CN103324887A - Mobile terminal, security defense device thereof and security defense method thereof - Google Patents
Mobile terminal, security defense device thereof and security defense method thereof Download PDFInfo
- Publication number
- CN103324887A CN103324887A CN2013102807010A CN201310280701A CN103324887A CN 103324887 A CN103324887 A CN 103324887A CN 2013102807010 A CN2013102807010 A CN 2013102807010A CN 201310280701 A CN201310280701 A CN 201310280701A CN 103324887 A CN103324887 A CN 103324887A
- Authority
- CN
- China
- Prior art keywords
- portable terminal
- defence
- abnormal behaviour
- defense
- defence process
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a mobile terminal, a security defense device thereof and a security defense method thereof. The security defense device comprises a storage module, a start-up management module and a defense module. The storage module is arranged in a root file system of the mobile terminal and used for storing an executable file in the defense module. The start-up management module is used for acquiring and operating the executable file according to a configuration file in the mobile terminal during starting-up of the mobile terminal. The defense module is used for generating a permanent defense progress according to the operating executable file. The defense progress is used for monitoring abnormal behaviors of the mobile terminal and taking active defense according to the abnormal behaviors. By the security defense device, incapability of uninstalling of a safety protection program, and permanent memory operation and automatic start-up management of a safety protection progress are realized, all-around monitoring and protection as well as self-repairing, performed by the safety protection progress, on an application layer and a service layer of an operating system of the mobile terminal are guaranteed, and safety protection of the operating system can be effectively guaranteed.
Description
Technical field
The present invention relates to mobile device manufacturing technology field, relate in particular to a kind of Prevention-Security device, method and portable terminal of portable terminal.
Background technology
Along with the extensive of portable terminal (such as mobile phone, panel computer etc.) popularized, a lot of viruses, wooden horse and malicious attack program etc. begin to invade the operating system of portable terminal, particularly can be used by the third party as the operating system of Android Android and obtain power user unique in the root(operating system) authority, any data that almost can the retouching operation system.In case the operating system victim of portable terminal cracks, the assailant can get access to user's a large amount of private sensitive information, the user is endangered huge, has brought acid test for the safety of user's private sensitive information.
Summary of the invention
The present invention is intended to one of solve the problems of the technologies described above at least.
For this reason, first purpose of the present invention is to propose a kind of Prevention-Security device of portable terminal.This device makes the attack that the operating system of whole portable terminal can the Initiative Defense assailant, brings effectively for the security protection of operating system and ensures.
Second purpose of the present invention is to propose a kind of safety defense method of portable terminal.
The 3rd purpose of the present invention is to propose a kind of portable terminal.
To achieve these goals, the Prevention-Security device of the portable terminal of first aspect present invention embodiment comprises: memory module, power-on management module and defense module, wherein, described memory module, described memory module is arranged among the root file system of portable terminal, is used for storing the executable file of described defense module; Described executable file is obtained and moved to described power-on management module for the configuration file according to described portable terminal when described mobile terminal-opening starts; Described defense module is used for generating the defence process of residing the backstage according to the described executable file of operation, and described defence process is used for monitoring the abnormal behaviour of described portable terminal and carrying out Initiative Defense according to described abnormal behaviour.
Prevention-Security device according to the portable terminal of the embodiment of the invention, generate the defence process on resident backstage according to the executable file of operation by defense module, and carry out Initiative Defense by the abnormal behaviour of defence monitoring the process portable terminal and according to abnormal behaviour, by utilize implant in the root file system of operating system that the security protection program realized the security protection program can not uninstall feature, and memory-resident operation and the automatically startup management of the security protection process of this security protection program have been realized in the operating system aspect, thereby guarantee to utilize the security protection process that application layer and the service layer of mobile terminal operating system carried out comprehensive monitoring protection and self-regeneration, make the attack that the operating system of whole portable terminal can the Initiative Defense assailant, bring effectively for the security protection of operating system and ensure.
To achieve these goals, the safety defense method of the portable terminal of second aspect present invention embodiment, may further comprise the steps: when described portable terminal started, described portable terminal obtained and moves the executable file that is used for defence among the root file system that is stored in described portable terminal according to configuration file; Described portable terminal generates the defence process on resident backstage according to the described executable file of operation; And described portable terminal carries out Initiative Defense by the abnormal behaviour of the described portable terminal of described defence monitoring the process and according to described abnormal behaviour.
Safety defense method according to the portable terminal of the embodiment of the invention, portable terminal generates the defence process on resident backstage by the executable file that is used for defence among the root file system that is stored in portable terminal, and carry out Initiative Defense by the abnormal behaviour of defence monitoring the process portable terminal and according to abnormal behaviour, by utilize implant in the root file system of operating system that the security protection program realized the security protection program can not uninstall feature, and memory-resident operation and the automatically startup management of the security protection process of this security protection program have been realized in the operating system aspect, thereby guarantee to utilize the security protection process that application layer and the service layer of mobile terminal operating system carried out comprehensive monitoring protection and self-regeneration, make the attack that the operating system of whole portable terminal can the Initiative Defense assailant, bring effectively for the security protection of operating system and ensure.
To achieve these goals, the portable terminal of third aspect present invention embodiment comprises the Prevention-Security device of the portable terminal of first aspect present invention embodiment.
Portable terminal according to the embodiment of the invention, generate the defence process on resident backstage according to the executable file of operation by defense module, and carry out Initiative Defense by the abnormal behaviour of defence monitoring the process portable terminal and according to abnormal behaviour, by utilize implant in the root file system of operating system that the security protection program realized the security protection program can not uninstall feature, and memory-resident operation and the automatically startup management of the security protection process of this security protection program have been realized in the operating system aspect, thereby guarantee to utilize the security protection process that application layer and the service layer of mobile terminal operating system carried out comprehensive monitoring protection and self-regeneration, make the attack that the operating system of whole portable terminal can the Initiative Defense assailant, bring effectively for the security protection of operating system and ensure.
The aspect that the present invention adds and advantage in the following description part provide, and part will become obviously from the following description, or recognize by practice of the present invention.
Description of drawings
Above-mentioned and/or the additional aspect of the present invention and advantage be from obviously and easily understanding becoming the description of embodiment below in conjunction with accompanying drawing, wherein,
Fig. 1 is the structural representation of the Prevention-Security device of according to an embodiment of the invention portable terminal;
Fig. 2 (a) and (b) are schematic diagram of the Prevention-Security device of according to an embodiment of the invention portable terminal; And
Fig. 3 is the process flow diagram of the safety defense method of portable terminal according to an embodiment of the invention.
Embodiment
The below describes embodiments of the invention in detail, and the example of described embodiment is shown in the drawings, and wherein same or similar label represents same or similar element or the element with identical or similar functions from start to finish.Be exemplary below by the embodiment that is described with reference to the drawings, only be used for explaining the present invention, and can not be interpreted as limitation of the present invention.On the contrary, embodiments of the invention comprise spirit and interior all changes, modification and the equivalent of intension scope that falls into additional claims.
In description of the invention, it will be appreciated that, term " first ", " second " etc. only are used for describing purpose, and can not be interpreted as indication or hint relative importance.In description of the invention, need to prove, unless clear and definite regulation and restriction are arranged in addition, term " links to each other ", " connection " should do broad understanding, for example, can be to be fixedly connected with, and also can be to removably connect, or connects integratedly; Can be mechanical connection, also can be to be electrically connected; Can be directly to link to each other, also can indirectly link to each other by intermediary.For the ordinary skill in the art, can concrete condition understand above-mentioned term concrete meaning in the present invention.In addition, in description of the invention, except as otherwise noted, the implication of " a plurality of " is two or more.
Describe and to be understood in the process flow diagram or in this any process of otherwise describing or method, expression comprises module, fragment or the part of code of the executable instruction of the step that one or more is used to realize specific logical function or process, and the scope of preferred implementation of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by opposite order, carry out function, this should be understood by the embodiments of the invention person of ordinary skill in the field.
Below with reference to Prevention-Security device, method and the portable terminal of accompanying drawing description according to the portable terminal of the embodiment of the invention.
A kind of Prevention-Security device of portable terminal comprises: memory module, power-on management module and defense module, and wherein, memory module, memory module are arranged among the root file system of portable terminal, are used for the executable file of storage defense module; Executable file is obtained and moved to the power-on management module for the configuration file according to portable terminal when mobile terminal-opening starts; Defense module is used for generating the defence process of residing the backstage according to the executable file of operation, and the defence process is used for the abnormal behaviour of monitoring portable terminal and carries out Initiative Defense according to abnormal behaviour.
Fig. 1 is the structural representation of the Prevention-Security device of according to an embodiment of the invention portable terminal.
As shown in Figure 1, the Prevention-Security device of portable terminal comprises: memory module 100, power-on management module 200 and defense module 300.
Particularly, memory module 100 is arranged among the root file system of portable terminal, is used for the executable file of storage defense module 300.
In one embodiment of the invention, executable file can be read-only.
For example, shown in Fig. 2 (a), the portable terminal of Android operating system can arrange memory module 100 in the root file system of portable terminal, the executable file of defense module 300 is stored in the memory module 100, then with the gzip(GNUzip of root file system with ram disk ramdisk, a kind of compressing file form) form is bundled among the image file boot.img, wherein, also comprises the kernel mirror image file of operating system among the boot.img.After the kernel of operating system starts, portable terminal can be placed on root file system the adjacent in kernel memory zone, and should the zone as read-only zones, the any process that is operating system all can not be revised root file system, thus, can guarantee the safety of the executable file of the defense module 300 of memory module 100 storages in the root file system.
The guiding that should be understood that any operating system all needs kernel mirror image file and similar root file system, so the device in the embodiment of the invention can be used in (such as Android, Linux etc.) on the several operation systems platform.
Executable file is obtained and moved to power-on management module 200 for the configuration file according to portable terminal when mobile terminal-opening starts.
Defense module 300 is used for generating according to the executable file of operation the defence process on resident backstage, and the defence process is used for the abnormal behaviour of monitoring portable terminal and carries out Initiative Defense according to abnormal behaviour.More specifically, the assailant can use attacker that the operating system of portable terminal is carried out pointed and concealed attack, and for example, the background process module of freezing some application program of mourning in silence can not be moved etc. it.The defence process on the resident backstage that defense module 300 generates can be monitored the abnormal behaviour of assailant's malice and be carried out Initiative Defense.
Prevention-Security device according to the portable terminal of the embodiment of the invention, generate the defence process on resident backstage according to the executable file of operation by defense module, and carry out Initiative Defense by the abnormal behaviour of defence monitoring the process portable terminal and according to abnormal behaviour, by utilize implant in the root file system of operating system that the security protection program realized the security protection program can not uninstall feature, and memory-resident operation and the automatically startup management of the security protection process of this security protection program have been realized in the operating system aspect, thereby guarantee to utilize the security protection process that application layer and the service layer of mobile terminal operating system carried out comprehensive monitoring protection and self-regeneration, make the attack that the operating system of whole portable terminal can the Initiative Defense assailant, bring effectively for the security protection of operating system and ensure.
In one embodiment of the invention, whether power-on management module 200 also is used for monitoring defence process and is closed, and reruns executable file to generate the defence process according to configuration file after monitoring defence process is closed.For example, in the portable terminal of Android operating system, init process in the power-on management module 200 can be monitored the event that withdraws from of defence process, and after withdrawing from, the defence process can restart a new defence process, thus, realized to the defence process monitoring and restart, make the defence process have the characteristic that can not close.
In one embodiment of the invention, the defence process of defense module 300 generations also is used for carrying out the operation of root authority.Thus, the defence process can operate or revise the root authority, has guaranteed that the root authority can not the victim malicious modification.
In one embodiment of the invention, the attendant application of portable terminal calls the operation that defence process that defense module 300 generates is finished the root authority.For example, the malicious attack program of the defence process that generates of defense module 300 in can the deletion action system etc.
In one embodiment of the invention, the defence process that defense module 300 generates also is used for the scanning portable terminal and whether has su(switch user, the switching user) application program of carrying out, and when the application program that exists su to carry out, the application program that deletion su carries out.Particularly, after the mobile terminal operating system victim cracks, the assailant can place a su program in portable terminal, the application program of installing afterwards can be obtained the root authority by the su program, therefore, can directly delete the su program when defending monitoring the process to the su program, so that the defence process is repaired mobile terminal operating system, the application program of rear installation can't obtain the root authority.
In one embodiment of the invention, the defence process that defense module 300 generates also is used for the abnormal behaviour whether the scanning portable terminal exists procotol table iptables, and when in iptables table, having abnormal behaviour, freeze application program corresponding to abnormal behaviour.Particularly, after the assailant cracks mobile terminal operating system and has obtained the root authority, network configuration information that can the retouching operation system, the iptables of operating system for example, so that portable terminal can not connect some webserver, keep simultaneously portable terminal to be connected normally with other the webserver, therefore, the defence monitoring the process can freeze application program corresponding to abnormal behaviour when there is abnormal behaviour in the iptables table.
In one embodiment of the invention, defense module 300 also is sent to attendant application so that the user is reminded for the abnormal behaviour that the defence process is obtained.For example, the defence process that defense module 300 generates is after monitoring abnormal behaviour (such as the attack of rogue program etc.), abnormal behaviour can be reported to attendant application, then attendant application carries out early warning by the mode that shows to the user in interface of mobile terminal, for example, shown in Fig. 2 (b), the defence process can eject a dialog box in interface of mobile terminal, reminding user is the configuration information which operating system which rogue program has revised, and then guides the user to finish and repairs operation or guide the user to delete the malicious attack program.
In one embodiment of the invention, the abnormal behaviour that defense module 300 also is used for the defence process is obtained is sent to cloud server, and receives the execution instruction that cloud server sends according to abnormal behaviour.Particularly, the defence monitoring the process is after abnormal behaviour (such as the attack of rogue program etc.), defense module 300 can be uploaded to cloud server with abnormal behaviour, cloud server can go out potential attack according to the information analysis of uploading from other portable terminals, and form automatic early warning mechanism, more specifically, cloud server can generate one can the automatic analysis data and produce analysis application and the management platform of data sheet, the defence monitoring the process is after abnormal behaviour, cloud server can be by for example pushing information wap push or based on TCP(Transmission Control Protocol, transmission control protocol) the long information that the pushes wap push passage that connects etc. sends specific instruction to defense module 300, then the defence process that generates of defense module 300 executable operations after receiving the instruction that cloud server sends.Wherein, cloud server sends the data of instruction can encrypted transmission, need simultaneously the integrality of verification msg, can prevent that thus data are modified in transmission course, guarantee the safety of the transmission of data.
In order to realize above-described embodiment, the present invention also proposes a kind of safety defense method of portable terminal.
If portable terminal can be implanted the executable file that is used for defence in mobile terminal operating system; and the defence process that generates at the executable file of operating system aspect by defence is carried out comprehensive monitoring and self-regeneration to application layer and the service layer of operating system; and utilize the defence process can not uninstall feature; obtained the root authority of mobile terminal operating system even realize rogue program; the defence process can not be walked around, the operating system of defence Process Protection can not be revised.Thus, the present invention proposes a kind of safety defense method of portable terminal, may further comprise the steps: when portable terminal started, portable terminal obtained and moves the executable file that is used for defence among the root file system that is stored in portable terminal according to configuration file; Portable terminal generates the defence process on resident backstage according to the executable file of operation; And portable terminal carries out Initiative Defense by the abnormal behaviour of defence monitoring the process portable terminal and according to abnormal behaviour.
Fig. 3 is the process flow diagram of the safety defense method of portable terminal according to an embodiment of the invention.
As shown in Figure 3, the safety defense method of portable terminal comprises:
S301, when portable terminal started, portable terminal obtained and moves the executable file that is used for defence among the root file system that is stored in portable terminal according to configuration file.
In one embodiment of the invention, executable file can be read-only.
For example, shown in Fig. 2 (a), the portable terminal of Android operating system can be stored the executable file that is used for defence in the root file system of portable terminal, then portable terminal is with the gzip(GNUzip of root file system with ram disk ramdisk, a kind of compressing file form) form is bundled among the image file boot.img, wherein, the kernel mirror image file that also comprises operating system among the boot.img.After the kernel of operating system starts, portable terminal can be placed on root file system the adjacent in kernel memory zone, and should the zone as read-only zones, the any process that is operating system all can not be revised root file system, the safety of the executable file that is used for defence that thus, can guarantee to store in the root file system.
S302, portable terminal generate the defence process on resident backstage according to the executable file of operation.
In one embodiment of the invention, whether portable terminal monitoring defence process is closed, and reruns executable file to generate the defence process according to configuration file after monitoring defence process is closed.For example, in the portable terminal of Android operating system, the init process can be monitored the event that withdraws from of defence process, and after withdrawing from, the defence process can restart a new defence process, thus, realized to the defence process monitoring and restart, make the defence process have the characteristic that can not close.
S303, portable terminal carries out Initiative Defense by the abnormal behaviour of defence monitoring the process portable terminal and according to abnormal behaviour.
Particularly, the assailant can use attacker that the operating system of portable terminal is carried out pointed and concealed attack, for example, the mourn in silence module of freezing some application program of background process can not be moved etc. it, and the defence process on the resident backstage that portable terminal generates can be monitored the abnormal behaviour of assailant's malice and be carried out Initiative Defense.
In one embodiment of the invention, portable terminal abnormal behaviour that the defence process is obtained is sent to attendant application so that the user is reminded.For example, the defence process that portable terminal generates is after monitoring abnormal behaviour (such as the attack of rogue program etc.), abnormal behaviour can be reported to attendant application, then attendant application carries out early warning by the mode that shows to the user in interface of mobile terminal, for example, shown in Fig. 2 (b), the defence process can eject a dialog box in interface of mobile terminal, reminding user is the configuration information which operating system which rogue program has revised, and then guides the user to finish and repairs operation or guide the user to delete the malicious attack program.
In one embodiment of the invention, the abnormal behaviour that portable terminal obtains the defence process is sent to cloud server, and receives the execution instruction that cloud server sends according to abnormal behaviour.Particularly, the defence monitoring the process is after abnormal behaviour (such as the attack of rogue program etc.), portable terminal can be uploaded to cloud server with abnormal behaviour, cloud server can go out potential attack according to the information analysis of uploading from other a large amount of portable terminals, and form automatic early warning mechanism, more specifically, cloud server can generate automatic analysis data and produce analysis application and the management platform of data sheet, the defence monitoring the process is after abnormal behaviour, cloud server can be by for example pushing information wap push note or based on TCP(Transmission Control Protocol, transmission control protocol) the long information that the pushes wap push passage that connects etc. sends specific instruction to portable terminal, then the defence process that generates of portable terminal executable operations after receiving the instruction that cloud server sends.Wherein, cloud server sends the data of instruction can encrypted transmission, need simultaneously the integrality of verification msg, can prevent that thus data are modified in transmission course, guarantee the safety of the transmission of data.
Safety defense method according to the portable terminal of the embodiment of the invention, portable terminal generates the defence process on resident backstage by the executable file that is used for defence among the root file system that is stored in portable terminal, and carry out Initiative Defense by the abnormal behaviour of defence monitoring the process portable terminal and according to abnormal behaviour, by utilize implant in the root file system of operating system that the security protection program realized the security protection program can not uninstall feature, and memory-resident operation and the automatically startup management of the security protection process of this security protection program have been realized in the operating system aspect, thereby guarantee to utilize the security protection process that application layer and the service layer of mobile terminal operating system carried out comprehensive monitoring protection and self-regeneration, make the attack that the operating system of whole portable terminal can the Initiative Defense assailant, bring effectively for the security protection of operating system and ensure.
In one embodiment of the invention, the defence process of portable terminal generation is carried out the operation of root authority.Thus, the defence process can operate or revise the root authority, has guaranteed that the root authority can not the victim malicious modification.
In one embodiment of the invention, the attendant application of portable terminal calls the operation that defence process that portable terminal generates is finished the root authority.For example, the defence process that generates of portable terminal can be carried out malicious attack program in the deletion action system partitioning territory etc.
In one embodiment of the invention, the defence process also is used for the scanning portable terminal and whether has su(switch user, switches the user) application program carried out, and when the application program that exists su to carry out, the application program that deletion su carries out.Particularly, after the mobile terminal operating system victim cracks, the assailant can place a su program in portable terminal, the application program of installing afterwards can be obtained the root authority by the su program, therefore, can directly delete the su program when defending monitoring the process to the su program, so that the defence process is repaired mobile terminal operating system, the application program of rear installation can't obtain the root authority.
In one embodiment of the invention, whether there is the abnormal behaviour of procotol table iptables table in the defence process scanning portable terminal that portable terminal generates, and when in iptables, having abnormal behaviour, freezes application program corresponding to abnormal behaviour.Particularly, after the assailant cracks mobile terminal operating system and has obtained the root authority, network configuration information that can the retouching operation system, the iptables of operating system for example, so that portable terminal can not connect some webserver, keep simultaneously portable terminal to be connected normally with other the webserver, therefore, the defence monitoring the process can freeze application program corresponding to abnormal behaviour when having abnormal behaviour to iptables.
In order to realize above-described embodiment, the present invention also proposes a kind of portable terminal.
A kind of portable terminal comprises the Prevention-Security device of the described portable terminal of each embodiment of the present invention.
Portable terminal according to the embodiment of the invention, generate the defence process on resident backstage according to the executable file of operation by defense module, and carry out Initiative Defense by the abnormal behaviour of defence monitoring the process portable terminal and according to abnormal behaviour, by utilize implant in the root file system of operating system that the security protection program realized the security protection program can not uninstall feature, and memory-resident operation and the automatically startup management of the security protection process of this security protection program have been realized in the operating system aspect, thereby guarantee to utilize the security protection process that application layer and the service layer of mobile terminal operating system carried out comprehensive monitoring protection and self-regeneration, make the attack that the operating system of whole portable terminal can the Initiative Defense assailant, bring effectively for the security protection of operating system and ensure.
Should be appreciated that in an embodiment of the present invention, portable terminal can be the hardware device that mobile phone, panel computer, personal digital assistant, e-book etc. have various operating systems.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, a plurality of steps or method can realize with being stored in the storer and by software or firmware that suitable instruction execution system is carried out.For example, if realize with hardware, the same in another embodiment, can realize with the combination of each or they in the following technology well known in the art: have for the discrete logic of data-signal being realized the logic gates of logic function, special IC with suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
In the description of this instructions, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or the example in conjunction with specific features, structure, material or the characteristics of this embodiment or example description.In this manual, the schematic statement of above-mentioned term not necessarily referred to identical embodiment or example.And the specific features of description, structure, material or characteristics can be with suitable mode combinations in any one or more embodiment or example.
Although illustrated and described embodiments of the invention, those having ordinary skill in the art will appreciate that: in the situation that do not break away from principle of the present invention and aim can be carried out multiple variation, modification, replacement and modification to these embodiment, scope of the present invention is limited by claim and equivalent thereof.
Claims (17)
1. the Prevention-Security device of a portable terminal is characterized in that, comprising: memory module, power-on management module and defense module, wherein,
Described memory module, described memory module are arranged among the root file system of portable terminal, are used for storing the executable file of described defense module;
Described executable file is obtained and moved to described power-on management module for the configuration file according to described portable terminal when described mobile terminal-opening starts;
Described defense module is used for generating the defence process of residing the backstage according to the described executable file of operation, and described defence process is used for monitoring the abnormal behaviour of described portable terminal and carrying out Initiative Defense according to described abnormal behaviour.
2. device according to claim 1 is characterized in that, described executable file is read-only.
3. device according to claim 1, it is characterized in that, whether described power-on management module also is used for monitoring described defence process and is closed, and reruns described executable file to generate described defence process according to described configuration file after the described defence process of monitoring is closed.
4. device according to claim 1, it is characterized in that, described defence process also is used for scanning described portable terminal and whether has the application program of su execution and/or the abnormal behaviour of procotol table iptables, wherein, if the application program that exists described su to carry out, the application program carried out of the described su of described defence process-kill then, and if have described abnormal behaviour among the described iptablies, then described defence process is freezed application program corresponding to described abnormal behaviour.
5. device according to claim 1 is characterized in that, described defence process also is used for carrying out the operation of root authority.
6. device according to claim 1 is characterized in that, the attendant application of described portable terminal calls the operation that described defence process is finished described root authority.
7. device according to claim 1 is characterized in that, the described abnormal behaviour that described defense module also is used for described defence process is obtained is sent to described attendant application so that the user is reminded.
8. device according to claim 1 is characterized in that, the described abnormal behaviour that described defense module also is used for described defence process is obtained is sent to cloud server, and receives the execution instruction that described cloud server sends according to described abnormal behaviour.
9. the safety defense method of a portable terminal is characterized in that, may further comprise the steps:
When described portable terminal started, described portable terminal obtained and moves the executable file that is used for defence among the root file system that is stored in described portable terminal according to configuration file;
Described portable terminal generates the defence process on resident backstage according to the described executable file of operation; And
Described portable terminal carries out Initiative Defense by the abnormal behaviour of the described portable terminal of described defence monitoring the process and according to described abnormal behaviour.
10. method according to claim 9 is characterized in that, described executable file is read-only.
11. method according to claim 9 is characterized in that, also comprises:
Whether described portable terminal is monitored described defence process and is closed, and reruns described executable file to generate described defence process according to described configuration file after the described defence process of monitoring is closed.
12. method according to claim 9, it is characterized in that, described defence process scans whether have application program that su carries out and/or the abnormal behaviour of iptables in the described portable terminal, wherein, if the application program that exists described su to carry out, the application program carried out of the described su of described defence process-kill then, and if have described abnormal behaviour among the described iptablies, then described defence process is freezed application program corresponding to described abnormal behaviour.
13. method according to claim 9 is characterized in that, also comprises:
Described defence process is carried out the operation of root authority.
14. method according to claim 9 is characterized in that, also comprises:
The attendant application of described portable terminal calls the operation that described defence process is finished described root authority.
15. method according to claim 9 is characterized in that, also comprises:
The described abnormal behaviour that described portable terminal obtains described defence process is sent to described attendant application so that the user is reminded.
16. method according to claim 9 is characterized in that, also comprises:
The described abnormal behaviour that described portable terminal obtains described defence process is sent to cloud server, and receives the execution instruction that described cloud server sends according to described abnormal behaviour.
17. a portable terminal is characterized in that, comprises the Prevention-Security device of each described portable terminal of claim 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310280701.0A CN103324887B (en) | 2013-07-05 | 2013-07-05 | Prevention-Security device, method and the mobile terminal of mobile terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310280701.0A CN103324887B (en) | 2013-07-05 | 2013-07-05 | Prevention-Security device, method and the mobile terminal of mobile terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103324887A true CN103324887A (en) | 2013-09-25 |
| CN103324887B CN103324887B (en) | 2016-12-28 |
Family
ID=49193622
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310280701.0A Active CN103324887B (en) | 2013-07-05 | 2013-07-05 | Prevention-Security device, method and the mobile terminal of mobile terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103324887B (en) |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104023122A (en) * | 2014-05-06 | 2014-09-03 | 可牛网络技术(北京)有限公司 | Security defense method and device |
| CN104318166A (en) * | 2014-11-14 | 2015-01-28 | 深圳市中兴移动通信有限公司 | Method and device for safety protection |
| CN104572158A (en) * | 2013-10-29 | 2015-04-29 | 腾讯科技(深圳)有限公司 | Method and device for running application program by superuser identity |
| CN104809403A (en) * | 2014-01-24 | 2015-07-29 | 红板凳科技股份有限公司 | Root-preventing white screen method |
| CN105095742A (en) * | 2014-05-15 | 2015-11-25 | 宇龙计算机通信科技(深圳)有限公司 | Root detection and recovery method for mobile terminal and mobile terminal |
| CN105592161A (en) * | 2016-01-18 | 2016-05-18 | 深圳维爱特科技有限公司 | Method for acquiring data of terminal equipment, and terminal equipment |
| CN105721478A (en) * | 2016-02-26 | 2016-06-29 | 浪潮通信信息***有限公司 | Mobile application active safety protection method based on function injection |
| CN105827413A (en) * | 2016-03-15 | 2016-08-03 | 乐视移动智能信息技术(北京)有限公司 | Electronic terminal, and system safety verification device and method thereof |
| CN105912933A (en) * | 2016-04-27 | 2016-08-31 | 北京金山安全软件有限公司 | Method and device for processing network disconnection instruction and electronic equipment |
| CN106325993A (en) * | 2016-08-22 | 2017-01-11 | 宇龙计算机通信科技(深圳)有限公司 | Freezing method of application program and terminal |
| CN106446693A (en) * | 2016-12-06 | 2017-02-22 | 广东欧珀移动通信有限公司 | Mobile terminal repair method, mobile terminal repair device, computer readable storage medium and equipment |
| CN106446682A (en) * | 2016-06-24 | 2017-02-22 | 北京壹人壹本信息科技有限公司 | Security protection method and apparatus |
| CN106529332A (en) * | 2016-10-25 | 2017-03-22 | 广东欧珀移动通信有限公司 | Permission control method and apparatus for mobile terminal, and mobile terminal |
| CN106529312A (en) * | 2016-10-25 | 2017-03-22 | 广东欧珀移动通信有限公司 | Method and device for permission control of mobile terminal, and mobile terminal |
| CN106709339A (en) * | 2016-06-23 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Scanning result display method and device |
| CN107425994A (en) * | 2016-05-24 | 2017-12-01 | 中兴通讯股份有限公司 | A kind of method, terminal and server for realizing parameters remote management |
| CN107493256A (en) * | 2016-06-13 | 2017-12-19 | 深圳市深信服电子科技有限公司 | Security incident defence method and device |
| CN107517308A (en) * | 2017-08-07 | 2017-12-26 | 惠州Tcl移动通信有限公司 | Application program for mobile terminal abnormal detection method, storage device and mobile terminal |
| WO2020007249A1 (en) * | 2018-07-03 | 2020-01-09 | ***股份有限公司 | Operating system security active defense method and operating system |
| CN113507384A (en) * | 2021-06-22 | 2021-10-15 | 深圳市亿联无限科技有限公司 | System and method for switching working modes of equipment |
| WO2022001506A1 (en) * | 2020-06-30 | 2022-01-06 | 华为技术有限公司 | Method and apparatus for running process |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1564992A (en) * | 2001-08-13 | 2005-01-12 | 高通股份有限公司 | Application level access privilege to a storage area on a computer device |
| CN101477600A (en) * | 2009-01-20 | 2009-07-08 | 中国人民解放军保密委员会技术安全研究所 | Software automatic protection system and security card based on firmware |
| CN101616495A (en) * | 2008-06-23 | 2009-12-30 | 网秦无限(北京)科技有限公司 | The method and system of individual privacy in the protection mobile phone |
| CN103118357A (en) * | 2013-02-20 | 2013-05-22 | 上海斐讯数据通信技术有限公司 | Antitheft system and antitheft method for mobile terminals |
-
2013
- 2013-07-05 CN CN201310280701.0A patent/CN103324887B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1564992A (en) * | 2001-08-13 | 2005-01-12 | 高通股份有限公司 | Application level access privilege to a storage area on a computer device |
| CN101616495A (en) * | 2008-06-23 | 2009-12-30 | 网秦无限(北京)科技有限公司 | The method and system of individual privacy in the protection mobile phone |
| CN101477600A (en) * | 2009-01-20 | 2009-07-08 | 中国人民解放军保密委员会技术安全研究所 | Software automatic protection system and security card based on firmware |
| CN103118357A (en) * | 2013-02-20 | 2013-05-22 | 上海斐讯数据通信技术有限公司 | Antitheft system and antitheft method for mobile terminals |
Cited By (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104572158B (en) * | 2013-10-29 | 2019-01-04 | 腾讯科技(深圳)有限公司 | One kind running application program method and device with power user's identity |
| CN104572158A (en) * | 2013-10-29 | 2015-04-29 | 腾讯科技(深圳)有限公司 | Method and device for running application program by superuser identity |
| CN104809403A (en) * | 2014-01-24 | 2015-07-29 | 红板凳科技股份有限公司 | Root-preventing white screen method |
| CN104023122B (en) * | 2014-05-06 | 2016-04-06 | 可牛网络技术(北京)有限公司 | Safety defense method and device |
| CN104023122A (en) * | 2014-05-06 | 2014-09-03 | 可牛网络技术(北京)有限公司 | Security defense method and device |
| CN105095742A (en) * | 2014-05-15 | 2015-11-25 | 宇龙计算机通信科技(深圳)有限公司 | Root detection and recovery method for mobile terminal and mobile terminal |
| CN104318166A (en) * | 2014-11-14 | 2015-01-28 | 深圳市中兴移动通信有限公司 | Method and device for safety protection |
| CN105592161A (en) * | 2016-01-18 | 2016-05-18 | 深圳维爱特科技有限公司 | Method for acquiring data of terminal equipment, and terminal equipment |
| CN105721478A (en) * | 2016-02-26 | 2016-06-29 | 浪潮通信信息***有限公司 | Mobile application active safety protection method based on function injection |
| CN105827413A (en) * | 2016-03-15 | 2016-08-03 | 乐视移动智能信息技术(北京)有限公司 | Electronic terminal, and system safety verification device and method thereof |
| CN105912933A (en) * | 2016-04-27 | 2016-08-31 | 北京金山安全软件有限公司 | Method and device for processing network disconnection instruction and electronic equipment |
| CN107425994A (en) * | 2016-05-24 | 2017-12-01 | 中兴通讯股份有限公司 | A kind of method, terminal and server for realizing parameters remote management |
| CN107493256B (en) * | 2016-06-13 | 2020-11-20 | 深信服科技股份有限公司 | Security event defense method and device |
| CN107493256A (en) * | 2016-06-13 | 2017-12-19 | 深圳市深信服电子科技有限公司 | Security incident defence method and device |
| CN106709339B (en) * | 2016-06-23 | 2018-11-09 | 腾讯科技(深圳)有限公司 | A kind of method and apparatus of display scanning result |
| CN106709339A (en) * | 2016-06-23 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Scanning result display method and device |
| CN106446682A (en) * | 2016-06-24 | 2017-02-22 | 北京壹人壹本信息科技有限公司 | Security protection method and apparatus |
| CN106325993A (en) * | 2016-08-22 | 2017-01-11 | 宇龙计算机通信科技(深圳)有限公司 | Freezing method of application program and terminal |
| CN106529312A (en) * | 2016-10-25 | 2017-03-22 | 广东欧珀移动通信有限公司 | Method and device for permission control of mobile terminal, and mobile terminal |
| CN106529332A (en) * | 2016-10-25 | 2017-03-22 | 广东欧珀移动通信有限公司 | Permission control method and apparatus for mobile terminal, and mobile terminal |
| CN106529312B (en) * | 2016-10-25 | 2019-08-06 | Oppo广东移动通信有限公司 | A kind of authority control method of mobile terminal, device and mobile terminal |
| CN106529332B (en) * | 2016-10-25 | 2019-08-13 | Oppo广东移动通信有限公司 | A kind of authority control method of mobile terminal, device and mobile terminal |
| CN106446693B (en) * | 2016-12-06 | 2019-03-22 | Oppo广东移动通信有限公司 | Restorative procedure, device, computer readable storage medium and the equipment of mobile terminal |
| CN106446693A (en) * | 2016-12-06 | 2017-02-22 | 广东欧珀移动通信有限公司 | Mobile terminal repair method, mobile terminal repair device, computer readable storage medium and equipment |
| CN107517308A (en) * | 2017-08-07 | 2017-12-26 | 惠州Tcl移动通信有限公司 | Application program for mobile terminal abnormal detection method, storage device and mobile terminal |
| WO2020007249A1 (en) * | 2018-07-03 | 2020-01-09 | ***股份有限公司 | Operating system security active defense method and operating system |
| WO2022001506A1 (en) * | 2020-06-30 | 2022-01-06 | 华为技术有限公司 | Method and apparatus for running process |
| CN113507384A (en) * | 2021-06-22 | 2021-10-15 | 深圳市亿联无限科技有限公司 | System and method for switching working modes of equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103324887B (en) | 2016-12-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103324887A (en) | Mobile terminal, security defense device thereof and security defense method thereof | |
| EP3168770B1 (en) | Executing process monitoring | |
| CN106462429A (en) | Dynamic patching of multiple, functionally equivalent variations of various software modules for security reasons | |
| CN110334522B (en) | Method and device for starting measurement | |
| JP2012185745A (en) | Portable terminal, program, and communication system | |
| CN109815698A (en) | Malware is determined using firmware | |
| CN104506639A (en) | Root right acquiring method and device | |
| CN105069352A (en) | Method for constructing trusted application program running environment on server | |
| CN104361282A (en) | Mobile terminal security protecting method and device | |
| US11029987B2 (en) | Recovery of state, configuration, and content for virtualized instances | |
| CN102681874A (en) | Method and device for ensuring normal running of software | |
| CN112035843A (en) | Vulnerability processing method and device, electronic equipment and storage medium | |
| CN102880478B (en) | Oftware updating method | |
| CN105095742A (en) | Root detection and recovery method for mobile terminal and mobile terminal | |
| CN109992477B (en) | Information processing method and system for electronic equipment and electronic equipment | |
| CN102905290B (en) | base station maintenance method and apparatus | |
| CN104767876A (en) | Safety software processing method and user terminal | |
| CN110851300A (en) | Program process monitoring method and device, computer equipment and readable storage medium | |
| CN104023122B (en) | Safety defense method and device | |
| CN112130889A (en) | Resource management method and device, storage medium and electronic device | |
| CN103824015A (en) | Application program control method, device and system | |
| CN104268080A (en) | Software exception handling method and device | |
| CN104200164A (en) | Loader virus searching and killing method, device and terminal | |
| CN116033466B (en) | Fault detection system, method and storage medium | |
| CN110851312A (en) | Test method and device for rapidly simulating power failure protection and computer equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |