Android Apps:Static Analysis Based on Permission Classification

被引:3
|
作者
Zhenjiang Dong [1 ]
Hui Ye [2 ]
Yan Wu [1 ]
Shaoyin Cheng [2 ]
Fan Jiang [2 ]
机构
[1] ZTE Corporation
[2] Information Technology Security Evaluation Center,University of Science and Technology of China
来源
ZTECommunications | 2013年 / 11卷 / 01期
基金
中央高校基本科研业务费专项资金资助; 高等学校博士学科点专项科研基金;
关键词
malware; software analysis; static analysis; Android;
D O I
暂无
中图分类号
TN929.5 [移动通信]; TP309 [安全保密];
学科分类号
080402 ; 080904 ; 0810 ; 081001 ; 081201 ; 0839 ; 1402 ;
摘要
Android has a strict permission management mechanism. Any applications that try to run on the Android system need to obtain permission. In this paper, we propose an efficient method of detecting malicious applications in the Android system. First, hundreds of permissions are classified into different groups. The application programming interfaces (APIs) associated with permissions that can interact with the outside environment are called sink functions. The APIs associated with other permissions are called taint functions. e construct association tables for block variables and function variables of each application. Malicious applications can then be detected by using the static taint-propagation method to analyze these tables.
引用
收藏
页码:62 / 66
页数:5
相关论文
共 50 条
  • [41] Security Testing of Second Order Permission Re-delegation Vulnerabilities in Android Apps
    Demissie, Biniam Fisseha
    Ceccato, Mariano
    2020 IEEE/ACM 7TH INTERNATIONAL CONFERENCE ON MOBILE SOFTWARE ENGINEERING AND SYSTEMS, MOBILESOFT, 2020, : 1 - 11
  • [42] Towards Formal Analysis of the Permission-based Security Model for Android
    Shin, Wook
    Kiyomoto, Shinsaku
    Fukushima, Kazuhide
    Tanaka, Toshiaki
    ICWMC: 2009 FIFTH INTERNATIONAL CONFERENCE ON WIRELESS AND MOBILE COMMUNICATIONS, 2009, : 87 - 92
  • [43] Formal Analysis of Android's Permission-Based Security Model
    Betarte, Gustavo
    Campo, Juan
    Luna, Carlos
    Romano, Agustin
    SCIENTIFIC ANNALS OF COMPUTER SCIENCE, 2016, 26 (01) : 27 - 68
  • [44] Identifying vulnerabilities of SSL/TLS certificate verification in Android apps with static and dynamic analysis
    Wang, Yingjie
    Xu, Guangquan
    Liu, Xing
    Mao, Weixuan
    Si, Chengxiang
    Pedrycz, Witold
    Wang, Wei
    JOURNAL OF SYSTEMS AND SOFTWARE, 2020, 167
  • [45] Android malware detection based on static behavior feature analysis
    Chen C.
    Liu Y.
    Shen B.
    Cheng J.-J.
    Journal of Computers (Taiwan), 2018, 29 (06) : 243 - 253
  • [46] A Temporal Permission Analysis and Enforcement Framework for Android
    Sadeghi, Alireza
    Jabbarvand, Reyhaneh
    Ghorbani, Negar
    Bagheri, Hamid
    Malek, Sam
    PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE), 2018, : 846 - 857
  • [47] Static and Dynamic Integrated Analysis Scheme for Android Malware
    Chun-Hao Yung
    Wen-Shenq Juang
    Journal of Electronic Science and Technology, 2017, 15 (03) : 246 - 250
  • [48] Detecting Software Vulnerabilities in Android Using Static Analysis
    Dhaya, R.
    Poongodi, M.
    2014 INTERNATIONAL CONFERENCE ON ADVANCED COMMUNICATION CONTROL AND COMPUTING TECHNOLOGIES (ICACCCT), 2014, : 915 - 918
  • [49] REDDROID: Android Application Redundancy Customization Based on Static Analysis
    Jiang, Yufei
    Bao, Qinkun
    Wang, Shuai
    Liu, Xiao
    Wu, Dinghao
    2018 29TH IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING (ISSRE), 2018, : 189 - 199
  • [50] Android Malware Category and Family Classification Using Static Analysis
    Cong-Danh Nguyen
    Nghi Hoang Khoa
    Khoa Nguyen-Dang Doan
    Nguyen Tan Cam
    2023 INTERNATIONAL CONFERENCE ON INFORMATION NETWORKING, ICOIN, 2023, : 162 - 167
12345