Nothing Special   »   [go: up one dir, main page]

CN112149123B - Safety inspection system and method for application program - Google Patents

Safety inspection system and method for application program Download PDF

Info

Publication number
CN112149123B
CN112149123B CN202011052592.3A CN202011052592A CN112149123B CN 112149123 B CN112149123 B CN 112149123B CN 202011052592 A CN202011052592 A CN 202011052592A CN 112149123 B CN112149123 B CN 112149123B
Authority
CN
China
Prior art keywords
inspection
application program
item
security
check
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011052592.3A
Other languages
Chinese (zh)
Other versions
CN112149123A (en
Inventor
赵戈
张艳
胡亚兰
陆臻
顾健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Third Research Institute of the Ministry of Public Security
Original Assignee
Third Research Institute of the Ministry of Public Security
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Third Research Institute of the Ministry of Public Security filed Critical Third Research Institute of the Ministry of Public Security
Priority to CN202011052592.3A priority Critical patent/CN112149123B/en
Publication of CN112149123A publication Critical patent/CN112149123A/en
Application granted granted Critical
Publication of CN112149123B publication Critical patent/CN112149123B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a system and a method for security check of an application program, which relate to the technical field of network information security and comprise the following steps: the task receiving module is used for receiving an inspection task, and the inspection task comprises basic information of at least one application program to be inspected and at least one inspection item related to the application program to be inspected; the program import module imports the checked application program according to the basic information; the inspection knowledge base stores the corresponding relation between each inspection item configured in advance and the corresponding inspection standard; the safety inspection module is used for obtaining a corresponding inspection standard according to the matching of each inspection item in the inspection task and carrying out safety inspection on the application program to be inspected according to the inspection standard; and the record generating module is used for generating the check record corresponding to each check item according to the safety check result corresponding to each check item. The method has the advantages of realizing electronization of the safety inspection process of the application program, reducing the difficulty of law enforcement operation, ensuring the authenticity of inspection records and effectively improving the working efficiency and standardization level of law enforcement.

Description

一种应用程序的安全检查系统及方法System and method for security check of application program

技术领域technical field

本发明涉及网络信息安全技术领域,尤其涉及一种应用程序的安全检查系统及方法。The invention relates to the technical field of network information security, in particular to an application program security inspection system and method.

背景技术Background technique

在科技发展日新月异的今天,移动终端已经成为人们工作和生活中必要的工具,各种移动应用APP(Application,应用程序)软件被越来越广泛地应用。由于移动应用APP软件的使用过程中会对用户信息等数据进行收集和使用,移动应用APP软件的安全问题也走进了人们的视角,对移动应用APP软件的安全检查刻不容缓。Today, with the rapid development of science and technology, mobile terminals have become necessary tools in people's work and life, and various mobile application APP (Application, application program) software are more and more widely used. Due to the collection and use of user information and other data during the use of mobile application software, the security issues of mobile application software have also entered people's perspectives, and the security inspection of mobile application software is urgent.

传统的安全检查方式需要执法人员填写纸质检查文书以及检查记录等,存在安全检查效能低,检查记录真实度无法保证,且后续的检查记录的管理难度大等问题。The traditional security inspection method requires law enforcement personnel to fill in paper inspection documents and inspection records, etc., which has problems such as low efficiency of security inspection, inability to guarantee the authenticity of inspection records, and difficulty in the management of subsequent inspection records.

发明内容Contents of the invention

针对现有技术中存在的问题,本发明提供一种应用程序的安全检查系统,包括:一安全检查工具,所述安全检查工具包括:Aiming at the problems existing in the prior art, the present invention provides a security check system for application programs, including: a security check tool, the security check tool includes:

任务接收模块,用于接收一检查任务,所述检查任务包括至少一被检查应用程序的基本信息及所述被检查应用程序关联的至少一检查项;A task receiving module, configured to receive an inspection task, the inspection task including basic information of at least one application to be inspected and at least one inspection item associated with the application to be inspected;

程序导入模块,连接所述任务接收模块,用于根据所述被检查应用程序的所述基本信息导入所述被检查应用程序;A program import module, connected to the task receiving module, for importing the checked application according to the basic information of the checked application;

检查知识库,用于保存预先配置的各所述检查项与对应的检查标准之间的对应关系;An inspection knowledge base, configured to store the correspondence between the pre-configured inspection items and corresponding inspection standards;

安全检查模块,分别连接所述任务接收模块、所述程序导入模块和所述检查知识库,用于根据所述检查任务中的各所述检查项匹配得到对应的所述检查标准,并根据所述检查标准对所述被检查应用程序进行安全检查;A security inspection module, connected to the task receiving module, the program import module, and the inspection knowledge base, for matching each inspection item in the inspection task to obtain the corresponding inspection standard, and according to the Perform a security check on the checked application program according to the check standard;

记录生成模块,连接所述安全检查模块,用于根据各所述检查项对应的安全检查结果生成各所述检查项对应的检查记录。A record generation module, connected to the safety inspection module, for generating inspection records corresponding to each inspection item according to the safety inspection results corresponding to each inspection item.

优选的,所述安全检查工具还包括一任务建立模块,连接所述任务接收模块,用于供执法人员建立所述检查任务,并将所述检查任务发送至所述任务接收模块。Preferably, the safety inspection tool further includes a task establishment module connected to the task reception module for law enforcement personnel to establish the inspection task and send the inspection task to the task reception module.

优选的,还包括一系统管理平台,连接所述安全检查工具,用于供执法人员建立所述检查任务,并将所述检查任务下发至所述安全检查工具。Preferably, it also includes a system management platform, connected to the safety inspection tool, for law enforcement personnel to create the inspection task and send the inspection task to the safety inspection tool.

优选的,所述系统管理平台包括一通知生成模块,用于根据所述检查任务生成检查通知书以通知所述被检查应用程序的所属被检查单位。Preferably, the system management platform includes a notification generation module, configured to generate an inspection notification according to the inspection task to notify the inspected unit to which the inspected application program belongs.

优选的,所述系统管理平台包括一数据处理模块,用于获取各所述检查项对应的所述检查记录,并根据各所述检查记录生成所述被检查应用程序的检查报告。Preferably, the system management platform includes a data processing module, configured to obtain the inspection records corresponding to each of the inspection items, and generate an inspection report of the inspected application program according to each of the inspection records.

优选的,所述检查标准包括若干检查项规则库;Preferably, the inspection standard includes several inspection item rule bases;

则所述安全检查模块包括:Then the safety check module includes:

重点功能检查单元,用于在所述检查项为重点功能检查项时,匹配得到对应的重点功能规则库作为所述检查项规则库,并根据所述重点功能规则库对所述被检查应用程序进行重点功能检查;和/或A key function checking unit, configured to match and obtain a corresponding key function rule base as the check item rule base when the check item is a key function check item, and perform a check on the checked application according to the key function rule base Conduct focused function checks; and/or

恶意程序检查单元,用于在所述检查项为恶意程序检查项时,匹配得到对应的恶意程序规则库作为所述检查项规则库,并根据所述恶意程序规则库对所述被检查应用程序进行恶意程序检查;和/或A malicious program checking unit, configured to match the corresponding malicious program rule base as the check item rule base when the check item is a malicious program check item, and check the checked application program according to the malicious program rule base conduct malware checks; and/or

第三方软件开发工具检查单元,用于在所述检查项为第三方软件开发工具检查项时,匹配得到对应的第三方软件开发工具规则库作为所述检查项规则库,并根据所述第三方软件开发工具规则库对所述被检查应用程序进行第三方软件开发工具检查;和/或A third-party software development tool check unit, configured to match the corresponding third-party software development tool rule base as the check item rule base when the check item is a third-party software development tool check item, and according to the third-party A software development tool rule base performs a third-party software development tool check on said checked application; and/or

程序漏洞检查单元,用于在所述检查项为程序漏洞检查项时,匹配得到对应的程序漏洞规则库作为所述检查项规则库,并根据所述程序漏洞规则库对所述被检查应用程序进行程序漏洞检查;和/或A program vulnerability checking unit, configured to match the corresponding program vulnerability rule base as the check item rule base when the check item is a program vulnerability check item, and check the checked application program according to the program vulnerability rule base. conduct program vulnerability checks; and/or

违法内容检查单元,用于在所述检查项为违法内容检查项时,匹配得到对应的违法内容规则库作为所述检查项规则库,并根据所述违法内容规则库对所述被检查应用程序进行违法内容检查。The illegal content inspection unit is configured to match the corresponding illegal content rule library as the inspection item rule library when the inspection item is an illegal content inspection item, and perform a check on the checked application program according to the illegal content rule library. Check for illegal content.

优选的,所述检查标准包括安全行为标准,所述检查项包括安全行为检查;Preferably, the inspection standards include safety behavior standards, and the inspection items include safety behavior inspections;

则所述安全检查模块包括:Then the safety check module includes:

违规行为分析单元,用于根据所述安全行为标准对所述被检查应用程序收集和使用个人信息的行为进行安全行为检查;和/或A violation behavior analysis unit, configured to conduct a safety behavior inspection on the collection and use of personal information of the inspected application program according to the safety behavior standards; and/or

权限使用检查单元,用于根据所述安全行为标准对所述被检查应用程序获取的权限进行安全行为检查;和/或A permission use checking unit, configured to check the security behavior of the permission obtained by the checked application program according to the security behavior standard; and/or

敏感行为分析单元,用于根据所述安全行为标准对所述被检查应用程序的敏感行为进行安全行为检查。A sensitive behavior analysis unit, configured to check the security behavior of the sensitive behavior of the checked application program according to the security behavior standard.

优选的,所述检查标准包括合规性标准,所述检查项包括合规性检查;Preferably, the inspection standard includes a compliance standard, and the inspection item includes a compliance inspection;

则所述安全检查模块还包括:Then the safety check module also includes:

备案信息检查单元,用于获取所述被检查应用程序的备案信息,并根据所述合规性标准对所述备案信息进行合规性检查;和/或A filing information checking unit, configured to acquire the filing information of the checked application, and check the compliance of the filing information according to the compliance standard; and/or

违法响应检查单元,用于获取所述被检查应用程序的违法信息发现和响应信息,并根据所述合规性标准对所述违法信息发现和响应信息进行合规性检查;和/或an illegal response checking unit, configured to acquire illegal information discovery and response information of the checked application program, and perform a compliance check on the illegal information discovery and response information according to the compliance standard; and/or

隐私政策检查单元,用于获取所述被检查应用程序的隐私政策文本,并根据所述合规性标准对所述隐私政策文本的内容进行合规性检查;和/或a privacy policy checking unit, configured to obtain the privacy policy text of the checked application, and perform a compliance check on the content of the privacy policy text according to the compliance standard; and/or

安全管理检查单元,用于获取所述被检查应用程序的所属被检查单元的安全管理制度,并根据所述合规性标准对所述安全管理制度进行合规性检查。The security management checking unit is configured to obtain the security management system of the checked unit to which the checked application program belongs, and check the compliance of the security management system according to the compliance standard.

优选的,还包括一部级规则库,连接所述安全检查工具,用于保存最新检查业务规则,所述安全检查工具在执行所述检查任务前获取所述最新检查业务规则以同步更新所述检查项规则库。Preferably, it also includes a first-level rule base, connected to the security inspection tool, for storing the latest inspection business rules, and the security inspection tool obtains the latest inspection business rules before executing the inspection task to synchronously update the Check item rule base.

一种应用程序的安全检查方法,应用于上述的应用程序的安全检查系统,所述安全检查方法包括:A security check method for an application program, applied to the above-mentioned application program security check system, the security check method comprising:

步骤S1,所述安全检查工具接收一检查任务,所述检查任务包括至少一被检查应用程序的基本信息及所述被检查应用程序关联的至少一检查项;Step S1, the security inspection tool receives an inspection task, and the inspection task includes basic information of at least one application to be inspected and at least one inspection item associated with the application to be inspected;

步骤S2,所述安全检查工具根据所述被检查应用程序的所述基本信息导入所述被检查应用程序;Step S2, the security check tool imports the checked application according to the basic information of the checked application;

步骤S3,所述安全检查工具根据所述检查任务中的各所述检查项于预先配置的各所述检查项与对应的检查标准的对应关系中匹配得到对应的所述检查标准,并根据所述检查标准对所述被检查应用程序进行安全检查;Step S3, the safety inspection tool matches each of the inspection items in the inspection task with the pre-configured correspondence between each of the inspection items and the corresponding inspection standard to obtain the corresponding inspection standard, and according to the Perform a security check on the checked application program according to the check standard;

步骤S4,所述安全检查工具根据各所述检查项对应的安全检查结果生成各所述检查项对应的检查记录。Step S4, the safety inspection tool generates an inspection record corresponding to each inspection item according to the safety inspection result corresponding to each inspection item.

上述技术方案具有如下优点或有益效果:实现应用程序的安全检查过程电子化,方便后续的检查记录的查询管理以及数据追溯,降低执法操作难度,保证检查记录真实性的同时有效提升执法工作效率和规范化水平。The above technical solution has the following advantages or beneficial effects: realize the electronic security inspection process of the application program, facilitate the query management and data traceability of subsequent inspection records, reduce the difficulty of law enforcement operations, and effectively improve the efficiency and efficiency of law enforcement while ensuring the authenticity of inspection records. normalization level.

附图说明Description of drawings

图1为本发明的较佳的实施例中,一种应用程序的安全检查系统的结构示意图;FIG. 1 is a schematic structural diagram of a security check system for an application program in a preferred embodiment of the present invention;

图2为本发明的较佳的实施例中,安全检查工具的结构示意图;Fig. 2 is a schematic structural view of a safety inspection tool in a preferred embodiment of the present invention;

图3为本发明的较佳的实施例中,一种应用程序的安全检查方法的流程示意图。Fig. 3 is a schematic flowchart of a method for security checking of an application program in a preferred embodiment of the present invention.

具体实施方式Detailed ways

下面结合附图和具体实施例对本发明进行详细说明。本发明并不限定于该实施方式,只要符合本发明的主旨,则其他实施方式也可以属于本发明的范畴。The present invention will be described in detail below in conjunction with the accompanying drawings and specific embodiments. The present invention is not limited to this embodiment, and other embodiments may also belong to the scope of the present invention as long as they conform to the gist of the present invention.

本发明的较佳的实施例中,基于现有技术中存在的上述问题,现提供一种应用程序的安全检查系统,如图1所示,包括:一安全检查工具1,所述安全检查工具1包括:In a preferred embodiment of the present invention, based on the above-mentioned problems existing in the prior art, a security check system for an application program is now provided, as shown in FIG. 1 , including: a security check tool 1, the security check tool 1 includes:

任务接收模块11,用于接收一检查任务,检查任务包括至少一被检查应用程序的基本信息及被检查应用程序关联的至少一检查项;The task receiving module 11 is configured to receive an inspection task, the inspection task includes at least one basic information of the application to be inspected and at least one inspection item associated with the application to be inspected;

程序导入模块12,连接任务接收模块11,用于根据被检查应用程序的基本信息导入被检查应用程序;A program import module 12, connected to the task receiving module 11, is used to import the checked application program according to the basic information of the checked application program;

检查知识库13,用于保存预先配置的各所述检查项与对应的检查标准之间的对应关系;An inspection knowledge base 13, configured to save the pre-configured correspondence between each of the inspection items and corresponding inspection standards;

安全检查模块14,分别连接任务接收模块11、程序导入模块12和检查知识库13,用于根据检查任务中的各检查项匹配得到对应的检查标准,并根据检查标准对被检查应用程序进行安全检查;The security inspection module 14 is respectively connected to the task receiving module 11, the program import module 12 and the inspection knowledge base 13, and is used to obtain corresponding inspection standards according to the matching of each inspection item in the inspection task, and perform security inspection on the inspected application program according to the inspection standards. examine;

记录生成模块15,连接安全检查模块14,用于根据各检查项对应的安全检查结果生成各检查项对应的检查记录。The record generation module 15 is connected to the safety inspection module 14 and is used to generate inspection records corresponding to each inspection item according to the safety inspection results corresponding to each inspection item.

具体地,本实施方式中,上述安全检查工具应用于网安部门开展应用程序安全检查工作,应用程序目标检查类型覆盖Android版本和iOS版本。上述任务接收模块11可以是人机交互界面,执法人员通过该人机交互界面接收检查任务,进而进行后续的安全检查工作,该检查任务可以包括被检查应用程序的基本信息和检查项,还可以包括检查内容和检查时间等。上述检查知识库13优选封装有应用程序安全检查工作的检查标准,该检查标准包括但不限于应用程序安全检查工作的实施经验、专家知识和分析模型,使安全检查工具的检查内容和检查记录可以按照检查知识库内置13的知识、模型和规则进行分析,为应用程序安全检查工作提供检查方法、检查结果判定依据、工具检查结果分析、不符合项的风险提示等。在对被检查应用程序进行安全检查时,可以根据检查任务中包含的检查项调用检查知识库13中对应的检查标准进行安全检查,并在每个检查项检查完成后生成相应的检查记录,该检查记录可以包括被检查应用程序所属的被检查单位名称、检查时间、检查地点、检查民警的签名信息、被检查单位人员的签名信息以及检查项的检查结果信息等,实现应用程序安全检查的电子化,方便后续数据查询和数据追溯。作为优选的实施方式,该检测记录还可以包括对证据文件的拍照和摄影、证据音频的录音,并对证据相关文件进行存储;执法人员可以通过安全检查工具1对证据相关文件进行管理操作,包括导入、导出、删除、上传等;安全检查工具1还提供执法人员对记录的确认,并录入电子签名的功能。Specifically, in this embodiment, the above-mentioned security inspection tool is applied to the network security department to carry out application program security inspection, and the type of application program target inspection covers Android version and iOS version. The above-mentioned task receiving module 11 may be a human-computer interaction interface, through which law enforcement personnel receive inspection tasks, and then perform subsequent security inspection work. The inspection tasks may include basic information and inspection items of the application program to be inspected, or Including inspection content and inspection time, etc. The above inspection knowledge base 13 is preferably packaged with inspection standards for application security inspection work, which include but not limited to implementation experience, expert knowledge and analysis models of application program security inspection work, so that the inspection content and inspection records of security inspection tools can be Analyze according to the knowledge, models and rules built in 13 in the inspection knowledge base, and provide inspection methods, inspection result judgment basis, tool inspection result analysis, and risk reminders for non-conforming items for application security inspection. When performing a security check on the checked application, the corresponding check criteria in the check knowledge base 13 can be called to perform a security check according to the check items included in the check task, and a corresponding check record is generated after each check item is checked. The inspection record can include the name of the inspected unit to which the inspected application belongs, the inspection time, the inspection location, the signature information of the inspection police, the signature information of the personnel of the inspected unit, and the inspection result information of the inspection items, etc., to realize the electronic security inspection of the application program. to facilitate subsequent data query and data traceability. As a preferred embodiment, the detection record can also include taking photos and photographing evidence files, recording evidence audio, and storing evidence-related files; law enforcement personnel can manage evidence-related files through the security inspection tool 1, including Import, export, delete, upload, etc.; the security inspection tool 1 also provides law enforcement personnel with the function of confirming records and entering electronic signatures.

作为优选的实施方式,上述安全检查工具1可以部署在本地便携式设备中,如图2所示,安全检查工具1还提供一登录界面100,执法人员通过该登录界面登录安全检查工具1后,可以接收检查任务,并根据检查任务对相应的被检查应用程序进行安全检查。上述安全检查工具还可以部署在云端,执法人员可以通过网络远程访问云端的安全检查工具,如通过B/S方式登录,以获取检查任务,并根据检查任务对相应的被检查应用程序进行安全检查。作为优选的实施方式,安全检查工具1还提供一身份验证模块,以通过该身份验证模块对执法人员的登录信息进行验证,以鉴别用户的身份,保护鉴别数据不被未授权查阅或修改,上述验证方式可以是双因子认证。As a preferred embodiment, the above-mentioned safety inspection tool 1 can be deployed in a local portable device. As shown in FIG. 2 , the safety inspection tool 1 also provides a login interface 100. Receive inspection tasks, and perform security inspections on corresponding inspected applications according to the inspection tasks. The above-mentioned security inspection tools can also be deployed in the cloud, and law enforcement personnel can remotely access the security inspection tools in the cloud through the network, such as logging in through B/S, to obtain inspection tasks, and perform security inspections on the corresponding inspected applications according to the inspection tasks . As a preferred embodiment, the safety inspection tool 1 also provides an identity verification module, through which the login information of law enforcement officers is verified to identify the identity of the user, and protect the identification data from unauthorized access or modification, the above-mentioned The verification method can be two-factor authentication.

作为优选的实施方式,上述被检查应用程序可以通过手动单个导入或者批量导入的方式执行,也可以根据预先配置的被检查应用程序的存储路径进行自动化导入。As a preferred implementation manner, the above-mentioned checked application programs can be manually imported individually or in batches, or can be automatically imported according to a pre-configured storage path of the checked application programs.

作为优选的实施方式,安全检查工具1还可以提供一安全审计模块101,用以根据检查知识库以及安全检查工具的升级操作、现场执法检查记录结果以及反馈意见等文书材料的打印事件、执法人员的登录和注销等事件、数据导入和导出等事件生成审计记录,并确保只有授权用户才能读取和备份上述审计记录。As a preferred embodiment, the safety inspection tool 1 can also provide a safety audit module 101, which is used to check the knowledge base and the upgrade operation of the safety inspection tool, the printing events of document materials such as on-site law enforcement inspection record results and feedback opinions, law enforcement personnel Events such as login and logout, data import and export, etc. generate audit records, and ensure that only authorized users can read and back up the above audit records.

作为优选的实施方式,安全检查工具1采用国家商密办批准的国产商用密码算法对检查数据进行加解密。国产商用密码产品应便携,且与安全检查工具分开存放,仅在使用安全检查工具时方可与安全检查工具进行连接,并采用下列方式增强数据安全:程序区、数据区物理上隔离,程序区的数据不可读不可写,数据区只允许工具系统写入;从工具产生的业务数据,包括但不限于检查结果数据、报告、流量数据、日志数据等,应采用国产商密算法加密后保存。As a preferred embodiment, the security inspection tool 1 encrypts and decrypts inspection data using a domestic commercial encryption algorithm approved by the State Office of Commercial Secrets. Domestic commercial encryption products should be portable and stored separately from the security check tool, and can only be connected with the security check tool when using the security check tool, and the following methods should be adopted to enhance data security: the program area and the data area are physically separated, and the program area The data cannot be read or written, and the data area is only allowed to be written by the tool system; the business data generated from the tool, including but not limited to inspection result data, reports, traffic data, log data, etc., should be encrypted with domestic commercial encryption algorithms and stored.

作为优选的实施方式,安全检查工具1还可以提供一痕迹清除模块102,用以不可恢复地清除安全检查过程中产生的业务数据。As a preferred implementation manner, the security inspection tool 1 may also provide a trace removal module 102 for irreversibly clearing business data generated during the security inspection process.

作为优选的实施方式,安全检查工具1还可以提供一状态恢复模块103,用以将安全检查工具恢复至出厂状态。As a preferred embodiment, the safety inspection tool 1 can also provide a state recovery module 103 for restoring the safety inspection tool to the factory state.

本发明的较佳的实施例中,安全检查工具1还包括一任务建立模块16,连接任务接收模块11,用于供执法人员建立检查任务,并将检查任务发送至任务接收模块11。In a preferred embodiment of the present invention, the safety inspection tool 1 further includes a task establishment module 16 connected to the task reception module 11 for law enforcement personnel to establish inspection tasks and send the inspection tasks to the task reception module 11 .

具体地,本实施方式中,执法人员可以通过安全检查工具1设置的任务建立模块16根据检查需求自行建立检查任务。作为优选的实施方式,安全检查工具1中存储有预先生成的检查项集合,该检查项集合中包括多个检查项,执法人员可以根据检查需求由检查项集合中进行检查项的提取,以生成检查任务。作为优选的实施方式,上述任务建立模块16还可以连接检查知识库13,以供执法人员调用检查知识库13中的检查标准自定义检查评估内容,以便于完成专项检查任务检查内容的快速集成。Specifically, in this embodiment, law enforcement personnel can create inspection tasks by themselves according to inspection requirements through the task creation module 16 set in the security inspection tool 1 . As a preferred embodiment, a pre-generated check item set is stored in the security check tool 1, which includes a plurality of check items, and law enforcement personnel can extract check items from the check item set according to check requirements to generate Check tasks. As a preferred implementation, the above-mentioned task establishment module 16 can also be connected to the inspection knowledge base 13, so that law enforcement personnel can call the inspection standards in the inspection knowledge base 13 to customize the inspection and evaluation content, so as to complete the rapid integration of the inspection content of special inspection tasks.

本发明的较佳的实施例中,还包括一系统管理平台2,连接安全检查工具1,用于供执法人员建立检查任务,并将检查任务下发至安全检查工具1。In a preferred embodiment of the present invention, a system management platform 2 is also included, which is connected to the safety inspection tool 1 and is used for law enforcement personnel to establish inspection tasks and send the inspection tasks to the safety inspection tool 1 .

具体地,本实施方式中,执法人员可以通过系统管理平台2实现检查任务的远程建立和下发,进一步具体地,系统管理平台2可以供执法人员制定检查计划,该检查计划内容包可以包括被检查应用程序的名称、检查计划名称、检查对象内容、检查计划起止时间等。在检查计划制定完成后,执法人员还可以通过系统管理平台2进行检查计划的查询以及修改等操作。在确定检查计划后,系统管理平台2可以根据该检查计划生成相应的检查任务并下发至安全检查工具1。安全检查工具1还提供一登录界面,执法人员通过该登录界面登录安全检查工具1后,可以获取系统管理平台2下发的检查任务。Specifically, in this embodiment, the law enforcement personnel can realize the remote establishment and distribution of inspection tasks through the system management platform 2. Further specifically, the system management platform 2 can allow law enforcement personnel to formulate inspection plans, and the inspection plan content package can include the The name of the inspection application, the name of the inspection plan, the content of the inspection object, the start and end time of the inspection plan, etc. After the inspection plan is formulated, law enforcement personnel can also perform operations such as querying and modifying the inspection plan through the system management platform 2 . After the inspection plan is determined, the system management platform 2 can generate corresponding inspection tasks according to the inspection plan and send them to the safety inspection tool 1 . The safety inspection tool 1 also provides a login interface through which law enforcement personnel can obtain inspection tasks issued by the system management platform 2 after logging in to the safety inspection tool 1 .

本发明的较佳的实施例中,系统管理平台2包括一通知生成模块21,用于根据检查任务生成检查通知书以通知被检查应用程序的所属被检查单位。In a preferred embodiment of the present invention, the system management platform 2 includes a notification generation module 21, which is used to generate an inspection notification according to the inspection task to notify the inspected unit to which the inspected application program belongs.

具体地,本实施方式中,系统管理平台2还可以在检查任务下发的同时生成相应的检查通知书并通知被检查单位,实现检查通知书的电子化传送。Specifically, in this embodiment, the system management platform 2 can also generate a corresponding inspection notice and notify the inspected unit while issuing the inspection task, so as to realize the electronic transmission of the inspection notice.

本发明的较佳的实施例中,系统管理平台2包括一数据处理模块22,用于获取各检查项对应的检查记录,并根据各检查记录生成被检查应用程序的检查报告。In a preferred embodiment of the present invention, the system management platform 2 includes a data processing module 22 for obtaining inspection records corresponding to each inspection item, and generating an inspection report of the checked application program according to each inspection record.

具体地,本实施方式中,系统管理平台2通过对各检查项的检查记录进行汇总统计生成整体的检查报告,作为优选的实施方式,该检查报告可以采用国家商密办批准的国产商用密码产品进行加密,以确保检查报告中检查数据的保密性。作为优选的实施方式,在检查报告表示被检查应用程序存在问题严重,需要进行处罚时,执法人员可以通过该系统管理平台2对被检查应用程序所属的被检查单位出具处罚单。作为优选的实施方式,采用国家商密办批准的密码算法对安全检查工具与系统管理平台之间的数据传输进行加密。Specifically, in this embodiment, the system management platform 2 generates an overall inspection report by summarizing the inspection records of each inspection item. As a preferred embodiment, the inspection report can use domestic commercial encryption products approved by the State Commercial Secret Office Encryption is performed to ensure the confidentiality of inspection data in inspection reports. As a preferred implementation, when the inspection report indicates that the inspected application program has serious problems and needs to be punished, the law enforcement personnel can issue a penalty ticket to the inspected unit to which the inspected application program belongs through the system management platform 2 . As a preferred implementation, the data transmission between the security inspection tool and the system management platform is encrypted using a cryptographic algorithm approved by the State Office of Commercial Secrets.

本发明的较佳的实施例中,检查标准包括若干检查项规则库;In a preferred embodiment of the present invention, the inspection standard includes a number of inspection item rule bases;

则安全检查模块14包括:Then the security check module 14 includes:

重点功能检查单元141a,用于在检查项为重点功能检查项时,匹配得到对应的重点功能规则库作为检查项规则库,并根据重点功能规则库对被检查应用程序进行重点功能检查;和/或The key function checking unit 141a is used to match and obtain the corresponding key function rule base as the check item rule base when the check item is a key function check item, and perform a key function check on the checked application program according to the key function rule base; and/ or

恶意程序检查单元142a,用于在检查项为恶意程序检查项时,匹配得到对应的恶意程序规则库作为检查项规则库,并根据恶意程序规则库对被检查应用程序进行恶意程序检查;和/或The malicious program inspection unit 142a is configured to match the corresponding malicious program rule base as the check item rule base when the check item is a malicious program check item, and perform malicious program check on the checked application program according to the malicious program rule base; and/ or

第三方软件开发工具检查单元143a,用于在检查项为第三方软件开发工具检查项时,匹配得到对应的第三方软件开发工具规则库作为检查项规则库,并根据第三方软件开发工具规则库对被检查应用程序进行第三方软件开发工具检查;和/或The third-party software development tool check unit 143a is used to match the corresponding third-party software development tool rule base as the check item rule base when the check item is a third-party software development tool check item, and according to the third-party software development tool rule base Conduct third-party software development tool checks on checked applications; and/or

程序漏洞检查单元144a,用于在检查项为程序漏洞检查项时,匹配得到对应的程序漏洞规则库作为检查项规则库,并根据程序漏洞规则库对被检查应用程序进行程序漏洞检查;和/或The program vulnerability inspection unit 144a is configured to match the corresponding program vulnerability rule base as the check item rule base when the check item is a program vulnerability check item, and perform program vulnerability check on the checked application program according to the program vulnerability rule base; and/ or

违法内容检查单元145a,用于在检查项为违法内容检查项时,匹配得到对应的违法内容规则库作为检查项规则库,并根据违法内容规则库对被检查应用程序进行违法内容检查。The illegal content inspection unit 145a is configured to match the corresponding illegal content rule library as the inspection item rule library when the inspection item is an illegal content inspection item, and perform illegal content inspection on the checked application program according to the illegal content rule library.

具体地,本实施方式中,检查项规则库包括但不限于重点功能规则库、恶意程序规则库、第三方软件开发工具规则库、程序漏洞规则库和违法内容规则库。Specifically, in this embodiment, the check item rule base includes, but is not limited to, key function rule bases, malicious program rule bases, third-party software development tool rule bases, program vulnerability rule bases, and illegal content rule bases.

其中,上述重点功能检查的检查对象包括但不限于短视频、即时通讯、网络支付、网络直播、金融借贷、网络游戏、VPN以及其他重点功能。Among them, the inspection objects of the above-mentioned key function inspection include but are not limited to short video, instant messaging, online payment, webcast, financial lending, online games, VPN and other key functions.

上述恶意程序检查的检查对象包括但不限于恶意扣费、隐私窃取、远程控制、恶意传播、资费消费、系统破坏、诱骗欺诈、流氓行为和其他恶意行为。The inspection objects of the above-mentioned malicious program inspection include but are not limited to malicious deduction, privacy theft, remote control, malicious transmission, tariff consumption, system destruction, deception and fraud, rogue behavior and other malicious behaviors.

上述第三方软件开发工具检查包括对第三方软件开发工具包插件、软件开发工具包行为进行分析和判定,其检查对象包括但不限于第三方软件开发工具信息,包括软件开发工具名称、软件开发工具版本号、软件开发工具提供方、以及软件开发工具详细介绍信息或链接地址;依据恶意软件开发工具库对可疑软件开发工具进行识别;对于恶意软件开发工具库之外的软件开发工具进行行为分析,包括:将个人信息发送至第三方、将个人信息发送至境外服务器、个人信息采集情况及采集频次、存在安全漏洞或木马程序;软件开发工具申请的可用于收集个人信息相关权限列表。The above inspection of third-party software development tools includes the analysis and judgment of third-party software development kit plug-ins and software development kit behaviors, and the objects of inspection include but not limited to third-party software development tool information, including software development tool names, Version number, provider of software development tools, and detailed introduction information or link addresses of software development tools; identify suspicious software development tools based on malware development tool libraries; conduct behavior analysis on software development tools other than malware development tool libraries, Including: sending personal information to third parties, sending personal information to overseas servers, personal information collection and collection frequency, existence of security holes or Trojan horse programs; list of relevant permissions that can be used to collect personal information applied for by software development tools.

上述程序漏洞检查的检查对象包括但不限于:1)程序文件安全:加固壳识别、Java代码反编译风险、篡改和二次打包风险、Janus签名机制漏洞、应用签名未校验风险、代码未混淆风险、使用调试证书发布应用风险、仅使用Java代码风险、启动隐藏服务风险、应用签名算法不安全风险等;2)数据存储安全:Webview明文存储密码风险、Webview File同源策略绕过漏洞、明文数字证书风险、数据库注入漏洞、SA加密算法不安全使用漏洞、密钥硬编码漏洞、动态调试攻击风险、Webview远程调试风险、应用数据任意备份风险、FFmpeg文件读取漏洞、调试日志函数调用风险、AES/DES加密方法不安全使用漏洞、RSA加密算法不安全使用漏洞、Java层动态调试风险等等;3)通信数据传输安全:明文传输数据风险、HTTPS未校验服务器证书漏洞、HTTPS未校验主机名漏洞、HTTPS允许任意主机名漏洞等;4)身份认证安全:界面劫持风险、输入监听风险、截屏攻击风险等;5)内部数据交互安全:ContentProvider数据泄露漏洞、Intent Scheme URL攻击漏洞、Fragment注入攻击漏洞、Activity组件导出风险、Service组件导出风险、Broadcast Receiver组件导出风险、ContentProvider组件导出风险、本地端口开放越权漏洞、Intent组件隐式调用风险等;6)恶意攻击防范能力:动态注入攻击风险、Webview远程代码执行漏洞、未移除有风险的Webview系统隐藏接口漏洞、zip文件解压目录遍历漏洞、WebSQL注入漏洞、InnerHTML的XSS攻击漏洞、下载任意apk漏洞等。The inspection objects of the above-mentioned program vulnerability inspection include but are not limited to: 1) Program file security: hardened shell identification, risk of Java code decompilation, risk of tampering and secondary packaging, Janus signature mechanism vulnerability, risk of unverified application signature, and unobfuscated code Risks, risks of publishing applications using debug certificates, risks of using only Java codes, risks of starting hidden services, risks of insecure application signature algorithms, etc.; Digital certificate risk, database injection vulnerability, SA encryption algorithm insecure use vulnerability, key hardcoding vulnerability, dynamic debugging attack risk, Webview remote debugging risk, application data arbitrary backup risk, FFmpeg file reading vulnerability, debugging log function call risk, AES/DES encryption method insecure use vulnerability, RSA encryption algorithm insecure use vulnerability, Java layer dynamic debugging risk, etc.; 3) communication data transmission security: clear text transmission data risk, HTTPS unverified server certificate vulnerability, HTTPS unverified Host name vulnerability, HTTPS allows any host name vulnerability, etc.; 4) Identity authentication security: risk of interface hijacking, input monitoring risk, screen capture attack risk, etc.; 5) Internal data interaction security: ContentProvider data leakage vulnerability, Intent Scheme URL attack vulnerability, Fragment Injection attack vulnerability, Activity component export risk, Service component export risk, Broadcast Receiver component export risk, ContentProvider component export risk, local port open unauthorized vulnerability, Intent component implicit call risk, etc.; 6) Malicious attack prevention capability: dynamic injection attack risk , Webview remote code execution vulnerability, unremoved risky Webview system hidden interface vulnerability, zip file decompression directory traversal vulnerability, WebSQL injection vulnerability, InnerHTML XSS attack vulnerability, download arbitrary apk vulnerability, etc.

上述违法内容检查的检查对象包括但不限于识别涉黄、涉毒、涉赌、涉暴、涉政等违法违规情况;针对违法违规内容,应具备自动保存截图或分析结果等固定证据的功能。The inspection objects of the above-mentioned illegal content inspection include but are not limited to identifying violations related to pornography, drugs, gambling, violence, and politics; for illegal content, it should have the function of automatically saving fixed evidence such as screenshots or analysis results.

本发明的较佳的实施例中,检查标准包括安全行为标准,检查项包括安全行为检查;In a preferred embodiment of the present invention, the inspection standard includes safety behavior standards, and the inspection items include safety behavior inspection;

则安全检查模块14包括:Then the security check module 14 includes:

违规行为分析单元141b,用于根据所述安全行为标准对被检查应用程序收集和使用个人信息的行为进行安全行为检查;和/或Violation behavior analysis unit 141b, configured to conduct safety behavior inspection on the collection and use of personal information of the inspected application program according to the safety behavior standard; and/or

权限使用检查单元142b,用于根据所述安全行为标准对被检查应用程序获取的权限进行安全行为检查;和/或The permission use checking unit 142b is configured to check the security behavior of the permission obtained by the checked application program according to the security behavior standard; and/or

敏感行为分析单元143b,用于根据所述安全行为标准对被检查应用程序的敏感行为进行安全行为检查。The sensitive behavior analysis unit 143b is configured to check the security behavior of the sensitive behavior of the checked application program according to the security behavior standard.

具体地,本实施方式中,上述违规行为分析单元141b对被检查应用程序收集和使用个人信息的行为进行安全行为检查的违规行为检查内容包括但不限于未经用户同意就开始收集个人信息;未按最小化收集个人信息,收集的个人信息类型或打开的可收集个人信息权限与现有业务功能无关;实际收集的个人信息或打开的可收集个人信息权限与隐私政策描述的范围不一致;实际收集的个人信息或打开的可收集个人信息权限超出用户授权范围;应用程序安装时强制用户授权,不同意不能安装的情形;应用程序强制索要权限,当拒绝某个权限时应用程序退出运行;收集个人信息的频率(应是实现产品或服务的业务功能所必需的最低频率);用户未使用相关功能或服务时,提前申请开启系统权限;既未经用户同意,也未做匿名化处理,应用程序直接向第三方提供个人信息(包括通过客户端嵌入的第三方代码、插件等方式)。Specifically, in this embodiment, the above-mentioned violation analysis unit 141b conducts a security behavior inspection on the collection and use of personal information by the checked application program. The violation inspection content includes but is not limited to the collection of personal information without the user's consent; According to the minimum collection of personal information, the type of personal information collected or the permission to collect personal information opened has nothing to do with existing business functions; the actual collection of personal information or the permission to collect personal information is inconsistent with the scope described in the privacy policy; the actual collection The personal information or the open permission to collect personal information exceeds the scope of user authorization; when the application is installed, the user is forced to authorize, and it cannot be installed if the application is not agreed; the application is forced to ask for permission. The frequency of the information (should be the minimum frequency necessary to realize the business functions of the product or service); when the user is not using the relevant function or service, apply in advance to enable the system permission; without the consent of the user or anonymization, the application Provide personal information directly to third parties (including through third-party codes embedded in the client, plug-ins, etc.).

上述权限使用检查单元142b对被检查应用程序获取的权限进行安全行为检查的检查内容包括但不限于应用程序声明的权限项超出其业务所需要的最小范围;应用程序实际运行中的权限项超出其声明的权限范围;未经用户同意就已经打开权限;强制用户一次性同意打开多个可收集个人信息的权限;未经用户同意更改其设置的权限状态;索取权限的频率。The above-mentioned permission use checking unit 142b checks the security behavior of the permission obtained by the checked application program, including but not limited to that the permission item declared by the application program exceeds the minimum range required by its business; the permission item in the actual running of the application program exceeds its minimum scope The scope of permissions declared; permission has been opened without the user's consent; forcing the user to agree to open multiple permissions that can collect personal information at one time; changing the permission status of its settings without the user's consent; the frequency of requesting permission.

上述敏感行为分析单元143b对被检查应用程序的敏感行为进行安全行为检查的检查内容包括但不限于应用程序退出运行或在后台运行时继续收集使用个人信息及使用频率;应用程序运行过程中修改权限声明文件;未经用户同意获取已安装应用列表、IP信息、MAC地址等设备信息;应用程序运行过程中访问的境外服务器信息(包括IP地址、端口等信息);应用程序运行过程中向境外服务器发送个人信息;应用程序运行过程中明文传输个人信息。The above-mentioned sensitive behavior analysis unit 143b checks the security behavior of the sensitive behavior of the checked application, including but not limited to, the application continues to collect and use personal information and frequency of use when the application exits or runs in the background; Statement documents; Obtaining installed application list, IP information, MAC address and other device information without the user's consent; Overseas server information accessed during the running of the application (including IP address, port and other information); Send personal information; clear text transmission of personal information during the running of the application.

本发明的较佳的实施例中,检查标准包括合规性标准,检查项还包括合规性检查;In a preferred embodiment of the present invention, the inspection standard includes a compliance standard, and the inspection item also includes a compliance inspection;

则安全检查模块14还包括:Then the security check module 14 also includes:

备案信息检查单元141c,用于获取被检查应用程序的备案信息,并根据合规性标准对备案信息进行合规性检查;和/或The filing information checking unit 141c is configured to obtain the filing information of the checked application program, and perform a compliance check on the filing information according to compliance standards; and/or

违法响应检查单元142c,用于获取被检查应用程序的违法信息发现和响应信息,并根据合规性标准对违法信息发现和响应信息进行合规性检查;和/或An illegal response checking unit 142c, configured to acquire illegal information discovery and response information of the checked application program, and perform a compliance check on the illegal information discovery and response information according to compliance standards; and/or

隐私政策检查单元143c,用于获取被检查应用程序的隐私政策文本,并根据合规性标准对隐私政策文本的内容进行合规性检查;和/或The privacy policy checking unit 143c is configured to obtain the privacy policy text of the checked application, and perform a compliance check on the content of the privacy policy text according to compliance standards; and/or

安全管理检查单元144c,用于获取被检查应用程序的所属被检查单元的安全管理制度,并根据合规性标准对安全管理制度进行合规性检查。The security management checking unit 144c is configured to obtain the security management system of the checked unit to which the checked application program belongs, and check the compliance of the security management system according to the compliance standard.

具体地,本实施方式中,上述备案信息检查单元141c根据合规性标准对备案信息进行合规性检查的检查内容包括应用程序的备案状态以及具体备案信息,该备案信息包括企业单位基本信息(单位性质、组织机构代码、单位名称、统一社会信用代码、注册地址等)、法人信息(法人姓名、身份证号、手机号、邮箱等)、联系人信息(联系人姓名、身份证号、手机号、邮箱等),应保证备案信息与实际情况一致。作为优选的实施方式,备案信息的合规性检查对应的合规性标准可以由预先配置的应用程序备案信息库提供。Specifically, in this embodiment, the above-mentioned filing information inspection unit 141c checks the compliance of the filing information according to the compliance standard. The content of the inspection includes the filing status of the application program and specific filing information, and the filing information includes the basic information of the enterprise ( Unit nature, organization code, unit name, unified social credit code, registered address, etc.), legal person information (legal person name, ID number, mobile phone number, email, etc.), contact information (contact name, ID number, mobile phone number, etc.) account number, email address, etc.), it should be ensured that the filing information is consistent with the actual situation. As a preferred implementation manner, the compliance standard corresponding to the compliance check of the filing information may be provided by a pre-configured application filing information library.

上述违法响应检查单元142c对违法信息发现和响应信息进行合规性检查的检查内容包括但不限于是否具备对用户发布或传输的文字信息进行违法关键词检查能力;是否具备对用户发布或传输的图片信息、音视频信息进行违法内容检查能力;是否具备对用户发布或传输违法信息的内容进行屏蔽或阻断等能力;自发现或接收到通报后,应用程序运营单位的响应时间是否小于5分钟。The above-mentioned illegal response inspection unit 142c checks the compliance inspection of illegal information discovery and response information, including but not limited to whether it has the ability to check illegal keywords for text information published or transmitted by users; The ability to check illegal content of picture information, audio and video information; whether it has the ability to block or block the content of illegal information released or transmitted by users; whether the response time of the application operator is less than 5 minutes after discovery or receipt of the notification .

上述隐私政策检查单元143c对隐私政策文本的内容进行合规性检查的检查内容包括但不限于应用程序中是否有隐私政策,隐私政策是否包括收集使用个人信息规则;是否明示收集使用个人信息的目的、方式和范围;是否逐一列出应用程序(包括委托的第三方或嵌入的第三方代码、插件)收集使用个人信息的目的、方式、范围等;是否说明收集使用个人信息的目的、方式、范围发生变化时,以何种方式通知用户;是否公布个人信息安全投诉、举报渠道;是否明示收集使用个人信息的业务功能;是否明示各项业务功能所收集的个人信息类型;是否显著标识个人敏感信息类型;是否明示应用程序申请的所有可收集个人信息的系统权限;个人信息是否涉及出境情况;是否提供撤回同意收集个人信息的途径、方式。The above-mentioned privacy policy inspection unit 143c checks the compliance of the content of the privacy policy text, including but not limited to whether there is a privacy policy in the application program, whether the privacy policy includes the rules for collecting and using personal information; whether the purpose of collecting and using personal information is clearly stated , method and scope; whether to list the purpose, method and scope, etc., of collecting and using personal information by applications (including entrusted third parties or embedded third-party codes and plug-ins); whether to explain the purpose, method and scope of collecting and using personal information When changes occur, how to notify users; whether to publish personal information security complaints and reporting channels; whether to clearly indicate the business functions that collect and use personal information; whether to clearly indicate the types of personal information collected by various business functions; whether to clearly identify sensitive personal information type; whether to expressly indicate all system permissions that can collect personal information applied by the application; whether the personal information involves exiting the country; whether to provide a way and method to withdraw consent to collect personal information.

上述安全管理检查单元144c对安全管理制度进行合规性检查的检查内容包括但不限于应用程序开发安全管理制度;数据安全管理制度;用户投诉举报制度;违法有害信息防范处置制度;机房管理制度;机房设备操作规程;安全责任人制度;应急管理制度;执法协助制度;重大网络安保期间的工作方案。The safety management inspection unit 144c checks the compliance of the safety management system, including but not limited to the application program development safety management system; data security management system; user complaint and reporting system; illegal and harmful information prevention and disposal system; computer room management system; Operating procedures for computer room equipment; security responsible person system; emergency management system; law enforcement assistance system; work plan during major network security periods.

作为优选的实施方式,安全检查工具按照上述中的合规性标准进行合规性评估后,还提供一执法检查模板,该执法检查模板中包含应用程序的执法检查重点、检查方法和不符合项所对应法律、法规中的条款,并根据该执法检查模板生成应用程序安全分析评估报告,以通过该执法检查模板记录合规性检查结果。As a preferred implementation, after the security inspection tool conducts compliance assessment according to the above-mentioned compliance standards, it also provides a law enforcement inspection template, which includes the application's law enforcement inspection focus, inspection methods and non-conformance items According to the terms in the corresponding laws and regulations, an application security analysis and assessment report is generated according to the law enforcement inspection template, so as to record the compliance inspection results through the law enforcement inspection template.

本发明的较佳的实施例中,还包括一部级规则库3,连接安全检查工具1,用于保存最新检查业务规则,安全检查工具1在执行检查任务前获取最新检查业务规则以同步更新检查项规则库。In a preferred embodiment of the present invention, it also includes a first-level rule base 3, which is connected to the security inspection tool 1, and is used to save the latest inspection business rules, and the security inspection tool 1 obtains the latest inspection business rules to update synchronously before performing the inspection task Check item rule base.

一种应用程序的安全检查方法,应用于上述的应用程序的安全检查系统,如图3所示,安全检查方法包括:A security check method for an application program, applied to the above security check system for an application program, as shown in Figure 3, the security check method includes:

步骤S1,安全检查工具接收一检查任务,检查任务包括至少一被检查应用程序的基本信息及被检查应用程序关联的至少一检查项;Step S1, the security inspection tool receives an inspection task, and the inspection task includes basic information of at least one application to be inspected and at least one inspection item associated with the application to be inspected;

步骤S2,安全检查工具根据被检查应用程序的基本信息导入被检查应用程序;Step S2, the security check tool imports the checked application program according to the basic information of the checked application program;

步骤S3,安全检查工具根据检查任务中的各检查项于预先配置的各检查项与对应的检查标准的对应关系中匹配得到对应的检查标准,并根据检查标准对被检查应用程序进行安全检查;Step S3, the security inspection tool matches each inspection item in the inspection task with the pre-configured correspondence between each inspection item and the corresponding inspection standard to obtain the corresponding inspection standard, and performs a security inspection on the inspected application program according to the inspection standard;

步骤S4,安全检查工具根据各检查项对应的安全检查结果生成各检查项对应的检查记录。Step S4, the safety inspection tool generates inspection records corresponding to each inspection item according to the safety inspection results corresponding to each inspection item.

以上所述仅为本发明较佳的实施例,并非因此限制本发明的实施方式及保护范围,对于本领域技术人员而言,应当能够意识到凡运用本说明书及图示内容所作出的等同替换和显而易见的变化所得到的方案,均应当包含在本发明的保护范围内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the implementation and protection scope of the present invention. For those skilled in the art, they should be able to realize that all equivalent replacements made by using this specification and the contents of the illustrations The solutions obtained with obvious changes shall all be included in the protection scope of the present invention.

Claims (9)

1. A security check system for an application, comprising: a security inspection tool, the security inspection tool comprising:
the task receiving module is used for receiving an inspection task, wherein the inspection task comprises basic information of at least one inspected application program and at least one inspection item related to the inspected application program;
the program import module is connected with the task receiving module and used for importing the application program to be checked according to the basic information of the application program to be checked;
the inspection knowledge base is used for storing the corresponding relation between each inspection item and the corresponding inspection standard which are configured in advance;
the safety inspection module is respectively connected with the task receiving module, the program importing module and the inspection knowledge base and is used for obtaining the corresponding inspection standard according to the matching of each inspection item in the inspection task and carrying out safety inspection on the inspected application program according to the inspection standard;
the record generating module is connected with the safety inspection module and used for generating the inspection record corresponding to each inspection item according to the safety inspection result corresponding to each inspection item;
the checking standard comprises a plurality of checking item rule bases;
the security check module comprises:
the key function checking unit is used for matching to obtain a corresponding key function rule base as the checking item rule base when the checking item is a key function checking item, and performing key function checking on the application program to be checked according to the key function rule base; and/or
The malicious program checking unit is used for matching to obtain a corresponding malicious program rule base as the check item rule base when the check item is a malicious program check item, and checking the malicious program of the application program to be checked according to the malicious program rule base; and/or
The third-party software development tool checking unit is used for matching to obtain a corresponding third-party software development tool rule base as the checking item rule base when the checking item is the third-party software development tool checking item, and checking the checked application program by the third-party software development tool rule base; and/or
The program vulnerability checking unit is used for matching to obtain a corresponding program vulnerability rule base as the checking item rule base when the checking item is a program vulnerability checking item, and performing program vulnerability checking on the application program to be checked according to the program vulnerability rule base; and/or
And the illegal content checking unit is used for matching to obtain a corresponding illegal content rule base as the checking item rule base when the checking item is an illegal content checking item, and checking illegal content of the application program to be checked according to the illegal content rule base.
2. The system of claim 1, wherein the security inspection tool further comprises a task setup module, coupled to the task receiving module, for enabling law enforcement personnel to set up the inspection task and send the inspection task to the task receiving module.
3. The system for security inspection of an application according to claim 1, further comprising a system management platform connected to the security inspection tool for law enforcement personnel to establish the inspection task and issue the inspection task to the security inspection tool.
4. The system for security inspection of an application program according to claim 3, wherein the system management platform comprises a notification generation module, configured to generate an inspection notification according to the inspection task to notify the inspected unit to which the inspected application program belongs.
5. The system for security inspection of an application program according to claim 3, wherein the system management platform comprises a data processing module, configured to obtain the inspection records corresponding to the inspection items, and generate the inspection report of the inspected application program according to the inspection records.
6. The system of claim 1, wherein the inspection criteria comprises security behavior criteria, and the inspection items comprise security behavior checks;
the security check module comprises:
the violation behavior analysis unit is used for carrying out safety behavior inspection on the behaviors of the inspected application program which collect and use personal information according to the safety behavior standard; and/or
The permission use checking unit is used for checking the safety behavior of the permission acquired by the checked application program according to the safety behavior standard; and/or
And the sensitive behavior analysis unit is used for carrying out security behavior inspection on the sensitive behavior of the inspected application program according to the security behavior standard.
7. The application security check system of claim 1, wherein the check criteria comprises compliance criteria, and the check terms comprise compliance checks;
the security check module further comprises:
the record information checking unit is used for acquiring record information of the application program to be checked and carrying out compliance check on the record information according to the compliance standard; and/or
The illegal response checking unit is used for acquiring illegal information discovery and response information of the application program to be checked and carrying out compliance check on the illegal information discovery and response information according to the compliance standard; and/or
The privacy policy checking unit is used for acquiring a privacy policy text of the application program to be checked and checking the compliance of the content of the privacy policy text according to the compliance standard; and/or
And the safety management checking unit is used for acquiring the safety management system of the checked unit of the checked application program and performing compliance check on the safety management system according to the compliance standard.
8. The application security inspection system of claim 1, further comprising a component rule base coupled to the security inspection tool for storing latest inspection business rules, wherein the security inspection tool obtains the latest inspection business rules before executing the inspection task to synchronously update the inspection item rule base.
9. A security inspection method for an application program, applied to the security inspection system for the application program according to any one of claims 1 to 8, the security inspection method comprising:
step S1, the safety inspection tool receives an inspection task, wherein the inspection task comprises basic information of at least one inspected application program and at least one inspection item related to the inspected application program;
step S2, the safety inspection tool imports the application program to be inspected according to the basic information of the application program to be inspected;
s3, the safety inspection tool matches each inspection item in the inspection task with a corresponding relationship between each inspection item and a corresponding inspection standard, and performs safety inspection on the application program to be inspected according to the inspection standard;
and S4, the safety inspection tool generates the inspection record corresponding to each inspection item according to the safety inspection result corresponding to each inspection item.
CN202011052592.3A 2020-09-29 2020-09-29 Safety inspection system and method for application program Active CN112149123B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011052592.3A CN112149123B (en) 2020-09-29 2020-09-29 Safety inspection system and method for application program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011052592.3A CN112149123B (en) 2020-09-29 2020-09-29 Safety inspection system and method for application program

Publications (2)

Publication Number Publication Date
CN112149123A CN112149123A (en) 2020-12-29
CN112149123B true CN112149123B (en) 2023-01-20

Family

ID=73894358

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011052592.3A Active CN112149123B (en) 2020-09-29 2020-09-29 Safety inspection system and method for application program

Country Status (1)

Country Link
CN (1) CN112149123B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112529512B (en) * 2021-01-19 2023-01-31 江苏积韬科技有限公司 SaaS-based method and platform for improving safety inspection level of transport enterprise carrier
CN113037766A (en) * 2021-03-23 2021-06-25 中通服创发科技有限责任公司 Comprehensive evaluation method for asset safety and health degree under multiple scenes
CN112989204A (en) * 2021-04-14 2021-06-18 江苏国信安网络科技有限公司 Mobile phone application tracing analysis method
CN113254837A (en) * 2021-06-17 2021-08-13 北京智胜新格科技有限公司 Application program evaluation method, device, system, equipment and medium
CN114626022A (en) * 2022-01-19 2022-06-14 深圳智游网安科技有限公司 Method, system and terminal for detecting compliance of application permission
CN114676432B (en) * 2022-05-26 2022-09-09 河北兰科网络工程集团有限公司 APP privacy compliance checking method, terminal and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104537308A (en) * 2015-01-23 2015-04-22 北京奇虎科技有限公司 System and method for providing application security auditing function
CN105760763A (en) * 2016-02-18 2016-07-13 公安部第研究所 Grade protection check system based on check knowledge base technology and application method of grade protection check system
CN106776102A (en) * 2016-12-27 2017-05-31 中国建设银行股份有限公司 A kind of application system health examination method and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1118925B1 (en) * 2000-01-19 2004-11-10 Hewlett-Packard Company, A Delaware Corporation Security policy applied to common data security architecture

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104537308A (en) * 2015-01-23 2015-04-22 北京奇虎科技有限公司 System and method for providing application security auditing function
CN105760763A (en) * 2016-02-18 2016-07-13 公安部第研究所 Grade protection check system based on check knowledge base technology and application method of grade protection check system
CN106776102A (en) * 2016-12-27 2017-05-31 中国建设银行股份有限公司 A kind of application system health examination method and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
云上信息系统安全体系研究;陆臻 等;《信息网络安全》;20181231;第79-86页 *
安全监督检查信息管理系统的研究;史有刚;《价值工程》;20101231;第168-169页 *

Also Published As

Publication number Publication date
CN112149123A (en) 2020-12-29

Similar Documents

Publication Publication Date Title
CN112149123B (en) Safety inspection system and method for application program
CN112217835B (en) Message data processing method and device, server and terminal equipment
CN110995673B (en) Case evidence management method and device based on block chain, terminal and storage medium
Viega Building security requirements with CLASP
CN113495920A (en) Content auditing system, method and device based on block chain and storage medium
CN107766728A (en) Mobile application security managing device, method and mobile operation safety protection system
CN110246039B (en) Transaction monitoring method and device based on alliance chain and electronic equipment
CN113177205B (en) Malicious application detection system and method
CN117313122A (en) Data sharing and exchanging management system based on block chain
CN107154939A (en) A kind of method and system of data tracing
CN114021161A (en) Safety management method based on industrial big data sharing service
CN114218194A (en) Data bank safety system
Ahmed et al. A Method for Eliciting Security Requirements from the Business Process Models.
Cho et al. Guaranteeing the integrity and reliability of distributed personal information access records
CN117494163B (en) Data service method and device based on security rules
CN112910883B (en) Data transmission method and device and electronic equipment
Khan et al. Secure logging as a service using reversible watermarking
CN108600178A (en) A kind of method for protecting and system, reference platform of collage-credit data
CN115333797A (en) Evaluation method, system and computer storage medium for charging pile system
Zeybek et al. A study on security awareness in mobile devices
Smorti Analysis and improvement of ransomware detection techniques
Texon et al. Fingerprinting: Tiktok Analysis of Network Traffic Using Data Capture Tools
Kangwa Prevention of personally identifiable information leakage in ecommerce using offline data minimization and online pseudonymisation.
CN119135369A (en) Data security management platform, business data processing method and device
Amir et al. Analysis of Fraud Attacks Using Android Package Kit in Indonesia

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant