Android源代码安全静态检测技术研究
首发时间:2015-12-03
摘要:针对Android终端日益猖獗的恶意攻击,本文提出一种Android源代码安全静态检测技术,本技术利用已有的Java源代码静态分析技术,同时加入对Android隐式方法调用的处理,得到基于Android源代码且无断点的控制流图和数据流图。在此信息流图基础上对Android源代码进行恶意行为分析,最终得到Android工程中存在的主要漏洞缺陷。利用本技术对多个开源Android工程进行检测,实验结果表明,本技术能有效检测出Android源代码中的漏洞缺陷,另外本技术可将漏洞的完整攻击路径可视化展示,方便开发者对工程进行修改维护,具有较高的实用价值。
关键词: Android终端;恶意攻击;静态分析; Android隐式方法调用;恶意行为分析
For information in English, please click here
A detection technology of Android platform source code security based on static analysis
Abstract:With the increasingly rampant malicious attacks of Android terminal, this paper proposes a detection technology of Android platform source code security based on static analysis.The technology uses the existing static analysis technology of Java source code, and joins Android implicit methods invocation processing, at last gets the control flow graph and data flow graph, which are based on Android source code and have no breakpoint.The tech-nology analyses the malicious behavior of Android source code depending on the information flow graph, and then get the main loophole and flaw existing in Android project.Using this technology to detect multiple open source Android projects, the experimental results show that this technology can effectively detect the main loophole and flaw existing in Android source code. What's more, the technology can display complete attack path, which is convenient for developers to modify and maintain the project. Therefore, this technology has high practical value.
Keywords: android intelligent terminal malicious attacks static analysis android implicit methods invoca-tion malicious behavior analysis
论文图表:
引用
No.4666096111701214****
同行评议
共计0人参与
勘误表
Android源代码安全静态检测技术研究
评论
全部评论0/1000