Search

CN-116881926-B - Risk scanning method, system and computing device based on device codes

CN116881926BCN 116881926 BCN116881926 BCN 116881926BCN-116881926-B

Abstract

The invention discloses a risk scanning method, a risk scanning system and an arithmetic device based on device codes, which comprise the steps of obtaining a device code, wherein the device code is obtained from a first device, and sending the device code from the first device to a second device, the device code comprises at least one software code, an update record is generated, the update record comprises a relation record between the device code and the first device and/or the second device, and when the security risk in the device code is detected, a scanning result is sent to the first device and/or the second device according to the update record. The invention can automatically send the scanning result to the user through the self-generated update record, thereby improving the efficiency and accuracy of risk scanning.

Inventors

  • LIN JUNXIAO
  • LIANG DAZHI

Assignees

  • 耀通科技投资有限公司

Dates

Publication Date
20260512
Application Date
20230717

Claims (20)

  1. 1. A risk scanning method based on device codes, comprising: acquiring a device code, wherein the device code is acquired from a first device and is sent to a second device from the first device, and the device code comprises at least one software code which comprises at least one binary code; Generating an update record, wherein the update record comprises a relation record between the device code and the first device and/or the second device, and the relation record comprises user account information of at least one of a user, an operator or a manager of the first device and/or the second device; When the security risk in the device code is detected, searching the update record to acquire a relation record in the update record; issuing a scan result to at least one of a user, operator or manager of the first device and/or the second device according to the relationship record; The detecting that the security risk exists in the device code specifically includes: And when at least one code analysis event is triggered, comparing at least one risk code with the at least one software code, wherein the at least one risk code comprises at least one of patch code, malicious program code and any computer program code written by a computer program language associated with the at least one software code.
  2. 2. The method for risk scanning based on device code of claim 1, wherein sending a scan result is sending a notification of the scan result to at least one of a user, an operator or a manager of the first device and the second device via at least one network communication channel.
  3. 3. The risk scanning method based on device codes as claimed in claim 1, wherein said acquiring a device code comprises: The device code is obtained from a storage medium of the first device according to an update request.
  4. 4. The device code based risk scanning method of claim 3, wherein the method of acquiring a device code further comprises: when the update request is acquired, acquiring a device code corresponding to version information or device specification information in the storage medium according to the version information or the device specification information in the update request as the device code, wherein the device specification information comprises at least one of a product specification, a hardware specification and a soft firmware specification of a device.
  5. 5. A risk scanning method based on device code according to claim 3, characterized in that said sending said device code to a second device comprises in particular: And sending the device code to the second device according to the network position information of the second device included in the update request.
  6. 6. The method for risk scanning device-based code of claim 1, wherein the at least one risk code is pre-collected according to at least one risk code entry list or is collected when a risk code is added or updated to the at least one risk code entry list.
  7. 7. The device code based risk scanning method of claim 1, wherein the at least one code analysis event is triggered by a time comprising a component list of the at least one software code being retrieved or by the at least one risk code being newly added or updated.
  8. 8. The device code based risk scanning method of claim 1, wherein the comparing the at least one risk code with the at least one software code specifically comprises: Capturing at least one first component feature corresponding to the at least one risk code; Capturing at least one second component feature corresponding to the at least one software code; Comparing the at least one first component feature to the at least one second component feature.
  9. 9. The method for risk scanning device code according to claim 8, wherein the at least one first component feature is obtained by parsing code composition and/or code execution results corresponding to the at least one risk code.
  10. 10. The device code based risk scanning method of claim 9, wherein the code composition includes the at least one risk code and/or at least one first intermediate code compiled from the at least one risk code, and the code execution result includes semantic information revealed during the simulation execution of the at least one risk code and/or the at least one first intermediate code.
  11. 11. The method for risk scan of device code according to claim 8, wherein the at least one second component feature is obtained by parsing at least one code component content and/or at least one code execution result corresponding to the at least one software code.
  12. 12. The method of claim 11, wherein the at least one code component includes at least one binary and/or at least one second intermediate code after the at least one binary is anticounterfeiting, and the at least one code execution result includes semantic information revealed during the simulation of the at least one binary and/or the at least one second intermediate code when the at least one binary and/or the at least one second intermediate code is executed.
  13. 13. The method for risk scan of device code according to claim 10 or 12, wherein the intermediate code has a program language structure announced by an intermediate language, an intermediate representation, a structured language, and/or a structured protocol.
  14. 14. The device code based risk scanning method of claim 1, wherein before the code analysis event triggers, further comprising: detecting at least one code analysis event according to the composition list of the at least one software code, wherein the code analysis event corresponding to the at least one risk code is one of the at least one code analysis event.
  15. 15. The method for risk scanning of device code according to claim 7, wherein said composition list is obtained by scanning and/or parsing a composition of said device code when said device code is obtained.
  16. 16. The device code based risk scanning method of claim 15, wherein the composition list includes metadata of the device code itself and/or metadata of the at least one software code contained in the device code component composition.
  17. 17. The method of claim 16, wherein the at least one software code is in a form comprising a system kernel, a driver, an application, a component, and/or a class library.
  18. 18. The method of claim 15, wherein the risk code entry list corresponding to each software code included in the composition list is monitored according to the composition list, and code analysis events are detected by monitoring transactions in the risk code entry list.
  19. 19. The risk scanning method based on device codes as set forth in claim 15, wherein said method for obtaining a component list specifically includes: The device code is a system image file, scans and/or analyzes the composition of components contained in the system image file, identifies the at least one software code existing in the system image file, and further obtains the composition list of the at least one software code; Or the device code is a software code package, the composition of the components contained in the software code package is scanned and/or parsed, the at least one software code existing in the software code package is identified, and the composition list of the at least one software code is obtained.
  20. 20. The device code based risk scanning method of claim 1, wherein the scan result includes at least one of a scan report for showing a component content comparison result of the at least one software code and at least one risk code, and scan status notification information for providing notification of a scan status to at least one of a user, an operator, or a manager of the first device and the second device.

Description

Risk scanning method, system and computing device based on device codes Technical Field The invention relates to the field of code risk prevention and control, in particular to a risk scanning method, a risk scanning system and a risk computing device based on device codes. Background When vulnerability detection is performed on a website backend system and an online running hardware device on an online server (for example, a website server). Because the intermediate code, the binary code and the binary code in the hardware device on the Server are all codes (such as Linux Kernel, web Server and the like) which cannot be identified by human beings, and the Server and the hardware device are already operated on line, the current prior art sends a network packet simulating attack to the Server and the hardware device according to the behavior description of a specific vulnerability through a network, after the Server and the hardware device receive the network packet, the Server and the hardware device monitor whether the response of the Server and the hardware device accords with the behavior description of the specific vulnerability, if so, the Server and the hardware device running on line have the specific vulnerability, and further provide the vulnerability scanning effect for operators of the Server and the on-line hardware device. When analyzing and scanning the loopholes of the online server and/or the hardware device, the codes running in the server and/or the hardware device are mainly intermediate codes or binary codes, and under the condition of lacking source codes, the source codes of patches cannot be compared with the source codes of the online system, and the comparison of the source codes cannot be implemented without the source codes. The vulnerability analysis of the simulation package needs to be supported by the network environment, and the simulation package cannot be sent to the online server and/or hardware device to be tested under the condition that the network is offline or the network cannot normally operate, so that the vulnerability analysis and risk monitoring of the simulation package cannot be implemented. And when the driving of the specific bug is not triggered by the analog packet, the specific bug cannot be detected by the analog packet. Aiming at the sensors of the Internet of things, network communication equipment (such as a WiFi wireless router) or other embedded devices with limited computing capacity, the component analysis of codes cannot be directly provided in the devices to be computed like virus scanning software on a personal computer, on one hand, the design of software and hardware specifications of the personal computer can keep enough computing power for application programs installed by users except for considering the computing power required by an operating system, on the other hand, the personal computer provides a general-purpose operating platform which is not used for single or specific functions, so that different application programs can be expanded to an operating environment for use through an installation mode, and therefore, the virus scanning software of the personal computer can be installed on the personal computer for use. For the Internet of things sensor, network communication equipment (such as WiFi wireless router) or other embedded devices with limited computing capacity, on one hand, the device is not a universal type operation platform, but provides single or specific service, does not have the condition of randomly installing application programs to expand the working capacity, on the other hand, the device is designed based on optimizing the single or specific service provided by the device or the device in terms of software and hardware specifications, so that code component analysis is difficult to run in the device or the device. It is known from the above description that how to perform vulnerability scanning on a hardware device that lacks source code, runs online, and/or is designed for a single or specific function according to the software and hardware specifications is an important technical problem in the field of risk scanning of information security. At present, there is no device code risk scanning method, software system and computing device, which can provide a vulnerability analysis risk scanning method and a system using the same for devices in a state of lacking source codes of the device system, offline network, insufficient computing power and/or incapable of expanding application programs, so that development is still needed. Disclosure of Invention Aiming at the technical problems, the invention provides a risk scanning method, a risk scanning system and a risk scanning operation device based on device codes, which automatically send scanning results to users through self-generated update records, and improve the efficiency and the accuracy of risk scanning. Scheme one: a risk scanning method based on device