Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Safety loophole mining method and device of application software under Android platform

A technology of application software and vulnerability mining, applied in the field of source code detection, can solve problems such as few automation tools, security vulnerability discovery, low hardware processing capacity, etc., and achieve the effect that is conducive to security development

Active Publication Date: 2012-04-11
CHINA INFORMATION TECH SECURITY EVALUATION CENT
View PDF3 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Due to the limitation of the low hardware processing capacity of the mobile smart terminal, the applications on the mobile smart terminal have the characteristics of small size, fast upgrade, and specific functions. There is a big difference between the mobile smart terminal and the traditional terminal such as the PC. Security vulnerability mining technology cannot be directly applied to smart terminals
At present, the vulnerability discovery of application software under the Android platform is still a new field. Developers generally test programs under the Android platform based on the JUnit framework and the android.test namespace in the Android SDK, specifically for application software under the Android platform. Few automated tools for finding security vulnerabilities

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Safety loophole mining method and device of application software under Android platform
  • Safety loophole mining method and device of application software under Android platform
  • Safety loophole mining method and device of application software under Android platform

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] In order to describe the technical content, structural features, achieved goals and effects of the present invention in detail, the following will be described in detail in conjunction with the embodiments and accompanying drawings.

[0036] The invention relates to a technology for mining security loopholes of application software under the Android platform, which is used for mining security loopholes of application software under the Android platform, specifically mining security loopholes of application software under the Android platform based on source code static analysis technology, and a specific technical solution as follows:

[0037] see figure 1 , the embodiment of the present invention a kind of security loophole mining method of application software under the Android platform, comprising:

[0038] S1. Extract the vulnerability methods of application software source codes under various Android platforms to form a vulnerability rule base;

[0039] Vulnerabi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a safety loophole mining method and device of application software under an Android platform. The safety loophole mining method comprises the following steps of: S1, extracting a plurality of loophole rules of source codes of application software under the Android platform to form a loophole rule library; S2, establishing an ant script, and compiling the source codes to form a bytecode file; S3, analyzing the bytecode file by using a control flow analysis engine; S4, analyzing a transmission process of data in variables by using a data flow analysis engine to establish a data flow diagram so as to provide basis for reverse dynamic data tracing; S5, carrying out loophole detection according to the rules in the loophole rule library; and S6, generating a report from a safety loophole mining process and related data information. The invention also discloses a safety loophole mining device of application software under the Android platform. The safety loophole mining method and device disclosed by the invention are beneficial to discovering safety loopholes in software as soon as possible and is also beneficial to safe development of application software under the Android platform.

Description

technical field [0001] The invention relates to the field of source code detection, and more specifically, relates to a method and a device for mining security loopholes of application software under an Android platform. Background technique [0002] Android is a Linux-based open source operating system, mainly used in portable devices. At present, there is no unified Chinese name, and more people in mainland China use Android (unofficial) or Anzhi (official). The Android operating system was originally developed by Andy Rubin and initially primarily supported mobile phones. In 2005, it was acquired and injected by Google, and combined with a number of manufacturers to form the Open Handset Alliance to develop and improve, and gradually expanded to tablet PCs and other fields. According to data at the end of 2010, the Android operating system, which has been officially launched for only two years, has surpassed the Nokia Symbian system that has dominated for ten years, and...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/00G06F21/56
Inventor 吴世忠张普含时志伟韩建吴迪
Owner CHINA INFORMATION TECH SECURITY EVALUATION CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com