Android application vulnerabilities static mining technology

被引：0

作者：

Tang J. ^{[1
]}

Liu J. ^{[1
]}

Li R. ^{[1
]}

Li W. ^{[2
]}

机构：

[1] School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan

[2] Network and Computation Center, Huazhong University of Science and Technology, Wuhan

来源：

Huazhong Keji Daxue Xuebao (Ziran Kexue Ban)/Journal of Huazhong University of Science and Technology (Natural Science Edition) | 2016年 / 44卷

关键词：

Android; Application software; Static analysis; Vulnerabilities mining; Vulnerabilities mining methods;

D O I：

10.13245/j.hust.16S105

中图分类号：

学科分类号：

摘要：

By combining with the information flow analysis and control flow analysis, we get the function call graph and sensitive data propagation path of Android applications were obtained. A method was put forward based on static analysis to mine vulnerabilities of Android applications. By using multi methods of reverse analysis, the system can decompile most apps successfully. According to Android applications intermediate code, the system analyzed vulnerabilities about some objects one by one to improve the accuracy of results. 15 common vulnerabilities was analyzed, and the actual application market applications and sample applications were used to implement experiments to verify the system accuracy and availability. © 2016, Editorial Board of Journal of Huazhong University of Science and Technology. All right reserved.

引用

页码：20 / 24

页数：4

共 6 条

[1]

Jin X., Hu X., Ying K., Et al., Code injection attacks on HTML5-based mobile apps: characterization, detection and mitigation, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 66-77, (2014)

[2]

Zhong Y., Xin Z., Mao B., Et al., DroidAlarm: an all-sided static analysis tool for android privilege-escalation malware, Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security, pp. 353-358, (2013)

[3]

Arzt S., Rasthofer S., Fritz C., Et al., Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps, ACM SIGPLAN Notices, 49, 6, pp. 259-269, (2014)

[4]

Wei F., Roy S., Ou X., Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1329-1341, (2014)

[5]

Felt A.P., Chin E., Hanna S., Et al., Android permissions demystified, ACM Conference on Computer and Communications Security, pp. 627-638, (2011)

[6]

Arzt S., Rasthofer S., Fritz C., Et al., FlowDroid, AcmSigplan Notices, 49, 6, pp. 259-269, (2014)

← 1 →