CN115048630A - Integrity verification method and device of application program, storage medium and electronic equipment - Google Patents
Integrity verification method and device of application program, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN115048630A CN115048630A CN202210710486.2A CN202210710486A CN115048630A CN 115048630 A CN115048630 A CN 115048630A CN 202210710486 A CN202210710486 A CN 202210710486A CN 115048630 A CN115048630 A CN 115048630A
- Authority
- CN
- China
- Prior art keywords
- application program
- signature
- verification
- class file
- class
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The application discloses an integrity verification method and device of an application program, a storage medium and electronic equipment, which can be applied to the field of network security or the field of finance, and the method comprises the following steps: responding to a starting instruction of the application program, performing signature verification on the application program, and calling verification information in a class loader of the application program to verify each class file in the application program when the application program passes the signature verification; when each class file passes the verification, determining that the application program passes the integrity verification, and starting the application program to provide service for the user corresponding to the starting instruction; and when the class files which are not verified exist in the various class files, determining that the application program is not verified in the integrity. The integrity of the application program is verified by verifying the signature and various files of the application program, and the application program passing the integrity verification is only started for the user, so that the situation of starting the application program carrying bugs or trojans is avoided, and the loss of the user is avoided.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for verifying integrity of an application program, a storage medium, and an electronic device.
Background
With the development of computer technology, application programs are more and more widely applied, different application programs have different functions, and people can make the daily life of people more convenient and richer by using various application programs.
The inventor researches and discovers that more and more ways and means for attacking the application program by lawbreakers are provided, and the application program is infected by the lawbreakers through attacking the application program, so that when the application program infected by the trowbreakers is operated by users under the unknown condition, the users are easy to cause huge loss.
Disclosure of Invention
In view of this, the present invention provides an integrity checking method and apparatus for an application program, a storage medium and an electronic device, which can be used to perform integrity checking on the application program, avoid executing a tampered application program, and prevent a loss from being caused to a user.
In order to achieve the above purpose, the embodiments of the present invention provide the following technical solutions:
the invention discloses a method for verifying the integrity of an application program in a first aspect, which comprises the following steps:
responding to a starting instruction of an application program, and performing signature verification on the application program;
when the application program passes signature verification, calling preset verification information in a class loader of the application program to verify each class file in the application program, wherein the verification information comprises hash values of each class file generated in the process of developing the application program;
when each class file in the application program passes the verification, determining that the application program passes the integrity verification, and starting the application program to provide service for a user corresponding to the starting instruction;
and when the class files which fail to pass the verification exist in the class files in the application program, determining that the application program fails the integrity verification.
Optionally, the method for verifying the signature of the application includes:
analyzing the application program to acquire a first signature and program data;
calling a preset signature algorithm to process the program data to obtain a second signature;
judging whether the first signature and the second signature are consistent;
when the first signature and the second signature are consistent, determining that the application program passes signature verification;
when the first signature and the second signature are not consistent, determining that the application program fails a signature check.
Optionally, in the method, the invoking checking information preset in the class loader of the application program to check each class file in the application program includes:
acquiring each class file in the application program;
processing each class file to obtain a check hash value of each class file;
for each class file, determining a hash value corresponding to the class file in the verification information, judging whether the hash value is consistent with the verification hash value of the class file, if so, determining that the class file passes the verification, and if not, determining that the class file does not pass the verification.
The method, optionally, may be a process of presetting the check information in the class loader, including:
in the process of developing the application program, acquiring each class file obtained after compiling the development code of the application program;
carrying out Hash operation on each class file to obtain a Hash value of each class file;
and generating check information based on each hash value, and adding the check information into a class loader of the application program.
The above method, optionally, further includes:
and forcibly closing the application program and generating a record that the application program does not pass the integrity check.
The second aspect of the present invention discloses an integrity verification apparatus for an application, comprising:
the response unit is used for responding to a starting instruction of the application program and performing signature verification on the application program;
the verification unit is used for calling verification information preset in a class loader of the application program to verify each class file in the application program when the application program passes signature verification, wherein the verification information comprises hash values of each class file generated in the process of developing the application program;
the starting unit is used for determining that the application program passes the integrity check when each class file in the application program passes the check, and starting the application program to provide service for the user corresponding to the starting instruction;
and the determining unit is used for determining that the application program does not pass the integrity check when the class files which do not pass the check exist in all the class files in the application program.
The above apparatus, optionally, the response unit includes:
the analysis subunit is used for analyzing the application program to acquire a first signature and program data;
the calling subunit is used for calling a preset signature algorithm to process the program data to obtain a second signature;
a first judging subunit, configured to judge whether the first signature and the second signature are consistent;
a first determining subunit, configured to determine that the application passes signature verification when the first signature and the second signature are consistent;
a second determining subunit, configured to determine that the application program fails the signature verification when the first signature and the second signature are inconsistent.
The above apparatus, optionally, the verification unit includes:
the acquisition subunit is used for acquiring each class file in the application program;
the processing subunit is used for processing each class file to obtain a check hash value of each class file;
and the second judgment subunit is configured to, for each class file, determine a hash value corresponding to the class file in the check information, judge whether the hash value is consistent with the check hash value of the class file, determine that the class file passes the check if the hash value is consistent with the check hash value of the class file, and determine that the class file does not pass the check if the hash value is not consistent with the check hash value of the class file.
The above apparatus, optionally, further comprises:
the acquisition unit is used for acquiring each class file obtained by compiling the development code of the application program in the process of developing the application program;
the hash operation unit is used for carrying out hash operation on each class file to obtain a hash value of each class file;
and the adding unit is used for generating check information based on each hash value and adding the check information into a class loader of the application program.
The above apparatus, optionally, further comprises:
and the closing unit is used for forcibly closing the application program and generating a record that the application program does not pass the integrity check.
The third aspect of the present invention discloses a storage medium, where the storage medium includes stored instructions, and when the instructions are executed, the storage medium controls a device in which the storage medium is located to execute the integrity check method for the application program.
In a fourth aspect of the present invention, an electronic device is disclosed, which includes a memory and one or more instructions, wherein the one or more instructions are stored in the memory and configured to be executed by one or more processors to perform the above integrity checking method for an application.
Compared with the prior art, the invention has the following advantages:
the invention discloses an integrity verification method and device of an application program, a storage medium and electronic equipment, wherein the integrity verification method comprises the following steps: responding to a starting instruction of the application program, performing signature verification on the application program, calling verification information preset in a class loader of the application program to verify each class file in the application program when the application program passes the signature verification, wherein the verification information comprises a hash value of each class file generated in the process of developing the application program; when each class file passes the verification, determining that the application program passes the integrity verification, and starting the application program to provide service for the user corresponding to the starting instruction; and when the class files which are not verified exist in the various class files, determining that the application program is not verified in the integrity. The integrity of the application program is verified by verifying the signature and various files of the application program, and the program is started to provide service for the user when the application function program passes the integrity verification, so that the condition of starting the application program with bugs or trojans is avoided, and the loss of the user is avoided.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a method for completing integrity check of an application according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for signature verification of an application according to an embodiment of the present invention;
fig. 3 is a flowchart of a method for presetting check information in a class loader according to an embodiment of the present invention;
fig. 4 is a flowchart of a method for verifying each class file in an application by using preset verification information in a class loader for calling the application according to the embodiment of the present invention;
fig. 5 is a schematic structural diagram of an integrity check apparatus for an application according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In this application, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Interpretation of terms:
supply chain attacks: supply chain attacks are an emerging threat to software developers and vendors. The goal is to distribute malware to access source code, generate processes, or update mechanisms by infecting legitimate applications.
An asset library: the software component management platform is used for storing software components which are sourced or developed by the software component management platform, such as the nexus repositor.
JVM: a virtual machine capable of executing Java bytes is a part of a Java platform and is capable of executing software programs developed based on JVM such as Java and Kotlin.
Class loader: a class loader is an object that is responsible for loading classes. The ClassLoader class is an abstract class. Given the binary name of a class, the class loader should attempt to locate or generate the data that constitutes the class definition. A typical policy is to convert a name to a file name and then read the "class file" of the name from the file system.
A JAR file: is a software package file format that is typically used to aggregate large numbers of Java class files, associated metadata and resource (text, pictures, etc.) files into one file for distribution of Java platform applications or libraries.
class file: the class file is a file (file extension. class) containing Java bytecode that can be executed by a Java virtual machine.
The current application program is often attacked by lawless persons, particularly the open source library and the third-party codes of the application program are often attacked by a supply chain, so that the open source library and the third-party programs are easily maliciously replaced to introduce vulnerabilities, and loss is caused.
The invention aims to provide a method and a device for verifying completeness of an application program, a storage medium and electronic equipment, which are used for verifying completeness of the application program, judging whether the whole application program is safe or not in time, and starting the application program only when the whole application program is judged to be safe, so that the condition that a bug exists or the application program with a Trojan horse is started to cause serious loss is effectively avoided.
The invention is operational with numerous general purpose or special purpose computing device environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multi-processor apparatus, distributed computing environments that include any of the above devices or equipment, and the like. The invention can be applied to a JVM platform, and the application program can also be a program running on the JVM platform.
Referring to fig. 1, a flowchart of a method for completing an integrity check of an application according to an embodiment of the present invention is specifically described as follows:
s101, responding to a starting instruction of the application program, and performing signature verification on the application program to judge whether the application program passes the signature verification; when the application passes the signature verification, executing S102; when the application fails the signature verification, S104 is performed.
When a user needs to start an application, the user can click an icon of the application at the front end of the JVM platform carrying the application, so that the back end of the processor receives a start instruction of the application.
After a starting instruction of an application program is received, signature verification needs to be carried out on an application signature, furthermore, in the process of developing the application program, after compiling and packaging the program of the application program to obtain compiled data, signature processing is carried out on the compiled data of the application program to obtain signature data, and the obtained signature data and the compiled data are packaged together to further obtain the application program; furthermore, the signature data is convenient for signature verification of a subsequent application program before starting, and it should be noted that the purpose of signature verification of the application program is to determine whether the signature of the application program is changed, so as to determine whether the application program has a risk; when the signature of the application program is determined to be unchanged, the application program needs to be further verified so as to further determine the safety of the application program.
Referring to fig. 2, a flowchart of a method for verifying a signature of an application according to an embodiment of the present invention is specifically described as follows:
s201, analyzing the application program, and acquiring a first signature and program data.
The first signature is obtained by compiling and packaging the program of the application program to obtain compiled data in the process of developing the application program, then signing the compiled data of the application program, and packaging the signature and the compiled data together to obtain the application program. Preferably, the compiled data is signed using a signature algorithm.
Preferably, the compiled data is program data in S201, and further, the compiled data is data obtained by compiling codes of items corresponding to the application.
Further, the signature data described above includes the first signature.
S202, calling a preset signature algorithm to process the program data to obtain a second signature.
Note that the signature algorithm here is the same algorithm as the signature algorithm applied in S201, for example, the MD5 algorithm, the SHA1 algorithm, or the like.
S203, judging whether the first signature and the second signature are consistent; when the first signature and the second signature are consistent, executing S204; when the first signature and the second signature do not coincide, S205 is performed.
And S204, determining that the application program passes signature verification.
And S205, determining that the application program does not pass the signature verification.
In the method provided by the embodiment of the invention, when the first signature and the second signature are determined to be consistent, the data in the application program can be determined not to be tampered, so that the application program can be determined to pass signature verification; and when the first signature and the second signature are not consistent, determining that the data in the application program is tampered, wherein the application program is an unsafe application, and further determining that the application program does not pass signature verification.
By carrying out signature verification on the application program, whether the data in the application program is tampered or not can be checked, so that the integrity of the application program can be determined, whether the application program has risks or not can be judged, the application program with the risks can be prevented from being started in time, user data is prevented from being leaked, and loss of a user is prevented.
Further, when the application program is determined to pass the signature verification, S102 is executed; upon determining that the application program fails the signature verification, S104 is performed.
S102, checking each class file in the application program by calling preset checking information in a class loader of the application program, judging whether each class file passes the checking, and executing S103 when each class file passes the checking; when it is determined that there is a class file that has not passed the verification among the respective class files, S104 is performed.
In the method provided by the embodiment of the invention, the check information contains hash values of all the class files generated in the process of developing the application program.
Referring to fig. 3, a flowchart of a method for presetting check information in a class loader is specifically described as follows:
s301, in the process of developing the application program, obtaining each class file obtained by compiling the development code of the application program.
Each class file comprises three types, specifically:
a) and the corresponding JAR file is generated by the code written by the application program in the project development.
b) And the JAR file is introduced into the project development of the application program, wherein the JAR file corresponds to the open source library and the third party code.
c) Part of the framework in the application is the class file that is needed when generating the final JAR file.
S302, carrying out hash operation on each class file to obtain a hash value of each class file.
And performing hash calculation on each class file by using a preset hash algorithm to obtain a hash value of each class file, wherein the hash algorithm specifically includes a consistent hash algorithm, an MD5 algorithm and the like.
Preferably, the hash algorithm used for each class file may be different or the same.
And S303, generating check information based on the hash values, and adding the check information into a class loader of the application program.
The check information comprises various hash values and check logics, wherein the check logics are logics for checking whether the class files are finished or not by using the hash values.
And adding the verification information into the class loader of the application program so as to call the class loader to carry out deeper verification on the application program when the application program is started.
Referring to fig. 4, a flowchart of a method for verifying each class file in an application program by using preset verification information in a class loader for calling the application program according to an embodiment of the present invention is specifically described as follows:
s401, obtaining each class file in the application program.
And loading each class file in the application program by using the class loader.
S402, processing each class file to obtain a check hash value of each class file.
Based on the check logic in the check information in the class loader, performing hash processing on each class file to obtain a check hash value of each class file.
It should be noted that, for each class file, the hash algorithm applied here is the same as the hash algorithm applied in S302.
S403, for each class file, determining a hash value corresponding to the class file in the verification information, and judging whether the hash value is consistent with the verification hash value of the class file, if so, determining that the class file passes the verification, and if not, determining that the class file does not pass the verification.
It should be noted that, when there is a class file that fails to pass the verification, S104 is executed; when each class file passes the verification, S103 is performed.
According to the method provided by the embodiment of the invention, the integrity of each class file can be determined by checking each class file in the application program, so that the integrity of the application program is determined.
By checking each class file, whether the class file of the application program is tampered or not can be determined, and the integrity of the application program can be further checked.
S103, determining that the application program passes the integrity check, and starting the application program to provide service for the user corresponding to the starting instruction.
It should be noted that after the integrity of the application program is verified, it can be determined that the application program has not been tampered with, and the data in the application program is complete and secure, so that the application program can be started to provide services for the user.
And S104, determining that the application program does not pass the integrity check.
It should be noted that, when it is determined that the application program fails the integrity check, the application program may be forced to be closed, and a record that the application program fails the integrity check may be generated in the log.
In the method provided by the embodiment of the invention, in response to a starting instruction of an application program, signature verification is carried out on the application program, when the application program passes the signature verification, verification information preset in a class loader of the application program is called to verify each class file in the application program, and the verification information comprises a hash value of each class file generated in the process of developing the application program; when each class file in the application program passes the verification, determining that the application program passes the integrity verification, and starting the application program to provide service for a user corresponding to the starting instruction; and when the class files which fail to pass the verification exist in the various class files in the application program, determining that the application program fails to pass the integrity verification. In the method provided by the embodiment of the invention, the integrity of the application program can be verified by verifying the signature and various files of the application program, and the program is started to provide service for the user when the application function program passes the integrity verification, so that the condition of starting the application program with bugs or trojans can be avoided, and the loss of the user is avoided.
It should be noted that, currently, for the program on the jvm platform, the JAR file may be digitally signed, and at this time, if the JAR file is verified by performing the corresponding digital signature, it can be known that the JAR file is modified. However, the digital signature of the JAR file is not a necessary option for generating the JAR file, and it cannot be guaranteed that all JAR files used in the system have completed the digital signature. If the digital signature needs to be carried out on the JAR file which does not contain the digital signature, the operation belongs to invasive operation, the influence on the whole project development process is large, and the cost is higher.
For the supply chain attack aiming at the open source library and the third party code which is intensified at present, in order to prevent the unexpected open source library or the third party program from being maliciously replaced to cause the introduction of a vulnerability or other losses, the invention provides a strong code integrity strategy under an jvm platform, and the attack is avoided by only allowing the authorized application to run.
The invention changes the authentication of JAR files from a native self-contained unnecessary option into a universal and non-invasive verification operation, collects and summarizes the verification information of the third party library authenticated in the maintenance project in the packaging and generating process, and protects the data integrity of the summarized information in the form of single digital signature, thereby ensuring that the information of the whole verification process and the verification process are prevented from being tampered. Thereby enabling verification of application integrity at startup.
Preferably, the invention also comprises the following two modules: 1. a hash value statistic collection module: integrity information of the code is collected for use in subsequent checks. 2. The user-defined class loader checking module: and verifying the signature integrity of the whole program and the integrity of various JAR and class files contained in the program.
It should be noted that, in the asset library of the application program, it should be determined that the source library and the third-party code source in the asset library are reliable and already have the hash value of the corresponding file.
It should be noted that, the integrity check of the item of the development application is divided into three parts:
a) and a corresponding JAR file generated by self-written codes in the project development.
b) And the JAR file is introduced into the project development and corresponds to the open source library and the third-party code.
c) Part of the framework is the class file required when generating the final JAR file.
It should be noted that all items in this document are items for developing an application.
After the compilation is completed, the code of the project of the development application program is generated into a corresponding JAR file by the compiler, and the three types of files are processed in different manners:
a) and calculating a corresponding hash value for a JAR file generated by a code written by the user in the project development after the JAR file is generated.
b) And inquiring the asset library through an interface for JAR files corresponding to the open source library and the third party codes introduced in the project development so as to obtain the corresponding hash value. Then, a check is made at this point to ensure that the local JAR file is consistent with the JAR file in the asset library.
c) For class files, the hash value of the class file is calculated separately, except for the custom class loader.
And a hash value statistic collection module is used for collecting the hash values of the three files and temporarily storing the collected information in a form of ' path ' ═ hash value '.
Further, the user-defined class loader check module is used for carrying out the following operations on the information generated in the compiling process:
a) and replacing the class loader, and adding a check logic code so as to execute corresponding check in the process of starting loading.
b) And adding the verification information collected in the previous step into the starting class for use in verification.
And continuously packaging codes in the project according to the original flow, and signing the packaged JAR package by using a JVM platform native signature mode to obtain the application program.
When the application program is started, firstly, the integrity of the signature of the application program is checked by using the custom class loader checking module. Meanwhile, due to the change of the process of developing the application program, before any type of the application program is loaded, whether a corresponding record exists or not is inquired in the information collected and stored by the hash value statistical collection module, if so, the corresponding JAR and class files are checked and the record is cached, and if not, the error is recorded in the log and the program is forcibly quitted.
In the scheme provided by the invention, aiming at maintaining a trusted open source library and a third party code, and calculating a hash value; when the result packet is used and generated, the hash values of the open source libraries needing to be controlled and the third party codes are collected, combined with the hash value of the starter and used for solving the root hash value of the program; signing the root hash value using a certificate; when starting, hash value calculation is carried out on all items of the program, and certificate validity is checked; when valid, the program is started. The invention is based on the integrity check of JAR and class file granularity; the signature integrity of the program and the integrity of various JAR and class files contained in the program are realized through the custom class loader, the completion integrity of the application program is deeply determined, the application program started for a user is ensured to be a safe program, the condition that data of the user is leaked due to the fact that the unsafe application program is started is avoided, and the loss of the user is avoided.
Corresponding to the method shown in fig. 1, the invention also provides an integrity checking device of an application program, which is used for supporting the implementation of the method shown in fig. 1 and can be configured on a computer terminal.
Referring to fig. 5, a schematic structural diagram of an integrity checking apparatus for an application according to an embodiment of the present invention is specifically described as follows:
a response unit 501, configured to perform signature verification on an application program in response to a start instruction of the application program;
a verification unit 502, configured to, when the application passes signature verification, invoke verification information preset in a class loader of the application to verify each class file in the application, where the verification information includes a hash value of each class file generated in a process of developing the application;
a starting unit 503, configured to determine that the application program passes integrity verification when each class file in the application program passes verification, and start the application program to provide a service for a user corresponding to the start instruction;
a determining unit 504, configured to determine that the application program fails the integrity check when a class file that fails the check exists in the class files in the application program.
In the device provided by the embodiment of the invention, in response to a starting instruction of an application program, signature verification is carried out on the application program, when the application program passes the signature verification, verification information preset in a class loader of the application program is called to verify each class file in the application program, and the verification information comprises a hash value of each class file generated in the process of developing the application program; when each class file in the application program passes the verification, determining that the application program passes the integrity verification, and starting the application program to provide service for a user corresponding to the starting instruction; and when the class file which is not verified exists in all class files in the application program, determining that the application program is not verified in the integrity. In the method provided by the embodiment of the invention, the integrity of the application program can be verified by verifying the signature and various files of the application program, and the program is started to provide service for the user when the application function program passes the integrity verification, so that the condition of starting the application program with bugs or trojans can be avoided, and the loss of the user is avoided.
In another embodiment provided by the present invention, the response unit of the apparatus comprises:
the analysis subunit is used for analyzing the application program to acquire a first signature and program data;
the calling subunit is used for calling a preset signature algorithm to process the program data to obtain a second signature;
a first judging subunit, configured to judge whether the first signature and the second signature are consistent;
a first determining subunit, configured to determine that the application passes signature verification when the first signature and the second signature are consistent;
a second determining subunit, configured to determine that the application program fails the signature verification when the first signature and the second signature are inconsistent.
In another embodiment provided by the present invention, the verification unit of the apparatus includes:
an obtaining subunit, configured to obtain each class file in the application program;
the processing subunit is configured to process each class file to obtain a check hash value of each class file;
and the second judgment subunit is configured to, for each class file, determine a hash value corresponding to the class file in the check information, judge whether the hash value is consistent with the check hash value of the class file, determine that the class file passes the check if the hash value is consistent with the check hash value of the class file, and determine that the class file does not pass the check if the hash value is not consistent with the check hash value of the class file.
In another embodiment provided by the present invention, the apparatus further comprises:
the acquisition unit is used for acquiring each class file obtained by compiling the development code of the application program in the process of developing the application program;
the hash operation unit is used for carrying out hash operation on each class file to obtain a hash value of each class file;
and the adding unit is used for generating check information based on each hash value and adding the check information into a class loader of the application program.
In another embodiment provided by the present invention, the apparatus further comprises:
and the closing unit is used for forcibly closing the application program and generating a record that the application program does not pass the integrity check.
The embodiment of the invention also provides a storage medium, which comprises a stored instruction, wherein when the instruction runs, the equipment where the storage medium is located is controlled to execute the integrity verification method of the application program.
The electronic device of the present invention is shown in fig. 6, and specifically includes a memory 601, and one or more instructions 602, where the one or more instructions 602 are stored in the memory 601, and are configured to be executed by one or more processors 603, and the one or more instructions 602 are configured to execute the integrity check method of the application program.
It should be noted that the integrity checking method and apparatus for an application, the storage medium, and the electronic device provided by the present invention can be used in the artificial intelligence field, the block chain field, the distributed field, the cloud computing field, the big data field, the internet of things field, the mobile internet field, the network security field, the chip field, the virtual reality field, the augmented reality field, the holographic technology field, the quantum computing field, the quantum communication field, the quantum measurement field, the digital twin field, or the financial field. The above description is only an example, and does not limit the application fields of the method and apparatus for verifying integrity of an application program, the storage medium, and the electronic device provided by the present invention.
The specific implementation procedures and derivatives thereof of the above embodiments are within the scope of the present invention.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, the system or system embodiments are substantially similar to the method embodiments and therefore are described in a relatively simple manner, and reference may be made to some of the descriptions of the method embodiments for related points. The above-described system and system embodiments are only illustrative, wherein the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. An integrity checking method for an application program, comprising:
responding to a starting instruction of an application program, and performing signature verification on the application program;
when the application program passes signature verification, calling preset verification information in a class loader of the application program to verify each class file in the application program, wherein the verification information comprises hash values of each class file generated in the process of developing the application program;
when each class file in the application program passes the verification, determining that the application program passes the integrity verification, and starting the application program to provide service for a user corresponding to the starting instruction;
and when the class files which fail to pass the verification exist in the various class files in the application program, determining that the application program fails to pass the integrity verification.
2. The method of claim 1, wherein the signature checking the application comprises:
analyzing the application program to acquire a first signature and program data;
calling a preset signature algorithm to process the program data to obtain a second signature;
judging whether the first signature and the second signature are consistent;
when the first signature and the second signature are consistent, determining that the application program passes signature verification;
when the first signature and the second signature are not consistent, determining that the application program fails a signature check.
3. The method according to claim 1, wherein the verifying information preset in the class loader for calling the application program verifies each class file in the application program, including:
acquiring each class file in the application program;
processing each class file to obtain a check hash value of each class file;
and for each class file, determining a hash value corresponding to the class file in the verification information, judging whether the hash value is consistent with the verification hash value of the class file, if so, determining that the class file passes the verification, and if not, determining that the class file does not pass the verification.
4. The method of claim 1, wherein presetting the check information in the class loader comprises:
in the process of developing the application program, acquiring each class file obtained after compiling the development code of the application program;
carrying out Hash operation on each class file to obtain a Hash value of each class file;
and generating check information based on each hash value, and adding the check information into a class loader of the application program.
5. The method of claim 1, further comprising:
and forcibly closing the application program and generating a record that the application program does not pass the integrity check.
6. An integrity check device for an application program, comprising:
the response unit is used for responding to a starting instruction of the application program and performing signature verification on the application program;
the verification unit is used for calling verification information preset in a class loader of the application program to verify each class file in the application program when the application program passes signature verification, wherein the verification information comprises hash values of each class file generated in the process of developing the application program;
the starting unit is used for determining that the application program passes the integrity check when each class file in the application program passes the check, and starting the application program to provide service for the user corresponding to the starting instruction;
and the determining unit is used for determining that the application program does not pass the integrity check when the class files which do not pass the check exist in all the class files in the application program.
7. The apparatus of claim 6, wherein the response unit comprises:
the analysis subunit is used for analyzing the application program to acquire a first signature and program data;
the calling subunit is used for calling a preset signature algorithm to process the program data to obtain a second signature;
a first judging subunit, configured to judge whether the first signature and the second signature are consistent;
a first determining subunit, configured to determine that the application passes signature verification when the first signature and the second signature are consistent;
a second determining subunit, configured to determine that the application program fails the signature verification when the first signature and the second signature are inconsistent.
8. The apparatus of claim 6, wherein the verification unit comprises:
the acquisition subunit is used for acquiring each class file in the application program;
the processing subunit is configured to process each class file to obtain a check hash value of each class file;
and the second judgment subunit is configured to, for each class file, determine a hash value corresponding to the class file in the check information, judge whether the hash value is consistent with the check hash value of the class file, determine that the class file passes the check if the hash value is consistent with the check hash value of the class file, and determine that the class file does not pass the check if the hash value is not consistent with the check hash value of the class file.
9. A storage medium, characterized in that the storage medium comprises stored instructions, wherein the instructions, when executed, control a device on which the storage medium is located to execute the integrity check method of an application program according to any one of claims 1 to 5.
10. An electronic device comprising a memory, and one or more instructions, wherein the one or more instructions are stored in the memory and configured to be executed by the one or more processors to perform the method for integrity checking of an application program according to any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210710486.2A CN115048630A (en) | 2022-06-22 | 2022-06-22 | Integrity verification method and device of application program, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210710486.2A CN115048630A (en) | 2022-06-22 | 2022-06-22 | Integrity verification method and device of application program, storage medium and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115048630A true CN115048630A (en) | 2022-09-13 |
Family
ID=83164101
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210710486.2A Pending CN115048630A (en) | 2022-06-22 | 2022-06-22 | Integrity verification method and device of application program, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115048630A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117032727A (en) * | 2023-10-10 | 2023-11-10 | 腾讯科技(深圳)有限公司 | File compiling method, device, equipment, medium and product based on block chain |
-
2022
- 2022-06-22 CN CN202210710486.2A patent/CN115048630A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117032727A (en) * | 2023-10-10 | 2023-11-10 | 腾讯科技(深圳)有限公司 | File compiling method, device, equipment, medium and product based on block chain |
| CN117032727B (en) * | 2023-10-10 | 2024-02-09 | 腾讯科技(深圳)有限公司 | File compiling method, device, equipment, medium and product based on block chain |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Octeau et al. | Effective {Inter-Component} communication mapping in android: An essential step towards holistic security analysis | |
| Grace et al. | Systematic detection of capability leaks in stock android smartphones. | |
| Bhandari et al. | Android inter-app communication threats and detection techniques | |
| US10547626B1 (en) | Detecting repackaged applications based on file format fingerprints | |
| WO2019072008A1 (en) | Security scanning method and apparatus for mini program, and electronic device | |
| Hassanshahi et al. | Web-to-application injection attacks on android: Characterization and detection | |
| Nirumand et al. | VAnDroid: a framework for vulnerability analysis of Android applications using a model‐driven reverse engineering technique | |
| Nauman et al. | Using trusted computing for privacy preserving keystroke-based authentication in smartphones | |
| Yang et al. | Precisely and scalably vetting javascript bridge in android hybrid apps | |
| Kim et al. | Attack detection application with attack tree for mobile system using log analysis | |
| Hammad et al. | DelDroid: An automated approach for determination and enforcement of least-privilege architecture in android | |
| CN108595950A (en) | A kind of safe Enhancement Methods of SGX of combination remote authentication | |
| Ibrahim et al. | SafetyNOT: on the usage of the SafetyNet attestation API in Android | |
| Lim et al. | Structural analysis of packing schemes for extracting hidden codes in mobile malware | |
| CN115048630A (en) | Integrity verification method and device of application program, storage medium and electronic equipment | |
| CN112134905B (en) | Android system based signature method, device and equipment | |
| Choi et al. | Large-scale analysis of remote code injection attacks in android apps | |
| Pouryousef et al. | Let me join two worlds! analyzing the integration of web and native technologies in hybrid mobile apps | |
| Fang et al. | IVDroid: Static detection for input validation vulnerability in Android inter-component communication | |
| Jones et al. | A service-oriented approach to mobile code security | |
| Nirumand et al. | A model‐based framework for inter‐app Vulnerability analysis of Android applications | |
| Cho et al. | A strengthened android signature management method | |
| A. Mawgoud et al. | A malware obfuscation AI technique to evade antivirus detection in counter forensic domain | |
| Titze et al. | Preventing library spoofing on android | |
| Casolare et al. | 2 Faces: a new model of malware based on dynamic compiling and reflection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |