CN116663014A - Client security protection method and device, electronic equipment and medium - Google Patents
Client security protection method and device, electronic equipment and medium Download PDFInfo
- Publication number
- CN116663014A CN116663014A CN202310637230.8A CN202310637230A CN116663014A CN 116663014 A CN116663014 A CN 116663014A CN 202310637230 A CN202310637230 A CN 202310637230A CN 116663014 A CN116663014 A CN 116663014A
- Authority
- CN
- China
- Prior art keywords
- client
- security
- scanning
- historical
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 73
- 238000011156 evaluation Methods 0.000 claims abstract description 29
- 238000005516 engineering process Methods 0.000 claims abstract description 20
- 238000004590 computer program Methods 0.000 claims description 19
- 238000012360 testing method Methods 0.000 claims description 7
- 230000008901 benefit Effects 0.000 abstract description 9
- 238000013522 software testing Methods 0.000 abstract description 3
- 230000006870 function Effects 0.000 description 12
- 238000010586 diagram Methods 0.000 description 10
- 230000015654 memory Effects 0.000 description 9
- 238000004891 communication Methods 0.000 description 8
- 238000012545 processing Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 3
- 230000014509 gene expression Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012552 review Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000009472 formulation Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The client security protection method, the client security protection device, the electronic equipment and the medium can be applied to the technical fields of information security and software testing. The method comprises the following steps: the original execution flow of the client is hijacked by using a hook technology, so that the forced upgrading popup of the client is canceled; performing security scanning on the client by utilizing the historical security problems to determine the security problems of the client; according to the security problem of the client, evaluating the security level of the client; according to the result of the security level evaluation, a security protection strategy is formulated for the client; and carrying out safety protection on the client according to the formulated safety protection strategy. The method has the advantages that the hook technology bypasses the upgrading flow of the client, and the corresponding security protection strategy is formulated for the client by utilizing the results of security scanning and security level evaluation, so that the problem that the client is attacked by illegally breaking through strong updating of the client is effectively avoided, and the running security of clients of different versions is greatly ensured.
Description
Technical Field
The invention relates to the technical field of information security and the technical field of software testing, in particular to a client security protection method, a device, electronic equipment and a medium.
Background
In recent years, with the continuous development of financial science and technology, banks have been transformed from the traditional financial industry to the internet financial direction, mobile clients are developing at a high speed, and mobile phone internet surfing becomes a main mode of mobile internet access. The mobile phone client is a main tool for the user to experience the mobile internet, the types of the mobile clients are increasingly various, the functions are also gradually changed, the functions of the clients are continuously increased, and the upgrading speed of the clients is synchronously accelerated. The method has the advantages that a forced upgrading strategy is adopted for the client with more business problems or security problems, the client with problems cannot be used after the forced upgrading strategy is formulated, however, illegal molecules can break through the forced upgrading strategy through technical means so as to attack the client, and therefore the conventional method for upgrading the client by force cannot thoroughly solve the security problems of the client.
Disclosure of Invention
In view of the foregoing, according to a first aspect of the present invention, an embodiment of the present invention provides a client security protection method, including: hijacking the original execution flow of the client by using a hook technology to cancel the forced upgrade popup of the client; performing security scanning on the client by utilizing historical security problems to determine the security problems currently existing in the client; according to the current safety problem of the client, carrying out safety grade assessment on the client; according to the result of the security level evaluation, a security protection strategy is formulated for the client; and carrying out safety protection on the client according to the formulated safety protection strategy.
According to some exemplary embodiments, the method further comprises: acquiring a current version number of the client; and modifying the current version number of the client to the latest version number of the client using hook technology.
According to some exemplary embodiments, the performing a security scan on the client using historical security issues includes: acquiring a historical safety problem list, wherein the historical safety problem list comprises a plurality of historical safety problems collected in advance; classifying a plurality of historical security questions in the historical security question list; and aiming at different types of historical security problems, performing security scanning on the client by adopting different scanning strategies.
According to some exemplary embodiments, the performing security scanning on the client with different scanning strategies for different types of historical security problems specifically includes: aiming at the first type of historical security problems, performing security scanning on the client in a tool scanning mode; and/or, aiming at the second type of historical security problems, carrying out attack testing on the client by adopting an attack load so as to execute security scanning on the client.
According to some exemplary embodiments, the security level evaluation of the client according to the security problem currently existing in the client discovered by the security scan includes: comparing the security problems currently existing in the client found by the security scanning with all vulnerabilities in a preset vulnerability rating base; according to the comparison result, scoring the security problem existing at present in the client found by the security scanning by using a preset rating formula; and determining the security level of the client according to the result of the scoring.
According to some exemplary embodiments, the step of formulating a security protection policy for the client according to the result of the security level evaluation specifically includes: responding to the result of the security level evaluation as a first result, and formulating a first security protection strategy for the client, wherein the first security protection strategy comprises a strategy which is weakly updated for the client with the current version number; responding to the result of the security level evaluation as a second result, and formulating a second security protection strategy for the client, wherein the second security protection strategy comprises a strategy which is updated strongly for the client with the current version number; and responding to the third result of the security level evaluation, and formulating a third security protection strategy for the client, wherein the third security protection strategy comprises strategies of strongly updating the client with the current version number and logging in the interface service of the client at the server side.
According to some exemplary embodiments, after performing the security scan on the client and before evaluating the security level of the client, the method further comprises: and rechecking the security problem found by the security scanning and currently existing in the client, and determining the security problem after rechecking as the security problem currently existing in the client.
According to a second aspect of the present invention, there is also provided a client security guard, including: the hook module is used for hijacking the original execution flow of the client by using a hook technology so as to cancel the forced upgrading popup of the client; the security problem determining module is used for executing security scanning on the client by utilizing the historical security problems so as to determine the security problems existing in the client currently; the security level evaluation module is used for evaluating the security level of the client according to the security problem existing at present in the client; the safety protection strategy making module is used for making a safety protection strategy for the client according to the safety level evaluation result; and the safety protection module is used for carrying out safety protection on the client according to the formulated safety protection strategy.
According to a third aspect of the present invention, there is provided an electronic device comprising: one or more processors; and a storage device for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method as described above.
According to a fourth aspect of the present invention there is provided a computer readable storage medium having stored thereon executable instructions which when executed by a processor cause the processor to perform a method as described above.
According to a fifth aspect of the present invention there is provided a computer program product comprising a computer program which, when executed by a processor, implements a method as described above.
One or more of the above embodiments have the following advantages or benefits: the method has the advantages that the hook technology bypasses the upgrading flow of the client, and the corresponding security protection strategy is formulated for the client by utilizing the results of security scanning and security level evaluation, so that the problem that the client is attacked by illegally breaking through strong updating of the client is effectively avoided, and the running security of clients of different versions is greatly ensured.
Drawings
The foregoing and other objects, features and advantages of the invention will be apparent from the following description of embodiments of the invention with reference to the accompanying drawings, in which:
fig. 1 schematically illustrates an application scenario diagram of a client security protection method, device, equipment and medium according to an embodiment of the invention.
Fig. 2 schematically shows a flow chart of a client security protection method according to an embodiment of the invention.
Fig. 3 is a flow chart of a method for canceling client forced upgrade popup using hook technology in accordance with some example embodiments of the present invention.
FIG. 4 is a flowchart of a method for performing a security scan on the client using historical security issues in accordance with some example embodiments of the invention.
FIG. 5 is a flowchart of a method for performing security scanning on the client using different scanning policies for different classes of historical security issues in accordance with some example embodiments of the invention.
Fig. 6 is a flow chart of security level assessment of the client based on the security issues currently present by the client as discovered by the security scan in a method according to some example embodiments of the invention.
Fig. 7 is a flowchart of a method for formulating a security protection policy for a current login client based on the results of the security level assessment, according to some example embodiments of the invention.
Fig. 8 is a security problem flow chart of a review scan in a method according to some example embodiments of the invention.
Fig. 9 schematically shows a block diagram of a client security guard according to an embodiment of the invention.
Fig. 10 schematically shows a block diagram of an electronic device adapted to implement a client security method according to an embodiment of the invention.
Detailed Description
Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. It should be understood that the description is only illustrative and is not intended to limit the scope of the invention. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the invention. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the present invention.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
In the technical scheme of the invention, the acquisition, storage, application and the like of the related personal information of the user accord with the regulations of related laws and regulations, necessary security measures are taken, and the public order harmony is not violated.
First, technical terms described herein are explained and illustrated as follows.
Hook technology: computer programming terminology refers to various techniques for modifying or extending the behavior of an operating system, application program, or other software component by intercepting function calls, messaging, event transfers between software modules. Code that handles intercepted function calls, events, messages is called hooks (i.e., hooks). The Hook technology can hijack the original execution flow of the program and add extra processing logic, so that the normal processing logic of the program is changed, the normal processing logic is bypassed, and the customization function is realized.
Weak update: after the version of the software is updated, a popup window is set when a user enters the software, and the user is provided with a choice of whether to upgrade the version. The user may continue to use the software whether or not the user chooses to update.
Strong update: after the version of the software is updated, when a user enters the software, the user is forced to perform updating operation, and if the user does not perform updating, the user cannot use the software.
Based on this, an embodiment of the present invention provides a client security protection method, including: hijacking the original execution flow of the client by using a hook technology to cancel the forced upgrade popup of the client; performing security scanning on the client by utilizing historical security problems to determine the security problems currently existing in the client; according to the current safety problem of the client, carrying out safety grade assessment on the client; according to the result of the security level evaluation, a security protection strategy is formulated for the client; and carrying out safety protection on the client according to the formulated safety protection strategy. In the method according to the embodiment of the invention, the upgrading flow of the client is bypassed through the hook technology, and the corresponding security protection strategy is formulated for the client by utilizing the results of security scanning and security level evaluation, so that the problem that the client is attacked by illegally breaking through the strong updating of the client is effectively avoided, the running security of the clients in different versions is greatly ensured, and the protection strategy of the client is more humanized and reasonable.
It should be noted that the client security protection method and device provided by the embodiment of the invention can be used in the technical field of information security and the technical field of software testing.
Fig. 1 schematically illustrates an application scenario diagram of a client security protection method, device, equipment and medium according to an embodiment of the invention.
As shown in fig. 1, an application scenario 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various communication client applications, such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only) may be installed on the terminal devices 101, 102, 103.
The terminal devices 101, 102, 103 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (by way of example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., the web page, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that, the client security protection method provided by the embodiment of the present invention may be executed by the terminal devices 101, 102, 103 or the server 105. Accordingly, the client security protection apparatus provided in the embodiments of the present invention may be generally disposed in the terminal devices 101, 102, 103 or the server 105. The client security protection method provided by the embodiment of the present invention may also be performed by a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the client security protection apparatus provided by the embodiments of the present invention may also be provided in a server or a server cluster, which is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The client security protection method provided by the embodiment of the present invention will be described in detail with reference to fig. 2 to 8 based on the scenario described in fig. 1.
Fig. 2 schematically shows a flow chart of a client security protection method according to an embodiment of the invention.
As shown in fig. 2, the client security protection method 200 according to the embodiment may include operations S210 to S250.
In sub-operation S210, the original execution flow of the client is hijacked using the hook technology to cancel the forced upgrade popup of the client.
The Client (Client) is a program corresponding to the server and providing local service for the Client. Under the traditional C/S architecture, client software needs to be installed on a mobile or PC (personal computer) device (such as a mobile phone, a tablet, a personal computer and the like) of a client to operate in cooperation with a server program. As a client capable of directly contacting a client on line, upgrade and reconstruction are very frequent in order to strive for clients, service clients, and keep clients as much as possible, whether it is mobile phone client software or computer client software. The update and upgrade of the client are further divided into silent update, weak update, strong update and other update modes.
In some exemplary embodiments, the client update upgrade to be protected employs a strong upgrade mode. For example, when the software version of the computer client is too low, the client sends a popup to the user, and the user can only select the updated client in the popup to continue using the client, otherwise, the client is forced to be exited. The forced upgrade popup prompts the user that the current client version is unavailable and the upgrade client version must be selected.
In sub-operation S220, a security scan is performed on the client using the historical security questions to determine security questions currently existing on the client.
In sub-operation S230, the security level evaluation is performed on the client according to the security problem currently existing in the client.
In sub-operation S240, a security protection policy is formulated for the client according to the result of the security level evaluation.
In sub-operation S250, the client is secured according to the formulated security policy.
Fig. 3 is a flow chart of a method for canceling client forced upgrade popup using hook technology in accordance with some example embodiments of the present invention. In this embodiment, operation S210 may include sub-operations S310 to S320.
In sub-operation S310, the current version number of the client is acquired.
In sub-operation S320, the current version number of the client is modified to the latest version number of the client using a hook technique.
For example, the version number of a certain mobile phone software client currently logged in by a client is 2.3.1, the version number of the software client is latest 3.3.1, the original flow of a server is to check the version number of the current client, determine that the version of the current client needs strong update, and send a forced upgrade popup to the client. At this time, the original execution flow of the program can be hijacked by the Hook technology, the 2.3.1Hook of the version number of the current login client is changed into the latest version number of 3.3.1, and then the version verification initialization module of the server is omitted, so that the strong update of the client is broken.
In this embodiment, the strong update procedure of the client is cancelled by the Hook technique, so that the current client use function is normally logged in, and the current logged in client can be subjected to subsequent security problem scanning.
Referring back to fig. 2, in operation S220, a security scan is performed on the client using the historical security questions to determine the security questions currently existing on the client.
FIG. 4 is a flowchart of a method for performing a security scan on the client using historical security issues in accordance with some example embodiments of the invention. In this embodiment, operation S220 may include sub-operations S410 to S430.
In sub-operation S410, a history security problem list is acquired.
In this embodiment, for the history security problem list, a plurality of history security problems collected in advance are included. The historical security issues include security issues discovered by the latest version and previous versions of the client.
In sub-operation S420, a plurality of historical security questions in the historical security question list are classified.
In sub-operation S430, security scanning is performed on the client using different scanning strategies for different types of historical security issues.
In this embodiment, the current login client is scanned for collected historical security issues, so as to view the historical security issues existing in the current login client. By collecting the historical security questions, the scanning range of the security questions of the current client is enlarged, the security questions of the current client can be identified in a targeted manner by scanning the client by utilizing the historical security questions, and the efficiency and the accuracy of the security question scanning are improved.
FIG. 5 is a flowchart of a method for performing security scanning on the client using different scanning policies for different classes of historical security issues in accordance with some example embodiments of the invention. In this embodiment, sub-operations S510 to S520 are included.
In sub-operation S510, a security scan is performed on the client in a tool scan manner for the first type of historical security issues.
In some exemplary embodiments, the first type of historical security issues may include historical security issues that occur through tool scanning. In this embodiment, for this type of problem, the tool needs to be restarted to perform targeted automated scanning on the current login client, so that the historical security problem is reproduced. For example, when a certain security problem scanning application program is used for scanning the client of the latest version, a type of security problem is found to exist, and then the current login client still needs to be scanned by the security problem scanning application program for aiming at the type of security problem, so that whether the type of security problem exists in the current login client is judged, and then the type of security problem is reproduced in the current login client.
In sub-operation S520, an attack load is used to perform an attack test on the client with respect to the second type of history security problem, so as to perform security scanning on the client.
In some exemplary embodiments, the second type of historical security issues may include historical security issues discovered by tampering with the message. In the embodiment, aiming at the problems, an attack test is carried out on the current login client in an attack load mode by writing an automatic attack plug-in, and the result of the attack test is automatically scanned to check whether the client has the historical security problems. For example, a certain illegal plug-in can tamper the response server message of the latest version client, and for the security problem, an automatic attack test is performed on the current login client by writing a similar attack plug-in, and whether the security problem exists or not is automatically scanned according to the test result.
In the embodiment, by adopting the corresponding security scanning method for different types of historical security problems, the security problem scanning of the client can be more regular and targeted, so that more efficient and comprehensive security problem scanning is realized.
Referring back to fig. 2, in operation S230, a security level evaluation is performed on the client according to a security problem currently existing in the client.
Fig. 6 is a flow chart of security level assessment for the client according to the security problems currently existing in the client discovered by the security scan in a method according to some exemplary embodiments of the present invention. In this embodiment, operation S230 may include sub-operations S610 to S630.
In sub-operation S610, the security problems currently existing in the client found by the security scanning are compared with each vulnerability in the preset vulnerability rating library.
In some exemplary embodiments, the preset vulnerability rating base classifies vulnerabilities in four classes, namely, super-risk, high-risk, medium-risk and low-risk. In this embodiment, the vulnerability ratings library describes the extent of potential harm to the security vulnerabilities in a hierarchical manner. For example, a high-risk vulnerability can very easily have particularly serious consequences for the target client and/or server; high-risk vulnerabilities can easily have serious consequences for the target client and/or server; the medium-risk vulnerability can cause general consequences for the target client and/or server; or have serious consequences for the target client and/or server with difficulty; low risk vulnerabilities can have slight consequences to the target client and/or server, or generally serious consequences to the target client and/or server with difficulty, or serious consequences to the target client and/or server with great difficulty.
In sub-operation S620, the security problem currently existing in the client found by the security scan is scored by using a preset rating formula according to the comparison result.
In some exemplary embodiments, the preset rating formula includes weighted summation according to a security vulnerability ranking scheme, and the higher the hazard level of the security vulnerability, the higher the relative weight. The security score is then obtained by subtracting the sum of security vulnerabilities from the security total score. For example, a certain high-risk vulnerability and a certain low-risk vulnerability exist in the current client, the weight of the high-risk vulnerability is 0.7, the weight of the low-risk vulnerability is 0.2, the initial scores of the high-risk vulnerability and the low-risk vulnerability are respectively 40 and 10, the total security score is 100, the total security vulnerability is 30, and the final security score is 70.
In sub-operation S630, the security level of the client is determined according to the result of the scoring.
In some exemplary embodiments, the security level of the client may be divided into five levels. First, after the client and/or the server are damaged, legal rights and interests of citizens, legal persons and other organizations can be damaged, but national security, social order and public interests are not damaged; in the second stage, after the client and/or the server are damaged, serious damage can be caused to legal rights and interests of citizens, legal persons and other organizations, or damage can be caused to social order and public interests, but national security is not damaged; thirdly, after the client and/or the server are damaged, serious damage can be caused to social order and public benefit or damage can be caused to national security; fourth, when the client and/or the server are damaged, the social order and public benefit are seriously damaged, or the national security is seriously damaged; fifth, the client and/or server may be damaged, which may cause serious damage to national security.
In the embodiment, the security problems existing in the current login client are scored through the preset vulnerability rating library and the preset rating formula, so that the severity of the security problems existing in the current client can be clearly and objectively reflected, and then the security level of the client is determined through scoring, so that corresponding protection strategies can be formulated according to different security levels in the follow-up process.
Referring back to fig. 2, in operation S240, a security protection policy is formulated for the client according to the result of the security level evaluation.
In operation S250, the client is secured according to the formulated security policy.
Fig. 7 schematically shows a flow chart for formulating a security protection policy for a current login client based on the result of the security level assessment. Operation S240 may include sub-operations S710 to S730.
In sub-operation S710, a first security protection policy is formulated for the client according to the first level result.
In some exemplary embodiments, the first level results may include the client security level first level described above, and the first security protection policy includes a weak update to the current login client. For example, a version of the client has a slight security problem, the security problem may cause the client to leak name information of the client, the security problem is evaluated as a first level of security, a weak update is set for the client, and the client decides whether to update the current login client according to experience.
In sub-operation S720, a second security protection policy is formulated for the client according to the second level result.
In some exemplary embodiments, the second level of results may include the client security level second level described above, and the second security protection policy includes a strong update to the current login client. For example, a client of a certain version has a serious security problem, the security problem may cause overload of the server, the result of evaluating the security problem is that the security level is second level, and then a strong update is set for the client, so that the client is forced to update the current login client.
In sub-operation S730, a third security protection policy is formulated for the client according to the third level result.
In some exemplary embodiments, the third level of results may include the third, fourth, and fifth levels of client security described above, with the third security protection policy including a strong update to the current login client and an interface service to take the current login client off-shelf from the server. For example, a client of a certain version has a serious security problem, that is, the client has a high risk of bypassing identity authentication during payment, and the result of evaluating the security problem is that the security level is third-level, and the client interface service should be put off the server in addition to setting a strong update to the client, so that the service to the client is refused.
In the embodiment, the full and reasonable utilization of the protection resources of the client can be ensured by carrying out corresponding protection strategies on the security problems of different security levels, and the experience of the client can be optimized simultaneously on the premise of fully protecting the client.
Referring back to fig. 4, in operation S430, for different types of historical security issues, it is still necessary to recheck the scanned security issues after performing security scanning on the client using different scanning strategies.
Fig. 8 is a security problem flow chart of a review scan in a method according to some example embodiments of the invention. In this embodiment, the operation includes a sub-operation S810.
In sub-operation S810, the security problem of the client found by the security scan is rechecked, and the security problem after passing the rechecking is determined as the security problem currently existing in the client.
In this embodiment, since there may be a false alarm of the security problem scanned by the automatic security scanning, it is necessary to manually check the scanned security problem and confirm that the security problem is correct.
In the embodiment, by manually rechecking and confirming the security problem of automatic scanning, the accuracy of the security problem scanning can be improved, and the error of the subsequent establishment of the client security protection policy caused by the error identification of the security problem can be avoided.
Fig. 9 schematically shows a block diagram of a client security guard according to an embodiment of the invention.
As shown in fig. 9, the client security guard 900 according to this embodiment includes a hook module 910, a security problem determination module 920, a security level evaluation module 930, a security protection policy formulation module 940, and a security protection module 950.
The hook module 910 is configured to hijack an original execution flow of a client using hook technology to cancel a forced upgrade popup of the client. In an embodiment, the hook module 910 may be used to perform the operation S210 and its sub-operations described above, which are not described herein.
The security issue determination module 920 is configured to perform a security scan on the client using the historical security issues to determine a security issue currently existing on the client. In an embodiment, the security problem determination module 920 may be configured to perform the operation S220 and its sub-operations described above, which are not described herein.
The security level evaluation module 930 is configured to perform security level evaluation on the client according to a security problem currently existing in the client. In an embodiment, the security level evaluation module 930 may be used to perform the operation S230 and its sub-operations described above, which are not described herein.
The security protection policy making module 940 is configured to make a security protection policy for the client according to the result of the security level evaluation. In an embodiment, the security policy making module 940 may be configured to perform the operation S240 and its sub-operations described above, which are not described herein.
The security protection module 950 is configured to perform security protection on the client according to the formulated security protection policy. In an embodiment, the security policy making module 950 may be configured to perform the operation S250 and its sub-operations described above, which are not described herein.
It should be noted that, the client security protection method and the client security protection device provided by the embodiments of the present invention further have at least one of the following effects and advantages:
(1) According to the client security protection method and the client security protection device provided by the embodiment of the invention, the strong update flow of the client is canceled through the Hook technology, so that the current client use function is normally logged in, and the current client can be subjected to subsequent security problem scanning. And by collecting the historical security questions when the security questions are scanned, the scope of scanning the security questions of the current client is enlarged, the security questions of the current client can be identified in a targeted manner by scanning the client by using the historical security questions, and the efficiency and the accuracy of the security questions are improved.
(2) The client security protection method and the client security protection device provided by the embodiment of the invention can enable the client to be more regular and targeted when the client is scanned for the security problems by adopting the corresponding security scanning method for different types of historical security problems, thereby realizing more efficient and comprehensive security problem scanning. Meanwhile, the security problem of automatic scanning is checked and confirmed manually, so that the accuracy of the security problem scanning can be improved, and the error of the subsequent establishment of the client security protection strategy caused by the error identification of the security problem is avoided.
(3) According to the client security protection method and the client security protection device provided by the embodiment of the invention, the security problems existing in the current login client can be scored through the preset vulnerability rating library and the preset rating formula, the severity of the security problems existing in the current client can be clearly and objectively reflected, and then the security grade of the client is determined through scoring, so that corresponding protection strategies can be formulated according to different security grades in the follow-up process. Meanwhile, through carrying out corresponding protection strategies on the security problems of different security levels, the full and reasonable utilization of the client protection resources can be ensured, and the experience of the client can be optimized simultaneously on the premise of fully protecting the client.
Fig. 10 schematically shows a block diagram of an electronic device adapted to implement a client security method according to an embodiment of the invention.
As shown in fig. 10, an electronic device 1000 according to an embodiment of the present invention includes a processor 1001 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 1002 or a program loaded from a storage section 1008 into a Random Access Memory (RAM) 1003. The processor 1001 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 1001 may also include on-board memory for caching purposes. The processor 1001 may include a single processing unit or a plurality of processing units for performing different actions of the method flow according to an embodiment of the invention.
In the RAM 1003, various programs and data necessary for the operation of the electronic apparatus 1000 are stored. The processor 1001, the ROM 1002, and the RAM 1003 are connected to each other by a bus 1004. The processor 1001 performs various operations of the method flow according to the embodiment of the present invention by executing programs in the ROM 1002 and/or the RAM 1003. Note that the program may be stored in one or more memories other than the ROM 1002 and the RAM 1003. The processor 1001 may also perform various operations of the method flow according to an embodiment of the present invention by executing programs stored in the one or more memories.
According to an embodiment of the invention, the electronic device 1000 may further comprise an input/output (I/O) interface 1005, the input/output (I/O) interface 1005 also being connected to the bus 1004. The electronic device 1000 may also include one or more of the following components connected to the I/O interface 1005: an input section 1006 including a keyboard, a mouse, and the like; an output portion 1007 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), etc., and a speaker, etc.; a storage portion 1008 including a hard disk or the like; and a communication section 1009 including a network interface card such as a LAN card, a modem, or the like. The communication section 1009 performs communication processing via a network such as the internet. The drive 1010 is also connected to the I/O interface 1005 as needed. A removable medium 1011, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like, is installed as needed in the drive 1010, so that a computer program read out therefrom is installed as needed in the storage section 1008.
The present invention also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present invention.
According to embodiments of the present invention, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the invention, the computer-readable storage medium may include ROM 1002 and/or RAM1003 described above and/or one or more memories other than ROM 1002 and RAM 1003.
Embodiments of the present invention also include a computer program product comprising a computer program containing program code for performing the method shown in the flowcharts. The program code means for causing a computer system to carry out the methods provided by embodiments of the present invention when the computer program product is run on the computer system.
The above-described functions defined in the system/apparatus of the embodiment of the present invention are performed when the computer program is executed by the processor 1001. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the invention.
In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted in the form of signals on a network medium, distributed, and downloaded and installed via the communication section 1009, and/or installed from the removable medium 1011. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 1009, and/or installed from the removable medium 1011. The above-described functions defined in the system of the embodiment of the present invention are performed when the computer program is executed by the processor 1001. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the invention.
According to embodiments of the present invention, program code for carrying out computer programs provided by embodiments of the present invention may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or in assembly/machine languages. Programming languages include, but are not limited to, such as java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The embodiments of the present invention are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present invention. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the invention, and such alternatives and modifications are intended to fall within the scope of the invention.
Claims (11)
1. A method for protecting client security, the method comprising:
hijacking the original execution flow of the client by using a hook technology to cancel the forced upgrade popup of the client;
performing security scanning on the client by utilizing historical security problems to determine the security problems currently existing in the client;
according to the current safety problem of the client, carrying out safety grade assessment on the client;
according to the result of the security level evaluation, a security protection strategy is formulated for the client; and
and carrying out safety protection on the client according to the formulated safety protection strategy.
2. The method according to claim 1, wherein the method further comprises:
Acquiring a current version number of the client; and
the current version number of the client is modified to the latest version number of the client using hook technology.
3. The method of claim 1, wherein the performing a security scan on the client using historical security issues comprises:
acquiring a historical safety problem list, wherein the historical safety problem list comprises a plurality of historical safety problems collected in advance;
classifying a plurality of historical security questions in the historical security question list; and
and aiming at different types of historical security problems, performing security scanning on the client by adopting different scanning strategies.
4. A method according to claim 3, wherein the security scanning is performed on the client using different scanning strategies for different types of historical security problems, and specifically comprises:
aiming at the first type of historical security problems, performing security scanning on the client in a tool scanning mode; and/or the number of the groups of groups,
and aiming at the second type of historical security problems, adopting an attack load to carry out attack test on the client so as to execute security scanning on the client.
5. The method according to claim 4, wherein the security level evaluation of the client according to the security problem currently existing in the client discovered by the security scan includes:
Comparing the security problems currently existing in the client found by the security scanning with all vulnerabilities in a preset vulnerability rating base;
according to the comparison result, scoring the security problem existing at present in the client found by the security scanning by using a preset rating formula; and
and determining the security level of the client according to the scoring result.
6. The method according to any one of claims 1-5, wherein the step of formulating a security protection policy for the client according to the result of the security level assessment specifically comprises:
responding to the result of the security level evaluation as a first result, and formulating a first security protection strategy for the client, wherein the first security protection strategy comprises a strategy which is weakly updated for the client with the current version number;
responding to the result of the security level evaluation as a second result, and formulating a second security protection strategy for the client, wherein the second security protection strategy comprises a strategy which is updated strongly for the client with the current version number; and
and responding to the third result of the security level evaluation, and formulating a third security protection strategy for the client, wherein the third security protection strategy comprises strategies of strongly updating the client with the current version number and putting off the server to log in the interface service of the client.
7. The method of claim 4, wherein after performing a security scan on the client and before evaluating the security level of the client, the method further comprises:
and rechecking the security problem found by the security scanning and currently existing in the client, and determining the security problem after rechecking as the security problem currently existing in the client.
8. A client security guard, the apparatus comprising:
the hook module is used for hijacking the original execution flow of the client by using a hook technology so as to cancel the forced upgrading popup of the client;
the security problem determining module is used for executing security scanning on the client by utilizing the historical security problems so as to determine the security problems existing in the client currently;
the security level evaluation module is used for evaluating the security level of the client according to the security problem existing at present in the client;
the safety protection strategy making module is used for making a safety protection strategy for the client according to the safety level evaluation result; and
and the safety protection module is used for carrying out safety protection on the client according to the formulated safety protection strategy.
9. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-7.
10. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any of claims 1-7.
11. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310637230.8A CN116663014A (en) | 2023-05-31 | 2023-05-31 | Client security protection method and device, electronic equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310637230.8A CN116663014A (en) | 2023-05-31 | 2023-05-31 | Client security protection method and device, electronic equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116663014A true CN116663014A (en) | 2023-08-29 |
Family
ID=87713244
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310637230.8A Pending CN116663014A (en) | 2023-05-31 | 2023-05-31 | Client security protection method and device, electronic equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116663014A (en) |
-
2023
- 2023-05-31 CN CN202310637230.8A patent/CN116663014A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8813239B2 (en) | Online fraud detection dynamic scoring aggregation systems and methods | |
| US11086983B2 (en) | System and method for authenticating safe software | |
| US9219739B2 (en) | Reputation based access control | |
| US7613625B2 (en) | Overall risk in a system | |
| US20200028876A1 (en) | Phishing detection and targeted remediation system and method | |
| CN109327439B (en) | Risk identification method and device for service request data, storage medium and equipment | |
| WO2012173906A2 (en) | Threat level assessment of applications | |
| KR20150070340A (en) | Security broker | |
| CN110414603B (en) | Method, apparatus, computer system, and medium for detecting mobile device | |
| CN114024764A (en) | Monitoring method, monitoring system, equipment and storage medium for abnormal access of database | |
| CN113779562A (en) | Zero trust based computer virus protection method, device, equipment and medium | |
| CN117370701A (en) | Browser risk detection method, browser risk detection device, computer equipment and storage medium | |
| CN116663014A (en) | Client security protection method and device, electronic equipment and medium | |
| CN115719167A (en) | Vehicle information safety monitoring method and device | |
| CN112948831B (en) | Application risk identification method and device | |
| CN113450149A (en) | Information processing method and device, electronic equipment and computer readable medium | |
| CN115190008B (en) | Fault processing method, fault processing device, electronic equipment and storage medium | |
| CN116595529B (en) | Information security detection method, electronic equipment and storage medium | |
| CN115981910B (en) | Method, apparatus, electronic device and computer readable medium for processing exception request | |
| CN116186785B (en) | Log desensitization method, device, equipment, medium and program product | |
| US20230039079A1 (en) | Tracking and Mitigating Security Threats and Vulnerabilities in Browser Extension Engines | |
| CN116055202A (en) | Identification method, device and equipment of risk equipment and storage medium | |
| CN118171253A (en) | Block chain-based decentralization digital identity authentication method, device, equipment and medium | |
| KR20230166475A (en) | Method and APPARATUS for detecting malicious mail based on user information | |
| CN117640159A (en) | Abnormal access detection method, device, equipment, medium and program product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |