[0032] In order to better understand and explain the present invention, the present invention will be further described in detail with reference to the accompanying drawings.
[0033] The invention provides a method for protecting the safety of a mobile terminal system. Please refer to figure 1 , figure 1 It is a flowchart of a specific implementation of the method for protecting the security of the mobile terminal system according to the present invention. As shown in the figure, the protection method includes the following steps:
[0034] In step S101, when it is detected that the mobile terminal is started for the first time, a mandatory access control label is configured for each file in the mobile terminal, and the integrity check is performed on each file to obtain the initial check value of the file and Store the initial check value;
[0035] In step S102, after the mobile terminal is started, the integrity check is performed on each file according to a preset frequency to obtain the intermediate check value of the file, and the intermediate check value of the file is compared with the file To compare the initial check value;
[0036] In step S103, if the comparison result shows that the intermediate check value of one or more files is different from the initial check value, then it is determined that the one or more files are damaged and the mandatory access control label of the one or more files occurs. change;
[0037] In step S104, the one or more files and their mandatory access control tags are automatically restored.
[0038] Specifically, in step S101, in this embodiment, the mobile terminal is a smart phone or a tablet computer, and the operating system of the smart phone or tablet computer is a Linux system or an Android system supporting SELinux (Security-Enhanced Linux). Among them, SELinux is the United States National Security Agency's implementation of Mandatory Access Control (MAC). Under the SELinux-based access control system, the process in the mobile terminal can only access the files required in its task, thereby achieving process sand box. Those skilled in the art can understand that the mobile terminal protected by the present invention is not limited to the above examples. All mobile terminals that have an operating system installed and the operating system supports a mandatory access control mechanism are included in the scope of the present invention. For the sake of brevity, I will not list them all here.
[0039] When it is detected that the mobile terminal is started for the first time, a mandatory access control label (hereinafter referred to as a MAC label) is configured for each file in the mobile terminal. Correspondingly, each process in the mobile terminal will also be configured with a process tag. At the same time, an access policy is generated. The access policy corresponds the process label of each process to the MAC label of the file required by the process in its task to define that the process can only access the files it needs. File-based MAC tags, process tags and access policies can implement process sandboxes. Among them, configuring the MAC tag for each file in the mobile terminal, configuring the process tag for each process, and generating an access strategy are all technical means familiar to those skilled in the art. For the sake of brevity, details are not repeated here.
[0040] When it is detected that the mobile terminal is started for the first time, in addition to configuring the MAC label for each file, it is also necessary to perform an integrity check on each file to obtain the check value of the file (hereinafter the check value is referred to as the initial Check value), and store the initial check value after the initial check value is obtained. In a preferred embodiment, the MD5 check is used to check the integrity of each file in the mobile terminal to obtain the MD5 value of each file. Those skilled in the art can understand that the MD5 check described above is only a preferred embodiment, and other methods that can implement integrity check are all included in the protection scope of the present invention. After obtaining the initial check value of each file in the mobile terminal, the initial check value is stored and used in the subsequent steps to determine whether the file is damaged. In a specific embodiment, the initial check value of each file is sent to the server for storage. In another specific embodiment, the initial check value of each file can also be directly stored in the mobile terminal. Among them, storing the initial check value of the file in the server can increase the difficulty for others to illegally modify the initial check value.
[0041] After the mobile terminal is started, the processes in the mobile terminal start to run, and each process accesses the corresponding file according to the content of the access strategy during the running process. When a file is damaged, such as a file being replaced or modified, the MAC label of the damaged file will automatically change. Since the MAC label of the file is changed and the MAC label of the file in the access policy is no longer consistent, therefore, the process that can access the file will not be able to access the file, which can prevent the process from accessing the damaged file. The possible harm. It should be noted that the automatic change of the MAC label after the file is damaged is a mechanism of mandatory access control, but there is no mechanism for mandatory access control to notify the mobile of the change of the MAC label after the file’s MAC label is automatically changed. The operating system of the terminal, therefore, the operating system of the mobile terminal does not know that the file has been damaged, nor does it know that the MAC label of the file has changed.
[0042] In step S102, after the mobile terminal is started, the integrity check is performed on each file in the mobile terminal according to a preset frequency. Wherein, the integrity check is the same as the integrity check of the file when the mobile terminal is started for the first time in step S101. For example, when the mobile terminal is started for the first time, the file is checked by MD5. The preset frequency still performs MD5 verification on each file in the mobile terminal. In a preferred embodiment, the preset frequency is set according to the system security level of the mobile terminal, wherein the level of the preset frequency is proportional to the level of system security of the mobile terminal. That is to say, if the system security level of the mobile terminal is higher, the frequency of integrity verification of each file in the mobile terminal will be higher after the mobile terminal is started. On the contrary, if the system security level of the mobile terminal is lower, then After the mobile terminal is started, the frequency of integrity verification of each file in the mobile terminal will be lower. For example, when the system security level of the mobile terminal is high, the file integrity check is performed every 30 seconds, and when the system security level of the mobile terminal is low, the file integrity check is performed every 5 minutes. It should be noted that the above examples are only illustrative, and the preset frequencies corresponding to different system security levels of the mobile terminal need to be determined according to specific requirements in the actual design.
[0043] After the mobile terminal is started, every time the integrity check is performed on each file in the mobile terminal, the check value of each file (hereinafter referred to as the intermediate check value) will be obtained. After obtaining the intermediate check value of each file, the mobile terminal downloads the initial check value of each file from the server, and compares the intermediate check value with the initial check value for each file.
[0044] In step S103, if the comparison result shows that the intermediate check value of one or more files in all files in the mobile terminal is different from the initial check value, then it is determined that the one or more files are damaged. Based on the mechanism that the MAC label of the file is automatically changed after the file is damaged, it can be determined that the MAC label of the one or more files has changed while judging that the one or more files are damaged.
[0045] In step S104, when it is determined that one or more files in the mobile terminal are damaged, the one or more files and their MAC tags are automatically restored. Specifically, please refer to figure 2 , As shown in the figure, the steps of automatically recovering one or more damaged files and their MAC tags further include:
[0046] In step S1041, automatically send a restoration request for the one or more files to the server;
[0047] In step S1042, the server sends the backup file and the backup MAC tag of the one or more files to the mobile terminal according to the restore request;
[0048] In step S1043, use the backup file to restore the one or more files, and use the backup MAC tag to restore the MAC tags of the one or more files.
[0049] Steps S1041 to S1043 will be described in detail below.
[0050] In step S1041, when it is determined that one or more files in the mobile terminal are damaged, the mobile terminal automatically sends a restoration request to the server, requesting restoration of the one or more files.
[0051] In step S1042, the server pre-stores the backups of all files in the mobile terminal and their MAC tags. When the server receives the recovery request from the mobile terminal, it will restore the corresponding one or more files and the backup file according to the recovery request. The backup MAC tags of one or more files are sent to the mobile terminal. It should be noted that, in a specific embodiment, the server generates the MAC label of each file in the mobile terminal according to predetermined rules and stores it as a backup MAC label. When the mobile terminal is started for the first time, the mobile terminal uses the same as the server The MAC label is configured for each file; in another specific embodiment, the MAC label of each file in the mobile terminal is configured when the mobile terminal first starts, and the MAC label of each file is sent to the server for storage As a backup MAC tag. Among them, the advantage of storing the backup of the file and its MAC label on the server in advance is that if an illegal user wants the file in the mobile terminal to be damaged and cannot be restored, in addition to destroying the file in the mobile terminal, the backup file must be destroyed at the same time. , Backing up the files in the mobile terminal and their MAC tags on the server side can greatly increase the difficulty for illegal users to damage the files.
[0052] In step S1043, after receiving the backup of the one or more files and their MAC tags sent by the server, the mobile terminal first uses the backup file to restore the file for each damaged file, and then uses the backup MAC The label restores the MAC label of the file. When the damaged file and its MAC label are successfully restored, the process corresponding to the file can continue to access the file.
[0053] It should be noted that although the operations of the method of the present invention are described in a specific order in the drawings, this does not require or imply that these operations must be performed in the specific order, or that all the operations shown must be performed to achieve the desired the result of. Conversely, the steps depicted in the flowchart can change the order of execution. Additionally or alternatively, some steps may be omitted, multiple steps may be combined into one step for execution, and/or one step may be decomposed into multiple steps for execution.
[0054] Correspondingly, the present invention also provides a safety protection device for the mobile terminal system. Please refer to image 3 , image 3 It is a schematic structural diagram of a specific implementation of the mobile terminal system security protection device according to the present invention. As shown in the figure, the protection device 20 includes an initialization module 210, a comparison module 220, a judgment module 230, and an automatic recovery module 240, wherein:
[0055] The initialization module 210 includes a configuration verification unit 2101 and a storage unit 2102;
[0056] The configuration verification unit 2101 is used to detect that when the mobile terminal is started for the first time, a mandatory access control label is configured for each file in the mobile terminal, and the integrity check of each file is performed to obtain the initial calibration of the file. Test value
[0057] The storage unit 2102 is used to store the initial check value
[0058] The comparison module 220 is configured to perform the integrity check on each file at a preset frequency after the mobile terminal is started to obtain the intermediate check value of the file and compare the intermediate check value of the file with The initial check value of the file is compared;
[0059] The judgment module 230 is used for judging that the one or more files are damaged and the mandatory access control of the one or more files if the comparison result shows that the intermediate check value of one or more files is different from the initial check value The label has changed;
[0060] The automatic recovery module 240 is configured to automatically recover the one or more files and their mandatory access control tags.
[0061] In the following, the specific working process of the above-mentioned modules will be described in detail.
[0062] Specifically, in this embodiment, the mobile terminal is a smart phone or a tablet computer, and the operating system of the smart phone or tablet computer is a Linux system or an Android system supporting SELinux (Security-Enhanced Linux). Among them, SELinux is the United States National Security Agency's implementation of Mandatory Access Control (MAC). Under the SELinux-based access control system, the process in the mobile terminal can only access the files required in its task, thereby achieving process sand box. Those skilled in the art can understand that the mobile terminal protected by the present invention is not limited to the above examples. All mobile terminals that have an operating system installed and the operating system supports a mandatory access control mechanism are included in the scope of the present invention. For the sake of brevity, I will not list them all here.
[0063] When the configuration verification unit 2101 detects that the mobile terminal is started for the first time, it configures a mandatory access control label (hereinafter referred to as a MAC label) for each file in the mobile terminal. Correspondingly, the configuration verification unit 2101 configures a process label for each process in the mobile terminal. At the same time, the configuration verification unit 2101 generates an access policy. The access policy corresponds the process label of each process to the MAC label of the file required by the process in its task to define that the process can only access what it needs document. File-based MAC tags, process tags and access policies can implement process sandboxes. Among them, the configuration verification unit 2101 configures the MAC label for each file in the mobile terminal, configures the process label for each process, and generates the access policy. All technical means are familiar to those skilled in the art. For the sake of brevity, it will not be omitted here. Go into details.
[0064] When the configuration verification unit 2101 detects that the mobile terminal is started for the first time, in addition to configuring the MAC label for each file, it also needs to perform an integrity check on each file to obtain the check value of the file (this The value is called the initial check value). In a preferred embodiment, the configuration verification unit 2101 uses MD5 verification to perform integrity verification on each file in the mobile terminal to obtain the MD5 value of each file. Those skilled in the art can understand that the MD5 check described above is only a preferred embodiment, and other methods that can implement integrity check are all included in the protection scope of the present invention. After the configuration verification unit 2101 obtains the initial verification value of each file in the mobile terminal, the initial verification value is sent to the storage unit 2102 for storage, and is used in the subsequent steps to determine whether the file is damaged. In a specific embodiment, the configuration verification unit 2101 is provided in the mobile terminal, and the storage unit 2102 is provided in the server. That is, the configuration verification unit 2101 obtains the initial verification value of each file and sends it to the storage unit 2102 via the network for storage. . In another specific embodiment, the configuration verification unit 2101 and the storage unit 2102 are both provided in the mobile terminal, that is, the initial verification value of each file is stored in the mobile terminal. Among them, storing the initial check value of the file in the server can increase the difficulty for others to illegally modify the initial check value.
[0065] After the mobile terminal is started, the processes in the mobile terminal start to run, and each process accesses the corresponding file according to the content of the access strategy during the running process. When a file is damaged, such as a file being replaced or modified, the MAC label of the damaged file will automatically change. Since the MAC label of the file is changed and the MAC label of the file in the access policy is no longer consistent, therefore, the process that can access the file will not be able to access the file, which can prevent the process from accessing the damaged file. The possible harm. It should be noted that the automatic change of the MAC label after the file is damaged is a mechanism of mandatory access control, but there is no mechanism for mandatory access control to notify the mobile of the change of the MAC label after the file’s MAC label is automatically changed. The operating system of the terminal, therefore, the operating system of the mobile terminal does not know that the file has been damaged, nor does it know that the MAC label of the file has changed.
[0066] After the mobile terminal is started, the comparison module 220 performs an integrity check on each file in the mobile terminal according to a preset frequency. The integrity check used by the comparison module 220 is the same as the integrity check used by the configuration check unit 2101 when the mobile terminal is started for the first time. For example, when the mobile terminal is started for the first time, the check unit 2101 is configured to perform MD5 check on the file. , Then after the mobile terminal is started, the comparison module 220 still performs MD5 verification on each file in the mobile terminal according to the preset frequency. In a preferred embodiment, the protection device 20 provided by the present invention further includes a setting module (not shown) for setting the preset frequency according to the system security level of the mobile terminal, wherein the preset frequency Suppose the frequency is proportional to the security of the mobile terminal system. That is to say, if the system security level of the mobile terminal is higher, the frequency of integrity verification of each file in the mobile terminal will be higher after the mobile terminal is started. On the contrary, if the system security level of the mobile terminal is lower, then After the mobile terminal is started, the frequency of integrity verification of each file in the mobile terminal will be lower. For example, when the system security level of the mobile terminal is high, the comparison module 220 performs integrity verification on the file every 30 seconds, and when the system security level of the mobile terminal is low, the comparison module 220 performs integrity verification on the file every 5 minutes. Sexual verification. It should be noted that the above examples are only illustrative, and the preset frequencies corresponding to different system security levels of the mobile terminal need to be determined by the setting module according to specific requirements in the actual design.
[0067] After the mobile terminal is started, the comparison module 220 will obtain the check value of each file (hereinafter referred to as the intermediate check value) every time the integrity check of each file in the mobile terminal is performed. After the comparison module 220 obtains the intermediate check value of each file, the comparison module 220 downloads the initial check value of each file from the server side, and compares the intermediate check value with the initial check value for each file.
[0068] If the comparison result shows that the intermediate check value of one or more files among all the files in the mobile terminal is different from the initial check value, the judgment module 230 judges that the one or more files are damaged. Based on the mechanism that the MAC label of the file is automatically changed after the file is damaged, the judging module 230 can judge that the MAC label of the one or more files has changed while judging that the one or more files are damaged.
[0069] When the determining module 230 determines that one or more files in the mobile terminal are damaged, the automatic recovery module 240 automatically restores the one or more files and their MAC tags. Specifically, please refer to Figure 4 As shown in the figure, the automatic recovery module 240 further includes a request unit 2401, a backup unit 2402, and a recovery unit 2403. The request unit 2401 and the recovery unit 2403 are provided in the mobile terminal, and the backup unit 2402 is provided in the server, where:
[0070] The request unit 2401 is used for the judgment module 230 to determine that the one or more files are damaged and the MAC tags of the one or more files are changed automatically to the server to send information about the one or more files Recovery request;
[0071] The backup unit 2402 is used for pre-storing the backup file of each file in the mobile terminal and the backup MAC tag of each file, and used for the backup file and backup of the one or more files according to the restore request Sending the MAC label to the mobile terminal;
[0072] The restoration unit 2403 is used to restore the one or more files using the backup file, and used to restore the MAC tags of the one or more files using the backup MAC tag.
[0073] The working processes of the request unit 2401, the backup unit 2402, and the restoration unit 2403 will be described in detail below.
[0074] When the judgment module 230 judges that one or more files in the mobile terminal are damaged, the request unit 2401 automatically sends a restoration request to the server, requesting restoration of the one or more files. The backup unit 2402 in the server pre-stores the backups of all files and their MAC tags in the mobile terminal. When the backup unit 2402 receives the restore request from the request unit 2401, the backup unit 2402 saves the corresponding one or more files according to the restore request. The backup file and the backup MAC tag of the one or more files are sent to the mobile terminal. It should be noted that, in a specific embodiment, the backup unit 2402 generates the MAC label of each file in the mobile terminal according to predetermined rules and stores it as a backup MAC label. When the mobile terminal is started for the first time, the configuration verification unit 2101 adopts and The backup unit 2402 configures the MAC tag for each file according to the same predetermined rules; in another specific embodiment, the proofreading unit 2101 configures the MAC tag for each file in the mobile terminal when the mobile terminal is started for the first time. The MAC tag is sent to the backup unit 2402 for storage as a backup MAC tag. Among them, the advantage of storing the backup of the file and its MAC label on the server in advance is that if an illegal user wants the file in the mobile terminal to be damaged and cannot be restored, in addition to destroying the file in the mobile terminal, the backup file must be destroyed at the same time. , Backing up the files in the mobile terminal and their MAC tags on the server side can greatly increase the difficulty for illegal users to damage the files.
[0075] After the restoration unit 2403 receives the backup of the one or more files and their MAC tags sent by the backup unit 2402, for each damaged file, the restoration unit 2403 first uses the backup file to restore the file, and then uses the backup The MAC label restores the MAC label of the file. When the damaged file and its MAC label are successfully restored, the process corresponding to the file can continue to access the file.
[0076] Please refer to Figure 5 , Figure 5 It is a schematic structural diagram of a mobile terminal that can implement the method for protecting the security of the mobile terminal system provided by the present invention. Figure 5 Schematically shows the common structure of the mobile terminal, refer to Figure 5 The internal components, software and protocol structure of common mobile terminals are explained.
[0077] The mobile terminal has a processor 510, which is responsible for the overall operation of the mobile terminal, and can be implemented using any commercially available central processing unit, digital signal processor or any other electronic programmable logic device. The processor 510 has an associated memory 520, which includes but is not limited to RAM memory, ROM memory, EEPROM memory, flash memory, or a combination thereof. The memory 520 is controlled by the processor 500 for various purposes, one of which is to store program instructions and data for various software in the mobile terminal.
[0078] The software level of the mobile terminal includes a real-time operating system 540, a driver for the man-machine interface 560, an application processor 550, and various applications. The applications are, for example, a text editor 551, a handwriting recognition application 552, and various other multimedia applications 553. Typically, the other multimedia applications include applications such as voice call applications, video call applications, sending and receiving short message service (SMS) message applications, Multimedia Messaging Service (MMS) application or email application, web browser, instant messaging application, phone book application, calendar application, control panel application, camera application, one or more video games, notepad application, etc. It should be noted that two or more of the above-mentioned applications can be executed as the same application.
[0079] The mobile terminal also includes one or more hardware controllers, which are used to communicate with the display device 561, physical buttons 562, microphone 563, and various other I/O devices (such as speakers, vibrators, The bell generator, LED indicator, etc.) cooperate to realize the human-computer interaction of the mobile terminal. Those skilled in the art should understand that the user can operate the mobile terminal through the man-machine interface 560 formed in this way.
[0080] The software level of the mobile terminal can also include various modules, protocol stacks, drivers, and other communication-related logic, which can be summarized as Figure 5 The communication interface 570 shown in is used to provide communication services (such as transmission, network, and connectivity) for the radio frequency interface 571 and optionally the Bluetooth interface 572 and/or the infrared interface 573 to realize the network of the mobile terminal Connectivity. The radio frequency interface 571 includes internal or external antennas and appropriate radio circuits for establishing and maintaining a wireless link to the base station. As known to those skilled in the art, the radio circuit includes a series of analog and digital electronic components, which together form a radio receiver and transmitter. These components include, for example, band-pass filters, amplifiers, mixers, local oscillators, low-pass filters, AD/DA converters, and so on.
[0081] The mobile communication terminal may also include a card reader 530. The card reader 530 usually includes a processor and a data memory, etc., used to read the information of the SIM card and use it as a basis for accessing the operator provided by the cooperative radio frequency interface 517. The internet.
[0082] The mobile terminal system security protection method provided by the present invention can be implemented using programmable logic devices, or can be implemented as computer program software. For example, according to the embodiment of the present invention, it can be a computer program product, and running the program product makes the computer execute Used in the method demonstrated. The computer program product includes a computer-readable storage medium, which contains computer program logic or code parts, for implementing each step of the above method. The computer-readable storage medium may be a built-in medium installed in the computer or a removable medium that can be detached from the computer main body (for example, a hot-plug technology storage device). The built-in medium includes but is not limited to rewritable non-volatile memory, such as RAM, ROM, flash memory, and hard disk. The removable media includes, but is not limited to: optical storage media (such as CD-ROM and DVD), magneto-optical storage media (such as MO), magnetic storage media (such as cassettes or mobile hard disks), non-volatile storage media with built-in rewritable Volatile memory media (such as memory cards) and media with built-in ROM (such as ROM cartridges).
[0083] Those skilled in the art should understand that any computer system with a suitable programming device will be able to execute the steps of the method of the present invention contained in the program product. Although most of the specific implementations described in this specification focus on software programs, alternative embodiments that implement the method provided by the present invention as firmware and hardware are also within the scope of the present invention.
[0084] For those skilled in the art, it is obvious that the present invention is not limited to the details of the foregoing exemplary embodiments, and the present invention can be implemented in other specific forms without departing from the spirit or basic characteristics of the present invention. Therefore, from any point of view, the embodiments should be regarded as exemplary and non-limiting. The scope of the present invention is defined by the appended claims rather than the foregoing description, and therefore it is intended to fall within the claims. All changes within the meaning and scope of the equivalent elements of are included in the present invention. Any reference signs in the claims should not be regarded as limiting the claims involved. In addition, it is obvious that the word "comprising" does not exclude other components, units or steps, and the singular does not exclude the plural. Multiple components, units or devices stated in the system claims can also be realized by one component, unit or device through software or hardware.
[0085] The mobile terminal system security protection method and device provided by the present invention uses a mandatory access control label mechanism to implement a process sandbox on the one hand, so that each process can only access the file in its task. When the file is damaged, the file is mandatory The access control label will be changed, so that the process corresponding to the file can no longer access the file, thus ensuring that the process corresponding to the file will not be damaged after the file is damaged. On the other hand, the process corresponding to the file will not be damaged. The file in the mobile terminal is checked for integrity to find out whether the file is damaged. Once the file is found to be damaged, the damaged file and the mandatory access control label of the file are automatically restored to make the file corresponding to the file. The process can re-access the file. In this way, compared with the traditional way of using security applications to protect the security of the mobile terminal system, the present invention can detect damaged files in the mobile terminal in time and automatically restore the damaged files in time. It fundamentally solves the system security problem of the mobile terminal, greatly improves the security of the mobile terminal system, and greatly reduces the damage that may occur after the mobile terminal system is damaged. In addition, since the detection and recovery of damaged files are automatic, there is no need for the user of the mobile terminal to manually recover the files, so the user experience is good.
[0086] The above-disclosed are only some preferred embodiments of the present invention, which of course cannot be used to limit the scope of rights of the present invention. Therefore, equivalent changes made in accordance with the claims of the present invention still fall within the scope of the present invention.