CN102819709B - A kind of method and device realizing security of system - Google Patents
A kind of method and device realizing security of system Download PDFInfo
- Publication number
- CN102819709B CN102819709B CN201210291563.1A CN201210291563A CN102819709B CN 102819709 B CN102819709 B CN 102819709B CN 201210291563 A CN201210291563 A CN 201210291563A CN 102819709 B CN102819709 B CN 102819709B
- Authority
- CN
- China
- Prior art keywords
- bag
- application
- operating system
- rescue
- rescue bag
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 230000008569 process Effects 0.000 claims abstract description 33
- 238000009434 installation Methods 0.000 claims description 25
- 238000011900 installation process Methods 0.000 claims description 10
- 238000009826 distribution Methods 0.000 claims description 4
- 230000002155 anti-virotic effect Effects 0.000 description 16
- 238000012544 monitoring process Methods 0.000 description 13
- 238000010586 diagram Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 9
- 241000700605 Viruses Species 0.000 description 7
- 238000004590 computer program Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 230000008859 change Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 230000026676 system process Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000001914 filtration Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000007717 exclusion Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
Landscapes
- Alarm Systems (AREA)
Abstract
The invention discloses one and realize security of system method, for improving security of system.Described method comprises: operating system receives application bag; Operating system determines the rescue bag of the application bag safety being responsible for receiving; The application bag received is sent to the rescue bag determined by operating system, carries out the process of secure context to indicate rescue bag to the application bag received.The invention also discloses the device for realizing described method.
Description
Technical field
The present invention relates to computing machine and security technology area, particularly relate to a kind of method and the device that realize security of system.
Background technology
Along with the development of the communication technology, the electronic equipment such as computing machine and mobile terminal is widely used.Thing followed security of system problem also becomes the focus of concern.
At present, the implementation procedure of security of system is as follows, shown in Figure 1:
Case antivirus software on an operating system in advance.
Step 101: amendment system entry table after antivirus software runs.Now only have this antivirus software can perform virus killing function, other antivirus software cannot realize.
Step 102: antivirus software monitors each port in real time.
Step 103: antivirus software finds that there is application software by monitoring to be needed to install.
Step 104: antivirus software carries out virus investigation to application software to be installed.
Step 105: if do not find virus, then antivirus software allows application software to continue to install.
As can be seen here, system entry table is the resource that all antivirus softwares are shared, and can only be taken, run so cannot realize multiple antivirus software simultaneously within a period of time by an antivirus software.
Summary of the invention
The embodiment of the present invention provides a kind of method and the device that realize security of system, for improving security of system.
Realize a method for security of system, comprise the following steps: operating system receives application bag; Operating system determines the rescue bag of the application bag safety being responsible for receiving; The application bag received is sent to the rescue bag determined by operating system, carries out the process of secure context to indicate rescue bag to the application bag received.In the present embodiment each rescue bag no longer shared system enter oral thermometer, by rescue bag active process application bag change into operating system initiatively dispensing applications bag to rescue bag.Carry out overall scheduling by operating system, improve security of system.Application can be responsible for assigning to multiple rescue bag by overall scheduling by operating system, thus can realize multiple rescue bag and run simultaneously.
Preferably, the step that operating system determines the rescue bag of the application bag safety being responsible for receiving comprises: the descriptor of operating system foundation rescue bag determines the rescue bag of the application bag safety being responsible for receiving, wherein, descriptor comprises the functional description of the secure context that rescue bag provides, and operating system obtains this descriptor in the installation process of installation kit.In the present embodiment, operating system knows the function of each rescue bag by descriptor, and then can determine the rescue bag can being responsible for described application bag safety more accurately.
Preferably, the step that operating system determines the rescue bag of the application bag safety being responsible for receiving comprises: operating system determines the rescue bag of the application bag safety being responsible for receiving from user configured rescue bag.
Preferably, that applies that handbag draws together in installation procedure, file and message is one or more.In the present embodiment, application bag can be any data needing security monitoring that operating system receives.
Realize a method for security of system, comprise the following steps: by monitoring, security module finds that operating system receives application bag; Security module receives the application bag that operating system sends; Rescue bag carries out the process of secure context to the application bag received.Security module no longer needs amendment system entry table after running, just can carry out safe handling to application bag after receiving application bag.Can not mutual exclusion be there is between multiple rescue bag, can run simultaneously.
Preferably, by monitoring, security module finds that operating system receives application bag before, also comprise step: descriptor is sent to operating system by security module in installation process, wherein, descriptor comprises the functional description of the secure context that rescue bag provides.The function that self supports is supplied to operating system by security module, so that operating system Dispatch Safety module more accurately.
Realize a device for security of system, comprising:
Interface module, for receiving application bag;
Enquiry module, for determining the rescue bag of the application bag safety being responsible for receiving;
Distribution module, for the application received bag is sent to the rescue bag determined, carries out the process of secure context to indicate rescue bag to the application bag received.
The descriptor of enquiry module foundation rescue bag determines the rescue bag of the application bag safety being responsible for receiving, wherein, descriptor comprises the functional description of the secure context that rescue bag provides, and enquiry module obtains this descriptor by interface module in the installation process of installation kit.
Enquiry module determines the rescue bag of the application bag safety being responsible for receiving from user configured rescue bag.
It is one or more that application handbag is drawn together in installation procedure, file and message.
Realize a device for security of system, comprising:
Monitoring module, for finding that by monitoring operating system receives application bag;
Interface module, for receiving the application bag that operating system sends;
Processing module, for carrying out the process of secure context to the application bag received.
Interface module also for sending to operating system by descriptor in installation process, and wherein, descriptor comprises the functional description of the secure context that rescue bag provides.
Other features and advantages of the present invention will be set forth in the following description, and, partly become apparent from instructions, or understand by implementing the present invention.Object of the present invention and other advantages realize by structure specifically noted in write instructions, claims and accompanying drawing and obtain.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Accompanying drawing explanation
Accompanying drawing is used to provide a further understanding of the present invention, and forms a part for instructions, together with embodiments of the present invention for explaining the present invention, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the method flow diagram of antivirus software monitoring installation procedure in prior art;
Fig. 2 is the method flow diagram realizing operating system side in security of system process in the embodiment of the present invention;
Fig. 3 is the method flow diagram realizing rescue bag side in security of system process in the embodiment of the present invention;
Fig. 4 is the implementation method process flow diagram of security of system when application bag is installation procedure in the embodiment of the present invention;
Fig. 5 is the implementation method process flow diagram of security of system when application bag is note in the embodiment of the present invention;
Fig. 6 is the structural drawing of operating system device in the embodiment of the present invention;
Fig. 7 is the structural drawing of safety feature in the embodiment of the present invention.
Embodiment
Below in conjunction with accompanying drawing, the preferred embodiments of the present invention are described, should be appreciated that preferred embodiment described herein is only for instruction and explanation of the present invention, is not intended to limit the present invention.
In the present embodiment each rescue bag no longer shared system enter oral thermometer, by rescue bag active process application bag change into operating system initiatively dispensing applications bag to rescue bag.Carry out overall scheduling by operating system, improve security of system.Application can be responsible for assigning to multiple rescue bag by overall scheduling by operating system, thus can realize multiple rescue bag and run simultaneously.
See Fig. 2, the method flow realizing operating system side in security of system process in the present embodiment is as follows:
Step 201: operating system receives application bag.
Step 202: operating system determines the rescue bag of the application bag safety being responsible for receiving.
Step 203: the application bag received is sent to the rescue bag determined by operating system, carries out the process of secure context to indicate rescue bag to the application bag received.
In step 202., specific implementation has multiple, descriptor as operating system foundation rescue bag determines the rescue bag of the application bag safety being responsible for receiving, wherein, descriptor comprises the functional description of the secure context that rescue bag provides, and operating system obtains this descriptor in the installation process of installation kit.And/or operating system determines the rescue bag of the application bag safety being responsible for receiving from user configured rescue bag.That is, operating system, according to descriptor, determines the rescue bag of the application bag safety being responsible for receiving from user configured rescue bag.The rescue bag of the application bag safety being responsible for receiving if cannot determine from user configured rescue bag, then operating system is selected from other rescue bag run, or does not select rescue bag, does not namely carry out safe handling to application bag.
It is one or more that application handbag in the present embodiment is drawn together in installation procedure, file and message.That is any data of safe handling that need all belong to application bag in the present embodiment.Multiple corresponding rescue bag can be had for different application bags.Such as application bag is installation procedure or file (comprising text and multimedia file etc.), then rescue bag is antivirus software.And for example application bag is for note, and rescue bag is filtering short message device (can be independently safe control, also can belong to certain antivirus software).Or application bag is web data, and rescue bag is home page filter device.
Owing to carrying out active schedule by operating system in the present embodiment, because this simplify the realization of rescue bag, below the implementation procedure of rescue bag side is introduced.
See Fig. 3, the method flow realizing rescue bag side in security of system process in the present embodiment is as follows:
Step 301: by monitoring, security module finds that operating system receives application bag.
Step 302: security module receives the application bag that operating system sends.
Step 303: rescue bag carries out the process of secure context to the application bag received.
By monitoring, security module finds that operating system receives application bag before, in installation process, descriptor can also be sent to operating system, wherein, descriptor comprises the functional description of the secure context that rescue bag provides.
Implementation procedure is introduced in detail below by two exemplary embodiments.
See Fig. 4, when in the present embodiment, application bag is installation procedure, the implementation method flow process of security of system is as follows:
Step 401: operating system receives the installation request of installation procedure.
Step 402: operating system determines rescue bag according to installation request.This rescue bag determined can for having antivirus software installation file being carried out to checking and killing virus function.
Step 403: the path of installation procedure is sent to rescue bag by operating system.This step is equivalent to installation procedure to send to rescue bag.
Step 404: rescue bag carries out checking and killing virus according to the path received to installation procedure, and killing result is returned to operating system.
If path is sent to multiple rescue bag by operating system in step 403, then multiple rescue bag can be had to perform step 404.
If what operating system received is do not find that virus or virus have been killed to remove, then continue step 405, otherwise continue step 406.
Step 405: operating system allows installation procedure to continue to install.
Step 406: operating system refusal installation procedure continues to install.
See Fig. 5, when in the present embodiment, application bag is note, the implementation method flow process of security of system is as follows:
Step 501: operating system receives note.
Step 502: operating system is according to note determination rescue bag.This rescue bag determined can for having filtrator note being carried out to filtering function.
Step 503: operating system by short message sending to rescue bag.
Step 504: rescue bag filters note, and filter result is returned to operating system.
If short message sending is given multiple rescue bag by operating system in step 503, then multiple rescue bag can be had to perform step 504.
If what operating system received is the result be filtered through, then continue step 505, otherwise continue step 506.
Step 505: operating system exports short message prompt to user.
Step 506: operating system does not export short message prompt to user.Now operating system can abandon this note, or note is classified in refuse messages.
By the foregoing describing the implementation procedure of having separated security of system, this process can be realized by device, is introduced below to the inner structure of device and function.
See Fig. 6, in the present embodiment, operating system device comprises: interface module 601, enquiry module 602 and distribution module 603.
Interface module 601 is for receiving application bag.
Enquiry module 602 is for determining the rescue bag of the application bag safety being responsible for receiving.
Distribution module 603, for the application received bag is sent to the rescue bag determined, carries out the process of secure context to indicate rescue bag to the application bag received.
Preferably, enquiry module 602 determines the rescue bag of the application bag safety being responsible for receiving according to the descriptor of rescue bag, wherein, descriptor comprises the functional description of the secure context that rescue bag provides, and enquiry module 602 obtains this descriptor by interface module 601 in the installation process of installation kit.And/or enquiry module 602 determines the rescue bag of the application bag safety being responsible for receiving from user configured rescue bag.
That applies in the present embodiment that handbag draws together in installation procedure, file and message is one or more.
See Fig. 7, in the present embodiment, safety feature comprises: monitoring module 701, interface module 702 and processing module 703.
Monitoring module 701 is for finding that by monitoring operating system receives application bag.
The application bag that interface module 702 sends for receiving operating system.Interface module 702 also for sending to operating system by descriptor in installation process, and wherein, descriptor comprises the functional description of the secure context that rescue bag provides.
Processing module 703 is for carrying out the process of secure context to the application bag received.
In the present embodiment each rescue bag no longer shared system enter oral thermometer, by rescue bag active process application bag change into operating system initiatively dispensing applications bag to rescue bag.Carry out overall scheduling by operating system, improve security of system.Application can be responsible for assigning to multiple rescue bag by overall scheduling by operating system, thus can realize multiple rescue bag and run simultaneously.Rescue bag in the present embodiment is not confined to antivirus software, can be any safe control, and application bag is also not limited to installation procedure, can be the data that any need carry out security monitoring.Therefore the present embodiment is applicable to the security monitoring of whole system.Operating system in the present embodiment and security module can be applicable on the electronic equipment such as computing machine and mobile terminal.
Those skilled in the art should understand, embodiments of the invention can be provided as method, system or computer program.Therefore, the present invention can adopt the form of complete hardware embodiment, completely software implementation or the embodiment in conjunction with software and hardware aspect.And the present invention can adopt in one or more form wherein including the upper computer program implemented of computer-usable storage medium (including but not limited to magnetic disk memory and optical memory etc.) of computer usable program code.
The present invention describes with reference to according to the process flow diagram of the method for the embodiment of the present invention, equipment (system) and computer program and/or block scheme.Should understand can by the combination of the flow process in each flow process in computer program instructions realization flow figure and/or block scheme and/or square frame and process flow diagram and/or block scheme and/or square frame.These computer program instructions can being provided to the processor of multi-purpose computer, special purpose computer, Embedded Processor or other programmable data processing device to produce a machine, making the instruction performed by the processor of computing machine or other programmable data processing device produce device for realizing the function of specifying in process flow diagram flow process or multiple flow process and/or block scheme square frame or multiple square frame.
These computer program instructions also can be stored in can in the computer-readable memory that works in a specific way of vectoring computer or other programmable data processing device, the instruction making to be stored in this computer-readable memory produces the manufacture comprising command device, and this command device realizes the function of specifying in process flow diagram flow process or multiple flow process and/or block scheme square frame or multiple square frame.
These computer program instructions also can be loaded in computing machine or other programmable data processing device, make on computing machine or other programmable devices, to perform sequence of operations step to produce computer implemented process, thus the instruction performed on computing machine or other programmable devices is provided for the step realizing the function of specifying in process flow diagram flow process or multiple flow process and/or block scheme square frame or multiple square frame.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.
Claims (4)
1. realize a method for security of system, it is characterized in that, comprise the following steps:
Operating system receives application bag;
The descriptor of operating system foundation rescue bag determines the rescue bag of the application bag safety being responsible for receiving, wherein, descriptor comprises the functional description of the secure context that rescue bag provides, operating system obtains this descriptor in the installation process of installation kit, and/or operating system determines the rescue bag of the application bag safety being responsible for receiving from user configured rescue bag;
The application bag received is sent to the rescue bag determined by operating system, carries out the process of secure context to indicate rescue bag to the application bag received.
2. the method for claim 1, is characterized in that, it is one or more that application handbag is drawn together in installation procedure, file and message.
3. realize a device for security of system, it is characterized in that, comprising:
Interface module, for receiving application bag;
Enquiry module, for determining the rescue bag of the application bag safety being responsible for receiving according to the descriptor of rescue bag, wherein, descriptor comprises the functional description of the secure context that rescue bag provides, enquiry module obtains this descriptor by interface module in the installation process of installation kit, and/or operating system determines the rescue bag of the application bag safety being responsible for receiving from user configured rescue bag;
Distribution module, for the application received bag is sent to the rescue bag determined, carries out the process of secure context to indicate rescue bag to the application bag received.
4. device as claimed in claim 3, is characterized in that, it is one or more that application handbag is drawn together in installation procedure, file and message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210291563.1A CN102819709B (en) | 2012-08-15 | 2012-08-15 | A kind of method and device realizing security of system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210291563.1A CN102819709B (en) | 2012-08-15 | 2012-08-15 | A kind of method and device realizing security of system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102819709A CN102819709A (en) | 2012-12-12 |
| CN102819709B true CN102819709B (en) | 2016-03-30 |
Family
ID=47303819
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210291563.1A Active CN102819709B (en) | 2012-08-15 | 2012-08-15 | A kind of method and device realizing security of system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102819709B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101299660A (en) * | 2007-04-30 | 2008-11-05 | 华为技术有限公司 | Method, system and equipment for executing security control |
| CN101894225A (en) * | 2004-11-08 | 2010-11-24 | 微软公司 | The system and method for assembling the knowledge base of antivirus software applications |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2418330B (en) * | 2004-09-17 | 2006-11-08 | Jeroen Oostendorp | Platform for intelligent Email distribution |
-
2012
- 2012-08-15 CN CN201210291563.1A patent/CN102819709B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101894225A (en) * | 2004-11-08 | 2010-11-24 | 微软公司 | The system and method for assembling the knowledge base of antivirus software applications |
| CN101299660A (en) * | 2007-04-30 | 2008-11-05 | 华为技术有限公司 | Method, system and equipment for executing security control |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102819709A (en) | 2012-12-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20170357804A1 (en) | Method and apparatus for preventing injection-type attack in web-based operating system | |
| KR20190117485A (en) | Service data processing method and device, and Service processing method and device | |
| CN114666156B (en) | Data security protection system, method, device, computer equipment and storage medium | |
| CN104320375A (en) | Method and device of preventing illegal registration | |
| CN110245031B (en) | AI service opening middle platform and method | |
| CN104020999A (en) | Management method and system of application programs | |
| CN113872951B (en) | Hybrid cloud security policy issuing method and device, electronic equipment and storage medium | |
| EP3171552B1 (en) | Energy operations across domains | |
| CN108289080B (en) | Method, device and system for accessing file system | |
| CA2862046C (en) | Method and device for prompting program uninstallation | |
| CN103401845A (en) | Detection method and device for website safety | |
| CN104750523A (en) | Information processing method and electronic equipment | |
| CN104951481B (en) | A kind of method and apparatus of managed database | |
| CN104199912A (en) | Task processing method and device | |
| EP3021252B1 (en) | Method and apparatus for preventing injection-type attack in web-based operating system | |
| CN103067246A (en) | Method and apparatus used for processing file received based on instant communication service | |
| CN103885798A (en) | Data processing method and electronic device | |
| CN102819709B (en) | A kind of method and device realizing security of system | |
| CN106357704A (en) | Method and device for invoking service on basis of development environments | |
| CN112751807B (en) | Secure communication method, device, system and storage medium | |
| CN103914423B (en) | A kind of information processing method and electronic equipment | |
| CN105095702B (en) | A kind of superuser right control method and device | |
| CN107491669A (en) | The acquisition methods and device of superuser right | |
| CN107688473B (en) | Method for realizing user-defined security domain in smart card and smart card | |
| CN113065131A (en) | Plug-in safety control method, device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent for invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 100085 Beijing city Haidian District Qinghe Street No. 68 Huarun colorful city shopping center two floor 13 Applicant after: Xiaomi Technology Co., Ltd. Address before: 100102, No. 50, block B, building No. 12, winding stone world building, Wangjing West Road, Beijing, Chaoyang District Applicant before: Beijing Xiaomi Technology Co., Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |