CN104008328A - Resource loading method and device - Google Patents
Resource loading method and device Download PDFInfo
- Publication number
- CN104008328A CN104008328A CN201310061911.0A CN201310061911A CN104008328A CN 104008328 A CN104008328 A CN 104008328A CN 201310061911 A CN201310061911 A CN 201310061911A CN 104008328 A CN104008328 A CN 104008328A
- Authority
- CN
- China
- Prior art keywords
- resource
- security
- described resource
- browser
- measured
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a resource loading method and device. The method includes that a file structure of a page is analyzed; a file object model is established; nodes in the file object model are determined; resource which corresponds to at least one node is obtained; safety of the resource is measured; if the resource is safe, the resource is loaded into a browser. Thereby, trust measurement during operation of network application can be effectively provided, and safety of executing environment of a user client side which operates the network application can be guaranteed.
Description
Technical field
The present invention relates to field of computer technology, more specifically, the present invention relates to a kind of resource loading method and device.
Background technology
Along with the development of computer technology and network technology, installation and the use of diverse network application (Web App) in the electronic equipment such as notebook, panel computer (PAD), mobile phone, multimedia player, PDA(Personal Digital Assistant) is universal all the more.
Especially, due to the quick progress of HTML(Hypertext Markup Language) 5 standard correlation technique, the network application based on HTML5 probably replaces native applications (Native App) in the near future gradually, and becomes topmost application program form.
Yet along with HTML5 network application is continually developed and used, the shortcoming causing due to its characteristic also displays gradually.Particularly, HTML5 application is a kind of explanation execution script program, it transmission, the links that loads and carry out all easily victim distort, replace, thereby bring huge challenge to user's client executing Environmental security.
For this safety problem of HTML5 network application, existing the first solution proposes the safety classification control method for domain name, and it can set according to user browser, loads discriminatively different webpages, thereby controls the diffusion threatening.
But the shortcoming of this scheme is, it can only carry out security control for domain name, thus cannot effectively tackle shell script load and implementation in the potential safety hazard that faces.It should be noted that current web page attacks, because trusted site implants wooden horse after being occupied by hacker, initiate greatly, yet this scheme is helpless for this attack.
In addition, existing the second solution proposes a kind of detached process sandbox mode, wherein, can load unsafe page resource by sandbox, be about to suspicious network application the access of disk, registration table etc. is redirected under specified folder, thereby eliminate the harm to system.
But the shortcoming of this scheme is, it is controlled all pages to be all placed in sandbox and to move simply, thereby causes the function limitation of network application, and this focuses on lifting network application with HTML5 and runs counter to for the trend of local device access ability.
Therefore, need a kind of novel resource loading method and device to solve the problems referred to above.
Summary of the invention
In order to solve the problems of the technologies described above, according to an aspect of the present invention, provide a kind of resource loading method, described method comprises: the file structure of resolving the page; Create DOM Document Object Model; Determine the node in DOM Document Object Model; Obtain the resource corresponding with at least one node; Security to described resource is measured; And if determine that described resource is safe, loads described resource in browser.
In addition, according to a further aspect in the invention, provide a kind of resource charger, described device comprises: resolution unit, for resolving the file structure of the page; Creating unit, for creating DOM Document Object Model; Determining unit, for determining the node of DOM Document Object Model; Obtain unit, for obtaining the resource corresponding with at least one node; Metric element, measures for the security to described resource; And loading unit, if for determining that described resource is safe, load described resource in browser.
Compared with prior art, employing is according to resource loading method of the present invention and resource charger, in the running environment of network application (for example can work as, browser) before presenting the page of network application in, page documents structure to network application is resolved, create DOM Document Object Model (DOM), determine each node in DOM, and obtain the Internet resources corresponding with one or more nodes, security to these resources is measured, only have when to determine described resource be safe, just in browser, load described resource, and finally to user, be presented at the whole application page presenting in browser.Therefore, in the present invention, can effectively provide the network application trust metrics in when operation, guarantee to move the safety of the subscription client execution environment of this network application.
Other features and advantages of the present invention will be set forth in the following description, and, partly from instructions, become apparent, or understand by implementing the present invention.Object of the present invention and other advantages can be realized and be obtained by specifically noted structure in instructions, claims and accompanying drawing.
Accompanying drawing explanation
Accompanying drawing is used to provide a further understanding of the present invention, and forms a part for instructions, for explaining the present invention, is not construed as limiting the invention together with embodiments of the present invention.In the accompanying drawings:
Fig. 1 illustrates according to resource loading method of the present invention.
Fig. 2 illustrates according to resource charger of the present invention.
Fig. 3 illustrates the resource loading method according to the embodiment of the present invention.
Fig. 4 illustrates the resource charger according to the embodiment of the present invention.
Fig. 5 illustrates according to the tolerance in the resource loading method of the embodiment of the present invention and starts flow process.
Fig. 6 illustrates the loading example with untrusted network application according to the trustable network application of the embodiment of the present invention.
Embodiment
Describe in detail with reference to the accompanying drawings according to each embodiment of the present invention.Here, it should be noted that in the accompanying drawings, identical Reference numeral is given and substantially had ingredient identical or similar structures and function, and will omit being repeated in this description about them.
Hereinafter, with reference to Fig. 1 and Fig. 2, describe according to resource loading method of the present invention and resource charger.
Fig. 1 illustrates according to resource loading method of the present invention, and Fig. 2 illustrates according to resource charger of the present invention.
The illustrated resource loading method of Fig. 1 is realized by the illustrated resource charger 100 of Fig. 2.Particularly, described resource charger 100 comprises: resolution unit 110, creating unit 120, determining unit 130, acquisition unit 140, metric element 150 and loading unit 160.
As shown in Figure 1, described resource loading method comprises:
In step S110, resolve the file structure of the page;
In step S120, create DOM Document Object Model;
In step S130, determine the node in DOM Document Object Model;
In step S140, obtain the resource corresponding with at least one node;
In step S150, the security of described resource is measured; And
In step S160, if determine that described resource is safe, in browser, load described resource.
As can be seen here, employing is according to resource loading method of the present invention and resource charger, in the running environment of network application (for example can work as, browser) before presenting the page of network application in, page documents structure to network application is resolved, create DOM Document Object Model (DOM), determine each node in DOM, and obtain the Internet resources corresponding with one or more nodes, security to these resources is measured, only have when to determine described resource be safe, just in browser, load described resource, and finally to user, be presented at the whole application page presenting in browser.Therefore, in the present invention, can effectively provide the network application trust metrics in when operation, guarantee to move the safety of the subscription client execution environment of this network application.
Hereinafter, with reference to Fig. 3 and Fig. 4, describe according to the resource loading method of the embodiment of the present invention and resource charger.
Fig. 3 illustrates the resource loading method according to the embodiment of the present invention, and Fig. 4 illustrates the resource charger 100 according to the embodiment of the present invention.
The illustrated resource loading method of Fig. 3 can be realized by the illustrated resource charger 100 of Fig. 4.As illustrated in Fig. 4, with the same ground in Fig. 2, this resource charger 100 comprises: resolution unit 110, creating unit 120, determining unit 130, acquisition unit 140, metric element 150 and loading unit 160.In addition, preferably, this resource charger 100 can also comprise: start unit 170.
This resource charger 100 can be applied to one or more electronic equipments, and at least one operating system is installed in described electronic equipment, and in this operating system, at least one network application is installed.This resource charger 100 makes described electronic equipment before this network application of operation, can measure for the security of network application the possibility working the mischief for security of system to reduce unreliable network application.
In the first example, this electronic equipment can be mobile phone, Android (Android) operating system of company of Google (Google) can be installed in this mobile phone, and this network application can be the network application of installing in Android operating system, for example online game application.
In the second example, this electronic equipment can be personal computer, form (Windows) operating system of company of Microsoft (Microsoft) can be installed in this personal computer, and this network application can be the network application of installing in Windows operating system, for example safety desktop application.
In the 3rd example, this electronic equipment can be panel computer, the iOS operating system of apple (Apple) company can be installed in this panel computer, and this network application can be the network application of installing in iOS operating system, for example apple application shop (Apple Store).
In addition, this resource charger 100 can communicate by any mode and this electronic equipment.
In one example, this resource charger 100 can be used as a software module and/or hardware unit and is integrated in this electronic equipment, and in other words, this electronic equipment can comprise this resource charger 100.For example, when electronic equipment is mobile phone, a software module in the operating system that this resource charger 100 can be this mobile phone, or can be aimed at the application program that this mobile phone is developed; Certainly, this resource charger 100 can be one of numerous hardware units of this mobile phone equally.
Alternatively, in another example, this resource charger 100 and this electronic equipment can be also separated equipment, and this resource charger 100 can be connected to this electronic equipment by wired and/or wireless network, and carry out control information transmission according to the data layout of agreement.
Below, to in following scene, specifically describe embodiments of the invention, wherein this electronic equipment is the personal computer that uses Windows operating system, this network application is the network application based on HTML5 of installing in this personal computer, and be applied to make the running environment (for example, browser) in this personal computer can load safely this HTML5 network application this resource loading method.
Yet, it should be noted that, the invention is not restricted to this.This electronic equipment can be the electronic equipment of any type, and it includes but not limited to: notebook, panel computer, mobile phone, multimedia player, personal digital assistant etc.This operating system can be also the operating system of any type, and it includes but not limited to: Android, Windows, iOS, Linux, form phone (WP) etc.In like manner, except the HTML5 network application of installing in the operating system platform of electronic equipment, this network application can be also the network application of other any types.In addition, can also be by other interaction process that are applied to according to the resource loading method of the embodiment of the present invention with electronic equipment.
As illustrated in Fig. 3, according to the resource loading method of the embodiment of the present invention, comprise:
In step S210, resolve the file structure of the page.
For example, in order at electronic equipment (to make it possible to, the personal computer of use Windows operating system) in browser, load networks (is for example applied safely, network application based on HTML5), need to carry out according to the tolerance in the resource loading method of the embodiment of the present invention and start flow process, so that successively for the system module of electronic equipment, verify for loading the running environment (EE) of this network application and the security of this network application self.
Fig. 5 illustrates according to the tolerance in the resource loading method of the embodiment of the present invention and starts flow process.
As illustrated in Fig. 5, in this tolerance, start in flow process, the one end using network application as trust chain, and the other end is that the system module (for example, system hardware and/or system software) of being trusted is as root of trust (trusted root).Therefore,, in order to ensure the security of network application, preferably can first guarantee the security of the system module of electronic equipment.
It should be noted that, although will guarantee that the part that the system module of electronic equipment and the security of running environment start flow process as tolerance illustrates the resource loading method according to the embodiment of the present invention hereinafter,, the invention is not restricted to this.For example, according to customer demand, can only verify the security of network application self.
For example, first, can with secured fashion, start this electronic equipment based on trusted console module (TPM) technology.
Particularly, can in personal computer, be equipped with TPM safety chip (that is, meeting the safety chip of TPM standard), to effectively protect this personal computer, prevent that disabled user from accessing.Basic Input or Output System (BIOS) (BIOS) startup password and harddisk password can be stored, be managed to this TPM safety chip, can carry out the encryption that scope is wider, any subregion of all right encipher hard disc.
Like this, after user starts this electronic equipment, this TPM safety chip is verified these system modules before can loading each system module in the CPU (central processing unit) of electronic equipment.For example, user, for example by pressing after the start button of electronic equipment carries out start operation, this TPM safety chip can be in turn carries out security metrics to BIOS and operating system (OS) and other related module of software and hardware.
After having guaranteed the system hardware of electronic equipment and the security of system software, in this tolerance, start in flow process, then can further guarantee the security of the running environment (EE) for operational network application of installing in OS.For example, still can with secured fashion, start this running environment based on trusted console module (TPM) technology.
Running environment can be browser or other application programs with browser engine (or being referred to as webpage mechanism for resolving), and this browser engine is responsible for the explanation of webpage grammer (as HTML, JavaScript) and is played up Webpage.In this example, this browser kernel layer can at least comprise WebKit assembly and WebView assembly, and wherein, WebKit assembly is the nucleus module of browser, it can be called as renderer, and generally includes WebCore typesetting engine and JavaScriptCore engine; And WebView assembly is for encapsulating the layer of WebKit assembly.
For example, system module and running environment are being carried out in the said process of safety verification, the file (file) of can take is measured its security as granularity.For example, for each system module and running environment, this TPM safety chip can read the complete binary code in its file, and scans integrality and the credible wilfulness of whole file.Only, after tolerance is passed through, just start corresponding object, otherwise will point out security metrics failure to user, and no longer carry out start-up operation.
As illustrated in Fig. 5, after the clean boot of running environment of having guaranteed network application, in order further to load HTML5 network application with secured fashion therein, according in the resource loading method of the embodiment of the present invention, when running environment is moved each network application, they are carried out to trust metrics.Above-mentioned network application can comprise this locality (local) network application and long-range (remote) network application.Local network application refers to the network application of directly installing in electronic equipment the machine; And telecommunication network application refers to the network application that is stored in high in the clouds (server end) and is loaded into electronic equipment the machine by network when operation.
Because network application is to take the characteristic that resource loads as unit, so when it is carried out to trust metrics, preferably can measure its security to be less than the granularity of file (file).For example, can carry out trust metrics with the granularity of one or more resources.Take WebKit assembly as example, can load before HTML5App in WebCore typesetting engine and JavaScriptCore engine, each resource of App (mainly comprising HTML content, Cascading Style Sheet (css), script (Script), plug-in unit (Plugin) etc.) is carried out to trust metrics.
That is to say, according in the resource loading method of the embodiment of the present invention, for network application, can first read a part of resource in its page, and scan integrality and the credible wilfulness of this part resource, after confirming its security, then read next part resource, carry out trust metrics, and so move in circles.
For example, before electronic equipment loads HTML5 network application in browser, can first resolve the file structure of the network application page.
Particularly, in resource charger 100, resolution unit 110 is obtained the current URL(uniform resource locator) (URL) of wanting load page from this HTML5 network application, and according to this URL, resolves the file structure of this page.
In step S220, create DOM Document Object Model.
After resolution unit 110 is resolved the file structure of the page, creating unit 120 is for creating DOM Document Object Model (DOM).
DOM is actually the document model of describing with object-oriented way.It has defined and has represented and required object, the behavior of these objects and the relation between attribute and these objects of modification document.DOM can be thought to a tree represenation of data and structure on the page.That is to say, all nodes in html document have formed a document tree (or node tree).Each element in html document, attribute, text etc. are representing a node in tree.Set up and start from document node, and continue thus to stretch out branch, until in these other all text nodes of tree lowermost level.
Particularly, creating unit 120 can according to resolution unit 110 the file structure of parsing is generated to the DOM Document Object Model DOM representing by node.
In step S230, determine the node in DOM Document Object Model.
After creating unit creates DOM Document Object Model, determining unit 130 is for determining the node of DOM Document Object Model.
Particularly, this determining unit 130 can be defined as whole document file page (page) document node (root node), and each html tag is defined as to a node element (leaf node).For example, if when the page of this network application comprises multiframe (frame) structure, the leaf node that this determining unit 130 can be using each frame as document file page.Then, this determining unit 130 can be using the HTML in each frame, CSS, JavaScript label the more low layer daughter element node under respective frame.
In step S240, obtain the resource corresponding with at least one node.
After the node of determining in DOM Document Object Model in determining unit 130, this acquisition unit 140 is for obtaining the resource corresponding with at least one node.
For example, when this network application is the local network application of installing in electronic equipment the machine, this obtains unit 140 and from the storer of electronic equipment, obtains the resource corresponding with determined each node of determining unit 130 by corresponding URL the machine address.
And for example, when this network application is that while being stored in the application of the telecommunication network in high in the clouds, this obtains unit 140 by address, corresponding URL high in the clouds, obtains the resource corresponding with determined each node of determining unit 130 via network from cloud server.
In step S250, the security of described resource is measured.
After obtaining the unit 140 acquisitions resource corresponding with at least one node, metric element 150 is measured for the security to described resource.If metric element 150 determines that described resource is safe, according to the resource loading method of the embodiment of the present invention, advance to step S260; And if described resource is unsafe, according to the resource loading method of the embodiment of the present invention, advance to step S270.
For example, this metric element 150 can be carried out the described step that the security of described resource is measured by least one means in following means: digital signature, Hash operation, blacklist and white list and password.
And for example, this metric element 150 also can be carried out trust metrics to obtaining the resource corresponding with at least one node (that is, a part of resource in the page) of unit 140 acquisitions by TPM technology.
Further, on the security mechanism basis of the HTTP (HTTPS) that this metric element 150 can also be in evaluation of life cycle (LCA) authentication mechanism and Secure Socket Layer (SSL), expand, to guarantee integrality and the credible wilfulness of described resource.
In addition, preferably, consider that user may and be indifferent to the security of some resource type, so first this metric element 150 can also judge the resource that obtains unit 140 acquisitions, whether belong to predefined type, if so, the security of described resource is not measured; Otherwise, the security of described resource is measured.
For example, the resource of judging 140 acquisitions of acquisition unit when this metric element 150 (for example belongs to multimedia type, image, video, audio frequency) resource time, due to as a rule, even if being tampered or replacing also, this resource can not cause too large impact to the security of network application, so this metric element 150 can directly be skipped to it the process of security measure, to reduce the load time of network application, save system power dissipation.
For example, yet on the contrary, when the resource of multimedia type is while being crucial, when being used as identifying code or password prompt by image file, this metric element 150 preferably can be verified such resource according to user's setting.
In addition, consider that user may and be indifferent to the security of resource in some region, so preferably, first this metric element 150 can also judge the whether specific region in the described page of the definite node of determining unit 130, if so, the security of described resource is not measured; Otherwise, the security of described resource is measured.
For example, when this metric element 150 is judged the definite node of determining unit 130 whether during the top area in the described page, the html element that mostly just comprises guidance to website or advertisement and so on due to this region is plain, even if be tampered or replace also and can not cause too large impact to the security of network application, so this metric element 150 can directly be skipped to it the process of security measure, to reduce the security measure time of network application, accelerate page loading velocity.Certainly, similarly, this metric element 150 also can be carried out safety verification to resource corresponding to the node with this region according to user's setting.
In step S260, if determine that described resource is safe, in browser, load described resource.
After the security of 150 pairs of described resources of metric element is measured, if determine described resource, be safe, loading unit 160 loads described resource in running environment, to present the page of network application to user.
In one example, after this loading unit 160 can all resources in the network application page all passes through the security metrics of metric element 150, just in browser, load all resources of full page.
At this moment, after metric element 150 is determined the security of a part of resource as described above, described loading unit 160 can further judge metric element 150 whether to all nodes with described DOM Document Object Model respectively the security of corresponding all resources measure, and if be, in browser, load the resource of safety among described all resources simultaneously.Otherwise this loading unit 160 is not first carried out load operation, until metric element 150 completes the security metrics of whole resources.
In another example, this loading unit 160 can be in the network application page a part of resource by after the security metrics of metric element 150, first in browser, load this part resource, and can another part resource by after this security metrics, continuation loads this another part resource in browser, so analogize, until load all resources of full page in browser.
At this moment, after metric element 150 is determined the security of a part of resource as described above, first described loading unit 160 can load the resource of this part in browser, and judge metric element 150 whether to all nodes with described DOM Document Object Model respectively the security of corresponding all resources measure, and if be not, notice obtains unit 140 and continues to obtain the resource corresponding with at least one node in residue node, and by metric element 150 execution security verifications.And then loading unit 160 continues load the resource of this part and carry out above-mentioned judgement in browser, until load all resources of full page in browser.
In step S270, if determine that described resource is unsafe, by virtual execution environment, in browser, load described resource.
After the security of 150 pairs of described resources of metric element is measured, if determine described resource, be unsafe,, in a simple examples, described loading unit 160 can not load described resource in running environment.At this moment, loading unit 160 can be so that the subregion corresponding with this resource be blank in the page of this network application, or presents other informations (for example, red fork or the explanatory note such as " this part resource is dangerous ").
Preferably, this loading unit 160 can further not provide loading cue button in this loads the region of resource, so that user can load unsafe resource by force according to the demand of oneself.
In addition, after the security of 150 pairs of described resources of metric element is measured, if it is unsafe determining described resource, in order to improve better user's experience, can in virtual execution environment, load described resource according to user's demand, this virtual execution environment is a kind of for example, according to the execution environment of security strategy limiting program behavior, sandbox.
At this moment, in resource charger 100, may further include a start unit 170.In metric element 150, determining resource is in unsafe situation, and it notifies this start unit 170 to start virtual execution environment.Then, this start unit 170 notifies described loading unit 160 in browser, to load described resource by described virtual execution environment.
Like this, any read-write disk operating that dangerous resource is done for electronic equipment by browser, all will be redirected in a specific temporary folder, thereby avoid user's electronic equipment to cause safety hazard.
Below, with reference to Fig. 6, describe according to the network application of the embodiment of the present invention and load example.
Fig. 6 illustrates the loading example with untrusted network application according to the trustable network application of the embodiment of the present invention.
As illustrated in Fig. 6, when judge some network applications according to the resource charger 100 of the embodiment of the present invention, it is trustable network when application, this resource charger 100 makes to load this trustable network application in browser, and allows it for the local file in electronic equipment, system setting, system equipment, information record program (cookies), to carry out read-write operation.
Yet when this network application is non-trustable network application, this resource charger 100 can be refused the loading of this network application in browser.Alternatively, this resource charger 100 makes in browser by comprising that HTML5 running environment (H5EE) host process of sandbox loads this untrusted network application, and the read-write operation for the local file in electronic equipment, system setting, system equipment, information record program (cookies) is redirected in a specific temporary folder by it.Like this, even comprise virus in the page of this network application, wooden horse, the rogue programs such as advertisement, after installing by force, have also just been installed in temporary folder, can not cause any harm to user's electronic equipment.
As can be seen here, employing is according to the resource loading method of the embodiment of the present invention and resource charger, in the running environment of network application (for example can work as, browser) before presenting the page of network application in, page documents structure to network application is resolved, create DOM Document Object Model (DOM), determine each node in DOM, and obtain the Internet resources corresponding with one or more nodes, security to these resources is measured, only have when to determine described resource be safe, just in browser, load described resource, and when to determine described resource be unsafe, can in browser, select not load, with limitation or force fully to load described resource, and finally to user, be presented at the whole application page presenting in browser.Therefore, in an embodiment of the present invention, can network enabled apply the trust metrics while moving, guarantee the safety of program.In addition, can also be in an embodiment of the present invention neatly in conjunction with sandbox technology, thus guarantee on the one hand the effective rights of trustable network application, the network application that still can limit on the other hand untrusted moves in sandbox, lowers the harm to system.
It should be noted that, although carry out trust metrics as example has illustrated according to the resource loading method of the embodiment of the present invention and resource charger by take the granularity of one or more resources hereinbefore, the invention is not restricted to this.When loading resource, can also optimize tolerance by some strategies.For example, can after waiting for that all resources corresponding with network application full page are read, carry out uniformly security metrics, then all resources be carried out to loading and to user feedback.
Through the above description of the embodiments, those skilled in the art can be well understood to the mode that the present invention can add essential hardware platform by means of software and realize, and can certainly all by software or hardware, implement.Understanding based on such, what technical scheme of the present invention contributed to background technology can embody with the form of software product in whole or in part, this computer software product can be stored in storage medium, as ROM/RAM, disk, CD etc., comprise that some instructions are with so that a computer equipment (can be personal computer, server, or the network equipment etc.) carry out the method described in some part of each embodiment of the present invention or embodiment.
Describe each embodiment of the present invention in the above in detail.Yet, it should be appreciated by those skilled in the art that without departing from the principles and spirit of the present invention, can carry out various modifications to these embodiment, combination or sub-portfolio, and such modification should fall within the scope of the present invention.
Claims (21)
1. a resource loading method, is characterized in that, described method comprises:
Resolve the file structure of the page;
Create DOM Document Object Model;
Determine the node in DOM Document Object Model;
Obtain the resource corresponding with at least one node;
Security to described resource is measured; And
If determine that described resource is safe, load described resource in browser.
2. according to the method for claim 1, it is characterized in that, the described step that the security of described resource is measured also comprises:
Judge whether described resource belongs to predefined type;
If so, the security of described resource is not measured; And
Otherwise, the security of described resource is measured.
3. according to the method for claim 1, it is characterized in that, the described step that the security of described resource is measured also comprises:
Judge the whether specific region in the described page of described node;
If so, the security of described resource is not measured; And
Otherwise, the security of described resource is measured.
4. according to the method for claim 1, it is characterized in that, described method also comprises:
If described resource is unsafe, in browser, do not load described resource.
5. according to the method for claim 1, it is characterized in that, described method also comprises:
If described resource is unsafe, start virtual execution environment; And
By described virtual execution environment, in browser, load described resource.
6. according to the method for claim 5, it is characterized in that, described virtual execution environment is sandbox.
7. according to the method for claim 1, it is characterized in that, if described definite described resource be safe,, the step that loads described resource in browser comprises:
Judge whether to all nodes with described DOM Document Object Model respectively the security of corresponding all resources measure; And
If so, in browser, load the resource of safety among described all resources simultaneously.
8. according to the method for claim 1, it is characterized in that, if described definite described resource be safe,, the step that loads described resource in browser comprises:
If determine that described resource is safe, load described resource in browser;
Judge whether to all nodes with described DOM Document Object Model respectively the security of corresponding all resources measure; And
If not, continue to obtain the resource corresponding with remaining at least one node in node.
9. according to the method for claim 1, it is characterized in that, the described step that the security of described resource is measured is to carry out by least one means in following means: digital signature, Hash operation, blacklist and white list and password.
10. according to the method for claim 1, it is characterized in that, described security comprises integrality and credible wilfulness.
11. 1 kinds of resource chargers, is characterized in that, described device comprises:
Resolution unit, for resolving the file structure of the page;
Creating unit, for creating DOM Document Object Model;
Determining unit, for determining the node of DOM Document Object Model;
Obtain unit, for obtaining the resource corresponding with at least one node;
Metric element, measures for the security to described resource; And
Loading unit, if for determining that described resource is safe, load described resource in browser.
12. according to the device of claim 11, it is characterized in that, described metric element also, for judging whether described resource belongs to predefined type, if so, is not measured the security of described resource; Otherwise, the security of described resource is measured.
13. according to the device of claim 11, it is characterized in that, described metric element also, for judging the whether specific region in the described page of described node, if so, is not measured the security of described resource; Otherwise, the security of described resource is measured.
14. according to the device of claim 11, it is characterized in that, if described resource is unsafe, described loading unit does not load described resource in browser.
15. according to the device of claim 11, it is characterized in that, described device also comprises:
Start unit, if be unsafe for described resource, starts virtual execution environment, and
Described loading unit loads described resource by described virtual execution environment in browser.
16. according to the device of claim 15, it is characterized in that, described virtual execution environment is sandbox.
17. according to the device of claim 11, it is characterized in that, described loading unit judge whether to all nodes with described DOM Document Object Model respectively the security of corresponding all resources measure, and if be, in browser, load the resource of safety among described all resources simultaneously.
18. according to the device of claim 11, it is characterized in that, if determine that described resource is safe, described loading unit loads described resource in browser, judge whether to all nodes with described DOM Document Object Model respectively the security of corresponding all resources measure, and if, notice obtains unit and continues to obtain the resource corresponding with remaining at least one node in node.
19. according to the device of claim 11, it is characterized in that, the described step that the security of described resource is measured is to carry out by least one means in following means: digital signature, Hash operation, blacklist and white list and password.
20. according to the device of claim 11, it is characterized in that, described security comprises integrality and credible wilfulness.
21. 1 kinds of electronic equipments, is characterized in that, described electronic equipment comprises: according to the resource charger of any one in claim 11 to 20.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310061911.0A CN104008328A (en) | 2013-02-27 | 2013-02-27 | Resource loading method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310061911.0A CN104008328A (en) | 2013-02-27 | 2013-02-27 | Resource loading method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104008328A true CN104008328A (en) | 2014-08-27 |
Family
ID=51368978
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310061911.0A Pending CN104008328A (en) | 2013-02-27 | 2013-02-27 | Resource loading method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104008328A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104881452A (en) * | 2015-05-18 | 2015-09-02 | 百度在线网络技术(北京)有限公司 | Resource locator sniffing method, device and system |
CN111191225A (en) * | 2020-01-03 | 2020-05-22 | 北京字节跳动网络技术有限公司 | Method, device, medium and electronic equipment for switching isolated objects |
CN112182591A (en) * | 2020-11-26 | 2021-01-05 | 江苏北弓智能科技有限公司 | Method for verifying web application trusted operating environment based on Linux system |
CN112217775A (en) * | 2019-07-12 | 2021-01-12 | 华为技术有限公司 | Remote certification method and device |
CN113849823A (en) * | 2021-09-29 | 2021-12-28 | 大唐高鸿信安(浙江)信息科技有限公司 | Security chip of dynamic componentized trusted execution environment and component loading method thereof |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101895516A (en) * | 2009-05-19 | 2010-11-24 | 北京启明星辰信息技术股份有限公司 | Method and device for positioning cross-site scripting attack source |
CN102469113A (en) * | 2010-11-01 | 2012-05-23 | 北京启明星辰信息技术股份有限公司 | Security gateway and method for forwarding webpage |
US20120198558A1 (en) * | 2009-07-23 | 2012-08-02 | NSFOCUS Information Technology Co., Ltd. | Xss detection method and device |
-
2013
- 2013-02-27 CN CN201310061911.0A patent/CN104008328A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101895516A (en) * | 2009-05-19 | 2010-11-24 | 北京启明星辰信息技术股份有限公司 | Method and device for positioning cross-site scripting attack source |
US20120198558A1 (en) * | 2009-07-23 | 2012-08-02 | NSFOCUS Information Technology Co., Ltd. | Xss detection method and device |
CN102469113A (en) * | 2010-11-01 | 2012-05-23 | 北京启明星辰信息技术股份有限公司 | Security gateway and method for forwarding webpage |
Non-Patent Citations (2)
Title |
---|
付鸣: "网页木马检测技术的研究", 《中国优秀硕士学位论文全文数据库》 * |
郭敏哲: "基于浏览器的网络钓鱼检测机制的研究与实现", 《中国优秀硕士学位论文全文数据库》 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104881452A (en) * | 2015-05-18 | 2015-09-02 | 百度在线网络技术(北京)有限公司 | Resource locator sniffing method, device and system |
CN104881452B (en) * | 2015-05-18 | 2020-05-29 | 百度在线网络技术(北京)有限公司 | Resource address sniffing method, device and system |
CN112217775A (en) * | 2019-07-12 | 2021-01-12 | 华为技术有限公司 | Remote certification method and device |
CN112217775B (en) * | 2019-07-12 | 2022-04-05 | 华为技术有限公司 | Remote certification method and device |
CN111191225A (en) * | 2020-01-03 | 2020-05-22 | 北京字节跳动网络技术有限公司 | Method, device, medium and electronic equipment for switching isolated objects |
CN111191225B (en) * | 2020-01-03 | 2022-05-27 | 北京字节跳动网络技术有限公司 | Method, device, medium and electronic equipment for switching isolated objects |
CN112182591A (en) * | 2020-11-26 | 2021-01-05 | 江苏北弓智能科技有限公司 | Method for verifying web application trusted operating environment based on Linux system |
CN112182591B (en) * | 2020-11-26 | 2021-02-19 | 江苏北弓智能科技有限公司 | Method for verifying web application trusted operating environment based on Linux system |
CN113849823A (en) * | 2021-09-29 | 2021-12-28 | 大唐高鸿信安(浙江)信息科技有限公司 | Security chip of dynamic componentized trusted execution environment and component loading method thereof |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9235586B2 (en) | Reputation checking obtained files | |
EP3113064B1 (en) | System and method for determining modified web pages | |
US9591003B2 (en) | Dynamic application security verification | |
Chin et al. | Bifocals: Analyzing webview vulnerabilities in android applications | |
US8474048B2 (en) | Website content regulation | |
US9305170B1 (en) | Systems and methods for securely providing information external to documents | |
CN111191226B (en) | Method, device, equipment and storage medium for determining program by utilizing right-raising loopholes | |
Van Acker et al. | FlashOver: Automated discovery of cross-site scripting vulnerabilities in rich internet applications | |
US9208235B1 (en) | Systems and methods for profiling web applications | |
CN107896219B (en) | Method, system and related device for detecting website vulnerability | |
US20170085567A1 (en) | System and method for processing task resources | |
US8904492B2 (en) | Method of controlling information processing system, computer-readable recording medium storing program for controlling apparatus | |
JP2014508363A (en) | System and method for performing anti-malware metadata lookup | |
CN106549909B (en) | Authorization verification method and device | |
CN104008328A (en) | Resource loading method and device | |
US9779250B1 (en) | Intelligent application wrapper | |
US20160335430A1 (en) | Apparatus and Method for Detecting Buffer Overflow Attack, and Security Protection System | |
KR20180075881A (en) | Method and Apparatus for Analyzing Web Vulnerability for Client-side | |
CN108462749B (en) | Web application processing method, device and system | |
US9923916B1 (en) | Adaptive web application vulnerability scanner | |
CN107103243B (en) | Vulnerability detection method and device | |
US11212287B2 (en) | Program execution control method, program, recording medium, web page, transmission server, client, and web system | |
CN112287349A (en) | Security vulnerability detection method and server | |
CN110990839B (en) | Method, device and platform for security inspection of windows host | |
JP2016045754A (en) | Program for warning access to web page, method, and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140827 |
|
RJ01 | Rejection of invention patent application after publication |