Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Tag-based process enforcement behavior control method and system

A process control block and behavior technology, applied in the computer field, can solve the problems of destroying system security, single judgment logic, and object association, and achieve the effect of ensuring tight coupling

Active Publication Date: 2019-02-22
北京凝思软件股份有限公司
View PDF3 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

cause complete control over the system
This method of relying only on the original access control policy of the operating system to prevent "code injection" attacks is not sufficient. It is necessary to provide a mandatory mechanism that can limit the range of behaviors performed. Once the limited range is exceeded, it will be forcibly terminated Process execution, preventing the occurrence of security events that damage the operating system, such as the execution of arbitrary code
[0007] 2. The mark cannot be associated with the object
The setting of security flags is generally done through configuration files, which cannot achieve tight coupling with objects
[0008] 3. Judgment logic is single
The access control judgment logic using the traditional access control policy is relatively simple, and the process is not subject to mandatory control based on complex policies
[0009] 4. It has a great impact on the efficiency of program operation
In order to prevent "code injection" from destroying system security, methods such as boundary checking will greatly reduce the operating efficiency of the system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Tag-based process enforcement behavior control method and system
  • Tag-based process enforcement behavior control method and system
  • Tag-based process enforcement behavior control method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0066] In order to make the above objects, features and advantages of the present invention more comprehensible, the present invention will be further described in detail below through specific embodiments and accompanying drawings.

[0067] This embodiment provides a tag-based process enforcement behavior control method, the overall flow of which is:

[0068] 1. Use a specific system tool to set the security flag of the program file, and the security flag is stored in the extended attribute of the program file to realize the binding with the program file.

[0069] 2. When the program with the security flag is running, the kernel of the operating system reads the rule content of the security flag in the extended attribute of the program file. The rule content is converted into a rule linked list, which is stored in the process control block of the newly created process when the program is running.

[0070] 3. When the process needs to execute a new program, match the path of ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention relates to a tag-based process enforcement behavior control method and system. The method comprises the following steps that: 1) a safety mark is set in a program file, and the safety mark is preferably stored in an extended attribute of the program file; 2) when the program file with the security mark runs, the operating system kernel reads the rule content of the security mark and stores the rule content in the process control block of the process; 3) when that process needs to execute a new program, match the path of the new program with the rule content stored in theprocess control block; 4) according to the matching result of the rules, the invention carries out the compulsory behavior control of the process. The invention adopts the compulsory mechanism to restrict the behavior range of the process, and once the compulsory execution of the process is beyond the limited range, the compulsory execution of the process can be terminated, the invention can effectively prevent the execution of arbitrary program after the process is injected by the code, and avoid the occurrence of the security event that the server is hijacked.

Description

technical field [0001] The invention belongs to the technical field of computers, and in particular relates to a marking-based process enforcement behavior control method and system. Background technique [0002] The main method of "hacking" against server systems is so-called "code injection". "Code injection" mainly includes methods such as "buffer overflow" and "formatted data". The fundamental principle is to use the inherent defects of C language to fill the data area of ​​​​the program with a large amount of data. , to automatically execute the program remaining in the stack, thus successfully breaking into the server. Since the compromised server process often has the highest operating authority of the system, the attack program naturally inherits these privileges. Processes with privileges can surpass the restrictions of security policies in the system, and security mechanisms such as authentication and authentication and access control exist in name only, and intr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/54
CPCG06F21/54
Inventor 宫敏彭志航
Owner 北京凝思软件股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com