CN108038381A - A kind of key safety detection method and system - Google Patents

A kind of key safety detection method and system Download PDF

Info

Publication number
CN108038381A
CN108038381A CN201711447331.XA CN201711447331A CN108038381A CN 108038381 A CN108038381 A CN 108038381A CN 201711447331 A CN201711447331 A CN 201711447331A CN 108038381 A CN108038381 A CN 108038381A
Authority
CN
China
Prior art keywords
parameter
function
vector
cryptographic
rule
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711447331.XA
Other languages
Chinese (zh)
Inventor
康绯
舒辉
光焱
林昊
刘彬
卜文娟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Engineering University of PLA Strategic Support Force
Original Assignee
Information Engineering University of PLA Strategic Support Force
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information Engineering University of PLA Strategic Support Force filed Critical Information Engineering University of PLA Strategic Support Force
Priority to CN201711447331.XA priority Critical patent/CN108038381A/en
Publication of CN108038381A publication Critical patent/CN108038381A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a kind of key safety detection method and system, belong to security of network and information technical field.The present invention misapplies the loophole origin cause of formation and the handling characteristics of Cryptographic API function according to password, it is proposed that a set of password for key safety misapplies leak detection rule, Cryptographic API operation information in extraction encryption application program, including function calling relationship, parameter value, by analyzing the stain of the key parameters such as key, Cryptographic API calling sequence is established, realizes the automation reduction of encryption and decryption mechanism in encryption application program;Leak detection rule in obtained API Calls sequence and detected rule storehouse is subjected to the matching analysis, so as to identify and position the password misuse loophole related with key, realizes that key safety detects.The present invention can not only describe the key loophole produced by single Cryptographic API function, and can portray as the password loophole caused by different api function collective effects, realize that comprehensively and effectively key safety detects.

Description

A kind of key safety detection method and system
Technical field
The present invention relates to a kind of key safety detection method and system, belong to security of network and information technical field.
Background technology
With the development of information security and cryptographic technique, more and more application programs protect data using cryptographic means Safety, but the reason such as programming error due to developer, can cause encryption process there are security risk, usually will be such Hidden danger is known as password misuse loophole.In encryption and decryption mechanism, the correct processing to key is to ensure that overall security core link, But in recent years, since all kinds of passwords misuse loophole that the security of key is triggered emerges in an endless stream.To National Password misuse loophole in Vulnerability Database (NVD) between 2011 to 2016 carries out statistical analysis, as a result The password misuse loophole for being showed more than a quarter is caused by key safety problem.Therefore, to encrypting application program Key carry out safety detection improve software security, protection private data etc. is of great significance.At present, for The key safety detection of encryption application program mainly passes through two methods.First, conversed analysis method.For specific encryption Application program sample, it is inverse that analyst is based on its personal experience, comprehensive utilization dis-assembling, Binary analysis, software dynamic debugging etc. To analysis method, the encryption process around sample carries out static and dynamic analysis, finds potential key safety loophole.This Class method be applications security analysis basic skills, application is relatively broad, but to analyze personnel horizontal capability have compared with High request, analysis efficiency be not high.Second, bug excavation method.Such method misapplies password related with key in application program Loophole is considered as a kind of special software vulnerability, by bug excavation technologies such as semiology analysis, stain analysis and Fuzzing tests, Have found that it is likely that existing such loophole, realize the automatic detection of key safety.In BlackHat meetings in 2017, Jean-Philippe Aumasson et al. propose a kind of similar encryption applications security detection scheme, pass through Differential Fuzzing technologies encrypt security, the correctness of application program to detect, and realize automatic detection Instrument CDF, but the program more pays close attention to the input and output feature of cryptographic algorithm entirety, and for the related security breaches of key Lack effective detectability.
At present, two kinds of detection methods for key safety in encryption application program all exist to a certain extent asks Topic:
1) for conversed analysis method, used in spite of a variety of conversed analysis instruments for analyst, but these works Tool can not provide the direct conclusion on key safety in itself, and need to rely on manually to the reverse knot of each target sample Fruit is analyzed and is finally drawn a conclusion, the technical ability and experience of the correctness heavy dependence analyst of conclusion, and needs to expend big Measure time and efforts, it is difficult to which batch sample is analyzed.
2) for bug excavation method, although the degree of automation is higher, the automation to batch sample can be realized Analysis, but consider the exclusive rule and feature of cryptography loophole since the conventional method of discovering software vulnerabilities is usually less, It is often unsatisfactory in the context of detection lack of targeted of key safety loophole, effect.
On the other hand, from the point of view of the object of safety detection, the implementation of the cryptographic algorithm in application program is mainly divided For two kinds, first, voluntarily writing the code of cryptographic algorithm by developer;Second, directly invoke existing universal code algorithm letter Number storehouse, such as CryptoAPI, OpenSSL.Due to the design of cryptographic algorithm realize it is strongly professional, for non-password specialty Application developer for, it is usually more to realize relevant security module using second method, thus with CryptoAPI, OpenSSL etc. is that the password built-in function of representative is widely used in various applications.Therefore, for key safety detection, The identification and inspection of the key associated cryptographic misuse loophole occurred in the cryptographic libraries function call process such as CryptoAPI should be paid special attention to Survey.
The content of the invention
The object of the present invention is to provide a kind of key safety detection method, to solve current key safety detection efficiency Low, the problem of efficiency is undesirable;Meanwhile present invention also offers a kind of key safety detecting system.
The present invention provides a kind of key safety detection method, including following scheme to solve above-mentioned technical problem, side Method scheme one:The detection method comprises the following steps:
1) origin cause of formation and Cryptographic API function feature of loophole, the associated cryptographic misuse of construction key are misapplied according to known password The detected rule of loophole, and store and arrive corresponding detected rule storehouse, the detected rule includes atomic rule and compound rule, The compound rule is the combination of atomic rule, the atomic rule be for (ApiName, Parameter, V-Vector), its Middle ApiName represents cipher function title, and Parameter represents the special parameter title in the cipher function, V-Vector tables Show the corresponding loophole triggering vector of the parameter;
2) the Cryptographic API operation information in extraction encryption application program, including function calling relationship, parameter value, pass through The stain analysis of input/output argument, is analyzed and is identified to the incidence relation between different Cryptographic API functions, judge parameter Attribute, is recorded in the form of Cryptographic API calling sequence;
3) obtained API Calls sequence is matched with the leak detection rule in detected rule storehouse, is realized to key Associated cryptographic misapplies the automatic detection of loophole.
The detection method of the present invention is on the basis of a large amount of existing loophole origin causes of formation and Cryptographic API function feature are summarized, really A set of targetedly key safety leak detection rule is made, the loophole that single api function produces can not only be described, and And can portray as the password loophole caused by different api function collective effects, realize that comprehensively and effectively key safety detects.
Method scheme two:On the basis of method scheme one, loophole triggering vector V-Vector=(rand, from, View), its 3 components describe the randomness of special parameter, source and level of encryption respectively.
Method scheme three:On the basis of method scheme two, the Cryptographic API calling sequence S=f1,f2,...,fn, Wherein fi=(ApiName, Parameter1,P-Vector1,Parameter2,P-Vector2...) represent the i-th step password Api function recalls information, wherein ApiName represent cipher function title, ParameteriRepresent the entirety in the cipher function The title of parameter, P-VectoriRepresent the attribute vector of relevant parameter.
Method scheme four:On the basis of method scheme three, the parameter attribute vector P-Vectori=(rand, From, view), its 3 components distinguish the randomness of characterising parameter, source and level of encryption.
Method scheme five:On the basis of method scheme one, two, three or four, in the step 2) in encryption application program The extraction process of Cryptographic API operation information be:
A. Cryptographic API function and its parameter information are arranged, the function name and parameter information being involved in, and Influence situation of the variety classes cipher function for input/output argument attribute, is recorded as cipher function knowledge base and function respectively Attribute knowledge base;
B. pitching pile technology is utilized, records instruction, memory and register information in Cryptographic API function call process, extraction The information of Cryptographic API title, return value and input/output argument;
C. static stain analysis is carried out to Cryptographic API input/output argument and dynamic stain is analyzed, according to different Cryptographic APIs Parameter between stain incidence relation, and function property knowledge base, critical parameter attribute;
D. it is S=f that information record, which will be extracted,1,f2,···,fn, wherein fiIt is expressed as the Cryptographic API function of the i-th step Recalls information.
The present invention is by binary pile pitching method, it can be achieved that information during operation to Cryptographic API function and its parameter Carry out, from motion tracking, monitoring and record, based on this, realizing the relevant password misuse loophole automatic identification of key and inspection Survey, broken away from dependence of the conventional method for artificial experience, while greatly improve detection efficiency.
Method scheme six:On the basis of method scheme five, the step 3) when being matched, according to check gauge Be then atomic rule, then first determine whether ApiName matches, secondly judge the corresponding attributes of relevant parameter Parameter to Whether amount P-Vector matches with the V-Vector in detected rule, if both of which matches, illustrates to meet the Hole Detection Atomic rule, exports vulnerability information.
Method scheme seven:On the basis of method scheme six, the step 3) when being matched, according to check gauge It is then compound rule, then chooses each atomic rule successively from the compound rule and carry out atomic rule inspection, if all Matching, then export vulnerability information, otherwise show that the compound rule inspection does not pass through.
Present invention also offers a kind of key safety detecting system, system schema are as follows:System schema one:The detection system System includes memory and processor, and is stored in the computer program run on the memory and on the processor, The processor is coupled with the memory, is realized when the processor performs the computer program to give an order:
1) origin cause of formation and Cryptographic API function feature of loophole, the associated cryptographic misuse of construction key are misapplied according to known password The detected rule of loophole, and store and arrive corresponding detected rule storehouse, the detected rule includes atomic rule and compound rule, The compound rule is the combination of atomic rule, and the atomic rule is (ApiName, Parameter, V-Vector), wherein ApiName represents cipher function title, and Parameter represents the special parameter title in the cipher function, and V-Vector is represented The corresponding loophole triggering vector of the parameter;
2) the Cryptographic API operation information in extraction encryption application program, including function calling relationship, parameter value, pass through The stain analysis of input/output argument, is analyzed and is identified to the incidence relation between different Cryptographic API functions, critical parameter Attribute, is recorded in the form of Cryptographic API calling sequence;
3) obtained API Calls sequence is matched with the leak detection rule in detected rule storehouse, is realized to key Associated cryptographic misapplies the automatic detection of loophole.
System schema two:On the basis of system schema one, loophole triggering vector V-Vector=(rand, from, View), its 3 components describe the randomness of special parameter, source and level of encryption respectively.
System schema three:On the basis of system schema two, the Cryptographic API calling sequence S=f1,f2,...,fn, Wherein fi=(ApiName, Parameter1,P-Vector1,Parameter2,P-Vector2...) represent the i-th step password Api function recalls information, wherein ApiName represent cipher function title, ParameteriRepresent the entirety in the cipher function The title of parameter, P-VectoriRepresent the attribute vector of relevant parameter.
System schema four:On the basis of system schema three, the parameter attribute vector P-Vectori=(rand, From, view), its 3 components distinguish the randomness of characterising parameter, source and level of encryption.
System schema five:On the basis of system schema one, two, three or four, in the step 2) in encryption application program The extraction process of Cryptographic API operation information be:
A. Cryptographic API function and its parameter information are arranged, the function name information and function parameter being involved in Information, is recorded as cipher function knowledge base and function property knowledge base respectively;
B. pitching pile technology is utilized, records instruction, memory and register information in Cryptographic API function call process, extraction The information of Cryptographic API title, return value and input/output argument;
C. static stain analysis is carried out to Cryptographic API input/output argument and dynamic stain is analyzed, according to different Cryptographic APIs Parameter between stain incidence relation, and function property knowledge base, critical parameter attribute, establishes Cryptographic API calling sequence;
D. it is S=f that information record, which will be extracted,1,f2,···,fn, wherein fiIt is expressed as the Cryptographic API function of the i-th step Recalls information.
System schema six:On the basis of system schema five, the step 3) when being matched, according to check gauge Be then atomic rule, then first determine whether ApiName matches, secondly judge the corresponding attributes of relevant parameter Parameter to Whether amount P-Vector matches with the V-Vector in detected rule, if both of which matches, illustrates to meet the Hole Detection Atomic rule, exports vulnerability information.
System schema seven:On the basis of system schema six, the step 3) when being matched, according to check gauge It is then compound rule, then chooses each atomic rule successively from the compound rule and carry out atomic rule inspection, if all Matching, then export vulnerability information, otherwise show that the compound rule inspection does not pass through.
Brief description of the drawings
Fig. 1 is the structure diagram of key safety detecting system of the present invention;
Fig. 2 is the structure diagram of CyptoAPI operation informations extraction unit in the embodiment of the present invention.
Embodiment
The embodiment of the present invention is described further below in conjunction with the accompanying drawings.
The defects of present invention is directed to existing key safety detection method, it is proposed that one kind is based on password misuse vulnerability model With the key safety detection method of binary system pitching pile, detection method disclosed by the invention summarize it is existing largely with key phase On the basis of the origin cause of formation and Cryptographic API function feature of closing password misuse loophole, determine that a set of targetedly key is related Password misapplies leak detection rule, can not only describe the loophole that single api function produces, and can portray by different functions Interact the key loophole produced, realizes that comprehensively and effectively key safety detects.This method the specific implementation process is as follows:
1. the specific origin cause of formation of loophole and the key operating specification of Cryptographic API function are misapplied according to well-known key associated cryptographic, Determine leak detection rule, establish detected rule storehouse.
The specific origin cause of formation of loophole is misapplied according to existing key associated cryptographic, the present invention atomizes leak detection rule R Rule and compound rule, atomic rule are defined as triple (ApiName, Parameter, V-Vector), wherein ApiName tables Show cipher function title, Parameter represents the special parameter title in the cipher function, and V-Vector represents that the parameter corresponds to Loophole triggering vector.Compound rule is defined as the combination of atomic rule.
Loophole triggering vector V-Vector=(rand, from, view), its 3 components describe respectively special parameter with Machine, source and level of encryption.The randomness of wherein rand={ none, limit, full } mark data, none represent data Remained unchanged in program is repeatedly called;Limit represent data change in program is repeatedly called, but do not meet in itself with The feature of machine sequence;Full represents that data change in program is repeatedly called, and the condition of compound random sequence itself. The source of from={ net, file, dialog, inner, unknown } mark data, including from net represent data source in Network data flow, file represent to read in from local file, and dialog represents to input from dialog box, and inner represents to be derived from internal solid Fixed number evidence, unknown represent that data source is unknown.View={ covered, exposed } identify program external observer for Data information contained is gone and found out what's going on, and covered represents that data are unknown for external observer, and exposed is represented Data by or can be known to external observer.
Compound rule is used for the Relating Characteristic that described function calls.Closed each other since many security holes needs are multiple The atomic rule collective effect of connection can just trigger, therefore the detection for such security hole is needed same different functions The loophole trigger condition of Shi Chengli differentiates.
2. the Cryptographic API operation information in extraction encryption application program, forms the Cryptographic API sequence that application program performs.
Before Cryptographic API operation information is extracted, it is necessary first to manually Cryptographic API function and its parameter information are carried out whole Reason, the cipher function name information that may relate in encryption process and function parameter information are touched in combination with loophole The definition for the amount of being sent to, analyzes Effect Mode of all types of cipher functions for input/output argument attribute, is recorded as password respectively Functional knowledge storehouse and function property knowledge base, the foundation generated as binary pitching pile and Cryptographic API sequence.
The basic skills of operation information extraction is to utilize binary platform, is known according to the cipher function that realization defines Know storehouse, by the combination of pitching pile, monitor instruction, memory and register in application call Cryptographic API functional procedure etc. and believe The information such as breath, extraction API Name, return value and input/output argument.Meanwhile associative function attribute knowledge base, to what is extracted The attribute of each parameter of api function is analyzed, and such as Encryption Algorithm, the view attributes of its ciphertext are according to plaintext and key Attribute depending on, only when both at exposed, ciphertext attribute is exposed.
It is Cryptographic API calling sequence S=f by the information record extracted1,f2,...,fn, wherein fi=(ApiName, Parameter1,P-Vector1,Parameter2,P-Vector2...) represent the i-th step Cryptographic API function call information, its Middle ApiName represents cipher function title, ParameteriRepresent the title of all parameters in the cipher function, P-Vectori Represent the attribute vector of relevant parameter.
3. the Cryptographic API calling sequence extracted is matched with the leak detection rule in detected rule storehouse, determine There are key safety loophole in cipher key procedures.
The detected rule compound mapping defined is obtained into detected rule storehouse into xml rule description files first;Analysis Program is detected the CryptoAPI operation informations extracted in encryption process with reference to rule base.For the loophole of regular R Detection algorithm is as follows:
The above method can be used as a kind of computer program, be stored in the memory in key safety detecting system simultaneously It can be run on the processor in key safety detecting system.Specifically, as shown in Figure 1, the key safety of the present invention Detecting system establishes unit, leak detection rule storehouse, API information extraction unit and Hole Detection unit including rule base, rule The key operating specification of the specific origin cause of formation and related api function that unit is used for according to well-known key security hole, root are established in storehouse According to being manually entered generation leak detection rule;Leak detection rule storehouse is established loophole determined by unit for storage rule storehouse and is examined Gauge is then;API information extraction unit is used to extract the Cryptographic API operation information in encryption application program, including function call is closed System, parameter value, with reference to the analysis of key stain as a result, discriminant function parameter attribute, forms the Cryptographic API that application program performs Calling sequence;Hole Detection unit is used for the Cryptographic API calling sequence that will be obtained and the leak detection rule in detected rule storehouse Matched, detect the relevant password misuse loophole of key.Wherein API information extraction unit is put down using binary Platform, the cipher function knowledge base and function property knowledge base defined according to realization, by the combination of pitching pile, monitors application program Call the information such as instruction, memory and the register in Cryptographic API functional procedure, extraction API Name, return value, input and output ginseng Number information and attribute, its principle are as shown in Figure 2.The specific implementation means of each unit have carried out in detail in the embodiment of method Illustrate, which is not described herein again.
By such scheme provided by the invention, the efficiency that identification key associated cryptographic misapplies loophole can be greatly improved, And leak detection rule determined by the present invention has good versatility and autgmentability, is not limited to key relevant vulnerability Detection, it can also be used to the detection of general password misuse loophole;The identification of currently known type password misuse loophole is not limited to, also It can be suitable for the identification of following new loophole by adding rule base.

Claims (10)

1. a kind of key safety detection method, it is characterised in that the detection method comprises the following steps:
1) origin cause of formation and Cryptographic API function feature of loophole, construction key associated cryptographic misuse loophole are misapplied according to known password Detected rule, and store arrive corresponding detected rule storehouse, the detected rule includes atomic rule and compound rule, described Compound rule is the combination of atomic rule, and the atomic rule is (ApiName, Parameter, V-Vector), wherein ApiName represents cipher function title, and Parameter represents the special parameter title in the cipher function, and V-Vector is represented The corresponding loophole triggering vector of the parameter;
2) the Cryptographic API operation information in extraction encryption application program, including function calling relationship, parameter value, by letter The stain analysis of number parameter, with reference to the characteristics of all kinds of cipher functions, to the category of all function parameters in Cryptographic API calling sequence Property analyzed, generate Cryptographic API calling sequence;
3) Cryptographic API calling sequence is matched using the leak detection rule in detected rule storehouse, realized related to key Password misapplies the automatic detection of loophole.
2. key safety detection method according to claim 1, it is characterised in that the loophole triggering vector V- Vector=(rand, from, view), its 3 components describe the randomness of special parameter, source and level of encryption respectively.
3. key safety detection method according to claim 2, it is characterised in that the Cryptographic API calling sequence S =f1,f2,...,fn, wherein fi=(ApiName, Parameter1,P-Vector1,Parameter2,P-Vector2...) table Show the Cryptographic API function call information of the i-th step, wherein ApiName represents cipher function title, ParameteriRepresent the password The title of all parameters in function, P-VectoriRepresent the attribute vector of relevant parameter.
4. key safety detection method according to claim 3, it is characterised in that the parameter attribute vector P- Vectori=(rand, from, view), the randomness of its 3 component difference characterising parameters, source and level of encryption.
5. the key safety detection method according to any one of claim 1-4, it is characterised in that in the step 2) The extraction process of Cryptographic API operation information in encryption application program is:
A. Cryptographic API function and its parameter information are arranged, the function name and parameter information being involved in, and it is different Influence situation of the species cipher function for input/output argument attribute, is recorded as cipher function knowledge base and function property respectively Knowledge base;
B. pitching pile technology is utilized, records instruction, memory and register information in Cryptographic API function call process, extracts password The title of API Name, return value and input/output argument;
C. static stain analysis is carried out to Cryptographic API input/output argument and dynamic stain is analyzed, according to the ginseng of different Cryptographic APIs Stain incidence relation between number, and function property knowledge base, critical parameter attribute;
D. it is S=f that information record, which will be extracted,1,f2,···,fn, wherein fiIt is expressed as the Cryptographic API function call letter of the i-th step Breath.
6. a kind of key safety detecting system, it is characterised in that the detecting system includes memory and processor, and storage The computer program run on the memory and on the processor, the processor are coupled with the memory, Realized when the processor performs the computer program to give an order:
1) origin cause of formation and Cryptographic API function feature of loophole, construction key associated cryptographic misuse loophole are misapplied according to known password Detected rule, and store arrive corresponding detected rule storehouse, the detected rule includes atomic rule and compound rule, described Compound rule is the combination of atomic rule, and the atomic rule is (ApiName, Parameter, V-Vector), wherein ApiName represents cipher function title, and Parameter represents the special parameter title in the cipher function, and V-Vector is represented The corresponding loophole triggering vector of the parameter;
2) the Cryptographic API operation information in extraction encryption application program, including function calling relationship, parameter value, pass through input The stain analysis of output parameter, is analyzed and is identified to the incidence relation between different Cryptographic API functions, judge parameter Attribute, is recorded in the form of Cryptographic API calling sequence;
3) obtained API Calls sequence is matched with the leak detection rule in detected rule storehouse, is realized related to key Password misapplies the automatic detection of loophole.
7. key safety detecting system according to claim 6, it is characterised in that the loophole triggering vector V- Vector=(rand, from, view), its 3 components describe the randomness of special parameter, source and level of encryption respectively.
8. key safety detecting system according to claim 7, it is characterised in that the Cryptographic API calling sequence S =f1,f2,...,fn, wherein fi=(ApiName, Parameter1,P-Vector1,Parameter2,P-Vector2...) table Show the Cryptographic API function call information of the i-th step, wherein ApiName represents cipher function title, ParameteriRepresent the password The title of all parameters in function, P-VectoriRepresent the attribute vector of relevant parameter.
9. key safety detecting system according to claim 8, it is characterised in that the parameter attribute vector P- Vectori=(rand, from, view), the randomness of its 3 component difference characterising parameters, source and level of encryption.
10. the key safety detecting system according to any one of claim 6-9, it is characterised in that the step 2) The extraction process of Cryptographic API operation information in middle encryption application program is:
A. Cryptographic API function and its parameter information are arranged, the function name and parameter information being involved in, and it is different Influence situation of the species cipher function for input/output argument attribute, is recorded as cipher function knowledge base and function property respectively Knowledge base;
B. pitching pile technology is utilized, records instruction, memory and register information in Cryptographic API function call process, extracts password The information of API Name, return value and input/output argument;
C. static stain analysis is carried out to Cryptographic API input/output argument and dynamic stain is analyzed, according to the ginseng of different Cryptographic APIs Stain incidence relation between number, and function property knowledge base, critical parameter attribute;
D. it is Cryptographic API calling sequence S=f that information record, which will be extracted,1,f2,···,fn, fiIt is expressed as the password of the i-th step Api function recalls information.
CN201711447331.XA 2017-12-27 2017-12-27 A kind of key safety detection method and system Pending CN108038381A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711447331.XA CN108038381A (en) 2017-12-27 2017-12-27 A kind of key safety detection method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711447331.XA CN108038381A (en) 2017-12-27 2017-12-27 A kind of key safety detection method and system

Publications (1)

Publication Number Publication Date
CN108038381A true CN108038381A (en) 2018-05-15

Family

ID=62097538

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711447331.XA Pending CN108038381A (en) 2017-12-27 2017-12-27 A kind of key safety detection method and system

Country Status (1)

Country Link
CN (1) CN108038381A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112347486A (en) * 2020-11-30 2021-02-09 山东浪潮商用系统有限公司 Code vulnerability examination method and device for realizing privacy protection and readable medium
CN115828224A (en) * 2022-11-15 2023-03-21 中国科学院信息工程研究所 Automatic Go language password misuse detection method and device
CN116070250A (en) * 2023-03-07 2023-05-05 卓望数码技术(深圳)有限公司 Password algorithm evaluation method and device for android system application program

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101673332A (en) * 2009-10-12 2010-03-17 湖南大学 Kernel code protection method based on Harvard architecture
CN104484175A (en) * 2014-12-16 2015-04-01 上海交通大学 Method for detecting cryptology misuse of Android application programs
CN104866765A (en) * 2015-06-03 2015-08-26 康绯 Behavior characteristic similarity-based malicious code homology analysis method
US9729328B2 (en) * 2007-03-15 2017-08-08 Ricoh Company, Ltd. Information processing apparatus, software updating method, and image processing apparatus

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9729328B2 (en) * 2007-03-15 2017-08-08 Ricoh Company, Ltd. Information processing apparatus, software updating method, and image processing apparatus
CN101673332A (en) * 2009-10-12 2010-03-17 湖南大学 Kernel code protection method based on Harvard architecture
CN104484175A (en) * 2014-12-16 2015-04-01 上海交通大学 Method for detecting cryptology misuse of Android application programs
CN104866765A (en) * 2015-06-03 2015-08-26 康绯 Behavior characteristic similarity-based malicious code homology analysis method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
林昊 等: "基于动态二进制插桩的密钥安全性检测", 《网络与信息安全学报》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112347486A (en) * 2020-11-30 2021-02-09 山东浪潮商用系统有限公司 Code vulnerability examination method and device for realizing privacy protection and readable medium
CN115828224A (en) * 2022-11-15 2023-03-21 中国科学院信息工程研究所 Automatic Go language password misuse detection method and device
CN115828224B (en) * 2022-11-15 2023-08-29 中国科学院信息工程研究所 Automatic Go language password misuse detection method and device
CN116070250A (en) * 2023-03-07 2023-05-05 卓望数码技术(深圳)有限公司 Password algorithm evaluation method and device for android system application program
CN116070250B (en) * 2023-03-07 2023-06-23 卓望数码技术(深圳)有限公司 Password algorithm evaluation method and device for android system application program

Similar Documents

Publication Publication Date Title
US10404729B2 (en) Device, method, and system of generating fraud-alerts for cyber-attacks
US11138095B2 (en) Identity propagation through application layers using contextual mapping and planted values
TWI703468B (en) Suspicious event analysis device and related computer program product for generating suspicious event sequence diagram
CN108123956A (en) Password misuse leak detection method and system based on Petri network
Austin et al. A comparison of the efficiency and effectiveness of vulnerability discovery techniques
Groce et al. What are the actual flaws in important smart contracts (and how can we find them)?
US20090132861A1 (en) Privacy Enhanced Error Reports
EP3566166B1 (en) Management of security vulnerabilities
RU2757597C1 (en) Systems and methods for reporting computer security incidents
CN108038381A (en) A kind of key safety detection method and system
Grimmer et al. A modern and sophisticated host based intrusion detection data set
CN107665164A (en) Secure data detection method and device
JP5413010B2 (en) Analysis apparatus, analysis method, and program
Auricchio et al. An automated approach to web offensive security
Gantikow et al. Container anomaly detection using neural networks analyzing system calls
CN112632547A (en) Data processing method and related device
Gao et al. Quorum chain-based malware detection in android smart devices
US11768944B2 (en) Non-intrusive method of detecting security flaws of a computer program
Kilic et al. iDeFEND: Intrusion detection framework for encrypted network data
Lin et al. Btdetect: An insider threats detection approach based on behavior traceability for iaas environments
CN113065126A (en) Personal information compliance method and device based on distributed data sandbox
JP5386015B1 (en) Bug detection apparatus and bug detection method
Wang et al. XGuard: Detecting Inconsistency Behaviors of Crosschain Bridges
Long et al. A hypothesis testing approach to sharing logs with confidence
Su et al. SmartOracle: Generating Smart Contract Oracle via Fine-Grained Invariant Detection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180515

RJ01 Rejection of invention patent application after publication