JP2012190381A - Method for preventing log information leak and log information leak preventing device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To solve such a problem that it is impossible to prevent leaks of log information without affecting an execution performance of a program and a failure analysis after shipping.SOLUTION: An execution file generating section 2 generates an execution program 3 by excluding a log character string from a source code 1 in which unique log identification ID is described at each log output position, as well as a log character string in a text format having a high readability necessary for a log data analysis, and log data. A log correspondence sheet generating section 5 generates a log correspondence sheet 6 in which a pair of the log character string and the log identification ID are listed up, from the source code 1. A log easy-reading section 7 generates a readable log file 8 by connecting the log data in an output log file 4a to the log character string in the log correspondence sheet 6 via the log identification ID.

Description

  The present invention prevents log information leakage, in particular, log information embedded in a program for debugging and failure analysis by a software program developer is illegally read by an unspecified user after shipment, and log information leakage or fraud The present invention relates to a log information leakage prevention method and a log information leakage prevention device that prevent tampering.

  Usually, many software programs have means for debugging at the development stage, investigating troubles at the evaluation stage, and investigating user troubles after product shipment. Mainly, the memory reference type and log collection type are well known. It is.

  As a memory reference type, you can use a debug tool to check the validity of memory contents using step execution and breakpoints, and file a memory dump at the time of failure to determine the cause of failure from the memory status. The analysis method is representative. The former is very powerful for debugging at the development stage, but is not suitable for the system evaluation stage or after investigating faults. In addition, since the latter is also snapshot-like information, it is difficult to find information that leads to the failure occurrence process that is most effective for failure analysis.

  On the other hand, the log collection type is a method of storing log information embedded in a software program in advance in a memory or a file according to program execution, and printf () is a typical example. Since this method does not require the use of a special debugging tool, fault information can be obtained even when leaving the development environment, such as system evaluation and user environment after shipment, and is a very effective means for fault analysis. However, since highly readable information is included in the software program or log, there is a risk that log information may leak to unspecified users if shipped as is.

  FIG. 4 shows a conventional log collection type mechanism. In the source code (source program) 1, log information is described at each log output location. The log information is composed of a log character string α in a text format with high readability necessary for log data analysis, and log data γ such as a memory and a variable. The execution file 3 holds an execution program in which the source program is built as it is, and includes a log character string α and log data γ. Similarly, the output log file 4 holding the execution result of the execution program includes the log character string α and the log data γ.

  The execution file 3 and the output log file 4 may be noticed by unspecified users after shipment, and anyone can easily guess the execution history of the program and the meaning of the log data γ using the debug character string α. This increases the risk of information leakage to unspecified users. In order to avoid this risk, if the embedded log information is removed from the software program at the same time as shipping, failure analysis after shipping becomes difficult, and the program changes before and after shipping, causing timing problems. It might be.

  Also, if the program code itself is encrypted and decrypted and executed in a format that prevents reading from the outside, the execution performance of the program will be deteriorated. (It is not related to the literature known invention). A technique for encrypting a log file to prevent information leakage is disclosed in a patent publication.

JP2008-015655A JP 2010-128901

  The problem to be solved is that the log information cannot be prevented from leaking without hindering the program execution performance and failure analysis after shipment.

  The main feature of the present invention is to conceal a log character string from an unspecified number of users through a log identification ID value in order to prevent leakage of log information.

  Since the log information leakage prevention method and the log information leakage prevention apparatus according to the present invention embed a low-readable log character string in an execution program, it is possible to prevent log information from leaking to an unspecified user from the execution program and the output log. In addition, since the program developer has a table that can convert a log character string having low readability into a log character string having high readability, there is an advantage that it does not hinder the debugging of the source code.

  In addition, since a text string with high readability is not embedded in the execution program, the program size can be reduced, and an improvement in program execution performance and a log collection amount can be expected.

It is a block diagram for demonstrating the structure of the log collection in this invention. It is a figure which illustrates a log with high readability and a low log. It is a format figure of the log corresponding | compatible sheet | seat extracted from a source code. It is a block diagram for demonstrating the structure of the conventional log collection.

  The present invention describes a log string of a text format with high readability necessary for log data analysis, a unique log identification ID, and log data such as a memory and a variable in each log output location of the source code. The program has a means to prevent the unspecified number of users from reading the log information from the execution program and the output log by incorporating only the log identification ID and the log data, and at the same time, the collected log data By having a mechanism for deriving a log character string corresponding to the log identification ID, it was possible to improve the readability of log data only to the program developer side.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. FIG. 1 shows a log collection mechanism in the present invention.

  The program developer has a unique log identification ID β in each log output position of the source code 1 in addition to a log string α in text format with high readability necessary for log data analysis and log data γ such as memory and variables. Is described. For example, the log character string α is “a code number for decoding...”, The log identification ID β is “0x35120028”, and the log data γ is “12345678”. In this example, from the log character string α and the log data γ, it is possible to obtain information that “the password for decrypting... Is 12345678”. The log identification ID value β serves to conceal such information from unspecified users.

  The log identification ID value β specifies the log output position. Therefore, the allocation rule for the log identification ID value β is only unique within all source codes 1. For example, if the allocation of the log identification ID β is distributed for each source file and for each function, even if development of the source code 1 is large, it can be managed without increasing the value. As a result, the source code position can be specified from the log identification ID, and source code debugging can be realized.

  The execution file generation unit 2 generates an execution file 3 that holds an execution program from the source code 1 excluding the log character string α. That is, the execution file generation unit 2 generates an intermediate file in which the log character string α is once deleted from the source code 1 and builds it into the execution file 3. Depending on the processing system, the debug character string α can be extracted by replacing the definition name.

  As a result, since the log information included in the execution file 3 is only the log identification ID β and the log data γ and there is no debug character string, even if an unspecified user looks into the contents of the execution file 3 with a binary editor or the like, The risk of reading meaningful information can be greatly improved.

  Furthermore, since the output log file 4a obtained as a result of the execution program being executed by the computer does not include the log character string α, the risk of information leakage can be suppressed. Although there is a possibility that the output log file 4 may be noticed by unspecified users, according to the above example, there is a possibility that the log identification ID β “0x35120028” and the log data γ “12345678” can be read. It is difficult for an unspecified user to interpret the code number for decrypting... As 12345678. In this way, leakage of log information to unspecified users can be prevented. FIG. 2 shows the above-described highly readable log (a) and low readable log (b).

  On the other hand, the program developer generates a log corresponding sheet 6 from the source code 1 as developer internal information by the log corresponding sheet generating unit 5. As illustrated in FIG. 3, the log correspondence sheet 6 is table information that lists pairs of log character strings α and log identification IDs β at each log output position of the source code 1 and can be referred to only by the developer. In FIG. 3, since the log output position is shown as a source file name (line number), it is possible to strongly support source code debugging.

  The log readable section 7 inputs the output log file 4a and the log correspondence sheet 6 and generates a log file 8 after making it readable. Specifically, the log character string α in the log correspondence sheet 6 and the log data γ in the output log file 4a are linked through the common log identification ID β. As a result, the post-readable log file 8 includes the log character string α and the log data γ at each log output position, and has the same readability as the output log file 4 shown in FIG. In the above example, the information “The password for decrypting... Is 12345678” can be obtained.

  According to the present invention, the developer can ensure readability to the same extent as before while completely hiding the information by not showing any readable log information (text) to the unspecified user side. Furthermore, since the log character string α is not included in the program, the size of the executable file can be reduced, and the output log includes a log identification ID β that is much smaller than the log character string α. It also has the effect of greatly improving the performance impact of log collection or increasing the amount of log collection.

  A part or all of the above-described embodiment can be described as in the following supplementary notes, but is not limited thereto.

  (Supplementary note 1) An execution program in which a highly readable log character string on the source code is uniquely IDized in the source code is generated, and a corresponding list of the log character string and the ID is separately generated from the source code. A log information leakage prevention method characterized in that after collecting logs by execution of the execution program, the correspondence list is used to make the ID a common term and reorganize the collected logs to improve readability.

  (Supplementary note 2) In addition to a highly readable text log string necessary for log data analysis and log data such as memory and variables, the log output position is specified and a unique log identification ID in the source code A procedure described in each log output position of the source code, a procedure for generating an execution program excluding the log character string from the source code, and a procedure for a computer executing the execution program to obtain an output log file; A procedure for generating a log corresponding sheet listing the log character string and log identification ID pairs from the source code, and the log character string and the output log in the log corresponding sheet via the log identification ID. Log information leakage prevention characterized by having a procedure for generating log files after making them readable by linking log data in files Method.

  (Supplementary note 3) In addition to highly readable log string of text format necessary for log data analysis and log data such as memory and variables, the log output position is specified and each log identification ID unique in the source code is An execution file generation unit that generates an execution program excluding the log character string from the source code described in the log output position, an output log file obtained by a computer executing the execution program, the log character string, and a log A log corresponding sheet generating unit that generates a log corresponding sheet listing identification ID pairs from the source code, and a log character string in the log corresponding sheet and a log in the output log file via the log identification ID. Log information leakage characterized by having a log readable section that generates a log file after making it readable by linking data Prevention device.

  The present invention is particularly suitable for programs that require real-time performance. In addition, by using different log-compatible sheets, the present invention can be applied to a purpose of controlling the reference level for each user.

1 Source Code 2 Executable File Generation Unit 3 Executable File 4 Output Log File 5 Log Corresponding Sheet Generating Unit 6 Log Corresponding Sheet 7 Log Readable Unit 8 Readable Log File 4a Output Log File α Log String β Log Identification ID
γ log data

Claims (3)

  An executable program in which a highly readable log character string on the source code is uniquely IDized in the source code is generated, and a correspondence list of the log character string and the ID is separately generated from the source code, A log information leakage prevention method, comprising: after collecting a log by executing an execution program, reorganizing the ID by using the correspondence list so that the ID is a common term and improving the readability of the collected log. In addition to log text strings in text format with high readability necessary for log data analysis and log data such as memory and variables, the log output position is specified and a unique log identification ID in the source code is assigned to each source code. The procedure described in the log output position,
A procedure for generating an execution program excluding the log character string from the source code;
A procedure in which a computer executes the execution program to obtain an output log file;
A procedure for generating a log-corresponding sheet listing the log character string and log identification ID pairs from the source code;
A log information leakage prevention method comprising a step of generating a readable log file by connecting a log character string in the log correspondence sheet and log data in the output log file via the log identification ID. In addition to log strings in text format with high readability necessary for log data analysis and log data such as memory and variables, the log output position is specified and a unique log identification ID in the source code is assigned to each log output position. An executable file generation unit that generates an execution program excluding the log character string from the described source code;
An output log file obtained by a computer executing the execution program;
A log corresponding sheet generating unit that generates a log corresponding sheet listing the log character string and log identification ID pairs from the source code;
Log information leakage prevention comprising: a log readable section that generates a readable log file by linking a log character string in the log corresponding sheet and log data in the output log file via the log identification ID apparatus.

Images