Android application used application program vulnerability detection and analysis method based on code library security specifications

A security protocol and application technology, applied in computer security devices, instruments, electronic digital data processing, etc., can solve problems such as semantic misunderstanding, developers' spontaneous repair of security vulnerabilities, code bases not complying with security protocols, etc.

Active Publication Date: 2015-11-04
FUDAN UNIV
View PDF5 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, many Android applications, including some popular applications, contain a large number of security vulnerabilities, and one of the important reasons for these security vulnerabilities is that developers have not followed the corresponding security regulations when using the code base.
Many companies and organizations have proposed many security regulations for the correct use of their code bases. However, there are still many problems with the quality of these security regulations and their performance in actual development. Semantic misunderstandings caused by natural language attributes, scattered security regulations make it difficult to manage uniformly, and the impact of misleading code fragments, etc.
[0005] Because developers usually do not intentionally violate code base security regulations, in this case, it is impossible for developers to fix the security holes that may exist in the application

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android application used application program vulnerability detection and analysis method based on code library security specifications
  • Android application used application program vulnerability detection and analysis method based on code library security specifications

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0068] The present invention designs and implements the above-mentioned static analysis framework that can describe code base security regulations in a formalized rule language and perform automatic verification in applications. This section makes a detailed introduction to the specific implementation of the framework.

[0069] 1, Security Specification Model

[0070] The security protocol model designed by the present invention has been described above. Under this model, the security specification is described in the form of a rule language, and the code base designer can directly package it into the code base. The rule language can describe the behavior that the application program should take when using the code library in a way that both the code library designer and the user can understand. Moreover, as a rule language, the static program analyzer can also understand its semantics by parsing the security regulations, so that the static program analyzer can detect the f...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of program information security monitoring, and particularly relates to an Android application used application program vulnerability detection and analysis method based on code library security specifications. The method comprises the following steps: building a security specification model, i.e., describing the security specifications of the code library by using formalized rule languages; designing a static program analyzer for performing automatic verification based on the security specification model; applying the static program analyzer to two phases, i.e., compilation of application programs and examination of the application programs in an application market, and detecting security vulnerabilities. According to the detection and analysis method provided by the invention, the security risk in the program can be prevented.

Description

technical field [0001] The invention belongs to the technical field of program information security monitoring, and in particular relates to a method for detecting and analyzing security loopholes in Android applications. Background technique [0002] The security protocol is a code library security usage suggestion provided by the code library designer. For example, Google provides a detailed list of security tips for the built-in function library of the Android system. Among these hints, code base designers inform programmers that using the code base is correct and how using the code base introduces software security flaws. In form, codebase security tips are similar to other codebase usage guides: they don't have a uniform format, and most codebase security tips are written by codebase designers in their native language. Therefore, in actual use, developers may misunderstand the semantics of security specifications due to language issues. [0003] Among many mobile plat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/562
Inventor 杨珉杨哲慜张磊
Owner FUDAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap