Android动态加载与反射机制的静态污点分析研究
发布时间:2019-03-31 14:01
【摘要】:隐私泄露是当前Android安全中最为重要的问题之一,目前检测隐私泄露的最主要方法是污点分析.Android静态污点分析技术凭借其代码覆盖率高、漏报率低的特点而被广泛应用在Android应用隐私泄露的检测上.然而,现有的静态污点分析工具却不能对Android动态加载和反射机制进行有效污点分析.鉴于当前Android动态加载和反射机制被越来越广泛地应用的现状,对如何使Android静态污点分析工具有效地处理Android应用的动态加载和反射机制的问题进行了研究.对Android源码进行了修改,使Android系统能够对Android应用实际运行中加载的dex文件和反射调用信息进行实时存储,并利用这些信息对Android静态污点分析过程进行引导.以当前领先的静态污点分析工具FlowDroid为基础,对其进行了改进,提出了使用非反射调用语句替换反射调用语句的策略,实现了一个能够对Android动态加载和反射机制进行有效污点分析的工具——DyLoadDroid,并通过实验验证了其在处理Android动态加载和反射机制的污点分析问题上的有效性.
[Abstract]:Privacy disclosure is one of the most important issues in the current Android security. At present, the most important method to detect privacy disclosure is stain analysis. Because of the low false alarm rate, it has been widely used in the detection of privacy leaks in Android applications. However, the existing static stain analysis tools can not be used to analyze the dynamic loading and reflection mechanism of Android. In view of the current situation that the dynamic loading and reflection mechanism of Android is more and more widely used, this paper studies how to make Android static stain analysis tool deal with the dynamic loading and reflection mechanism of Android application effectively. The Android source code is modified so that the Android system can store the dex file and reflection call information loaded in the actual operation of the Android application in real time, and use these information to guide the Android static stain analysis process. Based on the current leading static stain analysis tool FlowDroid, this paper improves it, and puts forward a strategy of replacing reflection call statement with non-reflection call statement. In this paper, a tool, DyLoadDroid, which can analyze the dynamic loading and reflection mechanism of Android, is implemented and its effectiveness in dealing with the problem of dynamic loading and reflection mechanism of Android is verified by experiments.
【作者单位】: 综合业务网理论及关键技术国家重点实验室(西安电子科技大学);中国科学院大学国家计算机网络入侵防范中心;信息安全国家重点实验室(中国科学院信息工程研究所);
【基金】:国家自然科学基金项目(61572460,61272481,61303239) 信息安全国家重点实验室开放课题(2015-MS-06,2015-MS-04)~~
【分类号】:TP309;TP316
[Abstract]:Privacy disclosure is one of the most important issues in the current Android security. At present, the most important method to detect privacy disclosure is stain analysis. Because of the low false alarm rate, it has been widely used in the detection of privacy leaks in Android applications. However, the existing static stain analysis tools can not be used to analyze the dynamic loading and reflection mechanism of Android. In view of the current situation that the dynamic loading and reflection mechanism of Android is more and more widely used, this paper studies how to make Android static stain analysis tool deal with the dynamic loading and reflection mechanism of Android application effectively. The Android source code is modified so that the Android system can store the dex file and reflection call information loaded in the actual operation of the Android application in real time, and use these information to guide the Android static stain analysis process. Based on the current leading static stain analysis tool FlowDroid, this paper improves it, and puts forward a strategy of replacing reflection call statement with non-reflection call statement. In this paper, a tool, DyLoadDroid, which can analyze the dynamic loading and reflection mechanism of Android, is implemented and its effectiveness in dealing with the problem of dynamic loading and reflection mechanism of Android is verified by experiments.
【作者单位】: 综合业务网理论及关键技术国家重点实验室(西安电子科技大学);中国科学院大学国家计算机网络入侵防范中心;信息安全国家重点实验室(中国科学院信息工程研究所);
【基金】:国家自然科学基金项目(61572460,61272481,61303239) 信息安全国家重点实验室开放课题(2015-MS-06,2015-MS-04)~~
【分类号】:TP309;TP316
【相似文献】
相关期刊论文 前10条
1 林耕宇;;观摩50名Google Android程序开发竞赛作品[J];电子与电脑;2008年08期
2 树子;;Android中文版不完全体验[J];互联网天地;2009年04期
3 Jason Whitmire;;产业软件专家如何协助解决Android的分裂困境[J];电子与电脑;2010年02期
4 蒋彬;;10款Android手机必备应用——Android操作系下的软件评测[J];微电脑世界;2010年04期
5 ;PCWorld Windows Phone 7挑战Android 毅然崛起的AndroidⅠ洗心革面的Windows Phone 7[J];微电脑世界;2010年08期
6 韩青;;Android平台发展的动力与挑战[J];中国电子商情(基础电子);2010年09期
7 方智勇;;Android手机这样用[J];电脑迷;2010年15期
8 缺少浪漫;;Android的另一面[J];电脑迷;2010年13期
9 ;ZTE and Three Release Android ,
本文编号:2450983
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2450983.html
