Automatic detection method of API (Application Program Interface) misuse-type bug of Android application software

A technology for automatic detection and application software, applied in the fields of instruments, digital data processing, platform integrity maintenance, etc., can solve the problems of irregular use of framework API, misuse loopholes, leakage of application file content, etc., and reduce manual confirmation links. , the effect of reducing false alarm rate and improving efficiency
CN104933362AInactive Publication Date: 2015-09-23FUZHOU UNIV
5 Cites 36 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
FUZHOU UNIV
Publication Date
2015-09-23
Estimated Expiration
Not applicable · inactive patent

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention relates to an automatic detection method of an API (Application Program Interface) misuse-type bug of Android application software. The automatic detection method comprises static analysis and dynamic analysis, wherein the main content of the static analysis comprises the following steps: modeling by combining with the characteristics of the Android application software to construct a full-program control flow chart, and combining with program structure traversal to carry out API misuse accessibility analysis and constant transmission analysis to screen a candidate suspect bug; and the main content of the dynamic analysis comprises the following steps: aiming at different types of bugs to design different modules to carry out bug triggering on the candidate suspect bug obtained by the static analysis, recording the behavior of the candidate suspect bug, and finally giving the bug security evaluation of an application. The automatic detection method adopts a mode of dynamic and dynamic combination to detect the existing API misuse-type bug, reduces a false alarm rate of static detection on the market, and simultaneously improves a coverage rate of dynamic detection.
Need to check novelty before this filing date? Find Prior Art

Description

Technical field

[0001] The invention relates to an automatic detection method for Android application software API misuse vulnerabilities. Background technique

[0002] With the rapid development of mobile Internet, mobile payment, mobile office, etc. will be integrated into people's lives, and the protection of sensitive information such as trade secrets and personal privacy becomes crucial. With the popularization of the Android system, more and more developers have joined the Android camp, and the resulting Android software security problems have become more and more severe. It is also due to the uneven security awareness of many developers and the fragmentation of the Android system. Seriously, these factors will cause software vulnerabilities to exist for a long time, making Android applications vulnerable to attacks.

[0003] Among the types of Android software vulnerabilities, one type of vulnerabilities is largely caused by developers not following the security programming...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More