CN106778089B - System and method for safely managing and controlling software authority and behavior - Google Patents
System and method for safely managing and controlling software authority and behavior Download PDFInfo
- Publication number
- CN106778089B CN106778089B CN201611095114.4A CN201611095114A CN106778089B CN 106778089 B CN106778089 B CN 106778089B CN 201611095114 A CN201611095114 A CN 201611095114A CN 106778089 B CN106778089 B CN 106778089B
- Authority
- CN
- China
- Prior art keywords
- application program
- authority
- file
- policy
- configuration file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 23
- 230000006399 behavior Effects 0.000 claims abstract description 43
- 230000001960 triggered effect Effects 0.000 claims abstract description 16
- 230000009471 action Effects 0.000 claims abstract description 7
- 230000004888 barrier function Effects 0.000 claims description 9
- 230000006870 function Effects 0.000 abstract description 15
- 230000008901 benefit Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 3
- 238000012827 research and development Methods 0.000 description 3
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a method for safely managing and controlling software authority and behaviors, which is characterized by comprising the following steps: setting a security control file for controlling the authority of an application program based on a policy configuration file at an initial position of the running of the application program in a program coding form in a code form, limiting the authority of the application program according to a first policy configuration file pushed by a server based on the safety control file triggered by the running of the application program, and generating and pushing a second policy configuration file to the security control file of the application program by the server based on the authority information and the running condition of the application program fed back by the security control file. Aiming at the software containing the authority abuse or malicious behaviors, the invention cuts off the malicious behavior action according to the strategy, closes the authority with hidden danger, reserves other functions useful for the user, reserves and allows the execution of the functions, so that the software can meet the requirements of the user and ensure the information safety of the user.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a system and a method for safely managing and controlling software authority and behaviors.
Background
With the development of software systems and the internet, application software with various functions appears in large quantity, and the abundant requirements of people on the software in work and life are met. But at the same time, malware and rogue software on computers, especially mobile devices, are layered endlessly and difficult for users to discriminate. Particularly, some APP provided by some manufacturers for free is seemingly functional and safe, but the software will collect the privacy information of the user in the background, such as: geographical position, address book content, SMS, photo etc to on secretly uploading the server of firm with these privacy information, cause the information to reveal the hidden danger.
For similar malicious software or rogue software, a common user cannot identify the authority and the behavior of the software on one hand, and on the other hand, even if the common user knows that the software has the privacy disclosure risk, many users have to compromise considering that the software has the functional advantage that other software is difficult to replace, and continue to run and collect information by the software.
At present, antivirus software and security guard type tools on the market monitor the software externally, once the software is found to have violation phenomena in the authority or behavior, the software is directly closed, even the software is unloaded, and the authority and the behavior of the software are difficult to be accurately controlled.
Chinese patent CN 105389263 a discloses an application software permission monitoring method, which includes: downloading a third-party application software installation package; analyzing the attributes of the third-party application software, the process name during starting and the applied authority, wherein the attributes at least comprise a package name, activity, services, broadcast and permission; generating a joba for comparison and verification according to the information obtained by analysis; and installing the generated jobs to a tested terminal with security software, and installing third-party application software by the tested terminal according to the description of the jobs and performing comparison and verification. Although the patent can monitor the access authority of the software, the user needs to install the security software in the operating system, and the software cannot realize the control of the authority and the behavior.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a method for safely managing and controlling software authority and behaviors, which is characterized by comprising the following steps:
setting a security management and control file for managing and controlling the authority of the application program based on the policy configuration file in the form of codes at the initial position of the running of the application program in the form of program codes,
the security management file triggered based on the running of the application program limits the authority of the application program according to a first policy configuration file pushed by a server,
and the server generates and pushes a second policy configuration file to the security management and control file of the application program based on the authority information and the running condition of the application program fed back by the security management and control file.
According to a preferred embodiment, the server adjusts the first policy configuration file into the second policy configuration file based on the information of the authority to be controlled of the application program marked and fed back by the security control file,
the security management and control file limits the authority of the application program based on the authority policy list of the second policy configuration file.
According to a preferred embodiment, the security management and control file adjusts the permission policy list of the second policy configuration file based on the operation barrier of the application program so as to generate a third policy configuration file, and the security management and control file marks the third policy configuration file and version information of the application program corresponding to the third policy configuration file and pushes the third policy configuration file and the version information of the application program to the server for storage.
According to a preferred embodiment, the server selects a first policy configuration file, a second policy configuration file or a third policy configuration file matched with the version information of the application program fed back by the security management and control file according to the version information of the application program fed back by the security management and control file, and pushes the selected first policy configuration file, the second policy configuration file or the third policy configuration file to the security management and control file in the application program.
According to a preferred embodiment, the server pushes update information to the security management and control file according to the authority information of the failed management and control fed back by the security management and control file and the version information of the corresponding application program, so as to update the security management and control file.
According to a preferred embodiment, the step of setting a security management and control file for managing and controlling the application program authority based on a policy configuration file in the form of a code at an initial position of the application program running in the form of program code comprises:
disassembling, reversely assembling and/or reversely compiling the application program to be managed into program codes,
setting the code of the safety control file to an initial position or an initialization node position running in program codes,
and forward compiling the program code provided with the safety control file into an application program controlled by the safety control file.
According to a preferred embodiment, the security management and control file calculates and judges the number of times and time of starting the limit authority in the operation of the application program based on the policy requirement of the first policy configuration file or the second policy configuration file, and intercepts the limit information sent by the limit authority;
and the safety management and control file recalculates and judges the starting times and time of the limit authority in the operation of the application program based on the operation obstacle of the application program, so that a third strategy configuration file is generated, and the recalculated and judged starting times and time of the limit authority and the limit information are pushed to the server for storage.
According to a preferred embodiment, the security management and control file determines the limit authority by comparing the authority information listed in the authority policy list in the policy configuration file with the authority information applied by the application program,
the management and control instruction of the security management and control file is triggered based on the starting of the limit authority so as to prevent the starting of the limit authority and/or intercept the limit information sent by the limit authority.
According to a preferred embodiment, in the case that the security management and control file loses signal connection with the server, the security management and control file adds the to-be-managed authority information of the application program, which is not recorded in the authority policy list of the first policy profile, to the authority policy list and sets the to-be-managed authority information to a disabled state, thereby generating the second policy profile,
the security management and control file adjusts the permission policy list of the second policy configuration file based on the operation barrier of the application program so as to generate a third policy configuration file.
A system for safely managing and controlling software authority and behavior is characterized by comprising a server, a piece placing module, a compiling module and a safety management and control file,
the server stores code of a security management and control file and pushes a policy configuration file based on feedback information of the security management and control file,
the compiling module disassembles, reversely assembles and/or reversely compiles the application program to be managed into program codes,
the install-in module sets a security management and control file for managing and controlling the authority of the application program based on the policy configuration file in the form of code at the initial position of the running of the application program in the form of program code,
the security management file triggered based on the running of the application program limits the authority of the application program according to the first policy configuration file pushed by the server,
and the server generates and pushes a second policy configuration file to the security management and control file of the application program based on the authority information and the running condition of the application program fed back by the security management and control file.
The invention has the beneficial technical effects that:
1. aiming at software containing permission abuse or malicious behaviors, the method does not simply and roughly forbid the operation and the use of the software, but cuts off the actions of the malicious behaviors and closes the permissions with hidden dangers according to the strategy. Other functions of the application that are useful to the user are retained and allowed to execute.
2. The application program can realize the control of the authority and the safety behavior without relying on the user to install antivirus software or monitoring software such as a safety guard and the like in an operating system.
3. The traditional method for manually setting the prohibited authority is one-sided, which easily causes running obstacles of some application programs or cannot prohibit the authority which is not set. The invention adjusts the authority relative to the running of the application program on the basis of manual setting, and further forbids other unnecessary authorities which are not set without influencing the running of the application program.
Drawings
FIG. 1 is a logic diagram of the method of the present invention; and
FIG. 2 is a logical schematic of the system of the present invention.
List of reference numerals
10: the server 20: the placement module 30: compiling module
40: security management and control file
Detailed Description
The following detailed description is made with reference to the accompanying drawings.
The content of the security control file comprises the type of the authority, the trust level, the name of the authority group and the functions related to the personal privacy information to be controlled under the authority group.
The application program in the invention is an application program provided by a third-party program developer and used for being installed on a user computer system or an intelligent device system. The computer system comprises a Windows system, an XP system and a Linux system. The intelligent equipment system comprises an IOS system and an Android system.
The server comprises a remote server and a cloud server.
As shown in fig. 1, the present invention provides a method for securely managing and controlling software permissions and behaviors, including:
s1: setting a security management and control file for managing and controlling the application program authority based on the policy configuration file at an initial running position of the application program in a program coding form in a code form;
s2: the security management and control file triggered based on the running of the application program limits the authority of the application program according to a first policy configuration file pushed by a server;
s3: and the server generates and pushes a second policy configuration file to the security management and control file of the application program based on the authority information and the running condition of the application program fed back by the security management and control file.
In the invention, the authority behaviors of the application program comprise: the real-time authority of behaviors such as dialing a call, sending a short message and/or a multimedia message, opening a 2G/3G/4G network privately, opening a WLAN network privately, opening a Bluetooth network privately, reading a contact person, reading a call record, reading a short message and/or a multimedia message, acquiring the position of a mobile phone, recording by using a microphone, opening a camera, writing/deleting a contact person, writing/deleting a call record, writing/deleting a short message and/or a multimedia message and the like. The invention is not limited to the kind of behavior, which may also include other kinds of behavior of the application.
The rights restrictions of the present invention include allowing access and prohibiting access. The safety control file sets different authorities according to different application programs. For example, for the application WeChat, the security management and control file sets an access permission for allowing access to the foreground running state of the WeChat, sets an access permission for forbidding access to the temporary running state of the WeChat, and sets a refined access permission for the background running state of the WeChat. Such as: for the background running state of the WeChat, the access authority for the GPS resource of the system resource can be set as permission to access, the access authority for the address book of the system resource is set as prohibition to access, and the like, and the method is not limited to the background running state of the WeChat.
The safety control file is a management file formed after a service team manually writes and repeatedly tests the safety control file. The safety control file can be a complete executable program or a section of code. The encoding language of the safety control file includes a PASCAL language, a C language, a FORTRAN language, a BASIC language, a COBOL language, a FOXBASE language, and the like.
Example 1
The embodiment provides a method for performing security control on software permission and behavior, which includes:
s1: setting a security management and control file for managing and controlling the authority of the application program based on the policy configuration file in the form of codes at the initial position of the running of the application program in the form of program codes,
s2: the security management file triggered based on the running of the application program limits the authority of the application program according to a first policy configuration file pushed by a server,
s3: and the server generates and pushes a second policy configuration file to the security management and control file of the application program based on the authority information and the running condition of the application program fed back by the security management and control file.
The present embodiment describes a method for securely managing and controlling software rights and behaviors as follows.
S1: and setting a security management and control file for managing and controlling the authority of the application program based on the policy configuration file in the form of codes at the initial position of the running of the application program in the form of program codes.
The application program to be installed can apply for various authorities during operation, such as acquiring a geographical position, reading an address list, accessing a camera, a microphone and the like. These rights and behaviors are not necessarily required for the functionality that the developer of the application claims to provide, may be code that the developer is in the position to gain additional added benefit, or may be post-injected by the vendor of the software download channel to be superimposed, and thus may be superfluous or even harmful to the end application user. For example: some developer makes a free game program, the game program only provides picture interactive intelligence-benefiting games, and the game program does not have the game function based on the geographic position or the online game function with communication friends, but the game program can be operated to apply for obtaining the authority of the geographic position of the system and the authority of accessing the address book, and the actual purpose is to upload user information to the server and sell the user information to other advertising companies for profit.
The application programs of the present invention include application programs that are published or not published by developers. When a user of the application program prepares to use the application program in a specific range and needs to ensure the safety and the controllability of the application program, the safety control file is set into the program code of the application program, so that the application program has the function of safely controlling the self authority, and then the application program with the safety control function is used in the specific range. The security management and control file is a universal version applicable to most applications. For a special application program discovered in a later stage, code confusion or encryption protection may be performed, and a code directly injected into a security management and control file may cause a failure of a monitoring function. Therefore, the safety control file can be modified perfectly and updated very after being upgraded, and better compatibility and universality are achieved.
Preferably, the step of setting a security management and control file for managing and controlling the authority of the application program based on the policy configuration file in the form of a code at an initial position of the running of the application program in the form of program code includes:
s11: disassembling, reversely assembling and/or reversely compiling the application program to be controlled into program codes;
s12: setting codes of the safety control file at an initial position or an initialization node position operated in a program code;
s13: and forward compiling the program code provided with the safety control file into an application program controlled by the safety control file.
And disassembling the application program to be managed and controlled into program codes. Or reversely compiling the application program needing to be managed into the program code in the form of SMALI or JAVA.
Finding the starting position of program operation in the program codes of the application program, and setting the codes of the security management and control file at the starting position of the program operation or the position of an initialization node. The setting of the safety control file is equivalent to changing the running mechanism of the application program. When the application program runs to the initial position or the position of the initialization node, the code of the safety control file is executed. And returning to continuously execute the subsequent encoding program of the application program after the code of the security management and control file is executed.
After the setting of the safety control file is completed, the changed and set application program is subjected to forward assembly or forward compiling again to form the application program which can be normally installed and operated and has the safety control function and is used for releasing in a specific range.
S2: the security management and control file triggered based on the running of the application program limits the authority of the application program according to a first policy configuration file pushed by a server.
The safety control file triggers the operation based on the operation of the application program. When the security control file runs, policy configuration file request information is sent to the server, and the server responds to the request of the security control file and pushes the latest first policy configuration file to the security control file. The first policy profile contains a list of permission policies. The authority policy list displays partial forbidding authority and permission of enabling so as to ensure the information security of the application program. And the safety control file correspondingly limits and controls the authority of the application program item by item according to the list items of the authority strategy list of the first strategy configuration file. Or when the application program tries to run the authority displayed in the authority policy list, the security management and control file monitors and triggers an interception action to intercept the information sent by the authority so as to ensure that the actual running behavior of the application program does not exceed the authority policy range specified by the server and achieve the goal of security management and control.
S3: and the server generates and pushes a second policy configuration file to the security management and control file of the application program based on the authority information and the running condition of the application program fed back by the security management and control file.
And under the condition that the security control file correspondingly controls the authority of the application program based on the first policy configuration file, the security control file feeds back the authority which is not shown in the authority policy list to the server, namely feeds back the authority which is not in the control range. The safety control file feeds back the authority information of the application program in the control range, the authority information of the application program not in the control range and the operation condition of the authority to the server. And the server adjusts the authority policy list of the pushed first policy configuration file based on the authority information and the operating condition of the application program fed back by the security management and control file, and adds new authority, thereby generating a second policy configuration file containing an updated authority policy list. And the server pushes the second policy configuration file to a security management and control file of the corresponding application program.
According to a preferred embodiment, the server adjusts the first policy configuration file to the second policy configuration file based on the information of the permission to be managed of the application program marked and fed back by the security management file. The security management and control file limits the authority of the application program based on the authority policy list of the second policy configuration file.
Preferably, in the process of feeding back the authority information to the server, the security management and control file marks the authority information to be managed and then sends the authority information to the server. And the server adjusts the authority policy list of the first policy configuration file according to the authority information to be controlled, which is marked and fed back by the security control file, and adds new authority, so that a second policy configuration file containing an updated authority policy list is generated and pushed to the corresponding security control file. For example, the newly added authority of the second policy profile is set to be prohibited. The security management and control file correspondingly limits and manages and controls the authority of the application program item by item based on the list items of the authority policy list of the second policy configuration file. Or when the application program tries to run the authority displayed in the authority policy list, the security management and control file monitors and triggers an interception action to intercept the information sent by the authority so as to ensure that the actual running behavior of the application program does not exceed the authority policy range specified by the server and achieve the goal of security management and control.
According to a preferred embodiment, the security management and control file adjusts the permission policy list of the second policy configuration file based on the operation barrier of the application program so as to generate a third policy configuration file, and the security management and control file marks the third policy configuration file and version information of the application program corresponding to the third policy configuration file and pushes the third policy configuration file and the version information of the application program to the server for storage.
After the security management and control file performs authority management and control according to the second policy configuration file, operation obstacles of the application program may be caused. Since some of the permissions are the ones that are necessary to start up the application while it is running. And the security management and control file adjusts the newly added management and control authorities in the authority strategy list of the second strategy configuration file one by one, and changes the limitation of the authorities until the application program can normally run. The security management and control file monitors the newly started authority and the information sent by the newly started authority and sends the newly started authority and the information to the server. And generating the second policy configuration file with the adjusted authority policy list into a third policy configuration file. The security management and control file adds a mark to the third policy configuration file and pushes the third policy configuration file and the version information of the corresponding application program to the server. And the server stores the marked third policy configuration file and the version information of the corresponding application program. When the security management and control file is installed in the application program with the same version information again, the server directly pushes a third policy configuration file with a mark to the security management and control file according to the version information of the application program fed back by the security management and control file. According to the invention, the control range of the application program can be enhanced by adjusting the policy configuration file. The management of the authority cannot be omitted due to the preset control range, and the running of the application program cannot be influenced due to the control authority, so that running obstacles are generated.
According to a preferred embodiment, the server selects a first policy configuration file, a second policy configuration file or a third policy configuration file matched with the version information of the application program fed back by the security management and control file according to the version information of the application program fed back by the security management and control file, and pushes the selected first policy configuration file, the second policy configuration file or the third policy configuration file to the security management and control file in the application program.
Different application programs are applicable to different authority control ranges. Some applications apply the first policy profile without adjustment. Some applications apply the adjusted second policy profile. Some applications apply the adjusted third policy profile. After the security management and control file is set into the application program, the security management and control file is triggered to be started based on the running of the application program. And sending the version information of the application program to the server after the safety control file is started. And if the version information of the application program and the record of the corresponding policy configuration file are stored in the server, sending the corresponding first policy configuration file, second policy configuration file or third policy configuration file to the security management and control file. And if the version information of the application program fed back by the server to the security management and control file is not recorded, sending a first policy configuration file with a pervasive range to the server.
According to a preferred embodiment, the server pushes update information to the security management and control file according to the authority information of the failed management and control fed back by the security management and control file and the version information of the corresponding application program, so as to update the security management and control file.
The security management and control file can be suitable for universal versions of various application programs. However, due to the diversity of the application programs, some application programs may be subjected to code obfuscation or encryption protection, and the code directly set in the security management and control file may cause a result of management and control failure. That is, the authority in the application program does not accept the control and limitation of the security control file. Therefore, the security management and control file feeds back the version information of the application program and the authority management and control condition to the server. And modifying and perfecting the safety control file by a research and development service team of the safety control file according to the version information of the application program recorded by the server and the authority control condition so as to achieve better compatibility and universality. The modified application may be fully compatible and applicable over a period of time.
According to a preferred embodiment, the security management and control file calculates and judges the number of times and time of starting the restriction right in the operation of the application program based on the policy requirement of the first policy configuration file or the second policy configuration file, and intercepts the restriction information sent by the restriction right. And the safety management and control file recalculates and judges the starting times and time of the limit authority in the operation of the application program based on the operation obstacle of the application program, so that a third strategy configuration file is generated, and the recalculated and judged starting times and time of the limit authority and the limit information are pushed to the server for storage.
Preferably, the security management and control file can determine the specific behavior of the malicious behavior in the application program. For example: the first policy profile or the second policy profile pushed by the server specifies: the mobile office application program cannot use the permission of acquiring the microphone recording, and the geographical position is acquired for no more than 1 time every day so as to prevent the range information from being leaked. When the application program runs, once the microphone is tried to be started, the safety control file monitors the behavior and immediately blocks the behavior. And the application program triggers the judgment and recording of the safety control file every time when acquiring the geographical position, and the recording, reporting and blocking operation are carried out when the triggering is carried out for more than 1 time in the time period of 00: 00-24: 00. If the authority regulation of the first policy configuration file hinders the operation of the application program and generates operation obstacles, the security management and control file adjusts an authority policy list in the policy configuration file to generate a third policy configuration file, and the starting times and time of the limit authority in the operation of the application program are calculated and judged again. Or, the security management and control file recalculates and judges the starting times and time of the limit authority which does not affect the operation of the application program based on the operation obstacle of the application program, so as to adjust the authority policy list in the policy configuration file and generate a third policy configuration file. And the safety control file pushes the starting times and time of the limit authority obtained by recalculation and judgment and the limit information to the server for storage.
According to a preferred embodiment, the security management and control file determines the restriction permission by comparing the permission information listed in the permission policy list in the policy configuration file with the permission information applied by the application program. The management and control instruction of the security management and control file is triggered based on the starting of the limit authority so as to prevent the starting of the limit authority and/or intercept the limit information sent by the limit authority.
For example, the authority policy list of the policy configuration file specifies that the authority to read the short message is prohibited. And the application program runs or applies for the permission of reading the short message in the running process. The security management and control file determines that the permission for reading the short message is a limit permission and should be prohibited by comparing the prohibition information of the permission for reading the short message listed in the permission policy list in the policy configuration file with the application permission for reading the short message. And triggering a control instruction of the security control file when the authority of the application program for reading the short message runs. The control instruction of the safety control file is triggered based on the starting of the permission of reading the short message, so that the starting of the permission of reading the short message is prevented and/or the information sent by the application program after reading the short message is intercepted.
According to a preferred embodiment, in the case that the security management and control file loses signal connection with the server, the security management and control file adds the to-be-managed authority information of the application program, which is not recorded in the authority policy list of the first policy configuration file, to the authority policy list and sets the to-be-managed authority information to a disabled state, so as to generate the second policy configuration file. The security management and control file adjusts the permission policy list of the second policy configuration file based on the operation barrier of the application program so as to generate a third policy configuration file.
After the security management and control file is set in the application program, the application program with the management and control function can be released and used independently from the association of the server. Under the condition that the safety control file is not in signal connection with the server, the safety control file does not need information pushed by the server and controls the application program. The security management and control file is provided with a default policy configuration file. The security management and control file can still manage and control the authority behaviors and the malicious behaviors of the application program according to the default policy configuration file.
And if the security control file finds that the application program has the authority information to be controlled, which is not recorded in the authority policy list of the first policy configuration file, adding the authority information to be controlled to the authority control list and setting the authority control list to be in a forbidden state, so as to generate the second policy configuration file. Applications create operational barriers because some of the necessary permissions are prohibited. And the security management and control file adjusts the authority policy list of the second policy configuration file based on the operation obstacle of the application program, and adjusts the newly added limit authority influencing the operation of the application program into an allowable state, so that the application program can normally operate. And generating a third policy configuration file by the adjusted second policy configuration file.
Example 2
This embodiment is a further improvement and description of embodiment 1, and repeated contents are not described again.
As shown in fig. 2, the present embodiment provides a system for securely managing and controlling software permissions and behaviors, which includes a server 10, a placing module 20, a compiling module 30, and a security management and control file 40.
Preferably, the first policy profile is formed by manual writing and repeated testing, rather than automatically generated by software or a system. The first policy file is stored in a server or configured in a security management file.
According to a preferred embodiment, the security management file is integrated into the placement module 20 before being installed into the application.
And the server stores codes of a security management and control file and pushes a policy configuration file based on feedback information of the security management and control file.
Preferably, the placement module 20 and the compiling module 30 are arranged on a remote server or a smart terminal which is wirelessly connected with the application program. Accordingly, the code of the security administration file is stored in the server 10 or in the mount module 20. The placement module 20 specifies the objects and time between placements by the user.
The intelligent terminal comprises a desktop computer, a notebook computer, an intelligent mobile phone, an intelligent bracelet, intelligent glasses and the like.
In general, a user cannot touch a code of a security management and control file, the user starts the compiling module 30 and the placing module 20 at the intelligent terminal through the wireless connection server 10, the compiling module 30 decodes a specified application program, and the placing module 20 sets the security management and control file for the specified application program. Finally, the compiling module 30 forwards compiles the application program provided with the security management and control file into an application program having a function of managing and controlling the authority of the application program.
And the user is connected with the server through the application program of the intelligent terminal and instructs to install the safety control file on the appointed application program. The server responds to the indication of the intelligent terminal and starts the compiling module 30. The compiling module 30 disassembles, reversely assembles and/or reversely compiles the application program to obtain a program code. After the compiling module 30 completes decoding of the application program, it sends a completion message to the component placement module 20. The setup module 20 starts to set the code of the security management and control file 40 to the program code of the application program in response to the information of the compiling module 20. After the setting module 20 sets the safety control file 40, a forward compiling instruction or information is sent to the compiling module 20. The compiling module 20 carries out forward compiling on the application program provided with the program code of the security management and control file.
Specifically, the operation of the system for securely managing software permissions and behaviors of the present invention is described below.
S1: the install module 20 sets a security management and control file for managing the authority of the application program based on the policy configuration file in the form of a code at an initial position where the application program in the form of program code runs.
Preferably, the step of setting, by the widget module 20, a security management and control file for managing and controlling the authority of the application based on the policy configuration file in the form of a code at an initial location where the application in the form of program code runs includes:
s11: the compiling module 30 disassembles, reversely compiles and/or reversely compiles the application program to be managed and controlled into program codes;
s12: the setting module 20 sets the code of the security management and control file at an initial position or an initialization node position running in a program code;
s13: the compiling module 30 forward compiles the program code provided with the security management and control file into an application program managed by the security management and control file.
The compiling module 30 disassembles the application program to be managed into program codes. Or the compiling module 30 inversely compiles or inversely compiles the application program to be managed into program code in the form of SMALI or JAVA.
The setting module 20 finds the starting position of the program running in the program code of the application program, and sets the code of the security management and control file at the starting position of the program running or the position of the initialization node.
After the setting of the security control file is completed, the compiling module 30 performs forward compilation or forward compiling on the changed and set application program again to form an application program with a security control function, which can be normally installed and operated, for issuing in a specific range.
S2: the security management and control file triggered based on the running of the application program limits the authority of the application program according to a first policy configuration file pushed by a server.
The security management file 40 triggers execution based on the execution of the application program. When the security management and control file 40 runs, policy profile request information is sent to the server 10, and the server 10 responds to the request of the security management and control file 40 and pushes the latest first policy profile to the security management and control file 40. The first policy profile contains a list of permission policies. The authority policy list displays partial forbidding authority and permission of enabling so as to ensure the information security of the application program. The security management and control file 40 correspondingly limits and manages the authority of the application program item by item according to the list items of the authority policy list of the first policy configuration file. Or when the application program tries to run the authority displayed in the authority policy list, the security management and control file monitors and triggers an interception action to intercept the information sent by the authority so as to ensure that the actual running behavior of the application program does not exceed the authority policy range specified by the server and achieve the goal of security management and control.
S3: and the server generates and pushes a second policy configuration file to the security management and control file of the application program based on the authority information and the operating condition of the application program fed back by the security management and control file.
And under the condition that the security control file correspondingly controls the authority of the application program based on the first policy configuration file, the security control file feeds back the authority which is not shown in the authority policy list to the server, namely feeds back the authority which is not in the control range. The safety control file feeds back the authority information of the application program in the control range, the authority information of the application program not in the control range and the operation condition of the authority to the server. And the server adjusts the authority policy list of the pushed first policy configuration file based on the authority information and the operating condition of the application program fed back by the security management and control file, and adds new authority, thereby generating a second policy configuration file containing an updated authority policy list. And the server pushes the second policy configuration file to a security management and control file of the corresponding application program.
According to a preferred embodiment, the server adjusts the first policy configuration file to the second policy configuration file based on the information of the permission to be managed of the application program marked and fed back by the security management file. The security management and control file limits the authority of the application program based on the authority policy list of the second policy configuration file.
According to a preferred embodiment, the security management and control file adjusts the permission policy list of the second policy configuration file based on the operation barrier of the application program so as to generate a third policy configuration file, and the security management and control file marks the third policy configuration file and version information of the application program corresponding to the third policy configuration file and pushes the third policy configuration file and the version information of the application program to the server for storage.
After the security management and control file performs authority management and control according to the second policy configuration file, operation obstacles of the application program may be caused. And the security management and control file adjusts the newly added management and control authorities in the authority strategy list of the second strategy configuration file one by one, and changes the limitation of the authorities until the application program can normally run. The security management and control file monitors the newly started authority and the information sent by the newly started authority and sends the newly started authority and the information to the server, and generates a second policy configuration file with the adjusted authority policy list into a third policy configuration file. The security management and control file adds a mark to the third policy configuration file and pushes the third policy configuration file and the version information of the corresponding application program to the server. And the server stores the marked third policy configuration file and the version information of the corresponding application program.
According to a preferred embodiment, the server selects a first policy configuration file, a second policy configuration file or a third policy configuration file matched with the version information of the application program fed back by the security management and control file according to the version information of the application program fed back by the security management and control file, and pushes the selected first policy configuration file, the second policy configuration file or the third policy configuration file to the security management and control file in the application program.
After the security management and control file is set into the application program, the security management and control file is triggered to be started based on the running of the application program. And sending the version information of the application program to the server after the safety control file is started. And if the version information of the application program and the record of the final corresponding policy configuration file are stored in the server, sending the corresponding first policy configuration file, second policy configuration file or third policy configuration file to the security management and control file. And if the version information of the application program fed back by the server to the security management and control file is not recorded, sending a first policy configuration file with a pervasive range to the server.
According to a preferred embodiment, the server pushes update information to the security management and control file according to the authority information of the failed management and control fed back by the security management and control file and the version information of the corresponding application program, so as to update the security management and control file.
And the safety control file feeds back the version information of the application program and the condition of failure of authority control to the server. And modifying and perfecting the safety control file according to the version information of the application program and the authority control condition recorded by the server by a research and development team of the safety control system so as to achieve better compatibility and universality. The modified application may be fully compatible and applicable over a period of time. The research and development team of the security management and control system sets the updated security management and control file in the server 10 or the component placement module 20. The install module 20 sets the latest security management and control file to the application after the update.
According to a preferred embodiment, the security management and control file calculates and judges the number of times and time of starting the restriction right in the operation of the application program based on the policy requirement of the first policy configuration file or the second policy configuration file, and intercepts the restriction information sent by the restriction right. And the safety management and control file recalculates and judges the starting times and time of the limit authority in the operation of the application program based on the operation obstacle of the application program, so that a third strategy configuration file is generated, and the recalculated and judged starting times and time of the limit authority and the limit information are pushed to the server for storage.
According to a preferred embodiment, the security management and control file determines the restriction permission by comparing the permission information listed in the permission policy list in the policy configuration file with the permission information applied by the application program. The management and control instruction of the security management and control file is triggered based on the starting of the limit authority so as to prevent the starting of the limit authority and/or intercept the limit information sent by the limit authority.
According to a preferred embodiment, in the case that the security management and control file loses signal connection with the server, the security management and control file adds the to-be-managed authority information of the application program, which is not recorded in the authority policy list of the first policy configuration file, to the authority policy list and sets the to-be-managed authority information to a disabled state, so as to generate the second policy configuration file. The security management and control file adjusts the permission policy list of the second policy configuration file based on the operation barrier of the application program so as to generate a third policy configuration file.
After the security management and control file is set in the application program, the application program with the management and control function can be released and used independently from the association of the server. Under the condition that the safety control file is not in signal connection with the server, the safety control file does not need information pushed by the server and controls the application program. The security management and control file is provided with a default policy configuration file. The security management and control file can still manage and control the authority behaviors and the malicious behaviors of the application program according to the default policy configuration file.
And if the security control file finds that the application program has the authority information to be controlled, which is not recorded in the authority policy list of the first policy configuration file, adding the authority information to be controlled to the authority control list and setting the authority control list to be in a forbidden state, so as to generate the second policy configuration file. Applications create operational barriers because some of the necessary permissions are prohibited. And the security management and control file adjusts the authority policy list of the second policy configuration file based on the operation obstacle of the application program, and adjusts the newly added limit authority influencing the operation of the application program into an allowable state, so that the application program can normally operate. And generating a third policy configuration file by the adjusted second policy configuration file.
Compared with a program which is managed by a security system, the system has the advantage that the application program is free from the defect of setting the authority by the security program. The application program processed by the system can actively control all permission requests of the application program without influencing the operation of the application program. The system does not need the user to actively manage the authority and the behavior of the application software, so that the user can operate the application program more conveniently and simply.
It should be noted that the above-mentioned embodiments are exemplary, and that those skilled in the art, having benefit of the present disclosure, may devise various arrangements that are within the scope of the present disclosure and that fall within the scope of the invention. It should be understood by those skilled in the art that the present specification and figures are illustrative only and are not limiting upon the claims. The scope of the invention is defined by the claims and their equivalents.
Claims (7)
1. A method for securely managing and controlling software permissions and behaviors, the method comprising:
setting a security management and control file for managing and controlling the authority of the application program based on the policy configuration file in the form of codes at the initial position of the running of the application program in the form of program codes,
the security management file triggered based on the running of the application limits the authority of the application according to a first policy profile pushed by a server, wherein,
the security control file triggers operation based on operation of an application program, when the security control file operates, policy configuration file request information is sent to a server, the server responds to the request of the security control file and pushes a latest first policy configuration file to the security control file, the first policy configuration file comprises a permission policy list, the permission policy list displays partial permission forbidding and permission for enabling so as to ensure information security of the application program, the security control file correspondingly limits and controls the permission of the application program item by item according to a list item of the permission policy list of the first policy configuration file, or when the application program tries to operate the permission displayed in the permission policy list, the security control file monitors and triggers an interception action to intercept information sent by the permission so as to ensure that actual operation behavior of the application program does not exceed a permission policy range specified by the server, the aim of safety control is achieved,
the server generates and pushes a second policy configuration file to the security management and control file of the application program based on the authority information and the operating condition of the application program fed back by the security management and control file, wherein,
under the condition that the security control file correspondingly controls the authority of the application program based on the first policy configuration file, the security control file feeds back the authority which is not shown in the authority policy list to the server, namely feeds back the authority which is not in the control range, the security control file feeds back the authority information which is in the control range, the authority information which is not in the control range and the operation condition of the authority of the application program to the server, the server adjusts the authority policy list of the pushed first policy configuration file based on the authority information and the operation condition of the application program which are fed back by the security control file, adds new authority, and accordingly generates a second policy configuration file containing an updated authority policy list, and the server pushes the second policy configuration file to the security control file of the corresponding application program;
the server adjusts the first policy configuration file into the second policy configuration file based on the information of the authority to be controlled of the application program marked and fed back by the security control file,
the security management and control file limits the authority of the application program based on the authority policy list of the second policy configuration file;
the security management and control file adjusts the authority policy list of the second policy configuration file based on the operation obstacle of the application program so as to generate a third policy configuration file, and the security management and control file marks the third policy configuration file and version information of the application program corresponding to the third policy configuration file and pushes the third policy configuration file and the version information to the server for storage;
and the server selects a first policy configuration file, a second policy configuration file or a third policy configuration file matched with the security management and control file according to the version information of the application program fed back by the security management and control file and pushes the selected first policy configuration file, the second policy configuration file or the third policy configuration file to the security management and control file in the application program.
2. The method as claimed in claim 1, wherein the server pushes update information to the security management file according to the permission information of failed management and control fed back by the security management file and version information of the corresponding application program, so as to update the security management file.
3. The method for securely managing software authority and behavior according to one of the preceding claims, wherein the step of setting a security management file for managing application program authority based on a policy configuration file in the form of code at an initial position of application program running in the form of program code comprises:
disassembling, reversely assembling and/or reversely compiling the application program to be managed into program codes,
setting the code of the safety control file to an initial position or an initialization node position running in program codes,
and forward compiling the program code provided with the safety control file into an application program controlled by the safety control file.
4. The method for securely managing software permissions and behaviors as claimed in claim 3, wherein the security management and control file calculates and determines the number of times and time of starting the restricted permissions in the application program operation based on the policy requirements of the first policy configuration file or the second policy configuration file, and intercepts the restricted information sent by the restricted permissions;
and the safety management and control file recalculates and judges the starting times and time of the limit authority in the operation of the application program based on the operation obstacle of the application program, so that a third strategy configuration file is generated, and the recalculated and judged starting times and time of the limit authority and the limit information are pushed to the server for storage.
5. The method of claim 4, wherein the security management file determines a restricted permission by comparing permission information listed in a permission policy list in the policy configuration file with permission information applied by an application,
the management and control instruction of the security management and control file is triggered based on the starting of the limit authority so as to prevent the starting of the limit authority and/or intercept the limit information sent by the limit authority.
6. The method for security management of software rights and behaviors according to claim 4 or 5, wherein in case that the security management file loses signal connection with the server, the security management file adds to the rights policy list to be managed rights information of the application program, which is not recorded in the rights policy list of the first policy profile, to the rights policy list and sets it to a disabled state, thereby generating the second policy profile,
the security management and control file adjusts the permission policy list of the second policy configuration file based on the operation barrier of the application program so as to generate a third policy configuration file.
7. A system for safely managing and controlling software authority and behavior is characterized by comprising a server, a piece placing module, a compiling module and a safety management and control file,
the server stores code of a security management and control file and pushes a policy configuration file based on feedback information of the security management and control file,
the compiling module disassembles, reversely assembles and/or reversely compiles the application program to be managed into program codes,
the install-in module sets a security management and control file for managing and controlling the authority of the application program based on the policy configuration file in the form of code at the initial position of the running of the application program in the form of program code,
the security management file triggered based on the running of the application limits the authority of the application according to a first policy profile pushed by the server, wherein,
the security control file triggers operation based on operation of an application program, when the security control file operates, policy configuration file request information is sent to a server, the server responds to the request of the security control file and pushes a latest first policy configuration file to the security control file, the first policy configuration file comprises a permission policy list, the permission policy list displays partial permission forbidding and permission for enabling so as to ensure information security of the application program, the security control file correspondingly limits and controls the permission of the application program item by item according to a list item of the permission policy list of the first policy configuration file, or when the application program tries to operate the permission displayed in the permission policy list, the security control file monitors and triggers an interception action to intercept information sent by the permission so as to ensure that actual operation behavior of the application program does not exceed a permission policy range specified by the server, the aim of safety control is achieved,
the server generates and pushes a second policy configuration file to the security management and control file of the application program based on the authority information and the operating condition of the application program fed back by the security management and control file, wherein,
under the condition that the security control file correspondingly controls the authority of the application program based on the first policy configuration file, the security control file feeds back the authority which is not shown in the authority policy list to the server, namely feeds back the authority which is not in the control range, the security control file feeds back the authority information which is in the control range, the authority information which is not in the control range and the operation condition of the authority of the application program to the server, the server adjusts the authority policy list of the pushed first policy configuration file based on the authority information and the operation condition of the application program which are fed back by the security control file, adds new authority, and accordingly generates a second policy configuration file containing an updated authority policy list, and the server pushes the second policy configuration file to the security control file of the corresponding application program;
the server adjusts the first policy configuration file into the second policy configuration file based on the information of the authority to be controlled of the application program marked and fed back by the security control file,
the security management and control file limits the authority of the application program based on the authority policy list of the second policy configuration file;
and the safety control file adjusts the authority strategy list of the second strategy configuration file based on the operation obstacle of the application program so as to generate a third strategy configuration file, and marks the third strategy configuration file and the version information of the application program corresponding to the third strategy configuration file and pushes the third strategy configuration file and the version information to the server for storage.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110747098.7A CN113360856A (en) | 2016-12-01 | 2016-12-01 | Policy setting system and method based on authority control |
| CN201611095114.4A CN106778089B (en) | 2016-12-01 | 2016-12-01 | System and method for safely managing and controlling software authority and behavior |
| CN202110759334.7A CN113378121A (en) | 2016-12-01 | 2016-12-01 | System and method for adjusting application program permission based on assembly |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611095114.4A CN106778089B (en) | 2016-12-01 | 2016-12-01 | System and method for safely managing and controlling software authority and behavior |
Related Child Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110747098.7A Division CN113360856A (en) | 2016-12-01 | 2016-12-01 | Policy setting system and method based on authority control |
| CN202110759334.7A Division CN113378121A (en) | 2016-12-01 | 2016-12-01 | System and method for adjusting application program permission based on assembly |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106778089A CN106778089A (en) | 2017-05-31 |
| CN106778089B true CN106778089B (en) | 2021-07-13 |
Family
ID=58882839
Family Applications (3)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110759334.7A Pending CN113378121A (en) | 2016-12-01 | 2016-12-01 | System and method for adjusting application program permission based on assembly |
| CN202110747098.7A Pending CN113360856A (en) | 2016-12-01 | 2016-12-01 | Policy setting system and method based on authority control |
| CN201611095114.4A Active CN106778089B (en) | 2016-12-01 | 2016-12-01 | System and method for safely managing and controlling software authority and behavior |
Family Applications Before (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110759334.7A Pending CN113378121A (en) | 2016-12-01 | 2016-12-01 | System and method for adjusting application program permission based on assembly |
| CN202110747098.7A Pending CN113360856A (en) | 2016-12-01 | 2016-12-01 | Policy setting system and method based on authority control |
Country Status (1)
| Country | Link |
|---|---|
| CN (3) | CN113378121A (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107608660B (en) * | 2017-08-31 | 2021-07-06 | 科大讯飞股份有限公司 | Shared skill application method and system |
| CN107832590A (en) * | 2017-11-06 | 2018-03-23 | 珠海市魅族科技有限公司 | Terminal control method and device, terminal and computer-readable recording medium |
| CN108427886B (en) * | 2018-01-25 | 2020-06-02 | 上海掌门科技有限公司 | Method, system, device and readable medium for setting access authority of application program |
| CN108513300A (en) * | 2018-07-11 | 2018-09-07 | 北京奇安信科技有限公司 | A kind of processing method and terminal of management and control wifi connections |
| CN111353132A (en) * | 2018-12-20 | 2020-06-30 | 中移(杭州)信息技术有限公司 | Method and device for limiting use of application program |
| CN110222480A (en) * | 2019-06-13 | 2019-09-10 | 红鼎互联(广州)信息科技有限公司 | The system and method that a kind of pair of software permission and behavior carry out security management and control |
| CN111488569B (en) * | 2020-04-09 | 2022-12-27 | 支付宝(杭州)信息技术有限公司 | Authority determining and managing method, device, equipment and medium |
| CN112181476A (en) * | 2020-08-31 | 2021-01-05 | 北京达佳互联信息技术有限公司 | Application program control method, device, server and storage medium |
| CN114710312B (en) * | 2022-02-16 | 2023-12-19 | 大连九锁网络有限公司 | Mobile phone application program safety control method based on smart watch authorization |
| CN115811636B (en) * | 2022-11-18 | 2024-06-18 | 四川长虹电器股份有限公司 | Security management method for application background startup on intelligent television |
Family Cites Families (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7392246B2 (en) * | 2003-02-14 | 2008-06-24 | International Business Machines Corporation | Method for implementing access control for queries to a content management system |
| CN101359355B (en) * | 2007-08-02 | 2010-07-14 | 芯微技术(深圳)有限公司 | Method for raising user's authority for limitation account under Windows system |
| CN103473232B (en) * | 2012-06-06 | 2018-02-13 | 北京三星通信技术研究有限公司 | The autonomous management devices and methods therefor of application program |
| TWI499932B (en) * | 2013-07-17 | 2015-09-11 | Ind Tech Res Inst | Method for application management, corresponding system, and user device |
| CN103761472B (en) * | 2014-02-21 | 2017-05-24 | 北京奇虎科技有限公司 | Application program accessing method and device based on intelligent terminal |
| CN103761471A (en) * | 2014-02-21 | 2014-04-30 | 北京奇虎科技有限公司 | Application program installation method and device based on intelligent terminal |
| CN103839000B (en) * | 2014-02-21 | 2017-04-26 | 北京奇付通科技有限公司 | Application program installation method and device based on intelligent terminal equipment |
| CN103927476B (en) * | 2014-05-07 | 2017-09-15 | 上海联彤网络通讯技术有限公司 | Realize the intelligence system and method for application program rights management |
| CN104102880B (en) * | 2014-06-30 | 2016-10-05 | 华中科技大学 | A kind of application program rewrite method detecting the attack of Android privilege-escalation and system |
| CN104239764B (en) * | 2014-10-15 | 2017-07-07 | 北京奇虎科技有限公司 | The management-control method and device of terminal device and its systemic-function |
| CN104408366B (en) * | 2014-11-26 | 2017-11-21 | 清华大学 | Android application program authority usage behavior tracking based on Program instrumentation |
| CN104484599B (en) * | 2014-12-16 | 2017-12-12 | 北京奇虎科技有限公司 | A kind of behavior treating method and apparatus based on application program |
| CN105491523A (en) * | 2015-12-08 | 2016-04-13 | 小米科技有限责任公司 | Method and device for acquiring position information |
-
2016
- 2016-12-01 CN CN202110759334.7A patent/CN113378121A/en active Pending
- 2016-12-01 CN CN202110747098.7A patent/CN113360856A/en active Pending
- 2016-12-01 CN CN201611095114.4A patent/CN106778089B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN113378121A (en) | 2021-09-10 |
| CN113360856A (en) | 2021-09-07 |
| CN106778089A (en) | 2017-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106778089B (en) | System and method for safely managing and controlling software authority and behavior | |
| US9787718B2 (en) | Policy-based runtime control of a software application | |
| CN104462978B (en) | A kind of method and apparatus of application program rights management | |
| CN106446632B (en) | Hidden display starting method and hidden display starting device for application program | |
| US8955142B2 (en) | Secure execution of unsecured apps on a device | |
| US8812868B2 (en) | Secure execution of unsecured apps on a device | |
| KR101185130B1 (en) | Method and apparatus for managing policies for time-based licenses on mobile devices | |
| US8549656B2 (en) | Securing and managing apps on a device | |
| TWI249927B (en) | Communication device, control method of communication device, program and communication method | |
| CN103839000B (en) | Application program installation method and device based on intelligent terminal equipment | |
| US20170346824A1 (en) | Methods and systems for mobile device risk management | |
| US8898790B2 (en) | Method for preventing a mobile communication device from leaking secret and system thereof | |
| US20140208397A1 (en) | Geographical restrictions for application usage on a mobile device | |
| US9967284B2 (en) | Processing device and method of operation thereof | |
| US20130091543A1 (en) | System and method for creating secure applications | |
| CN107077565B (en) | A kind of configuration method and equipment of safety instruction information | |
| CN103761472A (en) | Application program accessing method and device based on intelligent terminal | |
| WO2015124017A1 (en) | Method and apparatus for application installation based on intelligent terminal device | |
| US20150358357A1 (en) | Processing device and method of operation thereof | |
| CA2606029A1 (en) | Mechanisms for executing a computer program | |
| CN104462997A (en) | Method, device and system for protecting work data in mobile terminal | |
| GB2391655A (en) | Mobile wireless device with protected file system | |
| CN102509054A (en) | Mobile terminal and application program control method for mobile terminal | |
| CN106557687A (en) | A kind of authority control method and device of application program installation process | |
| CN105493098B (en) | Terminal device, method for protecting terminal device, and terminal management server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |