CN115706738A - Debugging management platform and operation method thereof - Google Patents
Debugging management platform and operation method thereof Download PDFInfo
- Publication number
- CN115706738A CN115706738A CN202110919613.5A CN202110919613A CN115706738A CN 115706738 A CN115706738 A CN 115706738A CN 202110919613 A CN202110919613 A CN 202110919613A CN 115706738 A CN115706738 A CN 115706738A
- Authority
- CN
- China
- Prior art keywords
- debugging
- platform
- debug
- package
- software development
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Debugging And Monitoring (AREA)
Abstract
The invention provides a debugging management platform and an operation method thereof, in the method, the debugging management platform operates a debugging agent service for establishing a debugging channel for connecting a software development platform and a test platform, and the debugging agent service receives a debugging package sent by the software development platform or the test platform, analyzes the debugging package and then checks whether the debugging package meets an information safety standard. If the debugging package conforms to the information safety standard, the debugging package is forwarded to the test platform or the software development platform, and if the debugging package does not conform to the information safety standard, the debugging package is not forwarded.
Description
Technical Field
The present invention relates to a security measure for software development and debugging, and more particularly, to a debugging management platform for providing secure transmission of debugging information between a software development platform and a test platform and an operating method thereof.
Background
The prior art proposes a method for allowing a user to log in a software development platform from their respective computer device to perform software development, and allowing the user to perform remote debugging (remote debugging), which is also gradually becoming a debugging solution applied in various types of software development.
Fig. 1 is a schematic diagram of a conventional software development and test platform, in which a software development platform 10 is shown, which provides a remote software development service for a user, so that the user can write source code 101 and generate executable file 103 after compiling, in the process, debugging is performed through a debugger 105, and after completing debugging, executable file 103 can be loaded into a test platform 12 for software testing. If there is any problem, or there is a need for recompilation, the user updates the source code 101, recompiles, debugs, and generates a new executable file 103.
According to the example shown in fig. 1, the software development platform 10 may be, for example, a workstation or a server, and the test platform 12 is an electronic device for executing the executable file 103, such as a mobile device, a personal computer, or a specific electronic device. When software development is run, a debug channel (debug channel) can be established through a communication port (such as TCP and USB) and a debug protocol provided by the test platform 12, where the debug protocol is, for example, a GDB (GNU debug) remote serial protocol (remote serial protocol). After the debug channel is established, the debugger 105 of the software development platform 10 may load the executable file 103 generated by the software development platform 10 into the test platform 12 for execution using the debug channel, and the debugger 105 may also view the source code 101 and the information of the executable file 103 of the software development platform 10 and test on the test platform 12 using the debug channel. During debugging, the debugger 105 sets a break point (break point), single step (single step) execution program code, and displays the register and memory information of the test platform 12 in the source code 101.
When developing software, the debugging tool supports various powerful functions besides the basic debugging function, and can assist developers to test and debug more efficiently. However, the debugging tools generally lack information security protection measures for the development environment, so that confidential data (such as intellectual property software source codes or keys) in the development environment may be transmitted to an uncontrolled device through software debugging requirements.
For example, an Android Debug Bridge (ADB) in an Android system (Android) development environment also provides functions of data transmission, remote login, and the like, so that a user can transmit data of the development environment to an Android system device through a USB or TCP communication port. Alternatively, the GDB remote serial protocol debugger may allow a user to write data into a memory of the device side by a write memory command (write memory command), so that the user may write confidential data into the memory of the device side and extract the confidential data in the memory in cooperation with a specific device side application program. The development environment may therefore face a threat of insufficient information security, and consideration must be given to how to manage the debug channels used for software debugging.
Disclosure of Invention
In view of the lack of a debugging channel with information safety consideration between the development end and the test end of software in the prior art, the invention provides a debugging management platform and an operation method thereof, and provides an independent platform or a software method to provide safety measures suitable for a debugging process. According to the embodiment, the debugging management platform is connected with a software development platform and a test platform, wherein the debugging management platform runs a debugging agent service, and the operation method of the debugging agent service comprises the following steps:
the debugging agent service receives a debugging packet generated from the software development platform, the destination of the debugging packet being the test platform, or receives the debugging packet transmitted from the test platform, the destination of the debugging packet being the software development platform, analyzes the debugging packet, checks whether the debugging packet meets an information security specification, and generates a check result. The information security specification is used for checking whether the debugging package comprises a monitoring debugging package and checking whether data transmitted by the debugging package comprises confidential data.
Then, the debug agent service determines whether to forward the debug packet to the test platform or the software development platform according to the checking result. If the checking result shows that the debugging package accords with the information safety standard, the debugging package is forwarded to the test platform or the software development platform; if the checking result shows that the debugging package does not accord with the information security standard, the debugging package is not forwarded, and a record is established.
Further, the debug agent service may enable a package encryption function for encrypting the debug package and forwarding the debug package to the test platform or the software development platform.
Furthermore, the debugging management platform can be provided with an authority management service for verifying the identity of a user logging in the debugging management platform so as to confirm the authority of the user for accessing the data. The debugging management platform can also be provided with an event checking service for enabling a user to check the software development content recorded in the debugging management platform according to the authority.
For a better understanding of the features and technical content of the present invention, reference should be made to the following detailed description of the present invention along with the accompanying drawings, which are provided for purposes of illustration and description only and are not intended to limit the present invention.
Drawings
FIG. 1 is a diagram of a conventional software development and testing platform;
FIG. 2 is a diagram illustrating an embodiment of a system architecture for a debug management platform, according to the present invention;
FIG. 3 is a flow diagram illustrating an embodiment of logging into a debug management platform, according to the present invention;
FIG. 4 is a flowchart illustrating an embodiment of a method for establishing a debug channel via a debug management platform according to the present invention; and
FIG. 5 is a flowchart illustrating an embodiment of the operation of a debug agent service in accordance with the present invention.
Detailed Description
The embodiments of the present invention will be described with reference to specific embodiments, and those skilled in the art will understand the advantages and effects of the present invention from the disclosure of the present specification. The invention is capable of other and different embodiments and its several details are capable of modifications and various changes in detail without departing from the spirit and scope of the invention. It should be noted that the drawings in the present specification are only for simple schematic illustration and are not drawn to actual dimensions. The following embodiments will further explain the related art of the present invention in detail, but the disclosure is not intended to limit the scope of the present invention.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various elements or signals, these elements or signals should not be limited by these terms. These terms are used primarily to distinguish one element from another element or from one signal to another signal. In addition, the term "or" as used in this specification should, where appropriate, include any one or combination of more of the associated listed items.
The invention provides a debugging management platform and an operation method thereof, wherein one of the main purposes is to ensure the information security during software development and debugging, in particular to set a debugging management platform for safely transmitting debugging information between a software development platform and a test platform.
Fig. 2 is a diagram illustrating an embodiment of a system architecture of a debug management platform according to the present invention.
The software development platform 200 provided by the present invention may be an independent workstation or server, in which various software tools for a user to perform software development are provided, so that the user edits the source code 202, compiles and generates the executable file 203, and a debugger 201 is provided for debugging the source code 202 and the executable file 203, and can also debug the information transmitted by the test platform 210.
A debugging management platform 220 is disposed between the software development platform 200 and the test platform 210, which may be an external server or a software program running in a certain server, and one of the main functions is to manage the usage right of the debugging agent service 230, record and check usage records and information security events, analyze and filter data transmitted during software debugging in real time and filter high-risk data, and reduce the risk of leakage of confidential data through a debugging channel, and other functions also include providing a real-time analysis result for packets recorded by the debugging agent service 230, and monitoring debugging packets for analyzing and tracking subsequent information security events. Wherein the debug agent services 230 may enable encryption functions to further ensure the security and correctness of the debug channel.
Software with this debug management platform 220 can provide rights management services 221, event view services 222, and debug agent connection management services 223. The authority management service 221 is used to manage the identity and authority of the user logging in the debugging management platform 22, so that the administrator can manage the use authority of the debugging agent service 230, including setting the user account, the network address and the machine identification data of the software development platform 200, and including setting the debugger 201, and setting the network address, the communication port, the machine identification data and the service life of the test platform 210 (which is an environment to be tested).
The event viewing service 222 is used for allowing the administrator to view various information from and to the software development platform 200 and the test platform 210, such as usage records of the user, debugging packet transmission records, information security event records, and the like, and allowing the developer to view the content developed by the developer according to the authority of the developer. The debug agent connection management service 223 provides the administrator and user with the debug agent services 230 for setting up individual software development, including enabling or disabling dedicated debug agent services 230 based on the permissions.
Specifically, because the software development platform 200 at the system side and the test platform 210 at the user (developer) side have different security trust levels, the debug management platform 220 is utilized to provide a debug agent service (secure debug agent) to establish a secure transmission channel mechanism to separate two environments with different information security considerations, thereby replacing the connection of directly accessing the software development platform 200 in the test platform 210 at the traditional user side and assisting in monitoring the information transmitted during software debugging.
The debug agent service 230 may be a resident program (daemon) running in a server, a computer host, or the platform context described above. Executing the debugging agent service 230 forms a resident program running as a background in the debugging management platform 220, and assists the software developer in establishing a debugging channel between the software development platform 200 and the test platform 210 so as to connect environments with different security degrees of trust for monitoring and forwarding a debugging package between the software development platform 200 and the test platform 210.
The debug agent 230 can be divided into a data analysis module 231, an event logging module 232 and a packet encryption module 233 according to the software implemented functions. The data analysis module 231 is configured to analyze the debugging packets sent by the software development platform 200 and the test platform 210 in real time, and filter secret information according to the information security standard built in the data analysis module 231. The event logging module 232 is used for logging the usage records of the debug agent 230, listening to the debug package, and logging the events formed by the data analysis module 231, so that the administrator can view the event contents through the debug management platform 220. The package encryption module 233 can be activated according to the needs of the administrator and the user, and can be used in conjunction with the environment of the corresponding debugger or test platform 210 to encrypt the debug package sent to the debug channel of the test platform 210, thereby further increasing the security and correctness.
According to an embodiment, the administrator of the debugging management platform 220 may be an information security administrator or a director of an enterprise or an organization, and the administrator performs information security control and management on the software development platform 200 through the debugging management platform 220. Other users may be software developers or software debuggers who develop software on the managed software development platform 200 and need to debug on the test platform 210 that is not managed by information security. The software development platform 200 may be a software development environment for implementing information security control and management measures, and may be a workstation device controlled and managed by a computer room, which only allows a user to log in and use the software through a terminal or a remote connection; or the user end equipment for information security control and management, wherein the user can not be directly connected to the environment to be tested for debugging through the communication port. The software development platform 200 includes development tools required by a user, such as a library of source code 202, an editor, a compiler, and a debugger 201, which are compiled into an executable file 203 and then loaded into the test platform 210 through the debugging management platform 220 for testing and debugging.
The test platform 210 is defined as an environment for executing and testing the executable file 203, and may be an embedded development board, a Field Programmable Gate Array (FPGA) circuit, a computer device, or a dedicated computer device connected to the development board or the FPGA. The test platform 210 provides communication ports required for remote debugging to establish debugging channels. In the software development platform 200 provided by the present invention, since the testing platform 210 is a resource-limited environment, a manager cannot implement strict information security control and management measures on the software development platform 200, and meanwhile, the testing platform 210 and the software development platform 200 are environments with different security truths, so that the information security of the debugging package and various information can be ensured by the information security scheme provided by the software development platform 200.
It should be noted that, for convenience of description, the embodiments described herein only exemplify an example of the test platform 210 corresponding to one software development platform 200, and the invention is also applicable to a situation with a more complex scenario, for example, the debug agent service 230 may support multiple development environments (software development platforms 200) and multiple test environments (test platforms 210) at the same time, or multiple sets of dedicated debug agent services 230 may be adopted to support connection of a single software development environment and a single test environment.
FIG. 3 is a flow diagram illustrating an embodiment of logging into a debug management platform, according to the present invention.
The debugging management platform is connected with the software development platform and the test platform, the number of the connected platforms depends on the processing capacity of the debugging management platform, and the debugging management platform runs debugging agent service. A manager or a general user (such as a software developer) may log in the debugging management platform remotely (step S301), the identity authentication mechanism adopted by the debugging management platform may be (but is not limited to) an Open identity identifier (Open ID), a Lightweight Directory Access Protocol (LDAP), an Active Directory (AD), and the like, after the identity authentication, the running program includes a rights management service, an event viewing service, and a debugging agent connection management service, and after checking the rights of the manager or the general user (step S303), the manager may be allowed to view the events recorded in the storage device or the database therein (step S305), or the general user may be allowed to view the development content recorded by the debugging management platform (step S307).
Fig. 4 next shows a flowchart of an embodiment of a method for establishing a debug channel through a debug management platform, in which an operational flow for starting a debug agent service via the debug management platform is described.
Initially, a manager or a general user logs in the debugging management platform (step S401), and the user requests to activate the debugging agent service (step S403), and then the rights management service in the platform determines whether the user is in compliance with the activation rights? (step S405), if the user' S authority can enable the related service (Yes), the debugging agent service is enabled (step S409); otherwise, the right is not met (no), the debug agent service is not enabled (step S407).
After the debug agent service is enabled, the debug agent connection management service (fig. 2, 223) provided in the above embodiment connects the software development platform and the test platform to the debug agent service (step S411), and then determines whether the user is in compliance with the right to connect the debug agent service? (step S413), the information of the authorization verification may include, in addition to the user identification data, but not limited to, predefined identifiable information such as a network address of the user device, machine identification data, a communication port, and a debugging protocol. If the user does not accord with the authority (no), the debugging channel is prohibited to be established through the debugging agent service (step S415), and the event viewing service in the debugging management platform records the event; if the right is met (yes), the debugging agent service is adopted to connect the software development platform and the test platform to establish a debugging channel, including establishing the debugging channel from the debugging agent service to the test platform and establishing the debugging channel from the software development platform to the debugging agent service (step S417), and meanwhile, a communication port required by the debugging channel is opened to forward and monitor a debugging package through the debugging management platform, and the debugging management platform also records the event.
FIG. 5 is a flowchart illustrating an embodiment of operations of the debug agent service after completion of establishing a debug channel according to the present invention.
The debug agent service starts to receive the debug packets of the software development platform and the test platform through the debug channel between the software development platform and the test platform (step S501), and analyzes (data analysis module) and checks the coming debug packets according to the format of the debug packets (GDB remote serial protocol mentioned in the above example) through the software therein (step S503), at this time, the debug agent service checks the debug packets according to the information security standard formulated by the administrator, including monitoring the debug packets related to data transmission and checking the data transmitted by the debug packets, and checking whether the debug command written in the memory includes confidential data, etc., to determine whether the debug packets conform to the information security standard (step S505).
And then, generating a check result according to the judgment, so that the debugging agent service determines whether to forward the debugging package to the test platform or the software development platform according to the check result. If the debug package does not conform to the information security standard set by the administrator (No), the debug package is not forwarded except for recording the relevant events (event recording module) (step S507), and the procedure is terminated and waits for the next debug package; or, if the information security specification is met, the debug agent service checks whether the user activates the debug packet encryption (step S509), and checks the encryption algorithm and the information security scheme supported by each end.
If the debug package does not enable the encryption mechanism (no) in the determination of step S509, skipping the encryption process, and forwarding the debug package to the test platform or the software development platform by the debug agent service (step S513), wherein if the debug package is sent by the software development platform, the debug package is forwarded to the test platform after being checked to be in compliance with the information security specification; if the debugging package is sent by the test platform and is checked to be in accordance with the information safety standard, the debugging package is forwarded to the software development platform. If the debug packet is determined to be encrypted by the encryption algorithm, the debug agent (the packet encryption module) encrypts the packet by using an encryption algorithm and an encryption key, for example, using RSA asymmetric encryption or using a TSL (transport layer security) protocol, establishes an encryption channel (step S511), and then forwards the debug packet to the test platform or the software development platform (step S513), and waits for receiving the next packet.
In summary, according to the debugging management platform and the operating method thereof described in the above embodiments, the debugging management platform establishes the debugging channel between the software development platform and the test platform, and in this way, the information security management mechanism for software debugging is established, and in particular, confidential data in the software development environment is prevented from flowing out to the test environment through the software debugging channel. Therefore, the indirect debugging channel between the software development platform and the testing platform is established through the special debugging agent service, and the following characteristics can be realized: software debugging requirements are managed in a centralized manner through a debugging management platform, and debugging channels in different security trust degree environments are bridged in an assisted manner; managing the debugging agent service use authority of a user through a debugging management platform, wherein the debugging agent service use authority comprises an account number, a development environment, a test environment and a service life; the debugging management platform analyzes the debugging package in real time and executes an information security auditing mechanism to prevent confidential data from flowing out through a debugging channel; recording the use record and event of the debugging channel and monitoring the debugging package through the debugging management platform for subsequent tracking and analysis; and the security and the correctness of the debugging channel are further ensured by using an encryption protocol through the debugging management platform.
The above disclosure is only a preferred embodiment of the present invention, and the present invention is not limited to the above embodiment, so that all the modifications made by the equivalent techniques using the contents of the present specification and the attached drawings will fall within the protection scope of the present invention.
Description of reference numerals:
10: software development platform
101: source code
103: executable file
105: debugging device
12: test platform
200: software development platform
201: debugging device
202: source code
203: executable file
220: debugging management platform
221: authority management service
222: event viewing service
223: debug agent connection management service
230: debugging proxy service
231: data analysis module
232: event recording module
233: packet encryption module
210: test platform
Steps S301 to S307: process for logging in debugging management platform
Steps S401 to S417: debugging management platform operation process
Steps S501 to S513: and debugging the operation flow of the proxy service.
Claims (10)
1. A debugging management platform connects a software development platform and a test platform, and is characterized in that the debugging management platform runs a debugging agent service, and the running method of the debugging agent service comprises the following steps:
receiving a debugging package sent by the software development platform or the test platform;
analyzing the debugging package, checking whether the debugging package conforms to an information safety standard, and generating a checking result; and
and determining whether to forward the debugging package to the test platform or the software development platform according to the check result.
2. The debug management platform of claim 1, wherein if said check result indicates that said debug package complies with said information security specification, forwarding said debug package to said test platform or said software development platform; and if the checking result shows that the debugging package does not accord with the information security standard, not forwarding the debugging package and establishing a record.
3. The debug management platform of claim 2, wherein if said debug package is issued by said software development platform and checked for compliance with said information security specification, forwarding said debug package to said test platform; and if the debugging package is sent out by the test platform and is checked to be in accordance with the information safety specification, forwarding the debugging package to the software development platform.
4. The debug management platform of claim 1, wherein the step of checking whether the debug packet conforms to the information security specification comprises listening for the debug packet, and checking whether data transmitted by the debug packet comprises confidential data.
5. The debug management platform of claim 1, wherein the debug agent service enables a packet encryption function to encrypt the debug packet and forward the debug packet to the test platform or the software development platform.
6. The debug management platform according to any one of claims 1 to 5, wherein said debug agent service is a resident program running in said debug management platform for establishing a debug channel connecting between said software development platform and said test platform, so as to ensure information security of said forwarded debug packet.
7. The debug management platform of any one of claims 1 to 5, wherein said debug management platform is a server or a software program running in said server for managing the usage rights of said debug agent service, and providing records and viewing usage records and information security events.
8. The debugging management platform according to claim 7, wherein an authority management service is provided for verifying the identity of a user logged on the debugging management platform to confirm the authority of the user to access data.
9. The debugging management platform according to claim 7, wherein an event viewing service is provided for enabling said user to view the software development content recorded in said debugging management platform according to the authority.
10. An operation method of a debugging management platform comprises the following steps:
running a debugging agent service for establishing a debugging channel for connecting a software development platform and a test platform;
receiving a debugging package sent by the software development platform or the test platform;
analyzing the debugging package, checking whether the debugging package conforms to an information safety standard or not, and generating a checking result; and
and determining whether to forward the debugging package to the test platform or the software development platform according to the check result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110919613.5A CN115706738A (en) | 2021-08-11 | 2021-08-11 | Debugging management platform and operation method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110919613.5A CN115706738A (en) | 2021-08-11 | 2021-08-11 | Debugging management platform and operation method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115706738A true CN115706738A (en) | 2023-02-17 |
Family
ID=85180097
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110919613.5A Pending CN115706738A (en) | 2021-08-11 | 2021-08-11 | Debugging management platform and operation method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115706738A (en) |
-
2021
- 2021-08-11 CN CN202110919613.5A patent/CN115706738A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11494484B2 (en) | Leveraging instrumentation capabilities to enable monitoring services | |
| Gibler et al. | Androidleaks: Automatically detecting potential privacy leaks in android applications on a large scale | |
| US8863252B1 (en) | Trusted access to third party applications systems and methods | |
| RU2289157C2 (en) | Method and system for distributed program development for programmable portable information medium | |
| KR101552950B1 (en) | direct access management system for a server and network device | |
| US20070038747A1 (en) | Storage device and method of setting configuration information of same | |
| WO2007125911A1 (en) | Data processing device, method, program, integrated circuit, and program generating device | |
| JP2006522387A (en) | System and method for managing the execution of computer software | |
| CN112838951B (en) | Operation and maintenance method, device and system of terminal equipment and storage medium | |
| US8191167B2 (en) | Secure system and method for processing data between a first device and at least one second device provided with monitoring means | |
| Suciu et al. | Horizontal privilege escalation in trusted applications | |
| US8572547B1 (en) | Systems and methods for a development environment | |
| JP4664055B2 (en) | Program dividing device, program executing device, program dividing method, and program executing method | |
| CN113973193A (en) | Security quality control method, electronic device and readable medium | |
| US20050038790A1 (en) | Device and method for establishing a security policy in a distributed system | |
| Jayaram et al. | Software engineering for secure software-state of the art: A survey | |
| Trifonov et al. | Analysis of the principles and criteria for secure software development | |
| CN115706738A (en) | Debugging management platform and operation method thereof | |
| TWI774503B (en) | Debugging management platform and operating method thereof | |
| KR101445708B1 (en) | Security System and Terminal Therefor, and Security Method | |
| CN115618324A (en) | Management method, device, equipment and medium for static application security testing tool | |
| CN113162936B (en) | Method and system for preventing abnormal dynamic analysis | |
| US20210336930A1 (en) | Systems and methods for secure access smart hub for cyber-physical systems | |
| KR102636628B1 (en) | Method for security conformity verification and apparatus thereof | |
| CN113449296B (en) | System, method, device and medium for data security protection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |