Control method and device for application program running environment and electronic equipment
阅读说明:本技术 一种应用程序运行环境的控制方法、装置及电子设备 (Control method and device for application program running environment and electronic equipment ) 是由 张建钢 于 2021-09-09 设计创作,主要内容包括:本发明实施例提供了一种应用程序运行环境的控制方法、装置及电子设备,基于(一个或多个)安全管理员签名的、为敏感应用程序提供的受控运行环境授权(env.authz),通过由加固的操作系统内核在该敏感应用程序启动时按该受控运行环境授权的要求暂时终止不被授权的硬件设备、应用程序或操作系统内核模块的运行,并在该敏感应用程序终止时按该受控运行环境授权的要求清除该敏感应用在内存和存储中暂存的敏感信息然后恢复其启动时暂时终止的不被授权的硬件设备、应用程序或操作系统内核模块的运行的方式,为敏感应用程序的运行提供受控的安全运行环境,以保护其运行过程不被打扰、其敏感数据在运行过程中不被非法增删改查等。(The embodiment of the invention provides a method and a device for controlling an application program running environment and electronic equipment, wherein based on a controlled running environment authorization (env.authz) provided for a sensitive application program and signed by one or more security administrators, a reinforced operating system kernel temporarily terminates the running of unauthorized hardware equipment, application programs or operating system kernel modules according to the requirement authorized by the controlled running environment when the sensitive application program is started, clears sensitive information temporarily stored in a memory and a storage of the sensitive application program according to the requirement authorized by the controlled running environment when the sensitive application program is terminated, and then recovers the running mode of the unauthorized hardware equipment, application programs or operating system kernel modules temporarily terminated when the sensitive application program is started, thereby providing the controlled safe running environment for the running of the sensitive application program to protect the running process of the sensitive application program from being disturbed, Sensitive data of the method are not illegally added, deleted, modified and checked in the running process.)
1. A method for controlling an application program running environment, comprising:
detecting a controlled environment authorization file by an operating system kernel;
the operating system kernel acquires the controlled environment authorization file and analyzes the controlled environment requirement included in the controlled environment authorization file;
and the operating system kernel establishes a controlled environment according to the controlled environment requirement and records the controlled environment information.
2. The method of claim 1, further comprising:
and the operating system kernel withdraws the controlled environment according to the controlled environment information.
3. The method of claim 2,
before the operating system kernel detects the controlled environment authorization file, the method further comprises the following steps:
the operating system kernel intercepts the starting of an application program;
wherein the controlled environment authorization file is a controlled environment authorization file configured for the application program in advance;
after the operating system kernel establishes the controlled environment according to the controlled environment requirement, the method further comprises the following steps:
the operating system kernel starts the application program.
4. The method of claim 3,
before the operating system kernel revokes the controlled environment according to the controlled environment information, the method further includes:
intercepting, by the operating system kernel, termination of the application;
the operating system kernel detects the controlled environment information;
the method further comprises the following steps:
the operating system kernel terminates the application.
5. The method of claim 3, further comprising:
the operating system kernel receives a first request of the application program;
and the operating system kernel returns the controlled environment information to the application program according to the first request.
6. The method of claim 5, further comprising:
the operating system kernel receives a second request of the application program;
and the operating system kernel withdraws part or all of the security measures of the controlled environment according to the second request, or recovers the withdrawn part or all of the security measures of the controlled environment.
7. The method of claim 3,
the operating system kernel records controlled environment information, and the method comprises the following steps:
attaching, by the operating system kernel, controlled environment information to an object created for the application;
before the operating system kernel revokes the controlled environment according to the controlled environment information, the method further includes:
the operating system kernel detects that the controlled environment information is attached to an object created for the application program.
8. The method of claim 1, wherein after the operating system kernel detects a controlled environment authorization file, further comprising:
and the operating system kernel verifies one or more digital signatures of the controlled environment authorization file according to a preset authorization strategy and verifies the signatures to pass, and/or verifies whether the authorization of the controlled environment authorization file is enough and verifies the authorization to pass according to the preset authorization strategy.
9. The method of claim 2,
before the operating system kernel detects the controlled environment authorization file, the method further comprises the following steps:
the operating system kernel receives a first instruction; the first instructions are for instructing establishment of a controlled environment;
before the operating system kernel revokes the controlled environment according to the controlled environment information, the method further includes:
the operating system kernel receives a second instruction; the second instructions are for indicating to revoke the controlled environment.
10. The method according to any one of claims 2 to 9,
the controlled environment requirements include: hardware requirements;
the operating system kernel establishes a controlled environment according to the controlled environment requirements, and the method comprises the following steps:
the operating system kernel terminates the hardware devices included in the hardware requirement and/or terminates the support of the hardware devices included in the hardware requirement;
the operating system kernel revoking the controlled environment according to the controlled environment information includes:
and the operating system kernel restores the support of the hardware equipment included in the hardware requirement according to the controlled environment information.
11. The method according to any one of claims 2 to 9,
the controlled environment requirements include: a co-operating program;
the operating system kernel establishes a controlled environment according to the controlled environment requirements, and the method comprises the following steps:
and the operating system kernel detects the co-operating program, and starts the co-operating program if the co-operating program is not currently operated.
12. The method according to any one of claims 2 to 9,
the controlled environment requirements include: a non-operational program;
the operating system kernel establishes a controlled environment according to the controlled environment requirements, and the method comprises the following steps:
the operating system kernel terminates the non-operational program and/or terminates support for the non-operational program;
the operating system kernel revoking the controlled environment according to the controlled environment information includes:
and the operating system kernel restores the support of the non-running program according to the controlled environment information.
13. The method of any of claims 2-9, wherein the controlled environment requirements comprise: kernel module requirements;
the operating system kernel establishes a controlled environment according to the controlled environment requirements, and the method comprises the following steps:
the operating system kernel terminates the kernel module required to be included by the kernel module and/or terminates the support of the kernel module required to be included by the kernel module;
the operating system kernel revoking the controlled environment according to the controlled environment information includes:
and the operating system kernel restores the support of the kernel module required to be included by the kernel module according to the controlled environment information.
14. The method of any of claims 2-9, wherein the controlled environment requirements comprise: network interface requirements;
the operating system kernel establishes a controlled environment according to the controlled environment requirements, and the method comprises the following steps:
the operating system kernel terminates the network interface included by the network interface requirement and/or terminates the support of the network interface included by the network interface requirement;
the operating system kernel revoking the controlled environment according to the controlled environment information includes:
and the operating system kernel restores the support of the network interface included in the network interface requirement according to the controlled environment information.
15. The method of any of claims 2-9, wherein the controlled environment requirements comprise: the first memory or the first storage space which needs to be protected when the application program runs;
the operating system kernel establishes a controlled environment according to the controlled environment requirements, and the method comprises the following steps:
the operating system kernel triggers a protection mechanism of the first memory or the first storage space;
the operating system kernel revoking the controlled environment according to the controlled environment information includes:
and the operating system kernel cancels the protection mechanism of the first memory or the first storage space according to the controlled environment information.
16. The method of any of claims 2-9, wherein the controlled environment requirements comprise: a second memory or a second storage space which needs to be cleared when the operation of the application program is finished;
before the operating system kernel revokes the controlled environment according to the controlled environment information, the method further includes:
and the operating system kernel clears the second memory or the second storage space when the running of the application program is finished.
17. The method of any of claims 2-9, wherein the controlled environment requirements comprise: encryption requirements of a third memory or a third storage space;
the operating system kernel establishes a controlled environment according to the controlled environment requirements, and the method comprises the following steps:
the operating system kernel encrypts the third memory or the third storage space using a key;
the operating system kernel revoking the controlled environment according to the controlled environment information includes:
and the operating system kernel revokes the encryption of the third memory or the third storage space according to the controlled environment information.
18. An apparatus for controlling an application execution environment, comprising:
the controlled environment authorization file detection module is used for detecting the controlled environment authorization file;
the controlled environment authorization file analysis module is used for acquiring the controlled environment authorization file and analyzing the controlled environment requirements included in the controlled environment authorization file;
and the controlled environment establishing module is used for establishing a controlled environment according to the controlled environment requirement and recording the controlled environment information.
19. The apparatus of claim 18, further comprising:
and the controlled environment revocation module is used for revoking the controlled environment according to the controlled environment information.
20. The apparatus of claim 19, further comprising:
the application program intercepting module is used for intercepting the starting of an application program and/or intercepting the termination of the application program; wherein the controlled environment authorization file is a controlled environment authorization file configured for the application program in advance;
the application program releasing module is used for starting the application program and/or terminating the application program;
and the controlled environment information detection module is used for detecting the controlled environment information.
21. An electronic device comprising a memory and a processor, the memory for storing computer instructions, wherein the computer instructions are executable by the processor to implement the method of any one of claims 1-17.
22. A readable storage medium having stored thereon computer instructions, which when executed by a processor, implement the method of any one of claims 1-17.
Technical Field
The invention relates to the technical field of information security, in particular to the technical field of providing a controlled safe operation environment for sensitive application programs by reinforcing a kernel.
Background
During the operation of an application program, a hardware device or an operating system administrator (or other super account) connected with a host computing device can add, delete, check and even interfere with the operation of the application program, such as killing or terminating the operation of the application program, through other application programs or a kernel module. And a controlled safe operation environment is provided to protect the operation of the sensitive application program, which is important for realizing information safety.
Disclosure of Invention
In order to solve at least one of the above technical problems, the present invention provides a method, an apparatus, an electronic device, and a readable storage medium for controlling an application execution environment.
In a first aspect of the present invention, a method for controlling an application program execution environment is provided, including:
detecting a controlled environment authorization file by an operating system kernel;
the operating system kernel acquires the controlled environment authorization file and analyzes the controlled environment requirement included in the controlled environment authorization file;
and the operating system kernel establishes a controlled environment according to the controlled environment requirement and records the controlled environment information.
According to an embodiment of the invention, the method further comprises:
and the operating system kernel withdraws the controlled environment according to the controlled environment information.
The reinforced kernel of the operating system establishes a corresponding controlled environment through a pre-configured controlled environment authorization file, and cancels the established controlled environment at the right time, thereby realizing a controlled and safe program running environment of the kernel level of the operating system.
According to the embodiment of the present invention, before the operating system kernel detects the controlled environment authorization file, the method further includes:
the operating system kernel intercepts the starting of an application program;
wherein the controlled environment authorization file is a controlled environment authorization file configured for the application program in advance;
after the operating system kernel establishes the controlled environment according to the controlled environment requirement, the method further comprises the following steps:
the operating system kernel starts the application program.
According to the embodiment of the present invention, before the operating system kernel revokes the controlled environment according to the controlled environment information, the method further includes:
intercepting, by the operating system kernel, termination of the application;
the operating system kernel detects the controlled environment information;
further comprising:
the operating system kernel terminates the application.
Wherein the establishment of the controlled environment is triggered by the start of the application and the revocation of the controlled environment is triggered by the termination of the application, thereby establishing a temporary controlled environment during the running of the application.
According to an embodiment of the invention, the method further comprises:
the operating system kernel receives a first request of the application program;
and the operating system kernel returns the controlled environment information to the application program according to the first request.
According to an embodiment of the invention, the method further comprises:
the operating system kernel receives a second request of the application program;
and the operating system kernel withdraws part or all of the security measures of the controlled environment according to the second request, or recovers the withdrawn part or all of the security measures of the controlled environment.
The operating system kernel provides controlled environment information inquiry or operation service for the application program through a specific interface, and then the application program can initiate active safety measures to flexibly adjust the controlled environment.
According to the embodiment of the present invention, after the operating system kernel detects the controlled environment authorization file, the method further includes:
and the operating system kernel verifies one or more digital signatures of the controlled environment authorization file according to a preset authorization strategy and verifies the signatures to pass, and/or verifies whether the authorization of the controlled environment authorization file is enough and verifies the authorization to pass according to the preset authorization strategy.
Wherein the operating system kernel verifies one or more digital signatures of the controlled environment authorization file and verifies that the one or more digital signatures are valid for confirming the authenticity of the digital signatures; the operating system kernel verifies whether the authorization of the controlled environment authorization file is enough and passes the verification, and is used for verifying whether the signature authorization policy is met (for example, whether the number of the digital signatures passing the verification is enough, whether the authority of the administrator corresponding to the digital signatures passing the verification is enough, and the like).
According to the embodiment of the invention, the recording of the controlled environment information by the operating system kernel comprises the following steps:
attaching, by the operating system kernel, controlled environment information to an object created for the application;
before the operating system kernel revokes the controlled environment according to the controlled environment information, the method further includes:
the operating system kernel detects that the controlled environment information is attached to an object created for the application program.
Because the controlled environment information is attached to the object created for the application program, the kernel of the operating system is convenient to detect and process the controlled environment information, and particularly when the application program is terminated, the controlled environment configured by the application program can be found in time, and then the controlled environment can be cancelled in time.
According to the embodiment of the invention, before the operating system kernel detects the controlled environment authorization file, the method further comprises the following steps:
the operating system kernel receives a first instruction; the first instructions are for instructing establishment of a controlled environment;
before the operating system kernel revokes the controlled environment according to the controlled environment information, the method further includes:
the operating system kernel receives a second instruction; the second instructions are for indicating to revoke the controlled environment.
In distinction to the previous embodiment, the establishment of the controlled environment is triggered by the start of the application, and the revocation of the controlled environment is triggered by the termination of the application; the establishment and the revocation of the controlled environment can be directly triggered by an instruction, so that the controlled environment with any time limit can be established in an operating system kernel.
According to an embodiment of the invention, the controlled environment requirements comprise: hardware requirements;
the operating system kernel establishes a controlled environment according to the controlled environment requirements, and the method comprises the following steps:
the operating system kernel terminates the hardware devices included in the hardware requirement and/or terminates the support of the hardware devices included in the hardware requirement;
the operating system kernel revoking the controlled environment according to the controlled environment information includes:
and the operating system kernel restores the support of the hardware equipment included in the hardware requirement according to the controlled environment information.
According to an embodiment of the invention, the controlled environment requirements comprise: a co-operating program;
the operating system kernel establishes a controlled environment according to the controlled environment requirements, and the method comprises the following steps:
and the operating system kernel detects the co-operating program, and starts the co-operating program if the co-operating program is not currently operated.
The programs running in the coexistence mode comprise application programs and/or driving programs.
According to an embodiment of the invention, the controlled environment requirements comprise: a non-operational program;
the operating system kernel establishes a controlled environment according to the controlled environment requirements, and the method comprises the following steps:
the operating system kernel terminates the non-operational program and/or terminates support for the non-operational program;
the operating system kernel revoking the controlled environment according to the controlled environment information includes:
and the operating system kernel restores the support of the non-running program according to the controlled environment information.
The non-executable programs include application programs and/or drivers.
According to an embodiment of the invention, the controlled environment requirements comprise: kernel module requirements;
the operating system kernel establishes a controlled environment according to the controlled environment requirements, and the method comprises the following steps:
the operating system kernel terminates the kernel module required to be included by the kernel module and/or terminates the support of the kernel module required to be included by the kernel module;
the operating system kernel revoking the controlled environment according to the controlled environment information includes:
and the operating system kernel restores the support of the kernel module required to be included by the kernel module according to the controlled environment information.
According to an embodiment of the invention, the controlled environment requirements comprise: network interface requirements;
the operating system kernel establishes a controlled environment according to the controlled environment requirements, and the method comprises the following steps:
the operating system kernel terminates the network interface included by the network interface requirement and/or terminates the support of the network interface included by the network interface requirement;
the operating system kernel revoking the controlled environment according to the controlled environment information includes:
and the operating system kernel restores the support of the network interface included in the network interface requirement according to the controlled environment information.
According to an embodiment of the invention, the controlled environment requirements comprise: the first memory or the first storage space which needs to be protected when the application program runs;
the operating system kernel establishes a controlled environment according to the controlled environment requirements, and the method comprises the following steps:
the operating system kernel triggers a protection mechanism of the first memory or the first storage space;
the operating system kernel revoking the controlled environment according to the controlled environment information includes:
and the operating system kernel cancels the protection mechanism of the first memory or the first storage space according to the controlled environment information.
According to an embodiment of the invention, the controlled environment requirements comprise: a second memory or a second storage space which needs to be cleared when the operation of the application program is finished;
before the operating system kernel revokes the controlled environment according to the controlled environment information, the method further includes:
and the operating system kernel clears the second memory or the second storage space when the running of the application program is finished.
According to an embodiment of the invention, the controlled environment requirements comprise: encryption requirements of a third memory or a third storage space;
the operating system kernel establishes a controlled environment according to the controlled environment requirements, and the method comprises the following steps:
the operating system kernel encrypts the third memory or the third storage space using a key;
the operating system kernel revoking the controlled environment according to the controlled environment information includes:
and the operating system kernel revokes the encryption of the third memory or the third storage space according to the controlled environment information.
In a second aspect of the present invention, there is provided an apparatus for controlling an application execution environment, including:
the controlled environment authorization file detection module is used for detecting the controlled environment authorization file;
the controlled environment authorization file analysis module is used for acquiring the controlled environment authorization file and analyzing the controlled environment requirements included in the controlled environment authorization file;
and the controlled environment establishing module is used for establishing a controlled environment according to the controlled environment requirement and recording the controlled environment information.
According to an embodiment of the invention, the apparatus further comprises:
and the controlled environment revocation module is used for revoking the controlled environment according to the controlled environment information.
According to an embodiment of the invention, the apparatus further comprises:
the application program intercepting module is used for intercepting the starting of an application program and/or intercepting the termination of the application program; wherein the controlled environment authorization file is a controlled environment authorization file configured for the application program in advance;
the application program releasing module is used for starting the application program and/or terminating the application program;
and the controlled environment information detection module is used for detecting the controlled environment information.
According to an embodiment of the invention, the apparatus further comprises:
the controlled environment information query module is used for receiving a first request of the application program;
and returning controlled environment information to the application program according to the first request.
According to an embodiment of the invention, the apparatus further comprises:
the controlled environment active adjustment module is used for receiving a second request of the application program;
revoking part or all of the security measures of the controlled environment according to the second request, or restoring part or all of the security measures of the controlled environment revoked.
According to an embodiment of the invention, the apparatus further comprises:
the controlled environment authorization file verification module is used for verifying one or more digital signatures of the controlled environment authorization file according to a preset authorization policy and/or verifying whether the authorization of the controlled environment authorization file is enough according to the preset authorization policy.
According to an embodiment of the present invention, when the controlled environment establishing module is configured to record the controlled environment information, the controlled environment establishing module is specifically configured to:
attaching controlled environment information to an object created for the application;
the controlled environment information detection module is specifically configured to:
detecting the controlled environment information attached to an object created for the application.
According to the embodiment of the invention, the device further comprises an instruction processing module for receiving a first instruction; the first instructions are for instructing establishment of a controlled environment; and receiving a second instruction; the second instructions are for indicating to revoke the controlled environment.
According to an embodiment of the invention, the controlled environment requirements comprise: hardware requirements;
the controlled environment establishing module is configured to, when establishing the controlled environment according to the controlled environment requirement, specifically: terminating hardware devices included in the hardware requirement and/or terminating support for hardware devices included in the hardware requirement;
the controlled environment revocation module is specifically configured to: and restoring support for hardware devices included in the hardware requirements according to the controlled environment information.
According to an embodiment of the invention, the controlled environment requirements comprise: a co-operating program;
the controlled environment establishing module is configured to, when establishing the controlled environment according to the controlled environment requirement, specifically:
and detecting the co-operating program, and starting the co-operating program if the co-operating program is not currently operated.
According to an embodiment of the invention, the controlled environment requirements comprise: a non-operational program;
the controlled environment establishing module is configured to, when establishing a controlled environment according to the controlled environment requirement, specifically:
the operating system kernel terminates the non-operational program and/or terminates support for the non-operational program;
the controlled environment revocation module is specifically configured to: and recovering the support of the non-running program according to the controlled environment information.
According to an embodiment of the invention, the controlled environment requirements comprise: kernel module requirements;
the controlled environment establishing module is configured to, when establishing a controlled environment according to the controlled environment requirement, specifically:
terminating the kernel module required to be included by the kernel module and/or terminating the support of the kernel module required to be included by the kernel module;
the controlled environment revocation module is specifically configured to: and restoring the support of the kernel module required to be included by the kernel module according to the controlled environment information.
According to an embodiment of the invention, the controlled environment requirements comprise: network interface requirements;
the controlled environment establishing module is configured to, when establishing a controlled environment according to the controlled environment requirement, specifically:
terminating a network interface included in the network interface requirement and/or terminating support for a network interface included in the network interface requirement;
the controlled environment revocation module is specifically configured to: restoring support for network interfaces included in the network interface requirements based on the controlled environment information.
According to an embodiment of the invention, the controlled environment requirements comprise: the first memory or the first storage space which needs to be protected when the application program runs;
the controlled environment establishing module is configured to, when establishing a controlled environment according to the controlled environment requirement, specifically:
triggering a protection mechanism of the first memory or the first storage space;
the controlled environment revocation module is specifically configured to: and revoking a protection mechanism of the first memory or the first storage space according to the controlled environment information.
According to an embodiment of the invention, the controlled environment requirements comprise: a second memory or a second storage space which needs to be cleared when the operation of the application program is finished;
the controlled environment establishment module is further to: and when the running of the application program is finished, clearing the second memory or the second storage space.
According to an embodiment of the invention, the controlled environment requirements comprise: encryption requirements of a third memory or a third storage space;
the controlled environment establishing module is configured to, when establishing a controlled environment according to the controlled environment requirement, specifically:
the operating system kernel encrypts the third memory or the third storage space using a key;
the controlled environment revocation module is specifically configured to: and the operating system kernel revokes the encryption of the third memory or the third storage space according to the controlled environment information.
In a third aspect of the invention, an electronic device is provided, comprising a memory for storing computer instructions and a processor, wherein the computer instructions are executed by the processor to implement the method of the first aspect.
In a fourth aspect of the invention, there is provided a readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the method of the first aspect.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate exemplary embodiments of the invention and together with the description serve to explain the principles of the invention.
Fig. 1 is an example of the main modules to which the present invention relates.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and embodiments. It is to be understood that the specific embodiments described herein are for purposes of illustration only and are not to be construed as limitations of the invention. It should be noted that, for convenience of description, only the portions related to the present invention are shown in the drawings.
In addition, the embodiments of the present invention and the features of the embodiments may be combined with each other without conflict. The following detailed description will be made in conjunction with embodiments with reference to the accompanying drawings.
Embodiments of the present invention are based on a controlled execution environment authorization (env. authz) provided for sensitive applications signed by a security administrator(s), by temporarily terminating the operation of unauthorized hardware devices, applications or operating system kernel modules by the hardened operating system kernel as mandated by the controlled execution environment at the initiation of the sensitive application, and when the sensitive application program is terminated, according to the requirements authorized by the controlled operation environment, the sensitive information temporarily stored in the internal memory and storage of the sensitive application program is cleared, then the operation mode of the unauthorized hardware equipment, application program or operation system kernel module temporarily terminated when the sensitive application program is started is recovered, and the controlled safe operation environment is provided for the operation of the sensitive application program, so as to protect the operation process from being disturbed, sensitive data from being illegally added, deleted, modified and checked in the operation process and the like. The hardened os kernel also provides an interface (system call or other interaction with the os kernel) for the sensitive application to actively confirm its operating environment during operation and take further security measures accordingly.
In an optional embodiment, the operating system kernel intercepts the start of the application program, then detects whether the application program has a corresponding controlled environment authorization file, if the application program is a sensitive application program, detects the controlled environment authorization file configured for the application program in advance, analyzes the controlled environment requirement included in the controlled environment authorization file, establishes a controlled environment according to the controlled environment requirement, and starts the application program in the established controlled environment.
In an alternative embodiment, the operating system kernel intercepts the termination of the application program, then detects whether the application program establishes a corresponding controlled environment and records corresponding controlled environment information, if so, the application program is a sensitive application program which establishes the controlled environment, the controlled environment is revoked according to the controlled environment information, and the application program is terminated before or after the controlled environment is revoked.
In an alternative embodiment, the sensitive application program may send a first request to the operating system kernel during running to obtain the current controlled environment information, and may send a second request to the operating system kernel to request to withdraw part or all of the security measures based on the obtained controlled environment information, or to recover part or all of the security measures of the withdrawn controlled environment, thereby implementing flexible security measure management.
In the above embodiments, the controlled environment requirements acquired by the operating system kernel include: at least one of hardware requirements, coexisting running programs, non-running programs, kernel module requirements, network interface requirements, first memory or first storage space needing to be protected when the application program runs, second memory or second storage space needing to be cleared when the application program runs, and encryption requirements of third memory or third storage space.
Optionally, the controlled environment requirement parsed by the operating system kernel includes a hardware requirement, and the establishing, by the operating system kernel, the controlled environment according to the controlled environment requirement includes: the operating system kernel terminates hardware devices that the hardware requirements include and/or terminates support for hardware devices that the hardware requirements include, for example, the operating system kernel terminates support for USB port devices or terminates support for serial devices during sensitive application execution. And then, the operating system kernel timely restores the support of the hardware equipment included in the hardware requirement according to the controlled environment information, for example, when the operating system kernel finishes the running of the sensitive application program, the operating system kernel restores the support of the USB port equipment or restores the support of the serial port equipment. In the above example, the operating system kernel establishes the controlled environment during the execution of the sensitive application program, however, the operating system kernel may also be configured to establish the controlled environment under any condition, for example, according to user instructions or program instructions, to establish or withdraw the controlled environment. In yet another embodiment, the operating system kernel maintains a controlled environment at all times.
Optionally, the controlled environment requirement analyzed by the operating system kernel includes a program running in coexistence, and the establishing, by the operating system kernel, the controlled environment according to the controlled environment requirement includes: the method comprises the steps that an operating system kernel detects a coexisting running program, if the coexisting running program is not running currently, the coexisting running program is started, for example, the operating system kernel detects whether certain safety monitoring software is running or not when a sensitive program is started, if the coexisting running program is not running, the safety monitoring software is started, and then the operating system kernel restores a computing environment to a state before the sensitive program is started timely according to controlled environment information or keeps the coexisting running program started during the running of the sensitive program, for example, the safety monitoring software is stopped. In the above example, the operating system kernel establishes the controlled environment during the execution of the sensitive application program, however, the operating system kernel may also be configured to establish the controlled environment under any condition, for example, according to user instructions or program instructions, to establish or withdraw the controlled environment. In yet another embodiment, the operating system kernel maintains a controlled environment at all times.
Optionally, the controlled environment requirement parsed by the operating system kernel includes an inoperable program, and the establishing, by the operating system kernel, the controlled environment according to the controlled environment requirement includes: the operating system kernel terminates the non-operational programs and/or terminates support for the non-operational programs, for example, the operating system kernel detects whether a program in a pre-configured program blacklist is operational when a sensitive program is started, the program blacklist may be configured to include programs that may pose a risk to the computing environment, and if such a program is present, such a program is terminated or support for such a program is terminated. And then, the operating system kernel restores the support of the program which cannot be run according to the controlled environment information at a proper time, for example, the operating system kernel restores the support of the program which cannot be run when the sensitive application program runs. In the above example, the operating system kernel establishes the controlled environment during the execution of the sensitive application program, however, the operating system kernel may also be configured to establish the controlled environment under any condition, for example, according to user instructions or program instructions, to establish or withdraw the controlled environment. In yet another embodiment, the operating system kernel maintains a controlled environment at all times.
Optionally, the controlled environment requirement parsed by the operating system kernel includes a kernel module requirement, and the establishing, by the operating system kernel, the controlled environment according to the controlled environment requirement includes: the kernel of the operating system terminates the kernel module required to be included by the kernel module and/or terminates the support of the kernel module required to be included by the kernel module, and the specific kernel module is required to be configured in the controlled environment authorization file in advance, for example, when a sensitive application program is started, the kernel module required to be included by the kernel module is terminated. And then, the operating system kernel restores the computing environment to the state before the sensitive program starts according to the controlled environment information in due time, for example, when the sensitive application program is terminated, the support of the kernel module required to be included by the kernel module is restored, or the running of the kernel module required to be included by the kernel module is restored. In the above example, the operating system kernel establishes the controlled environment during the execution of the sensitive application program, however, the operating system kernel may also be configured to establish the controlled environment under any condition, for example, according to user instructions or program instructions, to establish or withdraw the controlled environment. In yet another embodiment, the operating system kernel maintains a controlled environment at all times.
Optionally, the controlled environment requirement parsed by the operating system kernel includes a network interface requirement, and the establishing, by the operating system kernel, the controlled environment according to the controlled environment requirement includes: the operating system kernel terminates the network interface included in the network interface requirement and/or terminates support for the network interface included in the network interface requirement, for example, upon initiation of a sensitive application, the public network connection is disconnected. The operating system kernel then revokes the controlled environment in time based on the controlled environment information, for example, to restore a public network connection when a sensitive application terminates. In the above example, the operating system kernel establishes the controlled environment during the execution of the sensitive application program, however, the operating system kernel may also be configured to establish the controlled environment under any condition, for example, according to user instructions or program instructions, to establish or withdraw the controlled environment. In yet another embodiment, the operating system kernel maintains a controlled environment at all times.
Optionally, the controlled environment requirement parsed by the operating system kernel includes a first memory or a first storage space that needs to be protected when the application program runs; the operating system kernel establishes the controlled environment according to the controlled environment requirement, and comprises the following steps: triggering a protection mechanism of the first memory or the first storage space by the operating system kernel; for example, when the sensitive application is started, the first memory or the first storage space that is read from or written to the sensitive application starts a protection mechanism, including but not limited to denying access to other applications, denying access to a user, and the like. And then, the operating system kernel withdraws the controlled environment according to the controlled environment information in time, for example, the protection mechanism of the first memory or the first storage space is withdrawn when the sensitive program finishes running. In the above example, the operating system kernel establishes the controlled environment during the execution of the sensitive application program, however, the operating system kernel may also be configured to establish the controlled environment under any condition, for example, according to user instructions or program instructions, to establish or withdraw the controlled environment. In yet another embodiment, the operating system kernel always maintains a controlled environment, i.e., always maintains a protection mechanism for the first memory or the first memory space.
Optionally, the controlled environment requirement parsed by the operating system kernel includes a second memory or a second storage space that needs to be cleared when the application program is finished running, and the operating system kernel clears the second memory or the second storage space when the controlled environment is revoked, for example, the operating system kernel clears the second memory or the second storage space used during the sensitive application program running when the sensitive application program is finished.
Optionally, the controlled environment requirements include: encryption requirements of a third memory or a third storage space; the operating system kernel establishing the controlled environment according to the controlled environment requirements comprises: the operating system kernel encrypts the third memory or the third storage space using the key, for example, when the sensitive application program is started, the operating system kernel encrypts the third memory or the third storage space used by the sensitive application program. And then, the operating system kernel cancels the encryption of the third memory or the third storage space according to the controlled environment information at the right moment, for example, the operating system kernel cancels the encryption operation of the third memory or the third storage space used by the sensitive application program when the sensitive application program is terminated. In the above example, the operating system kernel establishes the controlled environment during the execution of the sensitive application program, however, the operating system kernel may also be configured to establish the controlled environment under any condition, for example, according to user instructions or program instructions, to establish or withdraw the controlled environment. In yet another embodiment, the operating system kernel always maintains a controlled environment, i.e., always maintains an encrypted state to the third memory or the third storage space.
The operating system kernel implants (or the UEFI/BIOS controlled by the security administrator passes in at boot-up in UEFI/BIOS parameters or the like) at compile time the cryptographic public key of one or more security administrators (or the x.509 certificate list of the security administrators containing the security administrator's public key, or the CA certificate list signing their x.509 certificates), and signs the authorization policy (such as all security administrators sign, most signatures of the security administrators, etc.). The operating system super account configures env.
Even operating system super accounts (roots) are restricted and difficult to do because authorization of the controlled operating environment is controlled by one or more security administrators, and establishment and revocation of the controlled environment is performed by the hardened kernel of the present invention. Meanwhile, unauthorized application programs cannot illegally require the kernel of the operating system to establish a controlled operating environment to interfere with the legal operation of other application programs.
Fig. 1 illustrates an overall framework architecture provided by an embodiment of the present invention. The operating system account (block 101) starts or terminates the sensitive application process (block 100). As with all application processes, the operating system kernel can intercept or respond when it starts and terminates (either actively or passively). For example, in a Linux operating system, an application is usually started by a system call such as fork/exec, and an application is usually terminated by a system call such as exit and kill.
A sensitive application, whose designer or operator decides the controlled environment requirements (white list or/and black list) of its runtime, such as kernel version of its runtime, hardware requirements, other applications (including its running account) and kernel modules running concurrently or/and not running, network access (incoming)/dial-out (outgoing) connection requirements (such as TCP port and its application), memory encryption requirements, memory or storage that needs to be protected at runtime or/and needs to be cleared at the end of running, etc.
The operator of the sensitive application will, as above, execute the controlled environment requirements, subject to controlled environment authorization (env. The controlled environment authorization after signing is configured by the operating system administrator to the running operating system environment.
At the start of the sensitive application, a process start interception module (block 103) in the operating system kernel (block 102) checks whether a controlled environment authorization (env. authz) signed by the security administrator corresponding to the application and the operating system account it is running on exists. If the signature exists, the authenticity of the signature is verified according to an authorization policy and whether the authorization is enough. If the authorization is authentic and sufficient, the process launch intercept module (block 103) validates the currently running kernel version as required by the controlled environment authorization, temporarily terminates devices, drivers, kernel modules, applications, network interfaces (in and out), etc. that cannot be run or supported while the sensitive application is running. And if the memory or/and the storage of the sensitive application program need to be encrypted, encrypting the sensitive application program by using the one-time secret key. If the sensitive application requires its memory or storage (such as a file system) to deny access to other applications or kernel modules, the processing is performed in turn. This information is then recorded in the controlled environment information corresponding to the sensitive application process (block 106) and the sensitive application process is then launched. The record of controlled environment information may be attached to an object created by the operating system kernel for the sensitive application process (e.g., struct task _ struct of the Linux kernel).
Upon termination (either active or passive) of the sensitive application process, a process termination interception module (block 107) in the operating system kernel (block 102) checks whether it has corresponding controlled environment information (block 106). If controlled environment information exists, sensitive information in memory or storage is cleared in an unrecoverable manner (e.g., many times over with random numbers) as required (if so required), and then devices, drivers, kernel modules, applications, network interfaces (in and out), etc. that were temporarily terminated or temporarily unsupported at the start of the sensitive application process are restored one by one. And then removing the controlled environment information corresponding to the sensitive application program process.
The sensitive application process, in operation, may query or otherwise manipulate the interface (named runtime _ env for convenience of the line) through the controlled environment provided by the hardened operating system kernel (block 102). The runtime _ env interface may query the sensitive application process for current controlled environment information to implement active security measures, or may require the operating system kernel to relax or reapply one or more of the security administrator's signed environment authorizations.
The reinforced kernel based on the embodiment of the invention can provide a controlled safe operation environment for the sensitive application based on the requirement of the sensitive application, so that the operation process is not maliciously disturbed, the sensitive data is not illegally added, deleted, modified and checked in the operation process, the sensitive data can be timely removed when the operation is finished, and the like.
It should be understood that the various techniques described herein may be implemented in connection with hardware or software or, alternatively, with a combination of both. Thus, the methods and apparatus of the present invention, or certain aspects or portions thereof, may take the form of program code (i.e., instructions) embodied in tangible media, such as floppy diskettes, CD-ROMs, hard drives, or any other machine-readable storage medium, wherein, when the program is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the invention.
In the case of program code execution on programmable computers, the computing device will generally include a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device. Wherein the memory is configured to store program code; the processor is configured to perform the various methods of the present invention according to instructions in the program code stored in the memory.
By way of example, and not limitation, computer readable media may comprise computer storage media and communication media. Computer-readable media includes both computer storage media and communication media. Computer storage media store information such as computer readable instructions, data structures, program modules or other data. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. Combinations of any of the above are also included within the scope of computer readable media.
Those skilled in the art will appreciate that the modules or units or components of the apparatus in the examples invented herein may be arranged in an apparatus as described in this embodiment or alternatively may be located in one or more apparatuses different from the apparatus in this example. The modules in the foregoing examples may be combined into one module or may be further divided into multiple sub-modules.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features of the invention in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so invented, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature of the invention in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the claims, any of the claimed embodiments may be used in any combination.
While the invention has been described with respect to a limited number of embodiments, those skilled in the art, having benefit of this description, will appreciate that other embodiments can be devised which do not depart from the scope of the invention as described herein. Furthermore, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the inventive subject matter. Accordingly, many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the appended claims. The present invention is to be considered as illustrative and not restrictive in character, with the scope of the invention being indicated by the appended claims.