CN116127477A

CN116127477A - A system and method for program access control based on context awareness

Info

Publication number: CN116127477A
Application number: CN202210982413.9A
Authority: CN
Inventors: 翟峰; 许斌; 梁晓兵; 周琪; 赵兵; 陈昊; 申洪涛; 许海清; 杜新纲; 李智虎; 曹永峰; 陶鹏; 周晖; 王齐; 吕英杰; 何宝灵; 史轮; 付义伦; 李飞; 潘卫红
Original assignee: China Electric Power Research Institute Co Ltd CEPRI; Marketing Service Center of State Grid Hebei Electric Power Co Ltd; State Grid Corp of China SGCC
Current assignee: China Electric Power Research Institute Co Ltd CEPRI; Marketing Service Center of State Grid Hebei Electric Power Co Ltd; State Grid Corp of China SGCC
Priority date: 2022-08-16
Filing date: 2022-08-16
Publication date: 2023-05-16

Abstract

The invention discloses a program access control system and method based on context awareness, comprising the following steps: the access controller is used for controlling the resource access of the embedded equipment according to the execution result of the strategy executor and preventing unauthorized resource access requests; the policy executor is used for executing the policy returned by the policy interpreter; when the application program requests the resources of the embedded equipment, executing a corresponding strategy pre-configured in the current context information, and returning an execution result to the access controller to reject or grant the access request; the strategy interpreter is used for acquiring the strategy from the strategy database through the strategy engine and analyzing the strategy; and returning the strategy to a strategy executor; the policy engine is used for configuring the corresponding policies according to the context information and managing the policy database; a context engine for collecting context information by controlling sensors in the embedded device. The privacy data is protected, and the low-energy-consumption normal operation of the equipment is ensured.

Description

A system and method for program access control based on context awareness

技术领域technical field

本发明涉及入式操作系统领域，具体涉及一种基于上下文感知的程序访问控制系统及方法。The invention relates to the field of embedded operating systems, in particular to a context-aware-based program access control system and method.

背景技术Background technique

近年来，嵌入式操作系统逐渐成为功能更强大、更受欢迎的计算平台。在嵌入式操作系统中，有许多应用程序开发用于使用操作系统平台上的资源提供新的或增强的服务。使用安装时授予的权限，应用程序可以访问移动设备上的敏感数据和资源。应用程序是否应该获得特权取决于特定的用户上下文。因此，用户需要考虑上下文信息的细粒度的资源使用控制，这是嵌入式操作系统固有的资源使用控制机制所不支持的。应用程序可以访问的权限在安装时确定，之后无法修改。用户可以动态撤销或授予应用程序的权限，但操作系统平台仍不支持根据上下文配置自适应访问策略。In recent years, embedded operating systems have gradually become more powerful and popular computing platforms. In embedded operating systems, there are many applications developed to provide new or enhanced services using resources on the operating system platform. Using permissions granted at installation, apps can access sensitive data and resources on the mobile device. Whether an application should gain privileges depends on a particular user context. Therefore, users need to consider the fine-grained resource usage control of context information, which is not supported by the inherent resource usage control mechanism of embedded operating systems. The permissions an application can access are determined at installation time and cannot be modified afterwards. Users can dynamically revoke or grant permissions to applications, but operating system platforms still do not support context-based adaptive access policies.

CareDroid等人已经在安卓操作系统的上下文感知计算方面做了一些研究，主要侧重于为开发人员设计上下文感知适配引擎，以方便他们的开发。此外，大多数关于操作系统上下文感知使用控制的工作都集中在设计不限制每个应用程序权限并且仅在系统范围内有效的策略系统。其他人旨在使用户能够根据上下文配置对应用程序的访问策略。但是，这些方法存在一些限制，例如当在特定上下文中可用多个策略时，不考虑策略冲突。此外，上述工作需要用户配置访问策略，这忽略了一个前提，即用户传统上对嵌入式操作系统安全的领域知识很少，对在特定上下文中哪个应用程序会承担什么潜在危害知之甚少。在没有专家帮助的情况下，用户很难识别可疑或潜在的恶意应用并合理配置策略。CareDroid et al. have done some research on context-aware computing for Android OS, mainly focusing on designing a context-aware adaptation engine for developers to facilitate their development. Furthermore, most work on OS context-aware usage control has focused on designing policy systems that do not restrict per-application permissions and are only valid system-wide. Others aim to enable users to configure access policies to applications contextually. However, these approaches have some limitations, such as not considering policy conflicts when multiple policies are available in a particular context. Furthermore, the above works require users to configure access policies, which ignores the premise that users traditionally have little domain knowledge about embedded operating system security and little knowledge about which application will bear what potential harm in a specific context. It can be difficult for users to identify suspicious or potentially malicious applications and configure policies appropriately without expert help.

发明内容Contents of the invention

为解决上述问题，本发明提供一种基于上下文感知的程序访问控制系统，包括：In order to solve the above problems, the present invention provides a program access control system based on context awareness, including:

访问控制器，用于根据策略执行器的执行结果，控制嵌入式设备的资源访问，防止未经授权的资源访问请求；The access controller is used to control the resource access of the embedded device according to the execution result of the policy executor, and prevent unauthorized resource access requests;

策略执行器，用于执行策略解释器返回的策略；当应用程序请求嵌入式设备的资源时，执行当前上下文信息中预先配置的相应策略，并将执行结果返回给访问控制器以拒绝或授予访问请求；The policy executor is used to execute the policy returned by the policy interpreter; when the application requests the resources of the embedded device, it executes the corresponding policy pre-configured in the current context information, and returns the execution result to the access controller to deny or grant access ask;

策略解释器，用于通过策略引擎从策略数库获取策略，并解析所述策略；并将所述策略返回给策略执行器；a policy interpreter, configured to obtain a policy from a policy database through a policy engine, and parse the policy; and return the policy to the policy executor;

策略引擎，用于根据上下文信息配置对应的策略，并对策略数据库进行管理；Policy engine, used to configure corresponding policies according to the context information, and manage the policy database;

上下文引擎，用于通过控制嵌入式设备中的传感器收集上下文信息。Context engine for gathering contextual information by controlling sensors in embedded devices.

进一步的，还包括：Further, it also includes:

细粒度资源处理器，用于处理不同种类的资源访问请求，根据授权的程序请求调用不同的系统服务来获取设备上的资源；Fine-grained resource processor, used to process different types of resource access requests, and call different system services to obtain resources on the device according to authorized program requests;

辅助工具，用于辅助用户配置策略，指导用户管理策略。Auxiliary tools are used to assist users to configure policies and guide users to manage policies.

进一步的，所述策略执行器，在执行当前上下文中预先配置的相应策略为多个时，通过策略冲突仲裁器，根据策略合并规则，确定多个策略中执行的策略。Further, the policy executor, when executing multiple corresponding policies pre-configured in the current context, determines the policy to be executed among the multiple policies through the policy conflict arbiter according to the policy merging rules.

进一步的，所述策略解释器的功能，还包括：当上下文中至少配置了一个策略时，所述策略解释器将可用的策略返回给策略执行器。Further, the function of the policy interpreter further includes: when at least one policy is configured in the context, the policy interpreter returns available policies to the policy executor.

进一步的，所述策略，用于为在特定环境中应用于嵌入式设备应用程序的限制，包括：策略约束、位置数据和时间数据集合。Further, the policy is used to limit the application program of the embedded device in a specific environment, including: policy constraints, location data and time data collection.

进一步的，所述策略约束，为一个无组(s,o,a)，s∈S，o∈O和a∈A，其中，S代表嵌入式设备应用程序的主体集，O表示嵌入式设备上资源的一组受保护对象，A表示授权或请求两种操作。Further, the policy constraint is a group-free (s, o, a), s ∈ S, o ∈ O and a ∈ A, where S represents the subject set of the embedded device application, and O represents the embedded device A set of protected objects on resources, A means to authorize or request two operations.

进一步的，辅助工具，用于辅助用户配置策略，指导用户管理策略，包括：Further, auxiliary tools are used to assist users in configuring policies and guide users in managing policies, including:

用户通过辅助工具中的上下文管理器，获取相应的上下文环境信息；The user obtains the corresponding context environment information through the context manager in the auxiliary tool;

用户通过辅助工具的中的约束管理器，创建策略约束。Users create policy constraints through the Constraint Manager in the Accessibility Tool.

进一步的，用户通过辅助工具中的上下文管理器，获取相应的上下文环境信息，包括：Furthermore, the user obtains the corresponding context environment information through the context manager in the auxiliary tool, including:

获取相应的上下文的位置和时间数据，具体的，通过嵌入式设备的操作系统提供的时钟自动同步功能获取当前的时间，利用能源控制器中的卫星定位获取嵌入式设备的经纬度坐标。Obtain the location and time data of the corresponding context, specifically, obtain the current time through the clock automatic synchronization function provided by the operating system of the embedded device, and obtain the latitude and longitude coordinates of the embedded device by using the satellite positioning in the energy controller.

进一步的，用户通过辅助工具的中的约束管理器，创建策略约束，包括：Further, the user creates policy constraints through the constraint manager in the auxiliary tool, including:

通过所述约束管理器的恶意软件检测引擎检测嵌入式设备中的应用程序，识别潜在的恶意应用程序，将结果告知用户；Detecting applications in the embedded device through the malicious software detection engine of the constraint manager, identifying potential malicious applications, and notifying the user of the results;

用户根据检测结果，在特定上下文环境中为应用程序配置相应的资源访问策略。According to the detection results, the user configures the corresponding resource access policy for the application in a specific context.

本发明同时提供一种基于上下文感知的程序访问控制方法，包括：The present invention also provides a context-aware program access control method, including:

获取嵌入式设备中的上下文信息；根据所述上下文信息配置对应的策略；Acquiring context information in the embedded device; configuring a corresponding strategy according to the context information;

当应用程序请求嵌入式设备的资源时，执行当前上下文信息中预先配置的相应策略，获取拒绝或授予访问请求的执行结果；When the application program requests the resources of the embedded device, execute the corresponding policy pre-configured in the current context information, and obtain the execution result of denying or granting the access request;

接收嵌入式设备的资源访问请求，根据所述执行结果，控制嵌入式设备的资源访问，防止未经授权的资源访问请求。The resource access request of the embedded device is received, and the resource access of the embedded device is controlled according to the execution result, so as to prevent unauthorized resource access requests.

本发明同时提供一种计算机可读存储介质，其上存储有计算机程序，所述计算机程序被处理器执行时实现上述权利要求中任一项所述的方法的步骤。The present invention also provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the steps of the method described in any one of the preceding claims are realized.

通过本发明提供的一种基于上下文感知的程序访问控制系统及方法，用户根据需要保护的隐私问题，提前通过辅助工具配置策略，使用控制系统拦截应用程序的资源使用请求并检查如果在当前情况下有可用的策略，然后执行可用的策略，根据策略执行的结果拒绝或允许资源访问请求，对隐私数据进行保护并保证设备的低能耗正常运行。Through the context-aware program access control system and method provided by the present invention, the user configures policies through auxiliary tools in advance according to the privacy issues that need to be protected, and uses the control system to intercept resource usage requests of applications and check if in the current situation There are available policies, and then execute the available policies, deny or allow resource access requests according to the results of policy execution, protect private data and ensure the normal operation of devices with low energy consumption.

附图说明Description of drawings

图1是本发明实施例提供的一种基于上下文感知的程序访问控制系统的结构图；FIG. 1 is a structural diagram of a context-aware based program access control system provided by an embodiment of the present invention;

图2是本发明实施例涉及的策略配置辅助工具的工作流程图；Fig. 2 is a working flow chart of the policy configuration assistant tool involved in the embodiment of the present invention;

图3是本发明实施例涉及的模型策略、策略上下文以及策略约束的关系图Fig. 3 is a relationship diagram of model policies, policy contexts and policy constraints involved in the embodiment of the present invention

图4是本发明实施例涉及的功率消耗测试结果图Fig. 4 is a diagram of the power consumption test results involved in the embodiment of the present invention

图5是本发明实施例提供的一种基于上下文感知的程序访问控制方法的流程示意图。Fig. 5 is a schematic flowchart of a context-aware based program access control method provided by an embodiment of the present invention.

具体实施方式Detailed ways

在下面的描述中阐述了很多具体细节以便于充分理解本发明。但是本发明能够以很多不同于在此描述的其它方式来实施，本领域技术人员可以在不违背本发明内涵的情况下做类似推广，因此本发明不受下面公开的具体实施的限制。In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. However, the present invention can be implemented in many other ways different from those described here, and those skilled in the art can make similar extensions without violating the connotation of the present invention, so the present invention is not limited by the specific implementations disclosed below.

本发明针对嵌入式操作系统程序访问资源控制机制问题，提出一种基于上下文感知的程序访问控制系统的实现方法。用户根据需要保护的隐私问题，提前通过辅助工具配置策略，使用控制系统会拦截应用程序的资源使用请求并检查如果在当前情况下有可用的政策。然后执行可用的策略，根据策略执行的结果拒绝或允许资源访问请求。最后通过设定修改后的设备功耗情况，以及操作系统的时间开销情况，对本发明所提系统进行实用性与先进性进行了验证。Aiming at the problem of the embedded operating system program access resource control mechanism, the invention proposes a context-aware-based implementation method of the program access control system. Users configure policies through auxiliary tools in advance according to the privacy issues that need to be protected, and the usage control system intercepts application resource usage requests and checks if there is an available policy in the current situation. Available policies are then enforced, denying or allowing resource access requests based on the results of policy enforcement. Finally, the practicability and advancement of the system proposed in the present invention are verified by setting the modified power consumption of the device and the time overhead of the operating system.

本发明提供一种基于上下文感知的程序访问控制系统，其结构图如图1所示，包括：The present invention provides a context-aware program access control system, the structure diagram of which is shown in Figure 1, including:

策略解释器，用于通过策略引擎从策略数据库获取策略，并解析所述策略；并将所述策略返回给策略执行器；；a policy interpreter, configured to obtain a policy from a policy database through a policy engine, and parse the policy; and return the policy to the policy executor;

所述系统，还包括：细粒度资源处理器，用于处理不同种类的资源访问请求，根据授权的程序请求调用不同的系统服务来获取设备上的资源；The system further includes: a fine-grained resource processor, configured to process different types of resource access requests, and call different system services to obtain resources on the device according to authorized program requests;

如图1右侧所示，嵌入式操作系统中存在资源使用控制机制。它仅根据权限系统拒绝或授予应用程序的资源访问请求，将上下文信息放在一边。为了补充基于权限的访问机制，将上下文信息引入。设计了七个核心组件来实现细粒度的上下文感知资源使用控制。主要部件如图1左侧所示。As shown on the right side of Figure 1, there is a resource usage control mechanism in the embedded operating system. It simply denies or grants resource access requests to the application based on the permissions system, setting aside contextual information. To complement the permission-based access mechanism, contextual information is introduced. Seven core components are designed to achieve fine-grained context-aware resource usage control. The main components are shown on the left side of Figure 1.

访问控制器，控制嵌入式设备资源的访问并防止未经授权的请求。虽然嵌入式操作系统提供了基于权限的资源使用控制机制，可以检查应用程序是否有权访问相关资源，但访问控制器为该系统补充了更细粒度的控制能力和上下文感知能力。访问控制器增强了对设备隐私和安全的保护。An access controller, which controls access to embedded device resources and prevents unauthorized requests. While an embedded operating system provides a permission-based resource usage control mechanism that checks whether an application has the right to access the resource in question, an access controller complements the system with finer-grained control and context awareness. Access Controller enhances the protection of device privacy and security.

策略执行器负责执行策略解释器返回的策略，当应用程序请求设备的资源时，它将执行当前上下文中预先配置的相应策略，然后将结果返回给访问控制器以拒绝或授予访问请求。如果在特定情况下可以选择多个策略，则策略冲突仲裁器负责根据策略组合规则解决它。策略合并规则定义了一个过程，用于确定应该从一组策略中执行哪个策略。The policy executor is responsible for executing the policy returned by the policy interpreter. When an application requests a device's resources, it will execute the corresponding policy pre-configured in the current context, and then return the result to the access controller to deny or grant the access request. If more than one policy can be selected in a particular situation, the policy conflict arbiter is responsible for resolving it according to the policy combination rules. Policy merging rules define a process for determining which policy from a set of policies should be enforced.

策略解释器旨在解析从策略引擎获得的策略，然后将通过上下文引擎获得的当前上下文信息与策略中预先存储的上下文进行比较。如果当前上下文中至少配置了一个策略，则解释器会将可用策略返回给策略执行器。The policy interpreter is designed to parse the policy obtained from the policy engine, and then compare the current context information obtained through the context engine with the pre-stored context in the policy. If at least one policy is configured in the current context, the interpreter returns the available policies to the policy executor.

策略引擎专注于对策略数据库的管理。策略引擎为用户提供创建策略的接口，主要是指对上下文对应的策略，并将其存储到策略数据库中。The policy engine focuses on the management of the policy database. The policy engine provides users with an interface for creating policies, mainly referring to the policies corresponding to the context, and storing them in the policy database.

上下文引擎通过设备中的传感器收集并提供上下文信息，然后为每个上下文分配一个逻辑名称，以便重复使用上下文信息。The context engine collects and provides context information through sensors in the device, and then assigns a logical name to each context so that the context information can be reused.

细粒度资源处理器主要专注于处理不同种类的资源访问请求。它根据特定授权的程序请求调用不同的系统服务来获取设备上的资源。Fine-grained resource handlers are mainly focused on handling different kinds of resource access requests. It invokes different system services to obtain resources on the device based on specific authorized program requests.

辅助工具是一个应用程序，可以帮助没有多少专业知识的用户合理地配置他们的策略。辅助工具可以指导用户逐步管理(添加、更新和删除)策略。它还扫描安装在设备上的应用程序并找到潜在的恶意应用程序，这使用户可以轻松找出在特定上下文中应该限制哪些应用程序。Auxiliary tool is an application that helps users with little expertise to configure their strategies rationally. Assistive tools guide users step-by-step in managing (adding, updating, and deleting) policies. It also scans the apps installed on the device and finds potentially malicious apps, which makes it easy for users to find out which apps should be restricted in a particular context.

用户如果需要保护自己的隐私和设备安全，可以提前通过辅助工具配置策略，控制系统会拦截应用程序的资源使用请求并检查如果在当前情况下有可用的策略。然后执行可用的策略，根据策略执行的结果拒绝或允许资源访问请求。If users need to protect their privacy and device security, they can configure policies through auxiliary tools in advance, and the control system will intercept application resource usage requests and check if there is an available policy under the current situation. Available policies are then enforced, denying or allowing resource access requests based on the results of policy enforcement.

所述策略，用于为在特定环境中应用于嵌入式设备应用程序的限制，包括：策略约束、位置数据和时间数据集合。策略限制表示在访问受保护的资源和服务时对应用程序权限的约束。上下文表示应在何种情况下实施限制。为了获得结构化的描述和格式化的表示，引入了几个定义。The policy is used to limit the application program of the embedded device in a specific environment, including: policy constraints, location data and time data collection. Policy restrictions represent constraints on application permissions when accessing protected resources and services. The context indicates when the restriction should be enforced. In order to obtain a structured description and a formatted representation, several definitions are introduced.

定义三个基本集合：(1)S，代表设备应用程序的主体集。(2)O，表示设备上资源的一组受保护对象。(3)A，表示授权或请求两种操作。Define three basic sets: (1) S, which represents the subject set of the device application. (2) O, a set of protected objects representing resources on the device. (3) A, means to authorize or request two operations.

由于每个应用的包名和身份标识根据权限保护机制在操作系统中必须是唯一的，用它们来代表每个具体的应用。集合S由操作系统上安装的程序的包名和身份标识组成，“*”代表所有已安装的应用程序。如表1所示，对于集合中的每个资源对象O，集合中有一个关联的动作用于在特定上下文中保护这些目标对象。Since the package name and identity of each application must be unique in the operating system according to the permission protection mechanism, they are used to represent each specific application. The set S is composed of package names and identities of programs installed on the operating system, and "*" represents all installed applications. As shown in Table 1, for each resource object O in the collection, there is an associated action in the collection to protect these target objects in a specific context.

表1设备各类资源与约束动作之间的关系Table 1 Relationship between various resources of equipment and constraint actions

定义1(策略约束)：s∈S，o∈O和a∈A。一个策略约束被定义为元组(s,o,a)。Definition 1 (policy constraints): s ∈ S, o ∈ O and a ∈ A. A policy constraint is defined as a tuple (s,o,a).

定义两个基本集合：(1)LOC，代表特定地点的一组位置数据。(2)TIME，表示特定时间点的一组时间数据。设置的LOC由卫星定位坐标(经纬度)构成。TIME集合中的一个时间点表示为：Two basic sets are defined: (1) LOC, which represents a set of location data for a specific location. (2) TIME, which represents a set of time data at a specific point in time. The set LOC is composed of satellite positioning coordinates (latitude and longitude). A point in time in the TIME collection is represented as:

TP＝yy-MM-dd_HH:mm:ss，where yy∈{2021,2022,...}ΛMM∈{1,2,...,12}Λdd∈{1,2,...,31}ΛHH∈{0,1,...,23}Λmm，ss∈{0,1,...,59}TP=yy-MM-dd_HH:mm:ss, where yy∈{2021,2022,...}ΛMM∈{1,2,...,12}Λdd∈{1,2,...,31} ΛHH∈{0,1,...,23}Λmm, ss∈{0,1,...,59}

定义2(策略上下文)：由位置和时间组成，c＝(l,st,et)，l∈LOC，st∈TIME，et∈TIME,st代表开始时间点，et则表示事件结束时间点。Definition 2 (policy context): It consists of location and time, c=(l, st, et), l∈LOC, st∈TIME, et∈TIME, st represents the start time point, and et represents the event end time point.

定义3(策略)：r为定义1中的策略约束。c作为定义2中的策略上下文。一个策略被定义为一个元组(r,c)。图3形象的呈现了策略及各个组成部分之间的关系。Definition 3 (Strategy): r is the policy constraint in Definition 1. c as the policy context in Definition 2. A policy is defined as a tuple (r,c). Figure 3 visually presents the strategy and the relationship between each component.

根据受保护资源的类型将策略分为两类。Policies are divided into two categories based on the type of resource being protected.

(1)基于能源的策略(1) Energy-based strategies

此类别涉及限制应用程序浪费电能的策略。This category deals with strategies to limit the power wasted by applications.

(2)基于隐私的策略(2) Privacy-based policies

此类别与限制应用程序访问可能导致隐私泄露的资源的策略有关。根据限制中对象的类型进一步对基于隐私的策略进行分类，如下所示。This category pertains to policies that restrict an application's access to resources that could lead to privacy breaches. Privacy-based policies are further classified according to the type of objects in the restriction, as follows.

基于权限的策略：该类别对应于嵌入式系统本身的权限，主要限制应用程序访问某些资源，如采集器、计量器等。Permission-based policies: This category corresponds to the permissions of the embedded system itself, mainly restricting applications from accessing certain resources, such as collectors and meters.

基于数据的策略：此类别涉及存储在设备上的用户数据，例如有功电能量、剩余电量等数据。Data-based policies: This category deals with user data stored on the device, such as active electrical energy, remaining power, etc.

基于外设的策略：此类别与设备上的外设状态有关，尤其是设备上设置应用程序中的状态。Peripheral-based policies: This category pertains to the state of peripherals on the device, especially in the Settings application on the device.

基于程序安装的策略：此类别涉及限制安装应用程序的策略。Program Installation Based Policies: This category deals with policies that restrict the installation of applications.

当在某个上下文中存在多个策略备选方案并且这些策略具有不同的动作时，例如一些互斥或包容的策略，可能存在策略冲突。Policy conflicts may exist when there are multiple policy alternatives in a certain context and these policies have different actions, such as some mutually exclusive or inclusive policies.

为了解决策略冲突，采用四种规则让用户在访问控制机制系统中配置策略时进行选择。In order to resolve policy conflicts, four rules are used to allow users to choose when configuring policies in the access control mechanism system.

拒绝优先：如果任何限制是多个可用策略的“拒绝”，则结果为“拒绝”。Deny takes precedence: If any restriction is a "deny" of more than one available policy, the result is "deny".

授权优先：如果任何限制是多个可用策略的“授权”，则结果为“授权”。Authorize takes precedence: If any restriction is "authorize" for more than one available policy, the result is "authorize".

多数优先：结果取决于哪个限制获得超过一半的选票。Majority first: The result depends on which limit gets more than half of the votes.

用户优先：列出所有可用的策e略并提醒用户做出最终决定。User First: Lists all available strategies and reminds the user to make a final decision.

假设存在两个策略pi和pj，即p_i/j＝(r_i/j,c_/i)_j，其中r_i/j＝(s_i/j,o_/i,ja_/i)，c_i/j＝(l_i/j,st_i/j,et_i/j)，r_i和r_j分别表示策略pi和pj的策略约束，ci和cj分别表示策略pi和pj的策略上下文。策略pi和pj之间的关系主要有四种情况，如表2中所示。以表中最后一个场景为例，如果策略pi和pj的策略上下文存在重合，并且二者有着不同的策略约束动作(一个为拒绝应用程序对资源的使用，另一个为授予对资源的使用请求)，那么此时策略pi和pj就产生了冲突，需要设计相应规则以便解决该类问题。Suppose there are two policies pi and pj, that is, p _i/j =(r _i/j ,c _/i ) _j , where ri _/j =(s _i/j ,o _/i,j a _/i ), c _i/j = (l _i/j , st _i/j , et _i/j ), r _i and r _j represent the policy constraints of policies pi and pj respectively, and ci and cj represent the policy contexts of policies pi and pj respectively. There are mainly four cases for the relationship between policies pi and pj, as shown in Table 2. Take the last scenario in the table as an example, if the policy contexts of policies pi and pj overlap, and the two have different policy constraint actions (one is to deny the use of resources by the application, and the other is to grant the use of resources) , then there is a conflict between strategies pi and pj at this time, and corresponding rules need to be designed to solve such problems.

表2设备策略之间存在的相互关系Table 2 Interrelationships between device policies

由于用户没有或者只有很少的嵌入式系统安全方面的专业知识，且很难区分哪些应用程序在特定环境。因此，没有任何专业人员的帮助下，用户很难配置合理的资源访问策略来保护设备中的资源不被滥用。另外，获取上下文环境信息，同时对上下文环境进行形式化的描述，对普通用户来说也存在一定困难。本发明设计和开发了一个策略配置辅助工具，用以协助用户配置策略。辅助工具的工作流程如图2所示，通过辅助工具中的上下文管理器来帮助用户获取相应的上下文环境信息(位置和时间)，以指明策略未来将在何时何地被执行。同时，用户也可以通过辅助工具的约束管理器组件来创建策略约束，来指明应用程序申请使用设备各类资源时应该执行的约束动作。主要组成由以下两个部分。Since users have little or no expertise in embedded system security, it is difficult to distinguish which applications are in a particular environment. Therefore, without the help of any professional, it is difficult for the user to configure a reasonable resource access policy to protect the resources in the device from being abused. In addition, it is also difficult for ordinary users to obtain context information and describe the context in a formal manner. The present invention designs and develops a policy configuration assistant tool to assist users in configuring policies. The workflow of the auxiliary tool is shown in Figure 2. The context manager in the auxiliary tool helps the user to obtain the corresponding context information (location and time) to indicate when and where the strategy will be executed in the future. At the same time, the user can also create policy constraints through the constraint manager component of the auxiliary tool to indicate the constraint actions that the application program should perform when applying for the use of various resources of the device. The main composition consists of the following two parts.

(1)上下文管理器。主要负责上下文信息如位置和时间数据的获取。通过嵌入式操作系统提供的时钟自动同步功能来获取当前的真实时间，利用能源控制器中系统中的卫星定位来获取设备的经纬度坐标。(1) Context manager. It is mainly responsible for the acquisition of context information such as location and time data. The current real time is obtained through the clock automatic synchronization function provided by the embedded operating system, and the longitude and latitude coordinates of the equipment are obtained by using the satellite positioning in the system of the energy controller.

(2)约束管理器。约束管理器的核心组件是恶意软件检测引擎。(2) Constraint manager. A core component of Constraint Manager is the Malware Detection Engine.

辅助工具可以一步步指导用户进行上下文的获取和策略的配置。同时，在配置策略约束时，它可以扫描安装到设备中的应用程序，检测出这些应用程序是恶意软件的可能性，并将结果告知用户。通过这种方式，用户可以很轻易地识别潜在的恶意应用程序，并在特定上下文环境中为应用程序配置相应的资源访问策略，以达到保护设备各类资源的目的。Auxiliary tools can guide users step by step to acquire context and configure policies. At the same time, when configuring policy constraints, it can scan the applications installed on the device, detect the possibility that these applications are malicious software, and inform the user of the result. In this way, users can easily identify potential malicious applications, and configure corresponding resource access policies for applications in specific contexts, so as to achieve the purpose of protecting various resources of the device.

基于同一发明构思，本发明同时提供一种基于上下文感知的程序访问控制方法，其流程如图5所示，包括：Based on the same inventive concept, the present invention also provides a context-aware program access control method, the process of which is shown in Figure 5, including:

步骤S501，获取嵌入式设备中的上下文信息；根据所述上下文信息配置对应的策略；Step S501, acquiring context information in the embedded device; configuring a corresponding strategy according to the context information;

步骤S502，当应用程序请求嵌入式设备的资源时，执行当前上下文信息中预先配置的相应策略，获取拒绝或授予访问请求的执行结果；Step S502, when the application program requests the resources of the embedded device, execute the corresponding policy pre-configured in the current context information, and obtain the execution result of denying or granting the access request;

步骤S503，接收嵌入式设备的资源访问请求，根据所述执行结果，控制嵌入式设备的资源访问，防止未经授权的资源访问请求。Step S503, receiving the resource access request of the embedded device, and controlling the resource access of the embedded device according to the execution result, so as to prevent unauthorized resource access requests.

应用实施例如下：Application examples are as follows:

(1)将修改后的嵌入式操作系统运用于能源控制器，以实现资源使用控制系统，通过检测系统能耗评估资源访问控制机制的功能。(1) Apply the modified embedded operating system to the energy controller to realize the resource usage control system, and evaluate the function of the resource access control mechanism by detecting the system energy consumption.

(2)为了实施基于能源和基于隐私的策略，对嵌入式操作系统上的相应方法进行了修改，以使嵌入式操作系统能够控制这些资源的使用。评估对嵌入式操作系统的修改引入的时间开销，以实现资源使用控制系统。(2) To enforce energy-based and privacy-based policies, the corresponding methods on the embedded operating system are modified so that the embedded operating system can control the use of these resources. Evaluate the time overhead introduced by modifications to an embedded operating system to implement a resource usage control system.

为了验证本发明的一种基于上下文感知的程序访问控制机制实现方法的有效性。为了得到可靠的结果，在真实环境中测试了这个系统，移植了定制的操作系统，并将辅助工具安装到能源控制器嵌入式操作系统上。In order to verify the effectiveness of a context-aware-based program access control mechanism implementation method of the present invention. In order to get reliable results, the system was tested in a real environment, a custom operating system was ported, and auxiliary tools were installed on the energy controller embedded operating system.

在第一个实验中，将修改应用于操作系统中以实现资源使用控制系统。然后通过将修改后的操作系统移植到能源控制器中来评估系统的功能。通过三个对比测试来评估功耗：原始系统下的功耗；在定制的嵌入式操作系统下的功耗；定制的嵌入式操作系统下执行节能策略时的功耗。将使用控制系统设置为每60秒检查一次设备位置更新。为了保证三个测试都在同一个环境下，强制预装了嵌入式操作系统的一些业务APP，频繁请求申请硬件资源在后台运行。图4显示，与原始嵌入式操作系统和修改后的嵌入式操作系统相比，设备功耗比每小时下降约7％。与原系统下的功耗相比，本发明的具有省电策略的嵌入式操作系统下的功耗每小时节省约10％。In the first experiment, modifications were applied to the operating system to implement a resource usage control system. The functionality of the system was then evaluated by porting the modified operating system into the energy controller. The power consumption is evaluated through three comparison tests: the power consumption under the original system; the power consumption under the customized embedded operating system; the power consumption under the customized embedded operating system when the power saving strategy is executed. Set the usage control system to check for device location updates every 60 seconds. In order to ensure that the three tests are all in the same environment, some business apps that are pre-installed with embedded operating systems are forced to frequently request hardware resources to run in the background. Figure 4 shows that compared with the original embedded OS and the modified embedded OS, the device power consumption ratio drops by about 7% per hour. Compared with the power consumption under the original system, the power consumption under the embedded operating system with the power saving strategy of the present invention saves about 10% per hour.

为了实施基于能源和基于隐私的政策，本发明对嵌入式操作系统上的相应方法进行了修改，以使嵌入式能够控制这些资源的使用。接下来，评估了对嵌入式操作系统的修改引入的时间开销，以实现资源使用控制系统。计算了在嵌入式上进行修改之前和之后所花费的时间来估算开销。具体来说，测量了控制对权限、数据、系统外设、应用安装和电能的使用请求所造成的开销时间。如表3所示的结果，修改导致的总体延迟是用户无法感知的。To enforce energy-based and privacy-based policies, the present invention modifies the corresponding methods on the embedded operating system to enable the embedded to control the use of these resources. Next, the time overhead introduced by modifications to the embedded operating system to implement a resource usage control system is evaluated. The time spent before and after the modification on the embedded was calculated to estimate the cost. Specifically, the overhead time required to control usage requests for permissions, data, system peripherals, application installations, and power was measured. As shown in the results in Table 3, the overall delay caused by the modification is imperceptible to the user.

表3因修改引起的时间开销Table 3 Time overhead caused by modification

本领域内的技术人员应明白，本发明的实施例可提供为方法、系统、或计算机程序产品。因此，本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且，本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present invention may be provided as methods, systems, or computer program products. Accordingly, the present invention can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器，使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中，使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品，该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上，使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理，从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.

最后应该说明的是：以上实施例仅用以说明本发明的技术方案而非对其限制，尽管参照上述实施例对本发明进行了详细的说明，所属领域的普通技术人员应当理解依然可以对本发明的具体实施方式进行修改或者等同替换，而未脱离本发明精神和范围的任何修改或者等同替，其均应涵盖在本发明的权利要求范围当中。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and not to limit them. Although the present invention has been described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that the present invention can still be implemented. Modifications or equivalent replacements to the specific embodiments, and any modification or equivalent replacement that does not depart from the spirit and scope of the present invention, shall be covered by the scope of the claims of the present invention.

Claims

1. A context-aware based program access control system, comprising:

the access controller is used for controlling the resource access of the embedded equipment according to the execution result of the strategy executor and preventing unauthorized resource access requests;

the policy executor is used for executing the policy returned by the policy interpreter; when the application program requests the resources of the embedded equipment, executing a corresponding strategy pre-configured in the current context information, and returning an execution result to the access controller to reject or grant the access request;

the strategy interpreter is used for acquiring strategies from the strategy database through the strategy engine and analyzing the strategies; and returning the strategy to a strategy executor;

the policy engine is used for configuring the corresponding policies according to the context information and managing the policy database;

a context engine for collecting context information by controlling sensors in the embedded device.

2. The system of claim 1, further comprising:

the fine-grained resource processor is used for processing different kinds of resource access requests, and calling different system services according to authorized program requests to acquire resources on the equipment;

and the auxiliary tool is used for assisting the user in configuring the strategy and guiding the user to manage the strategy.

3. The system of claim 1, wherein the policy enforcer, when enforcing the plurality of pre-configured corresponding policies in the current context, determines, by the policy conflict arbiter, the policy to be enforced among the plurality of policies based on the policy merge rule.

4. The system of claim 1, wherein the function of the policy interpreter further comprises: when at least one policy is configured in the context, the policy interpreter returns the available policies to the policy enforcer.

5. The system of claim 1, wherein the policy for limiting application to embedded device applications in a particular environment comprises: policy constraints, location data, and a set of time data.

6. The system of claim 5, wherein the policy constraint is a no group (S, O, a), S e S, O e O and a e a, where S represents a set of principals for the embedded device application, O represents a set of protected objects for a resource on the embedded device, and a represents authorizing or requesting two operations.

7. The system of claim 2, wherein the auxiliary tool for assisting the user in configuring the policy and guiding the user in managing the policy comprises:

the user obtains corresponding context environment information through a context manager in the auxiliary tool;

the user creates policy constraints through a constraint manager in the auxiliary tool.

8. The system of claim 7, wherein the user obtains the corresponding context environmental information via a context manager in the auxiliary tool, comprising:

the method comprises the steps of obtaining position and time data of corresponding contexts, specifically obtaining current time through a clock automatic synchronization function provided by an operating system of the embedded equipment, and obtaining longitude and latitude coordinates of the embedded equipment by utilizing satellite positioning in an energy controller.

9. The system of claim 7, wherein the user creates the policy constraint through a constraint manager in the auxiliary tool, comprising:

detecting an application program in the embedded equipment through a malicious software detection engine of the constraint manager, identifying a potential malicious application program, and informing a user of the result;

and the user configures a corresponding resource access strategy for the application program in the specific context according to the detection result.

10. A program access control method based on context awareness, comprising:

acquiring context information in the embedded equipment; configuring a corresponding strategy according to the context information;

when an application program requests the resources of the embedded equipment, executing a corresponding strategy pre-configured in the current context information, and acquiring an execution result of refusing or granting the access request;

and receiving a resource access request of the embedded equipment, and controlling the resource access of the embedded equipment according to the execution result to prevent unauthorized resource access requests.

11. The method of claim 10, wherein the policy for limiting application to embedded device applications in a particular environment comprises: policy constraints, location data, and a set of time data.

12. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 10 to 11.