CN108446560A - A kind of system detecting method, device, terminal device and readable storage medium storing program for executing - Google Patents
A kind of system detecting method, device, terminal device and readable storage medium storing program for executing Download PDFInfo
- Publication number
- CN108446560A CN108446560A CN201810159024.XA CN201810159024A CN108446560A CN 108446560 A CN108446560 A CN 108446560A CN 201810159024 A CN201810159024 A CN 201810159024A CN 108446560 A CN108446560 A CN 108446560A
- Authority
- CN
- China
- Prior art keywords
- data
- space
- check value
- goal systems
- capacity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/565—Static detection by checking file integrity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
Abstract
The invention belongs to field of computer technology more particularly to a kind of system detecting method, device, terminal device and computer readable storage mediums.The embodiment of the present invention after electricity, reads the full content of the program space current in the goal systems and data space on the target system;Verification operation is carried out to the content of reading, obtains the current check value of the goal systems;Judge whether the current check value and preset benchmark check value are identical;The integrality of the goal systems is judged according to the relationship of the current check value and the benchmark check value.Due to verifying the full content for considering goal systems intermediate range ordered spaces and data space when operation, any modification program or data, and the way of implantation virus can all cause the variation of check value, to realize the timely detection to these illegal acts.
Description
Technical field
The invention belongs to field of computer technology more particularly to a kind of system detecting method, device, terminal device and calculating
Machine readable storage medium storing program for executing.
Background technology
The high speed development of information industry brings the flourishing as never before of information technology, but does not endanger the event of information security also not
Disconnected to occur, the situation of information security is severe.Information security is concerning national security, concerning social stability, it is necessary to take measures
Ensure information security.
With the rapid development of computer technology, the communication technology, especially internet rapid proliferation and 3C (computer,
Communication and consumer electronics) fusion acceleration, embedded system is increasingly becoming a pillar of information industry, the depth in market and
Range constantly expands.However, embedded system also faces the huge challenge of secure context while fast development, especially with
The continuous development and popularization of embedded system, it by illegal invasion and destruction, gives every country and numerous enterprises more and more
Industry causes huge loss, or even threatens life security and economic security, even jeopardizes the safety of countries and regions sometimes.
Such as embedded system is widely used to control various key equipments:Communication network, electric power grid, nuclear power station, flight control
System etc., once such system is destroyed by malice invader, the loss brought is to well imagine.So safety will
It can be a kind of new thinking of Embedded System Design.Embedded system soft-hardware configuration simplifies, and causes resource that can arbitrarily make
With especially executing code can change, and rogue program can be implanted.Virus utilizes the weakness of operating system, will be viral
Code is embedded into execution program in machine code, realizes viral transmission, causes serious loss.
Invention content
In view of this, an embodiment of the present invention provides a kind of system detecting method, device, terminal devices and computer-readable
Storage medium, to solve the problems, such as the easily modified execution code of system in the prior art or be implanted by Virus.
The first aspect of the embodiment of the present invention provides a kind of system detecting method, may include:
On the target system after electricity, read in the program space current in the goal systems and the whole of data space
Hold;
Verification operation is carried out to the content of reading, obtains the current check value of the goal systems;
Judge whether the current check value and preset benchmark check value are identical;
The integrality of the goal systems is judged according to the relationship of the current check value and the benchmark check value.
Further, the default process of the benchmark check value may include:
Obtain the total capacity of the total capacity and the data space in the described program space in the goal systems;
Specified program is downloaded in described program space, and obtains the occupied capacity of described program;
Specified data is downloaded in the data space, and obtains the occupied capacity of the data;
According to the residue of the total capacity in described program space and described program occupied calculation of capacity described program space
Capacity;
According to the residue of data space described in the total capacity of the data space and the occupied calculation of capacity of the data
Capacity;
The residual capacity of the residual capacity in described program space and the data space is filled out using preset filling content
It is full;
Read the full content of described program space and the data space;
Verification operation is carried out to the content of reading, obtains the benchmark check value.
Further, the relationship according to the current check value and the benchmark check value judges the goal systems
Integrality, specifically include:
If the current check value is identical as the benchmark check value, judge that the system integrity of the goal systems is protected
It holds normal;
After the system integrity for judging the goal systems keeps normal, the method further includes:
The access rights of key procedure and critical data are opened to the goal systems.
Further, the key procedure and critical data obtain in the following way:
Obtain the complete routine and partial data needed for the normal operation of the goal systems;
The key procedure is extracted from the complete routine;
The critical data is extracted from the partial data.
Further, the relationship according to the current check value and the benchmark check value judges the goal systems
Integrality, specifically include:
If the current check value is different from the benchmark check value, judge that the system integrity of the goal systems meets with
To destruction;
After judging that the system integrity of the goal systems is destroyed, the method further includes:
Activation system security alarm;
Limit the software and/or hardware capability of the goal systems.
The second aspect of the embodiment of the present invention provides a kind of system detecting device, may include:
Data read module reads the program space current in the goal systems after electricity on the target system
And the full content of data space;
Data check module carries out verification operation for the content to reading, obtains the current of the goal systems
Check value;
Check value judgment module, for judging whether the current check value and preset benchmark check value are identical;
Integrality judgment module, for judging the mesh according to the relationship of the current check value and the benchmark check value
The integrality of mark system.
Further, the system detecting device can also include:
Total capacity acquisition module, the total capacity for obtaining the described program space in the goal systems and the data
The total capacity in space;
Program capacity acquisition module for the program specified to be downloaded in described program space, and obtains described program
Occupied capacity;
Data capacity acquisition module for specified data to be downloaded in the data space, and obtains the data
Occupied capacity;
Program space residual capacity computing module, occupied by the total capacity and described program according to described program space
Calculation of capacity described program space residual capacity;
Data space residual capacity computing module, for according to occupied by the total capacity of the data space and the data
Calculation of capacity described in data space residual capacity;
Residual capacity fills module, for using preset filling content by the residual capacity in described program space and described
The residual capacity of data space is filled up;
Primary data read module, the full content for reading described program space and the data space;
Benchmark correction verification module carries out verification operation for the content to reading, obtains the benchmark check value.
Further, the integrality judgment module may include:
First judging unit judges the target if identical as the benchmark check value for the current check value
The system integrity of system keeps normal;
The system detecting device can also include:
Access rights open module, after keeping normal in the system integrity for judging the goal systems, to institute
State the access rights that goal systems opens key procedure and critical data.
Further, the system detecting device can also include:
Complete information acquisition module, for obtaining complete routine and complete number needed for the normal operation of the goal systems
According to;
Key procedure abstraction module, for extracting the key procedure from the complete routine;
Critical data abstraction module, for extracting the critical data from the partial data.
Further, the integrality judgment module can also include:
Second judging unit judges the target if different from the benchmark check value for the current check value
The system integrity of system is destroyed;
The system detecting device can also include:
Alarm module, for after judging that the system integrity of the goal systems is destroyed, activation system to be safe
Alarm;
Function restriction module, after being destroyed in the system integrity of the judgement goal systems, described in limitation
The software and/or hardware capability of goal systems.
The third aspect of the embodiment of the present invention provide a kind of system detectio terminal device, including memory, processor with
And it is stored in the computer program that can be run in the memory and on the processor, which is characterized in that the processor
The step of any of the above system detecting method being realized when executing the computer program.
The fourth aspect of the embodiment of the present invention provides a kind of computer readable storage medium, the computer-readable storage
Media storage has computer program, which is characterized in that any of the above germline is realized when the computer program is executed by processor
The step of detection method of uniting.
Existing advantageous effect is the embodiment of the present invention compared with prior art:The embodiment of the present invention is electric on the target system
Later, the full content of the program space current in the goal systems and data space is read;To the content of reading into
Row verification operation, obtains the current check value of the goal systems;Judge the current check value and preset benchmark check value
It is whether identical;The integrality of the goal systems is judged according to the relationship of the current check value and the benchmark check value.By
In the benchmark check value be under the original state of the goal systems, in the goal systems described program space and
The full content of the data space carries out what verification operation obtained, to carry out the benchmark that system detectio provides comparison, and
Due to verifying the full content for considering goal systems intermediate range ordered spaces and data space when operation, any modification program or
Data, and the way of implantation Virus can all cause the variation of check value, to realize it is to these illegal acts and
When detect and reaction.
Description of the drawings
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art
Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description be only the present invention some
Embodiment for those of ordinary skill in the art without having to pay creative labor, can also be according to these
Attached drawing obtains other attached drawings.
Fig. 1 is the schematic flow diagram of system detecting method provided in an embodiment of the present invention;
The schematic flow diagram of the default process of check value on the basis of Fig. 2;
Fig. 3 is the schematic block diagram of system detecting device provided in an embodiment of the present invention;
Fig. 4 is the schematic block diagram of system detectio terminal device provided in an embodiment of the present invention.
Specific implementation mode
In order to make the invention's purpose, features and advantages of the invention more obvious and easy to understand, below in conjunction with the present invention
Attached drawing in embodiment, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that disclosed below
Embodiment be only a part of the embodiment of the present invention, and not all embodiment.Based on the embodiments of the present invention, this field
All other embodiment that those of ordinary skill is obtained without making creative work, belongs to protection of the present invention
Range.
As shown in Figure 1, being a kind of schematic flow diagram of system detecting method provided in an embodiment of the present invention, the method can
To include:
Step S101, it on the target system after electricity, reads the program space current in the goal systems and data is empty
Between full content.
It should be noted that both having included occupied in the content in the described program space and the data space read
The content in space, also includes the content of unappropriated remaining space, that is, needs completely to read described program space and described
Full content in data space.
Since ram space is primarily used to the various ephemeral datas generated in storage system operational process, content change
Property it is very big, therefore before the full content for reading described program space and data space, can first empty the goal systems
In preset ram space full content, subsequent system detectio process is interfered to avoid it.
Step S102, verification operation is carried out to the content of reading, obtains the current check value of the goal systems.
In the present embodiment, the verification operation can be Hash operation, and the check value can be cryptographic Hash.
Hash operation is the Input transformation random length into the output of regular length, which is exactly cryptographic Hash.It is this
Conversion is a kind of compression mapping, it is, the length of output is generally much less than the length inputted, different inputs may hash
At identical output, and it can not possibly uniquely determine input value from output valve.It is exactly briefly a kind of by random length
Process of the message compression to the eap-message digest of a certain regular length.In the present embodiment used Hash operation may include but
It is not limited to the specific algorithm such as MD4, MD5, SHA1.
Step S103, judge whether the current check value and preset benchmark check value are identical.
The benchmark check value is under the original state of the goal systems, to the described program in the goal systems
The full content of space and the data space carries out the check value that verification operation obtains.
Specifically, the default process of the benchmark check value may include figure as indicated with 2 the step of:
Step S1031, obtain the described program space in the goal systems total capacity and the data space it is total
Capacity.
Usually, under the total capacity in described program space and the total capacity of the data space have been fixed in manufacture
Come, will not change during subsequent use.
Step S1032, specified program is downloaded in described program space, and obtains the occupied appearance of described program
Amount.
Initial program when the specified program is manufacture, the capacity occupied is usually constant.
Step S1033, specified data is downloaded in the data space, and obtains the occupied appearance of the data
Amount.
The primary data when specified data is manufacture, the capacity occupied is typically also constant.
Step S1034, according to the total capacity in described program space and the occupied calculation of capacity described program of described program
The residual capacity in space.
The residual capacity in described program space be described program space total capacity and the occupied capacity of described program it
Difference.
Step S1035, according to data described in the total capacity of the data space and the occupied calculation of capacity of the data
The residual capacity in space.
The residual capacity of the data space be the data space total capacity and the occupied capacity of the data it
Difference.
Step S1036, using preset filling content by the residual capacity in described program space and the data space
Residual capacity is filled up.
Assuming that described program space is 128KB, described program occupies 64KB therein, and the data space is 128KB,
The data occupy 64KB therein, then need the remaining 64KB program spaces and remaining using the filling content
64KB data spaces are fully filled with, and do not leave any gap.
The filling content can include but is not limited to the combination of any one form or diversified forms below:
Form one:The random number caused by randomizer.
Form two:Full 0 or complete 1 sequence.
Form three:Repetition to certain section of content in described program space or the data space.
Form four:Specific ordered series of numbers, for example, odd number ordered series of numbers, even number ordered series of numbers, prime number ordered series of numbers, Fibonacci sequence etc..
Step S1037, the full content of described program space and the data space is read.
Also include unappropriated it should be noted that both having included the content in occupied space in the content read
The content of remaining space (i.e. by the space of the filling fills) needs completely to read described program space and described
Full content in data space.
Step S1038, verification operation is carried out to the content of reading, obtains the benchmark check value.
In the present embodiment, the verification operation can be Hash operation, and the check value can be cryptographic Hash.
The default process of initial benchmark check value is realized by process shown in Fig. 2, but after the goal systems
During continuous use, its data space may be updated, at this point, then needing according to updated data space again
The benchmark check value is calculated, updated benchmark check value is obtained.The process that specific update calculates still with Fig. 2 institutes
The process shown is similar, and details are not described herein for the present embodiment.
Step S104, the complete of the goal systems is judged according to the relationship of the current check value and the benchmark check value
Whole property.
If the current check value is identical as the benchmark check value, judge that the system integrity of the goal systems is protected
Hold normal, the program or data of the goal systems are consistent with original state when dispatching from the factory, and are not distorted illegally
Or because hardware error causes to change.
If the current check value is different from the benchmark check value, judge that the system integrity of the goal systems meets with
To destruction, either data may be distorted or because hardware error causes by illegal for the program of the goal systems
Variation.
The above method needs the full content by program and data, including the space not used all is passed to peace
Hash operation is carried out in full chip so that any attack opponent does not have any space to place attacker, it is necessary to when according to manufacture
Completely the same ability normal operation.Further, since the supervision to entire program and data, if there is any program and data because
Hardware error causes to change, and will also be veritified, and ensure that the safety of program.
Preferably, after the system integrity for judging the goal systems keeps normal, the system detecting method is also
May include:The access rights of key procedure and critical data are opened to the goal systems.
The key procedure and critical data be the goal systems that is extracted from the goal systems in advance just
Often program and data necessary to operation.
The default process of key procedure and critical data in the safety chip may include:Obtain the goal systems
Normal operation needed for complete routine and partial data;The key procedure is extracted from the complete routine;From described
The critical data is extracted in partial data.
For extracting the process of the key procedure:
In one kind in the specific implementation, the extraction process can be carried out according to preset bytes range, which can
To be one section of continuum, such as [32KB, 64KB], i.e., in extraction process, extract the 32KB to of the complete routine
For content in this section of continuum of 64KB as the key procedure, which can also be multistage section, such as
[32KB, 64KB] ∪ [256KB, 512KB], i.e., in extraction process, extract the complete routine 32KB to 64KB this
Content in one section of section and 256KB to this section of section 512KB is as the key procedure.
In another kind in the specific implementation, the extraction process can also be carried out according to function module, if for example, the target
System is automotive control system, may include the module for carrying out engine control in the complete routine, carries out instrument board control
Module, carry out anti-lock brake control module, carry out vehicle body stability contorting module, carry out multimedia equipment control mould
Block etc. can extract contents of program corresponding with one of function module as the key from the complete routine
Program, for example, extract in the complete routine with carry out the corresponding contents of program of the module of engine control as the key
Program can also extract contents of program corresponding with multiple function modules therein as the key from the complete routine
Program, for example, extract in the complete routine with carry out the corresponding contents of program of the module of engine control and with carry out instrument
The corresponding contents of program of module of dial plate control is as the key procedure.
The process for extracting the critical data is similar with the process of the above-mentioned extraction key procedure, and details are not described herein again.
After extracting completion, the key procedure and the critical data can be stored in the safety chip,
It can also be stored in the isolation safe region inside equipment, can also be stored in external safety equipment.
If it should be noted that updated to its data space during the goal systems subsequent use,
At this point, then need to extract critical data therein again according to the partial data in updated data space, and to the peace
The critical data stored in full chip is updated.
I.e. in the present embodiment, the data in the program and the data space in described program space are all imperfect
, a part of key procedure and critical data is stored in the safety chip, only after verifying successfully, the mesh
Mark system can just access these key procedures and critical data, to carry out normal system operation, and if verification failure,
These key procedures and critical data can not be then accessed, system can not also behave, and avoid implantation Virus to system
It is destroyed caused by possible.
Preferably, after judging that the system integrity of the goal systems is destroyed, the system detecting method is also
Including:Activation system security alarm, and limit the software and/or hardware capability of the goal systems.For example, can forbid described
Access of the goal systems to the key procedure and the critical data, and due to the key procedure and the critical data
Missing so that the goal systems is unable to operate normally, to reduce or stop risk diffusion, until the goal systems is extensive
It is multiple normal.
In conclusion electricity reads program sky current in the goal systems to the embodiment of the present invention later on the target system
Between and data space full content;Verification operation is carried out to the content of reading, obtains the current school of the goal systems
Test value;Judge whether the current check value and preset benchmark check value are identical;According to the current check value and the base
The relationship of pre-check value judges the integrality of the goal systems.Since the benchmark check value is in the first of the goal systems
Under beginning state, verification operation is carried out to the full content in described program space and the data space in the goal systems and is obtained
It arrives, to carry out the benchmark that system detectio provides comparison, and due to considering goal systems intermediate range when verifying operation
The full content of ordered spaces and data space, any modification program or data, and the way of implantation Virus can all cause
The variation of check value, to realize timely detection and reaction to these illegal acts.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-mentioned each embodiment, respectively
The execution sequence of process should be determined by its function and internal logic, and the implementation process without coping with the embodiment of the present invention constitutes any
It limits.
As shown in figure 3, be a kind of schematic block diagram of system detecting device provided in an embodiment of the present invention, described device can be with
Including:
It is empty to read program current in the goal systems after electricity on the target system for data read module 301
Between and data space full content;
Data check module 302 carries out verification operation for the content to reading, obtains working as the goal systems
Preceding check value;
Check value judgment module 303, for judging whether the current check value and preset benchmark check value are identical;
Integrality judgment module 304, for judging institute according to the relationship of the current check value and the benchmark check value
State the integrality of goal systems.
Further, the system detecting device can also include:
Total capacity acquisition module, the total capacity for obtaining the described program space in the goal systems and the data
The total capacity in space;
Program capacity acquisition module for the program specified to be downloaded in described program space, and obtains described program
Occupied capacity;
Data capacity acquisition module for specified data to be downloaded in the data space, and obtains the data
Occupied capacity;
Program space residual capacity computing module, occupied by the total capacity and described program according to described program space
Calculation of capacity described program space residual capacity;
Data space residual capacity computing module, for according to occupied by the total capacity of the data space and the data
Calculation of capacity described in data space residual capacity;
Residual capacity fills module, for using preset filling content by the residual capacity in described program space and described
The residual capacity of data space is filled up;
Primary data read module, the full content for reading described program space and the data space;
Benchmark correction verification module carries out verification operation for the content to reading, obtains the benchmark check value.
Further, the integrality judgment module may include:
First judging unit judges the target if identical as the benchmark check value for the current check value
The system integrity of system keeps normal;
The system detecting device can also include:
Access rights open module, after keeping normal in the system integrity for judging the goal systems, to institute
State the access rights that goal systems opens key procedure and critical data.
Further, the system detecting device can also include:
Complete information acquisition module, for obtaining complete routine and complete number needed for the normal operation of the goal systems
According to;
Key procedure abstraction module, for extracting the key procedure from the complete routine;
Critical data abstraction module, for extracting the critical data from the partial data.
Further, the integrality judgment module can also include:
Second judging unit judges the target if different from the benchmark check value for the current check value
The system integrity of system is destroyed;
The system detecting device can also include:
Alarm module, for after judging that the system integrity of the goal systems is destroyed, activation system to be safe
Alarm;
Function restriction module, after being destroyed in the system integrity of the judgement goal systems, described in limitation
The software and/or hardware capability of goal systems.
It is apparent to those skilled in the art that for convenience and simplicity of description, the device of foregoing description
It with the specific work process of module, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
Fig. 4 is the schematic block diagram for the system detectio terminal device that one embodiment of the invention provides.As shown in figure 4, the implementation
Example system detectio terminal device 4 include:It processor 40, memory 41 and is stored in the memory 41 and can be described
The computer program 42 run on processor 40.The processor 40 realizes above-mentioned each system when executing the computer program 42
Step in detection method embodiment of uniting, such as step S101 shown in FIG. 1 to step S104.Alternatively, the processor 40 is held
Realize the function of each module in above-mentioned each device embodiment when the row computer program 42, such as module 301 shown in Fig. 3 is to mould
The function of block 304.
Illustratively, the computer program 42 can be divided into one or more module/units, it is one or
Multiple module/units are stored in the memory 41, and are executed by the processor 40, to complete the present invention.Described one
A or multiple module/units can be the series of computation machine program instruction section that can complete specific function, which is used for
Implementation procedure of the computer program 42 in the system detectio terminal device 4 is described.For example, the computer program 42
Data read module, data check module, check value judgment module, integrality judgment module can be divided into.
The system detectio terminal device 4 can be specific safety chip, and the system detectio terminal device may include,
But it is not limited only to, processor 40, memory 41.It will be understood by those skilled in the art that Fig. 4 is only system detectio terminal device
4 example does not constitute the restriction to system detectio terminal device 4, may include components more more or fewer than diagram, or
Combine certain components or different components.
The processor 40 can be central processing unit (Central Processing Unit, CPU), can also be
Other general processors, digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit
(Application Specific Integrated Circuit, ASIC), field programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor can also be any conventional processor
Deng.
The memory 41 can be the internal storage unit of the system detectio terminal device 4, such as system detectio end
The hard disk or memory of end equipment 4.The memory 41 can also be the External memory equipment of the system detectio terminal device 4,
Such as the plug-in type hard disk being equipped on the system detectio terminal device 4, intelligent memory card (Smart Media Card, SMC),
Secure digital (Secure Digital, SD) blocks, flash card (Flash Card) etc..Further, the memory 41 may be used also
With both include the system detectio terminal device 4 internal storage unit and also including External memory equipment.The memory 41 is used
In other programs and data needed for the storage computer program and the system detectio terminal device 4.The memory
41 can be also used for temporarily storing the data that has exported or will export.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each work(
Can unit, module division progress for example, in practical application, can be as needed and by above-mentioned function distribution by different
Functional unit, module are completed, i.e., the internal structure of described device are divided into different functional units or module, more than completion
The all or part of function of description.Each functional unit, module in embodiment can be integrated in a processing unit, also may be used
It, can also be above-mentioned integrated during two or more units are integrated in one unit to be that each unit physically exists alone
The form that hardware had both may be used in unit is realized, can also be realized in the form of SFU software functional unit.In addition, each function list
Member, the specific name of module are also only to facilitate mutually distinguish, the protection domain being not intended to limit this application.Above system
The specific work process of middle unit, module, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, is not described in detail or remembers in some embodiment
The part of load may refer to the associated description of other embodiments.
Those of ordinary skill in the art may realize that lists described in conjunction with the examples disclosed in the embodiments of the present disclosure
Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
It is implemented in hardware or software, depends on the specific application and design constraint of technical solution.Professional technician
Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed
The scope of the present invention.
In embodiment provided by the present invention, it should be understood that disclosed device/terminal device and method, it can be with
It realizes by another way.For example, device described above/terminal device embodiment is only schematical, for example, institute
The division of module or unit is stated, only a kind of division of logic function, formula that in actual implementation, there may be another division manner, such as
Multiple units or component can be combined or can be integrated into another system, or some features can be ignored or not executed.Separately
A bit, shown or discussed mutual coupling or direct-coupling or communication connection can be by some interfaces, device
Or INDIRECT COUPLING or the communication connection of unit, can be electrical, machinery or other forms.
The unit illustrated as separating component may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, you can be located at a place, or may be distributed over multiple
In network element.Some or all of unit therein can be selected according to the actual needs to realize the mesh of this embodiment scheme
's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it can also
It is that each unit physically exists alone, it can also be during two or more units be integrated in one unit.Above-mentioned integrated list
The form that hardware had both may be used in member is realized, can also be realized in the form of SFU software functional unit.
If the integrated module/unit be realized in the form of SFU software functional unit and as independent product sale or
In use, can be stored in a computer read/write memory medium.Based on this understanding, the present invention realizes above-mentioned implementation
All or part of flow in example method, can also instruct relevant hardware to complete, the meter by computer program
Calculation machine program can be stored in a computer readable storage medium, the computer program when being executed by processor, it can be achieved that on
The step of stating each embodiment of the method.Wherein, the computer program includes computer program code, the computer program generation
Code can be source code form, object identification code form, executable file or certain intermediate forms etc..The computer-readable medium
May include:Any entity or device, recording medium, USB flash disk, mobile hard disk, magnetic of the computer program code can be carried
Dish, CD, computer storage, read-only memory (ROM, Read-Only Memory), random access memory (RAM,
Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that described
The content that computer-readable medium includes can carry out increasing appropriate according to legislation in jurisdiction and the requirement of patent practice
Subtract, such as in certain jurisdictions, according to legislation and patent practice, computer-readable medium does not include electric carrier signal and electricity
Believe signal.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although with reference to aforementioned reality
Applying example, invention is explained in detail, it will be understood by those of ordinary skill in the art that:It still can be to aforementioned each
Technical solution recorded in embodiment is modified or equivalent replacement of some of the technical features;And these are changed
Or replace, the spirit and scope for various embodiments of the present invention technical solution that it does not separate the essence of the corresponding technical solution should all
It is included within protection scope of the present invention.
Claims (10)
1. a kind of system detecting method, which is characterized in that including:
On the target system after electricity, the full content of the program space current in the goal systems and data space is read;
Verification operation is carried out to the content of reading, obtains the current check value of the goal systems;
Judge whether the current check value and preset benchmark check value are identical;
The integrality of the goal systems is judged according to the relationship of the current check value and the benchmark check value.
2. system according to claim 1 detection method, which is characterized in that the default process packet of the benchmark check value
It includes:
Obtain the total capacity of the total capacity and the data space in the described program space in the goal systems;
Specified program is downloaded in described program space, and obtains the occupied capacity of described program;
Specified data is downloaded in the data space, and obtains the occupied capacity of the data;
According to the residual capacity of the total capacity in described program space and described program occupied calculation of capacity described program space;
According to the residual capacity of data space described in the total capacity of the data space and the occupied calculation of capacity of the data;
The residual capacity of the residual capacity in described program space and the data space is filled up using preset filling content;
Read the full content of described program space and the data space;
Verification operation is carried out to the content of reading, obtains the benchmark check value.
3. system according to claim 1 detection method, which is characterized in that it is described according to the current check value with it is described
The relationship of benchmark check value judges the integrality of the goal systems, specifically includes:
If the current check value is identical as the benchmark check value, judge that the system integrity of the goal systems is kept just
Often;
After the system integrity for judging the goal systems keeps normal, the method further includes:
The access rights of key procedure and critical data are opened to the goal systems.
4. system detecting method according to claim 3, which is characterized in that the key procedure and critical data pass through such as
Under type obtains:
Obtain the complete routine and partial data needed for the normal operation of the goal systems;
The key procedure is extracted from the complete routine;
The critical data is extracted from the partial data.
5. system detecting method according to any one of claim 1 to 4, which is characterized in that described according to described current
The relationship of check value and the benchmark check value judges the integrality of the goal systems, specifically includes:
If the current check value is different from the benchmark check value, judge the system integrity of the goal systems by broken
It is bad;
After judging that the system integrity of the goal systems is destroyed, the method further includes:
Activation system security alarm;
Limit the software and/or hardware capability of the goal systems.
6. a kind of system detecting device, which is characterized in that including:
Data read module reads the program space current in the goal systems and number after electricity on the target system
According to the full content in space;
Data check module carries out verification operation for the content to reading, obtains the current verification of the goal systems
Value;
Check value judgment module, for judging whether the current check value and preset benchmark check value are identical;
Integrality judgment module, for judging the target system according to the relationship of the current check value and the benchmark check value
The integrality of system.
7. system detecting device according to claim 6, which is characterized in that further include:
Total capacity acquisition module, the total capacity for obtaining the described program space in the goal systems and the data space
Total capacity;
Program capacity acquisition module for the program specified to be downloaded in described program space, and obtains shared by described program
Capacity;
Data capacity acquisition module for specified data to be downloaded in the data space, and obtains shared by the data
Capacity;
Program space residual capacity computing module, for the occupied appearance of total capacity and described program according to described program space
Amount calculates the residual capacity in described program space;
Data space residual capacity computing module, for the total capacity and the occupied appearance of the data according to the data space
Amount calculates the residual capacity of the data space;
Residual capacity fills module, for using preset filling content by the residual capacity in described program space and the data
The residual capacity in space is filled up;
Primary data read module, the full content for reading described program space and the data space;
Benchmark correction verification module carries out verification operation for the content to reading, obtains the benchmark check value.
8. system detecting device according to claim 6, which is characterized in that further include:
Complete information acquisition module, for obtaining complete routine and partial data needed for the normal operation of the goal systems;
Key procedure abstraction module, for extracting the key procedure from the complete routine;
Critical data abstraction module, for extracting the critical data from the partial data.
9. a kind of system detectio terminal device, including memory, processor and it is stored in the memory and can be described
The computer program run on processor, which is characterized in that the processor realizes such as right when executing the computer program
It is required that the step of system detecting method described in any one of 1 to 5.
10. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, feature to exist
In realizing the system detecting method as described in any one of claim 1 to 5 when the computer program is executed by processor
Step.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810159024.XA CN108446560A (en) | 2018-02-26 | 2018-02-26 | A kind of system detecting method, device, terminal device and readable storage medium storing program for executing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810159024.XA CN108446560A (en) | 2018-02-26 | 2018-02-26 | A kind of system detecting method, device, terminal device and readable storage medium storing program for executing |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108446560A true CN108446560A (en) | 2018-08-24 |
Family
ID=63193056
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810159024.XA Pending CN108446560A (en) | 2018-02-26 | 2018-02-26 | A kind of system detecting method, device, terminal device and readable storage medium storing program for executing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108446560A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111464267A (en) * | 2020-04-29 | 2020-07-28 | 卓尔智联(武汉)研究院有限公司 | Communication data checking method and device, computer equipment and storage medium |
CN113468008A (en) * | 2021-07-13 | 2021-10-01 | 深圳市越疆科技有限公司 | Detection method, device and equipment of safety controller and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102968595A (en) * | 2012-12-20 | 2013-03-13 | 曙光云计算技术有限公司 | Method and device for protecting virtual machine system |
CN103593617A (en) * | 2013-10-27 | 2014-02-19 | 西安电子科技大学 | Software integrity verifying system and method based on VMM (virtual machine monitor) |
CN104243457A (en) * | 2014-08-29 | 2014-12-24 | 上海斐讯数据通信技术有限公司 | Credibility measuring method and system for mobile terminal |
CN106886473A (en) * | 2017-04-24 | 2017-06-23 | 郑州云海信息技术有限公司 | A kind of startup method of server, device and server |
CN106951785A (en) * | 2017-03-15 | 2017-07-14 | 湖南文盾信息技术有限公司 | A kind of JAVA virtual machine and trust chain extension method therein |
CN107403098A (en) * | 2017-06-13 | 2017-11-28 | 北京溢思得瑞智能科技研究院有限公司 | The active safety means of defence and credible industrial control computer of credible industrial control computer startup stage |
-
2018
- 2018-02-26 CN CN201810159024.XA patent/CN108446560A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102968595A (en) * | 2012-12-20 | 2013-03-13 | 曙光云计算技术有限公司 | Method and device for protecting virtual machine system |
CN103593617A (en) * | 2013-10-27 | 2014-02-19 | 西安电子科技大学 | Software integrity verifying system and method based on VMM (virtual machine monitor) |
CN104243457A (en) * | 2014-08-29 | 2014-12-24 | 上海斐讯数据通信技术有限公司 | Credibility measuring method and system for mobile terminal |
CN106951785A (en) * | 2017-03-15 | 2017-07-14 | 湖南文盾信息技术有限公司 | A kind of JAVA virtual machine and trust chain extension method therein |
CN106886473A (en) * | 2017-04-24 | 2017-06-23 | 郑州云海信息技术有限公司 | A kind of startup method of server, device and server |
CN107403098A (en) * | 2017-06-13 | 2017-11-28 | 北京溢思得瑞智能科技研究院有限公司 | The active safety means of defence and credible industrial control computer of credible industrial control computer startup stage |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111464267A (en) * | 2020-04-29 | 2020-07-28 | 卓尔智联(武汉)研究院有限公司 | Communication data checking method and device, computer equipment and storage medium |
CN111464267B (en) * | 2020-04-29 | 2021-06-15 | 卓尔智联(武汉)研究院有限公司 | Communication data checking method and device, computer equipment and storage medium |
CN113468008A (en) * | 2021-07-13 | 2021-10-01 | 深圳市越疆科技有限公司 | Detection method, device and equipment of safety controller and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103888444B (en) | A kind of safe distribution of electric power authentication device and its method | |
CN103198347B (en) | Safety equipment tamperproof circuit | |
CN103559435B (en) | The debugging port controlling method and apparatus of terminal device | |
CN107463838A (en) | Method for safety monitoring, device, system and storage medium based on SGX | |
CN108365950A (en) | The generation method and device of financial self-service equipment key | |
CN104486075A (en) | Intelligent substation ICD model file digital signature verification method | |
CN108229144A (en) | A kind of verification method of application program, terminal device and storage medium | |
CN108446560A (en) | A kind of system detecting method, device, terminal device and readable storage medium storing program for executing | |
CN111740838A (en) | Trusted uplink method and system for block chain data | |
CN101047701B (en) | System and method for ensuring safety operation of applied program | |
CN110247897A (en) | A kind of system login method, equipment, gateway and computer readable storage medium | |
CN106548065A (en) | Application program installs detection method and device | |
KR20140048094A (en) | Method for programming a mobile terminal chip | |
CN102662871B (en) | A kind of virtual disk integrity protection system and method based on credible password module | |
CN102571326B (en) | The method for testing security of differentiated control mode key management system | |
CN109299944A (en) | Data ciphering method, system and terminal in a kind of process of exchange | |
CN105577705A (en) | Safety protection method and system for IEC60870-5-104 protocol | |
CN108965315A (en) | A kind of authentic authentication method of terminal device, device and terminal device | |
CN112035831A (en) | Data processing method, device, server and storage medium | |
CN106093833B (en) | Take the function of initializing test method and system of control electric energy meter | |
CN109768853A (en) | A kind of key component verification method, device and terminal device | |
CN108830114A (en) | The data processing method and device, storage medium of nonvolatile memory | |
EP4109313A1 (en) | Computer-implemented method and system for checking data anonymization | |
CN102970145B (en) | Signature method and device | |
CN107368337A (en) | Using method for down loading, device and terminal device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180824 |
|
RJ01 | Rejection of invention patent application after publication |