| 引用本文: |
-
胡英杰,张琳琳,赵楷,方文波,于媛尔.基于静态污点分析的Android隐私泄露检测方法研究[J].信息安全学报,2020,5(5):144-151 [点击复制]
- HU Yingjie,ZHANG Linlin,ZHAO Kai,FANG Wenbo,YU Yuaner.Android Privacy Leak Detection Method Based on Static Taint Analysis[J].Journal of Cyber Security,2020,5(5):144-151 [点击复制]
|
|
| 摘要: |
| Android移动设备中存储了大量的敏感信息,如通话记录、联系人等,容易成为恶意攻击者的目标。基于静态污点分析技术,提出了一种面向Android平台的隐私泄露检测方法。通过提取Android敏感权限与API,创建两者之间的映射关系,生成Android应用程序的函数调用图,实现了对于大规模应用程序中潜在隐私数据泄露行为的检测。实验结果表明,本文所提出方法的准确率较高,且运行耗时较短,适合于大规模应用程序的检测。 |
| 关键词: Android 敏感数据 隐私泄露 函数调用图 污点分析 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2020.09.10 |
| 投稿时间:2019-08-31修订日期:2020-03-09 |
| 基金项目:本课题得到国家自然科学基金项目(No.61867006);新疆维吾尔自治区科技厅创新环境建设专项(PT1811);新疆维吾尔自治区创新环境建设专项(自然科学基金)联合基金项目(No.2019D01C062,2019D01C041);新疆维吾尔自治区高校科研计划项目(No.XJEDU2017M 005);国家级大学生创新创业训练计划项目(No.201910755047)资助。 |
|
| Android Privacy Leak Detection Method Based on Static Taint Analysis |
|
HU Yingjie1, ZHANG Linlin2, ZHAO Kai2, FANG Wenbo1, YU Yuaner2
|
| (1.College of Software, Xinjiang University, Urumqi 830091, China;2.College of Information Science and Engineering, Xinjiang University, Urumqi 830046, China) |
| Abstract: |
| Android mobile devices store a large amount of sensitive information, such as call records, contacts, and so on, which is easy to be target of malicious attackers. A privacy leakage detection method based on static taint analysis is proposed. A function call graph of the Android application is generated by extracting Android sensitive permissions and API to create a mapping relationship between them, and to detect potential privacy data leakage behavior in large-scale applications. The experimental results show that the accuracy of the proposed method is higher with shorter running time, which is suitable for the detection of large-scale applications. |
| Key words: Android sensitive information privacy leakage call graph taint analysis |
