Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Binder communication overload vulnerability detection method based on static analysis

A static analysis and detection method technology, applied in the direction of instruments, electrical digital data processing, platform integrity maintenance, etc., can solve problems such as overload loopholes, inability to locate Binder transmission objects in advance, and no customized test cases

Pending Publication Date: 2021-07-20
NANJING UNIV
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Both of the above methods depend on the actual program execution, and cannot locate the location of the Binder transfer object in advance
[0005] Inter-component communication is an important part of Binder communication. There are many test tools for inter-component communication, but only a few works involve the problem of Binder communication overload. The main reason is that it is difficult to trigger Binder communication overload through simple test cases. loophole
And there is no custom test case for this problem

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Binder communication overload vulnerability detection method based on static analysis
  • Binder communication overload vulnerability detection method based on static analysis
  • Binder communication overload vulnerability detection method based on static analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0051] figure 1 It is a schematic diagram of the frame logic of the static analysis-based Android application Binder communication overload vulnerability detection method according to Embodiment 1 of the present invention. figure 2 It is a schematic flowchart of a method for detecting a communication overload vulnerability of an Android application Binder based on static analysis in Embodiment 1 of the present invention. This embodiment can be used to detect Binder communication overload vulnerabilities through devices such as servers. The method can be performed by a static analysis-based Android application Binder communication overload vulnerability detection device. The device can use software and / or hardware. Realized, and can be integrated in electronic equipment, such as integrated server equipment.

[0052] see figure 1 with figure 2 , the detection method specifically includes:

[0053] S1. Analyze the source code of the Android framework to establish a function...

Embodiment 2

[0068] Embodiment 2 of the present invention takes the real application LeakCanary in the application market as an example, combining figure 2 The specific algorithm flow chart of the method in Nakamoto illustrates how to use the Android application Binder communication overload vulnerability detection method based on static program analysis to detect the verified and repaired Binder communication overload vulnerability ( Github Issue 1646).

[0069] image 3 shows the source code of the program related to the Binder communication overload vulnerability in LeakCanary, mainly including three functions DisplayLeakActivity.shareLeak, LeakCanary.leakInfo and LeakTrace.toString. The following will explain how to detect this Binder communication one by one in combination with the steps in the rights specification Overload bug.

[0070] In step 1, it is necessary to determine the Binder transfer interface function provided by the Android framework. By analyzing the source code of ...

Embodiment 3

[0078] The embodiment of the present application provides a static analysis-based detection device for an Android application Binder communication overload vulnerability, the detection device comprising:

[0079] The Binder communication interface function acquisition module is used to analyze the source code of the Android framework to establish a function call graph, and determine the Binder communication interface functions exposed by the Android framework based on the forward analysis of the transfer function transact.

[0080] The ContainerMap_app building block is used to statically analyze the Android application code. Starting from the Binder communication interface function used in the Android application, through the context-insensitive, flow-sensitive, and path-insensitive inter-function data flow analysis technology, the data flow analysis The iteration termination condition is that the ContainerMap does not change anymore, and the ContainerMap is established; selec...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a static analysis-based Android application Binder communication overload vulnerability detection method, which comprises the following steps of: analyzing an Android framework source code to establish a function call graph, and based on transfer function transact forward analysis, determining a Binder communication interface function exposed by an Android framework; carrying out static analysis on Android application codes, and establishing a data inclusion relation table of a single function through a context-insensitive, flow-sensitive and path-insensitive inter-function data flow analysis technology; selecting functions related to a Binder communication interface function to establish an application data inclusion relation general table; based on the expansion transmission mode, searching an expansion transmission object conforming to the mode, analyzing an expansion statement of the expansion transmission object to judge whether the circulation condition is met or not, and obtaining the Binder communication overload vulnerability conforming to the circulation expansion transmission mode through detection. According to the method, a static program analysis means is adopted, the transmission object is determined by establishing the data inclusion relation of the whole application, and the technical effect of detecting the Binder communication overload vulnerability is achieved.

Description

technical field [0001] The present invention relates to the technical field of detecting Android application Binder communication overload vulnerabilities, in particular to a static analysis-based detection method, device, electronic device and storage medium for Android application Binder communication overload vulnerabilities. Background technique [0002] With the development of information technology, mobile terminals represented by the Android platform have already become an indispensable part of people's lives. As the functions become more and more powerful, the mobile applications take up more and more memory to run. [0003] The Android system is a service-based system that provides the most basic and core functions of the system through a variety of services provided by the framework or developed by itself, including location management (Location Manager), package management (Package Manager), activity management (Activity Manager) and other most important services...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F21/57
CPCG06F21/563G06F21/577G06F2221/033
Inventor 刘少聪马骏陶先平
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com