CN115130095A - Application security detection method, device, equipment and storage medium - Google Patents

Application security detection method, device, equipment and storage medium Download PDF

Info

Publication number
CN115130095A
CN115130095A CN202210691860.9A CN202210691860A CN115130095A CN 115130095 A CN115130095 A CN 115130095A CN 202210691860 A CN202210691860 A CN 202210691860A CN 115130095 A CN115130095 A CN 115130095A
Authority
CN
China
Prior art keywords
application
current
signature information
encryption value
allowing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210691860.9A
Other languages
Chinese (zh)
Inventor
刘百灵
文迪
李振达
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Skieer Information Technology Co ltd
Original Assignee
Shenzhen Skieer Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Skieer Information Technology Co ltd filed Critical Shenzhen Skieer Information Technology Co ltd
Priority to CN202210691860.9A priority Critical patent/CN115130095A/en
Publication of CN115130095A publication Critical patent/CN115130095A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Virology (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to a method, a device, equipment and a storage medium for detecting the safety of an application. The method comprises the following steps: when the application is monitored to be started, or the application is monitored to load the core code, or the application is monitored to read the sensitive information, the original signature information and the original encryption value corresponding to the archive file which are pre-stored in the binary file are utilized to verify the current signature information of the application and the current encryption value of the archive file of the application, whether the current signature information and the current encryption value pass the verification is judged, and when the current signature information and the current encryption value are judged to pass the verification, the application is allowed to be started, or the application is allowed to load the core code, or the application is allowed to read the sensitive information. The method and the device can prevent the code logic and the privacy data of the application from being leaked, and achieve the purpose of protecting the code logic and the privacy data of the application.

Description

Application security detection method, device, equipment and storage medium
Technical Field
The present application relates to the field of information security technologies, and in particular, to a method, an apparatus, a device, and a storage medium for detecting security of an application.
Background
With the widespread use of terminal devices, more and more applications are installed on the terminal devices. When a user uses an application program, some important information may be stored in the application program, and a malicious third party usually analyzes and cracks a code of the application program to obtain an applied code logic in order to illegally obtain the information, so that private data generated in the running process of the application program is illegally stolen or tampered.
In the prior art, codes are protected from being cracked mostly by means of obfuscating the codes of the applications, but the code obfuscations are only relative, and a malicious third party still possibly knows the code logics of the applications through debugging, so that potential safety hazards exist in the code logics and private data of the applications.
Therefore, how to protect the code logic and private data of the application has become a technical problem to be solved by those skilled in the art.
Disclosure of Invention
In view of the above, the present application provides a method, an apparatus, a device and a storage medium for detecting security of an application, which aims to achieve the purpose of protecting code logic and private data of the application.
In a first aspect, the present application provides a method for detecting security of an application, the method including:
when monitoring that an application is started, or monitoring that the application loads a core code, or monitoring that the application reads sensitive information, verifying current signature information of the application and a current encryption value of an applied archive file by using original signature information and an original encryption value corresponding to the archive file which are pre-stored in a binary file;
judging whether the current signature information and the current encryption value pass verification or not;
and when the current signature information and the current encryption value are judged to pass the verification, allowing the application to start, or allowing the application to load a core code, or allowing the application to read sensitive information.
Preferably, the determining whether the current signature information and the current encryption value pass the verification includes:
and when the current signature information or the current encryption value is judged not to be verified, forbidding the application to start, or forbidding the application to load a core code and control the application to exit, or forbidding the application to read sensitive information and control the application to exit.
Preferably, the allowing the application to start, or allowing the application to load a core code, or allowing the application to read sensitive information includes:
the method comprises the steps of allowing the application to be started within a preset time length, or allowing the application to load a core code within the preset time length, or allowing the application to read sensitive information within the preset time length.
Preferably, the verifying the current signature information of the application and the current encryption value of the applied archive file by using the original signature information pre-stored in the binary file and the original encryption value corresponding to the archive file includes:
verifying whether the current signature information is consistent with the original signature information;
when the current signature information is verified to be consistent with the original signature information, judging whether the execution environment of the application is legal or not;
when the execution environment of the application is judged to be legal, a pre-configured encryption algorithm is called to encrypt the current archive file of the application to obtain a current encryption value;
verifying whether the current cryptographic value is consistent with the original cryptographic value;
and when the current encryption value is verified to be consistent with the original encryption value, judging that the current signature information and the current encryption value are verified.
Preferably, the determining whether the execution environment of the application is legal includes:
and when the execution environment of the application is judged to be illegal, forbidding the application to start, or forbidding the application to load a core code and control the application to exit, or forbidding the application to read sensitive information and control the application to exit.
Preferably, after determining that both the current signature information and the current encrypted value pass the verification, the method further includes:
decrypting the core code by using the key stored in the binary file, and judging whether the core code is decrypted successfully;
and when the core code is judged to be decrypted successfully, allowing the application to load the decrypted core code.
Preferably, the determining whether the core code is decrypted successfully includes:
and when the core code is judged not to be decrypted successfully, forbidding the application to load the core code and controlling the application to exit.
In a second aspect, the present application provides an applied security detection apparatus, comprising:
a verification module: the system comprises a first signature module, a second signature module, a third signature module, a fourth signature module, a fifth signature module, a sixth signature module, a seventh signature module, a sixth signature module, a seventh signature module, a sixth signature module, a seventh signature module, a sixth signature module, a fifth signature module, a fourth signature module, a module and a module;
a judgment module: the system is used for judging whether the current signature information and the current encryption value pass verification or not;
a control module: and when the current signature information and the current encryption value are judged to pass the verification, allowing the application to start, or allowing the application to load core codes, or allowing the application to read sensitive information.
In a third aspect, the present application provides an electronic device, including a processor, a communication interface, a memory and a communication bus, where the processor, the communication interface, and the memory complete mutual communication through the communication bus;
a memory for storing a computer program;
the processor is configured to implement the steps of the method for detecting security of an application described in any embodiment of the first aspect when executing the program stored in the memory.
In a fourth aspect, a computer-readable storage medium is provided, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the method for security detection of an application according to any of the embodiments of the first aspect.
Compared with the prior art, the technical scheme provided by the embodiment of the application has the following advantages:
when monitoring that the application is started, or when monitoring that the application loads a core code, or when monitoring that the application reads sensitive information, the application security detection method, the device, the equipment and the storage medium utilize original signature information and an original encryption value corresponding to an archive file which are pre-stored in a binary file to verify the current signature information and the current encryption value of the applied archive file, if the current signature information and the current encryption value pass the verification, the application is allowed to be started, or the application is allowed to load the core code, or the application is allowed to read the sensitive information, and the application security detection method, the device, the equipment and the storage medium can determine that the original signature information and the original encryption value are safe, credible and untampered information by combining the security of the binary file, and verify the current signature information of the application and the current encryption value of the applied archive file, whether the application is maliciously tampered can be determined, and the running safety of the application is improved, so that the leakage of code logic and privacy data of the application is prevented, and the purpose of protecting the code logic and privacy data of the application is achieved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and, together with the description, serve to explain the principles of the application.
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious for those skilled in the art to obtain other drawings without inventive labor.
FIG. 1 is a schematic flow chart of a preferred embodiment of a security detection method applied in the present application;
FIG. 2 is a schematic flowchart illustrating an embodiment of verifying current signature information and a current encryption value according to the present application;
FIG. 3 is a schematic flowchart illustrating another embodiment of verifying current signature information and a current encryption value according to the present application;
FIG. 4 is a block diagram of a preferred embodiment of a security detection apparatus for use in the present application;
FIG. 5 is a schematic diagram of an electronic device according to an embodiment of the present application;
the implementation, functional features and advantages of the object of the present application will be further explained with reference to the embodiments, and with reference to the accompanying drawings.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of and not restrictive on the broad application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The application provides an application security detection method. Fig. 1 is a schematic method flow diagram of an embodiment of a security detection method applied in the present application. The method may be performed by an electronic device, which may be implemented by software and/or hardware. The application safety detection method comprises the following steps:
step S10: when monitoring that an application is started, or monitoring that the application loads a core code, or monitoring that the application reads sensitive information, verifying current signature information of the application and a current encryption value of an applied archive file by using original signature information and an original encryption value corresponding to the archive file which are pre-stored in a binary file;
step S20: judging whether the current signature information and the current encryption value pass verification;
step S30: and when the current signature information and the current encryption value are judged to pass the verification, allowing the application to start, or allowing the application to load a core code, or allowing the application to read sensitive information.
In this embodiment, the present solution is described by taking an application as an electron desktop application as an example, and it is understood that the application may also be other types of application programs, which is not limited herein. After the desktop application is released, a malicious third party may tamper data of the desktop application or install a malicious plug-in to snoop the code logic of the desktop application, or analyze the desktop application to acquire the private data of the desktop application, and therefore it is required to verify whether the relevant information of the desktop application is tampered, so that the aims of protecting the code logic of the desktop application and preventing the private data from being leaked are achieved.
Specifically, when it is monitored that the application is started, or when it is monitored that the application loads the core code, or when it is monitored that the application reads sensitive information, the current signature information of the application and the current encryption value of the applied archive file are verified by using the original signature information and the original encryption value corresponding to the archive file, which are pre-stored in the binary file. The core code refers to important code or sensitive code of the desktop application, for example, important code that a developer does not want to break logic by a third party. It is to be understood that the core code may be a code obtained through an encryption operation. The sensitive information may be private data corresponding to the desktop application, such as user data, log data, and the like, regarding the desktop application. The binary may be a node binary that calls c + + compilation with electron support.
The current signature information of the application refers to digital signature information corresponding to the application when the application is monitored to be started, or when the application is monitored to load a core code, or when the application is monitored to read sensitive information. It is understood that the application may utilize a predetermined signature algorithm to perform a signature operation on the application to obtain the signature information during packaging, and the signature algorithm may be a DSS signature algorithm, an RSA signature algorithm, or the like. The current encryption value of the application archive file is an encryption value obtained by performing encryption operation on the application archive file when monitoring that the application is started, or when monitoring that the application loads the core code, or when monitoring that the application reads sensitive information.
The original signature information of the application (i.e. the digital signature information obtained by signing the application when packaging the application) and the original encrypted value corresponding to the applied archive file (i.e. the encrypted value obtained by encrypting the applied archive file by using an encryption algorithm when packaging the application) can be stored by two binary files. The binary file storing the original signature information is denoted as f1, and the binary file storing the original encryption value corresponding to the archive file is denoted as f 2. Wherein f1 is compiled in advance, f1 can be called normally in the verification process, f1 can include core code, decryption key of the core code, digital signature of the application, verification key of the archive file, re-verification key outside the verification period, verification key of sensitive file or folder, and f1 can be stored in the archive file of the application after the application is packaged. f2 is a binary file generated in the application packaging process, the archive file is encrypted by an encryption algorithm (for example, MD5 algorithm) to obtain an encrypted value, the encrypted value is written into a cc file, a C + + compilation is performed by a system command to generate a binary file f2, and f2 can be stored in an app.
After the current signature information and the current encryption value are verified, whether the current signature information and the current encryption value pass the verification or not is judged, if the current signature information and the current encryption value pass the verification, the application is not tampered, and therefore the application can be allowed to start, or the application is allowed to load the core code to run the core code in the execution process, or the application is allowed to read the sensitive information to use the sensitive information in the execution process.
Because the original signature information and the original encryption value can be determined to be safe, credible and untampered information, the current signature information of the application and the current encryption value of the applied archive file are verified by using the security of the binary file, and whether the application is maliciously tampered can be determined, so that the running security of the application is improved, and the code logic of the application and the private data of the application are protected.
Further, the determining whether the current signature information and the current encrypted value pass the verification includes:
and when the current signature information or the current encryption value is judged not to be verified, forbidding the application to start, or forbidding the application to load a core code and control the application to exit, or forbidding the application to read sensitive information and control the application to exit.
When the current signature information or the current encryption value of the application is judged to be not verified, the application is possibly tampered or implanted with a malicious plug-in, at this time, the application can be prohibited from starting, or the application is prohibited from loading the core code and controlling the application to exit, or the application is prohibited from reading the sensitive information and controlling the application to exit, so that the code logic and the privacy data of the application are prevented from being leaked.
In one embodiment, the allowing the application to start, or allowing the application to load a core code, or allowing the application to read sensitive information includes:
the method comprises the steps of allowing the application to be started within a preset time length, or allowing the application to load a core code within the preset time length, or allowing the application to read sensitive information within the preset time length.
The preset duration can be set according to actual requirements, the duration for starting the application in the preset duration is allowed, the duration for loading the core code in the preset duration is allowed to be applied, and the duration for reading the sensitive information in the preset duration is allowed to be applied, wherein the three durations can be the same duration or different durations. The application is considered to be in a safe execution environment within the preset time, so that the current signature information and the current encryption value of the application do not need to be verified within the preset time, frequent verification of the current signature information and the current encryption value can be avoided by setting the preset time, and the pressure of system resources is reduced. Further, in addition to the time efficiency of the preset time, when it is monitored that the application is started, or when it is monitored that the application loads the core code, or when it is monitored that the application reads sensitive information, it is necessary to verify the current signature information and the current encryption value again.
Referring to fig. 2, a flowchart for verifying the current signature information and the current encryption value according to the present application is shown. Specifically, the verifying the current signature information of the application and the current encryption value of the applied archive file by using the original signature information pre-stored in the binary file and the original encryption value corresponding to the archive file includes:
verifying whether the current signature information is consistent with the original signature information;
when the current signature information is verified to be consistent with the original signature information, judging whether the execution environment of the application is legal or not;
when the execution environment of the application is judged to be legal, a pre-configured encryption algorithm is called to encrypt the current archive file of the application to obtain a current encryption value;
verifying whether the current cryptographic value is consistent with the original cryptographic value;
and when the current encryption value is verified to be consistent with the original encryption value, judging that the current signature information and the current encryption value are verified.
When monitoring that an application is started, or when monitoring that the application loads a core code, or when monitoring that the application reads sensitive information, it is necessary to verify current signature information of the application and a current encryption value of an archive file of the application, specifically, whether the current signature information is consistent with original signature information, and if it is verified that the current signature information is consistent with the original signature information, it is indicated that the signature information of the application is correct, and at this time, it is determined whether an execution environment of the application is legal, that is, an illegal file or an illegal folder (e.g., an illegal file electron app) cannot exist in the execution environment, and at the same time, some files (e.g., a ffmpeg.dll file is required by a window system, and an info.ist file is required by a macos system) must be included to consider the execution environment to be legal. When the execution environment of the application is judged to be legal, a pre-configured encryption algorithm is called to encrypt the current archive file of the application to obtain a current encryption value, and it can be understood that the encryption algorithm for encrypting the current archive file is the same as the encryption algorithm for generating the original encryption value. And verifying whether the current encryption value is consistent with the original encryption value, and when the current encryption value is consistent with the original encryption value, judging that the current signature information and the current encryption value are verified, wherein the application can be allowed to start, or the application is allowed to load the core codes, or the application is allowed to read the sensitive information.
The original signature information and the original encryption value can be determined to be safe, credible and untampered information, the current signature information of the application and the current encryption value of the archived file are verified by using the security of the binary file, and whether the application is maliciously tampered can be determined, so that the security of the application during running is improved, and the code logic of the application and the privacy data of the application are protected from being leaked.
Further, the determining whether the execution environment of the application is legal includes:
and when the execution environment of the application is judged to be illegal, forbidding the application to start, or forbidding the application to load a core code and control the application to exit, or forbidding the application to read sensitive information and control the application to exit.
When the execution environment of the application is judged to be illegal, namely the execution environment of the application has an illegal folder, the application can be prohibited from starting, or the application is prohibited from loading the core code and controlling the application to quit, or the application is prohibited from reading the sensitive information and controlling the application to quit, so that the code logic and the privacy data of the application are prevented from being leaked, and the purpose of protecting the code logic and the privacy data of the application is achieved.
Referring to fig. 3, a schematic flowchart illustrating another embodiment of verifying the current signature information and the current encryption value according to the present application is shown. As the core code may be a code obtained after an encryption operation, when it is monitored that the application loads the core code, if both the current signature information and the current encryption value of the application pass verification, the core code may also be decrypted, specifically, on the basis of the embodiment shown in fig. 2, after it is determined that both the current signature information and the current encryption value pass verification, the method further includes:
decrypting the core code by using the key stored in the binary file, and judging whether the core code is decrypted successfully;
and when the core code is judged to be successfully decrypted, allowing the application to load the decrypted core code.
Because the core code can be a code obtained after encryption operation, when it is monitored that the application needs to load the core code, if the current signature information and the current encryption value of the application are both verified, the core code can be decrypted by using the key stored in the binary file, whether the core code is successfully decrypted is judged, and when the core code is judged to be successfully decrypted, the application is allowed to load the decrypted core code.
Further, the determining whether the core code is successfully decrypted includes:
and when the core code is judged not to be decrypted successfully, forbidding the application to load the core code and controlling the application to exit. When the core code is judged not to be decrypted successfully, the application is indicated to be possibly tampered, and the application is prohibited from loading the core code and is controlled to exit.
Fig. 4 is a schematic diagram of functional modules of the security detection apparatus 100 applied in the present application.
The security detection apparatus 100 of the application described herein may be installed in an electronic device. According to the implemented functions, the security detection apparatus 100 for an application may include an authentication module 110, a determination module 120, and a control module 130. A module, which may also be referred to as a unit in this application, refers to a series of computer program segments that can be executed by a processor of an electronic device and that can perform a fixed function, and that are stored in a memory of the electronic device.
In the present embodiment, the functions regarding the respective modules/units are as follows:
the verification module 110: the method comprises the steps of verifying current signature information of an application and a current encryption value of an applied archive file by using original signature information pre-stored in a binary file and an original encryption value corresponding to the archive file when application starting is monitored, or application loading core codes is monitored, or the application reads sensitive information is monitored;
the judging module 120: the signature device is used for judging whether the current signature information and the current encryption value pass verification or not;
the control module 130: and when the current signature information and the current encryption value are judged to pass the verification, allowing the application to start, or allowing the application to load core codes, or allowing the application to read sensitive information.
In one embodiment, the determining whether the current signature information and the current encrypted value are verified includes:
and when the current signature information or the current encryption value is judged not to pass the verification, forbidding the application to start, forbidding the application to load a core code and control the application to exit, or forbidding the application to read sensitive information and control the application to exit.
In one embodiment, the allowing the application to start, or allowing the application to load a core code, or allowing the application to read sensitive information includes:
the method comprises the steps of allowing the application to be started within a preset time length, or allowing the application to load a core code within the preset time length, or allowing the application to read sensitive information within the preset time length.
In one embodiment, the verifying the current signature information of the application and the current encrypted value of the archive file of the application by using the original signature information pre-stored in the binary file and the original encrypted value corresponding to the archive file includes:
verifying whether the current signature information is consistent with the original signature information;
when the current signature information is verified to be consistent with the original signature information, judging whether the execution environment of the application is legal or not;
when the execution environment of the application is judged to be legal, a pre-configured encryption algorithm is called to encrypt the current archive file of the application to obtain a current encryption value;
verifying whether the current cryptographic value is consistent with the original cryptographic value;
and when the current encryption value is verified to be consistent with the original encryption value, judging that the current signature information and the current encryption value are verified.
In one embodiment, the determining whether the execution environment of the application is legal includes:
and when the execution environment of the application is judged to be illegal, forbidding the application to start, or forbidding the application to load a core code and control the application to exit, or forbidding the application to read sensitive information and control the application to exit.
In one embodiment, the verification module is further to:
decrypting the core code by using the key stored in the binary file, and judging whether the core code is decrypted successfully;
and when the core code is judged to be decrypted successfully, allowing the application to load the decrypted core code.
In one embodiment, the determining whether the core code was successfully decrypted includes:
and when the core code is judged not to be decrypted successfully, forbidding the application to load the core code and controlling the application to exit.
Fig. 5 is a schematic diagram of an electronic device 1 according to a preferred embodiment of the present application.
The electronic device 1 includes but is not limited to: memory 11, processor 12, display 13 and communication interface 14. The electronic device 1 is connected to a network via a communication interface 14. The network may be a wireless or wired network such as an Intranet (Intranet), the Internet (Internet), a Global System for Mobile communications (GSM), Wideband Code Division Multiple Access (WCDMA), a 4G network, a 5G network, Bluetooth (Bluetooth), Wi-Fi, or a communication network.
The memory 11 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, and the like. In some embodiments, the storage 11 may be an internal storage unit of the electronic device 1, such as a hard disk or a memory of the electronic device 1. In other embodiments, the memory 11 may also be an external storage device of the electronic device 1, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like equipped with the electronic device 1. Of course, the memory 11 may also comprise both an internal memory unit and an external memory device of the electronic device 1. In this embodiment, the memory 11 is generally used for storing an operating system installed in the electronic device 1 and various application software, such as a program code of the security detection program 10 of an application. Further, the memory 11 may also be used to temporarily store various types of data that have been output or are to be output.
Processor 12 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 12 is typically arranged to control the overall operation of the electronic device 1, such as performing data interaction or communication related control and processing. In this embodiment, the processor 12 is configured to run the program code stored in the memory 11 or process data, for example, the program code of the security detection program 10 of the application.
The display 13 may be referred to as a display screen or display unit. In some embodiments, the display 13 may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an Organic Light-Emitting Diode (OLED) touch screen, or the like. The display 13 is used for displaying information processed in the electronic device 1 and for displaying a visual work interface.
The communication interface 14 may optionally comprise a standard wired interface, a wireless interface (e.g. WI-FI interface), the communication interface 14 typically being used for establishing a communication connection between the electronic device 1 and other devices.
Fig. 5 only shows the electronic device 1 with the components 11-14 and the applied security detection program 10, but it is to be understood that not all shown components are required to be implemented, and that more or less components may alternatively be implemented.
Optionally, the electronic device 1 may further comprise a user interface, the user interface may comprise a Display (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface may further comprise a standard wired interface and a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an Organic Light-Emitting Diode (OLED) touch screen, or the like. The display, which may also be referred to as a display screen or display unit, is suitable, among other things, for displaying information processed in the electronic device 1 and for displaying a visualized user interface.
The electronic device 1 may further include a Radio Frequency (RF) circuit, a sensor, an audio circuit, and the like, which are not described in detail herein.
In the above embodiment, the processor 12 may implement the following steps when executing the security detection program 10 of the application stored in the memory 11:
when monitoring that the application is started, or when monitoring that the application loads a core code, or when monitoring that the application reads sensitive information, verifying the current signature information of the application and the current encryption value of the applied archive file by using the original signature information and the original encryption value corresponding to the archive file which are pre-stored in a binary file;
judging whether the current signature information and the current encryption value pass verification;
and when the current signature information and the current encryption value are judged to pass the verification, allowing the application to start, or allowing the application to load a core code, or allowing the application to read sensitive information.
The storage device may be the memory 11 of the electronic device 1, or may be another storage device communicatively connected to the electronic device 1.
For detailed description of the above steps, please refer to the above description of fig. 4 regarding a functional block diagram of an embodiment of the apparatus 100 for detecting security of an application and fig. 1 regarding a flowchart of an embodiment of a method for detecting security of an application.
In addition, the embodiment of the present application also provides a computer-readable storage medium, which may be non-volatile or volatile. The computer readable storage medium may be any one or any combination of hard disks, multimedia cards, SD cards, flash memory cards, SMCs, Read Only Memories (ROMs), Erasable Programmable Read Only Memories (EPROMs), portable compact disc read only memories (CD-ROMs), USB memories, etc. The computer readable storage medium includes a storage data area and a storage program area, the storage program area stores an application security detection program 10, and when executed by a processor, the application security detection program 10 implements the following operations:
when monitoring that an application is started, or monitoring that the application loads a core code, or monitoring that the application reads sensitive information, verifying current signature information of the application and a current encryption value of an applied archive file by using original signature information and an original encryption value corresponding to the archive file which are pre-stored in a binary file;
judging whether the current signature information and the current encryption value pass verification;
and when the current signature information and the current encryption value are judged to pass the verification, allowing the application to start, or allowing the application to load a core code, or allowing the application to read sensitive information.
The specific implementation of the computer readable storage medium of the present application is substantially the same as the specific implementation of the security detection method applied above, and is not described herein again.
It should be noted that the above-mentioned serial numbers of the embodiments of the present application are only for description, and do not represent the advantages and disadvantages of the embodiments. And the terms "comprises," "comprising," or any other variation thereof, herein are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, apparatus, article or method that comprises the element.
Through the description of the foregoing embodiments, it is clear to those skilled in the art that the method of the foregoing embodiments may be implemented by software plus a necessary general hardware platform, and certainly may also be implemented by hardware, but in many cases, the former is a better implementation. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, an electronic device, or a network device) to execute the method according to the embodiments of the present application.
The above description is only a preferred embodiment of the present application, and not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings of the present application, or which are directly or indirectly applied to other related technical fields, are included in the scope of the present application.

Claims (10)

1. A method for security detection of an application, the method comprising:
when monitoring that an application is started, or monitoring that the application loads a core code, or monitoring that the application reads sensitive information, verifying current signature information of the application and a current encryption value of an applied archive file by using original signature information and an original encryption value corresponding to the archive file which are pre-stored in a binary file;
judging whether the current signature information and the current encryption value pass verification;
and when the current signature information and the current encryption value are judged to pass the verification, allowing the application to start, or allowing the application to load a core code, or allowing the application to read sensitive information.
2. The method for security detection of an application according to claim 1, wherein said determining whether the current signature information and the current cryptographic value are verified comprises:
and when the current signature information or the current encryption value is judged not to pass the verification, forbidding the application to start, forbidding the application to load a core code and control the application to exit, or forbidding the application to read sensitive information and control the application to exit.
3. The method for security detection of an application according to claim 1, wherein the allowing the application to start, or allowing the application to load core code, or allowing the application to read sensitive information comprises:
the method comprises the steps of allowing the application to be started within a preset time length, or allowing the application to load a core code within the preset time length, or allowing the application to read sensitive information within the preset time length.
4. The method for detecting the security of the application according to claim 1, wherein the verifying the current signature information of the application and the current encrypted value of the applied archive file by using the original signature information pre-stored in the binary file and the original encrypted value corresponding to the archive file comprises:
verifying whether the current signature information is consistent with the original signature information;
when the current signature information is verified to be consistent with the original signature information, judging whether the execution environment of the application is legal or not;
when the execution environment of the application is judged to be legal, a pre-configured encryption algorithm is called to encrypt the current archive file of the application to obtain a current encryption value;
verifying whether the current cryptographic value is consistent with the original cryptographic value;
and when the current encryption value is verified to be consistent with the original encryption value, judging that the current signature information and the current encryption value are verified.
5. The method for detecting the security of the application according to claim 4, wherein the determining whether the execution environment of the application is legal comprises:
and when the execution environment of the application is judged to be illegal, forbidding the application to start, or forbidding the application to load a core code and control the application to exit, or forbidding the application to read sensitive information and control the application to exit.
6. The method for security detection of an application of claim 4, wherein after determining that both the current signature information and the current secret are verified, the method further comprises:
decrypting the core code by using the key stored in the binary file, and judging whether the core code is decrypted successfully;
and when the core code is judged to be successfully decrypted, allowing the application to load the decrypted core code.
7. The method for security detection of an application of claim 6, wherein said determining whether said core code was successfully decrypted comprises:
and when the core code is judged not to be successfully decrypted, forbidding the application to load the core code and controlling the application to exit.
8. An apparatus for security detection of an application, the apparatus comprising:
a verification module: the method comprises the steps of verifying current signature information of an application and a current encryption value of an applied archive file by using original signature information pre-stored in a binary file and an original encryption value corresponding to the archive file when application starting is monitored, or application loading core codes is monitored, or the application reads sensitive information is monitored;
a judging module: the system is used for judging whether the current signature information and the current encryption value pass verification or not;
a control module: and when the current signature information and the current encryption value are judged to pass the verification, allowing the application to start, or allowing the application to load core codes, or allowing the application to read sensitive information.
9. An electronic device is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for realizing mutual communication by the memory through the communication bus;
a memory for storing a computer program;
a processor for implementing the method for detecting security of an application according to any one of claims 1 to 7 when executing a program stored in a memory.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of a security detection method for an application according to any one of claims 1 to 7.
CN202210691860.9A 2022-06-17 2022-06-17 Application security detection method, device, equipment and storage medium Pending CN115130095A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210691860.9A CN115130095A (en) 2022-06-17 2022-06-17 Application security detection method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210691860.9A CN115130095A (en) 2022-06-17 2022-06-17 Application security detection method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN115130095A true CN115130095A (en) 2022-09-30

Family

ID=83377876

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210691860.9A Pending CN115130095A (en) 2022-06-17 2022-06-17 Application security detection method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115130095A (en)

Similar Documents

Publication Publication Date Title
CN110968844B (en) Software authorization method in off-line state, server and readable storage medium
EP2634959B1 (en) Method and Apparatus for Incremental Code Signing
KR101503785B1 (en) Method And Apparatus For Protecting Dynamic Library
EP2693789B1 (en) Mobile terminal encryption method, hardware encryption device and mobile terminal
US9054865B2 (en) Cryptographic system and methodology for securing software cryptography
CN111984962A (en) Firmware security verification method and device
CN108304698B (en) Product authorized use method and device, computer equipment and storage medium
CN108229144B (en) Verification method of application program, terminal equipment and storage medium
CN107508801B (en) Method and device for preventing file from being tampered
CN107273150B (en) Preloading firmware downloading and writing method and device
KR20150035249A (en) Recording medium storing application package, method and apparatus of creating application package, method and apparatus of executing application package
CN106548065B (en) Application program installation detection method and device
JP5727545B2 (en) Wireless terminal device and system protection method
CN107092832A (en) A kind of method for making up Secure Boot security breaches in time
CN110619219B (en) Application program source code protection method and device, computer equipment and storage medium
CN109784072B (en) Security file management method and system
CN114816549B (en) Method and system for protecting bootloader and environment variable thereof
CN115130095A (en) Application security detection method, device, equipment and storage medium
CN115225350A (en) Government affair cloud encryption login verification method based on national secret certificate and storage medium
CN115794683A (en) Method, device and equipment for protecting upper electric writing and storage medium
CN111125717A (en) Method, device, equipment and medium for safely running BIOS (basic input output System) driver
CN107862209B (en) File encryption and decryption method, mobile terminal and device with storage function
CN111814137A (en) Operation and maintenance method and system of terminal and storage medium
CN106355085B (en) Trusted application operation safety control method
CN112632553A (en) Vulnerability processing method and related product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 518057 401, block a, sharing building, No. 78, Keyuan North Road, songpingshan community, Xili street, Nanshan District, Shenzhen, Guangdong

Applicant after: Shenzhen Shukuo Information Technology Co.,Ltd.

Address before: 518057 401, block a, sharing building, No. 78, Keyuan North Road, songpingshan community, Xili street, Nanshan District, Shenzhen, Guangdong

Applicant before: SHENZHEN SKIEER INFORMATION TECHNOLOGY CO.,LTD.