CN115906056A

CN115906056A - Method, system, device, storage medium and program product for loading dynamic library

Info

Publication number: CN115906056A
Application number: CN202211328749.XA
Authority: CN
Inventors: 董宜清; 张秀波; 袁传博
Original assignee: Suzhou Inspur Intelligent Technology Co Ltd
Current assignee: Suzhou Inspur Intelligent Technology Co Ltd
Priority date: 2022-10-26
Filing date: 2022-10-26
Publication date: 2023-04-04

Abstract

The embodiment of the application discloses a method, a system, equipment, a storage medium and a program product for loading a dynamic library, wherein a dynamic library loading function is preset for a BMC system to configure the decompression capability and the memory monitoring capability of the dynamic library, so that an application program in the BMC has the capability of calling the compressed dynamic library and the capability of monitoring the tampering risk of the dynamic library put in the memory, the loading mode of the BMC dynamic library based on a binary source file structure can be converted into the loading mode of the BMC dynamic library based on a custom compressed file structure, the decompiling risk of a target dynamic library stored in the BMC can be reduced, continuous tampering risk monitoring is set for the dynamic library put in the memory after decompression in the process of calling the target compressed dynamic library by the application program, the risk of calling the tampered target compressed dynamic library by the application program can be reduced, and the safety of the BMC in loading the dynamic library can be improved.

Description

Method, system, device, storage medium and program product for loading dynamic library

Technical Field

The present application relates to the field of computer technologies, and in particular, to a method, a system, a device, a storage medium, and a program product for loading a dynamic library.

Background

DLL (Dynamic Link Library), also known as Dynamic Library, is a way to implement the concept of a shared function Library that enables a process to call functions that do not belong to the process' executable code.

A dynamic library is widely used in BMC (Baseboard Management Controller) as a common code sharing means. When the BMC loads the dynamic library, the dynamic library is usually stored in a binary source file manner such as lib · so that the dynamic library stored in the BMC is easily exported and decompiled, and in a process of placing the dynamic library in a memory and calling by using an application program, the dynamic library in the memory is also at risk of being tampered, so that the application program may call the tampered dynamic library, and a large potential safety hazard exists.

Disclosure of Invention

An object of the embodiments of the present application is to provide a method, a system, a device, a storage medium, and a program product for loading a dynamic library, which can reduce risks of decompiling the dynamic library stored in the BMC and calling an application program to a tampered dynamic library.

To solve the foregoing technical problem, in a first aspect, an embodiment of the present application provides a method for loading a dynamic library, which is applied to a BMC, and includes:

acquiring a target compression dynamic library from computer equipment and storing the target compression dynamic library, wherein the target compression dynamic library is generated by compressing the target compression dynamic library by the computer equipment according to a custom compression algorithm;

when the application program in the BMC calls the target dynamic library, decompressing the target dynamic library by using a custom dynamic library loading function according to a custom decompression algorithm matched with the custom compression algorithm to obtain the target dynamic library;

the target dynamic library is placed into the memory of the BMC, and whether the target dynamic library in the memory of the BMC is tampered or not is continuously monitored by utilizing the user-defined dynamic library loading function, wherein the user-defined dynamic library loading function is obtained after dynamic library decompression capability configuration and memory monitoring capability configuration are carried out on the system preset dynamic library loading function;

when the target dynamic library in the memory of the BMC is tampered, carrying out decompression operation on the target compressed dynamic library stored by the BMC again to obtain a new target dynamic library, and calling the new target dynamic library through an application program in the BMC;

and under the condition that the target dynamic library in the memory of the BMC is not tampered, calling the target dynamic library in the memory of the BMC through an application program in the BMC.

Optionally, the continuously monitoring whether the target dynamic library in the memory of the BMC is tampered includes:

continuously monitoring whether data modification operation on a memory area corresponding to the target dynamic library exists or not by utilizing the user-defined dynamic library loading function;

in response to the data modification operation of the memory area corresponding to the target dynamic library, judging that the target dynamic library in the memory of the BMC is tampered;

and in response to the absence of the data modification operation on the memory area corresponding to the target dynamic library, determining that the target dynamic library in the memory of the BMC is not tampered.

Optionally, the invoking a target dynamic library in a memory of the BMC through an application program in the BMC includes:

judging whether a target function in the memory of the BMC is tampered by using a custom interface calling function, wherein the target function is at least one function in a target dynamic library required to be called by an application program in the BMC, and the custom interface calling function is obtained after the memory monitoring capability of the system preset interface calling function is configured;

and under the condition that the target function is not tampered, calling a function by using the custom interface, and calling the target function in the memory of the BMC in the application program.

Optionally, the custom interface calling function is obtained by configuring a memory monitoring capability for a dlsym interface preset by the system.

Optionally, the obtaining the target compressed dynamic library from the computer device includes:

acquiring a target encryption dynamic library from the computer equipment, wherein the target encryption dynamic library is generated by the computer equipment through encryption operation on the target compression dynamic library according to an encryption algorithm;

and according to the decryption algorithm matched with the encryption algorithm, carrying out decryption operation on the target encrypted dynamic library by using the self-defined dynamic library loading function to obtain the target compressed dynamic library, wherein the self-defined dynamic library loading function is obtained after carrying out dynamic library decompression capacity configuration, memory monitoring capacity configuration and dynamic library decryption capacity configuration on a system preset dynamic library loading function.

Optionally, before performing the decompression operation on the target compressed dynamic library, the method further includes:

performing dynamic library verification on the target compression dynamic library by using the self-defined dynamic library loading function, wherein the dynamic library verification comprises at least one of dynamic library integrity verification and dynamic library correctness verification, and the self-defined dynamic library loading function is obtained by performing dynamic library decompression capability configuration, memory monitoring capability configuration, dynamic library verification capability configuration and dynamic library decryption capability configuration on a system preset dynamic library loading function;

the decompressing operation of the target compressed dynamic library comprises:

and carrying out decompression operation on the target compression dynamic library which passes the verification of the dynamic library.

Optionally, the custom dynamic library loading function is obtained by performing dynamic library decompression capability configuration and memory monitoring capability configuration on a dlopen interface preset by the system.

In a second aspect, an embodiment of the present application further provides a system for loading a dynamic library, which is applied to a baseboard management controller BMC, and includes:

the system comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring a target compression dynamic library from computer equipment and storing the target compression dynamic library, and the target compression dynamic library is generated by compressing the target dynamic library by the computer equipment according to a self-defined compression algorithm;

the decompression module is used for carrying out decompression operation on the target compression dynamic library by utilizing a custom dynamic library loading function according to a custom decompression algorithm matched with the custom compression algorithm when the application program in the BMC calls the target dynamic library to obtain the target dynamic library;

the first memory monitoring module is used for placing the target dynamic library into the memory of the BMC and continuously monitoring whether the target dynamic library in the memory of the BMC is tampered by using the custom dynamic library loading function, wherein the custom dynamic library loading function is obtained after dynamic library decompression capability configuration and memory monitoring capability configuration are carried out on the system preset dynamic library loading function;

the first response module is used for carrying out decompression operation on a target compression dynamic library stored by the BMC again under the condition that the target dynamic library in the memory of the BMC is tampered to obtain a new target dynamic library, and calling the new target dynamic library through an application program in the BMC; and the BMC is used for calling the target dynamic library in the memory of the BMC through the application program in the BMC under the condition that the target dynamic library in the memory of the BMC is not tampered.

In a third aspect, an embodiment of the present application further provides an electronic device, which includes a memory, a processor, and a computer program stored on the memory, where the processor executes the computer program to implement the method for loading a dynamic library according to the first aspect.

In a fourth aspect, the present application further provides a computer readable storage medium, on which a computer program/instruction is stored, and when the computer program/instruction is executed by a processor, the computer program/instruction implements the method for loading a dynamic library according to the first aspect.

In a fifth aspect, the present application further provides a computer program product, which includes a computer program/instruction, and when executed by a processor, the computer program/instruction implements the method for loading a dynamic library according to the first aspect.

According to the technical scheme, the configuration of the dynamic library decompression capability and the memory monitoring capability is carried out by presetting the dynamic library loading function for the system of the BMC, so that the application program in the BMC has the capability of calling the compressed dynamic library and the capability of monitoring the tampering risk of the dynamic library put in the memory, the BMC dynamic library loading mode based on the binary source file structure can be converted into the BMC dynamic library loading mode based on the compressed file structure, the BMC stores the target dynamic library through the custom compressed file (namely the target compressed dynamic library), the target compressed dynamic library stored in the BMC can be prevented from being cracked by the universal decompression algorithm, the risk that the target dynamic library stored in the BMC is decompiled can be reduced, the continuous tampering risk monitoring is arranged on the dynamic library put in the memory after the application program is called in the process of calling the target compressed dynamic library by the application program, the risk that the application program is called to the tampered target dynamic library can be reduced, and the security of monitoring the BMC dynamic library is improved by presetting the dynamic library loading function for the BMC.

Drawings

In order to more clearly illustrate the embodiments of the present application, the drawings needed for the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.

Fig. 1 is a flowchart of an implementation of a method for loading a dynamic library according to an embodiment of the present application;

fig. 2 is a flowchart of an implementation of a method for securely loading a dynamic library according to an embodiment of the present application;

fig. 3 is a schematic structural diagram of a system for loading a dynamic library according to an embodiment of the present application;

fig. 4 is a schematic view of an electronic device according to an embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only some embodiments of the present application, and not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without any creative effort belong to the protection scope of the present application.

The terms "including" and "having," and any variations thereof, in the description and claims of this application and the drawings described above, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements but may include other steps or elements not expressly listed.

With the development of internet technology, the demands of various internet manufacturers on the server are continuously increased, and the safety requirements on the server are also continuously improved. The BMC is a special service processor, and is the core of IPMI (Intelligent Platform Management Interface). The BMC has an embedded system that operates independently, starts to operate after being powered on, and is often deployed as an independent unit on a motherboard or a main circuit board of a server, thereby monitoring and managing the operating state of the server. Therefore, whether the BMC (i.e., the application program in the BMC) can operate normally will directly affect the security performance of the server.

The dynamic library is widely applied to the BMC as a way of implementing a shared function library concept to support normal operation of an application program in the BMC. After the computer device compiles the source code to be shared into the dynamic library, the BMC puts the dynamic library into the memory in a lib so binary source file manner, thereby implementing the loading of the dynamic library. However, the dynamic library stored in the BMC in the binary source file manner is easily tampered and decompiled, and because the hardware of the BMC is already solidified and the CPU (Central Processing Unit) performance of the BMC is limited, the conventional code protection manners, such as the "biometric feature" identification technique and the source code virtualization protection and shell adding technique, cannot be applied to the BMC, so that the existing dynamic library loading manner has a great potential safety hazard. Among them, the "biometric" identification technology refers to PUF (Physical Unclonable Function), which is an imperfect silicon processing technology, so that each IC (Integrated Circuit Chip) is physically different, and between different ICs, these process variations are represented by different path delays, transistor threshold voltages, voltage gains, etc., and although these variations may be random between different ICs, once they are known to be definite and repeatable, the PUF can generate a unique encryption key for each IC by using the inherent differences in the IC behaviors, and thus code protection can be achieved by using the encryption key. But PUFs are difficult to apply in hardware-hardened BMCs due to the need to set up eligible (i.e., the inherent differences in IC behavior are not random) integrated circuits to generate "silicon fingerprints" (i.e., keys). The source code virtualization protection shell adding technology modifies the source code so that part of instructions of the source code run in a virtual environment created by the source code virtualization protection shell adding technology, but due to the CPU performance limitation of the existing BMC, the existing BMC is difficult to support the normal implementation of the source code virtualization protection shell adding technology.

In order to solve the problems in the related art, the application provides that the existing BMC dynamic library loading mode based on the binary source file structure is converted into the BMC dynamic library loading mode based on the custom compressed file structure, the target compressed dynamic library stored in the BMC can be prevented from being cracked by a general decompression algorithm, so that the risk of decompiling the target dynamic library stored in the BMC can be reduced, in the process of putting the dynamic library into a memory and calling the dynamic library by using an application program, continuous tampering risk monitoring is set for the dynamic library in the memory, the risk of calling the application program to the tampered dynamic library can be reduced, and therefore the safety of loading the BMC dynamic library is improved by configuring the custom decompression capability and the tampering risk monitoring capability for the system preset dynamic library loading function of the BMC.

The method for loading a dynamic library provided in the embodiments of the present application is described in detail below with reference to the accompanying drawings through some embodiments and application scenarios thereof.

In a first aspect, referring to fig. 1, an implementation flowchart of a method for loading a dynamic library provided in an embodiment of the present application is applied to a baseboard management controller BMC, and the method may include the following steps:

step S101: the method comprises the steps of obtaining a target compression dynamic library from computer equipment and storing the target compression dynamic library, wherein the target compression dynamic library is generated by compressing the target compression dynamic library by the computer equipment according to a custom compression algorithm.

In specific implementation, the computer device compiles and custom-compresses a source code to be shared to generate a target compressed dynamic library, and after the target compressed dynamic library is generated, the target compressed dynamic library is placed into a storage file of the computer device such as a system lib directory and the like for being read by the BMC. And the BMC loads the target compression dynamic library in the storage file into a storage area of the BMC so as to call an application program in the BMC. It can be understood that by applying the custom compression technology of the data and the matched custom decompression technology to the dynamic library loading process of the BMC, an effective code protection mode can be provided for dynamic library sharing between the computer device and the BMC on the basis of not changing the original firmware and the CPU performance of the BMC, and the risk of decompiling the dynamic library stored in the BMC can be reduced, so that the loading safety of the BMC dynamic library can be improved.

As a possible implementation manner, the BMC may obtain a target encrypted dynamic library from the computer device, where the target encrypted dynamic library is generated by the computer device performing an encryption operation on the target compressed dynamic library according to an encryption algorithm; and according to the decryption algorithm matched with the encryption algorithm, carrying out decryption operation on the target encryption dynamic library by using the self-defined dynamic library loading function to obtain the target compression dynamic library, wherein the self-defined dynamic library loading function is obtained after carrying out dynamic library decompression capability configuration and dynamic library decryption capability configuration on a system preset dynamic library loading function.

In specific implementation, after the computer device generates the target compressed dynamic library, the computer device may perform an encryption operation on the target compressed dynamic library to generate a target encrypted dynamic library, and then place the target encrypted dynamic library in the system lib directory. And the BMC then decrypts the target encrypted dynamic library in the system lib directory to obtain the target dynamic library. It can be understood that by applying the custom compression technology of the data and the custom decompression technology matched with the custom compression technology, and the encryption technology and the decryption technology matched with the encryption technology to the dynamic library loading process of the BMC, the risk that the dynamic library in the BMC is decompiled can be further reduced on the basis of not changing the original firmware and the CPU performance of the BMC. For the encryption and decryption operations of the dynamic library, the details of steps (3) and (4) in the method for securely loading the dynamic library described below will be described, and are not described herein again.

Step S102: and when the application program in the BMC calls the target dynamic library, decompressing the target dynamic library by using a custom dynamic library loading function according to a custom decompression algorithm matched with the custom compression algorithm to obtain the target dynamic library.

The user-defined dynamic library loading function is obtained by configuring the dynamic library decompression capability of a dlopen interface preset by the system.

In specific implementation, when an application program in the BMC needs to call a function in the target compressed dynamic library, a custom dynamic library loading function (e.g., a custom dlopen interface) may be used to apply for a heap memory (the heap memory is another memory area different from the stack area, the global data area, and the code area, and allows the program to dynamically apply for a certain size of memory space during running), and the target compressed dynamic library is decompressed into the heap memory according to a custom decompression algorithm. It can be understood that the data volume of the dynamic library can be reduced by compressing the compiled source code, so that the efficiency of loading the dynamic library into the BMC storage area by the BMC is improved, and meanwhile, the target dynamic library (i.e., the compiled source code) is correspondingly compressed and decompressed by negotiating a set of matched custom compression algorithm and custom decompression algorithm between the computer device and the BMC, so that malicious programs can be effectively prevented from cracking and decompiling the target compressed dynamic library by using a general decompression algorithm, and the safety of loading the dynamic library by the BMC is further improved. In which, for the compression and decompression operations of the dynamic library, the steps (2) and (5) in a method for securely loading the dynamic library described below will be described in detail.

As a possible implementation manner, the BMC may further perform dynamic library verification on the target compressed dynamic library by using the custom dynamic library loading function, and then perform decompression operation on the target compressed dynamic library that passes the dynamic library verification. The dynamic library verification comprises at least one of dynamic library integrity verification and dynamic library correctness verification, and the custom dynamic library loading function is a system preset dynamic library loading function configured with dynamic library decryption capability and dynamic library verification capability.

In specific implementation, the BMC may perform decryption operation on the target encrypted dynamic library in the computer device to obtain a decrypted dynamic library, perform dynamic library verification (such as dynamic library integrity verification and/or dynamic library correctness verification) on the decrypted dynamic library, and determine the decrypted dynamic library that passes the dynamic library verification as the target compressed dynamic library, thereby ensuring data integrity and correctness of the target compressed dynamic library obtained after decryption. For the verification operation of the dynamic library, the detailed description will be given in step (4) of the method for securely loading the dynamic library, which is described below and is not described herein again.

Step S103: and placing the target dynamic library into the memory of the BMC, and continuously monitoring whether the target dynamic library in the memory of the BMC is tampered by using the customized dynamic library loading function, wherein the customized dynamic library loading function is obtained after dynamic library decompression capability configuration and memory monitoring capability configuration are carried out on the system preset dynamic library loading function.

Step S104: and under the condition that the target dynamic library in the memory of the BMC is tampered, carrying out decompression operation on the target compression dynamic library stored by the BMC again to obtain a new target dynamic library, and calling the new target dynamic library through an application program in the BMC.

Step S105: and under the condition that the target dynamic library in the memory of the BMC is not tampered, calling the target dynamic in the memory of the BMC through an application program in the BMC.

In specific implementation, when the user-defined dynamic library loading function decompresses the target compressed dynamic library to obtain the target dynamic library, the application program in the BMC may call each function in the target dynamic library according to the memory address where the target dynamic library is located, wherein to avoid malicious programs from tampering the target dynamic library in the memory, the memory area where the target dynamic library is located may be set to be only accessible to a specific application program (such as an application program currently calling the target dynamic library) in the BMC, and after the specific application program completes the call of the target dynamic library, the target dynamic library in the memory area is removed.

In order to avoid malicious tampering of the target dynamic library decompressed in the memory of the BMC in the process of calling the target dynamic library by an application program in the BMC, the BMC can put the target dynamic library into the memory of the BMC; continuously monitoring whether a target dynamic library in the memory of the BMC is tampered or not by utilizing the self-defined dynamic library loading function, wherein the self-defined dynamic library loading function is obtained after dynamic library decompression capability configuration and memory monitoring capability configuration are carried out on the system preset dynamic library loading function; when the target dynamic library in the memory of the BMC is tampered, carrying out decompression operation on the target compressed dynamic library stored by the BMC again to obtain a new target dynamic library, and calling the new target dynamic library through an application program in the BMC; and under the condition that the target dynamic library in the memory of the BMC is not tampered, calling the target dynamic library in the memory of the BMC through an application program in the BMC.

In specific implementation, when the application program in the BMC calls the target compressed dynamic library, the application program in the BMC may use the custom dlopen interface to apply for a heap memory in the BMC, use the heap memory as a target memory block, decompress the target compressed dynamic library to the target memory block by using the custom dlopen interface, and then continuously monitor whether a data modification operation on the target memory block (i.e., a memory region corresponding to the target dynamic library) exists, for example, the custom dlopen interface may monitor data (i.e., a dynamic library) in the target memory block in real time, so as to detect whether the data modification operation on the target memory block exists according to data changes (e.g., changes in data size) in the target memory block. It can be understood that the dlopen interface can know whether the target dynamic library in the target memory block is at risk of being tampered or not in time by detecting the data modification operation of the target memory block, thereby implementing security detection for the target dynamic library in the BMC. When the custom dlopen interface detects that the data modification operation on the target memory block does not exist, it indicates that the target dynamic library in the memory of the BMC is not tampered, the application program in the BMC can call the target dynamic library in the target memory block, and when the custom dlopen interface detects that the data modification operation on the target memory block exists, it indicates that the target dynamic library in the memory of the BMC is tampered, at this time, the target dynamic library in the target memory block can be cleared, and a new target dynamic library is placed into the target memory block to be called by the application program. The target dynamic compression library in the BMC storage area may be decompressed again to obtain a new target dynamic library, or the target dynamic compression library may be obtained again from the computer device in consideration of the risk of being removed or tampered with the target dynamic compression library in the BMC storage area, and the target dynamic compression library is decompressed to obtain a new target dynamic library. It can be understood that by setting memory monitoring on the BMC memory into which the target dynamic library is placed, the risk that an application program in the BMC is called to the target dynamic library that is maliciously tampered with can be reduced, and the security of loading the dynamic library by the BMC is further improved.

The above technical solution is further explained with reference to fig. 2. As shown in fig. 2, an embodiment of the present application provides a method for securely loading a dynamic library, including:

(1) And compiling the source code to be shared by the computer equipment and generating a target dynamic library.

The target dynamic library is a library which can contain codes and data which can be used by a plurality of application programs simultaneously, namely, the dynamic library can contain one or more functions which are compiled, linked and stored separately from the processes using the functions, and the executable codes of the functions are put into the dynamic link library, so that the processes of the application programs can flexibly call the functions which do not belong to the executable codes, thereby realizing code sharing.

(2) And the computer equipment performs compression operation on the dynamic library according to the custom compression algorithm to obtain a target compressed dynamic library.

In particular, a set of matching custom compression algorithms and custom decompression algorithms may be negotiated between the computer device and the BMC. Illustratively, the process of custom compression of the target dynamic library by the computer device may include: the method comprises the steps of obtaining data characters of a target dynamic library, obtaining custom codes corresponding to the data characters through a specific mode (such as a Hash algorithm) according to standard codes of the data characters, wherein the bit number of the custom codes is smaller than that of the corresponding standard codes, and therefore custom compression can be achieved on the target dynamic library according to the custom codes corresponding to the data characters. The specific mode which is negotiated between the computer equipment and the BMC and used for determining the custom coding can correspondingly generate a custom compression algorithm and a custom decompression algorithm which are matched with each other.

(3) The computer device uses an AES (Advanced Encryption Standard) symmetric Encryption algorithm, encrypts the target compressed dynamic library by using the public key to obtain a target encrypted dynamic library, and places the public key and the target encrypted dynamic library into a system lib directory.

Wherein, in the symmetric encryption algorithm, the key used for encryption and decryption is the same. The key is generated by negotiation between a receiver and a sender (namely, the BMC and the computer storage device), and the generated key is secretly shared between the BMC and the computer storage device, for example, the computer storage device can encrypt the key through an asymmetric encryption algorithm, and then share the encrypted key to the BMC, so that the encrypted dynamic library is prevented from being restored by an attacker due to key leakage, and decompilation is performed. It will be appreciated that an asymmetric cryptographic algorithm is a secret method of keys that requires two asymmetric keys: public key and privatekey. The public key and the private key are a pair, and if the public key is used to encrypt the key, only the corresponding private key can be used to decrypt the key. For example, a process of encrypting a key using an asymmetric encryption algorithm may include: the BMC generates a pair of asymmetric keys, a public key in the asymmetric keys is public, the computer equipment encrypts the keys by using the public key in the asymmetric keys and then stores the keys in the system lib directory, the BMC decrypts the encrypted keys by using a private key of the BMC after reading the encrypted keys from the system lib directory, and then the decrypted keys are used for executing decryption operation on a target encrypted dynamic library in the system lib directory.

Illustratively, when the compressed dynamic library is encrypted by using the AES symmetric encryption algorithm, the target compressed dynamic library is divided into a plurality of groups of data, each group of data has the same length (the packet length is usually 128 bits, that is, each packet has 16 bytes), the length of the key can be 128 bits, 192 bits or 256 bits, the length of the key is different, and the recommended number of encryption rounds is also different. Taking AES-128 as an example, when the length of the key is 128 bits, it is recommended that the number of encryption rounds is 10 rounds, that is, ten times of round functions in the encryption function need to be executed, where the same round functions from round 1 to round 9 of encryption include 4 operations: byte substitution, row displacement, column mixing and round key addition; the column mixing is not executed in the last iteration, and before the first iteration, the target compressed dynamic library and the key are subjected to one exclusive or encryption operation. After 10 rounds of iterative encryption are performed on the compressed dynamic library by using the round function, the target encrypted dynamic library can be obtained. It is understood that the decryption function is the inverse operation of the encryption function, i.e. one round of the decryption function is to sequentially perform reverse shift, reverse byte substitution, round key addition and reverse column mixing, and similar to the encryption function, the last round of the decryption function does not perform reverse column mixing, and 1 key addition operation is performed before the 1 st round of decryption.

(4) And reading a public key and a target encryption dynamic library in a system lib directory through a custom dlopen interface in the BMC. And carrying out decryption verification operation on the target encryption dynamic library according to the public key.

In specific implementation, in order to ensure the correctness and integrity of the target compressed dynamic library obtained after the BMC decrypts, a custom dlopen interface may be set to perform dynamic library verification on the obtained target compressed dynamic library after decrypting the target encrypted dynamic library. Under the condition that the dynamic library verification comprises dynamic library integrity verification, the dynamic library integrity verification can be realized through data signatures (direct signatures or indirect signatures), taking direct signatures as an example, a computer device needs to encrypt a target compressed database by using a private key in a digital signature of the computer device (the step can be executed before AES symmetric encryption operation, or can be directly used as encryption operation), then a BMC decrypts the target compressed database encrypted by using a public key corresponding to the digital signature of the computer device, if the BMC decryption is successful, the target compressed dynamic library is not tampered, and at this time, the dynamic library integrity verification (namely, dynamic library verification) can be judged to be passed. Under the condition that the verification of the dynamic library comprises the verification of the correctness of the dynamic library, the computer equipment can process part of data of the target compressed dynamic library by using operation modes such as Hash operation and the like to obtain first additional information, encrypt the combination of the compressed dynamic library and the first additional information, and use a ciphertext obtained after encryption as the target encrypted dynamic library. The BMC may obtain a combination of the target compressed dynamic library and the first additional information after decrypting the target encrypted dynamic library, at this time, the BMC needs to process the same part of data of the target compressed dynamic library in the same operation manner to obtain the second additional information, and if the first additional information is the same as the second additional information, it indicates that the BMC decrypts the target encrypted dynamic library to obtain a correct target compressed dynamic library (that is, the target compressed dynamic library is the same as the target compressed dynamic library generated by the computer device), and at this time, it may be determined that the correctness verification of the dynamic library (that is, the dynamic library verification) is passed. It will be appreciated that the target compressed dynamic library that has not passed the dynamic library validation may be discarded directly and retrieved from the computer device and loaded.

(5) After the dynamic library is verified, when the target dynamic library is called by an application program in the BMC, a user-defined dlopen interface is used for applying for a heap memory, the target compressed dynamic library is decompressed into the heap memory, a heap memory pointer is returned, meanwhile, the heap memory is monitored, and if the heap memory is modified (namely the target dynamic library in the memory of the BMC is tampered), the dynamic library is reloaded.

The heap memory pointer is used for indicating the function name of each function in the target dynamic library and the memory address of the target dynamic library.

When the method is implemented specifically, the BMC uses the custom dlopen interface to place the target dynamic library into the heap memory and simultaneously monitor data (namely the target dynamic library) in the heap memory in real time, and once the size of the data in the heap memory changes, the BMC determines that data modification operation on the heap memory exists, namely the target dynamic library in the heap memory is at risk of being maliciously tampered, immediately uses the custom dlopen interface to reacquire the target dynamic library, and uses the reacquired target dynamic library to cover the original target dynamic library in the heap memory, so that the application program in the BMC is prevented from calling the target dynamic library which is possibly maliciously tampered in the heap memory subsequently, and the security of BMC dynamic library loading is further improved by setting a memory monitoring and dynamic library reloading mechanism.

(6) After the custom dlopen interface returns the heap memory pointer to the application program, the application program may obtain, according to the heap memory pointer, a function name of the target function and a memory address corresponding to the target function, where the target function is at least one function in a target dynamic library that needs to be called by the application program in the BMC. And determining a memory area where the target function is located according to the function name and the memory block address, and calling the target function according to the memory area.

The function can be called through a system preset interface of the BMC such as a dlsym interface, and the memory address of the target function is returned according to the function name corresponding to the target function and the memory address of the target dynamic library, so that the memory area where the target function is located is indicated to the application program. It is understood that the dlopen interface is a library function, which is used to open a new library (e.g., a target dynamic library) and load it into the memory, and when the target dynamic library is loaded into the memory, the handle returned by the dlopen interface can be used as the first parameter to the dlsym interface to obtain the memory address of the target function, and using this memory address, the pointer to the target function in the dynamic library can be obtained, and the target function in the dynamic library can be called.

As a possible implementation manner, a system preset interface call function such as a dlsym interface can be set in a user-defined manner, so that the system preset interface call function has the capability of monitoring the memory area where the target function is located. Exemplarily, a custom interface calling function (such as a custom dlsym interface) is used for judging whether a target function in a memory of the BMC is tampered, wherein the custom interface calling function is obtained after memory monitoring capability configuration is performed on the system preset interface calling function; and calling the target function in the memory of the BMC in the application program by using a custom dlsym interface under the condition that the target function is not tampered.

In specific implementation, before the target function is called through an application program, whether a data modification operation on the memory area exists or not can be detected through a custom dlsym interface, and under the condition that the data modification operation on the memory area exists (namely the target function is tampered), the custom dlsym interface can be waited to find that a target dynamic library where the target function is located is tampered, or the custom dlsym interface directly informs the target dynamic library where the target function is located of the custom dlopen interface, so that the target dynamic library corresponding to the target function is reloaded to a BMC memory area through the custom dlsym interface, and the application program calls the reloaded target dynamic library through the custom dlsym interface; in the absence of data modification operations to the memory region, the application may directly call a target function in the memory region using a dlsym interface.

It is understood that, although the memory area where the target dynamic library is located is monitored by using the dlopen interface in the foregoing, the dlsym interface may still call the tampered target function because the dlopen interface may periodically monitor the memory area or may not timely perform the dynamic library reloading operation on the modified target dynamic library. Therefore, in the process of calling the target function by the application program, whether the target function in the BMC memory is tampered is detected by setting the custom dlsym interface, so that the phenomenon that the tampered target function is mistakenly called by the dlsym interface when the function is called can be effectively avoided, and the safe operation of the BMC can be guaranteed.

In the method for loading a dynamic library provided in the above embodiment, the originally generated target dynamic library is subjected to custom compression by the computer device, the target dynamic library file subjected to custom compression is subjected to encryption operation, and the target encrypted dynamic library is generated and then placed in the system lib directory. When the BMC loads the target dynamic library, the BMC needs to decrypt the target encrypted dynamic library first and then load the decrypted target compressed dynamic library into the memory after custom decompression so as to be called by an application program, thereby preventing the target dynamic library from being decompiled in the BMC loading process. Meanwhile, a memory monitoring mechanism is arranged in the memory area where the target dynamic library is located, and the target dynamic library is reloaded if the target dynamic library in the memory is judged to be tampered, so that the safe loading of the BMC dynamic library is realized by adding operations such as custom decompression, decryption verification, memory monitoring, reloading and the like to the loading process of the target dynamic library.

In a second aspect, an embodiment of the present application provides a system for loading a dynamic library, as shown in fig. 3, the system for loading a dynamic library includes:

an obtaining module 21, configured to obtain a target compressed dynamic library from a computer device and store the target compressed dynamic library, where the target compressed dynamic library is generated by performing a compression operation on a target dynamic library by the computer device according to a custom compression algorithm;

the decompression module 22 is configured to, when the application program in the BMC calls the target dynamic library, perform a decompression operation on the target dynamic compression library by using a custom dynamic library loading function according to a custom decompression algorithm matched with the custom compression algorithm to obtain the target dynamic library;

the first memory monitoring module 23 is configured to place the target dynamic library into the memory of the BMC, and continuously monitor whether the target dynamic library in the memory of the BMC is tampered with by using the customized dynamic library loading function, where the customized dynamic library loading function is obtained after performing dynamic library decompression capability configuration and memory monitoring capability configuration on the system preset dynamic library loading function;

the first response module 24 is configured to, when the target dynamic library in the memory of the BMC is tampered, decompress the target compressed dynamic library stored by the BMC again to obtain a new target dynamic library, and call the new target dynamic library through an application program in the BMC; and the BMC is used for calling the target dynamic library in the memory of the BMC through the application program in the BMC under the condition that the target dynamic library in the memory of the BMC is not tampered.

Optionally, the first memory monitoring module 23 includes a first memory monitoring submodule;

the first memory monitoring submodule is used for continuously monitoring whether data modification operation on a memory area corresponding to the target dynamic library exists or not by utilizing the self-defined dynamic library loading function; in response to the data modification operation of the memory area corresponding to the target dynamic library, judging that the target dynamic library in the memory of the BMC is tampered; and in response to the absence of the data modification operation on the memory area corresponding to the target dynamic library, determining that the target dynamic library in the memory of the BMC is not tampered.

Optionally, the first response module 24 includes a second memory monitoring module and a second response module;

the second memory monitoring module is used for judging whether a target function in the memory of the BMC is tampered or not by utilizing a custom interface calling function, wherein the target function is at least one function in a target dynamic library required to be called by an application program in the BMC, and the custom interface calling function is obtained after memory monitoring capability configuration is carried out on the system preset interface calling function;

the second response module is configured to call a function using the custom interface and call a target function in the memory of the BMC in the application program when the target function is not tampered.

Optionally, the obtaining module 21 includes an obtaining sub-module and a decryption module;

the obtaining submodule is used for obtaining a target encryption dynamic library from the computer equipment, and the target encryption dynamic library is generated by the computer equipment through encryption operation on the target compression dynamic library according to an encryption algorithm;

and the decryption module is used for decrypting the target encrypted dynamic library by utilizing the self-defined dynamic library loading function according to the decryption algorithm matched with the encryption algorithm to obtain the target compressed dynamic library, wherein the self-defined dynamic library loading function is obtained after dynamic library decompression capacity configuration, memory monitoring capacity configuration and dynamic library decryption capacity configuration are carried out on a system preset dynamic library loading function.

Optionally, the system for loading a dynamic library further includes a dynamic library verification module, and the decompression module 22 includes a decompression sub-module;

the dynamic library verification module is used for performing dynamic library verification on the target compression dynamic library by using the self-defined dynamic library loading function, wherein the dynamic library verification comprises at least one of dynamic library integrity verification and dynamic library correctness verification, and the self-defined dynamic library loading function is obtained after dynamic library decompression capacity configuration, memory monitoring capacity configuration, dynamic library verification capacity configuration and dynamic library decryption capacity configuration are performed on a system preset dynamic library loading function;

and the decompression submodule is used for carrying out decompression operation on the target compression dynamic library which passes the verification of the dynamic library.

Optionally, the custom dynamic library loading function is obtained after dynamic library decompression capability configuration is performed on a dlopen interface preset by the system.

The system for loading a dynamic library according to the embodiment of the present application can implement each process implemented by the method for loading a dynamic library according to the first aspect, and is not described here again to avoid repetition.

An electronic device is further provided in the embodiment of the present application, and referring to fig. 4, fig. 4 is a schematic diagram of the electronic device provided in the embodiment of the present application. As shown in fig. 4, the electronic apparatus 100 includes: the memory 110 and the processor 120 are connected through a bus in a communication manner, the memory 110 and the processor 120 are stored with a computer program, and the computer program can be executed on the processor 120, so as to implement the steps in the method for loading a dynamic library disclosed in the embodiment of the present application.

Embodiments of the present application also provide a computer-readable storage medium, on which a computer program/instruction is stored, and when the computer program/instruction is executed by a processor, the method for loading a dynamic library is implemented as disclosed in the embodiments of the present application.

Embodiments of the present application further provide a computer program product, which includes a computer program/instruction, and when executed by a processor, the computer program/instruction implements the method for loading a dynamic library as disclosed in the embodiments of the present application.

The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, apparatus or computer program product. Accordingly, embodiments of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, systems, devices, storage media and program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While preferred embodiments of the present application have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the true scope of the embodiments of the application.

Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrases "comprising one of \ 8230; \8230;" does not exclude the presence of additional like elements in a process, method, article, or terminal device that comprises the element.

The method, system, device, storage medium and program product for loading a dynamic library provided by the present application are introduced in detail, and a specific example is applied in the present application to explain the principle and the implementation manner of the present application, and the description of the above embodiment is only used to help understand the method and the core idea of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.

Claims

1. A method for loading a dynamic library, which is applied to a Baseboard Management Controller (BMC), comprises the following steps:

2. The method of claim 1, wherein the continuously monitoring whether a target dynamic library in the memory of the BMC is tampered comprises:

continuously monitoring whether data modification operation on a memory area corresponding to the target dynamic library exists or not by utilizing the self-defined dynamic library loading function;

responding to the existence of data modification operation on a memory area corresponding to the target dynamic library, and judging that the target dynamic library in the memory of the BMC is tampered;

3. The method of claim 1, wherein the invoking, by an application in the BMC, a target dynamic library in a memory of the BMC comprises:

4. The method of claim 3, wherein the custom interface call function is obtained after configuring the memory monitoring capability of the dlsym interface preset by the system.

5. The method of claim 1, wherein obtaining the target compressed dynamic library from the computer device comprises:

and according to the decryption algorithm matched with the encryption algorithm, decrypting the target encryption dynamic library by using the self-defined dynamic library loading function to obtain the target compression dynamic library, wherein the self-defined dynamic library loading function is obtained after dynamic library decompression capability configuration, memory monitoring capability configuration and dynamic library decryption capability configuration are carried out on a system preset dynamic library loading function.

6. The method of claim 5, wherein before the decompressing the target compressed dynamic library, further comprising:

the decompressing operation of the target compressed dynamic library comprises:

7. The method according to any one of claims 1 to 6, wherein the customized dynamic library loading function is obtained after the dynamic library decompression capability configuration and the memory monitoring capability configuration are performed on a dlopen interface preset by the system.

8. A system for loading dynamic libraries, which is applied to a Baseboard Management Controller (BMC), comprises:

the system comprises an acquisition module, a compression module and a compression module, wherein the acquisition module is used for acquiring a target compression dynamic library from computer equipment and storing the target compression dynamic library, and the target compression dynamic library is generated by compressing the target compression dynamic library by the computer equipment according to a custom compression algorithm;

the decompression module is used for decompressing the target compression dynamic library by utilizing a custom dynamic library loading function according to a custom decompression algorithm matched with the custom compression algorithm when the target dynamic library is called by an application program in the BMC to obtain the target dynamic library;

the first response module is used for carrying out decompression operation on a target compression dynamic library stored by the BMC again under the condition that the target dynamic library in the memory of the BMC is tampered to obtain a new target dynamic library, and calling the new target dynamic library through an application program in the BMC;

and the second response module is used for calling the target dynamic library in the memory of the BMC through the application program in the BMC under the condition that the target dynamic library in the memory of the BMC is not tampered.

9. An electronic device comprising a memory, a processor and a computer program stored on the memory, wherein the processor executes the computer program to implement the method of loading a dynamic library as claimed in any one of claims 1 to 7.

10. A computer-readable storage medium, on which a computer program/instructions are stored, which, when executed by a processor, implement a method of loading a dynamic library as claimed in any one of claims 1 to 7.

11. A computer program product comprising computer programs/instructions, characterized in that the computer programs/instructions, when executed by a processor, implement a method of loading a dynamic library as claimed in any one of claims 1 to 7.