[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN106778089A - A kind of system and method that security management and control is carried out to software authority and behavior - Google Patents

A kind of system and method that security management and control is carried out to software authority and behavior Download PDF

Info

Publication number
CN106778089A
CN106778089A CN201611095114.4A CN201611095114A CN106778089A CN 106778089 A CN106778089 A CN 106778089A CN 201611095114 A CN201611095114 A CN 201611095114A CN 106778089 A CN106778089 A CN 106778089A
Authority
CN
China
Prior art keywords
control
security management
application program
authority
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611095114.4A
Other languages
Chinese (zh)
Other versions
CN106778089B (en
Inventor
张建国
宋斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Comerica Mobei Software (beijing) Co Ltd
Original Assignee
Comerica Mobei Software (beijing) Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Comerica Mobei Software (beijing) Co Ltd filed Critical Comerica Mobei Software (beijing) Co Ltd
Priority to CN201611095114.4A priority Critical patent/CN106778089B/en
Priority to CN202110759334.7A priority patent/CN113378121A/en
Priority to CN202110747098.7A priority patent/CN113360856A/en
Publication of CN106778089A publication Critical patent/CN106778089A/en
Application granted granted Critical
Publication of CN106778089B publication Critical patent/CN106778089B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a kind of method for carrying out security management and control to software authority and behavior, it is characterised in that methods described includes:The security management and control file of policy-based configuration file management and control application program authority is arranged on the initial position of the application program operation existed in the form of program coding in the form of code, operation based on the application program and the security management and control file that triggers limit the authority of the application program according to the first policy configuration file of server push, and the authority information and operation conditions that the server is based on the application program of security management and control file feedback are generated and push the security management and control file of the second policy configuration file to the application program.The present invention is directed to the software containing privilege abuse or malicious act, the authority that the action of its malicious act, closing have hidden danger is blocked according to strategy, retain the other functions useful to user then to retain and allow it to perform, the demand that making software can meet user ensures the information security of user again.

Description

A kind of system and method that security management and control is carried out to software authority and behavior
Technical field
The present invention relates to field of computer technology, more particularly to a kind of security management and control is carried out to software authority and behavior it be System and method.
Background technology
With the development of software systems and internet, the application software of various functions largely occurs, and meets the work of people With the abundant demand lived to software.But the at the same time Malware and rogue software on computer particularly mobile device Emerge in an endless stream, user is difficult to screen.The part APP that particularly some manufacturers provide free, practical function, safety on surface, but Software can collect the privacy information of user on backstage, such as:Geographical position, address list content, short message, photo etc., and these are hidden Personal letter breath is uploaded on the server of manufacturer silently, causes information leakage hidden danger.
For similar Malware or rogue software, domestic consumer's on the one hand fubaritic its authority and behavior is another Even if aspect recognizes that software has privacy leakage risk, many users possess other software and are difficult to what is substituted in view of the software Functionality advantage, it has to compromise, continues to leave running software and collect information.
Antivirus software and the instrument of security guard's type at present on the market, are all that software is monitored in outside, one Denier finds that software violations of rules and regulations occurs in terms of authority or behavior, just directly closes software, or even uninstall, it is difficult to accurate control The authority of software processed and behavior.
The A of Chinese patent CN 105389263 disclose a kind of application software authority monitoring method, including:Download third party Application software installation kit;The authority of process name and application when parsing the attribute of the third-party application software, starting, it is described Attribute at least includes bag name, activity, services, broadcast and permission;According to the information life that parsing is obtained In contrast with verify job;By the job of the generation loaded on the tested terminal with fail-safe software, by the tested terminal Description according to the job is installed third-party application software and carries out contrast verification.Although the patent is capable of the visit of monitoring software Authority is asked, however it is necessary that rely on user installs fail-safe software in operating system, it is impossible to software is realized authority and behavior in itself Management and control.
The content of the invention
For the deficiency of prior art, the present invention provides a kind of method for carrying out security management and control to software authority and behavior, Characterized in that, methods described includes:
By the security management and control file of policy-based configuration file management and control application program authority be arranged in the form of code with The initial position of the application program operation that the form of program coding is present,
The first plan of operation based on the application program and the security management and control file that triggers according to server push Slightly configuration file limits the authority of the application program,
The server is based on authority information and the operation conditions generation of the application program of security management and control file feedback And push the security management and control file of the second policy configuration file to the application program.
According to a preferred embodiment, the server is based on the security management and control file mark and the described of feedback should Treat that management and control authority information adjusts first policy configuration file for second policy configuration file with program,
The authorization policy list that the security management and control file is based on second policy configuration file limits the application journey The authority of sequence.
According to a preferred embodiment, the security management and control file is based on the interruption of service adjustment institute of the application program The authorization policy list of the second policy configuration file is stated so as to generate the 3rd policy configuration file, the security management and control file mark The version information of the 3rd policy configuration file and its corresponding application program simultaneously pushes to the server storage.
The version of the application program fed back according to the security management and control file according to a preferred embodiment, the server This information is chosen the first matched policy configuration file, the second policy configuration file or the 3rd policy configuration file and is pushed Security management and control file into the application program.
According to a preferred embodiment, the power of the management and control failure that the server feeds back according to the security management and control file The version information of limit information and corresponding application program is to the security management and control file push fresh information so as to update the peace Full management and control file.
According to a preferred embodiment, the security management and control by policy-based configuration file management and control application program authority File is included the step of being arranged in the form of code with the initial position of the application program operation existed in the form of program coding:
Disassemble, reversely compilation and/or reversely compiling treat the application program of management and control for program coding,
The code of the security management and control file is arranged at the initial position or initialization node position run in program coding Put,
The program coding that forward direction compiling is provided with security management and control file is by the application program of security management and control file management and control.
According to a preferred embodiment, the security management and control file is based on first policy configuration file or described the The policy mandates of two policy configuration files calculate and judge the number of starts and the time of binding authority in the application program operation, And intercept the restricted information of binding authority transmission;
The interruption of service that the security management and control file is based on the application program calculates and judges the application program again The number of starts of binding authority and time in operation, so as to generate the 3rd policy configuration file and will again calculate and judge The number of starts of the binding authority for obtaining and time and the restricted information push to the server and are stored.
According to a preferred embodiment, the security management and control file is by the authority in relatively more described policy configuration file The authority information of authority information and application program listed by Policy List determines binding authority,
The management and control instruction of the security management and control file is based on the startup of binding authority and triggers so as to prevent binding authority Start and/or intercept the restricted information that the binding authority sends.
According to a preferred embodiment, the situation that signal is connected is lost in the security management and control file and the server Under, the security management and control file will be not recorded in the application journey in the authorization policy list of first policy configuration file Sequence treats that management and control authority information increases to the authorization policy list and is set to illegal state, so as to generate second strategy Configuration file,
The interruption of service that the security management and control file is based on the application program adjusts second policy configuration file Authorization policy list is so as to generate the 3rd policy configuration file.
A kind of system that security management and control is carried out to software authority and behavior, it is characterised in that including server, put part mould Block, collector and security management and control file,
The code of the server storage security management and control file and the push of the feedback information based on the security management and control file Policy configuration file,
The collector disassembles, reversely compilation and/or reversely compiling treat that the application program of management and control is program coding,
It is described to put part module by the security management and control file of policy-based configuration file management and control application program authority with code Form is arranged on the initial position of the application program operation existed in the form of program coding,
Operation based on the application program and the security management and control file that triggers are according to the of the server push One policy configuration file limits the authority of the application program,
The server is based on authority information and the operation conditions generation of the application program of security management and control file feedback And push the security management and control file of the second policy configuration file to the application program.
Advantageous Effects of the invention:
1st, for the software containing privilege abuse or malicious act, the present invention is not simple and crude directly to forbid it to run With use, but the action of its malicious act is blocked according to strategy, is closed and be there is the authority of hidden danger.It is useful to user in application program Other functions then retain and allow it to perform.
2nd, user need not be relied on the monitoring softwares such as antivirus software or security guard is installed in operating system, application program is in itself It is capable of achieving the management and control of authority and safety behavior.
3rd, traditional authority forbidden that is manually set is unilateral, easily causes some application program interruptions of service or can not Forbid the authority not set.On the basis of being manually set, the authority run relative to application program is adjusted the present invention, Further forbid other the unnecessary authorities not set without influenceing the carrying out of application program.
Brief description of the drawings
Fig. 1 is the logical schematic of the method for the present invention;With
Fig. 2 is the logical schematic of system of the invention.
Reference numerals list
10:Server 20:Put part module 30:Collector
40:Security management and control file
Specific embodiment
It is described in detail below in conjunction with the accompanying drawings.
The content of security management and control file needs control under type, reliability rating, authority group name, permission group including authority Be related to the function of individual privacy information.
Application program in the present invention by third party's program developer to be provided for installation into user machine system Or smart machine systematic difference program.Computer system includes Windows systems, XP systems and linux system.Intelligence sets Standby system includes IOS systems and android system.
Server of the invention includes remote server and Cloud Server.
As shown in figure 1, the present invention provides a kind of method for carrying out security management and control to software authority and behavior, including:
S1:The security management and control file of policy-based configuration file management and control application program authority is arranged in the form of code The initial position of the application program operation existed in the form of program coding;
S2:Operation based on the application program and the security management and control file that triggers are according to the first of server push Policy configuration file limits the authority of the application program;
S3:The server is based on authority information and the operation conditions life of the application program of security management and control file feedback Into and push the second policy configuration file to the application program security management and control file.
In the present invention, the authority behavior of application program includes:Call, send short message and/or multimedia message, open privately 2G/3G/4G, privately opening WLAN, privately opening bluetooth, reading contact person, reading message registration, short message reading and/or multimedia message, Obtain mobile phone location, using microphone record, open camera, write/delete contact person, write/delete message registration, write/delete short message and/or The real-time authority of the behaviors such as multimedia message.The present invention is not limited to the species of behavior, and the behavior can also include application program Other kinds of behavior.
Authority limitation of the invention includes allowing to access and forbidding accessing.Security management and control file is according to different application programs Different authorities are set.For example, for application program wechat, security management and control file is allowed for the front stage operation state of wechat is set The access rights of access, are that the temporary off-duty state of wechat sets the access rights for forbidding accessing, and are the running background of wechat State sets the access rights for becoming more meticulous.Such as:For the background operation state of wechat, can set for system resource GPS To allow to access, the access rights for system resource address list are to forbid access etc. to the access rights of resource, and the present invention is to this It is not particularly limited.
Security management and control file carries out manual compiling and the management file for being formed after test repeatedly by service team.Security management and control File can be complete executable program, or one section of code snippet.The code speech of security management and control file includes PASCAL, C language, formula translation, BASIC, Common business Oriented Language, FOXBASE language etc..
Embodiment 1
The present embodiment provides a kind of method for carrying out security management and control to software authority and behavior, including:
S1:The security management and control file of policy-based configuration file management and control application program authority is arranged in the form of code The initial position of the application program operation existed in the form of program coding,
S2:Operation based on the application program and the security management and control file that triggers are according to the first of server push Policy configuration file limits the authority of the application program,
S3:The server is based on authority information and the operation conditions life of the application program of security management and control file feedback Into and push the second policy configuration file to the application program security management and control file.
The present embodiment to it is a kind of the method that software authority and behavior carry out security management and control is carried out it is as described below.
S1:The security management and control file of policy-based configuration file management and control application program authority is arranged in the form of code The initial position of the application program operation existed in the form of program coding.
Application program to be installed can apply for all kinds of authorities in operation, such as obtain geographical position, read address list, access Camera, microphone etc..The developer of these authorities and behavior not necessarily application program declares that the function institute for providing is necessary , it may be possible to developer is in and obtains the code that more interests are additionally added, or the injection of software download channel manufacturer's later stage is folded Plus, therefore these authorities and behavior are probably unnecessary or even harmful for the user of final application program.For example:Certain Developer has made a free game program, and the games are provided solely for the interactive developmental game of picture, and does not possess Game function based on geographical position can be applied obtaining system with communication good friend's game on-line function, but games operation The authority in geographical position of uniting and the authority of accessing address list, its true purpose is for user profile and uploads to its server, Then it is sold to the purpose that other advertising companies reach profit.
Application program of the invention, including the application program issued or do not issued by developer.When the use of application program Family prepare in particular range using application program and need ensure its it is safely controllable when, security management and control file is set into application In the program coding of program, application program is set to possess the function of security management and control its own right, then again will be with security management and control work( The application program of energy is used in particular range.Security management and control file applies to the pervasive version of major applications program.Pin To the particular application that the later stage finds, Code obfuscation or encipherment protection may be have passed through, be directly injected into security management and control file Code is likely to result in monitoring function failure.Therefore, security management and control file security management and control file can be upgraded very with modification and perfection Update, so as to reach preferably compatibility universality.
Preferably, the security management and control file by policy-based configuration file management and control application program authority is with the shape of code Formula is arranged on to be included the step of the initial position of the application program operation existed in the form of program coding:
S11:Disassemble, reversely compilation and/or reverse compiling treat that the application program of management and control is program coding;
S12:The code of the security management and control file is arranged at the initial position or initialization section run in program coding Point position;
S13:The program coding that forward direction compiling is provided with security management and control file is by the application journey of security management and control file management and control Sequence.
It is program coding that the application program of management and control will be needed to disassemble.Or will need management and control application program reversely compilation or Reversely it is compiled as the program coding of SMALI or JAVA forms.
The original position of program operation is found in the program coding of application program, by the encoding setting of security management and control file In the original position or initialization node location of program operation.The setting of security management and control file is equivalent to changing application program Operating mechanism.When application program runs to original position or initialization node location, the code of security management and control file can be performed. The next code program for continuing executing with application program is returned after the code for completing security management and control file is performed.
After security management and control file is provided with, will by change and the application program for setting re-start positive compilation or Forward direction compiling, formed can the application program with security management and control function run very much of normal mounting, for being sent out in particular range Cloth.
S2:Operation based on the application program and the security management and control file that triggers are according to the first of server push Policy configuration file limits the authority of the application program.
Security management and control file is based on the operation of application program and triggers operation.During security management and control running paper, to server Sending strategy configuration file request information, the request of server response security management and control file is simultaneously newest to security management and control file push The first policy configuration file.First policy configuration file includes authorization policy list.Authorization policy list has displayed part Forbid enabling authority and allow the authority for enabling, to ensure the information security of application program.Security management and control file is according to the first plan The list items of the authorization policy list of configuration file are omited, the authority to application program is accordingly limited and management and control item by item.Or, When application program attempts to run the authority in being displayed in authorization policy list, security management and control file is monitored and triggers interception Action, intercepts the information of authority transmission, to ensure what the behavior of actual motion of application program specified without departing from server Authorization policy scope, reaches the target of security management and control.
S3:The server is based on authority information and the operation conditions life of the application program of security management and control file feedback Into and push the second policy configuration file to the application program security management and control file.
Being based on the first policy configuration file in security management and control file carries out the situation of corresponding management and control to the authority of application program Under, security management and control file is not displayed in the authority of authorization policy list to server feedback, i.e., feedback is not at management and control scope Authority.Authority information of the security management and control file to server feedback application program in management and control scope and it is not at management and control scope Authority information and authority operation conditions.Server be based on security management and control file feedback application program authority information and Operation conditions, the authorization policy list of the first policy configuration file to being pushed is adjusted, and increases new authority, so that raw Into the second policy configuration file containing the authorization policy list for updating.Second policy configuration file is pushed to correspondence by server Application program security management and control file.
According to a preferred embodiment, the server is based on the security management and control file mark and the described of feedback should Treat that management and control authority information adjusts first policy configuration file for second policy configuration file with program.The safety Management and control file is based on the authority of the authorization policy list limitation application program of second policy configuration file.
Preferably, security management and control file treats the authority information of management and control during to server feedback authority information Retransmited after being marked to server.Server according to security management and control file mark and feed back treat management and control authority information adjust The authorization policy list of the first policy configuration file, increases new authority, so as to generate contain the authorization policy list for updating Second policy configuration file simultaneously pushes to corresponding security management and control file.For example, the power for newly increasing of the second policy configuration file Limit is set to forbid.Security management and control file is based on the list items of the authorization policy list of the second policy configuration file, corresponds to item by item Accordingly limited and management and control with the authority of program.Or, in application program attempts to run and is displayed in authorization policy list During authority, security management and control file is monitored and triggers interception action, the information of authority transmission is intercepted, to ensure application program Actual motion behavior without departing from the authorization policy scope that server specifies, reach the target of security management and control.
According to a preferred embodiment, the security management and control file is based on the interruption of service adjustment institute of the application program The authorization policy list of the second policy configuration file is stated so as to generate the 3rd policy configuration file, the security management and control file mark The version information of the 3rd policy configuration file and its corresponding application program simultaneously pushes to the server storage.
Security management and control file according to the second policy configuration file after authority managing and controlling is carried out, it is possible to can cause application program The interruption of service.Because some authorities are the necessary authorities for starting in application program operation.Security management and control file is to the second strategy The management and control authority newly increased in the authorization policy list of configuration file is adjusted one by one, changes the restriction of authority, until using Untill program can normally be run.Security management and control file security management and control file is carried out to the information of the new authority for starting and its transmission Monitor and send to server.The second policy configuration file that authorization policy list will be have adjusted is generated as the 3rd strategy configuration text Part.Security management and control file increases mark and it is pushed away with the version information of corresponding application program to the 3rd policy configuration file Deliver to server.Server is deposited to the version information of attached markd 3rd policy configuration file and corresponding application program Storage.When security management and control file is attached in the application program of same version information again, server is according to security management and control text The version information of the application program of part feedback, directly has markd 3rd policy configuration file to security management and control file push. The present invention is adjusted by policy configuration file, can strengthen the management and control scope to application program.Both will not be due to advance The management and control scope of setting omits the management of authority, again will not the operation that influence application program due to management and control authority unilateral, produce The raw interruption of service.
The version of the application program fed back according to the security management and control file according to a preferred embodiment, the server This information is chosen the first matched policy configuration file, the second policy configuration file or the 3rd policy configuration file and is pushed Security management and control file into the application program.
Different application programs is applicable different authority managing and controlling scopes.Some application programs are applicable the first policy configuration file And need not be adjusted.Some application programs are applicable the second policy configuration file after being adjusted.Some application programs are applicable The 3rd policy configuration file after being adjusted.Security management and control file after application program is set into, the fortune based on application program Go and trigger and start.The version information of application program is sent after security management and control file start to server.If being stored in server There are the version information of application program and its record of corresponding policy configuration file, then send corresponding the to security management and control file One policy configuration file, the second policy configuration file or the 3rd policy configuration file.If server feeds back to security management and control file The version information of application program do not record, then be sent to the first policy configuration file with pervasive scope.
According to a preferred embodiment, the power of the management and control failure that the server feeds back according to the security management and control file The version information of limit information and corresponding application program is to the security management and control file push fresh information so as to update the peace Full management and control file.
Security management and control file can be applicable the pervasive version of various application programs.But due to the diversity of application program, portion Point application program may have passed through Code obfuscation or encipherment protection, and the code for directly setting into security management and control file is likely to result in pipe Control the result of failure.Authority i.e. in application program does not receive the management and control and limitation of security management and control file.Therefore, security management and control text The version information of application program and authority managing and controlling situation are fed back to server by part.The research and development service team of security management and control file The version information and authority managing and controlling situation of the application program according to server record, security management and control file is modified with it is complete It is apt to reach preferably compatibility universality.Amended application program can be realized comprehensively compatible and applicable within a period of time.
According to a preferred embodiment, the security management and control file is based on first policy configuration file or described the The policy mandates of two policy configuration files calculate and judge the number of starts and the time of binding authority in the application program operation, And intercept the restricted information of binding authority transmission.The security management and control file is based on the interruption of service of the application program again The number of starts and the time of binding authority in the application program operation are calculated and judge, so as to generate the 3rd strategy configuration File the number of starts of the binding authority that calculating and judgement are obtained and time and the restricted information will simultaneously be pushed again Stored to the server.
Preferably, security management and control file can determine the concrete behavior of malicious act in application program.For example:Server push The first policy configuration file for sending or the second policy configuration file specify:Mobile office is answered program to use and obtains microphone record The authority of sound, daily geographical position obtains and cannot be greater than 1 time, to take precautions against information leakage.When application program is run, once attempt Start microphone, security management and control file monitors the behavior and blocked immediately.Application program obtains geographical position all every time Security management and control file can be triggered to judge and record, the time period 00:00~24:Triggering is to carry out record to report more than 1 time during 00 Run with blocking.If the authority of the first policy configuration file specifies to hinder the operation of application program, the interruption of service is produced, then pacified Authorization policy list in full management and control file adjustable strategies configuration file generates the 3rd policy configuration file, and calculate again and Judge the number of starts and the time of binding authority in application program operation.Or, security management and control file is based on the fortune of application program Row obstacle calculates and judges the number of starts and the time of the binding authority for not influenceing application program to run again, so that adjustable strategies Authorization policy list in configuration file generates the 3rd policy configuration file.Security management and control file will be calculated again and judgement is obtained Binding authority the number of starts and time and restricted information push to the server and stored.
According to a preferred embodiment, the security management and control file is by the authority in relatively more described policy configuration file The authority information of authority information and application program listed by Policy List determines binding authority.The security management and control file Startup of the management and control instruction based on binding authority and trigger startup so as to prevent binding authority and/or intercept the binding authority The restricted information of transmission.
For example, specifying in the authorization policy list of policy configuration file, the authority of short message reading is forbidden.Application program The authority of operation short message reading is run or applied in the process of running.Security management and control file is by comparison strategy configuration file Short message reading authority listed by authorization policy list forbids the application authority of information and short message reading determining short message reading Authority is binding authority, should be forbidden.Security management and control file is triggered when the authority of the short message reading of application program is run Management and control instruction.The management and control instruction of security management and control file is based on the startup of the authority of short message reading and triggers so as to prevent reading short The information that the startup of the authority of letter and/or interception application program send after short message reading.
According to a preferred embodiment, the situation that signal is connected is lost in the security management and control file and the server Under, the security management and control file will be not recorded in the application journey in the authorization policy list of first policy configuration file Sequence treats that management and control authority information increases to the authorization policy list and is set to illegal state, so as to generate second strategy Configuration file.The interruption of service that the security management and control file is based on the application program adjusts second policy configuration file Authorization policy list is so as to generate the 3rd policy configuration file.
After security management and control file is set into application program, the application program with management and control function can depart from server Association and Stand-alone distribution and use.Lost in the case that signal is connected in security management and control file and server, security management and control text Part does not need the information of server push then and carries out management and control to application program.The strategy that security management and control file is provided with acquiescence is matched somebody with somebody Put file.Security management and control file still can be carried out to the authority behavior of application program and malice according to default policy configuration file The management and control of behavior.
If security management and control file finds that application program has the authorization policy list for being not recorded in the first policy configuration file In treat management and control authority information, then will treat that management and control authority information increases to access control lists and is set to illegal state so that Generate second policy configuration file.Because some necessary authorities are prohibited, application program produces the interruption of service.Bursting tube Control file is based on the authorization policy list of interruption of service adjustment second policy configuration file of the application program, to newly-increased Plus influence application program operation binding authority be adjusted to permission state so that application program is normally run.It is adjusted The second policy configuration file afterwards generates the 3rd policy configuration file.
Embodiment 2
The present embodiment is the further improvement and explanation to embodiment 1, and the content for repeating is repeated no more.
As shown in Fig. 2 the present embodiment provides a kind of system for carrying out security management and control to software authority and behavior, including service Device 10, put part module 20 and collector 30 and security management and control file 40.
Preferably, the first policy configuration file is that test is formed by manual compiling and repeatedly, and non-software or system oneself Dynamic generation.The storage of first strategy file is in server or configuration in security management and control file.
According to a preferred embodiment, security management and control file was integrated in and puts part module before application program is set into In 20.
The code of the server storage security management and control file and the push of the feedback information based on the security management and control file Policy configuration file.
Preferably, put part module 20 and collector 30 be arranged on the remote server of application program wireless connection or On intelligent terminal.Therefore, the code of security management and control file is stored in the server 10 or puts part module 20.Put part module 20 by User specify the object of putting part and between time.
Intelligent terminal is including desktop computer, notebook computer, smart mobile phone, Intelligent bracelet, intelligent glasses etc..
Under normal circumstances, user cannot touch-safe management and control file code, by user in intelligent terminal by wirelessly connecting Server 10 is connect, is started collector 30 and is put part module 20, decoded by 30 pairs of application programs specified of collector, by Put part module 20 and security management and control file is set to specified application program.Finally, collector 30 pairs is provided with security management and control text The application program forward direction of part is compiled as the application program with management and control its own right function.
The application program connection server that user passes through intelligent terminal, indicates to install security management and control to specified application program File.Server responds the instruction of intelligent terminal, starts collector 30.Collector 30 disassembled to application program, instead To compilation and/or reversely compiling, program coding is obtained.After the completion of collector 30 is decoded to application program, to putting part module 20 It is sent completely information.The information of the response compilation module 20 of part module 20 is put, starts to set safety to the program coding of application program The code of management and control file 40.After the setting security management and control of part module 20 file 40 is put, positive compiling is sent to collector 20 Instruction or information.20 pairs of application programs of the program coding for being provided with security management and control file of collector carry out positive compiling.
Specifically, the operation of the system for carrying out security management and control to software authority and behavior of the invention is as described below.
S1:Part module 20 is put by the security management and control file of policy-based configuration file management and control application program authority with code Form is arranged on the initial position of the application program operation existed in the form of program coding.
Preferably, part module 20 is put by the security management and control file of policy-based configuration file management and control application program authority with generation The form of code is arranged on to be included the step of the initial position of the application program operation existed in the form of program coding:
S11:Collector 30 is disassembled, reversely compilation and/or reverse compiling treat that the application program of management and control is program coding;
S12:Put part module 20 and the code of the security management and control file is arranged at the initial position run in program coding Or initialization node location;
S13:The program coding that the positive compiling of collector 30 is provided with security management and control file is by security management and control file pipe The application program of control.
It is program coding that collector 30 will need the application program of management and control to disassemble.Or collector 30 will need management and control Application program reversely compilation or be reversely compiled as the program coding of SMALI or JAVA forms.
The original position that part module 20 finds program operation in the program coding of application program is put, by security management and control file The original position run in program of encoding setting or initialization node location.
After security management and control file is provided with, collector 30 will be re-started by change and the application program for setting Forward direction compilation or positive compiling, formed can normal mounting and operation the application program with security management and control function, in spy Determine issue in scope.
S2:Operation based on the application program and the security management and control file that triggers are according to the first of server push Policy configuration file limits the authority of the application program.
Security management and control file 40 is based on the operation of application program and triggers operation.When security management and control file 40 runs, to clothes The business sending strategy configuration file request information of device 10, the request of the response security management and control of server 10 file 40 is simultaneously literary to security management and control Part 40 pushes the first newest policy configuration file.First policy configuration file includes authorization policy list.Authorization policy is arranged Table has displayed part to be forbidden enabling authority and allows the authority for enabling, to ensure the information security of application program.Security management and control text Part 40 is accordingly limited according to the list items of the authorization policy list of the first policy configuration file, the item by item authority to application program System and management and control.Or, when application program attempts to run the authority in being displayed in authorization policy list, security management and control file is carried out Interception action is monitored and triggered, the information of authority transmission is intercepted, to ensure that the behavior of actual motion of application program will not surpass Go out the authorization policy scope that server specifies, reach the target of security management and control.
S3:The authority information and operation conditions that server is based on the application program of security management and control file feedback are generated simultaneously Push the security management and control file of the second policy configuration file to the application program.
Being based on the first policy configuration file in security management and control file carries out the situation of corresponding management and control to the authority of application program Under, security management and control file is not displayed in the authority of authorization policy list to server feedback, i.e., feedback is not at management and control scope Authority.Authority information of the security management and control file to server feedback application program in management and control scope and it is not at management and control scope Authority information and authority operation conditions.Server be based on security management and control file feedback application program authority information and Operation conditions, the authorization policy list of the first policy configuration file to being pushed is adjusted, and increases new authority, so that raw Into the second policy configuration file containing the authorization policy list for updating.Second policy configuration file is pushed to correspondence by server Application program security management and control file.
According to a preferred embodiment, the server is based on the security management and control file mark and the described of feedback should Treat that management and control authority information adjusts first policy configuration file for second policy configuration file with program.The safety Management and control file is based on the authority of the authorization policy list limitation application program of second policy configuration file.
According to a preferred embodiment, the security management and control file is based on the interruption of service adjustment institute of the application program The authorization policy list of the second policy configuration file is stated so as to generate the 3rd policy configuration file, the security management and control file mark The version information of the 3rd policy configuration file and its corresponding application program simultaneously pushes to the server storage.
Security management and control file according to the second policy configuration file after authority managing and controlling is carried out, it is possible to can cause application program The interruption of service.Security management and control file to the management and control authority that is newly increased in the authorization policy list of the second policy configuration file one by one It is adjusted, changes the restriction of authority, untill application program can normally be run.Security management and control file security management and control file Information to the new authority for starting and its transmission is monitored and sends to server, and will have adjusted authorization policy list Second policy configuration file is generated as the 3rd policy configuration file.Security management and control file increases mark to the 3rd policy configuration file And it is pushed into server with the version information of corresponding application program.Server is to attached markd 3rd strategy configuration The version information of file and corresponding application program is stored.
The version of the application program fed back according to the security management and control file according to a preferred embodiment, the server This information is chosen the first matched policy configuration file, the second policy configuration file or the 3rd policy configuration file and is pushed Security management and control file into the application program.
Security management and control file triggers startup based on the operation of application program after application program is set into.Security management and control The version information of application program is sent after file start to server.If the version information of the application program that is stored with server and The record of its corresponding final policy configuration file, then to security management and control file send corresponding first policy configuration file, Second policy configuration file or the 3rd policy configuration file.If the version of the application program that server feeds back to security management and control file Information is not recorded, then be sent to the first policy configuration file with pervasive scope.
According to a preferred embodiment, the power of the management and control failure that the server feeds back according to the security management and control file The version information of limit information and corresponding application program is to the security management and control file push fresh information so as to update the peace Full management and control file.
The situation of the version information of application program and authority managing and controlling failure is fed back to server by security management and control file.Peace The R&D team of full managing and control system according to the version information and authority managing and controlling situation of the application program of server record, to safety Management and control file is modified and improves to reach preferably compatibility universality.Amended application program can be real within a period of time It is now comprehensively compatible and applicable.The R&D team of security management and control system by after renewal security management and control file set with server 10 or In putting part module 20.Put part module 20 and such as newest security management and control file is set to application program in the updated.
According to a preferred embodiment, the security management and control file is based on first policy configuration file or described the The policy mandates of two policy configuration files calculate and judge the number of starts and the time of binding authority in the application program operation, And intercept the restricted information of binding authority transmission.The security management and control file is based on the interruption of service of the application program again The number of starts and the time of binding authority in the application program operation are calculated and judge, so as to generate the 3rd strategy configuration File the number of starts of the binding authority that calculating and judgement are obtained and time and the restricted information will simultaneously be pushed again Stored to the server.
According to a preferred embodiment, the security management and control file is by the authority in relatively more described policy configuration file The authority information of authority information and application program listed by Policy List determines binding authority.The security management and control file Startup of the management and control instruction based on binding authority and trigger startup so as to prevent binding authority and/or intercept the binding authority The restricted information of transmission.
According to a preferred embodiment, the situation that signal is connected is lost in the security management and control file and the server Under, the security management and control file will be not recorded in the application journey in the authorization policy list of first policy configuration file Sequence treats that management and control authority information increases to the authorization policy list and is set to illegal state, so as to generate second strategy Configuration file.The interruption of service that the security management and control file is based on the application program adjusts second policy configuration file Authorization policy list is so as to generate the 3rd policy configuration file.
After security management and control file is set into application program, the application program with management and control function can depart from server Association and Stand-alone distribution and use.Lost in the case that signal is connected in security management and control file and server, security management and control text Part does not need the information of server push then and carries out management and control to application program.The strategy that security management and control file is provided with acquiescence is matched somebody with somebody Put file.Security management and control file still can be carried out to the authority behavior of application program and malice according to default policy configuration file The management and control of behavior.
If security management and control file finds that application program has the authorization policy list for being not recorded in the first policy configuration file In treat management and control authority information, then will treat that management and control authority information increases to access control lists and is set to illegal state so that Generate second policy configuration file.Because some necessary authorities are prohibited, application program produces the interruption of service.Bursting tube Control file is based on the authorization policy list of interruption of service adjustment second policy configuration file of the application program, to newly-increased Plus influence application program operation binding authority be adjusted to permission state so that application program is normally run.It is adjusted The second policy configuration file afterwards generates the 3rd policy configuration file.
Compared with the program of safety management is carried out by security system, the system makes application program disengaging rely on security procedure Carry out the shortcoming of priority assignation.Application program after being processed by the system, all permissions request of meeting active management and control application program Operation without influenceing application program.The system does not need user actively to go authority and the behavior of management application software, makes user It is more convenient when application program is run, simply.
It should be noted that above-mentioned specific embodiment is exemplary, those skilled in the art can disclose in the present invention Various solutions are found out under the inspiration of content, and these solutions also belong to disclosure of the invention scope and fall into this hair Within bright protection domain.It will be understood by those skilled in the art that description of the invention and its accompanying drawing be it is illustrative and not Constitute limitations on claims.Protection scope of the present invention is limited by claim and its equivalent.

Claims (10)

1. a kind of method that security management and control is carried out to software authority and behavior, it is characterised in that methods described includes:
The security management and control file of policy-based configuration file management and control application program authority is arranged on program in the form of code The initial position of the application program operation that the form of coding is present,
Operation based on the application program and the security management and control file that triggers are matched somebody with somebody according to the first strategy of server push The authority that file limits the application program is put,
The authority information and operation conditions that the server is based on the application program of security management and control file feedback are generated and pushed away Send the second policy configuration file to the security management and control file of the application program.
2. the method for security management and control being carried out to software authority and behavior as claimed in claim 1, it is characterised in that the service What device was based on the security management and control file mark and the application program fed back treats management and control authority information adjustment first plan Slightly configuration file is second policy configuration file,
The authorization policy list that the security management and control file is based on second policy configuration file limits the application program Authority.
3. the method for security management and control being carried out to software authority and behavior as claimed in claim 2, it is characterised in that the safety Management and control file be based on the application program the interruption of service adjust the authorization policy list of second policy configuration file so as to The 3rd policy configuration file is generated, the 3rd policy configuration file and its corresponding application journey described in the security management and control file mark The version information of sequence simultaneously pushes to the server storage.
4. the method for security management and control being carried out to software authority and behavior as claimed in claim 3, it is characterised in that the service The version information of the application program that device feeds back according to the security management and control file choose the first matched policy configuration file, Second policy configuration file or the 3rd policy configuration file simultaneously push to the security management and control file in the application program.
5. the method for security management and control being carried out to software authority and behavior as claimed in claim 4, it is characterised in that the server The authority information of the management and control failure fed back according to the security management and control file and the version information of corresponding application program are to described Security management and control file push fresh information is so as to update the security management and control file.
6. the method for security management and control being carried out to software authority and behavior as described in one of preceding claims, it is characterised in that institute State to be arranged on the security management and control file of policy-based configuration file management and control application program authority in the form of code and compiled with program The step of initial position of the application program operation that the form of code is present, includes:
Disassemble, reversely compilation and/or reversely compiling treat the application program of management and control for program coding,
The code of the security management and control file is arranged at the initial position or initialization node location run in program coding,
The program coding that forward direction compiling is provided with security management and control file is by the application program of security management and control file management and control.
7. the method for security management and control being carried out to software authority and behavior as claimed in claim 6, it is characterised in that the bursting tube Control file is based on first policy configuration file or the policy mandates of second policy configuration file are calculated and judge described The number of starts of binding authority and time in application program operation, and intercept the restricted information of binding authority transmission;
The interruption of service that the security management and control file is based on the application program calculates and judges the application program operation again The number of starts of middle binding authority and time, so as to generate the 3rd policy configuration file and will calculate again and judgement is obtained The binding authority the number of starts and time and the restricted information push to the server and stored.
8. the method for security management and control being carried out to software authority and behavior as claimed in claim 7, it is characterised in that the bursting tube Control file passes through to compare the authority information and application program listed by the authorization policy list in the policy configuration file Authority information determines binding authority,
The management and control instruction of the security management and control file is based on the startup of binding authority and triggers so as to prevent the startup of binding authority And/or intercept the restricted information that the binding authority sends.
9. the method for security management and control being carried out to software authority and behavior as described in claim 7 or 8, it is characterised in that described Security management and control file and the server are lost in the case that signal is connected, and the security management and control file will be not recorded in described The application program in the authorization policy list of one policy configuration file treats that management and control authority information increases to the authority plan Omit list and be set to illegal state, so that second policy configuration file is generated,
The security management and control file is based on the authority of interruption of service adjustment second policy configuration file of the application program Policy List is so as to generate the 3rd policy configuration file.
10. a kind of system that security management and control is carried out to software authority and behavior, it is characterised in that including server, put part module, Collector and security management and control file,
The code of the server storage security management and control file and the push strategy of the feedback information based on the security management and control file Configuration file,
The collector disassembles, reversely compilation and/or reversely compiling treat that the application program of management and control is program coding,
It is described to put part module by the security management and control file of policy-based configuration file management and control application program authority in the form of code The initial position of the application program operation existed in the form of program coding is arranged on,
The first plan of operation based on the application program and the security management and control file that triggers according to the server push Slightly configuration file limits the authority of the application program,
The authority information and operation conditions that the server is based on the application program of security management and control file feedback are generated and pushed away Send the second policy configuration file to the security management and control file of the application program.
CN201611095114.4A 2016-12-01 2016-12-01 System and method for safely managing and controlling software authority and behavior Active CN106778089B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN201611095114.4A CN106778089B (en) 2016-12-01 2016-12-01 System and method for safely managing and controlling software authority and behavior
CN202110759334.7A CN113378121A (en) 2016-12-01 2016-12-01 System and method for adjusting application program permission based on assembly
CN202110747098.7A CN113360856A (en) 2016-12-01 2016-12-01 Policy setting system and method based on authority control

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611095114.4A CN106778089B (en) 2016-12-01 2016-12-01 System and method for safely managing and controlling software authority and behavior

Related Child Applications (2)

Application Number Title Priority Date Filing Date
CN202110747098.7A Division CN113360856A (en) 2016-12-01 2016-12-01 Policy setting system and method based on authority control
CN202110759334.7A Division CN113378121A (en) 2016-12-01 2016-12-01 System and method for adjusting application program permission based on assembly

Publications (2)

Publication Number Publication Date
CN106778089A true CN106778089A (en) 2017-05-31
CN106778089B CN106778089B (en) 2021-07-13

Family

ID=58882839

Family Applications (3)

Application Number Title Priority Date Filing Date
CN201611095114.4A Active CN106778089B (en) 2016-12-01 2016-12-01 System and method for safely managing and controlling software authority and behavior
CN202110747098.7A Pending CN113360856A (en) 2016-12-01 2016-12-01 Policy setting system and method based on authority control
CN202110759334.7A Pending CN113378121A (en) 2016-12-01 2016-12-01 System and method for adjusting application program permission based on assembly

Family Applications After (2)

Application Number Title Priority Date Filing Date
CN202110747098.7A Pending CN113360856A (en) 2016-12-01 2016-12-01 Policy setting system and method based on authority control
CN202110759334.7A Pending CN113378121A (en) 2016-12-01 2016-12-01 System and method for adjusting application program permission based on assembly

Country Status (1)

Country Link
CN (3) CN106778089B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107608660A (en) * 2017-08-31 2018-01-19 科大讯飞股份有限公司 Shared technical ability application process and system
CN107832590A (en) * 2017-11-06 2018-03-23 珠海市魅族科技有限公司 Terminal control method and device, terminal and computer-readable recording medium
CN108427886A (en) * 2018-01-25 2018-08-21 上海掌门科技有限公司 A kind of application program access rights setting method, system, equipment and readable medium
CN108513300A (en) * 2018-07-11 2018-09-07 北京奇安信科技有限公司 A kind of processing method and terminal of management and control wifi connections
CN110222480A (en) * 2019-06-13 2019-09-10 红鼎互联(广州)信息科技有限公司 The system and method that a kind of pair of software permission and behavior carry out security management and control
CN111353132A (en) * 2018-12-20 2020-06-30 中移(杭州)信息技术有限公司 Method and device for limiting use of application program
CN111488569A (en) * 2020-04-09 2020-08-04 支付宝(杭州)信息技术有限公司 Authority determining and managing method, device, equipment and medium
CN112181476A (en) * 2020-08-31 2021-01-05 北京达佳互联信息技术有限公司 Application program control method, device, server and storage medium
CN114710312A (en) * 2022-02-16 2022-07-05 大连九锁网络有限公司 Method for security control of mobile phone application program based on smart watch authorization
CN115811636A (en) * 2022-11-18 2023-03-17 四川长虹电器股份有限公司 Safety management method for application background starting on smart television

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080222708A1 (en) * 2003-02-14 2008-09-11 International Business Machines Corporation Implementing access control for queries to a content management system
CN101359355A (en) * 2007-08-02 2009-02-04 芯微技术(深圳)有限公司 Method for raising user's authority for limitation account under Windows system
CN103473232A (en) * 2012-06-06 2013-12-25 北京三星通信技术研究有限公司 Self-management device and self-management method of application programs
CN103761471A (en) * 2014-02-21 2014-04-30 北京奇虎科技有限公司 Application program installation method and device based on intelligent terminal
CN103761472A (en) * 2014-02-21 2014-04-30 北京奇虎科技有限公司 Application program accessing method and device based on intelligent terminal
CN103839000A (en) * 2014-02-21 2014-06-04 北京奇虎科技有限公司 Application program installation method and device based on intelligent terminal equipment
CN103927476A (en) * 2014-05-07 2014-07-16 上海联彤网络通讯技术有限公司 Intelligent system and method for achieving application program authority management
CN104102880A (en) * 2014-06-30 2014-10-15 华中科技大学 Application rewriting method and system for detecting Android privilege elevation attack
CN104239764A (en) * 2014-10-15 2014-12-24 北京奇虎科技有限公司 Terminal device and system function management and control method and device of terminal device
CN104298916A (en) * 2013-07-17 2015-01-21 财团法人工业技术研究院 Application management method, application management system and user device
CN104408366A (en) * 2014-11-26 2015-03-11 清华大学 Android application permission usage behavior tracking method based on plug-in technology
CN104484599A (en) * 2014-12-16 2015-04-01 北京奇虎科技有限公司 Behavior processing method and device based on application program
CN105491523A (en) * 2015-12-08 2016-04-13 小米科技有限责任公司 Method and device for acquiring position information

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080222708A1 (en) * 2003-02-14 2008-09-11 International Business Machines Corporation Implementing access control for queries to a content management system
CN101359355A (en) * 2007-08-02 2009-02-04 芯微技术(深圳)有限公司 Method for raising user's authority for limitation account under Windows system
CN103473232A (en) * 2012-06-06 2013-12-25 北京三星通信技术研究有限公司 Self-management device and self-management method of application programs
CN104298916A (en) * 2013-07-17 2015-01-21 财团法人工业技术研究院 Application management method, application management system and user device
CN103761471A (en) * 2014-02-21 2014-04-30 北京奇虎科技有限公司 Application program installation method and device based on intelligent terminal
CN103839000A (en) * 2014-02-21 2014-06-04 北京奇虎科技有限公司 Application program installation method and device based on intelligent terminal equipment
CN103761472A (en) * 2014-02-21 2014-04-30 北京奇虎科技有限公司 Application program accessing method and device based on intelligent terminal
CN103927476A (en) * 2014-05-07 2014-07-16 上海联彤网络通讯技术有限公司 Intelligent system and method for achieving application program authority management
CN104102880A (en) * 2014-06-30 2014-10-15 华中科技大学 Application rewriting method and system for detecting Android privilege elevation attack
CN104239764A (en) * 2014-10-15 2014-12-24 北京奇虎科技有限公司 Terminal device and system function management and control method and device of terminal device
CN104408366A (en) * 2014-11-26 2015-03-11 清华大学 Android application permission usage behavior tracking method based on plug-in technology
CN104484599A (en) * 2014-12-16 2015-04-01 北京奇虎科技有限公司 Behavior processing method and device based on application program
CN105491523A (en) * 2015-12-08 2016-04-13 小米科技有限责任公司 Method and device for acquiring position information

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107608660A (en) * 2017-08-31 2018-01-19 科大讯飞股份有限公司 Shared technical ability application process and system
CN107832590A (en) * 2017-11-06 2018-03-23 珠海市魅族科技有限公司 Terminal control method and device, terminal and computer-readable recording medium
CN108427886A (en) * 2018-01-25 2018-08-21 上海掌门科技有限公司 A kind of application program access rights setting method, system, equipment and readable medium
WO2019144928A1 (en) * 2018-01-25 2019-08-01 上海掌门科技有限公司 Method, system and device for setting access permission of application, and readable medium
CN108513300A (en) * 2018-07-11 2018-09-07 北京奇安信科技有限公司 A kind of processing method and terminal of management and control wifi connections
CN111353132A (en) * 2018-12-20 2020-06-30 中移(杭州)信息技术有限公司 Method and device for limiting use of application program
CN110222480A (en) * 2019-06-13 2019-09-10 红鼎互联(广州)信息科技有限公司 The system and method that a kind of pair of software permission and behavior carry out security management and control
CN111488569A (en) * 2020-04-09 2020-08-04 支付宝(杭州)信息技术有限公司 Authority determining and managing method, device, equipment and medium
CN112181476A (en) * 2020-08-31 2021-01-05 北京达佳互联信息技术有限公司 Application program control method, device, server and storage medium
CN114710312A (en) * 2022-02-16 2022-07-05 大连九锁网络有限公司 Method for security control of mobile phone application program based on smart watch authorization
CN114710312B (en) * 2022-02-16 2023-12-19 大连九锁网络有限公司 Mobile phone application program safety control method based on smart watch authorization
CN115811636A (en) * 2022-11-18 2023-03-17 四川长虹电器股份有限公司 Safety management method for application background starting on smart television

Also Published As

Publication number Publication date
CN113360856A (en) 2021-09-07
CN113378121A (en) 2021-09-10
CN106778089B (en) 2021-07-13

Similar Documents

Publication Publication Date Title
CN106778089A (en) A kind of system and method that security management and control is carried out to software authority and behavior
JP4955669B2 (en) Apparatus and method for detecting and managing unauthenticated executable instructions on a wireless device
CA2710694C (en) Method and apparatus for managing policies for time-based licenses on mobile devices
US9396325B2 (en) Provisioning an app on a device and implementing a keystore
US9165139B2 (en) System and method for creating secure applications
US8955142B2 (en) Secure execution of unsecured apps on a device
US8812868B2 (en) Secure execution of unsecured apps on a device
EP2302549B1 (en) Platform security apparatus and method thereof
TWI249927B (en) Communication device, control method of communication device, program and communication method
US8549656B2 (en) Securing and managing apps on a device
CN103839000B (en) Application program installation method and device based on intelligent terminal equipment
US8898790B2 (en) Method for preventing a mobile communication device from leaking secret and system thereof
US20120304310A1 (en) Secure execution of unsecured apps on a device
JP2015092374A (en) Apparatus and methods for managing firmware verification on wireless device
CN106557687A (en) A kind of authority control method and device of application program installation process
CN113473474A (en) Background authority control method for mobile communication terminal system
KR101408276B1 (en) Security system and method of portable device control with rights management policy in based
KR101397666B1 (en) Method for controlling access right of application, and user device
Kanerva Integrating a mobile device management solution in Android
KR20130058527A (en) System and method for security of application, communication terminal therefor
KR101493820B1 (en) Mobile Security System
CN108462788A (en) A kind of method and system of automatic replacement mobile terminal pattern
CN114462077A (en) Android application program user privacy protection method based on virtual machine bytecode injection
Jang et al. A Study on the Efficient Management of Android Apps Using a Whitelist
CN114239002A (en) Transportation platform information access method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant