 2021-02-25 Apical Limited Topological model generation
US11709252B2 (en) * 2019-08-21 2023-07-25 Arm Limited Topological model generation

Also Published As

Publication number Publication date
CN106341369A (en) 2017-01-18

Similar Documents

Publication Publication Date Title
WO2017004918A1 (en) Security control method and device, and computer storage medium
US9240977B2 (en) Techniques for protecting mobile applications
US20190347404A1 (en) Multilayered approach to protecting cloud credentials
KR101798471B1 (en) Image analysis and management
US10579816B2 (en) Use case driven granular application and browser data loss prevention controls
CN108701175B (en) Associating user accounts with enterprise workspaces
US8825006B2 (en) Authentication request management
CN105094996A (en) Security-enhancing method and system of Android system based on dynamic authority verification
CN109413080B (en) Cross-domain dynamic authority control method and system
WO2022062918A1 (en) Control method for strategy implementation, strategy implementation system, and computing device
US20180063088A1 (en) Hypervisor network profiles to facilitate vpn tunnel
US11743101B2 (en) Techniques for accessing logical networks via a virtualized gateway
US20210182440A1 (en) System for preventing access to sensitive information and related techniques
JP2015531517A (en) System control
WO2019037521A1 (en) Security detection method, device, system, and server
US10277713B2 (en) Role-based access to shared resources
US10242174B2 (en) Secure information flow
US11886565B2 (en) Server that supports security access of terminal device of the user and controlling method thereof
CN112417402B (en) Authority control method, authority control device, authority control equipment and storage medium
US11411813B2 (en) Single user device staging
AU2012319193B2 (en) Techniques for accessing logical networks via a programmatic service call
Dong et al. Task‐Oriented Multilevel Cooperative Access Control Scheme for Environment with Virtualization and IoT
US10567387B1 (en) Systems and methods for managing computing device access to local area computer networks
US11343252B2 (en) Kernel level application data protection
KR102232951B1 (en) Back-end service platform device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15897572

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15897572

Country of ref document: EP

Kind code of ref document: A1