CN116305247B - Sensitive information detection method and system for process data of vehicle-mounted application software - Google Patents

Sensitive information detection method and system for process data of vehicle-mounted application software Download PDF

Info

Publication number
CN116305247B
CN116305247B CN202310080598.9A CN202310080598A CN116305247B CN 116305247 B CN116305247 B CN 116305247B CN 202310080598 A CN202310080598 A CN 202310080598A CN 116305247 B CN116305247 B CN 116305247B
Authority
CN
China
Prior art keywords
sensitive information
data
application software
analysis
matching
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310080598.9A
Other languages
Chinese (zh)
Other versions
CN116305247A (en
Inventor
朱凯
尹兴亮
赵焕宇
袁平
刘义东
宋雪冬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Weichen Information Technology Co ltd
Original Assignee
Guangdong Weichen Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Weichen Information Technology Co ltd filed Critical Guangdong Weichen Information Technology Co ltd
Priority to CN202310080598.9A priority Critical patent/CN116305247B/en
Publication of CN116305247A publication Critical patent/CN116305247A/en
Application granted granted Critical
Publication of CN116305247B publication Critical patent/CN116305247B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6281Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Medical Informatics (AREA)
  • Stored Programmes (AREA)

Abstract

The invention relates to the technical field of data security of automobile application software, in particular to a sensitive information detection method and a sensitive information detection system of process data of vehicle-mounted application software, comprising the following steps: s1: capturing an application software starting state; s2: marking associated process information; s3: starting process state tracking; s4: dumping process data; s5: executing the grammar tree to detect the sensitive information; s6: a sensitive information analysis report is generated. The invention can realize automatic detection and report generation of the sensitive information of the process data of the automobile application software, and improves the process data analysis efficiency, thereby ensuring the safety of the interactive data of the automobile application software.

Description

Sensitive information detection method and system for process data of vehicle-mounted application software
Technical Field
The invention relates to the technical field of data security of automobile application software, in particular to a sensitive information detection method and system of process data of vehicle-mounted application software.
Background
Along with the popularization of intelligent network automobiles, the functions of vehicle-mounted interactive equipment are more and more complex, the quantity of the rapidly increased application software also greatly increases the interactive process data quantity, and when the interactivity of the application software functions on the automobiles is increasingly diversified, it becomes impractical to analyze whether the application software process data have corresponding sensitive information only manually.
The automobile industry is different from the traditional internet industry, has quite high standard and requirement on the safety of application software, and the problem of data safety of the application software can cause serious information leakage on an automobile, however, the research on the process data analysis of the application software of the automobile is quite few at present. Therefore, the research on the analysis rules and the analysis methods of the process data of the automobile application software is beneficial to the safe and healthy development of the automobile and software industry.
Although some open source tools can realize analysis of application software process data at present, the problems that parameters and commands are required to be manually input and manual screening is required from analysis results still exist, and automatic analysis cannot be completed. It is therefore necessary to develop an automated method of analyzing application software process data.
Disclosure of Invention
The invention provides a method and a system for detecting sensitive information of process data of vehicle-mounted application software, which can realize automatic analysis and report generation of the process data of the vehicle-mounted application software, improve the detection efficiency of the sensitive information of the process data and further ensure the data security of the vehicle-mounted application software.
The invention relates to a sensitive information detection method of vehicle-mounted application software process data, which comprises the following steps:
S1: capturing the starting state of the application software to be detected;
S2: marking the associated process information according to the acquired application software state;
S3: according to the marked application software process information, carrying out corresponding process state tracking on the application software to be detected;
s4: starting a memory data dump service program of a corresponding process according to the tracked process state, and generating corresponding character data from memory data in a binary format through a visible character extraction program according to the memory data which is successfully dumped;
S5: matching the character data obtained in the step S4 through analysis rules in the sensitive information analysis module, judging that the piece of data has corresponding sensitive information if the matching is successful, recording key sensitive information of the piece of data, and judging that the piece of data has no related sensitive information if the matching is failed;
S6: and (5) summarizing and sorting the detection result of the sensitive information obtained in the step (S5) into a sensitive information analysis report and outputting the sensitive information analysis report.
Preferably, the specific method for marking the process information in step S2 is as follows: and marking downwards step by step from the main process of the application software to be detected, if the process state is found to be the running state, recording the related process number.
Preferably, the matching of the sensitive information in step S5 is implemented based on an abstract syntax tree matching mechanism.
The invention provides a sensitive information detection system of vehicle-mounted application software process data, which adopts the sensitive information detection method of the vehicle-mounted application software process data and comprises a data management module, an analysis rule base module, a sensitive information analysis module and a report generation module, wherein:
The data management module is used for capturing the process information of the application software to be detected, and tracking and data dumping the process information;
the analysis rule base module is used for storing analysis rules corresponding to each sensitive data type of the application software;
The sensitive information analysis module is used for reading corresponding analysis rules from the analysis rule base module according to the type of sensitive information to be analyzed selected by a user, and then carrying out sensitive information analysis according to the following steps:
1) Extracting visible characters from dump data of the application software to be detected to generate a text file of the visible character data;
2) Starting the corresponding analysis sub-level task number according to the total text size of the visible character data file;
3) Distributing corresponding data content to corresponding analysis subtask function according to the number of analysis subtasks, matching the extracted data with corresponding sensitive information in an analysis rule, if the matching is successful, judging that the piece of data has the corresponding sensitive information, recording key sensitive information of the piece of data, sending the key sensitive information to a report generating module, and if the matching is failed, judging that the piece of data has no related sensitive information;
And the report generation module is used for summarizing and arranging the received sensitive information detection results of all the subtasks into a sensitive information analysis report and outputting the sensitive information analysis report.
According to the type of sensitive information to be analyzed, a corresponding sensitive information analysis rule is set, visible character extraction is carried out on dump data of automobile application software to be detected, a visible character data text file is generated, the number of corresponding analysis sub-level tasks is started according to the total text size of the visible character data file, and finally, key sensitive information successfully matched is recorded and a report is generated according to the function of detection tasks. The invention can realize automatic detection and report generation of the sensitive information of the process data of the automobile application software, and improves the process data analysis efficiency, thereby ensuring the safety of the interactive data of the automobile application software.
Drawings
FIG. 1 is a flow chart of a method for detecting sensitive information of process data of vehicle-mounted application software in an embodiment;
FIG. 2 is a flow chart of extracting automotive application process data in an embodiment;
FIG. 3 is a flow diagram of sensitive information detection for extracted data in an embodiment;
FIG. 4 is a block diagram of a sensitive information detection system for process data of an in-vehicle application in an embodiment.
Detailed Description
For a further understanding of the present invention, the present invention will be described in detail with reference to the drawings and examples. It is to be understood that the examples are illustrative of the present invention and are not intended to be limiting.
Examples
As shown in fig. 1, the present embodiment provides a method for detecting sensitive information of process data of vehicle-mounted application software, which includes the following steps:
s1: capturing an application software starting state;
Capturing the starting state of the application software to be detected;
And capturing a corresponding application software starting state according to the application software to be analyzed. There are various states in the starting of the automobile application software, such as an Active/Running state, a pause (Paused) state, a stop (stop) state, and an inactive (read) state, and in order to detect the process data of the application software, it is required to capture whether the application software successfully enters the Active state.
S2: marking associated process information;
marking the associated process information according to the acquired application software state;
The specific method for marking the process information in the step S2 is as follows: and marking downwards step by step from the main process of the application software to be detected, if the process state is found to be the running state, recording the related process number.
The specific method for carrying out the associated process PID marking on the automobile application software to be detected comprises the following steps: and scanning downwards step by step from the main process of the automobile application software to be detected, if the associated subprocess is found, recording the PID of the current process.
S3: starting process state tracking;
according to the marked application software process information, carrying out corresponding process state tracking on the application software to be detected;
And starting process state tracking in a periodical query mode in the whole detection process according to the marked application software process PID, if the corresponding process is captured to be in an active state, placing the current process PID in a task queue for data dumping, if the corresponding process is captured to be in an inactive state, and removing the current process PID from the task queue for data dumping.
S4: dumping process data;
Starting a memory data dump service program of a corresponding process according to the tracked process state, and generating corresponding character data from memory data in a binary format through a visible character extraction program according to the memory data which is successfully dumped;
And a task queue for dumping according to the formed data. FIG. 2 is a flowchart of an embodiment of extracting process data for automotive applications. As shown in fig. 2, the data DUMP function program needs to acquire the PID corresponding to the activity from the task queue of the data DUMP, then DUMP (DUMP) the memory data of the process, and DUMP the process data in the task queue of the data DUMP successively and record and summarize. Because the associated process memory data is dumped, the original state of the data is in a Binary (BIN) format, character extraction is needed to be carried out on the original data for subsequent sensitive information analysis, and finally a text format which is convenient to detect is generated.
S5: executing the grammar tree to detect the sensitive information;
Matching the character data obtained in the step S4 through analysis rules in the sensitive information analysis module, judging that the piece of data has corresponding sensitive information if the matching is successful, recording key sensitive information of the piece of data, and judging that the piece of data has no related sensitive information if the matching is failed; in step S5, the matching of the sensitive information is implemented based on an abstract syntax tree matching mechanism.
And importing the generated text to be detected, transmitting the detection rule list parameters and tasks to be executed to an analysis task manager by an analysis initialization program according to the total size of the text to be detected, starting a corresponding analysis subtask number according to the actual condition by the parameter task manager, matching the content in the detection text with the detection rule list parameters corresponding to the analysis rules, judging that the data has corresponding sensitive information if the matching is successful, recording key sensitive information of the data, and judging that the data does not have related sensitive information if the matching is failed. The specific method for matching the sensitive information comprises the following steps: the source data content is acquired by line, the attempt is started from the head of the data source, the whole expression is failed to match when the character string is matched to a certain position, then the engine drives the rule forward, the whole expression starts to retry the matching after moving backwards from the position of the head, and the like until the matching is reported to be successful or the matching is reported to be failed after the last position is tried. In this embodiment, an abstract syntax tree matching (AST MATCHERS) mechanism is used to complete the matching of sensitive information, and mainly an indeterminate finite automaton (NFA, non-DETERMINISTIC FINITE automaton) is used, and after the matching is initiated, the mechanism goes back until the longest matching at the leftmost side is found, until the matching is cut off.
FIG. 3 is a flow chart of an embodiment of sensitive information detection for extracted data. As shown in fig. 3, the present process presents a high cohesive and low coupling framework of the whole sensitive information analysis engine, wherein the analysis task manager can make corresponding task assignment for the relevant parameters of the source data and the analysis rule base, so that the analysis engine efficiency reaches the optimum.
S6: generating a sensitive information analysis report;
And (5) summarizing and sorting the detection result of the sensitive information obtained in the step (S5) into a sensitive information analysis report and outputting the sensitive information analysis report. In the sensitive information analysis report, besides the position of the display program block, statistics can be performed on the occurrence of the sensitive information.
As shown in fig. 4, the present embodiment provides a system for detecting sensitive information of vehicle-mounted application software process data, which adopts the method for detecting sensitive information of vehicle-mounted application software process data as described above, and includes a data management module, an analysis rule base module, a sensitive information analysis module, and a report generation module, where:
The data management module is used for capturing the process information of the application software to be detected, and tracking and data dumping the process information;
the analysis rule base module is used for storing analysis rules corresponding to each sensitive data type of the application software;
The sensitive information analysis module is used for reading corresponding analysis rules from the analysis rule base module according to the type of sensitive information to be analyzed selected by a user, and then carrying out sensitive information analysis according to the following steps:
1) Extracting visible characters from dump data of the application software to be detected to generate a text file of the visible character data;
2) Starting the corresponding analysis sub-level task number according to the total text size of the visible character data file;
3) Distributing corresponding data content to corresponding analysis subtask function according to the number of analysis subtasks, matching the extracted data with corresponding sensitive information in an analysis rule, if the matching is successful, judging that the piece of data has the corresponding sensitive information, recording key sensitive information of the piece of data, sending the key sensitive information to a report generating module, and if the matching is failed, judging that the piece of data has no related sensitive information;
And the report generation module is used for summarizing and arranging the received sensitive information detection results of all the subtasks into a sensitive information analysis report and outputting the sensitive information analysis report.
The embodiment can realize automatic detection and report generation of the sensitive information of the process data of the automobile application software, and improves the process data analysis efficiency, thereby ensuring the safety of the interactive data of the automobile application software.
The invention and its embodiments have been described above by way of illustration and not limitation, and the invention is illustrated in the accompanying drawings and described in the drawings in which the actual structure is not limited thereto. Therefore, if one of ordinary skill in the art is informed by this disclosure, the structural mode and the embodiments similar to the technical scheme are not creatively designed without departing from the gist of the present invention.

Claims (3)

1. A sensitive information detection method of vehicle-mounted application software process data is characterized by comprising the following steps of: the method comprises the following steps:
S1: capturing the starting state of the application software to be detected;
S2: marking the associated process information according to the acquired application software state;
the specific method for marking the process information in the step S2 is as follows: progressively marking downwards from the main process of the application software to be detected, if the process state is found to be the running state, recording the related process number;
S3: according to the marked application software process information, carrying out corresponding process state tracking on the application software to be detected;
s4: starting a memory data dump service program of a corresponding process according to the tracked process state, and generating corresponding character data from memory data in a binary format through a visible character extraction program according to the memory data which is successfully dumped;
S5: matching the character data obtained in the step S4 through analysis rules in the sensitive information analysis module, judging that the piece of data has corresponding sensitive information if the matching is successful, recording key sensitive information of the piece of data, and judging that the piece of data has no related sensitive information if the matching is failed;
S6: and (5) summarizing and sorting the detection result of the sensitive information obtained in the step (S5) into a sensitive information analysis report and outputting the sensitive information analysis report.
2. The method for detecting sensitive information of process data of vehicle-mounted application software according to claim 1, wherein the method comprises the steps of: in step S5, the matching of the sensitive information is implemented based on an abstract syntax tree matching mechanism.
3. A sensitive information detection system of vehicle-mounted application software process data is characterized in that: the method for detecting the sensitive information of the process data of the vehicle-mounted application software according to any one of claims 1-2, comprising a data management module, an analysis rule base module, a sensitive information analysis module and a report generation module, wherein:
The data management module is used for capturing the process information of the application software to be detected, and tracking and data dumping the process information;
the analysis rule base module is used for storing analysis rules corresponding to each sensitive data type of the application software;
The sensitive information analysis module is used for reading corresponding analysis rules from the analysis rule base module according to the type of sensitive information to be analyzed selected by a user, and then carrying out sensitive information analysis according to the following steps:
1) Extracting visible characters from dump data of the application software to be detected to generate a text file of the visible character data;
2) Starting the corresponding analysis sub-level task number according to the total text size of the visible character data file;
3) Distributing corresponding data content to corresponding analysis subtask function according to the number of analysis subtasks, matching the extracted data with corresponding sensitive information in an analysis rule, if the matching is successful, judging that the piece of data has the corresponding sensitive information, recording key sensitive information of the piece of data, sending the key sensitive information to a report generating module, and if the matching is failed, judging that the piece of data has no related sensitive information;
And the report generation module is used for summarizing and arranging the received sensitive information detection results of all the subtasks into a sensitive information analysis report and outputting the sensitive information analysis report.
CN202310080598.9A 2023-02-02 2023-02-02 Sensitive information detection method and system for process data of vehicle-mounted application software Active CN116305247B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310080598.9A CN116305247B (en) 2023-02-02 2023-02-02 Sensitive information detection method and system for process data of vehicle-mounted application software

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310080598.9A CN116305247B (en) 2023-02-02 2023-02-02 Sensitive information detection method and system for process data of vehicle-mounted application software

Publications (2)

Publication Number Publication Date
CN116305247A CN116305247A (en) 2023-06-23
CN116305247B true CN116305247B (en) 2024-05-10

Family

ID=86819445

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310080598.9A Active CN116305247B (en) 2023-02-02 2023-02-02 Sensitive information detection method and system for process data of vehicle-mounted application software

Country Status (1)

Country Link
CN (1) CN116305247B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102669475B1 (en) * 2023-07-04 2024-05-27 인스피언 주식회사 Data management device, data management method and a computer-readable storage medium for storing data management program

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101808093A (en) * 2010-03-15 2010-08-18 北京安天电子设备有限公司 System and method for automatically detecting WEB security
CN104932838A (en) * 2015-06-09 2015-09-23 南京邮电大学 Digital forensic method and system based on Android memory dump technology
CN106127029A (en) * 2016-06-22 2016-11-16 北京金山安全软件有限公司 Starting method and device of security application program and electronic equipment
CN106598866A (en) * 2016-12-22 2017-04-26 合肥国信车联网研究院有限公司 smali intermediate language-based static detection system and method
CN107194252A (en) * 2017-05-09 2017-09-22 华中科技大学 The program control flow completeness protection method and system of a kind of complete context-sensitive
CN107515778A (en) * 2017-08-25 2017-12-26 武汉大学 A kind of origin method for tracing and system based on context-aware
CN110955893A (en) * 2019-11-22 2020-04-03 杭州安恒信息技术股份有限公司 Malicious file threat analysis platform and malicious file threat analysis method
CN112287067A (en) * 2020-10-29 2021-01-29 国家电网有限公司信息通信分公司 Sensitive event visualization application implementation method, system and terminal based on semantic analysis

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7743280B2 (en) * 2007-02-27 2010-06-22 International Business Machines Corporation Method and system for analyzing memory leaks occurring in java virtual machine data storage heaps

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101808093A (en) * 2010-03-15 2010-08-18 北京安天电子设备有限公司 System and method for automatically detecting WEB security
CN104932838A (en) * 2015-06-09 2015-09-23 南京邮电大学 Digital forensic method and system based on Android memory dump technology
CN106127029A (en) * 2016-06-22 2016-11-16 北京金山安全软件有限公司 Starting method and device of security application program and electronic equipment
CN106598866A (en) * 2016-12-22 2017-04-26 合肥国信车联网研究院有限公司 smali intermediate language-based static detection system and method
CN107194252A (en) * 2017-05-09 2017-09-22 华中科技大学 The program control flow completeness protection method and system of a kind of complete context-sensitive
CN107515778A (en) * 2017-08-25 2017-12-26 武汉大学 A kind of origin method for tracing and system based on context-aware
CN110955893A (en) * 2019-11-22 2020-04-03 杭州安恒信息技术股份有限公司 Malicious file threat analysis platform and malicious file threat analysis method
CN112287067A (en) * 2020-10-29 2021-01-29 国家电网有限公司信息通信分公司 Sensitive event visualization application implementation method, system and terminal based on semantic analysis

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一种隐式流敏感的木马间谍程序检测方法;李佳静;梁知音;韦韬;邹维;毛剑;;软件学报;20100615(第06期);全文 *

Also Published As

Publication number Publication date
CN116305247A (en) 2023-06-23

Similar Documents

Publication Publication Date Title
CN108108297A (en) The method and apparatus of automatic test
CN111291384B (en) Vulnerability scanning method and device and electronic equipment
CN116305247B (en) Sensitive information detection method and system for process data of vehicle-mounted application software
CN111552633A (en) Interface abnormal call testing method and device, computer equipment and storage medium
CN109190368B (en) SQL injection detection device and SQL injection detection method
CN111459826B (en) Code defect identification method and system
CN112434178A (en) Image classification method and device, electronic equipment and storage medium
CN110784486A (en) Industrial vulnerability scanning method and system
CN110727595B (en) Application login interface identification method, intelligent terminal and storage medium
CN110673873A (en) Audit-based software release method
CN110674123B (en) Data preprocessing method, device, equipment and medium
CN108345902B (en) Self-learning white list model base construction and white list detection method based on transaction characteristics
CN111931186A (en) Software risk identification method and device
CN114531340B (en) Log acquisition method and device, electronic equipment, chip and storage medium
CN111026604A (en) Log file analysis method and device
CN111459774A (en) Method, device and equipment for acquiring flow of application program and storage medium
CN115587028A (en) Interface automation test method, system, medium and terminal
CN114090650A (en) Sample data identification method and device, electronic equipment and storage medium
CN111930608A (en) Automatic testing device and method based on process control
CN112418215A (en) Video classification identification method and device, storage medium and equipment
CN112256836A (en) Recording data processing method and device and server
CN112650796A (en) Automatic application data collection and storage management system
CN101425141A (en) Image recognition apparatus, image recognition program, and image recognition method
CN113434404B (en) Automatic service verification method and device for verifying reliability of disaster recovery system
CN113033832B (en) Method and device for inputting automobile repair data, terminal equipment and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant