CN114722401A - Equipment safety testing method, device, equipment and storage medium - Google Patents

Equipment safety testing method, device, equipment and storage medium Download PDF

Info

Publication number
CN114722401A
CN114722401A CN202210328120.9A CN202210328120A CN114722401A CN 114722401 A CN114722401 A CN 114722401A CN 202210328120 A CN202210328120 A CN 202210328120A CN 114722401 A CN114722401 A CN 114722401A
Authority
CN
China
Prior art keywords
sensitive
system firmware
code
equipment
tested
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210328120.9A
Other languages
Chinese (zh)
Inventor
孙琦
边泽宇
汤利顺
安然
禹晶晶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
FAW Group Corp
Original Assignee
FAW Group Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by FAW Group Corp filed Critical FAW Group Corp
Priority to CN202210328120.9A priority Critical patent/CN114722401A/en
Publication of CN114722401A publication Critical patent/CN114722401A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/74Reverse engineering; Extracting design information from source code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/75Structural analysis for program understanding

Abstract

The invention discloses a method, a device, equipment and a storage medium for testing equipment safety. The method comprises the following steps: acquiring system firmware of a device to be tested; obtaining a code to be analyzed of the system firmware according to a reverse analysis result or a source code of the system firmware; generating a sensitive analysis file of the device to be tested based on the code to be analyzed; matching the sensitive analysis file with candidate sensitive information in a sensitive data information base to determine whether target sensitive information exists in the sensitive analysis file; the target sensitive information is candidate sensitive information successfully matched with the sensitive analysis file; and if the target sensitive information exists in the sensitive analysis file, determining that the equipment to be tested is risk equipment. The embodiment of the invention can quickly determine the equipment with the sensitive data leakage risk and improve the efficiency of vehicle safety test.

