CN112149123A - Safety inspection system and method for application program - Google Patents
Safety inspection system and method for application program Download PDFInfo
- Publication number
- CN112149123A CN112149123A CN202011052592.3A CN202011052592A CN112149123A CN 112149123 A CN112149123 A CN 112149123A CN 202011052592 A CN202011052592 A CN 202011052592A CN 112149123 A CN112149123 A CN 112149123A
- Authority
- CN
- China
- Prior art keywords
- inspection
- application program
- security
- item
- check
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a system and a method for security check of an application program, which relate to the technical field of network information security and comprise the following steps: the task receiving module is used for receiving an inspection task, and the inspection task comprises basic information of at least one application program to be inspected and at least one inspection item related to the application program to be inspected; the program import module imports the checked application program according to the basic information; the inspection knowledge base stores the corresponding relation between each inspection item configured in advance and the corresponding inspection standard; the safety inspection module is used for obtaining a corresponding inspection standard according to the matching of each inspection item in the inspection task and carrying out safety inspection on the application program to be inspected according to the inspection standard; and the record generating module is used for generating the check record corresponding to each check item according to the safety check result corresponding to each check item. The method has the advantages of realizing electronization of the safety inspection process of the application program, reducing the difficulty of law enforcement operation, ensuring the authenticity of inspection records and effectively improving the working efficiency and standardization level of law enforcement.
Description
Technical Field
The invention relates to the technical field of network information security, in particular to a system and a method for security check of an application program.
Background
With the technology development of the present day, mobile terminals have become necessary tools in people's work and life, and various mobile Application APP (Application) software is increasingly widely used. Because data such as user information and the like can be collected and used in the using process of the mobile application APP software, the safety problem of the mobile application APP software also goes into the visual angle of people, and the safety inspection of the mobile application APP software is not slow.
The traditional safety inspection mode needs law enforcement personnel to fill in paper inspection documents, inspection records and the like, and has the problems of low safety inspection efficiency, incapability of ensuring the authenticity of the inspection records, high management difficulty of subsequent inspection records and the like.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a safety inspection system of an application program, which comprises: a security inspection tool, the security inspection tool comprising:
the task receiving module is used for receiving an inspection task, wherein the inspection task comprises basic information of at least one application program to be inspected and at least one inspection item related to the application program to be inspected;
the program importing module is connected with the task receiving module and used for importing the checked application program according to the basic information of the checked application program;
the inspection knowledge base is used for storing the corresponding relation between each inspection item and the corresponding inspection standard which are configured in advance;
the safety inspection module is respectively connected with the task receiving module, the program importing module and the inspection knowledge base, and is used for obtaining the corresponding inspection standard according to the matching of each inspection item in the inspection task and carrying out safety inspection on the application program to be inspected according to the inspection standard;
and the record generating module is connected with the safety inspection module and used for generating the inspection record corresponding to each inspection item according to the safety inspection result corresponding to each inspection item.
Preferably, the safety inspection tool further comprises a task establishing module connected with the task receiving module and used for law enforcement officers to establish the inspection task and send the inspection task to the task receiving module.
Preferably, the system further comprises a system management platform connected with the safety inspection tool and used for law enforcement personnel to establish the inspection task and send the inspection task to the safety inspection tool.
Preferably, the system management platform includes a notification generation module, configured to generate an inspection notification according to the inspection task to notify the inspected unit to which the inspected application belongs.
Preferably, the system management platform includes a data processing module, configured to obtain the inspection record corresponding to each inspection item, and generate an inspection report of the inspected application according to each inspection record.
Preferably, the checking standard comprises a plurality of checking item rule bases;
the security check module comprises:
the key function checking unit is used for matching to obtain a corresponding key function rule base as the checking item rule base when the checking item is the key function checking item, and performing key function checking on the application program to be checked according to the key function rule base; and/or
The malicious program checking unit is used for matching to obtain a corresponding malicious program rule base as the check item rule base when the check item is a malicious program check item, and checking the malicious program of the application program to be checked according to the malicious program rule base; and/or
The third-party software development tool checking unit is used for matching to obtain a corresponding third-party software development tool rule base as the checking item rule base when the checking item is the third-party software development tool checking item, and checking the checked application program by the third-party software development tool rule base; and/or
The program vulnerability checking unit is used for matching to obtain a corresponding program vulnerability rule base as the checking item rule base when the checking item is a program vulnerability checking item, and carrying out program vulnerability checking on the application program to be checked according to the program vulnerability rule base; and/or
And the illegal content checking unit is used for matching to obtain a corresponding illegal content rule base as the checking item rule base when the checking item is an illegal content checking item, and checking illegal content of the application program to be checked according to the illegal content rule base.
Preferably, the check criteria comprise safety behavior criteria, and the check items comprise safety behavior checks;
the security check module comprises:
the violation behavior analysis unit is used for carrying out safety behavior inspection on the behaviors of the inspected application program which collect and use personal information according to the safety behavior standard; and/or
The permission use checking unit is used for checking the safety behavior of the permission acquired by the checked application program according to the safety behavior standard; and/or
And the sensitive behavior analysis unit is used for carrying out security behavior inspection on the sensitive behavior of the inspected application program according to the security behavior standard.
Preferably, the test criteria comprise compliance criteria, and the test terms comprise compliance checks;
the security check module further comprises:
the record information checking unit is used for acquiring record information of the application program to be checked and carrying out compliance check on the record information according to the compliance standard; and/or
The illegal response checking unit is used for acquiring illegal information discovery and response information of the application program to be checked and carrying out compliance check on the illegal information discovery and response information according to the compliance standard; and/or
The privacy policy checking unit is used for acquiring a privacy policy text of the application program to be checked and carrying out compliance check on the content of the privacy policy text according to the compliance standard; and/or
And the safety management checking unit is used for acquiring a safety management system of the checked unit to which the checked application program belongs and performing compliance check on the safety management system according to the compliance standard.
Preferably, the system further comprises a unit-level rule base connected to the security check tool and used for storing the latest check business rule, and the security check tool acquires the latest check business rule before executing the check task to synchronously update the check item rule base.
A security inspection method of an application program is applied to the security inspection system of the application program, and comprises the following steps:
step S1, the security inspection tool receives an inspection task, where the inspection task includes basic information of at least one application under inspection and at least one inspection item associated with the application under inspection;
step S2, the safety inspection tool imports the application program to be inspected according to the basic information of the application program to be inspected;
step S3, the security inspection tool matches each inspection item in the inspection task with a pre-configured corresponding relationship between each inspection item and a corresponding inspection standard to obtain a corresponding inspection standard, and performs security inspection on the inspected application program according to the inspection standard;
step S4, the security check tool generates a check record corresponding to each check item according to the security check result corresponding to each check item.
The technical scheme has the following advantages or beneficial effects: the safety inspection process electronization of the application program is realized, the inquiry management and the data tracing of subsequent inspection records are facilitated, the law enforcement operation difficulty is reduced, the authenticity of the inspection records is guaranteed, and meanwhile the law enforcement work efficiency and the standardization level are effectively improved.
Drawings
FIG. 1 is a schematic diagram of a security check system for an application according to a preferred embodiment of the present invention;
FIG. 2 is a schematic diagram of a security inspection tool according to a preferred embodiment of the present invention;
FIG. 3 is a flowchart illustrating a security check method for an application according to a preferred embodiment of the present invention.
Detailed Description
The invention is described in detail below with reference to the figures and specific embodiments. The present invention is not limited to the embodiment, and other embodiments may be included in the scope of the present invention as long as the gist of the present invention is satisfied.
In accordance with the above-mentioned problems occurring in the prior art, there is provided a security check system for an application program, as shown in fig. 1, comprising: a security inspection tool 1, said security inspection tool 1 comprising:
the task receiving module 11 is configured to receive an inspection task, where the inspection task includes basic information of at least one application program to be inspected and at least one inspection item associated with the application program to be inspected;
a program importing module 12 connected to the task receiving module 11 for importing the application program to be checked according to the basic information of the application program to be checked;
the inspection knowledge base 13 is used for storing the corresponding relationship between each inspection item and the corresponding inspection standard which are configured in advance;
the safety inspection module 14 is respectively connected with the task receiving module 11, the program importing module 12 and the inspection knowledge base 13, and is used for obtaining corresponding inspection standards according to matching of all inspection items in the inspection tasks and carrying out safety inspection on the application programs to be inspected according to the inspection standards;
and the record generating module 15 is connected to the security check module 14 and is configured to generate a check record corresponding to each check item according to the security check result corresponding to each check item.
Specifically, in this embodiment, the security inspection tool is applied to a network security department to perform security inspection work on an application, and the target inspection type of the application covers an Android version and an iOS version. The task receiving module 11 may be a human-computer interaction interface, through which law enforcement officers receive inspection tasks, which may include basic information and inspection items of the application to be inspected, and may also include inspection contents and inspection time, and so on, to perform subsequent security inspection work. The inspection knowledge base 13 preferably encapsulates inspection standards for the application security inspection work, which include, but are not limited to, implementation experience, expert knowledge, and analysis models of the application security inspection work, so that inspection contents and inspection records of the security inspection tool can be analyzed according to the knowledge, models, and rules of the inspection knowledge base 13, and an inspection method, an inspection result determination basis, tool inspection result analysis, risk prompt of non-conforming items, and the like are provided for the application security inspection work. When the application program to be checked is subjected to security check, the corresponding check standard in the check knowledge base 13 can be called according to the check item contained in the check task to perform security check, and a corresponding check record is generated after the check of each check item is completed, wherein the check record can include the name of the unit to be checked to which the application program to be checked belongs, the check time, the check place, the signature information of the police officer, the signature information of the unit person to be checked, the check result information of the check item, and the like, so that the electronic application program security check is realized, and the subsequent data query and data tracing are facilitated. As a preferred embodiment, the detection record may further include photographing and shooting of evidence files, recording of evidence audio, and storing of evidence related files; law enforcement officers can manage and operate the files related to the evidence through the safety inspection tool 1, wherein the management operations comprise importing, exporting, deleting, uploading and the like; the security inspection tool 1 also provides the function of a law enforcement officer confirming the record and entering an electronic signature.
As a preferred embodiment, the security inspection tool 1 may be deployed in a local portable device, as shown in fig. 2, the security inspection tool 1 further provides a login interface 100, and after logging in the security inspection tool 1 through the login interface, a law enforcement officer may receive an inspection task and perform security inspection on a corresponding application to be inspected according to the inspection task. The security inspection tool can be deployed at the cloud, and law enforcement personnel can remotely access the security inspection tool at the cloud through a network, such as login in a B/S mode, so as to obtain an inspection task and perform security inspection on a corresponding application program to be inspected according to the inspection task. In a preferred embodiment, the security inspection tool 1 further provides an authentication module for authenticating the login information of law enforcement officers to authenticate the identity of users and protect the authentication data from unauthorized reference or modification, and the authentication module may be a two-factor authentication.
In a preferred embodiment, the application under inspection may be manually and individually imported or may be imported in batches, or may be automatically imported according to a pre-configured storage path of the application under inspection.
As a preferred embodiment, the security inspection tool 1 may further provide a security audit module 101, which is used to generate an audit record according to the upgrade operations of the inspection knowledge base and the security inspection tool, the printing events of the paperwork such as the on-site law enforcement inspection record result and feedback opinion, the events such as the login and logout of law enforcement personnel, the data import and export, and the like, and ensure that only authorized users can read and backup the audit record.
In a preferred embodiment, the security inspection tool 1 encrypts and decrypts the inspection data using a cryptographic algorithm of a domestic product approved by the national commerce. Domestic commercial password product should be portable, and separately deposit with the safety inspection instrument, only can be connected with the safety inspection instrument when using the safety inspection instrument to adopt the following mode to strengthen data security: the program area and the data area are physically isolated, the data in the program area is unreadable and unwritable, and the data area only allows a tool system to write in; the service data generated from the tool, including but not limited to inspection result data, reports, flow data, log data, etc., should be encrypted by using the country code algorithm and then stored.
In a preferred embodiment, the security inspection tool 1 may further provide a trace removal module 102 for irretrievably removing the business data generated during the security inspection.
In a preferred embodiment, the security inspection tool 1 may further provide a state recovery module 103 for recovering the security inspection tool to a factory state.
In the preferred embodiment of the present invention, the security inspection tool 1 further comprises a task establishing module 16 connected to the task receiving module 11 for law enforcement personnel to establish and send the inspection task to the task receiving module 11.
Specifically, in the present embodiment, the law enforcement officer can set up an inspection task by himself according to the inspection requirement through the task setting module 16 provided by the security inspection tool 1. In a preferred embodiment, the security inspection tool 1 stores a pre-generated inspection item set, the inspection item set includes a plurality of inspection items, and law enforcement officers can extract the inspection items from the inspection item set according to inspection requirements to generate inspection tasks. In a preferred embodiment, the task establishing module 16 may further connect with the inspection knowledge base 13, so that law enforcement officers can call inspection standards in the inspection knowledge base 13 to customize inspection evaluation contents, so as to complete the rapid integration of inspection contents of the special inspection tasks.
In a preferred embodiment of the present invention, the system further comprises a system management platform 2 connected to the safety inspection tool 1, for the law enforcement officer to establish an inspection task and issue the inspection task to the safety inspection tool 1.
Specifically, in this embodiment, the law enforcement officer may implement remote establishment and delivery of the inspection task through the system management platform 2, and further specifically, the system management platform 2 may enable the law enforcement officer to make an inspection plan, and the inspection plan content package may include the name of the application to be inspected, the name of the inspection plan, the content of the inspection object, the start and end time of the inspection plan, and the like. After the examination plan is formulated, law enforcement officers can also perform operations such as query and modification of the examination plan through the system management platform 2. After determining the inspection plan, the system management platform 2 may generate a corresponding inspection task according to the inspection plan and issue the inspection task to the safety inspection tool 1. The safety inspection tool 1 also provides a login interface, and after the law enforcement officer logs in the safety inspection tool 1 through the login interface, the law enforcement officer can obtain the inspection task issued by the system management platform 2.
In a preferred embodiment of the present invention, the system management platform 2 comprises a notification generation module 21, configured to generate an inspection notification according to the inspection task to notify the inspected unit of the inspected application.
Specifically, in this embodiment, the system management platform 2 may also generate a corresponding inspection notice and notify the inspected unit while the inspection task is issued, so as to implement electronic transmission of the inspection notice.
In the preferred embodiment of the present invention, the system management platform 2 includes a data processing module 22, configured to obtain the inspection record corresponding to each inspection item, and generate the inspection report of the inspected application according to each inspection record.
Specifically, in the present embodiment, the system management platform 2 generates an overall inspection report by summarizing and counting the inspection records of each inspection item, and as a preferred embodiment, the inspection report may be encrypted by using a cryptographic product of a domestic product approved by the national commerce to ensure confidentiality of the inspection data in the inspection report. In a preferred embodiment, when the inspection report indicates that the inspected application has serious problems and needs to be penalized, law enforcement officers can issue a penalty ticket to the inspected unit to which the inspected application belongs through the system management platform 2. In a preferred embodiment, the data transmission between the security inspection tool and the system management platform is encrypted by using a cryptographic algorithm approved by national commerce and security.
In the preferred embodiment of the present invention, the inspection criteria includes a plurality of rule bases of inspection items;
the security check module 14 includes:
the key function checking unit 141a is configured to, when the check item is a key function check item, match the key function rule base to obtain a corresponding key function rule base as a check item rule base, and perform key function check on the application program to be checked according to the key function rule base; and/or
The malicious program checking unit 142a is configured to, when the check item is a malicious program check item, match the corresponding malicious program rule base to obtain a check item rule base, and perform malicious program checking on the application program to be checked according to the malicious program rule base; and/or
The third-party software development tool checking unit 143a is configured to, when the check item is a third-party software development tool check item, match to obtain a corresponding third-party software development tool rule base as a check item rule base, and perform third-party software development tool checking on the application program to be checked according to the third-party software development tool rule base; and/or
The program vulnerability checking unit 144a is configured to, when the checking item is a program vulnerability checking item, match the corresponding program vulnerability rule base to obtain a checking item rule base, and perform program vulnerability checking on the application program to be checked according to the program vulnerability rule base; and/or
And the illegal content checking unit 145a is used for matching to obtain a corresponding illegal content rule base as a checking item rule base when the checking item is an illegal content checking item, and checking the illegal content of the checked application program according to the illegal content rule base.
Specifically, in the present embodiment, the check item rule base includes, but is not limited to, a key function rule base, a malicious program rule base, a third-party software development tool rule base, a program vulnerability rule base, and a illegal content rule base.
The inspection objects of the above key function inspection include, but are not limited to, short video, instant messaging, network payment, live broadcast, financial loan, network game, VPN, and other key functions.
The above-mentioned objects of malicious program inspection include, but are not limited to, malicious fee deduction, privacy theft, remote control, malicious propagation, fee consumption, system destruction, fraud luring, rogue behavior and other malicious behaviors.
The third-party software development tool inspection comprises the steps of analyzing and judging the third-party software development tool package plug-in and software development tool package behaviors, and the inspection objects comprise but are not limited to third-party software development tool information, including software development tool names, software development tool version numbers, software development tool providers and software development tool detailed introduction information or link addresses; identifying suspicious software development tools according to a malicious software development tool library; performing behavior analysis on software development tools outside of the malware development tool library, including: sending personal information to a third party, sending the personal information to an overseas server, acquiring the personal information, acquiring frequency and security loopholes or Trojan programs; the application of the software development tool can be used for collecting the personal information related authority list.
The inspection objects of the program vulnerability inspection include, but are not limited to: 1) and (4) program file security: the method comprises the following steps of identifying a reinforced shell, decompiling risks, tampering and secondary packaging risks of Java codes, vulnerability of a Janus signature mechanism, unverified risks of application signatures, undistorted risks of codes, application risks issued by using debugging certificates, risks of only using Java codes, risks of starting hidden services, unsafe risks of application signature algorithms and the like; 2) and (4) data storage security: webview plaintext password storage risk, Webview File homologous strategy bypass vulnerability, plaintext digital certificate risk, database injection vulnerability, SA encryption algorithm insecure use vulnerability, key hard coding vulnerability, dynamic debugging attack risk, Webview remote debugging risk, application data random backup risk, FFmpeg File reading vulnerability, debugging log function call risk, AES/DES encryption method insecure use vulnerability, RSA encryption algorithm insecure use vulnerability, Java layer dynamic debugging risk and the like; 3) communication data transmission security: plaintext transmission data risk, HTTPS unverified server certificate vulnerability, HTTPS unverified hostname vulnerability, HTTPS allowed arbitrary hostname vulnerability and the like; 4) and identity authentication is safe: interface hijacking risk, input monitoring risk, screen capture attack risk and the like; 5) internal data interaction security: content Provider data leakage vulnerability, Intent Scheme URL attack vulnerability, Fragment injection attack vulnerability, Activity component export risk, Service component export risk, Broadcast Receiver component export risk, Content Provider component export risk, local port open override vulnerability, Intent component implicit invocation risk and the like; 6) malicious attack prevention capability: the method comprises the following steps of dynamically injecting attack risks, Webview remote code execution vulnerabilities, Webview system hidden interface vulnerabilities without risk removal, zip file decompression directory traversal vulnerabilities, WebSQL injection vulnerabilities, InnerHTML XSS attack vulnerabilities, downloading any apk vulnerabilities and the like.
The above-mentioned examination object for illegal content inspection includes but is not limited to identifying illegal violation conditions such as yellow-related, toxic, gambling, violence, and political affairs; aiming at illegal contents, the method has the function of automatically storing fixed evidences such as screenshots or analysis results.
In a preferred embodiment of the present invention, the inspection criteria comprises security behavior criteria, and the inspection items comprise security behavior inspections;
the security check module 14 includes:
the violation behavior analysis unit 141b is used for performing security behavior check on behaviors collected and used by the application program to be checked according to the security behavior standard; and/or
The permission use checking unit 142b is used for performing security behavior checking on the permission acquired by the checked application program according to the security behavior standard; and/or
And the sensitive behavior analysis unit 143b is configured to perform security behavior check on the sensitive behavior of the application program to be checked according to the security behavior standard.
Specifically, in the present embodiment, the violation analysis unit 141b performs violation detection on the behaviors of the application under inspection that collects and uses personal information, including but not limited to starting to collect personal information without user's consent; personal information is not collected according to minimization, and the type of the collected personal information or the opened collectable personal information authority is irrelevant to the existing business function; the actual collected personal information or the opened collectible personal information authority is not consistent with the range of the privacy policy description; actually collected personal information or opened collectable personal information authority exceeds the user authorization range; when the application program is installed, the authorization of a user is forced, and the situation that the application program cannot be installed is not agreed; the application program enforces the request permission, and exits from running when a certain permission is refused; the frequency at which personal information is collected (which should be the lowest frequency necessary to achieve the business function of the product or service); when the user does not use the related functions or services, applying for opening the system authority in advance; the application program directly provides personal information to a third party (including a third party code embedded through a client, a plug-in and the like) without the consent of the user or anonymization processing.
The content of the above-mentioned permission usage checking unit 142b for performing security behavior check on the permission acquired by the checked application includes, but is not limited to, that the permission item declared by the application is beyond the minimum range required by the service of the application; the authority item in the actual operation of the application program exceeds the declared authority range; the rights have been opened without user consent; forcing a user to agree at one time to open a plurality of rights that can collect personal information; the set authority state is changed without the consent of the user; frequency of claim rights.
The sensitive behavior analysis unit 143b checks the sensitive behavior of the application under inspection, including but not limited to the exit of the application or the continuous collection of personal information and frequency of use when running in the background; modifying the right declaration file in the running process of the application program; obtaining equipment information such as an installed application list, IP information, MAC address and the like without the consent of a user; information (including IP address, port and other information) of an overseas server accessed in the running process of the application program; sending personal information to an overseas server in the running process of the application program; and transmitting the personal information in a clear text manner in the running process of the application program.
In a preferred embodiment of the invention, the test criteria comprises compliance criteria, and the test terms further comprise a compliance check;
the security check module 14 further comprises:
a filing information checking unit 141c, configured to obtain filing information of the application program to be checked, and perform compliance check on the filing information according to compliance standards; and/or
The illegal response checking unit 142c is configured to obtain illegal information discovery and response information of the application program to be checked, and perform compliance check on the illegal information discovery and response information according to compliance standards; and/or
The privacy policy checking unit 143c is configured to obtain a privacy policy text of the application program to be checked, and perform compliance checking on the content of the privacy policy text according to a compliance standard; and/or
The security management checking unit 144c is configured to obtain a security management system of the checked unit to which the checked application belongs, and perform compliance checking on the security management system according to the compliance standard.
Specifically, in this embodiment, the content of the check performed by the filing information checking unit 141c according to the compliance standard on the filing information includes the filing state of the application program and the specific filing information, where the filing information includes basic information of the enterprise unit (unit property, organization code, unit name, unified social credit code, registered address, etc.), corporate information (corporate name, identity number, mobile phone number, mailbox, etc.), contact information (contact name, identity number, mobile phone number, mailbox, etc.), and it should be ensured that the filing information is consistent with the actual situation. In a preferred embodiment, the compliance standard corresponding to the compliance check of the docket information may be provided by a pre-configured application docket information library.
The illegal response checking unit 142c checks the compliance of the illegal information discovery and response information, including but not limited to whether it has the capability of checking illegal keywords of text information issued or transmitted by the user; whether the capability of carrying out illegal content inspection on picture information and audio/video information issued or transmitted by a user is provided; whether the capability of shielding or blocking the content of illegal information issued or transmitted by the user is provided; whether the response time of the application operating unit is less than 5 minutes since the discovery or the reception of the notification.
The content of the privacy policy text is checked for compliance by the privacy policy checking unit 143c, which includes but is not limited to whether there is a privacy policy in the application, and whether the privacy policy includes rules for collecting and using personal information; whether or not the purpose, manner and scope of collecting and using the personal information are explicitly indicated; whether the purpose, manner, scope, etc. of using personal information is collected by the application (including trusted third party or embedded third party code, plug-in) is listed one by one; whether the purpose, mode and range of collecting and using the personal information are changed or not is indicated, and the mode is notified to the user; whether to publish personal information safety complaints and reporting channels; whether to explicitly collect a service function using personal information; whether the type of the personal information collected by each service function is explicitly indicated; whether the type of personal sensitive information is significantly identified; whether all system permissions capable of collecting personal information applied by the application program are explicitly indicated; whether the personal information relates to an outbound situation; whether to provide a way to revoke consent to collect personal information.
The checking content of the safety management checking unit 144c for checking the compliance of the safety management system includes, but is not limited to, the application development safety management system; a data security management system; a complaint reporting system of the user; illegal harmful information prevention and treatment system; a machine room management system; operating rules of equipment in the machine room; a safety duty person system; an emergency management system; a law enforcement assistance system; working scenario during major network security.
In a preferred embodiment, after the safety inspection tool performs compliance assessment according to the compliance standard, a law enforcement inspection template is further provided, the law enforcement inspection template comprises law enforcement inspection emphasis, inspection methods and terms in laws and regulations corresponding to non-compliant terms of the application program, and an application program safety analysis assessment report is generated according to the law enforcement inspection template so as to record compliance inspection results through the law enforcement inspection template.
In the preferred embodiment of the present invention, the system further comprises a part level rule base 3 connected to the security inspection tool 1 for storing the latest inspection business rule, and the security inspection tool 1 acquires the latest inspection business rule before executing the inspection task to synchronously update the inspection item rule base.
As shown in fig. 3, the security inspection method applied to the security inspection system of the application program includes:
step S1, the security inspection tool receives an inspection task, where the inspection task includes basic information of at least one application to be inspected and at least one inspection item associated with the application to be inspected;
step S2, the safety check tool imports the application program to be checked according to the basic information of the application program to be checked;
step S3, the safety inspection tool matches each inspection item in the inspection task in the corresponding relationship between each inspection item and the corresponding inspection standard, and obtains the corresponding inspection standard, and carries out safety inspection on the application program to be inspected according to the inspection standard;
in step S4, the security check tool generates a check record corresponding to each check item according to the security check result corresponding to each check item.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention.
Claims (10)
1. A security check system for an application, comprising: a security inspection tool, the security inspection tool comprising:
the task receiving module is used for receiving an inspection task, wherein the inspection task comprises basic information of at least one application program to be inspected and at least one inspection item related to the application program to be inspected;
the program importing module is connected with the task receiving module and used for importing the checked application program according to the basic information of the checked application program;
the inspection knowledge base is used for storing the corresponding relation between each inspection item and the corresponding inspection standard which are configured in advance;
the safety inspection module is respectively connected with the task receiving module, the program importing module and the inspection knowledge base, and is used for obtaining the corresponding inspection standard according to the matching of each inspection item in the inspection task and carrying out safety inspection on the application program to be inspected according to the inspection standard;
and the record generating module is connected with the safety inspection module and used for generating the inspection record corresponding to each inspection item according to the safety inspection result corresponding to each inspection item.
2. The system of claim 1, wherein the security inspection tool further comprises a task establishment module connected to the task reception module for law enforcement personnel to establish the inspection task and send the inspection task to the task reception module.
3. The system for security inspection of an application according to claim 1, further comprising a system management platform connected to the security inspection tool for law enforcement personnel to establish the inspection task and issue the inspection task to the security inspection tool.
4. The system for security inspection of an application program according to claim 3, wherein the system management platform comprises a notification generation module for generating an inspection notification to notify the inspected unit of the inspected application program according to the inspection task.
5. The system for security inspection of an application program according to claim 3, wherein the system management platform comprises a data processing module, configured to obtain the inspection records corresponding to the inspection items, and generate the inspection report of the inspected application program according to the inspection records.
6. The system of claim 1, wherein the inspection criteria comprises a plurality of rule bases of inspection items;
the security check module comprises:
the key function checking unit is used for matching to obtain a corresponding key function rule base as the checking item rule base when the checking item is the key function checking item, and performing key function checking on the application program to be checked according to the key function rule base; and/or
The malicious program checking unit is used for matching to obtain a corresponding malicious program rule base as the check item rule base when the check item is a malicious program check item, and checking the malicious program of the application program to be checked according to the malicious program rule base; and/or
The third-party software development tool checking unit is used for matching to obtain a corresponding third-party software development tool rule base as the checking item rule base when the checking item is the third-party software development tool checking item, and checking the checked application program by the third-party software development tool rule base; and/or
The program vulnerability checking unit is used for matching to obtain a corresponding program vulnerability rule base as the checking item rule base when the checking item is a program vulnerability checking item, and carrying out program vulnerability checking on the application program to be checked according to the program vulnerability rule base; and/or
And the illegal content checking unit is used for matching to obtain a corresponding illegal content rule base as the checking item rule base when the checking item is an illegal content checking item, and checking illegal content of the application program to be checked according to the illegal content rule base.
7. The system of claim 1, wherein the inspection criteria comprises security behavior criteria, and the inspection items comprise security behavior checks;
the security check module comprises:
the violation behavior analysis unit is used for carrying out safety behavior inspection on the behaviors of the inspected application program which collect and use personal information according to the safety behavior standard; and/or
The permission use checking unit is used for checking the safety behavior of the permission acquired by the checked application program according to the safety behavior standard; and/or
And the sensitive behavior analysis unit is used for carrying out security behavior inspection on the sensitive behavior of the inspected application program according to the security behavior standard.
8. The application security check system of claim 1, wherein the check criteria comprises compliance criteria, and the check terms comprise compliance checks;
the security check module further comprises:
the record information checking unit is used for acquiring record information of the application program to be checked and carrying out compliance check on the record information according to the compliance standard; and/or
The illegal response checking unit is used for acquiring illegal information discovery and response information of the application program to be checked and carrying out compliance check on the illegal information discovery and response information according to the compliance standard; and/or
The privacy policy checking unit is used for acquiring a privacy policy text of the application program to be checked and carrying out compliance check on the content of the privacy policy text according to the compliance standard; and/or
And the safety management checking unit is used for acquiring a safety management system of the checked unit to which the checked application program belongs and performing compliance check on the safety management system according to the compliance standard.
9. The application security inspection system of claim 6, further comprising a component rule base coupled to the security inspection tool for storing latest inspection business rules, wherein the security inspection tool obtains the latest inspection business rules before executing the inspection task to synchronously update the inspection item rule base.
10. A security check method for an application program, applied to the security check system for an application program according to any one of claims 1 to 10, the security check method comprising:
step S1, the security inspection tool receives an inspection task, where the inspection task includes basic information of at least one application under inspection and at least one inspection item associated with the application under inspection;
step S2, the safety inspection tool imports the application program to be inspected according to the basic information of the application program to be inspected;
step S3, the security inspection tool matches each inspection item in the inspection task with a pre-configured corresponding relationship between each inspection item and a corresponding inspection standard to obtain a corresponding inspection standard, and performs security inspection on the inspected application program according to the inspection standard;
step S4, the security check tool generates a check record corresponding to each check item according to the security check result corresponding to each check item.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011052592.3A CN112149123B (en) | 2020-09-29 | 2020-09-29 | Safety inspection system and method for application program |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011052592.3A CN112149123B (en) | 2020-09-29 | 2020-09-29 | Safety inspection system and method for application program |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112149123A true CN112149123A (en) | 2020-12-29 |
| CN112149123B CN112149123B (en) | 2023-01-20 |
Family
ID=73894358
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011052592.3A Active CN112149123B (en) | 2020-09-29 | 2020-09-29 | Safety inspection system and method for application program |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112149123B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112529512A (en) * | 2021-01-19 | 2021-03-19 | 江苏积韬科技有限公司 | SaaS-based method and platform for improving safety inspection level of transport enterprise carrier |
| CN112989204A (en) * | 2021-04-14 | 2021-06-18 | 江苏国信安网络科技有限公司 | Mobile phone application tracing analysis method |
| CN113037766A (en) * | 2021-03-23 | 2021-06-25 | 中通服创发科技有限责任公司 | Comprehensive evaluation method for asset safety and health degree under multiple scenes |
| CN113254837A (en) * | 2021-06-17 | 2021-08-13 | 北京智胜新格科技有限公司 | Application program evaluation method, device, system, equipment and medium |
| CN114626022A (en) * | 2022-01-19 | 2022-06-14 | 深圳智游网安科技有限公司 | Method, system and terminal for detecting compliance of application permission |
| CN114676432A (en) * | 2022-05-26 | 2022-06-28 | 河北兰科网络工程集团有限公司 | APP privacy compliance checking method, terminal and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20010018746A1 (en) * | 2000-01-19 | 2001-08-30 | Along Lin | Security policy applied to common data security architecture |
| CN104537308A (en) * | 2015-01-23 | 2015-04-22 | 北京奇虎科技有限公司 | System and method for providing application security auditing function |
| CN105760763A (en) * | 2016-02-18 | 2016-07-13 | 公安部第研究所 | Grade protection check system based on check knowledge base technology and application method of grade protection check system |
| CN106776102A (en) * | 2016-12-27 | 2017-05-31 | 中国建设银行股份有限公司 | A kind of application system health examination method and system |
-
2020
- 2020-09-29 CN CN202011052592.3A patent/CN112149123B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20010018746A1 (en) * | 2000-01-19 | 2001-08-30 | Along Lin | Security policy applied to common data security architecture |
| CN104537308A (en) * | 2015-01-23 | 2015-04-22 | 北京奇虎科技有限公司 | System and method for providing application security auditing function |
| CN105760763A (en) * | 2016-02-18 | 2016-07-13 | 公安部第研究所 | Grade protection check system based on check knowledge base technology and application method of grade protection check system |
| CN106776102A (en) * | 2016-12-27 | 2017-05-31 | 中国建设银行股份有限公司 | A kind of application system health examination method and system |
Non-Patent Citations (2)
| Title |
|---|
| 史有刚: "安全监督检查信息管理系统的研究", 《价值工程》 * |
| 陆臻 等: "云上信息系统安全体系研究", 《信息网络安全》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112529512A (en) * | 2021-01-19 | 2021-03-19 | 江苏积韬科技有限公司 | SaaS-based method and platform for improving safety inspection level of transport enterprise carrier |
| CN113037766A (en) * | 2021-03-23 | 2021-06-25 | 中通服创发科技有限责任公司 | Comprehensive evaluation method for asset safety and health degree under multiple scenes |
| CN112989204A (en) * | 2021-04-14 | 2021-06-18 | 江苏国信安网络科技有限公司 | Mobile phone application tracing analysis method |
| CN113254837A (en) * | 2021-06-17 | 2021-08-13 | 北京智胜新格科技有限公司 | Application program evaluation method, device, system, equipment and medium |
| CN114626022A (en) * | 2022-01-19 | 2022-06-14 | 深圳智游网安科技有限公司 | Method, system and terminal for detecting compliance of application permission |
| CN114676432A (en) * | 2022-05-26 | 2022-06-28 | 河北兰科网络工程集团有限公司 | APP privacy compliance checking method, terminal and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112149123B (en) | 2023-01-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112149123B (en) | Safety inspection system and method for application program | |
| Cohen | Information system attacks: A preliminary classification scheme | |
| CN112217835B (en) | Message data processing method and device, server and terminal equipment | |
| CN113177205B (en) | Malicious application detection system and method | |
| JP2022037896A (en) | Automation method for responding to threat | |
| CN109309645A (en) | A kind of software distribution security guard method | |
| Abdullah et al. | Android mobile applications vulnerabilities and prevention methods: A review | |
| Sikder et al. | A survey on android security: development and deployment hindrance and best practices | |
| Aboelfotoh et al. | A review of cyber-security measuring and assessment methods for modern enterprises | |
| Falade et al. | Vulnerability analysis of digital banks' mobile applications | |
| CN108694329B (en) | Mobile intelligent terminal security event credible recording system and method based on combination of software and hardware | |
| CN114218194A (en) | Data bank safety system | |
| Jawad et al. | Intelligent Cybersecurity Threat Management in Modern Information Technologies Systems | |
| Sharma et al. | Smartphone security and forensic analysis | |
| Zeybek et al. | A study on security awareness in mobile devices | |
| Becher | Security of smartphones at the dawn of their ubiquitousness | |
| CN108600178A (en) | A kind of method for protecting and system, reference platform of collage-credit data | |
| Cho et al. | User credential cloning attacks in android applications: exploiting automatic login on android apps and mitigating strategies | |
| Qi et al. | A comparative study on the security of cryptocurrency wallets in android system | |
| CN108289073A (en) | APP safety detecting systems based on Android | |
| Phumkaew et al. | Android forensic and security assessment for hospital and stock-and-trade applications in thailand | |
| Brilingaitė et al. | Detection of premeditated security vulnerabilities in mobile applications | |
| Yıldırım et al. | A research on software security vulnerabilities of new generation smart mobile phones | |
| Yakubdjanovna et al. | Analysis of Information Security Problems in Electronic Management with Possible Solutions | |
| Liu | Ethical Hacking of a Smart Video Doorbell |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |