CN112528331A - Privacy disclosure risk detection method, device and system - Google Patents
Privacy disclosure risk detection method, device and system Download PDFInfo
- Publication number
- CN112528331A CN112528331A CN202011473466.5A CN202011473466A CN112528331A CN 112528331 A CN112528331 A CN 112528331A CN 202011473466 A CN202011473466 A CN 202011473466A CN 112528331 A CN112528331 A CN 112528331A
- Authority
- CN
- China
- Prior art keywords
- data
- risk
- privacy
- detection
- detecting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method, equipment and a system for detecting privacy disclosure risks, wherein the method comprises the following steps: when the write-in operation is monitored, acquiring stored data; detecting whether the stored data contains privacy data or not to obtain a detection result; and when the detection result is that the private data are contained, desensitizing the private data to obtain corresponding desensitized data, calling the request data corresponding to the write operation, generating leakage risk data based on the desensitized data and the request data, and reporting. According to the method and the device, the risk of privacy data leakage is automatically detected during the running period of the application program by detecting whether the data written into the storage contains the privacy data, and the corresponding leakage risk data is reported in time, so that corresponding staff can conveniently perform corresponding processing, and the privacy safety of users is protected.
Description
Technical Field
The invention relates to the field of data protection, in particular to a method, equipment and a system for detecting privacy disclosure risks.
Background
With the rapid development of information technology, the problem of privacy disclosure is getting worse, and a large amount of personal privacy data is directly disclosed from the inside of the application, which causes property and mental loss to the application user.
To address the above privacy disclosure problem, existing solutions include encrypting and storing privacy data and performing vulnerability detection by developers using taint data in the development process, and patching vulnerabilities based on detection results. However, the scheme based on taint analysis has the risk that corresponding privacy leakage cannot be detected due to the fact that taint marks are lost, and due to the fact that the actual using scenes are complex and changeable, the testing scenes are single, all bugs cannot be detected, and therefore the issued application still has the risk of privacy leakage; it is difficult today to detect in time the risk of privacy disclosure that a published application is exposed to when actually used.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a method, equipment and a system for detecting privacy disclosure risks, which can automatically detect whether the data written in and stored in the data contains privacy data, and can timely detect and report the privacy disclosure risks exposed by an application program in the using process.
In order to solve the technical problem, the invention is solved by the following technical scheme:
a privacy disclosure risk detection method comprises the following steps:
s100, when the writing operation is monitored, acquiring stored data;
s200, detecting whether the stored data contain privacy data or not to obtain a detection result;
s300, when the detection result is that the private data are contained, desensitization processing is carried out on the private data to obtain corresponding desensitization data, request data corresponding to the writing operation are called, and leakage risk data are generated and reported on the basis of the desensitization data and the request data.
As an implementation manner, before detecting whether the stored data contains the private data, the method further includes a step of detecting code writing, and the specific steps are as follows:
performing byte code instrumentation on the sensitive function written into the storage, and inserting a detection code or a calling code for calling the detection code;
the detection code is used to perform the above steps S200 and S300.
As an implementable embodiment:
the sensitive functions comprise sensitive functions corresponding to writing in a database, writing in a log file, writing in a response and writing in a common file.
As an implementable embodiment:
when the write-in operation is monitored, copying and copying data to be written to obtain corresponding stored data, executing the write-in operation, and writing the data to be written into a memory.
As an implementable embodiment:
and when the detection result is that the private data are contained, all or part of the private data are printed based on a preset desensitization rule, and corresponding desensitization data are obtained.
The invention also provides a privacy disclosure risk detection method, which comprises the following steps:
receiving leakage risk data, wherein the leakage risk data is generated by any one method;
and merging each leakage risk data, and generating and feeding back corresponding risk feedback data.
The invention also provides a device for detecting privacy disclosure risk, which comprises:
the operation monitoring module is used for acquiring stored data when the writing operation is monitored;
the risk detection module is used for detecting whether the stored data contains privacy data or not and obtaining a detection result;
and the risk reporting module is used for desensitizing the private data to obtain corresponding desensitized data when the detection result shows that the private data are contained, calling the request data corresponding to the write operation, and reporting the desensitized data and the request data.
As an implementable mode, the method further comprises the following steps:
and the instrumentation module is used for performing byte code instrumentation on the sensitive functions written into the memory and inserting detection codes or calling codes for calling the detection codes.
As an implementable manner, the risk reporting module includes a desensitization unit, a request extraction unit and a reporting unit;
and the desensitization unit is used for carrying out full code printing or partial code printing on the private data based on a preset desensitization rule to obtain corresponding desensitization data.
The invention also provides a privacy disclosure risk detection system, which comprises a server and a plurality of terminal devices, and is characterized in that:
the terminal equipment is the detection equipment described in any one of the above items;
and the server is used for receiving the leakage risk data reported by each terminal device, merging each leakage risk data, and generating and feeding back corresponding risk feedback data.
Due to the adoption of the technical scheme, the invention has the remarkable technical effects that:
according to the method and the device, the risk of privacy data leakage is automatically detected during the running period of the application program by detecting whether the data written into the storage contains the privacy data, and the corresponding leakage risk data is reported in time, so that corresponding staff can conveniently perform corresponding processing, and the privacy safety of users is protected.
The invention adopts the byte code instrumentation technology to insert the detection code or the calling code without depending on and changing the source code of the corresponding application program.
According to the invention, the data to be written is copied and copied, and the backup data is used as the storage data for detection, so that the normal operation of writing and storage can be preferentially ensured, namely, the normal operation of the application program is ensured.
According to the invention, through desensitization processing on the private data, the private data is effectively prevented from being leaked secondarily in the reporting process.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic flow chart of a method for detecting a risk of privacy disclosure according to the present invention;
fig. 2 is a schematic specific flowchart of a privacy disclosure risk detection method according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to examples, which are illustrative of the present invention and are not to be construed as being limited thereto.
Embodiment 1, a method for detecting a privacy disclosure risk, when a user operates an application program, a detection code in the application program detects a privacy disclosure risk exposed in a use process based on the detection method, as shown in fig. 1, specifically includes the following steps:
s100, when the writing operation is monitored, acquiring stored data;
s200, detecting whether the stored data contain privacy data or not to obtain a detection result;
in this embodiment, the private data refers to unencrypted plaintext private data, and those skilled in the art can configure data types belonging to the private data according to actual needs, for example, the data types may include names, identification numbers, passport numbers, telephones, addresses, mailing addresses, WeChat account numbers, bank card numbers, and the like.
S300, when the detection result is that the private data are contained, desensitization processing is carried out on the private data to obtain corresponding desensitization data, request data corresponding to the writing operation are called, and leakage risk data are generated and reported on the basis of the desensitization data and the request data.
According to the embodiment, whether the data written into the storage contains the privacy data or not is detected, so that the risk of privacy data leakage is automatically detected during the running period of the application program, corresponding leakage risk data is reported in time, corresponding staff can conveniently perform corresponding processing, and the privacy safety of a user is protected.
Compared with the technical scheme of the existing taint analysis, the detection method provided by the embodiment does not need to carry out detection based on data stream tracking, avoids the situation that detection cannot be carried out due to loss of taint data marks in the data stream tracking process, is not only suitable for testing an application program in the development process, but also suitable for detecting the privacy leakage risk exposed in practical use after application release.
Embodiment 2, before detecting whether the stored data includes the private data in step S200 in embodiment 1, a step of writing a detection code is added, which includes the specific steps of:
and performing byte code instrumentation on the sensitive functions written into the memory, and inserting detection codes or calling codes for calling the detection codes.
In this embodiment, the functions of step S200 and step S300 are realized by executing the inserted detection code and/or the called detection code, specifically.
The detection code calls a preset analysis rule to analyze and detect the stored data so as to identify the privacy data and the type of the privacy data in the stored data.
And the detection code calls a preset desensitization rule to desensitize the private data according to the type of the detected private data to obtain corresponding desensitization data, calls request data corresponding to the write-in operation, generates leakage risk data based on the desensitization data and the request data, and reports the leakage risk data.
In the detection method in embodiment 1, in actual use, because a source code of an application program needs to be changed, and the source code includes a detection code for detecting a privacy disclosure risk, the scheme can only detect the privacy disclosure risk of the application program, and when the detection code is updated according to actual needs, the whole source code needs to be updated, which is highly limited;
in the embodiment, a bytecode instrumentation technology is adopted, and the detection code or the calling code is inserted into the application program when the application program is started, so that the source code does not need to be relied on or changed, and the detection code is convenient to update. In this embodiment, by designing the bytecode instrumentation, the proposed detection method can perform self-detection and can also detect other application programs.
Self-detection: that is, the detection method provided in this embodiment is used to detect the privacy disclosure risk of the application program, and at this time, when the application program is started, the bytecode instrumentation tool is automatically called, so as to perform bytecode instrumentation on the sensitive function written in and stored in the application program, and the inserted detection code or the calling code is used to detect the privacy disclosure risk of the application program;
detecting other application programs: that is, when it is detected that a managed application is started, the bytecode instrumentation tool is called by the application, and bytecode instrumentation is performed on the managed application, thereby performing privacy leakage risk detection on the managed application by using the inserted detection code or calling code.
The person skilled in the art can select the existing byte code instrumentation tool disclosed according to the actual needs.
Further, the sensitive functions include sensitive functions corresponding to writing in a database, writing in a log file, writing in a response and writing in a normal file.
Java is a door-facing object programming language, and is widely used, so this embodiment takes Java as an example to exemplify the sensitive function:
(1) sensitive function written into database:
database operation function in java native library: java. sql. state. executeQuery (java. lang. string), and the like.
(2) Sensitive function written to log file:
java native log function: java. servlet. http. pservlet. log (java. lang. string).
Common third party library functions (log4j, slf4j, etc.): org.slf4j.logger.info (java.lang.string), org.apache.log4j.category.
(3) Sensitive function of write response:
java native Servlet response function: java. servlet. servletoutputstream. write (byte [ ]), and the like.
(4) Sensitive function written in common file:
java native file write function: java.
The skilled person can select the sensitive function for instrumentation according to the actual situation, so that the inserted detection code can effectively detect the data written into the memory.
Further, in step S100, when the write operation is monitored, copying and copying the data to be written to obtain corresponding stored data, and executing the write operation to write the data to be written to the storage.
In the embodiment, the data to be written is copied, and the backup data is used as the storage data for detection, so that the normal operation of writing and storing can be preferentially ensured. In this embodiment, the data to be written is copied and copied based on the detection code.
Taking an inserted code as an example of a detection code, when a write-in operation is monitored, calling the detection code, copying and copying data to be written according to the detection code to obtain stored data, establishing a detection thread, detecting private data in the stored data, and obtaining a corresponding detection result.
Further, in step S300, when the detection result is that the private data is included, all or part of the private data is coded based on a preset desensitization rule, so as to obtain corresponding desensitization data.
In this embodiment, through desensitization processing on the private data, secondary leakage of the private data in the reporting process is effectively avoided, and a person skilled in the art can design corresponding desensitization rules for different types of private data according to actual needs.
Referring to fig. 2, the following describes the detection method proposed in this embodiment in detail in a specific case:
starting an application program based on the operation of a user, calling an external byte code instrumentation tool by the application program, performing byte code instrumentation on a sensitive function written and stored in the application program, and inserting a calling code;
receiving and responding to request data initiated by a user, calling a detection code based on the calling code when detecting that a writing operation is required, executing the detection code, and executing the following steps when executing the detection code:
and copying the data to be written to obtain corresponding stored data.
Calling a preset analysis rule, and identifying the privacy data in the obtained stored data to obtain a corresponding detection result;
and when the detection result is that the private data exists, the private data comprises the private data and the private type obtained by identification, and at the moment, the corresponding desensitization rule is called based on the type to desensitize the private data to obtain desensitization data.
And generating and reporting the divulgence risk data based on the desensitization data, the privacy types and the request data, receiving and summarizing the divulgence risk data by an external server, and feeding the divulgence risk data back to corresponding workers, so that the workers can know the privacy divulgence risk of the application program in time and process the divulgence risk according to the request data with the privacy divulgence risk.
The skilled person in the art can perform the write operation (preferentially ensuring normal operation of write storage) after the copy of the data to be written is completed, and can also directly detect the data to be written, and perform the write operation (preferentially ensuring security of user privacy) based on desensitized data when the detection result is that no private data exists or when the detection result is that private data exists.
Because the risk of privacy disclosure does not represent a security vulnerability of privacy disclosure, a false desensitization operation may exist when the write operation is executed based on desensitization data, and the integrity and accuracy of the data to be written are damaged, so that the write operation is executed after the copy of the data to be written is completed, and the normal operation of an application program is not interfered.
Embodiment 3, a method for detecting a privacy disclosure risk on a service side, which performs risk feedback for relevant workers based on received disclosure risk data, so that the relevant workers can find and repair the exposed privacy disclosure risk in time, and the method includes the specific steps of:
receiving leakage risk data, wherein the leakage risk data are generated according to the detection method disclosed in embodiment 1 or embodiment 2;
and merging each leakage risk data, and generating and feeding back corresponding risk feedback data.
In this embodiment, the risk feedback data includes request data with risk of privacy disclosure, privacy type, and specific violated standard and related law, and the method for generating the risk feedback data may include the following steps:
constructing violation judgment rules in advance based on relevant standards and legal provisions;
merging the received leakage risk data according to a preset period to obtain a plurality of pieces of merged data, wherein each piece of merged data comprises request data with privacy leakage risks, privacy types and occurrence times;
determining violation conditions corresponding to the merged data based on violation judgment rules, and adding specific violation standards and related laws to the merged data based on the violation conditions to obtain corresponding feedback data;
and summarizing all feedback data, and generating and feeding back corresponding risk feedback data.
The relevant standards and corresponding laws for constructing the rule for judging rule violation are as follows:
(1) GDPR (General Data Protection Regulation );
(2) PCI-DSS (Payment Card Industry-Data Security Standard, third party Payment Industry Data Security Standard);
(3) protection of personal information.
Embodiment 4, a privacy disclosure risk detection device, configured to detect a privacy disclosure risk exposed during a user use process, includes:
the operation monitoring module is used for acquiring stored data when the writing operation is monitored;
the risk detection module is used for detecting whether the stored data contains privacy data or not and obtaining a detection result;
and the risk reporting module is used for desensitizing the private data to obtain corresponding desensitized data when the detection result shows that the private data are contained, calling the request data corresponding to the write operation, and reporting the desensitized data and the request data.
The system further comprises an instrumentation module, wherein the instrumentation module is used for performing byte code instrumentation on the sensitive function written in the storage, inserting a detection code or an invoking code for invoking the detection code, and the detection code is used for deploying the risk detection module and the risk reporting module.
Further, the risk reporting module comprises a desensitization unit, a request extraction unit and a reporting unit;
and the desensitization unit is used for carrying out full code printing or partial code printing on the private data based on a preset desensitization rule to obtain corresponding desensitization data.
This embodiment is an embodiment of an apparatus corresponding to the method embodiment corresponding to embodiment 1 or embodiment 2, and since it is basically similar to the method embodiment, the description is relatively simple, and for the relevant points, refer to the partial descriptions of embodiment 1 and embodiment 2.
Embodiment 5, a detection system of privacy disclosure risk, including a server and a plurality of terminal devices;
the terminal device is the detection device described in embodiment 4;
the server is used for receiving the leakage risk data reported by each terminal device, and is also used for merging each leakage risk data to generate and feed back corresponding risk feedback data. The server is used for executing the method described in embodiment 3, and since it is basically similar to embodiment 2, the description is relatively simple, and for the relevant points, refer to the partial description of embodiment 3.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should be noted that:
reference in the specification to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the invention. Thus, the appearances of the phrase "one embodiment" or "an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
In addition, it should be noted that the specific embodiments described in the present specification may differ in the shape of the components, the names of the components, and the like. All equivalent or simple changes of the structure, the characteristics and the principle of the invention which are described in the patent conception of the invention are included in the protection scope of the patent of the invention. Various modifications, additions and substitutions for the specific embodiments described may be made by those skilled in the art without departing from the scope of the invention as defined in the accompanying claims.
Claims (10)
1. A method for detecting privacy disclosure risk is characterized by comprising the following steps:
s100, when the writing operation is monitored, acquiring stored data;
s200, detecting whether the stored data contain privacy data or not to obtain a detection result;
s300, when the detection result is that the private data are contained, desensitization processing is carried out on the private data to obtain corresponding desensitization data, request data corresponding to the writing operation are called, and leakage risk data are generated and reported on the basis of the desensitization data and the request data.
2. The method for detecting the risk of privacy disclosure according to claim 1, further comprising a step of writing a detection code before detecting whether the stored data contains the privacy data, the specific steps being:
performing byte code instrumentation on the sensitive function written into the storage, and inserting a detection code or a calling code for calling the detection code;
the detection code is used to perform the above steps S200 and S300.
3. The method for detecting a risk of privacy disclosure according to claim 2, wherein:
the sensitive functions comprise sensitive functions corresponding to writing in a database, writing in a log file, writing in a response and writing in a common file.
4. The method for detecting a risk of privacy disclosure according to any one of claims 1 to 3, characterized by:
when the write-in operation is monitored, copying and copying data to be written to obtain corresponding stored data, executing the write-in operation, and writing the data to be written into a memory.
5. The method for detecting a risk of privacy disclosure according to any one of claims 1 to 3, characterized by:
and when the detection result is that the private data are contained, all or part of the private data are printed based on a preset desensitization rule, and corresponding desensitization data are obtained.
6. A method for detecting privacy disclosure risk, comprising:
receiving leakage risk data generated by the method of any one of claims 1 to 5;
and merging each leakage risk data, and generating and feeding back corresponding risk feedback data.
7. A privacy-exposure risk detection device, comprising:
the operation monitoring module is used for acquiring stored data when the writing operation is monitored;
the risk detection module is used for detecting whether the stored data contains privacy data or not and obtaining a detection result;
and the risk reporting module is used for desensitizing the private data to obtain corresponding desensitized data when the detection result shows that the private data are contained, calling the request data corresponding to the write operation, and reporting the desensitized data and the request data.
8. The apparatus for detecting a risk of privacy disclosure according to claim 7, further comprising:
and the instrumentation module is used for performing byte code instrumentation on the sensitive functions written into the memory and inserting detection codes or calling codes for calling the detection codes.
9. The device for detecting the privacy leakage risk according to claim 7, wherein the risk reporting module includes a desensitization unit, a request extraction unit and a reporting unit;
and the desensitization unit is used for carrying out full code printing or partial code printing on the private data based on a preset desensitization rule to obtain corresponding desensitization data.
10. The utility model provides a detection system of risk is revealed in privacy, includes server and a plurality of terminal equipment, its characterized in that:
the terminal device is the detection device of any one of claims 7 to 9;
and the server is used for receiving the leakage risk data reported by each terminal device, merging each leakage risk data, and generating and feeding back corresponding risk feedback data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011473466.5A CN112528331A (en) | 2020-12-15 | 2020-12-15 | Privacy disclosure risk detection method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011473466.5A CN112528331A (en) | 2020-12-15 | 2020-12-15 | Privacy disclosure risk detection method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112528331A true CN112528331A (en) | 2021-03-19 |
Family
ID=74999863
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011473466.5A Pending CN112528331A (en) | 2020-12-15 | 2020-12-15 | Privacy disclosure risk detection method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112528331A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113885958A (en) * | 2021-09-30 | 2022-01-04 | 杭州默安科技有限公司 | Method and system for intercepting dirty data |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103778380A (en) * | 2013-12-31 | 2014-05-07 | 网秦(北京)科技有限公司 | Data desensitization method and device and data anti-desensitization method and device |
| CN103984900A (en) * | 2014-05-19 | 2014-08-13 | 南京赛宁信息技术有限公司 | Android application vulnerability detection method and Android application vulnerability detection system |
| CN104699860A (en) * | 2015-04-09 | 2015-06-10 | 成都卡莱博尔信息技术有限公司 | Data processing and storage method for sharing-type master data |
| CN104715195A (en) * | 2015-03-12 | 2015-06-17 | 广东电网有限责任公司信息中心 | Malicious code detecting system and method based on dynamic instrumentation |
| CN106599193A (en) * | 2016-12-14 | 2017-04-26 | 云南电网有限责任公司电力科学研究院 | Data cleaning method and system |
| CN107122660A (en) * | 2017-03-29 | 2017-09-01 | 中国科学院信息工程研究所 | A kind of Android application software user privacy information leakage detection method |
| CN109522235A (en) * | 2018-11-29 | 2019-03-26 | 南京大学 | A method of it is detected for the privacy leakage of Android dynamically load |
| CN111028922A (en) * | 2019-12-13 | 2020-04-17 | 北京推想科技有限公司 | Medical image data standardization method and device, server equipment and medium |
| CN111262835A (en) * | 2020-01-09 | 2020-06-09 | 青岛海尔科技有限公司 | Desensitization storage method and device for sensitive data |
| CN111368328A (en) * | 2020-02-27 | 2020-07-03 | 北京三快在线科技有限公司 | Data storage method and device, computer readable storage medium and electronic equipment |
| CN111460516A (en) * | 2020-06-22 | 2020-07-28 | 腾讯科技(深圳)有限公司 | Non-invasive data protection method, device, terminal and storage medium |
| CN111953558A (en) * | 2020-07-10 | 2020-11-17 | 泰康保险集团股份有限公司 | Sensitive information monitoring method and device, electronic equipment and storage medium |
-
2020
- 2020-12-15 CN CN202011473466.5A patent/CN112528331A/en active Pending
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103778380A (en) * | 2013-12-31 | 2014-05-07 | 网秦(北京)科技有限公司 | Data desensitization method and device and data anti-desensitization method and device |
| CN103984900A (en) * | 2014-05-19 | 2014-08-13 | 南京赛宁信息技术有限公司 | Android application vulnerability detection method and Android application vulnerability detection system |
| CN104715195A (en) * | 2015-03-12 | 2015-06-17 | 广东电网有限责任公司信息中心 | Malicious code detecting system and method based on dynamic instrumentation |
| CN104699860A (en) * | 2015-04-09 | 2015-06-10 | 成都卡莱博尔信息技术有限公司 | Data processing and storage method for sharing-type master data |
| CN106599193A (en) * | 2016-12-14 | 2017-04-26 | 云南电网有限责任公司电力科学研究院 | Data cleaning method and system |
| CN107122660A (en) * | 2017-03-29 | 2017-09-01 | 中国科学院信息工程研究所 | A kind of Android application software user privacy information leakage detection method |
| CN109522235A (en) * | 2018-11-29 | 2019-03-26 | 南京大学 | A method of it is detected for the privacy leakage of Android dynamically load |
| CN111028922A (en) * | 2019-12-13 | 2020-04-17 | 北京推想科技有限公司 | Medical image data standardization method and device, server equipment and medium |
| CN111262835A (en) * | 2020-01-09 | 2020-06-09 | 青岛海尔科技有限公司 | Desensitization storage method and device for sensitive data |
| CN111368328A (en) * | 2020-02-27 | 2020-07-03 | 北京三快在线科技有限公司 | Data storage method and device, computer readable storage medium and electronic equipment |
| CN111460516A (en) * | 2020-06-22 | 2020-07-28 | 腾讯科技(深圳)有限公司 | Non-invasive data protection method, device, terminal and storage medium |
| CN111953558A (en) * | 2020-07-10 | 2020-11-17 | 泰康保险集团股份有限公司 | Sensitive information monitoring method and device, electronic equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 燕季薇;李明素;卢琼;严俊;高红雨;: "基于Android平台的隐私泄漏静态检测工具的分析与比较", 计算机科学, no. 10, pages 132 - 138 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113885958A (en) * | 2021-09-30 | 2022-01-04 | 杭州默安科技有限公司 | Method and system for intercepting dirty data |
| CN113885958B (en) * | 2021-09-30 | 2023-10-31 | 杭州默安科技有限公司 | Method and system for intercepting dirty data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103699480B (en) | A kind of WEB dynamic security leak detection method based on JAVA | |
| CN111240994A (en) | Vulnerability processing method and device, electronic equipment and readable storage medium | |
| CN110866258B (en) | Rapid vulnerability positioning method, electronic device and storage medium | |
| CN113761519B (en) | Method and device for detecting Web application program and storage medium | |
| CN109828780B (en) | Open source software identification method and device | |
| CN113946825B (en) | Memory horse processing method and system | |
| CN110048932A (en) | Validation checking method, apparatus, equipment and the storage medium of mail Monitoring function | |
| CN111008017B (en) | Oclin-based pre-review method for files to be submitted and related components | |
| CN111897789B (en) | Log generation method and device | |
| CN112528331A (en) | Privacy disclosure risk detection method, device and system | |
| US10089463B1 (en) | Managing security of source code | |
| CN115391230A (en) | Test script generation method, test script penetration method, test script generation device, test penetration device, test equipment and test medium | |
| CN115357902A (en) | Fuzzy test method for block chain system | |
| CN113127367B (en) | Defect detection method for Android dynamic permission application | |
| CN111027073B (en) | Vulnerability detection method, device, equipment and storage medium | |
| CN110647771B (en) | Mysql database storage integrity verification protection method and device | |
| US20200125735A1 (en) | Non-intrusive method of detecting security flaws of a computer program | |
| CN111274585B (en) | Method, device, equipment and medium for detecting unauthorized vulnerability of Web application | |
| CN111625784B (en) | Anti-debugging method of application, related device and storage medium | |
| CN112347499B (en) | Program self-protection method | |
| CN112925667B (en) | Method, device and equipment for preventing SDK from crashing and readable storage medium | |
| CN116204891B (en) | Vulnerability exploitation analysis method, device and storage medium | |
| WO2023201621A1 (en) | Private information leak detection method and apparatus, and electronic device | |
| CN113986764A (en) | Data checking test method and device, electronic equipment and storage medium | |
| CN112559370A (en) | Front-end-based React project unit testing method and related equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 1st Floor, Building 3, No. 2616, Yuhangtang Road, Cangqian Street, Yuhang District, Hangzhou City, Zhejiang Province, 311100 Applicant after: HANGZHOU MOAN TECHNOLOGY CO.,LTD. Address before: 311100 10th floor, Block E, building 1, 1378 Wenyi West Road, Cangqian street, Yuhang District, Hangzhou City, Zhejiang Province Applicant before: HANGZHOU MOAN TECHNOLOGY CO.,LTD. |