CN106203125A - Operating system and safety detection method, safety detection device and terminal - Google Patents

Abstract

The disclosure is directed to the safety detection method of a kind of operating system, safety detection device and there is operating system and the terminal of this device, belonging to communication technical field.Described method includes: the safe condition of detecting system, whether there is illegal high authority process including detecting system, and/or, detecting system file is the most damaged；When the system of detecting exists illegal high authority process and/or system file is damaged, determine that system is in non-secure states.The method actively monitors the safe condition of user terminal by real-time monitor operating system with realization, avoiding user not find in time there is leak and causes the generation of the problems such as privacy leakage and the property loss of user in the operating system of user terminal, improve the response speed finding that operating system exists hidden danger, improve the safety of user terminal.

Description

Operating system and safety detection method, safety detection device and terminal

Technical field

It relates to communication technical field, particularly relate to the safety detection method of a kind of operating system, safety detection dress Put and have operating system and the terminal of this device.

Background technology

At present, mobile device such as mobile phone, panel computer, personal digital assistant etc., it is all based on operating system and operates The hardware device used.Be applied on Vehicles Collected from Market the operating system of mobile device mainly have Android (Android) operating system, IOS (Mobile operating system developed by Apple), Windows Phone operating system (are opened by Microsoft The Mobile operating system sent out) etc..Wherein, it is well known that android system is a kind of freedom based on Linux and open-source generation The operating system of code.But, due to the characteristic of its open source code, cause the leak of Android operation system to be easy to be exposed to Lawless person, to break through the security mechanism of system.But, once security breaches expose, then count and have with the mobile device of hundred million notes Risk by Root (cracking).

User oneself tends not to find that used mobile device by Root and greatly may be deposited in time at present In potential safety hazard, there is exception or property loss in the mobile device only used as user, instant as in mobile device The password of communications applications is stolen when waiting, and is only possible to find that the operating system of mobile device has existed leak, and this is due to behaviour at present Make the typically no safety detection function of system self, cause the operating system of mobile device to there is leak, thus cause user's Privacy leakage and property loss, and then bring great damage to user.

Summary of the invention

For overcoming problem present in correlation technique, disclosure embodiment provides the safety detection side of a kind of operating system Method, safety detection device and there is operating system and the terminal of this device.Described technical scheme is as follows:

First aspect according to disclosure embodiment, it is provided that the safety detection method of a kind of operating system, the method includes: The safe condition of detecting system, including detecting whether described system exists illegal high authority process, and/or, detecting system literary composition Part is the most damaged；When the system of detecting exists illegal high authority process and/or system file is damaged, determine described system System is in non-secure states.

Method as above, whether described detecting system exists illegal high authority process includes: obtain current system High authority process；By high authority process phase comparison legal with pre-recorded system for described current system high authority process, know The most whether there is the high authority process not being recorded；If there being the high authority process not being recorded, then the height not being recorded described in confirmation Authority process is illegal high authority process.

Method as above, described detecting system file is the most damaged to be included: obtain system file；By described system The system file phase comparison that file is legal with pre-recorded system, identifies whether there is the system file not being recorded；If having not The system file being recorded, then confirm that described system file is damaged.

Method as above, the method for the high authority process that the system of record is legal, including: the height that record system is legal The enumerated value of authority process and number；And/or the authority content of record system residence critical processes.

Method as above, the method for the system file that the system of record is legal, including: the system that record system is legal The file verification code of file.

Method as above, the legal high authority process of described pre-recorded system obtains by following steps: true The hardware equipment information of terminal belonging to fixed described operating system, and described hardware equipment information is sent to server；Receive institute The high authority process that the described pre-recorded system got according to described hardware equipment information of stating that server sends is legal.

Method as above, described method also includes: by high authority process encryption legal for described system, and be stored in In system partitioning.

Method as above, described method also includes: by system file encryption legal for described system, and is stored in and is In system subregion.

Method as above, the safe condition of described detecting system includes: when described system start-up, triggers system The detection of safe condition；And/or, after described system start-up, periodically or by preset rules trigger security of system state Detection.

Method as above, described method also includes: when determining that system is in non-secure states, generates locking and refers to Order, and according to described lock instruction, the payment function of system is locked.

Method as above, described method also includes: when determining that system is in non-secure states, generates prompting letter Breath, to prompt the user whether to be updated system；When receiving the confirmation instruction that system is updated, generate system System update request, and by described system update request send to server；Receive described server send according to described The system update fileinfo that system update acquisition request arrives, and according to described system update fileinfo, system is carried out more Newly.

Second aspect according to disclosure embodiment, it is provided that the safety detection device of a kind of operating system, described device bag Include: detection module, for the safe condition of detecting system, including detecting whether described system exists illegal high authority process, And/or, detecting system file is the most damaged；Determine module, for the system of detecting exist illegal high authority process and/ Or system file damaged time, determine that described system is in non-secure states.

Device as above, described detection module includes: high authority process obtains submodule, is used for obtaining current system High authority process；High authority process contrast submodule, for by described current system high authority process and pre-recorded system Legal high authority process phase comparison, to identify whether to have the high authority process not being recorded；Illegal high authority process confirms son Module, for when there being the high authority process not being recorded, the high authority process not being recorded described in confirmation is illegal Gao Quan Limit process.

Device as above, described detection module includes: system file obtains submodule, is used for obtaining system file； System file contrast submodule, for by system file phase comparison legal with pre-recorded system for described system file, with Identify whether there is the system file not being recorded；System file damaged confirmation submodule, for there being the system not being recorded During file, confirm that described system file is damaged.

Device as above, described device also includes: the high authority process logging modle that system is legal, is used for recording system The enumerated value of the high authority process of integration method and number, and/or, the authority content of record system residence critical processes.

Device as above, described device also includes: the system file logging modle that system is legal, is used for recording system The file verification code of legal system file.

Device as above, described device also includes: the high authority process acquisition module that system is legal, is used for determining institute State the hardware equipment information of terminal belonging to operating system, and described hardware equipment information is sent to server, and receive described The high authority process that the described pre-recorded system got according to described hardware equipment information that server sends is legal.

Device as above, described device also includes: the high authority process memory module that system is legal, for by described The high authority process encryption that system is legal, and be stored in system partitioning.

Device as above, described device also includes: the system file memory module that system is legal, for by described system The system file encryption of integration method, and be stored in system partitioning.

Device as above, described device also includes: trigger module, for when described system start-up, triggers being The detection of system safe condition, and/or, after described system start-up, periodically or by preset rules trigger security of system state Detection；Wherein, described detection module, when described trigger module triggers the detection to security of system state, detects described system Safe condition.

Device as above, described device also includes: locking module, for determining that module determines described system described When being in non-secure states, generate lock instruction, and according to described lock instruction, the payment function of system is locked.

Device as above, described device also includes: information generation module, for determining that module determines described When system is in non-secure states, generate information, to prompt the user whether system is updated；More newly requested generation mould Block, for when receiving the confirmation instruction being updated system, generates the system update to system and asks, and by described system Unite more newly requested transmission to server；More new module, for receiving asking according to described system update of described server transmission The system update fileinfo got, and according to described system update fileinfo, system is updated.

The third aspect according to disclosure embodiment, it is provided that another terminal, described terminal includes: at one or more Reason device；Memorizer；One or more program, one or more program stores in which memory, when described One or more processor proceeds as follows when performing: the safe condition of detecting system, including whether detecting described system There is illegal high authority process, and/or, detecting system file is the most damaged；When the system of detecting exists illegal Gao Quan When limit process and/or system file are damaged, determine that described system is in non-secure states.

The technical scheme that disclosure embodiment provides can include following beneficial effect:

By the safe condition of detecting system, whether there is illegal high authority process including detecting system, and/or, inspection Examining system file is the most damaged, and when the system of detecting exists illegal high authority process and/or system file is damaged, Determine that this system is in non-secure states.By real-time monitor operating system to realize actively monitoring the safe shape of user terminal State, greatly enhance operating system destroyed after find the response speed of potential safety hazard, and improve guiding user and repair The response speed of the file of multiple leak or damage, protects the rights and interests of user, reduces the loss of user.

It should be appreciated that it is only exemplary and explanatory, not that above general description and details hereinafter describe The disclosure can be limited.

Accompanying drawing explanation

Accompanying drawing herein is merged in description and constitutes the part of this specification, it is shown that meet the enforcement of the disclosure Example, and for explaining the principle of the disclosure together with description.

Fig. 1 is the flow chart of the safety detection method according to a kind of operating system shown in an exemplary embodiment；

Fig. 2 is the flow chart of the safety detection method according to a kind of operating system shown in another exemplary embodiment；

Fig. 3 is the flow chart of the safety detection method according to a kind of operating system shown in further example embodiment；

Fig. 4 is the effect exemplary plot of the operation interface display information of a kind of user terminal；

Fig. 5 is the block diagram of the safety detection device according to a kind of operating system shown in an exemplary embodiment；

Fig. 6 is according to the block diagram of the safety detection device of a kind of operating system shown in further example embodiment；

Fig. 7 is the block diagram of the safety detection device according to a kind of operating system shown in another exemplary embodiment；

Fig. 8 is the block diagram of the safety detection device according to a kind of operating system shown in further exemplary embodiment；

Fig. 9 is the block diagram according to the safety detection device of a kind of operating system shown in another exemplary embodiment again；

Figure 10 is the block diagram according to the safety detection device of another a kind of operating system shown in exemplary embodiment again；

Figure 11 is the block diagram of the safety detection device according to a kind of operating system shown in another exemplary embodiment；

Figure 12 is the block diagram of the safety detection device according to a kind of operating system shown in another exemplary embodiment；

Figure 13 is the block diagram of the safety detection device according to a kind of operating system shown in further example embodiment；

Figure 14 is the block diagram of the safety detection device according to a kind of operating system shown in another exemplary embodiment；

Figure 15 is the block diagram of the safety detection device according to a kind of operating system shown in another exemplary embodiment；

Figure 16 is the device 1600 according to a kind of safety detection for operating system shown in an exemplary embodiment Block diagram.

By above-mentioned accompanying drawing, it has been shown that the embodiment that the disclosure is clear and definite, hereinafter will be described in more detail.These accompanying drawings With word, the scope being not intended to be limited disclosure design by any mode is described, but by with reference to specific embodiment being Those skilled in the art illustrate the concept of the disclosure.

Detailed description of the invention

Here will illustrate exemplary embodiment in detail, its example represents in the accompanying drawings.Explained below relates to During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represents same or analogous key element.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the disclosure.On the contrary, they are only with the most appended The example of the apparatus and method that some aspects that described in detail in claims, the disclosure are consistent.

It should be noted that Android operation system is the operating system increased income completely, system disparate modules mostly Have employed the code of open source projects.And the hardware platform that different chip manufacturers provides all can be in Android operation system The driver of adaptive hardware in support.But, these Open Source Codes and driver are all the places that leak is occurred frequently, and this A little modules have the highest System Privileges, cause lawless person to utilize these leaks to break through the authority defence line of system, obtain Root (super manager) authority.

Because system vulnerability may be hidden in the modules of system, along with the iteration of the upgrading disparate modules of system develops Exploitation, the generation of new leak hidden danger is also inevitable, therefore can not repair all of leak before system is issued.

To this end, embodiment of the disclosure the safety detection method proposing a kind of operating system, by the method monitoring behaviour Making the safe condition of system, once System Privileges defence line is broken, then can identify immediately and provide effective measures.Below with reference to attached Figure describes the safety detection method of the operating system of disclosure embodiment.

Fig. 1 is the flow chart of the safety detection method according to a kind of operating system shown in an exemplary embodiment, this reality Execute example to be configured in the safety detection device of operating system illustrate with the safety detection method of this operating system.Need Illustrate, operating system can be but be not limited to install Android operation system, such as can also is that ISO operating system, Windows Phone operating system etc..

Below as a example by operating system is as Android operation system, it will be understood that operate with operating system for Android Illustrate as a example by system and be intended only as a kind of example, can not be as concrete restriction of this disclosure.

As it is shown in figure 1, the safety detection method of this operating system may include that

In step S101, the safe condition of detecting system, whether there is illegal high authority process including detecting system, And/or, detecting system file is the most damaged.

As a kind of example, whether said detecting system exists the process that implements of illegal high authority process can be such as Under: can first obtain current system high authority process, afterwards, this current system high authority process can be closed with pre-recorded system The high authority process phase comparison of method, to identify whether to have the high authority process not being recorded, if there being the high authority not being recorded to enter Journey, then can confirm that this high authority process not being recorded is illegal high authority process；If the high authority not being recorded is entered Journey, then can determine that this system does not exist illegal high authority process.

Wherein, the method for the high authority process that the system of above-mentioned record is legal comprises the steps that the high authority that record system is legal The enumerated value of process and number, and/or, the authority content of record system residence critical processes.

Specifically, can first obtain the current system in operating system and there is the process of high authority, afterwards, can be by current system In there is the process of high authority legal with pre-recorded system high authority process mate, such as, can be by current system In there is the enumerated value (such as title) of process and the number of high authority, the enumerated value of the high authority process legal with system is (such as name Claim) and number mate, if mate, then can recognize that the high authority process that current system is not recorded, if not mating, then Recognizable current system has the high authority process not being recorded, and now can confirm that this high authority process not being recorded is illegal There is illegal high authority process in high authority process, i.e. current system.And/or, current system can will have entering of high authority Journey is mated with the authority content of system residence critical processes, if the process in current system with high authority exists and is System resides critical processes, and authority content also mates, then can recognize that the high authority process that current system is not recorded, no Then, then can recognize that current system has the high authority process not being recorded, now can confirm that this high authority process not being recorded is Illegal high authority process, i.e. there is illegal high authority process in current system.

It is appreciated that there is various ways the storage position of the legal high authority process of pre-recorded system, such as, can be by The legal high authority process of pre-recorded system is pre-stored within server, it is also possible to by height legal for pre-recorded system It is medium that authority process is pre-stored within terminal unit, may be given below two kinds of examples:

As a kind of example, can be by high authority process legal for pre-recorded system and the hardware equipment information of terminal Upload onto the server, so that high authority legal for this pre-recorded system is entered by server according to the hardware equipment information of terminal Cheng Jinhang stores.Wherein, hardware equipment information includes but not limited to the brand message of terminal, type information or this terminal The version information (such as version number) etc. of operating system.

Based on above-mentioned storage mode, when whether detecting system exists illegal high authority process, following steps can be passed through Obtain the high authority process that this pre-recorded system is legal:

1011) determine the hardware equipment information of terminal belonging to operating system, and hardware equipment information is sent to server；

1012) Gao Quan that the pre-recorded system got according to hardware equipment information that receives that server sends is legal Limit process.

As another kind of example, by high authority process encryption legal for system, and can be stored in system partitioning.Such as, Before operating system is not installed or updated in corresponding terminal, legal high authority is entered to determine the system in operating system Journey, and the high authority process that this system is legal is encrypted, finally by high authority process storage legal for the system after encryption System partitioning in terminal.Wherein, this terminal can be PC end, it is also possible to be the tools such as mobile phone, panel computer, personal digital assistant There is the mobile terminal of operating system.

Based on above-mentioned storage mode, when whether detecting system exists illegal high authority process, following steps can be passed through Obtain the high authority process that this pre-recorded system is legal: read the high authority that in system partitioning, the system of storage is legal and enter Journey, and the high authority process that this system is legal is decrypted.

It is appreciated that and carrys out detecting system except illegal high authority process whether can be there is by said detecting system Outside safe condition, it is also possible to whether damaged the safe condition of detecting system by detecting system file:

As a kind of example, the most impaired process that implements of said detecting system file can be as follows: can first obtain System file, afterwards, can be by system file phase comparison legal with pre-recorded system for this system file, to identify whether to have The system file not being recorded, if there being the system file not being recorded, then can confirm that system file is damaged；If not remembered The system file of record, then can determine that system file is the most damaged.Wherein, the method for the system file that the system of above-mentioned record is legal Comprise the steps that the file verification code of the legal system file of record system.Wherein, this document check code may include but be not limited to MD5 Check code, hash check code and CRC32 check code etc..

Specifically, can first obtain the system file of current system, afterwards, can be by the system file of this current system and system Legal system file phase comparison, such as, can close the file verification code of each system file of current system with each system The file verification code of the system file of method mates, if it does, then the system that recognizable current system is not recorded File, i.e. can confirm that the system file of current system is the most damaged；If it does not match, recognizable current system is not recorded System file, now can confirm that the system file of current system is damaged.

It is appreciated that there is various ways the storage position of the legal system file of pre-recorded system, such as, can be by pre- The legal system file of the system that first records is pre-stored within server, it is also possible to by system literary composition legal for pre-recorded system It is medium that part is pre-stored within terminal unit, may be given below two kinds of examples:

As a kind of example, can be by the hardware equipment information of system file legal for pre-recorded system and terminal Pass to server, so that system file legal for this pre-recorded system is entered by server according to the hardware equipment information of terminal Row storage.

Based on above-mentioned storage mode, when detecting system file is the most damaged, can be obtained this by following steps pre- The system file that the system that first records is legal:

1013) determine the hardware equipment information of terminal belonging to operating system, and hardware equipment information is sent to server；

1014) system that the pre-recorded system got according to hardware equipment information that receives that server sends is legal File.

As another kind of example, by system file encryption legal for system, and it is stored in system partitioning.Such as, behaviour is worked as Make before system is not installed or updated in corresponding terminal, to determine the system file that the system in operating system is legal, and The system file that this system is legal is encrypted, by what system file legal for the system after encryption was stored in terminal is finally System subregion.

Based on above-mentioned storage mode, when detecting system file is the most damaged, can be obtained this by following steps pre- The system file that the system that first records is legal: read the system file that in system partitioning, the system of storage is legal, and to this system Legal system file is decrypted.

In order to improve availability and feasibility, also for can the safe condition of real-time detecting system, show as one Example, the process that implements of the safe condition of detecting system comprises the steps that upon power-up of the system, triggers the inspection to security of system state Survey；And/or, after system start-up, periodically or by preset rules trigger the detection to security of system state.It is to say, can The detection to security of system state is all triggered when each system start-up；And/or after system start-up, periodically or according to default rule Then trigger the detection to security of system state.Wherein, regularly cycle duration can be set by the user, it is also possible to is set by system Fixed.Additionally, above-mentioned preset rules can be to receive the confirmation detection instruction etc. of user, such as, when the confirmation receiving user is examined When surveying instruction, trigger the detection to security of system state.

In step s 102, when the system of detecting exists illegal high authority process and/or system file is damaged, really Determine system and be in non-secure states.

The safety detection method of the operating system that the present embodiment provides, by the safe condition of detecting system, including detection Whether system exists illegal high authority process, and/or, detecting system file is the most damaged, and is detecting that system exists When illegal high authority process and/or system file are damaged, determine that this system is in non-secure states.By monitoring behaviour in real time Make system to realize actively monitoring the safe condition of user terminal, it is to avoid user can not find the operating system of user terminal in time There is leak and cause the generation of the problems such as privacy leakage and the property loss of user, improve discovery operating system and there is hidden danger Response speed, improve the safety of user terminal.

Fig. 2 is the flow chart of the safety detection method according to a kind of operating system shown in another exemplary embodiment.

It is utilized the response speed of the break of loophole, the power of protection user in order to operating system can be improved to the full extent Benefit, is preferably minimized the loss of user, in this example, during operating system is carried out safety detection, when determining is When system is in non-secure states, the measures such as lock operation systemic-function, such as, the payment merit of lockable user terminal can be taked Can, forbid that user uses payment etc. may produce the function of property loss.As a kind of example, as in figure 2 it is shown, the method can be wrapped Include:

In step s 201, the safe condition of detecting system, whether there is illegal high authority process including detecting system, And/or, detecting system file is the most damaged.

In step S202, when the system of detecting exists illegal high authority process and/or system file is damaged, really Determine system and be in non-secure states.

In step S203, when determining that system is in non-secure states, generate lock instruction, and refer to according to described locking Make the payment function to described operating system lock, and generate information according to described lock instruction and be supplied to use Family.

During operating system is carried out safety detection, when determining that system is in non-secure states, lock can be generated Determine the instruction of operating system, make hard with apply according to the payment function in this instruction lock operation system or instant messaging Can wait, and can provide a user with corresponding information with remind user's current operation system there is potential safety hazard, such as, can give birth to Become the prompting letter such as " current system exists illegal process or illegal file, and for ensureing your account safety, payment function is locked " Breath.

The safety detection method of the operating system that the present embodiment provides, in the process that operating system carries out safety detection In, when determining that system is in non-secure states, the payment function etc. of lock operation system, so can at utmost carry Shangdi High operating system is utilized the response speed of the break of loophole, and warn user in the very first time, it is to avoid privacy of user Reveal and the loss of property, improve Consumer's Experience.

Fig. 3 is the flow chart according to the safety detection method of a kind of operating system shown in another exemplary embodiment again.

In this example, during operating system is carried out safety detection, when determining that system is in non-secure states Time, can take to guide user to carry out system update, such as system upgrade or retaining in the case of user data complete brush machine etc. Measure.As a kind of example, as it is shown on figure 3, the method comprises the steps that

In step S301, the safe condition of detecting system, whether there is illegal high authority process including detecting system, And/or, detecting system file is the most damaged.

In step s 302, when the system of detecting exists illegal high authority process and/or system file is damaged, really Determine system and be in non-secure states.

In step S303, when determining that system is in non-secure states, generate information providing the user with and carry Show whether user is updated operating system.

After generating information, this information can be shown in the display interface of user terminal, to carry Show whether user is updated operating system.Such as, as shown in Figure 6, the content of this information is as " current system exists wind Danger, for ensureing your account safety, it is proposed that operating system is updated by you, if be updated ".

In step s 304, when receiving the confirmation instruction that user is updated for operating system, generate for behaviour Make the system update request of system, and system update request is sent to server.

When the "Yes" received in user's click as shown in Figure 4, the system update for operating system can be generated and ask, And system update request is sent to server.Server more newly requested can find the system corresponding with this operating system according to this Updating fileinfo, this system update fileinfo for example, at least includes updating file, updating fileversion number etc., and by this is System updates fileinfo and is sent to the user terminal corresponding to this operating system.

In step S305, receive server send according to system update acquisition request to system update file letter Breath, and according to system update fileinfo, operating system is updated.

When receiving the system update fileinfo of server feedback, user can be guided according to system update fileinfo Operating system is updated.It is appreciated that this system update file could be for the new version system file of system upgrade, Can also is that the normal system file identical with the version of the operating system of active user's terminal；This system update file is all right It is for carrying out the operation of complete brush machine in the case of retaining user data.

The safety detection method of the operating system that the present embodiment provides, in the process that operating system carries out safety detection In, when determining that system is in non-secure states, take to guide user to carry out system update, use such as system upgrade or retaining The measure such as complete brush machine in the case of user data, so at utmost can improve operating system and be utilized the break of loophole in Shangdi Response speed, and in the very first time, user is warned, it is ensured that the property of user and the safety of privacy information, protection is used The rights and interests at family, reduce minimum by the loss of user.

To sum up, the safety detection method that disclosure embodiment provides passes through the safe condition of actively real-time monitoring system, and When determining that system is in non-secure states, by taking locking system function, guiding the measures such as user's renewal system, can make Obtain user and can recognize that operating system exists potential safety hazard in the very first time, and avoid privacy of user to reveal by above-mentioned measure And property loss, it is to avoid system vulnerability repairs the delayed great damage brought to user and loss.

Following for disclosure device embodiment, can be configured to perform method of disclosure embodiment.The disclosure is filled Put the details not disclosed in embodiment, refer to method of disclosure embodiment.

Fig. 5 is the block diagram of the safety detection device according to a kind of operating system shown in an exemplary embodiment, this operation The safety detection device of system can pass through software, hardware or both be implemented in combination with, as it is shown in figure 5, this operating system Safety detection device may include that

Whether detection module 10, for the safe condition of detecting system, exist illegal high authority including detecting system and enter Journey, and/or, detecting system file is the most damaged.Determine module 20, illegal for detecting that system exists at detection module 10 High authority process and/or system file damaged time, determine that system is in non-secure states.

As a kind of example, as shown in Figure 6, this detection module 10 may include that high authority process obtains submodule 11, height Authority process contrast submodule 12 and illegal high authority process confirm submodule 13.Wherein, high authority process obtains submodule 11 For obtaining current system high authority process.High authority process contrast submodule 12 is used for current system high authority process with pre- The high authority process phase comparison that the system that first records is legal, to identify whether to have the high authority process not being recorded.Illegal Gao Quan Limit process confirms that submodule 13, for when there being the high authority process not being recorded, confirms that the high authority process not being recorded is non- The high authority process of method.

Wherein, in an embodiment of the disclosure, as it is shown in fig. 7, on the basis of as shown in Figure 6, this safety detection Device may also include the high authority process logging modle 30 that system is legal, and the legal high authority process logging modle 30 of system can be used In enumerated value and the number of the record legal high authority process of system, and/or the authority content of record system residence critical processes.

Additionally, in an embodiment of the disclosure, as shown in Figure 8, on the basis of as shown in Figure 7, this safety detection Device may also include the high authority process acquisition module 40 that system is legal, and the legal high authority process acquisition module 40 of system can lead to Cross in the following manner to obtain the high authority process that pre-recorded system is legal: determine the hardware device of terminal belonging to operating system Information, and hardware equipment information is sent to server, and getting according to hardware equipment information of receiving that server sends The high authority process that pre-recorded system is legal.

In an embodiment of the disclosure, as it is shown in figure 9, on the basis of as shown in Figure 7, this safety detection device is also The high authority process memory module 50 that system is legal can be included, the legal high authority process memory module 50 of system can be used for will be The high authority process encryption of integration method, and be stored in system partitioning.

As a kind of example, as shown in Figure 10, this detection module 10 may include that system file obtains submodule 14, is System file contrast submodule 15 and system file damaged confirmation submodule 16.Wherein, system file acquisition submodule 14 is used for Obtain system file.System file contrast submodule 15 is for by system file legal to system file and pre-recorded system Phase comparison, to identify whether to have the system file not being recorded.System file damaged confirmation submodule 16 for have not by During the system file recorded, confirm that system file is damaged.

Wherein, in an embodiment of the disclosure, as shown in figure 11, on the basis of as shown in Figure 10, this is examined safely Surveying device and may also include the system file logging modle 60 that system is legal, the legal system file logging modle 60 of system can be used for The file verification code of the system file that record system is legal.

In an embodiment of the disclosure, as shown in figure 12, on the basis of as shown in figure 11, this safety detection device The high authority process memory module 70 that the system that may also include is legal, the legal high authority process memory module 70 of system can be used for by The system file encryption that system is legal, and be stored in system partitioning.

It should be noted that in an embodiment of the disclosure, as shown in figure 13, this safety detection device also can wrap Including: trigger module 80, trigger module 80 can be used for when system start-up, triggers the detection to security of system state, and/or, After system start-up, periodically or by preset rules trigger the detection to security of system state.Wherein, embodiment of the disclosure In, detection module 10 can be when trigger module 80 triggers the detection to security of system state, the safe condition of detecting system.By This, can improve availability and feasibility, it is also possible to the safe condition of real-time detecting system.

It is utilized the response speed of the break of loophole, the power of protection user in order to operating system can be improved to the full extent Benefit, is preferably minimized the loss of user, and in an embodiment of the disclosure, as shown in figure 14, this safety detection device also may be used Including locking module 90, locking module 90 can be used for when determining that module 20 determines that system is in non-secure states, generates locking Instruction, and according to described lock instruction, the payment function of system is locked.

In an embodiment of the disclosure, as shown in figure 15, this safety detection device may also include that information generates Module 100, more newly requested generation module 110 and more new module 120.

Wherein, information generation module 100 can be used for when determining that module 20 determines that system is in non-secure states, raw Become information, to prompt the user whether system is updated.More newly requested generation module 110 can be used for receiving being During the confirmation instruction that system is updated, generate the system update to system and ask, and system update request is sent to server. More new module 120 can be used for receive server send according to system update acquisition request to system update fileinfo, and According to system update fileinfo, system is updated.

Thus, when determining that system is in non-secure states, take to guide user to carry out system update, such as system upgrade or Person is retaining in the case of user data the measures such as complete brush machine, so at utmost can improve operating system and be utilized in Shangdi The response speed of the break of loophole, and user being warned in the very first time, it is ensured that the property of user and privacy information Safety, the rights and interests of protection user, reduce minimum by the loss of user.

The safety detection device of the operating system that the present embodiment provides, by real-time monitor operating system to realize actively prison The safe condition of control user terminal, it is to avoid user can not find that the operating system of user terminal exists leak and causes user in time Privacy leakage and the generation of the problem such as property loss, improve the response speed finding that operating system exists hidden danger, improve The safety of user terminal.

In order to realize above-described embodiment, disclosure embodiment also proposed a kind of terminal, and this terminal includes: one or many Individual processor；Memorizer；One or more program, one or more program stores in memory, when by one or Multiple processors proceed as follows when performing:

In step S101 ' in, the safe condition of detecting system, whether there is illegal high authority including detecting system and enter Journey, and/or, detecting system file is the most damaged.

In step S102 ' in, when there is illegal high authority process in the system of detecting and/or system file is damaged, Determine that system is in non-secure states.

Figure 16 is the device 1600 according to a kind of safety detection for operating system shown in an exemplary embodiment Block diagram.Such as, device 1600 can be mobile phone, computer, digital broadcast terminal, messaging devices, game console, Tablet device, armarium, body-building equipment, personal digital assistant etc..

With reference to Figure 16, device 1600 can include following one or more assembly: processes assembly 1602, memorizer 1604, Electric power assembly 1606, multimedia groupware 1608, audio-frequency assembly 1610, the interface 1612 of input/output (I/O), sensor cluster 1614, and communications component 1616.

Process assembly 1602 and generally control the integrated operation of device 1600, such as with display, call, data communication, The operation that camera operation and record operation are associated.Process assembly 1602 and can include that one or more processor 1620 performs Instruction, to complete all or part of step of above-mentioned method.Additionally, process assembly 1602 can include one or more mould Block, it is simple to process between assembly 1602 and other assemblies is mutual.Such as, process assembly 1602 and can include multi-media module, With facilitate multimedia groupware 1608 and process between assembly 1602 mutual.

Memorizer 1604 is configured to store various types of data to support the operation at device 1600.These data Example include on device 1600 operation any application program or the instruction of method, contact data, telephone book data, Message, picture, video etc..Memorizer 1604 can by any kind of volatibility or non-volatile memory device or they Combination realizes, such as static RAM (SRAM), Electrically Erasable Read Only Memory (EEPROM), erasable can Program read-only memory (EPROM), programmable read only memory (PROM), read only memory (ROM), magnetic memory, flash memory Reservoir, disk or CD.

The various assemblies that electric power assembly 1606 is device 1600 provide electric power.Electric power assembly 1606 can include power management System, one or more power supplys, and other generate, manage and distribute, with for device 1600, the assembly that electric power is associated.

The screen of one output interface of offer that multimedia groupware 1608 is included between described device 1600 and user.? In some embodiments, screen can include liquid crystal display (LCD) and touch panel (TP).If screen includes touch panel, Screen may be implemented as touch screen, to receive the input signal from user.Touch panel includes that one or more touch passes Sensor is with the gesture on sensing touch, slip and touch panel.Described touch sensor can not only sense touch or slide dynamic The border made, but also detect the persistent period relevant to described touch or slide and pressure.In certain embodiments, many Media component 1608 includes a front-facing camera and/or post-positioned pick-up head.When device 1600 is in operator scheme, such as shooting mould When formula or video mode, front-facing camera and/or post-positioned pick-up head can receive the multi-medium data of outside.Each preposition shooting Head and post-positioned pick-up head can be a fixing optical lens system or have focal length and optical zoom ability.

Audio-frequency assembly 1610 is configured to output and/or input audio signal.Such as, audio-frequency assembly 1610 includes a wheat Gram wind (MIC), when device 1600 is in operator scheme, during such as call model, logging mode and speech recognition mode, mike quilt It is configured to receive external audio signal.The audio signal received can be further stored at memorizer 1604 or via communication Assembly 1616 sends.In certain embodiments, audio-frequency assembly 1610 also includes a speaker, is used for exporting audio signal.

I/O interface 1612 provides interface, above-mentioned peripheral interface module for processing between assembly 1602 and peripheral interface module Can be keyboard, put striking wheel, button etc..These buttons may include but be not limited to: home button, volume button, start button and Locking press button.

Sensor cluster 1614 includes one or more sensor, for providing the state of various aspects to comment for device 1600 Estimate.Such as, what sensor cluster 1614 can detect device 1600 opens/closed mode, the relative localization of assembly, such as institute Stating display and keypad that assembly is device 1600, sensor cluster 1614 can also detect device 1600 or device 1,600 1 The position change of individual assembly, the presence or absence that user contacts with device 1600, device 1600 orientation or acceleration/deceleration and dress Put the variations in temperature of 1600.Sensor cluster 1614 can include proximity transducer, is configured to do not having any physics The existence of object near detection during contact.Sensor cluster 1614 can also include optical sensor, as CMOS or ccd image sense Device, for using in imaging applications.In certain embodiments, this sensor cluster 1614 can also include acceleration sensing Device, gyro sensor, Magnetic Sensor, pressure transducer or temperature sensor.

Communications component 1616 is configured to facilitate the communication of wired or wireless mode between device 1600 and other equipment.Dress Put 1600 and can access wireless network based on communication standard, such as WiFi, 2G or 3G, or combinations thereof.Exemplary at one In embodiment, broadcast singal or broadcast that communications component 1616 receives from external broadcasting management system via broadcast channel are relevant Information.In one exemplary embodiment, described communications component 1616 also includes near-field communication (NFC) module, to promote short distance Communication.Such as, can be based on RF identification (RFID) technology in NFC module, Infrared Data Association (IrDA) technology, ultra broadband (UWB) technology, bluetooth (BT) technology and other technologies realize.

In the exemplary embodiment, device 1600 can be by one or more application specific integrated circuits (ASIC), numeral Signal processor (DSP), digital signal processing appts (DSPD), PLD (PLD), field programmable gate array (FPGA), controller, microcontroller, microprocessor or other electronic components realize, be used for performing said method.

In the exemplary embodiment, a kind of non-transitory computer-readable recording medium including instruction, example are additionally provided As included the memorizer 1604 of instruction, above-mentioned instruction can have been performed said method by the processor 1620 of device 1600.Example If, described non-transitory computer-readable recording medium can be ROM, random access memory (RAM), CD-ROM, tape, soft Dish and optical data storage devices etc..

Those skilled in the art, after considering description and putting into practice invention disclosed herein, will readily occur to its of the disclosure Its embodiment.The application is intended to any modification, purposes or the adaptations of the disclosure, these modification, purposes or Person's adaptations is followed the general principle of the disclosure and includes the undocumented common knowledge in the art of the disclosure Or conventional techniques means.Description and embodiments is considered only as exemplary, and the true scope of the disclosure and spirit are by following Claim is pointed out.

It should be appreciated that the disclosure is not limited to precision architecture described above and illustrated in the accompanying drawings, and And various modifications and changes can carried out without departing from the scope.The scope of the present disclosure is only limited by appended claim.

Claims (23)

1. the safety detection method of an operating system, it is characterised in that comprise the following steps:

The safe condition of detecting system, including detecting whether described system exists illegal high authority process, and/or, detection system System file is the most damaged；

When the system of detecting exists illegal high authority process and/or system file is damaged, determine that described system is in non- Safe condition.

2. the method for claim 1, it is characterised in that whether described detecting system exists illegal high authority process bag Include:

Obtain current system high authority process；

By high authority process phase comparison legal with pre-recorded system for described current system high authority process, identify whether to have The high authority process not being recorded；

If there being the high authority process not being recorded, then the high authority that the high authority process not being recorded described in confirmation is illegal is entered Journey.

3. the method for claim 1, it is characterised in that described detecting system file is the most damaged to be included:

Obtain system file；

By system file phase comparison legal with pre-recorded system for described system file, identify whether to have be not recorded be System file；

If there being the system file not being recorded, then confirm that described system file is damaged.

4. method as claimed in claim 2, it is characterised in that the method for the high authority process that the system of record is legal, including:

The enumerated value of the high authority process that record system is legal and number；And/or

The authority content of record system residence critical processes.

5. method as claimed in claim 3, it is characterised in that the method for the system file that the system of record is legal, including:

The file verification code of the system file that record system is legal.

6. method as claimed in claim 2, it is characterised in that the legal high authority process of described pre-recorded system is passed through Following steps obtain:

Determine the hardware equipment information of terminal belonging to described operating system, and described hardware equipment information is sent to server；

The described pre-recorded system got according to described hardware equipment information receiving that described server sends is legal High authority process.

7. method as claimed in claim 2, it is characterised in that described method also includes: by high authority legal for described system Process is encrypted, and is stored in system partitioning.

8. method as claimed in claim 3, it is characterised in that described method also includes: by system literary composition legal for described system Part is encrypted, and is stored in system partitioning.

9. the method for claim 1, it is characterised in that the safe condition of described detecting system includes:

When described system start-up, trigger the detection to security of system state；And/or,

After described system start-up, periodically or by preset rules trigger the detection to security of system state.

10. the method for claim 1, it is characterised in that described method also includes:

When determining that system is in non-secure states, generate lock instruction, and according to the described lock instruction payment merit to system Can lock.

11. the method for claim 1, it is characterised in that described method also includes:

When determining that system is in non-secure states, generate information, to prompt the user whether system is updated；

When receiving the confirmation instruction that system is updated, generate the system update to system and ask, and by described system More newly requested transmission is to server；

Receive that described server sends according to described system update acquisition request to system update fileinfo, and according to institute State system update fileinfo system is updated.

The safety detection device of 12. 1 kinds of operating systems, it is characterised in that including:

Detection module, for the safe condition of detecting system, including detecting whether described system exists illegal high authority process, And/or, detecting system file is the most damaged；

Determine module, for when the system of detecting exists illegal high authority process and/or system file is damaged, determine institute The system of stating is in non-secure states.

13. devices as claimed in claim 12, it is characterised in that described detection module includes:

High authority process obtains submodule, is used for obtaining current system high authority process；

High authority process contrast submodule, for by height legal to described current system high authority process and pre-recorded system Authority process phase comparison, to identify whether to have the high authority process not being recorded；

Illegal high authority process confirms submodule, for when there being the high authority process not being recorded, is not recorded described in confirmation High authority process be illegal high authority process.

14. devices as claimed in claim 12, it is characterised in that described detection module includes:

System file obtains submodule, is used for obtaining system file；

System file contrast submodule, for compared with system file legal with pre-recorded system for described system file Right, to identify whether to have the system file not being recorded；

System file damaged confirmation submodule, for when there being the system file not being recorded, confirms described system file quilt Damage.

15. devices as claimed in claim 13, it is characterised in that described device also includes:

The high authority process logging modle that system is legal, for recording enumerated value and the number of the legal high authority process of system, And/or, the authority content of record system residence critical processes.

16. devices as claimed in claim 14, it is characterised in that described device also includes:

The system file logging modle that system is legal, for recording the file verification code of the legal system file of system.

17. devices as claimed in claim 13, it is characterised in that described device also includes:

The high authority process acquisition module that system is legal, for determining the hardware equipment information of terminal belonging to described operating system, And send described hardware equipment information to server, and receive obtaining according to described hardware equipment information of described server transmission The high authority process that the described pre-recorded system got is legal.

18. devices as claimed in claim 13, it is characterised in that described device also includes:

The high authority process memory module that system is legal, for high authority process legal for described system being encrypted, and is stored in In system partitioning.

19. devices as claimed in claim 14, it is characterised in that described device also includes:

The system file memory module that system is legal, for being encrypted by system file legal for described system, and is stored in system In subregion.

20. devices as claimed in claim 12, it is characterised in that described device also includes:

Trigger module, for when described system start-up, triggers the detection to security of system state, and/or, open in described system After Dong, periodically or by preset rules trigger the detection to security of system state；

Wherein, described detection module, when described trigger module triggers the detection to security of system state, detects described system Safe condition.

21. devices as claimed in claim 12, it is characterised in that described device also includes:

Locking module, for described determine that module determines that described system is in non-secure states time, generate lock instruction, and root According to described lock instruction, the payment function of system is locked.

22. devices as claimed in claim 12, it is characterised in that described device also includes:

Information generation module, for described determine that module determines that system is in non-secure states time, generate information, To prompt the user whether system is updated；

More newly requested generation module, for when receiving the confirmation instruction being updated system, generating the system to system More newly requested, and the request of described system update is sent to server；

More new module, for receive described server send according to described system update acquisition request to system update file Information, and according to described system update fileinfo, system is updated.

23. 1 kinds of terminals, it is characterised in that including:

One or more processor；

Memorizer；

One or more program, one or more program stores in which memory, when by one or Multiple processors proceed as follows when performing:

The safe condition of detecting system, including detecting whether described system exists illegal high authority process, and/or, detection system System file is the most damaged；

When the system of detecting exists illegal high authority process and/or system file is damaged, determine that described system is in non- Safe condition.