Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method, device and equipment for determining program by utilizing privileged bug and storage medium

A technology of privilege escalation loopholes and programs, applied in the computer field, can solve the problems of not being able to cover important operations, reduce the performance of terminal systems, affect the accuracy and detection efficiency of malicious programs, and achieve the effect of improving accuracy and detection efficiency

Pending Publication Date: 2020-05-22
TENCENT TECH (SHENZHEN) CO LTD
View PDF4 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] With the development of the computer field, there are more and more types of application programs in the terminal. With the use of these application programs, more and more user data are stored in the terminal. Once these data are leaked, it may bring great harm to users. loss, the security of the application has been concerned by users
[0004] In related technologies, it is more dependent on the integrity of the driver monitoring strategy, and the important operations monitored by the driver cannot cover all possible important operations, and when the driver monitors too many important operations, the system performance of the terminal will also be reduced, thus Affects the accuracy and detection efficiency of detecting malicious programs that exploit privilege escalation vulnerabilities

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and equipment for determining program by utilizing privileged bug and storage medium
  • Method, device and equipment for determining program by utilizing privileged bug and storage medium
  • Method, device and equipment for determining program by utilizing privileged bug and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0048]Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with this application. Rather, they are merely examples of apparatuses and methods consistent with aspects of the present application as recited in the appended claims.

[0049] The solution provided by this application can be used in real scenarios where people use terminals to download or run application programs in their daily life. For ease of understanding, the following first briefly introduces some terms and application scenarios.

[0050] 1) Program dynamic behavior

[0051] Program dynamic behavior refers to the behavior of programs (including s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for determining a program by utilizing a privileged bug, and belongs to the technical field of computers. The method comprises the steps of obtaining a process identifier of a target process from a process creation component; in the process of monitoring the target process, obtaining a first permission level of the target process from a system kernel through a process identifier of the target process and a first callback function; obtaining a second permission level; and when the first permission level is higher than the second permission level, obtaining a program corresponding to the target process as a program utilizing the permission-enhancing vulnerability. The method comprises the steps of obtaining a process identifier of a target process from a process creation component; obtaining an authority level of the target process from a system kernel according to the process identifier, and determining whether the program corresponding to the target process utilizes the privilege-offering vulnerability or not according to the privilege levels acquired twice successively; the process does not need to monitor various privilege-offering behaviors in the system, and which processes utilize the privilege-offering vulnerability is judged according to the privilege change of the processes, so that the detection accuracy and the detection efficiency areimproved.

Description

technical field [0001] The present application relates to the field of computer technology, and in particular to a method, device, equipment and storage medium for determining a program that utilizes a privilege escalation vulnerability. Background technique [0002] With the development of the computer field, there are more and more types of application programs in the terminal. With the use of these application programs, more and more user data are stored in the terminal. Once these data are leaked, it may bring great harm to users. Loss, application security issues have been concerned by users. [0003] For example, in the network environment, there is a malicious program that uses a privilege escalation vulnerability to steal user application permissions. This type of malicious program can elevate its own application permissions to system permissions or even higher, so that it can obtain user data, delete system files, modify system configuration, etc. In related techn...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/55
CPCG06F21/552G06F2221/033
Inventor 曹有理许天胜谭昱杨耀荣沈江波
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products