CN105337988A - Method and system for preventing sensitive information from leakage - Google Patents
Method and system for preventing sensitive information from leakage Download PDFInfo
- Publication number
- CN105337988A CN105337988A CN201510812412.XA CN201510812412A CN105337988A CN 105337988 A CN105337988 A CN 105337988A CN 201510812412 A CN201510812412 A CN 201510812412A CN 105337988 A CN105337988 A CN 105337988A
- Authority
- CN
- China
- Prior art keywords
- sensitive information
- daily record
- mentioned
- application program
- log
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
- H04L9/0656—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention relates to a method for preventing sensitive information from leakage. The method comprises the following steps: before operating an application program at a client, enabling a client user to activate a log tool of the application program; after the client activates the log tool of the application program, determining whether a log confusion function of the log tool is started or not by the client; if determining that the log confusion function is started, when operating the application program, confusing original sensitive information in a generated log when the log confusion function generates the log; matching the confused log information with the original sensitive information in the log and storing the original sensitive information to a local dictionary; when the client user determines that the application program has faults according to the confused log information, finding out the original sensitive information from the local dictionary; and debugging the application program according to the original sensitive information. The invention further provides a system for preventing the sensitive information from leakage.
Description
Technical field
The present invention relates to information security field, be specifically related to a kind of method and system preventing sensitive information leakage.
Background technology
Along with the development of technology, various application becomes and became increasingly complex than in the past.As a rule, under the system environments of a lot of company, run a more than application program, these application programs all operate in the system of company.If any application makes a mistake, then daily record or record is all needed to debug and profiling error.Such as, but have a lot of responsive and/or security information in the application program under Corporation system environment, the username and password of login system, the IP address of connection and port information etc., be all recorded in daily record.If log information is exposed to other people, bring huge risk just will to the IT system of company.Hackers (hackers) also can utilize these information to attack the system of company.Therefore, for the IT system of most of company, how to protect the log information generated to be a large problem.In addition, a lot of company, all from third part purchase software, if therefore run into any problem in use procedure, all needs to contact to software provider and all necessary daily record/records relevant with problem is supplied to third party.If but in daily record, comprised any sensitive information, this also will increase the risk of information leakage.
At present, the solution that most of company adopts signs an agreement with third company to guarantee that third party only uses these daily record/records to carry out the determination of problem.But this is only the regulation of agreement.If run into daily record reveal problem, then require a great deal of time and energy search and be confirmed whether it is that third party has revealed log information.
Also the software that some software vendor are for they is had to provide daily record to encrypt.Adopt in this way, all journal files are all encrypted and it must be decrypted before use.This method is equally also inconvenient, because be that the daily record of encryption or the method for deciphering daily record all need to share with third party.And in daily record, all sensitive informations equally also can be exposed after deciphering.
The scheme adopting the mode of anonymization to solve daily record exposure is also there is in prior art.In this scenario, daily record generates according to common mode, and after daily record generates, these journal files are sent in a server and carry out anonymization.Adopt this scheme, still likely by daily record, sensitive information is exposed to other people, reason is, generates the method for daily record or common mode and is need daily record to be stored into some positions.The mode of anonymization is exactly similar " searches and substitute " simultaneously, although user oneself can define the rule of " search and substitute ".If but the form of daily record changes along with the change of version, define different rules and just bring very large inconvenience.In addition, user must very understand the daily record generated to adopt the program to require, can be like this just the rule that log definition is suitable.Because most of user not to understand substantially for the format and content of daily record and in most cases journal file is very huge, therefore this mode is infeasible substantially.Like this, after anonymization, still a lot of sensitive information can be there is in journal file.
Therefore how to prevent daily record reveal sensitive information from then becoming problem demanding prompt solution.
Summary of the invention
In view of the above problems, the invention provides a kind of method and system preventing sensitive information leakage, thus solve above-mentioned needs the Log Sender comprising sensitive information is increased the problem of daily record disclosure risk to third party.
The invention provides a kind of method preventing sensitive information leakage, the method comprises the steps:
Before client runs application, activated the logging tools of this application program by client user;
Activate the logging tools of described application program in client after, determine whether that function is obscured in the daily record starting described logging tools by client user;
If determine that starting above-mentioned daily record obscures function, when operationally stating application program, above-mentioned daily record is obscured function and is obscured by the original sensitive information in the daily record of generation when generating daily record;
By above-mentioned obscure after log information and original sensitive information in above-mentioned daily record match and original sensitive information be stored in local dictionary;
When client user according to above-mentioned obscure after log information determine above-mentioned application program exist mistake time, from the original sensitive information of local dictionary lookup;
Above-mentioned application program is debugged according to original sensitive information.
Alternatively, described local dictionary is the list structure of unidirectional coupling, and described unidirectional coupling refers to that user only can search the original sensitive information of above-mentioned daily record by the log information after obscuring.
Alternatively, described local dictionaries store is in above-mentioned client.
Alternatively, above-mentioned obscure after log information identical with the form of the original sensitive information in above-mentioned daily record.
Alternatively, it is one or more that the original sensitive information in described daily record comprises in user name, password, ip address, link address.
Alternatively, described daily record is obscured function and is realized by one or more Obfuscating Algorithms.
Alternatively, described Obfuscating Algorithms obscures based on the random number of user's input.
Alternatively, different random numbers can produce different obscure after log information.
Alternatively, described Obfuscating Algorithms makes the original sensitive information in all log informations of described application program obscure self-consistentency.
The invention allows for a kind of system preventing sensitive information leakage, this system comprises:
Active module, for before client runs application, is activated the logging tools of this application program by client user;
Start module, for activate described application program in client logging tools after, determine whether that function is obscured in the daily record starting described logging tools by client user;
Obscure module, for when determining that starting above-mentioned daily record obscures function, when above-mentioned application program is run, above-mentioned daily record is obscured function and is obscured by the original sensitive information in the daily record of generation when generating daily record;
Matching module, for by above-mentioned obscure after log information and original sensitive information in above-mentioned daily record match and original sensitive information be stored in local dictionary;
Search module, for when client user according to above-mentioned obscure after log information determine above-mentioned application program exist mistake time, from the original sensitive information of local dictionary lookup;
Debugging module, for debugging above-mentioned application program according to original sensitive information.
Beneficial effect of the present invention:
The present invention be different from of the prior art daily record generate after the mode such as anonymity or encryption is carried out to daily record, but selected voluntarily whether to obscure daily record by user during daily record generation, thus neither require that user understands the structure of daily record and content, it also avoid and sensitive information transfer is prevented the leakage of sensitive information to third party, adopt above-mentioned Obfuscating Algorithms, even if log information is passed to third party, the basis of the log information of third party after obscuring carries out debugging/testing, due to the sensitive information form after obscuring with obscure before sensitive information form identical, therefore, do not affect third party debugging and can not reveal sensitive information.
Accompanying drawing explanation
Fig. 1 shows the flow chart preventing the method for information leakage of the present invention;
Fig. 2 shows the structural representation preventing the system of information leakage of the present invention.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly understand, below in conjunction with specific embodiment, and with reference to accompanying drawing, the present invention is described in more detail.But those skilled in the art know, the present invention is not limited to accompanying drawing and following examples.
Fig. 1 is the flow chart carrying out the method that daily record is obscured according to the embodiment of the present invention.
Step 101, before client terminal runs application, is activated the logging tools of this application program by terminal use.
In this step, the application program of installing on the client comprises Application Program Interface, when user needs to run certain application program, this application program is selected also to show the Application Program Interface of this application program on a terminal screen, Application Program Interface is provided with the button of logging tools alternatively, user clicks this button, starting log instrument.
By terminal use, step 102, after activating the logging tools of described application program, determines whether that function is obscured in the daily record starting described logging tools in client.
In this step, after step 101 starting log instrument, described Application Program Interface continues show log and obscures function, alternatively, can be the button on interface, and user selects whether activate this daily record and obscures function.If function is obscured in non-selected daily record, then this application program carrys out log according to not obscuring the mode generating daily record in sensitive information and prior art.
Step 103, if determine that starting above-mentioned daily record obscures function, when operationally stating application program, above-mentioned daily record is obscured function and is obscured by the sensitive information in the daily record of generation when generating daily record.
In this step, if user selects Activation Log to obscure function in a step 102, when then operationally stating application program, this daily record is obscured function and is obscured by the sensitive information in the daily record generated when running this application program, wherein, sensitive information can be, but not limited to comprise the user name that user logs in this application program, password, the ip address of user etc. sensitive information, when wherein the sensitive information in daily record being obscured, be different from encryption technology of the prior art and sensitive information can be become insignificant character string, make to be no matter that third party or hacker are when obtaining such character string, can be appreciated that such information is encrypted information, thus can consider how it to be decrypted and to increase the risk of sensitive information leakage, in the present invention, sensitive information is obscured to the form not changing sensitive information, i.e. user name, the information of the string formats such as password is still the form of character string after obscuring, ip address after obscuring is still ip address format, like this, can not reveal sensitive information even hacker intercepts and captures such information.Simultaneously, above-mentioned obscure function can according to user input random number obscure, alternatively, when function is obscured in user's activation, Application Program Interface display reminding frame prompting user can input random number as the seed obscured, the random number of different application inputs can be the same or different, random number according to input is obscured sensitive information, such as, in user name or password, numeral or letter carry out moving to left or moving to right according to the random number of input, upper and lower case letter exchanges according to the numeral of input, ip address carries out being shifted or adding and subtracting according to the numeral of input, carry out obscuring ip address in the scope that guarantee is still ip address, certainly the mode obscured is not limited to example above.
Step 104, by above-mentioned obscure after log information and original sensitive information in above-mentioned daily record match and be stored in local dictionary.
Step 105, state the log information after obscuring determine above-mentioned application program exist mistake time, according to the sensitive information of local dictionary lookup original log.
In above-mentioned steps, when user wishes to improve according to the result application programs of third-party testing or debugging, need to carry out association store to the log information after obscuring and original sensitive information, corresponding relation is stored in local dictionary, alternatively, user only finds original sensitive information by the log information after obscuring, and can not reverse find, alternatively, local dictionary can be the form stored in the local database.Like this, when such as described third party is relevant to user sensitive information according to institute's produced problem of the daily record determination application program after obscuring, now user needs the content determining real sensitive information, at this moment just needs to inquire about above-mentioned local dictionary.
Step 106, debugs above-mentioned application program according to the sensitive information of original log.
In this step, after user determines original sensitive information according to the lookup result in step 105, the test result that namely can return according to such as third party adjusts corresponding information, and then application program is normally run.
In order to technical scheme of the present invention is clearly described, below exemplary description is carried out to the present invention.
User is when certain application program of client terminal start-up, start corresponding application tool and logging tools log.record, then this application interface can continue to occur whether starting the prompting obscuring function, if user selects "No", then carry out log according to common mode, as log.record (" Connectionhasbeenmadeto "+IPaddress), " IPaddress (ip address) " wherein then for connect ip address and do not obscure through any, such as initial ip address is 10.90.252.11, if user selects "Yes", then starting log obscures application, i.e. Log.obfuscated_record (" Connectionhasbeenmadeto%%IPaddress%% ", IPaddress, Passphrase), above-mentionedly application is obscured by enabling, the IP address that user connects then is confused with a new IP address, wherein parameter " passphrase " is then inputted from terminal by user, the blending parameter that different application inputs can be the same or different, after user inputs blending parameter, the ip address information such as, recorded in daily record is then 163.76.82.209, as can be seen here, although above-mentioned ip address is still the form of ip address, but they are completely different from initial ip address, when third party debugs according to above-mentioned daily record, then can not produce the risk of sensitive information leakage, do not need to be decrypted third party simultaneously, and then also can not affect and debug accordingly according to daily record.
Fig. 2 shows the illustrated structural representation carrying out the system that daily record is obscured, and this system comprises:
Active module 201, for before client terminal runs application, is activated the logging tools of this application program by terminal use;
Start module 202, for activate described application program in client logging tools after, determine whether that function is obscured in the daily record starting described logging tools by terminal use;
Obscure module 203, if for determining that starting above-mentioned daily record obscures function, when operationally stating application program, above-mentioned daily record is obscured function and is obscured by the sensitive information in the daily record of generation when generating daily record;
Matching module 204, for by above-mentioned obscure after log information and original sensitive information in above-mentioned daily record match and be stored in local dictionary;
Search module 205, for when user according to above-mentioned obscure after log information determine above-mentioned application program exist mistake time, according to the sensitive information of local dictionary lookup original log;
Debugging module 206, for adjusting above-mentioned application program according to the sensitive information of original log.
Above, embodiments of the present invention are illustrated.But the present invention is not limited to above-mentioned execution mode.Within the spirit and principles in the present invention all, any amendment made, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. prevent a method for sensitive information leakage, it is characterized in that, the method comprises the steps:
Before client runs application, activated the logging tools of this application program by client user;
Activate the logging tools of described application program in client after, determine whether that function is obscured in the daily record starting described logging tools by client user;
If determine that starting above-mentioned daily record obscures function, when operationally stating application program, above-mentioned daily record is obscured function and is obscured by the original sensitive information in the daily record of generation when generating daily record;
By above-mentioned obscure after log information and original sensitive information in above-mentioned daily record match and original sensitive information be stored in local dictionary;
When client user according to above-mentioned obscure after log information determine above-mentioned application program exist mistake time, from the original sensitive information of local dictionary lookup;
Above-mentioned application program is debugged according to original sensitive information.
2. method according to claim 1, is characterized in that, described local dictionary is the list structure of unidirectional coupling, and described unidirectional coupling refers to that user only can search the original sensitive information of above-mentioned daily record by the log information after obscuring.
3. method according to claim 1, is characterized in that, described local dictionaries store is in above-mentioned client.
4. method according to claim 1, is characterized in that, above-mentioned obscure after log information identical with the form of the original sensitive information in above-mentioned daily record.
5. method according to claim 1, is characterized in that, it is one or more that the original sensitive information in described daily record comprises in user name, password, ip address, link address.
6. method according to claim 1, is characterized in that, described daily record is obscured function and realized by one or more Obfuscating Algorithms.
7. method according to claim 6, is characterized in that, described Obfuscating Algorithms obscures based on the random number of user's input.
8. method according to claim 7, is characterized in that, different random numbers can produce different obscure after log information.
9. method according to claim 6, is characterized in that, described Obfuscating Algorithms makes the original sensitive information in all log informations of described application program obscure self-consistentency.
10. prevent a system for sensitive information leakage, it is characterized in that, this system comprises:
Active module, for before client runs application, is activated the logging tools of this application program by client user;
Start module, for activate described application program in client logging tools after, determine whether that function is obscured in the daily record starting described logging tools by client user;
Obscure module, for when determining that starting above-mentioned daily record obscures function, when above-mentioned application program is run, above-mentioned daily record is obscured function and is obscured by the original sensitive information in the daily record of generation when generating daily record;
Matching module, for by above-mentioned obscure after log information and original sensitive information in above-mentioned daily record match and original sensitive information be stored in local dictionary;
Search module, for when client user according to above-mentioned obscure after log information determine above-mentioned application program exist mistake time, from the original sensitive information of local dictionary lookup;
Debugging module, for debugging above-mentioned application program according to original sensitive information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510812412.XA CN105337988A (en) | 2015-11-20 | 2015-11-20 | Method and system for preventing sensitive information from leakage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510812412.XA CN105337988A (en) | 2015-11-20 | 2015-11-20 | Method and system for preventing sensitive information from leakage |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105337988A true CN105337988A (en) | 2016-02-17 |
Family
ID=55288271
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510812412.XA Pending CN105337988A (en) | 2015-11-20 | 2015-11-20 | Method and system for preventing sensitive information from leakage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105337988A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107147557A (en) * | 2016-10-25 | 2017-09-08 | 北京小米移动软件有限公司 | Change the method and device of session information |
| CN107862214A (en) * | 2017-06-16 | 2018-03-30 | 平安科技(深圳)有限公司 | Prevent the method, apparatus and storage medium of sensitive information leakage |
| CN111651781A (en) * | 2020-06-05 | 2020-09-11 | 腾讯科技(深圳)有限公司 | Log content protection method and device, computer equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102737190A (en) * | 2012-07-04 | 2012-10-17 | 复旦大学 | Detection method for information leakage hidden trouble in Android application log based on static state analysis |
| CN103778377A (en) * | 2014-01-28 | 2014-05-07 | 宇龙计算机通信科技(深圳)有限公司 | Terminal and method for preventing sensitive information leakage |
| CN103984900A (en) * | 2014-05-19 | 2014-08-13 | 南京赛宁信息技术有限公司 | Android application vulnerability detection method and Android application vulnerability detection system |
| CN104065651A (en) * | 2014-06-09 | 2014-09-24 | 上海交通大学 | Information flow dependability guarantee mechanism for cloud computation |
| US9298878B2 (en) * | 2010-07-29 | 2016-03-29 | Oracle International Corporation | System and method for real-time transactional data obfuscation |
-
2015
- 2015-11-20 CN CN201510812412.XA patent/CN105337988A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9298878B2 (en) * | 2010-07-29 | 2016-03-29 | Oracle International Corporation | System and method for real-time transactional data obfuscation |
| CN102737190A (en) * | 2012-07-04 | 2012-10-17 | 复旦大学 | Detection method for information leakage hidden trouble in Android application log based on static state analysis |
| CN103778377A (en) * | 2014-01-28 | 2014-05-07 | 宇龙计算机通信科技(深圳)有限公司 | Terminal and method for preventing sensitive information leakage |
| CN103984900A (en) * | 2014-05-19 | 2014-08-13 | 南京赛宁信息技术有限公司 | Android application vulnerability detection method and Android application vulnerability detection system |
| CN104065651A (en) * | 2014-06-09 | 2014-09-24 | 上海交通大学 | Information flow dependability guarantee mechanism for cloud computation |
Non-Patent Citations (2)
| Title |
|---|
| YANG PAN等: "A Privacy-Preserving Data Obfuscation Scheme Used in Data Statistics and Data Mining", 《2013 IEEE INTERNATIONAL CONFERENCE ON HIGH PERFORMANCE COMPUTING AND COMMUNICATIONS & 2013 IEEE INTERNATIONAL CONFERENCE ON EMBEDDED AND UBIQUITOUS COMPUTING》 * |
| 杨书思: "一种可配置的网络报警日志匿名工具的设计与实现", 《中国优秀硕士学位论文全文数据库》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107147557A (en) * | 2016-10-25 | 2017-09-08 | 北京小米移动软件有限公司 | Change the method and device of session information |
| CN107147557B (en) * | 2016-10-25 | 2021-01-15 | 北京小米移动软件有限公司 | Method and device for modifying session information |
| CN107862214A (en) * | 2017-06-16 | 2018-03-30 | 平安科技(深圳)有限公司 | Prevent the method, apparatus and storage medium of sensitive information leakage |
| CN111651781A (en) * | 2020-06-05 | 2020-09-11 | 腾讯科技(深圳)有限公司 | Log content protection method and device, computer equipment and storage medium |
| CN111651781B (en) * | 2020-06-05 | 2024-07-09 | 腾讯科技(深圳)有限公司 | Log content protection method, device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Zuo et al. | Why does your data leak? uncovering the data leakage in cloud from mobile apps | |
| Akbanov et al. | WannaCry ransomware: Analysis of infection, persistence, recovery prevention and propagation mechanisms | |
| US8166313B2 (en) | Method and apparatus for dump and log anonymization (DALA) | |
| CN108628743B (en) | Application program testing method, device, equipment and storage medium | |
| US9830478B1 (en) | Logging from obfuscated code | |
| Do et al. | Enhancing user privacy on android mobile devices via permissions removal | |
| Cook et al. | A survey on industrial control system digital forensics: challenges, advances and future directions | |
| WO2023053101A1 (en) | Systems and methods for malicious code neutralization in execution environments | |
| Serketzis et al. | Actionable threat intelligence for digital forensics readiness | |
| US12010249B1 (en) | Method and device for zero-trust fusion computation of multi-party data | |
| CN103812862A (en) | Dependable security cloud computing composition method | |
| CN105337988A (en) | Method and system for preventing sensitive information from leakage | |
| CN105354485B (en) | A kind of portable set data processing method | |
| WO2019134276A1 (en) | Method and system for protecting web page code, storage medium, and electronic device | |
| CN106203141A (en) | The data processing method of a kind of application and device | |
| CN108170753A (en) | A kind of method of Key-Value data base encryptions and Safety query in shared cloud | |
| Pistoia et al. | Labyrinth: Visually configurable data-leakage detection in mobile applications | |
| Cho et al. | Vulnerabilities of android data sharing and malicious application to leaking private information | |
| Liu et al. | Android mobile OS snooping by Samsung, Xiaomi, Huawei and Realme handsets | |
| US11138319B2 (en) | Light-weight context tracking and repair for preventing integrity and confidentiality violations | |
| Wichmann et al. | Web cryptography API: Prevalence and possible developer mistakes | |
| US10503929B2 (en) | Visually configurable privacy enforcement | |
| Gadient et al. | Security Smells Pervade Mobile App Servers | |
| Samarin et al. | The Medium is the Message: How Secure Messaging Apps Leak Sensitive Data to Push Notification Services | |
| US11263328B2 (en) | Encrypted log aggregation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160217 |
|
| RJ01 | Rejection of invention patent application after publication |