CN102968589B - A kind of recognition methods of application security attribute and device - Google Patents
A kind of recognition methods of application security attribute and device Download PDFInfo
- Publication number
- CN102968589B CN102968589B CN201210459002.8A CN201210459002A CN102968589B CN 102968589 B CN102968589 B CN 102968589B CN 201210459002 A CN201210459002 A CN 201210459002A CN 102968589 B CN102968589 B CN 102968589B
- Authority
- CN
- China
- Prior art keywords
- application program
- file
- service end
- security attribute
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 239000000284 extract Substances 0.000 claims description 12
- 238000009434 installation Methods 0.000 claims description 12
- 238000000605 extraction Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000019771 cognition Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
Embodiments provide a kind of recognition methods of more reliable application security attribute, comprising: the tag file of the application program that receiving terminal is submitted to; Judge currently whether can connect second service end; If so, then by the described second service end of access, security attribute corresponding to described application program is obtained according to described tag file; If not, then access is preset at the reference database of first service end, obtains security attribute corresponding to described application program according to described tag file; Wherein, described first service end is the service end being in same Intranet with described terminal, described second service end for being arranged in internet, the addressable service end of described terminal through internet.
Description
Technical field
The application relates to Internet technical field, particularly relates to a kind of recognition methods and device of application security attribute.
Background technology
Cloud is the one metaphor saying of internet, network, represents the abstract of internet and underlying infrastructure, roughly can be divided into publicly-owned cloud and privately owned cloud.
Publicly-owned cloud is often referred to the infrastructure of third-party vendor by oneself, directly to the cloud that external user provides service to use.As long as registered user, paying customer by the publicly-owned cloud of internet access to obtain corresponding network service, but can not have cloud computing resources.
Privately owned cloud is placed in privately owned environment, and such as enterprise, government etc. organize and oneself set up in machine room, or operator builds well, but entirety rents a certain tissue.User outside tissue cannot access and maybe cannot use.Privately owned cloud is that a tissue is used alone structure, thus can provide data, the most effectively the controlling of security and service quality.
Whether privately owned cloud is built with application program management database, i.e. privately owned black and white storehouse, being called for short private database, can performing for managing each program.
Specifically, private database is divided into Bai Ku and Hei Ku, and Bai Ku comprises executable program, i.e. text of an annotated book part; Black storehouse comprises forbids working procedure, i.e. black file.Private database can customize by organizing oneself, and determine which program is prohibited, which program can normally be run, and can be avoided some dedicated system files of enterprises on the one hand and is prohibited; And normal software malicious virus wooden horse and enterprise can forbidden on the other hand all cannot be run.
When terminal request accesses a program, can judge that this program is black file or text of an annotated book part according to private database, if black file, then not allow to access this program.
Above problems of the prior art are, the private database of privately owned cloud may be perfect not, particularly when just having disposed privately owned cloud, may not there is the program of user's request access, and then cannot judge whether to perform this program in private database; Although can artificial judgment be carried out, be unfamiliar with business because managerial personnel compare usually, cognition is not had to these programs, can cannot identify reliably by security attribute this file.
Therefore, the technical matters needing those skilled in the art to solve at present is exactly, and provides a kind of recognition mechanism of more reliable application security attribute.
Summary of the invention
In view of the above problems, the embodiment of the present invention proposes to provide a kind of overcoming the problems referred to above or the recognition methods of application security attribute solved the problem at least in part and the recognition device of corresponding application security attribute.
According to an aspect of the embodiment of the present invention, provide a kind of recognition methods of application security attribute, comprising:
The tag file of the application program that receiving terminal is submitted to;
Judge currently whether can connect second service end;
If so, then by the described second service end of access, security attribute corresponding to described application program is obtained according to described tag file; If not, then access is preset at the reference database of first service end, obtains security attribute corresponding to described application program according to described tag file;
Wherein, described first service end is the service end being in same Intranet with described terminal, described second service end for being arranged in internet, the addressable service end of described terminal through internet.
In the embodiment of the present invention, described method also comprises:
Search the installation file of described application program according to described security attribute, or described security attribute is returned terminal, load described application program by terminal according to described security attribute.
In the embodiment of the present invention, described second service end presets application program management database, includes the tag file of multiple application program in described application program management database and described reference database, and the security attribute of correspondence;
Described security attribute comprises not executable black file and executable text of an annotated book part.
In the embodiment of the present invention, by the preset described reference database of following steps:
Access second service end, downloads described reference database, and is kept in first service end by described reference database;
The mode that described reference database is downloaded by off-line upgrades.
In the embodiment of the present invention, described terminal obtains the tag file of application program by following steps:
The All Files that all application programs of end of scan are corresponding, extracts application file wherein;
Preset algorithm is adopted described application file to be converted to corresponding performance of program file.
In the embodiment of the present invention, described terminal obtains the tag file of application program by following steps:
Receive the request of user's access application;
Extract corresponding application file according to described request, and adopt preset algorithm described application file to be converted to corresponding performance of program file.
In the embodiment of the present invention, in the file header of described application file, comprise predetermined keyword; Described preset algorithm comprises message digest algorithm.
In the embodiment of the present invention, described method also comprises:
According to each application program tag file with can the corresponding relation of security attribute, build the application program management database of first service end.
In the embodiment of the present invention, described method also comprises:
By the tag file of each application program with can add in the application program management database of first service end the corresponding relation of security attribute.
In the embodiment of the present invention, first service end is deployed with application program management database, and described application program management database preserves the tag file of multiple application program, and the security attribute of correspondence;
Described method also comprises:
Whether there is the tag file of described application program at the application program management database search of first service end, if not, then perform and judge the current step that whether can connect second service end.
In the embodiment of the present invention, described method also comprises:
If the security attribute of described application file is black file, then generates not executable information and return to terminal, terminal does not load described application program after receiving information;
If the security attribute of described application file is text of an annotated book part, then generates executable information and return to terminal, terminal starts to load described application program after receiving information.
According to the another aspect of the embodiment of the present invention, provide a kind of recognition device of application security attribute, comprising:
Tag file receiver module, is suitable for the tag file of the application program that receiving terminal is submitted to;
Judge module, is suitable for judging currently whether can connect second service end, if so, then performs second service end identification module, if not, then perform reference database identification module;
Second service end identification module, is suitable for, by accessing described second service end, obtaining security attribute corresponding to described application program according to described tag file;
Reference database identification module, is suitable for accessing the reference database being preset at first service end, obtains security attribute corresponding to described application program according to described tag file;
Wherein, described first service end is the service end being in same Intranet with described terminal, described second service end for being arranged in internet, the addressable service end of described terminal through internet.
In the embodiment of the present invention, described device also comprises:
Application program processing module, is suitable for the installation file of searching described application program according to described security attribute, or described security attribute is returned terminal, load described application program by terminal according to described security attribute.
In the embodiment of the present invention, described second service end presets application program management database, includes the tag file of multiple application program in described application program management database and described reference database, and the security attribute of correspondence;
Described security attribute comprises not executable black file and executable text of an annotated book part.
In the embodiment of the present invention, by with the preset described reference database of lower module:
Download module, is suitable for access second service end, downloads described reference database;
Preserve module, be suitable for described reference database to be kept at first service end;
The mode that described reference database is downloaded by off-line upgrades.
In the embodiment of the present invention, described terminal is by obtaining the tag file of application program with lower module:
Application file extraction module, is suitable for the All Files that all application programs of end of scan are corresponding, extracts application file wherein;
First modular converter, is suitable for adopting preset algorithm described application file to be converted to corresponding performance of program file.
In the embodiment of the present invention, described terminal is by obtaining the tag file of application program with lower module:
Request receiving module, is suitable for the request receiving user's access application;
Second modular converter, is suitable for extracting corresponding application file according to described request, and adopts preset algorithm described application file to be converted to corresponding performance of program file.
In the embodiment of the present invention, in the file header of described application file, comprise predetermined keyword; Described preset algorithm comprises message digest algorithm.
In the embodiment of the present invention, described device also comprises:
Database sharing module, be suitable for according to each application program tag file with can the corresponding relation of security attribute, build the application program management database of first service end.
In the embodiment of the present invention, described device also comprises:
Add module, be suitable for by the tag file of each application program with can add in the application program management database of first service end the corresponding relation of security attribute.
In the embodiment of the present invention, first service end is deployed with application program management database, and described application program management database preserves the tag file of multiple application program, and the security attribute of correspondence;
Described device also comprises:
Search module, is suitable for the tag file that whether there is described application program at the application program management database search of first service end, if not, then performs and judges the current step that whether can connect second service end.
In the embodiment of the present invention, described device also comprises:
First information returns module, if the security attribute being suitable for described application file is black file, then generates not executable information and returns to terminal, and terminal does not load described application program after receiving information;
Second information returns module, if the security attribute being suitable for described application file is text of an annotated book part, then generates executable information and returns to terminal, and terminal starts to load described application program after receiving information
According to the recognition methods of a kind of application security attribute of the embodiment of the present invention, when the private database of privately owned cloud improves not, first judging whether can the publicly-owned cloud of linking objective, and then select by the publicly-owned cloud of target or the reference database being preset at privately owned cloud, judge that the application program that terminal is submitted to is black file or text of an annotated book part, thus can when private database imperfection, application programs compares reliable identification.
The recognition result of publicly-owned for target cloud or reference database application programs can be kept in privately owned cloud private database by the present invention further, thus can improve private database.
Utilize method of the present invention when privately owned cloud has just been disposed, can to identify all application programs of terminal, and set up private database according to recognition result, thus make the foundation of the private database of privately owned cloud effective, quick, reliable.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to technological means of the present invention can be better understood, and can be implemented according to the content of instructions, and can become apparent, below especially exemplified by the specific embodiment of the present invention to allow above and other objects of the present invention, feature and advantage.
Accompanying drawing explanation
By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become cheer and bright for those of ordinary skill in the art.Accompanying drawing only for illustrating the object of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:
Fig. 1 shows the flow chart of steps of the recognition methods embodiment according to a kind of application security attribute of the embodiment of the present invention;
Fig. 2 shows the structured flowchart of the recognition device embodiment according to a kind of application security attribute of the embodiment of the present invention.
Embodiment
Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in more detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
The embodiment of the present invention can be applied to computer system/server, and it can operate with other universal or special computing system environment numerous or together with configuring.The example of the well-known computing system being suitable for using together with computer system/server, environment and/or configuration includes but not limited to: personal computer system, server computer system, thin client, thick client computer, hand-held or laptop devices, the system based on microprocessor, Set Top Box, programmable consumer electronics, NetPC Network PC, little type Ji calculate machine Xi Tong ﹑ large computer system and comprise the distributed cloud computing technology environment of above-mentioned any system, etc.
Computer system/server can describe under the general linguistic context of the computer system executable instruction (such as program module) performed by computer system.Usually, program module can comprise routine, program, target program, assembly, logic, data structure etc., and they perform specific task or realize specific abstract data type.Computer system/server can be implemented in distributed cloud computing environment, and in distributed cloud computing environment, task is performed by the remote processing devices by communication network links.In distributed cloud computing environment, program module can be positioned at and comprise on the Local or Remote computing system storage medium of memory device.
With reference to figure 1, show the flow chart of steps of the recognition methods embodiment 1 of a kind of application security attribute of the embodiment of the present invention, specifically can comprise the following steps:
The tag file of the application program that step 101, receiving terminal are submitted to.
First service end is the service end being in same Intranet with terminal, be privately owned cloud in the present invention, terminal and privately owned Cloud Server are in same LAN (Local Area Network), terminal can be provided with privately owned cloud client software, can be performed the operation of the tag file submitting application program to privately owned cloud to by client software.
In the embodiment of the present invention, the tag file of application program can by obtaining after application programs file processing, application file and PE(portable executable, transplantable executable file) file of form, PE file is the program file in Microsoft Windows operating system, common EXE, DLL, OCX, SYS, COM are PE files, and each application program has corresponding PE file.The present invention can be applied program characteristic of correspondence file by carrying out following process to PE file.
In one preferred embodiment of the invention, just dispose at privately owned cloud, the application program management database of privately owned cloud is also in unfounded situation, and can identify multiple application program, described terminal can obtain the tag file of application program by following steps:
The All Files that all application programs of sub-step S21, end of scan are corresponding, extracts application file wherein;
Described application file is converted to corresponding performance of program file by sub-step S22, employing preset algorithm.
Terminal is provided with multiple application program, each program to multiple file should be had, comprising there being application file.Client software can scan for the All Files corresponding to each application program, find out application file wherein, concrete, application file comprises the structure compositions such as MS-DOS executable, file header, optional head, data directory, section header and joint.Wherein, following structure is comprised in file header:
1) " Machine(machine) ", be used to refer to this binary file predetermined running in which type of system;
2) " NumberOfSections(joint number) ", it is the number immediately following the joint after head;
3) " TimeDateStamp(timestamp) ", is used for providing the time of file set up;
4-5) " PointerToSymbolTable(symbolic table pointer) " and " NumberOfSymbols(symbolic number) " (being all 32) is all for Debugging message;
6) " SizeOfOptionalHeader(optional head size) " be " the optional head of IMAGE_OPTIONAL_HEADER() " item size, can go with it the correctness verifying PE file structure;
7) " Characteristics(characteristic) " is one 16, and the set formed by many zone bits forms, but most of zone bit only to file destination and library file effective.
Can by the keyword of each structure in the file header of application file as predetermined keyword in the present invention, judge whether each file corresponding to application program is application file.Then can be changed by preset algorithm application programs file, and using the tag file of the file after conversion as application program.In a kind of preferred embodiment of the present invention, message digest algorithm application programs file can be adopted to change, message digest algorithm and MD5(Message-Digest Algorithm 5), the effect of MD5 allows Large Copacity information be become a kind of secret form by " compression " before with digital signature software signature private key, exactly the byte serial of a random length is transformed into the sexadecimal number word string of a fixed length, can guarantees that information transmission is unanimously complete.
In another embodiment of the invention, user in terminal to first service end, can submit the identification request of application programs to, comprising the tag file of application program.This application program can be certain application program that user's request access or request are installed.
Under a kind of application scenarios of the present invention, user needs when terminal installs certain application program, then can submit the tag file of application program in terminal, after tag file identification, whether further decision returns the installation file of this application program.
Under another kind of application scenarios of the present invention, user needs when certain application program of terminal access, then can submit the tag file of application program in terminal, after judging the security attribute of this application program, can terminal be returned to, load this program further by terminal.
Under this application scenarios, described terminal can obtain the tag file of application program by following steps:
The request of sub-step S31, reception user access application;
Sub-step S32, foundation described request extract corresponding application file, and adopt preset algorithm described application file to be converted to corresponding performance of program file.
User can in terminal, by click application program shortcut or program file carrys out this application program of request access, after terminal receives the click of user, corresponding application file can be extracted, then adopt default algorithm application programs file to change, obtain tag file, identical with last embodiment, in the present embodiment, also can search application file corresponding to this program by preset keyword, preset algorithm can be MD5 algorithm.
Step 102, judge currently whether can connect second service end, if so, then perform step 103, if not, then perform step 104;
Step 103, by access described second service end, obtain security attribute corresponding to described application program according to described tag file.
Second service end is for being arranged in internet, terminal through internet and addressable service end, in the present invention, be publicly-owned cloud, certain publicly-owned cloud can be chosen in advance as the publicly-owned cloud of target, publicly-owned cloud can preset application program management database, and described application program management database comprises the tag file of multiple application program and the security attribute of correspondence.According to the tag file of application program, corresponding security attribute can be found in application program management database.
After privately owned cloud receives the tag file of the application program that terminal sends, can judge whether further can the publicly-owned cloud of linking objective, namely whether can connect the server of the publicly-owned cloud of target.If can connect, then can utilize the application program management database of publicly-owned cloud, judge the security attribute of application program.
The tag file of multiple application program can be comprised in described application program management database, and the security attribute of correspondence.Security attribute comprises not executable black file and executable text of an annotated book part, if the security attribute of certain application program is black file, then show that this application program is the program of dangerous program or the needs shielding being prohibited to perform in terminal, otherwise, if text of an annotated book part, then can perform.Concrete, whether certain application program can perform, can when Pre-set reference database, makes by oneself according to the applied environment of user and demand.
In concrete realization, described application program management database can comprise Hei Ku and Bai Ku, if search tag file in black storehouse, then shows that the security attribute of this application program is black file; If search tag file at Bai Kuzhong, then show that the security attribute of this application program is text of an annotated book part.
Described application program management database also can only include black storehouse, if search tag file in black storehouse, then shows that the security attribute of this application program is black file.Described application program management database also can only include Bai Ku, if search tag file in storehouse, then shows that the security attribute of this application program is text of an annotated book part.
If search in described application program management database less than described tag file, then can think that this application file is black file, or using the grey file of this application file as unknown security attribute, be reported to terminal, check for technician and analyze.
Step 104, access are preset at first service end reference database, obtain security attribute corresponding to described application program according to described tag file.
In the present invention, privately owned cloud presets reference database, wherein also contains the tag file of multiple application program and the security attribute of correspondence.When publicly-owned cloud cannot connect, application programs can be carried out by preset reference database and identify.
In a kind of preferred embodiment of the present invention, can the preset described reference database of following steps be passed through:
Sub-step S11, access second service end, download described reference database;
Sub-step S12, described reference database is kept at first service end;
Wherein, the mode that described reference database is downloaded by off-line upgrades.
Reference database can be downloaded from second service end and publicly-owned cloud, is equivalent to the publicly-owned cloud application program management database under off-line state, is kept at privately owned cloud after download.Reference database can according to the frequency preset, and the mode downloaded by off-line is upgraded.
Multiple performance of program file can be comprised in described reference database, and the security attribute of correspondence.With described application program management class database seemingly, in concrete realization, described reference database can comprise one or more of Hei Ku and Bai Kuzhong.
In one preferred embodiment of the invention, after the security attribute obtaining application program, described method can also comprise:
Search the installation file of described application program according to described security attribute, or described security attribute is being returned terminal, load described application program by terminal according to described security attribute.
It is the black file that can be performed or the text of an annotated book part that can not be performed that the security attribute of application program indicates this program, under a kind of application scenarios of the present invention, user needs when certain application program of terminal access, the tag file of application program then can be submitted in terminal, after judging the security attribute of this application program, can terminal be returned to, load this program further by terminal.Specifically, if the security attribute of this program is black file, then terminal will load this program further; If text of an annotated book part, then terminal does not load this program.
Under another kind of application scenarios of the present invention, user needs when terminal installs certain application program, then can submit the tag file of application program in terminal, if identify, the security attribute of this application program is text of an annotated book part, then can return the installation file of this program to terminal.In concrete realization, on the control desk of the network management of privately owned cloud or control terminal, the application program that each terminal is installed can be recorded, concrete, can recording feature file and install the corresponding relation of terminal of this application program, after judging that user asks the application program of installation to perform, if the tag file of this application program is present in above-mentioned record, then can send request to the terminal of correspondence, installation file be shared to the installing terminal of this application program of request; If user asks the application program of installing to perform, the control desk of network management or control terminal can carry out alert process.
In an embodiment of the present invention, at the application program management database of privately owned cloud also in unfounded situation, can also according to the tag file of each application program with can the corresponding relation of security attribute, build the application program management database of first service end and privately owned cloud.Application program management database can be built by security attribute according to each application program, concrete, can will be able to security attribute be that the tag file of text of an annotated book part builds white storehouse, also can will be able to security attribute be that the tag file of black file builds black storehouse, also can build Bai Ku and Hei Ku simultaneously, use method of the present invention can make the foundation of the private database of privately owned cloud effectively, fast, reliably.
In another embodiment of the invention, privately owned cloud has been deployed with application program management database, and described application program management database can preserve the tag file of multiple application program, and the security attribute of correspondence.
In this embodiment, before judging whether to connect second service end, described method can also comprise:
Whether there is the tag file of described application program at the application program management database search of first service end, if not, then perform and judge the current step that whether can connect second service end.
Because privately owned cloud has been deployed with application program management database, i.e. private database, therefore, utilizing before publicly-owned cloud or reference database identify performance of program file, first can search for the tag file that whether there is this program in the application program management database of privately owned cloud, if do not exist, the more publicly-owned cloud of connection or reference database judge further.
In this embodiment, after the security attribute of application programs identifies, described method can also comprise:
If the security attribute of described application file is black file, then generates not executable information and return to terminal, terminal does not load described application program after receiving information;
If the security attribute of described application file is text of an annotated book part, then generates executable information and return to terminal, terminal starts to load described application program after receiving information.
In the present embodiment, private database builds, during certain program of user's request access, terminal uploads the tag file of this program to privately owned cloud, and privately owned cloud is identified, if the recognition result of this program safety attribute by private database or publicly-owned cloud or reference database, namely security attribute is black file, then can not executable information, turn back to terminal, terminal then can be tackled and be stopped loading this program; If text of an annotated book part, then loading application programs can be started.
Further, if the application program management database of privately owned cloud builds, described method can also comprise:
By the tag file of each application program with can add in the application program management database of first service end the corresponding relation of security attribute.
To add in the application program management database of privately owned cloud according to publicly-owned cloud or reference database recognition result, can carry out perfect to the application program management database of privately owned cloud.
In sum, according to the recognition methods of a kind of application security attribute of the embodiment of the present invention, when the private database of privately owned cloud improves not, first judging whether can the publicly-owned cloud of linking objective, and then select by the publicly-owned cloud of target or the reference database being preset at privately owned cloud, judge that the application program that terminal is submitted to is black file or text of an annotated book part, thus can when private database imperfection, the security attribute of application programs compares reliable identification.
The recognition result of publicly-owned for target cloud or reference database application programs security attribute can be kept in privately owned cloud private database by the present invention further, thus can improve private database.
Utilize method of the present invention when privately owned cloud has just been disposed, can to identify the security attribute of all application programs of terminal, and set up private database according to security attribute recognition result, thus make the foundation of the private database of privately owned cloud effective, quick, reliable.
What each embodiment in this instructions stressed is all the difference with other embodiments, between each embodiment identical similar part mutually see.
It should be noted that, in embodiments of the present invention, described hardware refers to the hardware in subscriber equipment, described subscriber equipment comprises computing machine, mobile phone, PDA etc., and described hardware comprises CPU, mainboard, video card, display, internal memory, hard disk, CD-ROM drive, sound card, battery, network interface card, mouse-keyboard and/or makes a video recording first-class.The embodiment of the present invention not only can be applied in the applied environment of single device, can also be applied to the applied environment of serverterminal, or is applied to further in the applied environment based on cloud.
For embodiment of the method, in order to simple description, therefore it is all expressed as a series of combination of actions, but those skilled in the art should know, the present invention is not by the restriction of described sequence of movement, because according to the present invention, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in instructions all belongs to preferred embodiment, and involved action and module might not be that the present invention is necessary.
With reference to figure 2, show the structured flowchart of the recognition device embodiment of a kind of application security attribute of the embodiment of the present invention, specifically can comprise with lower module:
Tag file receiver module 201, is suitable for the tag file of the application program that receiving terminal is submitted to;
Judge module 202, is suitable for judging currently whether can connect second service end, if so, then performs second service end identification module, if not, then perform reference database identification module;
Second service end identification module 203, is suitable for, by accessing described second service end, obtaining security attribute corresponding to described application program according to described tag file;
Reference database identification module 204, is suitable for accessing the reference database being preset at second service end, obtains security attribute corresponding to described application program according to described tag file;
Wherein, described first service end is the service end being in same Intranet with described terminal, described second service end for being arranged in internet, the addressable service end of described terminal through internet.
In a kind of preferred embodiment of the present invention, described second service end can preset application program management database, the tag file of multiple application program can be included in described application program management database and described reference database, and the security attribute of correspondence;
Described security attribute can comprise not executable black file and executable text of an annotated book part.
In a kind of preferred embodiment of the present invention, can pass through with the preset described reference database of lower module:
Download module, is suitable for access second service end, downloads described reference database;
Preserve module, be suitable for described reference database to be kept at first service end;
The mode that described reference database is downloaded by off-line upgrades.
In the embodiment of the present invention, described device can also comprise:
Application program processing module, is suitable for the installation file of searching described application program according to described security attribute, or described security attribute is returned terminal, load described application program by terminal according to described security attribute.
In a kind of preferred embodiment of the present invention, described terminal can pass through the tag file obtaining application program with lower module:
Application file extraction module, is suitable for the All Files that all application programs of end of scan are corresponding, extracts application file wherein;
First modular converter, is suitable for adopting preset algorithm described application file to be converted to corresponding performance of program file.
Accordingly, described device can also comprise:
Database sharing module, be suitable for according to each application program tag file with can the corresponding relation of security attribute, build the application program management database of first service end.
In another kind of preferred embodiment of the present invention, described terminal can pass through the tag file obtaining application program with lower module:
Request receiving module, is suitable for the request receiving user's access application;
Second modular converter, is suitable for extracting corresponding application file according to described request, and adopts preset algorithm described application file to be converted to corresponding performance of program file.
Accordingly, described device can also comprise:
Add module, be suitable for by the tag file of each application program with can add in the application program management database of first service end the corresponding relation of security attribute.
In concrete realization, first service end can be deployed with application program management database, described application program management database can preserve the tag file of multiple application program, and the security attribute of correspondence;
Described device can also comprise:
Search module, is suitable for the tag file that whether there is described application program at the application program management database search of first service end, if not, then performs and judges the current step that whether can connect second service end.
After application programs identifies, can also generate corresponding information according to recognition result, further operate for terminal, concrete, described device can also comprise:
First information returns module, if the security attribute being suitable for described application file is black file, then generates not executable information and returns to terminal, and terminal does not load described application program after receiving information;
Second information returns module, if the security attribute being suitable for described application file is text of an annotated book part, then generates executable information and returns to terminal, and terminal starts to load described application program after receiving information.
In a kind of preferred embodiment of the present invention, in the file header of described application file, predetermined keyword can be comprised; Described preset algorithm can comprise message digest algorithm.
For said apparatus embodiment, due to itself and embodiment of the method basic simlarity, so description is fairly simple, the part of relevant part embodiment of the method shown in Figure 1 illustrates.
Each embodiment in this instructions all adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, between each embodiment identical similar part mutually see.
Those skilled in the art are easy to it is envisioned that: the combination in any application of each embodiment above-mentioned is all feasible, therefore the combination in any between each embodiment above-mentioned is all the embodiment of the application, but this instructions does not just detail one by one at this as space is limited.
Intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with display at this algorithm provided.Various general-purpose system also can with use based on together with this teaching.According to description above, the structure constructed required by this type systematic is apparent.In addition, the present invention is not also for any certain programmed language.It should be understood that and various programming language can be utilized to realize content of the present invention described here, and the description done language-specific is above to disclose preferred forms of the present invention.
In instructions provided herein, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and adaptively can change the module in the equipment in embodiment and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.
In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can use with arbitrary array mode.
All parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions that microprocessor or digital signal processor (DSP) can be used in practice to realize according to the some or all parts in the identification equipment of the application security attribute of the embodiment of the present invention.The present invention can also be embodied as part or all equipment for performing method as described herein or device program (such as, computer program and computer program).Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.
The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and does not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computing machine of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.
Disclosed herein is the recognition methods of A1, a kind of application security attribute, comprising: the tag file of the application program that receiving terminal is submitted to; Judge currently whether can connect second service end; If so, then by the described second service end of access, security attribute corresponding to described application program is obtained according to described tag file; If not, then access is preset at the reference database of first service end, obtains security attribute corresponding to described application program according to described tag file; Wherein, described first service end is the service end being in same Intranet with described terminal, described second service end for being arranged in internet, the addressable service end of described terminal through internet.A2, method as described in A1, also comprise: the installation file of searching described application program according to described security attribute, or described security attribute returned terminal, load described application program by terminal according to described security attribute.A3, method as described in A1, described second service end presets application program management database, includes the tag file of multiple application program in described application program management database and described reference database, and the security attribute of correspondence; Described security attribute comprises not executable black file and executable text of an annotated book part.A4, method as described in A1, by the preset described reference database of following steps: access second service end, download described reference database, and be kept in first service end by described reference database; The mode that described reference database is downloaded by off-line upgrades.A5, method as described in A3, described terminal obtains the tag file of application program by following steps: the All Files that all application programs of end of scan are corresponding, extracts application file wherein; Preset algorithm is adopted described application file to be converted to corresponding performance of program file.A6, method as described in A3, described terminal obtains the tag file of application program by following steps: the request receiving user's access application; Extract corresponding application file according to described request, and adopt preset algorithm described application file to be converted to corresponding performance of program file.A7, method as described in A5 or A6, comprise predetermined keyword in the file header of described application file; Described preset algorithm comprises message digest algorithm.A8, method as described in A5, also comprise: according to each application program tag file with can the corresponding relation of security attribute, build the application program management database of first service end.A9, method as described in A6, also comprise: by the tag file of each application program with can add in the application program management database of first service end the corresponding relation of security attribute.A10, method as described in A6, first service end is deployed with application program management database, and described application program management database preserves the tag file of multiple application program, and the security attribute of correspondence; Described method also comprises: the tag file that whether there is described application program at the application program management database search of first service end, if not, then performs and judges the current step that whether can connect second service end.A11, method as described in A6, also comprise: if the security attribute of described application file is black file, then generates not executable information and return to terminal, and terminal does not load described application program after receiving information; If the security attribute of described application file is text of an annotated book part, then generates executable information and return to terminal, terminal starts to load described application program after receiving information.
Disclosed herein is the recognition device of B12, a kind of application security attribute, comprising: tag file receiver module, be suitable for the tag file of the application program that receiving terminal is submitted to; Judge module, is suitable for judging currently whether can connect second service end, if so, then performs second service end identification module, if not, then perform reference database identification module; Second service end identification module, is suitable for, by accessing described second service end, obtaining security attribute corresponding to described application program according to described tag file; Reference database identification module, is suitable for accessing the reference database being preset at first service end, obtains security attribute corresponding to described application program according to described tag file; Wherein, described first service end is the service end being in same Intranet with described terminal, described second service end for being arranged in internet, the addressable service end of described terminal through internet.B13, device as described in B12, also comprise: application program processing module, be suitable for the installation file of searching described application program according to described security attribute, or described security attribute is returned terminal, load described application program by terminal according to described security attribute.B14, device as described in B12, described second service end presets application program management database, includes the tag file of multiple application program in described application program management database and described reference database, and the security attribute of correspondence; Described security attribute comprises not executable black file and executable text of an annotated book part.B15, device as described in B13, by with the preset described reference database of lower module: download module, is suitable for access second service end, downloads described reference database; Preserve module, be suitable for described reference database to be kept at first service end; The mode that described reference database is downloaded by off-line upgrades.B16, device as described in B14, described terminal is by obtaining the tag file of application program with lower module: application file extraction module, is suitable for the All Files that all application programs of end of scan are corresponding, extracts application file wherein; First modular converter, is suitable for adopting preset algorithm described application file to be converted to corresponding performance of program file.B17, device as described in B14, described terminal is by obtaining the tag file of application program with lower module: request receiving module, is suitable for the request receiving user's access application; Second modular converter, is suitable for extracting corresponding application file according to described request, and adopts preset algorithm described application file to be converted to corresponding performance of program file.B18, device as described in B16 or B17, comprise predetermined keyword in the file header of described application file; Described preset algorithm comprises message digest algorithm.B19, device as described in B16, also comprise: database sharing module, be suitable for according to each application program tag file with can the corresponding relation of security attribute, build the application program management database of first service end.B20, device as described in B17, also comprise: add module, be suitable for by the tag file of each application program with can add in the application program management database of first service end the corresponding relation of security attribute.B21, device as described in B17, first service end is deployed with application program management database, and described application program management database preserves the tag file of multiple application program, and the security attribute of correspondence; Described device also comprises: search module, is suitable for the tag file that whether there is described application program at the application program management database search of first service end, if not, then performs and judges the current step that whether can connect second service end.B22, device as described in B17, also comprise: the first information returns module, if the security attribute being suitable for described application file is black file, then generates not executable information and return to terminal, terminal does not load described application program after receiving information; Second information returns module, if the security attribute being suitable for described application file is text of an annotated book part, then generates executable information and returns to terminal, and terminal starts to load described application program after receiving information.
Claims (20)
1. a recognition methods for application security attribute, comprising:
The tag file of the application program that receiving terminal is submitted to;
Judge currently whether can connect second service end;
If so, then by the described second service end of access, security attribute corresponding to described application program is obtained according to described tag file; If not, then access is preset at the reference database of first service end, obtains security attribute corresponding to described application program according to described tag file;
Wherein, described first service end is the service end being in same Intranet with described terminal, described second service end for being arranged in internet, the addressable service end of described terminal through internet;
Described method also comprises by the preset described reference database of following steps:
Access second service end, downloads described reference database, and is kept in first service end by described reference database.
2. the method for claim 1, also comprises:
Search the installation file of described application program according to described security attribute, or described security attribute is returned terminal, load described application program by terminal according to described security attribute.
3. the method for claim 1, described second service end presets application program management database, includes the tag file of multiple application program in described application program management database and described reference database, and the security attribute of correspondence;
Described security attribute comprises not executable black file and executable text of an annotated book part.
4. the method for claim 1, the mode that described reference database is downloaded by off-line upgrades.
5. method as claimed in claim 3, described terminal obtains the tag file of application program by following steps:
The All Files that all application programs of end of scan are corresponding, extracts application file wherein;
Preset algorithm is adopted described application file to be converted to corresponding performance of program file.
6. method as claimed in claim 3, described terminal obtains the tag file of application program by following steps:
Receive the request of user's access application;
Extract corresponding application file according to described request, and adopt preset algorithm described application file to be converted to corresponding performance of program file.
7. the method as described in claim 5 or 6, comprises predetermined keyword in the file header of described application file; Described preset algorithm comprises message digest algorithm.
8. method as claimed in claim 5, also comprises:
According to the tag file of each application program and the corresponding relation of security attribute, build the application program management database of first service end.
9. method as claimed in claim 6, also comprises:
The tag file of each application program and the corresponding relation of security attribute are added in the application program management database of first service end.
10. method as claimed in claim 6, first service end is deployed with application program management database, and described application program management database preserves the tag file of multiple application program, and the security attribute of correspondence;
Described method also comprises:
Whether there is the tag file of described application program at the application program management database search of first service end, if not, then perform and judge the current step that whether can connect second service end.
11. methods as claimed in claim 6, also comprise:
If the security attribute of described application file is black file, then generates not executable information and return to terminal, terminal does not load described application program after receiving information;
If the security attribute of described application file is text of an annotated book part, then generates executable information and return to terminal, terminal starts to load described application program after receiving information.
The recognition device of 12. 1 kinds of application security attributes, comprising:
Tag file receiver module, is suitable for the tag file of the application program that receiving terminal is submitted to;
Judge module, is suitable for judging currently whether can connect second service end, if so, then performs second service end identification module, if not, then perform reference database identification module;
Second service end identification module, is suitable for, by accessing described second service end, obtaining security attribute corresponding to described application program according to described tag file;
Reference database identification module, is suitable for accessing the reference database being preset at first service end, obtains security attribute corresponding to described application program according to described tag file;
Wherein, described first service end is the service end being in same Intranet with described terminal, described second service end for being arranged in internet, the addressable service end of described terminal through internet;
Described device also comprises:
Download module, is suitable for access second service end, downloads described reference database;
Preserve module, be suitable for described reference database to be kept at first service end.。
13. devices as claimed in claim 12, also comprise:
Application program processing module, is suitable for the installation file of searching described application program according to described security attribute, or described security attribute is returned terminal, load described application program by terminal according to described security attribute.
14. devices as claimed in claim 12, described second service end presets application program management database, includes the tag file of multiple application program in described application program management database and described reference database, and the security attribute of correspondence;
Described security attribute comprises not executable black file and executable text of an annotated book part.
15. devices as claimed in claim 13, the mode that described reference database is downloaded by off-line upgrades.
16. devices as claimed in claim 14, described terminal is by obtaining the tag file of application program with lower module:
Application file extraction module, is suitable for the All Files that all application programs of end of scan are corresponding, extracts application file wherein;
First modular converter, is suitable for adopting preset algorithm described application file to be converted to corresponding performance of program file.
17. devices as claimed in claim 14, described terminal is by obtaining the tag file of application program with lower module:
Request receiving module, is suitable for the request receiving user's access application;
Second modular converter, is suitable for extracting corresponding application file according to described request, and adopts preset algorithm described application file to be converted to corresponding performance of program file.
18. devices as described in claim 16 or 17, comprise predetermined keyword in the file header of described application file; Described preset algorithm comprises message digest algorithm.
19. devices as claimed in claim 16, also comprise:
Database sharing module, is suitable for the corresponding relation of tag file according to each application program and security attribute, builds the application program management database of first service end.
20. devices as claimed in claim 17, also comprise:
Add module, be suitable for the tag file of each application program and the corresponding relation of security attribute to add in the application program management database of first service end.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210459002.8A CN102968589B (en) | 2012-11-14 | 2012-11-14 | A kind of recognition methods of application security attribute and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210459002.8A CN102968589B (en) | 2012-11-14 | 2012-11-14 | A kind of recognition methods of application security attribute and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102968589A CN102968589A (en) | 2013-03-13 |
| CN102968589B true CN102968589B (en) | 2015-09-23 |
Family
ID=47798726
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210459002.8A Active CN102968589B (en) | 2012-11-14 | 2012-11-14 | A kind of recognition methods of application security attribute and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102968589B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103646207A (en) * | 2013-12-02 | 2014-03-19 | 北京奇虎科技有限公司 | Method and device for managing security attribute of application program |
| CN106411845A (en) * | 2016-08-27 | 2017-02-15 | 浙江远望信息股份有限公司 | Intelligent recognition method for network applications |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1852160A (en) * | 2005-12-30 | 2006-10-25 | 华为技术有限公司 | Method for realizing data slow synchronization and system thereof |
| CN102081714A (en) * | 2011-01-25 | 2011-06-01 | 潘燕辉 | Cloud antivirus method based on server feedback |
| CN102413142A (en) * | 2011-11-30 | 2012-04-11 | 华中科技大学 | Active defense method based on cloud platform |
| CN102768717A (en) * | 2012-06-29 | 2012-11-07 | 腾讯科技(深圳)有限公司 | Malicious file detection method and malicious file detection device |
-
2012
- 2012-11-14 CN CN201210459002.8A patent/CN102968589B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1852160A (en) * | 2005-12-30 | 2006-10-25 | 华为技术有限公司 | Method for realizing data slow synchronization and system thereof |
| CN102081714A (en) * | 2011-01-25 | 2011-06-01 | 潘燕辉 | Cloud antivirus method based on server feedback |
| CN102413142A (en) * | 2011-11-30 | 2012-04-11 | 华中科技大学 | Active defense method based on cloud platform |
| CN102768717A (en) * | 2012-06-29 | 2012-11-07 | 腾讯科技(深圳)有限公司 | Malicious file detection method and malicious file detection device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102968589A (en) | 2013-03-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110297689B (en) | Intelligent contract execution method, device, equipment and medium | |
| US20210141625A1 (en) | Container image building using shared resources | |
| CN102332072B (en) | System and method for detection of malware and management of malware-related information | |
| CN101297286B (en) | Method for adding equipment driving program | |
| US10216510B2 (en) | Silent upgrade of software with dependencies | |
| US11062022B1 (en) | Container packaging device | |
| CN103001947B (en) | A kind of program processing method and system | |
| US9384364B1 (en) | System and method of controlling access of a native image of a machine code to operating system resources | |
| CN102999720B (en) | Program identification method and system | |
| CN102982281B (en) | Program state testing method and system | |
| CN102982275A (en) | Security control method and device for running applications | |
| US11822659B2 (en) | Systems and methods for anti-malware scanning using automatically-created white lists | |
| CN104572197A (en) | Processing method and device for starting items | |
| US11182347B2 (en) | File sharing among virtual containers with fast recovery and self-consistency | |
| US10545911B2 (en) | Format management for a content repository | |
| US8086627B2 (en) | Software inventorying system for a shared file system | |
| CN102999721B (en) | A kind of program processing method and system | |
| US20120096453A1 (en) | Software Package Management Mechanism | |
| CN102968589B (en) | A kind of recognition methods of application security attribute and device | |
| US9367686B1 (en) | System and method for antivirus checking of native images of software assemblies | |
| CN104573495A (en) | Startup item processing method and startup item processing device | |
| US7934214B2 (en) | Computer implemented method, system and computer program product for controlling software entitlement | |
| US8103863B2 (en) | Workflow management to automatically load a blank hardware system with an operating system, products, and service | |
| CN102982276A (en) | Method and device for application control | |
| CN103020118B (en) | Security attribute recognition methods and device for application program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20161228 Address after: 100015 Chaoyang District Road, Jiuxianqiao, No. 10, building No. 3, floor 15, floor 17, 1701-26, Patentee after: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee after: QAX Technology Group Inc. Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. |