CN105653947A - Method and device for assessing application data security risk - Google Patents
Method and device for assessing application data security risk Download PDFInfo
- Publication number
- CN105653947A CN105653947A CN201410642187.5A CN201410642187A CN105653947A CN 105653947 A CN105653947 A CN 105653947A CN 201410642187 A CN201410642187 A CN 201410642187A CN 105653947 A CN105653947 A CN 105653947A
- Authority
- CN
- China
- Prior art keywords
- word string
- risk
- data
- sensitive data
- leak point
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method and device for assessing the application data security risk. The method includes the following steps: acquiring first word string data in an input application; generating a sensitive data feature library according to the first word string data; acquiring first file list information generating file modification during operation of an application; generating a local storage word string library according to the first file list information; and matching the sensitive data feature library and the local storage word string library to obtain risk items of input data and risk values corresponding to the risk items. Through the method and the device, generation of the sensitive data feature library, collection of storage contents, and matching can be automatically performed, a mass of repeated manual works can be replaced, and the cost of application data security assessment can be reduced.
Description
Technical field
The present invention relates to technical field of data security, in particular to method and the device of a kind of evaluate application data security risk.
Background technology
Along with the fast development of mobile Internet, current mobile intelligent terminal is more and more universal, according to relevant data report, the active intelligent number of devices of China's fourth quarter in 2013 is more than 700,000,000, and wherein mobile terminal device based on Android (Android) operating system has occupied the market share more than 80%. Android operation system widely use the prosperity and development also having driven Android application market, the application on GooglePlay official market up to now cross 1,000,000.
But the awareness of safety of Android application developer does not catch up with the paces of application development, cause application to be cracked to distort, insertion malice ad plug-in, the many safety problems of user data (comprise user and use in application process the user name of input, password, bank card number, cell-phone number etc.) leakage applying self Storage and Processing etc. Current most popular solution is after utilization is attacked in application, carries out killing by malware detection instrument (such as mobile phone safe software), or the responsive behavior of application is monitored on mobile phone. But making a thorough investigation, reason is the deficiency of the security mechanism of Android own on the one hand, it is the safety problem being utilized that the Android application itself caused due to application developer carelessness exists on the other hand. It is thus desirable to by application is carried out safety assessment, it has been found that the security risk existed in Mobile solution, helps the security promoting application itself.
Safety assessment for application mainly can be divided into code security (program code can be cracked, readability is stronger), data security (when being applied in the data of storage, reading, display user's input, the leaking data that may cause), the communication security transmission security of sensitive data (in the communication process analyze) and business safety (analysis of business logical security) four classes, assessment is completed at present mainly through manual test, need at substantial manual time, and search relative with the flow process filtered fixing due to file content, content of operation compares repetition. The application automatic safe evaluation services provided on internet, the discovery of support code secure context security risk, whether such as can be tampered, whether code obscure, mostly it is scanned by automatic code leak static state, after the plaintext or simple process applying the sensitive data (such as user name, password etc.) that user inputs in use procedure cannot be scanned, it is stored in the problems such as local. But according to the rule of thumb data to application safety assessment, most application exists the risk problem of secure data area, there is this kind of data security risk in application, it is possible to makes assailant get user easily at the sensitive data using input in application process, in malpractice.
Through the literature search of prior art is found, mostly the data risk aspect of Android application is to detect the private data applied and allow without user to steal in the cell phone system such as address list, note, such as, a kind of Android application program private data leakage off-line checking method, propose a kind of by customizing the android system based on dynamic dust detection, for dissimilar private data adds corresponding stain label, the method for detection Android application program private data leakage. The method, by the private data memory mechanism in amendment android system source code, increases one or more space for storing stain label; For dissimilar private data (such as contact people, note, call record, IMEI (InternationalMobileEquipmentIdentity, mobile equipment international identity code), mobile phone number etc.) adds corresponding stain label; Custom-built system is installed and runs the application program in APK to be measured (abbreviation of AndroidPackage, i.e. Android installation kit), by the control in the automatic traversal applications program of automatic test script; Follow the tracks of stain label to propagate, whether the data transmitted are detected with stain label at system border (data outlet of note, file, network), the Content and measures (as short message, multimedia message, network data send and file write) of record private data leakage, analyzes offer reference further for tester. But the program needs amendment to apply the android system run, for all private datas to be matched add stain label, and for automatic test script is write in each application to be measured, (the test script of each application is different, cannot multiplexing), preparation in these running environment all needs the resources such as at substantial time, manpower, running environment has been limited; And the private data of the program refers to the data such as note that user on mobile phone stores, address list, it is mainly the malicious act that the privacy that detection application carries out is stolen, cannot find to apply the data security risk existed.
Summary of the invention
The technical problem to be solved in the present invention is to provide method and the device of a kind of evaluate application data security risk, in order to solve existing by manual test complete assessment, need at substantial manual time, and search relative with the flow process filtered fixing due to file content, content of operation compares the problem of repetition.
In order to solve the problems of the technologies described above, the embodiment of the present invention provides a kind of method of evaluate application data security risk, comprising:
Obtain the first word string data in input application;
According to described first word string data genaration sensitive data feature database;
Obtain the first listed files information producing file amendment when application runs;
Local storage word string storehouse is generated according to described first listed files information;
With described this locality, described sensitive data feature database is stored word string storehouse mate, obtain the risk item of input data and the value-at-risk of described risk item correspondence.
Further, the step of described the first word string data obtained in input application comprises:
The file of the preservation input through keyboard snoop results from predetermined directory obtains the first word string data in input application.
Further, the described step according to described first word string data genaration sensitive data feature database comprises:
Described first word string data are carried out duplicate removal process, generates the 2nd word string data;
Described 2nd word string data are carried out deformation process, obtains the 3rd word string data;
According to described 2nd word string data and described 3rd word string data, generate sensitive data feature database.
Further, the described step obtaining the first listed files information producing file amendment when application runs comprises:
The file of the preservation file operation operation snoop results from predetermined directory obtains the first listed files information producing file when application runs and revising, described first listed files information comprises: the path information that the file of amendment is corresponding.
Further, the described step according to described first listed files generation local storage word string storehouse comprises:
Obtain the first content of the readable file in described first listed files information, and the 2nd content in the database comprised in described first listed files information;
Described first content and described 2nd content are stored respectively, generates local storage word string storehouse.
Further, described with described this locality, described sensitive data feature database is stored word string storehouse mating, the step of the value-at-risk obtaining the input risk item of data and described risk item correspondence comprises:
Store in word string storehouse in this locality and search the word string data in described sensitive data feature database, acquire sensitive data leak point information;
Sensitive data leak point in the information of described sensitive data leak point is sorted out, acquires the risk item information of input data;
Calculate the value-at-risk of each the risk item correspondence in described risk item information.
Further, the step of the value-at-risk of each the risk item correspondence in the described risk item information of described calculating comprises:
Calculate the risk weight of each sensitive data leak point in each risk item;
The risk weight of described sensitive data leak point is added the value-at-risk obtaining described risk item.
Further, the step of the risk weight calculating each sensitive data leak point in each risk item described in comprises:
According to formula: the file type weights of the described sensitive data leak point of sensitive keys word weights �� user's sensitive data word string deformation type weights corresponding to risk weight=sensitive data leak point �� store, calculate the risk weight of each sensitive data leak point in each risk item.
The embodiment of the present invention provides the device of a kind of evaluate application data security risk, comprising:
First acquisition module, for the first word string data obtained in input application;
First generation module, for according to described first word string data genaration sensitive data feature database;
2nd acquisition module, for obtaining the first listed files information producing file amendment when application runs;
2nd generation module, for generating local storage word string storehouse according to described first listed files information;
Coupling acquisition module, mates for described sensitive data feature database is stored word string storehouse with described this locality, obtains the risk item of input data and the value-at-risk of described risk item correspondence.
Further, described first generation module, comprising:
First processing unit, for described first word string data are carried out duplicate removal process, generates the 2nd word string data;
2nd processing unit, for described 2nd word string data are carried out deformation process, obtains the 3rd word string data;
First generation unit, for according to described 2nd word string data and described 3rd word string data, generating sensitive data feature database.
Further, described 2nd generation module, comprising:
First acquiring unit, for the first content of readable file obtained in described first listed files information, and the 2nd content in the database comprised in described first listed files information;
2nd generation unit, for described first content and described 2nd content being stored respectively, generates local storage word string storehouse.
Further, described coupling acquisition module, comprising:
Search unit, search the word string data in described sensitive data feature database for storing in word string storehouse in this locality, acquire sensitive data leak point information;
Statistic unit, for being sorted out the sensitive data leak point in the information of described sensitive data leak point, acquires the risk item information of input data;
Calculate unit, for the value-at-risk of each risk item correspondence calculated in described risk item information.
Further, described calculating unit, comprising:
First computation subunit, for the risk weight of each sensitive data leak point calculated in each risk item;
2nd computation subunit, for being added the value-at-risk obtaining described risk item by the risk weight of described sensitive data leak point.
Further, described first computation subunit is according to formula: the file type weights of the described sensitive data leak point of sensitive keys word weights �� user's sensitive data word string deformation type weights corresponding to risk weight=sensitive data leak point �� store, calculate the risk weight of each sensitive data leak point in each risk item.
The invention has the beneficial effects as follows:
Such scheme, by the generation sensitive data feature database of automatization, collects local storage content, and sensitive data feature database content is mated with the local content that stores, instead of the artificial work of a large amount of repetition, save the evaluation time, reduce the cost of application data safety assessment simultaneously.
Accompanying drawing explanation
Fig. 1 represents the overview flow chart of the method for the described evaluate application data security risk of the embodiment of the present invention;
Fig. 2 represents the detail flowchart of the method for the described evaluate application data security risk of the embodiment of the present invention;
Fig. 3 represents the module diagram of the device of the described evaluate application data security risk of the embodiment of the present invention.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly, describe the present invention below in conjunction with the accompanying drawings and the specific embodiments.
The present invention is directed to existing by manual test complete assessment, need at substantial manual time, and search relative with the flow process filtered fixing due to file content, content of operation compares the problem of repetition, it is provided that a kind of method of evaluate application data security risk and device.
As shown in Figure 1, the method for the described evaluate application data security risk of the embodiment of the present invention, comprising:
Step 10, obtains the first word string data in input application;
Step 20, according to described first word string data genaration sensitive data feature database;
Step 30, obtains the first listed files information producing file amendment when application runs;
Step 40, generates local storage word string storehouse according to described first listed files information;
Step 50, stores word string storehouse by described sensitive data feature database with described this locality and mates, and obtains the risk item of input data and the value-at-risk of described risk item correspondence.
The above embodiment of the present invention is by the generation sensitive data feature database of automatization, collect local storage content, and sensitive data feature database content is mated with the local content that stores, instead of the artificial work of a large amount of repetition, save the evaluation time, reduce the cost of application data safety assessment simultaneously.
Should be noted that, the present invention can carry out in any Android operation system, in Android operation system, and operating file operation monitoring program, monitoring content comprises application program to be measured and carries out period, and application program to be measured creates and revise the operation of file and corresponding file path; Running input through keyboard and monitor program, monitoring content is between the application program operating period to be measured, and the data of input on Application Program Interface to be measured, are distinguished by the operation such as enter a new line or determine between different single word string. File operation and input through keyboard snoop results are stored in FileOp.txt and the KeyInput.txt file under mobile phone assigned catalogue respectively.
Specifically, the method for monitoring file operation can use the Inotify of Linux kernel (Inotify is a Linux characteristic, and it monitors file system operation, such as reads, writes and creates) mechanism to realize. First the subclass of the FileObserver class that Android provides is defined, it is achieved the onEvent abstract method of FileObserver class. During definition subclass object, monitoring catalogue is set to whole SD card catalogue, when under SD card catalogue during file generation altering event, by the onEvent (intparamInt of readjustment FileObserver, StringparamString) function, wherein parameter p aramInt is the operation type (establishment, deletion etc.) of file, and parameter p aramString is the path of the file having change;
By reading, input through keyboard event recorder realizes the monitor method of input through keyboard. Input event recorder is in "/dev/input/event0 " file, and event recorder structure structinput_event (comprising push-button type and key value) wherein is read in circulation, can obtain key-press inputs all in snoop procedure.
After installing application program to be measured, according to application function, the all controls that can input user's sensitive data of artificial traversal program, carry out data entry operation, the data of input preferably possess certain identifiability, such as, random mess code combination or single numeral etc. had better not be used, the limited range of user's sensitive data is: when these data are used by user, initiatively input generates, and cannot multiplexing in this application of other users, such as user name, password, identification card number, cell-phone number, chat record, good friend's list etc.
After obtaining the first word string data in input application in the file (KeyInput.txt file) of the preservation input through keyboard snoop results under predetermined directory, in another embodiment of the present invention, described step 20 comprises:
Described first word string data are carried out duplicate removal process by step 21, generate the 2nd word string data;
Described 2nd word string data are carried out deformation process, obtain the 3rd word string data by step 22;
Step 23, according to described 2nd word string data and described 3rd word string data, generates sensitive data feature database.
After all the elements read in KeyInput.txt file, all word strings are carried out duplicate removal process, namely from first character string, search operation is performed to Posterior circle, whether search residue word string exists identical word string, if existing, delete, deleting the single word string repeated completely in word string data, (namely user inputs word string data a) to obtain the 2nd word string data.
Because of in application program operational process, application program or system itself are in order to make the data of transmission safer, may to the encrypt data process of user's input, therefore, acquiring after user inputs word string data a in the present invention, also a can be carried out deformation process, here deformation process is the encrypt treatment that user inputs word string data a, such as user can be inputted word string data a to carry out BASE64 (one of the most common coded system for transmitting 8Bit byte code) encrypt treatment and obtain word string b, or user inputted word string data a carry out MD5 (Message-DigestAlgorithm5 and md5-challenge 5) encrypt treatment and form word string c, by a, store together with b with c and form user's sensitive data feature database, and record the original word string data that in word string b and c, each word string is corresponding in a. it should be noted that deformation process herein, it is not limited only to BASE64 process and MD5 process. operation is exemplified below:
User inputs word string a for " 13512341234 ", word string b " MTM1MTIzNDEyMzQ=" is formed through BASE64 encrypt treatment, forming word string c " 0ADCA3220B1B907805CCD70D110BF38A " through MD5 encrypt treatment, the storage content in user's sensitive data feature database is as shown in Table 1 and Table 2.
Evaluate application unique identification number | Original word string unique identification number | Original word string |
1 | 1 | 13512341234 |
���� | ���� | ���� |
The original word string storehouse of table 1
Table 2 is out of shape word string storehouse
After forming sensitive data feature database, also need local storage word string storehouse just can complete the assessment of application data security risk, therefore, in the present invention, after running, in the preservation file operation under predetermined directory, the first listed files information (comprising in described first listed files information: the path information that the file of amendment is corresponding) obtaining in the file (FileOp.txt) of snoop results and producing file amendment when application runs, described step 40 comprises:
Step 41, obtains the first content of the readable file in described first listed files information, and the 2nd content in the database comprised in described first listed files information;
Step 42, stores respectively by described first content and described 2nd content, generates local storage word string storehouse.
When carrying out file content and read, first to be checked whether the file being present in the listed files in FileOp.txt exists, delete the file path information not existed, obtain listed files data d, according to listed files data d, from system, by the readable content in file, (readable content refers to the content of the file opened by system function, do not comprise the file data that cannot open) extract, it is stored to local storage word string storehouse, the content stored comprises the content word string of extraction and corresponding file path, the readable method for extracting content of file is the read function calling FileInputStream class, using the file path read from listed files data d as inputting parameter, all the elements in file reading.
Should be noted that, local storage in word string storehouse also comprises: all field data in the database file of application program to be measured, the content stored comprises the content word string of extraction and corresponding database filename, table name, should be noted that, in existing android system, what can may not monitor concrete modification is the data in which table in database, therefore, database file field method for reading data is under Ergodic Theory catalogue/data/data/ application bag name (such as com.tencent.qq)/databases under all database files (.db file) in the fixed storage path of database file of application program (this path be), use all tables in android.database.sqlite.SQLiteOpenHelper class file reading and content.
After obtaining local storage word string storehouse and sensitive data feature database, being the mutual coupling of the two, therefore the described step 50 of the embodiment of the present invention comprises:
Step 51, stores in word string storehouse in this locality and searches the word string data in described sensitive data feature database, acquire sensitive data leak point information;
Step 52, sorts out the sensitive data leak point in the information of described sensitive data leak point, acquires the risk item information of input data;
Step 53, calculates the value-at-risk of each the risk item correspondence in described risk item information.
Should be noted that, by the word string in user's sensitive data feature database and sensitive keys word, (described sensitive keys word is pre-set storage, the field name that may use when it is application memory privacy of user, illustrate as shown in table 3) as coupling to marking-up string content, store in word string storehouse in this locality and search one by one, by the data found and correspond to sensitive keys word together export formed the list of sensitive data leak point (because of to input data store time, the each item stored all can be arranged corresponding mark, extract this and mark sensitive keys word corresponding to each word string that just can obtain storage), each leak point packet contains: leak point unique identification number (can be formed by the mode automatically numbered), the user's sensitive data word string matched, the deformation type of the user's sensitive data word string matched, original user characteristics word string, the local storage content word string matched, the sensitive keys word matched, file path that content word string stores or database filename and table name, the weights that corresponding leak point information is corresponding.
The calculating of the weights that described leak point information is corresponding, according to formula: the file type weights of the described sensitive data leak point of sensitive keys word weights �� user's sensitive data word string deformation type weights corresponding to risk weight=sensitive data leak point �� store, calculate the risk weight of each leak point in each risk item; Should be noted that, described sensitive keys word weights, user's sensitive data word string deformation type weights and file type weights are data that are prespecified and that store, concrete weights prescriptive procedure illustrates as follows: sensitive keys word weights divide according to the important degree of keyword, such as password is best result, and other contents are minimum point; User's sensitive data word string type weights divide according to the reduction difficulty of deformation process, such as, be not deformed into best result, and MD5 is minimum point; File type weights divide according to the reading difficulty of file, and the file being such as directly stored under SD card catalogue is best result, are stored in database file and are minimum point.
Type | Keyword |
password | Password |
password | mima |
password | password |
password | passwd |
username | User name |
card_no | Bank card number |
ID | Identification card number |
other | Name |
other | Sex |
���� | ���� |
Table 3 sensitive keys word stores table
After obtaining the list of sensitive data leak point, it is necessary to sorted out according to sensitive keys word by the leaking data point in described sensitive data leak point list, exporting relevant risk item, described risk item is risk item corresponding to sensitive keys word; Then the weights of the sensitive data leak point in each risk item are added the value-at-risk just obtaining described risk item correspondence.
Above content is illustrated as follows:
Assume that the content of the sensitive data leak point matched exports as follows:
1) 13512341234, NULL, 13512341234, user ,/data/data/com.cmdm.polychrome.ui/databases/caixiang.db/c ontact_info, weights 1
2) MTM1MTIzNDEyMzQ=BASE64,13512341234, username ,/data/data/com.cmdm.polychrome.ui/share_prefs/com.cmdm.po lychrome.ui.xml, weights 2
3) aGgxMjM=BASE64, hh123, password ,/data/data/com.cmdm.polychrome.ui/share_prefs/com.cmdm.po lychrome.ui.xml weights 3
Carry out the classification of sensitive data leak point according to sensitive keys part of speech type, then the risk item exported and value-at-risk be:
Risk 1 user name stores data risk, value-at-risk 1=weights 1+ weights 2;
Risk 2 password stores data risk, value-at-risk 2=weights 3.
As shown in Figure 2, the detailed implementation of the present invention is:
Steps A, program is monitored in operating file operation, input through keyboard;
Step B, installs and runs application program, all functions of operating application program;
Step C, input through keyboard monitors the word string data that program exports the user's input listened to;
The word string data that user inputs are processed, are stored in user's sensitive data feature database together with original word string data by step D;
Step e, file operation is monitored program and is exported the listed files revised when application runs;
Step F, from system by the readable content in listed files and the contents extraction in application data base out, is formed and local stores word string storehouse;
Step G, carries out characteristic matching by user's sensitive data feature database and the local content stored in word string storehouse;
Step H, output user's sensitive data leak point list and relevant risk item and corresponding value-at-risk list.
It should be noted that described step C and described step e there is no ordinal relation, it is possible to be the step carried out simultaneously.
The above embodiment of the present invention, by the generation sensitive data feature database of automatization, collects and stores content, and mate, and instead of the artificial work of a large amount of repetition; The present invention only needs to run appraisal procedure in android system, it is not necessary to android system transformed, and can carry out in any android system, and characteristic without the need to adding label before operation.
As shown in Figure 3, the embodiment of the present invention provides the device of a kind of evaluate application data security risk, comprising:
First acquisition module 100, for the first word string data obtained in input application;
First generation module 200, for according to described first word string data genaration sensitive data feature database;
2nd acquisition module 300, for obtaining the first listed files information producing file amendment when application runs;
2nd generation module 400, for generating local storage word string storehouse according to described first listed files information;
Coupling acquisition module 500, mates for described sensitive data feature database is stored word string storehouse with described this locality, obtains the risk item of input data and the value-at-risk of described risk item correspondence.
Specifically, described first generation module 200, comprising:
First processing unit, for described first word string data are carried out duplicate removal process, generates the 2nd word string data;
2nd processing unit, for described 2nd word string data are carried out deformation process, obtains the 3rd word string data;
First generation unit, for according to described 2nd word string data and described 3rd word string data, generating sensitive data feature database.
Specifically, described 2nd generation module 400, comprising:
First acquiring unit, for the first content of readable file obtained in described first listed files information, and the 2nd content in the database comprised in described first listed files information;
2nd generation unit, for described first content and described 2nd content being stored respectively, generates local storage word string storehouse.
Specifically, described coupling acquisition module 500, comprising:
Search unit, search the word string data in described sensitive data feature database for storing in word string storehouse in this locality, acquire sensitive data leak point information;
Statistic unit, for being sorted out the sensitive data leak point in the information of described sensitive data leak point, acquires the risk item information of input data;
Calculate unit, for the value-at-risk of each risk item correspondence calculated in described risk item information.
Specifically, described calculating unit, comprising:
First computation subunit, for the risk weight of each sensitive data leak point calculated in each risk item;
2nd computation subunit, for being added the value-at-risk obtaining described risk item by the risk weight of described sensitive data leak point.
Specifically, described first computation subunit is according to formula: the file type weights of the described sensitive data leak point of sensitive keys word weights �� user's sensitive data word string deformation type weights corresponding to risk weight=sensitive data leak point �� store, calculate the risk weight of each leak point in each risk item.
It should be noted that, this device embodiment is the device corresponding with aforesaid method, and all implementations of aforesaid method are all applicable in this device embodiment, also can reach the technique effect identical with aforesaid method.
Above-described is the preferred embodiment of the present invention; should be understood that the common personnel for the art; can also making some improvements and modifications under principle prerequisite of the present invention not departing from, these improvements and modifications are also in protection scope of the present invention.
Claims (14)
1. the method for an evaluate application data security risk, it is characterised in that, comprising:
Obtain the first word string data in input application;
According to described first word string data genaration sensitive data feature database;
Obtain the first listed files information producing file amendment when application runs;
Local storage word string storehouse is generated according to described first listed files information;
With described this locality, described sensitive data feature database is stored word string storehouse mate, obtain the risk item of input data and the value-at-risk of described risk item correspondence.
2. method according to claim 1, it is characterised in that, the step of described the first word string data obtained in input application comprises:
The file of the preservation input through keyboard snoop results from predetermined directory obtains the first word string data in input application.
3. method according to claim 1, it is characterised in that, the described step according to described first word string data genaration sensitive data feature database comprises:
Described first word string data are carried out duplicate removal process, generates the 2nd word string data;
Described 2nd word string data are carried out deformation process, obtains the 3rd word string data;
According to described 2nd word string data and described 3rd word string data, generate sensitive data feature database.
4. method according to claim 1, it is characterised in that, the described step obtaining the first listed files information producing file amendment when application runs comprises:
The file of the preservation file operation operation snoop results from predetermined directory obtains the first listed files information producing file when application runs and revising, described first listed files information comprises: the path information that the file of amendment is corresponding.
5. method according to claim 1, it is characterised in that, the described step according to described first listed files generation local storage word string storehouse comprises:
Obtain the first content of the readable file in described first listed files information, and the 2nd content in the database comprised in described first listed files information;
Described first content and described 2nd content are stored respectively, generates local storage word string storehouse.
6. method according to the arbitrary item of claim 1 to 5, it is characterised in that, described described sensitive data feature database is stored word string storehouse with described this locality mate, the step obtaining the risk item of input data and the value-at-risk of described risk item correspondence comprises:
Store in word string storehouse in this locality and search the word string data in described sensitive data feature database, acquire sensitive data leak point information;
Sensitive data leak point in the information of described sensitive data leak point is sorted out, acquires the risk item information of input data;
Calculate the value-at-risk of each the risk item correspondence in described risk item information.
7. method according to claim 6, it is characterised in that, the step of the value-at-risk of each the risk item correspondence in the described risk item information of described calculating comprises:
Calculate the risk weight of each sensitive data leak point in each risk item;
The risk weight of described sensitive data leak point is added the value-at-risk obtaining described risk item.
8. method according to claim 7, it is characterised in that, described in calculate each sensitive data leak point in each risk item the step of risk weight comprise:
According to formula: the file type weights of the described sensitive data leak point of sensitive keys word weights �� user's sensitive data word string deformation type weights corresponding to risk weight=sensitive data leak point �� store, calculate the risk weight of each sensitive data leak point in each risk item.
9. the device of an evaluate application data security risk, it is characterised in that, comprising:
First acquisition module, for the first word string data obtained in input application;
First generation module, for according to described first word string data genaration sensitive data feature database;
2nd acquisition module, for obtaining the first listed files information producing file amendment when application runs;
2nd generation module, for generating local storage word string storehouse according to described first listed files information;
Coupling acquisition module, mates for described sensitive data feature database is stored word string storehouse with described this locality, obtains the risk item of input data and the value-at-risk of described risk item correspondence.
10. device according to claim 9, it is characterised in that, described first generation module, comprising:
First processing unit, for described first word string data are carried out duplicate removal process, generates the 2nd word string data;
2nd processing unit, for described 2nd word string data are carried out deformation process, obtains the 3rd word string data;
First generation unit, for according to described 2nd word string data and described 3rd word string data, generating sensitive data feature database.
11. devices according to claim 9, it is characterised in that, described 2nd generation module, comprising:
First acquiring unit, for the first content of readable file obtained in described first listed files information, and the 2nd content in the database comprised in described first listed files information;
2nd generation unit, for described first content and described 2nd content being stored respectively, generates local storage word string storehouse.
12. devices according to the arbitrary item of claim 9 to 11, it is characterised in that, described coupling acquisition module, comprising:
Search unit, search the word string data in described sensitive data feature database for storing in word string storehouse in this locality, acquire sensitive data leak point information;
Statistic unit, for being sorted out the sensitive data leak point in the information of described sensitive data leak point, acquires the risk item information of input data;
Calculate unit, for the value-at-risk of each risk item correspondence calculated in described risk item information.
13. devices according to claim 12, it is characterised in that, described calculating unit, comprising:
First computation subunit, for the risk weight of each sensitive data leak point calculated in each risk item;
2nd computation subunit, for being added the value-at-risk obtaining described risk item by the risk weight of described sensitive data leak point.
14. devices according to claim 13, it is characterized in that, described first computation subunit is according to formula: the file type weights of the described sensitive data leak point of sensitive keys word weights �� user's sensitive data word string deformation type weights corresponding to risk weight=sensitive data leak point �� store, calculate the risk weight of each sensitive data leak point in each risk item.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410642187.5A CN105653947B (en) | 2014-11-11 | 2014-11-11 | The method and device of data safety risk is applied in a kind of assessment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410642187.5A CN105653947B (en) | 2014-11-11 | 2014-11-11 | The method and device of data safety risk is applied in a kind of assessment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105653947A true CN105653947A (en) | 2016-06-08 |
CN105653947B CN105653947B (en) | 2019-09-13 |
Family
ID=56478732
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410642187.5A Active CN105653947B (en) | 2014-11-11 | 2014-11-11 | The method and device of data safety risk is applied in a kind of assessment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105653947B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106161095A (en) * | 2016-07-15 | 2016-11-23 | 北京奇虎科技有限公司 | The method for early warning of leaking data and device |
CN106713067A (en) * | 2016-11-30 | 2017-05-24 | 广东电网有限责任公司信息中心 | Sensitive file circulation monitoring method based on DPI |
CN109597656A (en) * | 2017-09-28 | 2019-04-09 | 北京国双科技有限公司 | Application executing method and device |
CN111008401A (en) * | 2019-12-10 | 2020-04-14 | 中国银行股份有限公司 | Text saving method and device |
CN111143829A (en) * | 2019-12-25 | 2020-05-12 | 北京天融信网络安全技术有限公司 | Method and device for determining task risk degree, electronic equipment and storage medium |
WO2020192179A1 (en) * | 2019-03-28 | 2020-10-01 | 江苏通付盾信息安全技术有限公司 | Security detection method, device and system based on ios application |
CN114006776A (en) * | 2021-12-31 | 2022-02-01 | 北京微步在线科技有限公司 | Sensitive information leakage detection method and device |
CN115357907A (en) * | 2022-10-19 | 2022-11-18 | 威海海洋职业学院 | Data security risk assessment method and system based on cloud computing |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103020526A (en) * | 2012-12-21 | 2013-04-03 | 北京奇虎科技有限公司 | Initiative intercept method and initiative intercept device for malicious program and client end equipment |
CN103294950A (en) * | 2012-11-29 | 2013-09-11 | 北京安天电子设备有限公司 | High-power secret information stealing malicious code detection method and system based on backward tracing |
CN103354540A (en) * | 2012-12-21 | 2013-10-16 | 北京安天电子设备有限公司 | Method and device for detecting malicious codes of android system |
CN103618626A (en) * | 2013-11-28 | 2014-03-05 | 北京奇虎科技有限公司 | Method and system for generating safety analysis report on basis of logs |
CN103839003A (en) * | 2012-11-22 | 2014-06-04 | 腾讯科技(深圳)有限公司 | Malicious file detection method and device |
CN103927481A (en) * | 2013-12-17 | 2014-07-16 | 哈尔滨安天科技股份有限公司 | Malicious code detecting method and system based on character string weight adjusting |
-
2014
- 2014-11-11 CN CN201410642187.5A patent/CN105653947B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103839003A (en) * | 2012-11-22 | 2014-06-04 | 腾讯科技(深圳)有限公司 | Malicious file detection method and device |
CN103294950A (en) * | 2012-11-29 | 2013-09-11 | 北京安天电子设备有限公司 | High-power secret information stealing malicious code detection method and system based on backward tracing |
CN103020526A (en) * | 2012-12-21 | 2013-04-03 | 北京奇虎科技有限公司 | Initiative intercept method and initiative intercept device for malicious program and client end equipment |
CN103354540A (en) * | 2012-12-21 | 2013-10-16 | 北京安天电子设备有限公司 | Method and device for detecting malicious codes of android system |
CN103618626A (en) * | 2013-11-28 | 2014-03-05 | 北京奇虎科技有限公司 | Method and system for generating safety analysis report on basis of logs |
CN103927481A (en) * | 2013-12-17 | 2014-07-16 | 哈尔滨安天科技股份有限公司 | Malicious code detecting method and system based on character string weight adjusting |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106161095A (en) * | 2016-07-15 | 2016-11-23 | 北京奇虎科技有限公司 | The method for early warning of leaking data and device |
CN106161095B (en) * | 2016-07-15 | 2020-09-08 | 北京奇虎科技有限公司 | Early warning method and device for data leakage |
CN106713067A (en) * | 2016-11-30 | 2017-05-24 | 广东电网有限责任公司信息中心 | Sensitive file circulation monitoring method based on DPI |
CN106713067B (en) * | 2016-11-30 | 2020-03-17 | 广东电网有限责任公司信息中心 | Sensitive file circulation monitoring method based on DPI |
CN109597656A (en) * | 2017-09-28 | 2019-04-09 | 北京国双科技有限公司 | Application executing method and device |
WO2020192179A1 (en) * | 2019-03-28 | 2020-10-01 | 江苏通付盾信息安全技术有限公司 | Security detection method, device and system based on ios application |
CN111008401A (en) * | 2019-12-10 | 2020-04-14 | 中国银行股份有限公司 | Text saving method and device |
CN111143829A (en) * | 2019-12-25 | 2020-05-12 | 北京天融信网络安全技术有限公司 | Method and device for determining task risk degree, electronic equipment and storage medium |
CN111143829B (en) * | 2019-12-25 | 2022-04-26 | 北京天融信网络安全技术有限公司 | Method and device for determining task risk degree, electronic equipment and storage medium |
CN114006776A (en) * | 2021-12-31 | 2022-02-01 | 北京微步在线科技有限公司 | Sensitive information leakage detection method and device |
CN115357907A (en) * | 2022-10-19 | 2022-11-18 | 威海海洋职业学院 | Data security risk assessment method and system based on cloud computing |
Also Published As
Publication number | Publication date |
---|---|
CN105653947B (en) | 2019-09-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105653947A (en) | Method and device for assessing application data security risk | |
Arshad et al. | SAMADroid: a novel 3-level hybrid malware detection model for android operating system | |
Avdiienko et al. | Mining apps for abnormal usage of sensitive data | |
CN113489713B (en) | Network attack detection method, device, equipment and storage medium | |
CN104200155A (en) | Monitoring device and method for protecting user privacy based on iPhone operating system (iOS) | |
CN105117544A (en) | Android platform App risk assessment method based on mobile cloud computing and Android platform App risk assessment device based on mobile cloud computing | |
CN111563015B (en) | Data monitoring method and device, computer readable medium and terminal equipment | |
CN106055602A (en) | File verification method and apparatus | |
CN105357204B (en) | Method and device for generating terminal identification information | |
CN111835756B (en) | APP privacy compliance detection method and device, computer equipment and storage medium | |
WO2017071148A1 (en) | Cloud computing platform-based intelligent defense system | |
CN104809397A (en) | Android malicious software detection method and system based on dynamic monitoring | |
CN104182681B (en) | Hook-based iOS (iPhone operating system) key behavior detection device and detection method thereof | |
CN105069354A (en) | Attack tree model based Android software hybrid detection method | |
CN109241722A (en) | For obtaining method, electronic equipment and the computer-readable medium of information | |
CN105095753B (en) | Broadcast safe detection method, device | |
Jia et al. | Who leaks my privacy: Towards automatic and association detection with gdpr compliance | |
CN115552401A (en) | Fast application detection method, device, equipment and storage medium | |
CN111222181B (en) | AI model supervision method, system, server and storage medium | |
CN107301346A (en) | One kind realizes Android device APP fast and safely detection methods using white list mechanism | |
CN109145589B (en) | Application program acquisition method and device | |
Wongwiwatchai et al. | Comprehensive detection of vulnerable personal information leaks in android applications | |
KR20160031590A (en) | Malicious app categorization apparatus and malicious app categorization method | |
CN107392033B (en) | Android device penetration test system and automatic penetration test method thereof | |
CN112115060A (en) | Audio test method and system based on terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |