引用本文
  • 胡英杰,张琳琳,赵楷,方文波,于媛尔.基于静态污点分析的Android隐私泄露检测方法研究[J].信息安全学报,2020,5(5):144-151    [点击复制]
  • HU Yingjie,ZHANG Linlin,ZHAO Kai,FANG Wenbo,YU Yuaner.Android Privacy Leak Detection Method Based on Static Taint Analysis[J].Journal of Cyber Security,2020,5(5):144-151   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

←前一篇|后一篇→

过刊浏览    高级检索

本文已被:浏览 4513次   下载 4140 本文二维码信息
码上扫一扫!
基于静态污点分析的Android隐私泄露检测方法研究
胡英杰1, 张琳琳2, 赵楷2, 方文波1, 于媛尔2
0
(1.新疆大学软件学院 乌鲁木齐 中国 830091;2.新疆大学信息科学与工程学院 乌鲁木齐 中国 830046)
摘要:
Android移动设备中存储了大量的敏感信息,如通话记录、联系人等,容易成为恶意攻击者的目标。基于静态污点分析技术,提出了一种面向Android平台的隐私泄露检测方法。通过提取Android敏感权限与API,创建两者之间的映射关系,生成Android应用程序的函数调用图,实现了对于大规模应用程序中潜在隐私数据泄露行为的检测。实验结果表明,本文所提出方法的准确率较高,且运行耗时较短,适合于大规模应用程序的检测。
关键词:  Android  敏感数据  隐私泄露  函数调用图  污点分析
DOI:10.19363/J.cnki.cn10-1380/tn.2020.09.10
投稿时间:2019-08-31修订日期:2020-03-09
基金项目:本课题得到国家自然科学基金项目(No.61867006);新疆维吾尔自治区科技厅创新环境建设专项(PT1811);新疆维吾尔自治区创新环境建设专项(自然科学基金)联合基金项目(No.2019D01C062,2019D01C041);新疆维吾尔自治区高校科研计划项目(No.XJEDU2017M 005);国家级大学生创新创业训练计划项目(No.201910755047)资助。
Android Privacy Leak Detection Method Based on Static Taint Analysis
HU Yingjie1, ZHANG Linlin2, ZHAO Kai2, FANG Wenbo1, YU Yuaner2
(1.College of Software, Xinjiang University, Urumqi 830091, China;2.College of Information Science and Engineering, Xinjiang University, Urumqi 830046, China)
Abstract:
Android mobile devices store a large amount of sensitive information, such as call records, contacts, and so on, which is easy to be target of malicious attackers. A privacy leakage detection method based on static taint analysis is proposed. A function call graph of the Android application is generated by extracting Android sensitive permissions and API to create a mapping relationship between them, and to detect potential privacy data leakage behavior in large-scale applications. The experimental results show that the accuracy of the proposed method is higher with shorter running time, which is suitable for the detection of large-scale applications.
Key words:  Android  sensitive information  privacy leakage  call graph  taint analysis