CN108038381A - A kind of key safety detection method and system - Google Patents
A kind of key safety detection method and system Download PDFInfo
- Publication number
- CN108038381A CN108038381A CN201711447331.XA CN201711447331A CN108038381A CN 108038381 A CN108038381 A CN 108038381A CN 201711447331 A CN201711447331 A CN 201711447331A CN 108038381 A CN108038381 A CN 108038381A
- Authority
- CN
- China
- Prior art keywords
- parameter
- function
- vector
- cryptographic
- rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of key safety detection method and system, belong to security of network and information technical field.The present invention misapplies the loophole origin cause of formation and the handling characteristics of Cryptographic API function according to password, it is proposed that a set of password for key safety misapplies leak detection rule, Cryptographic API operation information in extraction encryption application program, including function calling relationship, parameter value, by analyzing the stain of the key parameters such as key, Cryptographic API calling sequence is established, realizes the automation reduction of encryption and decryption mechanism in encryption application program;Leak detection rule in obtained API Calls sequence and detected rule storehouse is subjected to the matching analysis, so as to identify and position the password misuse loophole related with key, realizes that key safety detects.The present invention can not only describe the key loophole produced by single Cryptographic API function, and can portray as the password loophole caused by different api function collective effects, realize that comprehensively and effectively key safety detects.
Description
Technical field
The present invention relates to a kind of key safety detection method and system, belong to security of network and information technical field.
Background technology
With the development of information security and cryptographic technique, more and more application programs protect data using cryptographic means
Safety, but the reason such as programming error due to developer, can cause encryption process there are security risk, usually will be such
Hidden danger is known as password misuse loophole.In encryption and decryption mechanism, the correct processing to key is to ensure that overall security core link,
But in recent years, since all kinds of passwords misuse loophole that the security of key is triggered emerges in an endless stream.To National
Password misuse loophole in Vulnerability Database (NVD) between 2011 to 2016 carries out statistical analysis, as a result
The password misuse loophole for being showed more than a quarter is caused by key safety problem.Therefore, to encrypting application program
Key carry out safety detection improve software security, protection private data etc. is of great significance.At present, for
The key safety detection of encryption application program mainly passes through two methods.First, conversed analysis method.For specific encryption
Application program sample, it is inverse that analyst is based on its personal experience, comprehensive utilization dis-assembling, Binary analysis, software dynamic debugging etc.
To analysis method, the encryption process around sample carries out static and dynamic analysis, finds potential key safety loophole.This
Class method be applications security analysis basic skills, application is relatively broad, but to analyze personnel horizontal capability have compared with
High request, analysis efficiency be not high.Second, bug excavation method.Such method misapplies password related with key in application program
Loophole is considered as a kind of special software vulnerability, by bug excavation technologies such as semiology analysis, stain analysis and Fuzzing tests,
Have found that it is likely that existing such loophole, realize the automatic detection of key safety.In BlackHat meetings in 2017,
Jean-Philippe Aumasson et al. propose a kind of similar encryption applications security detection scheme, pass through
Differential Fuzzing technologies encrypt security, the correctness of application program to detect, and realize automatic detection
Instrument CDF, but the program more pays close attention to the input and output feature of cryptographic algorithm entirety, and for the related security breaches of key
Lack effective detectability.
At present, two kinds of detection methods for key safety in encryption application program all exist to a certain extent asks
Topic:
1) for conversed analysis method, used in spite of a variety of conversed analysis instruments for analyst, but these works
Tool can not provide the direct conclusion on key safety in itself, and need to rely on manually to the reverse knot of each target sample
Fruit is analyzed and is finally drawn a conclusion, the technical ability and experience of the correctness heavy dependence analyst of conclusion, and needs to expend big
Measure time and efforts, it is difficult to which batch sample is analyzed.
2) for bug excavation method, although the degree of automation is higher, the automation to batch sample can be realized
Analysis, but consider the exclusive rule and feature of cryptography loophole since the conventional method of discovering software vulnerabilities is usually less,
It is often unsatisfactory in the context of detection lack of targeted of key safety loophole, effect.
On the other hand, from the point of view of the object of safety detection, the implementation of the cryptographic algorithm in application program is mainly divided
For two kinds, first, voluntarily writing the code of cryptographic algorithm by developer;Second, directly invoke existing universal code algorithm letter
Number storehouse, such as CryptoAPI, OpenSSL.Due to the design of cryptographic algorithm realize it is strongly professional, for non-password specialty
Application developer for, it is usually more to realize relevant security module using second method, thus with CryptoAPI,
OpenSSL etc. is that the password built-in function of representative is widely used in various applications.Therefore, for key safety detection,
The identification and inspection of the key associated cryptographic misuse loophole occurred in the cryptographic libraries function call process such as CryptoAPI should be paid special attention to
Survey.
The content of the invention
The object of the present invention is to provide a kind of key safety detection method, to solve current key safety detection efficiency
Low, the problem of efficiency is undesirable;Meanwhile present invention also offers a kind of key safety detecting system.
The present invention provides a kind of key safety detection method, including following scheme to solve above-mentioned technical problem, side
Method scheme one:The detection method comprises the following steps:
1) origin cause of formation and Cryptographic API function feature of loophole, the associated cryptographic misuse of construction key are misapplied according to known password
The detected rule of loophole, and store and arrive corresponding detected rule storehouse, the detected rule includes atomic rule and compound rule,
The compound rule is the combination of atomic rule, the atomic rule be for (ApiName, Parameter, V-Vector), its
Middle ApiName represents cipher function title, and Parameter represents the special parameter title in the cipher function, V-Vector tables
Show the corresponding loophole triggering vector of the parameter;
2) the Cryptographic API operation information in extraction encryption application program, including function calling relationship, parameter value, pass through
The stain analysis of input/output argument, is analyzed and is identified to the incidence relation between different Cryptographic API functions, judge parameter
Attribute, is recorded in the form of Cryptographic API calling sequence;
3) obtained API Calls sequence is matched with the leak detection rule in detected rule storehouse, is realized to key
Associated cryptographic misapplies the automatic detection of loophole.
The detection method of the present invention is on the basis of a large amount of existing loophole origin causes of formation and Cryptographic API function feature are summarized, really
A set of targetedly key safety leak detection rule is made, the loophole that single api function produces can not only be described, and
And can portray as the password loophole caused by different api function collective effects, realize that comprehensively and effectively key safety detects.
Method scheme two:On the basis of method scheme one, loophole triggering vector V-Vector=(rand, from,
View), its 3 components describe the randomness of special parameter, source and level of encryption respectively.
Method scheme three:On the basis of method scheme two, the Cryptographic API calling sequence S=f1,f2,...,fn,
Wherein fi=(ApiName, Parameter1,P-Vector1,Parameter2,P-Vector2...) represent the i-th step password
Api function recalls information, wherein ApiName represent cipher function title, ParameteriRepresent the entirety in the cipher function
The title of parameter, P-VectoriRepresent the attribute vector of relevant parameter.
Method scheme four:On the basis of method scheme three, the parameter attribute vector P-Vectori=(rand,
From, view), its 3 components distinguish the randomness of characterising parameter, source and level of encryption.
Method scheme five:On the basis of method scheme one, two, three or four, in the step 2) in encryption application program
The extraction process of Cryptographic API operation information be:
A. Cryptographic API function and its parameter information are arranged, the function name and parameter information being involved in, and
Influence situation of the variety classes cipher function for input/output argument attribute, is recorded as cipher function knowledge base and function respectively
Attribute knowledge base;
B. pitching pile technology is utilized, records instruction, memory and register information in Cryptographic API function call process, extraction
The information of Cryptographic API title, return value and input/output argument;
C. static stain analysis is carried out to Cryptographic API input/output argument and dynamic stain is analyzed, according to different Cryptographic APIs
Parameter between stain incidence relation, and function property knowledge base, critical parameter attribute;
D. it is S=f that information record, which will be extracted,1,f2,···,fn, wherein fiIt is expressed as the Cryptographic API function of the i-th step
Recalls information.
The present invention is by binary pile pitching method, it can be achieved that information during operation to Cryptographic API function and its parameter
Carry out, from motion tracking, monitoring and record, based on this, realizing the relevant password misuse loophole automatic identification of key and inspection
Survey, broken away from dependence of the conventional method for artificial experience, while greatly improve detection efficiency.
Method scheme six:On the basis of method scheme five, the step 3) when being matched, according to check gauge
Be then atomic rule, then first determine whether ApiName matches, secondly judge the corresponding attributes of relevant parameter Parameter to
Whether amount P-Vector matches with the V-Vector in detected rule, if both of which matches, illustrates to meet the Hole Detection
Atomic rule, exports vulnerability information.
Method scheme seven:On the basis of method scheme six, the step 3) when being matched, according to check gauge
It is then compound rule, then chooses each atomic rule successively from the compound rule and carry out atomic rule inspection, if all
Matching, then export vulnerability information, otherwise show that the compound rule inspection does not pass through.
Present invention also offers a kind of key safety detecting system, system schema are as follows:System schema one:The detection system
System includes memory and processor, and is stored in the computer program run on the memory and on the processor,
The processor is coupled with the memory, is realized when the processor performs the computer program to give an order:
1) origin cause of formation and Cryptographic API function feature of loophole, the associated cryptographic misuse of construction key are misapplied according to known password
The detected rule of loophole, and store and arrive corresponding detected rule storehouse, the detected rule includes atomic rule and compound rule,
The compound rule is the combination of atomic rule, and the atomic rule is (ApiName, Parameter, V-Vector), wherein
ApiName represents cipher function title, and Parameter represents the special parameter title in the cipher function, and V-Vector is represented
The corresponding loophole triggering vector of the parameter;
2) the Cryptographic API operation information in extraction encryption application program, including function calling relationship, parameter value, pass through
The stain analysis of input/output argument, is analyzed and is identified to the incidence relation between different Cryptographic API functions, critical parameter
Attribute, is recorded in the form of Cryptographic API calling sequence;
3) obtained API Calls sequence is matched with the leak detection rule in detected rule storehouse, is realized to key
Associated cryptographic misapplies the automatic detection of loophole.
System schema two:On the basis of system schema one, loophole triggering vector V-Vector=(rand, from,
View), its 3 components describe the randomness of special parameter, source and level of encryption respectively.
System schema three:On the basis of system schema two, the Cryptographic API calling sequence S=f1,f2,...,fn,
Wherein fi=(ApiName, Parameter1,P-Vector1,Parameter2,P-Vector2...) represent the i-th step password
Api function recalls information, wherein ApiName represent cipher function title, ParameteriRepresent the entirety in the cipher function
The title of parameter, P-VectoriRepresent the attribute vector of relevant parameter.
System schema four:On the basis of system schema three, the parameter attribute vector P-Vectori=(rand,
From, view), its 3 components distinguish the randomness of characterising parameter, source and level of encryption.
System schema five:On the basis of system schema one, two, three or four, in the step 2) in encryption application program
The extraction process of Cryptographic API operation information be:
A. Cryptographic API function and its parameter information are arranged, the function name information and function parameter being involved in
Information, is recorded as cipher function knowledge base and function property knowledge base respectively;
B. pitching pile technology is utilized, records instruction, memory and register information in Cryptographic API function call process, extraction
The information of Cryptographic API title, return value and input/output argument;
C. static stain analysis is carried out to Cryptographic API input/output argument and dynamic stain is analyzed, according to different Cryptographic APIs
Parameter between stain incidence relation, and function property knowledge base, critical parameter attribute, establishes Cryptographic API calling sequence;
D. it is S=f that information record, which will be extracted,1,f2,···,fn, wherein fiIt is expressed as the Cryptographic API function of the i-th step
Recalls information.
System schema six:On the basis of system schema five, the step 3) when being matched, according to check gauge
Be then atomic rule, then first determine whether ApiName matches, secondly judge the corresponding attributes of relevant parameter Parameter to
Whether amount P-Vector matches with the V-Vector in detected rule, if both of which matches, illustrates to meet the Hole Detection
Atomic rule, exports vulnerability information.
System schema seven:On the basis of system schema six, the step 3) when being matched, according to check gauge
It is then compound rule, then chooses each atomic rule successively from the compound rule and carry out atomic rule inspection, if all
Matching, then export vulnerability information, otherwise show that the compound rule inspection does not pass through.
Brief description of the drawings
Fig. 1 is the structure diagram of key safety detecting system of the present invention;
Fig. 2 is the structure diagram of CyptoAPI operation informations extraction unit in the embodiment of the present invention.
Embodiment
The embodiment of the present invention is described further below in conjunction with the accompanying drawings.
The defects of present invention is directed to existing key safety detection method, it is proposed that one kind is based on password misuse vulnerability model
With the key safety detection method of binary system pitching pile, detection method disclosed by the invention summarize it is existing largely with key phase
On the basis of the origin cause of formation and Cryptographic API function feature of closing password misuse loophole, determine that a set of targetedly key is related
Password misapplies leak detection rule, can not only describe the loophole that single api function produces, and can portray by different functions
Interact the key loophole produced, realizes that comprehensively and effectively key safety detects.This method the specific implementation process is as follows:
1. the specific origin cause of formation of loophole and the key operating specification of Cryptographic API function are misapplied according to well-known key associated cryptographic,
Determine leak detection rule, establish detected rule storehouse.
The specific origin cause of formation of loophole is misapplied according to existing key associated cryptographic, the present invention atomizes leak detection rule R
Rule and compound rule, atomic rule are defined as triple (ApiName, Parameter, V-Vector), wherein ApiName tables
Show cipher function title, Parameter represents the special parameter title in the cipher function, and V-Vector represents that the parameter corresponds to
Loophole triggering vector.Compound rule is defined as the combination of atomic rule.
Loophole triggering vector V-Vector=(rand, from, view), its 3 components describe respectively special parameter with
Machine, source and level of encryption.The randomness of wherein rand={ none, limit, full } mark data, none represent data
Remained unchanged in program is repeatedly called;Limit represent data change in program is repeatedly called, but do not meet in itself with
The feature of machine sequence;Full represents that data change in program is repeatedly called, and the condition of compound random sequence itself.
The source of from={ net, file, dialog, inner, unknown } mark data, including from net represent data source in
Network data flow, file represent to read in from local file, and dialog represents to input from dialog box, and inner represents to be derived from internal solid
Fixed number evidence, unknown represent that data source is unknown.View={ covered, exposed } identify program external observer for
Data information contained is gone and found out what's going on, and covered represents that data are unknown for external observer, and exposed is represented
Data by or can be known to external observer.
Compound rule is used for the Relating Characteristic that described function calls.Closed each other since many security holes needs are multiple
The atomic rule collective effect of connection can just trigger, therefore the detection for such security hole is needed same different functions
The loophole trigger condition of Shi Chengli differentiates.
2. the Cryptographic API operation information in extraction encryption application program, forms the Cryptographic API sequence that application program performs.
Before Cryptographic API operation information is extracted, it is necessary first to manually Cryptographic API function and its parameter information are carried out whole
Reason, the cipher function name information that may relate in encryption process and function parameter information are touched in combination with loophole
The definition for the amount of being sent to, analyzes Effect Mode of all types of cipher functions for input/output argument attribute, is recorded as password respectively
Functional knowledge storehouse and function property knowledge base, the foundation generated as binary pitching pile and Cryptographic API sequence.
The basic skills of operation information extraction is to utilize binary platform, is known according to the cipher function that realization defines
Know storehouse, by the combination of pitching pile, monitor instruction, memory and register in application call Cryptographic API functional procedure etc. and believe
The information such as breath, extraction API Name, return value and input/output argument.Meanwhile associative function attribute knowledge base, to what is extracted
The attribute of each parameter of api function is analyzed, and such as Encryption Algorithm, the view attributes of its ciphertext are according to plaintext and key
Attribute depending on, only when both at exposed, ciphertext attribute is exposed.
It is Cryptographic API calling sequence S=f by the information record extracted1,f2,...,fn, wherein fi=(ApiName,
Parameter1,P-Vector1,Parameter2,P-Vector2...) represent the i-th step Cryptographic API function call information, its
Middle ApiName represents cipher function title, ParameteriRepresent the title of all parameters in the cipher function, P-Vectori
Represent the attribute vector of relevant parameter.
3. the Cryptographic API calling sequence extracted is matched with the leak detection rule in detected rule storehouse, determine
There are key safety loophole in cipher key procedures.
The detected rule compound mapping defined is obtained into detected rule storehouse into xml rule description files first;Analysis
Program is detected the CryptoAPI operation informations extracted in encryption process with reference to rule base.For the loophole of regular R
Detection algorithm is as follows:
The above method can be used as a kind of computer program, be stored in the memory in key safety detecting system simultaneously
It can be run on the processor in key safety detecting system.Specifically, as shown in Figure 1, the key safety of the present invention
Detecting system establishes unit, leak detection rule storehouse, API information extraction unit and Hole Detection unit including rule base, rule
The key operating specification of the specific origin cause of formation and related api function that unit is used for according to well-known key security hole, root are established in storehouse
According to being manually entered generation leak detection rule;Leak detection rule storehouse is established loophole determined by unit for storage rule storehouse and is examined
Gauge is then;API information extraction unit is used to extract the Cryptographic API operation information in encryption application program, including function call is closed
System, parameter value, with reference to the analysis of key stain as a result, discriminant function parameter attribute, forms the Cryptographic API that application program performs
Calling sequence;Hole Detection unit is used for the Cryptographic API calling sequence that will be obtained and the leak detection rule in detected rule storehouse
Matched, detect the relevant password misuse loophole of key.Wherein API information extraction unit is put down using binary
Platform, the cipher function knowledge base and function property knowledge base defined according to realization, by the combination of pitching pile, monitors application program
Call the information such as instruction, memory and the register in Cryptographic API functional procedure, extraction API Name, return value, input and output ginseng
Number information and attribute, its principle are as shown in Figure 2.The specific implementation means of each unit have carried out in detail in the embodiment of method
Illustrate, which is not described herein again.
By such scheme provided by the invention, the efficiency that identification key associated cryptographic misapplies loophole can be greatly improved,
And leak detection rule determined by the present invention has good versatility and autgmentability, is not limited to key relevant vulnerability
Detection, it can also be used to the detection of general password misuse loophole;The identification of currently known type password misuse loophole is not limited to, also
It can be suitable for the identification of following new loophole by adding rule base.
Claims (10)
1. a kind of key safety detection method, it is characterised in that the detection method comprises the following steps:
1) origin cause of formation and Cryptographic API function feature of loophole, construction key associated cryptographic misuse loophole are misapplied according to known password
Detected rule, and store arrive corresponding detected rule storehouse, the detected rule includes atomic rule and compound rule, described
Compound rule is the combination of atomic rule, and the atomic rule is (ApiName, Parameter, V-Vector), wherein
ApiName represents cipher function title, and Parameter represents the special parameter title in the cipher function, and V-Vector is represented
The corresponding loophole triggering vector of the parameter;
2) the Cryptographic API operation information in extraction encryption application program, including function calling relationship, parameter value, by letter
The stain analysis of number parameter, with reference to the characteristics of all kinds of cipher functions, to the category of all function parameters in Cryptographic API calling sequence
Property analyzed, generate Cryptographic API calling sequence;
3) Cryptographic API calling sequence is matched using the leak detection rule in detected rule storehouse, realized related to key
Password misapplies the automatic detection of loophole.
2. key safety detection method according to claim 1, it is characterised in that the loophole triggering vector V-
Vector=(rand, from, view), its 3 components describe the randomness of special parameter, source and level of encryption respectively.
3. key safety detection method according to claim 2, it is characterised in that the Cryptographic API calling sequence S
=f1,f2,...,fn, wherein fi=(ApiName, Parameter1,P-Vector1,Parameter2,P-Vector2...) table
Show the Cryptographic API function call information of the i-th step, wherein ApiName represents cipher function title, ParameteriRepresent the password
The title of all parameters in function, P-VectoriRepresent the attribute vector of relevant parameter.
4. key safety detection method according to claim 3, it is characterised in that the parameter attribute vector P-
Vectori=(rand, from, view), the randomness of its 3 component difference characterising parameters, source and level of encryption.
5. the key safety detection method according to any one of claim 1-4, it is characterised in that in the step 2)
The extraction process of Cryptographic API operation information in encryption application program is:
A. Cryptographic API function and its parameter information are arranged, the function name and parameter information being involved in, and it is different
Influence situation of the species cipher function for input/output argument attribute, is recorded as cipher function knowledge base and function property respectively
Knowledge base;
B. pitching pile technology is utilized, records instruction, memory and register information in Cryptographic API function call process, extracts password
The title of API Name, return value and input/output argument;
C. static stain analysis is carried out to Cryptographic API input/output argument and dynamic stain is analyzed, according to the ginseng of different Cryptographic APIs
Stain incidence relation between number, and function property knowledge base, critical parameter attribute;
D. it is S=f that information record, which will be extracted,1,f2,···,fn, wherein fiIt is expressed as the Cryptographic API function call letter of the i-th step
Breath.
6. a kind of key safety detecting system, it is characterised in that the detecting system includes memory and processor, and storage
The computer program run on the memory and on the processor, the processor are coupled with the memory,
Realized when the processor performs the computer program to give an order:
1) origin cause of formation and Cryptographic API function feature of loophole, construction key associated cryptographic misuse loophole are misapplied according to known password
Detected rule, and store arrive corresponding detected rule storehouse, the detected rule includes atomic rule and compound rule, described
Compound rule is the combination of atomic rule, and the atomic rule is (ApiName, Parameter, V-Vector), wherein
ApiName represents cipher function title, and Parameter represents the special parameter title in the cipher function, and V-Vector is represented
The corresponding loophole triggering vector of the parameter;
2) the Cryptographic API operation information in extraction encryption application program, including function calling relationship, parameter value, pass through input
The stain analysis of output parameter, is analyzed and is identified to the incidence relation between different Cryptographic API functions, judge parameter
Attribute, is recorded in the form of Cryptographic API calling sequence;
3) obtained API Calls sequence is matched with the leak detection rule in detected rule storehouse, is realized related to key
Password misapplies the automatic detection of loophole.
7. key safety detecting system according to claim 6, it is characterised in that the loophole triggering vector V-
Vector=(rand, from, view), its 3 components describe the randomness of special parameter, source and level of encryption respectively.
8. key safety detecting system according to claim 7, it is characterised in that the Cryptographic API calling sequence S
=f1,f2,...,fn, wherein fi=(ApiName, Parameter1,P-Vector1,Parameter2,P-Vector2...) table
Show the Cryptographic API function call information of the i-th step, wherein ApiName represents cipher function title, ParameteriRepresent the password
The title of all parameters in function, P-VectoriRepresent the attribute vector of relevant parameter.
9. key safety detecting system according to claim 8, it is characterised in that the parameter attribute vector P-
Vectori=(rand, from, view), the randomness of its 3 component difference characterising parameters, source and level of encryption.
10. the key safety detecting system according to any one of claim 6-9, it is characterised in that the step 2)
The extraction process of Cryptographic API operation information in middle encryption application program is:
A. Cryptographic API function and its parameter information are arranged, the function name and parameter information being involved in, and it is different
Influence situation of the species cipher function for input/output argument attribute, is recorded as cipher function knowledge base and function property respectively
Knowledge base;
B. pitching pile technology is utilized, records instruction, memory and register information in Cryptographic API function call process, extracts password
The information of API Name, return value and input/output argument;
C. static stain analysis is carried out to Cryptographic API input/output argument and dynamic stain is analyzed, according to the ginseng of different Cryptographic APIs
Stain incidence relation between number, and function property knowledge base, critical parameter attribute;
D. it is Cryptographic API calling sequence S=f that information record, which will be extracted,1,f2,···,fn, fiIt is expressed as the password of the i-th step
Api function recalls information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711447331.XA CN108038381A (en) | 2017-12-27 | 2017-12-27 | A kind of key safety detection method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711447331.XA CN108038381A (en) | 2017-12-27 | 2017-12-27 | A kind of key safety detection method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108038381A true CN108038381A (en) | 2018-05-15 |
Family
ID=62097538
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711447331.XA Pending CN108038381A (en) | 2017-12-27 | 2017-12-27 | A kind of key safety detection method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108038381A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112347486A (en) * | 2020-11-30 | 2021-02-09 | 山东浪潮商用系统有限公司 | Code vulnerability examination method and device for realizing privacy protection and readable medium |
CN115828224A (en) * | 2022-11-15 | 2023-03-21 | 中国科学院信息工程研究所 | Automatic Go language password misuse detection method and device |
CN116070250A (en) * | 2023-03-07 | 2023-05-05 | 卓望数码技术(深圳)有限公司 | Password algorithm evaluation method and device for android system application program |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101673332A (en) * | 2009-10-12 | 2010-03-17 | 湖南大学 | Kernel code protection method based on Harvard architecture |
CN104484175A (en) * | 2014-12-16 | 2015-04-01 | 上海交通大学 | Method for detecting cryptology misuse of Android application programs |
CN104866765A (en) * | 2015-06-03 | 2015-08-26 | 康绯 | Behavior characteristic similarity-based malicious code homology analysis method |
US9729328B2 (en) * | 2007-03-15 | 2017-08-08 | Ricoh Company, Ltd. | Information processing apparatus, software updating method, and image processing apparatus |
-
2017
- 2017-12-27 CN CN201711447331.XA patent/CN108038381A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9729328B2 (en) * | 2007-03-15 | 2017-08-08 | Ricoh Company, Ltd. | Information processing apparatus, software updating method, and image processing apparatus |
CN101673332A (en) * | 2009-10-12 | 2010-03-17 | 湖南大学 | Kernel code protection method based on Harvard architecture |
CN104484175A (en) * | 2014-12-16 | 2015-04-01 | 上海交通大学 | Method for detecting cryptology misuse of Android application programs |
CN104866765A (en) * | 2015-06-03 | 2015-08-26 | 康绯 | Behavior characteristic similarity-based malicious code homology analysis method |
Non-Patent Citations (1)
Title |
---|
林昊 等: "基于动态二进制插桩的密钥安全性检测", 《网络与信息安全学报》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112347486A (en) * | 2020-11-30 | 2021-02-09 | 山东浪潮商用系统有限公司 | Code vulnerability examination method and device for realizing privacy protection and readable medium |
CN115828224A (en) * | 2022-11-15 | 2023-03-21 | 中国科学院信息工程研究所 | Automatic Go language password misuse detection method and device |
CN115828224B (en) * | 2022-11-15 | 2023-08-29 | 中国科学院信息工程研究所 | Automatic Go language password misuse detection method and device |
CN116070250A (en) * | 2023-03-07 | 2023-05-05 | 卓望数码技术(深圳)有限公司 | Password algorithm evaluation method and device for android system application program |
CN116070250B (en) * | 2023-03-07 | 2023-06-23 | 卓望数码技术(深圳)有限公司 | Password algorithm evaluation method and device for android system application program |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10404729B2 (en) | Device, method, and system of generating fraud-alerts for cyber-attacks | |
US11138095B2 (en) | Identity propagation through application layers using contextual mapping and planted values | |
TWI703468B (en) | Suspicious event analysis device and related computer program product for generating suspicious event sequence diagram | |
CN108123956A (en) | Password misuse leak detection method and system based on Petri network | |
Austin et al. | A comparison of the efficiency and effectiveness of vulnerability discovery techniques | |
Groce et al. | What are the actual flaws in important smart contracts (and how can we find them)? | |
US20090132861A1 (en) | Privacy Enhanced Error Reports | |
EP3566166B1 (en) | Management of security vulnerabilities | |
RU2757597C1 (en) | Systems and methods for reporting computer security incidents | |
CN108038381A (en) | A kind of key safety detection method and system | |
Grimmer et al. | A modern and sophisticated host based intrusion detection data set | |
CN107665164A (en) | Secure data detection method and device | |
JP5413010B2 (en) | Analysis apparatus, analysis method, and program | |
Auricchio et al. | An automated approach to web offensive security | |
Gantikow et al. | Container anomaly detection using neural networks analyzing system calls | |
CN112632547A (en) | Data processing method and related device | |
Gao et al. | Quorum chain-based malware detection in android smart devices | |
US11768944B2 (en) | Non-intrusive method of detecting security flaws of a computer program | |
Kilic et al. | iDeFEND: Intrusion detection framework for encrypted network data | |
Lin et al. | Btdetect: An insider threats detection approach based on behavior traceability for iaas environments | |
CN113065126A (en) | Personal information compliance method and device based on distributed data sandbox | |
JP5386015B1 (en) | Bug detection apparatus and bug detection method | |
Wang et al. | XGuard: Detecting Inconsistency Behaviors of Crosschain Bridges | |
Long et al. | A hypothesis testing approach to sharing logs with confidence | |
Su et al. | SmartOracle: Generating Smart Contract Oracle via Fine-Grained Invariant Detection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180515 |
|
RJ01 | Rejection of invention patent application after publication |