CN113010901B - Automatic security inspection method and terminal based on asset model - Google Patents

Automatic security inspection method and terminal based on asset model Download PDF

Info

Publication number
CN113010901B
CN113010901B CN202110450013.9A CN202110450013A CN113010901B CN 113010901 B CN113010901 B CN 113010901B CN 202110450013 A CN202110450013 A CN 202110450013A CN 113010901 B CN113010901 B CN 113010901B
Authority
CN
China
Prior art keywords
asset
data
checked
oval
virtualized
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110450013.9A
Other languages
Chinese (zh)
Other versions
CN113010901A (en
Inventor
李杏萍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Weiyuan Pilot Technology Co ltd
Original Assignee
Shenzhen Weiyuan Pilot Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Weiyuan Pilot Technology Co ltd filed Critical Shenzhen Weiyuan Pilot Technology Co ltd
Priority to CN202110450013.9A priority Critical patent/CN113010901B/en
Publication of CN113010901A publication Critical patent/CN113010901A/en
Application granted granted Critical
Publication of CN113010901B publication Critical patent/CN113010901B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/10Text processing
    • G06F40/166Editing, e.g. inserting or deleting
    • G06F40/186Templates

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Audiology, Speech & Language Pathology (AREA)
  • Computational Linguistics (AREA)
  • General Health & Medical Sciences (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses an automatic security inspection method and terminal based on an asset model, wherein a virtual definition is established in an OVAL (virtual automatic control protocol) according to the grammar of the OVAL by additionally arranging an asset information model in a SCAP (supervisory control protocol); when automatic safety inspection is carried out, if the OVAL engine cannot acquire data to be inspected required by the automatic safety inspection through a standard data acquisition path, acquiring the data to be inspected from a corresponding asset information model through a virtualized data acquisition path based on the virtualized definition; because the established virtualization definition is in compliance with the OVAL grammar, the virtualization definition can still be used as a normal semantic in the OVAL, and the data source of the virtualization definition is interpreted as an asset information model, so that the content of asset description is enriched, the data to be checked can be flexibly acquired through the virtualization definition, the universality of SCAP is improved, and the method is suitable for various complex security check scenes.

Description

Automatic security inspection method and terminal based on asset model
Technical Field
The invention relates to the field of asset management, in particular to an automatic security inspection method and terminal based on an asset model.
Background
Description of assets using CPE (Common Platform Enumeration, universal platform enumeration) in SCAP (security content automatic protocol, secure content automation protocol); using XCDF (Extensible Configuration Checklist Description Format, extensible configuration list description format) to describe the inspection list used by automatic inspection, and having the functions of cutting out inspection items and reporting and displaying; technical details of vulnerabilities, patches, assets or configuration inspections are described using an OVAL (Open Vulnerability and Assessment Language ), specific inspection methods are defined, and CPE is dependent on the OVAL, XCDF is built on top of CPE and OVAL.
However, SCAP suffers from the following disadvantages: firstly, CPE only contains name and version information, and the coverage of the information of the contained software asset is seriously insufficient, so that SCAP has larger limitation on the description of the asset; secondly, both XCCDF and CPE ultimately depend on asset identification capability of the OVAL, however, the OVAL has some specific identification methods for operating system software, but has great limitation for identification of other software, so that inspection rules of the OVAL cannot meet the requirements of flexibility and complexity of asset identification, and further limit the capability of the whole SCAP.
Disclosure of Invention
The technical problems to be solved by the invention are as follows: the automatic security inspection method and the terminal based on the asset model are applicable to various complex security inspection scenes and ensure that security inspection is automatically carried out.
In order to solve the technical problems, the invention adopts the following technical scheme:
an automated security inspection method based on an asset model, comprising the steps of:
adding an asset information model in the SCAP, and establishing a virtualization definition in the OVAL;
acquiring an automatic safety inspection request, judging whether an OVAL engine can acquire data to be inspected required by the automatic safety inspection request through a standard data acquisition path, if so, directly acquiring the data to be inspected, and if not, acquiring the data to be inspected from a corresponding asset information model through a virtualized data acquisition path based on the virtualized definition;
and carrying out automatic safety inspection according to a standard inspection method of an OVAL engine based on the data to be inspected.
In order to solve the technical problems, the invention adopts another technical scheme that:
an automated security inspection terminal based on an asset model, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the computer program:
Adding an asset information model in the SCAP, and establishing a virtualization definition in the OVAL;
acquiring an automatic safety inspection request, judging whether an OVAL engine can acquire data to be inspected required by the automatic safety inspection request through a standard data acquisition path, if so, directly acquiring the data to be inspected, and if not, acquiring the data to be inspected from a corresponding asset information model through a virtualized data acquisition path based on the virtualized definition;
and carrying out automatic safety inspection according to a standard inspection method of an OVAL engine based on the data to be inspected.
The invention has the beneficial effects that: establishing a virtualization definition in OVAL by adding an asset information model in SCAP and conforming to the grammar of OVAL; when automatic safety inspection is carried out, if the OVAL engine cannot acquire data to be inspected required by the automatic safety inspection through a standard data acquisition path, acquiring the data to be inspected from a corresponding asset information model through a virtualized data acquisition path based on the virtualized definition; because the built virtualization definition is in compliance with the OVAL grammar, the OVAL engine is introduced with the capability of interpreting the virtualization definition, the OVAL can still be used as a normal semantic, the data source of the virtualization definition is interpreted as an asset information model, the data of the asset information model is used in the definition of the OVAL through the virtualized OVAL definition, the semantic of the OVAL is expanded, the content of asset description is enriched, and the problem that SCAP in the prior art has less description of the asset is overcome; the invention enriches the content of asset description by using the asset information model based on the data to be checked according to the standard checking method of the OVAL engine, and flexibly acquires the data to be checked from the asset information model by virtualization definition based on the virtualization of the OVAL, thereby greatly improving the universality of SCAP and being suitable for various complex security checking scenes.
Drawings
FIG. 1 is a flow chart of an automated security inspection method based on an asset model according to an embodiment of the invention;
FIG. 2 is a schematic diagram of an asset model-based automated security inspection terminal according to an embodiment of the present invention;
FIG. 3 is a diagram of the relationship between an asset identification engine and an asset information model of an automated security inspection method based on an asset model according to an embodiment of the present invention;
FIG. 4 is a block diagram of an asset information model of an automated security inspection method based on an asset model, in accordance with an embodiment of the present invention;
FIG. 5 is a diagram of an improvement in asset and knowledge base expression for an automated security inspection method based on an asset model, in accordance with an embodiment of the invention;
FIG. 6 is a diagram showing an improvement of SCAP dependency levels of an automated security inspection method based on an asset model, according to an embodiment of the present invention;
FIG. 7 is a diagram of the OVAL structure of an automated security inspection method based on an asset model according to an embodiment of the present invention;
FIG. 8 is a timing diagram of acquiring inspection data for an automated security inspection method based on an asset model according to an embodiment of the invention;
FIG. 9 is a diagram of the OVAL structure when the data is acquired by the environmental object of the asset model-based automated security inspection method according to the embodiment of the present invention;
FIG. 10 is a diagram of the OVAL structure when data is acquired using external variables for an asset model based automated security inspection method in accordance with an embodiment of the present invention;
FIG. 11 is a timing diagram of determining inspection templates, inspection items, and CPE expressions for an automated security inspection method based on an asset model in accordance with an embodiment of the present invention;
FIG. 12 is a CPE dependency graph of an automated security inspection method based on an asset model according to an embodiment of the present invention;
fig. 13 is a CPE interface improvement diagram of an automated security inspection method based on an asset model according to an embodiment of the present invention.
Detailed Description
In order to describe the technical contents, the achieved objects and effects of the present invention in detail, the following description will be made with reference to the embodiments in conjunction with the accompanying drawings.
Referring to fig. 1, an embodiment of the present invention provides an automated security inspection method based on an asset model, including the steps of:
adding an asset information model in the SCAP, and establishing a virtualization definition in the OVAL;
acquiring an automatic safety inspection request, judging whether an OVAL engine can acquire data to be inspected required by the automatic safety inspection request through a standard data acquisition path, if so, directly acquiring the data to be inspected, and if not, acquiring the data to be inspected from a corresponding asset information model through a virtualized data acquisition path based on the virtualized definition;
And carrying out automatic safety inspection according to a standard inspection method of an OVAL engine based on the data to be inspected.
From the above description, the beneficial effects of the invention are as follows: establishing a virtualization definition in OVAL by adding an asset information model in SCAP and conforming to the grammar of OVAL; when automatic safety inspection is carried out, if the OVAL engine cannot acquire data to be inspected required by the automatic safety inspection through a standard data acquisition path, acquiring the data to be inspected from a corresponding asset information model through a virtualized data acquisition path based on the virtualized definition; because the built virtualization definition is in accordance with the OVAL grammar, the capability of interpreting the virtualization definition is introduced into the OVAL, the OVAL can still be used as a normal semantic, the data source of the virtualization definition is interpreted as an asset information model, the data of the asset information model is used in the definition of the OVAL through the virtualized OVAL definition, the semantic of the OVAL is expanded, the content of asset description is enriched, and the problem that SCAP describes the asset less in the prior art is overcome; the invention enriches the content of asset description by using the asset information model based on the data to be checked according to the standard checking method of the OVAL engine, and flexibly acquires the data to be checked from the asset information model by virtualization definition based on the virtualization of the OVAL, thereby greatly improving the universality of SCAP and being suitable for various complex security checking scenes.
Further, the method further comprises the following steps:
adding an asset identification engine in the SCAP;
the obtaining the data to be inspected from the corresponding asset information model through the virtualized data acquisition path based on the virtualized definition includes:
generating an asset instance corresponding to the data to be checked through the asset information model based on the virtualization definition;
identifying the asset instance by the asset identification engine and obtaining the data to be inspected from the asset instance.
As can be seen from the above description, the asset recognition engine recognizes the asset instance, and obtains the data to be inspected from the asset instance, so that the semantics of the OVAL can be expanded, and the inspection method of the OVAL engine is enriched, so as to cope with a complex automated inspection environment.
Further, the determining whether the OVAL engine can obtain the data to be inspected required by the automated security inspection request through a standard data acquisition path, if so, directly obtaining the data to be inspected, and if not, obtaining the data to be inspected from the corresponding asset information model through a virtualized data acquisition path based on the virtualized definition includes:
judging whether the data to be checked required by the automatic security check request can be acquired through an environment object in an OVAL engine, if so, directly acquiring the data to be checked through the environment object;
If not, generating an asset instance corresponding to the data to be checked through the asset information model based on the virtualized environment object, and naming the virtualized environment object according to the automatic security check request;
identifying the asset instance by the asset identification engine, and acquiring the data to be checked from the asset instance according to the name of the virtualized environment object;
or judging whether the data to be checked required by the automatic security check request can be acquired through an external variable in an OVAL engine, if so, directly acquiring the check data through the external variable;
if not, generating an asset instance corresponding to the data to be checked through the asset information model based on the virtualized external variable, and setting the ID of the virtualized external variable according to the automatic security check request;
and identifying the asset instance through the asset identification engine, and acquiring the data to be checked from the asset instance according to the ID of the virtualized external variable.
As can be seen from the above description, when the standard data collection method in the OVAL engine cannot obtain the data to be checked, the data to be checked is searched from the asset instance by establishing the virtualized environment object or establishing the virtualized external variable, and the basic information of the virtualized environment variable or the virtualized external variable is adaptively set, so that the data of the asset instance can be used as a normal semantic in the OVAL, and the data of the asset instance is used in the OVAL while following the syntax of the OVAL, thereby enriching the checking method of the OVAL engine and improving the versatility of the checking method.
Further, the acquiring an automated security inspection request includes, after:
generating a corresponding checking method according to all checking data required by the automatic security checking request;
generating an asset instance corresponding to the automatic security check request through the asset information model, identifying the asset type of the asset instance, and determining a corresponding check template through the asset type and the check method;
acquiring a corresponding CPE expression according to the inspection template, judging whether the asset instance can be detected based on the CPE expression, if so, judging whether an OVAL engine can acquire data to be inspected required by the automatic security inspection request through a standard data acquisition path, and if not, not detecting the asset instance;
the obtaining the data to be checked from the corresponding asset information model includes:
interpreting the CPE expression by an asset recognition engine;
matching corresponding asset examples based on the interpretation result and a matching specification generated after the CPE engine is matched with the asset information model;
and acquiring the inspection data corresponding to the asset instance through an interface of the asset identification engine.
As can be seen from the above description, determining an inspection template and a corresponding CPE expression according to the asset type, and determining whether the asset instance is suitable for the inspection method in the inspection template according to the calculation result of the asset instance on the CPE expression, if so, determining whether the OVAL engine can acquire the data to be inspected required by the automated security inspection request through a standard data acquisition path; therefore, the CPE expression can be determined by the inspection template to judge the applicability before the inspection, so that the error inspection result caused by the inapplicability of the inspection template is avoided; the method comprises the steps that the checking data of the asset instance are obtained through the CPE and the asset identification engine, and the CPE is adapted to the asset information model to generate corresponding expression specifications and matching specifications, so that the expression capability of the CPE can be improved, and the interpretation and matching of the expression specifications of the CPE depend on the asset identification engine, so that the management of the asset identification engine is facilitated, and the universality of asset checking is improved; it follows that the XCCDF engine and CPE engine can directly acquire data through the asset identification engine, rather than relying solely on the OVAL engine to acquire data.
Further, the creation of the virtualization definition in the OVAL is replaced by the addition of asset attribute elements in the OVAL;
Judging whether the OVAL engine can acquire the data to be checked required by the automatic security check request through a standard data acquisition path, if so, directly acquiring the data to be checked, and if not, acquiring the data to be checked from a corresponding asset information model through a virtualized data acquisition path based on the virtualized definition, wherein the data to be checked is replaced by:
and determining data to be checked required by the automatic security check request, determining corresponding asset attribute elements according to the data to be checked, judging whether the asset attribute elements are the added asset attribute elements, and if yes, acquiring the data to be checked from a corresponding asset information model based on the added asset attribute elements.
It can be seen from the above description that, by introducing new semantics into the OVAL, adding an asset attribute element, which has a corresponding syntax, that is, a corresponding acquisition path, thereby expanding the semantics and syntax of the OVAL, enabling the added asset attribute element to be used as standard semantics, no longer requiring to establish virtual definitions in the OVAL by a virtualization method, and acquiring the data to be checked from a corresponding asset information model based on the added asset attribute element, that is, expanding the syntax of the OVAL, enriching the expression capability of the OVAL and reducing the complexity of automated security check.
Referring to fig. 2, another embodiment of the present invention provides an automated security inspection terminal based on an asset model, including a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the following steps when executing the computer program:
adding an asset information model in the SCAP, and establishing a virtualization definition in the OVAL;
acquiring an automatic safety inspection request, judging whether an OVAL engine can acquire data to be inspected required by the automatic safety inspection request through a standard data acquisition path, if so, directly acquiring the data to be inspected, and if not, acquiring the data to be inspected from a corresponding asset information model through a virtualized data acquisition path based on the virtualized definition;
and carrying out automatic safety inspection according to a standard inspection method of an OVAL engine based on the data to be inspected.
As can be seen from the above description, by adding an asset information model in SCAP and building a virtualization definition in OVAL in compliance with the syntax of OVAL; when automatic safety inspection is carried out, if the OVAL engine cannot acquire data to be inspected required by the automatic safety inspection through a standard data acquisition path, acquiring the data to be inspected from a corresponding asset information model through a virtualized data acquisition path based on the virtualized definition; because the built virtualization definition is in compliance with the OVAL grammar, the OVAL engine is introduced with the capability of interpreting the virtualization definition, the OVAL can still be used as a normal semantic, the data source of the virtualization definition is interpreted as an asset information model, the data of the asset information model is used in the definition of the OVAL through the virtualized OVAL definition, the semantic of the OVAL is expanded, the content of asset description is enriched, and the problem that SCAP in the prior art has less description of the asset is overcome; the invention enriches the content of asset description by using the asset information model based on the data to be checked according to the standard checking method of the OVAL engine, and flexibly acquires the data to be checked from the asset information model by virtualization definition based on the virtualization of the OVAL, thereby greatly improving the universality of SCAP and being suitable for various complex security checking scenes.
Further, the method further comprises the following steps:
adding an asset identification engine in the SCAP;
the obtaining the data to be inspected from the corresponding asset information model through the virtualized data acquisition path based on the virtualized definition includes:
generating an asset instance corresponding to the data to be checked through the asset information model based on the virtualization definition;
identifying the asset instance by the asset identification engine and obtaining the data to be inspected from the asset instance.
As can be seen from the above description, the asset recognition engine recognizes the asset instance, and obtains the data to be inspected from the asset instance, so that the semantics of the OVAL can be expanded, and the inspection method of the OVAL engine is enriched, so as to cope with a complex automated inspection environment.
Further, the determining whether the OVAL engine can obtain the data to be inspected required by the automated security inspection request through a standard data acquisition path, if so, directly obtaining the data to be inspected, and if not, obtaining the data to be inspected from the corresponding asset information model through a virtualized data acquisition path based on the virtualized definition includes:
judging whether the data to be checked required by the automatic security check request can be acquired through an environment object in an OVAL engine, if so, directly acquiring the data to be checked through the environment object;
If not, generating an asset instance corresponding to the data to be checked through the asset information model based on the virtualized environment object, and naming the virtualized environment object according to the automatic security check request;
identifying the asset instance by the asset identification engine, and acquiring the data to be checked from the asset instance according to the name of the virtualized environment object;
or judging whether the data to be checked required by the automatic security check request can be acquired through an external variable in an OVAL engine, if so, directly acquiring the check data through the external variable;
if not, generating an asset instance corresponding to the data to be checked through the asset information model based on the virtualized external variable, and setting the ID of the virtualized external variable according to the automatic security check request;
and identifying the asset instance through the asset identification engine, and acquiring the data to be checked from the asset instance according to the ID of the virtualized external variable.
As can be seen from the above description, when the standard data collection method in the OVAL engine cannot obtain the data to be checked, the data to be checked is searched from the asset instance by establishing the virtualized environment object or establishing the virtualized external variable, and the basic information of the virtualized environment variable or the virtualized external variable is adaptively set, so that the data of the asset instance can be used as a normal semantic in the OVAL, and the data of the asset instance is used in the OVAL while following the syntax of the OVAL, thereby enriching the checking method of the OVAL engine and improving the versatility of the checking method.
Further, the acquiring an automated security inspection request includes, after:
generating a corresponding checking method according to all checking data required by the automatic security checking request;
generating an asset instance corresponding to the automatic security check request through the asset information model, identifying the asset type of the asset instance, and determining a corresponding check template through the asset type and the check method;
acquiring a corresponding CPE expression according to the inspection template, judging whether the asset instance can be detected based on the CPE expression, if so, judging whether an OVAL engine can acquire data to be inspected required by the automatic security inspection request through a standard data acquisition path, and if not, not detecting the asset instance;
the obtaining the data to be checked from the corresponding asset information model includes:
interpreting the CPE expression by an asset recognition engine;
matching corresponding asset examples based on the interpretation result and a matching specification generated after the CPE engine is matched with the asset information model;
and acquiring the inspection data corresponding to the asset instance through an interface of the asset identification engine.
As can be seen from the above description, determining an inspection template and a corresponding CPE expression according to the asset type, and determining whether the asset instance is suitable for the inspection method in the inspection template according to the calculation result of the asset instance on the CPE expression, if so, determining whether the OVAL engine can acquire the data to be inspected required by the automated security inspection request through a standard data acquisition path; therefore, the CPE expression can be determined by the inspection template to judge the applicability before the inspection, so that the error inspection result caused by the inapplicability of the inspection template is avoided; the method comprises the steps that the checking data of the asset instance are obtained through the CPE and the asset identification engine, and the CPE is adapted to the asset information model to generate corresponding expression specifications and matching specifications, so that the expression capability of the CPE can be improved, and the interpretation and matching of the expression specifications of the CPE depend on the asset identification engine, so that the management of the asset identification engine is facilitated, and the universality of asset checking is improved; it follows that the XCCDF engine and CPE engine can directly acquire data through the asset identification engine, rather than relying solely on the OVAL engine to acquire data.
Further, the creation of the virtualization definition in the OVAL is replaced by the addition of asset attribute elements in the OVAL;
Judging whether the OVAL engine can acquire the data to be checked required by the automatic security check request through a standard data acquisition path, if so, directly acquiring the data to be checked, and if not, acquiring the data to be checked from a corresponding asset information model through a virtualized data acquisition path based on the virtualized definition, wherein the data to be checked is replaced by:
and determining data to be checked required by the automatic security check request, determining corresponding asset attribute elements according to the data to be checked, judging whether the asset attribute elements are the added asset attribute elements, and if yes, acquiring the data to be checked from a corresponding asset information model based on the added asset attribute elements.
It can be seen from the above description that, by introducing new semantics into the OVAL, adding an asset attribute element, which has a corresponding syntax, that is, a corresponding acquisition path, thereby expanding the semantics and syntax of the OVAL, enabling the added asset attribute element to be used as standard semantics, no longer requiring to establish virtual definitions in the OVAL by a virtualization method, and acquiring the data to be checked from a corresponding asset information model based on the added asset attribute element, that is, expanding the syntax of the OVAL, enriching the expression capability of the OVAL and reducing the complexity of automated security check.
The automatic security inspection method and the terminal based on the asset model can independently describe the asset based on the SCAP, so that the description and management capability of the SCAP asset is improved, the method and the terminal are applicable to various complicated scenes of automatic security inspection, and the description is carried out by the following specific embodiments:
example 1
Referring to fig. 1, an automated security inspection method based on an asset model includes the steps of:
s1, adding an asset information model in SCAP, and establishing virtualization definition in OVAL;
wherein, still include: adding an asset identification engine in the SCAP;
referring to fig. 3 and 4, the asset recognition engine can output an asset information model and provide an asset interface, wherein the asset information model comprises an asset general model, an asset extension model and an asset knowledge base, and the asset knowledge base comprises knowledge base information with different dimensions;
the asset general model comprises type information, installation information, configuration information, update information and operation information, wherein the type information comprises, but is not limited to, name and version information of an asset instance and can be used as identification of an asset type; the installation information is the installation position of the asset instance; the configuration information comprises configuration file information and log file information of the asset instance; the update information includes patch information for the asset instance; the operational information includes operational status information for the asset instance;
Specifically, referring to fig. 5, in the conventional SCAP, an inspection method is defined by using an OVAL engine, asset identification is performed by using a CPE engine, and inspection items are defined by using an XCCDF engine; in the embodiment, an asset information model is additionally arranged on the basis of the SCAP, and the OVAL, CPE and XCDF engines are adapted to the asset information model, so that asset information is independent from the SCAP, the purpose that the OVAL, CPE and XCDF engines acquire information of the asset information model through an adaptation layer is achieved, and the capability of the SCAP in asset description and management is improved;
specifically, referring to fig. 6, in this embodiment, an asset recognition engine is added on the SCAP basis, and the asset recognition engine can generate a standard asset information model and provide the asset information model to the OVAL, CPE and XCCDF engines through an asset interface;
s2, acquiring an automatic safety inspection request, judging whether an OVAL engine can acquire data to be inspected required by the automatic safety inspection request through a standard data acquisition path, if so, directly acquiring the data to be inspected, and if not, acquiring the data to be inspected from a corresponding asset information model through a virtualized data acquisition path based on the virtualized definition;
Wherein the obtaining the data to be inspected from the corresponding asset information model through the virtualized data acquisition path based on the virtualized definition includes:
generating an asset instance corresponding to the data to be checked through the asset information model based on the virtualization definition; identifying the asset instance by the asset identification engine and obtaining the data to be inspected from the asset instance;
judging whether a standard data acquisition method of an OVAL engine can acquire data to be checked of the automatic security check request, if so, directly acquiring the data to be checked through the data acquisition method, if not, defining a virtualized data acquisition method requiring the asset instance interpretation in the OVAL, and acquiring the data to be checked of the asset instance by using the virtualized data acquisition method;
specifically, referring to fig. 7, an asset type defines a corresponding inspection method set, where the inspection method set includes a plurality of inspection method elements (definitions), and each inspection method element includes: one or several test definition elements (test); a test definition element comprising an object definition element (object), not more than one object state definition element (state), and variable definition elements (variables), so that in this embodiment, the established virtualization definition includes a virtual test, a virtual object under test state, and a virtual variable;
Specifically, the virtual data acquisition method established based on the OVAL can acquire data to be checked in an asset instance based on the virtual definition, the virtual data acquisition method is used as a normal semantic in the OVAL, the source of the virtual checking data is an asset information model, the data of the asset information model can be used in the definition of the OVAL, and the semantic of the OVAL is expanded while conforming to the grammar of the OVAL, so that the checking method is more flexibly generated to be suitable for various scenes of automatic security check;
s3, carrying out automatic security inspection according to a standard inspection method of an OVAL engine based on the data to be inspected;
specifically, an XCDF inspection template corresponding to a standard inspection method of the OVAL engine is obtained, and automatic security inspection is carried out on data to be inspected one by one according to inspection items in the inspection template.
Example two
The present embodiment is different from the first embodiment in that how to acquire data to be inspected of an automated security inspection request is further defined:
in an optional implementation manner, whether the data to be checked required by the automatic security check request can be acquired through an environment object in an OVAL engine is judged, if yes, the data to be checked is directly acquired through the environment object;
If not, generating an asset instance corresponding to the data to be checked through the asset information model based on the virtualized environment object, and naming the virtualized environment object according to the automatic security check request;
identifying the asset instance by the asset identification engine, and acquiring the data to be checked from the asset instance according to the name of the virtualized environment object;
specifically, referring to fig. 8 and fig. 9, if the data to be checked of the automatic security check request can be collected by a standard environment object in the OVAL, the definition of the environment object is interpreted, and the data to be checked is obtained in the process or in the definition of the environment object of the system according to the name of the environment object by using the CollectData interface; if the data to be checked cannot be acquired by using the standard environment object in the OVAL, firstly generating an asset instance corresponding to the data to be checked through an asset information model based on the virtualized environment object, and naming the virtualized environment object according to the automatic security check request; for example, checking the installation PATH (PATH) of (INSTALL) in the installation information of TOMCAT asset, then naming the virtual environment object as TOMCAT_INSTALL_path; identifying an asset instance through the asset identification engine, and acquiring data to be checked in the asset instance according to the name of the virtualized environment object by using a CollectData interface;
In another optional implementation manner, whether the data to be checked required by the automatic security check request can be acquired through an external variable in the OVAL engine is judged, if yes, the check data is directly acquired through the external variable;
if not, generating an asset instance corresponding to the data to be checked through the asset information model based on the virtualized external variable, and setting the ID of the virtualized external variable according to the automatic security check request;
identifying the asset instance by the asset identification engine, and acquiring the data to be checked from the asset instance according to the ID of the virtualized external variable;
specifically, referring to fig. 8 and fig. 10, if the data to be inspected of the automatic security inspection request can be acquired through a standard external variable in the OVAL, acquiring inspection data corresponding to the external variable, including an ID and a data type of the external variable; if the OVAL does not have an external variable capable of acquiring the data to be checked, firstly generating an asset instance corresponding to the data to be checked through an asset information model based on the virtualized external variable, and setting an ID of the virtualized external variable according to an automatic security check request, wherein in the embodiment, the ID format of the external variable is id= "OVAL: domain.com: var: xxx", and the data to be checked can be acquired in the asset instance according to the ID of the virtualized external variable;
The method of virtualization definition is not limited to the virtualization environment object or the virtualization external variable, and can correspondingly establish a corresponding virtual test, a virtual check object state or a virtual variable according to requirements;
through the virtualization definition of the inspection objects and the variables in the OVAL, the corresponding inspection data can be searched from the asset instance data through the virtualization inspection objects or the virtualization variables, the data of the asset information model is applied to the OVAL while the grammar of the OVAL is followed, so that the adaption of the OVAL and the asset information model is realized, and the inspection method of the OVAL definition is expanded by adding the description of the asset on the basis of the original SCAP.
Example III
The present embodiment differs from the first or second embodiment in that it further defines how to adapt the asset information model to XDDCF:
specifically, the method for acquiring the automatic security check request includes:
generating a corresponding checking method according to all checking data required by the automatic security checking request;
generating an asset instance corresponding to the automatic security check request through the asset information model, identifying the asset type of the asset instance, and determining a corresponding check template through the asset type and the check method;
Acquiring a corresponding CPE expression according to the inspection template, judging whether the asset instance can be detected based on the CPE expression, if so, judging whether an OVAL engine can acquire data to be inspected required by the automatic security inspection request through a standard data acquisition path, and if not, not detecting the asset instance;
specifically, the inspection template carries a tag of an asset type, so that the asset type corresponding to the inspection template can be determined, therefore, the inspection template corresponds to different asset types, a knowledge base corresponding to the asset types can be established through the inspection template, in the embodiment, an asset instance is generated through an asset identification engine, the corresponding asset type is determined through the asset instance, and then the corresponding inspection template is determined through the asset type and an inspection method defined in an OVAL;
specifically, referring to fig. 11, in this embodiment, an XCCDF inspection template is used to perform inspection, according to the XCCDF inspection template, a corresponding CPE expression can be obtained, an asset instance identified by an asset identification engine is used to invoke a checkCPEExpress interface to evaluate the CPE expression, if the evaluation result is FALSE, a return is made, which indicates that the inspection template is not applicable to the asset instance; if the evaluation result is TRUE, performing applicability checking on each checking item in the checking template;
In addition to using XCCDF inspection templates, other inspection templates may be used, such as: a custom security policy check template similar to XCCDF semantics or based on asset type and attributes;
besides completing judgment of asset applicability by means of CPE expression, the application range can be calculated by directly utilizing the data of asset instance;
therefore XCCDF and CPE no longer rely on the OVAL engine alone, but rather can acquire the required data and make a judgment of applicability through the asset identification engine prior to the OVAL inspection; the judgment of the applicability is not limited to the XCDF inspection template and the CPE expression, and the inspection configuration can be adaptively changed in various complex inspection environments, so that the configuration of the automatic inspection is more flexible.
Example IV
The present embodiment differs from any of the first to third embodiments in that how the asset information model is adapted to the CPE is further defined:
specifically, obtaining the data to be inspected from the asset instance includes:
interpreting the CPE expression by an asset recognition engine;
matching corresponding asset examples based on the interpretation result and a matching specification generated after the CPE engine is matched with the asset information model;
Acquiring inspection data corresponding to the asset instance through an interface of an asset identification engine;
specifically, referring to fig. 12 and fig. 13, by adapting the CPE engine to the asset information model, an adapted CPE expression specification and a CPE matching specification are obtained, in which the expression capability of the CPE expression is increased, and logic operation capabilities such as version greater than, version greater than or equal to, version less than or equal to, and version less than or equal to are introduced; the interfaces for judging whether the two CPE expressions are contained or not and the interfaces for judging the sizes of the two CPE expressions according to the version information are added, so that whether the asset exists or not can be judged, the versions of the asset can be compared, and safety inspection of different types of asset examples is supported;
in the conventional SCAP, the CPE engine and the XCCDF engine both depend on the OVAL engine, but in this embodiment, the matching specification of the CPE, the interpretation of the CPE expression, and the query of the CPE list are submitted to the asset identification engine and the structure for processing, that is, the expression of the asset operation by the knowledge base is adapted, so that the knowledge base does not depend on the OVAL engine, thereby implementing the independent output of the asset identification engine and improving the expression capability of the asset.
Example five
The present embodiment differs from any of embodiments one through four in that the creation of a virtualization definition is replaced by adding an asset model element in the OVAL:
specifically, the creation of a virtualized definition in the OVAL is replaced by the addition of asset attribute elements in the OVAL;
judging whether the OVAL engine can acquire the data to be checked required by the automatic security check request through a standard data acquisition path, if so, directly acquiring the data to be checked, and if not, acquiring the data to be checked from a corresponding asset information model through a virtualized data acquisition path based on the virtualized definition, wherein the data to be checked is replaced by:
determining data to be checked required by the automatic security check request, determining corresponding asset attribute elements according to the data to be checked, judging whether the asset attribute elements are the added asset attribute elements, and if yes, acquiring the data to be checked from a corresponding asset information model based on the added asset attribute elements;
specifically, in this embodiment, an asset attribute element is added to an element of an OVAL, after data to be inspected is determined, whether the asset attribute element corresponding to the data to be inspected is an added asset attribute element is determined, if yes, the data to be inspected is obtained from a corresponding asset information model based on the added asset attribute element, and if not, the data to be inspected is obtained directly based on an original data acquisition path before the OVAL adds the asset attribute element;
That is, the original asset attribute elements in the OVAL have original standard data acquisition paths, namely original inherent semantics and grammar, after the asset attribute elements are added to the OVAL, new semantics and grammar are added, namely the asset attribute elements and corresponding paths for acquiring data to be checked are added, when the data to be checked are acquired, whether the corresponding asset attribute elements are added asset attribute elements is firstly judged, if so, the corresponding asset attribute elements belong to the new added semantics, the data to be checked are acquired according to the added new grammar, namely the data to be checked are acquired from the corresponding asset information model based on the added asset attribute elements, if not, the data to be checked can be acquired according to the original inherent semantics and grammar, namely the data to be checked are acquired directly according to the original standard data acquisition paths.
Example six
Referring to fig. 2, an asset model based automated security inspection terminal includes a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the asset model based automated security inspection method of any one of embodiments one through five when executing the computer program.
In summary, according to the automatic security inspection method and terminal based on the asset model provided by the invention, the asset information model is additionally arranged in the SCAP, and the virtualization definition is built in the OVAL according to the grammar of the OVAL; when automatic security inspection is performed, determining a corresponding XCDF inspection template and a corresponding CPE expression through an asset identification engine according to data to be inspected, and judging whether an asset instance can be applicable to the current inspection template through the CPE expression, wherein the inspection template is not limited to the XCDF inspection template, and can be inspected by using other inspection templates; the CPE is adapted to the asset information model to generate corresponding expression specifications and matching specifications, so that the expression capability of the CPE can be improved, and the interpretation and matching of the CPE expression specifications are dependent on the asset identification engine, so that the management of the asset identification engine is facilitated, and the universality of asset inspection is improved; if the OVAL engine cannot acquire the data to be checked required by the automatic security check through a standard data acquisition path, acquiring the data to be checked from a corresponding asset information model through a virtualized data acquisition path based on the virtualized definition, wherein the virtualized definition is preferably a virtual environment variable establishment, and the corresponding data to be checked can be acquired from an asset instance through the virtual environment variable establishment; because the built virtualization definition is in compliance with the OVAL grammar, the OVAL engine is introduced with the capability of interpreting the virtualization definition, the OVAL can still be used as a normal semantic, the data source of the virtualization definition is interpreted as an asset information model, and the data of the asset information model is used in the definition of the OVAL through the virtualized OVAL definition, so that the semantic of the OVAL is expanded, the content of asset description is enriched, and the problem that SCAP in the prior art has less description on the asset is overcome; the virtualization definition can be replaced by the asset attribute element of the standard in the OVAL, namely the new asset attribute element is directly added in the OVAL, the adaptation of the OVAL is carried out without using the virtualization definition, and the complexity of the automatic security check is reduced; the invention enriches the content of asset description by using the asset information model based on the data to be checked according to the standard checking method of the OVAL engine, and flexibly acquires the data to be checked from the asset information model through virtualization definition based on virtualization of the OVAL, and the XCDF and CPE not only depend on the OVAL, but also can acquire the data directly based on the asset identification engine when the applicability is judged, thereby greatly improving the universality of SCAPs and being suitable for various complex security checking scenes.
The foregoing description is only illustrative of the present invention and is not intended to limit the scope of the invention, and all equivalent changes made by the specification and drawings of the present invention, or direct or indirect application in the relevant art, are included in the scope of the present invention.

Claims (6)

1. An automated security inspection method based on an asset model, comprising the steps of:
adding an asset information model in the SCAP, and establishing a virtualization definition in the OVAL;
acquiring an automatic safety inspection request, judging whether an OVAL engine can acquire data to be inspected required by the automatic safety inspection request through a standard data acquisition path, if so, directly acquiring the data to be inspected, and if not, acquiring the data to be inspected from a corresponding asset information model through a virtualized data acquisition path based on the virtualized definition;
performing automatic security inspection according to a standard inspection method of an OVAL engine based on the data to be inspected;
further comprises:
adding an asset identification engine in the SCAP;
the obtaining the data to be inspected from the corresponding asset information model through the virtualized data acquisition path based on the virtualized definition includes:
Generating an asset instance corresponding to the data to be checked through the asset information model based on the virtualization definition;
identifying the asset instance by the asset identification engine and obtaining the data to be inspected from the asset instance;
the step of judging whether the OVAL engine can acquire the data to be inspected required by the automatic security inspection request through a standard data acquisition path, if so, directly acquiring the data to be inspected, and if not, acquiring the data to be inspected from the corresponding asset information model through a virtualized data acquisition path based on the virtualized definition comprises:
judging whether the data to be checked required by the automatic security check request can be acquired through an environment object in an OVAL engine, if so, directly acquiring the data to be checked through the environment object;
if not, generating an asset instance corresponding to the data to be checked through the asset information model based on the virtualized environment object, and naming the virtualized environment object according to the automatic security check request;
identifying the asset instance by the asset identification engine, and acquiring the data to be checked from the asset instance according to the name of the virtualized environment object;
Or judging whether the data to be checked required by the automatic security check request can be acquired through an external variable in an OVAL engine, if so, directly acquiring the check data through the external variable;
if not, generating an asset instance corresponding to the data to be checked through the asset information model based on the virtualized external variable, and setting the ID of the virtualized external variable according to the automatic security check request;
and identifying the asset instance through the asset identification engine, and acquiring the data to be checked from the asset instance according to the ID of the virtualized external variable.
2. An automated security inspection method based on an asset model according to claim 1, wherein the acquiring an automated security inspection request is followed by:
generating a corresponding checking method according to all checking data required by the automatic security checking request;
generating an asset instance corresponding to the automatic security check request through the asset information model, identifying the asset type of the asset instance, and determining a corresponding check template through the asset type and the check method;
Acquiring a corresponding CPE expression according to the inspection template, judging whether the asset instance can be detected based on the CPE expression, if so, judging whether an OVAL engine can acquire data to be inspected required by the automatic security inspection request through a standard data acquisition path, and if not, not detecting the asset instance;
the obtaining the data to be checked from the corresponding asset information model includes:
interpreting the CPE expression by an asset recognition engine;
matching corresponding asset examples based on the interpretation result and a matching specification generated after the CPE engine is matched with the asset information model;
and acquiring the inspection data corresponding to the asset instance through an interface of the asset identification engine.
3. An automated security inspection method based on an asset model according to claim 1, wherein establishing a virtualization definition in the OVAL is replaced by adding an asset attribute element in the OVAL;
judging whether the OVAL engine can acquire the data to be checked required by the automatic security check request through a standard data acquisition path, if so, directly acquiring the data to be checked, and if not, acquiring the data to be checked from a corresponding asset information model through a virtualized data acquisition path based on the virtualized definition, wherein the data to be checked is replaced by:
And determining data to be checked required by the automatic security check request, determining corresponding asset attribute elements according to the data to be checked, judging whether the asset attribute elements are the added asset attribute elements, and if yes, acquiring the data to be checked from a corresponding asset information model based on the added asset attribute elements.
4. An automated security inspection terminal based on an asset model, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the computer program when executed by the processor performs the steps of:
adding an asset information model in the SCAP, and establishing a virtualization definition in the OVAL;
acquiring an automatic safety inspection request, judging whether an OVAL engine can acquire data to be inspected required by the automatic safety inspection request through a standard data acquisition path, if so, directly acquiring the data to be inspected, and if not, acquiring the data to be inspected from a corresponding asset information model through a virtualized data acquisition path based on the virtualized definition;
performing automatic security inspection according to a standard inspection method of an OVAL engine based on the data to be inspected;
Further comprises:
adding an asset identification engine in the SCAP;
the obtaining the data to be inspected from the corresponding asset information model through the virtualized data acquisition path based on the virtualized definition includes:
generating an asset instance corresponding to the data to be checked through the asset information model based on the virtualization definition;
identifying the asset instance by the asset identification engine and obtaining the data to be inspected from the asset instance;
the step of judging whether the OVAL engine can acquire the data to be inspected required by the automatic security inspection request through a standard data acquisition path, if so, directly acquiring the data to be inspected, and if not, acquiring the data to be inspected from the corresponding asset information model through a virtualized data acquisition path based on the virtualized definition comprises:
judging whether the data to be checked required by the automatic security check request can be acquired through an environment object in an OVAL engine, if so, directly acquiring the data to be checked through the environment object;
if not, generating an asset instance corresponding to the data to be checked through the asset information model based on the virtualized environment object, and naming the virtualized environment object according to the automatic security check request;
Identifying the asset instance by the asset identification engine, and acquiring the data to be checked from the asset instance according to the name of the virtualized environment object;
or judging whether the data to be checked required by the automatic security check request can be acquired through an external variable in an OVAL engine, if so, directly acquiring the check data through the external variable;
if not, generating an asset instance corresponding to the data to be checked through the asset information model based on the virtualized external variable, and setting the ID of the virtualized external variable according to the automatic security check request;
and identifying the asset instance through the asset identification engine, and acquiring the data to be checked from the asset instance according to the ID of the virtualized external variable.
5. An asset model based automated security inspection terminal according to claim 4, wherein said obtaining an automated security inspection request is followed by:
generating a corresponding checking method according to all checking data required by the automatic security checking request;
generating an asset instance corresponding to the automatic security check request through the asset information model, identifying the asset type of the asset instance, and determining a corresponding check template through the asset type and the check method;
Acquiring a corresponding CPE expression according to the inspection template, judging whether the asset instance can be detected based on the CPE expression, if so, judging whether an OVAL engine can acquire data to be inspected required by the automatic security inspection request through a standard data acquisition path, and if not, not detecting the asset instance;
the obtaining the data to be checked from the corresponding asset information model includes:
interpreting the CPE expression by an asset recognition engine;
matching corresponding asset examples based on the interpretation result and a matching specification generated after the CPE engine is matched with the asset information model;
and acquiring the inspection data corresponding to the asset instance through an interface of the asset identification engine.
6. An automated security inspection terminal based on an asset model according to claim 4, wherein establishing a virtualization definition in the OVAL is replaced by adding an asset attribute element in the OVAL;
judging whether the OVAL engine can acquire the data to be checked required by the automatic security check request through a standard data acquisition path, if so, directly acquiring the data to be checked, and if not, acquiring the data to be checked from a corresponding asset information model through a virtualized data acquisition path based on the virtualized definition, wherein the data to be checked is replaced by:
And determining data to be checked required by the automatic security check request, determining corresponding asset attribute elements according to the data to be checked, judging whether the asset attribute elements are the added asset attribute elements, and if yes, acquiring the data to be checked from a corresponding asset information model based on the added asset attribute elements.
CN202110450013.9A 2021-04-25 2021-04-25 Automatic security inspection method and terminal based on asset model Active CN113010901B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110450013.9A CN113010901B (en) 2021-04-25 2021-04-25 Automatic security inspection method and terminal based on asset model

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110450013.9A CN113010901B (en) 2021-04-25 2021-04-25 Automatic security inspection method and terminal based on asset model

Publications (2)

Publication Number Publication Date
CN113010901A CN113010901A (en) 2021-06-22
CN113010901B true CN113010901B (en) 2024-03-01

Family

ID=76380361

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110450013.9A Active CN113010901B (en) 2021-04-25 2021-04-25 Automatic security inspection method and terminal based on asset model

Country Status (1)

Country Link
CN (1) CN113010901B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103927491A (en) * 2014-04-30 2014-07-16 南方电网科学研究院有限责任公司 Security baseline assessment method based on SCAP
CN108900527A (en) * 2018-07-20 2018-11-27 南京方恒信息技术有限公司 A kind of security configuration check system
CN109063477A (en) * 2018-07-18 2018-12-21 成都链安科技有限公司 A kind of intelligent contract aacode defect detection system and method for automation
CN111104677A (en) * 2019-12-18 2020-05-05 哈尔滨安天科技集团股份有限公司 Vulnerability patch detection method and device based on CPE (customer premise Equipment) specification
CN111819544A (en) * 2018-03-06 2020-10-23 亚马逊科技公司 Pre-deployment security analyzer service for virtual computing resources

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103927491A (en) * 2014-04-30 2014-07-16 南方电网科学研究院有限责任公司 Security baseline assessment method based on SCAP
CN111819544A (en) * 2018-03-06 2020-10-23 亚马逊科技公司 Pre-deployment security analyzer service for virtual computing resources
CN109063477A (en) * 2018-07-18 2018-12-21 成都链安科技有限公司 A kind of intelligent contract aacode defect detection system and method for automation
CN108900527A (en) * 2018-07-20 2018-11-27 南京方恒信息技术有限公司 A kind of security configuration check system
CN111104677A (en) * 2019-12-18 2020-05-05 哈尔滨安天科技集团股份有限公司 Vulnerability patch detection method and device based on CPE (customer premise Equipment) specification

Also Published As

Publication number Publication date
CN113010901A (en) 2021-06-22

Similar Documents

Publication Publication Date Title
CN109361643B (en) Deep tracing method for malicious sample
CN109815704B (en) Safety detection method and system for Kubernetes cloud native application
US8635593B2 (en) Dynamic autocompletion tool
CN114077741B (en) Software supply chain safety detection method and device, electronic equipment and storage medium
CN112363695B (en) PMML file and integration method of runtime environment and industrial software thereof
CN112363694B (en) Integration method of FMU file, solver running environment and industrial software
US20060101435A1 (en) Detection of code patterns
US20080022263A1 (en) Identifying The Origin Of Application Resources
CN115033894A (en) Software component supply chain safety detection method and device based on knowledge graph
CN115576600A (en) Code change-based difference processing method and device, terminal and storage medium
JP2010140408A (en) Source code converting device
CN113010901B (en) Automatic security inspection method and terminal based on asset model
CN113760397A (en) Interface call processing method, device, equipment and storage medium
WO2023213094A1 (en) Dynamic data area selection method, system and device applied to integrated circuit device, and computer-readable storage medium
WO2023151397A1 (en) Application program deployment method and apparatus, device, and medium
CN110727436A (en) Operation interface script execution method and device, terminal equipment and storage medium
CN113986767A (en) Automated testing method, system, device and computer readable storage medium
CN113807077A (en) Natural language test script parsing processing method and device and electronic equipment
CN113821213A (en) Front-end code detection and restoration method, device and equipment based on artificial intelligence
CN114201759A (en) Software vulnerability identification method and system based on software package naming matrix
CN113052501A (en) Automatic safe operation and maintenance method and terminal based on assets
CN112685041A (en) Front-end modular grammar conversion method, system and storage medium
CN113901459A (en) Firmware internal binary program vulnerability discovery method and device
CN112688947A (en) Internet-based network communication information intelligent monitoring method and system
US20090319991A1 (en) Managed code type equivalence

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant