CN102184372B - Reverse-sandbox-based mobilephone payment protection method - Google Patents
Reverse-sandbox-based mobilephone payment protection method Download PDFInfo
- Publication number
- CN102184372B CN102184372B CN2011101393818A CN201110139381A CN102184372B CN 102184372 B CN102184372 B CN 102184372B CN 2011101393818 A CN2011101393818 A CN 2011101393818A CN 201110139381 A CN201110139381 A CN 201110139381A CN 102184372 B CN102184372 B CN 102184372B
- Authority
- CN
- China
- Prior art keywords
- program
- untrusted
- sandbox
- defence
- mobile phone
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention provides a reverse-sandbox-based mobilephone payment protection method, comprising the following steps: 1. classifying application programs on the operating system of an Android mobile phone according to the file identification strategy; and 2. stopping non-trusted program and running a protection program on the basis of a reverse sandbox, and starting the non-trusted program after the protection program is running over. The invention further provides an encrypted file system, and all reading and writing of the protection program are redirected to the file system.
Description
Technical field
The present invention relates to the computer security technique field, more specifically, the present invention relates to a kind of Mobile phone payment protection method based on reverse sandbox.
Background technology
Continuous growth along with 3G subscription, the convenience of mobile phone mobile payment more and more develops rapidly, and have a high potential, this emerging shopping mode of mobile payment is not only the extension of shopping at network, more becomes one of symbol of city young crowd's fast pace life style.But a large bottleneck of mobile-phone payment is that the cellphone subscriber relates to the worry of payment transaction security for these.
For the cellphone subscriber, virus is ubiquitous problem, a kind of typical attack mode is to send the Email of include file annex to undefended user, annex comprises malicious code, induce the user to enable this annex by Email, the entrained attack code of this annex will be revised cellphone subscriber's file or obtain these files.
Another kind is the application program viroid, when these application programs are carried out, revises user's file or catches confidential information entrained in these files.
For the process of exchange of mobile-phone payment, the stage control of its security mainly can be divided into: 1, the safety of server end, 2, the transmission security of transaction data, 3, the safety of mobile phone this locality.For 1 and 2, can use the safety technique of traditional network trading to solve the problem of security.But for 3, the safety of mobile phone this locality is the reliable solution of neither one at present.
The safety of mobile phone this locality refers to the safety of user mobile phone end, and main security threat is: 1) keyboard is monitored, and rogue program obtains user's the information such as bank cipher by the input of monitoring keyboard; 2) other application programs of unauthorized access is data cached, and malice is accessed the local cache data of other application programs, thereby reaches the purpose of stealing customer transaction information.
Summary of the invention
For overcoming defects of the prior art, the present invention proposes a kind of Mobile phone payment protection method based on reverse sandbox.
According to an aspect of the present invention, proposed a kind of Mobile phone payment protection method based on reverse sandbox, having comprised: step 1, according to the file identification strategy, the application program on the Android mobile phone operating system is classified; Step 2 stops untrusted based on reverse sandbox and appoints program and running protection program, after the defence program end of run, enables untrusted and appoints program.
Another aspect according to the application provides a kind of Mobile phone payment protection method, comprising: the file system of an encryption is provided, and all read-writes of defence program all are redirected to this document system.Wherein, also comprise: the storage that any read-write of this document system all is encrypted; Utilize the ptrace function to come this defence program of attach, intercept and capture the system call of all read and writes of this defence program; To the path of being revised as secure file system of calling in the path of actual file system, continue the operation of program.
By using the present invention, thereby realize the local security of application program of mobile phone, guarantee that this application program neither can be monitored by other application programs in operational process, and the data cached of application program can be protected also.
Description of drawings
Fig. 1 illustrates the operations according to the instant invention schematic flow sheet.
As shown in the figure, in order clearly to realize structure or the method for embodiments of the invention, various sizes and block diagram have been marked in the drawings, but should only need for signal by mark, be not that intention limits the invention under this specific dimensions, according to specific needs, those of ordinary skill in the art can be with these adjusted size, modification, and the adjustment of carrying out and modification still are included in the scope of accompanying claim.
Embodiment
Below in conjunction with the drawings and specific embodiments, a kind of Mobile phone payment protection method based on reverse sandbox provided by the invention is described in detail.
" embodiment " who mentions in instructions or " embodiment " mean that special characteristic, structure or the characteristic described in conjunction with described embodiment are at least one embodiment of the present invention involved.Therefore, the phrase that appears at the diverse location in whole instructions " " needs not to be and all points out in present same embodiment in one embodiment.
Described below is that mode with mathematical algorithm or symbolic representation presents, and these arthmetic statements are means of being used by the technician, conveys to those skilled in the art with the most effective mode essence of working.In the following description, the feature of these embodiment, structure and logic can be included in other embodiments.
The invention provides and be some storage instruction or computing flow processs, these instructions or flow process can be programmed to carry out comprising on the mobile terminal of mobile phone.In other embodiments, these process steps can be useful on the specialized hardware of carrying out these steps and form, and perhaps carry out realization by electronic package.
Generally speaking, for these security threats mentioned in background technology, the application passes through to set up " green channel " technology guarantees the safety of cell-phone customer terminal.The green channel technology that the application is referred to as comprises two safety techniques: 1) based on the technology of reverse sandbox, guarantee can not monitored by rogue program in the application program operational process; 2) local file system of safety, guarantee that other rogue programs can't be by the data cached purpose of stealing user profile that reaches of read local.
In the first embodiment of the application, provide the method for security protection based on the mobile-phone payment of reverse sandbox.Traditional sandbox technology is that the program that certain is monitored is placed in the system environments of an isolation, and operation comprises the program of risk program in sandbox.The operation risk program, have no effect to real system in sandbox.
The reverse sandbox technology that the present invention adopts, critical applications is placed on outside sandbox, appoints program to be placed in sandbox untrusted, these untrusteds appoint program to move in enclosed environment or out of service, can't enter kernel state by system call, also just can't access system resources.The critical applications of like this, moving (for example client of Mobile banking) operates in the environment of a safety naturally.
The method of the first embodiment of the application comprises: step 1, according to the file identification strategy, the application program on the Android mobile phone operating system is classified; Step 2 stops untrusted based on reverse sandbox and appoints program and running protection program, after the defence program end of run, enables untrusted and appoints program.
Particularly, in step 1, according to the file identification strategy, the application program on the Android mobile phone operating system is classified.In one embodiment, at first the program in the Android system is divided into the trusted program, untrusted is appointed program and defence program.
Wherein, the trusted program refers to the program that the user can trust, and is generally system program, as some system programs that carry on the Android cell phone system, and note for example, address list etc.;
Wherein, untrusted appoints program to refer to the fly-by-night program of user, typically refers to third party's program that the user installs voluntarily, as the game etc.;
Wherein, defence program is cellphone subscriber's key procedure that will move namely, the program that need to protect, for example client of Mobile banking.
In addition, this three class methods user can be configured voluntarily, can be that untrusted is appointed program with a trusted programming as the user.
Particularly, in step 2, stop untrusted based on reverse sandbox and appoint program and running protection program, after the defence program end of run, enable untrusted and appoint program.Wherein, in one embodiment, before user's running protection program, scan current all processes of moving, for each process, appoint program if this process belongs to untrusted, stop this process to enter the kernel state of operating system.Because the process that stops untrusted to be appointed enters kernel state, the process that these untrusteds are appointed also just can't be accessed the resource of any system.
For Android (Android) mobile phone operating system, can utilize and call ptrace () system function and realize stoping this process to enter the kernel state of operating system.Particularly, the process of appointing for each untrusted, call ptrace (PTRACE_ATTACH, pid ...) and come the upper process of attach, .pid be the id of process, then call ptrace (PTRACE_SYSCALL, pid ...), can be suspended when this process is carried out system call in next time, can not enter the kernel state of operating system.
Then, restart defence program (as the client of bank), only having in this state defence program and program trusty can enter kernel state existing, access system resources, thus guaranteed the safety of protected program.
When the user executes defence program, after withdrawing from defence program, reverse sandbox program allows these processes to enter the kernel state of operating system each untrusted being appointed process send order.
Specific on the Android mobile phone, for the process that each untrusted is appointed, call ptrace (PTRACE_DETACH, pid ...) and come this process of detach, this process can enter kernel state.
The implementation procedure of step 2 is further described with program language:
A), current all programs of moving of scanning, if this program belongs to untrusted and appoints program, reverse sandbox program is utilized upper this process of ptrace () system call attach, and PTRACE_SYSCALL is set, and namely stops this process before next system call;
B), then, reverse sandbox program start defence program makes and only has defence program and program trusty can enter kernel state, access system resources;
C), after the user executes defence program; reverse sandbox program is appointing the process of program to send the order of PTRACE_CONT to each untrusted; allow these processes to carry out; then the reverse sandbox program order of sending PTRACE_DETACH; these processes of detach, these programs can continue to run until in kernel.
In another embodiment of the present invention, this technology is processed at kernel state, particularly, loads a module in kernel, and this module is revised subsystem call table, changes the subsystem call table of oneself into.
When kernel carried out system call at every turn, whether the caller that checks this system call was in credible program listing, or defence program.Trusted program or defence program, allow to call in this way; If not, directly return, do not allow to call.
But the kernel version of each Android mobile phone is too many, and the mechanism of module verification is arranged on Linux simultaneously, causes the versatility of this solution too poor, also is not so good as the reverse sandbox technology of the process attitude in the first embodiment on operational efficiency.
In the application's the 3rd embodiment, a kind of document handling method of mobile phone terminal is provided, the method provides the file system of an encryption, and all read-writes of defence program all are redirected to this document system.
The method of the application the 3rd embodiment comprises: step 1, safeguard a virtual secure file system, the storage that any read-write of this document system all is encrypted; Step 2 utilizes the ptrace function to come this defence program of attach, intercepts and captures the system call of all read and writes of this defence program; Step 3, first parameter of system call this moment is the path of actual file system, function is revised as this constant the path of secure file system dynamically, then continues the operation of program.
Like this, defence program has just write secure file system with it, because this secure file system is stored through encrypting, thereby makes the data cached of third party application be protected.The developer of defence program need not consider the existence of secure file system and carry out extra processing in addition, thereby has alleviated developer's burden.
Further, the 3rd embodiment can also with the combination in addition of the processing mode in the first embodiment, on the basis of this document system, provide new Mobile phone payment protection method, the method comprises: step 1, according to the file identification strategy, the application program on the Android mobile phone operating system is classified; Step 2 stops untrusted based on reverse sandbox and appoints program and running protection program, after the defence program end of run, enables untrusted and appoints program.
With the program in the Android system be divided into the trusted program, untrusted is appointed program and defence program, the trusted program refers to the program such as the users to trust of system program; Untrusted appoints program to refer to third party's program that the user installs voluntarily; Defence program is the key procedure such as Mobile phone payment client that the cellphone subscriber will move.
For the processing procedure of above-mentioned steps 1 and 2, can with reference to flow process and the parameter of the first embodiment, repeat no more herein.
In the 4th embodiment according to the application, the first embodiment and the 3rd embodiment can be carried out organically combination of another kind, wherein to provide be a kind of Mobile phone payment protection method based on reverse sandbox to a kind of mode, comprise: step 1, according to the file identification strategy, the application program on the Android mobile phone operating system is classified; Step 2 stops untrusted based on reverse sandbox and appoints program and running protection program, after the defence program end of run, enables untrusted and appoints program; The file system of an encryption is provided in the method, and all read-writes of defence program all are redirected to this document system, the storage that any read-write of this document system all is encrypted; Utilize the ptrace function to come this defence program of attach, intercept and capture the system call of all read and writes of this defence program; To the path of being revised as secure file system of calling in the path of actual file system, continue the operation of program.
Particularly, in embodiment 4, the detailed description of step 1 and 2 can with reference to the first embodiment and the 3rd embodiment, be repeated no more herein.
It should be noted that at last, above embodiment is only in order to describe technical scheme of the present invention rather than the present technique method is limited, the present invention can extend to other modification, variation, application and embodiment on using, and therefore thinks that all such modifications, variation, application, embodiment are in spirit of the present invention and teachings.
Claims (8)
1. Mobile phone payment protection method based on reverse sandbox comprises:
Step 1 is classified the application program on the Android mobile phone operating system according to the file identification strategy;
Step 2 stops untrusted based on reverse sandbox and appoints program and running protection program, after the defence program end of run, enables untrusted and appoints program;
Wherein, reverse sandbox refers to: appoint program to be placed in sandbox untrusted, make untrusted appoint program to move in enclosed environment or out of service, can't enter kernel state by system call, thereby guarantee that the defence program that is moving operates in safe environment naturally;
Wherein, step 2 also comprises, before user's running protection program, scans current all processes of moving, for each process, appoints program if this process belongs to untrusted, stops this process to enter the kernel state of operating system.
2. method claimed in claim 1, wherein, the operation of the running protection program in step 2 also comprises step 21: the file system of an encryption is provided, and all read-writes of defence program all are redirected to this document system.
3. method claimed in claim 2, wherein, step 2 also comprises:
Step 22: the storage that any read-write of this document system all is encrypted;
Step 23: utilize the ptrace system function to come this defence program of attach, intercept and capture the system call of all read and writes of this defence program; To the path of being revised as secure file system of calling in the path of actual file system, continue the operation of program.
4. method claimed in claim 1, wherein, in step 1, with the program on the Android mobile phone operating system be divided into the trusted program, untrusted is appointed program and defence program.
5. method claimed in claim 4, wherein, in step 1, wherein, the trusted program refers to the program of users to trust; Untrusted appoints program to refer to third party's program that the user installs voluntarily; Defence program is the key procedure of cellphone subscriber's Mobile phone payment client that will move.
6. method claimed in claim 4, wherein, in step 1, the user can configure the trusted program voluntarily, untrusted is appointed program and defence program.
7. method claimed in claim 1, wherein, in step 2, for the Android mobile phone operating system, calling the ptrace system function realizes stoping this process to enter the kernel state of operating system, the process of appointing for each untrusted, call ptrace (PTRACE_ATTACH, pid ... .) come this process of attach, pid is the id of process, then call ptrace(PTRACE_SYSCALL, pid ...), can be suspended when this process is carried out system call in next time, can not enter the kernel state of operating system.
8. method claimed in claim 7, wherein, in step 2, after suspending the process that untrusted appoints, the starting protection program enters kernel state, access system resources.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101393818A CN102184372B (en) | 2011-05-27 | 2011-05-27 | Reverse-sandbox-based mobilephone payment protection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101393818A CN102184372B (en) | 2011-05-27 | 2011-05-27 | Reverse-sandbox-based mobilephone payment protection method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102184372A CN102184372A (en) | 2011-09-14 |
| CN102184372B true CN102184372B (en) | 2013-06-19 |
Family
ID=44570547
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011101393818A Active CN102184372B (en) | 2011-05-27 | 2011-05-27 | Reverse-sandbox-based mobilephone payment protection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102184372B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104850785A (en) * | 2015-05-28 | 2015-08-19 | 成都中科创达软件有限公司 | Android safety intelligent auxiliary system |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102665208B (en) * | 2012-04-06 | 2016-04-13 | 中国工商银行股份有限公司 | Mobile terminal, terminal banking safety certifying method and system |
| CN103377055B (en) * | 2012-04-17 | 2015-04-08 | 腾讯科技(深圳)有限公司 | Method and device for program running in mobile terminal |
| US9424421B2 (en) | 2013-05-03 | 2016-08-23 | Visa International Service Association | Security engine for a secure operating environment |
| CN103778384B (en) * | 2014-02-24 | 2016-09-28 | 北京明朝万达科技股份有限公司 | The guard method of the virtual terminal security context of a kind of identity-based certification and system |
| CN105577375B (en) * | 2014-10-11 | 2020-07-14 | 腾讯科技(深圳)有限公司 | Identity verification method and device |
| CN104361281B (en) * | 2014-11-17 | 2017-06-09 | 西安电子科技大学 | A kind of solution of Android platform phishing attack |
| CN104468997B (en) * | 2014-12-01 | 2017-09-19 | 努比亚技术有限公司 | Encrypted state processing method and processing device |
| CN106982428B (en) * | 2016-01-18 | 2020-08-18 | 中国移动通信集团公司 | Security configuration method, security control device and security configuration device |
| CN105678165A (en) * | 2016-01-29 | 2016-06-15 | 博雅网信(北京)科技有限公司 | Sandboxing keyboard system of mobile terminal and data transmitting method of sandboxing keyboard system |
| CN106778265A (en) * | 2016-11-25 | 2017-05-31 | 上海野火网络科技有限公司 | Zygote driving stages safety defense method and device based on android system |
| CN107330324A (en) * | 2017-05-18 | 2017-11-07 | 深信服科技股份有限公司 | The method for deleting and erasing apparatus of a kind of application data |
| CN107292614A (en) * | 2017-06-28 | 2017-10-24 | 广东欧珀移动通信有限公司 | Pay class application management method, device and mobile terminal |
| CN109992362B (en) * | 2017-12-29 | 2021-08-13 | Oppo广东移动通信有限公司 | Application program processing method and device, electronic equipment and computer readable storage medium |
| CN112181540A (en) * | 2020-09-28 | 2021-01-05 | 中孚安全技术有限公司 | Method and system for realizing hook on Linux application layer |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5974549A (en) * | 1997-03-27 | 1999-10-26 | Soliton Ltd. | Security monitor |
| CN1961272A (en) * | 2004-06-29 | 2007-05-09 | 英特尔公司 | Method of improving computer security through sandboxing |
| CN101425016A (en) * | 2007-11-01 | 2009-05-06 | 珠海金山软件股份有限公司 | Method and system for operating and installing software |
| CN101937500A (en) * | 2009-06-29 | 2011-01-05 | 深圳市联软科技有限公司 | Computer terminal security protection method and system |
-
2011
- 2011-05-27 CN CN2011101393818A patent/CN102184372B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5974549A (en) * | 1997-03-27 | 1999-10-26 | Soliton Ltd. | Security monitor |
| CN1961272A (en) * | 2004-06-29 | 2007-05-09 | 英特尔公司 | Method of improving computer security through sandboxing |
| CN101425016A (en) * | 2007-11-01 | 2009-05-06 | 珠海金山软件股份有限公司 | Method and system for operating and installing software |
| CN101937500A (en) * | 2009-06-29 | 2011-01-05 | 深圳市联软科技有限公司 | Computer terminal security protection method and system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104850785A (en) * | 2015-05-28 | 2015-08-19 | 成都中科创达软件有限公司 | Android safety intelligent auxiliary system |
| CN104850785B (en) * | 2015-05-28 | 2017-12-08 | 成都中科创达软件有限公司 | A kind of android safe and intelligents accessory system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102184372A (en) | 2011-09-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102184372B (en) | Reverse-sandbox-based mobilephone payment protection method | |
| EP3665573B1 (en) | Real-time prevention of malicious content via dynamic analysis | |
| CN102222292B (en) | Mobile phone payment protection method | |
| EP3107024B1 (en) | System and method of restoring modified data | |
| EP3029593B1 (en) | System and method of limiting the operation of trusted applications in the presence of suspicious programs | |
| US7975308B1 (en) | Method and apparatus to secure user confidential data from untrusted browser extensions | |
| EP2795829B1 (en) | Cryptographic system and methodology for securing software cryptography | |
| CN110637301B (en) | Reducing disclosure of sensitive data in virtual machines | |
| CN101667232B (en) | Terminal credible security system and method based on credible computing | |
| EP3270318B1 (en) | Dynamic security module terminal device and method for operating same | |
| Mohsen et al. | Android keylogging threat | |
| CN102195940A (en) | Virtual-machine-technology-based data security input and submission method and system | |
| Zheng et al. | TrustPAY: Trusted mobile payment on security enhanced ARM TrustZone platforms | |
| CN110008693A (en) | Security application encrypts ensuring method and device and system and storage medium | |
| Sikder et al. | A survey on android security: development and deployment hindrance and best practices | |
| US9219728B1 (en) | Systems and methods for protecting services | |
| Omar et al. | Android application security | |
| Yang et al. | Eavesdropping user credentials via GPU side channels on smartphones | |
| Flynn et al. | Smartphone security | |
| Lima et al. | Security for mobile device assets: A survey | |
| Schneider et al. | Mobile devices vulnerabilities | |
| CN102819694A (en) | TCM (trusted cryptography module) chip, virus scanning method and device for operating TCM chip | |
| CN105975860B (en) | A kind of trust file management method, device and equipment | |
| Mu et al. | Android mobile security–threats and protection | |
| CN114730338A (en) | System and method for discovering application tampering |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CB03 | Change of inventor or designer information |
Inventor after: Han Zhigang Inventor after: Chen Biao Inventor before: Chen Biao |
|
| COR | Change of bibliographic data | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100027 Sanlitun, No. 8, No. 8 North Road North Road, worker's Stadium, Beijing City, Beijing 1907 Patentee after: Beijing Bang Bang Safety Technology Co. Ltd. Address before: 100027 Sanlitun, No. 8, No. 8 North Road North Road, worker's Stadium, Beijing City, Beijing 1907 Patentee before: Yangpuweiye Technology Limited |
|
| CP01 | Change in the name or title of a patent holder |