Nothing Special   »   [go: up one dir, main page]

CN112149123B - Safety inspection system and method for application program - Google Patents

Safety inspection system and method for application program Download PDF

Info

Publication number
CN112149123B
CN112149123B CN202011052592.3A CN202011052592A CN112149123B CN 112149123 B CN112149123 B CN 112149123B CN 202011052592 A CN202011052592 A CN 202011052592A CN 112149123 B CN112149123 B CN 112149123B
Authority
CN
China
Prior art keywords
inspection
application program
item
checking
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011052592.3A
Other languages
Chinese (zh)
Other versions
CN112149123A (en
Inventor
赵戈
张艳
胡亚兰
陆臻
顾健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Third Research Institute of the Ministry of Public Security
Original Assignee
Third Research Institute of the Ministry of Public Security
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Third Research Institute of the Ministry of Public Security filed Critical Third Research Institute of the Ministry of Public Security
Priority to CN202011052592.3A priority Critical patent/CN112149123B/en
Publication of CN112149123A publication Critical patent/CN112149123A/en
Application granted granted Critical
Publication of CN112149123B publication Critical patent/CN112149123B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a system and a method for security check of an application program, which relate to the technical field of network information security and comprise the following steps: the task receiving module is used for receiving an inspection task, and the inspection task comprises basic information of at least one application program to be inspected and at least one inspection item related to the application program to be inspected; the program import module imports the checked application program according to the basic information; the inspection knowledge base stores the corresponding relation between each inspection item configured in advance and the corresponding inspection standard; the safety inspection module is used for obtaining a corresponding inspection standard according to the matching of each inspection item in the inspection task and carrying out safety inspection on the application program to be inspected according to the inspection standard; and the record generating module is used for generating the check record corresponding to each check item according to the safety check result corresponding to each check item. The method has the advantages of realizing electronization of the safety inspection process of the application program, reducing the difficulty of law enforcement operation, ensuring the authenticity of inspection records and effectively improving the working efficiency and standardization level of law enforcement.

Description

Safety inspection system and method for application program
Technical Field
The invention relates to the technical field of network information security, in particular to a security check system and method for an application program.
Background
With the technology development of the present day, mobile terminals have become necessary tools in people's work and life, and various mobile Application APP (Application) software is increasingly widely used. Because data such as user information and the like can be collected and used in the using process of the mobile application APP software, the safety problem of the mobile application APP software also goes into the visual angle of people, and the safety inspection of the mobile application APP software is not slow.
The traditional safety inspection mode needs law enforcement personnel to fill in paper inspection documents, inspection records and the like, and has the problems of low safety inspection efficiency, incapability of ensuring the authenticity of the inspection records, high management difficulty of subsequent inspection records and the like.
Disclosure of Invention
In order to solve the problems in the prior art, the present invention provides a security inspection system for an application, comprising: a security inspection tool, the security inspection tool comprising:
the task receiving module is used for receiving an inspection task, wherein the inspection task comprises basic information of at least one application program to be inspected and at least one inspection item related to the application program to be inspected;
the program importing module is connected with the task receiving module and used for importing the checked application program according to the basic information of the checked application program;
the inspection knowledge base is used for storing the corresponding relation between each inspection item and the corresponding inspection standard which are configured in advance;
the safety inspection module is respectively connected with the task receiving module, the program importing module and the inspection knowledge base, and is used for obtaining the corresponding inspection standard according to the matching of each inspection item in the inspection task and carrying out safety inspection on the application program to be inspected according to the inspection standard;
and the record generating module is connected with the safety inspection module and used for generating the inspection record corresponding to each inspection item according to the safety inspection result corresponding to each inspection item.
Preferably, the safety inspection tool further comprises a task establishing module connected with the task receiving module and used for law enforcement officers to establish the inspection task and send the inspection task to the task receiving module.
Preferably, the system further comprises a system management platform connected to the safety inspection tool and used for law enforcement personnel to establish the inspection task and issue the inspection task to the safety inspection tool.
Preferably, the system management platform includes a notification generation module, configured to generate an inspection notification according to the inspection task to notify the inspected unit to which the inspected application belongs.
Preferably, the system management platform includes a data processing module, configured to obtain the inspection record corresponding to each inspection item, and generate an inspection report of the inspected application according to each inspection record.
Preferably, the checking standard comprises a plurality of checking item rule bases;
the security check module comprises:
the key function checking unit is used for matching to obtain a corresponding key function rule base as the checking item rule base when the checking item is a key function checking item, and performing key function checking on the application program to be checked according to the key function rule base; and/or
The malicious program checking unit is used for matching to obtain a corresponding malicious program rule base as the check item rule base when the check item is a malicious program check item, and checking the malicious program of the application program to be checked according to the malicious program rule base; and/or
The third-party software development tool checking unit is used for matching to obtain a corresponding third-party software development tool rule base as the checking item rule base when the checking item is the third-party software development tool checking item, and checking the checked application program by the third-party software development tool rule base; and/or
The program vulnerability checking unit is used for matching to obtain a corresponding program vulnerability rule base as the checking item rule base when the checking item is a program vulnerability checking item, and performing program vulnerability checking on the application program to be checked according to the program vulnerability rule base; and/or
And the illegal content checking unit is used for matching to obtain a corresponding illegal content rule base as the checking item rule base when the checking item is an illegal content checking item, and checking the illegal content of the application program to be checked according to the illegal content rule base.
Preferably, the checking criteria comprises safety behavior criteria, and the checking items comprise safety behavior checks;
the security check module comprises:
the violation behavior analysis unit is used for carrying out security behavior check on the behaviors of the checked application program which collect and use personal information according to the security behavior standard; and/or
The permission use checking unit is used for checking the safety behaviors of the permission acquired by the checked application program according to the safety behavior standard; and/or
And the sensitive behavior analysis unit is used for carrying out security behavior inspection on the sensitive behavior of the inspected application program according to the security behavior standard.
Preferably, the test criteria comprise compliance criteria, and the test terms comprise compliance checks;
the security check module further comprises:
the record information checking unit is used for acquiring record information of the application program to be checked and carrying out compliance check on the record information according to the compliance standard; and/or
The illegal response checking unit is used for acquiring illegal information discovery and response information of the application program to be checked and carrying out compliance check on the illegal information discovery and response information according to the compliance standard; and/or
The privacy policy checking unit is used for acquiring a privacy policy text of the application program to be checked and carrying out compliance check on the content of the privacy policy text according to the compliance standard; and/or
And the safety management checking unit is used for acquiring a safety management system of the checked unit to which the checked application program belongs and performing compliance check on the safety management system according to the compliance standard.
Preferably, the system further comprises a unit-level rule base connected to the security check tool and used for storing the latest check business rule, and the security check tool acquires the latest check business rule before executing the check task to synchronously update the check item rule base.
A security inspection method of an application program is applied to the security inspection system of the application program, and comprises the following steps:
step S1, the safety inspection tool receives an inspection task, wherein the inspection task comprises basic information of at least one application program to be inspected and at least one inspection item related to the application program to be inspected;
s2, the safety inspection tool imports the inspected application program according to the basic information of the inspected application program;
s3, the safety inspection tool matches each inspection item in the inspection task in a preset corresponding relation between each inspection item and a corresponding inspection standard to obtain the corresponding inspection standard, and performs safety inspection on the inspected application program according to the inspection standard;
and S4, the safety inspection tool generates the inspection record corresponding to each inspection item according to the safety inspection result corresponding to each inspection item.
The technical scheme has the following advantages or beneficial effects: the safety inspection process electronization of the application program is realized, the inquiry management and the data tracing of subsequent inspection records are facilitated, the law enforcement operation difficulty is reduced, the authenticity of the inspection records is guaranteed, and meanwhile the law enforcement work efficiency and the standardization level are effectively improved.
Drawings
FIG. 1 is a schematic diagram of a security check system for an application according to a preferred embodiment of the present invention;
FIG. 2 is a schematic diagram of a security inspection tool according to a preferred embodiment of the present invention;
FIG. 3 is a flowchart illustrating a security check method for an application according to a preferred embodiment of the present invention.
Detailed Description
The invention is described in detail below with reference to the figures and specific embodiments. The present invention is not limited to the embodiment, and other embodiments may be included in the scope of the present invention as long as the gist of the present invention is satisfied.
In accordance with the above-mentioned problems occurring in the prior art, there is provided a security check system for an application program, as shown in fig. 1, comprising: a security inspection tool 1, said security inspection tool 1 comprising:
the task receiving module 11 is configured to receive an inspection task, where the inspection task includes basic information of at least one application program to be inspected and at least one inspection item associated with the application program to be inspected;
the program import module 12 is connected with the task receiving module 11 and is used for importing the application program to be checked according to the basic information of the application program to be checked;
the inspection knowledge base 13 is used for storing the corresponding relationship between each inspection item and the corresponding inspection standard which are configured in advance;
the safety inspection module 14 is respectively connected with the task receiving module 11, the program importing module 12 and the inspection knowledge base 13, and is used for obtaining corresponding inspection standards according to matching of all inspection items in the inspection tasks and carrying out safety inspection on the application programs to be inspected according to the inspection standards;
and the record generating module 15 is connected to the security check module 14 and configured to generate a check record corresponding to each check item according to the security check result corresponding to each check item.
Specifically, in this embodiment, the security inspection tool is applied to a network security department to perform security inspection work on an application, and the target inspection type of the application covers an Android version and an iOS version. The task receiving module 11 may be a human-computer interaction interface, through which law enforcement officers receive inspection tasks, which may include basic information and inspection items of the application to be inspected, and may also include inspection contents and inspection time, and so on, to perform subsequent security inspection work. The inspection knowledge base 13 preferably encapsulates inspection standards for the application security inspection work, which include, but are not limited to, implementation experience, expert knowledge, and analysis models of the application security inspection work, so that inspection contents and inspection records of the security inspection tool can be analyzed according to the knowledge, models, and rules of the inspection knowledge base 13, and an inspection method, an inspection result determination basis, tool inspection result analysis, risk prompt of non-conforming items, and the like are provided for the application security inspection work. When the application program to be checked is subjected to security check, the corresponding check standard in the check knowledge base 13 can be called according to the check item contained in the check task to perform security check, and a corresponding check record is generated after the check of each check item is completed, wherein the check record can include the name of the unit to be checked to which the application program to be checked belongs, the check time, the check place, the signature information of the police officer, the signature information of the unit person to be checked, the check result information of the check item, and the like, so that the electronic application program security check is realized, and the subsequent data query and data tracing are facilitated. As a preferred embodiment, the detection record may further include photographing and shooting of evidence files, recording of evidence audio, and storing of evidence related files; law enforcement officers can manage and operate the files related to the evidence through the safety inspection tool 1, wherein the management operations comprise importing, exporting, deleting, uploading and the like; the security inspection tool 1 also provides the function of a law enforcement officer confirming the record and entering an electronic signature.
As a preferred embodiment, the security inspection tool 1 may be deployed in a local portable device, as shown in fig. 2, the security inspection tool 1 further provides a login interface 100, and after logging in the security inspection tool 1 through the login interface, law enforcement officers may receive inspection tasks and perform security inspection on corresponding applications to be inspected according to the inspection tasks. The safety inspection tool can be deployed at the cloud, and law enforcement personnel can remotely access the safety inspection tool at the cloud through a network, for example, login is performed in a B/S mode to obtain an inspection task, and safety inspection is performed on a corresponding application program to be inspected according to the inspection task. In a preferred embodiment, the security inspection tool 1 further provides an identity verification module, through which login information of law enforcement officers is verified to authenticate the identity of the user and protect authentication data from unauthorized reference or modification, and the verification mode may be two-factor authentication.
In a preferred embodiment, the application under inspection may be manually and individually imported or imported in batches, or may be automatically imported according to a pre-configured storage path of the application under inspection.
As a preferred embodiment, the security inspection tool 1 may further provide a security audit module 101, which is used to generate an audit record according to the upgrade operations of the inspection knowledge base and the security inspection tool, the printing events of the paperwork such as the on-site law enforcement inspection record result and feedback opinion, the events such as the login and logout of law enforcement personnel, the data import and export, and the like, and ensure that only authorized users can read and backup the audit record.
In a preferred embodiment, the security inspection tool 1 encrypts and decrypts the inspection data by using a cryptographic algorithm of a domestic product approved by the national commerce secret. Domestic commercial password product should be portable, and separately deposit with the safety inspection instrument, only can be connected with the safety inspection instrument when using the safety inspection instrument to adopt following mode reinforcing data safety: the program area and the data area are physically isolated, the data in the program area is unreadable and unwritable, and the data area only allows a tool system to write in; the service data generated from the tool, including but not limited to inspection result data, reports, flow data, log data, etc., should be encrypted by using the country code algorithm and then stored.
In a preferred embodiment, the security inspection tool 1 may further provide a trace removal module 102 for irretrievably removing the business data generated during the security inspection.
In a preferred embodiment, the security inspection tool 1 may further provide a state recovery module 103 for recovering the security inspection tool to a factory state.
In the preferred embodiment of the present invention, the security inspection tool 1 further comprises a task establishing module 16 connected to the task receiving module 11 for law enforcement personnel to establish and send the inspection task to the task receiving module 11.
Specifically, in the present embodiment, the law enforcement officer can set up an inspection task by himself according to the inspection requirement through the task setting module 16 provided by the security inspection tool 1. In a preferred embodiment, the security inspection tool 1 stores a pre-generated inspection item set, the inspection item set includes a plurality of inspection items, and law enforcement officers can extract the inspection items from the inspection item set according to inspection requirements to generate inspection tasks. In a preferred embodiment, the task establishing module 16 may further connect with the inspection knowledge base 13, so that law enforcement officers can call inspection standards in the inspection knowledge base 13 to customize inspection evaluation contents, so as to complete the rapid integration of inspection contents of the special inspection tasks.
In a preferred embodiment of the present invention, the present invention further includes a system management platform 2 connected to the security inspection tool 1, for the law enforcement officer to establish an inspection task and issue the inspection task to the security inspection tool 1.
Specifically, in this embodiment, the law enforcement officer may implement remote establishment and delivery of the inspection task through the system management platform 2, and further specifically, the system management platform 2 may enable the law enforcement officer to make an inspection plan, and the inspection plan content package may include the name of the application to be inspected, the name of the inspection plan, the content of the inspection object, the start and end time of the inspection plan, and the like. After the examination plan is formulated, law enforcement officers can also perform operations such as query and modification of the examination plan through the system management platform 2. After determining the inspection plan, the system management platform 2 may generate a corresponding inspection task according to the inspection plan and issue the inspection task to the safety inspection tool 1. The safety inspection tool 1 also provides a login interface, and after the law enforcement officers login the safety inspection tool 1 through the login interface, the law enforcement officers can acquire the inspection tasks issued by the system management platform 2.
In a preferred embodiment of the present invention, the system management platform 2 comprises a notification generation module 21, configured to generate an inspection notification according to the inspection task to notify the inspected unit of the inspected application.
Specifically, in this embodiment, the system management platform 2 may also generate a corresponding inspection notice and notify the inspected unit while the inspection task is issued, so as to implement electronic transmission of the inspection notice.
In the preferred embodiment of the present invention, the system management platform 2 includes a data processing module 22, configured to obtain the inspection record corresponding to each inspection item, and generate the inspection report of the inspected application according to each inspection record.
Specifically, in the present embodiment, the system management platform 2 generates an overall inspection report by summarizing and counting the inspection records of each inspection item, and as a preferred embodiment, the inspection report may be encrypted by using a domestic commercial password product approved by the national firm in secrecy, so as to ensure the confidentiality of the inspection data in the inspection report. In a preferred embodiment, when the inspection report indicates that the application under inspection has a serious problem and needs to be penalized, law enforcement officers can issue a penalty ticket to the unit under inspection to which the application under inspection belongs through the system management platform 2. In a preferred embodiment, the data transmission between the security inspection tool and the system management platform is encrypted by using a cryptographic algorithm approved by national commerce.
In the preferred embodiment of the present invention, the inspection criteria includes a plurality of rule bases of inspection items;
the security check module 14 includes:
the key function checking unit 141a is configured to, when the check item is a key function check item, match the key function rule base to obtain a corresponding key function rule base as a check item rule base, and perform key function check on the application program to be checked according to the key function rule base; and/or
The malicious program checking unit 142a is configured to, when the check item is a malicious program check item, match the corresponding malicious program rule base to obtain a check item rule base, and perform malicious program checking on the application program to be checked according to the malicious program rule base; and/or
The third-party software development tool checking unit 143a is configured to, when the check item is a third-party software development tool check item, match to obtain a corresponding third-party software development tool rule base as a check item rule base, and perform third-party software development tool checking on the application program to be checked according to the third-party software development tool rule base; and/or
The program vulnerability checking unit 144a is configured to, when the checking item is a program vulnerability checking item, match the corresponding program vulnerability rule base to obtain a checking item rule base, and perform program vulnerability checking on the application program to be checked according to the program vulnerability rule base; and/or
And the illegal content checking unit 145a is used for matching to obtain a corresponding illegal content rule base as a checking item rule base when the checking item is an illegal content checking item, and checking the illegal content of the checked application program according to the illegal content rule base.
Specifically, in the present embodiment, the check item rule base includes, but is not limited to, a key function rule base, a malicious program rule base, a third-party software development tool rule base, a program vulnerability rule base, and a illegal content rule base.
The objects to be checked for the key functions include, but are not limited to, short video, instant messaging, network payment, live broadcast, financial debit and credit, network games, VPN, and other key functions.
The above-mentioned objects of malicious program inspection include, but are not limited to, malicious fee deduction, privacy theft, remote control, malicious propagation, fee consumption, system destruction, fraud luring, rogue behavior and other malicious behaviors.
The third-party software development tool inspection comprises the steps of analyzing and judging the third-party software development tool package plug-in and software development tool package behaviors, and the inspection objects comprise but are not limited to third-party software development tool information, including software development tool names, software development tool version numbers, software development tool providers and software development tool detailed introduction information or link addresses; identifying suspicious software development tools according to a malicious software development tool library; performing behavior analysis on software development tools outside the malware development tool library, including: sending personal information to a third party, sending the personal information to an overseas server, acquiring conditions and acquiring frequency of the personal information, and having security loopholes or Trojan programs; the application of the software development tool can be used for collecting the personal information related authority list.
The inspection objects of the program vulnerability inspection include, but are not limited to: 1) And (4) program file security: the method comprises the following steps of identifying a reinforced shell, decompiling risks, tampering and secondary packaging risks of Java codes, vulnerability of a Janus signature mechanism, unverified risks of application signatures, undistorted risks of codes, application risks issued by using debugging certificates, risks of only using Java codes, risks of starting hidden services, unsafe risks of application signature algorithms and the like; 2) And (4) data storage security: webview plaintext password storage risk, webview File homologous strategy bypass vulnerability, plaintext digital certificate risk, database injection vulnerability, SA encryption algorithm insecure use vulnerability, key hard coding vulnerability, dynamic debugging attack risk, webview remote debugging risk, application data random backup risk, FFmpeg File reading vulnerability, debugging log function call risk, AES/DES encryption method insecure use vulnerability, RSA encryption algorithm insecure use vulnerability, java layer dynamic debugging risk and the like; 3) Communication data transmission security: clear text transmission data risk, a server certificate vulnerability not verified by HTTPS, a hostname vulnerability not verified by HTTPS, any hostname vulnerability allowed by HTTPS and the like; 4) And identity authentication is safe: interface hijacking risk, input monitoring risk, screen capture attack risk and the like; 5) Internal data interaction security: content Provider data leakage vulnerability, intent schedule URL attack vulnerability, fragment injection attack vulnerability, activity component export risk, service component export risk, broadcast Receiver component export risk, content Provider component export risk, local port open override vulnerability, intent component implicit calling risk and the like; 6) Malicious attack prevention capability: the method comprises the following steps of dynamically injecting attack risks, webview remote code execution vulnerabilities, webview system hidden interface vulnerabilities without risk removal, zip file decompression directory traversal vulnerabilities, webSQL injection vulnerabilities, innerHTML XSS attack vulnerabilities, downloading any apk vulnerabilities and the like.
The detection objects of the illegal content detection include but are not limited to identification of illegal conditions such as yellow reference, toxic reference, gambling, violence, political reference and the like; aiming at illegal contents, the method has the function of automatically storing fixed evidences such as screenshots or analysis results.
In a preferred embodiment of the present invention, the inspection criteria comprises safety behavior criteria, and the inspection item comprises safety behavior inspection;
the security check module 14 comprises:
the violation behavior analysis unit 141b is used for performing security behavior check on behaviors collected and used by the application program to be checked according to the security behavior standard; and/or
The permission use checking unit 142b is used for performing security behavior checking on the permission acquired by the checked application program according to the security behavior standard; and/or
And the sensitive behavior analysis unit 143b is configured to perform security behavior check on the sensitive behavior of the application program to be checked according to the security behavior standard.
Specifically, in the present embodiment, the violation analysis unit 141b performs violation detection on the behaviors of the application under inspection that collects and uses personal information, including but not limited to starting to collect personal information without user's consent; personal information is not collected according to minimization, and the type of the collected personal information or the opened collectible personal information authority is irrelevant to the existing business function; the actual collected personal information or the opened collectible personal information authority is not consistent with the range of the privacy policy description; actually collected personal information or opened collectable personal information authority exceeds the user authorization range; when the application program is installed, the authorization of a user is forced, and the situation that the application program cannot be installed is not agreed; the application program requests the permission forcibly, and the application program quits running when a certain permission is refused; the frequency at which personal information is collected (which should be the lowest frequency necessary to achieve the business function of the product or service); when the user does not use the related functions or services, applying for opening the system authority in advance; the application program directly provides personal information to a third party (including a third party code embedded through a client, a plug-in and the like) without the consent of the user or anonymization processing.
The content of the above-mentioned permission usage checking unit 142b for performing security behavior check on the permission acquired by the checked application includes, but is not limited to, that the permission item declared by the application is beyond the minimum range required by the service of the application; the authority item in the actual operation of the application program exceeds the declared authority range; the rights have been opened without user consent; forcing a user to agree to open multiple rights that can collect personal information at one time; the set authority state is changed without the consent of the user; frequency of claim rights.
The sensitive behavior analysis unit 143b checks the sensitive behavior of the application under inspection, including but not limited to the exit of the application or the continuous collection of personal information and frequency of use when running in the background; modifying the right declaration file in the running process of the application program; obtaining equipment information such as an installed application list, IP information, MAC address and the like without the consent of a user; information (including IP address, port and other information) of an overseas server accessed in the running process of the application program; sending personal information to an overseas server in the running process of the application program; and transmitting the personal information in a clear text manner in the running process of the application program.
In a preferred embodiment of the invention, the test criteria comprises compliance criteria, and the test terms further comprise a compliance check;
the security check module 14 further comprises:
a record information checking unit 141c, configured to obtain record information of the application to be checked, and perform compliance check on the record information according to compliance standards; and/or
The illegal response checking unit 142c is configured to obtain illegal information discovery and response information of the application program to be checked, and perform compliance check on the illegal information discovery and response information according to compliance standards; and/or
The privacy policy checking unit 143c is configured to obtain a privacy policy text of the application program to be checked, and perform compliance check on the content of the privacy policy text according to the compliance standard; and/or
The security management checking unit 144c is configured to obtain a security management system of the checked unit to which the checked application belongs, and perform compliance checking on the security management system according to the compliance standard.
Specifically, in this embodiment, the content of the check performed by the filing information checking unit 141c according to the compliance standard on the filing information includes the filing state of the application program and the specific filing information, where the filing information includes basic information of the enterprise unit (unit property, organization code, unit name, unified social credit code, registered address, etc.), corporate information (corporate name, identity number, mobile phone number, mailbox, etc.), contact information (contact name, identity number, mobile phone number, mailbox, etc.), and it should be ensured that the filing information is consistent with the actual situation. As a preferred embodiment, the compliance standard corresponding to the compliance check of the docket information may be provided by a pre-configured application docket information library.
The illegal response checking unit 142c checks the compliance of the illegal information discovery and response information, including but not limited to whether it has the capability of checking illegal keywords of text information issued or transmitted by the user; whether the capability of carrying out illegal content inspection on picture information and audio/video information issued or transmitted by a user is provided; whether the capability of shielding or blocking the content of illegal information issued or transmitted by the user is provided; whether the response time of the application operating unit is less than 5 minutes since the discovery or the reception of the notification.
The content of the privacy policy text is checked for compliance by the privacy policy checking unit 143c, which includes but is not limited to whether there is a privacy policy in the application, and whether the privacy policy includes rules for collecting and using personal information; whether to explicitly indicate the purpose, manner, and scope of collecting usage personal information; whether the purpose, manner, scope, etc. of using personal information collected by an application (including a trusted third party or embedded third party code, plug-in) is listed one by one; whether to inform the user in which way when the purpose, way and range of collecting and using the personal information are changed; whether to publish personal information safety complaints and reporting channels; whether to explicitly collect a service function using personal information; whether the type of the personal information collected by each service function is explicitly indicated; whether the type of personal sensitive information is significantly identified; whether all system authorities which can collect personal information and are applied by an application program are explicitly indicated; whether the personal information relates to an outbound situation; whether to provide a way to revoke consent to collect personal information.
The checking content of the safety management checking unit 144c for checking the compliance of the safety management system includes, but is not limited to, the application development safety management system; a data security management system; a complaint reporting system of the user; illegal harmful information is prevented from a disposal system; a machine room management system; operating rules of equipment in the machine room; the safety blame person system; an emergency management system; a law enforcement assistance system; working scenario during major network security.
In a preferred embodiment, after the safety inspection tool performs compliance assessment according to the compliance standard, a law enforcement inspection template is further provided, the law enforcement inspection template comprises law enforcement inspection emphasis, inspection methods and terms in laws and regulations corresponding to non-compliant terms of the application program, and an application program safety analysis assessment report is generated according to the law enforcement inspection template so as to record compliance inspection results through the law enforcement inspection template.
In the preferred embodiment of the present invention, the system further comprises a part level rule base 3 connected to the security inspection tool 1 for storing the latest inspection business rule, and the security inspection tool 1 acquires the latest inspection business rule before executing the inspection task to synchronously update the inspection item rule base.
As shown in fig. 3, the security inspection method applied to the security inspection system of the application program includes:
step S1, a safety inspection tool receives an inspection task, wherein the inspection task comprises basic information of at least one application program to be inspected and at least one inspection item related to the application program to be inspected;
s2, the safety inspection tool imports the application program to be inspected according to the basic information of the application program to be inspected;
s3, the safety inspection tool matches each inspection item in the inspection task in the corresponding relation between each inspection item and the corresponding inspection standard, so as to obtain the corresponding inspection standard, and performs safety inspection on the application program to be inspected according to the inspection standard;
and S4, the safety inspection tool generates the inspection records corresponding to the inspection items according to the safety inspection results corresponding to the inspection items.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention.

Claims (9)

1. A security check system for an application, comprising: a security inspection tool, the security inspection tool comprising:
the task receiving module is used for receiving an inspection task, wherein the inspection task comprises basic information of at least one inspected application program and at least one inspection item related to the inspected application program;
the program import module is connected with the task receiving module and used for importing the application program to be checked according to the basic information of the application program to be checked;
the inspection knowledge base is used for storing the corresponding relation between each inspection item and the corresponding inspection standard which are configured in advance;
the safety inspection module is respectively connected with the task receiving module, the program importing module and the inspection knowledge base and is used for obtaining the corresponding inspection standard according to the matching of each inspection item in the inspection task and carrying out safety inspection on the inspected application program according to the inspection standard;
the record generating module is connected with the safety inspection module and used for generating the inspection record corresponding to each inspection item according to the safety inspection result corresponding to each inspection item;
the checking standard comprises a plurality of checking item rule bases;
the security check module comprises:
the key function checking unit is used for matching to obtain a corresponding key function rule base as the checking item rule base when the checking item is a key function checking item, and performing key function checking on the application program to be checked according to the key function rule base; and/or
The malicious program checking unit is used for matching to obtain a corresponding malicious program rule base as the check item rule base when the check item is a malicious program check item, and checking the malicious program of the application program to be checked according to the malicious program rule base; and/or
The third-party software development tool checking unit is used for matching to obtain a corresponding third-party software development tool rule base as the checking item rule base when the checking item is the third-party software development tool checking item, and checking the checked application program by the third-party software development tool rule base; and/or
The program vulnerability checking unit is used for matching to obtain a corresponding program vulnerability rule base as the checking item rule base when the checking item is a program vulnerability checking item, and performing program vulnerability checking on the application program to be checked according to the program vulnerability rule base; and/or
And the illegal content checking unit is used for matching to obtain a corresponding illegal content rule base as the checking item rule base when the checking item is an illegal content checking item, and checking illegal content of the application program to be checked according to the illegal content rule base.
2. The system of claim 1, wherein the security inspection tool further comprises a task setup module, coupled to the task receiving module, for enabling law enforcement personnel to set up the inspection task and send the inspection task to the task receiving module.
3. The system for security inspection of an application according to claim 1, further comprising a system management platform connected to the security inspection tool for law enforcement personnel to establish the inspection task and issue the inspection task to the security inspection tool.
4. The system for security inspection of an application program according to claim 3, wherein the system management platform comprises a notification generation module, configured to generate an inspection notification according to the inspection task to notify the inspected unit to which the inspected application program belongs.
5. The system for security inspection of an application program according to claim 3, wherein the system management platform comprises a data processing module, configured to obtain the inspection records corresponding to the inspection items, and generate the inspection report of the inspected application program according to the inspection records.
6. The system of claim 1, wherein the inspection criteria comprises security behavior criteria, and the inspection items comprise security behavior checks;
the security check module comprises:
the violation behavior analysis unit is used for carrying out safety behavior inspection on the behaviors of the inspected application program which collect and use personal information according to the safety behavior standard; and/or
The permission use checking unit is used for checking the safety behavior of the permission acquired by the checked application program according to the safety behavior standard; and/or
And the sensitive behavior analysis unit is used for carrying out security behavior inspection on the sensitive behavior of the inspected application program according to the security behavior standard.
7. The application security check system of claim 1, wherein the check criteria comprises compliance criteria, and the check terms comprise compliance checks;
the security check module further comprises:
the record information checking unit is used for acquiring record information of the application program to be checked and carrying out compliance check on the record information according to the compliance standard; and/or
The illegal response checking unit is used for acquiring illegal information discovery and response information of the application program to be checked and carrying out compliance check on the illegal information discovery and response information according to the compliance standard; and/or
The privacy policy checking unit is used for acquiring a privacy policy text of the application program to be checked and checking the compliance of the content of the privacy policy text according to the compliance standard; and/or
And the safety management checking unit is used for acquiring the safety management system of the checked unit of the checked application program and performing compliance check on the safety management system according to the compliance standard.
8. The application security inspection system of claim 1, further comprising a component rule base coupled to the security inspection tool for storing latest inspection business rules, wherein the security inspection tool obtains the latest inspection business rules before executing the inspection task to synchronously update the inspection item rule base.
9. A security inspection method for an application program, applied to the security inspection system for the application program according to any one of claims 1 to 8, the security inspection method comprising:
step S1, the safety inspection tool receives an inspection task, wherein the inspection task comprises basic information of at least one inspected application program and at least one inspection item related to the inspected application program;
step S2, the safety inspection tool imports the application program to be inspected according to the basic information of the application program to be inspected;
s3, the safety inspection tool matches each inspection item in the inspection task with a corresponding relationship between each inspection item and a corresponding inspection standard, and performs safety inspection on the application program to be inspected according to the inspection standard;
and S4, the safety inspection tool generates the inspection record corresponding to each inspection item according to the safety inspection result corresponding to each inspection item.
CN202011052592.3A 2020-09-29 2020-09-29 Safety inspection system and method for application program Active CN112149123B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011052592.3A CN112149123B (en) 2020-09-29 2020-09-29 Safety inspection system and method for application program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011052592.3A CN112149123B (en) 2020-09-29 2020-09-29 Safety inspection system and method for application program

Publications (2)

Publication Number Publication Date
CN112149123A CN112149123A (en) 2020-12-29
CN112149123B true CN112149123B (en) 2023-01-20

Family

ID=73894358

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011052592.3A Active CN112149123B (en) 2020-09-29 2020-09-29 Safety inspection system and method for application program

Country Status (1)

Country Link
CN (1) CN112149123B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112529512B (en) * 2021-01-19 2023-01-31 江苏积韬科技有限公司 SaaS-based method and platform for improving safety inspection level of transport enterprise carrier
CN113037766A (en) * 2021-03-23 2021-06-25 中通服创发科技有限责任公司 Comprehensive evaluation method for asset safety and health degree under multiple scenes
CN112989204A (en) * 2021-04-14 2021-06-18 江苏国信安网络科技有限公司 Mobile phone application tracing analysis method
CN113254837A (en) * 2021-06-17 2021-08-13 北京智胜新格科技有限公司 Application program evaluation method, device, system, equipment and medium
CN114626022A (en) * 2022-01-19 2022-06-14 深圳智游网安科技有限公司 Method, system and terminal for detecting compliance of application permission
CN114676432B (en) * 2022-05-26 2022-09-09 河北兰科网络工程集团有限公司 APP privacy compliance checking method, terminal and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104537308A (en) * 2015-01-23 2015-04-22 北京奇虎科技有限公司 System and method for providing application security auditing function
CN105760763A (en) * 2016-02-18 2016-07-13 公安部第研究所 Grade protection check system based on check knowledge base technology and application method of grade protection check system
CN106776102A (en) * 2016-12-27 2017-05-31 中国建设银行股份有限公司 A kind of application system health examination method and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1118925B1 (en) * 2000-01-19 2004-11-10 Hewlett-Packard Company, A Delaware Corporation Security policy applied to common data security architecture

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104537308A (en) * 2015-01-23 2015-04-22 北京奇虎科技有限公司 System and method for providing application security auditing function
CN105760763A (en) * 2016-02-18 2016-07-13 公安部第研究所 Grade protection check system based on check knowledge base technology and application method of grade protection check system
CN106776102A (en) * 2016-12-27 2017-05-31 中国建设银行股份有限公司 A kind of application system health examination method and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
云上信息系统安全体系研究;陆臻 等;《信息网络安全》;20181231;第79-86页 *
安全监督检查信息管理系统的研究;史有刚;《价值工程》;20101231;第168-169页 *

Also Published As

Publication number Publication date
CN112149123A (en) 2020-12-29

Similar Documents

Publication Publication Date Title
CN112149123B (en) Safety inspection system and method for application program
JP6725679B2 (en) Two-channel authentication proxy system and method capable of detecting falsification of application
CN112217835B (en) Message data processing method and device, server and terminal equipment
Cohen Information system attacks: A preliminary classification scheme
CN109726588B (en) Privacy protection method and system based on information hiding
CN113177205B (en) Malicious application detection system and method
CN109309645A (en) A kind of software distribution security guard method
CN115499844A (en) Mobile terminal information safety protection system and method
Falade et al. Vulnerability analysis of digital banks' mobile applications
CN108694329B (en) Mobile intelligent terminal security event credible recording system and method based on combination of software and hardware
CN110049055A (en) Business loophole means of defence, device and system
CN115941743A (en) Method and system for identity authentication and data backup
Sharma et al. Smartphone security and forensic analysis
Zeybek et al. A study on security awareness in mobile devices
CN105743883B (en) A kind of the identity attribute acquisition methods and device of network application
CN108600178A (en) A kind of method for protecting and system, reference platform of collage-credit data
Kang et al. A study on the needs for enhancement of personal information protection in cloud computing security certification system
CN108289073A (en) APP safety detecting systems based on Android
Yıldırım et al. A research on software security vulnerabilities of new generation smart mobile phones
Yakubdjanovna et al. Analysis of Information Security Problems in Electronic Management with Possible Solutions
Liu Ethical Hacking of a Smart Video Doorbell
Tsobdjou et al. A Framework for Security Assessment of Android Mobile Banking Applications
Guo et al. Research on risk analysis and security testing technology of mobile application in power system
CN117252599B (en) Dual security authentication method and system for intelligent POS machine
Liu Penetration testing of Sesame Smart door lock

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant