A method for validate and identifying unsafe sensitive input in Android system

An input verification and Android system technology, applied in machine learning technology and static information flow analysis, natural language processing, identifying unsafe input verification and identification fields in Android systems, can solve unclear definition, ignore input verification, and unclear input Verification and other issues

Active Publication Date: 2019-02-01
FUDAN UNIV
View PDF7 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

(2) The definition is not clear
So it's not clear if the input needs to be validated and if it's done correctly
(3) Fragmentation
Secondly, system developers also ignore the problem of input validation when customizing the Android system
However, in these contexts, there is no way in Android to automatically identify sensitive input validation and the security holes it poses

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method for validate and identifying unsafe sensitive input in Android system
  • A method for validate and identifying unsafe sensitive input in Android system
  • A method for validate and identifying unsafe sensitive input in Android system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] The present invention designs and implements the above-mentioned brand-new unsafe input verification identification method based on the combination of natural language processing and machine learning. This section introduces the specific implementation of the framework in detail.

[0032] Input Validation Recognition Based on Code Structure Analysis

[0033] The present invention analyzes the Android system on the basis of the Soot framework tool. The Soot framework is a mature Java program decompilation tool. First, the present invention decompresses the Android system image, and extracts all Java class files therefrom, then uses Soot to decompile, and obtains the intermediate representation (Jimple format file) of the system code. Afterwards, the present invention extracts all Android system services, methods and input variables in the system services from the decompiled Jimple code as the source of code information to be analyzed. When extracting system services, ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of program security analysis vulnerability mining, in particular to an unsafe sensitive input verification identification method in an Android system. Themethod comprises the following steps: input validation identification, firstly, extracting interrupt branch in program code, analyzing code structure characteristics, finding out independent program branch containing interrupt instruction, and judging whether current program execution includes the intention of checking input; sensitive input validation identification, using natural language processing to cluster a large number of input parameters based on semantics, and then using machine learning to infer other unknown sensitive parameters by specifying a few known sensitive parameters; Finally, loophole identification, by checking whether these input validation with sensitive parameters meet the security rules to determine whether it is unsafe input validation. Through the identificationof this kind of input verification, we can determine the system-level security vulnerabilities, which is of great significance to enhance the security of mobile systems and prevent system-level attacks.

Description

technical field [0001] The invention belongs to the technical field of program security analysis and vulnerability mining, specifically relates to natural language processing, machine learning technology and static information flow analysis technology, and in particular to a method for identifying unsafe input verification in an Android system. Background technique [0002] More than 60% of mobile devices are using the Android system, which runs a large number of applications related to our daily life. To achieve various functions, the app can read and manipulate Android system resources, such as GPS devices and screen displays, and perform sensitive operations, such as sending and deleting SMS messages. In Android, these resources and sensitive operations are managed by more than 100 system services. Clearly, access control in these services plays an important role in the security of the overall system. [0003] In this invention, we conduct an empirical study of a specia...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/034
Inventor 杨珉杨哲慜张磊何郁郁张振宇洪庚张源
Owner FUDAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap