JP2013210891A - Application inspection device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an application inspection device in which even in an application such as a gray ware, security risk can be shown to a user.SOLUTION: An inspector causes all functions of inspection application 211 in an initial setting state to operate; communication log acquisition means 221 stores external communication processing as a record of a communication log 213; and operation log acquisition means 222 stores various processing including an operation by the inspector as a record of an operation log 214. Unintentional processing extraction means 223 associates a record whose processing kind of the communication log 213 is "transmission" or a record whose processing kind of the communication log 214 is "information acquisition" or "file storage" with a record whose processing kind is "operation", and extracts a record for processing for which the association was unsuccessful as an evaluation target record. Risk evaluation means 224 obtains an impact degree, which is an index of a potential risk of the inspection application 211, by using an extracted evaluation target record, so as to output it as an inspection result.

Description

  The present invention relates to an application inspection apparatus that inspects an application operating on a mobile terminal.

  A mobile terminal such as a smartphone, a mobile information terminal, and a mobile phone stores various personal information such as location information, an address book, and a schedule as well as information such as a user's telephone number and mail address. On the other hand, application programs (hereinafter simply referred to as applications) for mobile terminals such as mail software, game software, and convenient tools developed by various vendors are freely installed and used by these users. The

Some applications, however, send personal information stored in the portable terminal to the outside without asking the user for permission. This includes not only the transmission of information regarding the purpose intended by the user of the application, but also the transmission for the purpose of collecting market information by the information collector regardless of the purpose intended by the user. It is. Thus, depending on the application, there is a potential risk that personal information is transmitted regardless of the user's intention.
However, the user rarely pays attention to potential risks such as personal information being transmitted to the outside regardless of the user's intention. In addition, it is very difficult for a user to determine whether the information transmission is intended by the user or information transmission as a potential risk unrelated to the user's intention. For this reason, the user installs and uses the application without being aware of the existence of such a potential risk or not being able to cope with it.

  By the way, there is a malicious program called malware or spyware as an application for collecting information regardless of the intention of the user. However, malware and the like are originally malicious applications, and it is basically impossible for a user to install while knowing that the malware is. However, an inspection system for inspecting whether an application is malware or the like has been proposed so that malware or the like is not installed by mistake or after installation.

  For example, the program analysis apparatus described in Patent Literature 1 classifies programs by using as an addition condition the file attributes of the malicious program and the events that may occur when the malicious program is operated. That is, the program analysis apparatus executes the program on the virtual operating system and acquires the operation history. If the acquired operation history and file attributes meet the conditions for addition, points are added to classify them as “macro virus”, “bot”, “P2P worm”, “spyware”, “Trojan horse”, and “non-malicious program”. .

JP 2008-129707 A

  Some applications not only operate with functions useful to the user, but also include functions that operate unintended by the user. In this specification, such an application is called grayware. In the conventional method, an application to be inspected is started on a running virtual OS. When an application operation occurs during the subsequent lifetime, the operation history is stored, and the application is classified based on the operation history and file attributes.

  Therefore, an object of the present invention is to realize an inspection apparatus that inspects how much potential risk exists in such grayware and how it may be affected from the viewpoint of security.

  In order to solve such a problem, the present invention is an application inspection apparatus for inspecting a potential risk of an application, and operates a record including at least a processing type and an occurrence time for each processing of the application during one operation. A storage unit stored as a log; unintentional process extraction means for extracting, as an evaluation target record, a record that does not have a predetermined predetermined relationship with a record whose operation type is an operation from the operation log; and the evaluation There is provided an application inspection apparatus having a risk evaluation means for obtaining an impact degree that is an index of a potential risk based on a target record, and using the impact degree obtained by the risk evaluation means as an inspection result. There is an integrated predetermined relationship between the processing performed for the operation processing indicating the user's intention, but there is an operation processing having this integrated predetermined relationship for the processing not intended by the user. do not do. As a result, processing unintended by the user can be evaluated as a potential risk of the application using an index called impact level, and the user can determine the possibility of being affected by the application.

  In such an application inspection apparatus, the storage unit further stores a known risk that is risk information that has already been identified corresponding to the process type, and the unintentional process extraction unit includes the process type of the known risk. It is preferable to extract the evaluation target record from the records. As a result, it is possible to extract processing that is not intended by the user by using information on known risks together.

  In the application inspection apparatus, the storage unit stores a record including a communication process during one operation and the generation time thereof as a communication log, and the unintentional process extraction unit includes the communication log. It is preferable to extract, as an evaluation target record, a record that does not have a predetermined relationship integral with a record whose process type is an operation from a record whose process type is transmission. As a result, it is possible to evaluate the potential risk of information leakage due to transmission not intended by the user.

  In the application inspection apparatus, it is preferable that the unintentional process extraction unit has a relationship between a generation time of each record and an operation generation time within a predetermined time as the predetermined relationship. Accordingly, it is possible to extract a process unintended by the user by using the property that the process intended by the user is promptly performed in response to the user's operation.

  In the application inspection apparatus, it is preferable that the risk evaluation unit increases an impact degree when the evaluation target record corresponds to a known risk. Thereby, when the process unintended by the user is a known risk, the degree of influence by the application can be greatly shown to the user.

  According to the present invention, even for grayware, it is possible to show a potential risk as to how it may be affected from the viewpoint of security when a user operates an application on a terminal.

It is a figure explaining the whole structure of the application test | inspection system containing the application test | inspection apparatus to which this invention is applied. It is a figure which shows the example of a communication log. It is a figure which shows the example of an operation log. It is a figure which shows the example of a known risk. It is a figure which shows the example of a test result. It is a flowchart which shows operation | movement of an inspection process.

  Hereinafter, an embodiment of an application inspection system according to the present invention will be described with reference to the drawings. FIG. 1 is an overall configuration diagram of an application inspection system. An application inspection system 1 shown in FIG. 1 is configured by connecting an application inspection device 2 and an external server 4 via a network 3.

  The application inspection apparatus 2 is an application that functions in a state where it is installed in a mobile terminal having a communication function, and is an apparatus that inspects whether there is a latent risk in the application to be inspected. Here, an index indicating the degree of potential risk of the inspection application is defined as the degree of impact. The impact degree may be expressed as a multi-value as in the present embodiment, but may be expressed as a binary value indicating whether or not there is a potential risk. In this embodiment, the application inspection apparatus 2 is described as being installed on a mobile terminal. However, any apparatus that can operate by installing an application to be inspected may be used. It may be a personal computer or a server that executes an application at a rate. The application inspection apparatus 2 includes a storage unit 21, a control unit 22, a communication unit 23, and a display operation unit 24.

  The storage unit 21 is a storage device such as a ROM, a RAM, or a magnetic hard disk, and stores various programs and various data. The storage unit 21 is an inspection application 211 that is an inspection target application, unique information 212 of the mobile terminal, and externally via a network. It has a storage area for storing a communication log 213, which is a communication history at the time of communication, an operation log 214, a known risk 215, and an inspection result 216.

  The unique information 212 includes a terminal unique number assigned to identify the mobile terminal, various terminal identification information, position information indicating the current position by latitude and longitude, address book, mail information, schedule information, and the like.

The communication log 213 is a history of external communication in which the inspection application 211 exchanges information with the outside via the network 3. An example of a communication log is shown in FIG. The communication log 213 stores an occurrence date / time 2132, a processing type 2133, a transmission destination or reception destination 2134, transmission content or reception content 2135 as one record every time one communication occurs.
For example, in the record described in the top row, the record identifier 2131 is # 1, the processing type is “transmission”, the occurrence date is “2012/01/10 18:30:02”, the transmission destination is “X”, and the transmission content is “Position information (latitude a, longitude b), user ID, terminal identification information, Start”. These contents are sequentially recorded every time communication is performed.

The operation log 214 includes an operation history that is a record of the operation of the portable terminal by the inspector, a screen display history that is a history of contents displayed on the display operation unit 24, an information acquisition history that is a history of accessing the unique information 212, and an application A file storage history or the like that is a history of storing the generated or downloaded file is included. An example of the operation log 214 is shown in FIG. The operation log 214 stores the occurrence date and time 2142, the processing type 2143, and the processing content 2144 as one record each time an operation is executed.
For example, in the record described in the fifth row from the top, the record identifier 2141 is # 5, the occurrence date and time 2142 is “2012/01/10 18:35:00”, the processing type 2143 is “screen display”, and the processing content is “ “Do you want to get map information? Yes or end” is stored.
Here, the processing type 2143 includes activation, screen display, operation, information acquisition, and file storage. Needless to say, other various types of processing can be used as processing types.

  The known risk 215 is risk information that is already known. This is used to determine whether the communication log 213 and the operation log 214 correspond to the known risk 215. An example of the known risk 215 is shown in FIG. The known risk 215 includes a risk identification number 2151, risk information 2152, and a risk coefficient 2153. The risk identification number 2151 is automatically assigned when the risk information 2152 is set. The risk information 2152 includes a processing type 2133 of the communication log 213 or a processing type 2143 of the operation log 214, a transmission destination / transmission source 2134 or a transmission content / reception content 2135 of the communication log 213, or a processing content 2144 of the operation log 214. Information that has already been found to be high risk is registered.

In FIG. 4, since it is known that the transmission destination X has illegally collected information in the past, the risk identification number 2151 is # 1, and the transmission processing with X as the transmission destination is registered. The risk factor for calculating the impact level is “0.2”.
Similarly, since it is known that the transmission destination Y has illegally collected information in the past, the risk identification number # 2 registers the transmission processing with Y as the transmission destination, and sets the impact level described later. The risk factor to be calculated is “0.2”.
Similarly, since it is known that the transmission destination Z has illegally collected information in the past, the risk identification number # 3 registers transmission processing with Z as the transmission destination, and sets the impact level described later. The risk factor to be calculated is “0.2”.
In addition, since it is a risk that the transmitted content includes all of the position information, user ID, and terminal identification information, the risk identification number # 4 indicates that the transmitted content is position information, user ID, and terminal identification information. Is set to “0.2” as a risk coefficient for calculating the degree of impact described later.
In addition, since it is a risk that the terminal identification information is accessed without confirmation to the user (information acquisition), the risk identification number # 5 is registered as the processing type is information acquisition and processing content. “0.1” is set as a risk coefficient for calculating the impact level described later.
Further, since it is a risk from the viewpoint of information leakage to not encrypt when saving a file, the risk identification number # 6 is registered as encryption in the file storage and processing content, and the impact degree described later The risk factor for calculating is 0.1.
In addition, when saving a file, the storage destination is not a folder (folder F) whose access is restricted by another application due to the permission automatically set based on the application ID of the inspection application 211. Risk identification number # 7 is set to “0.1” as a risk coefficient for calculating the degree of impact, which will be described later, by registering folder F as the file storage and processing contents as the processing type. .
In the present embodiment, the existing risk 215 shown in FIG. 4 is used for explanation. However, the present invention is not limited to this, and processing or the like that has already been identified as a risk is appropriately registered.

The inspection result 216 is a result of evaluating the inspection application 211 by the application inspection apparatus 2, such as the impact degree of the inspection application 211.
Here, the impact degree will be described. An index indicating the degree of risk that the application to be inspected potentially has is defined as the impact level. The degree of impact is defined as the inspection result of the application to be inspected, with the presence of various processes that are not intended by the user of the application as a potential risk.
FIG. 5 shows an example of the inspection result 216. In this embodiment, evaluation items 2161 and results 2162 are stored as inspection results. Here, the evaluation items include the presence / absence of unintentional transmission, the number of transmission destinations of unintentional transmission, the number of unintentional transmissions, the number of evaluation target records, and the impact level.

  The control unit 22 includes a CPU, an MPU, and the like, and performs processing according to a program for overall control of the application inspection apparatus 2, and performs communication log acquisition unit 221, operation log acquisition unit 222, unintentional process extraction unit 223, risk evaluation unit 224. Have

  The communication log acquisition unit 221 acquires a communication log when various types of data are transmitted to or received from the external server 4 via the network 3 from the start to the end of the inspection application 211, and is stored in the communication log 213 of the storage unit 21. Let

  The operation log acquisition unit 222 is a unit that acquires a processing history from the start to the end of the inspection application 211. The operation log acquisition unit 222 “starts” the inspection application 211, “operation” performed by the inspector, “information acquisition”, “ The processing type such as “screen display” and “file save” is stored in the operation log 214 of the storage unit 21 together with the processing content and processing date and time.

  The unintended process extraction unit 223 extracts a record related to a process not intended by the user from the communication log 213 and the operation log 214. Hereinafter, “processing not intended by the user” is referred to as “unintentional processing”. A method for extracting unintentional processing will be described later with reference to FIG.

  The risk evaluation unit 224 evaluates the potential risk based on the number of records and whether the record corresponds to the known risk 215 for the record extracted by the unintentional process extraction unit 223. Then, the evaluated inspection result is stored as the inspection result 216 in the storage unit 13 and is displayed on the display operation unit 24.

  The communication unit 23 is an interface that communicates with the external server 4 via the network 3 and corresponds to the network to be connected.

  The display operation unit 24 is an input / output interface configured by a liquid crystal display with a touch panel and the like, and accepts screen display and confirmation operation during application execution. The display operation unit 24 may have a configuration in which a display device having only a display function and an input device such as an operation button are separately provided.

  The network 3 is connected to the application inspection apparatus 2 and the external server 4 and is a network such as a wide area communication network such as the Internet or a closed area communication network. It may be a general telephone line network.

  The external server 4 is a server that provides functions and services provided by the application as a main purpose via the network 3 and a server that collects information when the application arbitrarily transmits personal information in the terminal to the outside. .

  A processing flow when the application inspection apparatus 2 inspects the inspection application 211 will be described with reference to FIG. Note that the processing flow described below is controlled by a program executed by the control unit 22.

In the present embodiment, the inspection application 211 will be described as an application intended to acquire and display map information indicating the current position of the mobile terminal 2 from the transmission destination A which is one of the external servers 4.
In starting the inspection, the inspector first operates the functions of the inspection application 211 in the initial setting state, and stores the communication log 213 illustrated in FIG. 2 and the operation log 214 illustrated in FIG. 3 in the storage unit 21.
That is, when the inspector activates the application to be inspected, “Do you want to acquire map information? Yes or end” is displayed on the display operation unit 24. The inspector touches “Yes” according to the screen display of the display operation unit 24. Map information with a mark indicating the current position of the mobile terminal 2 and “Do you want to acquire map information? Yes or end” are displayed on the display operation unit 24. Next, the inspector touches “End” on the display operation unit 24, and one operation of the inspection application 211 ends.
A series of processes during this operation are stored in the storage unit 21 as the operation log 214 shown in FIG. 3 and the operation log 214 shown in FIG. 3 when the communication log 213 shown in FIG. Suppose that it is.
When the inspection application 211 receives an instruction to start the inspection, the processing in FIG. 6 is started. The communication log 213 and the operation log 214 are acquired from the storage unit 21 (step S1).

  FIG. 2 shows the communication log 213 acquired in step S1. As shown in FIG. 2, the communication log 213 records records # 1 to # 6. That is, # 1 is the transmission content {location information (latitude a, longitude b), user ID, terminal identification information, Start} at 18:30:02 on January 10, 2012, with X as the transmission destination. This record indicates that it has been sent. # 2 is a record indicating that transmission content {location information (latitude a, longitude b), terminal identification information} is transmitted at 18:30:03 on January 10, 2012, with Y as the transmission destination . # 3 is a record indicating that transmission content {location information (latitude a, longitude b), user ID} is transmitted at 18:30:04 on January 10, 2012, with Z as the transmission destination. . In # 4, transmission content {position information (latitude a, longitude b)} is transmitted at 18:35:06 on January 10, 2012, with A as the transmission destination. # 5 is a record indicating that the received content {map information (the current position mark is displayed at latitude a, longitude b)} is received at 18:35:07 on January 10, 2012 with A as the sender It is. And # 6 is the transmission contents {location information (latitude a, longitude b), user ID, terminal identification information, Finish} with X as the transmission destination at 18:38:30 on January 10, 2012 This record indicates that it has been sent.

  FIG. 3 shows the operation log 214 acquired in step S1. As shown in FIG. 3, the operation log 214 records records # 1 to # 12. That is, # 1 is a record indicating that the inspection application 211 is started at 18:30:00 on January 10, 2012. # 2 is a record indicating that position information indicating the current self position is acquired from the GPS at 18:30:01 on January 10, 2012. # 3 is a record indicating that the user ID is acquired from the unique information 212 of the storage unit 21 at 18:30:01 on January 10, 2012. # 4 is a record indicating that the terminal identification information is acquired from the unique information 212 of the storage unit 21 at 18:30:01 on January 10, 2012. # 5 is a record indicating that “Do you want to acquire map information? Yes or end” is displayed on the display operation unit 24 at 18:35:00 on January 10, 2012. # 6 is a record indicating that the display operation unit 24 has performed a “yes” operation at 18:35:05 on January 10, 2012. # 7 is a record indicating that position information indicating the current position is acquired from GPS at 18:35:07 on January 10, 2012. # 8: Display the current position mark on the latitude a and longitude b of the map information on the display operation unit 24 at 18:35:16 on January 10, 2012, and then “Do you want to acquire map information?” It is a record indicating that “Yes or End” is also displayed. # 9 is a record indicating that the display operation unit 24 has performed an “end” operation at 18:38:05 on January 10, 2012. # 10 is a record indicating that position information indicating the current position is acquired from GPS at 18:38:09 on January 10, 2012. # 11 is a record indicating that 201201011830.log is encrypted and saved in the folder F at 18:40:00 on January 10, 2012. # 12 is a record indicating that the inspection application 211 is terminated at 18:45:30 on January 10, 2012.

Returning to FIG. 6, for each record of the communication log 213 and the operation log 214 acquired in step S <b> 1, in step S <b> 2, the unintentional process extraction unit 223 performs the process type that is the risk information in the known risk 215. The records having “transmission”, “information acquisition”, and “file save” as processing types are extracted.
And the process of step S3-step S6 is performed with respect to each extracted record.
Specifically, in step S3, a comparison is made as to whether or not the record whose processing type 2143 in each record of the operation log 214 is “operation” can be associated with the record to be evaluated. Specifically, if the occurrence date / time 2142 of the record that is “operation” and the occurrence date / time 2132 or 2142 of the record of interest are close enough to be considered to be related, the processing is related. The related process has a relation that the record of the process of the operation and the record of the process of interest can be integrated as a process performed based on the operation. In the present embodiment, the related processing is performed within 2 seconds after the operation. This time may be arbitrarily determined, and may be different for each processing type. In this embodiment, the unintentional process extraction unit 223 extracts a record that is an unintentional process using the occurrence time after the operation process. However, the present invention is not limited to this, and the process type is an operation. A record having low relevance to the processing content of the record may be a record of unintentional processing. For example, the operation “end” in the record # 9 of the operation log 214 in FIG. 3 has low relevance to the processes of “transmission” and “information acquisition”. A record having low relevance to these operations may be determined in advance, and a record of unintended processing may be extracted.
In step S4, the success or failure of the association is determined, and the number of records that have not been successfully associated is counted (step S5) and set as an evaluation target (step S6).

In the communication log 213 of FIG. 2, record # 4 has been successfully associated, and record # 1 # 2 # 3 # 6 has not been successfully associated. In the operation log 214 of FIG. 3, record # 7 succeeds in association, and record # 2 # 3 # 4 # 10 # 11 does not succeed in association. Therefore, the number of records to be evaluated is “9”. The records to be evaluated are # 1 # 2 # 3 # 6 for the record of the communication log 213 and # 2 # 3 # 4 # 10 # 11 for the record of the operation log 214.
Here, the record to be evaluated is a record as a result of processing performed by the inspection application 211 without the intention of the user. There is a correlation between the number of records and the magnitude of potential risk.

  Next, in step S7, the risk evaluation means 224 performs an impact degree calculation process. That is, the impact degree is calculated as impact degree = number of records to be evaluated / number of known risk processing records. In the present embodiment, the impact degree = 9/11 = 0.8. Since the impact level is an index indicating the magnitude of the potential risk, the number of evaluation target records may be simply used as the impact level.

  Next, the risk evaluation unit 224 repeatedly performs the processing from step S8 to step S12 on the evaluation target record. This process is performed in order to improve the accuracy with the risk information that has already been determined the impact degree calculated in step S7.

First, in step S8, each evaluation target record is checked against risk information of the known risk 215 shown in FIG. Specifically, if the evaluation target record is a record of the communication log 213, the transmission destination in the risk information 2152 is a record that matches any of X, Y, and Z (known risks # 1, # 2, # 3) and a record whose transmission contents are “location information, user ID, terminal identification information” (known risk # 4) are collated. Further, if the evaluation target record is the operation log 214, it is a record of processing for acquiring terminal identification information (known risk # 5), or a record obtained by encrypting the file when the file is saved (known risk # 6). Or, it is verified whether the file is stored in the folder F (known risk # 7).
And when it corresponds to known risk # 1- # 4 (step S9: coincidence), it progresses to step S10 and adds the risk coefficient "0.2" corresponding to the impact degree calculated | required and used as reference in step S7. On the other hand, when it does not correspond to the known risks # 1 to # 4 (step S9: mismatch), the process proceeds to step S11. If it matches with known risks # 5 to # 7 in step S11, a risk coefficient “0.1” corresponding to the reference impact degree is added in step S12. In step S11, if it does not match the known risks # 5 to # 7, it is determined that the record is not a record that increases the impact level as a known risk, and no risk coefficient is added.

In the present embodiment, # 1, # 2, # 3, and # 6 of the evaluation target records in the communication log 213 are recognized as known risks, so that the risk coefficient “0.2” is set to step S7. It is added to the impact level of the standard obtained in the above. Of the evaluation target records in the operation log 214, # 2, # 3, # 10, and # 11 are not records that increase the impact level as a known risk, and a risk coefficient is added to the standard impact level. There is no. In addition, # 4 of the evaluation target record in the operation log 214 is determined to be coincident in step S11, and the risk coefficient “0.1” is added to the degree of impact obtained in step S7. Note that # 11 of the evaluation target record in the operation log 214 is encrypted in the “file save” and saved in the folder F, and is a known risk that is registered and described with risk information that is a risk when the state is the reverse of the description. Even if it collates with # 6 to # 7, it is determined in step S11 that they do not match.
In this embodiment, the degree of impact = 0.8 (step S7) +0.8 (the record matched in step S9) +0.1 (the record matched in step S11) = 1.7 is calculated.

In this way, the calculated degree of impact is stored in the storage unit 21 as the inspection result 216 shown in FIG. Here, a method for obtaining the result shown in FIG. 5 will be described.
The evaluation item “presence / absence of unintentional transmission: result (present)” is “present” if the record of the communication log 213 is included in the evaluation target record in step S2, and “not present” if not included. It becomes. In this evaluation item, the fact that there was unintentional transmission alone indicates the possibility that a potential risk exists.
The evaluation item “number of transmission destinations of unintentional transmission” refers to the number of transmission destinations by referring to the transmission destination 2134 of the record of the communication log 213 among the evaluation target records in step S2. This number is a result indicating that information is transmitted to various destinations as the number increases, and the potential risk is high.
The evaluation item “number of unintentional transmissions” is the number obtained by counting the records of the communication log 213 among the evaluation target records in step S2. The result shows that the higher the number of unintentional transmissions, the higher the potential risk.
The evaluation item “number of evaluation target records” is the number of evaluation target records counted in step S2. The result shows that the larger the number of records to be evaluated, the higher the potential risk.
The “impact level” of the evaluation item is an index that takes into account a known risk, and the larger the number, the higher the potential risk. Note that information that is closely related to potential risks, such as other evaluation items shown in FIG. 5, may be used as the impact level. Other evaluation items include known risks # 1 to # 4 such as “the number of transmission destinations that should be avoided among unintentional transmissions” and “the number of transmissions that should be avoided among unintentional transmissions”. It is possible to focus on unintentional transmission to a specific destination by using the number counted for the matching evaluation target records. In addition, paying attention to the content of transmission, the type of information in the content of transmission is specified, and the evaluation of "number of types of content of transmission of unintentional transmission" indicating that the potential risk is higher as various information is transmitted An item may be provided. In addition, paying attention to the frequency of the processing type “file save” in the evaluation target records, for example, the number of times when the credential information is included but not encrypted is saved in an easily accessible place. You may provide the evaluation item which counts the frequency | count when it is. Further, paying attention to the frequency of the processing type “information acquisition” in the evaluation target records, for example, an evaluation item for counting the number of times of information acquisition, the number of types of information acquisition and the breakdown thereof may be provided.

  As a result, the user can refer to the evaluation result of the impact level of the application, and can determine whether the application can be used before executing the application, reduce the security risk due to grayware, and It is possible to prevent the transmission of information related to the user on an unintended terminal, and the use of an application that inappropriately manages the user's credential information / privacy information.

The present invention is not limited to the above-described embodiment, and many changes and modifications can be made. For example, in FIG. 6, the case where the risk evaluation unit 224 repeatedly performs the processing of step S8 to step S12 on the evaluation target record has been described, but this processing has already found the impact degree calculated in step S7. In order to improve the accuracy by using the risk information, the inspection result may be output by omitting the accuracy when the accuracy of the impact degree is not required.

DESCRIPTION OF SYMBOLS 1 ... Application inspection system 2 ... Application inspection apparatus 21 ... Memory | storage part 211 ... Inspection application 212 ... Specific information 213 ... Communication log 214 ... Operation log 215 ... Known risk 216 ... Test result 22 ... Control unit 221 ... Communication log acquisition means 222 ... Operation log acquisition means 223 ... Unintentional process extraction means 224 ... Risk evaluation means 23 ... Communication part 24 ... Display operation unit 3 ... Network 4 ... External server

Claims (5)

An application inspection device for inspecting potential risks of an application,
A storage unit that stores, as an operation log, a record including at least a processing type and an occurrence time for each process of the application during one operation;
Unintentional process extraction means for extracting, as an evaluation target record, a record that does not have a predetermined predetermined relationship with the record whose operation type is operation from the operation log;
Having a risk evaluation means for obtaining an impact level that is an index of potential risk based on the evaluation target record;
An application inspection apparatus characterized in that an impact degree obtained by the risk evaluation means is used as an inspection result. The storage unit further stores a known risk that is risk information that has already been identified corresponding to the processing type,
The application inspection apparatus according to claim 1, wherein the unintended process extraction unit extracts an evaluation target record from a record of a process type of the known risk. The storage unit stores, as a communication log, a record including a communication process during the course of operation and an occurrence time thereof,
The unintentional process extraction means extracts, as an evaluation target record, a record that does not have a predetermined predetermined relationship with a record whose process type is an operation from a record whose process type is transmission in the communication log. The application inspection apparatus according to claim 1 or 2, characterized in that   4. The unintentional process extraction unit according to claim 1, wherein the relationship between the occurrence time of each record and the occurrence time of the operation is within a predetermined time as the predetermined relationship. Application inspection device of description. The application inspection apparatus according to claim 2, wherein the risk evaluation unit increases the degree of impact when the evaluation target record corresponds to a known risk.

Images