CN113688358B - System security detection method and device, electronic equipment, medium and product - Google Patents
System security detection method and device, electronic equipment, medium and product Download PDFInfo
- Publication number
- CN113688358B CN113688358B CN202010422109.XA CN202010422109A CN113688358B CN 113688358 B CN113688358 B CN 113688358B CN 202010422109 A CN202010422109 A CN 202010422109A CN 113688358 B CN113688358 B CN 113688358B
- Authority
- CN
- China
- Prior art keywords
- baseline
- interface
- script
- detection
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 151
- 238000013515 script Methods 0.000 claims abstract description 156
- 238000004590 computer program Methods 0.000 claims abstract description 13
- 238000000034 method Methods 0.000 claims description 27
- 230000015654 memory Effects 0.000 claims description 21
- 230000006870 function Effects 0.000 claims description 17
- 238000004140 cleaning Methods 0.000 claims description 6
- 230000002452 interceptive effect Effects 0.000 claims description 6
- 230000003068 static effect Effects 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 11
- 238000004891 communication Methods 0.000 description 4
- 230000006378 damage Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000009472 formulation Methods 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 239000000758 substrate Substances 0.000 description 2
- 108010001267 Protein Subunits Proteins 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3612—Software analysis for verifying properties of programs by runtime analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3664—Environments for testing or debugging software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Quality & Reliability (AREA)
- Technology Law (AREA)
- Multimedia (AREA)
- Computing Systems (AREA)
- Debugging And Monitoring (AREA)
Abstract
The present disclosure provides a system security detection method, including: acquiring safety detection information, wherein the safety detection information comprises calling interface information and detection parameters; calling a calling interface in the baseline engine based on the calling interface information and the detection parameters so as to execute a script corresponding to the calling interface by the baseline engine to obtain a safety detection result; and outputting a security detection result from the baseline engine, wherein the baseline engine executing the script corresponding to the calling interface comprises: the calling interface determines a detection script from a plurality of baseline scripts based on the detection parameters; and executing the detection script. The present disclosure also provides a system security detection apparatus, an electronic device, a computer-readable storage medium, and a computer program product.
Description
Technical Field
The present disclosure relates to the field of computer technology, and more particularly, to a system security detection method, apparatus, electronic device, medium, and product.
Background
Security detection of computer systems or software is very important. However, at present, the security detection of the system often writes different detection scripts for different security detection items, and then uses the detection scripts to perform the security detection for one security detection item on the computer system and the software.
In the process of implementing the disclosed concept, the inventor finds that at least the following problems exist in the related art: security detection for computer systems or software is inefficient.
Disclosure of Invention
In view of this, the present disclosure provides a system security detection method, apparatus, electronic device, medium and product.
One aspect of the present disclosure provides a system security detection method, including: acquiring safety detection information, wherein the safety detection information comprises calling interface information and detection parameters; calling a calling interface in a baseline engine based on the calling interface information and the detection parameters to execute a script corresponding to the calling interface by the baseline engine to obtain a security detection result; and outputting a security detection result from the baseline engine, wherein the baseline engine executing the script corresponding to the calling interface comprises: the calling interface determines a detection script from a plurality of baseline scripts based on the detection parameters; and executing the detection script.
According to an embodiment of the present disclosure, the calling interface includes a capability acquisition interface, and the calling interface in the baseline engine based on the calling interface information includes: calling the capability acquisition interface in a baseline engine to obtain description information of each baseline script in the plurality of baseline scripts when the calling interface information indicates to call the capability acquisition interface, wherein the description information comprises detection parameters of the baseline script and functions of the baseline script; and outputting the description information of each baseline script in the plurality of baseline scripts.
According to the embodiment of the disclosure, the calling interface comprises a destroying interface and/or a cleaning data interface, wherein the destroying interface is used for releasing the memory space and resources occupied by the baseline engine, and the cleaning data interface is used for releasing the memory space and resources occupied by the executed detection script.
According to an embodiment of the present disclosure, a baseline script includes: the baseline engine is linked with a static library obtained by compiling lua source code through scripts written in lua scripting language.
According to an embodiment of the present disclosure, acquiring security detection information includes: receiving project information input by a user on an interactive interface; and generating the security detection information based on the item information and a relation table, wherein the relation table indicates the corresponding relation between the item information and a calling interface and the corresponding relation between the item information and detection parameters.
Another aspect of the present disclosure provides a system security detection device, comprising: the acquisition module is used for acquiring safety detection information, wherein the safety detection information comprises calling interface information and detection parameters; the calling module is used for calling a calling interface in a baseline engine based on the calling interface information and the detection parameters so as to enable the baseline engine to execute a script corresponding to the calling interface to obtain a security detection result; and an output module, configured to output a security detection result from the baseline engine, where the baseline engine executing the script corresponding to the calling interface includes: the calling interface determines a detection script from a plurality of baseline scripts based on the detection parameters; and executing the detection script.
According to an embodiment of the present disclosure, the call interface includes a capability acquisition interface, and the call module includes: a calling sub-module, configured to call the capability acquisition interface in the baseline engine to obtain description information of each baseline script in the plurality of baseline scripts when the calling interface information indicates to call the capability acquisition interface, where the description information includes detection parameters of the baseline script and functions of the baseline script; and an output sub-module for outputting the description information of each baseline script in the plurality of baseline scripts.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions that, when executed, are configured to implement a method as described above.
Another aspect of the present disclosure provides a computer program comprising computer executable instructions which when executed are for implementing a method as described above.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments thereof with reference to the accompanying drawings in which:
FIG. 1 schematically illustrates an exemplary system architecture to which a method of system security detection may be applied, in accordance with an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow chart of a method of detecting system security according to an embodiment of the disclosure;
FIG. 3 schematically illustrates a flow diagram of a method of invoking an interface in a baseline engine according to an embodiment of the disclosure;
FIG. 4 schematically illustrates a schematic architecture diagram of a baseline engine according to an embodiment of the present disclosure;
FIG. 5 schematically illustrates a block diagram of a system security detection device according to an embodiment of the present disclosure; and
Fig. 6 schematically illustrates a block diagram of an electronic device according to an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a convention should be interpreted in accordance with the meaning of one of skill in the art having generally understood the convention (e.g., "a system having at least one of A, B and C" would include, but not be limited to, systems having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a formulation similar to at least one of "A, B or C, etc." is used, in general such a formulation should be interpreted in accordance with the ordinary understanding of one skilled in the art (e.g. "a system with at least one of A, B or C" would include but not be limited to systems with a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
The embodiment of the disclosure provides a system security detection method, which comprises the following steps: acquiring safety detection information, wherein the safety detection information comprises calling interface information and detection parameters; calling a calling interface in a baseline engine based on the calling interface information and the detection parameters to execute a script corresponding to the calling interface by the baseline engine to obtain a security detection result; and outputting a security detection result from the baseline engine, wherein the baseline engine executing the script corresponding to the calling interface comprises: the calling interface determines a detection script from a plurality of baseline scripts based on the detection parameters; and executing the detection script.
Fig. 1 schematically illustrates an exemplary system architecture 100 in which a method of detecting system security may be applied in accordance with an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a system architecture to which embodiments of the present disclosure may be applied to assist those skilled in the art in understanding the technical content of the present disclosure, but does not mean that embodiments of the present disclosure may not be used in other devices, systems, environments, or scenarios.
As shown in fig. 1, a system architecture 100 according to this embodiment may include a baseline engine 101, a call interface 102 of the baseline engine, and a baseline database 103. Wherein a plurality of baseline scripts 1-n are stored in baseline database 103, each baseline script may be used, for example, to perform security checks on certain or more system configurations of a computer system.
According to embodiments of the present disclosure, a user may invoke the invocation interface 102 of the baseline engine to execute a script corresponding to the invocation interface 102. According to embodiments of the present disclosure, security detection is performed on one or more system configurations by executing the call interface 102.
According to embodiments of the present disclosure, the script may access the baseline database 103, for example, during execution of a script corresponding to the invocation interface 102, to obtain one or more baseline scripts from the baseline database 103, and to execute the one or more baseline scripts. Security detection results are obtained by performing security detection on certain or more system configurations via execution of the one or more baseline scripts.
According to embodiments of the present disclosure, the baseline script may be pre-written according to baseline detection criteria (e.g., ISO270001, level protection 2.0, etc.). For example, different baseline scripts may be encoded for different security detection items.
According to embodiments of the present disclosure, the baseline database 103 may manage a plurality of baseline scripts, for example, may store and manage the baseline scripts in the form of a table. The table may include an identification of the baseline script (which may be, for example, a number), a functional overview of the baseline script, a storage location of the baseline script, and the like. According to embodiments of the present disclosure, the baseline scripts stored in the baseline database 103 may be encrypted baseline scripts to prevent tampering and improve security of the baseline scripts.
Fig. 2 schematically illustrates a flow chart of a method of detecting system security according to an embodiment of the present disclosure.
As shown in fig. 2, the method includes operations S201 to S203.
In operation S201, security detection information including call interface information and detection parameters is acquired.
According to an embodiment of the present disclosure, the security detection information may be generated according to an input operation of a user, for example. The security detection information may be, for example, a detection code entered by a user on a system security detection platform, which may include call interface information and detection parameters.
In the context described above with reference to fig. 1, the invocation interface information may be, for example, the name of the invocation interface provided by the baseline engine 101, and the detection parameter may be the identity of the baseline script.
According to an embodiment of the present disclosure, the obtaining the security detection information may also be receiving item information input by a user on an interactive interface, and generating the security detection information based on the item information and a relationship table, where the relationship table indicates a correspondence between the item information and a call interface, and a correspondence between the item information and a detection parameter.
According to embodiments of the present disclosure, for example, a system security detection platform may provide a user with an interactive interface that includes a plurality of drop-down boxes therein, in each of which the user may select item information. The detection platform can determine a calling interface and detection parameters to be called according to item information and a relation table input by a user, so that safety detection information is automatically generated. The relation table indicates the corresponding relation between the item information and the calling interface and the corresponding relation between the item information and the detection parameter.
In operation S202, a calling interface in the baseline engine is called based on the calling interface information and the detection parameter, so that a script corresponding to the calling interface is executed by the baseline engine to obtain a security detection result.
The base line engine executing script corresponding to the calling interface comprises: the calling interface determines a detection script from a plurality of baseline scripts based on the detection parameters; and executing the detection script.
According to embodiments of the present disclosure, the baseline engine may act as a dynamic library of the system security detection platform for a user to invoke a call interface in the baseline engine.
For example, the calling interface in the baseline engine can be called according to the name of the calling interface, and the script corresponding to the calling interface is executed by the baseline engine to obtain the security detection result.
According to embodiments of the present disclosure, the call interface in the engine may include, for example, an initialization interface, and in the case where the initialization interface is called, the baseline engine executes a script corresponding to the initialization interface in order to initialize the baseline engine. The baseline engine is initialized, for example, by allocating memory for the baseline engine, assigning values for variables, and the like.
According to an embodiment of the present disclosure, a baseline engine determines a detection script from a plurality of baseline scripts based on detection parameters, for example, in response to receiving detection parameters entered by a user, and executes the detection script.
For example, in the scenario shown in fig. 1, the user may input a baseline script identification, and the baseline engine 101 may determine, from the baseline database 103, a baseline script corresponding to the baseline script identification as a detection script according to the baseline script identification.
According to embodiments of the present disclosure, the baseline scripts may include, for example, scripts for detecting weak passwords, scripts for detecting environmental variable profiles, scripts for detecting scheduled tasks, and scripts for detecting vulnerabilities.
According to embodiments of the present disclosure, the baseline script may be, for example, a script written in the lua scripting language, which may be linked to a static library obtained by compiling lua source code.
According to the embodiment of the disclosure, the baseline script is written by the lua script language, so that the requirements of different systems can be met, and the adaptability is wider. In addition, the lua script is easy to develop and has low development cost.
In operation S203, a security detection result from the baseline engine is output.
For example, the security detection results from the baseline engine may be displayed at the client.
According to the embodiment of the disclosure, the method can directly detect the system safety by using the developed baseline engine and the developed baseline script without temporarily writing a script for a certain safety detection, thereby improving the detection efficiency.
FIG. 3 schematically illustrates a flow chart of a method of invoking an interface in a baseline engine according to an embodiment of the disclosure.
As shown in fig. 3, the method may include operation S212 and operation S222.
According to embodiments of the present disclosure, the invocation interface of the baseline engine may include a capability acquisition interface.
In operation S212, in case the calling interface information indicates that the capability acquisition interface is called, the capability acquisition interface in the baseline engine is called to obtain description information of each of the plurality of baseline scripts, the description information including detection parameters of the baseline script and functions of the baseline script.
According to embodiments of the present disclosure, the capability retrieval interface may, for example, access a baseline database to retrieve descriptive information for each baseline script from the baseline database. The description information of the baseline script may include, for example, an identification of the baseline script, a functional description of the baseline script, and the like.
In operation S222, description information of each of the plurality of baseline scripts is output.
For example, the description information of the baseline script may be output in the form of a table, where fields such as a baseline script identifier, a function description, etc. may be included in the table.
According to embodiments of the present disclosure, a user may obtain description information of a baseline script by invoking a capability acquisition interface, so that it may be determined which security detection items need to be performed on the system according to the description information.
According to embodiments of the present disclosure, the call interface of the baseline engine may include a destruction interface and/or a clean-up data interface. The destroying interface is used for releasing the memory space and resources occupied by the baseline engine, and the cleaning data interface is used for releasing the memory space and resources occupied by the executed detection script.
According to the embodiment of the disclosure, after the baseline engine is used, resources and memory space occupied by the baseline engine need to be released, so the baseline engine provides a destruction interface, so that a user can release the resources and memory space occupied by the baseline engine by calling the destruction interface.
Fig. 4 schematically shows a schematic architecture diagram of a baseline engine 400 according to an embodiment of the present disclosure.
As shown in fig. 4, the baseline engine may include a call interface 410, an interface implementation class 420, a database access class 430, a lua execution management class 440, and a lua script execution unit 450.
The lua script execution unit 450 may be linked to a lua runtime, which may be a static library compiled of lua source code as an execution component of a baseline engine.
According to embodiments of the present disclosure, a user may invoke a call interface 410 in the baseline engine 400, where a call interface is invoked, executing a script in the interface implementation class 420 of the call interface. The interface implementation class 420 may access the baseline database 460, for example, through the database access class 430, to obtain a detection script from the baseline database 460. The identification of the baseline script, description information of the baseline script, and the lua baseline script may be included in the baseline database 460.
The interface implementation class 420 may also manage the detection scripts obtained from the baseline database 460 through the lua execution management class 440, for example, may allocate memory space and running resources for the detection scripts, clean up garbage, control concurrent execution of the detection scripts, and so on. The lua execution management class 440 may, for example, control the lua script execution unit 450 to execute the detection script, and the lua script execution unit 450 may link the lua runtime to implement the execution of the detection script.
According to embodiments of the present disclosure, the baseline engine may employ, for example, c++ speech development, the baseline engine may transfer parameters to the lua baseline script, and the execution result of the lua baseline script may also be transmitted back to the baseline engine of the c++ speech development. According to embodiments of the present disclosure, a C++ implemented baseline engine is efficient to execute and requires substantially no changes after its functionality is implemented.
The baseline engine encapsulates a set of rich and easy-to-use calling interfaces, and can complete the initialization of the baseline engine through the calling interfaces, obtain the description information in the baseline database, obtain the information such as the functions of other calling interfaces, and the like. According to the embodiment of the disclosure, the baseline engine can also have a function of calling a C/C++ dynamic library plug-in, the function can make up for the language deficiency of the lua script, and the function which is not realized by some lua languages can be realized by calling a C/C++ component library.
According to embodiments of the present disclosure, the baseline engine may include a management component for managing a large batch of baseline scripts, may provide an execution environment for the baseline scripts, and may clean up garbage generated by executing the baseline scripts.
Fig. 5 schematically illustrates a block diagram of a system security detection device 500 according to an embodiment of the disclosure.
As shown in fig. 5, the system security detection device 500 may include an acquisition module 510, a call module 520, and an output module 530.
The obtaining module 510 may, for example, perform operation S201 described above with reference to fig. 2 for obtaining security detection information including call interface information and detection parameters.
The calling module 520 may, for example, execute operation S202 described above with reference to fig. 2, and is configured to call a calling interface in a baseline engine based on the calling interface information and the detection parameter, so that the baseline engine executes a script corresponding to the calling interface to obtain a security detection result.
The base line engine executing the script corresponding to the calling interface comprises the following steps: the calling interface determines a detection script from a plurality of baseline scripts based on the detection parameters; and executing the detection script.
The output module 530 may perform, for example, operation S203 described above with reference to fig. 2, for outputting the security detection result from the baseline engine.
According to an embodiment of the present disclosure, the call interface includes a capability acquisition interface, and the call module includes: a calling sub-module, configured to call the capability acquisition interface in the baseline engine to obtain description information of each baseline script in the plurality of baseline scripts when the calling interface information indicates to call the capability acquisition interface, where the description information includes detection parameters of the baseline script and functions of the baseline script; and an output sub-module for outputting the description information of each baseline script in the plurality of baseline scripts.
According to the embodiment of the disclosure, the calling interface comprises a destroying interface and/or a cleaning data interface, wherein the destroying interface is used for releasing the memory space and resources occupied by the baseline engine, and the cleaning data interface is used for releasing the memory space and resources occupied by the executed detection script.
According to an embodiment of the present disclosure, a baseline script includes: the baseline engine is linked with a static library obtained by compiling lua source code through scripts written in lua scripting language.
According to an embodiment of the present disclosure, acquiring security detection information includes: the receiving sub-module is used for receiving project information input by a user on the interactive interface; and a generation sub-module for generating the security detection information based on the item information and a relationship table indicating a correspondence between the item information and a call interface and a correspondence between the item information and a detection parameter.
Any number of modules, sub-modules, units, sub-units, or at least some of the functionality of any number of the sub-units according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented as split into multiple modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system-on-chip, a system-on-substrate, a system-on-package, an Application Specific Integrated Circuit (ASIC), or in any other reasonable manner of hardware or firmware that integrates or encapsulates the circuit, or in any one of or a suitable combination of three of software, hardware, and firmware. Or one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be at least partially implemented as computer program modules, which, when executed, may perform the corresponding functions.
For example, any of the acquisition module 510, the invocation module 520, and the output module 530 may be combined and implemented in one module, or any of the modules may be split into multiple modules. Or at least some of the functionality of one or more of the modules may be combined with, and implemented in, at least some of the functionality of other modules. According to embodiments of the present disclosure, at least one of the acquisition module 510, the invocation module 520, and the output module 530 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system-on-chip, a system-on-substrate, a system-on-package, an Application Specific Integrated Circuit (ASIC), or by hardware or firmware, such as any other reasonable way of integrating or packaging the circuitry, or in any one of or a suitable combination of any of three implementations of software, hardware, and firmware. Or at least one of the acquisition module 510, the invocation module 520, and the output module 530 may be at least partially implemented as computer program modules which, when executed, perform the corresponding functions.
Fig. 6 schematically illustrates a block diagram of an electronic device according to an embodiment of the disclosure. The electronic device shown in fig. 6 is merely an example and should not be construed to limit the functionality and scope of use of the disclosed embodiments.
As shown in fig. 6, an electronic device 600 according to an embodiment of the present disclosure includes a processor 601 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. The processor 601 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. Processor 601 may also include on-board memory for caching purposes. The processor 601 may comprise a single processing unit or a plurality of processing units for performing different actions of the method flows according to embodiments of the disclosure.
In the RAM603, various programs and data necessary for the operation of the electronic apparatus 600 are stored. The processor 601, the ROM602, and the RAM603 are connected to each other through a bus 604. The processor 601 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM602 and/or the RAM 603. Note that the program may be stored in one or more memories other than the ROM602 and the RAM 603. The processor 601 may also perform various operations of the method flow according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the present disclosure, the electronic device 600 may also include an input/output (I/O) interface 605, the input/output (I/O) interface 605 also being connected to the bus 604. The electronic device 600 may also include one or more of the following components connected to the I/O interface 605: an input portion 606 including a keyboard, mouse, etc.; an output portion 607 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The drive 610 is also connected to the I/O interface 605 as needed. Removable media 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed as needed on drive 610 so that a computer program read therefrom is installed as needed into storage section 608.
According to embodiments of the present disclosure, the method flow according to embodiments of the present disclosure may be implemented as a computer software program. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from a network through the communication portion 609, and/or installed from the removable medium 611. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 601. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 602 and/or RAM 603 and/or one or more memories other than ROM 602 and RAM 603 described above.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be combined in various combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.
The embodiments of the present disclosure are described above. These examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.
Claims (8)
1. A method for detecting system security, comprising:
Acquiring safety detection information, wherein the safety detection information comprises calling interface information and detection parameters;
Calling a calling interface in a baseline engine based on the calling interface information and the detection parameters to execute a script corresponding to the calling interface by the baseline engine to obtain a security detection result; the baseline engine is used as a dynamic library of a system security detection platform for a user to call the calling interface; and
Outputting a security detection result from the baseline engine,
Wherein the baseline engine executing the script corresponding to the calling interface comprises:
the calling interface determines a detection script from a plurality of baseline scripts based on the detection parameters; and
Executing the detection script;
Wherein the baseline script comprises: script written in lua scripting language; the baseline engine is linked with a static library obtained by compiling lua source codes;
wherein the acquiring the security detection information includes:
Receiving project information input by a user on an interactive interface; and
And generating the safety detection information based on the item information and a relation table, wherein the relation table indicates the corresponding relation between the item information and a calling interface and the corresponding relation between the item information and detection parameters.
2. The method of claim 1, wherein the call interface comprises a capability acquisition interface,
The calling interface in the baseline engine based on the calling interface information comprises the following steps:
Calling the capability acquisition interface in a baseline engine to obtain description information of each baseline script in the plurality of baseline scripts when the calling interface information indicates to call the capability acquisition interface, wherein the description information comprises detection parameters of the baseline script and functions of the baseline script; and
And outputting the description information of each baseline script in the plurality of baseline scripts.
3. The method of claim 1, wherein the call interface comprises a destroy interface and/or a clean-up data interface,
The destroying interface is used for releasing the memory space and resources occupied by the baseline engine, and/or the cleaning data interface is used for releasing the memory space and resources occupied by the executed detection script.
4. A system security detection device, comprising:
the acquisition module is used for acquiring safety detection information, wherein the safety detection information comprises calling interface information and detection parameters;
the calling module is used for calling a calling interface in a baseline engine based on the calling interface information and the detection parameters so as to enable the baseline engine to execute a script corresponding to the calling interface to obtain a security detection result; the baseline engine is used as a dynamic library of a system security detection platform for a user to call the calling interface; and
An output module for outputting a security detection result from the baseline engine,
Wherein the baseline engine executing the script corresponding to the calling interface comprises:
the calling interface determines a detection script from a plurality of baseline scripts based on the detection parameters; and
Executing the detection script;
Wherein the baseline script comprises: script written in lua scripting language; the baseline engine is linked with a static library obtained by compiling lua source codes;
Wherein, the acquisition module includes:
The receiving sub-module is used for receiving project information input by a user on the interactive interface; and
And the generation sub-module is used for generating the safety detection information based on the item information and a relation table, wherein the relation table indicates the corresponding relation between the item information and a calling interface and the corresponding relation between the item information and detection parameters.
5. The apparatus of claim 4, wherein the call interface comprises a capability acquisition interface,
The calling module comprises:
A calling sub-module, configured to call the capability acquisition interface in the baseline engine to obtain description information of each baseline script in the plurality of baseline scripts when the calling interface information indicates to call the capability acquisition interface, where the description information includes detection parameters of the baseline script and functions of the baseline script; and
And the output sub-module is used for outputting the description information of each baseline script in the plurality of baseline scripts.
6. An electronic device, comprising:
One or more processors;
Storage means for storing one or more programs,
Wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-3.
7. A computer readable storage medium having stored thereon executable instructions which when executed by a processor cause the processor to perform the method of any of claims 1 to 3.
8. A computer program product comprising computer readable instructions, wherein the computer readable instructions when executed are for performing the method according to any one of claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010422109.XA CN113688358B (en) | 2020-05-18 | 2020-05-18 | System security detection method and device, electronic equipment, medium and product |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010422109.XA CN113688358B (en) | 2020-05-18 | 2020-05-18 | System security detection method and device, electronic equipment, medium and product |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113688358A CN113688358A (en) | 2021-11-23 |
| CN113688358B true CN113688358B (en) | 2024-06-07 |
Family
ID=78575730
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010422109.XA Active CN113688358B (en) | 2020-05-18 | 2020-05-18 | System security detection method and device, electronic equipment, medium and product |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113688358B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114579445A (en) * | 2022-03-01 | 2022-06-03 | 深圳须弥云图空间科技有限公司 | Graphic engine based automatic function testing method, device, medium and equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101667230A (en) * | 2008-09-02 | 2010-03-10 | 北京瑞星国际软件有限公司 | Method and device for monitoring script execution |
| US7707635B1 (en) * | 2005-10-06 | 2010-04-27 | Trend Micro Incorporated | Script-based pattern for detecting computer viruses |
| CN102810142A (en) * | 2011-12-20 | 2012-12-05 | 北京安天电子设备有限公司 | System and method for searching and killing malicious codes based on expandable mode |
| CN106295353A (en) * | 2016-08-08 | 2017-01-04 | 腾讯科技(深圳)有限公司 | A kind of method of engine Hole Detection and detection device |
| CN109933989A (en) * | 2019-02-25 | 2019-06-25 | 腾讯科技(深圳)有限公司 | A kind of method and device detecting loophole |
-
2020
- 2020-05-18 CN CN202010422109.XA patent/CN113688358B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7707635B1 (en) * | 2005-10-06 | 2010-04-27 | Trend Micro Incorporated | Script-based pattern for detecting computer viruses |
| CN101667230A (en) * | 2008-09-02 | 2010-03-10 | 北京瑞星国际软件有限公司 | Method and device for monitoring script execution |
| CN102810142A (en) * | 2011-12-20 | 2012-12-05 | 北京安天电子设备有限公司 | System and method for searching and killing malicious codes based on expandable mode |
| CN106295353A (en) * | 2016-08-08 | 2017-01-04 | 腾讯科技(深圳)有限公司 | A kind of method of engine Hole Detection and detection device |
| CN109933989A (en) * | 2019-02-25 | 2019-06-25 | 腾讯科技(深圳)有限公司 | A kind of method and device detecting loophole |
Non-Patent Citations (1)
| Title |
|---|
| 章思宇 ; 姜开达 ; .Vul Tracker漏洞管理与自动化跟踪平台.华中科技大学学报(自然科学版).(11),全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113688358A (en) | 2021-11-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10740115B2 (en) | Structural identification of dynamically-generated, pattern-based classes | |
| CN108932406B (en) | Virtualization software protection method and device | |
| US9684786B2 (en) | Monitoring an application in a process virtual machine | |
| US8438640B1 (en) | Method and apparatus for reverse patching of application programming interface calls in a sandbox environment | |
| US8607098B2 (en) | Generating appropriately sized core files used in diagnosing application crashes | |
| US20240078116A1 (en) | Just-in-Time Containers | |
| US12001564B2 (en) | Runtime application monitoring without modifying application program code | |
| CN111427782A (en) | Operation method, device, equipment and storage medium of android dynamic link library | |
| CN113688358B (en) | System security detection method and device, electronic equipment, medium and product | |
| US9727356B2 (en) | Scaling past the java virtual machine thread limit | |
| US11599342B2 (en) | Pathname independent probing of binaries | |
| CN110874477A (en) | Log data encryption method and device, electronic equipment and medium | |
| US20170286072A1 (en) | Custom class library generation method and apparatus | |
| US12072983B2 (en) | Language-independent application monitoring through aspect-oriented programming | |
| Brauer et al. | Source-code-to-object-code traceability analysis for avionics software: Don’t trust your compiler | |
| Sorensen et al. | LeftoverLocals: Listening to LLM Responses Through Leaked GPU Local Memory | |
| CN113127051B (en) | Application resource packaging process monitoring method, device, equipment and medium | |
| US9870468B1 (en) | System and method for segregating data in a dynamic programming language | |
| CN116668349A (en) | Safe operation test task method and device, electronic equipment and medium | |
| CN113485770A (en) | Method and device for determining service configuration data, electronic equipment and storage medium | |
| CN114764484A (en) | Lazy loading implementation method and device, electronic equipment and storage medium | |
| CN116661863A (en) | Data operation method, device, electronic equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Country or region after: China Address after: 100044 2nd floor, building 1, yard 26, Xizhimenwai South Road, Xicheng District, Beijing Applicant after: Qianxin Wangshen information technology (Beijing) Co.,Ltd. Applicant after: QAX Technology Group Inc. Address before: 100097 No. 202, 203, 205, 206, 207, 208, 2nd floor, block D, No. 51, Kunming Hunan Road, Haidian District, Beijing Applicant before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. Country or region before: China Applicant before: QAX Technology Group Inc. |
|
| GR01 | Patent grant |