[0020] Hereinafter, exemplary embodiments of the present disclosure will be described in more detail with reference to the accompanying drawings. Although the drawings show exemplary embodiments of the present disclosure, it should be understood that the present disclosure can be implemented in various forms and should not be limited by the embodiments set forth herein. On the contrary, these embodiments are provided to enable a more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.
[0021] figure 2 It shows another schematic diagram of the interactive work between the browser and the plug-in. Such as figure 2 As shown, the plug-ins are divided into trusted plug-ins and untrusted plug-ins. Specifically, trusted plug-ins are plug-ins that have passed browser security certification, such as plug-ins developed by browser manufacturers themselves; untrusted plug-ins are plug-ins that have not passed browser security certification, such as plug-ins developed by third parties. The plug-in manager can manage these two plug-ins separately, and different types of plug-ins run in different threads. Specifically, the trusted plug-in runs in the main thread, and the untrusted plug-in runs in the child thread. In this technical solution, the security of plug-ins is differentiated, but it still cannot prevent the security risks of untrusted plug-ins and the problem of slow running speed of plug-ins due to the slow speed of reading/writing and uploading/downloading files.
[0022] image 3 It shows a flowchart of a method 100 for a browser to invoke a plug-in according to an embodiment of the present invention. Such as image 3 As shown, the method 100 starts at step S101, which is an import step, where when the browser calls the plug-in, the behavior involving input/output (hereinafter referred to as I/O) operations in the plug-in is imported into the I/O device , The I/O device maintains a list of operation permissions. In this method, the plug-in manager of the browser provides an interface for the plug-in. When the browser calls the plug-in, the plug-in manager imports the behaviors related to I/O operations in the plug-in to the I/O device for unified processing. The I/O device is an independent functional module in the plug-in manager, which controls the operation of the plug-in to local resources and prevents the security risks caused by the plug-in. Optionally, the plug-in manager intercepts the behavior involving I/O operations in the plug-in, and imports the behavior into the I/O device for processing. An operation authority list is maintained in the I/O device. Optionally, the operation authority list records the corresponding relationship between the dangerous function and the plug-in that can call the dangerous function, where the dangerous function is a function related to the I/O operation.
[0023] Subsequently, the method 100 proceeds to step S102, where the I/O device determines whether the plug-in has the authority to perform I/O operations according to the operation authority list, if so, execute step S103; otherwise, execute step S104. The I/O device obtains the dangerous function related to the imported I/O operation, queries the operation authority list, and obtains the plug-in that can call the dangerous function. The I/O device determines whether the plug-in belongs to the range of the plug-in that can call the dangerous function. If it belongs, it indicates that the plug-in has the authority to perform I/O operations; if it does not belong, it indicates that the plug-in does not have the authority to perform I/O operations. It should be understood that the operation permission list of the present invention is not limited to recording the corresponding relationship between the dangerous function and the plug-in that can call the dangerous function, but can also record other forms of operation rights, such as directly recording the plug-in and the I /O operation, or record the corresponding relationship between the dangerous function and the plug-in that cannot call the dangerous function. Correspondingly, the specific execution mode of step S102 is also adjusted accordingly, which is not limited in the present invention.
[0024] In step S103, the I/O device performs an I/O operation. The I/O device determines that the plug-in has the authority to perform I/O operations, and the I/O device performs read/write operations or upload/download operations on local resources.
[0025] In step S104, the I/O device prohibits the execution of the I/O operation. The I/O device determines that the plug-in does not have the authority to perform I/O operations and prohibits the execution of I/O operations.
[0026] In this document, the above-mentioned step S102, step S103, and step S104 are referred to as the first I/O operation step.
[0027] According to the method for the browser to call the plug-in provided in this embodiment, when the browser calls the plug-in, the behavior of the I/O operation in the plug-in is imported into a separate I/O device, and the I/O device is based on the operation authority maintained by it. List, determine whether the plug-in has the authority to execute the I/O operation, and if it has the authority, the I/O device will execute the I/O operation, otherwise the I/O operation is prohibited. In this method, an I/O device is used to control the I/O operation of the plug-in to the local resource, and to prevent the potential safety hazard caused by the plug-in. Moreover, this method separates slower I/O operations from other threads and executes them by the I/O device, without affecting the running speed of other functions of the plug-in, and improving the execution efficiency of the plug-in.
[0028] Figure 4 A flowchart of a method 200 for a browser to invoke a plug-in according to another embodiment of the present invention is shown. In the method 200, plug-ins are divided into trusted plug-ins and untrusted plug-ins for different processing. Such as Figure 4 As shown, the method 200 starts at step S201, which is a determination step, in which the plug-in manager of the browser determines whether the plug-in is an untrusted plug-in, if so, execute step S203; otherwise, execute step S202. In this method, the plug-in manager of the browser provides interfaces for trusted plug-ins and untrusted plug-ins, and the plug-in manager maintains a list of trusted plug-ins and/or a list of untrusted plug-ins. When the browser calls the plug-in, the plug-in manager determines whether the plug-in is a trusted plug-in or an untrusted plug-in according to the list of trusted plug-ins and/or the list of untrusted plug-ins. If it is a trusted plug-in, execute step S202; if it is untrusted Plug-in, step S203 is executed.
[0029] In step S202, a trusted plugin is run in the main thread.
[0030] In step S203, the untrusted plug-in is run in the child thread.
[0031] During the execution of step S202 and step S203, the method 200 proceeds to step S204, where the plug-in manager imports the trusted plug-in and/or the behavior related to the I/O operation of the untrusted plug-in to the I/O device. The I/O device is an independent functional module in the plug-in manager. Specifically, the I/O device runs in a separate I/O thread. Optionally, the plug-in manager intercepts the behavior involving I/O operations in the trusted plug-in and/or untrusted plug-in, and imports the behavior into the I/O device for processing.
[0032] Optionally, the I/O device provides a unified I/O interface for I/O operations of all plug-ins. When developing a plug-in, the developer must pay attention to the I/O operation that the plug-in needs to perform must call the unified I/O interface. If the I/O device intercepts the I/O operation performed by the plug-in without invoking the unified I/O interface, the I/O operation is prohibited to be executed. For the specific execution process, refer to step S205. It should be understood that step S205 is an optional step. When the I/O operation of the plug-in is not required to call the unified I/O interface, this method does not include step S205.
[0033] After step S204, the method 200 proceeds to step S205, the I/O device determines whether the plug-in I/O operation calls a unified I/O interface, if yes, execute step S206, otherwise, execute step S208.
[0034] In step S206, the I/O device queries the plug-in manager to determine whether the plug-in is a trusted plug-in or an untrusted plug-in. If the plug-in is an untrusted plug-in, perform step S207; if the plug-in is a trusted plug-in, perform step S209 .
[0035] In step S207, the I/O device determines whether the untrusted plug-in has the permission to perform I/O operations according to the operation permission list, if yes, execute step 209; otherwise, execute step 208. An operation authority list is maintained in the I/O device, and the operation authority list can be copied in a designated installation directory in the form of a data file during the browser installation. For example, the operation authority list can be in .dat format, which is encrypted and distributed to the browser.
[0036] Optionally, the operation permission list records the correspondence between the dangerous function and the plug-in that can call the dangerous function, where the dangerous function is a function related to the I/O operation. Table 1 shows an example of the operation authority list.
[0037] Table 1. List of operation permissions
[0038] Hazard function
[0039] The dangerous functions listed in Table 1 are all system-level functions of the operating system. Among them, RegOpenKey, RegOpenKeyEx, RegCreateKey and RegCreateKeyEx are registry creation operation functions; RegSetValue and RegSetKeyValue are registry modification operation functions; CreateFile is a file creation operation function; DeleteFile is a file deletion operation function; MoveFile is a move file operation function.
[0040] As can be seen from Table 1, Flash.ocx allows all security operations; Unity.ocx only allows registry operations; reader.ocx allows file operations; music.ocx allows file operations.
[0041] If an untrusted plug-in A.ocx wants to modify the registry entries related to the browser configuration, the I/O device queries the list of operation permissions (Table 1), and the plug-ins that can call the registry modification operation function are Flash.ocx and Unity. ocx, the I/O device judges that A.ocx is not among them, indicating that A.ocx does not have the right to modify.
[0042] If the untrusted plug-in music.ocx wants to create a file in the browser directory, the I/O device queries the operation permission list (Table 1), and the plug-ins that can call the operation function of creating a file are Flash.ocx, reader.ocx and music. ocx, the I/O device judges that music.ocx is in it, indicating that music.ocx has the authority to create files.
[0043] It should be understood that the operation permission list shown in Table 1 is only a specific example of the present invention, and the present invention is not limited to this.
[0044] In step S208, the I/O device prohibits the execution of the I/O operation. The I/O device determines that the untrusted plug-in does not have the authority to perform I/O operations, or the I/O operation of the plug-in does not call a unified I/O interface, and the I/O operation is prohibited.
[0045] In step S209, the I/O device performs an I/O operation. The I/O device determines that the untrusted plug-in has the authority to perform I/O operations, or the I/O device finds that the plug-in is a trusted plug-in, and the I/O device performs read/write operations or upload/download operations on local resources .
[0046] The method 200 provided in this embodiment divides plug-ins into trusted plug-ins and untrusted plug-ins. For trusted plug-ins, the I/O device directly executes its I/O operations; for untrusted plug-ins, the I/O device determines according to the operation permission list Whether it has the authority to perform I/O operations, the I/O device performs the I/O operation if it has the authority, otherwise the I/O operation is prohibited. Compared with the method 100, the execution efficiency of the plug-in in the method 200 is further improved.
[0047] Figure 5 A schematic structural diagram of the plug-in manager 300 according to an embodiment of the present invention is shown. Such as Figure 5 As shown, the plug-in manager 300 includes an I/O unit 310, and the plug-in manager 300 is adapted to call the plug-in and import behaviors related to I/O operations into the I/O unit 310. Optionally, the plug-in manager 300 intercepts the behavior involving I/O operations in the called plug-in, and imports the behavior into the I/O device 310.
[0048] The I/O device 310 includes a first I/O operation module 311, and the first I/O operation module 311 is adapted to determine whether the plug-in has the authority to perform I/O operations according to the operation authority list maintained by the I/O device; If the plug-in has the authority to perform I/O operations, the I/O operation is performed; if it is determined that the plug-in does not have the authority to perform I/O operations, the I/O operation is prohibited.
[0049] Further, the plug-in manager 300 is also suitable for determining whether the plug-in is a trusted plug-in or an untrusted plug-in. The first I/O operation module 311 is specifically adapted to process I/O operations of untrusted plug-ins. The I/O device 310 also includes a second I/O operation module 312. The second I/O operation module 312 is adapted to process I/O operations of a trusted plug-in, specifically, suitable for directly executing I/O of the trusted plug-in. operating.
[0050] Optionally, the I/O device 310 provides a unified I/O interface for I/O operations of all plug-ins. The I/O unit 310 further includes: a judgment module 313 and a third I/O operation module 314.
[0051] The judging module 313 is adapted to judge whether the I/O operation call of the plug-in is a unified I/O interface;
[0052] The third I/O operation module 314 is adapted to trigger the first I/O operation module 311 or the second I/O when the judgment module 313 determines that the I/O operation of the plug-in calls a unified I/O interface. The operation module 312 works; when the judgment module 313 determines that the I/O operation of the plug-in does not call a unified I/O interface, the I/O operation is prohibited.
[0053] The above-mentioned trusted plug-in runs in the main thread, the untrusted plug-in runs in the child thread, and the I/O device runs in a separate I/O thread.
[0054] The operation authority list maintained by the I/O unit 310 records the correspondence between the dangerous function and the plug-in that can call the dangerous function, and the dangerous function is a function related to the I/O operation.
[0055] Image 6 It shows a schematic structural diagram of a browser 400 according to an embodiment of the present invention. Such as Image 6 As shown, the browser 400 includes the above-mentioned plug-in manager 300 and plug-ins (trusted plug-ins and untrusted plug-ins), wherein the plug-ins can also be outside the browser and are not limited to Image 6 Shown in.
[0056] The present invention rearranges the I/O structure in the plug-in extension architecture, arranges a separate I/O device in the plug-in manager, and imports the behavior of the I/O operation in the plug-in to the I/O device when the plug-in is called In the I/O device, the I/O device determines whether the plug-in has the permission to perform the I/O operation according to the list of operation permissions it maintains. If it has the permission, the I/O device performs the I/O operation, otherwise it is prohibited to execute the I/O operation. /O operation. The present invention uses the I/O device to control the I/O operation of the plug-in to the local resource, and prevents the hidden safety hazard caused by the plug-in. Moreover, the present invention separates slower I/O operations from other threads for execution by the I/O device, does not affect the running speed of other functions of the plug-in, and improves the execution efficiency of the plug-in.
[0057] The algorithms and displays provided here are not inherently related to any particular computer, virtual system or other equipment. Various general-purpose systems can also be used with the teaching based on this. From the above description, the structure required to construct this type of system is obvious. In addition, the present invention is not directed to any specific programming language. It should be understood that various programming languages can be used to implement the content of the present invention described herein, and the above description of a specific language is to disclose the best embodiment of the present invention.
[0058] In the instructions provided here, a lot of specific details are explained. However, it can be understood that the embodiments of the present invention can be practiced without these specific details. In some instances, well-known methods, structures and technologies are not shown in detail, so as not to obscure the understanding of this specification.
[0059] Similarly, it should be understood that in order to simplify the present disclosure and help understand one or more of the various inventive aspects, in the above description of the exemplary embodiments of the present invention, the various features of the present invention are sometimes grouped together into a single embodiment, Figure, or its description. However, the disclosed method should not be interpreted as reflecting the intention that the claimed invention requires more features than those explicitly stated in each claim. More precisely, as reflected in the following claims, the inventive aspect lies in less than all the features of a single embodiment disclosed previously. Therefore, the claims following the specific embodiment are thus explicitly incorporated into the specific embodiment, wherein each claim itself serves as a separate embodiment of the present invention.
[0060] Those skilled in the art can understand that it is possible to adaptively change the modules in the device in the embodiment and set them in one or more devices different from the embodiment. The modules or units or components in the embodiments can be combined into one module or unit or component, and in addition, they can be divided into multiple sub-modules or sub-units or sub-components. Except that at least some of such features and/or processes or units are mutually exclusive, any combination of all features disclosed in this specification (including the accompanying claims, abstract, and drawings) and any method or method disclosed in this manner can be adopted. All the processes or units of the equipment are combined. Unless expressly stated otherwise, each feature disclosed in this specification (including the accompanying claims, abstract and drawings) may be replaced by an alternative feature providing the same, equivalent or similar purpose.
[0061] In addition, those skilled in the art can understand that although some embodiments described herein include certain features included in other embodiments but not other features, the combination of features of different embodiments means that they are within the scope of the present invention. Within and form different embodiments. For example, in the following claims, any one of the claimed embodiments can be used in any combination.
[0062] The various component embodiments of the present invention may be implemented by hardware, or by software modules running on one or more processors, or by their combination. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) can be used in practice to implement some or all of the functions of some or all of the plug-in manager and browser according to the embodiments of the present invention. The present invention can also be implemented as a device or device program (for example, a computer program and a computer program product) for executing part or all of the methods described herein. Such a program for realizing the present invention may be stored on a computer-readable medium, or may have the form of one or more signals. Such signals can be downloaded from Internet websites, or provided on carrier signals, or provided in any other form.
[0063] It should be noted that the above-mentioned embodiments illustrate rather than limit the present invention, and those skilled in the art can design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses should not be constructed as a limitation to the claims. The word "comprising" does not exclude the presence of elements or steps not listed in the claims. The word "a" or "an" preceding an element does not exclude the presence of multiple such elements. The invention can be implemented by means of hardware comprising several different elements and by means of a suitably programmed computer. In the unit claims enumerating several devices, several of these devices may be embodied in the same hardware item. The use of the words first, second, and third does not indicate any order. These words can be interpreted as names.
