Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Privacy leakage vulnerability detection confirming method based on static stain data analysis

A tainted data, static technology, applied in the field of privacy leak detection, can solve problems such as affecting vulnerability recurrence, difficulty in finding input data, detecting anomalies, etc., to reduce complexity and memory requirements, improve detection speed and accuracy, and reduce memory. the effect of demand

Active Publication Date: 2017-07-11
XIDIAN UNIV
View PDF2 Cites 24 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] One: Cannot detect quickly and effectively
[0009] The functions supported by the current APP are becoming more and more complex, which directly leads to a large amount of APP code and complex logic; at the same time, because the current APP focuses on user experience, the original simple code is no longer applicable, but needs to be processed in many ways to meet the requirements. The rapid response of the APP and the need to improve the user experience, these factors make the code volume of the APP large and the logic complex; the large code volume and complex logic make the amount of analyzed data rise linearly, resulting in slow detection process and abnormal detection
[0010] Two: High false positive rate in taint analysis
[0011] For static taint analysis, because the APP is not actually run, but the possible flow direction of the taint data in the program is tracked according to the relevant rules, there are two false positives: one is a false positive, that is, the APP detects a matching Regular tainted data flow path, but this path is unreachable when the actual program is running; the second is false negative, that is, there is tainted data flow that conforms to the rules in the APP, but the system cannot detect it
[0012] Three: It is difficult to find suitable input data, and the vulnerability cannot be reproduced
In order to find the appropriate input data that can reproduce the vulnerability, it is necessary not only to track the flow of tainted data, but also to collect and track the detailed program flow process from the APP entry location to the introduction of tainted data and collect the program analysis that needs to be satisfied Judgment conditions, and the collection and tracking of these additional data are relatively difficult, which will affect the reproduction of vulnerabilities

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Privacy leakage vulnerability detection confirming method based on static stain data analysis
  • Privacy leakage vulnerability detection confirming method based on static stain data analysis
  • Privacy leakage vulnerability detection confirming method based on static stain data analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] The present invention will be described in detail below in conjunction with the accompanying drawings.

[0045] refer to figure 1 , the implementation steps of the present invention are as follows:

[0046] Step 1, find the tainted data flow path.

[0047] 1a) Configure the tainted data rule file, the configuration method is to specify the function signature and target endpoint function signature that introduces tainted data;

[0048] 1b) Configure the entry configuration file. The components in the configuration file are the components to be tested. When configuring the file, a configuration file can be automatically generated first. This configuration file contains a list of all components in the Android application software APP. Modify and customize the configuration on the basis of the automatically generated configuration file; the automatic generation of the configuration file can be carried out before detecting the Android application program APP, which belongs t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for detecting whether privacy leakage vulnerability exists in an Android application software APP or not. The method mainly solves the problems of low vulnerability detection speed, high detection environment requirements and low detection accuracy in the prior art. The method comprises the realization processes of configuring an optimization detection file; limiting an assembly and callback of the detected Android application software APP; performing static stain data stream analysis on the limited assembly and callback to obtain a stain data stream path; further processing the stain path, building a function node sequence; expanding and filling with function nodes, performing pruning and compression processing, and connecting the processed function nodes to form a detail stain data flowing path; performing deduplication processing on the detail stain data flowing path; then, performing graphical output. The method provided by the invention has the advantages that the speed of detecting the privacy leakage vulnerability of the Android application software APP is accelerated; the requirements on the detection environment and the vulnerability reproducing difficulty are reduced, so that the vulnerability analysis is faster and more accurate.

Description

technical field [0001] The invention belongs to the technical field of information security, and in particular relates to a privacy leakage detection method, which can be used to detect and analyze whether Android mobile phone application software leaks user privacy data, and there are privacy leakage loopholes. Background technique [0002] With the rapid development of the mobile Internet, smart phone devices are rapidly gaining popularity, and the Android system occupies 2 / 3 of the entire mobile phone market, and the market share is still increasing steadily. The Android system is an open platform. When the installed application is installed, after the user gives the corresponding permission, the application can freely obtain the corresponding stealth data. The user knows nothing about the use of these data. Whether the application is normal or malicious. [0003] Existing analysis methods can be divided into two types of analysis methods from the level of whether the pr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F21/62
Inventor 罗丹杨超孙聪马建峰付胧玉卢璐
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com