摘要: |
Android移动设备中存储了大量的敏感信息,如通话记录、联系人等,容易成为恶意攻击者的目标。基于静态污点分析技术,提出了一种面向Android平台的隐私泄露检测方法。通过提取Android敏感权限与API,创建两者之间的映射关系,生成Android应用程序的函数调用图,实现了对于大规模应用程序中潜在隐私数据泄露行为的检测。实验结果表明,本文所提出方法的准确率较高,且运行耗时较短,适合于大规模应用程序的检测。 |
关键词: Android 敏感数据 隐私泄露 函数调用图 污点分析 |
DOI:10.19363/J.cnki.cn10-1380/tn.2020.09.10 |
Received:August 31, 2019Revised:March 09, 2020 |
基金项目:本课题得到国家自然科学基金项目(No.61867006);新疆维吾尔自治区科技厅创新环境建设专项(PT1811);新疆维吾尔自治区创新环境建设专项(自然科学基金)联合基金项目(No.2019D01C062,2019D01C041);新疆维吾尔自治区高校科研计划项目(No.XJEDU2017M 005);国家级大学生创新创业训练计划项目(No.201910755047)资助。 |
|
Android Privacy Leak Detection Method Based on Static Taint Analysis |
HU Yingjie,ZHANG Linlin,ZHAO Kai,FANG Wenbo,YU Yuaner |
College of Software, Xinjiang University, Urumqi 830091, China;College of Information Science and Engineering, Xinjiang University, Urumqi 830046, China |
Abstract: |
Android mobile devices store a large amount of sensitive information, such as call records, contacts, and so on, which is easy to be target of malicious attackers. A privacy leakage detection method based on static taint analysis is proposed. A function call graph of the Android application is generated by extracting Android sensitive permissions and API to create a mapping relationship between them, and to detect potential privacy data leakage behavior in large-scale applications. The experimental results show that the accuracy of the proposed method is higher with shorter running time, which is suitable for the detection of large-scale applications. |
Key words: Android sensitive information privacy leakage call graph taint analysis |