Static taint analysis and symbolic execution-based Android application vulnerability discovery method

Abstract

The invention discloses a static taint analysis and symbolic execution-based Android application vulnerability discovery method, and mainly aims at solving the problems that the analysis range is fixed, the memory consumption is huge and the analysis result is mistakenly reported in the process of discovering vulnerabilities by using the existing static taint analysis method. The method is realized through the following steps of: 1) configuring an analysis target and decompiling a program source code; 2) carrying out control flow analysis on the decompilation result; 3) selecting a source function by a user according to the control flow analysis result, so as to narrow an analysis target; 4) carrying out data flow analysis according to the control flow analysis result, so as to generate a vulnerability path; and 5) filtering the data flow analysis result by adoption of a static symbolic execution technology, taking the residual parts after the filtration as discovered vulnerabilities, warning the user and printing the vulnerability path. On the basis of the existing static taint analysis technology, the method disclosed by the invention has the advantages of extending the vulnerability discovery range, decreasing the memory consumption of vulnerability discovery and improving the accuracy of vulnerability discovery results, and can be applied to the discovery and research of Android application program vulnerabilities.

Description

technical field [0001] The invention belongs to the field of network and system security, and specifically relates to a method for mining Android application loopholes, which can be used for analysis and research of Android program loopholes caused by external injection. Background technique [0002] Taint propagation analysis is a technique for analyzing programs based on data dependencies. It is often used to detect data-related vulnerabilities in binary programs, such as privacy disclosure vulnerabilities and component hijacking vulnerabilities. According to whether the target program is required to run, taint propagation analysis can be divided into two types: static and dynamic. [0003] The static taint analysis method, compared with the dynamic taint analysis based on multiple executions, only needs to be executed once to obtain the overall analysis result, which has the advantages of a more comprehensive analysis path and higher efficiency. The analysis process main...

AI Technical Summary

Problems solved by technology

Compared with the number of control flows of a program, the data flow is often several times more, and due to the language characteristics, its analysis process is also quite complicated, so redundant data flow analysis will directly cause huge memory consumption and time consumption of static taint analysis

[0012] 3. Since static taint analysis has the theoretical characteristic of "one-time comprehensive analysis", its analysis process is "path-insensitive", that i

Images