CN119249472A - File access method and electronic device - Google Patents
File access method and electronic device Download PDFInfo
- Publication number
- CN119249472A CN119249472A CN202411134063.6A CN202411134063A CN119249472A CN 119249472 A CN119249472 A CN 119249472A CN 202411134063 A CN202411134063 A CN 202411134063A CN 119249472 A CN119249472 A CN 119249472A
- Authority
- CN
- China
- Prior art keywords
- file
- target file
- measurement value
- kernel
- application process
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 369
- 230000008569 process Effects 0.000 claims abstract description 301
- 238000005259 measurement Methods 0.000 claims abstract description 200
- 230000006870 function Effects 0.000 claims description 71
- 238000011084 recovery Methods 0.000 claims description 17
- 230000002618 waking effect Effects 0.000 claims description 6
- 238000004891 communication Methods 0.000 claims description 5
- 238000012544 monitoring process Methods 0.000 description 76
- 238000010586 diagram Methods 0.000 description 5
- 238000004590 computer program Methods 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000013468 resource allocation Methods 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- JBWKIWSBJXDJDT-UHFFFAOYSA-N triphenylmethyl chloride Chemical compound C=1C=CC=CC=1C(C=1C=CC=CC=1)(Cl)C1=CC=CC=C1 JBWKIWSBJXDJDT-UHFFFAOYSA-N 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application provides a file access method and electronic equipment, which comprise the steps of receiving process information of an application process sent by a kernel, wherein the kernel is used for suspending the application process when the application process is monitored, calculating an actual measurement value of a program file corresponding to the application process and an actual measurement value of a target file to be accessed by the application process according to the process information, obtaining a arbitration result according to the actual measurement value of the program file and the actual measurement value of the target file, and sending the arbitration result to the kernel so as to enable the kernel to wake the application process and enable or intercept the application process. The scheme can improve the safety and reliability of file access.
Description
Technical Field
The embodiment of the application relates to the technical field of computers, in particular to a file access method and electronic equipment.
Background
In the current file access scene, identity verification is generally carried out aiming at an access terminal, so that the influence of illegal access on a file access system can be avoided. For example, through trusted boot techniques, the system may verify the integrity and authenticity of the application process, preventing malware from affecting the security of the system. Trusted booting typically involves the cooperation of hardware and software, including the use of secure boot bootstrapping, digital signature verification, secure boot chips, and the like.
In the above scheme, when the file requested to be accessed by the access terminal is a malicious file, for example, a tampered file, the access terminal cannot be effectively prevented from accessing the malicious file, and after the access terminal accesses the malicious file, the normal operation of the access terminal may be affected, so that the security and reliability of file access are lower.
Disclosure of Invention
The embodiment of the application provides a file access method and electronic equipment, which can improve the safety and reliability of file access.
In a first aspect, an embodiment of the present application provides a method for accessing a file, where the method includes:
Receiving process information of a suspended application process sent by a kernel, wherein the application process is used for accessing a target file, and the process information comprises a file path of the target file;
according to the process information, calculating an actual measurement value of the target file;
acquiring an original measurement value of the target file from a trusted module;
And comparing the actual measurement value with the original measurement value, and sending a judging result to the kernel so that the kernel wakes up the application process and allows or denies the application process to access the target file.
In the scheme, whether the target file requested to be accessed by the application process is credible can be judged based on the actual measurement value of the target file, so that whether the file access event is credible at the time is judged, and the file access event is not credible through the kernel to intercept, so that the safety of file access and the reliability of a system can be effectively improved.
In a possible implementation manner, the comparing the actual metric value of the target file with the original metric value of the target file specifically includes:
When the actual measurement value of the target file is the same as the original measurement value of the target file, sending a first arbitration result to the kernel so that the kernel allows the application process to access the target file;
And when the actual measurement value of the target file is different from the original measurement value of the target file, sending a second judging result to the kernel so that the kernel refuses the application process to access the target file.
In the scheme, when the actual measurement value of the target file is the same as the original measurement value, the file content of the target file is consistent with the file content of the original file corresponding to the target file, the target file is not tampered, the target file can be considered to be trusted, a first arbitration result is sent to the kernel so that the kernel allows the application process to access the target file, when the actual measurement value is different from the original measurement value, the target file is tampered, the target file can be considered to be untrusted, and a second arbitration result is sent to the kernel so that the kernel refuses the application process to access the target file.
In a possible implementation manner, before the receiving the process information of the application process sent by the kernel, the method includes:
setting a hook function, so that when the kernel detects that an application process calls a file access interface, the application process is suspended, and the process information of the application process is returned;
The comparing the actual metric value of the target file with the original metric value of the target file, and sending a arbitration result to the kernel, so that the kernel allows or denies the application process to access the target file, including:
And comparing the actual measurement value of the target file with the original measurement value of the target file, sending a judging result to the kernel, and waking up the application process so that the kernel allows or denies the application process to access the target file.
In the scheme, the hook function is set, so that when the kernel detects that the application process accesses the target file, the application process is suspended until the trusted measurement of the target file is completed, the application process is awakened according to the returned arbitration result, and the application process is allowed or refused to access the target file, thereby effectively avoiding the influence of the untrusted malicious file on the security of the application process and the system.
In a possible implementation manner, the process information includes a process identifier of the application process, and the comparing the actual metric value of the target file with the original metric value of the target file sends a arbitration result to the kernel, so that the kernel allows or denies the application process to access the target file, and specifically includes:
And comparing the actual measurement value of the target file with the original measurement value of the target file, and sending a arbitration result to the kernel so that the kernel allows or denies the application process corresponding to the process identifier to access the target file, wherein the arbitration result comprises the process identifier.
In the scheme, the process information of different processes can be received, and then the access results are fed back respectively according to the process identifiers, so that a plurality of processes are allowed to access different target files, and the efficiency of file access is improved.
In a second aspect, an embodiment of the present application provides a method for accessing a file, where the method includes:
receiving process information of an application process sent by a kernel, wherein the application process is used for accessing a target file, and the process information comprises a file path of the target file;
according to the process information, calculating an actual measurement value of the target file;
reading a configuration file, wherein the configuration file comprises a trusted module storage function identifier of the target file;
acquiring an original metric value of a target file according to the trusted module storage function identifier;
and comparing the actual measurement value of the target file with the original measurement value of the target file, and sending a judging result to the kernel so that the kernel allows or denies the application process to access the target file.
According to the scheme, the storage position of the original measurement value of the target file can be flexibly configured based on the trusted module storage function identifier in the configuration file, and whether the target file requested to be accessed by the application process is trusted or not is judged based on the actual measurement value and the original measurement value of the target file, so that whether the file access event is trusted or not is comprehensively judged, the trusted measurement can be accurately carried out on the file access event, interception is carried out when the file access event is not trusted through the kernel, and the safety of file access and the reliability of a system can be effectively improved.
In a possible implementation manner, the method includes:
When the method is started, loading a configuration file, wherein the configuration file comprises configuration information of at least one file, the configuration information comprises a file path and a trusted module storage function identifier, the trusted module storage function identifier is used for indicating a storage position of an original measurement value of the file, and the target file is one file in the at least one file;
when the trusted module storage function identification indicates that the storage position is a trusted module, storing an original measurement value of the file in the trusted module;
and when the trusted module storage function identification does not indicate that the storage position is a trusted module, storing the original measurement value of the file in the configuration file.
According to the scheme, the original measurement value of the target file can be selectively stored in the trusted module or the configuration file through setting the configuration file, so that the flexibility of configuration is improved, the situation that the original measurement values of all the target files cannot be stored due to limited space of the trusted module is avoided, whether the target file requested to be accessed by an application process is trusted or not can be judged based on the actual measurement value of the target file, the trusted measurement is accurately performed on a file access event, and the safety of file access and the reliability of a system can be effectively improved.
In a possible implementation manner, the comparing the actual metric value of the target file with the original metric value of the target file specifically includes:
When the actual measurement value of the target file is the same as the original measurement value of the target file, sending a first arbitration result to the kernel so that the kernel allows the application process to access the target file;
And when the actual measurement value of the target file is different from the original measurement value of the target file, sending a second judging result to the kernel so that the kernel refuses the application process to access the target file.
In the scheme, when the actual measurement value of the target file is the same as the original measurement value, the file content of the target file is consistent with the file content of the original file corresponding to the target file, the target file is not tampered, the target file can be considered to be trusted, a first arbitration result is sent to the kernel so that the kernel allows the application process to access the target file, when the actual measurement value is different from the original measurement value, the target file is tampered, the target file can be considered to be untrusted, and a second arbitration result is sent to the kernel so that the kernel refuses the application process to access the target file.
In a possible implementation manner, before the receiving the process information of the application process sent by the kernel, the method includes:
Setting a hook function, so that when the kernel detects that an application process calls a file access interface, the application process is suspended, and the process information of the application process is returned;
The comparing the actual metric value of the target file with the original metric value of the target file, and sending a arbitration result to the kernel, so that the kernel allows or denies the application process to access the target file, including:
And comparing the actual measurement value of the target file with the original measurement value of the target file, sending a judging result to the kernel, and waking up the application process so that the kernel allows or denies the application process to access the target file.
In the scheme, the hook function is set, so that when the kernel detects that the application process accesses the target file, the application process is suspended until the trusted measurement of the target file is completed, the application process is awakened according to the returned arbitration result, and the application process is allowed or refused to access the target file, thereby effectively avoiding the influence of the untrusted malicious file on the security of the application process and the system.
In a possible implementation manner, the method further includes:
the configuration information also comprises a file backup path;
And when the actual measurement value is different from the original measurement value, using the backup file under the file backup path to cover the file under the file path.
In the scheme, the backup file is used for automatically recovering when the program file and/or the target file are tampered, so that the safety of the system and the efficiency of file access can be effectively improved.
In a possible implementation manner, the method further includes:
the configuration information also comprises a file recovery function identifier;
When the file recovery function identification indicates to be started, when the actual measurement value is different from the original measurement value, the backup file under the file backup path is used for covering the file under the file path.
In the above scheme, based on the file recovery function identifier, the backup file can be flexibly selected to be automatically recovered or not automatically recovered when the program file and/or the target file are tampered.
In a possible implementation manner, the configuration file further includes a trusted module storage function identifier of a program file corresponding to the application process, and the method further includes:
according to the process information, calculating an actual measurement value of the program file;
According to the trusted module storage function identification of the program file, acquiring an original measurement value of the program file;
The step of comparing the actual measurement value of the target file with the original measurement value of the target file, and sending a arbitration result to the kernel, so that the kernel allows or denies the application process to access the target file, specifically including:
When the actual measurement value of the target file is the same as the original measurement value of the target file and the actual measurement value of the program file is the same as the original measurement value of the program file, a first arbitration result is sent to the kernel so that the kernel allows the application process to access the target file;
and when the actual measurement value of the target file is different from the original measurement value of the target file or the actual measurement value of the program file is different from the original measurement value of the program file, sending a second arbitration result to the kernel so that the kernel refuses the application process to access the target file.
According to the scheme, based on the actual measurement value of the program file and the actual measurement value of the target file, whether the application program corresponding to the application process is trusted or not and whether the target file is trusted or not can be judged, so that whether the file access event is trusted or not is comprehensively judged, the file access event can be accurately measured in a trusted mode, interception is carried out when the file access event is not trusted through a kernel, and the safety of file access and the reliability of a system can be effectively improved.
In a possible implementation manner, the process information includes a process identifier of the application process, and the comparing the actual metric value of the target file with the original metric value of the target file sends a arbitration result to the kernel, so that the kernel allows or denies the application process to access the target file, and specifically includes:
And comparing the actual measurement value of the target file with the original measurement value of the target file, and sending a arbitration result to the kernel so that the kernel allows or denies the application process corresponding to the process identifier to access the target file, wherein the arbitration result comprises the process identifier.
In the scheme, the process information of different processes can be received, and then the access results are fed back respectively according to the process identifiers, so that a plurality of processes are allowed to access different target files, and the efficiency of file access is improved.
In a third aspect, an embodiment of the present application provides a file access method, applied to a kernel, where the method includes:
When it is monitored that an application process calls a file access interface, suspending the application process and sending process information of the application process, wherein the application process is used for accessing a target file, and the process information comprises a file path of the target file;
and waking up the application process according to the judging result, and releasing or intercepting the application process.
In the scheme, the kernel suspends the monitored application process, sends the process information of the application process, wakes the application process according to the judging result by judging whether the application process is credible or not, and executes release or interception, so that the influence of malicious files on the safety of the application process and a system can be effectively avoided.
In a fourth aspect, an embodiment of the present application provides an electronic device, including a monitor process, an application process, and a kernel;
the kernel is used for suspending the application process when detecting that the application process calls a file access interface and sending the process information of the application process to the monitoring process, wherein the application process is used for accessing a target file, and the process information comprises a file path of the target file;
The monitoring process is used for calculating the actual metric value of the target file according to the process information, reading a configuration file, wherein the configuration file comprises a trusted module storage function identifier of the target file, acquiring the original metric value of the target file according to the trusted module storage function identifier, comparing the actual metric value of the target file with the original metric value of the target file, and sending a judging result to the kernel;
The kernel is further configured to allow or deny, according to the arbitration result, the application process to access the target file. In the scheme, the kernel suspends the monitored application process, sends the process information of the application process to the monitoring process, and the monitoring process can judge whether the target file accessed by the application process is credible based on the actual measurement value of the target file, so that whether the file access event is credible or not is judged, the credible measurement is accurately carried out on the file access event, the kernel wakes the application process according to the judging result, and performs release or interception, thereby effectively avoiding the influence of malicious files on the safety of the application process and a system.
In a fourth aspect, an embodiment of the present application provides an electronic device, including a processor, and a memory and a trusted module communicatively connected to the processor, where the memory stores computer-executable instructions, and the processor executes the computer-executable instructions stored in the memory to implement a method as described above.
In the scheme, the storage position of the original measurement value of the target file can be determined according to the trusted module storage function identification in the configuration file, so that the original measurement value of the target file is obtained, whether the target file which is requested to be accessed by the application process is trusted or not is judged based on the actual measurement value and the original measurement value of the target file, so that whether the file access event is trusted or not is comprehensively judged, the trusted measurement can be accurately carried out on the file access event, interception is carried out when the file access event is not trusted through the kernel, and the safety of file access and the reliability of a system can be effectively improved.
In a fifth aspect, embodiments of the present application provide a computer readable storage medium having stored therein computer executable instructions which when executed by a processor are adapted to carry out the method as described above.
In the scheme, the storage position of the original measurement value of the target file can be determined according to the trusted module storage function identification in the configuration file, so that the original measurement value of the target file is obtained, whether the target file which is requested to be accessed by the application process is trusted or not is judged based on the actual measurement value and the original measurement value of the target file, so that whether the file access event is trusted or not is comprehensively judged, the trusted measurement can be accurately carried out on the file access event, interception is carried out when the file access event is not trusted through the kernel, and the safety of file access and the reliability of a system can be effectively improved.
In a sixth aspect, embodiments of the present application provide a computer program product comprising a computer program which, when executed by a processor, implements a method as described above.
In the scheme, the storage position of the original measurement value of the target file can be determined according to the trusted module storage function identification in the configuration file, so that the original measurement value of the target file is obtained, whether the target file which is requested to be accessed by the application process is trusted or not is judged based on the actual measurement value and the original measurement value of the target file, so that whether the file access event is trusted or not is comprehensively judged, the trusted measurement can be accurately carried out on the file access event, interception is carried out when the file access event is not trusted through the kernel, and the safety of file access and the reliability of a system can be effectively improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic diagram of an architecture of an electronic device according to an embodiment of the present application;
FIG. 2 is a schematic flow chart of a method for accessing a file according to an embodiment of the present application;
FIG. 3 is a flowchart illustrating another method for accessing a file according to an embodiment of the present application;
FIG. 4 is a flowchart illustrating a method for accessing a file according to an embodiment of the present application;
FIG. 5 is a flowchart illustrating a method for accessing a file according to an embodiment of the present application;
FIG. 6 is a flowchart illustrating a method for accessing a file according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of another electronic device according to an embodiment of the present application.
Specific embodiments of the present application have been shown by way of the above drawings and will be described in more detail below. The drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but rather to illustrate the inventive concepts to those skilled in the art by reference to the specific embodiments.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the present application. Rather, they are merely examples of apparatus and methods that match some aspects of the application as detailed in the appended claims.
First, the nouns devised by the present application are explained:
Trusted computing (Trusted Computing) is a technical solution for ensuring the trustworthiness and security of a computer system. By combining hardware and software, a trusted computing environment is established to protect computers and data from malware, attacks, and unauthorized access.
The trust metric (Trusted Measurement) is a process of evaluating the trustworthiness of a computer system by measuring and verifying system configuration, software, and firmware to determine if the system is in an expected security state. The trust metrics may help detect changes in system configuration and potential malware intrusions.
Trusted Recovery (Trusted Recovery) refers to the Recovery of the integrity and availability of a system or data by Trusted mechanisms and processes when the system or data is accidentally destroyed or lost. Trusted recovery is one of the important means of ensuring the trustworthiness of systems and data.
A Process refers to a running activity of a program in a computer on a certain data set, and is a basic unit of resource allocation of a system, and is a basis of an operating system structure. In early process-oriented computer structures, processes were the basic execution entities of programs, and in contemporary thread-oriented computer structures, processes were the containers of threads. A program is a description of instructions, data, and their organization, and a process is an entity of a program.
It should be noted that the brief description of the terminology in the present application is for the purpose of facilitating understanding of the embodiments described below only and is not intended to limit the embodiments of the present application. Unless otherwise indicated, these terms should be construed in their ordinary and customary meaning.
The technical scheme of the present application and the technical scheme of the present application will be described in detail with specific examples. The following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments. In describing the present application, the terms should be construed broadly in the art unless explicitly stated and limited otherwise. Embodiments of the present application will be described below with reference to the accompanying drawings.
Fig. 1 is a schematic diagram of an electronic device according to an embodiment of the present application. As shown in fig. 1, the architecture of the electronic device 100 may include a user space, a kernel space, and hardware, where the user space of the electronic device 100 runs an application process 10 and a monitor process 11, the kernel space of the electronic device 100 includes a kernel (Central Processing Unit Core) 12, and the hardware of the electronic device 100 includes a memory (memory). Wherein the application process 10 may be a process by which an application program accesses the target file 13 in the memory of the electronic device 100.
Optionally, the memory may also have stored therein a binary program file 14 of the application program 10. In one possible implementation, the program files 14 may include static files that the application links to.
The kernel 12 may provide a service interface, and the application process 10 may call a system call function accessed by a file through the service interface, to implement access to the target file 13.
The monitoring process 11 may be used to make trusted metrics for the application process 10 as well as the target file 13.
The kernel 12 can monitor whether the application process 10 accesses the target file 13 by monitoring whether a system call function of file access is called or not, and suspend the application process 10 when the application process 10 is monitored to exist, and send the process information of the application process 10 to the monitoring process 11, wherein the access of the target file 13 can comprise reading, writing and/or changing the application file 13, the monitoring process 11 calculates an actual measurement value of the target file 13 according to the process information, so that whether the file access event is trusted or not is judged based on the actual measurement value of the target file 13, a judging result is obtained, and the judging result is sent to the kernel 12, and the kernel 12 wakes the application process 10 according to the judging result and releases or intercepts the application process 10.
Optionally, the monitoring process 11 may also calculate, according to the process information, an actual measurement value of the target file 13 and an actual measurement value of the program file 14, so as to determine whether the file access event is trusted based on the actual measurement value of the target file 13 and the actual measurement value of the program file 14, and obtain a determination result.
In one possible implementation, the monitoring process 11 may determine whether the file access event is trusted based on the actual metric value of the target file 13 and the actual metric value of the program file 14, which may include obtaining the reference metric value of the target file 13 and the reference metric value of the program file 14 from the trusted module 15, determining whether the actual metric value of the target file 13 matches the reference metric value of the target file 13 and whether the actual metric value of the program file 14 matches the reference metric value of the program file 14, and if both match, determining that the application process 10 is allowed to access the target file 13, and if not determining that the application process 10 is not allowed to access the target file 13.
The reference metric value of the file is calculated based on the original file content corresponding to the file, and the actual metric value of the file is calculated based on the current content of the file. It can be appreciated that by determining whether the reference metric value of the file matches the actual metric value of the current file, it can be determined whether the current file is tampered with respect to the original file, and when the current file is tampered with, the file can be considered to be untrusted. The trusted module 15 may be used to store reference metric values for part of the file.
For example, the hardware of the electronic device 100 may further include a trusted module 15, where the trusted module 15 may be installed on a motherboard of the electronic device 100 in a chip form, and the trusted module 15 includes, but is not limited to, a trusted platform module (trusted platformmodule, TPM), a trusted cryptography module (trusted cryptography module, TCM), a trusted platform control module (trusted platform control module, TPCM), and the like, and the monitoring process 11 may obtain the reference metric value of the target file 13 and the reference metric value of the program file 14 through an interface provided by the trusted module 15.
The file access method provided by the embodiment of the application is described below with reference to fig. 2.
Fig. 2 is a flow chart of a file access method according to an embodiment of the present application. The execution subject of the method is the monitoring process shown in fig. 1. As shown in fig. 2, the method may include:
S201, receiving process information of a suspended application process sent by a kernel, wherein the application process is used for accessing a target file.
When an application process accesses a target file, a file access interface of the kernel is called. In one possible implementation, the monitoring process may set a hook function (hook function) so that when the kernel detects that there is an application process calling the file access interface, the application process may be suspended, and process information of the application process may be sent to the monitoring process.
Correspondingly, the monitoring process receives the process information of the application process.
It should be noted that suspending the application process means that the application process is temporarily stopped, but the current state and process information of the application process are retained so as to resume execution later.
The application program can respond to the access request of the user to start the application process.
The process information may include a file path of a target file to be accessed by the application process.
Optionally, the process information may also include an identification of the application process. In one possible implementation, when multiple processes access different target files, the monitoring process may receive process information of the different processes, and then feed back access results according to the process identifiers respectively.
S202, calculating the actual measurement value of the target file according to the process information.
Illustratively, the metric values for the file are calculated based on the content of the file, with different file contents corresponding to different metric values. The actual measurement value of the file may be a measurement value corresponding to the current content of the file. The monitoring process can acquire the file content of the target file according to the process information, so that the actual measurement value of the target file is calculated.
In one possible implementation manner, the process information includes a file path of the target file, and the calculating an actual metric value of the target file to be accessed by the application process may include:
and reading the target file according to the file path of the target file, and calculating a hash value corresponding to the current content of the target file as an actual measurement value of the target file.
It can be understood that the access path of the target file is a storage path of the target file in the memory, so that the target file is obtained according to the file path of the target file, including obtaining the file under the file path of the target file in the memory to obtain the target file.
In the above scheme, the monitoring process may obtain the file content of the current target file according to the file path of the target file, and calculate the hash value corresponding to the file content of the current target file, so as to obtain the actual metric value of the target file.
S203, acquiring an original measurement value of the target file from the trusted module.
It will be appreciated that the original metric values of the target file may be stored in the trusted module after system start-up.
In one possible implementation manner, after the system is started, the monitoring process may acquire the original file content of the file that may be used, calculate the hash value corresponding to the original content, and store the hash value as the original measurement value of the target file in the trusted module. The files acquired by the monitoring process should include the target files.
S204, comparing the actual measurement value with the original measurement value, and sending a judging result to the kernel so that the kernel allows or denies the application process to access the target file.
When the actual measurement value is the same as the original measurement value, the file content of the target file is consistent with the file content of the original file corresponding to the target file, the target file is not tampered, the target file can be considered to be trusted, and the monitoring process can send a first arbitration result to the kernel so that the kernel wakes up the application process and allows the application process to access the target file.
When the actual metric value is different from the original metric value, the file content of the target file is inconsistent with the file content of the original file corresponding to the target file, the target file is tampered, the target file can be considered to be unreliable, and the monitoring process can send a second judging result to the kernel so that the kernel wakes up the application process and refuses the application process to access the target file.
In this embodiment, based on the actual measurement value of the target file, it may be determined whether the target file requested to be accessed by the application process is trusted, thereby comprehensively determining whether the file access event is trusted, accurately measuring the trust of the file access event, and intercepting the file access event when the file access event is not trusted by the kernel, so as to effectively improve the security of file access and the reliability of the system.
Fig. 3 is a flowchart illustrating another file access method according to an embodiment of the present application. The execution subject of the method is the monitoring process shown in fig. 1. As shown in fig. 3, the method may include:
s301, loading a configuration file, wherein the configuration file comprises configuration information of at least one file, and the configuration information comprises a file path and a trusted module storage function identifier. The target file may be one of the at least one file.
When the monitoring process is started, the monitoring process can load the configuration file, and the file path in the configuration file and the identification of the trusted module storage function are obtained. The file now includes the original file content, and the trusted module storage function identifies a storage location for indicating the original metric value for the file.
In one possible implementation, when the trusted module storage function identifier indicates that the storage location is a trusted module, the monitoring process may obtain the original file content of the file through the file path, calculate an original metric value, and store the original metric value in the trusted module, and when the trusted module storage function identifier does not indicate that the storage location is a trusted module, the monitoring process may obtain the original file content of the file through the file path, calculate the original metric value, and then store the original metric value in the configuration file.
The monitoring process may obtain the original file content of the file through the file path, calculate the original metric value, and store the original metric value in the trusted module, and when the trusted module storage function is identified as 0, the monitoring process may obtain the original file content of the file through the file path, calculate the original metric value, and then store the original metric value in the configuration file.
S302, receiving process information of a suspended application process sent by a kernel, wherein the application process is used for accessing a target file.
S303, calculating the actual measurement value of the target file according to the process information.
It should be noted that, the specific implementation manner of the steps S302 and S303 may refer to the steps S201 and S202, which are not described herein.
S304, reading the configuration file, and obtaining the trusted module storage function identification in the configuration file.
S305, storing the function identification according to the trusted module, and acquiring the original metric value of the target file.
The monitoring process can determine the storage position of the original metric value of the target file according to the trusted module storage function identifier, and further obtain the original metric value.
In one possible implementation, when the trusted module storage function identifier indicates that the storage location is a trusted module, the monitoring process may obtain an original metric value of the target file from the trusted module, and when the trusted module storage function identifier does not indicate that the storage location is a trusted module, the monitoring process may read the original metric value of the target file from the configuration file.
The monitoring process may obtain the original metric value of the target file from the trusted module when the trusted module storage function identifier is 1, and may read the original metric value of the target file from the configuration file when the trusted module storage function identifier is 0.
S306, comparing the actual measurement value with the original measurement value, and sending a judging result to the kernel so that the kernel allows or denies the application process to access the target file.
It should be noted that, the specific implementation manner of step S306 may refer to step S204, which is not described herein.
Optionally, the configuration information may further include a file backup path, and when the monitoring process starts, the file copy may be stored under the file backup path. When the actual metric value is different from the original metric value in S305, the monitoring process may cover the file under the file path with the backup file under the file backup path to recover the tampered file.
Optionally, the configuration information may further include a file restore function identifier for determining whether to turn on the file restore function. In one possible implementation, when the file recovery function identifier indicates to be on, the monitoring process may perform the recovery process when the actual measurement value is different from the original measurement value, and when the file recovery function identifier indicates to not be on, the monitoring process may not perform the recovery process. For example, when the file recovery function is identified as1, the monitor process may perform the above recovery process when the actual metric value is different from the original metric value, and when the file recovery function is identified as 0, the monitor process may not perform the above recovery process.
The backup file may also be stored in memory, for example.
It can be appreciated that the step S301 may be performed only once, for example, when the monitoring process is started, and the steps S302-S306 may be repeatedly performed when the monitoring process performs the trusted measurement on the application process, so as to efficiently implement multiple trusted measurements on the application process and/or perform the trusted measurement on multiple application processes, thereby improving file access efficiency.
In this embodiment, because the space of the trusted module is limited, the original measurement values of all the target files may not be stored, and by setting the configuration file, the original measurement values of the target files may be selectively stored in the trusted module or the configuration file, so as to improve the flexibility of configuration, and thus, based on the actual measurement values of the target files, it may be determined whether the target files that the application process requests to access are trusted, so that the trusted measurement is accurately performed on the file access event, and the security of file access and the reliability of the system may be effectively improved.
Fig. 4 is a flowchart of another file access method according to an embodiment of the present application. The execution subject of the method is the monitoring process shown in fig. 1. As shown in fig. 4, the method may include:
S401, receiving process information of a suspended application process sent by a kernel, wherein the application process is used for accessing a target file.
S402, calculating the actual measurement value of the target file according to the process information.
S403, acquiring an original measurement value of the target file from the trusted module.
It should be noted that, the specific implementation manner of the steps S402 to S403 may refer to the steps S202 to S203, which are not described herein.
S404, comparing the actual measurement value and the original measurement value of the target file to obtain a first matching result, wherein the first matching result comprises matching or non-matching.
When the first matching result is matching, the actual measurement value of the target file is the same as the original measurement value, which indicates that the file content of the target file is consistent with the file content of the original file corresponding to the target file, the target file is not tampered, and the target file can be considered to be trusted.
When the first matching result is that the target file is not matched, the actual measurement value of the target file is different from the original measurement value, so that the file content of the target file is inconsistent with the file content of the original file corresponding to the target file, and the target file is tampered, so that the target file can be considered to be unreliable.
In the above scheme, the monitoring process can determine whether the file content of the target file is consistent with the file content of the original file corresponding to the target file by determining whether the actual measurement value of the target file is matched with the reference measurement value of the target file, so that whether the target file is tampered.
S405, calculating the actual measurement value of the program file corresponding to the application process according to the process information.
For example, the process information of the application process may include a file path of a program file corresponding to the application process and a file path of a target file.
In one possible implementation manner, the process information includes a file path of the program file, and the calculating an actual metric value of the program file to be accessed by the application process may include:
And reading the program file according to the file path of the program file, and calculating a hash value corresponding to the current program file content as an actual measurement value of the program file.
It will be appreciated that the access path of the program file is a storage path of the program file in the memory, and thus, the obtaining the program file according to the file path of the target file includes obtaining the file under the file path of the program file in the memory, and obtaining the program file.
In the above scheme, the monitoring process may obtain the file content of the current program file according to the file path of the program file, and calculate the hash value corresponding to the file content of the current program file, thereby obtaining the actual metric value of the program file.
S406, acquiring an original measurement value of the program file from the trusted module.
It will be appreciated that the original metric values of the program file may be stored in the trusted module after system start-up.
In one possible implementation manner, after the system is started, the monitoring process may obtain the original file content of the program file, calculate the hash value corresponding to the original content, and store the hash value as the original measurement value of the program file in the trusted module.
S407, comparing the actual measurement value and the original measurement value of the program file to obtain a second matching result, wherein the second matching result comprises matching or non-matching.
When the second matching result is matching, the actual measurement value of the program file is the same as the original measurement value, which indicates that the file content of the program file is consistent with the file content of the original file corresponding to the program file, the program file is not tampered, and the program file can be considered to be trusted.
When the second matching result is that the program file is not matched, the actual measurement value of the program file is different from the original measurement value, which indicates that the file content of the program file is inconsistent with the file content of the original file corresponding to the program file, and the program file is tampered, so that the program file can be considered to be unreliable.
In the above scheme, the monitoring process can determine whether the file content of the program file is consistent with the file content of the original file corresponding to the program file by determining whether the actual measurement value of the program file is matched with the reference measurement value of the program file, so that whether the program file is tampered.
In the above scheme, the monitoring process can determine whether the file content of the target file is consistent with the file content of the original file corresponding to the target file by determining whether the actual measurement value of the target file is matched with the reference measurement value of the target file, so that whether the target file is tampered.
S408, sending a judging result to the kernel according to the first matching result and the second matching result, so that the kernel allows the application process to access the target file when the first matching result and the second matching result are both matched, and otherwise, does not allow the application process to access the target file.
Specifically, when the first matching result and the second matching result are both matching, that is, when the actual measurement value of the program file is matched with the reference measurement value of the program file and the actual measurement value of the target file is matched with the reference measurement value of the target file, the monitoring process judges that the program file and the target file are not tampered, so that the file access event is considered to be credible, a first judging result is obtained to allow the application process to access the target file, and the first judging result is sent to the kernel, and when the first matching result is unmatched or the second matching result is unmatched, that is, when the actual measurement value of the program file is unmatched with the reference measurement value of the program file or the actual measurement value of the target file is unmatched with the reference measurement value of the target file, the monitoring process judges that the program file or the target file is possibly tampered, so that the file access event is considered to be unreliable, the second judging result is not allowed to access the target file, and the second judging result is sent to the kernel.
It will be appreciated that the monitoring process may perform steps S402-S404 to measure the trust of the target file, and then perform steps S405-S407 to measure the trust of the program file.
Optionally, when the monitoring process is started, the original metric value of the program file of the monitoring process may be calculated first and stored in the trusted module, then the monitoring process may periodically calculate the actual metric value of the program file of the monitoring process, compare the actual metric value with the original metric value in the trusted module, and execute S401-S408 when the actual metric value is the same as the file metric value.
According to the scheme, whether the actual measurement value and the reference measurement value of the program file and the target file are matched or not is comprehensively judged, whether the program file and the target file are tampered or not can be determined according to the matching result, so that whether the application process is allowed to access the target file or not is judged, the credible measurement can be accurately carried out, interception is carried out when the target file and/or the program file are not credible through the kernel, and the safety of file access and the reliability of a system can be effectively improved.
Fig. 5 is a flowchart of another file access method according to an embodiment of the present application. The execution subject of the method is the monitoring process shown in fig. 1. As shown in fig. 5, the method may include:
S501, loading a configuration file, wherein the configuration file comprises configuration information of at least two files, and the configuration information comprises a file path and a trusted module storage function identifier. The target file may be one of at least two files and the program file may be one of at least two files.
It should be noted that, the specific implementation manner of step S501 may refer to step S301, which is not described herein.
S502, receiving process information of a suspended application process sent by a kernel, wherein the application process is used for accessing a target file.
S503, calculating the actual measurement value of the target file according to the process information.
It should be noted that, the specific implementation manner of steps S502-S503 may refer to steps SS201-202, and will not be described herein.
S504, reading the configuration file, and obtaining the trusted module storage function identification of the target file in the configuration file.
S505, according to the trusted module storage function identification of the target file, the original metric value of the target file is obtained.
It should be noted that, the specific implementation manner of step S505 may refer to step S305, which is not described herein.
S506, comparing the actual measurement value and the original measurement value of the target file to obtain a first matching result, wherein the first matching result comprises matching or non-matching.
S507, calculating the actual measurement value of the program file corresponding to the application process according to the process information.
It should be noted that, the specific implementation manner of the steps S506 to S507 may refer to the steps S404 to S405, which are not described herein.
S508, reading the configuration file, and obtaining the trusted module storage function identification of the program file in the configuration file.
S509, storing the function identifier according to the trusted module of the program file, and acquiring the original metric value of the program file.
The monitoring process can determine the storage position of the original measurement value of the program file according to the trusted module storage function identifier, and further acquire the original measurement value of the program file.
In one possible implementation, the monitoring process may obtain the original metric value of the program file from the trusted module when the trusted module storage function identifier indicates that the storage location is a trusted module, and may read the original metric value of the program file from the configuration file when the trusted module storage function identifier does not indicate that the storage location is a trusted module.
Illustratively, the monitoring process may obtain the original metric value of the program file from the trusted module when the trusted module storage function identification is 1, and may read the original metric value of the program file from the configuration file when the trusted module storage function identification is 0.
S510, comparing the actual measurement value and the original measurement value of the program file to obtain a second matching result, wherein the second matching result comprises matching or non-matching.
S511, sending a judging result to the kernel according to the first matching result and the second matching result, so that the kernel allows the application process to access the target file when the first matching result and the second matching result are both matched, and otherwise, does not allow the application process to access the target file.
It should be noted that, the specific implementation manner of the steps S510-S511 may refer to the steps S407-S408, which are not described herein.
It will be appreciated that the monitoring process may perform steps S503-S506 to measure the trust of the target file, and then perform steps S507-S510 to measure the trust of the program file.
Optionally, when the monitoring process is started, the original metric value of the program file of the monitoring process may be calculated first and stored in the trusted module, then the monitoring process may periodically calculate the actual metric value of the program file of the monitoring process, compare the actual metric value with the original metric value in the trusted module, and execute S501-S511 when the actual metric value is the same as the file metric value.
In the above scheme, because the space of the trusted module is limited, the original measurement values of all the target files may not be stored, by setting the configuration file, the original measurement values of the files can be selectively stored in the trusted module or the configuration file, so that the flexibility of configuration is improved, and based on the actual measurement values of the program file and the target file, whether the application process and the target file which the application process requests to access are trusted or not is comprehensively judged, the trusted measurement is accurately performed on the file access event, and the security of file access and the reliability of the system can be effectively improved.
Fig. 6 is a schematic diagram of another file access method according to an embodiment of the present application. The execution subject of the method is the kernel shown in fig. 1.
As shown in fig. 6, the method may include:
S601, when it is monitored that an application process calls a file access interface, suspending the application process, sending process information of the application process to a monitoring process, wherein the application process is used for accessing a target file, the process information comprises a file path of the target file, and the monitoring process calculates an actual measurement value of the target file according to the process information to obtain a judging result.
For example, the monitoring process may set a hook function (hook function) so that the kernel suspends the application process when it monitors that the application process accesses the target file, and sends the process information of the application process to the monitoring process.
Wherein the kernel monitoring whether the application process accesses the target file may include monitoring whether a system call function for file access is invoked.
The monitoring process can judge whether the application process is credible or not according to the process information, and return the judging result to the kernel.
S602, waking up the application process according to the judging result, and releasing or intercepting the application process.
In particular, the arbitration result may include allowing the application process to access the target file or not allowing the application process to access the target file. And after the kernel receives the judging result, waking up the application process, releasing the application process when the judging result is that the application process is allowed to access the target file, and intercepting the application process when the judging result is that the application process is not allowed to access the target file.
In this embodiment, the kernel suspends the monitored application process, sends the process information of the application process to the monitoring process, decides whether the application process is trusted through the monitoring process, wakes the application process according to the decision result, and executes release or interception, so that the influence of malicious files on the security of the application process and the system can be effectively avoided.
The embodiment of the application also provides electronic equipment. The electronic equipment comprises a monitoring process, an application process and a kernel;
the kernel is used for suspending the application process when detecting that the application process calls a file access interface and sending the process information of the application process to the monitoring process, wherein the application process is used for accessing a target file, and the process information comprises a file path of the target file;
The monitoring process is used for calculating the actual measurement value of the target file according to the process information, acquiring the original measurement value of the target file from the trusted module, comparing the actual measurement value with the original measurement value and sending a judging result to the kernel;
the kernel is further configured to allow or deny, according to the arbitration result, the application process to access the target file.
The specific implementation manner and the beneficial effects of the method for accessing a file provided by the foregoing embodiment are as described above, and are not described herein.
The embodiment of the application also provides electronic equipment. The electronic equipment comprises a monitoring process, an application process and a kernel;
the kernel is used for suspending the application process when detecting that the application process calls a file access interface and sending the process information of the application process to the monitoring process, wherein the application process is used for accessing a target file, and the process information comprises a file path of the target file;
The monitoring process is used for calculating the actual metric value of the target file according to the process information, reading a configuration file, wherein the configuration file comprises a trusted module storage function identifier of the target file, acquiring the original metric value of the target file according to the trusted module storage function identifier, comparing the actual metric value of the target file with the original metric value of the target file, and sending a judging result to the kernel;
the kernel is further configured to allow or deny, according to the arbitration result, the application process to access the target file.
The specific implementation manner and the beneficial effects of the method for accessing a file provided by the foregoing embodiment are as described above, and are not described herein.
Fig. 7 is a schematic structural diagram of another electronic device according to an embodiment of the present application. As shown in fig. 7, the electronic device includes a processor (processor) 291. The kernel is a unit of the processor 291, and an application process and a monitor process can run on the processor 291. The electronic device further comprises a memory 292 and may further comprise a communication interface (Communication Interface) 293, a bus 294 and a trusted module 15. Wherein the processor 291, the memory 292, the communication interface 293, and the trusted module 15 may communicate with each other via the bus 294. Communication interface 293 may be used for information transfer. The processor 291 may call logic instructions in the memory 292 to perform the file access methods provided by the various method embodiments described above.
Further, the logic instructions in memory 292 described above may be implemented in the form of software functional units and stored in a computer-readable storage medium when sold or used as a stand-alone product.
The memory 292 is a computer-readable storage medium that may be used to store a software program, a computer-executable program, and program instructions/modules corresponding to the methods in the embodiments of the present disclosure. The processor 291 executes functional applications and data processing by running software programs, instructions and modules stored in the memory 292, i.e., implements the methods of the method embodiments described above.
The memory 292 may include a storage program area that may store an operating system, application programs required for at least one function, and a storage data area that may store data created according to the use of the terminal device, etc. Further, memory 292 may include high-speed random access memory, and may also include non-volatile memory.
Embodiments of the present application also provide a computer-readable storage medium having stored therein computer-executable instructions which, when executed by a processor, are configured to implement a method as described in the previous embodiments.
The embodiments of the present application also provide a computer program product, including a computer program, which when executed by a processor implements the method provided in any of the embodiments of the present disclosure.
Other embodiments of the application will be apparent to those skilled in the art from consideration of the specification and practice of the application disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It is to be understood that the application is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the application is limited only by the appended claims.
Claims (10)
1. A method of accessing a file, comprising:
Receiving process information of a suspended application process sent by a kernel, wherein the application process is used for accessing a target file, and the process information comprises a file path of the target file;
according to the process information, calculating an actual measurement value of the target file;
acquiring an original measurement value of the target file from a trusted module;
And comparing the actual measurement value with the original measurement value, and sending a judging result to the kernel so that the kernel wakes up the application process and allows or denies the application process to access the target file.
2. A method of file access, the method comprising:
receiving process information of an application process sent by a kernel, wherein the application process is used for accessing a target file, and the process information comprises a file path of the target file;
according to the process information, calculating an actual measurement value of the target file;
acquiring a configuration file, wherein the configuration file comprises a trusted module storage function identifier of the target file;
acquiring an original metric value of a target file according to the trusted module storage function identifier;
and comparing the actual measurement value of the target file with the original measurement value of the target file, and sending a judging result to the kernel so that the kernel allows or denies the application process to access the target file.
3. A file access method as claimed in claim 2, characterized in that the method comprises:
Loading a configuration file, wherein the configuration file comprises configuration information of at least one file, the configuration information comprises a file path and a trusted module storage function identifier, the trusted module storage function identifier is used for indicating a storage position of an original metric value of the file, and the target file is one file of the at least one file;
when the trusted module storage function identification indicates that the storage position is a trusted module, storing an original measurement value of the file in the trusted module;
and when the trusted module storage function identification does not indicate that the storage position is a trusted module, storing the original measurement value of the file in the configuration file.
4. A method of accessing a file according to any one of claims 1 to 3, wherein said comparing the actual metric value of the target file with the original metric value of the target file comprises:
When the actual measurement value of the target file is the same as the original measurement value of the target file, sending a first arbitration result to the kernel so that the kernel allows the application process to access the target file;
And when the actual measurement value of the target file is different from the original measurement value of the target file, sending a second judging result to the kernel so that the kernel refuses the application process to access the target file.
5. The file access method according to any one of claims 1 to 4, wherein before the receiving process information of the application process sent by the kernel, the method includes:
setting a hook function, so that when the kernel detects that an application process calls a file access interface, the application process is suspended, and the process information of the application process is returned;
The comparing the actual metric value of the target file with the original metric value of the target file, and sending a arbitration result to the kernel, so that the kernel allows or denies the application process to access the target file, including:
And comparing the actual measurement value of the target file with the original measurement value of the target file, sending a judging result to the kernel, and waking up the application process so that the kernel allows or denies the application process to access the target file.
6. A method of accessing a file as claimed in claim 3, further comprising:
the configuration information also comprises a file backup path;
And when the actual measurement value is different from the original measurement value, using the backup file under the file backup path to cover the file under the file path.
7. The file access method of claim 6, wherein the method further comprises:
the configuration information also comprises a file recovery function identifier;
When the file recovery function identification indicates to be started, when the actual measurement value is different from the original measurement value, the backup file under the file backup path is used for covering the file under the file path.
8. The method according to any one of claims 6-7, wherein the configuration file further includes a trusted module storage function identifier of a program file corresponding to the application process, the method further comprising:
according to the process information, calculating an actual measurement value of the program file;
According to the trusted module storage function identification of the program file, acquiring an original measurement value of the program file;
The step of comparing the actual measurement value of the target file with the original measurement value of the target file, and sending a arbitration result to the kernel, so that the kernel allows or denies the application process to access the target file, specifically including:
When the actual measurement value of the target file is the same as the original measurement value of the target file and the actual measurement value of the program file is the same as the original measurement value of the program file, a first arbitration result is sent to the kernel so that the kernel allows the application process to access the target file;
and when the actual measurement value of the target file is different from the original measurement value of the target file or the actual measurement value of the program file is different from the original measurement value of the program file, sending a second arbitration result to the kernel so that the kernel refuses the application process to access the target file.
9. The method according to any one of claims 1 to 8, wherein the process information includes a process identifier of the application process, and the comparing the actual metric value of the target file with the original metric value of the target file sends a arbitration result to the kernel, so that the kernel allows or denies the application process to access the target file, specifically includes:
And comparing the actual measurement value of the target file with the original measurement value of the target file, and sending a arbitration result to the kernel so that the kernel allows or denies the application process corresponding to the process identifier to access the target file, wherein the arbitration result comprises the process identifier.
10. An electronic device is characterized by comprising a processor, a memory and a trusted module, wherein the memory and the trusted module are in communication connection with the processor;
The memory stores computer-executable instructions;
the processor executes computer-executable instructions stored in the memory to implement the method of any one of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202411134063.6A CN119249472A (en) | 2024-08-16 | 2024-08-16 | File access method and electronic device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202411134063.6A CN119249472A (en) | 2024-08-16 | 2024-08-16 | File access method and electronic device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN119249472A true CN119249472A (en) | 2025-01-03 |
Family
ID=94015512
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202411134063.6A Pending CN119249472A (en) | 2024-08-16 | 2024-08-16 | File access method and electronic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN119249472A (en) |
-
2024
- 2024-08-16 CN CN202411134063.6A patent/CN119249472A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8364973B2 (en) | Dynamic generation of integrity manifest for run-time verification of software program | |
| US8601273B2 (en) | Signed manifest for run-time verification of software program identity and integrity | |
| US12111937B2 (en) | Memory scan-based process monitoring | |
| EP2754085B1 (en) | Verifying firmware integrity of a device | |
| US9245106B2 (en) | Providing a multi-phase lockstep integrity reporting mechanism | |
| US20110061050A1 (en) | Methods and systems to provide platform extensions for trusted virtual machines | |
| US11775649B2 (en) | Perform verification check in response to change in page table base register | |
| JP2005535005A (en) | System and method for executing instructions to initialize a secure environment | |
| US11068275B2 (en) | Providing a trustworthy indication of the current state of a multi-processor data processing apparatus | |
| US20210342162A1 (en) | Kernel space measurement | |
| EP4116851A1 (en) | Trusted measurement method and related apparatus | |
| CN110334515B (en) | Method and device for generating measurement report based on trusted computing platform | |
| CN110334519A (en) | The staticametric method of credible calculating platform based on dual Architecture | |
| WO2017133442A1 (en) | Real-time measurement method and device | |
| CN112347472B (en) | Behavior credibility measuring method and device based on power edge calculation | |
| EP4293507A1 (en) | Method and apparatus for launching application program on target platform | |
| US9104863B2 (en) | Method and apparatus to harden a software execution in random access memory | |
| WO2022077388A1 (en) | Processor security measurement device and method | |
| US20200244461A1 (en) | Data Processing Method and Apparatus | |
| CN119249472A (en) | File access method and electronic device | |
| US10275367B2 (en) | Command source verification | |
| US12333011B2 (en) | Information processing apparatus, information processing method, and recording medium | |
| EP4586124A1 (en) | Integrity measurement method and apparatus | |
| CN119989338A (en) | Hypervisor-based kernel management method and device | |
| CN115982714A (en) | Computing device and trusted chain construction method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |