CN110909362A - System detection method, device, electronic equipment and storage medium - Google Patents
System detection method, device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN110909362A CN110909362A CN201911109500.8A CN201911109500A CN110909362A CN 110909362 A CN110909362 A CN 110909362A CN 201911109500 A CN201911109500 A CN 201911109500A CN 110909362 A CN110909362 A CN 110909362A
- Authority
- CN
- China
- Prior art keywords
- security policy
- starting
- policy
- current
- detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 70
- 238000000034 method Methods 0.000 claims abstract description 24
- 230000008569 process Effects 0.000 claims abstract description 15
- 238000012545 processing Methods 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 8
- 238000000605 extraction Methods 0.000 claims description 4
- 238000004891 communication Methods 0.000 description 17
- 230000006870 function Effects 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 6
- 238000002347 injection Methods 0.000 description 4
- 239000007924 injection Substances 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 230000001413 cellular effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000001133 acceleration Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000005259 measurement Methods 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- PCHJSUWPFVWCPO-UHFFFAOYSA-N gold Chemical compound [Au] PCHJSUWPFVWCPO-UHFFFAOYSA-N 0.000 description 1
- AMGQUBHHOARCQH-UHFFFAOYSA-N indium;oxotin Chemical compound [In].[Sn]=O AMGQUBHHOARCQH-UHFFFAOYSA-N 0.000 description 1
- 208000015181 infectious disease Diseases 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000005236 sound signal Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000004083 survival effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
Abstract
A system detection method is applied to the technical field of embedded system on chip, and comprises the following steps: when the system is started, acquiring a first policy in the security policy set as a current security policy, judging whether the current security policy is a starting security policy, if so, starting according to the starting security policy, detecting the system according to the security policy set, if not, detecting whether a trigger condition is generated in the system running process after normal starting in real time, and if so, extracting the security policy corresponding to the trigger condition in the security policy set to detect the system. The application also discloses a system detection device, electronic equipment and a storage medium, which improve the capability of the system for dealing with security threats and reduce security risks in operation.
Description
Technical Field
The present application relates to the field of embedded system-on-chip technologies, and in particular, to a system detection method and apparatus, an electronic device, and a storage medium.
Background
The embedded System on Chip (SoC) is widely applied to the fields of wearable equipment, intelligent terminals, unmanned aerial vehicles, automotive electronics and the like, and with the deep development of multi-information interconnection, the market demand will continue to increase rapidly. In the face of cost and flexibility requirements, embedded socs in internet of things applications increasingly employ open source CPU architectures, allowing designers to modify for specific applications.
The existing chip online detection technology is mainly divided into three types, namely side channel detection, functional inspection and form verification technology. The method adopting the side channel needs a gold model as reference, the performance is greatly fluctuated due to process variation, the method of functional verification is difficult to detect non-functional malicious behaviors, and the method of formal verification can well meet the requirement. The existing formal verification type online detection has no technology which is specially used for detecting the system level.
Disclosure of Invention
The present application mainly aims to provide a system detection method, an apparatus, an electronic device, and a storage medium, which can improve the capability of a system to deal with security threats and reduce security risks during operation.
In order to achieve the above object, a first aspect of the embodiments of the present application provides a system detection method, including:
when the system is started, acquiring a first policy in the security policy set as a current security policy;
judging whether the current security policy is a starting security policy;
if yes, starting according to the starting security policy, and detecting the system according to the security policy set;
if not, detecting whether a trigger condition is generated in real time in the system running process after normal starting, and if so, extracting a safety strategy corresponding to the trigger condition in the safety strategy set to detect the system.
Further, before the obtaining a first policy in the security policy set as a current security policy, the method includes:
judging whether a security policy checking task exists or not;
if not, starting normally;
and if so, executing the step of acquiring the first policy in the security policy set as the current security policy.
Further, the detecting the system according to the security policy set includes:
detecting the system according to the current security policy to obtain a detection result;
sending the detection result to a preset strategy engine so that the strategy engine obtains a corresponding processing result according to the detection result;
and extracting the next security policy of the current security policy as the current security policy, and executing the step of judging whether the current security policy is the starting security policy.
Further, when the system is started, before the first policy in the security policy set is obtained as the current security policy, the method includes:
obtaining an attack model sample;
extracting security elements involved in the attack model sample;
and designing a corresponding security policy based on the security elements involved in each attack model to obtain the security policy set.
Further, the preset policy engine stores the security policy set.
A second aspect of the embodiments of the present application provides a system detection apparatus, including:
the acquisition module is used for acquiring a first policy in the security policy set as a current security policy when the system is started;
the first judgment module is used for judging whether the current security policy is a starting security policy or not;
the first detection module is used for starting according to the starting security policy if the system is in the normal state and detecting the system according to the security policy set;
and the second detection module is used for detecting whether a trigger condition is generated in real time in the system running process after normal starting if the trigger condition is not generated, and extracting the security policy corresponding to the trigger condition from the security policy set to detect the system if the trigger condition is generated.
Further, the apparatus further comprises:
the second judgment module is used for judging whether a security policy checking task exists or not;
the starting module is used for normally starting if the starting module does not exist;
the obtaining module is further configured to execute the step of obtaining a first policy in the security policy set as a current security policy, if the first policy exists.
Further, the first detection module comprises:
the detection submodule is used for detecting the system according to the current security strategy to obtain a detection result;
the sending submodule is used for sending the detection result to a preset strategy engine so that the strategy engine obtains a corresponding processing result according to the detection result;
and the extraction submodule is used for extracting the next security policy of the current security policy as the current security policy and executing the first judgment module.
A third aspect of embodiments of the present application provides an electronic device, including:
the system detection method is characterized in that the system detection method provided by the first aspect of the embodiment of the present application is implemented when the processor executes the program.
A fourth aspect of the embodiments of the present application provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the system detection method provided in the first aspect of the embodiments of the present application.
As can be seen from the foregoing embodiments of the present application, according to the system detection method, apparatus, electronic device, and storage medium provided by the present application, when a system is started, a first policy in the security policy set is obtained as a current security policy, whether the current security policy is a start security policy is determined, if yes, the system is started according to the start security policy, and the system is detected according to the security policy set, if not, whether a trigger condition is generated in a system operation process after normal start is detected in real time, and if a trigger condition is generated, a security policy corresponding to the trigger condition is extracted from the security policy set to detect the system, so that a capability of the system against security threats is improved, and security risks during operation are reduced.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic flowchart of a system detection method according to an embodiment of the present application;
FIG. 2 is a schematic flow chart illustrating a design of a security policy set according to an embodiment of the present application;
fig. 3 is a schematic flowchart illustrating a system detection process according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a system detection apparatus according to an embodiment of the present application;
fig. 5 shows a hardware structure diagram of an electronic device.
Detailed Description
In order to make the purpose, features and advantages of the present application more obvious and understandable, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a schematic flow chart of a system detection method according to an embodiment of the present application, where the method is applicable to an electronic device, and the electronic device includes: cell-phone, panel computer, portable computer, wearable equipment, intelligent terminal, unmanned aerial vehicle, automotive electronics etc. this method mainly includes following steps:
s101, when a system is started, a first policy in the security policy set is obtained to serve as a current security policy;
the System is an embedded System on Chip (SoC) and generally includes a plurality of processor/controller cores, a performance acceleration module, a programmable module, a sensor and a peripheral interface, and is used for completing personal functions such as calculation, social contact, communication, cross sensing, artificial intelligence and financial payment.
The security policy refers to a policy established for the attack model and used for enabling the system to normally operate, and the type of the policy includes access control, information flow, survival constraint, TOCTOU, communication and the like.
In one embodiment of the present application, before step S101, the following steps are further included:
judging whether a security policy checking task exists or not; if not, starting normally; if yes, go to step 101.
In one embodiment of the present application, referring to fig. 2, before step S101, the method further includes the following steps:
s1, obtaining an attack model sample;
the attack model comprises types of common malicious software attack, system malicious software attack, side channel attack, common hardware attack, reverse engineering, malicious hardware injection attack and the like, and specific attack models are further included under each type, for example, the common malicious software attack comprises buffer overflow, code injection, BIOS infection and return programming attack. The attack model is shown in table 1:
TABLE 1
S2, extracting the security elements involved in the attack model sample;
the security elements refer to relevant information related to the attack model, and include confidential information, Don't' care status, DFD-related function, DFT-related function, update information, bypass information, debug interface information, fault/error injection information, and the like.
Illustratively, let a1 be secret information, a2 be Don't' care status, a3 be DFD related function, a4 be DFT related function, a5 be update information, a6 be bypass information, a7 be debug interface information, and a8 be fault/error injection information. The security elements corresponding to the attack model are shown in table 2:
TABLE 2
S3, designing corresponding security policy based on the security elements involved in each attack model, and obtaining the security policy set.
The set of security policies is shown in table 3 below:
TABLE 3
S102, judging whether the current security policy is a starting security policy;
if yes, executing step S103, starting according to the starting security policy, and detecting the system according to the security policy set;
illustratively, the boot policy includes that no IP has access to the internal registers of the encryption engine during boot, that the encryption engine has access to only the IP associated with the encryption process during boot, etc.
In one embodiment of the present application, referring to fig. 3, step S103 includes:
s1031, detecting the system according to the current security policy to obtain a detection result;
for example, if the current security policy is that no IP has access to the internal registers of the encryption engine during boot-up, then the system is tested to determine if any IP has access to the internal registers of the encryption engine during boot-up. The detection result is that there is an IP to access the internal register of the encryption engine and at the same time, the IP is recorded, or there is no IP to access the internal register of the encryption engine.
If the current security policy is that the encryption engine can only access the IP related to the encryption process during startup, the detection of the system is to detect whether the encryption engine has access to the IP unrelated to the encryption process during startup. The detection result is yes or no, and if yes, the accessed IP is recorded at the same time.
S1032, sending the detection result to a preset strategy engine so that the strategy engine obtains a corresponding processing result according to the detection result;
in one embodiment of the present application, a security policy set is stored in a policy engine, and the policy engine performs decision processing on a detection result based on the security policy set.
S1033, extracting the next security policy of the current security policy as the current security policy, and executing step S101.
The order of the security policies in the security policy set can be defined by a user or a developer according to requirements.
If not, executing step S104, and detecting whether a trigger condition is generated in real time in the system running process after normal start, and if so, extracting a security policy corresponding to the trigger condition from the security policy set to detect the system.
The trigger condition may be that a suspected attack action occurs, or that an element to be protected is read or written during current operation. Illustratively, the trigger condition is a 7: and (4) reading the debugging interface information, extracting the security policy related to a7 in the security policy set, wherein the attack models related to the security element a7 are A-US-2, A-US-3 and A-NH-1 in correspondence to the table 2, and extracting the security policies IF-4, F-2, AC-1, L-2, L-3, AC-10, AC-12 and L-1 in correspondence to the table 3.
It is understood that the trigger condition and the security policy corresponding to the trigger condition may be one or more.
In the embodiment of the application, when a system is started, a first policy in the security policy set is obtained as a current security policy, whether the current security policy is a starting security policy is judged, if yes, the system is started according to the starting security policy, the system is detected according to the security policy set, if not, whether a trigger condition is generated or not is detected in real time in the system operation process after normal starting, and if the trigger condition is generated, a security policy corresponding to the trigger condition is extracted from the security policy set to detect the system, so that the capability of the system for dealing with security threats is improved, and the security risk during operation is reduced.
Referring to fig. 4, fig. 4 is a schematic structural diagram of a system detection device according to an embodiment of the present application, the device mainly includes:
the device comprises an acquisition module 201, a first judgment module 202, a first detection module 203 and a second detection module 204.
An obtaining module 201, configured to obtain a first policy in the security policy set as a current security policy when a system is started;
a first determining module 202, configured to determine whether the current security policy is a start security policy;
the first detection module 203, configured to start according to the start security policy if the system is in the normal state, and detect the system according to the security policy set;
in one embodiment of the present application, the first detection module 203 includes:
the detection submodule is used for detecting the system according to the current security strategy to obtain a detection result;
the sending submodule is used for sending the detection result to a preset strategy engine so that the strategy engine obtains a corresponding processing result according to the detection result;
and the extraction submodule is used for extracting the next security policy of the current security policy as the current security policy and executing the first judgment module.
In one embodiment of the present application, the preset policy engine stores the set of security policies.
The second detecting module 204 is configured to detect whether a trigger condition is generated in real time in a system running process after normal startup if the trigger condition is not generated, and extract a security policy corresponding to the trigger condition from the security policy set to detect the system if the trigger condition is generated.
In one embodiment of the present application, the apparatus further comprises:
the second judgment module is used for judging whether a security policy checking task exists or not;
the starting module is used for normally starting if the starting module does not exist;
the obtaining module 201 is further configured to, if the current security policy exists, execute a step of obtaining a first policy in the security policy set as the current security policy.
In one embodiment of the present application, the apparatus further comprises:
the sample acquisition module is used for acquiring an attack model sample;
the element extraction module is used for extracting the security elements involved in the attack model sample;
and the strategy design module is used for designing a corresponding security strategy based on the security elements involved in each attack model to obtain the security strategy set.
In this embodiment, when a system is started, a first policy in the security policy set is obtained as a current security policy, whether the current security policy is a start security policy is determined, if yes, the system is started according to the start security policy, and the system is detected according to the security policy set, if not, whether a trigger condition is generated is detected in real time in a system operation process after normal start, and if the trigger condition is generated, a security policy corresponding to the trigger condition is extracted from the security policy set to detect the system, so that the capability of the system to deal with security threats is improved, and the security risk during operation is reduced.
Further, the electronic device includes: a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor executes the computer program to implement the system detection method as described in the embodiments of fig. 1 to 3.
An embodiment of the present application further provides a computer-readable storage medium, where the computer-readable storage medium may be disposed in the electronic device in each of the above embodiments, and the computer-readable storage medium may be a storage unit disposed in the main control chip and the data acquisition chip in each of the above embodiments. The computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the system detection method described in the foregoing embodiments shown in fig. 1 to 2.
For example, the electronic device may be any of various types of computer system apparatuses that are mobile or portable and perform wireless communication. In particular, the electronic apparatus may be a mobile phone or a smart phone (e.g., iPhone-based, Android-based phone), a portable game device (e.g., Nintendo DS, playstatio portable, Gameboy Advance, iPhone), a laptop, a PDA, a portable internet appliance, a music player, and a data storage device, other handheld devices, and a head-mounted device (HMD) such as a watch, a headset, a pendant, a headset, etc., and other wearable devices (e.g., electronic glasses, electronic clothes, an electronic bracelet, an electronic necklace, an electronic tattoo, an electronic device, or a smart watch).
The electronic apparatus may also be any of a number of electronic devices including, but not limited to, cellular phones, smart phones, other wireless communication devices, personal digital assistants, audio players, other media players, music recorders, video recorders, cameras, other media recorders, radios, medical devices, vehicle transportation equipment, calculators, programmable remote controllers, pagers, laptop computers, desktop computers, printers, netbook computers, Personal Digital Assistants (PDAs), Portable Multimedia Players (PMPs), moving picture experts group (MPEG-1 or MPEG-2) audio layer 3(MP3) players, portable medical devices, and digital cameras and combinations thereof.
In some cases, the electronic device may perform a variety of functions (e.g., playing music, displaying video, storing pictures, and receiving and sending telephone calls). If desired, the electronic apparatus may be a portable device such as a cellular telephone, media player, other handheld device, wristwatch device, pendant device, earpiece device, or other compact portable device.
As shown in fig. 5, the electronic device 10 may include control circuitry, which may include storage and processing circuitry 30. The storage and processing circuitry 30 may include memory, such as hard drive memory, non-volatile memory (e.g., flash memory or other electronically programmable erase limit memory used to form solid state drives, etc.), volatile memory (e.g., static or dynamic random access memory, etc.), and so forth, although the embodiments of the present application are not limited thereto. Processing circuitry in the storage and processing circuitry 30 may be used to control the operation of the electronic device 10. The processing circuitry may be implemented based on one or more microprocessors, microcontrollers, digital signal processors, baseband processors, power management units, audio codec chips, application specific integrated circuits, display driver integrated circuits, and the like.
The storage and processing circuitry 30 may be used to run software within the electronic device 10 such as, for example, an Internet browsing application, a Voice Over Internet Protocol (VOIP) telephone call application, an email application, a media playing application, operating system functions, etc. Such software may be used to perform control operations such as, for example, camera-based image capture, ambient light measurement based on an ambient light sensor, proximity sensor measurement based on a proximity sensor, information display functionality based on status indicators such as status indicator lights of light emitting diodes, touch event detection based on a touch sensor, functionality associated with displaying information on multiple (e.g., layered) displays, operations associated with performing wireless communication functions, operations associated with collecting and generating audio signals, control operations associated with collecting and processing button press event data, and other functions in the electronic device 10, and the like, without limitation of the embodiments of the present application.
The electronic device 10 may also include input-output circuitry 42. The input-output circuitry 42 may be used to enable the electronic device 10 to enable input and output of data, i.e., to allow the electronic device 10 to receive data from external devices and also to allow the electronic device 10 to output data from the electronic device 10 to external devices. The input-output circuitry 42 may further include the sensor 32. The sensors 32 may include ambient light sensors, optical and capacitive based proximity sensors, touch sensors (e.g., optical based touch sensors and/or capacitive touch sensors, where the touch sensors may be part of a touch display screen or may be used independently as a touch sensor structure), acceleration sensors, and other sensors, among others.
Input-output circuitry 42 may also include one or more displays, such as display 14. The display 14 may include one or a combination of liquid crystal displays, organic light emitting diode displays, electronic ink displays, plasma displays, displays using other display technologies. The display 14 may include an array of touch sensors (i.e., the display 14 may be a touch display screen). The touch sensor may be a capacitive touch sensor formed by a transparent touch sensor electrode (e.g., an Indium Tin Oxide (ITO) electrode) array, or may be a touch sensor formed using other touch technologies, such as acoustic wave touch, pressure sensitive touch, resistive touch, optical touch, and the like, and the embodiments of the present application are not limited thereto.
The electronic device 10 may also include an audio component 36. The audio component 36 may be used to provide audio input and output functionality for the electronic device 10. Audio components 36 in electronic device 10 may include speakers, microphones, buzzers, tone generators, and other components for generating and detecting sound.
The communication circuitry 38 may be used to provide the electronic device 10 with the ability to communicate with external devices. The communication circuit 38 may include analog and digital input-output interface circuits, and wireless communication circuits based on radio frequency signals and/or optical signals. The wireless communication circuitry in communication circuitry 38 may include radio-frequency transceiver circuitry, power amplifier circuitry, low noise amplifiers, switches, filters, and antennas. For example, the wireless Communication circuitry in Communication circuitry 38 may include circuitry to support Near Field Communication (NFC) by transmitting and receiving Near Field coupled electromagnetic signals. For example, the communication circuitry 38 may include a near field communication antenna and a near field communication transceiver. The communications circuitry 38 may also include a cellular telephone transceiver and antenna, a wireless local area network transceiver circuit and antenna, and the like.
The electronic device 10 may further include a battery, power management circuitry, and other input-output units 40. The input-output unit 40 may include buttons, joysticks, click wheels, scroll wheels, touch pads, keypads, keyboards, cameras, light emitting diodes and other status indicators, etc.
A user may enter commands through input-output circuitry 42 to control the operation of electronic device 10, and may use output data of input-output circuitry 42 to enable receipt of status information and other outputs from electronic device 10.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In view of the above description of the system detection method, apparatus, electronic device and storage medium provided in the present application, those skilled in the art will recognize that there may be variations in the embodiments and applications of the system detection method, apparatus, electronic device and storage medium provided in the present application.
Claims (10)
1. A method for system detection, comprising:
when the system is started, acquiring a first policy in the security policy set as a current security policy;
judging whether the current security policy is a starting security policy;
if yes, starting according to the starting security policy, and detecting the system according to the security policy set;
if not, detecting whether a trigger condition is generated in real time in the system running process after normal starting, and if so, extracting a safety strategy corresponding to the trigger condition in the safety strategy set to detect the system.
2. The system detection method according to claim 1, wherein the obtaining a first policy in the security policy set as a current security policy comprises:
judging whether a security policy checking task exists or not;
if not, starting normally;
and if so, executing the step of acquiring the first policy in the security policy set as the current security policy.
3. The system detection method according to claim 1 or 2, wherein the detecting the system according to the security policy set comprises:
detecting the system according to the current security policy to obtain a detection result;
sending the detection result to a preset strategy engine so that the strategy engine obtains a corresponding processing result according to the detection result;
and extracting the next security policy of the current security policy as the current security policy, and executing the step of judging whether the current security policy is the starting security policy.
4. The system detection method according to claim 1, wherein the obtaining a first policy in the security policy set as a current security policy before system startup comprises:
obtaining an attack model sample;
extracting security elements involved in the attack model sample;
and designing a corresponding security policy based on the security elements involved in each attack model to obtain the security policy set.
5. The system detection method of claim 3, wherein the preset policy engine stores the set of security policies.
6. A system detection apparatus, comprising:
the acquisition module is used for acquiring a first policy in the security policy set as a current security policy when the system is started;
the first judgment module is used for judging whether the current security policy is a starting security policy or not;
the first detection module is used for starting according to the starting security policy if the system is in the normal state and detecting the system according to the security policy set;
and the second detection module is used for detecting whether a trigger condition is generated in real time in the system running process after normal starting if the trigger condition is not generated, and extracting the security policy corresponding to the trigger condition from the security policy set to detect the system if the trigger condition is generated.
7. The system detection apparatus of claim 6, further comprising:
the second judgment module is used for judging whether a security policy checking task exists or not;
the starting module is used for normally starting if the starting module does not exist;
the obtaining module is further configured to execute the step of obtaining a first policy in the security policy set as a current security policy, if the first policy exists.
8. The system detection apparatus of claim 6 or 7, wherein the first detection module comprises:
the detection submodule is used for detecting the system according to the current security strategy to obtain a detection result;
the sending submodule is used for sending the detection result to a preset strategy engine so that the strategy engine obtains a corresponding processing result according to the detection result;
and the extraction submodule is used for extracting the next security policy of the current security policy as the current security policy and executing the first judgment module.
9. An electronic device, comprising: memory, processor and computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the system detection method according to any of claims 1 to 5 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the system detection method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911109500.8A CN110909362B (en) | 2019-11-12 | 2019-11-12 | System detection method, device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911109500.8A CN110909362B (en) | 2019-11-12 | 2019-11-12 | System detection method, device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110909362A true CN110909362A (en) | 2020-03-24 |
| CN110909362B CN110909362B (en) | 2022-04-29 |
Family
ID=69817432
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911109500.8A Active CN110909362B (en) | 2019-11-12 | 2019-11-12 | System detection method, device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110909362B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112685241A (en) * | 2021-01-27 | 2021-04-20 | 中国科学院微电子研究所 | Multi-granularity memory detection method, memory device and electronic device |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060069912A1 (en) * | 2003-05-30 | 2006-03-30 | Yuliang Zheng | Systems and methods for enhanced network security |
| CN1794645A (en) * | 2005-08-24 | 2006-06-28 | 上海浦东软件园信息技术有限公司 | Invading detection method and system based on procedure action |
| CN101047701A (en) * | 2006-03-27 | 2007-10-03 | 北京握奇数据系统有限公司 | System and method for ensuring safety operation of applied program |
| EP2385676A1 (en) * | 2010-05-07 | 2011-11-09 | Alcatel Lucent | Method for adapting security policies of an information system infrastructure |
| US20120047366A1 (en) * | 2010-08-19 | 2012-02-23 | Samsung Sds Co., Ltd. | Soc with security function and device and scanning method using the same |
| CN105204906A (en) * | 2015-09-29 | 2015-12-30 | 北京元心科技有限公司 | Operating system starting method and intelligent terminal |
| CN105516154A (en) * | 2015-12-15 | 2016-04-20 | Tcl集团股份有限公司 | Security policy configuration method and device applied to SEAndroid (Security-Enhanced Android) system |
| CN107124400A (en) * | 2017-04-01 | 2017-09-01 | 中国科学院信息工程研究所 | Intrusion prevention device and method based on security strategy |
| CN109165509A (en) * | 2018-08-31 | 2019-01-08 | 武汉轻工大学 | The software method of credible measurement, equipment, system and storage medium in real time |
| CN109302380A (en) * | 2018-08-15 | 2019-02-01 | 全球能源互联网研究院有限公司 | A kind of safety protection equipment linkage defense strategy Intelligent Decision-making Method and system |
| CN109450892A (en) * | 2018-11-05 | 2019-03-08 | 日照职业技术学院 | A kind of computer network detection method |
| US20190258953A1 (en) * | 2018-01-23 | 2019-08-22 | Ulrich Lang | Method and system for determining policies, rules, and agent characteristics, for automating agents, and protection |
-
2019
- 2019-11-12 CN CN201911109500.8A patent/CN110909362B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060069912A1 (en) * | 2003-05-30 | 2006-03-30 | Yuliang Zheng | Systems and methods for enhanced network security |
| CN1794645A (en) * | 2005-08-24 | 2006-06-28 | 上海浦东软件园信息技术有限公司 | Invading detection method and system based on procedure action |
| CN101047701A (en) * | 2006-03-27 | 2007-10-03 | 北京握奇数据系统有限公司 | System and method for ensuring safety operation of applied program |
| EP2385676A1 (en) * | 2010-05-07 | 2011-11-09 | Alcatel Lucent | Method for adapting security policies of an information system infrastructure |
| CN102934122A (en) * | 2010-05-07 | 2013-02-13 | 阿尔卡特朗讯公司 | Method for adapting security policies of an information system infrastructure |
| US20120047366A1 (en) * | 2010-08-19 | 2012-02-23 | Samsung Sds Co., Ltd. | Soc with security function and device and scanning method using the same |
| CN105204906A (en) * | 2015-09-29 | 2015-12-30 | 北京元心科技有限公司 | Operating system starting method and intelligent terminal |
| CN105516154A (en) * | 2015-12-15 | 2016-04-20 | Tcl集团股份有限公司 | Security policy configuration method and device applied to SEAndroid (Security-Enhanced Android) system |
| CN107124400A (en) * | 2017-04-01 | 2017-09-01 | 中国科学院信息工程研究所 | Intrusion prevention device and method based on security strategy |
| US20190258953A1 (en) * | 2018-01-23 | 2019-08-22 | Ulrich Lang | Method and system for determining policies, rules, and agent characteristics, for automating agents, and protection |
| CN109302380A (en) * | 2018-08-15 | 2019-02-01 | 全球能源互联网研究院有限公司 | A kind of safety protection equipment linkage defense strategy Intelligent Decision-making Method and system |
| CN109165509A (en) * | 2018-08-31 | 2019-01-08 | 武汉轻工大学 | The software method of credible measurement, equipment, system and storage medium in real time |
| CN109450892A (en) * | 2018-11-05 | 2019-03-08 | 日照职业技术学院 | A kind of computer network detection method |
Non-Patent Citations (9)
| Title |
|---|
| AMBAREEN SIRAJ: "DECISION MAKING FOR NETWORK HEALTH ASSESSMENT IN AN INTELLIGENT INTRUSION DETECTION SYSTEM ARCHITECTURE", 《INTERNATIONAL JOURNAL OF INFORMATION TECHNOLOGY & DECISION MAKING》 * |
| BASAK A: "A flexible architecture for systematic implementation of SoC security policies", 《PROCEEDINGS OF 2015 IEEE/ACM INTERNATIONAL CONFERENCE ON COMPUTER-AIDED DESIGN》 * |
| DIVYA ARORA: "Hardware-Assisted Run-Time Monitoring for Secure Program Execution on Embedded Processors", 《IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS》 * |
| J.GOGUEN: "Security Policies and Security Models", 《PROC. 1982 IEEE SYMPOSIUM ON SECURITY AND PRIVACY》 * |
| RAY S: "Security policy enforcement in modern SoC designs", 《PROCEEDINGS OF 2015 IEEE/ACM》 * |
| 王峰等: "面向混合入侵检测策略的应用模型研究", 《计算机技术与发展》 * |
| 王莉娜等: "网络入侵事件防御决策技术研究", 《计算机应用与软件》 * |
| 闫华钰: "可配置 SoC运行时安全策略检查架构的实现", 《电子设计工程》 * |
| 闫华钰: "面向物联网应用的 SoC 安全检查架构设计", 《计算机工程》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112685241A (en) * | 2021-01-27 | 2021-04-20 | 中国科学院微电子研究所 | Multi-granularity memory detection method, memory device and electronic device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110909362B (en) | 2022-04-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11133563B2 (en) | Method of detecting swelling of battery using pressure sensor and electronic device using the method | |
| CN106095284B (en) | Electronic device | |
| CN109313519B (en) | Electronic device comprising a force sensor | |
| US10659886B2 (en) | Electronic device and sound output method thereof | |
| CN110109759B (en) | Catton optimization method, server, electronic device and computer-readable storage medium | |
| CN108509849B (en) | Electronic device and method for recognizing sensor position using pixels of display | |
| US20170269725A1 (en) | Electronic device for touch and finger scan sensor input and control method thereof | |
| US9189152B2 (en) | Touch device and method for dynamically setting touch inactive area, and non-transitory recording medium | |
| CN110908728B (en) | Authority configuration method and related product | |
| US20190004661A1 (en) | Electronic device for providing service and operating method thereof | |
| CN111079438A (en) | Identity authentication method and device, electronic equipment and storage medium | |
| CN109684011B (en) | Interface display control method, electronic device and computer readable storage medium | |
| CN110058980B (en) | Terminal start time early warning method, electronic device and computer readable storage medium | |
| CN109067978A (en) | Button operation processing method, device, storage medium and electronic equipment | |
| CN110909362B (en) | System detection method, device, electronic equipment and storage medium | |
| CN109348062B (en) | Emergency call implementation method, electronic device and computer-readable storage medium | |
| CN109885201B (en) | Touch area detection method for touch screen, electronic device and computer readable storage medium | |
| US20190310737A1 (en) | Electronic device and electronic device operating method | |
| CN109902484B (en) | Processing method of associated application and terminal | |
| CN109739577A (en) | Using exempting from freezing method, electronic device and computer readable storage medium | |
| CN109740538B (en) | Fingerprint acquisition method, electronic device and computer readable storage medium | |
| CN109782960B (en) | Touch screen point reporting area switching method, electronic device and computer readable storage medium | |
| CN110928597B (en) | Game running method and related product | |
| CN108513012B (en) | Data processing method, data processing device and mobile terminal | |
| CN106126360A (en) | Cavity, address screen method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |