CN113761539B - HongMong security vulnerability defense method and system - Google Patents
HongMong security vulnerability defense method and system Download PDFInfo
- Publication number
- CN113761539B CN113761539B CN202110902805.5A CN202110902805A CN113761539B CN 113761539 B CN113761539 B CN 113761539B CN 202110902805 A CN202110902805 A CN 202110902805A CN 113761539 B CN113761539 B CN 113761539B
- Authority
- CN
- China
- Prior art keywords
- security
- hong
- defense
- application
- vulnerability
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a defense method and a system of hong security holes, which take a hong system as an analysis object, and firstly formally describe the defense method of the hong security holes as < Q, PEC, F, rho, delta >; first performing primary HOPE vulnerability detection according to an input application set; according to the detection result, combining the application set for detecting the HOPE vulnerability with the defense component; and re-using the PEC to detect HOPE loopholes by the processed application; and finally judging the effectiveness of the method according to the results of the two loopholes detection. The method is suitable for repairing and defending security vulnerabilities of the hong system, can defend HOPE vulnerabilities in most hong devices, has higher defending effect and lower interception error, can defend HOPE vulnerabilities in the hong system and potential DoS attack risks, and meets the requirement on security defending of the hong system.
Description
Technical Field
The invention relates to a vulnerability defense analysis technology of a high-security-level information system, in particular to a vulnerability defense analysis method of a hong system, and provides a practical code layer security vulnerability defense method and system based on hong application.
Background
The hong Monte System is a full scene oriented distributed operating system, defined as a microkernel based full scene distributed operating system. Because of its distributed nature and deployment coverage goals include almost all internet of things devices, the hong-Meng system is considered to be a "very wide coverage, internet of things operating system with distributed capabilities". The system has the characteristics of three types of equipment, namely a mobile phone operating system, a distributed operating system and an Internet of things operating system, and simultaneously means that the system needs to face the security problems of three aspects. Wu et al found a vulnerability (Wu J, liu S, ji S, yang M, luo T, wu Y, wang Y. Acceptance beyond acceptance: crashi ng android system by trapping in "uncaught exception"), proceedings-2017IEEE/ACM 39th International Conference on Software Engineering:Software Engineering in Practice Track,ICSE-SEIP 2017, 2017:283-292) that could force the system critical process to be stopped during a special exception handling process, resulting in system critical services being shut down and unexpected shut down, and resulted in a potential DoS attack vulnerability at the system level, which essentially belongs to an exception handling system with higher authority than system services, performing an override shut down service behavior. Lu'. 1 s Costa et al report a vulnerability identification method on internet of things devices (Costa L, barres JP, tavares m.vulnerabilities in iot devices for smart home environment.ici ssp 2019-Proceedings of the 5th International Conference on Information Systems Security and Privacy,2019:615-622.) by TCP/IP network discovery and use of its tools to find actual vulnerabilities in two commercial devices. The method provided by the method can be rapidly used for identifying simple vulnerabilities in the network attack, but other types of vulnerabilities cannot be identified.
When the cross-device calling capability source code of the hong system is studied, the invention discovers an unknown type of code bug, which is called a security bug (Harmony-OS-Permission-Escape Vulnerability). The permission escape behavior caused by this vulnerability may allow malicious applications to arbitrarily invoke other cross-device applications and initiate more severe cross-device DoS (denial of service) attacks. Analysis finds that such rights verification can falsely upgrade the identity information of the caller when checking the identity relationship of the caller and the callee, thereby causing rights escape and override behavior to occur. The loopholes pose a great threat to the security of the hong Monte systems and the privacy of users, and need to be detected and repaired in time. However, no defense method for such loopholes exists at present.
Disclosure of Invention
The invention aims at providing a defending method PED (Permission-Escape Defender) capable of comprehensively and accurately repairing and defending Permission Escape holes (cross-device call holes) aiming at the characteristics of a hong Monte-ging system.
The invention relates to a hong Menu security vulnerability defense method, which takes a hong Menu system cross-device calling module as an analysis object, and has the following technical scheme:
a hong Monte security vulnerability defense method takes a hong Monte system as an analysis object and comprises the following steps:
1) Formally expressing the security breach defense method as < Q, PEC, F, ρ, δ >, wherein:
Q={S 1 ,S 2 -representing a security defensive state, a finite set of states, wherein 1 Representing the security defense valid state S 2 Representing a security defense disabled state;
the PEC is a hong security vulnerability detection method (Permission-Escape latch) and can be used for judging the existence of HOPE (Harmony OS Permission Escape) vulnerability;
W={w 1 ,w 2 ,……,w n "represents a set of hong Mongolian applications, where w i Represents a certain hong Meng application;
f is a security defense component, and authority verification is carried out on a sending end of an application call request to defend HOPE vulnerabilities;
ρ is the security processing method for the application for combining the security defense component F with the hong Monte application w i Combining;
delta is a defense effect judging method for judging whether security defense can be achieved after rho treatment;
2) Vulnerability detection is carried out on the W application set by using a hong Mongolian security vulnerability detection method PEC, a detection result is obtained, and an initial security defense state Q is set as S 2 I.e. the default security defense state is an invalid state;
3) Aiming at all applications with the detection result of HOPE vulnerability in the W application set, combining a security defense component F by using a security processing method rho to obtain a security processed application set W';
4) Performing vulnerability detection on the processed W' application set by using a hong Mongolian security vulnerability detection method PEC, and obtaining a detection result;
5) And (3) judging the effectiveness of the security vulnerability defense method by using a delta method according to the detection results obtained in the step (2) and the step (4) as input, and synchronously maintaining or changing the security defense state Q.
The above step 1) formally describes the security breach defense method < Q, PEC, F, ρ, δ >, which represents an essential element in security breach defense.
The step of performing vulnerability detection on the W application set by using PEC in the step 2) includes:
2a) Formally expressing the security breach detection method as<Q′,Σ′,ρ′,q′ 0 ,F′>Wherein:
Q′={S′ 1 ,S′ 2 -representing a finite set of states, wherein S' 1 Indicating a state without security hole S' 2 A state indicating a security breach;
Σ′={ω i |ω i e (O W) } represents a finite set of inputs, where ω i A Cartesian product of the HongMonte device set O and the HongMonte application set W;
safety test method ρ ': Σ' → {0,1}, for determining ω i In the case of whether or not a security hole (HOPE hole) exists, 0 indicates that no security hole exists, and 1 indicates that a security hole existsHoles, "→" represents the process of processing elements in the input set Σ;
a state transition function delta ': Q ' ×ρ ' (Σ ')→ Q ', wherein ρ ' (Σ ') represents a security test result obtained after testing Σ ' using ρ ';
q′ 0 =S′ 1 representing an initial state;
F′={S′ 1 -representing a set of accept states;
2b) Dynamically probing a list of connectable devices around a hong Monte device, device o carried over a PEC 0 Obtaining a target device o 0 An available hong Meng device set O;
2c) Acquiring application identity information of a target hong application, and acquiring a corresponding application identity information set by taking a hong application set W as input;
2d) Taking device information (a connectable device list comprising an ID of each connectable device) in the hong device set O and application information (a callable application list comprising a package name of each callable application) in the hong application set W as parameters to carry out trial calling of remote applications, acquiring remote calling result information, and judging whether security holes exist or not according to the remote calling result information;
2e) And remotely attempting the DoS attack by using the loop triggering vulnerability logic, acquiring remote call result information after the DoS attack, and judging whether the DoS attack vulnerability exists or not according to the remote call result information after the DoS attack.
In the step 3), the security processing method ρ is used to combine the security defense component F, and the step of obtaining the application set W' after security processing is:
3a) Application w i Is placed in the same application as the security defense component F;
3b) Modifying the original w i The distributed calling interface mode in the application replaces the original hong Mongolian calling API with a security defense method provided by the security defense component F;
3c) Packaging the modified application to obtain a new application w' i ;
3d) All applications detected as ' HOPE vulnerability containing ' by adopting the PEC method are subjected to the steps 3 a) to 3 c), and all the processed applications are placed in an application set W ';
wherein, step 3 a) applies w to the original application i The security defense component F is placed in the same application as the security defense component F, whose operating logic is:
and (3) rewriting a cross-device calling interface of the hong Mongolian system, performing authority detection before sending a calling request, judging whether identity information of a caller is identical to that of an application to be called, if so, normally executing a cross-device calling flow, and if not, refusing to execute.
The step of using the delta method to judge the effectiveness of the security vulnerability defense method according to the detection results obtained in the step 2) and the step 4) in the step 5) is as follows:
5a) Obtaining the detection results obtained in the step 2) and the step 4);
5b) Judging the obtained detection result, and only when the first detection result in the step 2) is { including the HOPE vulnerability }, and the second detection result in the step 4) is { not including the HOPE vulnerability }, determining that the effectiveness of the defense method is verified under the experimental condition, and changing the security defense state Q to S 1 I.e. security defensive valid state.
Based on the same inventive concept, the invention also provides a hong Meng security vulnerability defense system adopting the method, which comprises the following steps:
the pre-vulnerability detection module is used for performing vulnerability detection on the hong application set W by using the hong security vulnerability detection method PEC to obtain detection results, and setting the initial security defense state Q as S 2 I.e. the default security defense state is an invalid state;
the defensive processing module is used for combining the security defensive component F by using a security processing method rho aiming at all applications with HOPE loopholes in the hong application set W as detection results to obtain a hong application set W' subjected to security processing;
the post-vulnerability detection module is used for carrying out vulnerability detection on the processed hong application set W' by using a hong security vulnerability detection method PEC, and obtaining a detection result;
the defending effectiveness judging module is used for judging the effectiveness of the security vulnerability defending by using the defending effect judging method delta according to the detection results obtained by the pre-vulnerability detecting module and the post-vulnerability detecting module as input, and synchronously maintaining or changing the security defending state Q.
The invention adopts a modularized processing method, and divides the vulnerability defense step to be carried out into 4 modules for processing: detection vulnerability module M for acquiring vulnerability states before and after repair 1 Application-independent check logic processing permission check module M 2 Combining the original application with M 2 Application combination repair module M for combination repair 3 Defense effectiveness judging module M for judging vulnerability defense according to repaired re-detection result 4 . Multiple modules are used in cooperation with each other, firstly M is used 1 Detection is performed, then M is used 3 Will M 2 Combining with the original application, and finally reusing M 1 Re-testing the combined application and using M 4 The module analyzes the front and back results to give a defense effectiveness conclusion. The modularized operation process improves the comprehensibility of the system, ensures that the system has high cohesion and low coupling, and reduces the unnecessary influence among modules. The invention realizes the security vulnerability defense method on the hong Monte system, and solves the problem that the security defense method aiming at HOPE vulnerability in the hong Monte system is lost.
According to the method, initial HOPE loopholes are detected according to an input application set, the application set with detected HOPE loopholes and a defense component are combined according to detection results, the HOPE loopholes are detected by using PEC again through the processed application, and finally the effectiveness of the method is judged according to the results of two loopholes detection. The method is suitable for repairing and defending security vulnerabilities of the hong system, can defend HOPE vulnerabilities in most hong devices, has higher defending effect and lower interception error, can defend HOPE vulnerabilities in the hong system and potential DoS attack risks, and meets the requirement on security defending of the hong system.
Drawings
FIG. 1 is a schematic diagram of a security vulnerability defense process based on a hong system according to the present invention;
FIG. 2 is a flow chart of a security processing method ρ combining security defensive components F;
fig. 3 is a flowchart for determining the validity of PED.
Detailed Description
The invention is further illustrated by way of example with reference to the accompanying drawings, which in no way limit the scope of the invention.
The general flow of the security vulnerability defense method based on the hong Monte system of the invention is shown in fig. 1, taking an actual detection vulnerability as an example, specifically comprising:
1) Firstly, input, namely a W application set, is acquired, and W= { W in actual detection 1 ,w2,w 3 ,w 4 And initialize its initial defense valid state Q to S 2 。
2) HOPE vulnerability detection of application of PEC to W application set, wherein the result obtained by PEC in actual detection is { W } 1 With HOPE holes, w 2 With HOPE holes, w 3 There is a hole for the HOPE to leak, 4 no HOPE holes }.
3) According to the result obtained in the step 2), the security processing method rho is used for combining the security defense component F with the application with the HOPE vulnerability in the application set W, and the application set W' after security processing is obtained, wherein the specific combination mode is as shown in fig. 2, and the method comprises the following steps:
3a) Application w i The security defense component F is arranged in the same application as the application prototype;
3b) Searching remote call use list, modifying original w i The distributed calling interface mode in the application replaces the called API with a security defense method provided by the security defense component F;
3c) Packaging the modified application to obtain a new application w' i ;
3d) Detecting all PECs as applications containing HOPE holes, performing the steps 3 a) to 3 c), and placing all the processed applications in an application set W';
in this example W '= { W' 1 ,w′ 2 ,w′ 3 }。
4) HOPE vulnerability detection of W 'using PEC, in actual detection PEC obtains { W' 1 No HOPE loopholes, w' 2 No HOPE loopholes, w' 3 No HOPE holes }.
5) Using delta method, according to the results of 2) and 4), carrying out effectiveness discrimination on the security vulnerability defense method PED: the actual judgment method is as shown in FIG. 3, only when w is 2) i The application results were HOPE vulnerable and w 'in 4)' i When the application result is no HOPE loophole, the defense method is judged to be effective, and the defense effective state is changed into S 1 The method comprises the steps of carrying out a first treatment on the surface of the The results according to 2) and 4) in the examples make it possible to obtain that in the present example the PED defense method is effective.
The step of performing vulnerability detection on the W application set by using PEC in the step 2) includes:
2a) Formally expressing the security breach detection method as<Q′,Σ′,ρ′,q′ 0 ,F′>Wherein:
Q′={S′ 1 ,S′ 2 -representing a finite set of states, wherein S' 1 Indicating a state without security hole S' 2 A state indicating a security breach;
Σ′={ω i |ω i e (O W) } represents a finite set of inputs, where ω i A Cartesian product of the HongMonte device set O and the HongMonte application set W;
safety test method ρ ': Σ' → {0,1}, for determining ω i If a security hole (hop hole) exists, 0 indicates that no security hole exists, 1 indicates that a security hole exists, and "→" indicates a process of processing an element in the input set Σ;
a state transition function delta ': Q ' ×ρ ' (Σ ')→ Q ', wherein ρ ' (Σ ') represents a security test result obtained after testing Σ ' using ρ ';
q′ 0 =S′ 1 representing an initial state;
F′={S′ 1 -representing a set of accept states;
2b) Dynamically probing a list of connectable devices around a hong Monte device, device o carried over a PEC 0 Obtaining a target device o 0 An available hong Meng device set O;
2c) Acquiring application identity information of a target hong application, and acquiring a corresponding application identity information set by taking a hong application set W as input;
2d) Taking device information (a connectable device list comprising an ID of each connectable device) in the hong device set O and application information (a callable application list comprising a package name of each callable application) in the hong application set W as parameters to carry out trial calling of remote applications, acquiring remote calling result information, and judging whether security holes exist or not according to the remote calling result information;
2e) And remotely attempting the DoS attack by using the loop triggering vulnerability logic, acquiring remote call result information after the DoS attack, and judging whether the DoS attack vulnerability exists or not according to the remote call result information after the DoS attack.
In the step 2 b), the operation load device of the PEC is used as a device input, and when the connectable device list of the device is obtained, the devicemanager.
In the step 2 c), the application information sets obtained after the to-be-input hong Monte application sets W are sequentially input correspond to the elements in the original hong Monte application set W one by one.
The steps of remotely calling and judging whether the loophole exists in the step 2 d) are as follows:
2 d-a) acquiring an experimental set Σ ', Σ' representing a limited input set, wherein ω i The Cartesian product of the HongMonte device set O and the HongMonte application set W: Σ' = { ω i |ω i E (O W) }, and its initial state q' 0 Put into S' 1 A state, namely a no-loophole state, entering the step 2 d-b);
2 d-b) taking the experimental set sigma' as an input set, acquiring current execution parameters, and entering the step 2 d-c);
2 d-c) executing a remote call sample by using the parameters acquired in the 2 d-b), and entering the step 2 d-d);
2 d-d) collecting experimental results after remote calling is performed to obtain an experimental result data set, and entering the step 2 d-e);
2 d-e) judging whether all the tests of the current experimental set sigma are finished, if so, entering the step 2 d-f), otherwise, turning to the step 2 d-b);
2 d-f) sequentially judging whether the security hole occurs according to the acquired experimental result data set, and if the security hole occurs, setting the state thereof as S 2 I.e. a leaky state, and the experimental conditions (target hong Monte device o i Applied omega to target hong Meng j The combination of) and the vulnerability triggering situation are saved to the security vulnerability set, otherwise, the vulnerability triggering situation is not saved: f '= { S' 1 The method comprises the steps that the method is a receiving state set, namely, the vulnerability-free state is a normal safety state, and the method is not processed; and ending the remote call vulnerability judging step after all the experimental result data sets are processed.
Step 2 d-f) sequentially judges whether security holes occur according to the acquired experimental result data set, and the judging method comprises the following steps: based on the experimental result data set, on the target hong Monte device o i Applied omega to target hong Meng j On the premise of combined test, the target hong Monte device o is judged i Whether or not the target hong Monte application omega is automatically started j If the automatic starting is carried out, the vulnerability is considered to exist under the experimental condition, otherwise, the vulnerability is considered to not exist under the experimental condition. The method of this step is the state transition function delta' mentioned above.
The steps 2 b) to 2 d) are all contents included in the security test method ρ' in the formal expression of the security breach judging method.
The step of remotely attempting the DoS attack and judging whether the DoS attack vulnerability exists in the step 2 e) is as follows:
2 e-a) judging whether the security hole in the step 2 d) is contained or not according to the parameters of the primary experimental scene, if so, converting the step 2 e-b) to perform DoS risk judgment, otherwise, acquiring the data of the next experimental result and repeating the step 2 e-a);
2 e-b) obtaining experimental conditions (target hong Monte device o) for which it has been determined that a security breach exists i Applied omega to target hong Meng j ) Adding a circulation calling command into PoC of the security hole, detecting the risk of DoS attack, and transferring to 2 e-c); wherein PoC means Proof of Concept, which refers to an attack sample that can effectively utilize the hole of the HOPE;
2 e-c) collecting and storing experimental data after DoS attack risk detection, namely obtaining an experimental result data set, and transferring to 2 e-d);
2 e-d) judging whether all the tests of the current experimental set sigma' are finished, if so, entering a step 2 e-e), otherwise, turning to the step 2 e-a);
2 e-e) sequentially judging whether the DoS attack risk exists or not according to the experimental result data sets obtained in the step 2 e-c), storing the DoS attack risk conditions into a security vulnerability set, and ending the step of analyzing the DoS risk state after all experimental result data sets are processed.
Based on the same inventive concept, another embodiment of the present invention provides a hong Meng security vulnerability defense system adopting the above method, which comprises:
the pre-vulnerability detection module is used for performing vulnerability detection on the hong application set W by using the hong security vulnerability detection method PEC to obtain detection results, and setting the initial security defense state Q as S 2 I.e. the default security defense state is an invalid state;
the defensive processing module is used for combining the security defensive component F by using a security processing method rho aiming at all applications with HOPE loopholes in the hong application set W as detection results to obtain a hong application set W' subjected to security processing;
the post-vulnerability detection module is used for carrying out vulnerability detection on the processed hong application set W' by using a hong security vulnerability detection method PEC, and obtaining a detection result;
the defending effectiveness judging module is used for judging the effectiveness of the security vulnerability defending by using the defending effect judging method delta according to the detection results obtained by the pre-vulnerability detecting module and the post-vulnerability detecting module as input, and synchronously maintaining or changing the security defending state Q.
Based on the same inventive concept, another embodiment of the present invention provides an electronic device (computer, server, smart phone, etc.) comprising a memory storing a computer program configured to be executed by the processor, and a processor, the computer program comprising instructions for performing the steps in the inventive method.
Based on the same inventive concept, another embodiment of the present invention provides a computer readable storage medium (e.g., ROM/RAM, magnetic disk, optical disk) storing a computer program which, when executed by a computer, implements the steps of the inventive method.
The above-disclosed embodiments of the present invention are intended to aid in understanding the contents of the present invention and to enable the same to be carried into practice, and it will be understood by those of ordinary skill in the art that various alternatives, variations and modifications are possible without departing from the spirit and scope of the invention. The invention should not be limited to what has been disclosed in the examples of the specification, but rather by the scope of the invention as defined in the claims.
Claims (7)
1. A method for defending a hong-Meng security breach, comprising the steps of:
1) Formally expressing the security breach defense method as < Q, PEC, F, ρ, δ >, wherein: q= { S 1 ,S 2 -representing a security defensive state, wherein S 1 Representing the security defense valid state S 2 Representing a security defense disabled state; PEC is a hong-Monte security vulnerability detection method for judging existence of the hop vulnerability; w= { W 1 ,w 2 ,……,w n "represents a set of hong Mongolian applications, where w i Represents a certain hong Meng application; f is a security defense component, and authority verification is carried out on a sending end of an application call request to defend HOPE vulnerabilities; ρ is the security processing method for the application for combining the security defense component F with the hong Monte application w i Proceeding withCombining; delta is a defense effect judging method for judging whether security defense can be achieved after rho treatment;
2) Performing vulnerability detection on the hong application set W by using a hong security vulnerability detection method PEC, obtaining a detection result, and setting an initial security defense state Q as S 2 I.e. the default security defense state is an invalid state;
3) Aiming at all applications with HOPE loopholes in the hong application set W, combining a security defense component F by using a security processing method rho to obtain a hong application set W' subjected to security processing;
4) Performing vulnerability detection on the processed hong application set W' by using a hong security vulnerability detection method PEC, and obtaining a detection result;
5) Judging the effectiveness of the security vulnerability defense method by using the defense effect judgment method delta according to the detection results obtained in the step 2) and the step 4) as input, and synchronously maintaining or changing the security defense state Q;
the step 2) of performing vulnerability detection on the hong application set W by using the PEC includes:
2a) Formally expressing the security breach detection method as < Q ', < Sigma ', < p ', < Q ' ' 0 F' >, wherein: q '= { S' 1 ,S′ 2 -representing a finite set of states, wherein S' 1 Indicating a state without security hole S' 2 A state indicating a security breach; Σ' = { ω i |ω i E (O W) } represents a finite set of inputs, where ω i A Cartesian product of the HongMonte device set O and the HongMonte application set W; safety test method ρ': sigma'. Fwdarw {0,1} for determining ω i If a security hole exists, 0 indicates that no security hole exists, 1 indicates that a security hole exists, and "→" indicates a process of processing elements in the input set Σ; state transition function δ': q '×ρ' (Σ ')→q', where ρ '(Σ') represents a security test result obtained after Σ'is tested using ρ'; q's' 0 =S′ 1 Representing an initial state; f '= { S' 1 -representing a set of accept states;
2b) Dynamically detecting a connectable device list around the hong Monte devices to obtain a hong Monte device set O;
2c) Taking the hong Mongolian application set W as input to obtain a corresponding application information set;
2d) Taking the device information in the hong device set O and the application information in the hong application set W as parameters to carry out trial calling of the remote application, acquiring remote calling result information, and judging whether security holes exist or not according to the remote calling result information;
2e) And remotely attempting the DoS attack by using the loop triggering vulnerability logic, acquiring remote call result information after the DoS attack, and judging whether the DoS attack vulnerability exists or not according to the remote call result information after the DoS attack.
2. The hong-and-Monte security vulnerability defense method of claim 1, wherein the combining the security defense component F using the security processing method ρ in step 3) to obtain the security processed application set W' includes:
3a) Application w i Is placed in the same application as the security defense component F;
3b) Modifying the original w i The distributed calling interface mode in the application replaces the original hong Mongolian calling API with a security defense method provided by the security defense component F;
3c) Packaging the modified application to obtain a new application w' i ;
3d) All applications detected as "containing hop holes" by PEC method are subjected to steps 3 a) to 3 c), and all the processed applications are placed in the application set W'.
3. The hong security breach defense method of claim 2 wherein step 3 a) is said placing the original application wi in the same application as the security defense component F, wherein the security defense component F has the following logic: and (3) rewriting a cross-device calling interface of the hong Mongolian system, performing authority detection before sending a calling request, judging whether identity information of a caller is identical to that of an application to be called, if so, normally executing a cross-device calling flow, and if not, refusing to execute.
4. The method of hong and Monte security breach defense of claim 1, wherein step 5) comprises:
5a) Obtaining the detection results obtained in the step 2) and the step 4);
5b) Judging the acquired detection result, and considering that the effectiveness of the defense method is verified only when the first detection result in the step 2) is { including the HOPE loophole }, and the second detection result in the step 4) is { not including the HOPE loophole }, and changing the security defense state Q to S 1 I.e. security defensive valid state.
5. A hong-and-Monte security breach defense system employing the method of any one of claims 1-4, comprising:
the pre-vulnerability detection module is used for performing vulnerability detection on the hong application set W by using the hong security vulnerability detection method PEC to obtain detection results, and setting the initial security defense state Q as S 2 I.e. the default security defense state is an invalid state;
the defensive processing module is used for combining the security defensive component F by using a security processing method rho aiming at all applications with HOPE loopholes in the hong application set W as detection results to obtain a hong application set W' subjected to security processing;
the post-vulnerability detection module is used for carrying out vulnerability detection on the processed hong application set W' by using a hong security vulnerability detection method PEC, and obtaining a detection result;
the defending effectiveness judging module is used for judging the effectiveness of the security vulnerability defending by using the defending effect judging method delta according to the detection results obtained by the pre-vulnerability detecting module and the post-vulnerability detecting module as input, and synchronously maintaining or changing the security defending state Q.
6. An electronic device comprising a memory and a processor, the memory storing a computer program configured to be executed by the processor, the computer program comprising instructions for performing the method of any of claims 1-4.
7. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program which, when executed by a computer, implements the method of any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110902805.5A CN113761539B (en) | 2021-08-06 | 2021-08-06 | HongMong security vulnerability defense method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110902805.5A CN113761539B (en) | 2021-08-06 | 2021-08-06 | HongMong security vulnerability defense method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113761539A CN113761539A (en) | 2021-12-07 |
| CN113761539B true CN113761539B (en) | 2023-10-17 |
Family
ID=78788598
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110902805.5A Active CN113761539B (en) | 2021-08-06 | 2021-08-06 | HongMong security vulnerability defense method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113761539B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113672933B (en) * | 2021-08-06 | 2023-06-20 | 中国科学院软件研究所 | HongMong security vulnerability detection method and system |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102945351A (en) * | 2012-11-05 | 2013-02-27 | 中国科学院软件研究所 | Security vulnerability fixing method based on two-dimensional code for mobile intelligent terminal in cloud environment |
| US9454659B1 (en) * | 2014-08-15 | 2016-09-27 | Securisea, Inc. | Software vulnerabilities detection system and methods |
| CN109165511A (en) * | 2018-08-08 | 2019-01-08 | 深圳前海微众银行股份有限公司 | Web security breaches processing method, system and computer readable storage medium |
| CN109218336A (en) * | 2018-11-16 | 2019-01-15 | 北京知道创宇信息技术有限公司 | Loophole defence method and system |
| WO2019071126A1 (en) * | 2017-10-06 | 2019-04-11 | Stealthpath, Inc. | Methods for internet communication security |
| CN110912890A (en) * | 2019-11-22 | 2020-03-24 | 上海交通大学 | Novel vulnerability attack detection system for intranet |
| CN112235283A (en) * | 2020-10-10 | 2021-01-15 | 南方电网科学研究院有限责任公司 | Vulnerability description attack graph-based network attack evaluation method for power engineering control system |
| CN112733150A (en) * | 2021-01-12 | 2021-04-30 | 哈尔滨工业大学 | Firmware unknown vulnerability detection method based on vulnerability analysis |
| WO2021124411A1 (en) * | 2019-12-16 | 2021-06-24 | 根来 文生 | Method for enabling verification of legitimacy of asynchronous algorithms generated when logically coupled program executed |
| CN113177001A (en) * | 2021-05-24 | 2021-07-27 | 深圳前海微众银行股份有限公司 | Vulnerability detection method and device for open source component |
| CN113672933A (en) * | 2021-08-06 | 2021-11-19 | 中国科学院软件研究所 | Hongmen security vulnerability detection method and system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100262688A1 (en) * | 2009-01-21 | 2010-10-14 | Daniar Hussain | Systems, methods, and devices for detecting security vulnerabilities in ip networks |
| US11330016B2 (en) * | 2018-12-28 | 2022-05-10 | Imperva, Inc. | Generating collection rules based on security rules |
-
2021
- 2021-08-06 CN CN202110902805.5A patent/CN113761539B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102945351A (en) * | 2012-11-05 | 2013-02-27 | 中国科学院软件研究所 | Security vulnerability fixing method based on two-dimensional code for mobile intelligent terminal in cloud environment |
| US9454659B1 (en) * | 2014-08-15 | 2016-09-27 | Securisea, Inc. | Software vulnerabilities detection system and methods |
| WO2019071126A1 (en) * | 2017-10-06 | 2019-04-11 | Stealthpath, Inc. | Methods for internet communication security |
| CN109165511A (en) * | 2018-08-08 | 2019-01-08 | 深圳前海微众银行股份有限公司 | Web security breaches processing method, system and computer readable storage medium |
| CN109218336A (en) * | 2018-11-16 | 2019-01-15 | 北京知道创宇信息技术有限公司 | Loophole defence method and system |
| CN110912890A (en) * | 2019-11-22 | 2020-03-24 | 上海交通大学 | Novel vulnerability attack detection system for intranet |
| WO2021124411A1 (en) * | 2019-12-16 | 2021-06-24 | 根来 文生 | Method for enabling verification of legitimacy of asynchronous algorithms generated when logically coupled program executed |
| CN112235283A (en) * | 2020-10-10 | 2021-01-15 | 南方电网科学研究院有限责任公司 | Vulnerability description attack graph-based network attack evaluation method for power engineering control system |
| CN112733150A (en) * | 2021-01-12 | 2021-04-30 | 哈尔滨工业大学 | Firmware unknown vulnerability detection method based on vulnerability analysis |
| CN113177001A (en) * | 2021-05-24 | 2021-07-27 | 深圳前海微众银行股份有限公司 | Vulnerability detection method and device for open source component |
| CN113672933A (en) * | 2021-08-06 | 2021-11-19 | 中国科学院软件研究所 | Hongmen security vulnerability detection method and system |
Non-Patent Citations (4)
| Title |
|---|
| Java 语言的程序漏 洞检测与诊断技术应用 研究;鲍静;中国安全防范认证(第2期);4 * |
| 国家安全贸易壁垒探析――基于华为公司被列入美国"实体清单"的案例研究;刘树新;;金融发展评论(第03期);13-25 * |
| 基 于攻击图的工控网络威 胁建模研究;陈瑞滢等;信息网络安全(第10期);70-77 * |
| 基于有向信息 流的Android 隐私泄露类 恶意应用检测方法;吴敬征等;中国科学院大学学报;第32卷(第6期);807-815 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113761539A (en) | 2021-12-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10599841B2 (en) | System and method for reverse command shell detection | |
| CN110602046B (en) | Data monitoring processing method and device, computer equipment and storage medium | |
| CN109726560A (en) | Terminal device system protection method and device | |
| CN113162945B (en) | Vulnerability detection analysis method and device and vulnerability verification method and system based on vulnerability detection analysis method and device | |
| US10142343B2 (en) | Unauthorized access detecting system and unauthorized access detecting method | |
| Chen et al. | Bookworm game: Automatic discovery of lte vulnerabilities through documentation analysis | |
| KR101266037B1 (en) | Method and apparatus for treating malicious action in mobile terminal | |
| CN113158191B (en) | Vulnerability verification method based on intelligent probe and related IAST method and system | |
| CN114329489A (en) | Web application program vulnerability attack detection method, server, electronic equipment and storage medium | |
| CN113761539B (en) | HongMong security vulnerability defense method and system | |
| CN116318983A (en) | Network attack simulation method, system, electronic equipment and readable storage medium | |
| CN109120626A (en) | Security threat processing method, system, safety perception server and storage medium | |
| CN113672933B (en) | HongMong security vulnerability detection method and system | |
| CN107122664B (en) | Safety protection method and device | |
| CN110099041A (en) | A kind of Internet of Things means of defence and equipment, system | |
| CN106709337A (en) | Malicious bundled software processing method and apparatus | |
| WO2014168406A1 (en) | Apparatus and method for diagnosing attack which bypasses memory protection mechanisms | |
| Possemato et al. | Preventing and Detecting State Inference Attacks on Android. | |
| TWM592531U (en) | Cyber attack analysis system | |
| CN106446690A (en) | Application vulnerability restoration apparatus, method and system | |
| KR102054768B1 (en) | Automatic analyizing system and method of security weekness of application | |
| KR101667117B1 (en) | Method and device to defend against the phishing of short message service based on operating system | |
| Kim et al. | Detection and blocking method against dll injection attack using peb-ldr of ics ews in smart iot environments | |
| US11886585B1 (en) | System and method for identifying and mitigating cyberattacks through malicious position-independent code execution | |
| Kynigos et al. | Utilizing the Cloud to Store Hijacked Camera Images |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |