CN108446560A - A kind of system detecting method, device, terminal device and readable storage medium storing program for executing - Google Patents

A kind of system detecting method, device, terminal device and readable storage medium storing program for executing Download PDF

Info

Publication number
CN108446560A
CN108446560A CN201810159024.XA CN201810159024A CN108446560A CN 108446560 A CN108446560 A CN 108446560A CN 201810159024 A CN201810159024 A CN 201810159024A CN 108446560 A CN108446560 A CN 108446560A
Authority
CN
China
Prior art keywords
data
space
check value
goal systems
capacity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810159024.XA
Other languages
Chinese (zh)
Inventor
刘均
刘新
周军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Launch Technology Co Ltd
Original Assignee
Shenzhen Launch Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Launch Technology Co Ltd filed Critical Shenzhen Launch Technology Co Ltd
Priority to CN201810159024.XA priority Critical patent/CN108446560A/en
Publication of CN108446560A publication Critical patent/CN108446560A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/565Static detection by checking file integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements

Abstract

The invention belongs to field of computer technology more particularly to a kind of system detecting method, device, terminal device and computer readable storage mediums.The embodiment of the present invention after electricity, reads the full content of the program space current in the goal systems and data space on the target system;Verification operation is carried out to the content of reading, obtains the current check value of the goal systems;Judge whether the current check value and preset benchmark check value are identical;The integrality of the goal systems is judged according to the relationship of the current check value and the benchmark check value.Due to verifying the full content for considering goal systems intermediate range ordered spaces and data space when operation, any modification program or data, and the way of implantation virus can all cause the variation of check value, to realize the timely detection to these illegal acts.

Description

A kind of system detecting method, device, terminal device and readable storage medium storing program for executing
Technical field
The invention belongs to field of computer technology more particularly to a kind of system detecting method, device, terminal device and calculating Machine readable storage medium storing program for executing.
Background technology
The high speed development of information industry brings the flourishing as never before of information technology, but does not endanger the event of information security also not Disconnected to occur, the situation of information security is severe.Information security is concerning national security, concerning social stability, it is necessary to take measures Ensure information security.
With the rapid development of computer technology, the communication technology, especially internet rapid proliferation and 3C (computer, Communication and consumer electronics) fusion acceleration, embedded system is increasingly becoming a pillar of information industry, the depth in market and Range constantly expands.However, embedded system also faces the huge challenge of secure context while fast development, especially with The continuous development and popularization of embedded system, it by illegal invasion and destruction, gives every country and numerous enterprises more and more Industry causes huge loss, or even threatens life security and economic security, even jeopardizes the safety of countries and regions sometimes. Such as embedded system is widely used to control various key equipments:Communication network, electric power grid, nuclear power station, flight control System etc., once such system is destroyed by malice invader, the loss brought is to well imagine.So safety will It can be a kind of new thinking of Embedded System Design.Embedded system soft-hardware configuration simplifies, and causes resource that can arbitrarily make With especially executing code can change, and rogue program can be implanted.Virus utilizes the weakness of operating system, will be viral Code is embedded into execution program in machine code, realizes viral transmission, causes serious loss.
Invention content
In view of this, an embodiment of the present invention provides a kind of system detecting method, device, terminal devices and computer-readable Storage medium, to solve the problems, such as the easily modified execution code of system in the prior art or be implanted by Virus.
The first aspect of the embodiment of the present invention provides a kind of system detecting method, may include:
On the target system after electricity, read in the program space current in the goal systems and the whole of data space Hold;
Verification operation is carried out to the content of reading, obtains the current check value of the goal systems;
Judge whether the current check value and preset benchmark check value are identical;
The integrality of the goal systems is judged according to the relationship of the current check value and the benchmark check value.
Further, the default process of the benchmark check value may include:
Obtain the total capacity of the total capacity and the data space in the described program space in the goal systems;
Specified program is downloaded in described program space, and obtains the occupied capacity of described program;
Specified data is downloaded in the data space, and obtains the occupied capacity of the data;
According to the residue of the total capacity in described program space and described program occupied calculation of capacity described program space Capacity;
According to the residue of data space described in the total capacity of the data space and the occupied calculation of capacity of the data Capacity;
The residual capacity of the residual capacity in described program space and the data space is filled out using preset filling content It is full;
Read the full content of described program space and the data space;
Verification operation is carried out to the content of reading, obtains the benchmark check value.
Further, the relationship according to the current check value and the benchmark check value judges the goal systems Integrality, specifically include:
If the current check value is identical as the benchmark check value, judge that the system integrity of the goal systems is protected It holds normal;
After the system integrity for judging the goal systems keeps normal, the method further includes:
The access rights of key procedure and critical data are opened to the goal systems.
Further, the key procedure and critical data obtain in the following way:
Obtain the complete routine and partial data needed for the normal operation of the goal systems;
The key procedure is extracted from the complete routine;
The critical data is extracted from the partial data.
Further, the relationship according to the current check value and the benchmark check value judges the goal systems Integrality, specifically include:
If the current check value is different from the benchmark check value, judge that the system integrity of the goal systems meets with To destruction;
After judging that the system integrity of the goal systems is destroyed, the method further includes:
Activation system security alarm;
Limit the software and/or hardware capability of the goal systems.
The second aspect of the embodiment of the present invention provides a kind of system detecting device, may include:
Data read module reads the program space current in the goal systems after electricity on the target system And the full content of data space;
Data check module carries out verification operation for the content to reading, obtains the current of the goal systems Check value;
Check value judgment module, for judging whether the current check value and preset benchmark check value are identical;
Integrality judgment module, for judging the mesh according to the relationship of the current check value and the benchmark check value The integrality of mark system.
Further, the system detecting device can also include:
Total capacity acquisition module, the total capacity for obtaining the described program space in the goal systems and the data The total capacity in space;
Program capacity acquisition module for the program specified to be downloaded in described program space, and obtains described program Occupied capacity;
Data capacity acquisition module for specified data to be downloaded in the data space, and obtains the data Occupied capacity;
Program space residual capacity computing module, occupied by the total capacity and described program according to described program space Calculation of capacity described program space residual capacity;
Data space residual capacity computing module, for according to occupied by the total capacity of the data space and the data Calculation of capacity described in data space residual capacity;
Residual capacity fills module, for using preset filling content by the residual capacity in described program space and described The residual capacity of data space is filled up;
Primary data read module, the full content for reading described program space and the data space;
Benchmark correction verification module carries out verification operation for the content to reading, obtains the benchmark check value.
Further, the integrality judgment module may include:
First judging unit judges the target if identical as the benchmark check value for the current check value The system integrity of system keeps normal;
The system detecting device can also include:
Access rights open module, after keeping normal in the system integrity for judging the goal systems, to institute State the access rights that goal systems opens key procedure and critical data.
Further, the system detecting device can also include:
Complete information acquisition module, for obtaining complete routine and complete number needed for the normal operation of the goal systems According to;
Key procedure abstraction module, for extracting the key procedure from the complete routine;
Critical data abstraction module, for extracting the critical data from the partial data.
Further, the integrality judgment module can also include:
Second judging unit judges the target if different from the benchmark check value for the current check value The system integrity of system is destroyed;
The system detecting device can also include:
Alarm module, for after judging that the system integrity of the goal systems is destroyed, activation system to be safe Alarm;
Function restriction module, after being destroyed in the system integrity of the judgement goal systems, described in limitation The software and/or hardware capability of goal systems.
The third aspect of the embodiment of the present invention provide a kind of system detectio terminal device, including memory, processor with And it is stored in the computer program that can be run in the memory and on the processor, which is characterized in that the processor The step of any of the above system detecting method being realized when executing the computer program.
The fourth aspect of the embodiment of the present invention provides a kind of computer readable storage medium, the computer-readable storage Media storage has computer program, which is characterized in that any of the above germline is realized when the computer program is executed by processor The step of detection method of uniting.
Existing advantageous effect is the embodiment of the present invention compared with prior art:The embodiment of the present invention is electric on the target system Later, the full content of the program space current in the goal systems and data space is read;To the content of reading into Row verification operation, obtains the current check value of the goal systems;Judge the current check value and preset benchmark check value It is whether identical;The integrality of the goal systems is judged according to the relationship of the current check value and the benchmark check value.By In the benchmark check value be under the original state of the goal systems, in the goal systems described program space and The full content of the data space carries out what verification operation obtained, to carry out the benchmark that system detectio provides comparison, and Due to verifying the full content for considering goal systems intermediate range ordered spaces and data space when operation, any modification program or Data, and the way of implantation Virus can all cause the variation of check value, to realize it is to these illegal acts and When detect and reaction.
Description of the drawings
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description be only the present invention some Embodiment for those of ordinary skill in the art without having to pay creative labor, can also be according to these Attached drawing obtains other attached drawings.
Fig. 1 is the schematic flow diagram of system detecting method provided in an embodiment of the present invention;
The schematic flow diagram of the default process of check value on the basis of Fig. 2;
Fig. 3 is the schematic block diagram of system detecting device provided in an embodiment of the present invention;
Fig. 4 is the schematic block diagram of system detectio terminal device provided in an embodiment of the present invention.
Specific implementation mode
In order to make the invention's purpose, features and advantages of the invention more obvious and easy to understand, below in conjunction with the present invention Attached drawing in embodiment, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that disclosed below Embodiment be only a part of the embodiment of the present invention, and not all embodiment.Based on the embodiments of the present invention, this field All other embodiment that those of ordinary skill is obtained without making creative work, belongs to protection of the present invention Range.
As shown in Figure 1, being a kind of schematic flow diagram of system detecting method provided in an embodiment of the present invention, the method can To include:
Step S101, it on the target system after electricity, reads the program space current in the goal systems and data is empty Between full content.
It should be noted that both having included occupied in the content in the described program space and the data space read The content in space, also includes the content of unappropriated remaining space, that is, needs completely to read described program space and described Full content in data space.
Since ram space is primarily used to the various ephemeral datas generated in storage system operational process, content change Property it is very big, therefore before the full content for reading described program space and data space, can first empty the goal systems In preset ram space full content, subsequent system detectio process is interfered to avoid it.
Step S102, verification operation is carried out to the content of reading, obtains the current check value of the goal systems.
In the present embodiment, the verification operation can be Hash operation, and the check value can be cryptographic Hash.
Hash operation is the Input transformation random length into the output of regular length, which is exactly cryptographic Hash.It is this Conversion is a kind of compression mapping, it is, the length of output is generally much less than the length inputted, different inputs may hash At identical output, and it can not possibly uniquely determine input value from output valve.It is exactly briefly a kind of by random length Process of the message compression to the eap-message digest of a certain regular length.In the present embodiment used Hash operation may include but It is not limited to the specific algorithm such as MD4, MD5, SHA1.
Step S103, judge whether the current check value and preset benchmark check value are identical.
The benchmark check value is under the original state of the goal systems, to the described program in the goal systems The full content of space and the data space carries out the check value that verification operation obtains.
Specifically, the default process of the benchmark check value may include figure as indicated with 2 the step of:
Step S1031, obtain the described program space in the goal systems total capacity and the data space it is total Capacity.
Usually, under the total capacity in described program space and the total capacity of the data space have been fixed in manufacture Come, will not change during subsequent use.
Step S1032, specified program is downloaded in described program space, and obtains the occupied appearance of described program Amount.
Initial program when the specified program is manufacture, the capacity occupied is usually constant.
Step S1033, specified data is downloaded in the data space, and obtains the occupied appearance of the data Amount.
The primary data when specified data is manufacture, the capacity occupied is typically also constant.
Step S1034, according to the total capacity in described program space and the occupied calculation of capacity described program of described program The residual capacity in space.
The residual capacity in described program space be described program space total capacity and the occupied capacity of described program it Difference.
Step S1035, according to data described in the total capacity of the data space and the occupied calculation of capacity of the data The residual capacity in space.
The residual capacity of the data space be the data space total capacity and the occupied capacity of the data it Difference.
Step S1036, using preset filling content by the residual capacity in described program space and the data space Residual capacity is filled up.
Assuming that described program space is 128KB, described program occupies 64KB therein, and the data space is 128KB, The data occupy 64KB therein, then need the remaining 64KB program spaces and remaining using the filling content 64KB data spaces are fully filled with, and do not leave any gap.
The filling content can include but is not limited to the combination of any one form or diversified forms below:
Form one:The random number caused by randomizer.
Form two:Full 0 or complete 1 sequence.
Form three:Repetition to certain section of content in described program space or the data space.
Form four:Specific ordered series of numbers, for example, odd number ordered series of numbers, even number ordered series of numbers, prime number ordered series of numbers, Fibonacci sequence etc..
Step S1037, the full content of described program space and the data space is read.
Also include unappropriated it should be noted that both having included the content in occupied space in the content read The content of remaining space (i.e. by the space of the filling fills) needs completely to read described program space and described Full content in data space.
Step S1038, verification operation is carried out to the content of reading, obtains the benchmark check value.
In the present embodiment, the verification operation can be Hash operation, and the check value can be cryptographic Hash.
The default process of initial benchmark check value is realized by process shown in Fig. 2, but after the goal systems During continuous use, its data space may be updated, at this point, then needing according to updated data space again The benchmark check value is calculated, updated benchmark check value is obtained.The process that specific update calculates still with Fig. 2 institutes The process shown is similar, and details are not described herein for the present embodiment.
Step S104, the complete of the goal systems is judged according to the relationship of the current check value and the benchmark check value Whole property.
If the current check value is identical as the benchmark check value, judge that the system integrity of the goal systems is protected Hold normal, the program or data of the goal systems are consistent with original state when dispatching from the factory, and are not distorted illegally Or because hardware error causes to change.
If the current check value is different from the benchmark check value, judge that the system integrity of the goal systems meets with To destruction, either data may be distorted or because hardware error causes by illegal for the program of the goal systems Variation.
The above method needs the full content by program and data, including the space not used all is passed to peace Hash operation is carried out in full chip so that any attack opponent does not have any space to place attacker, it is necessary to when according to manufacture Completely the same ability normal operation.Further, since the supervision to entire program and data, if there is any program and data because Hardware error causes to change, and will also be veritified, and ensure that the safety of program.
Preferably, after the system integrity for judging the goal systems keeps normal, the system detecting method is also May include:The access rights of key procedure and critical data are opened to the goal systems.
The key procedure and critical data be the goal systems that is extracted from the goal systems in advance just Often program and data necessary to operation.
The default process of key procedure and critical data in the safety chip may include:Obtain the goal systems Normal operation needed for complete routine and partial data;The key procedure is extracted from the complete routine;From described The critical data is extracted in partial data.
For extracting the process of the key procedure:
In one kind in the specific implementation, the extraction process can be carried out according to preset bytes range, which can To be one section of continuum, such as [32KB, 64KB], i.e., in extraction process, extract the 32KB to of the complete routine For content in this section of continuum of 64KB as the key procedure, which can also be multistage section, such as [32KB, 64KB] ∪ [256KB, 512KB], i.e., in extraction process, extract the complete routine 32KB to 64KB this Content in one section of section and 256KB to this section of section 512KB is as the key procedure.
In another kind in the specific implementation, the extraction process can also be carried out according to function module, if for example, the target System is automotive control system, may include the module for carrying out engine control in the complete routine, carries out instrument board control Module, carry out anti-lock brake control module, carry out vehicle body stability contorting module, carry out multimedia equipment control mould Block etc. can extract contents of program corresponding with one of function module as the key from the complete routine Program, for example, extract in the complete routine with carry out the corresponding contents of program of the module of engine control as the key Program can also extract contents of program corresponding with multiple function modules therein as the key from the complete routine Program, for example, extract in the complete routine with carry out the corresponding contents of program of the module of engine control and with carry out instrument The corresponding contents of program of module of dial plate control is as the key procedure.
The process for extracting the critical data is similar with the process of the above-mentioned extraction key procedure, and details are not described herein again.
After extracting completion, the key procedure and the critical data can be stored in the safety chip, It can also be stored in the isolation safe region inside equipment, can also be stored in external safety equipment.
If it should be noted that updated to its data space during the goal systems subsequent use, At this point, then need to extract critical data therein again according to the partial data in updated data space, and to the peace The critical data stored in full chip is updated.
I.e. in the present embodiment, the data in the program and the data space in described program space are all imperfect , a part of key procedure and critical data is stored in the safety chip, only after verifying successfully, the mesh Mark system can just access these key procedures and critical data, to carry out normal system operation, and if verification failure, These key procedures and critical data can not be then accessed, system can not also behave, and avoid implantation Virus to system It is destroyed caused by possible.
Preferably, after judging that the system integrity of the goal systems is destroyed, the system detecting method is also Including:Activation system security alarm, and limit the software and/or hardware capability of the goal systems.For example, can forbid described Access of the goal systems to the key procedure and the critical data, and due to the key procedure and the critical data Missing so that the goal systems is unable to operate normally, to reduce or stop risk diffusion, until the goal systems is extensive It is multiple normal.
In conclusion electricity reads program sky current in the goal systems to the embodiment of the present invention later on the target system Between and data space full content;Verification operation is carried out to the content of reading, obtains the current school of the goal systems Test value;Judge whether the current check value and preset benchmark check value are identical;According to the current check value and the base The relationship of pre-check value judges the integrality of the goal systems.Since the benchmark check value is in the first of the goal systems Under beginning state, verification operation is carried out to the full content in described program space and the data space in the goal systems and is obtained It arrives, to carry out the benchmark that system detectio provides comparison, and due to considering goal systems intermediate range when verifying operation The full content of ordered spaces and data space, any modification program or data, and the way of implantation Virus can all cause The variation of check value, to realize timely detection and reaction to these illegal acts.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-mentioned each embodiment, respectively The execution sequence of process should be determined by its function and internal logic, and the implementation process without coping with the embodiment of the present invention constitutes any It limits.
As shown in figure 3, be a kind of schematic block diagram of system detecting device provided in an embodiment of the present invention, described device can be with Including:
It is empty to read program current in the goal systems after electricity on the target system for data read module 301 Between and data space full content;
Data check module 302 carries out verification operation for the content to reading, obtains working as the goal systems Preceding check value;
Check value judgment module 303, for judging whether the current check value and preset benchmark check value are identical;
Integrality judgment module 304, for judging institute according to the relationship of the current check value and the benchmark check value State the integrality of goal systems.
Further, the system detecting device can also include:
Total capacity acquisition module, the total capacity for obtaining the described program space in the goal systems and the data The total capacity in space;
Program capacity acquisition module for the program specified to be downloaded in described program space, and obtains described program Occupied capacity;
Data capacity acquisition module for specified data to be downloaded in the data space, and obtains the data Occupied capacity;
Program space residual capacity computing module, occupied by the total capacity and described program according to described program space Calculation of capacity described program space residual capacity;
Data space residual capacity computing module, for according to occupied by the total capacity of the data space and the data Calculation of capacity described in data space residual capacity;
Residual capacity fills module, for using preset filling content by the residual capacity in described program space and described The residual capacity of data space is filled up;
Primary data read module, the full content for reading described program space and the data space;
Benchmark correction verification module carries out verification operation for the content to reading, obtains the benchmark check value.
Further, the integrality judgment module may include:
First judging unit judges the target if identical as the benchmark check value for the current check value The system integrity of system keeps normal;
The system detecting device can also include:
Access rights open module, after keeping normal in the system integrity for judging the goal systems, to institute State the access rights that goal systems opens key procedure and critical data.
Further, the system detecting device can also include:
Complete information acquisition module, for obtaining complete routine and complete number needed for the normal operation of the goal systems According to;
Key procedure abstraction module, for extracting the key procedure from the complete routine;
Critical data abstraction module, for extracting the critical data from the partial data.
Further, the integrality judgment module can also include:
Second judging unit judges the target if different from the benchmark check value for the current check value The system integrity of system is destroyed;
The system detecting device can also include:
Alarm module, for after judging that the system integrity of the goal systems is destroyed, activation system to be safe Alarm;
Function restriction module, after being destroyed in the system integrity of the judgement goal systems, described in limitation The software and/or hardware capability of goal systems.
It is apparent to those skilled in the art that for convenience and simplicity of description, the device of foregoing description It with the specific work process of module, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
Fig. 4 is the schematic block diagram for the system detectio terminal device that one embodiment of the invention provides.As shown in figure 4, the implementation Example system detectio terminal device 4 include:It processor 40, memory 41 and is stored in the memory 41 and can be described The computer program 42 run on processor 40.The processor 40 realizes above-mentioned each system when executing the computer program 42 Step in detection method embodiment of uniting, such as step S101 shown in FIG. 1 to step S104.Alternatively, the processor 40 is held Realize the function of each module in above-mentioned each device embodiment when the row computer program 42, such as module 301 shown in Fig. 3 is to mould The function of block 304.
Illustratively, the computer program 42 can be divided into one or more module/units, it is one or Multiple module/units are stored in the memory 41, and are executed by the processor 40, to complete the present invention.Described one A or multiple module/units can be the series of computation machine program instruction section that can complete specific function, which is used for Implementation procedure of the computer program 42 in the system detectio terminal device 4 is described.For example, the computer program 42 Data read module, data check module, check value judgment module, integrality judgment module can be divided into.
The system detectio terminal device 4 can be specific safety chip, and the system detectio terminal device may include, But it is not limited only to, processor 40, memory 41.It will be understood by those skilled in the art that Fig. 4 is only system detectio terminal device 4 example does not constitute the restriction to system detectio terminal device 4, may include components more more or fewer than diagram, or Combine certain components or different components.
The processor 40 can be central processing unit (Central Processing Unit, CPU), can also be Other general processors, digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit (Application Specific Integrated Circuit, ASIC), field programmable gate array (Field- Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic, Discrete hardware components etc..General processor can be microprocessor or the processor can also be any conventional processor Deng.
The memory 41 can be the internal storage unit of the system detectio terminal device 4, such as system detectio end The hard disk or memory of end equipment 4.The memory 41 can also be the External memory equipment of the system detectio terminal device 4, Such as the plug-in type hard disk being equipped on the system detectio terminal device 4, intelligent memory card (Smart Media Card, SMC), Secure digital (Secure Digital, SD) blocks, flash card (Flash Card) etc..Further, the memory 41 may be used also With both include the system detectio terminal device 4 internal storage unit and also including External memory equipment.The memory 41 is used In other programs and data needed for the storage computer program and the system detectio terminal device 4.The memory 41 can be also used for temporarily storing the data that has exported or will export.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each work( Can unit, module division progress for example, in practical application, can be as needed and by above-mentioned function distribution by different Functional unit, module are completed, i.e., the internal structure of described device are divided into different functional units or module, more than completion The all or part of function of description.Each functional unit, module in embodiment can be integrated in a processing unit, also may be used It, can also be above-mentioned integrated during two or more units are integrated in one unit to be that each unit physically exists alone The form that hardware had both may be used in unit is realized, can also be realized in the form of SFU software functional unit.In addition, each function list Member, the specific name of module are also only to facilitate mutually distinguish, the protection domain being not intended to limit this application.Above system The specific work process of middle unit, module, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, is not described in detail or remembers in some embodiment The part of load may refer to the associated description of other embodiments.
Those of ordinary skill in the art may realize that lists described in conjunction with the examples disclosed in the embodiments of the present disclosure Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually It is implemented in hardware or software, depends on the specific application and design constraint of technical solution.Professional technician Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed The scope of the present invention.
In embodiment provided by the present invention, it should be understood that disclosed device/terminal device and method, it can be with It realizes by another way.For example, device described above/terminal device embodiment is only schematical, for example, institute The division of module or unit is stated, only a kind of division of logic function, formula that in actual implementation, there may be another division manner, such as Multiple units or component can be combined or can be integrated into another system, or some features can be ignored or not executed.Separately A bit, shown or discussed mutual coupling or direct-coupling or communication connection can be by some interfaces, device Or INDIRECT COUPLING or the communication connection of unit, can be electrical, machinery or other forms.
The unit illustrated as separating component may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, you can be located at a place, or may be distributed over multiple In network element.Some or all of unit therein can be selected according to the actual needs to realize the mesh of this embodiment scheme 's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it can also It is that each unit physically exists alone, it can also be during two or more units be integrated in one unit.Above-mentioned integrated list The form that hardware had both may be used in member is realized, can also be realized in the form of SFU software functional unit.
If the integrated module/unit be realized in the form of SFU software functional unit and as independent product sale or In use, can be stored in a computer read/write memory medium.Based on this understanding, the present invention realizes above-mentioned implementation All or part of flow in example method, can also instruct relevant hardware to complete, the meter by computer program Calculation machine program can be stored in a computer readable storage medium, the computer program when being executed by processor, it can be achieved that on The step of stating each embodiment of the method.Wherein, the computer program includes computer program code, the computer program generation Code can be source code form, object identification code form, executable file or certain intermediate forms etc..The computer-readable medium May include:Any entity or device, recording medium, USB flash disk, mobile hard disk, magnetic of the computer program code can be carried Dish, CD, computer storage, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that described The content that computer-readable medium includes can carry out increasing appropriate according to legislation in jurisdiction and the requirement of patent practice Subtract, such as in certain jurisdictions, according to legislation and patent practice, computer-readable medium does not include electric carrier signal and electricity Believe signal.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although with reference to aforementioned reality Applying example, invention is explained in detail, it will be understood by those of ordinary skill in the art that:It still can be to aforementioned each Technical solution recorded in embodiment is modified or equivalent replacement of some of the technical features;And these are changed Or replace, the spirit and scope for various embodiments of the present invention technical solution that it does not separate the essence of the corresponding technical solution should all It is included within protection scope of the present invention.

Claims (10)

1. a kind of system detecting method, which is characterized in that including:
On the target system after electricity, the full content of the program space current in the goal systems and data space is read;
Verification operation is carried out to the content of reading, obtains the current check value of the goal systems;
Judge whether the current check value and preset benchmark check value are identical;
The integrality of the goal systems is judged according to the relationship of the current check value and the benchmark check value.
2. system according to claim 1 detection method, which is characterized in that the default process packet of the benchmark check value It includes:
Obtain the total capacity of the total capacity and the data space in the described program space in the goal systems;
Specified program is downloaded in described program space, and obtains the occupied capacity of described program;
Specified data is downloaded in the data space, and obtains the occupied capacity of the data;
According to the residual capacity of the total capacity in described program space and described program occupied calculation of capacity described program space;
According to the residual capacity of data space described in the total capacity of the data space and the occupied calculation of capacity of the data;
The residual capacity of the residual capacity in described program space and the data space is filled up using preset filling content;
Read the full content of described program space and the data space;
Verification operation is carried out to the content of reading, obtains the benchmark check value.
3. system according to claim 1 detection method, which is characterized in that it is described according to the current check value with it is described The relationship of benchmark check value judges the integrality of the goal systems, specifically includes:
If the current check value is identical as the benchmark check value, judge that the system integrity of the goal systems is kept just Often;
After the system integrity for judging the goal systems keeps normal, the method further includes:
The access rights of key procedure and critical data are opened to the goal systems.
4. system detecting method according to claim 3, which is characterized in that the key procedure and critical data pass through such as Under type obtains:
Obtain the complete routine and partial data needed for the normal operation of the goal systems;
The key procedure is extracted from the complete routine;
The critical data is extracted from the partial data.
5. system detecting method according to any one of claim 1 to 4, which is characterized in that described according to described current The relationship of check value and the benchmark check value judges the integrality of the goal systems, specifically includes:
If the current check value is different from the benchmark check value, judge the system integrity of the goal systems by broken It is bad;
After judging that the system integrity of the goal systems is destroyed, the method further includes:
Activation system security alarm;
Limit the software and/or hardware capability of the goal systems.
6. a kind of system detecting device, which is characterized in that including:
Data read module reads the program space current in the goal systems and number after electricity on the target system According to the full content in space;
Data check module carries out verification operation for the content to reading, obtains the current verification of the goal systems Value;
Check value judgment module, for judging whether the current check value and preset benchmark check value are identical;
Integrality judgment module, for judging the target system according to the relationship of the current check value and the benchmark check value The integrality of system.
7. system detecting device according to claim 6, which is characterized in that further include:
Total capacity acquisition module, the total capacity for obtaining the described program space in the goal systems and the data space Total capacity;
Program capacity acquisition module for the program specified to be downloaded in described program space, and obtains shared by described program Capacity;
Data capacity acquisition module for specified data to be downloaded in the data space, and obtains shared by the data Capacity;
Program space residual capacity computing module, for the occupied appearance of total capacity and described program according to described program space Amount calculates the residual capacity in described program space;
Data space residual capacity computing module, for the total capacity and the occupied appearance of the data according to the data space Amount calculates the residual capacity of the data space;
Residual capacity fills module, for using preset filling content by the residual capacity in described program space and the data The residual capacity in space is filled up;
Primary data read module, the full content for reading described program space and the data space;
Benchmark correction verification module carries out verification operation for the content to reading, obtains the benchmark check value.
8. system detecting device according to claim 6, which is characterized in that further include:
Complete information acquisition module, for obtaining complete routine and partial data needed for the normal operation of the goal systems;
Key procedure abstraction module, for extracting the key procedure from the complete routine;
Critical data abstraction module, for extracting the critical data from the partial data.
9. a kind of system detectio terminal device, including memory, processor and it is stored in the memory and can be described The computer program run on processor, which is characterized in that the processor realizes such as right when executing the computer program It is required that the step of system detecting method described in any one of 1 to 5.
10. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, feature to exist In realizing the system detecting method as described in any one of claim 1 to 5 when the computer program is executed by processor Step.
CN201810159024.XA 2018-02-26 2018-02-26 A kind of system detecting method, device, terminal device and readable storage medium storing program for executing Pending CN108446560A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810159024.XA CN108446560A (en) 2018-02-26 2018-02-26 A kind of system detecting method, device, terminal device and readable storage medium storing program for executing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810159024.XA CN108446560A (en) 2018-02-26 2018-02-26 A kind of system detecting method, device, terminal device and readable storage medium storing program for executing

Publications (1)

Publication Number Publication Date
CN108446560A true CN108446560A (en) 2018-08-24

Family

ID=63193056

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810159024.XA Pending CN108446560A (en) 2018-02-26 2018-02-26 A kind of system detecting method, device, terminal device and readable storage medium storing program for executing

Country Status (1)

Country Link
CN (1) CN108446560A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111464267A (en) * 2020-04-29 2020-07-28 卓尔智联(武汉)研究院有限公司 Communication data checking method and device, computer equipment and storage medium
CN113468008A (en) * 2021-07-13 2021-10-01 深圳市越疆科技有限公司 Detection method, device and equipment of safety controller and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102968595A (en) * 2012-12-20 2013-03-13 曙光云计算技术有限公司 Method and device for protecting virtual machine system
CN103593617A (en) * 2013-10-27 2014-02-19 西安电子科技大学 Software integrity verifying system and method based on VMM (virtual machine monitor)
CN104243457A (en) * 2014-08-29 2014-12-24 上海斐讯数据通信技术有限公司 Credibility measuring method and system for mobile terminal
CN106886473A (en) * 2017-04-24 2017-06-23 郑州云海信息技术有限公司 A kind of startup method of server, device and server
CN106951785A (en) * 2017-03-15 2017-07-14 湖南文盾信息技术有限公司 A kind of JAVA virtual machine and trust chain extension method therein
CN107403098A (en) * 2017-06-13 2017-11-28 北京溢思得瑞智能科技研究院有限公司 The active safety means of defence and credible industrial control computer of credible industrial control computer startup stage

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102968595A (en) * 2012-12-20 2013-03-13 曙光云计算技术有限公司 Method and device for protecting virtual machine system
CN103593617A (en) * 2013-10-27 2014-02-19 西安电子科技大学 Software integrity verifying system and method based on VMM (virtual machine monitor)
CN104243457A (en) * 2014-08-29 2014-12-24 上海斐讯数据通信技术有限公司 Credibility measuring method and system for mobile terminal
CN106951785A (en) * 2017-03-15 2017-07-14 湖南文盾信息技术有限公司 A kind of JAVA virtual machine and trust chain extension method therein
CN106886473A (en) * 2017-04-24 2017-06-23 郑州云海信息技术有限公司 A kind of startup method of server, device and server
CN107403098A (en) * 2017-06-13 2017-11-28 北京溢思得瑞智能科技研究院有限公司 The active safety means of defence and credible industrial control computer of credible industrial control computer startup stage

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111464267A (en) * 2020-04-29 2020-07-28 卓尔智联(武汉)研究院有限公司 Communication data checking method and device, computer equipment and storage medium
CN111464267B (en) * 2020-04-29 2021-06-15 卓尔智联(武汉)研究院有限公司 Communication data checking method and device, computer equipment and storage medium
CN113468008A (en) * 2021-07-13 2021-10-01 深圳市越疆科技有限公司 Detection method, device and equipment of safety controller and storage medium

Similar Documents

Publication Publication Date Title
CN103888444B (en) A kind of safe distribution of electric power authentication device and its method
CN103198347B (en) Safety equipment tamperproof circuit
CN103559435B (en) The debugging port controlling method and apparatus of terminal device
CN107463838A (en) Method for safety monitoring, device, system and storage medium based on SGX
CN108365950A (en) The generation method and device of financial self-service equipment key
CN104486075A (en) Intelligent substation ICD model file digital signature verification method
CN108229144A (en) A kind of verification method of application program, terminal device and storage medium
CN108446560A (en) A kind of system detecting method, device, terminal device and readable storage medium storing program for executing
CN111740838A (en) Trusted uplink method and system for block chain data
CN101047701B (en) System and method for ensuring safety operation of applied program
CN110247897A (en) A kind of system login method, equipment, gateway and computer readable storage medium
CN106548065A (en) Application program installs detection method and device
KR20140048094A (en) Method for programming a mobile terminal chip
CN102662871B (en) A kind of virtual disk integrity protection system and method based on credible password module
CN102571326B (en) The method for testing security of differentiated control mode key management system
CN109299944A (en) Data ciphering method, system and terminal in a kind of process of exchange
CN105577705A (en) Safety protection method and system for IEC60870-5-104 protocol
CN108965315A (en) A kind of authentic authentication method of terminal device, device and terminal device
CN112035831A (en) Data processing method, device, server and storage medium
CN106093833B (en) Take the function of initializing test method and system of control electric energy meter
CN109768853A (en) A kind of key component verification method, device and terminal device
CN108830114A (en) The data processing method and device, storage medium of nonvolatile memory
EP4109313A1 (en) Computer-implemented method and system for checking data anonymization
CN102970145B (en) Signature method and device
CN107368337A (en) Using method for down loading, device and terminal device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180824

RJ01 Rejection of invention patent application after publication