A process information desensitization method and device
By utilizing the preloading mechanism to load dynamic link libraries in the Linux system and anonymizing process information based on the desensitization rules obtained from the initialization function, the problem of low-privilege users leaking process information of high-privilege users is solved, thereby improving the security and preventing leakage of process information.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- HUAWEI TECH CO LTD
- Filing Date
- 2024-12-24
- Publication Date
- 2026-06-26
AI Technical Summary
In Linux systems, low-privilege users can query process information of high-privilege users through system commands, leading to the leakage of sensitive information in the high-privilege user's process information. Existing solutions are complex and require intrusive modifications to the source code.
Dynamic link libraries are loaded using a pre-loading mechanism. The process information is modified by obtaining the de-identification rules through the initialization function to avoid modifying the execution logic of the target program. The process information is anonymized using the de-identification rules and stored in the heap memory space to prevent leakage.
It improves the security of process information, reduces the complexity of the anti-leakage scheme, ensures that low-privilege users cannot obtain sensitive information from high-privilege users, and does not affect the executability of the target program.
Smart Images

Figure CN122286751A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of computers, and more particularly to a method and apparatus for desensitizing process information. Background Technology
[0002] With the development of computer technology, Linux has gradually become a versatile operating system due to its open-source, stable, and efficient characteristics. It has been widely used in many fields, such as terminal devices, servers, cloud computing, and big data.
[0003] In Linux systems, a process is the basic unit for resource allocation and scheduling by the operating system. Users can view detailed process information using system commands, such as the `ps` command. However, in current Linux systems, lower-privilege users can also query process information of higher-privilege users via system commands by default. Since process information may contain sensitive information such as passwords, if a lower-privilege user views the process information of a higher-privilege user through system commands, there is a risk of leakage of sensitive information contained in the higher-privilege user's process information.
[0004] Current solutions to prevent the leakage of sensitive process information caused by system commands querying process information in Linux systems often involve transmitting process information via targeted transmission to avoid leakage. However, targeted transmission requires intrusive modification of the source code execution logic, which is difficult and makes current process information leakage prevention solutions complex. Summary of the Invention
[0005] This application provides a method for de-identifying process information to improve the security of process information. This application also provides a process information de-identification apparatus, a computing device, a computer-readable storage medium, and a computer program product.
[0006] In a first aspect, embodiments of this application provide a method for desensitizing process information. This method can be executed by a computing device, or by a component of the computing device, such as a processor, chip, or chip system, or by a logic module or software capable of implementing all or part of the functions of the computing device. The method provided in the first aspect includes: the computing device starting a target program, the target program's process information containing sensitive information; the computing device loading a dynamic link library based on a pre-loading mechanism, the dynamic link library providing initialization functions for the target program, the initialization functions obtaining desensitization rules for the process information, and the desensitization rules indicating modification rules for the process information; the computing device modifying the process information according to the desensitization rules to obtain desensitized process information; and the computing device responding to user process commands based on the desensitized process information, the process commands including user process query commands for process information.
[0007] In this embodiment, the computing device can obtain de-identification rules based on the pre-loading mechanism and initialization function of the Linux system, and modify the process information based on the de-identification rules. Compared with the current targeted transmission scheme that requires intrusive modification of the program's execution logic, the process information de-identification method in this embodiment only modifies the process information in the stack memory space. The initialization function can still execute the target program based on the process information in the heap memory space. Therefore, the process information can be de-identified without modifying the execution logic of the target program, which improves the security of process information and reduces the complexity of the process information leakage prevention scheme.
[0008] In one possible implementation, before modifying process information according to the de-identification rules, the computing device determines the de-identification rules based on the de-identification rule parameters in the initialization function. These parameters indicate the de-identification rules used to modify the process information. Specifically, during the execution of the initialization function, the computing device can add de-identification rule parameters to the original command line and query the corresponding de-identification rules from the de-identification rule set based on these parameters.
[0009] In this embodiment, the computing device can parse the desensitization rule parameters based on the command line in the initialization function, and modify the process information according to the desensitization rule indicated by the desensitization rule parameters, thereby improving the accuracy of the computing device in selecting desensitization rules and further enhancing the security of process information.
[0010] In one possible implementation, after the computing device loads the dynamic link library using a pre-loading mechanism, it removes the anonymization rule parameters from the initialization function. This allows the initialization function to call the target program's entry point main function, thus not affecting the target program's execution. The computing device creates target process information based on the process information in the initialization function. Specifically, it removes the anonymization rule parameters from the process information to obtain the target process information and stores it in the heap memory space. This target process information is used to run the target program. Since an attacker's `ps` command cannot query the target process information in the heap memory space, the leakage of the target process information is avoided.
[0011] In this embodiment, because the computing device added de-identification rule parameters to the original command line, the command line of the initialization function could not be executed. Therefore, the computing device removed the de-identification rule parameters from the initialization function so that the initialization function could call the entry main function of the target program, thereby ensuring the executableness of the target program after adding the de-identification rule parameters. At the same time, the target process information can be stored in the heap memory space, thereby improving the security of the target process information.
[0012] In one possible implementation, after modifying the process information according to the anonymization rules, the computing device stores the anonymized process information in the stack memory space. The memory address of the anonymized process information is the same as the memory address of the original process information. Since the process information in the stack memory space is the anonymized process information, the process information queried from the stack memory space by an attacker using the ps command will be the anonymized process information, thereby preventing the leakage of process information.
[0013] In this embodiment of the application, the computing device can replace the original process information in the stack memory space with the de-identified process information. The process information that the attacker can query from the stack memory space using the ps command is the de-identified process information, thereby improving the security of the process information.
[0014] In one possible implementation, the de-identification rule includes one or more of the following: subscript rule, prefix rule, follow rule, interval rule, regular expression rule, subscript rule with anchor, prefix rule with anchor, follow rule with anchor, interval rule with anchor, and regular expression rule with anchor. When the de-identification rule includes multiple of the above rules, the de-identification rule is a combination rule of multiple rules.
[0015] In the embodiments of this application, the computing device can use a variety of different desensitization rules to desensitize process information, thereby improving the richness of process information desensitization methods.
[0016] In one possible implementation, the desensitization rule is a subscript rule. During the process of modifying process information according to the desensitization rule, the computing device modifies the specified command-line parameters of the command line in the initialization function based on the subscript rule. The subscript of the specified command-line parameter is the subscript indicated by the subscript rule.
[0017] In this embodiment of the application, the computing device can desensitize process information of a specified index based on index rules, thereby improving the feasibility of the desensitization method under index rules.
[0018] In one possible implementation, the desensitization rule is an anchored index rule. During the process of modifying process information according to the desensitization rule, the computing device modifies the specified command line parameters of the command line in the initialization function based on the anchored index rule. The index of the specified command line parameter starts from the counting anchor and is specified by the anchored index rule.
[0019] In this embodiment of the application, the computing device can desensitize the content of the specified index after the anchor point in the process information based on the anchored index rule, thereby improving the feasibility of the desensitization method under the anchored index rule.
[0020] In one possible implementation, the desensitization rule is a prefix rule. During the process of modifying process information according to the desensitization rule, the computing device modifies the specified command-line parameters in the initialization function based on the prefix rule. The prefix of the specified command-line parameters is the prefix indicated by the prefix rule.
[0021] In this embodiment of the application, the computing device can desensitize process information with a specified prefix based on prefix rules, thereby improving the feasibility of the desensitization method under prefix rules.
[0022] In one possible implementation, the desensitization rule is a prefix rule with anchors. During the process of modifying process information according to the desensitization rule, the computing device modifies the specified command line parameters of the command line in the initialization function based on the prefix rule with anchors. Here, the specified command line parameters are those after the counting anchors, and the prefix is the command line parameter of the indicating prefix described in the prefix rule.
[0023] In this embodiment of the application, the computing device can desensitize the content of the specified prefix after the anchor point in the process information based on the anchor point prefix rule, thereby improving the feasibility of the desensitization method under the anchor point prefix rule.
[0024] In one possible implementation, the desensitization rule is a follow-up rule. During the process of modifying process information according to the desensitization rule, the computing device modifies the specified command-line parameters of the command line in the initialization function based on the follow-up rule. The specified command-line parameters are parameters following the identifier specified by the follow-up rule.
[0025] In this embodiment of the application, the computing device can desensitize the content after the specified identifier in the process information based on the following rules, thereby improving the feasibility of the desensitization method under the following rules.
[0026] In one possible implementation, the desensitization rule is a follow-up rule with anchors. During the process of modifying process information according to the desensitization rule, the computing device modifies the specified command-line parameters of the command line in the initialization function based on the follow-up rule with anchors. The specified command-line parameters are parameters after the counting anchors and after the identifier specified by the follow-up rule with anchors.
[0027] In this embodiment of the application, the computing device can desensitize the content after the anchor point and after the specified identifier in the process information based on the anchor point following rule, thereby improving the feasibility of the desensitization method under the anchor point following rule.
[0028] In one possible implementation, the desensitization rule is a range rule. During the process of modifying process information according to the desensitization rule, the computing device modifies the specified command line parameters of the command line in the initialization function based on the range rule. The specified command line parameters are the parameters between the identifiers specified by the range rule.
[0029] In this embodiment of the application, the computing device can desensitize the content between specified identifiers in the process information based on interval rules, thereby improving the feasibility of the desensitization method under interval rules.
[0030] In one possible implementation, the desensitization rule is an anchored interval rule. During the process of modifying process information according to the desensitization rule, the computing device modifies the specified command line parameters of the command line in the initialization function based on the anchored interval rule. The specified command line parameters are the parameters between the identifiers specified by the anchored interval rule after the counting anchor.
[0031] In this embodiment of the application, the computing device can desensitize the content between specified identifiers after the anchor point in the process information based on the interval rules with anchor points, thereby improving the feasibility of the desensitization method under the interval rules with anchor points.
[0032] In one possible implementation, the desensitization rule is a regular expression rule. During the process of modifying process information according to the desensitization rule, the computing device modifies the specified command line parameters of the command line in the initialization function based on the regular expression rule, which is a regular expression that satisfies the regular expression rule for the specified command line parameters.
[0033] In this embodiment of the application, the computing device can desensitize the content in the process information that conforms to the regular expression based on regular rules, thereby improving the feasibility of the desensitization method under the regular rules.
[0034] In one possible implementation, the desensitization rule is a regular expression rule with anchors. During the process of modifying process information according to the desensitization rule, the computing device modifies the specified command line parameters of the command line in the initialization function based on the regular expression rule with anchors. The specified command line parameters are command line parameters that satisfy the regular expression rule with anchors after the counting anchors.
[0035] In this embodiment of the application, the computing device can desensitize the content that conforms to the regular expression after the anchor point in the process information based on the regular expression rule with anchor points, thereby improving the feasibility of the desensitization method under the regular expression rule with anchor points.
[0036] In one possible implementation, the desensitization rule is a combination of multiple desensitization rules. During the process of modifying process information according to the desensitization rules, the computing device modifies the specified command line parameters of the command line in the initialization function based on the combination rules. The specified command line parameters include embodiments that conform to multiple desensitization rules in the combination rules.
[0037] In this embodiment of the application, the computing device can perform desensitization on the content in the process information that conforms to each desensitization rule of the combination rule based on the combination rule, thereby improving the feasibility of the desensitization method under the combination rule.
[0038] In one possible implementation, the process information includes one or more of the following: process name, user ID, and command-line arguments. The command-line arguments may indicate sensitive user information, such as the user's password.
[0039] In this embodiment of the application, the computing device can desensitize various types of process information, including process names, thereby improving the security of various types of process information.
[0040] In one possible implementation, the dynamic link library includes a dynamic link library specified by the LD_PRELOAD environment variable, such as the glibc library, which is preloaded by the dynamic linker. The initialization function in the dynamic link library includes the _libc_start_main function.
[0041] In this embodiment of the application, the computing device can use the LD_PRELOAD environment variable to load the specified glibc library, and desensitize process information based on the _libc_start_main function in the library, thereby improving the feasibility of the information desensitization scheme.
[0042] Secondly, embodiments of this application provide a process information desensitization device, which includes a startup unit and a processing unit. The startup unit starts a target program, whose process information contains sensitive information. The processing unit loads a dynamic link library based on a pre-loading mechanism. The dynamic link library provides initialization functions for the target program, which in turn obtain desensitization rules for the process information. These rules indicate the rules for modifying the process information. The processing unit further modifies the process information according to the desensitization rules to obtain desensitized process information. The processing unit also responds to user process commands based on the desensitized process information, including user process query commands for process information.
[0043] In one possible implementation, the processing unit is further configured to determine the desensitization rule based on the desensitization rule parameter in the initialization function, the desensitization rule parameter being used to indicate the desensitization rule used to modify the process information.
[0044] In one possible implementation, the processing unit is further configured to remove the de-identification rule parameters in the initialization function, so that the initialization function can call the target program's entry main function. The processing unit is also configured to create target process information based on the process information in the initialization function, and store the target process information in the heap memory space; the target process information is used to run the target program.
[0045] In one possible implementation, the processing unit is further configured to store the de-identified process information into the stack memory space, wherein the memory address of the de-identified process information is consistent with the memory address of the original process information.
[0046] In one possible implementation, the desensitization rules include one or more of the following: subscript rules, prefix rules, follow rules, interval rules, regular expression rules, subscript rules with anchors, prefix rules with anchors, follow rules with anchors, interval rules with anchors, and regular expression rules with anchors.
[0047] In one possible implementation, the desensitization rule is a subscript rule, and the processing unit is specifically used to modify the specified command-line parameters of the command line in the initialization function based on the subscript rule, wherein the subscript of the specified command-line parameter is the subscript indicated by the subscript rule.
[0048] In one possible implementation, the desensitization rule is a regular expression rule, and the processing unit is specifically used to modify the specified command line parameters of the command line in the initialization function based on the regular expression rule, specifying the regular expression of the command line parameters that satisfies the regular expression rule.
[0049] In one possible implementation, the process information includes one or more of the following: process name, user ID, and command-line arguments.
[0050] In one possible implementation, the dynamic link library includes a dynamic link library preloaded by the dynamic linker according to the LD_PRELOAD environment variable.
[0051] Thirdly, embodiments of this application provide a computing device including a processor coupled to a memory. The processor stores instructions, which, when executed by the processor, cause the computing device to perform the method described in the first aspect or any possible implementation thereof.
[0052] Fourthly, embodiments of this application provide a computing device cluster, which includes one or more computing devices. Each computing device includes a processor coupled to a memory. The processor is used to store instructions, which, when executed by the processor, cause the computing device cluster to perform the method described in the first aspect or any possible implementation thereof.
[0053] Fifthly, embodiments of this application provide a computer-readable storage medium having instructions stored thereon, which, when executed, cause a computer to perform the method described in the first aspect or any possible implementation thereof.
[0054] Sixthly, embodiments of this application provide a computer program product including instructions that, when executed, cause a computer to implement the method described in the first aspect or any possible implementation thereof.
[0055] It is understood that the beneficial effects achieved by any of the above-mentioned desensitization devices, computing devices, computing device clusters, computer-readable media or computer program products for process information can be referred to the beneficial effects in the corresponding methods, and will not be repeated here. Attached Figure Description
[0056] Figure 1 A schematic diagram of the system architecture of a process information desensitization system provided in this application embodiment;
[0057] Figure 2 A schematic diagram illustrating a method for desensitizing process information provided in an embodiment of this application;
[0058] Figure 3 A schematic diagram illustrating another method for desensitizing process information provided in an embodiment of this application;
[0059] Figure 4 A schematic diagram illustrating another method for desensitizing process information provided in an embodiment of this application;
[0060] Figure 5 A schematic diagram of a process information desensitization device provided in an embodiment of this application;
[0061] Figure 6 This is a schematic diagram of the structure of a computing device provided in an embodiment of this application;
[0062] Figure 7 This is a schematic diagram of the structure of a computing device cluster provided in an embodiment of this application;
[0063] Figure 8 This is a schematic diagram of another computing device cluster provided in an embodiment of this application. Detailed Implementation
[0064] This application provides a method and apparatus for desensitizing process information to improve the security of process information.
[0065] The terms “first,” “second,” “third,” “fourth,” etc. (if present) in the specification, claims, and accompanying drawings of this application are used to distinguish similar objects and are not necessarily used to describe a particular order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments described herein can be implemented in a sequence other than that illustrated or described herein. Furthermore, the terms “comprising” and “having,” and any variations thereof, are intended to cover a non-exclusive inclusion; for example, a process, method, system, product, or apparatus that comprises a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or apparatus.
[0066] In the embodiments of this application, the terms "exemplary" or "for example" are used to indicate that something is an example, illustration, or description. Any embodiment or design that is described as "exemplary" or "for example" in the embodiments of this application should not be construed as being more preferred or advantageous than other embodiments or design. Specifically, the use of the terms "exemplary" or "for example" is intended to present the relevant concepts in a specific manner.
[0067] First, some of the terms used in the embodiments of this application are introduced to facilitate understanding of the technical solutions by those skilled in the art.
[0068] A process is an instance of a running program in a Linux system. It is the basic unit for resource allocation and scheduling by the operating system. A process can be viewed as a collection of all relevant information about a program during its lifecycle, including program code, data, open files, environment variables, etc. Users can view detailed process information using the `ps` command, such as process ID, owner user, and command-line arguments used to start the process.
[0069] LD_PRELOAD is an environment variable in Linux systems used to force the loading of specified shared libraries when a program is executed. When the LD_PRELOAD environment variable is set and a program is run, the dynamic linker will first load the library specified by LD_PRELOAD, and then load other libraries. Library functions in the shared library pointed to by LD_PRELOAD will override functions with the same name in the original library.
[0070] A dynamic link library (DLL) is a library that is dynamically loaded at runtime. In Linux systems, DLLs are typically .so files, which are shared object files. DLLs are loaded only at program startup or runtime, allowing multiple programs to share the same library file, thus saving memory and disk space.
[0071] The glibc library (GNU C Library) is a crucial library that implements the functionality of the standard C library. It is used on GNU systems or GNU-based Linux systems and is fundamental to the operation of many Linux applications. The glibc library provides basic system functions such as memory allocation, process control, and input / output.
[0072] To make the technical solution of this application clearer and easier to understand, the system architecture of this application will be described below with reference to the accompanying drawings.
[0073] Please see Figure 1 , Figure 1 This application provides a schematic diagram of the system architecture for a process information desensitization system. Figure 1 In the example shown, the process information de-identification system 10 includes a kernel subsystem 101, a library component 102, and a de-identification rule engine 103. The kernel subsystem 101 includes a system call interface 1011, a kernel layer 1012, and a hardware control layer 1013. The library component 102 includes an initialization function module 1021. The de-identification rule engine 103 includes a de-identification conversion module 1031 and a de-identification rule set module 1032. The specific functions of each part of the process information de-identification system 10 are described below.
[0074] Kernel subsystem 101 is used to manage the hardware and software resources of the Linux system. Kernel subsystem 101 also provides basic functions such as process management, process information desensitization, file system, device drivers, and network protocol stack.
[0075] The kernel subsystem 101 includes a system call interface 1011, a kernel layer 1012, and a hardware control layer 1013. The system call interface 1011 provides a set of programming interfaces for applications. The system call interface 1011 allows applications to interact directly with the operating system kernel to manage and control system resources. The system call interface 1011 is also used to load dynamic link libraries in the library component 102.
[0076] Kernel layer 1012 is responsible for implementing the hardware and software management functions of the Linux system. Kernel layer 1012 includes a process management module, a process information de-identification module, and a file system management module. The process management module is used to create, schedule, and terminate processes. It uses a scheduler to manage the execution order of multiple processes on the CPU to achieve multitasking. The process management module also supports inter-process communication mechanisms such as signals, pipes, message queues, and shared memory.
[0077] The process information desensitization module is used to allocate and manage system memory. It provides mechanisms such as virtual memory, paging, and swapping, enabling multiple processes to share memory resources.
[0078] The file system management module is used to manage the storage, organization, and retrieval of data. It provides a unified file system interface, enabling different types of file systems to run on Linux systems.
[0079] The hardware control layer 1013 is used for interaction between the Linux system and physical hardware, which includes all hardware components of the computer such as the processor, memory, hard disk, network interface, and peripherals. The hardware control layer 1013 can directly control and manage hardware devices through device drivers.
[0080] Library component 102 is used to provide support for applications provided by the Linux system. Library component 102 includes system libraries and third-party libraries. System libraries include, for example, the C standard library (glibc). The C standard library provides a large number of functions and interfaces. Functions can perform tasks such as string manipulation, mathematical operations, and file operations.
[0081] Library component 102 can also be divided into dynamic link libraries and static link libraries. A dynamic link library is a collection of shared code and data that is loaded into a program at runtime. Unlike static link libraries, dynamic link libraries are not directly embedded into the executable file during program compilation, but are loaded as needed at runtime.
[0082] Library component 102 includes an initialization function module 1021, which provides initialization functions, such as the _libc_start_main function. The _libc_start_main function is an initialization function in the glibc library. The _libc_start_main function can be used as the starting point of program execution. For example, in a Linux system that uses the glibc library, the _libc_start_main function is used to initialize the program's execution environment and set the program's main entry point.
[0083] The desensitization rule engine 103 stores desensitization rules for process information and desensitizes process information based on these rules.
[0084] The de-identification rule engine 103 includes a de-identification conversion module 1031 and a de-identification rule set module 1032. The de-identification conversion module 1031 queries the de-identification rule set to obtain de-identification rules and de-identifies process information according to these rules. Specifically, the de-identification conversion module 1031 can modify sensitive information in process information based on the de-identification rules, preventing low-privilege users from querying sensitive information in the process information.
[0085] The de-identification rule set module 1032 is used to store various de-identification rules. Among them, the de-identification rules include subscript rules, prefix rules, follow rules, interval rules, regular expression rules, subscript rules with anchors, prefix rules with anchors, follow rules with anchors, interval rules with anchors, and regular expression rules with anchors.
[0086] based on Figure 1 The process information desensitization system 10 shown in this application also provides a process information desensitization method. The process information desensitization method provided in this application will be described below with reference to embodiments.
[0087] Please see Figure 2 , Figure 2 This is a flowchart illustrating a method for desensitizing process information provided in an embodiment of this application. Figure 2 In the example shown, the method includes the following steps:
[0088] 201. Start the target program. The process information of the target program contains sensitive information.
[0089] The computing device executes the target program, which may include a Linux program. Specifically, the computing device starts the target program based on a loader. During the execution of the target program, the computing device creates one or more processes. The process information of these processes contains sensitive information, such as the user's password.
[0090] The process information in this application embodiment includes one or more of the following: process name, owner user ID, and command-line parameters. The process name can serve as the process identifier, the owner user ID (UID) identifies which user started the process, and the command-line parameters refer to the parameters involved in the process command line; these parameters can be sensitive information within the process information.
[0091] Please see Figure 3 , Figure 3 This is a schematic diagram illustrating another method for desensitizing process information provided in an embodiment of this application. Figure 3 In step 1 of the example shown, during the user's execution of the target program, the computing device creates and starts a process, in which the command-line parameters of the process contain sensitive information. Since malicious attackers can view and manage processes in the system using system commands such as `ps`, users need to anonymize the sensitive information in the process information to prevent its leakage.
[0092] 202. Load dynamic link libraries based on a pre-loading mechanism. The dynamic link libraries are used to provide initialization functions for the target program. The initialization functions are used to obtain the de-identification rules for process information. The de-identification rules are used to indicate the rules for modifying process information.
[0093] In this embodiment of the application, the computing device can desensitize process information based on the underlying mechanism of the Linux system. The underlying mechanism of the Linux system includes a preloading mechanism and initialization functions. The preloading mechanism and initialization functions are introduced below:
[0094] The preloading mechanism refers to loading specified library components using environment variables. In Linux systems, the system provides an environment variable named LD_PRELOAD, which allows users to specify the paths to one or more shared library files. When a program starts, the dynamic loader loads the dynamic libraries specified by LD_PRELOAD, such as the glibc library, before loading the C runtime library.
[0095] Initialization functions can be functions in dynamic link libraries. They initialize the program's runtime environment and set the program's main entry point. An example of an initialization function is the `_libc_start_main` function. The tasks performed by the `_libc_start_main` function include: initializing global and static variables; setting the starting positions of the stack and heap; calling the `_start` function, which in turn calls the target program's `main` function, which is the program's main entry point; handling the return value of the `main` function; performing cleanup tasks, such as closing file descriptors; and calling the `exit` or `_exit` function to terminate the program.
[0096] During the process of desensitizing process information, the computing device loads dynamic link libraries based on a pre-loading mechanism. The dynamic link libraries are used to provide initialization functions for the target program. During the execution of the initialization functions, the computing device can obtain the desensitization rules for the process information. The desensitization rules are used to indicate the rules for modifying the desensitization of the process information.
[0097] Specifically, when a computing device loads a dynamic link library based on a pre-loading mechanism, it prioritizes loading the dynamic link library specified by the environment variable LD_PRELOAD. This dynamic link library includes initialization functions, which can call the main function of the target program. During the execution of the initialization functions, the computing device can query desensitization rules from the desensitization rule set and desensitize sensitive information in the process information based on these rules.
[0098] Please continue reading. Figure 3 ,exist Figure 3 In step 2 of the example shown, after the computing device starts the user process, it specifies the value of the environment variable LD_PRELOAD as the path to the dynamic link library libSecurityStarter.so, so that the computing device startup process can load the dynamic link library libSecurityStarter.so first. This libSecurityStarter.so contains the initialization function _libc_start_main.
[0099] In one possible implementation, the computing device determines the de-identification rule based on the de-identification rule parameters in the initialization function. These parameters are used to query the corresponding de-identification rule; that is, the de-identification rule parameters indicate the de-identification rule used to modify the process information. Specifically, de-identification rule parameters can be added to the original command line of the initialization function. During the execution of the initialization function by the computing device, the de-identification rule parameters can be parsed from the original command line, and the corresponding de-identification rule can be queried from the de-identification rule set based on these parameters.
[0100] Please continue reading. Figure 3 ,exist Figure 3 In steps 3 through 7 of the example shown, after the computing device loads the dynamic link library, it can add desensitization rule parameters to the original process command line, and the Linux process scheduler will schedule and start the process. When the computing device executes the _libc_start_main function, it parses the desensitization rule based on this desensitization rule parameter, which indicates the desensitization rule used by the computing device to desensitize sensitive information.
[0101] For example, a sample process startup command is LD_PRELOAD="${SECURITY_START_PATH}" / libSecurityStarter.sojava param1=abc param2=123param3param4=456param5=789index@1. In this example, "index@1" is the de-identification rule parameter, which indicates that the computing device uses the subscript rule for de-identification.
[0102] The desensitization rules in this application include one or more of the following: subscript rules, prefix rules, follow rules, interval rules, regular expression rules, subscript rules with anchors, prefix rules with anchors, follow rules with anchors, interval rules with anchors, and regular expression rules with anchors.
[0103] Please refer to Table 1, which is a schematic table of desensitization rules supported by the computing device for desensitizing process information in the embodiments of this application. In the examples shown in Table 1, the desensitization rules include subscript rules, prefix rules, follow rules, interval rules, regular expression rules, subscript rules with anchors, prefix rules with anchors, follow rules with anchors, interval rules with anchors, regular expression rules with anchors, and combination rules. Among them, combination rules refer to a combination of one or more of the above desensitization rules.
[0104] For example, in the desensitization rules shown in Table 1, the desensitization rule is the subscript rule "index@1", which means that the command-line parameter with subscript "1" is desensitized. Another example is the desensitization rule with anchor "index_locator@param3@1", which means that the command-line parameter with subscript "1" following the desensitization anchor "param3" is desensitized.
[0105] For example, a desensitization rule could be the regular expression "regex@^param\d+=.+?$", which desensitizes command-line arguments that match the regular expression "^param\d+=.+?$". Another example is a regular expression with an anchor point, "regex_locator@param3@^param\d+=.+?$", which desensitizes command-line arguments following the anchor point "param3" that match the regular expression "^param\d+=.+?$".
[0106] Table 1
[0107]
[0108] In one possible implementation, since the computing device added de-identification rule parameters to the original command line, the command line of the initialization function cannot be executed. Therefore, after the computing device loads the dynamic link library based on the pre-loading mechanism, the computing device needs to remove the de-identification rule parameters in the initialization function so that the initialization function can call the entry main function of the target program.
[0109] In one possible implementation, the computing device creates target process information based on process information in the initialization function. Specifically, the computing device removes the anonymization rule parameters from the process information to obtain the target process information. The computing device then stores the target process information in the heap memory space. This target process information is the process information required to run the target program; for example, the target process information is the command-line parameters with the anonymization rule parameters removed. Since attackers' process query commands such as `ps` cannot query the target process information in the heap memory space, the leakage of the target process information is avoided.
[0110] Please see Figure 4 , Figure 4 This is a schematic diagram illustrating another method for desensitizing process information provided in an embodiment of this application. Figure 4 In the example shown, this application provides two process execution flows. The first is the default insecure flow where process information is not currently anonymized, and the second is the secure flow where process information is anonymized according to this application.
[0111] exist Figure 4 In the security flow example shown, the computing device's loader loads the libSecurityStarter.so library based on the environment variable LD_PRELOAD and executes the library's _libc_start_main function. Since the command-line argument `agrv` in the _libc_start_main function has been anonymized, it is unrecognizable. Therefore, the anonymization rules need to be removed from `agrv` to obtain a new command-line argument `agrv`, which is then stored in the heap memory space. This allows the command-line arguments in the heap memory space to be executed and call the target program's entry point, the main function. It should be noted that a malicious attacker's `ps` command cannot query the contents of the heap memory space; therefore, the leakage of command-line arguments in the heap memory is prevented.
[0112] It should be noted that, in addition to using the LD_PRELOAD environment variable of the Linux system and the __libc_start_main function of the glib c library for desensitization in the embodiments of this application, other hook mechanisms can also be used to desensitize process information, such as using the ptrace function call, etc., and there is no specific limitation.
[0113] 203. Modify the process information according to the desensitization rules to obtain the desensitized process information.
[0114] After determining the desensitization rules based on the desensitization rule parameters, the computing device modifies the process information according to the desensitization rules to obtain the desensitized process information. This process information includes one or more of the following: process name, user ID, and command-line arguments. In the desensitized process information, sensitive information is anonymized, for example, by using "*" or other symbols, thus achieving desensitization. No user can obtain sensitive information in the process information through commands such as `ps` or `top`, thereby achieving the purpose of protecting sensitive information in the process information.
[0115] The following details the rules for de-identifying and modifying process information under different de-identification rules:
[0116] In one possible implementation, the desensitization rule is a subscript rule. During the process of modifying process information according to the desensitization rule, the computing device modifies the specified command line parameters of the command line in the initialization function based on the subscript rule. The subscript of the specified command line parameter is the subscript indicated by the subscript rule, that is, the computing device modifies the process information of the specified subscript based on the subscript rule.
[0117] Please refer to Table 2, which is an introduction table of subscript rules provided in the embodiments of this application. In the example shown in Table 2, the format of the subscript rule is "index@parameter1@parameter2…", where "parameter1" and "parameter2" represent the specified subscripts to be de-identified. For example, for the process command line "java param1=abc param2=123param3param4=456param5=789index@1", "index@1" indicates that the subscript "param1=abc" at index 1 is de-identified. The de-identified process command line is "java*param2=123param3param4=456param5=789".
[0118] Table 2
[0119]
[0120] In one possible implementation, the desensitization rule is an anchored index rule. During the process of modifying process information according to the desensitization rule, the computing device modifies the specified command-line parameters of the command line in the initialization function based on the anchored index rule. The index of the specified command-line parameter starts from the counting anchor point and is specified by the anchored index rule. That is, the computing device modifies the process information after the counting anchor point and the specified index based on the anchored index rule.
[0121] Please refer to Table 3, which is an introduction to an anchored subscript rule provided in the embodiments of this application. In the example shown in Table 3, the format of the subscript rule is "index_locator@parameter count anchor@parameter1@parameter2…", where "parameter count anchor" represents the counting anchor to be marked, and "parameter1" and "parameter2" represent the specified subscripts to be desensitized. For example, for the process command line "java param1=abc param2=123param3param4=456param5=789index_locator@param3@1", "index_locator@param3@1" indicates that the first parameter starting from the counting anchor "param3" is desensitized. The desensitized process command line is "java par am1=abc param2=123param3*param5=789".
[0122] Table 3
[0123]
[0124] In one possible implementation, the desensitization rule is a prefix rule. During the process of modifying process information according to the desensitization rule, the computing device modifies the specified command line parameters in the initialization function based on the prefix rule. The prefix of the specified command line parameters is the prefix indicated by the prefix rule. That is, the computing device modifies the content of the specified prefix in the process information based on the prefix rule.
[0125] Please refer to Table 4, which is an introduction table of a prefix rule provided in the embodiments of this application. In the example shown in Table 4, the format of the prefix rule is "start@parameter1@parameter2…", where "parameter1" indicates that the parameter prefixed with "parameter1" is desensitized, and "parameter2" indicates that the parameter prefixed with "parameter2" is desensitized. For example, for the process command line "java param1=abc param2=123 param3 param4=456 param5=789start@param2=@param5=", where "start@param2=@param5=" indicates that the parameters prefixed with "param1=" and "param5=" are desensitized respectively. The desensitized process command line is "java param1=abc param2=*param3 param4=456 param5=*".
[0126] Table 4
[0127]
[0128] In one possible implementation, the desensitization rule is a prefix rule with anchors. During the process of modifying process information according to the desensitization rule, the computing device modifies the specified command-line parameters of the command line in the initialization function based on the prefix rule with anchors. Specifically, the specified command-line parameters are those following the counting anchor, and the prefix is the command-line parameter indicating the prefix as described in the prefix rule. That is, the computing device modifies the content of the specified prefix after the counting anchor in the process information based on the prefix rule with anchors.
[0129] Please refer to Table 5, which is an introduction table of a prefix rule with anchor points provided in the embodiments of this application. In the example shown in Table 5, the format of the prefix rule is "start_locator@parameter desensitization anchor point@parameter1@parameter2…", where "parameter desensitization anchor point" represents the counting anchor point to be marked, "parameter1" represents the parameter after the counting anchor point with the prefix "parameter1" to be desensitized, and "parameter2" represents the parameter after the counting anchor point with the prefix "parameter2" to be desensitized. For example, in the process command line "java param1=abc param2=123param3param4=456param5=789start_locator@param3@param5=", "start_locator@param3@param5=" indicates that the parameters prefixed with "param5=" after the desensitization anchor "param3" are desensitized. The desensitized process command line is "javaparam1=abc param2=123param3param4=456param5=*".
[0130] Table 5
[0131]
[0132] In one possible implementation, the desensitization rule is a follow-up rule. During the process of modifying process information according to the desensitization rule, the computing device modifies the specified command-line parameter of the command line in the initialization function based on the follow-up rule. The specified command-line parameter is a parameter following the identifier specified by the follow-up rule. That is, the computing device modifies a parameter following the specified identifier in the process information based on the follow-up rule.
[0133] Please refer to Table 6, which is an introduction table of a follow rule provided in the embodiments of this application. In the example shown in Table 6, the format of the follow rule is "follow@parameter1@parameter2…", where "parameter1" indicates that the parameter following "parameter1" in the command line is desensitized, and "parameter2" indicates that the parameter following "parameter2" in the command line is desensitized. For example, for the process command line "java param1=abc param2=123 param3 param4=456 param5=789 follow@param1=abc@param4=456", "follow@param1=abc@param4=456" indicates that the parameter following "param1=abc" and "param4=456" are desensitized respectively, that is, "param2=123" and "param5=789" in the command line are desensitized. The desensitized process command line is "java param1=abc*param3param4=456*".
[0134] Table 6
[0135]
[0136] In one possible implementation, the desensitization rule is a follow-up rule with anchors. During the process of modifying process information according to the desensitization rule, the computing device modifies the specified command-line parameter of the command line in the initialization function based on the follow-up rule with anchors. The specified command-line parameter is a parameter following the identifier specified by the follow-up rule with anchors, after the counting anchor. That is, the computing device modifies a parameter following the identifier after the counting anchor in the process information based on the follow-up rule with anchors.
[0137] Please refer to Table 7, which is an introduction table of a follow rule with anchors provided in the embodiments of this application. In the example shown in Table 7, the format of the follow rule with anchors is "follow_locator@parameter-desensitized anchor@parameter1@parameter2…", where "parameter-desensitized anchor" represents the counting anchor to be marked, "parameter1" represents the parameter following "parameter1" after the counting anchor in the command line to be desensitized, and "parameter2" represents the parameter following "parameter2" after the counting anchor in the command line to be desensitized. For example, for the process command line "java param1=abc param2=123 param3 param4=456 param5=789 follow_locator@param3@param4=456", "follow_locator@param3@param4=456" means starting from the counting anchor "param3", the parameter following "param4=456" is desensitized, that is, "param5=789" in the command line is desensitized. The de-identified process command line is "java param1=abc param2=123param3param4=456*".
[0138] Table 7
[0139]
[0140] In one possible implementation, the desensitization rule is a range rule. During the process of modifying process information according to the desensitization rule, the computing device modifies the specified command line parameters of the command line in the initialization function based on the range rule. The specified command line parameters are the parameters between the identifiers specified by the range rule. That is, the computing device modifies the content between the specified identifiers in the process information based on the range rule.
[0141] Please refer to Table 8, which is an introduction table of an interval rule provided in the embodiments of this application. In the example shown in Table 8, the format of the interval rule is "between@parameter1@parameter2…", where this format indicates that the content between "parameter1" and "parameter2" in the command line is anonymized. For example, for the process command line "java param1=abc,param2=123param3param4=456,param5=789between@param1=@,@param4=@,", where "between@param1=@,@param4=@," indicates that the content between "param1" and "," in the command line is anonymized, and the content between "param4" and "," in the command line is also anonymized, that is, the content between "abc" and "456" in the command line is anonymized. The anonymized process command line is "java param1=*,param2=123param3param4=*,param5=789".
[0142] Table 8
[0143]
[0144] In one possible implementation, the desensitization rule is an anchored interval rule. During the process of modifying process information according to the desensitization rule, the computing device modifies the specified command line parameters of the command line in the initialization function based on the anchored interval rule. The specified command line parameters are the parameters between the identifiers specified by the anchored interval rule after the counting anchor. That is, the computing device modifies the content between the specified identifiers after the counting anchor in the process information based on the anchored interval rule.
[0145] Please refer to Table 9, which is an introduction table of an anchored interval rule provided in the embodiments of this application. In the example shown in Table 9, the format of the interval rule is "between_locator@parameter desensitization anchor@parameter1@parameter2…", where this format indicates that the content between "parameter1" and "parameter2" is desensitized starting from the "parameter desensitization anchor" in the command line. For example, for the process command line "java param1=abc,param2=123param3param4=456,param5=789between_locator@param3@param4=@,", where "between_locator@param3@param4=@," indicates that the content between "param4" and "," in the command line is desensitized starting from the counting anchor "param3" in the command line, that is, the "456" in the command line is desensitized. The de-identified process command line is "java param1=abc,param2=123param3param4=*,param5=789".
[0146] Table 9
[0147]
[0148] In one possible implementation, the de-identification rule is a regular expression rule. During the process of modifying process information according to the de-identification rule, the computing device modifies the specified command-line parameters in the initialization function based on the regular expression rule, specifying the command-line parameters as regular expressions that satisfy the regular expression rule. In other words, the computing device modifies the content in the process information that matches the regular expression based on the regular expression rule.
[0149] Please refer to Table 10, which is an introduction table of regular expression rules provided in the embodiments of this application. In the example shown in Table 10, the format of the interval rule is "regex@parameter1@parameter2…", where this format indicates that the content in the command line that matches the regular expressions "parameter1" and "parameter2" is desensitized.
[0150] For example, the command line "java param1=abc param2=123 param3 param4=456 param5=789 regex@^param\d+=.+?$" indicates that the content in the command line that matches the regular expression "^param\d+=.+?$" is anonymized. Here, "^param" indicates that the content begins with "param", "\d+" represents any number, "=" indicates the presence of the "=" character, ".+?" represents any character, and "$" is the terminator. "^param\d+=.+?$" means that the content that begins with "param", is followed by any number, contains "=", and is followed by any character is anonymized. The content in the command line that matches this regular expression includes "param1=abc", "param2=123", "param4=456", and "param5=789", meaning that this content is anonymized. The de-identified process command line is "java**param3**".
[0151] Table 10
[0152]
[0153] In one possible implementation, the de-identification rule is a regular expression rule with anchors. During the process of modifying process information according to the de-identification rule, the computing device modifies the specified command-line parameters in the initialization function based on the regular expression rule with anchors. The specified command-line parameters are those following the counting anchor that satisfy the regular expression of the regular expression rule with anchors. In other words, the computing device modifies the content in the process information following the counting anchor that conforms to the regular expression based on the regular expression rule with anchors.
[0154] Please refer to Table 11, which is an introduction table of anchored regular expressions provided in the embodiments of this application. In the example shown in Table 11, the format of the interval rule is "regex_locator@parameter desensitization anchor@parameter1@parameter2…", where this format indicates that the content following "parameter desensitization anchor" in the command line that conforms to the anchored regular expressions "parameter1" and "parameter2" is desensitized.
[0155] For example, in the process command line "java param1=abc param2=123param3param4=456param5=789regex_locator@param3@^param\d+=.+?$", "regex_locator@param3@^param\d+=.+?$" indicates that the content of the counting anchor "param3" in the command line that matches the regular expression "^param\d+=.+?$" is anonymized. Here, "^param" indicates that it starts with "param", "\d+" represents any number, "=" indicates that it contains the "=" character, ".+?" represents any character, "$" is the terminator, and "^param" is the end-of-line character. The expression `am\d+=.+? $` de-identifies content that begins with "param", is followed by any number, contains "=", and is followed by any character. In the command line, after "param3", the content matching this anchored regular expression includes "param4=456" and "param5=789". The computing device de-identifies "param4=456" and "param5=789". The de-identified process command line is "ja va param1=abc param2=123param3**".
[0156] Table 11
[0157]
[0158] In one possible implementation, the de-identification rule is a combination of the aforementioned rules. During the process of modifying process information according to the de-identification rule, the computing device modifies specified command-line parameters in the initialization function based on the combined rules. These specified command-line parameters include embodiments that conform to multiple de-identification rules in the combined rules. That is, the computing device modifies the content in the process information that conforms to each de-identification rule in the combined rules based on the combined rules.
[0159] Please refer to Table 12, which is an introduction table of a combination rule provided in the embodiments of this application. In the example shown in Table 12, the combination rule is a combination rule of prefix rule and subscript rule. For example, the format of the combination rule is "index@parameter1@parameter2…#start@parameter1@parameter2…", where this format indicates that the index and start rules are used simultaneously to desensitize the parameters. For example, for the process command line "java param1=abc param2=123param3param4=456param5=789index@1#start@param5=", "index@1#start@param5=" indicates that the command line parameter with subscript "1" and the command line parameter with prefix "param5=" are desensitized at the same time, that is, "param1=abc" and "789" are desensitized. The desensitized process command line is "java*param2=123param3param4=456param5=*".
[0160] Table 12
[0161]
[0162] In one possible implementation, after modifying the process information according to the anonymization rules, the computing device stores the anonymized process information in the stack memory space. The memory address of the anonymized process information is the same as the memory address of the original process information. Since the process information in the stack memory space is the anonymized process information, the process information queried from the stack memory space by an attacker using the ps command will be the anonymized process information, thereby preventing the leakage of process information.
[0163] Please continue reading. Figure 3 ,exist Figure 3 In step 8 of the example shown, after the computing device parses and obtains the de-identification rule parameters and determines the de-identification rule, it de-identifies the original command-line parameter argv in the function stack memory according to the de-identification rule. The de-identified command-line parameter argv has the same stack memory address as the original command-line parameter argv; that is, the computing device uses the de-identified command-line parameter argv to replace the original command-line parameter argv in the original stack memory. Figure 3 In step 9 of the example shown, after the computing device de-identifies the original command-line parameter argv, it can still call the entry point main function of the target program through the newly created command-line parameter argv in the heap memory. The newly created command-line parameter argv is the command-line parameter argv after removing the de-identification rule parameters, and can also be called the target command-line parameter argv.
[0164] Please continue reading. Figure 4 ,exist Figure 4 In the security process illustrated, during the process of the computing device de-identifying process information based on the de-identification rule engine, the computing device parses the de-identification rule parameters from the original command-line parameter argv, and searches for the corresponding de-identification rule from the de-identification rule set based on the de-identification rule parameters. The de-identification rule set includes the aforementioned various de-identification rules. After finding the de-identification rule, the computing device modifies the sensitive information in the original command-line parameter argv based on the de-identification rule, and stores the de-identified command-line parameter argv at the same memory address as the original command-line parameter argv.
[0165] 204. Respond to user process commands based on the de-identified process information. Process commands include user process query commands for process information.
[0166] After de-identifying process information according to de-identification rules, the computing device responds to user process commands based on the de-identified process information. These process commands include user queries for process information. Because the process information in the stack memory space is de-identified, the process information obtained by the user through the process query command is also de-identified, thus preventing the leakage of sensitive information within the process data.
[0167] Please continue reading. Figure 3 ,exist Figure 3 In steps 10 to 11 of the example shown, after the computing device desensitizes the process information based on the desensitization rules, a malicious attacker uses process query commands such as the ps command to view the process information. The process information returned by the computing device is the desensitized process information, in which sensitive information has been desensitized, thereby preventing the leakage of sensitive information in the process information.
[0168] Please continue reading. Figure 4 ,contrast Figure 4 As can be seen from the default insecure process in the illustrated embodiment, after the computing device starts the program, it loads the default libc.so.6 shared library. The initialization function of this library does not anonymize the command-line parameter argv, allowing attackers to query the unanonymized parameter in the stack memory space using the ps command. However, in the secure process provided in this embodiment, because the computing device anonymizes the original command-line parameter argv based on anonymization rules, attackers can query the stack memory space using process query commands such as ps, and the queried process information will be anonymized, thus preventing the leakage of process information.
[0169] As can be seen from the above embodiments, the computing device in this application embodiment can obtain the desensitization rules based on the preloading mechanism and initialization function of the Linux system, and modify the process information based on the desensitization rules. Since the desensitization method in this application embodiment only modifies the process information in the stack memory space, the initialization function can still execute the target program based on the process information in the heap memory space, so there is no need to modify the execution logic of the target program, which reduces the complexity of the process information leakage prevention scheme and improves the security of process information.
[0170] It is understood that the process information desensitization method provided in this application embodiment can also be applied to the desensitization of other sensitive information, such as the desensitization of sensitive information stored in system environment variables of Linux processes, the desensitization of sensitive information stored in memory of Linux processes, the desensitization of sensitive parameter information stored on disk of Linux processes, etc., and there is no specific limitation.
[0171] Based on the above method embodiments, this application also provides a process information desensitization device, which is described in detail below.
[0172] Please see Figure 5 , Figure 5 This is a schematic diagram of a process information desensitization device provided in an embodiment of this application. Figure 5 In the example shown, the process information desensitization device 500 is used to implement the various steps performed by the process information desensitization system in the above embodiments. The process information desensitization device 500 includes a startup unit 501 and a processing unit 502.
[0173] The startup unit 501 is used to start the target program, whose process information includes sensitive information. The processing unit 502 is used to load a dynamic link library based on a pre-loading mechanism. The dynamic link library provides initialization functions for the target program, which in turn obtain the desensitization rules for the process information. These desensitization rules indicate the rules for modifying the process information. The processing unit 502 is also used to modify the process information according to the desensitization rules to obtain desensitized process information. Furthermore, the processing unit 502 is used to respond to user process commands based on the desensitized process information. These process commands include user process query commands for process information.
[0174] In one possible implementation, the processing unit 502 is further configured to determine a desensitization rule based on the desensitization rule parameter in the initialization function, the desensitization rule parameter being used to indicate the desensitization rule used to modify the process information.
[0175] In one possible implementation, the processing unit 502 is further configured to remove the de-identification rule parameters in the initialization function, so that the initialization function can call the entry main function of the target program. The processing unit 502 is further configured to create target process information based on the process information in the initialization function, and store the target process information in the heap memory space. The target process information is used to run the target program.
[0176] In one possible implementation, the processing unit 502 is further configured to store the de-identified process information into the stack memory space, wherein the memory address of the de-identified process information is consistent with the memory address of the original process information.
[0177] In one possible implementation, the desensitization rules include one or more of the following: subscript rules, prefix rules, follow rules, interval rules, regular expression rules, subscript rules with anchors, prefix rules with anchors, follow rules with anchors, interval rules with anchors, and regular expression rules with anchors.
[0178] In one possible implementation, the desensitization rule is a subscript rule, and the processing unit 502 is specifically used to modify the specified command line parameters of the command line in the initialization function based on the subscript rule, wherein the subscript of the specified command line parameter is the subscript indicated by the subscript rule.
[0179] In one possible implementation, the desensitization rule is a regular expression rule, and the processing unit 502 is specifically used to modify the specified command line parameters of the command line in the initialization function based on the regular expression rule, specifying the regular expression of the command line parameters that satisfies the regular expression rule.
[0180] In one possible implementation, the process information includes one or more of the following: process name, user ID, and command-line arguments.
[0181] In one possible implementation, the dynamic link library includes a dynamic link library preloaded by the dynamic linker according to the LD_PRELOAD environment variable.
[0182] It is understandable that the startup unit 501 and processing unit 502 in the process information desensitization device 500 can function as functional modules. Figure 1 The various modules in the process information desensitization system 10 are mapped to each other, thereby realizing the functions of each module in the process information desensitization system 10.
[0183] It should be understood that the division of units in the above device is merely a logical functional division. In actual implementation, they can be fully or partially integrated into a single physical entity, or they can be physically separated. Furthermore, all units in the device can be implemented entirely through software calls from processing elements; all units can be implemented entirely in hardware; or some units can be implemented through software calls from processing elements, and others in hardware. For example, each unit can be a separate processing element, or it can be integrated into a chip within the device. Alternatively, it can be stored as a program in memory, called and executed by a processing element of the device. Moreover, these units can be fully or partially integrated together, or implemented independently. The processing element mentioned here can also be called a processor, which can be an integrated circuit with signal processing capabilities. In the implementation process, each step of the above method or each of the above units can be implemented through integrated logic circuits in the processor element or through software calls from processing elements.
[0184] It is worth noting that, for the sake of simplicity, the above method embodiments are described as a series of actions. However, those skilled in the art should know that this application is not limited to the order of the described actions. Furthermore, those skilled in the art should also know that the embodiments described in the specification are all preferred embodiments, and the actions involved are not necessarily required by this application.
[0185] Other reasonable combinations of steps that can be conceived by those skilled in the art based on the above description also fall within the scope of protection of this application. Furthermore, those skilled in the art should also be aware that the embodiments described in the specification are preferred embodiments, and the actions involved are not necessarily essential to this application.
[0186] Please see Figure 6 , Figure 6 This is a schematic diagram of the structure of a computing device provided in an embodiment of this application. Figure 6 As shown, the computing device 600 includes a processor 601, a memory 602, a communication interface 603, and a bus 604. The processor 601, memory 602, and communication interface 603 are coupled via the bus (not shown in the figure). The memory 602 stores instructions. When the execution instructions in the memory 602 are executed, the computing device 600 executes the method performed by the process information desensitization system in the above method embodiment.
[0187] The computing device 600 may be one or more integrated circuits configured to implement the methods described above, such as: one or more application-specific integrated circuits (ASICs), or one or more digital signal processors (DSPs), or one or more field-programmable gate arrays (FPGAs), or a combination of at least two of these forms of integrated circuits. Furthermore, when the units in the device can be implemented in the form of a processing element scheduler, the processing element may be a general-purpose processor, such as a central processing unit (CPU) or other processor capable of calling programs. Alternatively, these units may be integrated together to implement a system-on-a-chip (SOC).
[0188] Processor 601 may be a central processing unit (CPU), or other general-purpose processors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs), or other programmable logic devices, transistor logic devices, hardware components, or any combination thereof. A general-purpose processor may be a microprocessor or any conventional processor.
[0189] Memory 602 can be volatile memory or non-volatile memory, or may include both. The non-volatile memory can be read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), or flash memory. The volatile memory can be random access memory (RAM), which is used as an external cache. By way of example, but not limitation, many forms of RAM are available, such as static random access memory (SRAM), dynamic random access memory (DRAM), synchronous dynamic random access memory (SDRAM), double data rate synchronous dynamic random access memory (DDR SDRAM), enhanced synchronous dynamic random access memory (ESDRAM), synchronous linked dynamic random access memory (SLDRAM), and direct rambus RAM (DR RAM).
[0190] The memory 602 stores executable program code, and the processor 601 executes the executable program code to implement the functions of the aforementioned units or modules, thereby implementing the node load control method described above. That is, the memory 602 stores instructions for executing the node load control method described above.
[0191] The communication interface 603 uses transceiver modules, such as, but not limited to, network interface cards and transceivers, to enable communication between the computing device 600 and other devices or communication networks.
[0192] In addition to the data bus, the 604 bus can also include a power bus, a control bus, and a status signal bus. The bus can be a Peripheral Component Interconnect Express (PCIe) bus, an Extended Industry Standard Architecture (EISA) bus, a Unified Bus (Ubus or UB), a Compute Express Link (CXL) bus, a Cache Coherent Interconnect for Accelerators (CCIX) bus, etc. The bus can be divided into address bus, data bus, and control bus.
[0193] Please see Figure 7 , Figure 7 This is a schematic diagram of a computing device cluster provided in an embodiment of this application. Figure 7 As shown, the computing device cluster 700 includes at least one computing device 600.
[0194] like Figure 7 As shown, the computing device cluster 700 includes at least one computing device 600. The memory 602 of one or more computing devices 600 in the computing device cluster 700 may store the same instructions for executing the node load control method described above.
[0195] In some possible implementations, the memory 602 of one or more computing devices 600 in the computing device cluster 700 may also store partial instructions for executing the above-described node load control method. In other words, a combination of one or more computing devices 600 can jointly execute the instructions for executing the above-described node load control method.
[0196] It should be noted that the memories 602 in the different computing devices 600 within the computing device cluster 700 can store different instructions, each used to execute a portion of the functions of the aforementioned node load control device. That is, the instructions stored in the memories 602 of the different computing devices 600 can implement the functions of one or more modules in the processing unit and the startup unit.
[0197] In some possible implementations, one or more computing devices 600 in the computing device cluster 700 can be connected via a network. This network can be a wide area network (WAN) or a local area network (LAN), etc.
[0198] Please see Figure 8 , Figure 8This is a schematic diagram illustrating the network connection of computer devices in a computer cluster, as provided in an embodiment of this application. Figure 8 As shown, the two computing devices 600A and 600B are connected via a network. Specifically, they are connected to the network through the communication interfaces in each computing device.
[0199] In one possible implementation, the memory in computing device 600A stores instructions for executing the startup unit function. Meanwhile, the memory in computing device 600B stores instructions for executing the processing unit function.
[0200] It should be understood that Figure 8 The functions of computing device 600A shown can also be performed by multiple computing devices. Similarly, the functions of computing device 600B can also be performed by multiple computing devices.
[0201] In another embodiment of this application, a computer-readable storage medium is also provided, which stores computer-executable instructions. When the processor of the device executes the computer-executable instructions, the device executes the method performed by the process information desensitization system in the above method embodiment.
[0202] In another embodiment of this application, a computer program product is also provided, which includes computer-executable instructions stored in a computer-readable storage medium. When the processor of the device executes the computer-executable instructions, the device performs the method executed by the process information desensitization system in the above method embodiments.
[0203] Those skilled in the art will clearly understand that, for the sake of convenience and brevity, the specific working processes of the systems, devices, and units described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be repeated here.
[0204] In the several embodiments provided in this application, it should be understood that the disclosed systems, apparatuses, and methods can be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative; for instance, the division of units is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection between apparatuses or units through some interfaces, and may be electrical, mechanical, or other forms.
[0205] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.
[0206] Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or as a software functional unit.
[0207] If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.
Claims
1. A method for desensitizing process information, characterized in that, include: The target program is launched, and its process information contains sensitive information. The dynamic link library is loaded based on a pre-loading mechanism. The dynamic link library is used to provide the initialization function of the target program. The initialization function is used to obtain the de-identification rules of the process information. The de-identification rules are used to indicate the modification rules of the process information. The process information is modified according to the desensitization rules to obtain the desensitized process information; The user responds to process commands based on the anonymized process information, including process query commands from the user regarding the process information.
2. The method according to claim 1, characterized in that, Before modifying the process information according to the desensitization rules, the method further includes: The desensitization rule is determined based on the desensitization rule parameter in the initialization function. The desensitization rule parameter is used to indicate the desensitization rule used to modify the process information.
3. The method according to claim 2, characterized in that, After loading the dynamic link library based on the preloading mechanism, the method further includes: Remove the desensitization rule parameters from the initialization function so that the initialization function can call the main entry function of the target program; Target process information is created based on the process information in the initialization function, and the target process information is stored in the heap memory space. The target process information is used to run the target program.
4. The method according to any one of claims 1 to 3, characterized in that, After modifying the process information according to the desensitization rules, the method further includes: The de-identified process information is stored in the stack memory space, and the memory address of the de-identified process information is the same as the memory address of the original process information.
5. The method according to any one of claims 1 to 4, characterized in that, The desensitization rules include one or more of the following: subscript rules, prefix rules, follow rules, interval rules, regular expression rules, subscript rules with anchors, prefix rules with anchors, follow rules with anchors, interval rules with anchors, and regular expression rules with anchors.
6. The method according to claim 5, characterized in that, The desensitization rule is an index rule, and the modification of the process information according to the desensitization rule includes: The specified command-line parameters in the initialization function are modified based on the subscript rules, wherein the subscript of the specified command-line parameters is the subscript indicated by the subscript rules.
7. The method according to claim 5, characterized in that, The de-identification rule is a regular expression rule, and the modification of the process information according to the de-identification rule includes: The specified command-line parameters in the initialization function are modified based on regular expression rules, wherein the specified command-line parameters are regular expressions that satisfy the regular expression rules.
8. The method according to any one of claims 1 to 7, characterized in that, The process information includes one or more of the following: process name, user ID, and command-line parameters.
9. The method according to any one of claims 1 to 8, characterized in that, The dynamic link library includes the dynamic link library specified by the LD_PRELOAD environment variable, which is preloaded by the dynamic linker.
10. A process information desensitization device, characterized in that, include: The startup unit is used to start the target program, and the process information of the target program contains sensitive information. The processing unit is used to load a dynamic link library based on a pre-loading mechanism. The dynamic link library is used to provide an initialization function for the target program. The initialization function is used to obtain the de-identification rules of the process information. The de-identification rules are used to indicate the modification rules for the process information. The processing unit is also used to modify the process information according to the desensitization rules to obtain the desensitized process information; The processing unit is also configured to respond to user process instructions based on the de-identified process information, the process instructions including user process query instructions for the process information.
11. The apparatus according to claim 10, characterized in that, The processing unit is also used for: The desensitization rule is determined based on the desensitization rule parameter in the initialization function. The desensitization rule parameter is used to indicate the desensitization rule used to modify the process information.
12. The apparatus according to claim 11, characterized in that, The processing unit is also used for: Remove the desensitization rule parameters from the initialization function so that the initialization function can call the main entry function of the target program; Target process information is created based on the process information in the initialization function, and the target process information is stored in the heap memory space. The target process information is used to run the target program.
13. The apparatus according to any one of claims 10 to 12, characterized in that, The processing unit is also used for: The de-identified process information is stored in the stack memory space, and the memory address of the de-identified process information is the same as the memory address of the original process information.
14. The apparatus according to any one of claims 10 to 13, characterized in that, The desensitization rules include one or more of the following: subscript rules, prefix rules, follow rules, interval rules, regular expression rules, subscript rules with anchors, prefix rules with anchors, follow rules with anchors, interval rules with anchors, and regular expression rules with anchors.
15. The apparatus according to claim 14, characterized in that, The desensitization rule is a subscript rule, and the processing unit is specifically used for: The specified command-line parameters in the initialization function are modified based on the subscript rules, wherein the subscript of the specified command-line parameters is the subscript indicated by the subscript rules.
16. The apparatus according to claim 14, characterized in that, The desensitization rule is a regular expression rule, and the processing unit is specifically used for: The specified command-line parameters in the initialization function are modified based on regular expression rules, wherein the specified command-line parameters are regular expressions that satisfy the regular expression rules.
17. The apparatus according to any one of claims 10 to 16, characterized in that, The process information includes one or more of the following: process name, user ID, and command-line parameters.
18. The apparatus according to any one of claims 10 to 17, characterized in that, The dynamic link library includes the dynamic link library specified by the LD_PRELOAD environment variable, which is preloaded by the dynamic linker.
19. A computing device, characterized in that, The device includes a processor coupled to a memory, the processor storing instructions which, when executed by the processor, cause the computing device to perform the method of any one of claims 1 to 9.
20. A computing device cluster, characterized in that, The device includes at least one computing device, the computing device including a processor coupled to a memory, the processor being used to store instructions that, when executed by the processor, cause the cluster of computing devices to perform the method of any one of claims 1 to 9.
21. A computer-readable storage medium having instructions stored thereon, characterized in that, When the instructions are executed, they cause the computer to perform the method of any one of claims 1 to 9.
22. A computer program product, the computer program product comprising instructions, characterized in that, When the instructions are executed, they cause the computer to perform the method of any one of claims 1 to 9.