CN108197476B - Vulnerability detection method and device for intelligent terminal equipment - Google Patents
Vulnerability detection method and device for intelligent terminal equipment Download PDFInfo
- Publication number
- CN108197476B CN108197476B CN201711442204.0A CN201711442204A CN108197476B CN 108197476 B CN108197476 B CN 108197476B CN 201711442204 A CN201711442204 A CN 201711442204A CN 108197476 B CN108197476 B CN 108197476B
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- test case
- intelligent terminal
- case set
- loopholes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention provides a vulnerability detection method and device of intelligent terminal equipment, which are characterized in that behavior characteristics and vulnerability influence range information of the intelligent terminal equipment when various vulnerabilities occur are obtained; writing a test case set for triggering the vulnerability according to the behavior characteristics of the vulnerability and the vulnerability influence range information; reading information of a detection item of intelligent terminal equipment to be detected; judging whether the information of each detection item is matched with the vulnerability influence range information of the test case set to be executed; if so, executing the test case set on the matched detection item, and acquiring a test result; the method for judging whether the intelligent terminal equipment to be detected has the loophole or not according to the test result solves the defects in the prior art, realizes the adaptation to various intelligent terminal equipment and has the beneficial effects of quickly and effectively automatically detecting various loopholes of different detection items for the intelligent terminal equipment.
Description
Technical Field
The invention relates to the technical field of vulnerability detection, in particular to a vulnerability detection method and device of intelligent terminal equipment.
Background
The intelligent terminal equipment is direct and user interaction's equipment, mainly embodies for the smart mobile phone in mobile internet, nevertheless along with the vigorous development such as thing networking, car networking, intelligent house, intelligent terminal demonstrates the characteristics that the kind is more diversified, function and structure are more complicated, this just leads to intelligent terminal equipment fragmentation extremely serious, and the repair situation can not be confirmed on the equipment of difference of the same leak. Therefore, detecting the vulnerability of the intelligent terminal equipment is an important method for knowing the security of the intelligent terminal equipment and an important means for finding problems and timely repairing and defending vulnerability attacks.
The existing vulnerability detection method of the intelligent terminal device is used for detecting the vulnerability by installing and operating a detection program APP. A typical representative example is an Android VTS (Android Test Suite), which is an APP application of an Android system platform, and a user can install and run the APP to detect whether there are vulnerabilities on their intelligent terminal device, and can detect dozens of vulnerabilities on the intelligent terminal device. In addition, some existing vulnerability detection methods for intelligent terminal equipment of the Android operating system are installed in an apk (Android package) application mode.
The existing vulnerability detection method of the intelligent terminal equipment has the following defects:
1. the existing vulnerability detection method of the intelligent terminal equipment detects the version number and the update date of the current intelligent terminal system and components, and judges which vulnerabilities exist according to the version number and the update date, namely the patch date. The method has the defects that whether the loopholes exist or not is not actually detected, and the situation that whether a developer only modifies the version number and the updating date or not and the loopholes are not repaired cannot be dealt with; meanwhile, the situation that the developer only repairs the bugs and does not update the version numbers and the update dates cannot be dealt with.
2. When the application program installed by the APK is operated to carry out vulnerability detection on the intelligent terminal equipment, because the interfaces and the permission which can be accessed in the Android system are limited, the comprehensive vulnerability detection can not be carried out on the operating system and the components of the intelligent terminal equipment, and only the interfaces of the system files which can be contacted by the common application can be detected. The detection range of the existing vulnerability detection method is limited, and a single APP application cannot detect the vulnerability which can be triggered only when the terminal equipment is in communication interaction with other equipment through a Bluetooth module and a wifi module.
3. The intelligent terminal supporting detection in the prior art has singleness, the intelligent terminal to be detected in the prior art can only be an intelligent terminal, or can only be an intelligent watch, or can only be an intelligent navigation terminal, and no method can simultaneously and compatibly support detection of various intelligent terminal devices. However, the existing vulnerability detection method for intelligent terminal equipment mainly aims at the detection of single or multiple vulnerability sets, and due to the diversity and complexity of intelligent terminals, the existing vulnerability detection method for intelligent terminal equipment cannot adapt to all intelligent terminal equipment, and can effectively detect vulnerabilities of various intelligent terminal equipment.
Therefore, how to realize the quick and effective automatic detection of the loopholes of various intelligent terminals is a technical problem which needs to be solved urgently at present.
Disclosure of Invention
In order to overcome the defects in the prior art, the invention provides the vulnerability detection method and device of the intelligent terminal equipment, which have the beneficial effects of being adaptive to various intelligent terminal equipment and being capable of quickly and effectively automatically detecting vulnerabilities of the intelligent terminal equipment.
In order to achieve the above object, an embodiment of the present invention provides a method for detecting a vulnerability of an intelligent terminal device, where the method includes:
acquiring behavior characteristics and vulnerability influence range information of each vulnerability of the intelligent terminal equipment when the vulnerability occurs;
writing a test case set for triggering the vulnerability according to the behavior characteristics of the vulnerability and the vulnerability influence range information;
reading information of a detection item of intelligent terminal equipment to be detected;
judging whether the information of each detection item is matched with the vulnerability influence range information of the test case set to be executed;
if so, executing the test case set on the matched detection item, and acquiring a test result;
and judging whether the intelligent terminal equipment to be detected has a leak or not according to the test result.
In order to achieve the above object, an embodiment of the present invention further provides a vulnerability detection apparatus for an intelligent terminal device, including:
the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring behavior characteristics and vulnerability influence range information when each vulnerability of the intelligent terminal equipment occurs;
the compiling unit is used for compiling a test case set for triggering the vulnerability according to the behavior characteristics of the vulnerability and the vulnerability influence range information;
the reading unit is used for reading the information of the detection items of the intelligent terminal equipment to be detected;
the first judgment unit is used for judging whether the information of each detection item is matched with the vulnerability influence range information of the test case set to be executed;
the execution unit is used for executing the test case set on the matched detection item and acquiring a test result if the test case set is matched with the detection item;
and the second judging unit is used for judging whether the intelligent terminal equipment to be detected has a leak according to the test result.
In order to achieve the above object, an embodiment of the present invention further provides a computer device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the following steps when executing the program:
acquiring behavior characteristics and vulnerability influence range information of each vulnerability of the intelligent terminal equipment when the vulnerability occurs;
writing a test case set for triggering the vulnerability according to the behavior characteristics of the vulnerability and the vulnerability influence range information;
reading information of a detection item of intelligent terminal equipment to be detected;
judging whether the information of each detection item is matched with the vulnerability influence range information of the test case set to be executed;
if so, executing the test case set on the matched detection item, and acquiring a test result;
and judging whether the intelligent terminal equipment to be detected has a leak or not according to the test result.
To achieve the above object, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, which when executed by a processor, implements the following steps:
acquiring behavior characteristics and vulnerability influence range information of each vulnerability of the intelligent terminal equipment when the vulnerability occurs;
writing a test case set for triggering the vulnerability according to the behavior characteristics of the vulnerability and the vulnerability influence range information;
reading information of a detection item of intelligent terminal equipment to be detected;
judging whether the information of each detection item is matched with the vulnerability influence range information of the test case set to be executed;
if so, executing the test case set on the matched detection item, and acquiring a test result;
and judging whether the intelligent terminal equipment to be detected has a leak or not according to the test result.
According to the vulnerability detection method and device of the intelligent terminal equipment, behavior characteristics and vulnerability influence range information when each vulnerability of the intelligent terminal equipment occurs are obtained; writing a test case set for triggering the vulnerability according to the behavior characteristics of the vulnerability and the vulnerability influence range information; reading information of a detection item of intelligent terminal equipment to be detected; judging whether the information of each detection item is matched with the vulnerability influence range information of the test case set to be executed; if so, executing the test case set on the matched detection item, and acquiring a test result; the method for judging whether the intelligent terminal equipment to be detected has the loophole or not according to the test result and the device consisting of the acquisition unit, the writing unit, the reading unit, the first judgment unit, the execution unit and the second judgment unit which correspond to the method solve the defects in the prior art, realize the adaptation to various intelligent terminal equipment and have the beneficial effect of quickly and effectively automatically detecting various loopholes of different detection items for the intelligent terminal equipment.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a vulnerability detection method of an intelligent terminal device according to the present application;
fig. 2 is a schematic structural diagram of a detection item of the intelligent terminal device according to an embodiment of the present application;
fig. 3 is a flowchart of a vulnerability detection method of an intelligent terminal device according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a vulnerability detection apparatus of an intelligent terminal device according to the present application;
fig. 5 is a schematic structural diagram of a first determining unit according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a vulnerability detection apparatus of an intelligent terminal device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a vulnerability detection method of intelligent terminal equipment, a flow chart of which is shown in figure 1, and the method comprises the following steps:
s101: acquiring behavior characteristics and vulnerability influence range information of each vulnerability of the intelligent terminal equipment when the vulnerability occurs;
s102: writing a test case set for triggering the vulnerability according to the behavior characteristics of the vulnerability and the vulnerability influence range information;
s103: reading information of a detection item of intelligent terminal equipment to be detected;
s104: judging whether the information of each detection item is matched with the vulnerability influence range information of the test case set to be executed;
s105: if so, executing the test case set on the matched detection item, and acquiring a test result;
s106: and judging whether the intelligent terminal equipment to be detected has a leak or not according to the test result.
As can be seen from the flow shown in fig. 1, in the vulnerability detection method for the intelligent terminal device, behavior characteristics and vulnerability influence range information of the intelligent terminal device when each vulnerability occurs are obtained; writing a test case set for triggering the vulnerability according to the behavior characteristics of the vulnerability and the vulnerability influence range information; reading information of a detection item of intelligent terminal equipment to be detected; judging whether the information of each detection item is matched with the vulnerability influence range information of the test case set to be executed; if so, executing the test case set on the matched detection item, and acquiring a test result; and judging whether the intelligent terminal equipment to be detected has a leak or not according to the test result. The invention solves the defects in the prior art, realizes the adaptation to various intelligent terminal devices, and has the beneficial effects of quickly and effectively automatically detecting various loopholes of different detection items for the intelligent terminal devices.
In step S101, each vulnerability of the intelligent terminal device is a known vulnerability, and the behavior characteristic when each known vulnerability occurs is also a known behavior characteristic. Known vulnerabilities include: buffer overflow loopholes, integer overflow loopholes, out-of-range access loopholes, formatted character string loopholes, data illegal tampering loopholes, memory destruction loopholes, post-release reuse and secondary release loopholes, race condition loopholes, logic design loopholes, type confusion loopholes, and the like, which are not limited in the invention. Known behavioral characteristics include: buffer overflow, illegal tampering of data, information leakage, program execution flow exception, program/system crash, and/or illegal results, etc., which are not intended to limit the present invention. Each vulnerability has at least one behavior characteristic, and the behavior characteristics of the vulnerabilities may be the same or different.
The present invention will be further described with reference to specific examples in order to provide those skilled in the art with a better understanding of the invention.
In one embodiment, as shown in fig. 2, the detection items of the intelligent terminal device to be detected in S101 include: an operating system 201, a kernel 202, application software 203, a Bluetooth module 204 and a wifi module 205. The information of the detection item includes: type information and version information. The vulnerability influence scope information comprises: vulnerability impact type range information and vulnerability impact version range information.
In one embodiment, the step S102 of writing a test case set for triggering the vulnerability according to the behavior characteristics of the vulnerability and the vulnerability influence range information includes:
and correspondingly compiling a test case set for triggering the vulnerability according to the known behavior characteristics and vulnerability influence range information of each vulnerability when the vulnerability occurs. Each vulnerability can have one or more behavior characteristics, at least one test case capable of triggering the corresponding vulnerability is compiled according to the behavior characteristics, a corresponding test case set is formed by the at least one test case, and the test case set is used for triggering the corresponding vulnerability.
During specific implementation, a test case set applying for an overflowing target buffer area A and an adjacent detection variable B is compiled according to behavior characteristic buffer area overflow, vulnerability influence type range information and vulnerability influence version range information. And after the test case set is executed, directly outputting the variable B or checking the content of the variable B in a debugger and other modes, if the content is changed, indicating that the detected intelligent terminal has a corresponding bug, otherwise, indicating that the detected intelligent terminal does not have the bug.
And writing a test case set with the illegally tampered data position in a controllable range according to the illegal tampering of the behavior characteristic data, the vulnerability influence type range information and the vulnerability influence version range information. And after the test case set is executed, judging whether the corresponding loophole exists on the detected intelligent terminal or not by outputting or checking whether the data in the controllable range changes or not, if so, indicating that the corresponding loophole exists on the detected intelligent terminal, otherwise, not.
And compiling a test case set for outputting unexpected sensitive data according to the behavior characteristic information leakage, the vulnerability influence type range information and the vulnerability influence version range information. And after the test case set is executed, judging whether sensitive data can be output, if so, indicating that the detected intelligent terminal has a corresponding bug, otherwise, not judging that the detected intelligent terminal has the bug.
According to the behavioral characteristic program execution flow abnormity, the vulnerability influence type range information and the vulnerability influence version range information, a test case set which causes the program execution flow to be abnormal according to the vulnerability is compiled, and an observation point is set in the abnormal execution flow. And after the test case set is executed, judging whether the observation program running at the observation point accords with the vulnerability characteristics, if so, indicating that the detected intelligent terminal has a corresponding vulnerability, otherwise, not.
And compiling a test case set for triggering the program crash according to the behavior characteristic program or system crash, the vulnerability influence type range information and the vulnerability influence version range information, and recording the crash position, the function call stack, the register and other contents. And after the test case set is executed, judging whether the expected result of the vulnerability crash is met, if so, indicating that the detected intelligent terminal has the corresponding vulnerability, otherwise, indicating that the detected intelligent terminal does not have the vulnerability.
And compiling a test case set for triggering the illegal results according to the behavior characteristic illegal results, the vulnerability influence type range information and the vulnerability influence version range information. And after the test case set is executed, judging whether the output result of the test case set is matched with the program running result with the bug, if so, indicating that the detected intelligent terminal has the corresponding bug, otherwise, not.
In one embodiment, as shown in fig. 3, the step S104 of determining whether the information of each detection item matches the vulnerability influence range information of the test case set to be executed includes:
s301: and judging whether the type information of each detection item is matched with the vulnerability influence type range information of the test case set to be executed.
In specific implementation, after the type information of each detection item is read, whether the type information of each detection item is matched with the vulnerability influence type range information of the currently executed test case set is respectively judged. If the type information of the detection item does not belong to the range of the vulnerability influence type range information of the currently executed test case set, the type information is considered not to be matched; otherwise, a match is considered. Wherein the matching case comprises: the type information of the detection item belongs to vulnerability influence type range information of the currently executed test case set, and the detection item has no type information, and the like, which is not limited by the invention. The case of mismatch is: and detecting the type information of the item, wherein the type information of the item is not in the vulnerability influence type range information of the currently executed test case set. For example, the vulnerability influence type range information of the currently executed test case set is of an Android or IOS type, and when the type information of the detection item is Symbian, the vulnerability influence type range is not of the Android or IOS type and belongs to a mismatch condition; when the type information of the detection item is Android, the detection item belongs to a vulnerability influence type range of Android or IOS type and belongs to a matching condition, and when the type information of the detection item is empty, the detection item is defined as belonging to the vulnerability influence type range of Android or IOS type and also belongs to the matching condition, and the detection item is not limited by the scope of the invention.
S302: and judging whether the version information of each detection item is matched with the vulnerability influence version range information of the test case set to be executed.
In specific implementation, after the version information of each detection item is read, whether the version information of each detection item is matched with the vulnerability influence version range information of the currently executed test case set is respectively judged. If the version information of the detection item does not belong to the range of the vulnerability influence version range information of the currently executed test case set, the version information is considered not to be matched; otherwise, a match is considered. Wherein the matching case comprises: the version information of the detection item belongs to vulnerability influence version range information of the currently executed test case set, and the detection item has no version information, and the like, which is not limited by the invention. The case of mismatch is: and detecting whether the version information of the item is not in the vulnerability influence version range information of the currently executed test case set. For example, the vulnerability influence version range information of the currently executed test case set is 1.0-3.0 version, and when the version information of the detection item is 5.0, the vulnerability influence version range is not in the 1.0-3.0 version, and the vulnerability influence version range is not matched; when the version information of the detection item is 2.0, the vulnerability influence version range belongs to the vulnerability influence version range of 1.0-3.0 version, and belongs to the matching condition, and when the version information of the detection item is empty, the vulnerability influence version range belongs to the vulnerability influence version range of 1.0-3.0 version, and also belongs to the matching condition, and the invention is not limited by the scope.
The above steps S301 and S302 do not have a sequence, and it is determined which step is performed first, and the process of determining each detection item is not in the sequence. In step S105, the current test case set is executed on each of the matched detection items, and after the current test case set is executed on all the matched detection items, the last test result of the current test case set is obtained.
In an embodiment, the vulnerability detection method for an intelligent terminal device provided by the present invention further includes:
performing communication interaction with the Bluetooth module; or
And carrying out communication interaction with the wifi module.
During specific implementation, a test case set is executed on the bluetooth module 204 of the intelligent terminal device to be detected, and when vulnerability detection is performed, testing needs to be performed in a state of communication interaction with the bluetooth module 204 (that is, the bluetooth function state of the intelligent terminal device to be detected is started). When the test case set is executed on the wifi module 205 of the intelligent terminal device to perform vulnerability detection, the testing needs to be performed in a state of communication interaction with the wifi module 205 (i.e. the wifi function state of the intelligent terminal device to be detected is started).
In one embodiment, the step S106 of determining whether the intelligent terminal device to be detected has a bug according to the test result includes:
judging whether the behavior characteristics corresponding to the test case set occur in the intelligent terminal equipment to be detected or not according to the test result; if so, the vulnerability corresponding to the test case set exists in the intelligent terminal equipment to be detected; otherwise, the intelligent terminal device to be detected does not have the bug corresponding to the test case set.
In specific implementation, whether the current detected intelligent terminal device has the bug corresponding to the test case set is judged according to the test result obtained in step S105. By checking whether the behavior characteristics of the vulnerability corresponding to the test case set occur in the test result, if the behavior characteristics corresponding to the vulnerability occur, the vulnerability corresponding to the test case set exists in the currently detected intelligent terminal device, otherwise, the vulnerability corresponding to the test case set does not exist.
In an embodiment, as shown in fig. 3, the vulnerability detection method of the intelligent terminal device provided by the present invention further includes:
s107: and for each vulnerability, after the test result of the test case set corresponding to the vulnerability is judged, restoring the intelligent terminal device to be detected to be in an initial state, and executing the test case set corresponding to the next vulnerability.
In specific implementation, for each bug in S101, after the test result of executing the test case set in each matched detection item is determined in S106, each detection item of the detected intelligent terminal device is restored to the initial state (the initial state is the state of the detected intelligent terminal device before the test case set is executed), and then the next test case set corresponding to the next bug is executed. By restoring the detection items of the detected intelligent terminal equipment to be in the initial state, the testing environment before the test case set corresponding to each bug is executed is ensured to be consistent, and the mutual influence among the bugs is avoided.
According to the analysis, the behavior characteristics and vulnerability influence range information of each vulnerability of the intelligent terminal equipment are obtained, and the test case set triggering the vulnerability is compiled according to the behavior characteristics and vulnerability influence range information. During detection, firstly, information of detection items of the intelligent terminal device to be detected is read, whether the information of each detection item is matched with vulnerability influence range information of a test case set to be executed or not is judged, the corresponding test case set is executed on the matched detection items, a test result is obtained, then whether the corresponding vulnerability exists in the intelligent terminal device to be detected or not is judged according to the test result, the detected intelligent terminal device is recovered to be in an initial state after the judgment is finished, and then the test case set corresponding to the next vulnerability is executed. The vulnerability detection method of the intelligent terminal equipment provided by the invention solves the defects in the prior art, realizes the adaptation to various intelligent terminal equipment, and has the beneficial effects of quickly and effectively automatically detecting various vulnerabilities of different detection items for the intelligent terminal equipment.
Based on the same application concept as the vulnerability detection method of the intelligent terminal equipment, the application also provides a vulnerability detection device of the intelligent terminal equipment, and the vulnerability detection device is provided as the following embodiment. Because the problem solving principle of the vulnerability detection device of the intelligent terminal equipment is similar to that of the vulnerability detection method of the intelligent terminal equipment, the implementation of the vulnerability detection device of the intelligent terminal equipment can refer to the implementation of the vulnerability detection method of the intelligent terminal equipment, and repeated parts are not repeated.
Fig. 4 is a schematic structural diagram of a vulnerability detection apparatus of an intelligent terminal device according to an embodiment of the present invention, and as shown in fig. 4, the vulnerability detection apparatus of the intelligent terminal device includes: an obtaining unit 401, a writing unit 402, a reading unit 403, a first determining unit 404, an executing unit 405, and a second determining unit 406.
An obtaining unit 401, configured to obtain behavior characteristics and vulnerability influence range information when each vulnerability of the intelligent terminal device occurs;
a compiling unit 402, configured to compile a test case set that triggers the vulnerability according to the behavior characteristics of the vulnerability and the vulnerability influence range information;
a reading unit 403, configured to read information of a detection item of the intelligent terminal device to be detected;
a first determining unit 404, configured to determine whether information of each detection item matches vulnerability influence range information of a test case set to be executed;
an execution unit 405, configured to execute the test case suite on the matched detection item and obtain a test result if the test case suite is matched with the matched detection item;
and a second judging unit 406, configured to judge whether the to-be-detected intelligent terminal device has a bug according to the test result.
When the method is specifically implemented, the detection items of the intelligent terminal equipment to be detected comprise: the system comprises an operating system, a kernel, application software, a Bluetooth module and a wifi module; the information of the detection item includes: type information and version information; the vulnerability influence scope information comprises: vulnerability impact type range information and vulnerability impact version range information, which is not limited in the present invention.
In an embodiment, the vulnerability detection apparatus of an intelligent terminal device provided by the present invention further includes:
the Bluetooth communication interaction unit is used for carrying out communication interaction with the Bluetooth module 204;
and the wifi communication interaction unit is used for performing communication interaction with the wifi module 205.
In one embodiment, as shown in fig. 5, the first judging unit 404 includes: a type information judging module 501 and a version information judging module 502.
The type information determining module 501 is configured to determine whether the type information of each detection item matches vulnerability influence type range information of the test case set to be executed.
The version information determining module 502 is configured to determine whether the version information of each detection item matches vulnerability influence version range information of the test case set to be executed.
In an embodiment, the second determining unit 406 is specifically configured to:
judging whether the behavior characteristics corresponding to the test case set occur in the intelligent terminal equipment to be detected or not according to the test result; if so, the vulnerability corresponding to the test case set exists in the intelligent terminal equipment to be detected; otherwise, the intelligent terminal device to be detected does not have the bug corresponding to the test case set.
In an embodiment, as shown in fig. 6, the vulnerability detection apparatus of an intelligent terminal device provided in the embodiment of the present invention further includes: a recovery unit 407.
And the recovery unit 407 is configured to, for each bug, recover the intelligent terminal device to be detected to be in an initial state after the test result of the test case set corresponding to the bug is judged, and then execute the test case set corresponding to the next bug.
The vulnerability detection device of the intelligent terminal equipment provided by the invention overcomes the defects in the prior art, realizes the adaptation to various intelligent terminal equipment, and has the beneficial effects of quickly and effectively automatically detecting various vulnerabilities of different detection items for the intelligent terminal equipment.
Based on the same application concept as the vulnerability detection method of the intelligent terminal device, the application also provides a computer device, as described in the following embodiments. Because the principle of solving the problem of the computer equipment is similar to the vulnerability detection method of the intelligent terminal equipment, the implementation of the computer equipment can refer to the implementation of the vulnerability detection method of the intelligent terminal equipment, and repeated parts are not repeated.
The embodiment of the present invention further provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and capable of running on the processor, and when the processor executes the program, the following steps are implemented:
acquiring behavior characteristics and vulnerability influence range information of each vulnerability of the intelligent terminal equipment when the vulnerability occurs;
writing a test case set for triggering the vulnerability according to the behavior characteristics of the vulnerability and the vulnerability influence range information;
reading information of a detection item of intelligent terminal equipment to be detected;
judging whether the information of each detection item is matched with the vulnerability influence range information of the test case set to be executed;
if so, executing the test case set on the matched detection item, and acquiring a test result;
and judging whether the intelligent terminal equipment to be detected has a leak or not according to the test result.
Based on the same application concept as the vulnerability detection method of the intelligent terminal device, the application also provides a computer readable storage medium, as described in the following embodiments. Because the principle of solving the problem of the computer-readable storage medium is similar to the vulnerability detection method of the intelligent terminal device, the implementation of the computer-readable storage medium can refer to the implementation of the vulnerability detection method of the intelligent terminal device, and repeated parts are not described again.
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the following steps:
acquiring behavior characteristics and vulnerability influence range information of each vulnerability of the intelligent terminal equipment when the vulnerability occurs;
writing a test case set for triggering the vulnerability according to the behavior characteristics of the vulnerability and the vulnerability influence range information;
reading information of a detection item of intelligent terminal equipment to be detected;
judging whether the information of each detection item is matched with the vulnerability influence range information of the test case set to be executed;
if so, executing the test case set on the matched detection item, and acquiring a test result;
and judging whether the intelligent terminal equipment to be detected has a leak or not according to the test result.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The principle and the implementation mode of the invention are explained by applying specific embodiments in the invention, and the description of the embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (14)
1. A vulnerability detection method of intelligent terminal equipment is characterized by comprising the following steps:
acquiring behavior characteristics and vulnerability influence range information of each vulnerability of the intelligent terminal equipment when the vulnerability occurs; the vulnerability is known vulnerability, and the behavior characteristics of the vulnerability when the vulnerability occurs are known behavior characteristics; the known vulnerabilities include: buffer overflow loopholes, integer overflow loopholes, out-of-range access loopholes, formatted character string loopholes, data illegal tampering loopholes, memory destruction loopholes, post-release reuse and secondary release loopholes, race condition loopholes, logic design loopholes, and type confusion loopholes; known behavioral characteristics include: buffer overflow, illegal tampering of data, information leakage, program execution flow exception, program/system crash, and/or illegal results; each vulnerability at least has one behavior characteristic, and the behavior characteristics of each vulnerability may be the same or different;
writing a test case set for triggering the vulnerability according to the behavior characteristics of the vulnerability and the vulnerability influence range information; the method comprises the following steps: correspondingly writing a test case set for triggering each bug according to behavior characteristics and bug influence range information of each bug when the bug occurs, which are known by all intelligent terminal equipment, wherein each bug has one or more behavior characteristics, writing at least one test case capable of triggering the corresponding bug according to the behavior characteristics, forming the corresponding test case set by the at least one test case, and the test case set is used for triggering the corresponding bug;
according to the known behavior characteristics and vulnerability influence range information of each vulnerability when the vulnerability occurs, the corresponding writing of the test case set for triggering the vulnerability comprises the following steps: writing a target buffer area applying for overflow and a test case set of adjacent detection variables according to the behavior characteristic buffer area overflow, the vulnerability influence type range information and the vulnerability influence version range information; after the test case set is executed, directly outputting variables or checking the contents of the variables in a debugger mode, if the contents are changed, indicating that the detected intelligent terminal has corresponding bugs, otherwise, indicating that the bugs do not exist;
reading information of a detection item of intelligent terminal equipment to be detected;
judging whether the information of each detection item is matched with the vulnerability influence range information of the test case set to be executed;
if so, executing the test case set on the matched detection item, and acquiring a test result;
and judging whether the intelligent terminal equipment to be detected has a leak or not according to the test result.
2. The method for detecting the vulnerability of the intelligent terminal equipment according to claim 1, wherein the detection items of the intelligent terminal equipment to be detected comprise: the system comprises an operating system, a kernel, application software, a Bluetooth module and a wifi module; the information of the detection item includes: type information and version information; the vulnerability influence scope information comprises: vulnerability impact type range information and vulnerability impact version range information.
3. The vulnerability detection method of intelligent terminal equipment according to claim 2, further comprising:
performing communication interaction with the Bluetooth module; or
And carrying out communication interaction with the wifi module.
4. The method for detecting the vulnerability of the intelligent terminal device according to claim 2, wherein the judging whether the information of each detection item is matched with the vulnerability influence range information of the test case set to be executed comprises:
judging whether the type information of each detection item is matched with the vulnerability influence type range information of the test case set to be executed;
and judging whether the version information of each detection item is matched with the vulnerability influence version range information of the test case set to be executed.
5. The method for detecting the vulnerability of the intelligent terminal equipment according to claim 1, wherein judging whether the intelligent terminal equipment to be detected has the vulnerability according to the test result comprises:
judging whether the behavior characteristics corresponding to the test case set occur in the intelligent terminal equipment to be detected or not according to the test result; if so, the vulnerability corresponding to the test case set exists in the intelligent terminal equipment to be detected; otherwise, the intelligent terminal device to be detected does not have the bug corresponding to the test case set.
6. The vulnerability detection method of intelligent terminal equipment according to claim 1, further comprising:
and for each vulnerability, after the test result of the test case set corresponding to the vulnerability is judged, restoring the intelligent terminal device to be detected to be in an initial state, and executing the test case set corresponding to the next vulnerability.
7. The utility model provides a leak detection device of intelligent terminal equipment which characterized in that includes:
the system comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring behavior characteristics and vulnerability influence range information when each vulnerability of the intelligent terminal equipment occurs; the vulnerability is known vulnerability, and the behavior characteristics of the vulnerability when the vulnerability occurs are known behavior characteristics; the known vulnerabilities include: buffer overflow loopholes, integer overflow loopholes, out-of-range access loopholes, formatted character string loopholes, data illegal tampering loopholes, memory destruction loopholes, post-release reuse and secondary release loopholes, race condition loopholes, logic design loopholes, and type confusion loopholes; known behavioral characteristics include: buffer overflow, illegal tampering of data, information leakage, program execution flow exception, program/system crash, and/or illegal results; each vulnerability at least has one behavior characteristic, and the behavior characteristics of each vulnerability may be the same or different;
the compiling unit is used for compiling a test case set for triggering the vulnerability according to the behavior characteristics of the vulnerability and the vulnerability influence range information; the compiling unit is specifically used for correspondingly compiling a test case set for triggering each bug according to the known behavior characteristics and bug influence range information of each bug when the bug occurs, wherein each bug has one or more behavior characteristics, at least one test case capable of triggering the corresponding bug is compiled according to the behavior characteristics, the corresponding test case set is composed of at least one test case, and the test case set is used for triggering a corresponding bug;
according to the known behavior characteristics and vulnerability influence range information of each vulnerability when the vulnerability occurs, the corresponding writing of the test case set for triggering the vulnerability comprises the following steps: writing a target buffer area applying for overflow and a test case set of adjacent detection variables according to the behavior characteristic buffer area overflow, the vulnerability influence type range information and the vulnerability influence version range information; after the test case set is executed, directly outputting variables or checking the contents of the variables in a debugger mode, if the contents are changed, indicating that the detected intelligent terminal has corresponding bugs, otherwise, indicating that the bugs do not exist;
the reading unit is used for reading the information of the detection items of the intelligent terminal equipment to be detected;
the first judgment unit is used for judging whether the information of each detection item is matched with the vulnerability influence range information of the test case set to be executed;
the execution unit is used for executing the test case set on the matched detection item and acquiring a test result if the test case set is matched with the detection item;
and the second judging unit is used for judging whether the intelligent terminal equipment to be detected has a leak according to the test result.
8. The vulnerability detection apparatus of intelligent terminal device according to claim 7, wherein the detection items of the intelligent terminal device to be detected include: the system comprises an operating system, a kernel, application software, a Bluetooth module and a wifi module; the information of the detection item includes: type information and version information; the vulnerability influence scope information comprises: vulnerability impact type range information and vulnerability impact version range information.
9. The intelligent terminal device vulnerability detection apparatus of claim 8, further comprising:
the Bluetooth communication interaction unit is used for carrying out communication interaction with the Bluetooth module;
and the wifi communication interaction unit is used for carrying out communication interaction with the wifi module.
10. The vulnerability detection apparatus of intelligent terminal device according to claim 8, wherein the first judgment unit comprises:
the type information judging module is used for judging whether the type information of each detection item is matched with the vulnerability influence type range information of the test case set to be executed;
and the version information judging module is used for judging whether the version information of each detection item is matched with the vulnerability influence version range information of the test case set to be executed.
11. The vulnerability detection apparatus of intelligent terminal device according to claim 7, wherein the second judgment unit is specifically configured to:
judging whether the behavior characteristics corresponding to the test case set occur in the intelligent terminal equipment to be detected or not according to the test result; if so, the vulnerability corresponding to the test case set exists in the intelligent terminal equipment to be detected; otherwise, the intelligent terminal device to be detected does not have the bug corresponding to the test case set.
12. The vulnerability detection apparatus of intelligent terminal device of claim 7, further comprising:
and the recovery unit is used for recovering the intelligent terminal equipment to be detected to be in an initial state after the test result of the test case set corresponding to each bug is judged, and then executing the test case set corresponding to the next bug.
13. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor when executing the program performs the steps of:
acquiring behavior characteristics and vulnerability influence range information of each vulnerability of the intelligent terminal equipment when the vulnerability occurs; the vulnerability is known vulnerability, and the behavior characteristics of the vulnerability when the vulnerability occurs are known behavior characteristics; the known vulnerabilities include: buffer overflow loopholes, integer overflow loopholes, out-of-range access loopholes, formatted character string loopholes, data illegal tampering loopholes, memory destruction loopholes, post-release reuse and secondary release loopholes, race condition loopholes, logic design loopholes, and type confusion loopholes; known behavioral characteristics include: buffer overflow, illegal tampering of data, information leakage, program execution flow exception, program/system crash, and/or illegal results; each vulnerability at least has one behavior characteristic, and the behavior characteristics of each vulnerability may be the same or different;
writing a test case set for triggering the vulnerability according to the behavior characteristics of the vulnerability and the vulnerability influence range information; the method comprises the following steps: correspondingly writing a test case set for triggering each bug according to behavior characteristics and bug influence range information of each bug when the bug occurs, which are known by all intelligent terminal equipment, wherein each bug has one or more behavior characteristics, writing at least one test case capable of triggering the corresponding bug according to the behavior characteristics, forming the corresponding test case set by the at least one test case, and the test case set is used for triggering the corresponding bug;
according to the known behavior characteristics and vulnerability influence range information of each vulnerability when the vulnerability occurs, the corresponding writing of the test case set for triggering the vulnerability comprises the following steps: writing a target buffer area applying for overflow and a test case set of adjacent detection variables according to the behavior characteristic buffer area overflow, the vulnerability influence type range information and the vulnerability influence version range information; after the test case set is executed, directly outputting variables or checking the contents of the variables in a debugger mode, if the contents are changed, indicating that the detected intelligent terminal has corresponding bugs, otherwise, indicating that the bugs do not exist;
reading information of a detection item of intelligent terminal equipment to be detected;
judging whether the information of each detection item is matched with the vulnerability influence range information of the test case set to be executed;
if so, executing the test case set on the matched detection item, and acquiring a test result;
and judging whether the intelligent terminal equipment to be detected has a leak or not according to the test result.
14. A computer-readable storage medium, on which a computer program is stored, which program, when executed by a processor, carries out the steps of:
acquiring behavior characteristics and vulnerability influence range information of each vulnerability of the intelligent terminal equipment when the vulnerability occurs; the vulnerability is known vulnerability, and the behavior characteristics of the vulnerability when the vulnerability occurs are known behavior characteristics; the known vulnerabilities include: buffer overflow loopholes, integer overflow loopholes, out-of-range access loopholes, formatted character string loopholes, data illegal tampering loopholes, memory destruction loopholes, post-release reuse and secondary release loopholes, race condition loopholes, logic design loopholes, and type confusion loopholes; known behavioral characteristics include: buffer overflow, illegal tampering of data, information leakage, program execution flow exception, program/system crash, and/or illegal results; each vulnerability at least has one behavior characteristic, and the behavior characteristics of each vulnerability may be the same or different;
writing a test case set for triggering the vulnerability according to the behavior characteristics of the vulnerability and the vulnerability influence range information; the method comprises the following steps: correspondingly writing a test case set for triggering each bug according to behavior characteristics and bug influence range information of each bug when the bug occurs, which are known by all intelligent terminal equipment, wherein each bug has one or more behavior characteristics, writing at least one test case capable of triggering the corresponding bug according to the behavior characteristics, forming the corresponding test case set by the at least one test case, and the test case set is used for triggering the corresponding bug;
according to the known behavior characteristics and vulnerability influence range information of each vulnerability when the vulnerability occurs, the corresponding writing of the test case set for triggering the vulnerability comprises the following steps: writing a target buffer area applying for overflow and a test case set of adjacent detection variables according to the behavior characteristic buffer area overflow, the vulnerability influence type range information and the vulnerability influence version range information; after the test case set is executed, directly outputting variables or checking the contents of the variables in a debugger mode, if the contents are changed, indicating that the detected intelligent terminal has corresponding bugs, otherwise, indicating that the bugs do not exist;
reading information of a detection item of intelligent terminal equipment to be detected;
judging whether the information of each detection item is matched with the vulnerability influence range information of the test case set to be executed;
if so, executing the test case set on the matched detection item, and acquiring a test result;
and judging whether the intelligent terminal equipment to be detected has a leak or not according to the test result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711442204.0A CN108197476B (en) | 2017-12-27 | 2017-12-27 | Vulnerability detection method and device for intelligent terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711442204.0A CN108197476B (en) | 2017-12-27 | 2017-12-27 | Vulnerability detection method and device for intelligent terminal equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108197476A CN108197476A (en) | 2018-06-22 |
| CN108197476B true CN108197476B (en) | 2020-12-08 |
Family
ID=62584475
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711442204.0A Active CN108197476B (en) | 2017-12-27 | 2017-12-27 | Vulnerability detection method and device for intelligent terminal equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108197476B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109711166B (en) * | 2018-12-17 | 2020-12-11 | 北京知道创宇信息技术股份有限公司 | Vulnerability detection method and device |
| CN110572399B (en) * | 2019-09-10 | 2022-05-20 | 阿波罗智联(北京)科技有限公司 | Vulnerability detection processing method, device, equipment and storage medium |
| CN110674508B (en) * | 2019-09-23 | 2021-08-03 | 北京智游网安科技有限公司 | Android component detection processing method, detection terminal and storage medium |
| CN115080977B (en) * | 2022-05-06 | 2023-06-30 | 北京结慧科技有限公司 | Security vulnerability defending method, system, computer equipment and storage medium |
| CN115118498B (en) * | 2022-06-28 | 2023-11-28 | 北京中科微澜科技有限公司 | Vulnerability data analysis method and system based on relevance |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101847117A (en) * | 2009-03-23 | 2010-09-29 | 中兴通讯股份有限公司 | Unit testing method and device |
| CN107368417A (en) * | 2017-07-25 | 2017-11-21 | 中国人民解放军63928部队 | A kind of bug excavation technical testing model and method of testing |
-
2017
- 2017-12-27 CN CN201711442204.0A patent/CN108197476B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101847117A (en) * | 2009-03-23 | 2010-09-29 | 中兴通讯股份有限公司 | Unit testing method and device |
| CN107368417A (en) * | 2017-07-25 | 2017-11-21 | 中国人民解放军63928部队 | A kind of bug excavation technical testing model and method of testing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108197476A (en) | 2018-06-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108197476B (en) | Vulnerability detection method and device for intelligent terminal equipment | |
| CN106371940B (en) | Method and device for solving program crash | |
| CN106991324B (en) | Malicious code tracking and identifying method based on memory protection type monitoring | |
| CN107783776B (en) | Processing method and device of firmware upgrade package and electronic equipment | |
| CN108763951B (en) | Data protection method and device | |
| CN103778373A (en) | Virus detection method and device | |
| CN109255235B (en) | Mobile application third-party library isolation method based on user state sandbox | |
| CN112527674B (en) | AI frame safety evaluation method, device, equipment and storage medium | |
| CN110855642B (en) | Application vulnerability detection method and device, electronic equipment and storage medium | |
| CN110209520B (en) | Method and device for improving SSD (solid State disk) testing efficiency, computer equipment and storage medium | |
| CN104361285A (en) | Method and device for detecting security of application programs of mobile devices | |
| CN103902908A (en) | Method and system for detecting malicious codes of Android reinforced applications | |
| KR20210061446A (en) | Safety-related data stream detection method | |
| US11461472B2 (en) | Automatic correctness and performance measurement of binary transformation systems | |
| CN110414218B (en) | Kernel detection method and device, electronic equipment and storage medium | |
| CN112925524A (en) | Method and device for detecting unsafe direct memory access in driver | |
| CN105205398A (en) | Shell checking method based on dynamic behaviors of APK (android package) packing software | |
| CN107368713B (en) | Protect the method and security component of software | |
| CN110765008A (en) | Data processing method and device | |
| CN107844703B (en) | Client security detection method and device based on Android platform Unity3D game | |
| CN109033821A (en) | A kind of Stack Smashing Protection System and method | |
| CN115795489A (en) | Software vulnerability static analysis method and device based on hardware-level process tracking | |
| CN113312623B (en) | Process detection method and device in access control, electronic equipment and storage medium | |
| Jurn et al. | A survey of automated root cause analysis of software vulnerability | |
| KR101842263B1 (en) | Method and apparatus for preventing reverse engineering |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |