CN115329343B - Method and system for processing information security loophole - Google Patents

Method and system for processing information security loophole Download PDF

Info

Publication number
CN115329343B
CN115329343B CN202211014209.4A CN202211014209A CN115329343B CN 115329343 B CN115329343 B CN 115329343B CN 202211014209 A CN202211014209 A CN 202211014209A CN 115329343 B CN115329343 B CN 115329343B
Authority
CN
China
Prior art keywords
information
client
information security
security vulnerability
calling function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211014209.4A
Other languages
Chinese (zh)
Other versions
CN115329343A (en
Inventor
徐智
涂玉雅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Energy Cloud Computing Technology Co ltd
Original Assignee
Wuhan Energy Cloud Computing Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Energy Cloud Computing Technology Co ltd filed Critical Wuhan Energy Cloud Computing Technology Co ltd
Priority to CN202211014209.4A priority Critical patent/CN115329343B/en
Publication of CN115329343A publication Critical patent/CN115329343A/en
Application granted granted Critical
Publication of CN115329343B publication Critical patent/CN115329343B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a processing method of an information security vulnerability, which only allows the information security vulnerability to execute vulnerability analysis and processing in a specific environment of a client, obtains calling function information corresponding to the information security vulnerability, generates a corresponding Dockerfile file according to the calling function information, obtains a file directory of a specific position of a detection client, inquires whether an activated document generating a detection environment is contained, and does not analyze the Dockerfile file when the activated document generating the detection environment is not contained; firstly, checking the legality of an information format in the activated document, after judging that the information format in the activated document is legal, checking whether the information in the activated document is matched with the resource parameters of a client, if the activated document is matched with the resource parameter information of the client, allowing the client to analyze the Dockerfile, and generating a docker mirror image aiming at the information security vulnerability so as to realize the monitoring of a calling function corresponding to the information security vulnerability.

Description

Method and system for processing information security vulnerability
Technical Field
The invention relates to the technical field of computer security, in particular to a method and a system for processing information security vulnerabilities.
Background
With the rapid development of computer technology, the informatization degree of human society is higher and higher, and the dependence degree of politics, economy, military, culture and other fields of the whole society on a computer information system is higher and higher. Under such circumstances, the security of computer systems has received increasing attention. However, the compiling of large-scale software and systems needs a lot of programmers to complete together, and the programmers divide one software or system into a plurality of plates, compile by division of labor, then summarize and test; and finally, patching and releasing are carried out, so that security holes exist in software almost inevitably. Software security vulnerabilities refer to flaws introduced in the software design implementation, in data access or behavioral logic, etc. These vulnerabilities are often exploited by attackers, causing program behavior to violate certain security policies. For the reasons, the research on the software security vulnerability detection technology is more and more focused at present.
However, the configuration of the operating environment for vulnerability analysis and detection is not focused, and the generation mode only adopts the general detection environment generated by the virtual machine to analyze and detect vulnerabilities.
Disclosure of Invention
The present invention is directed to solving at least one of the problems of the prior art. Therefore, the invention discloses a processing method of information security loopholes, which comprises the following steps:
step 1, only allowing the information security vulnerability to execute vulnerability analysis and processing in a specific environment of a client, obtaining calling function information corresponding to the information security vulnerability, and generating a corresponding Dockerfile file according to the calling function information, wherein the Dockerfile comprises function monitoring configuration of the calling function information;
step 2, acquiring a file directory of a specific position of a detection client, inquiring whether an activation document for generating a detection environment is contained, and when the activation document for generating the detection environment is not contained, not analyzing the Dockerfile file;
and 3, when the activated document generating the detection environment is included, firstly checking the legality of the information format in the activated document, after the information format in the activated document is judged to be legal, then checking whether the information in the activated document is matched with the resource parameters of the client side or not, wherein the resource parameters comprise an operating memory, an operating program, an I/O (input/output) driver and an instruction execution authority, and if the activated document is matched with the resource parameter information of the client side, allowing the client side to analyze the Docker file and generating a Docker mirror image aiming at the security vulnerability of the information so as to monitor a call function corresponding to the security of the information.
Further, the dockerfile including the function monitoring configuration for the calling function information further includes: and when a monitoring program is set for executing the information security vulnerability, the call function is subjected to embedded Hook to obtain the return address parameter of the call function, and the severity of the information security vulnerability is verified by analyzing the return address parameter.
Further, whether the address range of the return address parameter belongs to a normal range or not is judged, whether the read-write attribute of the return address parameter is normal or not is judged, and the condition of the return address parameter is scored so as to evaluate the severity of the information security vulnerability.
Further, obtaining a file directory that detects a specific location of the client further comprises: the file directory of the specific position is a secure storage area of the client, and the secure storage area is an encrypted storage area or a trusted area.
Further, the allowing the client to parse the Dockerfile file and generate a docker image for the information security vulnerability to monitor a call function corresponding to the information security vulnerability further includes: configuring a base mirror image according to the Dockerfile, then setting a single layer of monitoring program of a Docker layer aiming at calling function information through function monitoring configuration of the calling function information in the Dockerfile, and executing generation of a corresponding monitoring program on the Docker layer needing to be generated according to the Dockerfile.
Furthermore, the docker image is image content which is obtained by connecting the client and the server from a corresponding image warehouse.
Furthermore, when the activation document for generating the detection environment is not included, the client establishes a trusted connection with the server, acquires the activation document preset in the server corresponding to the client, and stores the activation document in a file directory at a specific position of the client.
The invention also discloses a system for processing the information security loophole, which comprises the following modules:
the vulnerability positioning and limiting module is used for only allowing the information security vulnerability to execute vulnerability analysis and processing in a specific environment of a client, obtaining calling function information corresponding to the information security vulnerability, generating a corresponding Dockerfile according to the calling function information, wherein the Dockerfile comprises function monitoring configuration for the calling function information, setting a monitoring program to carry out embedded Hook hooking on the calling function when the information security vulnerability is executed, obtaining a return address parameter of the calling function, verifying the severity of the information security vulnerability through analyzing the returned address parameter, judging whether the address range of the return address parameter belongs to a normal range, judging whether the read-write attribute of the return address parameter is normal, and grading the condition of the return address parameter to evaluate the severity of the information security vulnerability;
the vulnerability analysis environment generation pre-verification module is used for acquiring a file directory of a specific position of a detection client, inquiring whether an activation document for generating the detection environment is contained or not, and when the activation document for generating the detection environment is not contained, not analyzing the Dockerfile, wherein the file directory of the specific position is a safe storage area of the client, and the safe storage area is an encrypted storage area or a trusted area;
the vulnerability analysis environment generation module is used for firstly checking the legality of an information format in an activated document when the activated document for generating a detection environment is included, then checking whether the information in the activated document is matched with resource parameters of a client side or not after the information format in the activated document is judged to be legal, wherein the resource parameters comprise an operation memory, an operation program, an I/O (input/output) driver and an instruction execution authority, if the activated document is matched with the resource parameter information of the client side, the client side is allowed to analyze the Docker file, a Docker mirror image aiming at the information security vulnerability is generated so as to realize the monitoring of a calling function corresponding to the information security vulnerability, wherein a basic mirror image is configured according to the Docker file, then a monitoring program aiming at calling function information of a single Docker layer is set through the function monitoring configuration of the calling function information in the Docker file, and the generation of a corresponding monitoring program is executed on the Docker layer needing to be generated according to the Docker file.
The invention also discloses an electronic system, comprising: the information security vulnerability processing method comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor executes the computer program to realize the steps of the information security vulnerability processing method.
The invention also discloses a computer readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the steps in the processing method of the information security vulnerability are realized.
Compared with the prior art, the invention has the beneficial effects that: the invention can carry out corresponding environment configuration aiming at the condition of the vulnerability, and only allows analysis and processing of the vulnerability under a specific environment in order to ensure the safety of the operating environment and the equipment.
Drawings
The invention will be further understood from the following description in conjunction with the accompanying drawings. The components in the figures are not necessarily to scale, emphasis instead being placed upon illustrating the principles of the embodiments. In the drawings, like reference numerals designate corresponding parts throughout the different views.
Fig. 1 is a flowchart of a processing method of information security vulnerabilities according to the present invention.
Detailed Description
The technical solution of the present invention will be described in more detail with reference to the accompanying drawings and examples.
A mobile terminal implementing various embodiments of the present invention will now be described with reference to the accompanying drawings. In the following description, suffixes such as "module", "component", or "unit" used to denote elements are used only for facilitating the explanation of the present invention, and have no specific meaning in themselves. Thus, "module" and "component" may be used in a mixture.
The mobile terminal may be implemented in various forms. For example, the terminal described in the present invention may include a mobile terminal such as a mobile phone, a smart phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a navigation device, and the like, and a fixed terminal such as a digital TV, a desktop computer, and the like. In the following, it is assumed that the terminal is a mobile terminal. However, it will be understood by those skilled in the art that the configuration according to the embodiment of the present invention can be applied to a fixed type terminal in addition to elements particularly used for moving purposes.
As shown in fig. 1, a method for processing an information security vulnerability includes the following steps:
step 1, only allowing the information security vulnerability to execute vulnerability analysis and processing in a specific environment of a client, obtaining calling function information corresponding to the information security vulnerability, and generating a corresponding Dockerfile file according to the calling function information, wherein the Dockerfile comprises function monitoring configuration of the calling function information;
step 2, acquiring a file directory of a specific position of a detection client, inquiring whether an activation document for generating a detection environment is contained, and when the activation document for generating the detection environment is not contained, not analyzing the Dockerfile file;
and 3, when the activated document generating the detection environment is included, firstly checking the legality of the information format in the activated document, after the information format in the activated document is judged to be legal, then checking whether the information in the activated document is matched with the resource parameters of the client side or not, wherein the resource parameters comprise an operating memory, an operating program, an I/O (input/output) driver and an instruction execution authority, and if the activated document is matched with the resource parameter information of the client side, allowing the client side to analyze the Docker file and generating a Docker mirror image aiming at the security vulnerability of the information so as to monitor a call function corresponding to the security of the information.
Still further, the dockerfile including the function monitoring configuration for the calling function information further includes: and when a monitoring program is set for executing the information security vulnerability, the call function is subjected to embedded Hook to obtain the return address parameter of the call function, and the severity of the information security vulnerability is verified by analyzing the return address parameter.
Further, whether the address range of the return address parameter belongs to a normal range or not is judged, whether the read-write attribute of the return address parameter is normal or not is judged, and the condition of the return address parameter is scored so as to evaluate the severity of the information security vulnerability.
Further, obtaining a file directory that detects a specific location of the client further comprises: the file directory at the specific position is a secure storage area of the client, and the secure storage area is an encrypted storage area or a trusted area.
Further, the allowing the client to parse the Dockerfile file and generate a docker image for the information security vulnerability to monitor a call function corresponding to the information security vulnerability further includes: configuring a base mirror image according to the Dockerfile, then setting a single layer of monitoring program of a Docker layer aiming at calling function information through function monitoring configuration of the calling function information in the Dockerfile, and executing generation of a corresponding monitoring program on the Docker layer needing to be generated according to the Dockerfile.
Furthermore, the docker image is image content which is obtained by connecting the client and the server from a corresponding image warehouse.
Furthermore, when the activation document for generating the detection environment is not included, the client establishes a trusted connection with the server, acquires the activation document preset in the server corresponding to the client, and stores the activation document in a file directory at a specific position of the client.
The invention also discloses a system for processing the information security vulnerability, which comprises the following modules:
the vulnerability positioning and limiting module is used for only allowing the information security vulnerability to execute vulnerability analysis and processing in a specific environment of a client, obtaining calling function information corresponding to the information security vulnerability, generating a corresponding Dockerfile according to the calling function information, wherein the Dockerfile comprises function monitoring configuration for the calling function information, setting a monitoring program to carry out embedded Hook hooking on the calling function when the information security vulnerability is executed, obtaining a return address parameter of the calling function, verifying the severity of the information security vulnerability through analyzing the returned address parameter, judging whether the address range of the return address parameter belongs to a normal range, judging whether the read-write attribute of the return address parameter is normal, and grading the condition of the return address parameter to evaluate the severity of the information security vulnerability;
the vulnerability analysis environment generation pre-verification module acquires a file directory of a specific position of a detection client, inquires whether an activation document for generating the detection environment is contained or not, and does not analyze the Dockerfile file when the activation document for generating the detection environment is not contained, wherein the file directory of the specific position is a safe storage area of the client, and the safe storage area is an encryption storage area or a trusted area;
the vulnerability analysis environment generation module is used for firstly checking the legality of an information format in an activated document when the activated document for generating a detection environment is included, then checking whether the information in the activated document is matched with resource parameters of a client side or not after the information format in the activated document is judged to be legal, wherein the resource parameters comprise an operation memory, an operation program, an I/O (input/output) driver and an instruction execution authority, if the activated document is matched with the resource parameter information of the client side, the client side is allowed to analyze the Docker file, a Docker mirror image aiming at the information security vulnerability is generated so as to realize the monitoring of a calling function corresponding to the information security vulnerability, wherein a basic mirror image is configured according to the Docker file, then a monitoring program aiming at calling function information of a single Docker layer is set through the function monitoring configuration of the calling function information in the Docker file, and the generation of a corresponding monitoring program is executed on the Docker layer needing to be generated according to the Docker file.
The invention also discloses an electronic system comprising: the information security vulnerability processing method comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor executes the computer program to realize the steps of the information security vulnerability processing method.
The invention also discloses a computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and when the computer program is executed by a processor, the steps in the processing method for the information security vulnerability are realized.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of other like elements in a process, method, article, or apparatus comprising the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Although the invention has been described above with reference to various embodiments, it should be understood that many changes and modifications may be made without departing from the scope of the invention. It is therefore intended that the foregoing detailed description be regarded as illustrative rather than limiting, and that it be understood that it is the following claims, including all equivalents, that are intended to define the spirit and scope of this invention. The above examples are to be construed as merely illustrative and not limitative of the remainder of the disclosure. After reading the description of the present invention, the skilled person can make various changes or modifications to the invention, and these equivalent changes and modifications also fall into the scope of the invention defined by the claims.

Claims (7)

1. A processing method for information security loopholes is characterized by comprising the following steps:
step 1, obtaining calling function information corresponding to the information security vulnerability, and generating a corresponding dockerfile file according to the calling function information, wherein the dockerfile file comprises function monitoring configuration of the calling function information, wherein a monitoring program is set to obtain a return address parameter of the calling function by performing embedded Hook on the calling function when the information security vulnerability is executed, verify the severity of the information security vulnerability by analyzing the returned address parameter, judge whether the address range of the returned address parameter belongs to a normal range, judge whether the read-write attribute of the returned address parameter is normal, and score the condition of the returned address parameter to evaluate the severity of the information security vulnerability;
step 2, acquiring a file directory of a specific position of a detection client, inquiring whether an activation document for generating a detection environment is contained, and when the activation document for generating the detection environment is not contained, not analyzing the dockerfile;
step 3, when an activated document for generating a detection environment is included, firstly checking the validity of an information format in the activated document, after the information format in the activated document is judged to be legal, checking whether the information in the activated document is matched with resource parameters of a client or not, wherein the resource parameters comprise an operating memory, an operating program, an I/O (input/output) driver and an instruction execution authority, if the activated document is matched with the resource parameter information of the client, allowing the client to analyze the docker file, and generating a docker mirror image for the information security vulnerability so as to realize the monitoring of a calling function corresponding to the information security vulnerability, wherein the allowing the client to analyze the docker file and generate the docker mirror image for the information security vulnerability so as to realize the monitoring of the calling function corresponding to the information security vulnerability further comprises: and configuring a basic mirror image according to the dockerfile file, setting a single layer of docker layer monitoring program aiming at the calling function information through the function monitoring configuration of the calling function information in the dockerfile file, and executing the generation of the corresponding monitoring program on the docker layer needing to be generated according to the dockerfile file.
2. The method of claim 1, wherein obtaining a file directory that detects a client-specific location further comprises: the file directory of the specific position is a secure storage area of the client, and the secure storage area is an encrypted storage area or a trusted area.
3. The method for processing the information security vulnerability of claim 2, wherein the docker image is an image content which is connected between a client and a server and is obtained from a corresponding image warehouse.
4. The method for processing the information security vulnerability according to claim 1, wherein when the activation document for generating the detection environment is not included, the client establishes a trusted connection with the server, obtains the activation document preset in the server corresponding to the client, and stores the activation document in a file directory at a specific position of the client.
5. The system for processing the information security vulnerability is characterized by comprising the following modules:
the vulnerability positioning and limiting module is used for acquiring calling function information corresponding to the information security vulnerability and generating a corresponding dockerfile file according to the calling function information, wherein the dockerfile file comprises function monitoring configuration of the calling function information, a monitoring program is set to carry out embedded Hook on the calling function when the information security vulnerability is executed so as to obtain a return address parameter of the calling function, the severity of the information security vulnerability is verified by analyzing the returned address parameter, whether the address range of the return address parameter belongs to a normal range is judged, whether the read-write attribute of the return address parameter is normal is judged, and the condition of the return address parameter is scored so as to evaluate the severity of the information security vulnerability;
the vulnerability analysis environment generation pre-verification module is used for acquiring a file directory of a specific position of a detection client, inquiring whether an activation document for generating the detection environment is contained or not, and when the activation document for generating the detection environment is not contained, not analyzing the dockerfile, wherein the file directory of the specific position is a safe storage area of the client, and the safe storage area is an encrypted storage area or a trusted area;
the vulnerability analysis environment generation module is used for firstly checking the legality of an information format in an activated document when the activated document for generating a detection environment is included, then checking whether the information in the activated document is matched with resource parameters of a client side or not after the information format in the activated document is judged to be legal, wherein the resource parameters comprise an operation memory, an operation program, an I/O (input/output) driver and an instruction execution authority, if the activated document is matched with the resource parameter information of the client side, the client side is allowed to analyze the docker file, a docker mirror image aiming at the information security vulnerability is generated so as to realize the monitoring of a calling function corresponding to the information security vulnerability, wherein a basic mirror image is configured according to the docker file, then a monitoring program aiming at calling function information of a single docker layer is set through the function monitoring configuration of the calling function information in the docker file, and the generation of a corresponding monitoring program is executed on the docker layer needing to be generated according to the docker file.
6. An electronic system, comprising: memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps in the method for processing information security vulnerabilities according to any one of claims 1 to 4 when executing the computer program.
7. A computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the steps in the method of processing an information security vulnerability according to any one of claims 1 to 4.
CN202211014209.4A 2022-08-23 2022-08-23 Method and system for processing information security loophole Active CN115329343B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211014209.4A CN115329343B (en) 2022-08-23 2022-08-23 Method and system for processing information security loophole

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211014209.4A CN115329343B (en) 2022-08-23 2022-08-23 Method and system for processing information security loophole

Publications (2)

Publication Number Publication Date
CN115329343A CN115329343A (en) 2022-11-11
CN115329343B true CN115329343B (en) 2023-04-07

Family

ID=83925305

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211014209.4A Active CN115329343B (en) 2022-08-23 2022-08-23 Method and system for processing information security loophole

Country Status (1)

Country Link
CN (1) CN115329343B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113268739A (en) * 2021-05-13 2021-08-17 江苏拓邮信息智能技术研究院有限公司 Docker mirror image security detection method

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103778373B (en) * 2014-01-10 2017-02-08 深圳市深信服电子科技有限公司 Virus detection method and device
CN106709359A (en) * 2017-01-05 2017-05-24 中国电子科技网络信息安全有限公司 Detection method of Android application vulnerabilities
CN108415795B (en) * 2018-02-12 2019-04-05 人和未来生物科技(长沙)有限公司 A kind of container Dockerfile, container mirror image rapid generation and system
CN109656829A (en) * 2018-12-24 2019-04-19 西安四叶草信息技术有限公司 Test method and device based on docker
CN111857967B (en) * 2020-07-29 2022-04-12 中科方德软件有限公司 Container integrity checking method
CN112416462B (en) * 2020-11-28 2022-04-08 郑州信大捷安信息技术股份有限公司 Offline H5 application loading method and system
CN112882792B (en) * 2021-02-03 2022-12-13 天津五八到家货运服务有限公司 Information loading method, computer device and storage medium

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113268739A (en) * 2021-05-13 2021-08-17 江苏拓邮信息智能技术研究院有限公司 Docker mirror image security detection method

Also Published As

Publication number Publication date
CN115329343A (en) 2022-11-11

Similar Documents

Publication Publication Date Title
Alazab et al. Intelligent mobile malware detection using permission requests and API calls
Sun et al. Monet: a user-oriented behavior-based malware variants detection system for android
Abawajy et al. Identifying cyber threats to mobile-IoT applications in edge computing paradigm
Garcia et al. Obfuscation-resilient, efficient, and accurate detection and family identification of android malware
Bhandari et al. Android inter-app communication threats and detection techniques
Han et al. Comparing mobile privacy protection through cross-platform applications
US8578174B2 (en) Event log authentication using secure components
US8474040B2 (en) Environmental imaging
Andow et al. A study of grayware on google play
Damopoulos et al. Exposing mobile malware from the inside (or what is your mobile app really doing?)
Hammad et al. DelDroid: an automated approach for determination and enforcement of least-privilege architecture in android
Faruki et al. Droidanalyst: Synergic app framework for static and dynamic app analysis
Yang et al. Droidward: an effective dynamic analysis method for vetting android applications
Yankson et al. Security assessment for Zenbo robot using Drozer and mobSF frameworks
CN109818972B (en) Information security management method and device for industrial control system and electronic equipment
Kim et al. A study on the digital forensic investigation method of clever malware in IoT devices
CN115329343B (en) Method and system for processing information security loophole
Kavitha et al. Exploring the malicious android applications and reducing risk using static analysis
Watanabe et al. Understanding the inconsistency between behaviors and descriptions of mobile apps
Park et al. A-pot: a comprehensive android analysis platform based on container technology
Bhandari et al. Android app collusion threat and mitigation techniques
Hein Permission based malware protection model for android application
US11436331B2 (en) Similarity hash for android executables
Yang et al. Optimus: association-based dynamic system call filtering for container attack surface reduction
Du et al. An Empirical Analysis of Hazardous Uses of Android Shared Storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant