Unlock instant, AI-driven research and patent intelligence for your innovation.

Security patch detection method for Android application upgrading

A technology of application upgrade and detection method, which is applied in the field of information security, can solve problems such as inability to cope with code repair, and achieve the effect of reducing false positives

Pending Publication Date: 2022-02-25
SHANGHAI JIAO TONG UNIV
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] For the distinction between program security patches and functional updates, most of the existing solutions use specific pattern matching, or use detailed update information for analysis, but these solutions have many limitations in real scenarios: using pattern matching The method can only extract update patches of specific patterns, and cannot cope with code repairs introduced by complex real scenarios. The defined pattern needs to be based on the experience of security analysts; except for open source projects, the update description of Android applications is very simple, usually only "fixed Know the problem" prompt

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security patch detection method for Android application upgrading
  • Security patch detection method for Android application upgrading
  • Security patch detection method for Android application upgrading

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0014] Such as figure 1 As shown, it is a security patch detection method for an Android application upgrade related to this embodiment, comprising the following steps:

[0015] Step 1, such as figure 2 As shown, by restoring the structural hierarchy and disassembly code feature values ​​of Android applications before and after the upgrade, function matching is performed between the applications before and after the upgrade, specifically including:

[0016] Step 101. Unpack the Android application files before and after the upgrade, and disassemble the bytecode of the program, wherein: the disassembly code of the Android application program is Smali code; after the application program after the disassembly, each class of the program is separated The file form with the ".smali" suffix exists.

[0017] Step 102. Build the structural hierarchy of the program: After unpacking the Android installation package file, traverse the file directory to obtain the package-to-package hie...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a security patch detection method for Android application upgrading, and the method comprises the following steps: performing function matching between Android application programs before and after upgrading by restoring the structural hierarchy and disassembly code characteristic values of the Android application programs before and after upgrading, and performing data flow analysis on all call points of a function where an updating patch is located; establishing a control flow diagram of two version functions before and after upgrading where the update patch is located, extracting data dependence and control dependence related to the variable parameters from the control flow diagram, and obtaining a security detection result according to the dependence relationship. According to the method and the device, security-related patches existing in program analysis can be obtained by performing differential analysis on the android application of the version before and after upgrading, so that the goal of reducing analysis of security auditing personnel and the goal of learning a new vulnerability mode are achieved. And the purpose of safety worker analysis is greatly reduced. Common program confusion can be resisted, and the source code does not need to be intrusively changed. A security patch mode does not need to be defined depending on the experience of a security worker, and a more complex security patch can be positioned.

Description

technical field [0001] The invention relates to a technology in the field of information security, in particular to a security patch detection method for Android application upgrades. Background technique [0002] For the distinction between program security patches and functional updates, most of the existing solutions use specific pattern matching, or use detailed update information for analysis, but these solutions have many limitations in real scenarios: using pattern matching The method can only extract update patches of specific patterns, and cannot cope with code repairs introduced by complex real scenarios. The defined pattern needs to be based on the experience of security analysts; except for open source projects, the update description of Android applications is very simple, usually only "fixed Know the problem" prompt. Contents of the invention [0003] The present invention aims at the shortcomings of the prior art for application update patch analysis, and p...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F11/36
CPCG06F11/3692G06F11/3696
Inventor 李鹤皓李卷孺谷大武王艺卓
Owner SHANGHAI JIAO TONG UNIV
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com