CN112347486A - Code vulnerability examination method and device for realizing privacy protection and readable medium - Google Patents
Code vulnerability examination method and device for realizing privacy protection and readable medium Download PDFInfo
- Publication number
- CN112347486A CN112347486A CN202011366514.0A CN202011366514A CN112347486A CN 112347486 A CN112347486 A CN 112347486A CN 202011366514 A CN202011366514 A CN 202011366514A CN 112347486 A CN112347486 A CN 112347486A
- Authority
- CN
- China
- Prior art keywords
- relation
- vulnerability
- relationship
- target object
- encryption algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 65
- 238000012545 processing Methods 0.000 claims description 15
- OLDXRTOEUPVZKB-UHFFFAOYSA-N B1CCCC1 Chemical compound B1CCCC1 OLDXRTOEUPVZKB-UHFFFAOYSA-N 0.000 claims description 5
- 230000008569 process Effects 0.000 description 17
- 230000006870 function Effects 0.000 description 7
- 238000012552 review Methods 0.000 description 5
- 238000011161 development Methods 0.000 description 4
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 3
- 230000009471 action Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000012938 design process Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002441 reversible effect Effects 0.000 description 2
- 150000003839 salts Chemical class 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Abstract
According to the code vulnerability examination method, the device and the readable medium for realizing privacy protection, provided by the invention, a plurality of objects and object relations of the objects are identified from a source code by acquiring the source code to be examined; for each object identified, performing: finding out an object relation corresponding to the current object according to the identified object relation, and determining the found object relation as a relation map of the current object; determining whether a vulnerability rule set for a current object exists in a pre-constructed vulnerability rule map, if so, executing the vulnerability rule according to the existing vulnerability rule, and determining whether a target object relation meeting the existing vulnerability rule exists in a relation map of the current object; if the target object relationship exists, the target object relationship is indicated to correspond to a vulnerability rule in the vulnerability relationship map, and the target object relationship is further determined to have a vulnerability. The invention can solve the problem of private data leakage.
Description
Technical Field
The invention relates to the technical field of computer software, in particular to a code vulnerability examination method, a device and a readable medium for realizing privacy protection.
Background
With the continuous development of internet technology and computer technology, electronic products have more and more application scenes in life, wherein various functions are realized by presetting application software in the electronic products. When a user uses application software, the user information needs to be registered in the application software, the user information belongs to privacy data, and if the privacy data is utilized by lawbreakers, personal or property safety threats can be brought to the user.
In the early stage of software development, it is usually necessary to review the source code of the application software to correct the wrong software code, and when code reviewers review the code, they mainly review the functions that can be realized by the source code, and the problem of disclosure of private data cannot be prevented.
Disclosure of Invention
The embodiment of the invention provides a code vulnerability examination method, a code vulnerability examination device and a readable medium for realizing privacy protection, which can solve the problem of disclosure of privacy data.
In a first aspect, an embodiment of the present invention provides a code vulnerability examination method for implementing privacy protection, including:
acquiring a source code to be examined;
identifying a plurality of objects from the source code and object relationships among the plurality of objects;
for each object identified, performing:
finding out an object relation corresponding to the current object according to the identified object relation, and determining the found object relation as a relation map of the current object;
determining whether a vulnerability rule set for the current object exists in a pre-constructed vulnerability rule map, and if so, executing the next step;
determining whether a target object relation meeting the existing vulnerability rule exists in the relation map of the current object according to the existing vulnerability rule; if yes, executing the next step;
and determining that the target object relationship has a vulnerability.
Optionally, the current object is a component to be examined;
the existing vulnerability rules include: xml, defining an exported attribute in the Manifest, wherein the exported attribute is explicitly set as true, or the assembly comprises an intent filter;
determining whether a target object relationship meeting the existing vulnerability rule exists in the relationship graph of the current object according to the existing vulnerability rule, wherein the determining comprises the following steps: and whether a target object relationship exists in the relationship graph of the component to be inspected, wherein the target object relationship is used for representing that the exported attribute of the component to be inspected is explicitly set as true, or the target object relationship is used for representing that the component to be inspected comprises an internal filter.
Optionally, the current object is a privacy feature vector;
the existing vulnerability rules include: the plaintext of the privacy feature vector is presented in any storage area in a program file, a configuration file, a log file, a backup file and a database;
determining whether a target object relationship meeting the existing vulnerability rule exists in the relationship graph of the current object according to the existing vulnerability rule, wherein the determining comprises the following steps: and whether a target object relation exists in the relation graph of the privacy feature vector, wherein the target object relation is used for representing that the privacy feature vector plaintext appears in any storage area of a program file, a configuration file, a log file, a backup file and a database.
Optionally, the current object is an encryption algorithm to be examined;
the existing vulnerability rules at least comprise any one of the following rules:
the encrypted data needs to be stored locally and needs to be converted from ciphertext to plaintext, and an encryption algorithm lower than AES128 is used for the encrypted data;
applying the encrypted data to an authentication scene, and adopting an encryption algorithm lower than SHA256 to the encrypted data;
the encrypted data needs to be transmitted across a trust network, and an encryption algorithm lower than RSA2048 is adopted for the encrypted data;
determining whether a target object relationship meeting the existing vulnerability rule exists in the relationship graph of the current object according to the existing vulnerability rule, wherein the determining comprises the following steps: whether a target object relationship exists in the relationship graph of the encryption algorithm to be examined, wherein the target object relationship is used for representing:
the encrypted data encrypted by the encryption algorithm to be checked needs to be stored locally and needs to be converted from ciphertext to plaintext, and the encryption algorithm to be checked is an encryption algorithm lower than AES 128; or the like, or, alternatively,
the encrypted data encrypted by the encryption algorithm to be checked is applied to an authentication scene, and the encryption algorithm to be checked is an encryption algorithm lower than SHA 256; or the like, or, alternatively,
the encrypted data encrypted by the encryption algorithm to be checked needs to be transmitted across the trust network, and the encryption algorithm to be checked is lower than the encryption algorithm RSA 2048.
Alternatively,
the relation graph stores the address information of the object relation in the source code;
after the target object relationship is determined to have a vulnerability, further comprising: and determining address information of the target object relationship from the relationship map, and positioning the target object relationship in the source code according to the determined address information.
Optionally, data belonging to a preset object type is identified from the source code, wherein the object type includes: one or more of int, short, long, byte, char, float, double, and borolan;
judging whether the identified object type to which the data belongs has a link relation with an instantiation object in a heap area, wherein the heap area stores a plurality of instantiation objects corresponding to the class;
if the link relation exists, identifying the instantiation object with the link relation and the identified data as objects, and identifying the existing link relation as an object relation.
In a second aspect, an embodiment of the present invention provides a code vulnerability examination apparatus for implementing privacy protection, including:
the acquisition module is used for acquiring a source code to be examined;
the identification module is used for identifying a plurality of objects from the source code acquired by the acquisition module and the object relations among the objects;
a processing module, configured to, after the identification module identifies a number of objects and object relationships that the number of objects have, perform the following operations:
for each object identified, performing:
finding out an object relation corresponding to the current object according to the identified object relation, and determining the found object relation as a relation map of the current object;
determining whether a vulnerability rule set for the current object exists in a pre-constructed vulnerability rule map, and if so, executing the next step;
determining whether a target object relation meeting the existing vulnerability rule exists in the relation map of the current object according to the existing vulnerability rule; if yes, executing the next step;
and determining that the target object relationship has a vulnerability.
Optionally, when the current object is a component to be inspected, the existing vulnerability rule includes: xml, defining an exported attribute in the Manifest, wherein the exported attribute is explicitly set as tube, or when the assembly comprises an intent filter;
the processing module is used for executing the following operations:
and whether a target object relationship exists in the relationship graph of the component to be inspected, wherein the target object relationship is used for representing that the exported attribute of the component to be inspected is explicitly set as true, or the target object relationship is used for representing that the component to be inspected comprises an internal filter.
Optionally, when the current object is a privacy feature vector, the existing vulnerability rule includes: when the clear text of the privacy feature vector appears in any storage area in a program file, a configuration file, a log file, a backup file and a database;
the processing module is used for executing the following operations:
and whether a target object relation exists in the relation graph of the privacy feature vector, wherein the target object relation is used for representing that the privacy feature vector plaintext appears in any storage area of a program file, a configuration file, a log file, a backup file and a database.
Optionally, when the current object is an encryption algorithm to be examined;
the existing vulnerability rules at least comprise any one of the following rules:
the encrypted data needs to be stored locally and needs to be converted from ciphertext to plaintext, and an encryption algorithm lower than AES128 is used for the encrypted data;
applying the encrypted data to an authentication scene, and adopting an encryption algorithm lower than SHA256 to the encrypted data;
the encrypted data needs to be transmitted across a trust network, and an encryption algorithm lower than RSA2048 is adopted for the encrypted data;
the processing module is used for executing the following operations:
whether a target object relationship exists in the relationship graph of the encryption algorithm to be examined, wherein the target object relationship is used for representing:
the encrypted data encrypted by the encryption algorithm to be checked needs to be stored locally and needs to be converted from ciphertext to plaintext, and the encryption algorithm to be checked is an encryption algorithm lower than AES 128; or the like, or, alternatively,
the encrypted data encrypted by the encryption algorithm to be checked is applied to an authentication scene, and the encryption algorithm to be checked is an encryption algorithm lower than SHA 256; or the like, or, alternatively,
the encrypted data encrypted by the encryption algorithm to be checked needs to be transmitted across the trust network, and the encryption algorithm to be checked is lower than the encryption algorithm RSA 2048.
Optionally, when the relationship graph stores address information of the object relationship in the source code, the method further includes: a positioning module;
the positioning module is configured to, after the processing module determines that the target object relationship has a bug, determine address information of the target object relationship from the relationship map, and position the target object relationship in the source code according to the determined address information.
Optionally, the identifying module is configured to perform the following operations:
identifying data belonging to a preset object type from the source code, wherein the object type comprises: one or more of int, short, long, byte, char, float, double, and borolan;
judging whether the identified object type to which the data belongs has a link relation with an instantiation object in a heap area, wherein the heap area stores a plurality of instantiation objects corresponding to the class;
if the link relation exists, identifying the instantiation object with the link relation and the identified data as objects, and identifying the existing link relation as an object relation.
In a third aspect, an embodiment of the present invention provides a code vulnerability examination apparatus for implementing privacy protection, which is characterized by including: at least one memory and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor is configured to invoke the machine-readable program to perform the method according to the first aspect or any possible implementation manner of the first aspect.
In a fourth aspect, an embodiment of the present invention provides a computer-readable medium, on which computer instructions are stored, and when executed by a processor, the computer instructions cause the processor to perform the method provided by the first aspect or any possible implementation manner of the first aspect.
According to the scheme, the code vulnerability examination method for realizing privacy protection provided by the embodiment of the invention identifies a plurality of objects and object relations of the objects from the acquired source code to be examined by acquiring the source code to be examined; for each object identified, performing: finding out an object relation corresponding to the current object according to the identified object relation, and determining the found object relation as a relation map of the current object, wherein the relation map comprises the current object and each object relation corresponding to the current object; determining whether a vulnerability rule set for a current object exists in a pre-constructed vulnerability rule map, if so, executing the vulnerability rule according to the existing vulnerability rule, and determining whether a target object relation meeting the existing vulnerability rule exists in a relation map of the current object; and if so, executing to determine that the target object relationship has a vulnerability. The invention can solve the problem of private data leakage.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flowchart of a code vulnerability examination method for implementing privacy protection according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a device where a code vulnerability examination apparatus for implementing privacy protection is located according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a code vulnerability examination apparatus for implementing privacy protection according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
Fig. 1 is a flowchart of a code vulnerability examination method for implementing privacy protection according to an embodiment of the present invention. As shown in fig. 1, the method may include the steps of:
step 102, identifying a plurality of objects from a source code and object relations among the plurality of objects;
103, aiming at each identified object, finding out an object relation corresponding to the current object according to the identified object relation, and determining the found object relation as a relation map of the current object;
104, determining whether a vulnerability rule set for a current object exists in a pre-constructed vulnerability rule map, and if so, executing a step 105;
step 105, determining whether a target object relation meeting the existing vulnerability rule exists in the relation graph of the current object according to the existing vulnerability rule; if yes, go to step 106;
and 106, determining that the target object relationship has a vulnerability.
In the embodiment of the invention, a plurality of objects and object relations of the objects are identified from a source code by acquiring the source code to be examined; for each object identified, performing: finding out an object relation corresponding to the current object according to the identified object relation, and determining the found object relation as a relation map of the current object, wherein the relation map comprises the current object and each object relation corresponding to the current object; determining whether a vulnerability rule set for a current object exists in a pre-constructed vulnerability rule map, if so, executing the vulnerability rule according to the existing vulnerability rule, and determining whether a target object relation meeting the existing vulnerability rule exists in a relation map of the current object; if the target object relationship exists, the target object relationship is indicated to correspond to a vulnerability rule in the vulnerability relationship map, and the target object relationship is further determined to have a vulnerability, so that the problem of private data leakage can be solved.
Optionally, there is a possibility that the application program may logically reveal private data during the writing process (e.g., differential privacy). In particular, a logic bug existing in the design process of an application program can cause privacy data to be leaked, because the logic bug is traceable, and the logic bug existing in the source code can be cracked by adopting a differential privacy attack, for example. In addition, the private data stream leakage of the application program comprises single-component private data leakage and inter-component private data leakage.
Aiming at the problem that the privacy data are logically leaked in the writing process of the application program, the invention sets a plurality of vulnerability rules in the vulnerability rule map. Specifically, as shown in the flowchart of the code vulnerability examination method for implementing privacy protection in fig. 1, if the current object is a component to be examined, the vulnerability rules existing in the vulnerability rule graph include: xml, the component defines an exported attribute, the exported attribute is explicitly set to true, or the component includes an intent filter, step 105 determines whether a target object relationship meeting the existing vulnerability rule exists in the relationship graph of the current object according to the existing vulnerability rule, and the following operations can be performed:
and whether a target object relationship exists in the relationship graph of the component to be inspected, wherein the target object relationship is used for representing that the exported attribute of the component to be inspected is explicitly set as true, or the target object relationship is used for representing that the component to be inspected comprises an internal filter.
In this step, the private data in the application software includes a single-component private data leak and an inter-component private data bug, and the code bug corresponding to the private data includes a debuggable/backupable bug, an exposed component, and an API misuse bug. Taking android application software as an example, the android application software comprises four components, namely Activity, Service, Content Provider and Broadcast Receiver, wherein the private component of the application program can only be started by current application software, and if the private component is started by other application programs, the component has a code vulnerability. Specifically, the vulnerability rules existing in the vulnerability rule graph include: xml has a definition mode with an attribute of android: exported, and the definition mode is specifically as follows: when the "explicitly set exported attribute is true" or "no explicitly set exported value, but there is an internal filter under the component, the default value of the component exported is still true", in this case, it indicates that there is a vulnerability in the component. The method and the device can determine whether the code loopholes exist in the source code from the loophole components possibly existing in the logic design and development process of the source code, and solve the problem that private data are exposed in the logic flow of the source code.
It should be noted that, the development component with the code bug is used in the application software development process, and if the component to be examined falls in the bug rule of the component bug of the bug rule map, it indicates that the component to be examined has the bug. On the other hand, the source code has logic bugs in the design process and may also reveal private data. For example, in a differential privacy attack process, if an attacker acquires shopping data of 1000 users, 10 users purchase electronic products and 990 users purchase living goods, and meanwhile, the attacker acquires data of 999 users purchase electronic products or living goods, the attacker can determine actual shopping data of the 1000 th user.
Optionally, the application is interspersed with private data or the private data is present in the annotation during the authoring process. Particularly, when the source code stores private data such as names, contact ways and identification numbers, the private data are easily leaked directly. In addition, when some database user name passwords are hard coded or directly stored in a configuration file in a plaintext mode, privacy data can be indirectly leaked. In the web interface application, the front-end JavaScript can expose the private data, so that the user can easily see the private data in the browser, and the difficulty of attacking the website by an attacker is reduced.
Aiming at the problem that the application program is mixed with private data or the private data exists in the annotation in the writing process, the method sets a plurality of vulnerability rules in the vulnerability rule map. Specifically, as shown in the flowchart of the code vulnerability examination method for implementing privacy protection in fig. 1, if the current object is a privacy feature vector, the privacy feature vector includes but is not limited to personal data such as name, address, telephone, identification number, bank account number, etc., and the existing vulnerability rules include: the plaintext of the privacy feature vector appears in any storage area of a program file, a configuration file, a log file, a backup file and a database, step 105 determines whether a target object relation meeting the existing vulnerability rule exists in the relation graph of the current object according to the existing vulnerability rule, and the following operations can be performed:
and whether a target object relation exists in the relation graph of the privacy feature vector, wherein the target object relation is used for representing that the privacy feature vector plaintext appears in any storage area of a program file, a configuration file, a log file, a backup file and a database.
In this step, if the source code is mixed with private data or has plaintext annotation of the private data in the process of writing, it indicates that the code has a bug. In particular, the privacy feature vector, i.e. privacy data, includes, but is not limited to, name, address, phone, password, key, certificate, License, content of short message, authorization credential, etc. And (3) enabling the plain text of the privacy feature vector to appear in any storage area of a program file, a configuration file, a log file, a backup file and a database to serve as the vulnerability rule of the vulnerability rule map. If a target object relation exists in the relation graph of the privacy feature vector, wherein the target object relation is used for representing that the plain text of the privacy feature vector appears in any storage area in a program file, a configuration file, a log file, a backup file and a database. The embodiment of the invention solves the problems of private data existing in the source code and code loopholes of plaintext annotation of the private data from a code level.
It should be noted that the above is an example of the existence of a code vulnerability caused by the plaintext of the privacy feature vector appearing in the storage area. On the other hand, if the name of one user and the identity card number of another user exist, the two users do not have a connection, so although the corresponding relation between the user and the identity card exists, the situation does not belong to the exposure of private data. If the private data exists, the private data associated with the user identity can be solidified into the vulnerability rule graph. If the current object is the privacy feature vector and the privacy feature vector has an object relationship with the current object, it is indicated that the current object has a vulnerability.
For example, if the privacy feature vector existing in the source code is a cryptographic key, such as secret key deskey ═ new secret key spec (keyBytes2, "DESede"), indicating a hard-coded key problem that matches a vulnerability rule in the vulnerability rule graph, suggesting that "the cryptographic key should not be saved in the source code", the source code is determined to have a code vulnerability.
Alternatively, the application program considers the encryption processing for the private data in the writing process, but the encryption intensity is not enough in the processing process, and violent cracking of the data can be caused in data transmission. Specifically, a secure encryption algorithm of AES128 and above is used for local storage and ciphertext-plaintext conversion; for the non-reversible requirements for using in authentication scenarios, SHA256 and above secure HASH algorithms, such as PBKDF2, are used; a safe random number encryption mode is adopted for the need of adding salt value to prevent the attack of a rainbow table; for private data transmitted across a trust network, an asymmetric encryption algorithm, public key encryption and private key decryption are required, such as RSA2048 and above; the common MD5, DES, SHA1, even BSAE64 bit encoding which cannot be encrypted is not safe, when the encryption is performed by adopting these weak encryption methods, the true original data can be obtained by simple decryption through network packet capturing, and therefore, the encryption algorithm of the weak encryption causes the leakage of private data.
Aiming at the problem that when an application program relates to personal data belonging to user privacy, a secure encryption algorithm is required to be used for encrypting and storing the personal data, a plurality of vulnerability rules are set in a vulnerability rule map. Specifically, as shown in the flowchart of the code vulnerability examination method for implementing privacy protection in fig. 1, if the current object is an encryption algorithm to be examined, the existing vulnerability rules at least include any one of the following: the encrypted data needs to be stored locally and needs to be converted from ciphertext to plaintext, an encryption algorithm lower than AES128 is used for the encrypted data, the encrypted data is applied to an authentication scene, an encryption algorithm lower than SHA256 is adopted for the encrypted data, cross-trust network transmission is needed for the encrypted data, and an encryption algorithm lower than RSA2048 is adopted for the encrypted data; step 105, determining whether a target object relationship meeting the existing vulnerability rule exists in the relationship graph of the current object according to the existing vulnerability rule, and performing the following operations:
whether a target object relationship exists in the relationship graph of the encryption algorithm to be examined, wherein the target object relationship is used for representing:
the encrypted data encrypted by the encryption algorithm to be checked needs to be stored locally and needs to be converted from ciphertext to plaintext, and the encryption algorithm to be checked is an encryption algorithm lower than AES 128; or the like, or, alternatively,
the encrypted data encrypted by the encryption algorithm to be checked is applied to an authentication scene, and the encryption algorithm to be checked is an encryption algorithm lower than SHA 256; or the like, or, alternatively,
the encrypted data encrypted by the encryption algorithm to be checked needs to be transmitted across the trust network, and the encryption algorithm to be checked is lower than the encryption algorithm RSA 2048.
In this step, when the encrypted data needs to be stored locally and needs to be converted between plaintext and ciphertext, an encryption algorithm lower than AES128 is used for the encrypted data, that is, when the encryption algorithm lower than the AES with a key length of 128 bits is used for the encrypted data, it can be considered that the security of the encrypted data is insufficient when the encrypted data needs to be stored locally and needs to be converted between plaintext and ciphertext; when the encrypted data is applied to the authentication scene, an encryption algorithm lower than SHA256 is adopted for the encrypted data, that is, the encryption algorithm lower than SHA with a secret key length of 256 bits is used for the encrypted data, and the security of the encrypted data applied to the authentication scene can be considered to be insufficient; when the encrypted data needs to be transmitted across the trusted network, an encryption algorithm lower than RSA2048 is adopted for the encrypted data, that is, the encryption data uses an RSA encryption algorithm with a key length of 2048 bits, which may be considered as insufficient security in the case where the encrypted data needs to be transmitted across the trusted network. Additionally, when the encryption algorithm including one or more of MD5, DES, and SHA1 is used for encrypting the private data, it may be considered that the encryption security of the private data is insufficient, and if the weak encryption password is used, the security degree of the source code is too low, so that an attacker can easily obtain the real source code data directly through a simple network packet capturing and decryption method, which is not beneficial to protecting the private data. And taking the example with insufficient encryption security as a vulnerability rule of the vulnerability rule map, and if the encryption algorithm to be checked falls into the vulnerability rule, determining that the code vulnerability exists in the encryption algorithm to be checked.
For example, there are the following cases:
as can be seen from the above example, the existing vulnerability rule includes the encryption algorithm of MD5, and in the relationship graph of the encryption algorithm, if there is a target object relationship MessageDigest MD which is the message digest of getinstant ("MD5"), it indicates that the target object relationship has a vulnerability, specifically, the encryption mode is weak encryption, MD5 is an unrecommended encryption hash function, and PBKDF2 can be used to create a hash password.
It should be noted that, for the user personal data, a secure encryption algorithm must be used for encrypted storage. Specifically, for local storage, a secure encryption algorithm using AES128 or more that requires ciphertext-to-plaintext conversion; for the non-reversible use in the authentication scenario, SHA256 and above secure HASH algorithms, such as PBKDF2, may be used; a safe random number encryption algorithm is adopted for the salt value to prevent the rainbow table attack; for private data transmitted across a trust network, asymmetric encryption algorithm, public key encryption and private key decryption, such as RSA2048 and above, are required. Therefore, the secure encryption algorithm may also be set in the vulnerability rule graph, and if there is no target object relationship in the relationship graph of the encryption algorithm, the target object relationship is used to represent one or more of the secure encryption algorithms.
Optionally, when the relationship graph stores address information of the object relationship in the source code, after determining that the target object relationship has a vulnerability in step 106, the method further includes:
and determining address information of the target object relationship from the relationship map, and positioning the target object relationship in a source code according to the determined address information.
In this step, after a plurality of objects and object relationships that the plurality of objects have are identified from the source code, address information of the identified object relationships is stored in the storage area. When the target object relationship is determined to have the bug from the relationship map, further determining the address information of the target object relationship in the storage area, positioning the target object relationship according to the address information, and displaying the code bug in an identification manner, so that code examiners can modify the code bug.
Optionally, as shown in the flowchart of the code vulnerability examination method for implementing privacy protection in fig. 1, in step 102, a plurality of objects are identified from the source code, and the object relationships among the plurality of objects may specifically be implemented in the following manner:
identifying data belonging to a preset object type from the source code, wherein the object type comprises: one or more of int, short, long, byte, char, float, double, and borolan;
judging whether the identified object type to which the data belongs has a link relation with an instantiation object in a heap area, wherein the heap area stores a plurality of instantiation objects corresponding to the class;
if the link relation exists, identifying the instantiation object with the link relation and the identified data as objects, and identifying the existing link relation as an object relation.
In this step, the data types of the source code include object types, i.e. basic data types and packed data types, where the basic data types include int, short, long, byte, char, float, double, and boilean, and the packed data types include string, integer, double, etc., which are classes that pack corresponding basic data types, and these data are stored in the heap. When the data of the source code is identified, firstly, the object type to which the data of the source code belongs is determined, and the data of the source code and the object type to which the data of the source code belongs are defined by the source code, so that the object type to which the data of the source code belongs can be directly determined according to the source code definition, whether the identified object type to which the data belongs has a link relation with an instantiation object in a heap area is judged, whether the data has a corresponding reference relation is identified from the source code when the judgment is made, if yes, the instantiation object with the link relation and the identified data are both identified as objects, and the existing link relation is identified as an object relation.
It should be noted that the class corresponding to the source code is stored in the stack area, and the method area memory during the instantiation process. Specifically, the heap area stores the objects and information of a class corresponding to each object, namely, the heap area only stores the objects; the stack area stores the value and the object of the object type of the source code and the link relation between the object type and the instantiation object; the method area includes class and static variables corresponding to each source code.
As shown in fig. 2 and fig. 3, an embodiment of the present invention provides a code vulnerability examination apparatus for implementing privacy protection. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. From a hardware level, as shown in fig. 2, a hardware structure diagram of a code vulnerability examination apparatus for implementing privacy protection according to an embodiment of the present invention is provided, in addition to the processor, the memory, the network interface, the internal bus, and the nonvolatile memory shown in fig. 2, a device in which the apparatus is located in the embodiment may also include other hardware, such as a forwarding chip responsible for processing a packet, and the like, where the processor is connected with the network interface, the memory, and the nonvolatile memory through the internal bus. Taking a software implementation as an example, as shown in fig. 3, as a logical apparatus, the apparatus is formed by reading, by a CPU of a device in which the apparatus is located, corresponding computer program instructions in a non-volatile memory into a memory for execution.
The code vulnerability examination device for realizing privacy protection provided by the embodiment of the invention comprises:
an obtaining module 301, configured to obtain a source code to be examined;
an identifying module 302, configured to identify a plurality of objects and object relationships among the plurality of objects from the source code acquired by the acquiring module 301;
a processing module 303, configured to, after the identifying module 302 identifies a number of objects and object relationships that the number of objects have, perform the following operations:
for each object identified, performing:
finding out an object relation corresponding to the current object according to the identified object relation, and determining the found object relation as a relation map of the current object;
determining whether a vulnerability rule set for the current object exists in a pre-constructed vulnerability rule map, and if so, executing the next step;
determining whether a target object relation meeting the existing vulnerability rule exists in the relation map of the current object according to the existing vulnerability rule; if yes, executing the next step;
and determining that the target object relationship has a vulnerability.
Optionally, when the current object is a component to be inspected, the existing vulnerability rule includes: xml, defining an exported attribute in the Manifest, wherein the exported attribute is explicitly set as tube, or when the assembly comprises an intent filter;
the processing module is used for executing the following operations:
and whether a target object relationship exists in the relationship graph of the component to be inspected, wherein the target object relationship is used for representing that the exported attribute of the component to be inspected is explicitly set as true, or the target object relationship is used for representing that the component to be inspected comprises an internal filter.
Optionally, when the current object is a privacy feature vector, the existing vulnerability rule includes: when the clear text of the privacy feature vector appears in any storage area in a program file, a configuration file, a log file, a backup file and a database;
the processing module is used for executing the following operations:
and whether a target object relation exists in the relation graph of the privacy feature vector, wherein the target object relation is used for representing that the privacy feature vector plaintext appears in any storage area of a program file, a configuration file, a log file, a backup file and a database.
Optionally, when the current object is an encryption algorithm to be examined;
the existing vulnerability rules at least comprise any one of the following rules:
the encrypted data needs to be stored locally and needs to be converted from ciphertext to plaintext, and an encryption algorithm lower than AES128 is used for the encrypted data;
applying the encrypted data to an authentication scene, and adopting an encryption algorithm lower than SHA256 to the encrypted data;
the encrypted data needs to be transmitted across a trust network, and an encryption algorithm lower than RSA2048 is adopted for the encrypted data;
the processing module is used for executing the following operations:
whether a target object relationship exists in the relationship graph of the encryption algorithm to be examined, wherein the target object relationship is used for representing:
the encrypted data encrypted by the encryption algorithm to be checked needs to be stored locally and needs to be converted from ciphertext to plaintext, and the encryption algorithm to be checked is an encryption algorithm lower than AES 128; or the like, or, alternatively,
the encrypted data encrypted by the encryption algorithm to be checked is applied to an authentication scene, and the encryption algorithm to be checked is an encryption algorithm lower than SHA 256; or the like, or, alternatively,
the encrypted data encrypted by the encryption algorithm to be checked needs to be transmitted across the trust network, and the encryption algorithm to be checked is lower than the encryption algorithm RSA 2048.
Optionally, when the relationship graph stores address information of the object relationship in the source code, the method further includes: a positioning module;
the positioning module is configured to, after the processing module determines that the target object relationship has a bug, determine address information of the target object relationship from the relationship map, and position the target object relationship in the source code according to the determined address information.
Optionally, the identifying module is configured to perform the following operations:
identifying data belonging to a preset object type from the source code, wherein the object type comprises: one or more of int, short, long, byte, char, float, double, and borolan;
judging whether the identified object type to which the data belongs has a link relation with an instantiation object in a heap area, wherein the heap area stores a plurality of instantiation objects corresponding to the class;
if the link relation exists, identifying the instantiation object with the link relation and the identified data as objects, and identifying the existing link relation as an object relation.
It is to be understood that the structure illustrated in the embodiment of the present invention does not specifically limit the code vulnerability examination apparatus for implementing privacy protection. In other embodiments of the invention, the code vulnerability review apparatus for implementing privacy protection may include more or fewer components than shown, or combine certain components, or split certain components, or a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
The content of information interaction, execution process and the like between each module and each unit in the device is based on the same concept as the method embodiment of the present invention, and specific content can be referred to the description in the method embodiment of the present invention, and is not described herein again.
The embodiment of the invention also provides a code vulnerability examination device for realizing privacy protection, which comprises: at least one memory and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor is configured to invoke the machine-readable program to execute the code vulnerability examination method for implementing privacy protection in any embodiment of the present invention.
Embodiments of the present invention also provide a computer-readable medium storing instructions for causing a computer to execute the code vulnerability examination method for implementing privacy protection as described herein. Specifically, a method or an apparatus equipped with a storage medium on which a software program code that realizes the functions of any of the above-described embodiments is stored may be provided, and a computer (or a CPU or MPU) of the method or the apparatus is caused to read out and execute the program code stored in the storage medium.
In this case, the program code itself read from the storage medium can realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code constitute a part of the present invention.
Examples of the storage medium for supplying the program code include a floppy disk, a hard disk, a magneto-optical disk, an optical disk (e.g., CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD + RW), a magnetic tape, a nonvolatile memory card, and a ROM. Alternatively, the program code may be downloaded from a server computer via a communications network.
Further, it should be clear that the functions of any one of the above-described embodiments can be implemented not only by executing the program code read out by the computer, but also by performing a part or all of the actual operations by an operation method or the like operating on the computer based on instructions of the program code.
Further, it is to be understood that the program code read out from the storage medium is written to a memory provided in an expansion board inserted into the computer or to a memory provided in an expansion unit connected to the computer, and then causes a CPU or the like mounted on the expansion board or the expansion unit to perform part or all of the actual operations based on instructions of the program code, thereby realizing the functions of any of the above-described embodiments.
In summary, the code vulnerability examination method, the device and the readable medium for implementing privacy protection provided by the embodiments of the present invention have at least the following beneficial effects:
1. in the embodiment of the invention, a plurality of objects and object relations of the objects are identified from a source code by acquiring the source code to be examined; for each object identified, performing: finding out an object relation corresponding to the current object according to the identified object relation, and determining the found object relation as a relation map of the current object, wherein the relation map comprises the current object and each object relation corresponding to the current object; determining whether a vulnerability rule set for a current object exists in a pre-constructed vulnerability rule map, if so, executing the vulnerability rule according to the existing vulnerability rule, and determining whether a target object relation meeting the existing vulnerability rule exists in a relation map of the current object; if the target object relationship exists, the target object relationship is indicated to correspond to a vulnerability rule in the vulnerability relationship map, and the target object relationship is further determined to have a vulnerability, so that the problem of private data leakage can be solved.
2. In the embodiment of the invention, the private data in the application software comprises single-component private data leakage and inter-component private data bugs, and the code bugs corresponding to the private data comprise debuggable/backupable bugs, exposed component and API misuse bugs. The method and the device can determine whether the code loopholes exist in the source code from the loophole components possibly existing in the logic design and development process of the source code, and solve the problem that private data are exposed in the logic flow of the source code.
3. In the embodiment of the invention, if the source code is mixed with private data or has plaintext annotation of the private data in the writing process, the code is indicated to have a bug. In particular, the privacy feature vector, i.e. privacy data, includes, but is not limited to, name, address, phone, password, key, certificate, License, content of short message, authorization credential, etc. And (3) enabling the plain text of the privacy feature vector to appear in any storage area of a program file, a configuration file, a log file, a backup file and a database to serve as the vulnerability rule of the vulnerability rule map. If a target object relation exists in the relation graph of the privacy feature vector, wherein the target object relation is used for representing that the plain text of the privacy feature vector appears in any storage area in a program file, a configuration file, a log file, a backup file and a database. The embodiment of the invention solves the problems of private data existing in the source code and code loopholes of plaintext annotation of the private data from a code level.
4. In the embodiment of the invention, when the encrypted data needs to be stored locally and needs to be converted from plaintext to ciphertext, an encryption algorithm lower than AES128 is used for the encrypted data, namely, when the encryption algorithm lower than the AES with the key length of 128 bits is used for the encrypted data, the security of the encrypted data is considered to be insufficient when the encrypted data needs to be stored locally and needs to be converted from plaintext to ciphertext; when the encrypted data is applied to the authentication scene, an encryption algorithm lower than SHA256 is adopted for the encrypted data, that is, the encryption algorithm lower than SHA with a secret key length of 256 bits is used for the encrypted data, and the security of the encrypted data applied to the authentication scene can be considered to be insufficient; when the encrypted data needs to be transmitted across the trusted network, an encryption algorithm lower than RSA2048 is adopted for the encrypted data, that is, the encryption data uses an RSA encryption algorithm with a key length of 2048 bits, which may be considered as insufficient security in the case where the encrypted data needs to be transmitted across the trusted network. Additionally, when the encryption algorithm including one or more of MD5, DES, and SHA1 is used for encrypting the private data, it may be considered that the encryption security of the private data is insufficient, and if the weak encryption password is used, the security degree of the source code is too low, so that an attacker can easily obtain the real source code data directly through a simple network packet capturing and decryption method, which is not beneficial to protecting the private data. Therefore, the secure encryption protection of private data is completed from code review against the problem that the encryption security is low with respect to the user personal information in the source code.
5. After the source code identifies a plurality of objects and object relations of the objects, the address information of the identified object relations is stored in a storage area. When the target object relationship is determined to have the bug from the relationship map, further determining the address information of the target object relationship in the storage area, positioning the target object relationship according to the address information, and displaying the code bug in an identification manner, so that code examiners can modify the code bug.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it is to be noted that: the above description is only a preferred embodiment of the present invention, and is only used to illustrate the technical solutions of the present invention, and not to limit the protection scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (10)
1. The code vulnerability examination method for realizing privacy protection is characterized by comprising the following steps:
acquiring a source code to be examined;
identifying a plurality of objects from the source code and object relationships among the plurality of objects;
for each object identified, performing:
finding out an object relation corresponding to the current object according to the identified object relation, and determining the found object relation as a relation map of the current object;
determining whether a vulnerability rule set for the current object exists in a pre-constructed vulnerability rule map, and if so, executing the next step;
determining whether a target object relation meeting the existing vulnerability rule exists in the relation map of the current object according to the existing vulnerability rule; if yes, executing the next step;
and determining that the target object relationship has a vulnerability.
2. The method of claim 1,
the current object is a component to be examined;
the existing vulnerability rules include: xml, defining an exported attribute in the Manifest, wherein the exported attribute is explicitly set as true, or the assembly comprises an intent filter;
determining whether a target object relationship meeting the existing vulnerability rule exists in the relationship graph of the current object according to the existing vulnerability rule, wherein the determining comprises the following steps: and whether a target object relationship exists in the relationship graph of the component to be inspected, wherein the target object relationship is used for representing that the exported attribute of the component to be inspected is explicitly set as true, or the target object relationship is used for representing that the component to be inspected comprises an internal filter.
3. The method of claim 1,
the current object is a privacy feature vector;
the existing vulnerability rules include: the plaintext of the privacy feature vector is presented in any storage area in a program file, a configuration file, a log file, a backup file and a database;
determining whether a target object relationship meeting the existing vulnerability rule exists in the relationship graph of the current object according to the existing vulnerability rule, wherein the determining comprises the following steps: and whether a target object relation exists in the relation graph of the privacy feature vector, wherein the target object relation is used for representing that the privacy feature vector plaintext appears in any storage area of a program file, a configuration file, a log file, a backup file and a database.
4. The method of claim 1,
the current object is an encryption algorithm to be examined;
the existing vulnerability rules at least comprise any one of the following rules:
the encrypted data needs to be stored locally and needs to be converted from ciphertext to plaintext, and an encryption algorithm lower than AES128 is used for the encrypted data;
applying the encrypted data to an authentication scene, and adopting an encryption algorithm lower than SHA256 to the encrypted data;
the encrypted data needs to be transmitted across a trust network, and an encryption algorithm lower than RSA2048 is adopted for the encrypted data;
determining whether a target object relationship meeting the existing vulnerability rule exists in the relationship graph of the current object according to the existing vulnerability rule, wherein the determining comprises the following steps: whether a target object relationship exists in the relationship graph of the encryption algorithm to be examined, wherein the target object relationship is used for representing:
the encrypted data encrypted by the encryption algorithm to be checked needs to be stored locally and needs to be converted from ciphertext to plaintext, and the encryption algorithm to be checked is an encryption algorithm lower than AES 128; or the like, or, alternatively,
the encrypted data encrypted by the encryption algorithm to be checked is applied to an authentication scene, and the encryption algorithm to be checked is an encryption algorithm lower than SHA 256; or the like, or, alternatively,
the encrypted data encrypted by the encryption algorithm to be checked needs to be transmitted across the trust network, and the encryption algorithm to be checked is lower than the encryption algorithm RSA 2048.
5. The method of claim 1,
the relation graph stores the address information of the object relation in the source code;
after the target object relationship is determined to have a vulnerability, further comprising: and determining address information of the target object relationship from the relationship map, and positioning the target object relationship in the source code according to the determined address information.
6. The method according to any one of claims 1 to 5, wherein the identifying a plurality of objects from the source code and the object relationships among the plurality of objects comprises:
identifying data belonging to a preset object type from the source code, wherein the object type comprises: one or more of int, short, long, byte, char, float, double, and borolan;
judging whether the identified object type to which the data belongs has a link relation with an instantiation object in a heap area, wherein the heap area stores a plurality of instantiation objects corresponding to the class;
if the link relation exists, identifying the instantiation object with the link relation and the identified data as objects, and identifying the existing link relation as an object relation.
7. A code vulnerability examination device for realizing privacy protection is characterized by comprising:
the acquisition module is used for acquiring a source code to be examined;
the identification module is used for identifying a plurality of objects from the source code acquired by the acquisition module and the object relations among the objects;
a processing module, configured to, after the identification module identifies a number of objects and object relationships that the number of objects have, perform the following operations:
for each object identified, performing:
finding out an object relation corresponding to the current object according to the identified object relation, and determining the found object relation as a relation map of the current object;
determining whether a vulnerability rule set for the current object exists in a pre-constructed vulnerability rule map, and if so, executing the next step;
determining whether a target object relation meeting the existing vulnerability rule exists in the relation map of the current object according to the existing vulnerability rule; if yes, executing the next step;
and determining that the target object relationship has a vulnerability.
8. The apparatus of claim 7,
when the current object is a component to be inspected, the existing vulnerability rules include: xml, defining an exported attribute in the Manifest, wherein the exported attribute is explicitly set as tube, or when the assembly comprises an intent filter;
the processing module is used for executing the following operations:
and whether a target object relationship exists in the relationship graph of the component to be inspected, wherein the target object relationship is used for representing that the exported attribute of the component to be inspected is explicitly set as true, or the target object relationship is used for representing that the component to be inspected comprises an internal filter.
9. A code vulnerability examination device for realizing privacy protection is characterized by comprising: at least one memory and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor, configured to invoke the machine readable program, to perform the method of any of claims 1 to 6.
10. Computer readable medium, characterized in that it has stored thereon computer instructions which, when executed by a processor, cause the processor to carry out the method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011366514.0A CN112347486A (en) | 2020-11-30 | 2020-11-30 | Code vulnerability examination method and device for realizing privacy protection and readable medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011366514.0A CN112347486A (en) | 2020-11-30 | 2020-11-30 | Code vulnerability examination method and device for realizing privacy protection and readable medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112347486A true CN112347486A (en) | 2021-02-09 |
Family
ID=74366182
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011366514.0A Pending CN112347486A (en) | 2020-11-30 | 2020-11-30 | Code vulnerability examination method and device for realizing privacy protection and readable medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112347486A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113449325A (en) * | 2021-08-30 | 2021-09-28 | 华控清交信息科技(北京)有限公司 | Data processing method and device and data processing device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101482847A (en) * | 2009-01-19 | 2009-07-15 | 北京邮电大学 | Detection method based on safety bug defect mode |
| CN104484607A (en) * | 2014-12-16 | 2015-04-01 | 上海交通大学 | Universal method and universal system for performing safety testing on Android application programs |
| CN108038381A (en) * | 2017-12-27 | 2018-05-15 | 中国人民解放军战略支援部队信息工程大学 | A kind of key safety detection method and system |
| CN110188544A (en) * | 2019-05-30 | 2019-08-30 | 北京百度网讯科技有限公司 | Leak detection method and device, equipment and storage medium |
| CN110363004A (en) * | 2018-04-10 | 2019-10-22 | 腾讯科技(深圳)有限公司 | A kind of code vulnerabilities detection method, device, medium and equipment |
| CN110378126A (en) * | 2019-07-26 | 2019-10-25 | 北京中科微澜科技有限公司 | A kind of leak detection method and system |
| CN111506900A (en) * | 2020-04-15 | 2020-08-07 | 北京字节跳动网络技术有限公司 | Vulnerability detection method and device, electronic equipment and computer storage medium |
-
2020
- 2020-11-30 CN CN202011366514.0A patent/CN112347486A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101482847A (en) * | 2009-01-19 | 2009-07-15 | 北京邮电大学 | Detection method based on safety bug defect mode |
| CN104484607A (en) * | 2014-12-16 | 2015-04-01 | 上海交通大学 | Universal method and universal system for performing safety testing on Android application programs |
| CN108038381A (en) * | 2017-12-27 | 2018-05-15 | 中国人民解放军战略支援部队信息工程大学 | A kind of key safety detection method and system |
| CN110363004A (en) * | 2018-04-10 | 2019-10-22 | 腾讯科技(深圳)有限公司 | A kind of code vulnerabilities detection method, device, medium and equipment |
| CN110188544A (en) * | 2019-05-30 | 2019-08-30 | 北京百度网讯科技有限公司 | Leak detection method and device, equipment and storage medium |
| CN110378126A (en) * | 2019-07-26 | 2019-10-25 | 北京中科微澜科技有限公司 | A kind of leak detection method and system |
| CN111506900A (en) * | 2020-04-15 | 2020-08-07 | 北京字节跳动网络技术有限公司 | Vulnerability detection method and device, electronic equipment and computer storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113449325A (en) * | 2021-08-30 | 2021-09-28 | 华控清交信息科技(北京)有限公司 | Data processing method and device and data processing device |
| CN113449325B (en) * | 2021-08-30 | 2021-11-23 | 华控清交信息科技(北京)有限公司 | Data processing method and device and data processing device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Chen et al. | An empirical assessment of security risks of global android banking apps | |
| KR100996784B1 (en) | Saving and retrieving data based on public key encryption | |
| CN109412812B (en) | Data security processing system, method, device and storage medium | |
| JP2004038939A (en) | Storage and retrieval of data based on symmetric key encryption | |
| CN108055133A (en) | A kind of key secure signing method based on block chain technology | |
| CN109657479B (en) | Data leakage prevention method and computer readable storage medium | |
| JP2012059221A (en) | Information processor and information processing program | |
| CN104778954B (en) | A kind of CD subregion encryption method and system | |
| Yu et al. | A novel watermarking method for software protection in the cloud | |
| KR20170089352A (en) | Firmware integrity verification for performing the virtualization system | |
| CN107908977A (en) | Intelligent mobile terminal trust chain safety transmitting method and system based on TrustZone | |
| Gallery et al. | Trusted computing: Security and applications | |
| Uddin et al. | Horus: A security assessment framework for android crypto wallets | |
| US20050289358A1 (en) | Method and system for sensitive information protection in structured documents | |
| CN112347486A (en) | Code vulnerability examination method and device for realizing privacy protection and readable medium | |
| KR100906067B1 (en) | Standard file generation method using a steganography technology, and apparatus and method to validate the integrity of a metadata in its | |
| US20170201376A1 (en) | Method for generating a digital signature | |
| CN112825093B (en) | Security baseline checking method, host, server, electronic device and storage medium | |
| CN111046440B (en) | Tamper verification method and system for secure area content | |
| CN116992494B (en) | Security protection method, equipment and medium for scenic spot data circulation | |
| KR102618922B1 (en) | Apparatus and method for Preventing SW reverse engineering of embedded system | |
| CN117499159B (en) | Block chain-based data transaction method and device and electronic equipment | |
| JP2005318299A (en) | Electronic data storage system for storing electronic data while securing evidentiality of electronic data | |
| Rubio-Medrano et al. | Proactive risk assessment for preventing attribute-forgery attacks to ABAC policies | |
| KR100650293B1 (en) | Method For Anti-Hacking Electronic Filing Document And Computer Readable Record Medium On Which A Program Therefor Is Recorded |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210209 |
|
| RJ01 | Rejection of invention patent application after publication |