Automatic detection method of API (Application Program Interface) misuse-type bug of Android application software

A technology for automatic detection and application software, applied in the fields of instruments, digital data processing, platform integrity maintenance, etc., can solve the problems of irregular use of framework API, misuse loopholes, leakage of application file content, etc., and reduce manual confirmation links. , the effect of reducing false alarm rate and improving efficiency

Inactive Publication Date: 2015-09-23
FUZHOU UNIV
View PDF5 Cites 36 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, the above research mainly focuses on a specific vulnerability, and can only analyze the corresponding vulnerability, and cannot be easily expanded, but in fact, it is essentially a vulnerability caused by the developer's irregular use of the framework API, except for the above-mentioned related APIs. There is also a class of API misuse vulnerabilities related to file permission control, which can lead to the disclosure of application file content

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Automatic detection method of API (Application Program Interface) misuse-type bug of Android application software
  • Automatic detection method of API (Application Program Interface) misuse-type bug of Android application software
  • Automatic detection method of API (Application Program Interface) misuse-type bug of Android application software

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The present invention will be further described below in conjunction with the drawings and embodiments.

[0027] Please refer to figure 1 , The present invention provides an automated detection method for Android application software API misuse vulnerabilities, which includes static analysis and dynamic analysis, and is characterized by:

[0028] Such as figure 2 As shown, the main content of the static analysis is: parsing the AndroidManifest.xml configuration file of the application software to be detected and all its components, and linking the system callback functions of each component through static instrumentation to generate a new entry function to The entry function is an entry control flow chart generated by the entry point to each component; through the entry point, the application software to be tested is modeled and constructed to construct a full program control flow chart, combined with program structure traversal for API misuse accessibility Analysis and con...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an automatic detection method of an API (Application Program Interface) misuse-type bug of Android application software. The automatic detection method comprises static analysis and dynamic analysis, wherein the main content of the static analysis comprises the following steps: modeling by combining with the characteristics of the Android application software to construct a full-program control flow chart, and combining with program structure traversal to carry out API misuse accessibility analysis and constant transmission analysis to screen a candidate suspect bug; and the main content of the dynamic analysis comprises the following steps: aiming at different types of bugs to design different modules to carry out bug triggering on the candidate suspect bug obtained by the static analysis, recording the behavior of the candidate suspect bug, and finally giving the bug security evaluation of an application. The automatic detection method adopts a mode of dynamic and dynamic combination to detect the existing API misuse-type bug, reduces a false alarm rate of static detection on the market, and simultaneously improves a coverage rate of dynamic detection.

Description

Technical field [0001] The invention relates to an automatic detection method for Android application software API misuse vulnerabilities. Background technique [0002] With the rapid development of mobile Internet, mobile payment, mobile office, etc. will be integrated into people's lives, and the protection of sensitive information such as trade secrets and personal privacy becomes crucial. With the popularization of the Android system, more and more developers have joined the Android camp, and the resulting Android software security problems have become more and more severe. It is also due to the uneven security awareness of many developers and the fragmentation of the Android system. Seriously, these factors will cause software vulnerabilities to exist for a long time, making Android applications vulnerable to attacks. [0003] Among the types of Android software vulnerabilities, one type of vulnerabilities is largely caused by developers not following the security programming...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F21/57
CPCG06F21/562G06F21/566G06F21/577G06F2221/033
Inventor 林柏钢李宇翔叶倩鸿倪一涛杨旸何萧玲宋丽珠许为
Owner FUZHOU UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap