WO2015131324A1 - Procédé, appareil et dispositif de détection de sécurité de logiciel - Google Patents

Procédé, appareil et dispositif de détection de sécurité de logiciel Download PDF

Info

Publication number
WO2015131324A1
WO2015131324A1 PCT/CN2014/072826 CN2014072826W WO2015131324A1 WO 2015131324 A1 WO2015131324 A1 WO 2015131324A1 CN 2014072826 W CN2014072826 W CN 2014072826W WO 2015131324 A1 WO2015131324 A1 WO 2015131324A1
Authority
WO
WIPO (PCT)
Prior art keywords
summary information
verification
original
software code
network element
Prior art date
Application number
PCT/CN2014/072826
Other languages
English (en)
Chinese (zh)
Inventor
谭平
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN201480000117.8A priority Critical patent/CN105190637A/zh
Priority to PCT/CN2014/072826 priority patent/WO2015131324A1/fr
Publication of WO2015131324A1 publication Critical patent/WO2015131324A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Definitions

  • the present invention relates to the field of information security technologies, and in particular, to a software security detection method, apparatus, and device. Background technique
  • Malware can modify or replace software on some network element devices, invade the system of the network element device, destroy the system, or steal information on the network element device.
  • the integrity of the software on the network element device can be verified by using a digital signature, that is, the network management device can generate a digital signature of the software when the software is released or upgraded, and package the digital signature in the software. Then, it is sent to the network element device, and the network element device verifies the security of the software according to the digital signature before loading the software, and loads the software after the verification is passed.
  • the embodiment of the invention provides a software security detection method, device and device, which solves the problem that the network element device in the prior art is difficult to protect the dynamic security during the running of the software.
  • a software security detection method includes: [07] a network management device obtains from a network element device The original summary information, where the original summary information is summary information generated by the network element device for software code loaded in the memory;
  • the network management device receives the verification summary information sent by the network element device, where the verification summary information is summary information generated by the network element device during the running of the software code; [09] The network management device compares whether the verification summary information is consistent with the original summary information, and if not, determines that the software code is unsecure, and if yes, determines that the software code is secure.
  • the network management device obtains the original summary information from the network element device, including: [11] the network management device to the network element device Sending a request message of the original summary information, and receiving the original summary information returned by the network element device according to the request message of the original summary information; or
  • the network management device receives the original summary information reported to the network management device when the network element device loads the software code in the memory.
  • the network management device receives the verification summary information sent by the network element device , including:
  • the network management device receives the verification summary information reported by the network element device according to a set time period
  • the network management device sends a report request message for verifying summary information to the network element device, and receives the verification summary information returned by the network element device according to the report request message of the verification summary information.
  • a software security detection method is provided, where the method includes:
  • the network element device sends the original summary information to the network management device, where the original summary information is summary information generated by the network element device for the software code loaded in the memory;
  • the network element device sends the verification summary information of the software code to the network management device during the running of the software code, so that the network management device compares the verification summary information with the original summary information. Determine if the software code is secure.
  • the network element device sends the original summary information to the network management device, including:
  • the network element device receives the request message of the original summary information sent by the network management device, and generates the original summary information for the software code loaded in the memory according to the request message of the original summary information, and the Sending the original summary information to the network management device; or [21] The network element device generates the original summary information for the software code when the software code is loaded in the memory, and reports the original summary information to the network management device.
  • the network element device is in the process of running the software code
  • the network management device sends the verification summary information of the software code, including:
  • the network element device generates the verification summary information of the software code according to the set time period, and sends the verification summary information to the network management device during the running of the software code;
  • the network element device receives the report request message of the verification summary information sent by the network management device during the running of the software code, and generates the verification summary information of the software code according to the report request message of the verification summary information. And sending the verification summary information to the network management device.
  • a software security detecting apparatus includes:
  • an obtaining unit configured to obtain original summary information from the network element device, where the original summary information is summary information generated by the network element device for software code loaded in the memory;
  • a receiving unit configured to receive the verification summary information sent by the network element device, where the verification summary information is summary information generated by the network element device during the running of the software code;
  • a detecting unit configured to compare whether the verification summary information received by the receiving unit is consistent with the original summary information obtained by the obtaining unit, and if not, determining that the software code is unsafe, and if yes, Determine the software code security.
  • the obtaining unit includes: a request message sending subunit and a first original digest receiving subunit;
  • the request message sending subunit configured to send a request message of the original digest information to the network element device
  • the first original digest receiving subunit configured to receive the original digest information returned by the network element device according to the request message of the original digest information sent by the request message sending subunit;
  • the obtaining unit includes: a second original digest receiving subunit; [34] The second original digest receiving subunit is configured to receive the original digest information reported by the network element device when the software code is loaded in the memory.
  • the receiving unit includes: a first verification digest receiver Unit
  • the first verification digest receiving subunit configured to receive the verification summary information reported by the network element device according to a set time period
  • the receiving unit includes: a report request sending subunit and a second verification digest receiving subunit;
  • the report request sending subunit configured to send a report request message of the verification summary information to the network element device
  • the second verification digest receiving subunit is configured to receive the verification digest information returned by the network element device according to the reporting request message of the verification digest information sent by the reporting request sending subunit.
  • a software security detecting apparatus includes:
  • the first sending unit is configured to send the original summary information to the network management device, where the original summary information is summary information generated for the software code loaded in the memory;
  • a second sending unit configured to send, to the network management device, verification summary information of the software code during the running of the software code, so that the network management device compares the verification sent by the second sending unit The summary information and the original summary information sent by the first sending unit determine whether the software code is secure.
  • the first sending unit includes: a request message receiving subunit, a first original digest generating subunit, and a first original Summary sending subunit;
  • the request message receiving subunit configured to receive a request message of the original summary information sent by the network management device
  • the first original digest generating subunit configured to receive the original received by the subunit according to the request message
  • the request message of the summary information generates the original summary information for the software code loaded in the memory
  • the first original digest sending subunit configured to send the original digest information generated by the first original digest generating subunit to the network management device
  • the first sending unit includes: a second original digest generating subunit and a second original digest sending subunit;
  • the second original digest generating subunit configured to generate the original digest information for the software code when the software code is loaded in the memory
  • the second original digest sending subunit is configured to report, to the network management device, original digest information generated by the second original digest generating subunit.
  • the second sending unit includes: a first verification digest generating unit and a first verification digest sending subunit;
  • the first verification digest generating unit is configured to generate verification summary information of the software code according to a set time period during the running of the software code
  • the first verification digest sending subunit configured to send the verification digest information generated by the first verification digest generating unit to the network management device
  • the second sending unit includes: a report request receiving subunit, a second verification digest generating subunit, and a second verification digest sending subunit;
  • the report request receiving subunit configured to receive a report request message of the verification summary information sent by the network management device during the running of the software code
  • the second verification digest generating subunit configured to generate verification digest information of the software code according to the reporting request message of the verification digest information received by the reporting request receiving subunit;
  • the second verification digest sending subunit is configured to send the verification digest information generated by the second verification digest generating subunit to the network management device.
  • the fifth aspect provides a network management device, where the network management device includes: a network interface and a processor, where
  • the network interface configured to obtain original summary information from a network element device, where the original summary information is summary information generated by the network element device for software code loaded in a memory, and receiving the network element device
  • the verification summary information that is sent, the verification summary information is summary information generated by the network element device during the running of the software code
  • the processor is configured to compare whether the verification summary information is consistent with the original summary information, and if not, determine that the software code is unsafe, and if yes, determine that the software code is secure.
  • the network interface is specifically configured to send a request message of the original digest information to the network element device, and receive the network element The original summary information returned by the device according to the request message of the original summary information; or the original summary information reported to the network management device when the network element device loads the software code in the memory.
  • the network interface is specifically configured to receive the network element device according to And the verification summary information reported by the set time period; or sending the report request message of the verification summary information to the network element device, and receiving the report returned by the network element device according to the report request message of the verification summary information Verify summary information.
  • a network element device includes: a network interface and a processor, where
  • the processor is configured to send the original summary information to the network management device by using the network interface, where the original summary information is summary information generated by the network element device for software code loaded in the memory, and Sending, by the network interface, the verification summary information of the software code to the network management device, in the running of the software code, to enable the network management device to determine the verification by comparing the verification summary information with the original summary information. Is the software code secure?
  • the processor is specifically configured to: after the network interface receives the request message of the original digest information sent by the network management device, Generating the original summary information for the software code loaded in the memory according to the request message of the original summary information, and sending the original summary information to the network management device through the network interface; or loading in the memory And generating, by the software code, the original summary information for the software code, and using the network interface to the network management The device reports the original summary information.
  • the processor is specifically used in the running process of the software code Generating verification summary information of the software code according to the set time period, and sending the verification summary information to the network management device through the network interface; or, when the software code is running, when the network interface After receiving the report request message of the verification summary information sent by the network management device, generating the verification summary information of the software code according to the report request message of the verification summary information, and sending the verification summary information to the network interface through the network interface The network management device.
  • the network management device obtains the original summary information from the network element device, where the original summary information is summary information generated by the network element device for the software code loaded in the memory, and the network element device runs during the software code.
  • the verification summary information is generated, and the network management device receives the verification summary information sent by the network element device, and compares whether the verification summary information is consistent with the original summary information. If not, it determines that the software code is insecure, and if so, determines the software code security.
  • the network element device can send the summary information in the running process of the software to the network management device, so that it can detect whether the software is maliciously attacked during the running process, so that the software in the running process can be performed on the network element device. The security is protected and the dynamic security of the software is improved.
  • FIG. 1A is a flow chart of an embodiment of a software security detection method according to the present invention.
  • FIG. 1B is a flow chart of another embodiment of a software security detection method according to the present invention.
  • FIG. 2 is a flow chart of another embodiment of a software security detection method according to the present invention.
  • FIG. 3 is a flow chart of another embodiment of a software security detection method according to the present invention.
  • FIG. 4 is a flowchart of another embodiment of a software security detection method according to the present invention.
  • FIG. 5 is a flowchart of another embodiment of a software security detection method according to the present invention.
  • FIG. 6 is a block diagram of an embodiment of a software security detecting apparatus according to the present invention.
  • FIG. 7 is a block diagram of another embodiment of a software security detecting apparatus of the present invention.
  • FIG. 8 is a block diagram of an embodiment of a network management device of the present invention.
  • FIG. 9 is a block diagram of an embodiment of a network element device of the present invention. detailed description
  • FIG. 1A is a flowchart of an embodiment of a software security detection method according to the present invention.
  • the embodiment describes a security detection process during software operation from a network management device side:
  • Step 101 The network management device obtains the original summary information from the network element device, where the original summary information is summary information generated by the network element device for the software code loaded in the memory.
  • the network management device may send the request message of the original digest information to the network element device, and receive the original digest information returned by the network element device according to the request message of the original digest information; or the network management device may also receive the network element device.
  • Step 102 The network management device receives the verification summary information sent by the network element device, where the verification summary information is summary information generated by the network element device during the running of the software code.
  • the network management device may receive the verification summary information reported by the network element device according to the set time period; or the network management device may send the report of the verification summary information to the network element device, and receive the network element device according to the Verification summary information returned by the report request message of the verification summary information.
  • Step 103 The network management device compares the verification summary information with the original summary information. If not, it determines that the software code is not secure, and if so, determines the software code security.
  • FIG. 1B is a flowchart of another embodiment of a software security detection method according to the present invention. The embodiment describes a security detection process during software operation from a network element device side:
  • Step 111 The network element device sends the original summary information to the network management device, where the original summary information is summary information generated by the network element device for the software code loaded in the memory.
  • the network element device may receive the request message of the original summary information sent by the network management device, generate the original summary information for the software code loaded in the memory according to the request message of the original summary information, and send the original summary information to the The network management device; or the network element device may also generate the original summary information for the software code when the software code is loaded in the memory, and report the original summary information to the network management device.
  • Step 112 The network element device sends the verification summary information of the software code to the network management device during the running of the software code, so that the network management device determines whether the software code is secure by comparing the verification summary information with the original summary information.
  • the network element device may generate the verification summary information of the software code according to the set time period during the running of the software code, and send the verification summary information to the network management device; or the network element device may also be in the software code.
  • the device sends a verification summary message of the verification summary information sent by the network management device, generates a verification summary information of the software code according to the report request message of the verification summary information, and sends the verification summary information to the network management device.
  • the network element device can send the summary information in the running process of the software to the network management device, so that it can detect whether the software is maliciously attacked during the running process, so that the network element device can be run on the network element device.
  • the security of the software in the protection protects the dynamic security of the software.
  • Step 201 The network element device loads the software into the memory.
  • the network element device may be specifically a single board or the like.
  • the network element device may be provided with a system on chip (SoC) security chip and a memory connected through a bus, wherein the SoC security chip It can further include a Central Processing Unit (CPU), a Field-Programmable Gate Array (FPGA), a Digital Signal Processor (DSP), and a Complex Programmable Logic ( Complex Programmable Logic). Device, CPU)), etc.
  • the memory can include random access memory (RAM), flash memory, and the like.
  • the network management device When the network management device releases new software or software that upgrades the existing software, it generates a digital signature for the software, that is, the summary information of the network management device calculation software, and encrypts the summary information by the private key to generate a number. Signing, packaging the digital signature in the software, and sending the software package to the network element device.
  • the network element device After receiving the software package, the network element device obtains the digital signature therein, and decrypts the digital signature with the public key to obtain the first a summary information, and the second summary information of the software is calculated in the same manner as the network management device side. If the first summary information is consistent with the second summary information, the software to be loaded is safe, if the first summary information and the second If the summary information is inconsistent, the software to be loaded is not secure, so as to ensure the static security of the software to be loaded.
  • the software is loaded into the memory, and the loading process may include decompressing and initializing the software. After the loading is completed, the software is usually in the form of software code. Running in memory, ie the software to be loaded is different from the software code loaded into memory.
  • Step 202 The network management device sends a request message of the original summary information to the network element device.
  • the network management device can be specifically an operation and maintenance center (OMC) device, and each network management device can implement communication with multiple network element devices.
  • OMC operation and maintenance center
  • the network management device may send the request message of the original summary information to the network element device, and the network management device may send the request message after the preset time after the software package is sent to the network element device. Time to ensure that the network element device can complete the loading of the software code in the memory.
  • Step 203 The network element device generates the original summary information after the software message loaded in the memory according to the request message of the original summary information.
  • the network element device calculates the digest information of the software code that has been loaded in the memory, and uses the digest information as the original digest information.
  • the summary information may also be referred to as a Message Digest, or a Digital Digest, which is a unique fixed-length value corresponding to the software code, which may be a one-way hash (Hash) encryption function to the software.
  • the code is generated. If the software code itself changes, the calculated summary information will also change, so the summary information can verify the security and integrity of the software code.
  • Step 204 The network element device sends the original summary information to the network management device.
  • Step 205 The network management device saves the original summary information.
  • Step 206 The network element device generates the verification summary information of the software code according to the set time period during the running of the software code.
  • the network element device may calculate the summary information of the software code according to the set time period during the running of the software code, and use the summary information as the verification summary information.
  • the network element device can set a timer. When the timer period of the timer arrives, the network element device is triggered to calculate the verification summary information of the timing period. In this step, the calculation method and process of the verification summary information are consistent with the original summary information, and are not described here.
  • Step 207 The network element device reports the verification summary information to the network management device.
  • Step 208 The network management device compares the verification summary information with the original summary information. When the verification summary information is inconsistent with the original summary information, the software code is determined to be insecure. When the verification summary information is consistent with the original summary information, the software code is determined. Safety.
  • the network management device can obtain the saved original summary information, and then compare whether the verification summary information is consistent with the original summary information. If they are consistent, it can be determined that the software code has not been tampered with during operation, and the software code is secure. If it is inconsistent, it can be determined that the software code has been tampered with during operation, so the software code is not secure. At this time, the network management device can trigger an alarm, or the administrator can perform manual intervention.
  • the network element device can send the summary information in the running process of the software to the network management device, so that it can detect whether the software is maliciously attacked during the running process, so that the network element device can be run on the network element device.
  • the security of the software in the protection protects the dynamic security of the software.
  • Step 301 The network element device loads software into the memory.
  • the network element device may be specifically a single board or the like, and the network element device may be provided with a SoC security chip and a memory, wherein the SoC security chip may further include a CPU, an FPGA, a DSP, a CPLD, and the like.
  • the memory can contain RAM, Flash, and so on.
  • the network management device When the network management device releases new software or software that upgrades existing software, it will generate a digital signature for the software, package the digital signature in the software, and send the software package to the network element device.
  • the network element device After receiving the software package, the network element device obtains the digital signature therein, and determines the software by verifying the digital signature. Whether it is safe, so as to ensure the static security of the software to be loaded.
  • the specific process of verifying the received software by the network element device is consistent with the description in the foregoing step 201, and details are not described herein again.
  • the software is loaded into the memory, and the loading process may include decompressing and initializing the software. After the loading is completed, the software is usually in the form of software code. Running in memory, ie the software to be loaded is different from the software code loaded into memory.
  • Step 302 The network management device sends a request message of the original summary information to the network element device.
  • the network management device can be specifically an OMC device, and each network management device can implement communication with multiple network element devices.
  • the network management device may send the request message of the original summary information to the network element device, and the network management device may send the request message after the preset time after the software package is sent to the network element device. Time to ensure that the network element device can complete the loading of the software code in the memory.
  • Step 303 The network element device generates the original summary information after the software message loaded in the memory according to the request message of the original summary information.
  • the network element device calculates the digest information of the software code that has been loaded in the memory, and uses the digest information as the original digest information.
  • the summary information may be generated by a one-way Hash encryption function acting on the software code. If the software code itself changes, the calculated summary information may also change, so the summary information can verify the security of the software code and Integrity.
  • Step 304 The network element device sends the original summary information to the network management device.
  • Step 305 The network management device saves the original summary information.
  • Step 306 The network element device receives the report request message of the verification summary information sent by the network management device during the running of the software code.
  • Step 307 The network element device generates verification summary information of the software code according to the report request message of the verification summary information.
  • the network element device After receiving the report request message of the verification summary information, the network element device calculates the summary information of the software code running in the current memory, and uses the summary information as the verification summary information, and the calculation manner and process of the verification summary information are consistent with the original summary information. , will not repeat them here.
  • Step 308 The network element device sends the verification summary information to the network management device.
  • Step 309 The network management device compares the verification summary information with the original summary information. When the verification summary information is inconsistent with the original summary information, determining that the software code is insecure, and determining the software code when the verification summary information is consistent with the original summary information. Safety. [131] After receiving the verification summary information, the network management device can obtain the saved original summary information, and then compare whether the verification summary information is consistent with the original summary information. If they are consistent, it can be determined that the software code has not been tampered with during the running process, and the software code is secure. If it is inconsistent, it can be determined that the software code has been tampered with during operation, so the software code is not secure. At this time, the network management device can trigger an alarm, or the administrator can perform manual intervention.
  • the network element device can send the summary information in the running process of the software to the network management device, so that it can detect whether the software is maliciously attacked during the running process, and thus can run on the network element device.
  • the security of the software in the protection protects the dynamic security of the software.
  • FIG. 4 it is a flowchart of another embodiment of the software security detection method of the present invention:
  • Step 401 The network element device loads the software into the memory.
  • the network element device may be specifically a single board or the like, and the network element device may be provided with a SoC security chip and a memory, wherein the SoC security chip may further include a CPU, an FPGA, a DSP, a CPLD, and the like.
  • the memory can contain RAM, Flash, and so on.
  • Step 402 The network element device generates original summary information for the software code when the software code is loaded in the memory.
  • the network element device in this embodiment may generate summary information of the software code in real time after loading the software code, and use the summary information as the original summary information.
  • the summary information may be generated by a one-way Hash encryption function acting on the software code. If the software code itself changes, the calculated summary information may also change, so the summary information can verify the security of the software code and Integrity.
  • Step 403 The network element device reports the original summary information to the network management device.
  • Step 404 The network management device saves the original summary information.
  • Step 405 The network element device generates the verification summary information of the software code according to the set time period during the running of the software code.
  • the network element device may calculate the summary information of the software code according to the set time period during the running of the software code, and use the summary information as the verification summary information.
  • the network element device can set a timer. When the timer period of the timer arrives, the network element device is triggered to calculate the verification summary information of the timing period. In this step, the calculation method and process of the verification summary information are consistent with the original summary information, and are not described here.
  • Step 406 The network element device reports the verification summary information to the network management device.
  • Step 407 The network management device compares the verification summary information with the original summary information. When the verification summary information is inconsistent with the original summary information, the software code is determined to be insecure. When the verification summary information is consistent with the original summary information, the software code is determined. Safety. [145] After receiving the verification summary information, the network management device can obtain the saved original summary information, and then compare whether the verification summary information is consistent with the original summary information. If they are consistent, it can be determined that the software code has not been tampered with during the operation, and the software code is secure. If it is inconsistent, it can be determined that the software code has been tampered with during operation, so the software code is not secure. At this time, the network management device can trigger an alarm, or the administrator can perform manual intervention.
  • the network element device can send the summary information in the running process of the software to the network management device, so that it can detect whether the software is maliciously attacked during the running process, so that the network element device can be run on the network element device.
  • the security of the software in the protection protects the dynamic security of the software.
  • Step 501 The network element device loads the software into the memory.
  • the network element device may be specifically a single board or the like, and the network element device may be provided with a SoC security chip and a memory, wherein the SoC security chip may further include a CPU, an FPGA, a DSP, a CPLD, and the like.
  • the memory can contain RAM, Flash, and so on.
  • the network management device When the network management device releases new software or software that upgrades existing software, it will generate a digital signature for the software, package the digital signature in the software, and send the software package to the network element device.
  • the network element device After receiving the software package, the network element device obtains the digital signature therein, and determines whether the software is secure by verifying the digital signature, thereby ensuring the static security of the software to be loaded.
  • the specific process of verifying the received software by the network element device is consistent with the description in the foregoing step 201, and details are not described herein again.
  • Step 502 The network element device generates original summary information for the software code when the software code is loaded in the memory.
  • Step 503 The network element device reports the original summary information to the network management device.
  • Step 504 The network management device saves the original summary information.
  • the network element device in this embodiment may generate summary information of the software code in real time after the software code is loaded, and use the summary information as the original summary information.
  • the summary information may be generated by a one-way Hash encryption function acting on the software code. If the software code itself changes, the calculated summary information may also change, so the summary information can verify the security of the software code and Integrity.
  • Step 505 The network element device receives the report request message of the verification summary information sent by the network management device during the running of the software code.
  • the difference between the embodiment shown in FIG. 2 and FIG. 4 is that, in the running process of the software code on the network element device, the network management device can send the report request message of the verification summary information in real time according to the administrator's requirement.
  • Step 506 The network element device generates verification summary information of the software code according to the report request message of the verification summary information. [157] After receiving the report request message of the verification summary information, the network element device calculates the summary information of the software code running in the current memory, and uses the summary information as the verification summary information to verify the calculation manner and process of the summary information. The original summary information is consistent and will not be described here.
  • Step 507 The network element device sends the verification summary information to the network management device.
  • Step 508 The network management device compares the verification summary information with the original summary information. When the verification summary information is inconsistent with the original summary information, determining that the software code is insecure, and determining the software code when the verification summary information is consistent with the original summary information. Safety.
  • the network management device can obtain the saved original summary information, and then compare whether the verification summary information is consistent with the original summary information. If they are consistent, it can be determined that the software code has not been tampered with during the operation, and the software code is secure. If it is inconsistent, it can be determined that the software code has been tampered with during operation, so the software code is not secure. At this time, the network management device can trigger an alarm, or the administrator can perform manual intervention.
  • the network element device can send the summary information in the running process of the software to the network management device, so that it can detect whether the software is maliciously attacked during the running process, and thus can run on the network element device. The security of the software in the protection protects the dynamic security of the software.
  • the present invention also provides an embodiment of a software security detecting device, a network management device, and a network element device.
  • a software security detecting apparatus may be disposed on a network management device side:
  • the apparatus includes: an obtaining unit 610, a receiving unit 620, and a detecting unit 630.
  • the obtaining unit 610 is configured to obtain original summary information from the network element device, where the original summary information is summary information generated by the network element device for software code loaded in the memory; [166] receiving unit 620 And for receiving the verification summary information sent by the network element device, where the verification summary information is summary information generated by the network element device during the running of the software code;
  • the detecting unit 630 is configured to compare whether the verification summary information received by the receiving unit 610 is consistent with the original summary information obtained by the obtaining unit 620, and if not, determining that the software code is unsafe. If so, the software code is determined to be secure.
  • the obtaining unit 610 may include (not shown in FIG. 6): [169] a request message sending subunit, configured to send a request message of the original digest information to the network element device;
  • a first original digest receiving subunit configured to receive the original digest information returned by the network element device according to the request message that sends the original digest information sent by the subunit according to the request message.
  • the obtaining unit 610 may also include (not shown in FIG. 6): [172] a second original digest receiving subunit, configured to receive, after the network element device is loaded in the memory, The original summary information reported when the software code is reported.
  • the receiving unit 620 may include (not shown in FIG. 6):
  • the first verification digest receiving subunit is configured to receive the verification digest information reported by the network element device according to the set time period;
  • the receiving unit 620 may also include (FIG. 6 Not shown):
  • a report request sending subunit configured to send a report request message of the verification summary information to the network element device
  • a second verification digest receiving subunit configured to receive the verification digest information returned by the network element device according to the reporting request message of the verification digest information sent by the sub-unit.
  • FIG. 7 is a block diagram of another embodiment of a software security detecting apparatus according to the present invention.
  • the apparatus may be disposed on a network element device side:
  • the apparatus includes: a first transmitting unit 710 and a second transmitting unit 720.
  • the first sending unit 710 is configured to send the original summary information to the network management device, where the original summary information is summary information generated for the software code loaded in the memory;
  • the second sending unit 720 is configured to send the verification summary information of the software code to the network management device during the running of the software code, so that the network management device sends the comparison by the second sending unit.
  • the verification summary information and the original summary information sent by the first sending unit determine whether the software code is secure.
  • the first sending unit 710 may include (not shown in FIG. 7):
  • a request message receiving subunit configured to receive a request message of the original digest information sent by the network management device;
  • a first original digest generating subunit configured to generate the original digest information for the software code loaded in the memory according to the request message that the request message receives the original digest information received by the subunit;
  • the first original digest sending subunit is configured to send the original digest information generated by the first original digest generating subunit to the network management device.
  • the first sending unit 710 may also include (not shown in FIG. 7):
  • a second original digest generating subunit configured to generate the original digest information for the software code when the software code is loaded in the memory
  • a second original digest sending subunit configured to report, to the network management device, original digest information generated by the second original digest generating subunit.
  • the second sending unit 720 may include (not shown in FIG. 7):
  • a first verification digest generating unit configured to generate verification summary information of the software code according to a set time period during the running of the software code
  • the first verification digest sending subunit is configured to send the verification digest information generated by the first verification digest generating unit to the network management device.
  • the second sending unit 720 may also include (not shown in FIG. 7):
  • a report request receiving subunit configured to receive a report request message of the verification summary information sent by the network management device during the running of the software code
  • a second verification digest generating subunit configured to generate verification digest information of the software code according to the reporting request message of the verification digest information received by the reporting request receiving subunit;
  • the second verification digest sending subunit is configured to send the verification digest information generated by the second verification digest generating subunit to the network management device.
  • FIG. 8 is a block diagram of an embodiment of the network management device of the present invention:
  • the network management device includes: a network interface 810 and a processor 820.
  • the network interface 810 is configured to obtain original summary information from a network element device, where the original summary information is summary information generated by the network element device for software code loaded in a memory, and receive the The verification summary information sent by the network element device, where the verification summary information is summary information generated by the network element device during the running of the software code;
  • the processor 820 is configured to compare the verification summary information Whether it is consistent with the original summary information, if not, determining that the software code is unsafe, and if so, determining that the software code is secure.
  • the network interface 810 may be specifically configured to send a request message of the original digest information to the network element device, and receive a request message returned by the network element device according to the request message of the original digest information. Or the original summary information reported to the network management device when the network element device loads the software code in the memory.
  • the network interface 810 may be specifically configured to receive the verification summary information that is reported by the network element device according to a set time period; or send a report of the verification summary information to the network element device. And requesting the message, and receiving the verification summary information returned by the network element device according to the report request message of the verification summary information.
  • FIG. 9 a block diagram of an embodiment of a network element device of the present invention is shown:
  • the network element device includes: a network interface 910 and a processor 920.
  • the processor 920 is configured to send the original summary information to the network management device by using the network interface 910, where the original summary information is a summary generated by the network element device for the software code loaded in the memory. And the verification summary information of the software code is sent to the network management device by using the network interface 910 during the running of the software code, so that the network management device compares the verification summary information with the original The summary information determines if the software code is secure.
  • the processor 920 may be specifically configured to: when the network interface receives the request message of the original digest information sent by the network management device, the request message according to the original digest information is loaded in the memory.
  • the software code in the middle generates the original summary information, and sends the original summary information to the network management device through the network interface; or, when the software code is loaded in the memory, generates the software code
  • the original summary information is reported, and the original summary information is reported to the network management device by using the network interface.
  • the processor 920 may be specifically configured to follow the setting during the running of the software code. And generating the verification summary information of the software code, and sending the verification summary information to the network management device through the network interface; or, when the software code is running, when the network interface receives the network management After the report request message of the verification summary information sent by the device, the verification summary information of the software code is generated according to the report request message of the verification summary information, and the verification summary information is sent to the network management device by using the network interface. .
  • the network management device obtains the original summary information from the network element device, where the original summary information is summary information generated by the network element device for the software code loaded in the memory, and the network element device is in the process of running the software code.
  • the verification summary information is generated, and the network management device receives the verification summary information sent by the network element device, and compares whether the verification summary information is consistent with the original summary information. If not, it determines that the software code is insecure, and if so, determines the software code security.
  • the network element device can send the summary information in the running process of the software to the network management device, so that it can detect whether the software is maliciously attacked during the running process, so that the software in the running process can be performed on the network element device.
  • the security is protected and the dynamic security of the software is improved.
  • the techniques in the embodiments of the present invention can be implemented by means of software plus the necessary general hardware platform. Based on such understanding, the technical solution in the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product, which may be stored in a storage medium such as a ROM/RAM. , a diskette, an optical disk, etc., includes instructions for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform the methods described in various embodiments of the present invention or in some portions of the embodiments.
  • a computer device which may be a personal computer, server, or network device, etc.

Abstract

La présente invention concerne un procédé, un appareil et un dispositif de détection de sécurité de logiciel. Le procédé comprend les étapes suivantes dans lesquelles : un dispositif de gestion de réseau obtient des informations de résumé d'origine à partir d'un dispositif d'élément de réseau, lesdites informations de résumé d'origine étant des informations de résumé générées par le dispositif d'élément de réseau pour un code logiciel chargé dans une mémoire ; le dispositif de gestion de réseau reçoit des informations de résumé de vérification envoyées par le dispositif d'élément de réseau, les informations de résumé de vérification étant des informations de résumé générées par le dispositif d'élément de réseau lors de l'exécution du code logiciel ; et le dispositif de gestion de réseau compare les informations de résumé de vérification avec les informations de résumé d'origine pour déterminer si elles sont cohérentes, si ce n'est pas le cas, il détermine que le code logiciel n'est pas sécurisé, et si c'est le cas, il détermine que le code logiciel est sécurisé. En faisant appel aux modes de réalisation de la présente invention, il est possible de détecter si un logiciel souffre d'une attaque malveillante pendant l'exécution dudit logiciel, du fait qu'un dispositif d'élément de réseau peut envoyer, à un dispositif de gestion de réseau, des informations de résumé pendant l'exécution du logiciel, de sorte que la sécurité d'un logiciel s'exécutant sur le dispositif d'élément de réseau peut être protégée, ce qui améliore la sécurité dynamique du logiciel.
PCT/CN2014/072826 2014-03-04 2014-03-04 Procédé, appareil et dispositif de détection de sécurité de logiciel WO2015131324A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201480000117.8A CN105190637A (zh) 2014-03-04 2014-03-04 软件安全性检测方法、装置及设备
PCT/CN2014/072826 WO2015131324A1 (fr) 2014-03-04 2014-03-04 Procédé, appareil et dispositif de détection de sécurité de logiciel

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2014/072826 WO2015131324A1 (fr) 2014-03-04 2014-03-04 Procédé, appareil et dispositif de détection de sécurité de logiciel

Publications (1)

Publication Number Publication Date
WO2015131324A1 true WO2015131324A1 (fr) 2015-09-11

Family

ID=54054338

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/072826 WO2015131324A1 (fr) 2014-03-04 2014-03-04 Procédé, appareil et dispositif de détection de sécurité de logiciel

Country Status (2)

Country Link
CN (1) CN105190637A (fr)
WO (1) WO2015131324A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106096388A (zh) * 2016-05-31 2016-11-09 北京小米移动软件有限公司 一种代码安全处理方法、装置、终端设备及系统
CN107085675A (zh) * 2016-02-16 2017-08-22 爱特梅尔公司 受控安全代码验证

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108875372B (zh) * 2017-12-29 2022-07-26 安天科技集团股份有限公司 一种代码检测方法、装置、电子设备及存储介质
US11128474B2 (en) * 2019-03-25 2021-09-21 Micron Technology, Inc. Secure device communication

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1514375A (zh) * 2003-07-21 2004-07-21 蒋正华 一种软件保护方法
CN102208003A (zh) * 2010-03-31 2011-10-05 鸿富锦精密工业(深圳)有限公司 软件程序保护系统及方法
CN103065072A (zh) * 2011-10-21 2013-04-24 北京大学 提高Java软件破解难度的方法及装置、版权验证方法

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0881559B1 (fr) * 1997-05-28 2003-08-20 Siemens Aktiengesellschaft Système d'ordinateur et méthode pour protéger des logiciels
CN101996286B (zh) * 2009-08-10 2013-01-16 北京多思科技发展有限公司 动态安全度量的实现方法、安全度量装置和应用系统
CN101783801B (zh) * 2010-01-29 2013-04-24 福建星网锐捷网络有限公司 一种基于网络的软件保护方法、客户端及服务器
CN102375953B (zh) * 2010-08-10 2015-03-18 上海贝尔股份有限公司 软件认证方法和软件认证设备
CN103501294B (zh) * 2010-08-18 2017-03-08 北京奇虎科技有限公司 判断程序是否恶意的方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1514375A (zh) * 2003-07-21 2004-07-21 蒋正华 一种软件保护方法
CN102208003A (zh) * 2010-03-31 2011-10-05 鸿富锦精密工业(深圳)有限公司 软件程序保护系统及方法
CN103065072A (zh) * 2011-10-21 2013-04-24 北京大学 提高Java软件破解难度的方法及装置、版权验证方法

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107085675A (zh) * 2016-02-16 2017-08-22 爱特梅尔公司 受控安全代码验证
CN107085675B (zh) * 2016-02-16 2022-05-17 爱特梅尔公司 受控安全代码验证
CN106096388A (zh) * 2016-05-31 2016-11-09 北京小米移动软件有限公司 一种代码安全处理方法、装置、终端设备及系统
CN106096388B (zh) * 2016-05-31 2019-04-16 北京小米移动软件有限公司 一种代码安全处理方法、装置、终端设备及系统

Also Published As

Publication number Publication date
CN105190637A (zh) 2015-12-23

Similar Documents

Publication Publication Date Title
US11632248B2 (en) Systems, methods and apparatuses for device attestation based on speed of computation
US11722308B2 (en) Systems, methods and apparatuses for device attestation based on speed of computation
US8966642B2 (en) Trust verification of a computing platform using a peripheral device
WO2018050081A1 (fr) Procédé et appareil d'authentification d'identité de dispositif, et support de stockage
JP5949572B2 (ja) 車両不正状態検出方法、車載システムにおける制御方法、およびシステム
US20090013181A1 (en) Method and attestation system for preventing attestation replay attack
WO2016019790A1 (fr) Procédé de vérification, client, serveur et système pour progiciel d'installation
JP6190404B2 (ja) 受信ノード、メッセージ受信方法およびコンピュータプログラム
CN111538961B (zh) 软件的激活方法、装置、设备和存储介质
US20180204004A1 (en) Authentication method and apparatus for reinforced software
US20160028549A1 (en) Information processing system and electronic device
WO2015131324A1 (fr) Procédé, appareil et dispositif de détection de sécurité de logiciel
US20160315963A1 (en) A method and apparatus for detecting that an attacker has sent one or more messages to a receiver node
US11222116B2 (en) Heartbeat signal verification
WO2015058324A1 (fr) Procédé de vérification de la sécurité d'une connexion tcp
CN110619194A (zh) 一种升级包加密、解密方法及装置
CN108242997B (zh) 安全通信的方法与设备
Wu et al. Research on vehicle cybersecurity based on dedicated security hardware and ECDH algorithm
EP2973203B1 (fr) Systèmes, procédés et appareils pour attester un dispositif sur la base de la vitesse de calcul
CN112541187B (en) Cloud computing method and cloud computing cluster
CN117614670A (zh) 一种通信控制方法、装置、电子设备及存储介质
CN110704815A (zh) 数据包代码签名及其验证方法、装置、系统及存储介质
CN117112428A (zh) 软件的检测方法、装置、设备及存储介质
CN112541187A (zh) 一种云计算方法及云计算集群
EP3087714A1 (fr) Procédé et appareil pour détecter qu'un attaquant a envoyé un ou plusieurs messages à un noeud récepteur

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201480000117.8

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14884563

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14884563

Country of ref document: EP

Kind code of ref document: A1