Description

Equipment safety testing method, device, equipment and storage medium
Technical Field
The invention relates to the technical field of vehicle-mounted information security, in particular to a method, a device, equipment and a storage medium for testing equipment security.
Background
With the development of intellectualization of vehicles, various sensitive data stored in the vehicles are increasing. Whether the personal privacy data of the user or various vehicle working information are disclosed, different risks are brought. Therefore, when a vehicle sensitive information development test is performed in the vehicle information security data security, an exposure and leakage test of sensitive information data needs to be completed, and from the perspective of penetration test, whether all data information which can be used for attacking the vehicle security is encrypted or cannot be found is searched.
At present, development and testing aiming at sensitive data leakage risks generally need to manually search or simulate attack on all system firmware containing an information safety controller on a vehicle, a large amount of workload is generated along with updating of system firmware versions, manual efficiency is low, and the requirement of efficient and rapid testing is difficult to meet.
Disclosure of Invention
The invention provides a method, a device, equipment and a storage medium for testing equipment safety, which are used for quickly determining equipment with sensitive data leakage risk and improving the efficiency of vehicle safety testing.
According to an aspect of the present invention, there is provided a device security testing method, the method including:
acquiring system firmware of a device to be tested;
obtaining a code to be analyzed of the system firmware according to a reverse analysis result or a source code of the system firmware;
generating a sensitive analysis file of the device to be tested based on the code to be analyzed;
matching the sensitive analysis file with candidate sensitive information in a sensitive data information base to determine whether target sensitive information exists in the sensitive analysis file; the target sensitive information is candidate sensitive information successfully matched with the sensitive analysis file;
and if the target sensitive information exists in the sensitive analysis file, determining that the equipment to be tested is risk equipment.
According to another aspect of the present invention, there is provided an apparatus for testing safety of a device, the apparatus comprising:
the system firmware acquisition module is used for acquiring the system firmware of the equipment to be tested;
the analysis code acquisition module is used for obtaining a code to be analyzed of the system firmware according to a reverse analysis result or a source code of the system firmware;
the analysis file generation module is used for generating a sensitive analysis file of the device to be tested based on the code to be analyzed;
the analysis file matching module is used for matching the sensitive analysis file with candidate sensitive information in a sensitive data information base and determining whether the sensitive analysis file has target sensitive information or not; the target sensitive information is candidate sensitive information successfully matched with the sensitive analysis file;
and the risk equipment determining module is used for determining the equipment to be tested as risk equipment if the target sensitive information exists in the sensitive analysis file.
According to another aspect of the present invention, there is provided an electronic apparatus including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to enable the at least one processor to perform the method of device security testing according to any of the embodiments of the present invention.
According to another aspect of the present invention, there is provided a computer-readable storage medium storing computer instructions for causing a processor to implement the method for testing the safety of a device according to any one of the embodiments of the present invention when the computer instructions are executed.
According to the embodiment of the invention, whether the equipment to be tested has the risk of sensitive information leakage is determined by acquiring the source code or the reverse analysis result of the system firmware and combining the sensitive data information base, so that the automatic test of the vehicle sensitive information leakage is realized, the cost of manual test is reduced, and the efficiency of vehicle safety test is improved.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present invention, nor do they necessarily limit the scope of the invention. Other features of the present invention will become apparent from the following description.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings required to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the description below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart of a method for testing device security according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method for testing the safety of a device according to another embodiment of the present invention;
FIG. 3 is a schematic structural diagram of an apparatus safety testing device according to another embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device implementing an embodiment of the invention.
Detailed Description
In order to make those skilled in the art better understand the technical solutions of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Fig. 1 is a flowchart of a device security testing method according to an embodiment of the present invention, where this embodiment is applicable to determine whether a device has a risk of sensitive data leakage, and the method may be implemented by a device for testing device security, where the device may be implemented in a form of hardware and/or software, and the device may be configured in an electronic device with corresponding data capability, such as an upper computer. As shown in fig. 1, the method includes:
s110, obtaining system firmware of the device to be tested.
The device to be tested is a device with sensitive information stored in a vehicle, and the system firmware is a system firmware program of the corresponding device to be tested.
Specifically, after the vehicle is in communication connection with the upper computer, the vehicle terminal uploads system firmware of the device to be tested to the upper computer, and the system firmware carries a device identifier of the device to be tested from a corresponding source besides firmware information.
And S120, obtaining a code to be analyzed of the system firmware according to the reverse analysis result or the source code of the system firmware.
Specifically, based on that sensitive information cannot be directly extracted only according to the system firmware, the code to be analyzed of the system firmware needs to be obtained by means of the reverse analysis result and the source code of the system firmware. When the source code is used for determining the code to be analyzed, the source code can be directly determined as the code to be analyzed; and when the code to be analyzed is determined by using the reverse analysis result of the system firmware, performing decompiling on the binary file obtained by reverse analysis of the system firmware to obtain the code to be analyzed.
And S130, generating a sensitive analysis file of the device to be tested based on the code to be analyzed.
Specifically, the information stored in the system firmware is read according to the code to be analyzed, the stored information may be filtered, and the filtered data is used as the data of the system firmware to generate a sensitive analysis file, where the sensitive analysis file records data information of potentially sensitive information in the system firmware.
S140, matching the sensitive analysis file with candidate sensitive information in a sensitive data information base, and determining whether target sensitive information exists in the sensitive analysis file; the target sensitive information is candidate sensitive information which is successfully matched with the sensitive analysis file.
The sensitive information of the vehicle may include different information set based on different data protection requirements, such as SSID and password of the vehicle Wi-Fi, a vehicle identification code VIN, certificate key information, an address book, identity authentication information, and the like.
Specifically, known candidate sensitive data are recorded in the sensitive information database, data in the sensitive analysis file and the candidate sensitive data are subjected to traversal matching, if the potentially sensitive information in the analysis file is consistent with a certain candidate sensitive data, the candidate sensitive data successfully matched with the potentially sensitive information in the analysis file is determined as target sensitive data, and the target sensitive data in the analysis file is determined.
S150, if the target sensitive information exists in the sensitive analysis file, determining that the device to be tested is a risk device.
Specifically, if target sensitive information exists in the sensitive analysis file, it is indicated that the target sensitive information may be leaked if the device to be tested is attacked, and the device to be tested is marked as a risk device with a risk of leakage of the sensitive information. On the contrary, if the target sensitive information does not exist in the sensitive analysis file, it is indicated that the sensitive information cannot be revealed even if the device to be tested is attacked, and the device is a security device without the risk of revealing the sensitive information.
According to the embodiment of the invention, whether the equipment to be tested has the risk of sensitive information leakage is determined by acquiring the source code or the reverse analysis result of the system firmware and combining the sensitive data information base, so that the automatic test of the vehicle sensitive information leakage is realized, the cost of manual test is reduced, and the efficiency of vehicle safety test is improved.
Fig. 2 is a flowchart of a device safety testing method according to another embodiment of the present invention, and this embodiment performs optimization and improvement on the basis of the above embodiment. As shown in fig. 2, the method includes:
s210, initializing a test environment according to the equipment type of the equipment to be tested; and determining a sensitive data information base according to the equipment type and the historical test result of the equipment to be tested.
Specifically, the device type and the system firmware type of the device to be tested are determined according to a device identifier and a device type database of the device to be tested corresponding to the system firmware, a required operating system and a required running environment are determined based on the device and the system firmware type, and the upper computer is initialized based on the operating system and the running environment. In addition, the types of sensitive data carried by different equipment types may be different, and according to the equipment type of the equipment to be tested corresponding to the system firmware and the historical safety test result of the equipment, sensitive data which may be leaked in the equipment to be tested is determined, and then a sensitive data information base is generated according to the sensitive data, so that the size of the sensitive information database is reduced, and the safety test efficiency is effectively improved.
S220, respectively determining the device identifications of at least two devices to be tested; and respectively determining the system firmware of the at least two devices to be tested according to the device identification.
Specifically, when at least two devices to be tested need to be tested in one security test, whether system firmware acquisition of all the devices to be tested is completed is determined according to the device identifiers of the devices to be tested. And after the system firmware of all the devices to be tested is determined to be acquired according to the device identification, performing a subsequent code determination process to be analyzed. When a plurality of devices to be tested exist, the subsequent testing process is carried out after all system firmware is acquired, so that repeated traversal matching of the sensitive analysis file and the sensitive information database is avoided, and the efficiency of safety testing is effectively improved.
S230, determining whether a source code of the system firmware exists in the source code database; if the source code of the system firmware exists, obtaining a code to be analyzed according to the source code of the system firmware; and if the source code of the system firmware does not exist, performing reverse analysis on the system firmware, and obtaining a code to be analyzed according to a reverse analysis result of the system firmware.
Specifically, after the system firmware is obtained, whether a source code of the system firmware exists in the source code data is determined according to the device identifier of the device to be tested. And if so, directly taking the source code as the code to be analyzed. And if the code to be analyzed does not exist, reversely analyzing the system firmware, and obtaining the code to be analyzed through a reverse analysis result of the system firmware.
S240, extracting a library file in the system firmware based on the code to be analyzed of the system firmware; screening the library files according to preset library file contents and/or library file type constraint information; and generating a sensitive analysis file based on the library file which meets the requirements after screening.
The library file is a type of file in system firmware and can be divided into a static library and a dynamic library, and the static library is copied into a program at the link stage of the program; the dynamic library is not copied into the program in the link phase, but the program is dynamically loaded into the memory by the system at runtime for program invocation.
Specifically, based on the code to be analyzed, library files in the system firmware can be obtained, but not all library files store valid information, and for library files for which it is determined that sensitive information is unlikely to be revealed, the library files are screened through constraint information on the library file type and/or the library file content. Reserving library files meeting constraint information as basic content for generating a sensitive analysis file; while information that does not satisfy the constraints is screened out. The library files are screened through the library file content and/or the library file type constraint information, so that the data volume of the sensitive analysis files is reduced, and the efficiency of the safety test is effectively improved.
S250, matching the sensitive analysis file with candidate sensitive information in a sensitive data information base, and determining whether the sensitive analysis file has target sensitive information; and the target sensitive information is candidate sensitive information successfully matched with the sensitive analysis file.
And S260, if the target sensitive information exists in the sensitive analysis file, determining that the equipment to be tested is risk equipment.
S270, associating the equipment identification of the risk equipment with the target sensitive information to obtain a target association relation; and storing the target incidence relation and the target sensitive information into a sensitive data information base.
Specifically, when a risk device is detected in a security test process, target sensitive information of the risk device, which may be leaked, is associated with the device identification risk of the risk device, and the association relationship is stored in a sensitive information database, so that a subsequent device can retrieve which sensitive information is tested by which sensitive information, or which sensitive information is leaked out by which sensitive information is searched by which sensitive information. When the upper computer has the display condition, the association relation can be displayed so as to be convenient for manual determination or recheck. Through the storage of the incidence relation between the target sensitive information and the risk equipment, the subsequent determination and rechecking of the safety test result are facilitated.
According to the embodiment of the invention, the subsequent testing process is carried out after all system firmware is acquired, so that repeated traversal matching of the sensitive analysis file and the sensitive information database is avoided, and the efficiency of safety testing is effectively improved; through the storage of the incidence relation between the target sensitive information and the risk equipment, the subsequent determination and rechecking of the safety test result are facilitated.
Fig. 3 is a schematic structural diagram of an apparatus safety testing device according to another embodiment of the present invention. As shown in fig. 3, the apparatus includes:
a system firmware obtaining module 310, configured to obtain system firmware of a device to be tested;
an analysis code obtaining module 320, configured to obtain a code to be analyzed of the system firmware according to a reverse analysis result or a source code of the system firmware;
the analysis file generation module 330 is configured to generate a sensitive analysis file of the device to be tested based on the code to be analyzed;
the analysis file matching module 340 is configured to match the sensitive analysis file with candidate sensitive information in a sensitive data information base, and determine whether the sensitive analysis file has target sensitive information; the target sensitive information is candidate sensitive information successfully matched with the sensitive analysis file;
a risk device determining module 350, configured to determine that the device to be tested is a risk device if the target sensitive information exists in the sensitive analysis file.
The equipment safety testing device provided by the embodiment of the invention can execute the equipment safety testing method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Optionally, the analysis code obtaining module 310 is specifically configured to:
determining whether source code of the system firmware exists in the source code database; if the source code of the system firmware exists, obtaining a code to be analyzed according to the source code of the system firmware; and if the source code of the system firmware does not exist, performing reverse analysis on the system firmware, and obtaining a code to be analyzed according to a reverse analysis result of the system firmware.
Optionally, the analysis code obtaining module 320 is specifically configured to:
extracting a library file in the system firmware based on the code to be analyzed of the system firmware; screening the library files according to preset library file contents and/or library file type constraint information; and generating a sensitive analysis file based on the library file which meets the requirements after screening.
Optionally, the apparatus further includes a safety test accuracy module, configured to:
initializing a test environment according to the device type of the device to be tested;
and determining a sensitive data information base according to the equipment type and the historical test result of the equipment to be tested.
Optionally, the system firmware acquiring module 310 is specifically configured to:
respectively determining the device identifications of at least two devices to be tested; and respectively determining the system firmware of the at least two devices to be tested according to the device identification.
Optionally, the apparatus further includes a risk device recording module, configured to:
associating the equipment identification of the risk equipment with the target sensitive information to obtain a target association relation; and storing the target incidence relation and the target sensitive information into a sensitive data information base.
The further described device safety testing apparatus can also execute the device safety testing method provided by any embodiment of the present invention, and has the corresponding functional modules and beneficial effects of the execution method.
FIG. 4 shows a schematic block diagram of an electronic device 40 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital assistants, cellular phones, smart phones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 4, the electronic device 40 includes at least one processor 41, and a memory communicatively connected to the at least one processor 41, such as a Read Only Memory (ROM)42, a Random Access Memory (RAM)43, and the like, wherein the memory stores a computer program executable by the at least one processor, and the processor 41 may perform various suitable actions and processes according to the computer program stored in the Read Only Memory (ROM)42 or the computer program loaded from the storage unit 48 into the Random Access Memory (RAM) 43. In the RAM 43, various programs and data necessary for the operation of the electronic apparatus 40 can also be stored. The processor 41, the ROM 42, and the RAM 43 are connected to each other via a bus 44. An input/output (I/O) interface 45 is also connected to bus 44.
A number of components in the electronic device 40 are connected to the I/O interface 45, including: an input unit 46 such as a keyboard, a mouse, etc.; an output unit 47 such as various types of displays, speakers, and the like; a storage unit 48 such as a magnetic disk, optical disk, or the like; and a communication unit 49 such as a network card, modem, wireless communication transceiver, etc. The communication unit 49 allows the electronic device 40 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
Processor 41 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 41 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, or the like. Processor 41 performs the various methods and processes described above, such as device security testing methods.
In some embodiments, the device security testing method may be implemented as a computer program tangibly embodied in a computer-readable storage medium, such as storage unit 48. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 40 via the ROM 42 and/or the communication unit 49. When the computer program is loaded into RAM 43 and executed by processor 41, one or more steps of the device security testing method described above may be performed. Alternatively, in other embodiments, processor 41 may be configured to perform the device security testing method by any other suitable means (e.g., by way of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for implementing the methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be performed. A computer program can execute entirely on a machine, partly on a machine, as a stand-alone software package partly on a machine and partly on a remote machine or entirely on a remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. A computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user can be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service are overcome.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present invention may be executed in parallel, sequentially, or in different orders, and are not limited herein as long as the desired results of the technical solution of the present invention can be achieved.
The above-described embodiments should not be construed as limiting the scope of the invention. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A method for device security testing, the method comprising:
acquiring system firmware of a device to be tested;
obtaining a code to be analyzed of the system firmware according to a reverse analysis result or a source code of the system firmware;
generating a sensitive analysis file of the device to be tested based on the code to be analyzed;
matching the sensitive analysis file with candidate sensitive information in a sensitive data information base to determine whether target sensitive information exists in the sensitive analysis file; the target sensitive information is candidate sensitive information successfully matched with the sensitive analysis file;
and if the target sensitive information exists in the sensitive analysis file, determining that the equipment to be tested is risk equipment.
2. The method according to claim 1, wherein obtaining the code to be analyzed of the system firmware according to the reverse analysis result or the source code of the system firmware comprises:
determining whether source code of the system firmware exists in the source code database;
if the source code of the system firmware exists, obtaining a code to be analyzed according to the source code of the system firmware;
and if the source code of the system firmware does not exist, performing reverse analysis on the system firmware, and obtaining a code to be analyzed according to a reverse analysis result of the system firmware.
3. The method of claim 1, wherein generating the sensitive analysis file for the device under test based on the code to be analyzed comprises:
extracting a library file in the system firmware based on the code to be analyzed of the system firmware;
screening the library files according to preset library file contents and/or library file type constraint information;
and generating a sensitive analysis file based on the library file which meets the requirements after screening.
4. The method of claim 1, wherein before obtaining the system firmware of the device under test, further comprising:
initializing a test environment according to the device type of the device to be tested;
and determining a sensitive data information base according to the equipment type and the historical test result of the equipment to be tested.
5. The method of claim 1, wherein if there are at least two devices under test, the obtaining system firmware of the devices under test comprises:
respectively determining the device identifications of at least two devices to be tested;
and respectively determining the system firmware of the at least two devices to be tested according to the device identification.
6. The method of claim 1, wherein after determining that the device under test is an at risk device, further comprising:
associating the equipment identification of the risk equipment with the target sensitive information to obtain a target association relation;
and storing the target incidence relation and the target sensitive information into a sensitive data information base.
7. An apparatus for testing safety of a device, the apparatus comprising:
the system firmware acquisition module is used for acquiring the system firmware of the equipment to be tested;
the analysis code acquisition module is used for acquiring a code to be analyzed of the system firmware according to a reverse analysis result or a source code of the system firmware;
the analysis file generation module is used for generating a sensitive analysis file of the device to be tested based on the code to be analyzed;
the analysis file matching module is used for matching the sensitive analysis file with candidate sensitive information in a sensitive data information base and determining whether the sensitive analysis file has target sensitive information or not; the target sensitive information is candidate sensitive information successfully matched with the sensitive analysis file;
and the risk equipment determining module is used for determining the equipment to be tested as risk equipment if the target sensitive information exists in the sensitive analysis file.
8. The apparatus of claim 7, wherein the analysis code obtaining module is specifically configured to:
determining whether source code of the system firmware exists in the source code database;
if the source code of the system firmware exists, obtaining a code to be analyzed according to the source code of the system firmware;
and if the source code of the system firmware does not exist, reversely analyzing the system firmware, and obtaining a code to be analyzed according to a reverse analysis result of the system firmware.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the device security testing method of any one of claims 1-6.
10. A computer-readable storage medium storing computer instructions for causing a processor to perform the method of testing the safety of a device of any one of claims 1-6 when executed.
CN202210328120.9A 2022-03-30 2022-03-30 Equipment safety testing method, device, equipment and storage medium Pending CN114722401A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210328120.9A CN114722401A (en) 2022-03-30 2022-03-30 Equipment safety testing method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210328120.9A CN114722401A (en) 2022-03-30 2022-03-30 Equipment safety testing method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114722401A true CN114722401A (en) 2022-07-08

Family

ID=82240711

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210328120.9A Pending CN114722401A (en) 2022-03-30 2022-03-30 Equipment safety testing method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114722401A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115146283A (en) * 2022-09-06 2022-10-04 中汽研软件测评(天津)有限公司 Information security testing method and device for vehicle-mounted information interaction system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115146283A (en) * 2022-09-06 2022-10-04 中汽研软件测评(天津)有限公司 Information security testing method and device for vehicle-mounted information interaction system

Similar Documents

Publication Publication Date Title
CN111435393A (en) Object vulnerability detection method, device, medium and electronic equipment
CN115576828A (en) Test case generation method, device, equipment and storage medium
CN116881156A (en) Automatic test method, device, equipment and storage medium
CN113535577B (en) Application testing method and device based on knowledge graph, electronic equipment and medium
CN114722401A (en) Equipment safety testing method, device, equipment and storage medium
CN112231696A (en) Malicious sample identification method and device, computing equipment and medium
CN115328736A (en) Probe deployment method, device, equipment and storage medium
CN116303069A (en) Test method, device, upper computer, system and medium of vehicle-mounted terminal
CN114443493A (en) Test case generation method and device, electronic equipment and storage medium
CN115687406A (en) Sampling method, device and equipment of call chain data and storage medium
CN115454971A (en) Data migration method and device, electronic equipment and storage medium
CN115204733A (en) Data auditing method and device, electronic equipment and storage medium
CN114443802A (en) Interface document processing method and device, electronic equipment and storage medium
CN108628909B (en) Information pushing method and device
CN115859349B (en) Data desensitization method and device, electronic equipment and storage medium
CN116049836B (en) Method, device, equipment and storage medium for determining vehicle vulnerability priority
CN117271373B (en) Automatic construction method and device for test cases, electronic equipment and storage medium
CN116993365A (en) Identification method, device, equipment and storage medium of cheating equipment
CN115102728B (en) Scanner identification method, device, equipment and medium for information security
CN108536362B (en) Method and device for identifying operation and server
CN115794609A (en) Script sharing method and device, electronic equipment and storage medium
CN117724980A (en) Method and device for testing software framework performance, electronic equipment and storage medium
CN115659347A (en) Safety testing method and device, electronic equipment and storage medium
CN117827637A (en) Automatic test method and device and electronic equipment
CN115437957A (en) Test information determination method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination