CN112883093B - Data export method, system, device and medium based on dynamic instruction stream detection - Google Patents
Data export method, system, device and medium based on dynamic instruction stream detection Download PDFInfo
- Publication number
- CN112883093B CN112883093B CN202110153520.6A CN202110153520A CN112883093B CN 112883093 B CN112883093 B CN 112883093B CN 202110153520 A CN202110153520 A CN 202110153520A CN 112883093 B CN112883093 B CN 112883093B
- Authority
- CN
- China
- Prior art keywords
- data
- characteristic information
- target position
- data export
- data source
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/25—Integrating or interfacing systems involving database management systems
- G06F16/254—Extract, transform and load [ETL] procedures, e.g. ETL data flows in data warehouses
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/38—Concurrent instruction execution, e.g. pipeline, look ahead
- G06F9/3867—Concurrent instruction execution, e.g. pipeline, look ahead using instruction pipelines
- G06F9/3869—Implementation aspects, e.g. pipeline latches; pipeline synchronisation and clocking
Abstract
The invention discloses a data export method, a system, a device and a medium based on dynamic instruction stream detection, which relate to the field of data processing and comprise the following steps: obtaining first characteristic information of a data source to be exported; obtaining second characteristic information of a target position to be derived; acquiring a first address space range after a data export tool is loaded into a memory by an operating system; when a data export task is executed, a first operation instruction set which is executed by a processor in the running environment of the data export tool and is positioned in a first address space range is obtained; and taking out third characteristic information related to the data source in the first operation instruction set, taking out fourth characteristic information related to the target position in the first operation instruction set, matching the third and fourth characteristic information with the first and second characteristic information, and judging that the data export tool has risks if the matching fails.
Description
Technical Field
The present invention relates to the field of data processing, and in particular, to a method, a system, an apparatus, and a medium for data export based on dynamic instruction stream detection.
Background
The export of data is a common function in data processing and information systems, and for the security detection of data export, it is usually confirmed whether the export of data is successful from integrity detection and comparison before and after the export of data, but there is a main problem that no detection is performed on a data export tool and an export environment, so that a risk of data leakage exists in the data export process.
Disclosure of Invention
In order to overcome the problem that data leakage risks exist in the process of exporting data due to the fact that a data exporting tool and an exporting environment are not detected in the prior art, the invention provides a data exporting method, a data exporting system, a data exporting device and a data exporting medium based on dynamic instruction stream detection.
In order to achieve the above object, the present invention provides a data export method based on dynamic instruction stream detection, the method comprising:
obtaining first characteristic information of a data source to be derived based on the type of the data source;
obtaining second characteristic information of the target position to be derived based on the target position type;
acquiring a first address space range after a data export tool is loaded into a memory by an operating system;
executing a data export task, and exporting data to be exported in a data source to a target position;
when a data export task is executed, a first operation instruction set which is executed by a processor in the running environment of the data export tool and is positioned in a first address space range is obtained;
taking out third characteristic information related to the data source in the first operation instruction set, matching the third characteristic information with the first characteristic information, and judging that the data exporting tool has risks if the matching fails;
and taking out fourth characteristic information related to the target position in the first operation instruction set, matching the fourth characteristic information with the second characteristic information, and judging that the data exporting tool has risks if the matching fails.
The method is mainly characterized in that data is exported, a large number of operations are input and output related instructions including disk I/O and network I/O, the instructions in the running process are detected in real time based on the obvious running characteristic, the source data position and the exported target position are combined according to information such as operation codes, operands and address spaces of the instructions, once the inconsistent operands or instruction running modes are found, the running process is warned, the export operation can be optionally stopped, the data safety is protected, and the export risk is reduced to the minimum.
Preferably, in the method, if the data source is a file, the first characteristic information is a file name; if the data source is a database table, the first characteristic information is a table name; if the data source is an I/O port, the first characteristic information is a port number.
Preferably, in the method, if the target location is a file, the second characteristic information is a file name; if the target position is a database table, the second feature information is a name of the database table; and if the target position is an I/O port, the second characteristic information is a port number.
Preferably, in the method, when the execution data export task is obtained, the type of the processor of the execution environment of the data export tool is obtained, and the corresponding first operation instruction set is obtained according to the type of the processor.
Preferably, in the method, if the third characteristic information is successfully matched with the first characteristic information, and the fourth characteristic information is successfully matched with the second characteristic information, the safety of the data export tool is determined.
Preferably, in the method, if the data export tool is judged to have risk, a reminding message is generated, or an alarm message is generated, or the data export operation is interrupted.
Preferably, the method further includes counting the number of the various operation instructions in the first operation instruction set and the ratio of the various operation instructions, and generating a reminding message, or generating an alarm message, or interrupting data export operation when the ratio of the certain operation instructions exceeds a preset ratio range.
The invention also provides a data export system based on dynamic instruction stream detection, the system comprises:
the device comprises a first obtaining unit, a second obtaining unit and a control unit, wherein the first obtaining unit is used for obtaining first characteristic information of a data source to be derived based on the type of the data source;
a second obtaining unit, configured to obtain second feature information of the target location to be derived based on the target location type;
the first obtaining unit is used for obtaining a first address space range after the data export tool is loaded into the memory by the operating system;
the export unit is used for executing a data export task and exporting data to be exported in the data source to a target position;
the second acquisition unit is used for acquiring a first operation instruction set which is executed by a processor in the running environment of the data export tool and is positioned in a first address space range when the data export task is executed;
the first matching unit is used for taking out third characteristic information related to the data source in the first operation instruction set, matching the third characteristic information with the first characteristic information, and judging that the data export tool has risks if the matching fails;
and the second matching unit is used for taking out fourth characteristic information related to the target position in the first operation instruction set, matching the fourth characteristic information with the second characteristic information, and judging that the data export tool has risks if the matching fails.
The invention also provides a data export device based on dynamic instruction stream detection, which comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the processor realizes the steps of the data export method based on dynamic instruction stream detection when executing the computer program.
The invention also provides a computer-readable storage medium, in which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the data derivation method based on dynamic instruction stream detection.
One or more technical schemes provided by the invention at least have the following technical effects or advantages:
the invention detects the instruction in real time in the running process, according to the information of the operation code, the operand, the address space and the like of the instruction, and combines the source data position and the derived target position, once finding out the inconsistent operand or the instruction running mode, the invention gives a warning to the running process and can randomly suspend the derived operation so as to protect the data safety and reduce the risk of data derivation.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention;
FIG. 1 is a schematic flow diagram of a data derivation method based on dynamic instruction stream detection;
FIG. 2 is a schematic diagram of the components of a data derivation system based on dynamic instruction stream detection.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention, taken in conjunction with the accompanying drawings and detailed description, is set forth below. It should be noted that the embodiments and features of the embodiments of the present invention may be combined with each other without conflicting with each other.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described and thus the scope of the present invention is not limited by the specific embodiments disclosed below.
It should be understood that "system", "device", "unit" and/or "module" as used herein is a method for distinguishing different components, elements, parts, portions or assemblies at different levels. However, other words may be substituted by other expressions if they accomplish the same purpose.
As used in this specification and the appended claims, the terms "a," "an," "the," and/or "the" are not to be taken in a singular sense, but rather are to be construed to include a plural sense unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" merely indicate that steps and elements are included which are explicitly identified, that the steps and elements do not form an exclusive list, and that a method or apparatus may include other steps or elements.
Flow charts are used in this description to illustrate operations performed by a system according to embodiments of the present description. It should be understood that the preceding or following operations are not necessarily performed in the exact order in which they are performed. Rather, the various steps may be processed in reverse order or simultaneously. Meanwhile, other operations may be added to the processes, or a certain step or several steps of operations may be removed from the processes.
Example one
Referring to fig. 1, fig. 1 is a schematic flow chart of a data export method based on dynamic instruction stream detection, the invention provides a data export method based on dynamic instruction stream detection, the method includes:
obtaining first characteristic information of a data source to be derived based on the type of the data source;
obtaining second characteristic information of the target position to be derived based on the target position type;
acquiring a first address space range after a data export tool is loaded into a memory by an operating system;
executing a data export task, and exporting data to be exported in a data source to a target position;
when a data export task is executed, a first operation instruction set which is executed by a processor in the running environment of the data export tool and is positioned in a first address space range is obtained;
taking out third characteristic information related to the data source in the first operation instruction set, matching the third characteristic information with the first characteristic information, and judging that the data export tool has risks if the matching fails;
and taking out fourth characteristic information related to the target position in the first operation instruction set, matching the fourth characteristic information with the second characteristic information, and judging that the data export tool has risks if the matching fails.
The following describes a data derivation method based on dynamic instruction stream detection in detail, but the method is not limited to the following embodiments, and the method includes:
1. acquiring characteristic information of a data source to be exported, wherein the characteristic information is a file name if export source data is a file; if the export source data is a database table, the characteristic information is a name of the database table; if the derived data source is a specific I/O port, the characteristic information is a port number;
2. acquiring target position feature information to be exported, wherein for example, if the export target position is a file, the feature information is a file name; if the derived target position is a database table, the characteristic information is a table name; if the derived target location is a specific I/O port, the characteristic information is a port number;
3. obtaining a CPU type of the data-export tool operating environment, such as Intel or AMD;
4. loading different instruction sets and operation codes according to different types of the CPU, wherein the instruction sets comprise an arithmetic operation instruction, a bit test instruction, a bit operation instruction, a data transfer instruction, a displacement instruction, a control transfer instruction, a graphic processing instruction and the like;
5. acquiring address space information of the data export tool after the data export tool is loaded into the memory by an operating system, wherein the range of the address space is used as a filtering condition for subsequent instruction detection, namely only identifying the operating instruction of the data export tool;
6. and combining the input and output characteristic information of the step 1 and the step 2 with the operand of the CPU instruction to form a filtering and judging condition aiming at the input and output function instruction.
Examples are as follows: assume that the target location for data derivation is I/O port 1090
Instruction encoding operation address opcode operand
110011 0x60F0BD08 MOV EAX,[data] data=1090
The data transfer operation code corresponding to the MOV transfers the data at the specified location to the target location corresponding to the I/O port, i.e., the target location corresponding to port 1090.
7. Detecting a CPU executed instruction set in the address space range of the data export tool in real time, filtering out all MOV operation codes, and judging whether an operand of the MOV instruction is 1090 or not;
8. if the operation is not matched with or matched with the characteristic information in the step 1 and the step 2, the export tool has potential risk behaviors, namely, the data is possible to be exported to other unknown target positions at the same time, and different treatment is performed according to the configuration of an export scene, such as reminding, alarming and interrupting the export operation;
9. meanwhile, the various instructions executed by the export tool are classified and counted to obtain a table as shown in table 1:
TABLE 1
| Type of instruction | Number of |
| Arithmetic operation instruction | N1 |
| Bit test instruction | N2 |
| Bit operation instruction | N3 |
| Data transfer instruction | N4 |
| Displacement instruction | N5 |
| Control transfer instruction | N6 |
| Graphics processing instructions | N7 |
| …… | …… |
N1-N7 accumulation of times of execution of various instructions
10. Setting the proportion range of typical instructions, such as data transfer instructions [ 30%, 80% ], i.e. the proportion of data transfer instructions executed by the data export tool should be between 30% and 80%;
11. in the operation process, the table of the step is analyzed and judged regularly, and based on the function of the data export tool, the instruction set has very obvious characteristics, namely most of the instructions are data reading instructions, namely data transfer instructions; the proportion of instructions appearing in the data processing class should be very small, because the data derivation tool mostly only plays a role of a data channel to carry data from a source to a target position, and does not need to perform additional processing and analysis on the data, and as a comparison, the data processing class of the encryption and decryption tool accounts for a relatively high proportion;
12. judging the instructions in the table in the step 9 and the execution quantity thereof one by one, and comparing the instruction with the range in the step 10;
and 13, if the proportion of the quantity of the certain type of instructions is not within the preset range, performing different treatment, such as reminding, alarming and interrupting the derivation operation, according to the configuration of the derivation scene.
Example two
Referring to FIG. 2, FIG. 2 is a block diagram of a data export system based on dynamic instruction stream detection; the second embodiment of the present invention provides a data export system based on dynamic instruction stream detection, where the system includes:
the device comprises a first obtaining unit, a second obtaining unit and a control unit, wherein the first obtaining unit is used for obtaining first characteristic information of a data source to be derived based on the type of the data source;
a second obtaining unit, configured to obtain second feature information of the target location to be derived based on the target location type;
the first obtaining unit is used for obtaining a first address space range after the data export tool is loaded into the memory by the operating system;
the export unit is used for executing a data export task and exporting data to be exported in the data source to a target position;
the second acquisition unit is used for acquiring a first operation instruction set which is executed by a processor in the running environment of the data export tool and is positioned in a first address space range when the data export task is executed;
the first matching unit is used for taking out third characteristic information related to the data source in the first operation instruction set, matching the third characteristic information with the first characteristic information, and judging that the data export tool has risks if the matching fails;
and the second matching unit is used for taking out fourth characteristic information related to the target position in the first operation instruction set, matching the fourth characteristic information with the second characteristic information, and judging that the data export tool has risks if the matching fails.
EXAMPLE III
The third embodiment of the present invention provides a data export device based on dynamic instruction stream detection, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the data export method based on dynamic instruction stream detection when executing the computer program.
The processor may be a Central Processing Unit (CPU), or other general-purpose processor, a digital signal processor (digital signal processor), an Application Specific Integrated Circuit (Application Specific Integrated Circuit), an off-the-shelf programmable gate array (field programmable gate array) or other programmable logic device, a discrete gate or transistor logic device, a discrete hardware component, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory may be used for storing the computer program and/or the module, and the processor implements various functions of the data deriving device based on dynamic instruction stream detection in the invention by operating or executing data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function (such as a sound playing function, an image playing function, etc.), and the like. Further, the memory may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a smart memory card, a secure digital card, a flash memory card, at least one magnetic disk storage device, a flash memory device, or other volatile solid state storage device.
Example four
The fourth embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the steps of the data derivation method based on dynamic instruction stream detection are implemented.
The data derivation means based on dynamic instruction stream detection, if implemented in the form of software functional units and sold or used as a stand-alone product, can be stored in a computer readable storage medium. Based on such understanding, all or part of the processes in the method of the embodiments of the present invention may also be implemented by a computer program stored in a computer readable storage medium, where the computer program can implement the steps of the embodiments of the method when executed by a processor. Wherein the computer program comprises computer program code, an object code form, an executable file or some intermediate form, etc. The computer readable medium may include: any entity or device capable of carrying said computer program code, a recording medium, a usb-disk, a removable hard disk, a magnetic disk, an optical disk, a computer memory, a read-only memory, a random access memory, a point carrier signal, a telecommunications signal, a software distribution medium, etc. It should be noted that the computer readable medium may contain content that is appropriately increased or decreased as required by legislation and patent practice in the jurisdiction.
The technical scheme in the embodiment of the invention at least has the following technical effects or advantages:
the invention detects the instruction in real time in the running process, according to the information of the operation code, the operand, the address space and the like of the instruction, and combines the source data position and the derived target position, once finding out the inconsistent operand or the instruction running mode, the invention gives a warning to the running process and can randomly suspend the derived operation so as to protect the data safety and reduce the risk of data derivation.
Having thus described the basic concept, it will be apparent to those skilled in the art that the foregoing detailed disclosure is to be regarded as illustrative only and not as limiting the present specification. Various modifications, improvements and adaptations to the present description may occur to those skilled in the art, although not explicitly described herein. Such modifications, improvements and adaptations are proposed in the present specification and thus fall within the spirit and scope of the exemplary embodiments of the present specification.
Also, the description uses specific words to describe embodiments of the description. Reference throughout this specification to "one embodiment," "an embodiment," and/or "some embodiments" means that a particular feature, structure, or characteristic described in connection with at least one embodiment of the specification is included. Therefore, it is emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, some features, structures, or characteristics of one or more embodiments of the specification may be combined as appropriate.
Moreover, those skilled in the art will appreciate that aspects of the present description may be illustrated and described in terms of several patentable species or situations, including any new and useful combination of processes, machines, manufacture, or materials, or any new and useful improvement thereof. Accordingly, aspects of this description may be performed entirely by hardware, entirely by software (including firmware, resident software, micro-code, etc.), or by a combination of hardware and software. The above hardware or software may be referred to as "data block," module, "" engine, "" unit, "" component, "or" system. Furthermore, aspects of the present description may be represented as a computer product, including computer readable program code, embodied in one or more computer readable media.
The computer storage medium may comprise a propagated data signal with the computer program code embodied therewith, for example, on baseband or as part of a carrier wave. The propagated signal may take any of a variety of forms, including electromagnetic, optical, etc., or any suitable combination. A computer storage medium may be any computer-readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code located on a computer storage medium may be propagated over any suitable medium, including radio, cable, fiber optic cable, RF, or the like, or any combination of the preceding.
Computer program code required for the operation of various portions of this specification may be written in any one or more programming languages, including an object oriented programming language such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C + +, C #, VB.NET, Python, and the like, a conventional programming language such as C, Visual Basic, Fortran 2003, Perl, COBOL 2002, PHP, ABAP, a dynamic programming language such as Python, Ruby, and Groovy, or other programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any network format, such as a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet), or in a cloud computing environment, or as a service, such as a software as a service (SaaS).
Additionally, the order in which the elements and sequences of the process are recited in the specification, the use of alphanumeric characters, or other designations, is not intended to limit the order in which the processes and methods of the specification occur, unless otherwise specified in the claims. While certain presently contemplated useful embodiments of the invention have been discussed in the foregoing disclosure by way of various examples, it is to be understood that such detail is solely for that purpose and that the appended claims are not limited to the disclosed embodiments, but, on the contrary, are intended to cover all modifications and equivalent arrangements that are within the spirit and scope of the embodiments herein described. For example, although the system components described above may be implemented by hardware devices, they may also be implemented by software-only solutions, such as installing the described system on an existing server or mobile device.
Similarly, it should be noted that in the preceding description of embodiments of the present specification, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure aiding in the understanding of one or more of the embodiments. This method of disclosure, however, is not intended to imply that more features than are expressly recited in a claim. Indeed, the embodiments may be characterized as having less than all of the features of a single embodiment disclosed above.
For each patent, patent application publication, and other material, such as articles, books, specifications, publications, documents, etc., cited in this specification, the entire contents of each are hereby incorporated by reference into this specification. Except where the application history document is inconsistent or contrary to the present specification, and except where the application history document is inconsistent or contrary to the present specification, the application history document is not inconsistent or contrary to the present specification, but is to be read in the broadest scope of the present claims (either currently or hereafter added to the present specification). It is to be understood that the descriptions, definitions and/or uses of terms in the accompanying materials of this specification shall control if they are inconsistent or contrary to the descriptions and/or uses of terms in this specification.
Finally, it should be understood that the embodiments described herein are merely illustrative of the principles of the embodiments of the present disclosure. Other variations are also possible within the scope of the present description. Thus, by way of example, and not limitation, alternative configurations of the embodiments of the specification can be considered consistent with the teachings of the specification. Accordingly, the embodiments of the present description are not limited to only those explicitly described and depicted herein.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (8)
1. A method for data derivation based on dynamic instruction stream detection, the method comprising:
obtaining first characteristic information of a data source to be derived based on the type of the data source;
obtaining second characteristic information of the target position to be derived based on the target position type;
acquiring a first address space range after a data export tool is loaded into a memory by an operating system;
executing a data export task, and exporting data to be exported in a data source to a target position;
when a data export task is executed, a first operation instruction set which is executed by a processor in the running environment of the data export tool and is positioned in a first address space range is obtained;
taking out third characteristic information related to the data source in all data transfer instructions of the first operation instruction set, matching the third characteristic information with the first characteristic information, and judging that the data export tool has risks if the matching fails;
taking out fourth characteristic information related to the target position in all data transfer instructions of the first operation instruction set, matching the fourth characteristic information with the second characteristic information, and judging that the data export tool has risks if the matching fails;
if the data source is a file, the first characteristic information is a file name; if the data source is a database table, the first characteristic information is a table name; if the data source is an I/O port, the first characteristic information is a port number;
if the target position is a file, the second characteristic information is a file name; if the target position is a database table, the second characteristic information is a name of the database table; if the target location is an I/O port, the second characteristic information is a port number.
2. The method of claim 1, wherein when the data export task is executed, a processor type of an execution environment of the data export tool is obtained, and the corresponding first operation instruction set is obtained according to the processor type.
3. The method of claim 1, wherein if the third characteristic information is successfully matched with the first characteristic information and the fourth characteristic information is successfully matched with the second characteristic information, the data export tool is determined to be safe.
4. The data export method based on dynamic instruction stream detection as claimed in claim 1, wherein if the data export tool is determined to be at risk, a warning message is generated, or a data export operation is interrupted.
5. The method according to claim 1, further comprising counting the number of the types of operation instructions in the first operation instruction set and the ratio of the types of operation instructions, and generating a warning message or interrupting the data exporting operation when the ratio of the type of operation instructions exceeds a preset ratio range.
6. A data derivation system based on dynamic instruction stream detection, the system comprising:
the device comprises a first obtaining unit, a second obtaining unit and a control unit, wherein the first obtaining unit is used for obtaining first characteristic information of a data source to be derived based on the type of the data source;
a second obtaining unit configured to obtain second feature information of the target position to be derived based on the target position type;
the first obtaining unit is used for obtaining a first address space range after the data export tool is loaded into the memory by the operating system;
the export unit is used for executing a data export task and exporting data to be exported in the data source to a target position;
the second acquisition unit is used for acquiring a first operation instruction set which is executed by a processor in the running environment of the data export tool and is positioned in a first address space range when the data export task is executed;
the first matching unit is used for taking out third characteristic information related to the data source in all data transfer instructions of the first operation instruction set, matching the third characteristic information with the first characteristic information, and judging that the data export tool has risks if the matching fails;
the second matching unit is used for taking out fourth characteristic information related to the target position in all data transfer instructions of the first operation instruction set, matching the fourth characteristic information with the second characteristic information, and judging that the data export tool has risks if the matching fails;
if the data source is a file, the first characteristic information is a file name; if the data source is a database table, the first characteristic information is a table name; if the data source is an I/O port, the first characteristic information is a port number;
if the target position is a file, the second characteristic information is a file name; if the target position is a database table, the second feature information is a name of the database table; and if the target position is an I/O port, the second characteristic information is a port number.
7. A data derivation apparatus based on dynamic instruction stream detection, comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the data derivation method based on dynamic instruction stream detection as claimed in any one of claims 1 to 5 when executing the computer program.
8. A computer-readable storage medium, in which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of a method for data derivation based on dynamic instruction stream detection as claimed in any one of the claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110153520.6A CN112883093B (en) | 2021-02-04 | 2021-02-04 | Data export method, system, device and medium based on dynamic instruction stream detection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110153520.6A CN112883093B (en) | 2021-02-04 | 2021-02-04 | Data export method, system, device and medium based on dynamic instruction stream detection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112883093A CN112883093A (en) | 2021-06-01 |
| CN112883093B true CN112883093B (en) | 2022-09-02 |
Family
ID=76057171
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110153520.6A Active CN112883093B (en) | 2021-02-04 | 2021-02-04 | Data export method, system, device and medium based on dynamic instruction stream detection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112883093B (en) |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102184360B (en) * | 2011-05-13 | 2013-06-05 | 华中科技大学 | Information flow safety monitoring method applied to embedded processor |
| CN102333122B (en) * | 2011-09-28 | 2015-04-15 | 奇智软件(北京)有限公司 | Downloaded resource provision method, device and system |
| CN106502879A (en) * | 2015-09-07 | 2017-03-15 | 中国移动通信集团公司 | A kind of method and device for realizing applications security detection |
| CN105808430B (en) * | 2016-03-03 | 2018-07-03 | 中国科学院软件研究所 | A kind of multi-semantic meaning dynamic stain analysis method |
| RU2665910C1 (en) * | 2017-09-29 | 2018-09-04 | Акционерное общество "Лаборатория Касперского" | System and method of detecting the harmful code in the address process space |
| US11741196B2 (en) * | 2018-11-15 | 2023-08-29 | The Research Foundation For The State University Of New York | Detecting and preventing exploits of software vulnerability using instruction tags |
| CN111666570A (en) * | 2020-04-24 | 2020-09-15 | 宁夏凯信特信息科技有限公司 | KXTScan vulnerability scanning tool |
-
2021
- 2021-02-04 CN CN202110153520.6A patent/CN112883093B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN112883093A (en) | 2021-06-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8539593B2 (en) | Extraction of code level security specification | |
| US10986103B2 (en) | Signal tokens indicative of malware | |
| US8656496B2 (en) | Global variable security analysis | |
| WO2013105076A1 (en) | Automated document redaction | |
| CN109471697B (en) | Method, device and storage medium for monitoring system call in virtual machine | |
| CN110574028B (en) | Method for protecting software code | |
| CN110050258B (en) | Apparatus, system, and method for preventing application piracy | |
| US20230205755A1 (en) | Methods and systems for improved search for data loss prevention | |
| CN109446753A (en) | Detect method, apparatus, computer equipment and the storage medium of pirate application program | |
| CN106874758B (en) | Method and device for identifying document code | |
| CN113903473A (en) | Medical information intelligent interaction method and system based on artificial intelligence | |
| CN105760761A (en) | Software behavior analyzing method and device | |
| CN112883093B (en) | Data export method, system, device and medium based on dynamic instruction stream detection | |
| CN112784290B (en) | Data export tool security analysis method and system and data export method | |
| CN113138723A (en) | Data soft destroying method, system, device and medium | |
| CN110520860B (en) | Method for protecting software code | |
| US9350723B2 (en) | Determination and classification of defense measures in web applications | |
| US11157611B2 (en) | Binary image stack cookie protection | |
| CN115391810B (en) | Data hierarchical encryption method and AI system based on big data | |
| CN108647516B (en) | Method and device for defending against illegal privilege escalation | |
| CN112486723B (en) | Data verification method and device, processor and electronic equipment | |
| CN112199163B (en) | Virtual instruction method, device, equipment and storage medium for analyzing and interpreting routine | |
| CN114461274A (en) | Instruction processing apparatus, method, chip, computer device, and storage medium | |
| CN113420065A (en) | Data processing method applied to business big data and big data server | |
| CN112783961B (en) | Data export method and system based on managed operation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |