WO2017016231A1 - Procédé et système de gestion de politique, et support de stockage informatique - Google Patents

Procédé et système de gestion de politique, et support de stockage informatique Download PDF

Info

Publication number
WO2017016231A1
WO2017016231A1 PCT/CN2016/077630 CN2016077630W WO2017016231A1 WO 2017016231 A1 WO2017016231 A1 WO 2017016231A1 CN 2016077630 W CN2016077630 W CN 2016077630W WO 2017016231 A1 WO2017016231 A1 WO 2017016231A1
Authority
WO
WIPO (PCT)
Prior art keywords
domain
application
policy
secure
security
Prior art date
Application number
PCT/CN2016/077630
Other languages
English (en)
Chinese (zh)
Inventor
宋云霞
Original Assignee
深圳市中兴微电子技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市中兴微电子技术有限公司 filed Critical 深圳市中兴微电子技术有限公司
Publication of WO2017016231A1 publication Critical patent/WO2017016231A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies

Definitions

  • the present invention relates to the field of application security technologies, and in particular, to a policy management method, system, and computer storage medium.
  • the Android system controls the permissions through the sandbox mechanism.
  • the superuser (root) permissions of the electronic device are usurped, then all application resources can be accessed by the superuser, and the virus program will also wait for the electronic device. The control of the device seriously affects the security of electronic devices.
  • SEAndroid SELinux-based security mechanism
  • the central idea of SEAndroid is to establish a security policy through the Mandatory Access Control (MAC) technology. Even if the root privileges are taken over, the access rights are still restricted by the security policy, thus minimizing the security risks brought by the attacks;
  • the existing technology improves the security of the security application of the Android system to a certain extent.
  • the security policy file of the SEAndroid is installed in the platform/external/sepolicy directory, that is, the deployed security policy files are placed. In a non-secure environment, it is conceivable that once a hacker intercepts the security policy file, the access rules set in the policy are tampered with and malicious code is embedded, so that the security policy cannot guarantee the power. Security of child devices and security applications.
  • the birth of a processor with secure isolation opens up a new path for the security of electronic devices, integrating protection functions into the core to ensure the security of the Android system, while providing a secure software platform for semiconductor manufacturers, device manufacturers and Operating system partners extend and develop their own security solutions on a shareable framework.
  • the ARM processor's TrustZone technology completely isolates the non-secure execution environment from the secure execution environment and can be converted between a secure mode and a non-secure mode via a security monitor (Monitor).
  • embodiments of the present invention are expected to provide a policy management method, system, and computer storage medium, which can improve the security of the Android system.
  • the embodiment of the invention provides a policy management method, and the method includes:
  • the security isolation technology is used to divide the execution environment into a non-secure execution environment and a secure execution environment
  • domain division is performed for each application; and a mandatory access control MAC query service is provided for access between applications of each domain according to a pre-defined policy file;
  • the policy file is managed; wherein the management includes at least one or more of the following: query, load, update, and store.
  • the foregoing provides a MAC query service for access between applications in each domain according to a pre-defined policy file, including:
  • the managing the policy file includes:
  • the first instruction is sent to the security execution environment side, including:
  • the performing the first operation on the policy file according to the first instruction includes:
  • the domain division of each application further includes:
  • the managing the policy file further includes:
  • the preset rule includes at least one or more of the following:
  • the embodiment of the present invention further provides a policy management system, which uses a security isolation technology to divide the execution environment into a non-secure execution environment and a security execution environment; the system includes: a non-secure operating system and a security operating system;
  • the non-secure operating system is configured to perform domain division for each application according to a pre-defined policy file; and provide a MAC query service for access between applications of each domain according to a pre-defined policy file;
  • the security operating system is located in a secure execution environment and is configured to manage a policy file.
  • the management includes at least one or more of the following: query, load, update, and store.
  • the non-secure operating system includes a first policy management module and a first communication proxy module;
  • the first policy management module is configured to perform domain division on each application; when the preset condition is met, the first communication proxy module sends a first instruction to the security execution environment side;
  • the first communication proxy module is configured to send a first instruction to the secure execution environment, receive a first command response result returned by the secure execution environment side, and send the first command response result to the first a policy management module;
  • the security operating system includes a second policy management module and a second communication proxy module;
  • the second policy management module is configured to perform a first operation on the policy file according to the first instruction, where the first operation includes at least one or more of the following: query, load, update, and store Transmitting, by the second communication proxy module, a first command response result to the non-secure execution environment side;
  • the second communication proxy module is configured to receive the first instruction sent by the first communication proxy module, and send the first instruction to the second policy management module; and receive the return of the second policy module The first command responds to the result and sends the first command response result to the first communication agent module.
  • the first policy management module includes: a domain division unit and a MAC management unit; wherein
  • the domain dividing unit is configured to perform domain partitioning on each application; when detecting that the first application accesses the second application, acquiring domain information of the first application and the second application; and the first application And sending the domain information of the second application to the MAC management unit;
  • the MAC management unit is configured to send a first instruction to the security execution environment side, where the first instruction carries at least the domain information of the first application and the second application.
  • the second policy management module includes:
  • the policy query unit is configured as:
  • the domain dividing unit is further configured to:
  • the second policy management module further includes:
  • a policy update unit configured to formulate a policy file for the new application based on the first information of the new application according to a preset rule, where the first information includes at least domain information, a user identifier, and based on the new application Policy file update policy library;
  • a secure storage unit configured to store policy files to a non-volatile secure storage space
  • a policy loading unit configured to read a policy file from the non-volatile secure storage space and load the policy file into a policy library located in a secure operating system kernel, so that the policy update unit updates the policy library .
  • the preset rule includes at least one or more of the following:
  • the embodiment of the invention provides a computer storage medium, wherein the computer storage medium stores a computer program, and the computer program is used to execute the policy management method described above.
  • the policy management method, the system, and the computer storage medium provided by the embodiments of the present invention use the security isolation technology to divide the execution environment into a non-secure execution environment and a security execution environment; in the non-secure execution environment, domain division is performed on each application; Providing a MAC query service for access between applications of each domain according to a pre-defined policy file; in the secure execution environment, managing a policy file; wherein the management includes at least one or more of the following: Query, load, update, store.
  • the technical solution in the embodiment of the present invention can improve the security of the Android system and greatly improve the user experience.
  • FIG. 1 is a schematic flowchart of a policy management method according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram of a framework of a policy management system according to an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of a process flow of a policy in a new application installation process according to an embodiment of the present invention:
  • FIG. 4 is a process flow of a non-secure domain application accessing a security domain application according to an embodiment of the present invention schematic diagram
  • FIG. 5 is a schematic diagram of a process flow of a security domain application accessing a security domain application according to an embodiment of the present invention.
  • FIG. 1 is a schematic flowchart of a policy management method according to an embodiment of the present invention, which is applied to an electronic device. As shown in FIG. 1 , the policy management method mainly includes the following steps:
  • Step 101 The security isolation technology is used to divide the execution environment into a non-secure execution environment and a security execution environment.
  • the policy management deployed in the Android system can be divided into a secure part and a non-secure part by using a processor with security isolation function.
  • the processor may be an ARM processor with security isolation.
  • Step 102 Perform domain division on each application in the non-secure execution environment, and provide a mandatory access control MAC query service for access between applications of each domain according to a pre-defined policy file.
  • Step 103 In the security execution environment, manage the policy file; wherein the management includes at least one or more of the following: query, load, update, and store.
  • the security management technology is introduced, and the policy management is divided into the security side and the non-secure side, and the non-secure side only sends the command, and the real policy storage and operation are performed in the security execution environment (trusted environment).
  • the security execution environment trusted environment.
  • the providing the MAC query service for the access between the applications of the respective domains according to the pre-defined policy file may include:
  • the managing the policy file may include:
  • sending the first instruction to the security execution environment side including:
  • the first application is equivalent to an access subject
  • the file or socket resource in the second application is equivalent to an access object.
  • the first application may be an application of a security domain or an application of a non-security domain.
  • the second application may be an application of a security domain, an application of a non-security domain, or an application of a system domain. It is worth noting that: applications are generally processes, all belong to the main body, while resources in the application such as files and sockets belong to the object.
  • the performing the first operation on the policy file according to the first instruction may include:
  • the domain division of each application may further include:
  • the managing the policy file further includes:
  • the preset rule includes at least one or more of the following:
  • the first rule is: allowing a non-secure domain application to access the non-secure domain application;
  • the second rule is: not allowing the non-secure domain application to access the security domain application;
  • the third rule is: disallowing the security domain application Accessing the non-secure domain application;
  • the fourth rule is: allowing the security domain application to access the security domain application;
  • the fifth rule is: allowing the non-secure domain application and the security domain application to access the system domain application.
  • the application in the system domain is an application pre-installed by an electronic device of the Android system, such as a calculator application, a flashlight application, and the like.
  • the policy management of the Android deployment is divided into non-secure and security parts by using a processor with security isolation function, wherein the non-secure part is responsible for domain division and MAC control management functions, and the security part is responsible for secure storage of policies and policies. Load, query, and update features. In this way, the policy can be saved and operated completely from the non-secure environment.
  • the security policy can be deployed on the smart terminal and the policy can be managed securely. Slightly document. For example: in MAC mode: The objects and permissions that the web server process can operate are clearly listed in the security policy (only access to the network and access to specific files, etc.).
  • FIG. 2 is a schematic diagram of a framework of a policy management system according to an embodiment of the present invention.
  • the policy management system uses a security isolation technology to divide an execution environment into a non-secure execution environment and a security execution environment, where the system mainly includes : non-secure operating system 10, secure operating system 20; wherein
  • the non-secure operating system 10 is located in a non-secure execution environment, and is configured to perform domain division on each application; and provide a MAC query service for access between applications of each domain according to a pre-defined policy file;
  • the security operating system 20 is located in a secure execution environment and configured to manage policy files.
  • the management includes at least one or more of the following: query, load, update, and store.
  • the non-secure operating system 10 runs in a non-secure execution environment of a processor with a security isolation function, and may be a commonly used operating system on an electronic device, such as a Linux operating system, on which Android can be run.
  • a Linux operating system on which Android can be run.
  • Various applications of the system may be a commonly used operating system on an electronic device, such as a Linux operating system, on which Android can be run.
  • the security operating system 20 runs in the secure execution environment of the processor with the security isolation function, and is responsible for performing secure storage and related operations on the policy file.
  • the operation includes at least: query, Load, update.
  • the system mainly comprises:
  • the security monitor 30 is an operation mode of the ARM processor, that is, a monitor mode, which is responsible for switching the execution environment; wherein the execution environment includes a non-secure execution environment and security The full execution environment; here, it is worth noting that the security monitor is not a hardware unit, but a working mode of the central processing unit (CPU), with the user (User) mode, management (Supervisor, referred to as Svc The mode is a parallel relationship. The CPU must be in one of several execution modes at any time. When the first communication agent module receives the upper layer query command, it is in Svc mode, and the second communication agent module calls system management in Svc mode.
  • the controller (SMC, System Management Controller) command changes the CPU to monitor mode to convert between a secure execution environment and a non-secure execution environment.
  • a non-volatile secure storage space 40 is responsible for storing security policy files.
  • the non-volatile secure storage space 40 is an exclusive area of the second policy management module 21 and is not accessed by an application in a non-secure execution environment or other security applications in a secure execution environment.
  • the security policy file is stored in the non-volatile secure storage space 40, since the access to all files, directories, and ports in the Android system is based on policies, the security side only needs to formulate a fine-grained and high-security policy. It is possible to isolate communication between applications through inter-process communication (IPC, Internet Process Connection), file system, socket (socket) and the like.
  • IPC Internet Process Connection
  • file system file system
  • socket socket
  • the non-secure operating system 10 includes a first policy management module 11 and a first communication proxy module 12;
  • the first policy management module 11 is configured to perform domain division on each application; when the preset condition is met, the first communication proxy module 12 sends a first instruction to the security execution environment side;
  • the first communication proxy module 12 is configured to send a first instruction to the secure execution environment, receive a first command response result returned by the secure execution environment side, and send the first command response result to the The first policy management module 11;
  • the security operating system 20 includes a second policy management module 21 and a second communication proxy module 22;
  • the second policy management module 21 is configured to perform a policy file according to the first instruction. a first operation; wherein the first operation includes at least one or more of the following: querying, loading, updating, and storing; sending, by the second communication proxy module 22, the non-secure execution environment side An instruction response result;
  • the second communication proxy module 22 is configured to receive the first instruction sent by the first communication proxy module 12, and send the first instruction to the second policy management module 21; receive the second policy The first instruction response result returned by the module 21 is sent to the first communication proxy module 12.
  • the first policy management module 11 and the second policy management module 21 perform operations such as updating, querying, and storing security policies by sending commands to control communication between applications; and the first The policy management module 11 communicates with the second policy management module 21 through the first communication proxy module 12; the second policy management module 21 communicates with the first policy management module 11 through the second communication proxy module 22.
  • the first policy management module 11 is responsible for marking various applications as different domains (security levels), where the various applications include: applications published with the system, or applications published by third parties.
  • the first policy management module 11 includes: a domain dividing unit 111 and a MAC management unit 112;
  • the domain dividing unit 111 is configured to perform domain partitioning on each application; when detecting that the first application accesses the second application, acquiring domain information of the first application and the second application; and the first The application and the domain information of the second application are sent to the MAC management unit 112;
  • the MAC management unit 112 is configured to send a first instruction to the security execution environment side, where the first instruction carries at least the domain information of the first application and the second application.
  • the domain can be divided into three categories: one is a system domain, one is a security domain, and the other is a non-security domain.
  • the second policy management module 21 includes:
  • the policy query unit 211 is configured to:
  • the result of the query is to allow access or to deny access.
  • the domain dividing unit 111 is further configured to:
  • domain A represents a non-secure domain
  • domain B represents a security domain
  • domain C represents a system domain
  • the application 1 is an application running on the non-secure operating system 10, and if it is not verified at the time of installation, it is in a non-secure domain, that is, domain A; the application 2 is running on the non-secure operating system 10
  • the application verified by the publisher's signature at the time of installation, is in the security domain, domain B.
  • the MAC management unit 112 is responsible for managing access rights between applications.
  • the first policy management module 11 when a subject (an Android application) accesses an object (a file or socket of another Android application), first, the first policy management module 11 performs basic autonomous access control (DAC, Discretionary Access Control), if the check fails, directly returns to reject the access; if the check passes, the second communication proxy module 12 is called to switch to the policy query unit 212 of the second side policy management module 21 of the security side, The policy query unit 212 queries whether the subject has access rights; and returns a check to the subject Ask for results.
  • non-secure applications such as Application 1) and Secure Side Applications (Application 2) can be prevented from communicating using components.
  • the second policy management module 21 further includes:
  • the policy update unit 212 is configured to formulate, according to the preset rule, a policy file about the new application based on the first information of the new application, where the first information includes at least domain information, a user identifier, based on the new The applied policy file update policy library;
  • the secure storage unit 213 is configured to store the policy file in a non-volatile secure storage space
  • a policy loading unit 214 configured to read a policy file from the non-volatile secure storage space 40 and load the policy file into a policy library located in a secure operating system kernel to facilitate the policy update unit update Policy library.
  • the non-volatile secure storage space 40 is an exclusive area of the second policy management module 21 and is not accessed by an application in a non-secure execution environment or other security applications in a secure execution environment.
  • the security policy file is stored in the non-volatile secure storage space 40, since the access to all files, directories, and ports in the Android system is based on policies, the security side only needs to formulate a fine-grained and high-security policy. , you can isolate the communication between applications through IPC, file system, sockets, etc.
  • the policy file may be represented in a binary form.
  • the preset rule includes at least one or more of the following:
  • the first rule is: allowing a non-secure domain application to access the non-secure domain application;
  • the second rule is: not allowing the non-secure domain application to access the security domain application;
  • the third rule is: disallowing the security domain application Accessing the non-secure domain application;
  • the fourth rule is: allowing the security domain application to access the security domain application;
  • the fifth rule is: allowing the non-secure domain application and the security domain application to access the system domain application.
  • the policy update unit 212 is responsible for performing security update of the policy file and the policy library according to the instruction of the MAC management module 112 located on the non-secure side when the application is installed or uninstalled.
  • the policy loading unit 211 is responsible for reading a policy file from a non-volatile secure storage space exclusive to the second policy management module 21, and loading the policy file to be located in a secure manner.
  • the policy library of the operating system kernel it is also responsible for responding to the instructions of the policy update unit 212, and when a new application installs or uninstalls an application, the loading process is started.
  • FIG. 3 is a schematic diagram of a process flow of a policy in a new application installation process according to an embodiment of the present invention. As shown in FIG. 3, the process mainly includes the following steps:
  • Step 301 Install a new application in a non-secure execution environment.
  • the new application refers to an application that is not installed in the electronic device, wherein the system of the electronic device is an Android system.
  • Step 302 The domain dividing unit in the first policy management module performs domain division on the new application.
  • the domain dividing unit verifies the new application according to the digital certificate signature of the new application, and if the verification passes, marking the new application as a security domain; if the verification fails, marking the new application Is a non-secure domain.
  • Step 303 The domain dividing unit sends information such as domain information and user name of the new application to the MAC management unit in the first policy management module.
  • Step 304 The MAC management unit sends a policy update instruction to the policy update unit by using the first communication proxy module.
  • the first communication proxy module is started to notify the security side update policy.
  • the step 304 may include:
  • Step 304a The first communication proxy module executes the first instruction to cause the processor to be in a security monitor mode, in which the non-secure side context is saved;
  • Step 304b The security monitor switches to the secure execution environment and restores the security side context.
  • the secure execution environment may also be referred to as a trusted execution environment.
  • steps 305 to 314 are operations performed in a secure execution environment.
  • Step 305 The policy update unit in the second management module formulates a policy for the new application, and issues an update policy library instruction.
  • the policy defined by the policy update unit for the new application is referred to as a first policy file.
  • Step 306 to step 307 The policy update unit invokes the secure storage unit to store the first policy file to the non-volatile secure storage space exclusive to the second policy management module.
  • Step 308 After completing the storage of the first policy file, the secure storage unit returns a storage success response to the policy update unit.
  • Step 309 The second management module invokes a policy loading unit to start a policy loading process.
  • Step 310 to step 312 The policy loading unit reads the first policy file and reads After the completion is completed, the first policy file is loaded into the policy library.
  • the policy library is located in the kernel of the secure operating system.
  • Step 313 The policy loading unit returns an update policy library success response to the policy update unit.
  • Step 314 The policy update unit returns a policy update complete message to the MAC management unit.
  • the step 314 can include:
  • Step 314a The second communication proxy module executes the second instruction to place the processor in a security monitor mode, in which the secure side context is saved;
  • Step 314b The security monitor switches to the non-secure execution environment and restores the non-secure side context.
  • Step 315 The MAC management unit parses the execution result returned by the security side. At this point, the new application policy is loaded, and the new application completes the installation.
  • FIG. 4 is a schematic flowchart of a process for a non-secure domain application to access a security domain application according to an embodiment of the present invention. As shown in FIG. 4, the process mainly includes the following steps:
  • Step 401 The non-secure domain application accesses the security domain application.
  • the access of the application between the domains may be detected by a domain partitioning unit in the first policy management module.
  • the non-secure domain application is application 1
  • the security domain application is application 2.
  • Step 402 The first policy management module invokes a MAC management unit to perform a permission query.
  • Step 403 The MAC management unit in the first policy management module sends a query request to a policy query unit in a second policy management module located on the security side.
  • the query request includes at least: domain information of the application 1 and the application 2.
  • the step 403 may include:
  • Step 403a The second communication proxy module saves the non-secure side context, and executes the first instruction to keep the processor in the secure mode;
  • Step 403b The security monitor (monitor) switches to the secure execution environment and restores the security side context.
  • the secure execution environment may also be referred to as a trusted execution environment.
  • steps 404 to 405 are operations performed in a secure execution environment.
  • Step 404 The policy query unit obtains the domain information of the application 1 and the application 2, and matches the policy in the policy database of the kernel of the security operating system, and the result is that the access is denied.
  • non-secure applications are not allowed to access secure domain applications.
  • Step 405 The policy query unit returns a query result to the MAC management unit.
  • the step 405 can include:
  • Step 405a The second communication agent module executes the second instruction to place the processor in a security monitor mode in which the secure side context is saved.
  • Step 405b The security monitor switches to the non-secure execution environment and restores the non-secure side context.
  • Step 406 The MAC management unit returns the query result to the access subject (ie, the non-secure domain application), and prohibits the access.
  • the MAC management unit in the first policy management module sends a message through the first communication proxy module, and switches to The secure execution environment is queried by the second policy management module located in the secure execution environment. Since the policy library is located in the secure execution environment, the security of the Android system is improved.
  • FIG. 5 is a flowchart of processing a security domain application accessing a security domain application according to an embodiment of the present invention. Intention, as shown in Figure 5, the process mainly includes the following steps:
  • Step 501 The security domain application accesses the security domain application.
  • the access of the application between the domains may be detected by a domain partitioning unit in the first policy management module.
  • Step 502 The first policy management module invokes a MAC management unit to perform a permission query.
  • Step 503 The MAC management unit in the first policy management module sends a query request to a policy query unit in a second policy management module located on the security side.
  • the query request includes at least: domain information of the access subject and the access object.
  • the step 503 can include:
  • Step 503a The second communication proxy module executes the first instruction, so that the processor is in a security monitor mode, in which the non-secure side context is saved;
  • Step 503b The security monitor switches to the secure execution environment and restores the security side context.
  • the secure execution environment may also be referred to as a trusted execution environment.
  • steps 504 to 505 are operations performed in a secure execution environment.
  • Step 504 The policy query unit obtains the domain information of the access subject and the access object, and matches the policy in the policy database of the kernel of the security operating system, and the result is allowed access.
  • Step 505 The policy query unit returns a query result to the MAC management unit.
  • the step 505 can include:
  • Step 505a The second communication proxy module saves the security side context, and executes the second instruction to keep the processor in the non-secure mode.
  • Step 505b The security monitor switches to the non-secure execution environment and restores the non-secure side context.
  • Step 506 The MAC management unit returns the query result to the access subject, allowing the access.
  • security domain applications are allowed to access each other, that is, data between security applications can be shared.
  • the embodiment of the invention further describes a computer storage medium, wherein the computer storage medium stores computer executable instructions, and the computer executable instructions are used to execute the policy management method described in the foregoing embodiments.
  • the technical solution of the present invention divides the policy management into a security side and a non-secure side by introducing a processor with a security isolation function, and has a security side and a non-secure side. Each module cooperates.
  • the non-secure side is only responsible for sending policy access commands and policy update commands to the security side, but only the command level.
  • the real policy file storage, policy file loading, policy rule calculation, and policy file update are performed.
  • the technical solution of the present invention will greatly improve the security of the Android system, compared with the security-related operation of the existing SEAndroid.
  • the disclosed apparatus and method may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner such as: multiple units or components may be combined, or Can be integrated into another system, or some features can be ignored or not executed.
  • the coupling, or direct coupling, or communication connection of the components shown or discussed may be indirect coupling or communication connection through some interfaces, devices or units, and may be electrical, mechanical or other forms. of.
  • the units described above as separate components may or may not be physically separated, and the components displayed as the unit may or may not be physical units, that is, may be located in one place or distributed to multiple network units; Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may be separately used as one unit, or two or more units may be integrated into one unit;
  • the unit can be implemented in the form of hardware or in the form of hardware plus software functional units.
  • the foregoing program may be stored in a computer readable storage medium, and the program is executed when executed.
  • the foregoing storage device includes the following steps:
  • the foregoing storage medium includes: a removable storage device, a read-only memory (ROM), a magnetic disk, or an optical disk, and the like, which can store program codes.
  • the above-described integrated unit of the present invention may be stored in a computer readable storage medium if it is implemented in the form of a software function module and sold or used as a standalone product.
  • the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium, including a plurality of instructions.
  • a computer device (which may be a personal computer, server, or network device, etc.) is caused to perform all or part of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes various media that can store program codes, such as a mobile storage device, a ROM, a magnetic disk, or an optical disk.
  • the execution environment is divided into a non-secure execution environment and a security execution environment by using a security isolation technology; in the non-secure execution environment, each application is domain-divided; according to a pre-defined policy file for each domain Providing a MAC query service by access between applications; in the secure execution environment, managing a policy file; wherein the management includes at least the following One or several of: query, load, update, store; thus, can improve the security of the Android system.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

Un mode de réalisation de la présente invention concerne un procédé de gestion de politique comprenant les étapes consistant à : adopter une technique d'isolation de sécurité et diviser un environnement d'exécution en un environnement d'exécution non sécurisé et un environnement d'exécution sécurisé; dans l'environnement d'exécution non sécurisé, diviser diverses applications en domaines, et selon un fichier de stratégie prédéfini, fournir un service de requête de commande d'accès au support (MAC) pour l'accès entre chaque application des domaines; dans l'environnement d'exécution sécurisé, gérer le fichier de politique, la gestion comprenant au moins l'un des éléments suivants : interrogation, chargement, mise à jour ou stockage. Un mode de réalisation de la présente invention décrit également un système de gestion de politique et un support de stockage informatique.
PCT/CN2016/077630 2015-07-27 2016-03-29 Procédé et système de gestion de politique, et support de stockage informatique WO2017016231A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510448288.3A CN106411814B (zh) 2015-07-27 2015-07-27 一种策略管理方法及系统
CN201510448288.3 2015-07-27

Publications (1)

Publication Number Publication Date
WO2017016231A1 true WO2017016231A1 (fr) 2017-02-02

Family

ID=57884070

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/077630 WO2017016231A1 (fr) 2015-07-27 2016-03-29 Procédé et système de gestion de politique, et support de stockage informatique

Country Status (2)

Country Link
CN (1) CN106411814B (fr)
WO (1) WO2017016231A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019237864A1 (fr) * 2018-06-12 2019-12-19 杨力祥 Architecture d'utilisateur de sécurité et procédé de contrôle d'autorité
CN113794677A (zh) * 2021-07-28 2021-12-14 北京永信至诚科技股份有限公司 一种高交互蜜罐的控制方法、装置及系统
CN114039788A (zh) * 2021-11-15 2022-02-11 绿盟科技集团股份有限公司 一种策略传输方法、网闸系统、电子设备及存储介质

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107273162A (zh) * 2017-06-13 2017-10-20 福州汇思博信息技术有限公司 一种更新安全策略文件的方法及终端
CN111400723A (zh) * 2020-04-01 2020-07-10 中国人民解放军国防科技大学 基于tee扩展的操作系统内核强制访问控制方法及系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20130101630A (ko) * 2012-02-16 2013-09-16 삼성전자주식회사 전자장치에서 펌웨어 업데이트를 위한 방법 및 장치
CN104008332A (zh) * 2014-04-30 2014-08-27 浪潮电子信息产业股份有限公司 一种基于Android平台的入侵检测系统
CN104392188A (zh) * 2014-11-06 2015-03-04 三星电子(中国)研发中心 一种安全数据存储方法和系统
CN104601580A (zh) * 2015-01-20 2015-05-06 浪潮电子信息产业股份有限公司 一种基于强制访问控制的策略容器设计方法

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101727555A (zh) * 2009-12-04 2010-06-09 苏州昂信科技有限公司 一种操作系统的访问控制方法及其实现平台
CN101783799A (zh) * 2010-01-13 2010-07-21 苏州国华科技有限公司 一种强制访问控制方法及其系统
CN101997912A (zh) * 2010-10-27 2011-03-30 苏州凌霄科技有限公司 基于Android平台的强制访问控制装置及控制方法
US20140365781A1 (en) * 2013-06-07 2014-12-11 Technische Universitaet Darmstadt Receiving a Delegated Token, Issuing a Delegated Token, Authenticating a Delegated User, and Issuing a User-Specific Token for a Resource

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20130101630A (ko) * 2012-02-16 2013-09-16 삼성전자주식회사 전자장치에서 펌웨어 업데이트를 위한 방법 및 장치
CN104008332A (zh) * 2014-04-30 2014-08-27 浪潮电子信息产业股份有限公司 一种基于Android平台的入侵检测系统
CN104392188A (zh) * 2014-11-06 2015-03-04 三星电子(中国)研发中心 一种安全数据存储方法和系统
CN104601580A (zh) * 2015-01-20 2015-05-06 浪潮电子信息产业股份有限公司 一种基于强制访问控制的策略容器设计方法

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019237864A1 (fr) * 2018-06-12 2019-12-19 杨力祥 Architecture d'utilisateur de sécurité et procédé de contrôle d'autorité
CN113794677A (zh) * 2021-07-28 2021-12-14 北京永信至诚科技股份有限公司 一种高交互蜜罐的控制方法、装置及系统
CN114039788A (zh) * 2021-11-15 2022-02-11 绿盟科技集团股份有限公司 一种策略传输方法、网闸系统、电子设备及存储介质
CN114039788B (zh) * 2021-11-15 2023-05-26 绿盟科技集团股份有限公司 一种策略传输方法、网闸系统、电子设备及存储介质

Also Published As

Publication number Publication date
CN106411814B (zh) 2019-12-06
CN106411814A (zh) 2017-02-15

Similar Documents

Publication Publication Date Title
JP7086908B2 (ja) 対象のコンピューティング装置で実施される動作を認証する方法
US10929540B2 (en) Trusted updates
US9916475B2 (en) Programmable interface for extending security of application-based operating system
Smalley et al. Security enhanced (se) android: bringing flexible mac to android.
US8220029B2 (en) Method and system for enforcing trusted computing policies in a hypervisor security module architecture
RU2679721C2 (ru) Аттестация хоста, содержащего доверительную среду исполнения
JP6392879B2 (ja) モバイル通信装置およびその動作方法
KR102244645B1 (ko) 인증된 변수의 관리
US8909940B2 (en) Extensible pre-boot authentication
Bugiel et al. Practical and lightweight domain isolation on android
KR102233356B1 (ko) 모바일 통신 디바이스 및 그 작동 방법
KR101176646B1 (ko) 상태 검증을 사용하는 보호된 오퍼레이팅 시스템 부팅을 위한 시스템 및 방법
TWI601064B (zh) 用以取用基本輸入輸出系統的功能之以網路為基礎的介面
KR101308859B1 (ko) 임시 관리자 권한 부여 기능을 가진 단말기 및 이를 이용한 임시 관리자 권한 부여 방법
KR101281678B1 (ko) 이동 저장 장치에서 호스트 인증 방법, 호스트 인증을 위한정보 제공 방법, 장치, 및 기록매체
WO2017016231A1 (fr) Procédé et système de gestion de politique, et support de stockage informatique
KR20130040692A (ko) 보안 웹 위젯 런타임 시스템을 위한 방법 및 장치
US20160004859A1 (en) Method and system for platform and user application security on a device
CN112446029A (zh) 可信计算平台
Yao et al. Building Secure Firmware
US11301228B2 (en) Managing removal and modification of installed programs on a computer device
Rodríguez-Mota et al. Malware analysis and detection on android: the big challenge
CN113515779A (zh) 文件的完整性校验方法、装置、设备及存储介质
Dimou Automatic security hardening of Docker containers using Mandatory Access Control, specialized in defending isolation
Iannillo et al. An REE-independent Approach to Identify Callers of TEEs in TrustZone-enabled Cortex-M Devices

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16829599

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16829599

Country of ref document: EP

Kind code of ref document: A1