CN116720195A - Operating system vulnerability identification method and system - Google Patents
Operating system vulnerability identification method and system Download PDFInfo
- Publication number
- CN116720195A CN116720195A CN202310828231.0A CN202310828231A CN116720195A CN 116720195 A CN116720195 A CN 116720195A CN 202310828231 A CN202310828231 A CN 202310828231A CN 116720195 A CN116720195 A CN 116720195A
- Authority
- CN
- China
- Prior art keywords
- patch
- operating system
- loopholes
- vulnerability
- identified
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000013507 mapping Methods 0.000 claims abstract description 33
- 230000008439 repair process Effects 0.000 claims description 10
- 238000001514 detection method Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 239000000306 component Substances 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000013515 script Methods 0.000 description 2
- 239000008358 core component Substances 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The application provides a method and a system for identifying loopholes of an operating system, wherein the method comprises the following steps: constructing a vulnerability database; the vulnerability library comprises mapping relations between each operating system and each vulnerability; constructing a patch library; the patch library comprises mapping relations between all vulnerabilities and all patches; acquiring system information and patch information of an operating system to be identified; judging whether a dependency relationship exists among patches in an operating system to be identified according to the patch information; if the bug is not present, searching a bug library and a patch library according to the system information and the patch information to obtain unrepaired bugs in the operating system to be identified; if so, searching a patch library according to the patch information to obtain unrepaired vulnerabilities in the operating system to be identified. According to the method, the vulnerability is identified through the patch, the requirement on expertise skills is reduced, the method is simple to use, the consumed time is less, only the vulnerability data and the patch data provided by the authorities are required to be added regularly, the vulnerability identification efficiency is improved, and the vulnerability identification capability is enhanced.
Description
Technical Field
The application belongs to the technical field of vulnerability identification, and particularly relates to an operating system vulnerability identification method and system.
Background
An operating system is a core component in a computer system that is responsible for managing the hardware and software resources of the computer, providing basic services for users and applications. However, because operating systems are complex and bulky, there may be many security vulnerabilities that may be exploited by hackers or malware, resulting in the computer system being attacked or destroyed.
To protect computer systems from security vulnerabilities, many security vendors and research institutions are devoted to developing and providing operating system vulnerability identification techniques. These techniques are intended to help users and administrators discover and repair potential vulnerabilities, thereby improving the security of computer systems.
Some vulnerability identification methods at present are characterized in that a vulnerability scanner is used for identifying, and a poc script is used for scanning known vulnerabilities in a system to check whether the system has the known security vulnerabilities. However, the method identifies the system loopholes by simulating the attacks, the condition of missing report is relatively serious, the loophole identification capacity can be enhanced by analyzing the loopholes and writing corresponding poc scripts, the requirements on the specialization are higher, and the efficiency is lower.
Disclosure of Invention
Aiming at the defects in the prior art, the application provides the vulnerability identification method and the vulnerability identification system for the operating system, which improve the vulnerability identification efficiency and enhance the vulnerability identification capability.
In a first aspect, a method for identifying vulnerabilities of an operating system includes:
constructing a vulnerability database; the vulnerability library comprises mapping relations between each operating system and each vulnerability;
constructing a patch library; the patch library comprises mapping relations between all vulnerabilities and all patches;
acquiring system information and patch information of an operating system to be identified;
judging whether a dependency relationship exists among patches in an operating system to be identified according to the patch information;
if the bug is not present, searching a bug library and a patch library according to the system information and the patch information to obtain unrepaired bugs in the operating system to be identified;
if so, searching a patch library according to the patch information to obtain unrepaired vulnerabilities in the operating system to be identified.
Further, constructing the vulnerability database specifically includes:
obtaining the loopholes numbers of all the loopholes released;
acquiring a universal platform enumeration with a target type of an operating system;
and establishing a mapping relation between the universal platform enumeration and the vulnerability numbers according to all vulnerabilities existing in each operating system to obtain a vulnerability library.
Further, constructing the patch library specifically includes:
acquiring all loopholes and all patches released by each operating system;
and establishing a mapping relation between the loopholes and the patches according to the repair relation between the patches and the loopholes so as to obtain a patch library.
Further, if not, searching the vulnerability database and the patch database according to the system information and the patch information to obtain unrepaired vulnerabilities in the operating system to be identified specifically comprises:
if the loopholes do not exist, searching a loophole library according to the system information to obtain all loopholes mapped by the operating system to be identified, and defining the loopholes as full loopholes;
searching a patch library according to the patch information to obtain all vulnerabilities mapped by the patch information, wherein the vulnerabilities are defined as repaired vulnerabilities;
and calculating a difference set of the total loopholes and the repaired loopholes to obtain unrepaired loopholes in the operating system to be identified.
Further, if the bug exists, searching a patch library according to the patch information to obtain the unrepaired bug in the operating system to be identified specifically comprises:
if so, analyzing the patch information to obtain the patch of the latest version in the operating system to be identified;
and searching a patch library according to the latest version of the patch, obtaining the loopholes corresponding to the patch updated by the latest version of the patch, and defining the loopholes as unrepaired loopholes in the operating system to be identified.
In a second aspect, an operating system vulnerability identification system comprises:
vulnerability database: the method is used for constructing a vulnerability database; the vulnerability library comprises mapping relations between each operating system and each vulnerability;
patch database: the method is used for constructing a patch library; the patch library comprises mapping relations between all vulnerabilities and all patches;
an identification unit: the method comprises the steps of acquiring system information and patch information of an operating system to be identified; judging whether a dependency relationship exists among patches in an operating system to be identified according to the patch information; if the bug is not present, searching a bug library and a patch library according to the system information and the patch information to obtain unrepaired bugs in the operating system to be identified; if so, searching a patch library according to the patch information to obtain unrepaired vulnerabilities in the operating system to be identified.
Further, the vulnerability database is specifically configured to:
obtaining the loopholes numbers of all the loopholes released;
acquiring a universal platform enumeration with a target type of an operating system;
and establishing a mapping relation between the universal platform enumeration and the vulnerability numbers according to all vulnerabilities existing in each operating system to obtain a vulnerability library.
Further, the patch database is specifically configured to:
acquiring all loopholes and all patches released by each operating system;
and establishing a mapping relation between the loopholes and the patches according to the repair relation between the patches and the loopholes so as to obtain a patch library.
Further, the identification unit is specifically configured to:
if the loopholes do not exist, searching a loophole library according to the system information to obtain all loopholes mapped by the operating system to be identified, and defining the loopholes as full loopholes;
searching a patch library according to the patch information to obtain all vulnerabilities mapped by the patch information, wherein the vulnerabilities are defined as repaired vulnerabilities;
and calculating a difference set of the total loopholes and the repaired loopholes to obtain unrepaired loopholes in the operating system to be identified.
Further, the identification unit is specifically configured to:
if so, analyzing the patch information to obtain the patch of the latest version in the operating system to be identified;
and searching a patch library according to the latest version of the patch, obtaining the loopholes corresponding to the patch updated by the latest version of the patch, and defining the loopholes as unrepaired loopholes in the operating system to be identified.
According to the operating system vulnerability identification method and system provided by the application, the requirement on expertise skills is reduced by patching identification vulnerabilities, the use is simple, the consumed time is less, only the vulnerability data and the patch data provided by authorities are required to be added regularly, the vulnerability identification efficiency is improved, and the vulnerability identification capability is enhanced.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. Like elements or portions are generally identified by like reference numerals throughout the several figures. In the drawings, elements or portions thereof are not necessarily drawn to scale.
Fig. 1 is a flowchart of an operating system vulnerability identification method according to an embodiment.
Fig. 2 is a flowchart of a vulnerability database construction method according to an embodiment.
FIG. 3 is a diagram illustrating a generic platform enumeration and vulnerability number mapping provided by an embodiment.
Fig. 4 is a flowchart of a patch library construction method according to an embodiment.
Fig. 5 is a flowchart of a patch and vulnerability acquiring method in an operating system according to an embodiment.
Fig. 6 is a schematic diagram of patch and vulnerability mapping provided by an embodiment.
FIG. 7 is a block diagram of a system for operating system vulnerability identification provided by an embodiment.
Detailed Description
Embodiments of the technical scheme of the present application will be described in detail below with reference to the accompanying drawings. The following examples are only for more clearly illustrating the technical aspects of the present application, and thus are merely examples, and are not intended to limit the scope of the present application. It is noted that unless otherwise indicated, technical or scientific terms used herein should be given the ordinary meaning as understood by one of ordinary skill in the art to which this application belongs.
It should be understood that the terms "comprises" and "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
As used in this specification and the appended claims, the term "if" may be interpreted as "when..once" or "in response to a determination" or "in response to detection" depending on the context. Similarly, the phrase "if a determination" or "if a [ described condition or event ] is detected" may be interpreted in the context of meaning "upon determination" or "in response to determination" or "upon detection of a [ described condition or event ]" or "in response to detection of a [ described condition or event ]".
Examples:
referring to fig. 1, an operating system vulnerability identification method includes:
constructing a vulnerability database; the vulnerability library comprises mapping relations between each operating system and each vulnerability;
constructing a patch library; the patch library comprises mapping relations between all vulnerabilities and all patches;
acquiring system information and patch information of an operating system to be identified;
judging whether a dependency relationship exists among patches in an operating system to be identified according to the patch information;
if the bug is not present, searching a bug library and a patch library according to the system information and the patch information to obtain unrepaired bugs in the operating system to be identified;
if so, searching a patch library according to the patch information to obtain unrepaired vulnerabilities in the operating system to be identified.
In this embodiment, the method builds two databases: and the vulnerability library and the patch library are used for establishing a mapping relation between an operating system and the vulnerability and the patch. Where operating systems and vulnerabilities are one-to-many relationships, multiple patches exist in one operating system. Vulnerabilities and patches are many-to-one relationships, and one patch may be used to repair multiple vulnerabilities.
In this embodiment, when it is required to identify how many vulnerabilities exist in the operating system to be identified, first, system information and patch information of the operating system to be identified are obtained, for example, a registry of the operating system to be identified may be read to obtain the system information and patch information, where the system information includes manufacturer, equipment model, version, and the like. The patch information includes a patch number and the like, and the patch information can reflect patches which are already patched by the operating system to be identified. Then, judging whether dependency relationship exists among all patches in the operation system to be identified, if no dependency relationship exists among the patches, then explaining that the patches are not connected, the sequence of patching all the patches is not limited, for example, if the former patch is not patched, the latter patch can be patched normally. If there is a dependency relationship between the patches, the interdependence between the patches is described, and the next patch depends on the previous patch, for example, if the previous patch is not already installed, the next patch is not already installed. Finally, the method identifies the loopholes existing under the operating system to be identified in two cases.
According to the method, the vulnerability is identified through the patch, the requirement on expertise skills is reduced, the method is simple to use, the consumed time is less, only the vulnerability data and the patch data provided by the authorities are required to be added regularly, the vulnerability identification efficiency is improved, and the vulnerability identification capability is enhanced.
Further, in some embodiments, referring to fig. 2, constructing the vulnerability database specifically includes:
obtaining the loopholes numbers of all the loopholes released;
acquiring a universal platform enumeration with a target type of an operating system;
and establishing a mapping relation between the universal platform enumeration and the vulnerability numbers according to all vulnerabilities existing in each operating system to obtain a vulnerability library.
In this embodiment, the operating system vulnerability identification method first obtains vulnerability numbers of all the published vulnerabilities, for example, entering an NVD vulnerability website to find vulnerability data of all the published vulnerabilities, where the vulnerability data includes a vulnerability number CVE, (for example, CVE-2020-0398). Then, the universal platform enumeration CPE with the target type of the operating system is obtained. CPE is a method (Common Platform Enumeration) to name software applications, operating systems, and hardware in a standardized manner; universal platform enumeration (CPE) is a standardized method for describing and identifying classes of applications, operating systems, and hardware devices that exist in enterprise computing assets. The CPE format is expressed as: cpe 2.3: < part >: < product >: < version >: < update >: < edition >: < language >: < sw_edition on >: < target_sw >: < target_hw >: < other >. Wherein the < part > field indicates a target type, and the allowable field values include: a (application), h (hardware platform), o (operating system): the < vendor > field indicates the vector type; the < product > field indicates the product name; the < version > field indicates a version number; the < update > field indicates an update packet; the < edition > field represents a version; the < language > field represents a language item; for example: cpe is 2.3:o is microsoft is windows_10:20h2 is x64 is x. The target type is the common platform enumeration of the operating system, namely the CPE with the part field value of o (os, system). Finally, according to all vulnerabilities existing in each operating system, a mapping relation between the universal platform enumeration and the vulnerability numbers is established, and the established mapping relation is stored to obtain a vulnerability library, see fig. 3. The relationship between the universal platform enumeration and the vulnerability numbers is a one-to-many relationship, and one universal platform enumeration maps a plurality of vulnerability numbers, which means that an operating system corresponding to the universal platform enumeration has a plurality of vulnerabilities corresponding to the vulnerability numbers, for example, when the operating system A has a vulnerability a, a vulnerability b and a vulnerability c, the universal platform enumeration A corresponding to the operating system A is mapped to the vulnerability number of the vulnerability a, the vulnerability number of the vulnerability b and the vulnerability number of the vulnerability c respectively.
Further, in some embodiments, referring to fig. 4, constructing the patch library specifically includes:
acquiring all loopholes and all patches released by each operating system;
and establishing a mapping relation between the loopholes and the patches according to the repair relation between the patches and the loopholes so as to obtain a patch library.
In this embodiment, the method first obtains all the loopholes and all the patches released by each operating system, for example, all the patches and all the loopholes released by the operating system can be obtained through an operating system network, for example, windows, see fig. 5, and all the loopholes and the patches of the windows can be obtained through the network https:// msrc. Then, according to which patches repair which vulnerabilities, a mapping relationship between the vulnerabilities and the patches is established, and the mapping relationship is stored, so as to obtain a patch library, see fig. 6.
Further, in some embodiments, if the bug database and the patch database do not exist, searching the bug database and the patch database according to the system information and the patch information to obtain the unrepaired bug in the operating system to be identified specifically includes:
if the loopholes do not exist, searching a loophole library according to the system information to obtain all loopholes mapped by the operating system to be identified, and defining the loopholes as full loopholes;
searching a patch library according to the patch information to obtain all vulnerabilities mapped by the patch information, wherein the vulnerabilities are defined as repaired vulnerabilities;
and calculating a difference set of the total loopholes and the repaired loopholes to obtain unrepaired loopholes in the operating system to be identified.
In this embodiment, if the patches in the to-be-identified operating system have no dependency relationship, firstly, searching a vulnerability database according to the system information to obtain all vulnerabilities published by the to-be-identified operating system, and defining the vulnerabilities as full-quantity vulnerabilities, for example, if the to-be-identified operating system is windows10 1903 version, searching the vulnerability database to find all windows10 1903 version vulnerabilities. And then searching a patch library according to the patch information to obtain all loopholes mapped by the patch information, wherein the loopholes are the loopholes which are repaired by patching the operating system to be identified. And finally, calculating a difference set between the total loopholes and the repaired loopholes, namely subtracting the repaired loopholes from all loopholes in the operating system to be identified, and namely obtaining unrepaired loopholes in the operating system to be identified.
Further, in some embodiments, if the bug exists, searching the patch library according to the patch information to obtain the unrepaired bug in the operating system to be identified specifically includes:
if so, analyzing the patch information to obtain the patch of the latest version in the operating system to be identified;
and searching a patch library according to the latest version of the patch, obtaining the loopholes corresponding to the patch updated by the latest version of the patch, and defining the loopholes as unrepaired loopholes in the operating system to be identified.
In this embodiment, if a dependency relationship exists between patches in an operating system to be identified, a latest version of the patch in the operating system to be identified, that is, patch data with a latest patch number, is first identified, and because of the dependency relationship between the patches, the method considers that a patch before the latest version of the patch has been normally marked, and repairs a corresponding vulnerability. For example, the patch number identifying the latest patch that has been applied in the operating system to be identified is 10 based on the patch information. And searching a patch library according to the latest version of the patch to obtain a patch corresponding to the patch updated by the latest version of the operating system to be identified, for example, searching the patch library to obtain patch numbers 11, 12, 13, 14 and 15 updated by the patch number 10 in the patch released by the operating system to be identified, wherein the vulnerabilities corresponding to the updated patch numbers 11, 12, 13, 14 and 15 are considered to be unrepaired vulnerabilities in the operating system to be identified.
An operating system vulnerability identification system, see fig. 7, comprising:
vulnerability database: the method is used for constructing a vulnerability database; the vulnerability library comprises mapping relations between each operating system and each vulnerability;
patch database: the method is used for constructing a patch library; the patch library comprises mapping relations between all vulnerabilities and all patches;
an identification unit: the method comprises the steps of acquiring system information and patch information of an operating system to be identified; judging whether a dependency relationship exists among patches in an operating system to be identified according to the patch information; if the bug is not present, searching a bug library and a patch library according to the system information and the patch information to obtain unrepaired bugs in the operating system to be identified; if so, searching a patch library according to the patch information to obtain unrepaired vulnerabilities in the operating system to be identified.
Further, in some embodiments, the vulnerability database is specifically configured to:
obtaining the loopholes numbers of all the loopholes released;
acquiring a universal platform enumeration with a target type of an operating system;
and establishing a mapping relation between the universal platform enumeration and the vulnerability numbers according to all vulnerabilities existing in each operating system to obtain a vulnerability library.
Further, in some embodiments, the patch database is specifically for:
acquiring all loopholes and all patches released by each operating system;
and establishing a mapping relation between the loopholes and the patches according to the repair relation between the patches and the loopholes so as to obtain a patch library.
Further, in some embodiments, the identification unit is specifically configured to:
if the loopholes do not exist, searching a loophole library according to the system information to obtain all loopholes mapped by the operating system to be identified, and defining the loopholes as full loopholes;
searching a patch library according to the patch information to obtain all vulnerabilities mapped by the patch information, wherein the vulnerabilities are defined as repaired vulnerabilities;
and calculating a difference set of the total loopholes and the repaired loopholes to obtain unrepaired loopholes in the operating system to be identified.
Further, in some embodiments, the identification unit is specifically configured to:
if so, analyzing the patch information to obtain the patch of the latest version in the operating system to be identified;
and searching a patch library according to the latest version of the patch, obtaining the loopholes corresponding to the patch updated by the latest version of the patch, and defining the loopholes as unrepaired loopholes in the operating system to be identified.
For a brief description of the system provided by the embodiments of the present application, reference may be made to the corresponding content in the foregoing embodiments where the description of the embodiments is not mentioned.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the application, and are intended to be included within the scope of the appended claims and description.
Claims (10)
1. An operating system vulnerability identification method, comprising the steps of:
constructing a vulnerability database; the vulnerability library comprises mapping relations between each operating system and each vulnerability;
constructing a patch library; the patch library comprises mapping relations between all the vulnerabilities and all patches;
acquiring system information and patch information of an operating system to be identified;
judging whether a dependency relationship exists among patches in the operating system to be identified according to the patch information;
if the bug is not present, searching the bug library and the patch library according to the system information and the patch information to obtain unrepaired bugs in the operating system to be identified;
and if the bug exists, searching the patch library according to the patch information to obtain the unrepaired bug in the operating system to be identified.
2. The operating system vulnerability identification method of claim 1, wherein the constructing a vulnerability database specifically comprises:
obtaining the loopholes numbers of all the loopholes released;
acquiring a universal platform enumeration with a target type of an operating system;
and establishing a mapping relation between the universal platform enumeration and the vulnerability number according to all vulnerabilities existing in each operating system to obtain the vulnerability library.
3. The operating system vulnerability identification method of claim 2, wherein the constructing a patch library specifically comprises:
acquiring all loopholes and all patches released by each operating system;
and establishing a mapping relation between the loopholes and the patches according to the repair relation between the patches and the loopholes so as to obtain the patch library.
4. The method for identifying an operating system bug according to claim 3, wherein if the bug does not exist, searching the bug library and the patch library according to the system information and the patch information to obtain an unrepaired bug in the operating system to be identified specifically includes:
if the loopholes do not exist, searching the loopholes library according to the system information to obtain all loopholes mapped by the operating system to be identified, wherein all loopholes are defined as full loopholes;
searching the patch library according to the patch information to obtain all vulnerabilities mapped by the patch information, wherein the vulnerabilities are defined as repaired vulnerabilities;
and calculating a difference set of the total vulnerabilities and the repaired vulnerabilities to obtain unrepaired vulnerabilities in the operating system to be identified.
5. The method for identifying an operating system bug according to claim 3, wherein if the bug exists, searching the patch library according to the patch information to obtain an unrepaired bug in the operating system to be identified specifically includes:
if the patch information exists, analyzing the patch information to obtain the patch of the latest version in the operating system to be identified;
and searching the patch library according to the latest version of patch to obtain the loopholes corresponding to the patch updated by the latest version of patch, wherein the loopholes are defined as unrepaired loopholes in the operating system to be identified.
6. An operating system vulnerability identification system, comprising:
vulnerability database: the method is used for constructing a vulnerability database; the vulnerability library comprises mapping relations between each operating system and each vulnerability;
patch database: the method is used for constructing a patch library; the patch library comprises mapping relations between all the vulnerabilities and all patches;
an identification unit: the method comprises the steps of acquiring system information and patch information of an operating system to be identified; judging whether a dependency relationship exists among patches in the operating system to be identified according to the patch information; if the bug is not present, searching the bug library and the patch library according to the system information and the patch information to obtain unrepaired bugs in the operating system to be identified; and if the bug exists, searching the patch library according to the patch information to obtain the unrepaired bug in the operating system to be identified.
7. The operating system vulnerability identification system of claim 6, wherein the vulnerability database is specifically configured to:
obtaining the loopholes numbers of all the loopholes released;
acquiring a universal platform enumeration with a target type of an operating system;
and establishing a mapping relation between the universal platform enumeration and the vulnerability number according to all vulnerabilities existing in each operating system to obtain the vulnerability library.
8. The operating system vulnerability identification system of claim 7, wherein the patch database is specifically configured to:
acquiring all loopholes and all patches released by each operating system;
and establishing a mapping relation between the loopholes and the patches according to the repair relation between the patches and the loopholes so as to obtain the patch library.
9. The operating system vulnerability recognition system of claim 8, wherein the recognition unit is specifically configured to:
if the loopholes do not exist, searching the loopholes library according to the system information to obtain all loopholes mapped by the operating system to be identified, wherein all loopholes are defined as full loopholes;
searching the patch library according to the patch information to obtain all vulnerabilities mapped by the patch information, wherein the vulnerabilities are defined as repaired vulnerabilities;
and calculating a difference set of the total vulnerabilities and the repaired vulnerabilities to obtain unrepaired vulnerabilities in the operating system to be identified.
10. The operating system vulnerability recognition system of claim 8, wherein the recognition unit is specifically configured to:
if the patch information exists, analyzing the patch information to obtain the patch of the latest version in the operating system to be identified;
and searching the patch library according to the latest version of patch to obtain the loopholes corresponding to the patch updated by the latest version of patch, wherein the loopholes are defined as unrepaired loopholes in the operating system to be identified.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310828231.0A CN116720195B (en) | 2023-07-06 | 2023-07-06 | Operating system vulnerability identification method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310828231.0A CN116720195B (en) | 2023-07-06 | 2023-07-06 | Operating system vulnerability identification method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116720195A true CN116720195A (en) | 2023-09-08 |
| CN116720195B CN116720195B (en) | 2024-01-26 |
Family
ID=87867898
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310828231.0A Active CN116720195B (en) | 2023-07-06 | 2023-07-06 | Operating system vulnerability identification method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116720195B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050005159A1 (en) * | 2003-07-01 | 2005-01-06 | Oliphant Brett M. | Vulnerability and remediation database |
| CN104573525A (en) * | 2014-12-19 | 2015-04-29 | 中国航天科工集团第二研究院七〇六所 | Special information service software vulnerability fixing system based on white lists |
| CN104978532A (en) * | 2011-12-27 | 2015-10-14 | 北京奇虎科技有限公司 | Vulnerability repair client logic testing method and system |
-
2023
- 2023-07-06 CN CN202310828231.0A patent/CN116720195B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050005159A1 (en) * | 2003-07-01 | 2005-01-06 | Oliphant Brett M. | Vulnerability and remediation database |
| CN104978532A (en) * | 2011-12-27 | 2015-10-14 | 北京奇虎科技有限公司 | Vulnerability repair client logic testing method and system |
| CN104573525A (en) * | 2014-12-19 | 2015-04-29 | 中国航天科工集团第二研究院七〇六所 | Special information service software vulnerability fixing system based on white lists |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116720195B (en) | 2024-01-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10235524B2 (en) | Methods and apparatus for identifying and removing malicious applications | |
| US7437764B1 (en) | Vulnerability assessment of disk images | |
| US7540030B1 (en) | Method and system for automatic cure against malware | |
| US8479292B1 (en) | Disabling malware that infects boot drivers | |
| US8612398B2 (en) | Clean store for operating system and software recovery | |
| CN102736978B (en) | A kind of method and device detecting the installment state of application program | |
| US10033756B1 (en) | Methods and systems for holistically attesting the trust of heterogeneous compute resources | |
| EP2790122B1 (en) | System and method for correcting antivirus records to minimize false malware detections | |
| US20070033586A1 (en) | Method for blocking the installation of a patch | |
| US9262208B2 (en) | Automated, controlled distribution and execution of commands and scripts | |
| US9665465B1 (en) | Automated determination of application permissions | |
| CN103329093A (en) | Updating software | |
| KR20060045811A (en) | Efficient patching | |
| US11916964B2 (en) | Dynamic, runtime application programming interface parameter labeling, flow parameter tracking and security policy enforcement using API call graph | |
| US11425127B2 (en) | Securing application behavior in serverless computing | |
| US20210334384A1 (en) | Detecting a potential security leak by a microservice | |
| CN109388950B (en) | System and method for ensuring secure changes to system configuration | |
| US20120131678A1 (en) | System, method and computer program product for virtual patching | |
| US20060236108A1 (en) | Instant process termination tool to recover control of an information handling system | |
| CN109344622A (en) | The intrusion detection method and relevant device of loophole attack | |
| CN116720195B (en) | Operating system vulnerability identification method and system | |
| US20090193411A1 (en) | Method and system for assessing deployment and un-deployment of software installations | |
| US11080403B1 (en) | Securely constructing a trusted virtual environment | |
| CN113434217A (en) | Vulnerability scanning method and device, computer equipment and medium | |
| CN117034210B (en) | Event image generation method and device, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |