CN100346252C - Computer software security loophole repairing apparatus and method - Google Patents
Computer software security loophole repairing apparatus and method Download PDFInfo
- Publication number
- CN100346252C CN100346252C CNB2005100375728A CN200510037572A CN100346252C CN 100346252 C CN100346252 C CN 100346252C CN B2005100375728 A CNB2005100375728 A CN B2005100375728A CN 200510037572 A CN200510037572 A CN 200510037572A CN 100346252 C CN100346252 C CN 100346252C
- Authority
- CN
- China
- Prior art keywords
- software security
- module
- client
- flaw
- security flaw
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The present invention relates to a computer field, particularly to a computer software security loophole repairing device and a method. The present invention also provides the computer software security loophole repairing method by applying the computer software security loophole repairing device. The method comprises two realizing modes: I. firstly, a client terminal is informed to scan the software security loophole of a computer by a central administration module; then, the software security loophole of the computer of the client terminal is repaired according to scanning results; II. the software security loophole of the computer is firstly and locally scanned by the client terminal. According to the scanning results, the software security loophole of the computer of the client terminal is repaired. Because the communicating part of client terminal modules of the computer software security loophole repairing device of the present invention is always operated in a service mode, namely, the system authority extent of an operating system is possessed.
Description
Technical field
The present invention relates to computer realm, particularly a kind of software security loophole repairing apparatus of computing machine and method.
Background technology
Present stage is on the rise at the threat of computer software security loophole, and for the computer network of each enterprises and institutions, the hacker attacks, the virus damage that are caused by software security flaw more are easy to generate huge harm.Prevent these harm, fundamentally need security breaches are repaired that other technological means all can't play decisive role.And at present, at the leak reparation of network still can not accomplish reliably, stablize, easy-to-use, and be subjected to the restriction of all conditions easily, it mainly shows: usually with based on unit, can't guarantee the unified remediation management of each computer software security loophole of network; The leak repair procedure is downloaded and is taken the external bandwidth resources of great network, is difficult to guarantee that not influencing network normally uses; Often be subject to the rights management of operating system, normal patching bugs in login system not or under with the situation of restricted user identity login system.
Summary of the invention
Technical matters to be solved by this invention is, provide a kind of in LAN (Local Area Network), be not subject to the rights management of operating system, in login system not or the apparatus and method that yet can normally detect and repair software security flaw under with the situation of restricted user identity login system.
Technical matters to be solved by this invention is achieved by the following technical solution: a kind of software security loophole repairing apparatus of computing machine, and it comprises central management module and at least one client modules; This central management module contains software security flaw repair procedure download center module, control module and software security flaw definition central database; This client modules comprises client primary module, policy enforcement module, software security flaw definition synchronization module, client software security breaches definition database, software security flaw reparation module, software security flaw scan module, client software security breaches repair procedure download module; Exchange information between control module in software security flaw repair procedure download center module, client primary module and the central management module in this client software security breaches repair procedure download module and the central management module, software security flaw definition central database and software security flaw definition synchronization module, software security flaw definition synchronization module and the client software security breaches definition database;
Central management module is used to notify the software security flaw of client module scans place computing machine, and issue to client modules and repair order, and reception and dissection process scanning result;
Client modules is used to scan and repair the software security of this client place computing machine; Client software security breaches reparation module can be called the software security flaw repair procedure and carry out the leak reparation;
After the client primary module receives the order that scans and repair from the central management module software security flaw, dispatcher software security scan module scans, dispatching client software security flaw repair procedure download module is downloaded, and the dispatcher software security breaches are repaired module and repaired and return scanner uni reparation result to central management module;
Client software security breaches repair procedure download module is used to download repair procedure.
The present invention also provides a kind of computer software security loophole restorative procedure of using aforementioned calculation machine software security loophole repairing apparatus, it comprises two kinds of implementations, I. at first notify the software security flaw of client scan place computing machine by central management module, according to scanning result, repair the software security flaw of client place computing machine then; II. at first carry out the software security flaw of scanning place computing machine,, repair the software security flaw of client place computing machine according to scanning result by client terminal local.
Because the communication part of each client modules of computer software security loophole repairing apparatus of the present invention promptly has the System Privileges of operating system always with the method for service operation.After receiving local software security flaw scan command or software security flaw reparation order, this service promptly correspondingly starts software security flaw scan module or software security flaw and repairs module, at this moment System Privileges is passed to software security flaw scan procedure or software security flaw reparation process with corresponding, thereby can carry out software security flaw scanning or reparation under the situation of user with limited users identity register system.After receiving the software security flaw scan command or software security flaw reparation order that sends by central management module, this service promptly correspondingly starts software security flaw scan module or software security flaw and repairs module, at this moment System Privileges is repaired process with corresponding software security flaw scan procedure or the software security flaw of being passed to, thereby can not carry out software security flaw scanning under the situation of register system or repair the user.
Description of drawings
Fig. 1 is a computer software security loophole repairing apparatus one-piece construction block diagram of the present invention;
Fig. 2 is computer software security loophole restorative procedure overall flow figure of the present invention;
Fig. 3 is for being issued scanning and repaired the process flow diagram that order scans by central management module in the computer software security loophole restorative procedure of the present invention;
Fig. 4 is the process flow diagram of client terminal local scanning in the computer software security loophole restorative procedure of the present invention and reparation software security flaw.
Embodiment
As shown in Figure 1, a kind of software security loophole repairing apparatus of computing machine, it comprises central management module and at least one client modules; This central management module contains software security flaw repair procedure download center module, control module and software security flaw definition central database; This client modules comprises client primary module, policy enforcement module, software security flaw definition synchronization module, client software security breaches definition database, software security flaw reparation module, software security flaw scan module, client software security breaches repair procedure download module; Exchange information between control module in software security flaw repair procedure download center module, client primary module and the central management module in this client software security breaches repair procedure download module and the central management module, software security flaw definition central database and software security flaw definition synchronization module, software security flaw definition synchronization module and the client software security breaches definition database; This software security flaw repair procedure download center module comprises software security flaw repair procedure central authorities download module, software security flaw repair procedure central cache and Proxy module; This control module comprises policy management module and order, policy distribution module.
As shown in Figure 2, a kind of computer software security loophole restorative procedure of aforementioned calculation machine software security loophole repairing apparatus, it comprises two kinds of implementations, I. at first notify the software security flaw of client module scans place computing machine by central management module, according to scanning result, repair the software security flaw of client modules place computing machine then; II. at first by the local software security flaw of carrying out scanning place computing machine of client modules,, repair the software security flaw of client modules place computing machine according to scanning result.
Referring to Fig. 3 is to be issued scanning and repaired the process flow diagram that order scans by central management module in the computer software security loophole restorative procedure of the present invention, and this mode comprises the steps: that specifically a. central management module notifies each this machine of client scan and scanning result is sent back central management module; B. scanning result is resolved and handled to central management module; C. if software security flaw is arranged, central management module is to client issue leak reparation order; D. the corresponding leak repair procedure of client software security breaches reparation module invokes is repaired.
The detailed process that computer software security loophole repairing apparatus is finished the described step of above-mentioned Fig. 3 is as follows: 1, policy management module is at first specified corresponding vulnerability scanning and is repaired strategy, and is issued to client modules by order, policy distribution module; 2, when from central management module after the order of client modules releasing software security scan, the client primary module will receive this order; 3, the client primary module is forwarded to the software security flaw scan module with the vulnerability scanning order; 4, the software security flaw scan module obtains current software security flaw definition from the client software security breaches definition database of this locality, and carries out software security flaw scanning according to this; 5, scanning result reports to central management module; 6, order, policy distribution module are to client issue leak reparation order; 7, the client primary module receives leak reparation order, and notice client software security breaches repair procedure download module is downloaded the leak repair procedure.And the detailed process that the software security flaw repair procedure is downloaded is as follows: (1), the client software security breaches repair procedure download module Proxy module in central management module proposes to download application; (2), the Proxy module is to software security flaw repair procedure central authorities download module issue download command; (3), software security flaw repair procedure central authorities download module checks at first whether this leak repair procedure is arranged in the software security flaw repair procedure central cache, if any, then it is read, be handed down to the Proxy module, as not having, then download from official's download address of this software security flaw repair procedure, after be handed down to the Proxy module; (4), the Proxy module is handed down to client software security breaches repair procedure download module with the leak repair procedure that obtains.8, client software security breaches reparation module is carried out the leak reparation.
Referring to Fig. 4 is the process flow diagram that client terminal local scanned and repaired software security flaw in the computer software security loophole restorative procedure of the present invention, and it specifically comprises the steps: a '. each client terminal local is carried out the software security flaw of scanning place computing machine; B '. resolve scanning result; C '. download the leak repair procedure; D '. software security flaw is repaired the corresponding leak repair procedure of module invokes patching bugs.
The software security flaw scanning process of client can realize in the following way: i. software security flaw definition central database obtains to upgrade; Ii. central management module notice client is upgraded definition database; Iii. client can scan fast according to the more new portion of its definition database.V, client can scan according to all software security flaw definition of its definition database comprehensively.
Because the communication part of each client modules of computer software security loophole repairing apparatus of the present invention promptly has the System Privileges of operating system always with the method for service operation.This service promptly correspondingly starts software security flaw scan module or software security flaw reparation module after receiving local software security flaw scan command or software security flaw reparation order, at this moment System Privileges is passed to software security flaw scan procedure or software security flaw reparation process with corresponding, thereby can carry out software security flaw scanning or reparation under the situation of user with limited users identity register system.After receiving the software security flaw scan command or software security flaw reparation order that sends by central management module, this service promptly correspondingly starts software security flaw scan module or software security flaw and repairs module, at this moment System Privileges is repaired process with corresponding software security flaw scan procedure or the software security flaw of being passed to, thereby can not carry out software security flaw scanning under the situation of register system or repair the user.In addition, computer software security loophole repairing apparatus of the present invention and restorative procedure are based on network, distributed, guarantee the unified remediation management of each computer software security loophole of network.
The present invention also has some other distortion or improvement.For example client modules can be one, two or more, and client modules, central management module can all be loaded on the same computing machine, can also be loaded on respectively on the various computing machine.If those skilled in the art are subjected to the change or the improvement of the conspicuous unsubstantiality that inspiration of the present invention makes, all belong to the protection domain of claims of the present invention.
Claims (11)
1, a kind of computer software security loophole repairing apparatus is characterized in that, it comprises central management module and at least one client modules; This central management module contains software security flaw repair procedure download center module, control module and software security flaw definition central database; This client modules comprises client primary module, policy enforcement module, software security flaw definition synchronization module, client software security breaches definition database, software security flaw reparation module, software security flaw scan module, client software security breaches repair procedure download module; Exchange information between software security flaw repair procedure download center module, client primary module and control module in this client software security breaches repair procedure download module and the central management module, software security flaw definition central database and software security flaw definition synchronization module, software security flaw definition synchronization module and the client software security breaches definition database;
Central management module is used to notify the software security flaw of client module scans place computing machine, and issue to client modules and repair order, and reception and dissection process scanning result;
Client modules is used to scan and repair the software security of this client place computing machine; Client software security breaches reparation module can be called the software security flaw repair procedure and carry out the leak reparation;
After the client primary module receives the order that scans and repair from the central management module software security flaw, dispatcher software security scan module scans, dispatching client software security flaw repair procedure download module is downloaded, and the dispatcher software security breaches are repaired module and repaired and return scanner uni reparation result to central management module;
Client software security breaches repair procedure download module is used to download repair procedure.
2, computer software security loophole repairing apparatus according to claim 1, it is characterized in that this software security flaw repair procedure download center module comprises software security flaw repair procedure central authorities download module, software security flaw repair procedure central cache and Proxy module;
The Proxy module is to software security flaw repair procedure central authorities download module issue download command;
Software security flaw repair procedure central authorities download module is used for checking whether software security flaw repair procedure central cache has this leak repair procedure, if any, then it is read, be handed down to the Proxy module, as not having, then download from official's download address of this software security flaw repair procedure, after be handed down to the Proxy module.
3, computer software security loophole repairing apparatus according to claim 2 is characterized in that, this control module comprises policy management module and order, policy distribution module;
Policy management module can specify corresponding software security flaw scanner uni to repair strategy, and is issued to client modules by order, policy distribution module.
4, a kind of application rights requires the computer software security loophole restorative procedure of 3 described computer software security loophole repairing apparatus, it is characterized in that, it comprises two kinds of implementations, I. at first notify the software security flaw of client module scans place computing machine by central management module, according to scanning result, repair the software security flaw of client modules place computing machine by the central management module transmitting order to lower levels then; II. at first by the local software security flaw of carrying out scanning place computing machine of client modules, according to scanning result, the software security flaw of client modules place computing machine is repaired in this locality.
5, computer software security loophole restorative procedure according to claim 4 is characterized in that, mode I comprises the steps: that specifically a. central management module notifies each this machine of client module scans and scanning result is sent back central management module; B. scanning result is resolved and handled to central management module; C. if software security flaw is arranged, central management module is to client modules issue leak reparation order; D. client software security breaches reparation module invokes software security flaw repair procedure is repaired.
6, computer software security loophole restorative procedure according to claim 5 is characterized in that, policy management module at first specifies corresponding software security flaw scanner uni to repair strategy, and is issued to client modules by order, policy distribution module.
7, computer software security loophole restorative procedure according to claim 5, it is characterized in that, after the client primary module receives the order that scans and repair from the central management module software security flaw, dispatcher software security scan module scans, dispatching client software security flaw repair procedure download module is downloaded, and the dispatcher software security breaches are repaired module and repaired and return scanner uni reparation result to central management module.
8, computer software security loophole restorative procedure according to claim 4 is characterized in that, after software security flaw definition central database obtained to upgrade, central management module notice client modules upgraded client software security breaches definition database.
9, computer software security loophole restorative procedure according to claim 8 is characterized in that, mode II specifically comprises the steps: a '. the local software security flaw of carrying out scanning place computing machine of each client modules; B '. resolve scanning result; C '. downloaded software security breaches repair procedure; D '. software security flaw is repaired module invokes software security flaw repair procedure and is repaired.
10, computer software security loophole restorative procedure according to claim 9 is characterized in that, client modules is that more new portion according to its client software security breaches definition database scans among the step a '.
11, according to any described computer software security loophole restorative procedure in the claim 4 to 10, it is characterized in that the authority restriction that the software security flaw scanning of client modules and reparation are not subject to operating system; , undertaken not during the register system the user by the central management module remote command.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100375728A CN100346252C (en) | 2005-09-28 | 2005-09-28 | Computer software security loophole repairing apparatus and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100375728A CN100346252C (en) | 2005-09-28 | 2005-09-28 | Computer software security loophole repairing apparatus and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1766776A CN1766776A (en) | 2006-05-03 |
| CN100346252C true CN100346252C (en) | 2007-10-31 |
Family
ID=36742699
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005100375728A Active CN100346252C (en) | 2005-09-28 | 2005-09-28 | Computer software security loophole repairing apparatus and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100346252C (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103491064B (en) * | 2012-06-14 | 2017-12-01 | 腾讯科技(深圳)有限公司 | Terminal software maintaining method, service customer end and service server |
| CN102932782A (en) * | 2012-10-12 | 2013-02-13 | 中国科学院软件研究所 | Mobile intelligent terminal leak inquiring and pushing method based on two-dimensional code under cloud environment |
| CN103617396B (en) * | 2013-11-29 | 2016-11-02 | 杭州华三通信技术有限公司 | The detection method of a kind of vulnerability exploit and system |
| CN106485104B (en) * | 2015-08-25 | 2020-12-01 | 腾讯科技(深圳)有限公司 | Automatic restoration method, device and system for terminal security policy |
| CN107577950A (en) * | 2017-09-29 | 2018-01-12 | 河南职业技术学院 | A kind of method for repairing software vulnerability |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003012604A2 (en) * | 2001-07-31 | 2003-02-13 | Validy | Method for protecting a software using a so-called renaming principle against its unauthorised use |
| CN1444742A (en) * | 2000-05-28 | 2003-09-24 | 梅耶·亚隆 | System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages |
| WO2004055634A2 (en) * | 2002-12-12 | 2004-07-01 | Finite State Machine Labs, Inc. | Systems and methods for detecting a security breach in a computer system |
-
2005
- 2005-09-28 CN CNB2005100375728A patent/CN100346252C/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1444742A (en) * | 2000-05-28 | 2003-09-24 | 梅耶·亚隆 | System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages |
| WO2003012604A2 (en) * | 2001-07-31 | 2003-02-13 | Validy | Method for protecting a software using a so-called renaming principle against its unauthorised use |
| WO2004055634A2 (en) * | 2002-12-12 | 2004-07-01 | Finite State Machine Labs, Inc. | Systems and methods for detecting a security breach in a computer system |
Non-Patent Citations (1)
| Title |
|---|
| 漏洞扫描的中央控管模型研究 陈夕华,李生红,计算机工程与应用,第33期 2004 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1766776A (en) | 2006-05-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6944775B2 (en) | Scanner API for executing multiple scanning engines | |
| US9916455B2 (en) | Systems and methods for assessing the compliance of a computer across a network | |
| US9686301B2 (en) | Method and system for virtual asset assisted extrusion and intrusion detection and threat scoring in a cloud computing environment | |
| CN100346252C (en) | Computer software security loophole repairing apparatus and method | |
| CN1265309C (en) | Method accessing data bank through protocol agency mode | |
| KR100889081B1 (en) | Remote proxy server agent | |
| US7036147B1 (en) | System, method and computer program product for eliminating disk read time during virus scanning | |
| CN105183504A (en) | Software server based process white-list updating method | |
| EP1273182B1 (en) | Secure data download in a cellular communication system | |
| CN101034983A (en) | System and method for realizing on-Internet true name of the network access user | |
| CN104601530A (en) | Implementing method and system for could security service | |
| KR100791412B1 (en) | Real time early warning system and method for cyber threats | |
| CN101160781B (en) | Communication boundary security control method, equipment and security control system | |
| CN106534172A (en) | Intranet remote scanning system and method thereof for scanning intranet | |
| CN103532912A (en) | Browser service data processing method and apparatus | |
| US11457046B2 (en) | Distributed network resource security access management system and user portal | |
| CN114285659A (en) | Reverse proxy method, device, equipment and storage medium | |
| WO2024109270A1 (en) | Short message processing method and apparatus, device, and readable storage medium | |
| US20060168239A1 (en) | Secure client/server data transmission system | |
| KR20070003409A (en) | A secure gateway system and method with internal network user authentication and packet control function | |
| CN111800382B (en) | Cooperative system docking method, apparatus, system and computer readable storage medium | |
| CN115189924B (en) | OAuth2.0 open redirection vulnerability detection method and system | |
| CN114448721B (en) | Loophole noninductive relieving device and method | |
| CN112580835B (en) | Management method and device of server | |
| CN201491024U (en) | Network vulnerability forensics system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee | ||
| CP01 | Change in the name or title of a patent holder |
Address after: Jinshan computer Building No. 8 Jingshan Hill Road, Lane 519015 Zhuhai Jida Lianshan Guangdong city of Zhuhai Province Patentee after: Zhuhai Kingsoft Software Co.,Ltd. Address before: Jinshan computer Building No. 8 Jingshan Hill Road, Lane 519015 Zhuhai Jida Lianshan Guangdong city of Zhuhai Province Patentee before: Zhuhai Kingsoft Software Co.,Ltd. |
|
| ASS | Succession or assignment of patent right |
Owner name: KINGSOFT CORPORATION LIMITED Free format text: FORMER OWNER: ZHUHAI KINGSOFT SOFTWARE CO., LTD. Effective date: 20140901 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 519015 ZHUHAI, GUANGDONG PROVINCE TO: 100085 HAIDIAN, BEIJING |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20140901 Address after: Kingsoft No. 33 building, 100085 Beijing city Haidian District Xiaoying Road Patentee after: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. Address before: Jinshan computer Building No. 8 Jingshan Hill Road, Lane 519015 Zhuhai Jida Lianshan Guangdong city of Zhuhai Province Patentee before: Zhuhai Kingsoft Software Co.,Ltd. |
|
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20060503 Assignee: Zhuhai Kingsoft Software Co.,Ltd. Assignor: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. Contract record no.: 2014990000778 Denomination of invention: Computer software security loophole repairing apparatus and method Granted publication date: 20071031 License type: Common License Record date: 20140926 |
|
| LICC | Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model |