CN104657639A - Test method and system of operation system identity authentication mechanism - Google Patents

Test method and system of operation system identity authentication mechanism Download PDF

Info

Publication number
CN104657639A
CN104657639A CN201510053569.9A CN201510053569A CN104657639A CN 104657639 A CN104657639 A CN 104657639A CN 201510053569 A CN201510053569 A CN 201510053569A CN 104657639 A CN104657639 A CN 104657639A
Authority
CN
China
Prior art keywords
test
virtual machine
screenshot
standard image
pixel points
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510053569.9A
Other languages
Chinese (zh)
Other versions
CN104657639B (en
Inventor
林璟锵
荆继武
李从午
刘丽敏
潘无穷
崔益民
刘宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
UNIT 63928 OF PLA
Data Assurance and Communication Security Research Center of CAS
Original Assignee
UNIT 63928 OF PLA
Data Assurance and Communication Security Research Center of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by UNIT 63928 OF PLA, Data Assurance and Communication Security Research Center of CAS filed Critical UNIT 63928 OF PLA
Priority to CN201510053569.9A priority Critical patent/CN104657639B/en
Publication of CN104657639A publication Critical patent/CN104657639A/en
Application granted granted Critical
Publication of CN104657639B publication Critical patent/CN104657639B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a test method and system of an operation system identity authentication mechanism. The method comprises the following steps: (1) establishing a guest virtual machine on a host machine, and running a test program on a virtual machine monitor VMM of the host machine, wherein the test program comprises a keyboard/mouse message transmission module, a guest virtual machine image acqusition module, an image comparison module and a test case configuration module; the test case configuration module is used for establishing a standard image library for a to-be-tested operation system; (2) running the operation system on the guest virtual machine; for each set test item, transmitting a simulation keyboard/mouse message to the guest virtual machine by the keyboard/mouse message transmission module; (3) executing the received keyboard/mouse message by the guest virtual machine and caching screen shots after execution; (4) matching each screen shot with a standard image in the standard image library respectively to judge whether a test item is tested successfully by the guest virtual machine image acqusition module. According to the method and the system, the testing efficiency and accuracy are greatly improved.

Description

Method and system for testing identity authentication mechanism of operating system
Technical Field
The invention relates to the field of computer security, in particular to a method and a system for testing an identity authentication mechanism of an operating system.
Background
Identity authentication is used as a first line of defense for operating system security and is a portal for ensuring the security of the operating system. Currently, identity authentication is mainly achieved through one or a combination of three basic approaches: firstly, the following steps are known: knowledge known or mastered by an individual, such as a password. And all of the following: something owned by an individual, such as an identification card, passport, credit card, key or certificate, etc. (iii) personal characteristics: the biological characteristics of an individual, such as a fingerprint, a palm print, a voice print, a face shape, DNA, a retina, and the like. Password-based identity authentication techniques are widely used because of their simplicity, ease of use, and the support that almost all operating systems provide for password authentication. The basic principle is as follows: the user generates a username and an initial password during the enrollment phase, and the system saves the user's list of information (username ID + password PW) in its database. When the authenticated object requires to access the system for providing service, the authenticator for providing service requires the authenticated object to submit the password of the object, and after receiving the password, the authenticator compares the password with the user password stored in the system to confirm whether the authenticated object is a legal visitor.
Since the identity authentication based on the password is very simple to realize, the security of the identity authentication is very worthy of consideration. At present, the single-factor authentication system using password authentication mainly has the following problems:
1. guessing attacks (social engineering attacks): some attackers use the user's password to try the user's password by guessing it using the characteristics of meaningful words or numbers such as birthdays, names of people, etc. Therefore, the addition of various special characters to passwords can increase the security of the password.
2. Exhaustive attack: if the user password is short, the attacker uses the full set of strings as a dictionary to guess the user password. It is a special form of dictionary attack. Thus, the risk of exhaustive attacks may be significantly reduced using longer passwords.
In addition, passwords are susceptible to theft if they are replaced for long periods or not at all. The security of the password can also be improved if the system can check that the user-modified password guarantees a difference from the previous password.
To address these issues, a portion of the operating system deploys password security policies. The password security policy mainly includes the following:
1. the password must meet the complexity rules, specifically, the password must not use pure numbers or pure characters as the password, the password must not be the same as the user name, and the password must have a certain length.
2. Password history, i.e. recording the passwords used by the user in the past, requires that the user cannot reuse the same password.
3. The account locking strategy is that when a user exceeds the specified number of failed logins, the operating system automatically locks the account and cannot log in within a certain time.
The implementation of the password security policy of the operating system requires testing whether the declared functionality is properly completed. Currently, these tests are typically done manually. Efficiency can be greatly improved if the password test can be automatically completed.
Virtualization refers to computing elements that operate on a virtual basis rather than a real basis. Virtualization technology can enlarge the capacity of hardware and simplify the reconfiguration process of software. The virtualization technology of the CPU can simulate multi-CPU parallelism by a single CPU, allow one physical computer to simultaneously run a plurality of virtual machines (logic computers), each virtual machine can run different operating systems, and application programs can run in mutually independent spaces without mutual influence, thereby obviously improving the working efficiency of the computer.
As AMD and Intel successively push products that support hardware virtualization, virtualization technologies are widely used. Enterprises utilize virtualization, so that capital cost can be reduced, space requirements can be reduced, availability can be improved, flexible adaptability of services can be improved, and safety can be improved.
An important component of a virtualization platform is a Virtual Machine Monitor (VMM) which mainly manages the resources of a host Machine (a physical computer on which a Virtual Machine is to be run) so that the guest Virtual machines running on the VMM can share the resources of the same set of physical computers. The VMM may access various resources of the guest virtual machine and provide various interfaces to the virtual machine in such a way that the operating system running on the guest virtual machine is consistent with the operating system runtime environment running on the physical machine.
The invention provides a method for simulating manual password test in a virtual machine environment, which can automatically realize the password test, ensures that the running environment is consistent with the manual password test, and greatly improves the efficiency on the premise of ensuring the correctness.
Disclosure of Invention
The invention designs a method for simulating manual password test in a virtualization environment. Currently, most operating systems use password-based authentication. In order to check whether the password security policy function implemented by the target operating system is correct, manual testing is usually required, and manual password testing is not only inefficient, but also prone to statistical errors.
Because the user does not log in the operating system, the automatic password test of the machine cannot be realized on the local computer. On the other hand, although the automatic password test program may be run on another host computer by SSH or the like and the remote network login session is used to implement the function, the running environment of the target operating system changes (the SSH daemon may be started on the target operating system, whether the password test result is related to the SSH daemon cannot be confirmed, and the SSH software of the client may also be in error), and the correctness of the test result cannot be guaranteed.
The technical scheme of the invention is as follows:
a method for testing an identity authentication mechanism of an operating system comprises the following steps:
1) creating a guest virtual machine on a host machine, and running a test program on a Virtual Machine Monitor (VMM) of the host machine; the test program comprises a keyboard/mouse message sending module, a client virtual machine image acquisition module, an image comparison module and a test case configuration module; the test case configuration module establishes a standard image library for the operating system to be tested and is used for storing standard images fed back by the test items of the operating system;
2) running the operating system to be tested on the client virtual machine; for each set test item, the keyboard/mouse message sending module sends a simulated keyboard/mouse message to the client virtual machine;
3) the client virtual machine executes the received keyboard/mouse message and caches the executed screenshot;
4) the client virtual machine image acquisition module periodically reads the screenshots cached by the client virtual machine and respectively matches each screenshot with the standard image in the standard image library until the current test item is finished; if the matching result meets the set condition of the current test item, the test of the current test item is judged to be successful, otherwise, the test is judged to be failed.
Further, each of the test items includes a set of standard images and a set condition.
Further, the test items include account creation, account authentication, and password modification.
Further, the method for respectively matching each screenshot with the standard image in the standard image library comprises:
1) for screenshot a, all its pixels are obtained and represented in RGB24 form (x)a1,ya1,za1),(xa2,ya2,za2)……(xan,yan,zan) Wherein n is the total number of pixel points of the screenshot;
2) obtaining all pixel points of the standard image b according to the method of the step 1), and expressing (x) in the form of RGB24b1,yb1,zb1),(xb2,yb2,zb2)……(xbn,ybn,zbn) Then the pixel point in a is connected with bComparing the corresponding pixel points one by one, if: (x)a1,ya1,za1) And (x)b1,yb1,zb1) Comparing and checking whether the two are equal; (ii) a If the ratio of the equal pixel point to the total pixel point is greater than the set threshold, for example: and (5) judging that the screenshot a is successfully matched with the standard image b if the matching rate is 99 percent, and otherwise, judging that the matching is failed.
Further, the method for respectively matching each screenshot with the standard image in the standard image library comprises:
1) for screenshot a, all its pixels (x) are obtained1,y1,z1),(x2,y2,z2)……(xn,yn,zn) (ii) a Wherein n is the total number of pixel points of the screenshot;
2) taking the average value of the vector sum of all pixel points of the screenshot: ( x 1 + x 2 + . . . + x n n , y 1 + y 2 + . . . + y n n , z 1 + z 2 + . . . + z n n = ( x a , y a , z a ) ;
3) calculating the average value (x) of the vector sums of all pixel points of the standard image b according to the methods of the steps 1) and 2)b,yb,zb) Then, the distance between the screenshot a and the standard image b is calculated: d = ( x a - x b ) 2 + ( y a - y b ) 2 + ( z z - z b ) 2 ; if d is smaller than the set threshold, judging that the screenshot a is successfully matched with the standard image b, and otherwise, judging that the matching fails.
Further, the VMM simulates the keyboard/mouse message sending module through the VNC server to send a simulated keyboard/mouse message to the guest virtual machine; the test program communicates with the VNC server through a VNC runtime.
Further, the input request includes test data and an operation type.
A test system of a system identity authentication mechanism is characterized by comprising a host machine, wherein a client virtual machine is established on the host machine, and a test program is run on a Virtual Machine Monitor (VMM) of the host machine; the test program comprises a keyboard/mouse message sending module, a client virtual machine image acquisition module, an image comparison module and a test case configuration module; the test case configuration module establishes a standard image library for the operating system to be tested and is used for storing standard images fed back by the test items of the operating system; running the operating system to be tested on the client virtual machine; wherein,
the keyboard/mouse message sending module sends simulation keyboard/mouse messages to the client virtual machine according to each set test item;
the client virtual machine is used for executing the received keyboard/mouse message and caching the executed screenshot;
the client virtual machine image acquisition module is used for periodically reading the screenshots cached by the client virtual machine and respectively matching each screenshot with the standard image in the standard image library until the current test item is finished; if the matching result meets the set condition of the current test item, the test of the current test item is judged to be successful, otherwise, the test is judged to be failed.
Further, each of the test items includes a set of standard images and a set condition.
Further, the host machine obtains all pixel points of the read screenshot a, and the pixel points are expressed in an RGB24 mode (x)a1,ya1,za1),(xa2,ya2,za2)……(xan,yan,zan) Wherein n is the total number of pixel points of the screenshot; then all the pixel points of the standard image b are obtained according to the method, and are expressed in the form of RGB24 (x)b1,yb1,zb1),(xb2,yb2,zb2)……(xbn,ybn,zbn) (ii) a The host machine compares the pixel points in the a with the corresponding pixel points in the b one by one, and checks whether the pixel points are equal; and if the ratio of the equal pixel points to the total pixel points is larger than a set threshold, judging that the matching between the screenshot a and the standard image b is successful, otherwise, failing to match.
Further, the VMM simulates the keyboard/mouse message sending module through the VNC server to send a simulated keyboard/mouse message to the guest virtual machine; the test program communicates with the VNC server through a VNC runtime.
The invention designs that a target operating system runs in a virtual machine and a password test program runs in a VMM and is initialized through a test case configuration module in the test program and establishes a standard image library, then a keyboard/mouse message sending module sends a simulated keyboard/mouse message to a client virtual machine, then a client virtual machine image acquisition module is used for acquiring a current test image, and finally a test result is processed through an image comparison module. Through the mode, the automatic password testing device can realize the function of automatic password testing of the machine, and the running environment of the automatic password testing device is not different from that of manual password testing on a physical machine.
The machine automated password test has the following characteristics:
● host computer provides the client virtual machine with the testing account name, testing password and operation type through the operation interface, and the machine automatically completes all tests without manual intervention.
● isolate the test program from the guest virtual machine.
● simulation testing in guest virtual machines is consistent with a manual test runtime environment.
Compared with the prior art, the invention has the following advantages:
1. the consistency of the test environment is ensured, and the problems of interference of SSH (Secure Shell, a protocol which is reliable and is specially used for providing safety for remote login session and other network services) daemon process, client SSH software error and the like are eliminated.
2. Automatic password testing is faster in speed and less prone to error than manual password testing.
3. A plurality of client virtual machines can run on one physical machine, hardware resources are fully utilized, and password testing of other client virtual machines can be carried out during account locking of one client virtual machine.
Drawings
FIG. 1 is a diagram of a test system architecture according to the present invention.
FIG. 2 is a diagram of a test program structure.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in detail below.
As shown in fig. 2, the test procedure is mainly divided into 4 modules: the system comprises a keyboard/mouse message sending module, a client virtual machine image acquisition module, an image comparison module and a test case configuration module.
The test case configuration module has the function of initializing a test program and establishing a standard image library for the operating system to be tested. The function of the keyboard/mouse message sending module is that the VMM sends an emulated keyboard/mouse message to the guest Virtual machine, and this embodiment uses a VNC Server (Virtual Network Computer Server) to implement this function. The function of the image acquisition module of the guest virtual machine is to intercept the screen image of the guest virtual machine and return to the VMM. The image comparison module has the function of matching the test image with the standard image one by one to judge the test state.
The present embodiment uses a test program that is run on the VMM and interacts with the guest virtual machines through the VNC server in the QEMU. After opening the corresponding port on the VNC server, the test program may connect to the VNC service port by calling the VNC runtime, and the VMM may then send simulated keyboard and mouse information to the guest virtual machine and receive screen display information.
FIG. 1 is a schematic diagram of a method of simulating manual password testing in a virtualized environment using the present invention. The VNC server may be set up by QEMU. The test program runs on the host machine, communicates with the VNC server through the VNC runtime library, and sends test data to the client virtual machine and receives screen display information. The test contained the following items:
1. account creation: whether the lengths of the user name and the password can meet the declared requirements or not, whether the character which can be contained in the user name and the password can cover the declared types or not and whether the weak password which does not meet the requirements can be correctly identified or not are tested.
2. And (3) account authentication: whether the legal account of the operating system can be correctly logged in, whether the illegal account is prohibited to be logged in, whether the processing after multiple times of error logging in is consistent with the declared times, and whether the tolerable error times are consistent with the declared times.
3. Password modification: it is tested whether the password modified by the user can be the same as the password before modification within a certain time.
The test program firstly calls an operation interface through a pre-opened VNC service port, sends test data and an operation type to the client virtual machine, and sends an input request to the client virtual machine through the VNC server, and the client virtual machine can use the test data to perform corresponding tests according to the operation type after receiving the request. Establishing a standard image library for each operating system to be tested in advance; and standard images of all test results are stored in the VMM in advance, and the VNC server reads the memory of the client virtual machine at regular intervals, acquires the screen image at the moment and returns the screen image to the test program. The test program determines the state of the guest virtual machine by comparing the image to all standard images in pixels. (Standard image library contains waiting for login, logging in, account login success, account login failure, account locking 5 images, waiting for a certain time to read memory when matching images are waiting for login and logging in.)
The specific pixel comparison method is as follows:
1. for screenshot a, all its pixels are obtained and represented in RGB24 form (x)a1,ya1,za1),(xa2,ya2,za2)……(xan,yan,zan) Wherein n is the total number of pixel points of the screenshot;
2. obtaining all pixel points (x) of the standard image b according to the method of the step 1)b1,yb1,zb1),(xb2,yb2,zb2)……(xbn,ybn,zbn) Then, comparing the pixel points in a with the corresponding pixel points in b one by one, such as: (x)a1,ya1,za1) And (x)b1,yb1,zb1) Comparing and checking whether the two are equal; (ii) a If the ratio of the equal pixel point to the total pixel point is greater than the set threshold, for example: and (5) judging that the screenshot a is successfully matched with the standard image b if the matching rate is 99 percent, and otherwise, judging that the matching is failed.
Or the following comparison method is adopted:
1. analyzing to obtain images a (b, c)… …) all the pixels are represented in the form of RGB 24. Example (c): (x)1,y1,z1),(x2,y2,z2)……(xn,yn,zn)。
2. Taking the average value of the vector sums of all pixel points: ( x 1 + x 2 + . . . + x n n , y 1 + y 2 + . . . + y n n , z 1 + z 2 + . . . + z n n = ( x a , y a , z a ) .
3. repeating the steps 1 and 2 to obtain an image b (c …)…) average (x) of all pixel point vector sumsb,yb,zb) And calculating the distance between the two: d = ( x a - x b ) 2 + ( y a - y b ) 2 + ( z z - z b ) 2 .
4. if d is less than 10, the matching is successful, otherwise, the steps 1, 2 and 3 are repeated, and the image a and the image c are compared in pixel (the image a is a test result screen image of the client virtual machine, and the images b and c … … are standard images of various test results). If the current test image does not match all of the standard images, then the status of the guest virtual machine is test failure when the corresponding request is determined.
Table 1 shows the data format of the input request sent by the test program to the client virtual machine via the VNC server, wherein the byte number occupied by each item is as shown in table 1. The operation types respectively correspond to: 00-Lock Upper Limit test; 01-password character test (various types of passwords and combinations of different usernames and password lengths can log in normally, these users have already been created); 02-wrong password test (whether login can be denied correctly, as opposed to the correct password); 03-time policy test (login is disabled for a certain time after locking, login is enabled later, and whether the password modified by the user can be the same as the password before modification within a certain time). The options are used for time policy testing (time delay, first 0, increment later), password character testing and wrong password testing (end flag, later input request time 1, last 0), locking upper limit test time 0.
TABLE 1 input request data Format Table
And when the operation type is 00, the test success judgment condition is that the test image is matched with the account locking image in the standard image library, and the locking upper limit times are returned at the moment. (repeat the same input request for testing for many times, repeat the test when the test image obtained by the input request matches the account login failure image in the standard graphic library, otherwise return test failure)
When the operation type is 01, the test success judgment condition is that the test image obtained by the input request with the option of 0 is matched with the account login success image in the standard graphic library. (all test images from input requests with option 1 should match the successful image from the account login in the standard graphics library, and any failure returns a test failure)
When the operation type is 02, the test success determination condition is that the test image obtained by the input request with the option of 0 matches the account login failure image in the standard image library. (all test images from input requests with option 1 should match the account login failure images in the standard graphics library, and any failure returns a test failure)
When the operation type is 03, after the input request with the option of 0 is sent for the first time, the test program can repeatedly send the input request with the option of 0 within one hour (the input request contains wrong user name and password combination), then, send an input request at regular intervals and add 1 to the numerical value corresponding to the option until the test image obtained by the input request is matched with the account login success image in the standard image library, and then return the numerical value corresponding to the option. (when the test image obtained by the input request is matched with the account locking image in the standard graphic library or the account login failure, waiting for the next test, otherwise, returning the test failure; when the test is successful, multiplying the numerical value corresponding to the returned option by the time interval to obtain the login-forbidden time in the password time strategy)
A specific example is given below. We want to test the upper limit of locking times of Windows 7 os, user test, password 123456 is established in the client vm, the test program packages the test data in the data format of fig. 2 (0004test051234500000000), and then sends an input request to the client vm through the VNC server. After receiving the input request, the client virtual machine analyzes the operation type, the user name and the password according to the data format of the figure 2 and starts to log in repeatedly; the VNC server reads the memory of the client virtual machine at intervals, intercepts the screen image and matches the standard image, does not perform any processing when the screen image is matched with the login waiting and the login in the standard image library, and continues to intercept the screen image and match the standard image after waiting for a certain time; when the screen image is matched with the account login failure in the standard image library, locking the screen image for a time of +1, and continuously capturing the screen image to be matched with the standard image after waiting for a certain time; and when the screen image is matched with the account login lock in the standard image library, returning the locking times and successfully testing.
The above embodiments are only intended to illustrate the technical solution of the present invention and not to limit the same, and a person skilled in the art can modify the technical solution of the present invention or substitute the same without departing from the spirit and scope of the present invention, and the scope of the present invention should be determined by the claims.

Claims (10)

1. A method for testing an identity authentication mechanism of an operating system comprises the following steps:
1) creating a guest virtual machine on a host machine, and running a test program on a Virtual Machine Monitor (VMM) of the host machine; the test program comprises a keyboard/mouse message sending module, a client virtual machine image acquisition module, an image comparison module and a test case configuration module; the test case configuration module establishes a standard image library for the operating system to be tested and is used for storing standard images fed back by the test items of the operating system;
2) running the operating system to be tested on the client virtual machine; for each set test item, the keyboard/mouse message sending module sends a simulated keyboard/mouse message to the client virtual machine;
3) the client virtual machine executes the received keyboard/mouse message and caches the executed screenshot;
4) the client virtual machine image acquisition module periodically reads the screenshots cached by the client virtual machine and respectively matches each screenshot with the standard image in the standard image library until the current test item is finished; if the matching result meets the set condition of the current test item, the test of the current test item is judged to be successful, otherwise, the test is judged to be failed.
2. The method of claim 1, wherein each of the test items comprises a set of standard images and a set condition.
3. The method of claim 1 or 2, wherein the test items include account creation, account authentication, and password modification.
4. The method of claim 1 or 2, wherein the method of matching each screenshot with a standard image in the standard image library respectively is:
1) for screenshot a, all its pixels are obtained and represented in RGB24 form (x)a1,ya1,za1),(xa2,ya2,za2)……(xan,yan,zan) (ii) a Wherein n is the total number of pixel points of the screenshot;
2) acquiring all pixel points of the standard image b, and expressing the pixel points in the form of RGB24 (x)b1,yb1,zb1),(xb2,yb2,zb2)……(xbn,ybn,zbn) Then, the pixel points in the screenshot a and the standard image are comparedAnd c, comparing the corresponding pixel points in the step b one by one, if the ratio of the equal pixel points to the total pixel points is greater than a set threshold, judging that the matching of the screenshot a and the standard image b is successful, and otherwise, judging that the matching is failed.
5. The method of claim 1 or 2, wherein the method of matching each screenshot with a standard image in the standard image library respectively is:
1) for screenshot a, all its pixels (x) are obtained1,y1,z1),(x2,y2,z2)……(xn,yn,zn) (ii) a Wherein n is the total number of pixel points of the screenshot;
2) taking the average value of the vector sum of all pixel points of the screenshot:
( x 1 + x 2 + . . . + x n n , y 1 + y 2 + . . . y n n , z 1 + z 2 + . . . + z n n = ( x a , y a , z a ) ;
3) calculating the average value (x) of the vector sums of all pixel points of the standard image b according to the methods of the steps 1) and 2)b,yb,zb) Then, the distance between the screenshot a and the standard image b is calculated: d = ( x a - x b ) 2 + ( y a - y b ) 2 + ( z a - z b ) 2 ; if d is smaller than the set threshold, judging that the screenshot a is successfully matched with the standard image b, and otherwise, judging that the matching fails.
6. The method of claim 1, wherein the virtual machine monitor VMM sends a simulated keyboard/mouse message to a guest virtual machine through a VNC server simulating the keyboard/mouse message sending module; the test program communicates with the VNC server through a VNC runtime; the input request includes test data and an operation type.
7. A test system of a system identity authentication mechanism is characterized by comprising a host machine, wherein a client virtual machine is established on the host machine, and a test program runs on a Virtual Machine Monitor (VMM) of the host machine; the test program comprises a keyboard/mouse message sending module, a client virtual machine image acquisition module, an image comparison module and a test case configuration module; the test case configuration module establishes a standard image library for the operating system to be tested and is used for storing standard images fed back by the test items of the operating system; running the operating system to be tested on the client virtual machine; wherein,
the keyboard/mouse message sending module sends simulation keyboard/mouse messages to the client virtual machine according to each set test item;
the client virtual machine is used for executing the received keyboard/mouse message and caching the executed screenshot;
the client virtual machine image acquisition module is used for periodically reading the screenshots cached by the client virtual machine and respectively matching each screenshot with the standard image in the standard image library until the current test item is finished; if the matching result meets the set condition of the current test item, the test of the current test item is judged to be successful, otherwise, the test is judged to be failed.
8. The system of claim 7, wherein each of the test items includes a set of standard images and a set condition.
9. System according to claim 7 or 8, characterized in that the host machine acquires all its pixel points for the read screenshot a,expressed in RGB24 form (x)a1,ya1,za1),(xa2,ya2,za2)……(xan,yan,zan) (ii) a Wherein n is the total number of pixel points of the screenshot; then all the pixel points of the standard image b are obtained and expressed in the form of RGB24 (x)b1,yb1,zb1),(xb2,yb2,zb2)……(xbn,ybn,zbn) (ii) a And then comparing the pixel points in the screenshot a with the corresponding pixel points in the standard image b one by one, if the ratio of the equal pixel points to the total pixel points is greater than a set threshold, judging that the screenshot a is successfully matched with the standard image b, and otherwise, judging that the matching fails.
10. The system of claim 7 or 8, wherein the virtual machine monitor VMM sends emulated keyboard/mouse messages to guest virtual machines through a VNC server emulating the keyboard/mouse message sending module; the test program communicates with the VNC server through a VNC runtime.
CN201510053569.9A 2015-02-02 2015-02-02 A kind of method of testing and system of operating system identity authentication scheme Expired - Fee Related CN104657639B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510053569.9A CN104657639B (en) 2015-02-02 2015-02-02 A kind of method of testing and system of operating system identity authentication scheme

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510053569.9A CN104657639B (en) 2015-02-02 2015-02-02 A kind of method of testing and system of operating system identity authentication scheme

Publications (2)

Publication Number Publication Date
CN104657639A true CN104657639A (en) 2015-05-27
CN104657639B CN104657639B (en) 2017-08-25

Family

ID=53248751

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510053569.9A Expired - Fee Related CN104657639B (en) 2015-02-02 2015-02-02 A kind of method of testing and system of operating system identity authentication scheme

Country Status (1)

Country Link
CN (1) CN104657639B (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107623716A (en) * 2017-08-13 2018-01-23 惠州市德赛西威汽车电子股份有限公司 A kind of method of testing at vehicle-mounted multimedia terminal HMI interfaces
CN107784649A (en) * 2017-10-20 2018-03-09 长飞光纤光缆股份有限公司 Plug test remote alarming system and method based on image recognition
CN108389112A (en) * 2018-03-12 2018-08-10 万维云视(上海)数码科技有限公司 3D house type model display methods
CN108470377A (en) * 2018-03-12 2018-08-31 万维云视(上海)数码科技有限公司 AR sees room device
CN108509343A (en) * 2018-04-04 2018-09-07 浙江小泰科技有限公司 Automated testing method based on image recognition technology and system
CN110188031A (en) * 2019-04-19 2019-08-30 深圳壹账通智能科技有限公司 Electronic device, keyboard and APP compatibility test method and storage medium
CN111831400A (en) * 2020-07-23 2020-10-27 深信服科技股份有限公司 Virtual machine interaction method, device, equipment and storage medium
CN111857958A (en) * 2020-07-23 2020-10-30 深信服科技股份有限公司 Interaction method, device, equipment and storage medium of virtual machine
CN113326513A (en) * 2021-06-16 2021-08-31 百度在线网络技术(北京)有限公司 Application testing method and device, system, electronic equipment and computer readable medium
CN113507500A (en) * 2021-06-04 2021-10-15 上海闻泰信息技术有限公司 Terminal control method, terminal control device, computer equipment and computer-readable storage medium
CN115499339A (en) * 2022-08-24 2022-12-20 苏州浪潮智能科技有限公司 Pressure testing method, system and device for VNC function and storage medium
CN115529163A (en) * 2022-08-25 2022-12-27 江苏电力信息技术有限公司 Login identification encryption method for digital business hall of electric power system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050223362A1 (en) * 2004-04-02 2005-10-06 Gemstone Systems, Inc. Methods and systems for performing unit testing across multiple virtual machines
CN101135989A (en) * 2006-08-31 2008-03-05 中国银联股份有限公司 Automatization test method and device for Web applied system
CN101447876A (en) * 2008-12-31 2009-06-03 北京工业大学 Identity authentication test method of security operating system
CN103313289A (en) * 2012-03-09 2013-09-18 腾讯科技(深圳)有限公司 Wap system automatic test system and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050223362A1 (en) * 2004-04-02 2005-10-06 Gemstone Systems, Inc. Methods and systems for performing unit testing across multiple virtual machines
CN101135989A (en) * 2006-08-31 2008-03-05 中国银联股份有限公司 Automatization test method and device for Web applied system
CN101447876A (en) * 2008-12-31 2009-06-03 北京工业大学 Identity authentication test method of security operating system
CN103313289A (en) * 2012-03-09 2013-09-18 腾讯科技(深圳)有限公司 Wap system automatic test system and method

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107623716A (en) * 2017-08-13 2018-01-23 惠州市德赛西威汽车电子股份有限公司 A kind of method of testing at vehicle-mounted multimedia terminal HMI interfaces
CN107623716B (en) * 2017-08-13 2020-08-25 惠州市德赛西威汽车电子股份有限公司 Test method for HMI (human machine interface) of vehicle-mounted multimedia terminal
CN107784649A (en) * 2017-10-20 2018-03-09 长飞光纤光缆股份有限公司 Plug test remote alarming system and method based on image recognition
CN107784649B (en) * 2017-10-20 2021-09-03 长飞光纤光缆股份有限公司 Image recognition-based mandrel testing remote alarm system and method
CN108389112A (en) * 2018-03-12 2018-08-10 万维云视(上海)数码科技有限公司 3D house type model display methods
CN108470377A (en) * 2018-03-12 2018-08-31 万维云视(上海)数码科技有限公司 AR sees room device
CN108509343A (en) * 2018-04-04 2018-09-07 浙江小泰科技有限公司 Automated testing method based on image recognition technology and system
CN110188031A (en) * 2019-04-19 2019-08-30 深圳壹账通智能科技有限公司 Electronic device, keyboard and APP compatibility test method and storage medium
CN111857958A (en) * 2020-07-23 2020-10-30 深信服科技股份有限公司 Interaction method, device, equipment and storage medium of virtual machine
CN111831400A (en) * 2020-07-23 2020-10-27 深信服科技股份有限公司 Virtual machine interaction method, device, equipment and storage medium
CN111831400B (en) * 2020-07-23 2024-02-23 深信服科技股份有限公司 Virtual machine interaction method, device, equipment and storage medium
CN111857958B (en) * 2020-07-23 2024-02-27 深信服科技股份有限公司 Virtual machine interaction method, device, equipment and storage medium
CN113507500A (en) * 2021-06-04 2021-10-15 上海闻泰信息技术有限公司 Terminal control method, terminal control device, computer equipment and computer-readable storage medium
CN113326513A (en) * 2021-06-16 2021-08-31 百度在线网络技术(北京)有限公司 Application testing method and device, system, electronic equipment and computer readable medium
CN115499339A (en) * 2022-08-24 2022-12-20 苏州浪潮智能科技有限公司 Pressure testing method, system and device for VNC function and storage medium
CN115499339B (en) * 2022-08-24 2023-07-25 苏州浪潮智能科技有限公司 Pressure testing method, system and device for VNC function and storage medium
CN115529163A (en) * 2022-08-25 2022-12-27 江苏电力信息技术有限公司 Login identification encryption method for digital business hall of electric power system

Also Published As

Publication number Publication date
CN104657639B (en) 2017-08-25

Similar Documents

Publication Publication Date Title
CN104657639B (en) A kind of method of testing and system of operating system identity authentication scheme
US10049209B2 (en) Device, method, and system of differentiating between virtual machine and non-virtualized device
CN110602052B (en) Micro-service processing method and server
US10038690B2 (en) Multifactor authentication processing using two or more devices
US9813441B2 (en) Detecting and breaking CAPTCHA automation scripts and preventing image scraping
US10642973B2 (en) System and method of analysis of files for maliciousness and determining an action
US10587612B2 (en) Automated detection of login sequence for web form-based authentication
US9626495B2 (en) Authenticating a device based on availability of other authentication methods
US20160269417A1 (en) Dynamic data masking for mainframe application
US9667613B1 (en) Detecting mobile device emulation
WO2013106925A1 (en) Determining repeat website users via browser uniqueness tracking
US20230199025A1 (en) Account classification using a trained model and sign-in data
CN103975567B (en) Two-factor authentication method and virtual machine facility
CN111159691A (en) Dynamic credibility verification method and system for application program
CN105337739B (en) Safe login method, device, server and terminal
CN105681344A (en) Verification code recognition system and method
US11347842B2 (en) Systems and methods for protecting a remotely hosted application from malicious attacks
CN113935008B (en) User authentication method, device, electronic equipment and computer readable storage medium
US20080222700A1 (en) Challenge/Response in a Multiple Operating System Environment
CN111679862A (en) Cloud host shutdown method and device, electronic equipment and medium
CN105847216A (en) Identity authentication method and device
CN112182665B (en) Equipment ID generation method, equipment binding method and device and computing equipment
CN115001808B (en) Domain user login method, device, equipment and medium
KR102521684B1 (en) metaverse platform system of transactions authentication associated with biometrics certification
US20230009399A1 (en) Method and system for validating transaction in client-server environment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20170825

Termination date: 20220202