CN101950339B - Security protection method and system of computer - Google Patents
Security protection method and system of computer Download PDFInfo
- Publication number
- CN101950339B CN101950339B CN 201010281207 CN201010281207A CN101950339B CN 101950339 B CN101950339 B CN 101950339B CN 201010281207 CN201010281207 CN 201010281207 CN 201010281207 A CN201010281207 A CN 201010281207A CN 101950339 B CN101950339 B CN 101950339B
- Authority
- CN
- China
- Prior art keywords
- thread
- executable module
- sign indicating
- indicating number
- condition code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a security protection method and system of the computer. The method comprises the following steps: generating the character codes and classifying identification codes corresponding to safe executable modules, dividing a client into a social region, a system region and a work region, during the running of a process or thread on the client, calculating the character code of the process or thread, and labeling the process or thread to be a work attribute or social attribute according to whether the character code of the process or thread is known and whether a website except the safe websites and the category thereof are accessed, so as to obtain different rights of the resources of the client. By using the method of the invention, the client can run unknown executable modules without depending on the virus database and the behavior recognition of software and the operating system and the data of the application program can not be damaged.
Description
Technical field
The present invention relates to a kind of computer security means of defence and system.
Background technology
For in response to the viral wooden horse that emerges in an endless stream, no matter the technology that adopts Passive Defence still initiatively to defend at present, virus base is all more and more huger.Even like this can not total ban unknown virus wooden horse to the destruction of computer system.Because the diversity of computer program, complicacy and the characteristic that constantly changes; Determined that initiatively defense technique can only the identification division program; Can't carry out identification to all programs or module; So still, to rely on virus base and software action to discern, so just the chance of invasion is provided for the activity of unknown virus.
Summary of the invention
Technical matters to be solved by this invention provides a kind of computer security means of defence and system, makes to rely on virus base and software action identification, can move unknown executable module, and the application data of operating system with safety not damaged.
For solving the problems of the technologies described above, technical scheme of the present invention is following:
A kind of computer security means of defence may further comprise the steps:
Generate and safe executable module characteristic of correspondence sign indicating number and class indication sign indicating number at central server, this class indication sign indicating number comprises type codes and name of product sign indicating number;
Set up social district, system region and workspace in client computer, this society district is included in the assigned catalogue of setting up on the client computer disk, and the assigned finger of setting up at registration table; This system region comprises the operating system catalogue; This workspace comprises catalogue and the registration table except that system region is distinguished with society;
When client computer operation process or thread; Calculate the condition code of this process or thread, carry out for the first time in this way, and the local condition code that does not have coupling; Then in central server, retrieve through this condition code; There is the name of product sign indicating number corresponding like central server, then download all corresponding condition codes of this name of product sign indicating number, add local module feature database with this condition code;
For the process or the thread of client computer operation, judge whether following condition is all set up:
The condition code of the executable module that loads is the condition code in the local module feature database;
There is not the network address beyond the access security network address;
Process or thread be not at the assigned catalogue in society district;
If all set up, then process or thread are marked as working attributes: be marked as the process or the thread of working attributes, can carry out all operations to system region and workspace, have only the operating system process just can visit to the society district;
Otherwise; Process or thread are marked as social property: be marked as the process or the thread of social property, except that process or thread place catalogue, can't see any information in workspace; And, be redirected to the assigned finger and the assigned catalogue in society district to registration table and disk operating beyond the society district.
Said generation comprises with the step of executable module characteristic of correspondence sign indicating number of safety: judge the form of executable module, and calculation check with; Calculate the Length Indication of executable module.
Said computer security means of defence can comprise further that also the condition code of the new executable module that the process that will be marked as working attributes automatically or thread produce joins local module feature database.
Said computer security means of defence can comprise further that also prohibition flag is the process or the thread load driver of social property.
Said computer security means of defence can comprise further that also the process that is labeled as social property or thread global application hook return failure when calling.
Said computer security means of defence can comprise further that also the process that is labeled as social property or thread remote thread return failure when injecting;
Said computer security means of defence can comprise further that also prohibition flag is the process of social property or the process process in addition that thread stops being marked as social property, and direct read disk and internal memory.
According to a further aspect in the invention, a kind of computer security guard system is provided, comprises:
Central server, it generates executable module characteristic of correspondence sign indicating number and class indication sign indicating number with safety, and this class indication sign indicating number comprises type codes and name of product sign indicating number;
Computer security protection client, it sets up social district, system region and workspace in client computer, and this society district is included in the assigned catalogue of setting up on the client computer disk, and the assigned finger of setting up at registration table; This system region comprises the operating system catalogue; This workspace comprises catalogue and the registration table except that system region is distinguished with society;
When client computer operation process or thread; Said computer security protection client is calculated the condition code of this process or thread, carries out for the first time in this way, and the local condition code that does not have coupling; Then in central server, retrieve through this condition code; There is the name of product sign indicating number corresponding like central server, then download all corresponding condition codes of this name of product sign indicating number, add local module feature database with this condition code;
For the process or the thread of client computer operation, said computer security protection client judges whether following condition is all set up:
The condition code of the executable module that loads is the condition code in the local module feature database;
There is not the network address beyond the access security network address;
Process or thread be not at the assigned catalogue in society district;
If all set up, then process or thread are marked as working attributes: be marked as the process or the thread of working attributes, can carry out all operations to system region and workspace, have only the operating system process just can visit to the society district;
Otherwise; Process or thread are marked as social property: be marked as the process or the thread of social property, except that process or thread place catalogue, can't see any information in workspace; And, be redirected to the assigned finger and the assigned catalogue in society district to registration table and disk operating beyond the society district.
A kind of computer security means of defence of the present invention and system; Be divided into system region, workspace and society district to client resource; Through the different access authority to these three districts being set for the process or the thread that are marked as different operation attributes, realize the isolation in workspace and society district.For a large amount of unknown executable modules; When operation, all can be labeled as social property; Be marked as the process or the thread of social property, can only carry out read-only operation, every other operation beyond the society district all is redirected to society's district's operation system region and current directory; Owing to can't see workspace information, reached of the isolation of social district with the workspace data.Simultaneously system there is the operation conductively-closed of destruction.Therefore,, can not cause the leakage of any damage or workspace data yet, reach the effect of the viral wooden horse of thorough shielding the workspace data even a large amount of Viruses are arranged.Than higher environment, all right total ban social property process or thread operation can avoid viral wooden horse to utilize this machine that remote machine is attacked like this for security level required.
Description of drawings
Fig. 1 is the protection process flow diagram of computer security protection client of the present invention.
Embodiment
According to accompanying drawing, provide preferred embodiment of the present invention, and describe in detail below, enable to understand better function of the present invention, characteristics.
Computer security guard system of the present invention comprises central server and computer security protection client.
Central server generates the executable module characteristic of correspondence sign indicating number with safety, and collects these condition codes, as the part of executable module sign, adds the center module feature database.
The form of executable module file comprises com, MZ, NE, LE, PE, and most executable modules are PE forms.Corresponding condition code building method is following:
Calculation check with:
For the executable module of com, MZ form, generally to whole file calculation check with;
For the executable module of NE, LE form, only DOS head and corresponding NE head, LE head are carried out verification and calculating;
For the executable module of PE form, only DOS head and corresponding PE head and joint table are carried out verification and calculating.
2. calculate the Length Indication of executable module:
If the physical length of executable module is no more than 2 bytes, then with the Length Indication of the physical length of executable module as this executable module; Otherwise, through the physical length of executable module is divided by with the signless integer of double byte, thereby obtain the remainder of 2 bytes, with of the Length Indication of this remainder as this executable module.
The verification of calculating is 2 bytes with, Length Indication, and they constitute the condition code of the executable module of 4 bytes together.For example, for executable module qq.exe, its condition code is:
10110000000000000000011100000000。
It will be understood by those of skill in the art that above-mentioned condition code can adopt the additive method structure, as long as executable module can be unique corresponding with this condition code.
In order at central server executable module to be carried out Classification Management and to be convenient to computer security protection client downloads with the relevant condition code of current computer; The executable module sign of each executable module is except the condition code of 4 bytes; The class indication sign indicating number that also has 4 bytes; Generated by central server, this class indication sign indicating number comprises type codes and name of product sign indicating number.
Type codes: consider that 512 types should be enough to therefore arrange 8 positions to the executable module classification.For example, can be with 00110000 expression instant messaging type.
The name of product sign indicating number: consider the diversity of product, 24 of each type arrangements are used to represent name of product.For example, can be with 000000000000000000110001 expression Tengxun instant messaging product.
So each executable module sign comprises 8 bytes, wherein 4 bytes are class indication sign indicating numbers, and other 4 bytes are condition codes.
The generation method of above-mentioned condition code and class indication sign indicating number also is applicable to the executable module that security is uncertain.
After client installs, when moving first can to the current operation system version and installation application software scan.For operating system, directly download and operating system version characteristic of correspondence sign indicating number; For mounted application software; Can calculate 4 byte condition codes of arbitrary executable module under the installation directory; And in central server, retrieve through this condition code; There is the name of product sign indicating number corresponding like central server, then download all corresponding condition codes of this name of product sign indicating number, add local module feature database with this condition code; For the new application software of subsequent installation, also can download the characteristic of correspondence sign indicating number when using for the first time through top method.These condition codes constitute local module feature database.
Set up social district, system region and workspace in client computer after installing client.
System region comprises the operating system catalogue, just is meant other catalogues that Windows or WINNT catalogue and operating system installation produce for Windows operating system.
Society distinguishes the assigned catalogue that is included in each disk partition, and promptly society distinguishes catalogue, and for example the HU119VM catalogue under the root directory for Windows operating system, also comprises all assigned finger in the registration table, and promptly society distinguishes and props up, for example HU119VM branch.
The workspace comprises removes system region and society's outer all catalogues and registration table in district.
Working attributes: in the time of process or thread operation; If the condition code of the executable module that loads is the condition code in the local module feature database; There is not the network address (safe network address is provided by central server) beyond the access security network address simultaneously; The process current directory then is marked as working attributes not in the society district simultaneously.Be marked as the process or the thread of working attributes, can carry out all operations, have only the operating system process just can visit society's district's information to system region and workspace.Process or thread with working attributes all are true operation to the visit of operating system and the operation of file data.
Social property: in the time of process or thread operation; If the condition code of the executable module that loads is the condition code beyond the local module feature database; Or visited the network address beyond the safe network address, or the process current directory is arranged in the society district, then is marked as social property.Be marked as the process or the thread of social property; Except that current directory, can't see any information in workspace and, all be virtual registration table and disk operating beyond the society district; Be redirected to society and distinguish and society's district's catalogue, but be fully transparent for current process or thread.
The society's allocation manager of district in registration table described below for example.To arbitrary registry operations, the courses of action that are reflected to core have only both of these case:
, and
\\\\Registry\\USER\\xxxxxx\\xxxxxx。
Society's district's registry branches fixedly is arranged in the 3rd joint back:
, and
\\\\Registry\\USER\\xxxxxx\\hu119vm\\xxxxxx。
So be labeled as process or the thread of social property revise registration table the time, actual be to modification.
The society's allocation manager of district in disk partition described below for example.To any file partition, this partition root catalogue all can be distributed society's district's catalogue "/hu119vm ".
Module characteristic, web-page requests mode and the residing position of process current directory of the executable module that loads according to process or thread, this process or thread are dynamically labeled to be two operation attributes: working attributes and social property.Process or thread with different attribute have different access client access authorization for resource: the process of social property or thread, except self current directory, can't see workspace information; The process of working attributes and thread (except the operating system process) can't see social district information.So just workspace and the social data of distinguishing have been accomplished the effect of isolating, the process of social property or thread can not actual modification society be distinguished any information in addition simultaneously, have also guaranteed the stable of operating system, remove operating system file.
In order both to guarantee the operation of unknown program, again system region and workspace data are had no destruction simultaneously, therefore process or the thread authority that is labeled as social property is provided with as follows:
A) all drive to load and to be under an embargo, and that is to say process or thread with social property, can only move in application layer, can not installing drive;
B) the global application hook calls, and returns failure;
C) remote thread injects, and returns failure;
D) forbid stopping being marked as process beyond the process of social property;
E) direct read disk and internal memory are under an embargo;
F) except that self catalogue, the file that can not visit the workspace;
G) all write operations to registration table beyond the society district and file all are redirected to society's differentiation and prop up district's catalogue with society.
Introduce for example the visit of the process that is labeled as social property or thread below to client resource:
1. to the write operation of file beyond the society district, all be redirected in society's district's catalogue of current disk partition.As: written document c: the time, filter Driver on FSD can write c:; Want written document d: the time, filter Driver on FSD can write d:.
2. to the read operation of file, except can seeing the system region catalogue, just can only see the information under society district (hu119vm) catalogue under program self current path and each disk partition.As read file c:; Filter Driver on FSD can read earlier c:; Do not exist like this file, just can go to read real file c:.As read file d:; Filter Driver on FSD can directly read d:; Like failure, then directly return failure, because the workspace is not allow process with social property and thread accesses; Catalogue as corresponding in the society district does not exist, and just representes that this document does not exist.
3. to the write operation of registration table, fixing social a differentiation of all being redirected to corresponding registration table is propped up, and society distinguishes to prop up and distributes the face introduction of seing before.As: write registration table, the registration table filtration drive can write; Write the registration plain, the registration table filtration drive can write.
4. to the read operation of registration table.As: read registration table; The registration table filtration drive is Du earlier, then can show disrespect on true Di Fang like failure;
Described in top access file and registration table, realize invisible between workspace and the society district through filter Driver on FSD, through the protection of registration table filtration drive realization to registration table.
For the installation kit with the social property operation, the program of installation all can be write in the society district, handles through merging like this as not, from start menu, just can't see the application program of firm installation.At this time; System process is through merging processing to corresponding start menu catalogue in corresponding catalogue of start menu such as the society district in internal memory; The operating system process just can show the application program of firm installation on start menu like this, other special processings, by that analogy.
With reference to figure 1; The protection flow process of computer security protection client is (convenient for describing as follows; The executable module that condition code is recorded in the local module feature database is defined as known module, and the executable module that condition code is not recorded in the local module feature database is defined as unknown modules):
Start new process: the condition code of calculating 4 bytes of this executable module earlier; Calculate the condition code of this process or thread, carry out for the first time in this way, and the local condition code that does not have coupling; Then in central server, retrieve through this condition code; There is corresponding name of product sign indicating number like central server, then downloads all corresponding condition codes of this name of product sign indicating number, add local module feature database;
For the process or the thread of client computer operation, judge whether following condition is all set up:
The condition code of the executable module that loads is the condition code in the local module feature database;
There is not the network address beyond the access security network address;
Process or thread be not at the assigned catalogue in society district;
If all set up, then process or thread are marked as working attributes: be marked as the process or the thread of working attributes, can carry out all operations to system region and workspace, have only the operating system process just can visit to the society district;
Otherwise; Process or thread are marked as social property: be marked as the process or the thread of social property, except that process or thread place catalogue, can't see any information in workspace; And, be redirected to society's differentiation and prop up district's catalogue with society to registration table and disk operating beyond the society district.
For the new executable module of process that is marked as working attributes or thread generation, the condition code with this executable module joins local module feature database automatically.
Obviously, under above-mentioned instruction, possibly carry out multiple correction and modification, and within the scope of the appended claims, the present invention can implement to be different from specifically described mode to the present invention.
Claims (10)
1. computer security means of defence may further comprise the steps:
(1-1) generate and safe executable module characteristic of correspondence sign indicating number and class indication sign indicating number at central server, this class indication sign indicating number comprises type codes and name of product sign indicating number;
(1-2) set up social district, system region and workspace in client computer, this society district is included in the assigned catalogue of setting up on the client computer disk, and the assigned finger of setting up at registration table; This system region comprises the operating system catalogue; This workspace comprises catalogue and the registration table except that system region is distinguished with society;
When (1-3) client computer is moved process or thread; Calculate the condition code of the executable module of this process or thread loading, carry out for the first time in this way, and the local condition code that does not have coupling; Then in central server, retrieve through this condition code; There is the name of product sign indicating number corresponding like central server, then download all corresponding condition codes of this name of product sign indicating number, add local module feature database with this condition code;
(1-4) for the process or the thread of client computer operation, judge whether following condition is all set up:
The condition code of the executable module that loads is the condition code in the local module feature database;
There is not the network address beyond the access security network address;
Process or thread be not at the assigned catalogue in society district;
If all set up, then process or thread are marked as working attributes: be marked as the process or the thread of working attributes, can carry out all operations to system region and workspace, have only the operating system process just can visit to the society district;
Otherwise; Process or thread are marked as social property: be marked as the process or the thread of social property, except that process or thread place catalogue, can't see any information in workspace; And, be redirected to the assigned finger and the assigned catalogue in society district to registration table and disk operating beyond the society district.
2. the method for claim 1, said generation comprises with the step of the executable module characteristic of correspondence sign indicating number of safety:
(2-1) judge the form of executable module, and calculation check with:
If executable module is com, MZ form, then to whole file calculation check with;
If executable module is NE, LE form, then only to DOS head and corresponding NE head, a LE calculation check and;
If executable module is the PE form, then only to DOS head and corresponding PE head and joint table calculation check with;
(2-2) Length Indication of calculating executable module:
If the physical length of executable module is no more than 2 bytes, then with the Length Indication of this physical length as this executable module;
Otherwise, this physical length is divided by with the signless integer of double byte, obtain the remainder of 2 bytes, with of the Length Indication of this remainder as this executable module.
3. the method for claim 1 comprises that further the condition code of the new executable module that the process that will be marked as working attributes automatically or thread produce joins local module feature database.
4. the method for claim 1 comprises that further prohibition flag is the process or the thread load driver of social property.
5. the method for claim 1 comprises that further the process that is labeled as social property or thread global application hook return failure when calling.
6. the method for claim 1 comprises that further the process that is labeled as social property or thread remote thread return failure when injecting.
7. the method for claim 1 comprises that further prohibition flag is the process of social property or the process process in addition that thread stops being marked as social property, and direct read disk and internal memory.
8. computer security guard system comprises:
Central server, it generates executable module characteristic of correspondence sign indicating number and class indication sign indicating number with safety, and this class indication sign indicating number comprises type codes and name of product sign indicating number;
Computer security protection client, it sets up social district, system region and workspace in client computer, and this society district is included in the assigned catalogue of setting up on the client computer disk, and the assigned finger of setting up at registration table; This system region comprises the operating system catalogue; This workspace comprises catalogue and the registration table except that system region is distinguished with society;
When client computer operation process or thread; Said computer security protection client is calculated the condition code of the executable module of this process or thread loading, carries out for the first time in this way, and the local condition code that does not have coupling; Then in central server, retrieve through this condition code; There is the name of product sign indicating number corresponding like central server, then download all corresponding condition codes of this name of product sign indicating number, add local module feature database with this condition code;
For the process or the thread of client computer operation, said computer security protection client judges whether following condition is all set up:
The condition code of the executable module that loads is the condition code in the local module feature database;
There is not the network address beyond the access security network address;
Process or thread be not at the assigned catalogue in society district;
If all set up, then process or thread are marked as working attributes: be marked as the process or the thread of working attributes, can carry out all operations to system region and workspace, have only the operating system process just can visit to the society district;
Otherwise; Process or thread are marked as social property: be marked as the process or the thread of social property, except that process or thread place catalogue, can't see any information in workspace; And, be redirected to the assigned finger and the assigned catalogue in society district to registration table and disk operating beyond the society district.
9. system as claimed in claim 8, said executable module characteristic of correspondence sign indicating number with safety comprise verification and with the Length Indication of executable module, wherein:
If executable module is com, MZ form, then to whole file calculation check with;
If executable module is NE, LE form, then only to DOS head and corresponding NE head, a LE calculation check and;
If executable module is the PE form, then only to DOS head and corresponding PE head and joint table calculation check with;
If the physical length of executable module is no more than 2 bytes, then with the Length Indication of this physical length as this executable module;
Otherwise, this physical length is divided by with the signless integer of double byte, obtain the remainder of 2 bytes, with of the Length Indication of this remainder as this executable module.
10. system as claimed in claim 8, said computer security protection client will be marked as the process of working attributes automatically or the condition code of the new executable module that thread produces joins local module feature database.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010281207 CN101950339B (en) | 2010-09-14 | 2010-09-14 | Security protection method and system of computer |
| PCT/CN2011/001037 WO2012034349A1 (en) | 2010-09-14 | 2011-06-21 | Method and system for protecting computer safety |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010281207 CN101950339B (en) | 2010-09-14 | 2010-09-14 | Security protection method and system of computer |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101950339A CN101950339A (en) | 2011-01-19 |
| CN101950339B true CN101950339B (en) | 2012-01-25 |
Family
ID=43453838
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010281207 Active CN101950339B (en) | 2010-09-14 | 2010-09-14 | Security protection method and system of computer |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101950339B (en) |
| WO (1) | WO2012034349A1 (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101950339B (en) * | 2010-09-14 | 2012-01-25 | 上海置水软件技术有限公司 | Security protection method and system of computer |
| CN102254112A (en) * | 2011-06-13 | 2011-11-23 | 上海置水软件技术有限公司 | Safe web browsing method |
| CN102945342B (en) * | 2012-09-29 | 2015-08-05 | 北京奇虎科技有限公司 | Progress recognizing method, device and terminal device |
| CN102982275A (en) * | 2012-11-14 | 2013-03-20 | 北京奇虎科技有限公司 | Security control method and device for running applications |
| CN103679024B (en) * | 2013-11-19 | 2015-03-25 | 百度在线网络技术(北京)有限公司 | Virus treating method and device |
| CN107122663B (en) * | 2017-04-28 | 2021-04-02 | 北京梆梆安全科技有限公司 | Injection attack detection method and device |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1158610C (en) * | 2001-03-05 | 2004-07-21 | 中国科学院计算技术研究所 | A Computer System with Security Level Partition Isolation |
| CN1766845A (en) * | 2005-11-30 | 2006-05-03 | 吴晓栋 | Method for realizing high security and recoverable file system |
| CN1900941A (en) * | 2006-04-28 | 2007-01-24 | 傅玉生 | Computer safety protective method based on software identity identifying technology |
| CN100481101C (en) * | 2006-07-19 | 2009-04-22 | 谢朝霞 | Method for computer safety start |
| CN101662467B (en) * | 2009-09-27 | 2012-08-22 | 成都市华为赛门铁克科技有限公司 | Scanning method and device thereof |
| CN101799751B (en) * | 2009-12-02 | 2013-01-02 | 山东浪潮齐鲁软件产业股份有限公司 | Method for building monitoring agent software of host machine |
| CN101950339B (en) * | 2010-09-14 | 2012-01-25 | 上海置水软件技术有限公司 | Security protection method and system of computer |
-
2010
- 2010-09-14 CN CN 201010281207 patent/CN101950339B/en active Active
-
2011
- 2011-06-21 WO PCT/CN2011/001037 patent/WO2012034349A1/en active Application Filing
Also Published As
| Publication number | Publication date |
|---|---|
| CN101950339A (en) | 2011-01-19 |
| WO2012034349A1 (en) | 2012-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3123311B1 (en) | Malicious code protection for computer systems based on process modification | |
| CN103198255B (en) | Method and system for monitoring and intercepting sensitive behaviour of Android software | |
| CN102902919B (en) | A kind of identifying processing methods, devices and systems of suspicious operation | |
| CN103559446B (en) | Dynamic virus detection method and device for equipment based on Android system | |
| CN101950339B (en) | Security protection method and system of computer | |
| Do et al. | Enhancing user privacy on android mobile devices via permissions removal | |
| CN105760787B (en) | System and method for the malicious code in detection of random access memory | |
| JP2019503539A (en) | System and method for auditing virtual machines | |
| CN105205413B (en) | A kind of guard method of data and device | |
| US7770202B2 (en) | Cross assembly call interception | |
| CN113138836B (en) | Escape prevention method using escape prevention system based on Docker container | |
| CN102592086A (en) | Method and device for browsing webpages in sandbox | |
| JP6450022B2 (en) | Analysis device, analysis method, and analysis program | |
| CN109587151A (en) | Access control method, device, equipment and computer readable storage medium | |
| Lee et al. | Protecting data on android platform against privilege escalation attack | |
| Alfalqi et al. | Android platform malware analysis | |
| JP2014109999A (en) | Information processing device, method and program | |
| CN115374481B (en) | Data desensitization processing method and device, storage medium and electronic equipment | |
| CN106203110A (en) | Android safety enhancing system based on resolving inversely mechanism | |
| US10445499B1 (en) | Grouping application components for classification and malware detection | |
| CN105956459A (en) | Method and equipment for managing user permission | |
| CN108038380A (en) | Inoculator and antibody for computer security | |
| US7797727B1 (en) | Launching an application in a restricted user account | |
| CN105791221A (en) | Method and device for issuing rules | |
| CN115357762A (en) | Data verification method and device, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| DD01 | Delivery of document by public notice |
Addressee: Zhao Xiaobo Document name: Notification that Application Deemed not to be Proposed |
|
| ASS | Succession or assignment of patent right |
Owner name: HU ZHISHUI Free format text: FORMER OWNER: SHANGHAI ZHISHUI SOFTWARE TECHNOLOGY CO., LTD. Effective date: 20131111 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 201805 JIADING, SHANGHAI TO: 200233 XUHUI, SHANGHAI |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20131111 Address after: 200233 Shanghai Road, Guiping, No. 481, building 5, building, 5A4, 15 Patentee after: Hu Zhishui Address before: 201805, room 155, Xinyuan Road, Anting Town, Shanghai, Jiading District, 1627 Patentee before: Shanghai Zhishui Software Technology Co., Ltd. |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20161229 Address after: 200333 Zhongjiang Road, Putuo District, No. 879, building 9, building 3, building Patentee after: Shanghai xinwangcheng information technology Limited by Share Ltd Address before: 200233 Shanghai Road, Guiping, No. 481, building 5, building, 5A4, 15 Patentee before: Hu Zhishui |