CN116561811A - File credibility tamper-proof method and device and electronic equipment - Google Patents

File credibility tamper-proof method and device and electronic equipment Download PDF

Info

Publication number
CN116561811A
CN116561811A CN202310844090.1A CN202310844090A CN116561811A CN 116561811 A CN116561811 A CN 116561811A CN 202310844090 A CN202310844090 A CN 202310844090A CN 116561811 A CN116561811 A CN 116561811A
Authority
CN
China
Prior art keywords
file
kernel
information
module
linked list
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310844090.1A
Other languages
Chinese (zh)
Inventor
高志洲
李延
张磊
袁艳芳
谷思庭
杨峰
张彦杰
李超伟
任泳瑜
吴占云
陈奇辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Smartchip Microelectronics Technology Co Ltd
Beijing Smartchip Semiconductor Technology Co Ltd
Original Assignee
Beijing Smartchip Microelectronics Technology Co Ltd
Beijing Smartchip Semiconductor Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Smartchip Microelectronics Technology Co Ltd, Beijing Smartchip Semiconductor Technology Co Ltd filed Critical Beijing Smartchip Microelectronics Technology Co Ltd
Priority to CN202310844090.1A priority Critical patent/CN116561811A/en
Publication of CN116561811A publication Critical patent/CN116561811A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/1734Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6236Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database between heterogeneous systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Bioethics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of file security, and provides a method and a device for preventing file trusted tampering and electronic equipment. The trusted tamper-proof method for the file comprises the following steps: acquiring file information of a file to be protected, and writing the file information into a kernel linked list in a kernel through a transmission channel with the kernel; in response to receiving a file modification instruction, judging whether modification object information of the file modification instruction exists in the kernel linked list or not through a HOOK function preset in a security framework; and under the condition that the modification object information of the file modification instruction exists in the kernel linked list, the file modification instruction is not executed. The embodiment provided by the invention has the advantages of small overhead influence and good decoupling performance while protecting the file security.

Description

File credibility tamper-proof method and device and electronic equipment
Technical Field
The invention relates to the technical field of file security, in particular to a file trusted tamper-proof method, a file trusted tamper-proof device, electronic equipment and a corresponding storage medium.
Background
With the rapid development of the electric power internet of things, more and more terminals are applied to the electric power field. Linux is increasingly adopted by more power terminals due to excellent performance and stability, flexibility and expandability caused by open source codes and lower cost, and meanwhile, the safety problem of the power terminals is also more and more prominent. Therefore, a method for trusted tamper-proofing of files is needed to protect key files stored on the power fusion terminal from being tampered illegally. The trusted computing is a novel computing model, emphasizes parallelism of operation and protection, and is mainly based on a trust chain transmission technology of a hardware security module to effectively improve the security of the system. The technology of trusted tamper resistance to key files is added in the power trusted fusion terminal, so that the integrity of a software and hardware system of the power trusted fusion terminal, the confidentiality of data and the authenticity of identity can be effectively protected, and the overall safety of the power trusted fusion terminal system can be greatly enhanced.
The file trusted tamper-proof technology of the traditional power terminal mainly relies on storing original key files on independent physical storage media or encrypting the original key files for storage, and then comparing the original key files regularly through manpower or software. However, the method has to face that the file is searched by malicious software so as to tamper with the original file, and finally the trusted tamper-resistant technology of the file is invalid.
In addition, technical schemes for carrying out file modification control through a file white list or a file access list also exist in the prior art, but the technical schemes are insufficient in safety protection for the file white list or the file access list, and do not provide enough safety protection measures for the file white list or the file access list, so that the safety risk of bypassing an auditing mechanism is greatly increased through tampering the safety protection measures.
LSM (Linux Security Module): the security framework is a lightweight universal access control framework. The LSM framework is used to control the operation of the kernel object by providing a series of HOOK functions.
KO (Kernel Object): and a kernel module.
Disclosure of Invention
The embodiment of the invention aims to provide a file credibility tamper-proof method, a file credibility tamper-proof device and electronic equipment, and the security of a file access list is improved through a Linux security module and other security mechanisms so as to at least solve part of problems in the background technology.
In order to achieve the above object, the present invention provides a trusted tamper-proof method for a file, the method comprising: acquiring file information of a file to be protected, and writing the file information into a kernel linked list in a kernel through a transmission channel with the kernel; in response to receiving a file modification instruction, judging whether modification object information of the file modification instruction exists in the kernel linked list or not through a HOOK function preset in a security framework; and under the condition that the modification object information of the file modification instruction exists in the kernel linked list, the file modification instruction is not executed.
Preferably, obtaining file information of a file to be protected includes: acquiring a file to be protected configured by trusted management software; obtaining a reference value according to the file identification of the file to be protected and storing the reference value in an encryption database; and reading the reference value in the encryption database as file information of the file to be protected.
Preferably, writing the file information into a kernel linked list in the kernel through a transmission channel with the kernel includes: creating a virtual character type device driver under a device file directory in a file system; transmitting the file information to the kernel by adopting the virtual character type equipment drive; and writing the received file information into the kernel linked list.
Preferably, the HOOK function preset in the security framework is obtained by: defining a security module to apply an audit HOOK function; registering the HOOK function in the security framework; compiling the HOOK function into a kernel module through compiling.
Preferably, after compiling the HOOK function into a kernel module by compiling, the method further comprises: and writing the kernel module into the kernel under the authority of the root user.
Preferably, after not executing the file modification instruction, the method further comprises: and returning error information or prompt information through the virtual character type equipment.
The invention also provides a file credible tamper-proof device, which comprises: the information writing module is used for acquiring file information of a file to be protected and writing the file information into a kernel linked list in the kernel through a transmission channel with the kernel; the inquiry judging module is used for responding to the received file modification instruction and judging whether modification object information of the file modification instruction exists in the kernel linked list or not through a HOOK function preset in the security framework; and the file protection module is used for not executing the file modification instruction under the condition that the modification object information of the file modification instruction exists in the kernel linked list.
Preferably, obtaining file information of a file to be protected includes: acquiring a file to be protected configured by trusted management software; storing the file identification of the file to be protected as a reference value in an encryption database; and reading the reference value in the encryption database as file information of the file to be protected.
Preferably, writing the file information into a kernel linked list in the kernel through a transmission channel with the kernel includes: creating a virtual character type device driver under a device file directory in a file system; transmitting the file information to the kernel by adopting the virtual character type equipment drive; and writing the received file information into the kernel linked list.
Preferably, the HOOK function preset in the security framework is obtained by: defining a security module to apply an audit HOOK function; registering the HOOK function in the security framework; compiling the HOOK function into a kernel module through compiling.
Preferably, the apparatus further comprises a kernel writing module, wherein the kernel writing module is used for: after compiling the HOOK function into a kernel module by compiling, the kernel module is written into a kernel under the authority of the root user.
Preferably, the apparatus further comprises an information return module for: and after the file modification instruction is not executed, returning error information or prompt information through the virtual character type equipment.
The invention also provides an electronic device, comprising: at least one processor; a memory coupled to the at least one processor; the memory stores instructions executable by the at least one processor, and the at least one processor implements the steps of the file trusted tamper-proof method by executing the instructions stored by the memory.
There is also provided in the present invention a machine-readable storage medium having stored thereon instructions that when executed by a processor cause the processor to be configured to perform steps implementing the aforementioned method of trusted tamper resistance of files.
There is also provided in the present invention a computer program product comprising a computer program which, when executed by a processor, implements the steps of the aforementioned file trusted tamper resistant method.
The technical scheme has the following beneficial effects:
(1) The file trusted tamper-proof function provided by the embodiment of the invention does not influence the original security check logic of the Linux system, and has little influence on the original system performance cost while enhancing the security of the protected file.
(2) The file trusted tamper-proof method provided by the embodiment of the invention has good decoupling performance with functions such as an upper audit module and the like, and a developer using the LSM framework can concentrate on business logic without paying attention to compatibility and stability of a bottom kernel.
(3) The implementation mode of the file trusted tamper-proof method supports the trusted management software to flexibly configure the key files to be protected.
Additional features and advantages of embodiments of the invention will be set forth in the detailed description which follows.
Drawings
The accompanying drawings are included to provide a further understanding of embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain, without limitation, the embodiments of the invention. In the drawings:
FIG. 1 schematically illustrates a step diagram of a file trusted tamper resistant method according to an embodiment of the present invention;
fig. 2 schematically illustrates an LSM framework structure;
FIG. 3 schematically illustrates an initialization step of a trusted tamper resistant method for a file according to an embodiment of the present invention;
FIG. 4 schematically illustrates a step diagram of compiling a kernel module according to an embodiment of the present invention;
FIG. 5 schematically illustrates steps of an implementation of a trusted tamper resistant method for files according to an embodiment of the present invention;
fig. 6 schematically shows a schematic structural view of a file trusted tamper resistant device according to an embodiment of the present invention.
Detailed Description
The following describes the detailed implementation of the embodiments of the present invention with reference to the drawings. It should be understood that the detailed description and specific examples, while indicating and illustrating the invention, are not intended to limit the invention.
Fig. 1 schematically shows a step diagram of a method for trusted tamper protection of a file according to an embodiment of the present invention. As shown in fig. 1, a method for trusted tamper resistance of a file, the method comprising:
s01, acquiring file information of a file to be protected, and writing the file information into a kernel linked list in a kernel through a transmission channel with the kernel;
s02, responding to the received file modification instruction, and judging whether modification object information of the file modification instruction exists in the kernel linked list or not through a HOOK function preset in a security framework;
s03, under the condition that the modification object information of the file modification instruction exists in the kernel linked list, the file modification instruction is not executed.
The present embodiment is mainly implemented based on a security framework, which here refers to a Linux Security Module (LSM). The LSM is a lightweight general access framework of the kernel, and a user can select a proper security module to load into the Linux kernel according to the requirement of the user, and the malicious behavior is detected and prevented through a system call hijacking technology. Fig. 2 schematically illustrates an LSM framework structure. As shown in fig. 2, when a user process calls a system function, firstly, executing original functional error check and traditional DAC access control check in the function, before the system actually accesses an internal object of the kernel, judging whether the request is legal or not according to an access control policy in a specific security module by calling the related LSM HOOK function, if the request is consistent with the security policy, continuing to perform subsequent normal operation, otherwise, interrupting the system call, and returning released error information.
In this embodiment, a kernel linked list is constructed by applying an audit HOOK function and LSM framework in the Linux system, similar to the access control list of a file. By enhancing the security design of the kernel linked list and the security design of the access mechanism, the security of the file credibility and tamper resistance is improved.
In some alternative embodiments, obtaining file information of a file to be protected includes: acquiring a file to be protected configured by trusted management software; storing the file identification of the file to be protected as a reference value in an encryption database; and reading the reference value in the encryption database as file information of the file to be protected. In this embodiment, a scheme for transferring the reference value is designed. Because the kernel linked list in the kernel cannot be stored after the system is shut down or restarted, in order to avoid configuring files to be protected after the kernel is restarted each time, a nonvolatile storage device is required to be used for restoring the reference value, so that the reference value of all files does not need to be recalculated after the system is restarted. The reference value is stored, for example, using a SQLite encryption database. According to the scheme, key file information to be protected is stored in the SQLite encryption database as a reference value, and the key file to be protected can be flexibly configured by means of trusted management software. The encryption database here is preferably the SQLite database. In order to simultaneously place the SQLite encryption database storing the reference value in the self-protection catalog of the trusted terminal system, no illegal program is allowed to be modified except trusted management software. SQLite, a lightweight database, is an ACID-compliant relational database management system that is contained in a relatively small C-library that itself supports cryptographic functions. Its design goal is embedded and it has been used in many embedded products, which take up very low resources, and in embedded devices it may be sufficient to only require a few hundred K of memory. The reference value of the file may be a verification value, a hash value, an index value, or a description value of the file obtained according to a predetermined algorithm for each protected file, which is not limited herein. According to the embodiment, the files to be protected configured by the user are cached through the encryption database, so that the direct access of the user or the user terminal to the system kernel is avoided.
In some alternative embodiments, writing the file information to a kernel linked list in the kernel through a transmission channel with the kernel includes: creating a virtual character type device driver under a device file directory in a file system, wherein the device file directory is mostly a Linux/dev folder. The virtual character device driver is a software-level device driver for simulating the behavior of a hardware device. It may have applications and an operating system already present for the device without the actual hardware device. Transmitting the file information to the kernel by adopting the virtual character type equipment drive; and writing the received file information into the kernel linked list. Fig. 3 schematically shows an initialization step diagram of a trusted tamper resistant method for files according to an embodiment of the present invention, comprising the steps of: s201, creating a virtual character type device driver under a Linux/dev folder, and transmitting a file to be protected to a kernel as a transmission channel; and S202, storing the file information to be protected in the SQLite encryption database as a reference value. According to the embodiment, the file information is written into the kernel linked list through the virtual character type device driver, so that the safety of the kernel linked list is improved.
In some alternative embodiments, the HOOK function preset in the security framework is obtained by: defining a security module to apply an audit HOOK function; registering the HOOK function in the security framework; compiling the HOOK function into a kernel module through compiling. FIG. 4 schematically illustrates a step diagram of compiling a kernel module according to an embodiment of the present invention. As shown in fig. 4, it includes the steps of:
s301, defining an audit HOOK function applied by a security module. The security audit system includes a kernel space audit system. The function of auditing the HOOK functions is: and filling the message to be intercepted into an audit context after filtering by rules, adding the audit context into each operation function, and calling an audit HOOK function to send out corresponding time when the file system calls the operation functions to change files or directories in the file system.
S302, registering the HOOK function to the LSM module. The management and the call of the LSM module to the HOOK function are realized by registering in the LSM module.
S303, compiling the module into a kernel KO module. For example, the following manner may be adopted: and using the terminal to enter a catalog of the module software to check the Makefile file. The file is a parameter configuration file responsible for compiling the driver program, and needs to ensure that the above parameters are matched with the current system environment, otherwise, the compiling is failed. The command make is used to generate a module KO file. And executing the command at the terminal, compiling the KO file, and generating the KO file after the compiling is finished, wherein the file is the kernel module.
In some alternative embodiments, after compiling the HOOK function into a kernel module by compiling, the method further comprises: and writing the kernel module into the kernel under the authority of the root user. For example: and switching the end user into a root user (root) through operating instructions such as su+root or sudo su, and adding the kernel module into a system kernel by adopting an insmod instruction. Examples are: insmod xxx.ko, where xxx.ko is the filename of the kernel module. The compiling and the deployment of the driver are completed, and the loading, the testing and the detection of a new driver are realized, so that the system is more robust and stable.
In some alternative embodiments, after not executing the file modification instruction, the method further comprises: and returning error information or prompt information through the virtual character type equipment. In order to prevent the user from mistakenly considering that the system does not respond and continues waiting when the file modification instruction is not executed, the embodiment returns error information or prompt information to the user through the parameters carried by the virtual character type device, so that the file operation user can timely know the operation rejection reason, and user experience is improved.
FIG. 5 schematically illustrates steps of an implementation of a method for trusted tamper resistance of a file according to an embodiment of the present invention, as shown in FIG. 5, and in a more detailed embodiment, it includes the steps of:
step 1, switching an end user into a root user, and using a root user insmod KO module.
And step 2, reading the SQLite encryption database audit reference value data. The reference value data is generated according to file information of a file to be protected.
And step 3, transmitting the read reference value data to a terminal kernel through virtual character equipment, and storing the data in an internal kernel linked list by the kernel.
And 4, starting an application program at the terminal.
And 5, triggering the defined application audit HOOK function.
And step 6, searching whether the kernel linked list contains the reference value of the file information, and selecting and executing the step 7 or the step 8 according to the result.
And 7, if the result is not contained, the audit is successful, the subsequent operation is continued, and the step is ended.
And 8, if the result is that the file is contained, representing that the audit fails, stopping the subsequent operation, and allowing the file not to be modified.
And 9, returning audit error information through the virtual character type equipment, and ending the step.
Through the embodiment or the implementation mode, the tamper resistance of the file is realized by utilizing the existing security mechanism in the Linux system, and the method has the advantages of small performance cost and good decoupling performance.
The file trusted tamper-proof method in the embodiment is preferably applied to the protection of key files of the power fusion terminal, and can improve the safety of the power fusion terminal.
Based on the same conception, the embodiment of the invention also provides a file credible tamper-proof device. Fig. 6 schematically shows a schematic structural view of a file trusted tamper resistant device according to an embodiment of the present invention. As shown in fig. 6, the apparatus includes: the information writing module is used for acquiring file information of a file to be protected and writing the file information into a kernel linked list in the kernel through a transmission channel with the kernel; the inquiry judging module is used for responding to the received file modification instruction and judging whether modification object information of the file modification instruction exists in the kernel linked list or not through a HOOK function preset in the security framework; and the file protection module is used for not executing the file modification instruction under the condition that the modification object information of the file modification instruction exists in the kernel linked list.
In some alternative embodiments, obtaining file information of a file to be protected includes: acquiring a file to be protected configured by trusted management software; storing the file identification of the file to be protected as a reference value in an encryption database; and reading the reference value in the encryption database as file information of the file to be protected.
In some alternative embodiments, writing the file information to a kernel linked list in the kernel through a transmission channel with the kernel includes: creating a virtual character type device driver under a device file directory in a file system; transmitting the file information to the kernel by adopting the virtual character type equipment drive; and writing the received file information into the kernel linked list.
In some alternative embodiments, the HOOK function preset in the security framework is obtained by: defining a security module to apply an audit HOOK function; registering the HOOK function in the security framework; compiling the HOOK function into a kernel module through compiling.
In some alternative embodiments, the apparatus further comprises a kernel write module for: after compiling the HOOK function into a kernel module by compiling, the kernel module is written into a kernel under the authority of the root user.
In some alternative embodiments, the apparatus further comprises an information return module for: and after the file modification instruction is not executed, returning error information or prompt information through the virtual character type equipment.
The specific limitation of each functional module in the above-mentioned file trusted tamper resistant device can be referred to the limitation of the file trusted tamper resistant method hereinabove, and will not be repeated here. Each of the modules in the above-described apparatus may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules. The method also utilizes the existing security mechanism in the Linux system to realize tamper resistance of the file, and has the advantages of small performance cost and good decoupling performance.
In some embodiments of the present invention, there is also provided an electronic device including: at least one processor; a memory coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to perform the steps of the file trusted tamper resistant method described above. The control module or processor herein has the functions of numerical computation and logical operation, and has at least a central processing unit CPU, a random access memory RAM, a read only memory ROM, various I/O ports, an interrupt system, and the like, which have data processing capabilities. The processor includes a kernel, and the kernel fetches the corresponding program unit from the memory. The kernel may be provided with one or more of the methods described above by adjusting the kernel parameters. The memory may include volatile memory, random Access Memory (RAM), and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM), among other forms in computer readable media, the memory including at least one memory chip.
In one embodiment of the present invention, a machine-readable storage medium is provided having instructions stored thereon that, when executed by a processor, cause the processor to be configured to perform the steps of the aforementioned file trusted tamper resistant method.
In one embodiment of the present invention, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the aforementioned file trusted tamper resistant method.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, etc., such as Read Only Memory (ROM) or flash RAM. Memory is an example of a computer-readable medium.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises an element.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims of the present application.

Claims (14)

1. A method for trusted tamper-proofing of a document, the method comprising:
acquiring file information of a file to be protected, and writing the file information into a kernel linked list in a kernel through a transmission channel with the kernel;
in response to receiving a file modification instruction, judging whether modification object information of the file modification instruction exists in the kernel linked list or not through a HOOK function preset in a security framework;
and under the condition that the modification object information of the file modification instruction exists in the kernel linked list, the file modification instruction is not executed.
2. The method of claim 1, wherein obtaining file information for the file to be protected comprises:
acquiring a file to be protected configured by trusted management software;
obtaining a reference value according to the file identification of the file to be protected and storing the reference value in an encryption database;
and reading the reference value in the encryption database as file information of the file to be protected.
3. The method of claim 1, wherein writing the file information to a kernel linked list in the kernel through a transmission channel with the kernel comprises:
creating a virtual character type device driver under a device file directory in a file system;
transmitting the file information to the kernel by adopting the virtual character type equipment drive;
and writing the received file information into the kernel linked list.
4. The method according to claim 1, wherein the HOOK function preset in the security framework is obtained by:
defining a security module to apply an audit HOOK function;
registering the HOOK function in the security framework;
compiling the HOOK function into a kernel module through compiling.
5. The method according to claim 4, wherein after compiling the HOOK function into a kernel module by compiling, the method further comprises:
and writing the kernel module into the kernel under the authority of the root user.
6. The method of claim 2, wherein after not executing the file modification instruction, the method further comprises:
and returning error information or prompt information through the virtual character type equipment.
7. A trusted tamper-resistant device for a document, the device comprising:
the information writing module is used for acquiring file information of a file to be protected and writing the file information into a kernel linked list in the kernel through a transmission channel with the kernel;
the inquiry judging module is used for responding to the received file modification instruction and judging whether modification object information of the file modification instruction exists in the kernel linked list or not through a HOOK function preset in the security framework; and
and the file protection module is used for not executing the file modification instruction under the condition that the modification object information of the file modification instruction exists in the kernel linked list.
8. The apparatus of claim 7, wherein obtaining file information for the file to be protected comprises:
acquiring a file to be protected configured by trusted management software;
storing the file identification of the file to be protected as a reference value in an encryption database;
and reading the reference value in the encryption database as file information of the file to be protected.
9. The apparatus of claim 7, wherein writing the file information to a kernel linked list in the kernel through a transmission channel with the kernel comprises:
creating a virtual character type device driver under a device file directory in a file system;
transmitting the file information to the kernel by adopting the virtual character type equipment drive;
and writing the received file information into the kernel linked list.
10. The apparatus of claim 7, wherein the HOOK function preset in the security framework is obtained by:
defining a security module to apply an audit HOOK function;
registering the HOOK function in the security framework;
compiling the HOOK function into a kernel module through compiling.
11. The apparatus of claim 10, further comprising a kernel write module to: after compiling the HOOK function into a kernel module by compiling, the kernel module is written into a kernel under the authority of the root user.
12. The apparatus of claim 8, further comprising an information return module to: and after the file modification instruction is not executed, returning error information or prompt information through the virtual character type equipment.
13. An electronic device, comprising: at least one processor;
a memory coupled to the at least one processor;
wherein the memory stores instructions executable by the at least one processor, the at least one processor implementing the steps of the file trusted tamper resistant method of any one of claims 1 to 6 by executing the instructions stored by the memory.
14. A machine-readable storage medium having instructions stored thereon that when executed by a processor cause the processor to be configured to implement the trusted tamper-resistant method of a file as claimed in any one of claims 1 to 6.
CN202310844090.1A 2023-07-11 2023-07-11 File credibility tamper-proof method and device and electronic equipment Pending CN116561811A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310844090.1A CN116561811A (en) 2023-07-11 2023-07-11 File credibility tamper-proof method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310844090.1A CN116561811A (en) 2023-07-11 2023-07-11 File credibility tamper-proof method and device and electronic equipment

Publications (1)

Publication Number Publication Date
CN116561811A true CN116561811A (en) 2023-08-08

Family

ID=87496942

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310844090.1A Pending CN116561811A (en) 2023-07-11 2023-07-11 File credibility tamper-proof method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN116561811A (en)

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20080057917A (en) * 2006-12-21 2008-06-25 주식회사 레드게이트 Method for real-time integrity check and audit trail connected with the security kernel
CN102880826A (en) * 2012-08-29 2013-01-16 华南理工大学 Dynamic integrity measurement method for security of electronic government cloud platform
CN102930202A (en) * 2012-11-05 2013-02-13 曙光信息产业(北京)有限公司 Operation executing method in Linux system
CN105069353A (en) * 2015-08-11 2015-11-18 武汉大学 Security reinforcement method for credible container based on Docker
CN109271804A (en) * 2018-08-09 2019-01-25 山东中孚安全技术有限公司 A kind of document audit based on Linux security module, means of defence
CN110135151A (en) * 2019-05-23 2019-08-16 北京计算机技术及应用研究所 The trust computing for intercepting and matching is called to realize system and method with system based on LSM
CN110647750A (en) * 2019-09-20 2020-01-03 大唐高鸿信安(浙江)信息科技有限公司 File integrity measurement method and device, terminal and security management center
CN114818005A (en) * 2022-04-20 2022-07-29 北京凝思软件股份有限公司 Linux system integrity checking method and system
CN114818012A (en) * 2022-06-29 2022-07-29 麒麟软件有限公司 Linux file integrity measuring method based on white list
CN114969712A (en) * 2022-05-25 2022-08-30 国网电力科学研究院有限公司 Trusted program dynamic measurement method and device based on LSM framework
CN115712918A (en) * 2022-11-24 2023-02-24 天地伟业技术有限公司 File protection method based on Linux system and electronic equipment
CN115758341A (en) * 2022-11-23 2023-03-07 浙江木链物联网科技有限公司 Ring3 layer query-based executable file interception method and system and storage medium
CN115828225A (en) * 2022-11-23 2023-03-21 北京智芯微电子科技有限公司 White list measurement method, system, medium and client based on trusted computing

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20080057917A (en) * 2006-12-21 2008-06-25 주식회사 레드게이트 Method for real-time integrity check and audit trail connected with the security kernel
CN102880826A (en) * 2012-08-29 2013-01-16 华南理工大学 Dynamic integrity measurement method for security of electronic government cloud platform
CN102930202A (en) * 2012-11-05 2013-02-13 曙光信息产业(北京)有限公司 Operation executing method in Linux system
CN105069353A (en) * 2015-08-11 2015-11-18 武汉大学 Security reinforcement method for credible container based on Docker
CN109271804A (en) * 2018-08-09 2019-01-25 山东中孚安全技术有限公司 A kind of document audit based on Linux security module, means of defence
CN110135151A (en) * 2019-05-23 2019-08-16 北京计算机技术及应用研究所 The trust computing for intercepting and matching is called to realize system and method with system based on LSM
CN110647750A (en) * 2019-09-20 2020-01-03 大唐高鸿信安(浙江)信息科技有限公司 File integrity measurement method and device, terminal and security management center
CN114818005A (en) * 2022-04-20 2022-07-29 北京凝思软件股份有限公司 Linux system integrity checking method and system
CN114969712A (en) * 2022-05-25 2022-08-30 国网电力科学研究院有限公司 Trusted program dynamic measurement method and device based on LSM framework
CN114818012A (en) * 2022-06-29 2022-07-29 麒麟软件有限公司 Linux file integrity measuring method based on white list
CN115758341A (en) * 2022-11-23 2023-03-07 浙江木链物联网科技有限公司 Ring3 layer query-based executable file interception method and system and storage medium
CN115828225A (en) * 2022-11-23 2023-03-21 北京智芯微电子科技有限公司 White list measurement method, system, medium and client based on trusted computing
CN115712918A (en) * 2022-11-24 2023-02-24 天地伟业技术有限公司 File protection method based on Linux system and electronic equipment

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
刘家佳: "《移动智能终端安全》", 西安电子科技大学出版社, pages: 36 - 39 *
姜斌;张君;: "一种Linux平台下的可执行文件防篡改方法", 杭州电子科技大学学报, no. 05, pages 68 - 71 *
孙立江;朱利;魏恒义;: "Linux环境下PowerPC-NC运行性能参数的获取", 计算机工程, no. 20, pages 46 - 48 *
曲坤;周莲英;: "基于LSM的安全审计机制研究与实现", 计算机工程与设计, no. 12, pages 87 - 90 *

Similar Documents

Publication Publication Date Title
US9989043B2 (en) System and method for processor-based security
CN110414268B (en) Access control method, device, equipment and storage medium
EP3044901B1 (en) Keying infrastructure
JP5346608B2 (en) Information processing apparatus and file verification system
US10289860B2 (en) Method and apparatus for access control of application program for secure storage area
CN109583190B (en) Method and device for monitoring process
CN110555293A (en) Method, apparatus, electronic device and computer readable medium for protecting data
US20140068276A1 (en) Information processing apparatus
CN114651253A (en) Virtual environment type verification for policy enforcement
CN115378735A (en) Data processing method and device, storage medium and electronic equipment
KR20160039234A (en) Systems and methods for enhancing mobile security via aspect oriented programming
JP6951375B2 (en) Information processing equipment, information processing methods and programs
CN108985096B (en) Security enhancement and security operation method and device for Android SQLite database
WO2022068322A1 (en) Software access through heterogeneous encryption
Kaczmarek et al. Operating system security by integrity checking and recovery using write‐protected storage
KR101203722B1 (en) Apparatus and method for data protection
CN115244535A (en) System and method for protecting folders from unauthorized file modification
CN105760164B (en) Method for realizing ACL authority in user space file system
CN115422554B (en) Request processing method, compiling method and trusted computing system
CN108345804B (en) Storage method and device in trusted computing environment
CN116561811A (en) File credibility tamper-proof method and device and electronic equipment
CN114372255A (en) Identity authentication method and device based on application software fingerprint
WO2022019910A1 (en) Read protection for uefi variables
CN112115477A (en) Kernel repairing method and device, electronic equipment and storage medium
US11882123B2 (en) Kernel level application data protection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20230808