CN114091023A - Executable file checking method, device, equipment and storage medium - Google Patents

Executable file checking method, device, equipment and storage medium Download PDF

Info

Publication number
CN114091023A
CN114091023A CN202111398228.7A CN202111398228A CN114091023A CN 114091023 A CN114091023 A CN 114091023A CN 202111398228 A CN202111398228 A CN 202111398228A CN 114091023 A CN114091023 A CN 114091023A
Authority
CN
China
Prior art keywords
executable file
target executable
target
public key
signature information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111398228.7A
Other languages
Chinese (zh)
Inventor
金燕江
尚进
丛炜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guoqi Intelligent Control Beijing Technology Co Ltd
Original Assignee
Guoqi Intelligent Control Beijing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guoqi Intelligent Control Beijing Technology Co Ltd filed Critical Guoqi Intelligent Control Beijing Technology Co Ltd
Priority to CN202111398228.7A priority Critical patent/CN114091023A/en
Publication of CN114091023A publication Critical patent/CN114091023A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/565Static detection by checking file integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Bioethics (AREA)
  • Stored Programmes (AREA)

Abstract

The invention provides a method, a device, equipment and a storage medium for checking an executable file, wherein the method is applied to a vehicle-mounted terminal and comprises the following steps: acquiring a target executable file sent by a cloud terminal, and storing the target executable file in a hard disk; the target executable file is an executable file subjected to signature operation based on a preset encryption algorithm and a private key; the target executable file includes signature information; when an instruction for loading the target executable file into the memory is received, verifying the signature information according to the acquired public key to obtain a verification result; and if the target executable file is determined to be illegally tampered according to the verification result, stopping executing the instruction for loading the target executable file into the memory, and checking the target executable file when the target executable file is loaded into the kernel, so that the target executable file is prevented from being attacked by a hacker when being stored in a hard disk, and the safety of software upgrading is improved.

Description

Executable file checking method, device, equipment and storage medium
Technical Field
The present invention relates to the field of vehicle technologies, and in particular, to a method, an apparatus, a device, and a storage medium for checking an executable file.
Background
With the improvement of living standard of people, vehicles become essential transportation tools, the vehicles comprise various hardware devices, such as control devices, navigation devices and the like, software programs are arranged in the hardware devices, and in order to ensure the normal running of the vehicles, the software of the hardware devices of the vehicles needs to be upgraded.
Currently, when upgrading software of a hardware device of a vehicle, the software is generally acquired from a cloud end through an Over-the-air technology (OTA), and in order to ensure integrity and reliability of an executable file acquired from the cloud end, the executable file is generally checked during downloading of the executable file.
However, after the vehicle acquires the executable file, the vehicle may be attacked by hackers or cloud-end malicious programs, and the conventional method for checking the executable file has a problem of low security.
Disclosure of Invention
The invention provides a method, a device, equipment and a storage medium for checking an executable file, which are used for solving the problem of low security of a mode for checking the executable file in the prior art.
In a first aspect, the present invention provides a method for checking an executable file, where the method is applied to a vehicle-mounted terminal, and the method includes:
acquiring a target executable file sent by a cloud terminal, and storing the target executable file in a hard disk; the target executable file is an executable file subjected to signature operation based on a preset encryption algorithm and a private key; the target executable file includes signature information;
when an instruction for loading the target executable file into the memory is received, verifying the signature information according to the acquired public key to obtain a verification result; the public key and the private key are in a corresponding relationship;
and if the target executable file is determined to be illegally tampered according to the verification result, stopping executing the instruction for loading the target executable file to the memory.
Optionally, the verifying the signature information according to the obtained public key to obtain a verification result includes:
judging whether the execution of the target executable file needs to depend on a dynamic link library file;
and if the dynamic link library file needs to be relied on, verifying the signature information of the target executable file through the kernel according to the acquired public key to obtain a first verification result, controlling the dynamic loader to start through the kernel, and verifying the signature information of the dynamic link library file through the dynamic loader according to the acquired public key to obtain a second verification result.
Optionally, the method further includes:
sending request information to a trusted platform module through the kernel and/or the dynamic loader; the request information is used for acquiring a public key for verifying the target executable file;
and receiving a public key sent by the trusted platform module.
Optionally, the method further includes:
compiling the public key into the kernel and/or a dynamic loader in advance;
and when the public key and the private key which have the corresponding relation are changed, the changed public key is recompiled into the kernel and/or the dynamic loader.
Optionally, the signature information includes first signature information; the first signature information is signature information corresponding to the executable file; the verifying the signature information of the target executable file by the kernel according to the obtained public key to obtain a first verification result, which comprises:
performing signature verification operation according to the public key and the first signature information to obtain a first calculation characteristic value corresponding to the target executable file;
encrypting a target character string corresponding to the target executable file according to the preset encryption algorithm to obtain a first preset characteristic value;
and if the first calculation characteristic value is not equal to the first preset characteristic value, the first verification result is that the executable file is illegally tampered.
Optionally, the signature information further includes second signature information; the second signature information is signature information corresponding to the dynamic link library file; verifying the signature information of the dynamic link library file according to the acquired public key through the dynamic loader to obtain a second verification result, wherein the second verification result comprises the following steps:
performing signature checking operation according to the public key and second signature information to obtain a second calculation characteristic value corresponding to the dynamic link library file;
encrypting a target character string corresponding to the dynamic link library file according to the preset encryption algorithm to obtain a second preset characteristic value;
and if the second calculated characteristic value is not equal to the second preset characteristic value, the second verification result is that the dynamic link library file is illegally tampered.
Optionally, if it is determined that the executable file is illegally tampered according to the verification result, the method includes:
and when the first verification result indicates that the executable file is illegally tampered and/or the second verification result indicates that the dynamic link library file is illegally tampered, determining that the executable file is illegally tampered.
Optionally, the private key is stored in a physically isolated computer, and the target executable file is generated in the physically isolated computer according to the private key and a preset encryption algorithm.
In a second aspect, the present invention provides an executable file checking apparatus, which is applied to a vehicle-mounted terminal, the apparatus including:
the acquisition module is used for acquiring a target executable file sent by the cloud and storing the target executable file in a hard disk; the target executable file is an executable file subjected to signature operation based on a preset encryption algorithm and a private key; the target executable file includes signature information;
the verification module is used for verifying the signature information according to the acquired public key when receiving an instruction of loading the target executable file into the memory to obtain a verification result; the public key and the private key are in a corresponding relationship;
and the processing module is used for stopping executing the instruction for loading the target executable file into the memory if the target executable file is determined to be illegally tampered according to the verification result.
In a third aspect, the present invention provides an in-vehicle apparatus including: at least one processor and memory;
the memory stores computer-executable instructions;
the at least one processor executing the computer executable instructions stored by the memory causes the at least one processor to perform the method of checking an executable file according to any of the first aspects.
In a fourth aspect, the present invention provides a computer-readable storage medium, in which computer-executable instructions are stored, and when a processor executes the computer-executable instructions, the method for checking an executable file is implemented.
According to the method, the device, the equipment and the storage medium for checking the executable file, the target executable file sent by the cloud is obtained, and the target executable file is stored in the hard disk; the target executable file is an executable file subjected to signature operation based on a preset encryption algorithm and a private key; the target executable file includes signature information; when an instruction for loading the target executable file into the memory is received, verifying the signature information according to the acquired public key to obtain a verification result; the public key and the private key are in a corresponding relationship; and if the target executable file is determined to be illegally tampered according to the verification result, stopping executing the instruction for loading the target executable file into the memory, checking the target executable file when the target executable file is loaded into the kernel, and avoiding the target executable file from being attacked by hackers or cloud malicious programs when the target executable file is stored in a hard disk, so that the safety of the vehicle in the software upgrading process is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
Fig. 1 is an application scenario diagram of a method for checking an executable file according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating an executable file checking method according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a signature and a signature verification provided in an embodiment of the present invention;
fig. 4 is a schematic diagram of obtaining a public key from a trusted platform module according to an embodiment of the present invention;
FIG. 5 is a schematic structural diagram of an apparatus for checking an executable file according to an embodiment of the present invention;
fig. 6 is a schematic diagram of a hardware structure of a vehicle-mounted terminal according to an embodiment of the present invention.
With the above figures, certain embodiments of the invention have been illustrated and described in more detail below. The drawings and the description are not intended to limit the scope of the inventive concept in any way, but rather to illustrate it by those skilled in the art with reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention.
Fig. 1 is an application scenario diagram of an executable file checking method according to an embodiment of the present invention, as shown in fig. 1, when a vehicle performs software upgrade, a target executable file needs to be pulled from a cloud end through an OTA, after a vehicle terminal obtains the target executable file, the target executable file may be stored in a hard disk, when the target executable file needs to be run to complete the software upgrade, the target executable file may be loaded into a memory, during the process of loading the target executable file into the memory, a check on the target executable file is performed first, and when a check result of the target executable file meets a requirement, it indicates that the target executable file is not attacked by a hacker or a cloud malicious program, and the loading and running of the target executable file may be continued.
In some technologies, in order to ensure the security of the downloaded target executable file, the target executable file is checked during the downloading process, such as checking the target executable file before or after downloading, and then storing the target executable file in a hard disk of the vehicle-mounted terminal. However, the above manners of checking the target executable file are to check the statically stored target executable file, and the target executable file may be attacked by hackers or malicious programs, so that an illegal target executable file may be executed in the software upgrading process, and thus, a vehicle may have a potential safety hazard in the software upgrading process.
Based on the above problems, the present invention improves the existing method for checking the executable file, and checks the target executable file in the process of loading the target executable file into the memory, thereby implementing dynamic checking of the target executable file, ensuring that the target executable file is not tampered before running the target executable file, and improving the security of the vehicle in the software upgrading process.
The technical means of the present invention will be described in detail with reference to specific examples. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present invention will be described below with reference to the accompanying drawings.
Fig. 2 is a flowchart illustrating a method for checking an executable file according to an embodiment of the present invention, where the method of this embodiment may be executed by a vehicle-mounted terminal. As shown in fig. 2, the method of this embodiment may include:
step S201, obtaining a target executable file sent by a cloud, and storing the target executable file in a hard disk; the target executable file is an executable file subjected to signature operation based on a preset encryption algorithm and a private key; the target executable file includes signature information.
In this step, the vehicle-mounted terminal needs to first acquire the target executable file from the cloud. The process of acquiring the target executable file may be that the vehicle-mounted terminal sends the version information of the current software to the cloud, or the cloud may also actively acquire the version information of the current software in the vehicle-mounted terminal. And the cloud compares the acquired version information with the version information corresponding to the latest target executable file stored by the cloud, and when the version information is inconsistent, the cloud sends the latest target executable file to the vehicle-mounted terminal through an OTA (over the air) technology.
After the vehicle-mounted terminal obtains the target executable file, the target executable file can be stored in the hard disk, and when the target executable file needs to be operated, the target executable file is loaded to the memory.
The target executable file is an executable file subjected to signature operation. The target executable file can be determined to be not tampered by performing a signature operation on the target executable file. Specifically, the signature operation of the target executable file may be completed on other machines and sent to the cloud. In addition, the target executable file can also be stored in a mobile storage device such as a USB flash disk, and the target executable file is transmitted to the vehicle-mounted terminal based on the mobile storage device.
The signature operation may be understood as the following operation: the method comprises the steps of setting a corresponding target character string for different target executable files, processing the target character string based on a preset encryption algorithm to obtain a preset characteristic value of the target executable file, and processing the preset characteristic value based on a private key to obtain signature information. And stores the signature information in the header of the target executable.
Optionally, the private key is stored in a physically isolated computer, and the target executable file is generated in the physically isolated computer according to the private key and a preset encryption algorithm.
Fig. 3 is a schematic diagram of a signature and a signature verification provided in an embodiment of the present invention. Wherein, in order to ensure that the process of generating the target executable file is not attacked by hackers, the process of generating the target executable file is carried out in a physical isolation computer. Specifically, the physical isolation computer may obtain the private key first, and then perform a signature operation according to the private key and a preset encryption algorithm to obtain the target executable file. The process of signature operation is as follows: determining a target character string according to a file name of an executable file, wherein one file name corresponds to one target character string, encrypting the target character string corresponding to the executable file according to a preset encryption algorithm to obtain a characteristic value, for example, the preset encryption algorithm is an MD5 algorithm, encrypting the characteristic value according to a private key to obtain signature information of the executable file, for example, first signature information, and storing the signature information of the executable file into the head of the executable file to obtain the target executable file. Correspondingly, before the signature operation is performed on the executable file, whether the execution of the executable file needs to depend on the dynamic link library file can be judged, and if the execution needs to depend on the dynamic link library file, the signature operation needs to be performed on the dynamic link library file through the private key.
By performing signature operation on the physical isolation computer, the leakage of a private key can be avoided, so that the obtained target executable file is not tampered.
Step S202, when an instruction for loading the target executable file into the memory is received, verifying the signature information according to the acquired public key to obtain a verification result; the public key and the private key are in a corresponding relationship.
When the vehicle-mounted terminal receives an instruction for loading the target executable file into the memory, the process of verifying the signature information is executed, namely, the signature verification operation is executed. The acquired instruction may be a received instruction for upgrading software sent by a user under the condition that the vehicle state meets the software upgrading condition, or an instruction triggered when the current time meets the preset software upgrading time. When software upgrading is carried out, the current electric quantity value of the vehicle needs to be larger than a preset electric quantity value, and the vehicle is not in a running state.
Specifically, the loading of the target executable file into the memory may be implemented based on a preset function flow (e.g., a load _ elf _ bind function), and a check operation on the target executable file, that is, an operation of verifying the signature information based on the obtained public key, is added to the preset function flow.
When the signature checking operation is performed, the signature checking operation can be performed according to the obtained public key, wherein the public key corresponds to a private key for performing the signature operation on the executable file. Under normal conditions, the public key and the private key appear in pairs, the target executable file signed by the private key can obtain a verification result only by decrypting the signature information by using the corresponding public key, and whether the target executable file is tampered or not is determined according to the verification result.
Step S203, if it is determined that the target executable file is illegally tampered according to the verification result, stopping executing the instruction for loading the target executable file into the memory.
When the executable file is determined to be illegally tampered according to the verification result, the execution of the instruction for loading the target executable file into the memory is stopped, so that the running of the target executable file is interrupted, and the safety of the target executable file in the software upgrading process is ensured. On the contrary, when it is determined that the target executable file is not illegally tampered according to the verification result, the instruction for loading the target executable file to the memory may be continuously executed, and then the target executable file is executed to perform software upgrading.
Further, when it is determined that the target executable file is illegally tampered, an illegally loaded log may be recorded in an operating system of the vehicle. Information such as the name of the tampered target executable file and the time of the loading failure can be recorded in the log. And related workers can determine the reason of the abnormity of the software upgrading according to the log content and repair the software upgrading.
The embodiment of the invention obtains the target executable file sent by the cloud and stores the target executable file in the hard disk; the target executable file is an executable file subjected to signature operation based on a preset encryption algorithm and a private key; the target executable file includes signature information; when an instruction for loading the target executable file into the memory is received, verifying the signature information according to the acquired public key to obtain a verification result; the public key and the private key are in a corresponding relationship; and if the target executable file is determined to be illegally tampered according to the verification result, stopping executing the instruction for loading the target executable file into the memory, and verifying the label of the target executable file in the dynamic process of loading the target executable file, so that the executed target executable file can be ensured not to be tampered, namely the executed target executable file comes from a reliable channel. Even if the operating system of the vehicle is illegally invaded by hackers or malicious programs, the kernel can still verify whether the target executable file is tampered during loading on the premise of safety.
The following describes in detail a process of verifying signature information based on the acquired public key.
Optionally, the verifying the signature information according to the obtained public key to obtain a verification result includes:
judging whether the execution of the target executable file needs to depend on a dynamic link library file; and if the dynamic link library file needs to be relied on, verifying the signature information of the target executable file through the kernel according to the acquired public key to obtain a first verification result, controlling a dynamic loader to start through the kernel, and verifying the signature information of the dynamic link library file through the dynamic loader according to the acquired public key to obtain a second verification result.
When signature verification is performed on the acquired signature information, whether the execution of the target executable file needs to depend on the dynamic link library file needs to be judged first. Where the execution of the target executable file generally requires linking, such as static linking and dynamic linking. Dynamic linking refers to linking a dynamic link library file with a target executable file when the target executable file is running.
After the target executable file is obtained, whether the execution of the target executable file needs to depend on the dynamic link library file can be determined according to the link information of the target executable file. For example, when there is information of a dynamic link library file in the link information, it indicates that the execution of the target executable file needs to rely on the dynamic link library file.
After determining that the dynamic link library file needs to be relied on, the kernel and the dynamic loader can respectively execute a signature verification process. Specifically, the verification of the target executable file needs to be completed by the kernel, and the verification of the dynamic link library file needs to be completed by the dynamic loader.
Specifically, the public key can be obtained through the kernel, and signature information corresponding to the target executable file is verified; and meanwhile, a dynamic loader ld-linux.so needs to be started through the kernel, a public key is obtained through the dynamic loader, signature information corresponding to the dynamic link library file is verified according to the obtained public key, and verification results are respectively obtained.
By judging whether the execution of the target executable file needs to depend on the dynamic link library file, the signature information of the dynamic link library file can be verified when the dynamic link library file is depended on, and the dynamic link library file is ensured not to be tampered.
Optionally, the method further includes:
sending request information to a trusted platform module through the kernel and/or the dynamic loader; the request information is used for acquiring a public key for verifying the target executable file; and receiving a public key sent by the trusted platform module.
When the signature information is verified through the kernel or the dynamic loader, the public key needs to be acquired first. Fig. 4 is a schematic diagram of acquiring a public key from a trusted platform module according to an embodiment of the present invention. As shown in fig. 4, the public key may be stored in advance in a security device of the vehicle-mounted device, such as a trusted Platform module tpm (trusted Platform module) in the vehicle-mounted device. When the kernel or the dynamic loader needs to use the public key, request information is sent to the trusted platform module, and since a plurality of public keys may exist in the trusted platform module and the corresponding functions of each public key are different, it needs to be stated in the request information that the public key to be acquired is the public key for verifying the target executable file. And finally, receiving the public key sent by the trusted platform module, so that the kernel or the dynamic loader can check the signature according to the received public key.
The method of obtaining the public key from the trusted platform module through the kernel or the dynamic loader has the advantages of higher flexibility and simple operation, but the public key stored in the trusted platform module is also at risk of being illegally replaced.
The invention also provides another public key storage mode based on the problem that the mode of storing the public key in the trusted platform module has the risk of being illegally replaced.
Optionally, the method further includes:
compiling the public key into the kernel and/or a dynamic loader in advance; when the public key and the private key with the corresponding relation are changed, the changed public key is recompiled into the kernel and/or the dynamic loader.
After the private key for performing signature operation on the executable file is determined, the public key corresponding to the private key can be sent to the vehicle-mounted terminal, and the public key is compiled into the kernel and/or the dynamic loader, so that signature verification can be performed directly according to the compiled public key during signature verification. When the private key is changed, the corresponding public key is also changed, and the corresponding public key needs to be recompiled into the kernel and/or the dynamic loader.
The public key storage mode has the advantage of higher safety because the public key is not required to be stored through a safety device.
The specific signature verification process is described in detail below.
Optionally, the signature information includes first signature information; the first signature information is signature information corresponding to the executable file; the verifying the signature information of the target executable file by the kernel according to the obtained public key to obtain a first verification result, which comprises:
performing signature verification operation according to the public key and the first signature information to obtain a first calculation characteristic value corresponding to the target executable file; encrypting a target character string corresponding to the target executable file according to the preset encryption algorithm to obtain a first preset characteristic value; and if the first calculation characteristic value is not equal to the first preset characteristic value, the first verification result is that the executable file is illegally tampered.
As shown in fig. 3, when verifying the signature information, the obtained public key may be used for verification. Specifically, the kernel may perform a signature verification operation, that is, a decryption operation, on the first signature information according to the obtained public key, to obtain a first calculation characteristic value corresponding to the target executable file; in order to verify whether the first calculated characteristic value obtained by the verification of the signature is correct, the target character string corresponding to the target executable file may be encrypted based on a preset encryption algorithm to obtain the first preset characteristic value, where the preset encryption algorithm is the same as the preset encryption algorithm used in the physically isolated computer to obtain the characteristic value, for example, the MD5 algorithm is also used.
After the first preset characteristic value is obtained, comparing the first calculation characteristic value with the first preset characteristic value, and if the first calculation characteristic value is consistent with the first preset characteristic value, indicating that the executable file is not tampered; if the first calculated characteristic value is not equal to the first preset characteristic value, the executable file is illegally tampered.
Optionally, the signature information further includes second signature information; the second signature information is signature information corresponding to the dynamic link library file; verifying the signature information of the dynamic link library file according to the acquired public key through the dynamic loader to obtain a second verification result, wherein the second verification result comprises the following steps:
performing signature verification operation according to the public key and second signature information to obtain a second calculation characteristic value corresponding to the dynamic link library file; encrypting a target character string corresponding to the dynamic link library file according to the preset encryption algorithm to obtain a second preset characteristic value; and if the second calculated characteristic value is not equal to the second preset characteristic value, the second verification result is that the dynamic link library file is illegally tampered.
Similar to the above-mentioned operation of verifying the first signature information, the process of verifying the second signature information by the dynamic loader includes: and carrying out verification operation, namely decryption operation on the second signature information according to the acquired public key to obtain a second calculation characteristic value corresponding to the dynamic link library file. Encrypting a target character string corresponding to the dynamic link library file according to the preset encryption algorithm to obtain a second preset characteristic value, comparing the second calculated characteristic value with the second preset characteristic value, and if the second calculated characteristic value is equal to the second preset characteristic value, indicating that the dynamic link library file is not tampered; and if the second calculation characteristic value is not equal to the second preset characteristic value, the dynamic link library file is illegally tampered.
Optionally, if it is determined that the target executable file is illegally tampered according to the verification result, the method includes:
and when the first verification result is that the executable file is illegally tampered and/or the second verification result is that the dynamic link library file is illegally tampered, determining that the target executable file is illegally tampered.
When the executable file is illegally tampered and/or the dynamic link library file which needs to be relied on during execution of the executable file is illegally tampered, the target executable file can be determined to be illegally tampered.
The method comprises the steps of obtaining a target executable file sent by a cloud end, and storing the target executable file in a hard disk; the target executable file includes signature information; when an instruction for loading the target executable file into the memory is received, verifying the signature information according to the acquired public key to obtain a verification result; the public key and the private key are in a corresponding relationship; if the target executable file is determined to be illegally tampered according to the verification result, the execution of the instruction for loading the target executable file into the memory is stopped, the target executable file is verified in the dynamic process of loading the target executable file, the executed target executable file can be ensured not to be tampered, namely the executed target executable file comes from a reliable channel, and even if an operating system of a vehicle is illegally invaded by a hacker or a malicious program, whether the target executable file is tampered or not can be verified in the loading process; furthermore, whether the execution of the target executable file needs to depend on the dynamic link library file or not is judged, so that the omission of the check of the dynamic link library file is avoided; the public key is stored in the trusted platform module or compiled into the kernel or the dynamic loader, so that the purpose of conveniently and rapidly acquiring the public key can be realized, the private key is stored in the physical isolation computer and the target executable file is generated, the leakage of the private key can be avoided, and the safety of generating the target executable file is improved.
Fig. 5 is a schematic structural diagram of an executable file checking apparatus according to an embodiment of the present invention, where the apparatus is applied to a vehicle-mounted terminal, and as shown in fig. 5, the executable file checking apparatus 50 includes:
the obtaining module 501 obtains a target executable file sent by a cloud, and stores the target executable file in a hard disk; the target executable file is an executable file subjected to signature operation based on a preset encryption algorithm and a private key; the target executable file includes signature information;
a verification module 502, configured to verify the signature information according to the obtained public key when receiving an instruction to load the target executable file into the memory, to obtain a verification result; the public key and the private key are in a corresponding relationship;
if the target executable file is determined to be illegally tampered according to the verification result, the processing module 503 stops executing the instruction for loading the target executable file into the memory.
Optionally, the verification module 502 includes a determination unit, a first verification unit and a second verification unit;
the judgment unit is specifically configured to: judging whether the execution of the target executable file needs to depend on a dynamic link library file;
if the dynamic link library file needs to be relied on, the first verification unit is used for: verifying the signature information of the target executable file through the kernel according to the acquired public key to obtain a first verification result; the second verification unit is to: and controlling a dynamic loader to start through the kernel, and verifying the signature information of the dynamic link library file according to the acquired public key through the dynamic loader to obtain a second verification result.
Optionally, the verification module 502 is further configured to:
sending request information to a trusted platform module through the kernel and/or the dynamic loader; the request information is used for acquiring a public key for verifying the target executable file;
and receiving a public key sent by the trusted platform module.
Optionally, the verification module 502 is further configured to:
compiling the public key into the kernel and/or a dynamic loader in advance; and when the public key and the private key which have the corresponding relation are changed, the changed public key is recompiled into the kernel and/or the dynamic loader.
Optionally, the signature information includes first signature information; the first signature information is signature information corresponding to the executable file; the first verification unit is specifically configured to:
performing signature verification operation according to the public key and the first signature information to obtain a first calculation characteristic value corresponding to the target executable file;
encrypting a target character string corresponding to the target executable file according to the preset encryption algorithm to obtain a first preset characteristic value;
and if the first calculation characteristic value is not equal to the first preset characteristic value, the first verification result is that the executable file is illegally tampered.
Optionally, the signature information further includes second signature information; the second signature information is signature information corresponding to the dynamic link library file; the second verification unit is specifically configured to:
performing signature verification operation according to the public key and second signature information to obtain a second calculation characteristic value corresponding to the dynamic link library file;
encrypting a target character string corresponding to the dynamic link library file according to the preset encryption algorithm to obtain a second preset characteristic value;
and if the second calculation characteristic value is not equal to the first preset characteristic value, the second verification result is that the dynamic link library file is illegally tampered.
Optionally, when determining that the target executable file is illegally tampered according to the verification result, the processing module 503 is specifically configured to:
and when the first verification result is that the target executable file is illegally tampered and/or the second verification result is that the dynamic link library file is illegally tampered, determining that the target executable file is illegally tampered.
Optionally, the private key is stored in a physically isolated computer, and the target executable file is generated in the physically isolated computer according to the private key and a preset encryption algorithm.
The device for checking an executable file according to the embodiment of the present invention can implement the method for checking an executable file according to the embodiments shown in fig. 2, fig. 3, and fig. 4, and the implementation principle and technical effect are similar, and are not described herein again.
Fig. 6 is a schematic diagram of a hardware structure of an on-vehicle device according to an embodiment of the present invention. As shown in fig. 6, the electronic device provided in this embodiment includes: at least one processor 601 and memory 602. The processor 601 and the memory 602 are connected by a bus 603.
In a specific implementation process, the at least one processor 601 executes the computer-executable instructions stored in the memory 602, so that the at least one processor 601 executes the method for checking the executable file in the above method embodiment.
For the specific implementation process of the processor 601, reference may be made to the above method embodiments, which implement principles and technical effects similar to each other, and details are not described herein again.
In the embodiment shown in fig. 6, it should be understood that the Processor may be a Central Processing Unit (CPU), other general purpose processors, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor, or in a combination of the hardware and software modules within the processor.
The memory may comprise high speed RAM memory and may also include non-volatile storage NVM, such as at least one disk memory.
The bus may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, the buses in the figures of the present application are not limited to only one bus or one type of bus.
The embodiment of the present invention further provides a computer-readable storage medium, where a computer execution instruction is stored in the computer-readable storage medium, and when a processor executes the computer execution instruction, the method for checking an executable file according to the above method embodiment is implemented.
The computer-readable storage medium may be implemented by any type of volatile or non-volatile memory device or combination thereof, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk. Readable storage media can be any available media that can be accessed by a general purpose or special purpose computer.
An exemplary readable storage medium is coupled to the processor such the processor can read information from, and write information to, the readable storage medium. Of course, the readable storage medium may also be an integral part of the processor. The processor and the readable storage medium may reside in an Application Specific Integrated Circuits (ASIC). Of course, the processor and the readable storage medium may also reside as discrete components in the apparatus.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.

Claims (11)

1. An executable file checking method is characterized in that the method is applied to a vehicle-mounted terminal, and comprises the following steps:
acquiring a target executable file sent by a cloud terminal, and storing the target executable file in a hard disk; the target executable file is an executable file subjected to signature operation based on a preset encryption algorithm and a private key; the target executable file includes signature information;
when an instruction for loading the target executable file into the memory is received, verifying the signature information according to the acquired public key to obtain a verification result; the public key and the private key are in a corresponding relationship;
and if the target executable file is determined to be illegally tampered according to the verification result, stopping executing the instruction for loading the target executable file to the memory.
2. The method according to claim 1, wherein the verifying the signature information according to the obtained public key to obtain a verification result comprises:
judging whether the execution of the target executable file needs to depend on a dynamic link library file;
and if the dynamic link library file needs to be relied on, verifying the signature information of the target executable file through the kernel according to the acquired public key to obtain a first verification result, controlling the dynamic loader to start through the kernel, and verifying the signature information of the dynamic link library file through the dynamic loader according to the acquired public key to obtain a second verification result.
3. The method of claim 2, further comprising:
sending request information to a trusted platform module through the kernel and/or the dynamic loader; the request information is used for acquiring a public key for verifying the target executable file;
and receiving a public key sent by the trusted platform module.
4. The method of claim 2, further comprising:
compiling the public key into the kernel and/or a dynamic loader in advance;
when the public key and the private key with the corresponding relation are changed, the changed public key is recompiled into the kernel and/or the dynamic loader.
5. The method of claim 2, wherein the signature information comprises first signature information; the first signature information is signature information corresponding to the executable file; the verifying the signature information of the target executable file by the kernel according to the obtained public key to obtain a first verification result, which comprises:
performing signature verification operation according to the public key and the first signature information to obtain a first calculation characteristic value corresponding to the target executable file;
encrypting a target character string corresponding to the target executable file according to the preset encryption algorithm to obtain a first preset characteristic value;
and if the first calculation characteristic value is not equal to the first preset characteristic value, the first verification result is that the executable file is illegally tampered.
6. The method of claim 5, wherein the signature information further comprises second signature information; the second signature information is signature information corresponding to the dynamic link library file; verifying the signature information of the dynamic link library file according to the acquired public key through the dynamic loader to obtain a second verification result, wherein the second verification result comprises the following steps:
performing signature verification operation according to the public key and second signature information to obtain a second calculation characteristic value corresponding to the dynamic link library file;
encrypting a target character string corresponding to the dynamic link library file according to the preset encryption algorithm to obtain a second preset characteristic value;
and if the second calculated characteristic value is not equal to the second preset characteristic value, the second verification result is that the dynamic link library file is illegally tampered.
7. The method of claim 6, wherein if it is determined that the target executable file is illegally tampered with according to the verification result, the method comprises:
and when the first verification result is that the executable file is illegally tampered and/or the second verification result is that the dynamic link library file is illegally tampered, determining that the target executable file is illegally tampered.
8. The method of any of claims 1-7, wherein the private key is stored in a physically isolated computer, and wherein the target executable is generated in the physically isolated computer based on the private key and a predetermined cryptographic algorithm.
9. An executable file checking device, which is applied to a vehicle-mounted terminal, and comprises:
the acquisition module is used for acquiring a target executable file sent by the cloud and storing the target executable file in a hard disk; the target executable file is an executable file subjected to signature operation based on a preset encryption algorithm and a private key; the target executable file includes signature information;
the verification module is used for verifying the signature information according to the acquired public key when receiving an instruction of loading the target executable file into the memory to obtain a verification result; the public key and the private key are in a corresponding relationship;
and the processing module is used for stopping executing the instruction for loading the target executable file into the memory if the target executable file is determined to be illegally tampered according to the verification result.
10. An in-vehicle apparatus, characterized by comprising: at least one processor and memory;
the memory stores computer-executable instructions;
the at least one processor executing the computer-executable instructions stored by the memory causes the at least one processor to perform the method of checking an executable file according to any one of claims 1 to 8.
11. A computer-readable storage medium, wherein a computer-executable instruction is stored in the computer-readable storage medium, and when the computer-executable instruction is executed by a processor, the method for checking an executable file according to any one of claims 1 to 8 is implemented.
CN202111398228.7A 2021-11-23 2021-11-23 Executable file checking method, device, equipment and storage medium Pending CN114091023A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111398228.7A CN114091023A (en) 2021-11-23 2021-11-23 Executable file checking method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111398228.7A CN114091023A (en) 2021-11-23 2021-11-23 Executable file checking method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114091023A true CN114091023A (en) 2022-02-25

Family

ID=80303671

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111398228.7A Pending CN114091023A (en) 2021-11-23 2021-11-23 Executable file checking method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114091023A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101093531A (en) * 2007-04-30 2007-12-26 李宏强 Method for raising security of computer software
CN106156607A (en) * 2016-07-11 2016-11-23 青岛海信智能商用系统有限公司 A kind of SElinux safety access method and POS terminal
CN106560830A (en) * 2016-07-01 2017-04-12 哈尔滨安天科技股份有限公司 Linux embedded system safety protection method and system
CN111259348A (en) * 2020-02-20 2020-06-09 国网信息通信产业集团有限公司 Method and system for safely running executable file
CN112818327A (en) * 2021-02-26 2021-05-18 中国人民解放军国防科技大学 TrustZone-based user-level code and data security credibility protection method and device
WO2021218331A1 (en) * 2020-04-28 2021-11-04 深圳壹账通智能科技有限公司 Offline software licensing method, apparatus and device, and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101093531A (en) * 2007-04-30 2007-12-26 李宏强 Method for raising security of computer software
CN106560830A (en) * 2016-07-01 2017-04-12 哈尔滨安天科技股份有限公司 Linux embedded system safety protection method and system
CN106156607A (en) * 2016-07-11 2016-11-23 青岛海信智能商用系统有限公司 A kind of SElinux safety access method and POS terminal
CN111259348A (en) * 2020-02-20 2020-06-09 国网信息通信产业集团有限公司 Method and system for safely running executable file
WO2021218331A1 (en) * 2020-04-28 2021-11-04 深圳壹账通智能科技有限公司 Offline software licensing method, apparatus and device, and storage medium
CN112818327A (en) * 2021-02-26 2021-05-18 中国人民解放军国防科技大学 TrustZone-based user-level code and data security credibility protection method and device

Similar Documents

Publication Publication Date Title
US9792440B1 (en) Secure boot for vehicular systems
US9372699B2 (en) System and method for processing requests to alter system security databases and firmware stores in a unified extensible firmware interface-compliant computing device
CN111984962B (en) Firmware security verification method and device
CN112699419B (en) Method for safely executing extensible firmware application program and calculator equipment
US8930710B2 (en) Using a manifest to record presence of valid software and calibration
CN108229144B (en) Verification method of application program, terminal equipment and storage medium
CN112231702B (en) Application protection method, device, equipment and medium
CN104751049A (en) Application program installing method and mobile terminal
CN110874467B (en) Information processing method, device, system, processor and storage medium
US20210367781A1 (en) Method and system for accelerating verification procedure for image file
CN112651030A (en) Trusted starting method for BMC firmware system security
CN110333882B (en) System upgrading method, device, equipment and computer readable medium
CN113127011A (en) Electronic device and operation method of electronic device
CN115220796A (en) Secure boot device
CN112181513A (en) Hardware board card-based credibility measurement method and system for controlling boot of operating system
CN111338674A (en) Instruction processing method, device and equipment
US11620385B2 (en) Vehicle control device, vehicle control device start-up method, and recording medium
CN112231649A (en) Firmware encryption processing method, device, equipment and medium
CN112861137A (en) Secure firmware
KR20230082388A (en) Apparatus for verifying bootloader of ecu and method thereof
CN114091023A (en) Executable file checking method, device, equipment and storage medium
CN115878199A (en) Method, device and equipment for starting operating system of chip and storage medium
CN114764347A (en) Program verification system and method of multi-core controller and storage medium
CN115828273A (en) Vehicle safety starting method and device, electronic control unit and storage medium
CN108595981B (en) Method for encrypting android system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination