CN100487714C - Method for the secure interpretation of programs in electronic devices - Google Patents

Method for the secure interpretation of programs in electronic devices Download PDF

Info

Publication number
CN100487714C
CN100487714C CNB2005800402047A CN200580040204A CN100487714C CN 100487714 C CN100487714 C CN 100487714C CN B2005800402047 A CNB2005800402047 A CN B2005800402047A CN 200580040204 A CN200580040204 A CN 200580040204A CN 100487714 C CN100487714 C CN 100487714C
Authority
CN
China
Prior art keywords
electronic equipment
program
explanation
counterfoil
program code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2005800402047A
Other languages
Chinese (zh)
Other versions
CN101065756A (en
Inventor
L·塔尔克卡拉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Oyj
Original Assignee
Nokia Oyj
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Oyj filed Critical Nokia Oyj
Publication of CN101065756A publication Critical patent/CN101065756A/en
Application granted granted Critical
Publication of CN100487714C publication Critical patent/CN100487714C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention relates to method for the secure interpretation of program in an electronic device. An interpreted program is loaded and a stub executable is formed using a prototype stub executable. The stub executable is associated with the interpreted program. At least one second capability also is assigned to the interpreted program and further to the stub executable. The stub executable invokes at least one function in a shared interpreter library to interpret the interpreted program. The interpreter engine checks whether the interpreted program refers an external interpreted program code section. The interpreted engine infers at least one second capability for the external interpreted program code section. The interpreter engine disallows the execution of said external interpreted program code section if said at least one first capability is not a subset of said at least one second capability.

Description

The method of the interpretation of programs of safety in the electronic equipment
Technical field
The present invention relates to interpreted programming language.Particularly, the present invention relates to the method for the interpretation of programs of safety in a kind of electronic equipment.
Background technology
Security is the key factor in the electronic communication equipment.Portable terminal has developed into the multi-purpose communications device of the application with similar personal computer from simple cell phone now.Communication facilities provides the extensive multiple service such as internet browsing, E-mail and multimedia call.A kind of important technology that develops portable terminal is the language such as the various explanations of Java, Perl, PHP and Python.The language of these explanations has also increased too much value-added service and recreation in portable terminal.The software that uses the language of these explanations to research and develop comprises stand-alone program and shared library.These programs and storehouse can download to portable terminal from the webserver by aerial transmission.Software download takes place by the browser that is provided in the portable terminal mostly.For the user, importantly can trust he or she from the application of network download.Unless in portable terminal, use suitable security process, be easily otherwise make malicious code slip into portable terminal.In portable terminal, malicious code may cause various harm.For example, may and the inappropriate situation of notifying the user under, the chargeable service number set up calls out, may collect and stealing information from portable terminal, and if portable terminal support certain mobile-payment system, then may be with the purchase of paying of user's name.
The rogue program of the existing a plurality of examples of history display is to use the language of the explanation that is moved in the interpreter on another platform to write.These rogue programs interpreted environment, hosted environment or the both as target.Since the runtime environment of interpreter do not provide with the program of other explanations or with the abundant isolation of host platform, so the rogue program operation is feasible.
In the context of present patent application, will use the persistent state of isolating the program that is defined as and the separating of behavior when moving.Program can be shared their data automatically or the behavior of other programs is made a response.
The software installation procedure of isolation when the existing feature that this area professional is familiar with comprises the operation of data interlock, process, capability framework, Process identifier, interprocess communication (IPC) authentication, Trusted Computing basis, peripheral protection and operating system.
These features in the lump to program each other, program and Trusted Computing basis and program and sensory system interface isolated.Notable feature in the contemporary operating system is to put teeth in strategy at the processing border place and make this system isolate based on process isolation and program thus.Trusted Computing basis also refusal program has the ability that improves their authorities.
Checking local program in the safety is isolated each other.It means and can not authorize ability or access resources to the program of not isolating each other.If possible authorize ability, will not guarantee that so this ability " is not revealed (leak) " and given malicious code the application of not isolating each other.Basically, be the key foundation of capability framework to the isolation of using.
Security features mentioned above helps to prevent that rogue program or defective program may be to the infringements of other programs in platform, data or the system.These features have been designed such that to local program provides to use isolates.System specifications does not propose how to isolate for the program of explaining provides to use at present.The present invention proposes a kind of method that realizes this purpose.
Summary of the invention
According to a first aspect of the invention, provide the method for the interpretation of programs of the safety in a kind of electronic equipment, described method comprises: at least one shared interpreter library is provided in described electronic equipment and can carries out prototype stub; In described electronic equipment, load the program of explaining; In described electronic equipment, use the described prototype stub of carrying out to form and to carry out counterfoil; In described electronic equipment the described counterfoil of carrying out is associated with the program of described explanation, the described counterfoil of carrying out is indicated the program of described explanation to described at least one shared interpreter library and is used for explaining; For the described counterfoil of carrying out distributes at least one second ability; And in described electronic equipment, carry out the described counterfoil of carrying out.
According to a further aspect in the invention, provide a kind of electronic equipment to comprise: at least one shared interpreter library, it is configured to realize carrying out interpreter engine; The erector entity, in described electronic equipment its be configured to load explanation program, use and can carry out prototype stub and form and can carry out counterfoil, will describedly carry out that counterfoil is associated with the program of described explanation, the wherein said counterfoil of carrying out is indicated the program of described explanation to described at least one shared interpreter library and is used for explanation, distributes at least one second ability for the described counterfoil of carrying out; And the operating system entity, it is configured to carry out the described counterfoil of carrying out of realization.
The invention still further relates to a kind of computer program that comprises the code that when on data handling system, carrying out, is suitable for carrying out following steps, this step comprises: load the program of explaining, use can be carried out prototype stub formation can carry out counterfoil, this can be carried out counterfoil is associated with the program of explanation, for the program of explaining is distributed at least one second ability, with this at least one second ability with can carry out counterfoil and be associated, carry out this and can carry out counterfoil, can carry out the program that counterfoil is explained at least one shared interpreter library indication, and can carry out counterfoil and call the program that at least one function in this shared interpreter library is used to explain this explanation.
The invention still further relates to a kind of computer program that comprises the code that when on data handling system, carrying out, is suitable for carrying out following steps, this step comprises: be at least one function that is associated with described computer program of routine call of explaining, obtain information from the secure source of distributing to described computer program about the program of explaining, indicate the program of described explanation at least one shared interpreter library, described at least one shared library comprises that at least one realization is used to the function of interpreter engine of the program code of explanation, and calls the program that at least one function in the described shared interpreter library is used to explain described explanation.
In an embodiment of the invention, this method also comprises: can carry out counterfoil is the program that described at least one shared interpreter library is indicated described explanation, can carry out counterfoil and call the program that at least one function in described at least one shared interpreter library is used to explain described explanation, check whether the program code segments of external interpretation is quoted by the program of this explanation, for the program code segments of described external interpretation is inferred at least one first ability; And if described at least one second ability is not the subclass of described at least one first ability, then do not allow to carry out the program code segments of described external interpretation.
In an embodiment of the invention, if this at least one shared interpreter library further is configured to check the program whether program code segments of external interpretation is explained and quotes, infers that for the program code segments of described external interpretation at least one first ability and at least one second ability are not the subclass of described at least one first ability, then do not allow to carry out the program code segments of described external interpretation.
In an embodiment of the invention, secure source is the security catalog in the electronic equipment.Secure source for example can be that computer program code itself or its can be the catalogues of storage computation machine program.Can the filename of the program explained about the information of the program explained.Secure source can also be an operating system, and it provides the filename of the file that comprises computer program for computer program.
The program code segments that should note the term external interpretation refers to the program code segments of the explanation that is obtained beyond the program of explaining itself, for example from being different from the catalogue acquisition for the catalogue that program kept of the explanation the electronic equipment.For example, the program code segments of external interpretation can read from sharing interpreted library.The program code segments of external interpretation can also obtain by aerial transmission during the explanation of the program of explaining.At least one first ability of term refers to the competence set of the program code segments of distributing to external interpretation, for example shares interpreted library.At least one second ability of term refers to the competence set that can carry out counterfoil.Should notice that single ability may comprise a plurality of independently operating systems, data communication or about the operation or the function of electronic device management.In other words, reason for convenience, a plurality of functions can be grouped into single ability.Program or a program code can be associated with competence set.If those do not authorize the ability granted access then resource or function in the disabled electronic equipment of described program or program code.Ability is safeguarded by the operating system or the function of the described program of service in the electronic equipment.
In an embodiment of the invention, based on the file of the program code segments that comprises explanation in the file system of electronic equipment the position and the one at least that whether has received the program code segments of explaining from the authentic remote transmitter determine reliability category for the program code segments of explaining, and authorize level of trust based on this reliability category.
In an embodiment of the invention, the execution of arbitrary data is forbidden at least one interpreter library.It means, for example, the function that is used to carry out arbitrary data is disabled for interpreter engine.The such function of call try makes and produce mistake in interpreter engine.In an embodiment of the invention, can carry out counterfoil is independently carrying out in the process context.This is forbidden and can carry out in advance when interpreter engine is compiled as at least one shared interpreter library of generation.Then this disabled version is offered electronic equipment.
In an embodiment of the invention, the program code segments of external interpretation for example is carried in the described electronic equipment by aerial transmission from the webserver.In an embodiment of the invention, the program code segments of external interpretation is the function that comprises in the shared interpreted library of program code of explanation.The program code segments of external interpretation can also form according to arbitrary data by the program of explaining, makes the program code of explaining be sent to interpreter engine by the program of explaining itself.
In an embodiment of the invention, authorize shared interpreted library level of trust.This level of trust can be authorized automatically by the user or by the erector entity.If the erector entity is authorized level of trust automatically, then level of trust can obtain by checking the trust level information by the webserver provided.The operator may sign to trust level information.This signature may be also performed by service supplier or any other believable entity.Level of trust is used for determining at least one first ability of operating system entity level or erector entity level.
In an embodiment of the invention, load the program of explaining and comprise the program of downloading explanation from the webserver.
In an embodiment of the invention, provide at least one shared interpreter library and can carry out prototype stub and comprise from the webserver they are downloaded to electronic equipment.
In an embodiment of the invention, loading at least one shared interpreted library comprises from the webserver they is downloaded to electronic equipment.
In an embodiment of the invention, the program of using the unique identifier sign in the electronic equipment to explain.For example can use unique identifier, be used to relate to the program of explanation and can carry out counterfoil by operating system entity and erector entity.At least one second ability can be associated with this unique identifier by the operating system entity.
In an embodiment of the invention, electronic equipment comprises portable terminal.In an embodiment of the invention, electronic equipment comprises SYMBIAN TMOperating system equipment.In an embodiment of the invention, electronic equipment comprises General Packet Radio System terminal or global mobile telecommunication system.
In an embodiment of the invention, computer program is stored on the computer-readable medium.This computer-readable medium can be mobile memory card, disk, CD or tape.
In an embodiment of the invention, electronic equipment is a mobile device, for example, and laptop computer, palmtop computer, portable terminal or PDA(Personal Digital Assistant).In an embodiment of the invention, electronic equipment is desk-top computer or mainframe computer.
Beneficial effect of the present invention is about the improved reliability of the program of the explanation that loaded.The invention enables the program code of the program that is applied to explain for the defined ability of the executable program in the local operation system and each program or in interpreter performed program code, otherwise this ability is regarded as having the single any application in the local operation system of single competence set.
Description of drawings
Accompanying drawing show embodiments of the present invention and and describe and to help to explain principle of the present invention together, wherein the accompanying drawing that is comprised provides further understanding of the present invention and has formed the part of this instructions.In these accompanying drawings:
Fig. 1 shows the block diagram according to the example of the directory tree in the electronic equipment of the present invention;
Fig. 2 A and Fig. 2 B show the process flow diagram of method of the interpretation of programs of the safety in one embodiment of the present invention; And
Fig. 3 shows the block diagram according to electronic equipment of the present invention.
Embodiment
At length with reference to embodiments of the present invention, the example of these embodiments is shown in the drawings now.
Fig. 1 shows the block diagram according to the example of the directory tree in the electronic equipment of the present invention.This electronic equipment is shown in Figure 3.In an embodiment of the invention, this electronic equipment is SYMBIAN TMOperating system equipment.Directory tree show which to the vital file storage of this method in electronic equipment according to the present invention and their mutual relationship how.Root node 100 is arranged among Fig. 1, and it is connected with sub-directory 101,102 and 103.Sub-directory 101 stores binary files, it realizes interpreter.Interpreter for example can be Java interpreter, Perl interpreter, PHP interpreter or Python interpreter.File 111,112 and 113 is arranged in the sub-directory 101.File 111 comprises the engine that is used for interpreter, the bytecode that its direct executive routine source code or execution have used compiler to generate.The program code that program's source code of being explained by interpreter engine or bytecode are called explanation hereinafter.Compiler adopts human-readable source code and compiles it as bytecode.But, it should be noted that bytecode can be any intermediate language that can be carried out by interpreter engine.This intermediate language can be to carry out preferred any form for machine.Intermediate language not necessarily must comprise the operation code of a byte-sized.Basically file 111 is dynamic link library (DLL), and it comprises the function that is used to carry out interpreter engine.File 112 is to carry out stub interpreter, and when it was performed, it finally called the interpreter engine that places file 111.In case the program of explaining is installed to electronic equipment, then file 113 forms by file 112.
Sub-directory 102 comprises a program, and it will use interpreter engine and be explained.Sub-directory 102 comprises file 121, and it comprises the program of explanation.Composition<SID in the subdirectory name〉expression secure identifier (SID), it has been assigned to the program of explanation.This SID identifies the program of explanation uniquely and makes and gives the program of explaining with capability distribution.Ability is represented can be by the operation system function of using the application call that SID identified or the set of operation system function.The example of ability comprises the ability of setting up and for example communicating with the remote internet server on telecommunication network, and visit is stored in the ability of the file on the electronic equipment.Single ability can comprise a plurality of correlation functions and operation.For example, all functions relevant with the IP socket can comprise single ability.Other abilities can relate to power management, pass through BLUETOOTH TM(bluetooth) or ultrared local communication and the operation of rudimentary wireless protocols.
Sub-directory 103 comprises shared library, and it comprises the function of calling by the program of the explanation of the program that for example is stored in the explanation in the file 121.Shared library is stored in the file 131.Sub-directory 132 also comprises strategy file, and how its control manages the strategy of shared library in electronic equipment.How strategy file manages/resource/<lang if will defining〉catalogue and how creating is used for the lang-<version-at certain script bootstrapping interpreter 〉-stub-interpreter.exe.The beneficial effect of usage policy defined file is not have the specific alien code of interpreter to carry out in the environment of software installation procedure.The strategy of all interpreters can also be by cross reference and inspection mistake and conflict before they are implemented.The strategy support that needs in this case also can be very simple.Be to share interpreted library and distribute level of trust, in other words, allow to be used for the set of the ability of storehouse function.The set of this ability be determine by the operator or determine by the user.Under the situation that the operator determines, when file is indicated ability to electronic equipment when the webserver is downloaded.This ability is verified, and for example, makes and uses operator's digital signature that they are carried out mark.Under the situation that the user determines, which ability the prompting user indicates allow to be used for the storehouse.Which functional tested mistake is assigned to the ability of sharing interpreted library should reflect and therefore be considered to reliable under the situation in this storehouse.For example, can think that it is safe that the storehouse downloads the file into electronic equipment, but not allow to read the file in the electronic equipment.
Fig. 2 A and Fig. 2 B show the process flow diagram of method of the interpretation of programs of the safety in one embodiment of the present invention.
In step 202, shared interpreter library comprises main interpreter code, promptly offers the interpreter engine of electronic equipment.For example, can provide shared library as the local operation system a part or when customer requirements is downloaded interpreter, can from the webserver shared library be downloaded to electronic equipment by aerial transmission.
In step 204, the prototype stub carried out that the program that is included as the single explanation of explanation must be called the function of interpreter engine offers electronic equipment.For example, can provide as the part of local operation system or when the webserver is downloaded interpreter, can carry out prototype stub and download to electronic equipment carrying out prototype stub by aerial transmission when user's request.Share the installation of interpreter library, comprise main interpreter code, and can carry out prototype stub and can independently carry out in the erector entity, this entity is stored in them in the nonvolatile memory in the electronic equipment.
In an embodiment of the invention, shared interpreted library also can be loaded into electronic equipment.This shared library can be used such as the movable storage medium of disk or CD or mobile memory card and be loaded into electronic equipment, and perhaps shared library can download to electronic equipment by aerial transmission.Sharing the installation of interpreted library can finish in independent erector entity, and this entity is stored in it in the nonvolatile memory in electronic equipment.
Alternatively, in step 206, for the shared interpreted library in the electronic equipment is authorized level of trust.Trust level specifies distribute to the set of the ability of sharing interpreted library.This authorizes decision can be based on the trust level information of any other entity signature of trusting by the operator or by electronic equipment.This is trusted by for example public key infrastructure (PKI) and trust chain foundation.The user of electronic equipment can also clearly stipulate to authorize decision via the user interface of electronic equipment.
In step 208, electronic equipment is loaded the program of explaining.For example, the program of explanation is downloaded by aerial transmission.The program of explaining may be selected from WWW page or leaf or WAP page or leaf by the user.The program of explaining is for example downloaded from the webserver, and electronic equipment has established a connection to this server.The installation of the program of explaining can be finished by the erector entity.In an embodiment of the invention, the program of explanation can also use movable storage medium or mobile memory card such as disk or CD to be loaded into electronic equipment.
In step 210, unique identifier is distributed to the program of explanation.The program of explaining can be used the function in the shared library that may download in the electronic equipment.Unique identifier obtains from issuer, and it is responsible for the application of carrying out in the electronic equipment and distributes unique identifier.
In step 212, authorize the ability of the program of explanation and in electronic equipment, determine.For example, the program code of the explanation of the program by analysis interpretation determine ability or can provided with from the webserver or unique file that is associated from the program of the explanation of movable storage medium or data structure in the regulation ability.Can also there be the program of not authorizing the explanation of ability for it.In this case, the program of explanation only is allowed to the display presentation information and uses keyboard and user interactions.
In step 214, use can be carried out prototype stub formation can carry out counterfoil.Formation can be carried out counterfoil and be used to call interpreter engine and be used to interpreter engine to determine the program of explaining.Use can be carried out prototype stub formation can carry out counterfoil.Can use the instruction that in the independent strategies file, provided to form and to carry out counterfoil, provide this document for example to be associated or be associated with the program of explaining with shared interpreted library.Can carry out the formation of counterfoil can be finished by the erector entity.
In step 216, forbid moving other programs from carrying out counterfoil.Realize that this forbids, make that for example can carry out counterfoil is the program that interpreter engine is clearly indicated pending explanation.The program of explaining is indicated by for example providing such as the filename of the program of the explanation of the file among Fig. 1 121.
In step 218, for the determined ability of explaining of program is assigned in the electronic equipment at the formed counterfoil of carrying out of step 214.Can carry out the program that counterfoil is used for expression the explanation of safety function of operation system.Owing to uses and to carry out counterfoil and call interpreter engine and provide the fact of the program of explanation, guarantee not carry out the program code of other explanations the program or function of the explanation in shared interpreted library as rendering engine.In other words, unless via carrying out counterfoil otherwise can not in interpreter engine, carry out the program of explaining.
Label " A " is illustrated in the continuation point of the method shown in Fig. 2 A in Fig. 2 B.
In step 220, be responsible for independently carrying out under the process context by the operating system of electronic equipment by carrying out the processing that counterfoil and interpreter engine explained the program of explaining.For the program of each explanation, has independently process context.
In step 222, check by interpreter engine whether this program finishes.If program does not finish, then this method proceeds to step 224.
In step 224, check by interpreter engine whether the program code of external interpretation is explained by interpreter engine.If this is the case, then method proceeds to step 226, otherwise this method proceeds to step 220.An example of the program code of external interpretation is included in the code of sharing in the interpreted library.Another example of the program code of external interpretation is the code that electronic equipment has received during the explanation of current code.
In step 226, the level of trust of the program code of external interpretation is compared with the ability that can carry out counterfoil by interpreter engine.The ability of determining to carry out counterfoil is the subclass of the ability that is associated with the level of trust of the program code of external interpretation, and the program code of this external interpretation is promptly for example shared interpreted library.Given level of trust has stipulated to distribute to the competence set of the program code of external interpretation uniquely.For example infer level of trust based on the position of program code in electronic device file system of external interpretation.For example, if this code is arranged in the trusted directory such as the catalogue of the program of explaining, perhaps be arranged in the specific trusted directory of language, then it is awarded the ability of the program of explanation at least.If can carry out the ability of counterfoil and not be the subclass of the ability that is associated with level of trust, in other words, can carry out counterfoil and have the ability that does not belong to for the competence set of the program code defined of external interpretation, then interpreter engine is thought and will be exceeded level of trust.
In step 228, whether the interpreter engine inspection exceeds level of trust.If exceed, then this method proceeds to step 230.Otherwise this method proceeds to step 220.
In step 230, interpreter engine does not allow program implementation.Can suitable error message be provided and stop to carry out the execution of counterfoil to the user.
Fig. 3 shows the block diagram according to electronic equipment 300 of the present invention.Electronic equipment 300 comprises first memory (not shown) and second memory (not shown).First memory is that volatibility RAM working storage and second memory are nonvolatile memories.In an embodiment of the invention, first and second storeies are same storeies, and it is non-volatile.Electronic equipment also comprises the processor (not shown).
Have square frame 302 in Fig. 3, it shows the software in the electronic equipment.This software comprises operating system entity 316, erector entity 304 and communication entity 306 at least.This software can also comprise interpreter engine 310 and the counterfoil carried out 308 that is associated with interpreter engine 310.The program code of the explanation of the program of the explanation of the program 312 that interpreter engine 310 execution are used for for example explaining.The program of explaining can use at least one to be stored in function in the shared library 314.Shared library 314 is included in the function of stipulating in the program code of the performed explanation of interpreter engine 310.Shared library 314 can also be included in the function of defined in the local machine code of electronic equipment.Can carry out the example of program that counterfoil 308 is used for calling the given explanation of interpreter engine 310.There is not the program of other explanations can use the same counterfoil of carrying out in interpreter engine 310, to be called.Communication entity 306 is finished the task of relating to communication in the electronic equipment.It comprises be used for wave point communication and with the protocol stack of the remote network communication of for example the Internet.When communication entity 306 during, provide it to erector entity 304 from program 312 that telecommunication network receive to be explained.Erector entity 304 stores the program of explaining 312 into electronic device non-volatile memory.Erector entity 304 is created the specific counterfoil carried out for the program of explaining 312.In an embodiment of the invention, when the program of explaining 312 was installed in the nonvolatile memory in the electronic equipment 300, erector entity usage policy file formed necessary file.When shared library downloaded to electronic equipment 300, erector 304 can also be responsible for the installation and the configuration of the shared library 314 in the nonvolatile memory.Similarly, when interpreter downloaded to electronic equipment 300, the erector entity can also be responsible for installing and dispose the prototype stub in interpreter engine 310 and the nonvolatile memory.Operating system entity 316 or erector entity 304 can be responsible for the program of shared library and explanation and distribute level of trust and ability.In an embodiment of the invention, erector entity 304 is performed application in the electronic equipment 300.In an embodiment of the invention, can carry out counterfoil 308 is performed application in the electronic equipment 300 under the operating system entity 306.Interpreter engine 310 is the dynamic link libraries in the local machine code of electronic equipment 300.Function is called from dynamic link library by carrying out counterfoil 308.
Describe an embodiment of the invention hereinafter, method wherein of the present invention is applied to SYMBIAN TMIn the operating system environment.The application of explaining each other with the importance of the isolation of main platform than the data of controlling by the program of these explanations and provided functional important.If only a program is that interpreter is carried out, then impliedly carries out to use and isolate.
Situation when using single interpreter to carry out major applications is used to isolate and is become crucial.A large amount of platform safety work will become redundancy, and interpreter is application platform safety improperly.This will leave rogue program for the valuable data of the program of other explanations ability as target.
Microsoft macrovirus problem is the example of worst case of the possible range of this kind problem.If the environment (for example Word, Excel) that program is moved wherein is dangerous, whether safety is unimportant for then main operating system.
Integratedly mean that the importance with the syntax and semantics of security of operating system platform offers the program of explanation.Need following feature: the program of explanation must have unique identification, the program of explaining must have the privately owned catalogue of itself, shared code library must have level of trust and level of trust must be managed as independent program, the program of explaining must have the competence set of distributing to it, the program of each explanation must be carried out in the detached process environment, and the program of explaining must be limited by its competence set.
This solution is mapped to the program of explaining on the local operation system platform safety in this mode that will be considered to the local operation system program basically.The another one beneficial effect is that it has kept being similar to when capability distribution and gives user experience under the situation of local program.This solution also not solve how to be shared assignment of code level of trust.This will discuss in next part.
The design that is proposed can not thoroughly solve the independent multistage code of how level of trust being distributed to the program outside of explanation.Because this problem of underlying cause is very thorny.Most of interpretative codes provide the visit to interpreter (for example passing through eval () function among Perl or Python) in language.Therefore any I/O source can be used to provide ready-to-run (preparing operation) code (for local program also is so, but the appearance of this code will be refused authentication).
Those be can not reduce based on monitoring and code and those input data are used as data to interpreter exterior I/O.
Use stub interpreter exe that a kind of succinct method as the program additional capabilities is provided, but be to use existing operating system mechanism still not have short-cut method for importing additional capabilities arbitrarily.
Based on mentioned above, clearly be that other any sound mechanism of general destination code additional trust level all need be from the support of practice interpretation device.For this two kinds of available selections are arranged: refusal will cause the loading/operation code band ability operation of insincere code, introduce lower ability based on the code source when moving.
Adjustment capability may need to change operating system nucleus when operation.The interpreter that the solution of compromise need have an ability forbids loading and move the code from other sources except that the privately owned catalogue of script.
Catalogue/sys is the erector entity catalogue that can write only.But each program can read this catalogue.Catalogue/private/<SID〉be only can or be present in the catalogue that the program in this catalogue reads by the erector entity.The principle that electronic equipment has this catalogue of two types is meant in essence, and is not the actual name of feeling the pulse with the finger-tip record.
The beneficial effect of usage policy defined file is not have the specific interpreter foreign code to carry out in the environment of SWInstall (being software installation procedure).The strategy of all interpreters can also cross reference and inspection mistake and conflict before carrying out them.Needed in this case strategy support also is very simple.
Interpreter should have following performed therein feature:
Employed default directory is/private/<SID in script 〉.If file is not a universe can read/and writeable, then must explicit state.
Be awarded any ability (comprising user capability) if move the code and the program of privately owned catalogue outside, then forbidden/the sys/resource catalogue.A kind of method wishes to have specific " developer-switch (the developer's switching) " of forbidding this feature.
If authorized user capability, then program code only can load from privately owned catalogue of program and shared code directory.
If authorized system capability, then program code only can load from the privately owned catalogue of program.
To those skilled in the art development of technology clearly, basic thought of the present invention can be realized by variety of way.Therefore the present invention and its embodiment are not limited to example as described above; The substitute is them can change in the scope of claims.

Claims (23)

1. the method for the interpretation of programs of the safety in the electronic equipment, described method comprises:
At least one shared interpreter library is provided in described electronic equipment and can carries out prototype stub;
In described electronic equipment, load the program of explaining;
In described electronic equipment, use the described prototype stub of carrying out to form and to carry out counterfoil;
In described electronic equipment the described counterfoil of carrying out is associated with the program of described explanation, the described counterfoil of carrying out is indicated the program of described explanation to described at least one shared interpreter library and is used for explaining;
For the described counterfoil of carrying out distributes at least one second ability; And
In described electronic equipment, carry out the described counterfoil of carrying out.
2. method according to claim 1, described method also comprises:
The described counterfoil of carrying out indicates the program of described explanation to described at least one shared interpreter library;
The described counterfoil of carrying out calls the program that at least one function in described at least one shared interpreter library is used to explain described explanation;
Check whether the program code segments of external interpretation is quoted by the program of described explanation;
For the program code segments of described external interpretation is inferred at least one first ability; And
If described at least one second ability is not the subclass of described at least one first ability, then do not allow to carry out the program code segments of described external interpretation.
3. method according to claim 2, described method also comprises:
In described electronic equipment, load the program code segments of described external interpretation; And
Independently carrying out the described counterfoil of carrying out in the process context.
4. method according to claim 2, the described loading of the program code segments of wherein said explanation comprise from the webserver downloads the program code segments of described explanation to described electronic equipment.
5. method according to claim 2, described method also comprises:
For the program code segments of described external interpretation is authorized level of trust; And
Determine described at least one first ability based on described level of trust.
6. method according to claim 5, described method also comprises:
Based on the file of the program code segments that comprises explanation position and the program code segments of the described explanation one at least among whether having received in the file system of described electronic equipment, for the program code segments of described explanation is determined reliability category from the trusted remote transmitter; And
Authorize described level of trust based on described reliability category.
7. method according to claim 1, the described loading of the program of wherein said explanation comprises the program of downloading described explanation from the webserver.
8. method according to claim 1, wherein said described at least one shared interpreter library and the described prototype stub of carrying out of providing comprises from the webserver and downloads described at least one shared interpreter library and the described prototype stub of carrying out to described electronic equipment.
9. method according to claim 1 wherein uses unique identifier in the described electronic equipment to identify the program of described explanation.
10. method according to claim 1, wherein said electronic equipment is a portable terminal.
11. method according to claim 1, wherein said electronic equipment are SYMBIANTM operating system equipment.
12. method according to claim 1, wherein said electronic equipment are General Packet Radio System terminal or global mobile telecommunication system.
13. an electronic equipment comprises:
At least one shared interpreter library, it is configured to realize interpreter engine;
The erector entity, in described electronic equipment its be configured to load explanation program, use and can carry out prototype stub and form and can carry out counterfoil, will describedly carry out the counterfoil wherein said counterfoil of carrying out that is associated with the program of described explanation and the program of described explanation is indicated to described at least one shared interpreter library be used for explanation, distribute at least one second ability for the described counterfoil of carrying out; And
The operating system entity, it is configured to carry out the described counterfoil of carrying out.
14. electronic equipment according to claim 13, wherein said at least one shared interpreter library also is configured to
Check whether the program code segments of external interpretation is quoted by the program of explaining,
For the program code segments of described external interpretation is inferred at least one first ability, and
If at least one second ability is not the subclass of described at least one first ability, then do not allow to carry out the program code segments of described external interpretation.
15. comprising from the webserver, electronic equipment according to claim 14, the program code segments of described at least one explanation of wherein said loading download the program code segments of described at least one explanation to described electronic equipment.
16. electronic equipment according to claim 14, wherein said erector entity also is configured to load the program code segments of described external interpretation in described electronic equipment, and described operating system entity also is configured to independently carrying out the described counterfoil of carrying out in the process context.
17. electronic equipment according to claim 14, wherein said at least one shared interpreter library also is configured to authorize level of trust to the program code of described external interpretation, and determines described at least one first ability based on described level of trust.
18. electronic equipment according to claim 13, the program of the described explanation of wherein said loading comprises the program of downloading described explanation from the webserver.
19. electronic equipment according to claim 13, wherein said erector entity also are configured to download described at least one shared interpreter library and the described prototype stub of carrying out to described electronic equipment from the webserver.
20. electronic equipment according to claim 13, wherein said operating system entity also are configured to use unique identifier to identify the program of described explanation.
21. electronic equipment according to claim 13, wherein said electronic equipment is a portable terminal.
22. electronic equipment according to claim 13, wherein said electronic equipment are SYMBIANTM operating system equipment.
23. electronic equipment according to claim 13, wherein said electronic equipment are General Packet Radio System terminal or global mobile telecommunication system.
CNB2005800402047A 2004-11-24 2005-11-24 Method for the secure interpretation of programs in electronic devices Expired - Fee Related CN100487714C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US99680104A 2004-11-24 2004-11-24
US10/996,801 2004-11-24
FI20041517 2004-11-25

Publications (2)

Publication Number Publication Date
CN101065756A CN101065756A (en) 2007-10-31
CN100487714C true CN100487714C (en) 2009-05-13

Family

ID=38965730

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2005800402047A Expired - Fee Related CN100487714C (en) 2004-11-24 2005-11-24 Method for the secure interpretation of programs in electronic devices

Country Status (1)

Country Link
CN (1) CN100487714C (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101500512B1 (en) * 2013-05-15 2015-03-18 소프트캠프(주) Device and method for securing computer
CN108664791B (en) * 2017-03-29 2023-05-16 腾讯科技(深圳)有限公司 Method and device for detecting back door of webpage in hypertext preprocessor code
CN109213535A (en) * 2018-07-31 2019-01-15 深圳点猫科技有限公司 A kind of method and electronic equipment of the program quick start based on education operating system

Also Published As

Publication number Publication date
CN101065756A (en) 2007-10-31

Similar Documents

Publication Publication Date Title
TWI236298B (en) Application level access privilege to a storage area on a computer device
JP5061908B2 (en) Program execution control method and apparatus, and execution control program
EP2549380B1 (en) Information processing device, virtual machine generation method, and application software distribution system
EP1465041B1 (en) Communication device, method and program for checking sofware execution permission
ES2465967T3 (en) System and method of signing by software code
US20140189880A1 (en) System and method for administrating access control rules on a secure element
CN102473220B (en) Information processing device, information processing method, and program distribution system
EP2302549B1 (en) Platform security apparatus and method thereof
KR100883699B1 (en) Execution of unverified programs in a wireless device operating environment
CN107220083A (en) Exempt from the method and system of installation and operation application program in a kind of Android system
US7444624B2 (en) Method for the secure interpretation of programs in electronic devices
CN104680075B (en) Frame for the fine-granularity access control permitted from high-level application program
CN100489767C (en) Communicating device
CA2408522C (en) Software-defined communications system execution control
US20130227652A1 (en) Terminal and method for assigning permission to application
CN102955915B (en) A kind of Java application safety access control method and device thereof
JP2005531831A (en) Mobile wireless device having a protected file system
CN100487714C (en) Method for the secure interpretation of programs in electronic devices
US10025575B2 (en) Method for installing security-relevant applications in a security element of a terminal
CN112559980A (en) Applet operation capable of embedding numerous arbitrary APPs
KR100890251B1 (en) System for patching of applet and method thereof
Lee et al. Is your android app insecure? patching security functions with dynamic policy based on a java reflection technique
JP4638505B2 (en) Safe program interpretation method in electronic devices
Kasatkin Mobile simplified security framework
Martinelli et al. A runtime monitoring environment for mobile Java

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20090513

Termination date: 20091224