Currently, a lot of manpower has been put into researches involving computer system management and computer system security, design and implementation of hardware/software systems of the computer system management are performed by directly or indirectly judging whether a certain operation of the computer is permitted. Triggering of a certain operation may be caused by a certain reason during the running of hardware/software of the computer system, or may also be caused by a malicious code, or may also be caused by some unknown reasons. However, this way of managing a certain operation can only achieve the purpose of “limited management”, that is, only partial management of the computer system is achieved, rather than the complete management of the computer system.
A computer system security detecting system, a computer system security management system and an active defense system in the existing technology have the following disadvantages: 1. only monitoring a certain function or a certain operation of the computer and only simply judging whether an operation is allowed to occur. 2. This monitoring belongs to result monitoring and cannot monitor the process. 3. This monitoring and management is “post-event”, i.e. the process can only be judged according to the results. The main reason is that the current technology still cannot describe the running state of the computer, and thus cannot achieve accurate control on the running state of the computer. In order to achieve the purpose of completely managing and controlling the computer system, it is necessary to manage each current operation of the computer system and analyze the reason leading to the current operation, only when the reason leading to the current operation is fully analyzed, can the correctness of the current operation be judged accurately, so as to realize effective management on the computer system and achieve the purpose of completely managing and controlling the computer system.
In view of complexity of the computer system, when the computer system is running, the reason causing the operation of the computer at a certain time is extremely complex due to the following factors: time, operating requirements of an operator, hardware running requirements, network operation requests, code built-in requirements, etc. To analyze the whole running process of the computer, it is necessary to establish a data structure capable of describing the running state of the computer.
Because the state of the computer in the running process is transient, the state of the computer changes very rapidly in the running process of the computer, and till now, there is no logical structure capable of describing the running state of the computer, which can be used to effectively manage the computer system.