CN107085691A - A kind of customization mobile terminal operating system safety method based on Root fractions - Google Patents
A kind of customization mobile terminal operating system safety method based on Root fractions Download PDFInfo
- Publication number
- CN107085691A CN107085691A CN201710185644.6A CN201710185644A CN107085691A CN 107085691 A CN107085691 A CN 107085691A CN 201710185644 A CN201710185644 A CN 201710185644A CN 107085691 A CN107085691 A CN 107085691A
- Authority
- CN
- China
- Prior art keywords
- operating system
- mobile terminal
- ability value
- terminal operating
- root
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/629—Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention relates to a kind of customization mobile terminal operating system safety method based on Root fractions, comprise the following steps:(1)Operating system source code of the tradition based on Linux is modified, is formed and customizes mobile terminal operating system;(2)System Privileges are divided into the characteristic of 36 kinds of ability values according to linux kernel, in detection procedure authority part, the Log of record audit log are added;(3)When process does not have required authority, it would be desirable to ability value recorded in audit log;(4)The ability value of inspection process;(5)Ability value required for print progress, and assign account and perform ability value needed for the process.Root fractions are introduced and customize mobile terminal operating system by the present invention, and the Root power user right in legacy operating system is decomposed, the harm brought to mobile terminal user is reduced, and drastically increase the security performance for customizing mobile terminal operating system.
Description
Technical field
The present invention relates to mobile message security technology area, and in particular to a kind of customization movement based on Root fractions is eventually
Hold operating system security method.
Background technology
With the fast development of mobile technology, mobile terminal becomes more and more intelligent, and people can pass through mobile terminal
It is easy to operate to complete various demands, the animation of people is significantly improved, it is home-confined just to know
Affairs in this world, row affairs in this world., will be to eventually once system is cracked but this also brings greatly hidden danger to the information security of user
End subscriber brings serious loss.Therefore, people also increasingly pay attention to the safety problem of mobile terminal.
At present, most of the operating system of carrying on mobile terminals is the Android operation system based on Linux, should
There is a super account Root in operating system, if the UID of process is Root, then it can do things all in system
Feelings.Because Root has highest authority, carry out management system through conventional Root user, can bring certain safety hidden to system
Suffer from.Such as, the destructive order of a unconscious input is possible to that destructive strike can be brought to system.In addition, if
System has been implanted sniff instrument, if with Root log in Root passwords can be caused to be stolen, these all can to terminal user with
Carry out greatly potential safety hazard.
The content of the invention
It is an object of the invention to provide a kind of customization mobile terminal operating system safety method based on Root fractions,
In mobile terminal operating system is customized, using Root decentralization power mechanisms, to put forward the security performance for doing mobile terminal.
To achieve the above object, present invention employs following technical scheme:
A kind of customization mobile terminal operating system safety method based on Root fractions, specifically includes following steps:
(1)Operating system source code of the tradition based on Linux is modified, is formed and customizes mobile terminal operating system;
(2)System Privileges are divided into the characteristic of 36 kinds of ability values according to linux kernel, in detection procedure authority part, note are added
Record the Log of audit log;
(3)When process does not have required authority, it would be desirable to ability value recorded in audit log;
(4)The ability value of inspection process;
(5)Call, print corresponding ability value, and assign account and perform ability value needed for the process.
The described customization mobile terminal operating system safety method based on Root fractions, step(4)In, it is described to check
The ability value of process, is obtained by following steps:
(41)File is performed using the operation of target account, is detected whether with the ability value matched with authority;
(42)When process needs special authority, the result of audit log is checked.
As shown from the above technical solution, a kind of customization mobile terminal operation system based on Root fractions of the present invention
System safety method, Root fractions are introduced and customize mobile terminal operating system, customization mobile terminal operating system is solved
Once be acquired Root authority, will under attack or controlled risk problem, be truly realized can manage, it is controllable, can review,
So as to reduce the harm brought to mobile terminal user, the security for customizing mobile terminal operating system is drastically increased
Energy.
Brief description of the drawings
Fig. 1 is the flow chart of the present invention.
Embodiment
The present invention will be further described below in conjunction with the accompanying drawings:
As shown in figure 1, a kind of customization mobile terminal operating system safety method based on Root fractions of the present embodiment, specifically
Comprise the following steps:
Step Step01:Operating system source code of the tradition based on Linux is modified, is formed and customizes mobile terminal operation system
System;
Step Step02:System Privileges are divided into the characteristic of 36 kinds of ability values according to linux kernel, in detection procedure authority portion
Point, add the Log of record audit log;
Step Step03:When process does not have required authority, it would be desirable to ability value recorded in audit log;
Step Step04:The ability value of inspection process, the step specifically includes following steps:
Step Step041:File is performed using the operation of target account, is detected whether with the ability value matched with authority;
Step Step042:When process needs special authority, the result of audit log is checked.
Step Step05:Call, the ability value required for print progress, and assign account and perform ability needed for the process
Value.
There is a super account Root in traditional operating system, it can do things all in system, and actual
Upper each service does not need having the ability for Root accounts simultaneously, and it only needs to a portion ability, therefore by Root fraction machines
System, which is added, customizes mobile terminal operating system, cuts down Root authority.According to the principle of least privilege, only to service minimum
Authority, accordingly even when attacker results in the control of system service, it will not also obtain all authorities, reduce significantly
Harm to system.Root fractions are added and customize mobile terminal operating system, weakens Root user's super authority, presses simultaneously
According to the principle of least privilege, extraction operation is carried out when necessary to domestic consumer, it is normally run, substantially reduce because being attacked
The harm hit and brought to system.
Embodiment described above is only that the preferred embodiment of the present invention is described, not to the model of the present invention
Enclose and be defined, on the premise of design spirit of the present invention is not departed from, technical side of the those of ordinary skill in the art to the present invention
In various modifications and improvement that case is made, the protection domain that claims of the present invention determination all should be fallen into.
Claims (2)
1. a kind of customization mobile terminal operating system safety method based on Root fractions, it is characterised in that including following step
Suddenly:
(1)Operating system source code of the tradition based on Linux is modified, is formed and customizes mobile terminal operating system;
(2)System Privileges are divided into the characteristic of 36 kinds of ability values according to linux kernel, in detection procedure authority part, note are added
Record the Log of audit log;
(3)When process does not have required authority, it would be desirable to ability value recorded in audit log;
(4)The ability value of inspection process;
(5)Ability value required for print progress, and assign account and perform ability value needed for the process.
2. the customization mobile terminal operating system safety method according to claim 1 based on Root fractions, its feature
It is:Step(4)In, the ability value of the inspection process is obtained by following steps:
(41)File is performed using the operation of target account, is detected whether with the ability value matched with authority;
(42)When process needs special authority, the result of audit log is checked.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710185644.6A CN107085691A (en) | 2017-03-26 | 2017-03-26 | A kind of customization mobile terminal operating system safety method based on Root fractions |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710185644.6A CN107085691A (en) | 2017-03-26 | 2017-03-26 | A kind of customization mobile terminal operating system safety method based on Root fractions |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107085691A true CN107085691A (en) | 2017-08-22 |
Family
ID=59614868
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710185644.6A Pending CN107085691A (en) | 2017-03-26 | 2017-03-26 | A kind of customization mobile terminal operating system safety method based on Root fractions |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107085691A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107643982A (en) * | 2017-09-13 | 2018-01-30 | 北京元心科技有限公司 | The ability detection method and device of program process |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102184355A (en) * | 2011-04-11 | 2011-09-14 | 浪潮电子信息产业股份有限公司 | Method for realizing separation of three powers by using kernel technology |
CN103701801A (en) * | 2013-12-26 | 2014-04-02 | 四川九洲电器集团有限责任公司 | Resource access control method |
CN105138898A (en) * | 2015-07-22 | 2015-12-09 | 北京元心科技有限公司 | Method for allocating operation right to application program in intelligent terminal |
-
2017
- 2017-03-26 CN CN201710185644.6A patent/CN107085691A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102184355A (en) * | 2011-04-11 | 2011-09-14 | 浪潮电子信息产业股份有限公司 | Method for realizing separation of three powers by using kernel technology |
CN103701801A (en) * | 2013-12-26 | 2014-04-02 | 四川九洲电器集团有限责任公司 | Resource access control method |
CN105138898A (en) * | 2015-07-22 | 2015-12-09 | 北京元心科技有限公司 | Method for allocating operation right to application program in intelligent terminal |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107643982A (en) * | 2017-09-13 | 2018-01-30 | 北京元心科技有限公司 | The ability detection method and device of program process |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102768717B (en) | Malicious file detection method and malicious file detection device | |
CN104462970B (en) | A kind of Android application program privilege abuse detection methods based on process communication | |
CN105516969B (en) | A kind of SMS safe verification method | |
CN102208002B (en) | Novel computer virus scanning and killing device | |
JP6945447B2 (en) | How to call the local keyboard on the HTML page of the user terminal device and its device | |
CN102130918A (en) | Account binding system for network logon authentication | |
CN104375836A (en) | Method and device for showing lock screen window | |
CN107872433A (en) | A kind of auth method and its equipment | |
CN104333454B (en) | A kind of method of work of the dynamic token of renewable seed | |
CN105095751A (en) | Method for detecting malicious phishing application for Android platform | |
CN107480513B (en) | Authentication implementation method and device, computer device and readable storage medium | |
CN106845234A (en) | A kind of Android malware detection method based on the monitoring of function flow key point | |
CN110362719A (en) | Data processing method, device, electric terminal and storage medium | |
CN106559419A (en) | The application and identification method and identification terminal of short message verification code | |
CN104346550A (en) | Information processing method and electronic equipment | |
CN107085691A (en) | A kind of customization mobile terminal operating system safety method based on Root fractions | |
CN107018232A (en) | A kind of identifying code rendering method and terminal | |
CN107844700A (en) | A kind of method and system of intelligent protection operating system user account | |
CN108833116B (en) | Electronic signature method | |
CN104036392B (en) | A kind of method of network payment and device | |
CN107633174A (en) | A kind of user inputs management method and device, terminal | |
CN111881047B (en) | Method and device for processing obfuscated script | |
CN107612939A (en) | The safety protecting method and device of self-service terminal | |
CN115774872A (en) | Platform region fusion type terminal software safety detection method based on sandbox | |
CN101635629B (en) | Secure password authentication method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170822 |