CN107085691A - A kind of customization mobile terminal operating system safety method based on Root fractions - Google Patents

A kind of customization mobile terminal operating system safety method based on Root fractions Download PDF

Info

Publication number
CN107085691A
CN107085691A CN201710185644.6A CN201710185644A CN107085691A CN 107085691 A CN107085691 A CN 107085691A CN 201710185644 A CN201710185644 A CN 201710185644A CN 107085691 A CN107085691 A CN 107085691A
Authority
CN
China
Prior art keywords
operating system
mobile terminal
ability value
terminal operating
root
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710185644.6A
Other languages
Chinese (zh)
Inventor
王佩光
曾楠
范叶平
郝悍勇
郭瑞祥
汪鹏
孙奉林
操李节
郭政
张地
李翔宇
姜家国
王超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Information and Telecommunication Co Ltd
Anhui Jiyuan Software Co Ltd
Original Assignee
State Grid Information and Telecommunication Co Ltd
Anhui Jiyuan Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Information and Telecommunication Co Ltd, Anhui Jiyuan Software Co Ltd filed Critical State Grid Information and Telecommunication Co Ltd
Priority to CN201710185644.6A priority Critical patent/CN107085691A/en
Publication of CN107085691A publication Critical patent/CN107085691A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/629Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention relates to a kind of customization mobile terminal operating system safety method based on Root fractions, comprise the following steps:(1)Operating system source code of the tradition based on Linux is modified, is formed and customizes mobile terminal operating system;(2)System Privileges are divided into the characteristic of 36 kinds of ability values according to linux kernel, in detection procedure authority part, the Log of record audit log are added;(3)When process does not have required authority, it would be desirable to ability value recorded in audit log;(4)The ability value of inspection process;(5)Ability value required for print progress, and assign account and perform ability value needed for the process.Root fractions are introduced and customize mobile terminal operating system by the present invention, and the Root power user right in legacy operating system is decomposed, the harm brought to mobile terminal user is reduced, and drastically increase the security performance for customizing mobile terminal operating system.

Description

A kind of customization mobile terminal operating system safety method based on Root fractions
Technical field
The present invention relates to mobile message security technology area, and in particular to a kind of customization movement based on Root fractions is eventually Hold operating system security method.
Background technology
With the fast development of mobile technology, mobile terminal becomes more and more intelligent, and people can pass through mobile terminal It is easy to operate to complete various demands, the animation of people is significantly improved, it is home-confined just to know Affairs in this world, row affairs in this world., will be to eventually once system is cracked but this also brings greatly hidden danger to the information security of user End subscriber brings serious loss.Therefore, people also increasingly pay attention to the safety problem of mobile terminal.
At present, most of the operating system of carrying on mobile terminals is the Android operation system based on Linux, should There is a super account Root in operating system, if the UID of process is Root, then it can do things all in system Feelings.Because Root has highest authority, carry out management system through conventional Root user, can bring certain safety hidden to system Suffer from.Such as, the destructive order of a unconscious input is possible to that destructive strike can be brought to system.In addition, if System has been implanted sniff instrument, if with Root log in Root passwords can be caused to be stolen, these all can to terminal user with Carry out greatly potential safety hazard.
The content of the invention
It is an object of the invention to provide a kind of customization mobile terminal operating system safety method based on Root fractions, In mobile terminal operating system is customized, using Root decentralization power mechanisms, to put forward the security performance for doing mobile terminal.
To achieve the above object, present invention employs following technical scheme:
A kind of customization mobile terminal operating system safety method based on Root fractions, specifically includes following steps:
(1)Operating system source code of the tradition based on Linux is modified, is formed and customizes mobile terminal operating system;
(2)System Privileges are divided into the characteristic of 36 kinds of ability values according to linux kernel, in detection procedure authority part, note are added Record the Log of audit log;
(3)When process does not have required authority, it would be desirable to ability value recorded in audit log;
(4)The ability value of inspection process;
(5)Call, print corresponding ability value, and assign account and perform ability value needed for the process.
The described customization mobile terminal operating system safety method based on Root fractions, step(4)In, it is described to check The ability value of process, is obtained by following steps:
(41)File is performed using the operation of target account, is detected whether with the ability value matched with authority;
(42)When process needs special authority, the result of audit log is checked.
As shown from the above technical solution, a kind of customization mobile terminal operation system based on Root fractions of the present invention System safety method, Root fractions are introduced and customize mobile terminal operating system, customization mobile terminal operating system is solved Once be acquired Root authority, will under attack or controlled risk problem, be truly realized can manage, it is controllable, can review, So as to reduce the harm brought to mobile terminal user, the security for customizing mobile terminal operating system is drastically increased Energy.
Brief description of the drawings
Fig. 1 is the flow chart of the present invention.
Embodiment
The present invention will be further described below in conjunction with the accompanying drawings:
As shown in figure 1, a kind of customization mobile terminal operating system safety method based on Root fractions of the present embodiment, specifically Comprise the following steps:
Step Step01:Operating system source code of the tradition based on Linux is modified, is formed and customizes mobile terminal operation system System;
Step Step02:System Privileges are divided into the characteristic of 36 kinds of ability values according to linux kernel, in detection procedure authority portion Point, add the Log of record audit log;
Step Step03:When process does not have required authority, it would be desirable to ability value recorded in audit log;
Step Step04:The ability value of inspection process, the step specifically includes following steps:
Step Step041:File is performed using the operation of target account, is detected whether with the ability value matched with authority;
Step Step042:When process needs special authority, the result of audit log is checked.
Step Step05:Call, the ability value required for print progress, and assign account and perform ability needed for the process Value.
There is a super account Root in traditional operating system, it can do things all in system, and actual Upper each service does not need having the ability for Root accounts simultaneously, and it only needs to a portion ability, therefore by Root fraction machines System, which is added, customizes mobile terminal operating system, cuts down Root authority.According to the principle of least privilege, only to service minimum Authority, accordingly even when attacker results in the control of system service, it will not also obtain all authorities, reduce significantly Harm to system.Root fractions are added and customize mobile terminal operating system, weakens Root user's super authority, presses simultaneously According to the principle of least privilege, extraction operation is carried out when necessary to domestic consumer, it is normally run, substantially reduce because being attacked The harm hit and brought to system.
Embodiment described above is only that the preferred embodiment of the present invention is described, not to the model of the present invention Enclose and be defined, on the premise of design spirit of the present invention is not departed from, technical side of the those of ordinary skill in the art to the present invention In various modifications and improvement that case is made, the protection domain that claims of the present invention determination all should be fallen into.

Claims (2)

1. a kind of customization mobile terminal operating system safety method based on Root fractions, it is characterised in that including following step Suddenly:
(1)Operating system source code of the tradition based on Linux is modified, is formed and customizes mobile terminal operating system;
(2)System Privileges are divided into the characteristic of 36 kinds of ability values according to linux kernel, in detection procedure authority part, note are added Record the Log of audit log;
(3)When process does not have required authority, it would be desirable to ability value recorded in audit log;
(4)The ability value of inspection process;
(5)Ability value required for print progress, and assign account and perform ability value needed for the process.
2. the customization mobile terminal operating system safety method according to claim 1 based on Root fractions, its feature It is:Step(4)In, the ability value of the inspection process is obtained by following steps:
(41)File is performed using the operation of target account, is detected whether with the ability value matched with authority;
(42)When process needs special authority, the result of audit log is checked.
CN201710185644.6A 2017-03-26 2017-03-26 A kind of customization mobile terminal operating system safety method based on Root fractions Pending CN107085691A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710185644.6A CN107085691A (en) 2017-03-26 2017-03-26 A kind of customization mobile terminal operating system safety method based on Root fractions

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710185644.6A CN107085691A (en) 2017-03-26 2017-03-26 A kind of customization mobile terminal operating system safety method based on Root fractions

Publications (1)

Publication Number Publication Date
CN107085691A true CN107085691A (en) 2017-08-22

Family

ID=59614868

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710185644.6A Pending CN107085691A (en) 2017-03-26 2017-03-26 A kind of customization mobile terminal operating system safety method based on Root fractions

Country Status (1)

Country Link
CN (1) CN107085691A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107643982A (en) * 2017-09-13 2018-01-30 北京元心科技有限公司 The ability detection method and device of program process

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102184355A (en) * 2011-04-11 2011-09-14 浪潮电子信息产业股份有限公司 Method for realizing separation of three powers by using kernel technology
CN103701801A (en) * 2013-12-26 2014-04-02 四川九洲电器集团有限责任公司 Resource access control method
CN105138898A (en) * 2015-07-22 2015-12-09 北京元心科技有限公司 Method for allocating operation right to application program in intelligent terminal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102184355A (en) * 2011-04-11 2011-09-14 浪潮电子信息产业股份有限公司 Method for realizing separation of three powers by using kernel technology
CN103701801A (en) * 2013-12-26 2014-04-02 四川九洲电器集团有限责任公司 Resource access control method
CN105138898A (en) * 2015-07-22 2015-12-09 北京元心科技有限公司 Method for allocating operation right to application program in intelligent terminal

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107643982A (en) * 2017-09-13 2018-01-30 北京元心科技有限公司 The ability detection method and device of program process

Similar Documents

Publication Publication Date Title
CN102768717B (en) Malicious file detection method and malicious file detection device
CN104462970B (en) A kind of Android application program privilege abuse detection methods based on process communication
CN105516969B (en) A kind of SMS safe verification method
CN102208002B (en) Novel computer virus scanning and killing device
JP6945447B2 (en) How to call the local keyboard on the HTML page of the user terminal device and its device
CN102130918A (en) Account binding system for network logon authentication
CN104375836A (en) Method and device for showing lock screen window
CN107872433A (en) A kind of auth method and its equipment
CN104333454B (en) A kind of method of work of the dynamic token of renewable seed
CN105095751A (en) Method for detecting malicious phishing application for Android platform
CN107480513B (en) Authentication implementation method and device, computer device and readable storage medium
CN106845234A (en) A kind of Android malware detection method based on the monitoring of function flow key point
CN110362719A (en) Data processing method, device, electric terminal and storage medium
CN106559419A (en) The application and identification method and identification terminal of short message verification code
CN104346550A (en) Information processing method and electronic equipment
CN107085691A (en) A kind of customization mobile terminal operating system safety method based on Root fractions
CN107018232A (en) A kind of identifying code rendering method and terminal
CN107844700A (en) A kind of method and system of intelligent protection operating system user account
CN108833116B (en) Electronic signature method
CN104036392B (en) A kind of method of network payment and device
CN107633174A (en) A kind of user inputs management method and device, terminal
CN111881047B (en) Method and device for processing obfuscated script
CN107612939A (en) The safety protecting method and device of self-service terminal
CN115774872A (en) Platform region fusion type terminal software safety detection method based on sandbox
CN101635629B (en) Secure password authentication method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170822