Sensitive operation blocking method, device, apparatus, storage medium and computer program product
By intercepting remote desktop input information in real time and rewriting keyboard key events, sensitive operations are blocked, solving the problems of high cost and maintenance difficulty of monitoring software in virtual machines, and achieving efficient protection against sensitive operations.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- BEIJING HONGTENG INTELLIGENT TECH CO LTD
- Filing Date
- 2024-12-10
- Publication Date
- 2026-06-12
AI Technical Summary
Existing technologies that use monitoring software installed in virtual machines to detect and block sensitive operations are costly and difficult to maintain.
It acquires user operation information based on remote desktop input in real time, and when a sensitive operation detection command is detected, it rewrites keyboard key events according to preset sensitive operation blocking rules to block sensitive commands.
It reduces the complexity and cost of system operation and maintenance, enhances the system's protection capabilities, and prevents potential security threats.
Smart Images
Figure CN122195571A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of data security technology, and in particular to methods, apparatus, devices, storage media and computer program products for blocking sensitive operations. Background Technology
[0002] With the rapid development of cloud computing technology, web-based remote desktop services are becoming increasingly popular. Through the remote desktop functionality provided by web browsers, users can enjoy a flexible and efficient operating experience. As a JavaScript implementation of the RFB (Remote Frame Buffer) protocol, js-rfb, with its lightweight and efficient features, allows developers to easily integrate remote desktop functionality into web projects.
[0003] In practical applications, due to the need for security auditing, when security personnel conduct penetration tests, users performing sensitive operations (such as deleting files) on remote desktops may pose serious security risks. Currently, monitoring software can be installed in virtual machines to detect and block users from performing sensitive operations. However, blocking sensitive operations through this method is not only costly but also increases the complexity and maintenance difficulty of the system. Summary of the Invention
[0004] The main objective of this application is to provide a method, apparatus, device, storage medium, and computer program product for blocking sensitive operations, aiming to solve the technical problems of high cost and difficult maintenance in the prior art of detecting and blocking sensitive operations by installing monitoring software in a virtual machine.
[0005] To achieve the above objectives, this application proposes a sensitive operation blocking method, the method comprising:
[0006] Real-time acquisition of user operation information based on remote desktop input;
[0007] When a sensitive operation detection command is detected, it is determined whether there is a sensitive command in the user operation information;
[0008] If it exists, the sensitive command is blocked based on the preset sensitive operation blocking rules, which are obtained by rewriting the keyboard key event sending method.
[0009] In one embodiment, the step of acquiring user operation information based on remote desktop input in real time includes:
[0010] Real-time acquisition of keyboard key release events triggered by the user via remote desktop;
[0011] The user operation information input by the user based on the remote desktop is determined based on the keyboard key release event.
[0012] In one embodiment, the step of determining the user operation information input by the user based on the remote desktop according to the keyboard key release event includes:
[0013] The target key pressed by the user in the remote desktop is determined based on the keyboard key release event.
[0014] The user operation information input by the user is determined based on the target key.
[0015] In one embodiment, before the step of determining the user operation information input by the user based on the target key, the method further includes:
[0016] The target key value corresponding to the target key is stored in the keyboard input information storage variable, which is a variable used to store the user's input information on the keyboard;
[0017] The step of determining the user operation information input by the user based on the target key includes:
[0018] The target key value corresponding to the target key is read from the keyboard input information storage variable in real time.
[0019] Based on the target key value, determine whether the target key is a tab key or a space key;
[0020] If so, the target key is stored as a space in the keyboard input information storage variable to update the keyboard input information storage variable;
[0021] The user operation information input by the user is obtained based on the updated keyboard input information storage variables.
[0022] In one embodiment, the step of determining whether a sensitive command exists in the user operation information when a sensitive operation detection instruction is detected includes:
[0023] When a sensitive operation detection command is detected, the delimiter character in the user operation information is obtained;
[0024] Based on the segmentation character, the string stored in the updated keyboard input information storage variable is segmented to obtain several user operation characters;
[0025] Based on the user operation characters, determine whether there are sensitive commands in the user operation information.
[0026] In one embodiment, the step of determining whether a sensitive command exists in the user operation information based on the user operation characters includes:
[0027] The user operation characters are matched with all sensitive commands in a preset set of sensitive commands;
[0028] If a match is found, it is determined that there are sensitive commands in the user operation information.
[0029] In one embodiment, the step of blocking the sensitive command based on a preset sensitive operation blocking rule if it exists includes:
[0030] If it exists, output a prompt message indicating that a sensitive operation has been performed;
[0031] Receive the sensitive operation execution instruction generated by the user based on the sensitive operation execution prompt information;
[0032] If the sensitive operation execution instruction is to cancel execution, the sensitive command is cleared based on the preset sensitive operation blocking rules to block the sensitive command.
[0033] In one embodiment, after the step of receiving the sensitive operation execution instruction generated by the user based on the sensitive operation execution prompt information, the method further includes:
[0034] If the sensitive operation execution instruction is confirmed, then the sensitive command will continue to be executed.
[0035] In one embodiment, before the step of obtaining the user operation information input by the user based on the updated keyboard input information storage variable, the method further includes:
[0036] Determine whether the input character corresponding to the target key is an uppercase letter;
[0037] If so, the uppercase letters are converted to lowercase letters using a preset character conversion function, and the stored variables of the keyboard input information are updated.
[0038] In one embodiment, before the step of determining whether a sensitive command exists in the user operation information when a sensitive operation detection command is detected, the method further includes:
[0039] Determine whether the user operation information contains an Enter key;
[0040] If present, a sensitive operation detection command is triggered based on the Enter key press.
[0041] Furthermore, to achieve the above objectives, this application also proposes a sensitive operation blocking device, the device comprising:
[0042] The operation information acquisition module is used to acquire user operation information based on remote desktop input in real time;
[0043] The sensitive command determination module is used to determine whether there is a sensitive command in the user operation information when a sensitive operation detection command is detected.
[0044] A sensitive operation blocking module is used to block the sensitive command based on a preset sensitive operation blocking rule if it exists. The preset sensitive operation blocking rule is obtained by rewriting the keyboard key event sending method.
[0045] In one embodiment, the operation information acquisition module is further configured to acquire keyboard key release events triggered by the user based on the remote desktop in real time; and determine the user operation information input by the user based on the remote desktop according to the keyboard key release events.
[0046] In one embodiment, the operation information acquisition module is further configured to determine the target key pressed by the user in the remote desktop based on the keyboard key release event; and to determine the user operation information input by the user based on the target key.
[0047] In one embodiment, the operation information acquisition module is further configured to store the target key value corresponding to the target key in a keyboard input information storage variable, wherein the keyboard input information storage variable is a variable used to store user input information on the keyboard; read the target key value corresponding to the target key from the keyboard input information storage variable in real time; determine whether the target key is a tab key or a space key based on the target key value; if so, store the target key as a space in the keyboard input information storage variable to update the keyboard input information storage variable; and acquire the user operation information input by the user based on the updated keyboard input information storage variable.
[0048] In one embodiment, the sensitive command determination module is further configured to, when a sensitive operation detection command is detected, obtain the segmentation character in the user operation information; segment the string stored in the updated keyboard input information storage variable based on the segmentation character to obtain several user operation characters; and determine whether a sensitive command exists in the user operation information based on the user operation characters.
[0049] In one embodiment, the sensitive command determination module is further configured to match the user operation characters with all sensitive commands in a preset sensitive command set; if the match is successful, it is determined that there is a sensitive command in the user operation information.
[0050] In one embodiment, the sensitive operation blocking module is further configured to: output a sensitive operation execution prompt if it exists; receive a sensitive operation execution instruction generated by the user based on the sensitive operation execution prompt; and if the sensitive operation execution instruction is to cancel execution, clear the sensitive command based on a preset sensitive operation blocking rule to block the sensitive command.
[0051] In addition, to achieve the above objectives, this application also proposes a sensitive operation blocking device, the device comprising: a memory, a processor, and a computer program stored in the memory and executable on the processor, the computer program being configured to implement the steps of the sensitive operation blocking method as described above.
[0052] In addition, to achieve the above objectives, this application also proposes a storage medium, which is a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, it implements the steps of the sensitive operation blocking method described above.
[0053] In addition, to achieve the above objectives, this application also provides a computer program product, which includes a computer program that, when executed by a processor, implements the steps of the sensitive operation blocking method described above.
[0054] This application provides a method for blocking sensitive operations. It discloses a method for real-time acquisition of user operation information input via remote desktop; upon detecting a sensitive operation detection command, determining whether a sensitive command exists in the user operation information; and if so, blocking the sensitive command based on preset sensitive operation blocking rules, which are obtained by rewriting the keyboard key event sending method. Because this invention can block sensitive commands in user-input operation information based on rules obtained by rewriting the keyboard key event sending method, it solves the technical problems of high cost and maintenance difficulty in the prior art of detecting and blocking sensitive operations by installing monitoring software in a virtual machine. Attached Figure Description
[0055] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this application and, together with the description, serve to explain the principles of this application.
[0056] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, for those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0057] Figure 1 This is a flowchart illustrating an embodiment of the sensitive operation blocking method of this application.
[0058] Figure 2 This is a code example diagram of the method for overriding the keyboard key event sending method in the sensitive operation blocking method of this application;
[0059] Figure 3 This is a code example diagram illustrating the sensitive command blocking method in the sensitive operation blocking method of this application;
[0060] Figure 4 This is a flowchart illustrating Embodiment 2 of the sensitive operation blocking method of this application;
[0061] Figure 5 This is a code example diagram of sensitive command detection in the sensitive operation blocking method of this application;
[0062] Figure 6 This is a flowchart illustrating Embodiment 3 of the sensitive operation blocking method of this application;
[0063] Figure 7 This is a schematic diagram of the module structure of the sensitive operation blocking device according to an embodiment of this application;
[0064] Figure 8 This is a schematic diagram of the device structure of the hardware operating environment involved in the sensitive operation blocking method in the embodiments of this application.
[0065] The purpose, features, and advantages of this application will be further explained in conjunction with the embodiments and with reference to the accompanying drawings. Detailed Implementation
[0066] It should be understood that the specific embodiments described herein are merely illustrative of the technical solutions of this application and are not intended to limit this application.
[0067] To better understand the technical solution of this application, a detailed description will be provided below in conjunction with the accompanying drawings and specific implementation methods.
[0068] The main solution of this application embodiment is: to acquire user operation information input by the user based on the remote desktop in real time; when a sensitive operation detection instruction is detected, to determine whether there is a sensitive command in the user operation information; if there is, to block the sensitive command based on a preset sensitive operation blocking rule, wherein the preset sensitive operation blocking rule is obtained by rewriting the keyboard key event sending method.
[0069] Because existing technologies that use monitoring software installed in virtual machines to detect and prevent users from performing sensitive operations are costly and increase system complexity and maintenance difficulty.
[0070] This application provides a solution that can block sensitive commands when they exist in the user's input operation information, based on rules obtained by rewriting the keyboard key event sending method. This solves the technical problems of high cost and difficult maintenance in the prior art of detecting and blocking sensitive operations by installing monitoring software in a virtual machine.
[0071] It should be noted that the executing entity in this embodiment can be a computing service device with data processing, network communication, and program execution functions, such as a tablet computer, personal computer, or mobile phone, or an electronic device or sensitive operation blocking device capable of performing the above functions. The following description uses a sensitive operation blocking device (hereinafter referred to as the device) as an example to illustrate this embodiment and the subsequent embodiments.
[0072] Based on this, embodiments of this application provide a method for blocking sensitive operations, referring to... Figure 1 , Figure 1 This is a flowchart illustrating the first embodiment of the sensitive operation blocking method of this application.
[0073] In this embodiment, the sensitive operation blocking method includes steps S10 to S30:
[0074] Step S10: Acquire user operation information based on remote desktop input in real time.
[0075] It should be understood that a remote desktop can be a desktop interface that allows users to remotely access and control another computer over a network; the aforementioned user operation information can be data generated when the user performs operations on the remote desktop, and these operations can include, but are not limited to, keyboard input, mouse operation, and touch screen operation.
[0076] In practical applications, with the popularization of web-based remote desktop services, remote desktop functionality can now be provided through web browsers, allowing users to perform corresponding operations on the remote desktop. At this time, the device can obtain the corresponding user operation information based on the user's operation.
[0077] Step S20: When a sensitive operation detection instruction is detected, determine whether there is a sensitive command in the user operation information.
[0078] It should be noted that the aforementioned sensitive operation detection instruction can be an instruction used to instruct the device to detect whether the operation performed by the user in the remote desktop is a sensitive operation. Sensitive operations may include deleting files, uninstalling software, modifying network settings, etc., and this embodiment does not limit this.
[0079] It should be noted that the aforementioned sensitive commands can be commands corresponding to sensitive operations performed by the user, such as the del and rd commands in Windows systems, and the rm, dd, and rmdir commands in Linux systems. This embodiment does not impose any restrictions on this.
[0080] In this embodiment, when the device detects a sensitive operation detection command, it can intercept and detect keyboard events in the browser to identify the operation information corresponding to the user's operation in real time, and determine whether there are sensitive commands (such as delete commands) in these operation information.
[0081] Step S30: If it exists, the sensitive command is blocked based on the preset sensitive operation blocking rule, which is obtained by rewriting the keyboard key event sending method.
[0082] It should be noted that the aforementioned preset sensitive operation blocking rules can be rules used to block sensitive operations performed by the user. The aforementioned keyboard key event sending method can be a method in rfb.js used to send keyboard key events to the remote desktop, such as the sendKey method. This method allows the simulation of the user pressing and releasing keys on the keyboard, thereby enabling interaction with applications on the remote desktop. rfb.js is a JavaScript-based front-end library used to implement the RFB protocol.
[0083] In its implementation, content input and transmission in rfb.js are handled through the built-in sendKey method. This embodiment allows for the rewriting of the example code for the sendKey method to obtain preset sensitive operation blocking rules. These rules can then be used to detect and block sensitive operations performed by the user on the remote desktop, thereby enhancing remote desktop security. (See reference...) Figure 2 , Figure 2 This is a code example diagram of the method for overriding the keyboard key event sending method in the sensitive operation blocking method of this application. Figure 2 The first line of code saves the original `sendKey` method to the variable `originalSendKey`. The second line of code overrides the `sendKey` method, allowing for the execution and blocking of user input. In the `function`, the first parameter `keysym` represents the input character, such as `abc`, `123`, etc.; the second parameter `code` represents the input shortcut key, such as `delete`, `Tab`, etc.; and the third parameter `down` represents the key state, where `true` indicates a key is pressed and `false` indicates a key is released.
[0084] It should be noted that this solution can be run directly in a web browser, eliminating the need for cumbersome installation and configuration steps and allowing developers to quickly integrate remote desktop functionality into existing projects. Furthermore, this solution supports backend configuration, allowing administrators to quickly add, modify, or delete sensitive shortcuts that need to be blocked through a simple interface, adapting to ever-changing security requirements. Since no additional monitoring software needs to be installed and maintained, this reduces the complexity and cost of system operation and maintenance.
[0085] Further, step S30 includes:
[0086] Step S301: If it exists, output a sensitive operation execution prompt message.
[0087] It should be noted that the aforementioned sensitive operation execution prompt information can be a prompt displayed to the user when the user performs a sensitive operation. In this embodiment, if the device detects that the user is performing a file deletion operation, it can display the prompt information "A dangerous command operation may be detected. Please confirm whether to continue?" on the user's interface.
[0088] Step S302: Receive the sensitive operation execution instruction generated by the user based on the sensitive operation execution prompt information.
[0089] It is understood that the aforementioned sensitive operation execution instruction can be an instruction used to indicate whether the user should continue executing the sensitive operation. In this embodiment, the sensitive operation execution instruction can include confirm execution and cancel execution, where confirm execution indicates that the user chooses to continue executing the sensitive operation, and cancel execution indicates that the user cancels the execution of the sensitive operation. In practical applications, when the device displays a prompt message on the user's interface stating "It has been detected that you may be executing a dangerous command operation. Please confirm whether to continue?", the user can choose whether to continue executing the dangerous command operation based on this prompt message, thereby generating a sensitive operation execution instruction.
[0090] Step S303: If the sensitive operation execution instruction is to cancel execution, then the sensitive command is cleared based on the preset sensitive operation blocking rule to block the sensitive command.
[0091] It should be noted that if the sensitive operation execution command is to cancel execution, it means that the user cancels the execution of the sensitive operation. At this time, the device can clear the corresponding sensitive command based on the preset sensitive operation blocking rules, thereby blocking the execution of the sensitive command and ensuring system security.
[0092] Furthermore, after step S302, the method further includes: if the sensitive operation execution instruction is confirmed to be executed, then the sensitive command continues to be executed.
[0093] It should be understood that if the sensitive operation execution instruction is confirmed, it means that the user has chosen to continue executing the sensitive operation, and the device can continue to execute the sensitive command in the user's operation.
[0094] It should be noted that when performing sensitive operations, this solution can provide real-time feedback to the user and offer them a choice, thereby enhancing the system's protection capabilities and preventing potential security threats.
[0095] In practical implementation, once a user is detected performing a sensitive operation, the system can immediately take measures to block it. For example, it can protect the system from potential harm through security measures such as displaying warning boxes and logging. Specifically, refer to... Figure 3 , Figure 3 This is a code example diagram illustrating the sensitive command blocking method in this application's sensitive operation blocking approach. For example... Figure 3 As shown, when a user is detected performing a sensitive operation by the preset sensitive operation blocking rules, a warning box can pop up saying "A dangerous command operation may have been detected. Please confirm whether to continue?" to prompt the user to continue the operation, and appropriate action can be taken based on the user's choice. For example, if the user presses Enter on the keyboard, the sensitive command input can be cleared. That is, when the system detects that code == 'Enter', the contents stored in the variable commandHistory can be cleared, where commandHistory is a variable used to store user input. Alternatively, the user can choose to continue executing the sensitive command.
[0096] This embodiment provides a method for blocking sensitive operations. The method discloses real-time acquisition of user operation information input via remote desktop. When a sensitive operation detection command is detected, it determines whether a sensitive command exists in the user operation information. If so, the sensitive command is blocked based on preset sensitive operation blocking rules, which are obtained by rewriting the keyboard key event sending method. Because this embodiment can block sensitive commands based on rules obtained by rewriting the keyboard key event sending method when sensitive commands exist in the user's input operation information, it solves the technical problems of high cost and maintenance difficulty in the prior art of detecting and blocking sensitive operations by installing monitoring software in a virtual machine.
[0097] Based on the first embodiment of this application, in the second embodiment of this application, the content that is the same as or similar to that in the first embodiment described above can be referred to the above description, and will not be repeated hereafter. Based on this, please refer to... Figure 4 , Figure 4 This is a flowchart illustrating Embodiment 2 of the sensitive operation blocking method of this application.
[0098] In this embodiment, step S10 includes steps S101 to S102:
[0099] Step S101: Real-time acquisition of keyboard key release events triggered by the user based on the remote desktop.
[0100] It should be understood that the aforementioned keyboard key release event can be an event triggered when the user releases a key on the keyboard in the remote desktop.
[0101] Step S102: Determine the user operation information input by the user based on the remote desktop according to the keyboard key release event.
[0102] In this embodiment, the device can monitor keyboard key release events in real time and capture every key input by the user on the remote desktop based on the monitored keyboard key release events, thereby obtaining the user's operation information on the remote desktop.
[0103] Further, step S102 includes steps S102a to S102b:
[0104] Step S102a: Determine the target key pressed by the user in the remote desktop based on the keyboard key release event.
[0105] It is understandable that the target key mentioned above can be the key that the user is currently pressing in the remote desktop.
[0106] Step S102b: Determine the user operation information input by the user based on the target key.
[0107] In this embodiment, since the keyboard key release event is triggered when the user releases the keyboard key, it can be used to identify the specific content entered by the user. That is, the device can determine the target key pressed by the user by listening to the keyboard key release event, and determine the user's operation information in the remote desktop based on the specific content corresponding to the target key (such as shortcut keys Tab, Delete, characters a, b, c, etc.).
[0108] Furthermore, before step S102b, the method further includes: storing the target key value corresponding to the target key in a keyboard input information storage variable, wherein the keyboard input information storage variable is a variable used to store user input information on the keyboard.
[0109] It should be noted that the aforementioned keyboard input information storage variable can be a temporary variable used to store user input based on the keyboard. For example, the keyboard input information storage variable can be defined as commandHistory. In this embodiment, after each capture of user keyboard input, the user's input content on the keyboard can be updated in the commandHistory variable, allowing the system to continuously track the user's input state for use in subsequent detection.
[0110] It is understood that the target key value mentioned above can be the key value corresponding to the target key. In practical applications, the content entered by the user on the keyboard is represented by the key value of the key pressed by the user. Therefore, in this embodiment, the key value corresponding to the target key can be stored in the keyboard input information storage variable for subsequent use in detection.
[0111] Accordingly, step S102b includes: reading the target key value corresponding to the target key from the keyboard input information storage variable in real time; determining whether the target key is a tab key or a space key based on the target key value; if so, storing the target key as a space in the keyboard input information storage variable to update the keyboard input information storage variable; and obtaining the user operation information input by the user based on the updated keyboard input information storage variable.
[0112] It is understood that the tab key mentioned above can be the Tab key on a keyboard; the space key mentioned above can be the Space key on a keyboard. In this embodiment, if the key value of the target key indicates that the user has pressed the Tab key or the Space key on the keyboard, the target key can be stored as a space in the keyboard input information storage variable, and the keyboard input information storage variable can be updated. Subsequently, the operation information input by the user can be obtained based on the updated keyboard input information storage variable.
[0113] Furthermore, before the step of obtaining the user operation information input by the user based on the updated keyboard input information storage variable, the method further includes: determining whether the input character corresponding to the target key is an uppercase letter; if so, converting the uppercase letter to a lowercase letter using a preset character conversion function, and updating the keyboard input information storage variable.
[0114] It should be understood that, in order to unify the form of characters stored in the keyboard input information storage variable, this embodiment can uniformly convert the English letters in the keyboard input information storage variable to lowercase. Specifically, the device can detect whether the input character corresponding to the target key is an uppercase letter. If so, it can convert it to lowercase and store it in the keyboard input information storage variable.
[0115] In practical implementation, there are significant differences between Windows and Linux systems when monitoring sensitive operations: Windows, generally a desktop operating system, can directly monitor the use of the 'Delete' key, and common sensitive commands include del and rd, used to delete files and directories; Linux commonly uses sensitive commands such as rm, dd, and rmdir, which are executed in the command-line environment and are therefore more dangerous. This embodiment can analyze user input to identify and block these potentially sensitive operations. (Refer to...) Figure 5 , Figure 5 This is a code example diagram illustrating the sensitive command detection in the sensitive operation blocking method of this application. (Example:) Figure 5 As shown, this embodiment can perform content detection based on the operating system type. First, sensitive commands in the operating system can be predefined as `sensitiveCommands = ['Delete', 'rd', 'rm', 'dd']`. For Windows systems, it can detect whether the user-input code belongs to a sensitive command defined in `sensitiveCommands`, thereby determining whether subsequent sensitive blocking is necessary. Specifically, if the user-input code is a sensitive command, the variable `isSensitive` can be set to `true`; otherwise, it can be set to `false`. Furthermore, if the user-input code is 'Tab' or 'Space', it can be stored as a space in the keyboard input information storage variable `commandHistory`. Simultaneously, the `.toLowerCase()` function can be used to convert uppercase letters in the user-input characters to lowercase, ultimately obtaining an updated keyboard input information storage variable.
[0116] This embodiment discloses the real-time acquisition of keyboard key release events triggered by the user on the remote desktop; based on the keyboard key release events, the user operation information input by the user on the remote desktop is determined. This embodiment can listen to the keyboard key release events triggered when the user releases a key on the keyboard, so that the user's operation information on the remote desktop can be obtained in real time through the listened keyboard key release events, and whether the user has performed sensitive operations can be detected through the operation information. Therefore, sensitive operations can be monitored without installing additional monitoring software, thereby reducing the complexity and cost of system operation and maintenance.
[0117] Based on the first and / or second embodiments of this application, in the third embodiment of this application, the content that is the same as or similar to the above embodiments can be referred to the above description, and will not be repeated hereafter. Based on this, please refer to... Figure 6 , Figure 6This is a flowchart illustrating Embodiment 3 of the sensitive operation blocking method of this application.
[0118] In this embodiment, step S20 includes steps S201 to S203:
[0119] Step S201: When a sensitive operation detection command is detected, obtain the delimiter character in the user operation information.
[0120] It should be noted that the above-mentioned delimiter can be any character used to delimit all strings entered by the user.
[0121] Step S202: Based on the segmentation character, the string stored in the updated keyboard input information storage variable is segmented to obtain several user operation characters.
[0122] It should be understood that the aforementioned user operation characters can be a single string obtained by splitting the string stored in the keyboard input information storage variable using a delimiter character as the delimiter. In this embodiment, the delimiter character can be defined as a space. For example, if the string stored in the updated keyboard input information storage variable is 'rm-root', then a space can be used as the delimiter character to split 'rm-root' to obtain the user operation characters 'rm' and '-root'.
[0123] Step S203: Determine whether there are sensitive commands in the user operation information based on the user operation characters.
[0124] Specifically, step S203 includes: matching the user operation characters with all sensitive commands in a preset sensitive command set; if the match is successful, it is determined that there is a sensitive command in the user operation information.
[0125] It should be understood that the above-mentioned preset sensitive command set can be a set consisting of all sensitive commands in the operating system, for example, sensitiveCommands = ['Delete', 'rd', 'rm', 'dd'].
[0126] In practical applications, refer to Figure 5In this embodiment, the split character can be defined as a space, and the string stored in commandHistory can be split using a space as the split point to obtain the operation characters input by the user. Then, these operation characters can be matched against all sensitive commands in the preset sensitive command set sensitiveCommands to determine whether the user-input operation characters exist in sensitiveCommands. If they exist, it is determined that there is a sensitive command in the user operation information. Specifically, after splitting the string 'rm-root' stored in the keyboard input information storage variable, the user operation characters 'rm' and '-root' can be obtained. Then, 'rm' and '-root' can be matched against all sensitive commands in sensitiveCommands. At this time, based on the matching results, it can be determined that there is a sensitive command 'rm' in the user operation information.
[0127] Furthermore, before step S20, the method further includes: determining whether there is an Enter key in the user operation information; if so, triggering a sensitive operation detection command based on the Enter key.
[0128] It should be noted that this embodiment can identify the user's sensitive operation when the user presses the Enter key. Specifically, this embodiment can determine whether to start sensitive operation identification by judging in real time whether the user's operation information contains the Enter key. If the user presses the Enter key, a sensitive operation command can be triggered to instruct the device to perform sensitive operation detection.
[0129] In this embodiment, when a sensitive operation detection command is detected, the method is disclosed to obtain the segmentation characters in the updated keyboard input information storage variable; based on the segmentation characters, the string stored in the updated keyboard input information storage variable is segmented to obtain several user operation characters; based on the user operation characters, it is determined whether there are sensitive commands in the user operation information, thereby segmenting all the strings input by the user into several operation characters, and accurately identifying sensitive commands in the user operation information through these operation characters, thereby improving the recognition accuracy of sensitive operations performed by the user and further enhancing the protection capability of the system.
[0130] It should be noted that the above examples are only for understanding this application and do not constitute a limitation on the sensitive operation blocking method of this application. Any simple modifications based on this technical concept are within the protection scope of this application.
[0131] This application also provides a sensitive operation blocking device, please refer to... Figure 7 The sensitive operation blocking device includes:
[0132] The operation information acquisition module 10 is used to acquire user operation information based on remote desktop input in real time.
[0133] Sensitive command determination module 20 is used to determine whether there is a sensitive command in the user operation information when a sensitive operation detection command is detected;
[0134] The sensitive operation blocking module 30 is used to block the sensitive command based on a preset sensitive operation blocking rule if it exists. The preset sensitive operation blocking rule is obtained by rewriting the keyboard key event sending method.
[0135] The sensitive operation blocking device provided in this application, employing the sensitive operation blocking method in the above embodiments, can solve the technical problems of high cost and difficult maintenance in the prior art of detecting and blocking sensitive operations by installing monitoring software in a virtual machine. Compared with the prior art, the beneficial effects of the sensitive operation blocking device provided in this application are the same as those of the sensitive operation blocking method provided in the above embodiments, and other technical features in the sensitive operation blocking device are the same as those disclosed in the methods of the above embodiments, and will not be repeated here.
[0136] This application provides a sensitive operation blocking device, which includes: at least one processor; and a memory communicatively connected to the at least one processor; wherein the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor to enable the at least one processor to perform the sensitive operation blocking method in the first embodiment described above.
[0137] The following is for reference. Figure 8 This document illustrates a structural schematic diagram suitable for implementing a sensitive operation blocking device according to embodiments of this application. The sensitive operation blocking device in embodiments of this application may include, but is not limited to, mobile terminals such as mobile phones, laptops, digital broadcast receivers, PDAs (Personal Digital Assistants), PADs (Portable Application Description), PMPs (Portable Media Players), in-vehicle terminals (e.g., in-vehicle navigation terminals), and fixed terminals such as digital TVs and desktop computers. Figure 8 The sensitive operation blocking device shown is merely an example and should not impose any limitation on the functionality and scope of use of the embodiments of this application.
[0138] like Figure 8As shown, the sensitive operation blocking device may include a processing unit 1001 (e.g., a central processing unit, a graphics processing unit, etc.), which can perform various appropriate actions and processes according to a program stored in a read-only memory (ROM) 1002 or a program loaded from a storage device 1003 into a random access memory (RAM) 1004. The RAM 1004 also stores various programs and data required for the operation of the sensitive operation blocking device. The processing unit 1001, ROM 1002, and RAM 1004 are interconnected via a bus 1005. An input / output (I / O) interface 1006 is also connected to the bus. Typically, the following systems can be connected to the I / O interface 1006: input devices 1007 including, for example, touchscreens, touchpads, keyboards, mice, image sensors, microphones, accelerometers, gyroscopes, etc.; output devices 1008 including, for example, liquid crystal displays (LCDs), speakers, vibrators, etc.; storage devices 1003 including, for example, magnetic tapes, hard disks, etc.; and communication devices 1009. Communication device 1009 allows the sensitive operation blocking device to communicate wirelessly or wiredly with other devices to exchange data. While the figures show sensitive operation blocking devices with various systems, it should be understood that implementation or possession of all the systems shown is not required. More or fewer systems may be implemented alternatively.
[0139] Specifically, according to the embodiments disclosed in this application, the processes described above with reference to the flowcharts can be implemented as computer software programs. For example, embodiments disclosed in this application include a computer program product comprising a computer program carried on a computer-readable medium, the computer program containing program code for performing the methods shown in the flowcharts. In such embodiments, the computer program can be downloaded and installed from a network via a communication device, or installed from storage device 1003, or installed from ROM 1002. When the computer program is executed by processing device 1001, it performs the functions defined in the methods of the embodiments disclosed in this application.
[0140] The sensitive operation blocking device provided in this application, employing the sensitive operation blocking method in the above embodiments, can solve the technical problem of sensitive operation blocking. Compared with the prior art, the beneficial effects of the sensitive operation blocking device provided in this application are the same as those of the sensitive operation blocking method provided in the above embodiments, and other technical features of the sensitive operation blocking device are the same as those disclosed in the method of the previous embodiment, and will not be repeated here.
[0141] It should be understood that the various parts disclosed in this application can be implemented using hardware, software, firmware, or a combination thereof. In the description of the above embodiments, specific features, structures, materials, or characteristics can be combined in any suitable manner in one or more embodiments or examples.
[0142] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.
[0143] This application provides a computer-readable storage medium having computer-readable program instructions (i.e., a computer program) stored thereon, the computer-readable program instructions being used to execute the sensitive operation blocking method in the above embodiments.
[0144] The computer-readable storage medium provided in this application may be, for example, a USB flash drive, but is not limited to, electrical, magnetic, optical, electromagnetic, infrared, or semiconductor systems, devices, or any combination thereof. More specific examples of computer-readable storage media may include, but are not limited to: electrical connections having one or more wires, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fibers, portable compact disk read-only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination thereof. In this embodiment, the computer-readable storage medium may be any tangible medium containing or storing a program that can be used by or in conjunction with an instruction execution system, system, or device. The program code contained on the computer-readable storage medium may be transmitted using any suitable medium, including but not limited to: wires, optical cables, RF (Radio Frequency), etc., or any suitable combination thereof.
[0145] The aforementioned computer-readable storage medium may be included in a sensitive operation blocking device; or it may exist independently and not be assembled into a sensitive operation blocking device.
[0146] The aforementioned computer-readable storage medium carries one or more programs. When the aforementioned one or more programs are executed by a sensitive operation blocking device, the sensitive operation blocking device: acquires user operation information input by the user based on a remote desktop in real time; when a sensitive operation detection instruction is detected, determines whether there is a sensitive command in the user operation information; if there is, blocks the sensitive command based on a preset sensitive operation blocking rule, wherein the preset sensitive operation blocking rule is obtained by rewriting the keyboard key event sending method.
[0147] Computer program code for performing the operations of this application can be written in one or more programming languages or a combination thereof, including object-oriented programming languages such as Java, Smalltalk, and C++, and conventional procedural programming languages such as the "C" language or similar programming languages. The program code can be executed entirely on the user's computer, partially on the user's computer, as a standalone software package, partially on the user's computer and partially on a remote computer, or entirely on a remote computer or server. In cases involving remote computers, the remote computer can be connected to the user's computer via any type of network—including a Local Area Network (LAN) or a Wide Area Network (WAN)—or can be connected to an external computer (e.g., via the Internet using an Internet service provider).
[0148] The flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of this application. In this regard, each block in a flowchart or block diagram may represent a module, segment, or portion of code containing one or more executable instructions for implementing a specified logical function. It should also be noted that in some alternative implementations, the functions indicated in the blocks may occur in a different order than those indicated in the drawings. For example, two consecutively indicated blocks may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each block in the block diagrams and / or flowcharts, and combinations of blocks in the block diagrams and / or flowcharts, can be implemented using a dedicated hardware-based system that performs the specified function or operation, or using a combination of dedicated hardware and computer instructions.
[0149] The modules described in the embodiments of this application can be implemented in software or hardware. The names of the modules do not necessarily limit the functionality of the unit itself.
[0150] The readable storage medium provided in this application is a computer-readable storage medium that stores computer-readable program instructions (i.e., a computer program) for executing the above-described sensitive operation blocking method. This solves the technical problems of high cost and maintenance difficulty in the prior art of detecting and blocking sensitive operations by installing monitoring software in a virtual machine. Compared with the prior art, the beneficial effects of the computer-readable storage medium provided in this application are the same as those of the sensitive operation blocking method provided in the above embodiments, and will not be repeated here.
[0151] This application also provides a computer program product, including a computer program that, when executed by a processor, implements the steps of the sensitive operation blocking method described above.
[0152] The computer program product provided in this application can solve the technical problems of high cost and difficult maintenance in the prior art of detecting and blocking sensitive operations by installing monitoring software in a virtual machine. Compared with the prior art, the beneficial effects of the computer program product provided in this application are the same as those of the sensitive operation blocking method provided in the above embodiments, and will not be repeated here.
[0153] The above description is only a part of the embodiments of this application and does not limit the patent scope of this application. All equivalent structural transformations made under the technical concept of this application and using the contents of the specification and drawings of this application, or direct / indirect applications in other related technical fields, are included in the patent protection scope of this application.
[0154] This invention discloses A1, a sensitive operation blocking method, the method comprising:
[0155] Real-time acquisition of user operation information based on remote desktop input;
[0156] When a sensitive operation detection command is detected, it is determined whether there is a sensitive command in the user operation information;
[0157] If it exists, the sensitive command is blocked based on the preset sensitive operation blocking rules, which are obtained by rewriting the keyboard key event sending method.
[0158] A2. As described in A1, the step of acquiring user operation information based on remote desktop input in real time includes:
[0159] Real-time acquisition of keyboard key release events triggered by the user via remote desktop;
[0160] The user operation information input by the user based on the remote desktop is determined based on the keyboard key release event.
[0161] A3. As described in A2, the step of determining the user operation information input by the user based on the remote desktop according to the keyboard key release event includes:
[0162] The target key pressed by the user in the remote desktop is determined based on the keyboard key release event.
[0163] The user operation information input by the user is determined based on the target key.
[0164] A4. As described in A3, before the step of determining the user operation information input by the user based on the target key, the method further includes:
[0165] The target key value corresponding to the target key is stored in the keyboard input information storage variable, which is a variable used to store the user's input information on the keyboard;
[0166] The step of determining the user operation information input by the user based on the target key includes:
[0167] The target key value corresponding to the target key is read from the keyboard input information storage variable in real time.
[0168] Based on the target key value, determine whether the target key is a tab key or a space key;
[0169] If so, the target key is stored as a space in the keyboard input information storage variable to update the keyboard input information storage variable;
[0170] The user operation information input by the user is obtained based on the updated keyboard input information storage variables.
[0171] A5. As described in A4, the step of determining whether a sensitive command exists in the user operation information when a sensitive operation detection instruction is detected includes:
[0172] When a sensitive operation detection command is detected, the delimiter character in the user operation information is obtained;
[0173] Based on the segmentation character, the string stored in the updated keyboard input information storage variable is segmented to obtain several user operation characters;
[0174] Based on the user operation characters, determine whether there are sensitive commands in the user operation information.
[0175] A6. As described in A5, the step of determining whether a sensitive command exists in the user operation information based on the user operation characters includes:
[0176] The user operation characters are matched with all sensitive commands in a preset set of sensitive commands;
[0177] If a match is found, it is determined that there are sensitive commands in the user operation information.
[0178] A7. The method as described in any one of A1 to A6, wherein the step of blocking the sensitive command based on a preset sensitive operation blocking rule if it exists includes:
[0179] If it exists, output a prompt message indicating that a sensitive operation has been performed;
[0180] Receive the sensitive operation execution instruction generated by the user based on the sensitive operation execution prompt information;
[0181] If the sensitive operation execution instruction is to cancel execution, the sensitive command is cleared based on the preset sensitive operation blocking rules to block the sensitive command.
[0182] A8. The method described in A7, after the step of receiving the sensitive operation execution instruction generated by the user based on the sensitive operation execution prompt information, further includes:
[0183] If the sensitive operation execution instruction is confirmed, then the sensitive command will continue to be executed.
[0184] A9. As described in A4, before the step of obtaining the user operation information input by the user based on the updated keyboard input information storage variable, the method further includes:
[0185] Determine whether the input character corresponding to the target key is an uppercase letter;
[0186] If so, the uppercase letters are converted to lowercase letters using a preset character conversion function, and the stored variables of the keyboard input information are updated.
[0187] A10. The method described in A3, prior to the step of determining whether a sensitive command exists in the user operation information when a sensitive operation detection instruction is detected, further includes:
[0188] Determine whether the user operation information contains an Enter key;
[0189] If present, a sensitive operation detection command is triggered based on the Enter key press.
[0190] The present invention also discloses B11, a sensitive operation blocking device, the device comprising:
[0191] The operation information acquisition module is used to acquire user operation information based on remote desktop input in real time;
[0192] The sensitive command determination module is used to determine whether there is a sensitive command in the user operation information when a sensitive operation detection command is detected.
[0193] A sensitive operation blocking module is used to block the sensitive command based on a preset sensitive operation blocking rule if it exists. The preset sensitive operation blocking rule is obtained by rewriting the keyboard key event sending method.
[0194] B12. In the apparatus described in B11, the operation information acquisition module is further configured to acquire in real time keyboard key release events triggered by the user based on the remote desktop; and determine the user operation information input by the user based on the remote desktop according to the keyboard key release events.
[0195] B13. In the apparatus described in B12, the operation information acquisition module is further configured to determine the target key pressed by the user in the remote desktop based on the keyboard key release event; and to determine the user operation information input by the user based on the target key.
[0196] B14. In the apparatus described in B13, the operation information acquisition module is further configured to store the target key value corresponding to the target key in a keyboard input information storage variable, wherein the keyboard input information storage variable is a variable used to store user input information on the keyboard; read the target key value corresponding to the target key from the keyboard input information storage variable in real time; determine whether the target key is a tab key or a space key based on the target key value; if so, store the target key as a space in the keyboard input information storage variable to update the keyboard input information storage variable; and acquire the user operation information input by the user based on the updated keyboard input information storage variable.
[0197] B15. In the apparatus described in B14, the sensitive command determination module is further configured to, when a sensitive operation detection command is detected, obtain the segmentation character in the user operation information; segment the string stored in the updated keyboard input information storage variable based on the segmentation character to obtain a number of user operation characters; and determine whether a sensitive command exists in the user operation information based on the user operation characters.
[0198] B16. In the apparatus described in B15, the sensitive command determination module is further configured to match the user operation characters with all sensitive commands in a preset sensitive command set; if the match is successful, it is determined that there is a sensitive command in the user operation information.
[0199] B17. The apparatus as described in any one of B11 to B16, wherein the sensitive operation blocking module is further configured to: output a sensitive operation execution prompt message if such a sensitive operation exists; receive a sensitive operation execution instruction generated by the user based on the sensitive operation execution prompt message; and if the sensitive operation execution instruction is to cancel execution, clear the sensitive command based on a preset sensitive operation blocking rule to block the sensitive command.
[0200] The present invention also discloses C18, a sensitive operation blocking device, the device comprising: a memory, a processor, and a sensitive operation blocking program stored in the memory and executable on the processor, the sensitive operation blocking program being configured to implement the steps of the sensitive operation blocking method as described above.
[0201] The present invention also discloses D19, a storage medium storing a sensitive operation blocking program, wherein when the sensitive operation blocking program is executed by a processor, it implements the steps of the sensitive operation blocking method described above.
[0202] The present invention also discloses E20, a computer program product comprising a computer program that, when executed by a processor, implements the steps of the sensitive operation blocking method described above.
Claims
1. A method for blocking sensitive operations, characterized in that, The method includes: Real-time acquisition of user operation information based on remote desktop input; When a sensitive operation detection command is detected, it is determined whether there is a sensitive command in the user operation information; If it exists, the sensitive command is blocked based on the preset sensitive operation blocking rules, which are obtained by rewriting the keyboard key event sending method.
2. The sensitive operation blocking method as described in claim 1, characterized in that, The step of acquiring user operation information based on remote desktop input in real time includes: Real-time acquisition of keyboard key release events triggered by the user via remote desktop; The user operation information input by the user based on the remote desktop is determined based on the keyboard key release event.
3. The sensitive operation blocking method as described in claim 2, characterized in that, The step of determining the user operation information input by the user based on the remote desktop according to the keyboard key release event includes: The target key pressed by the user in the remote desktop is determined based on the keyboard key release event. The user operation information input by the user is determined based on the target key.
4. The sensitive operation blocking method as described in claim 3, characterized in that, Before the step of determining the user operation information input by the user based on the target key, the method further includes: The target key value corresponding to the target key is stored in the keyboard input information storage variable, which is a variable used to store the user's input information on the keyboard; The step of determining the user operation information input by the user based on the target key includes: The target key value corresponding to the target key is read from the keyboard input information storage variable in real time. Based on the target key value, determine whether the target key is a tab key or a space key; If so, the target key is stored as a space in the keyboard input information storage variable to update the keyboard input information storage variable; The user operation information input by the user is obtained based on the updated keyboard input information storage variables.
5. The sensitive operation blocking method as described in claim 4, characterized in that, The step of determining whether a sensitive command exists in the user operation information when a sensitive operation detection command is detected includes: When a sensitive operation detection command is detected, the delimiter character in the user operation information is obtained; Based on the segmentation character, the string stored in the updated keyboard input information storage variable is segmented to obtain several user operation characters; Based on the user operation characters, determine whether there are sensitive commands in the user operation information.
6. The sensitive operation blocking method as described in claim 5, characterized in that, The step of determining whether there are sensitive commands in the user operation information based on the user operation characters includes: The user operation characters are matched with all sensitive commands in the preset sensitive command set; If a match is found, it is determined that there are sensitive commands in the user operation information.
7. A sensitive operation blocking device, characterized in that, The device includes: The operation information acquisition module is used to acquire user operation information based on remote desktop input in real time; The sensitive command determination module is used to determine whether there is a sensitive command in the user operation information when a sensitive operation detection command is detected. A sensitive operation blocking module is used to block the sensitive command based on a preset sensitive operation blocking rule if it exists. The preset sensitive operation blocking rule is obtained by rewriting the keyboard key event sending method.
8. A sensitive operation blocking device, characterized in that, The device includes: a memory, a processor, and a computer program stored in the memory and executable on the processor, the computer program being configured to implement the steps of the sensitive operation blocking method as described in any one of claims 1 to 6.
9. A storage medium, characterized in that, The storage medium is a computer-readable storage medium, and a computer program is stored on the storage medium. When the computer program is executed by a processor, it implements the steps of the sensitive operation blocking method as described in any one of claims 1 to 6.
10. A computer program product, characterized in that, The computer program product includes a computer program that, when executed by a processor, implements the steps of the sensitive operation blocking method as described in any one of claims 1 to 6.