| 摘要: |
| Android移动设备中存储了大量的敏感信息,如通话记录、联系人等,容易成为恶意攻击者的目标。基于静态污点分析技术,提出了一种面向Android平台的隐私泄露检测方法。通过提取Android敏感权限与API,创建两者之间的映射关系,生成Android应用程序的函数调用图,实现了对于大规模应用程序中潜在隐私数据泄露行为的检测。实验结果表明,本文所提出方法的准确率较高,且运行耗时较短,适合于大规模应用程序的检测。 |
| 关键词: Android 敏感数据 隐私泄露 函数调用图 污点分析 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2020.09.10 |
| 投稿时间:2019-08-31修订日期:2020-03-09 |
| 基金项目:本课题得到国家自然科学基金项目(No.61867006);新疆维吾尔自治区科技厅创新环境建设专项(PT1811);新疆维吾尔自治区创新环境建设专项(自然科学基金)联合基金项目(No.2019D01C062,2019D01C041);新疆维吾尔自治区高校科研计划项目(No.XJEDU2017M 005);国家级大学生创新创业训练计划项目(No.201910755047)资助。 |
|
| Android Privacy Leak Detection Method Based on Static Taint Analysis |
| HU Yingjie,ZHANG Linlin,ZHAO Kai,FANG Wenbo,YU Yuaner |
| College of Software, Xinjiang University, Urumqi 830091, China;College of Information Science and Engineering, Xinjiang University, Urumqi 830046, China |
| Abstract: |
| Android mobile devices store a large amount of sensitive information, such as call records, contacts, and so on, which is easy to be target of malicious attackers. A privacy leakage detection method based on static taint analysis is proposed. A function call graph of the Android application is generated by extracting Android sensitive permissions and API to create a mapping relationship between them, and to detect potential privacy data leakage behavior in large-scale applications. The experimental results show that the accuracy of the proposed method is higher with shorter running time, which is suitable for the detection of large-scale applications. |
| Key words: Android sensitive information privacy leakage call graph taint analysis |
