Android application privilege disclosure vulnerability detection method based on static stain analysis

An Android application program and taint analysis technology, applied in computer security devices, instruments, electrical digital data processing, etc., can solve problems such as low efficiency and incomplete detection results, and achieve the effects of high efficiency, scale reduction, and complete functions

Inactive Publication Date: 2018-11-20
XIDIAN UNIV
View PDF10 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] The purpose of the present invention is to address the deficiencies in the above-mentioned technologies, and propose a method for detecting Android application authority leakage vulnerabilities, which is used to solve the technical problems of low efficiency and incomplete detection results of application authority leakage vulnerability detection in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android application privilege disclosure vulnerability detection method based on static stain analysis
  • Android application privilege disclosure vulnerability detection method based on static stain analysis
  • Android application privilege disclosure vulnerability detection method based on static stain analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] In order to make the object, technical solution and advantages of the present invention more clear, the present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0037] refer to figure 1 .The present invention comprises the steps:

[0038] Step 1) Obtain the configuration file SourceSink_File of the pollution source function and the trapped function:

[0039]1a) Use each Android application programming interface designated by the user to receive external data as a pollution source function, and write these pollution source functions into the established file source.txt. The pollution source function written in this example is as follows: , , ;

[0040] 1b) Obtain the source code of the Android system from the Android open source project on the Internet. In this example, the source code of the Android 5.0 system is used, and the source code of the system is used as input, and the Android permiss...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an Android application privilege disclosure vulnerability detection method, which is used for solving the technical problems of low efficiency of application privilege disclosure vulnerability detection and incomplete detection result in the prior art. The method includes: extracting each application programming interface corresponding to an Android sensitive privilege froman Android system source code, and configuring pollution source functions and trap functions; performing reverse engineering on an application to be detected, analyzing the obtained resource file, andobtaining an application component with the risk of privilege disclosure; then, constructing a detection flow method of static stain analysis of the application component with the risk of privilege disclosure; performing the static stain analysis on the basis of the method, and obtaining a privilege disclosure path list of the application to be detected; finally, outputting the detection result of privilege disclosure vulnerability of the application to be detected. The invention can comprehensively and efficiently detect the Android application privilege disclosure vulnerability, and can beused for the analysis and research of the Android application privilege disclosure vulnerability.

Description

technical field [0001] The invention belongs to the technical field of network and system security, and relates to a method for detecting Android application authority leakage vulnerabilities, in particular to a method for detecting Android application authority leakage vulnerabilities based on static stain analysis, which can be used for the analysis of Android application authority leakage vulnerabilities with research. Background technique [0002] In the era of mobile Internet, applications based on the Android operating system play an important media role in the connection between users and society. However, due to the imperfect security mechanism of the Android system, loopholes are common in Android applications. The Android application permission disclosure vulnerability is one of the Android vulnerabilities. This vulnerability allows malicious programs to perform operations such as data destruction, audio recording, and message sending without applying for permissi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56G06F21/57
CPCG06F21/562G06F21/577
Inventor 杨超卢璐马昊玉马建峰李晖
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap