基于Soot的Android应用静态污点分析工具的研究
首发时间:2017-08-31
摘要:针对Android应用信息泄露路径检测的问题,为了实现一种基于配置文件的通用的路径检测工具,本文研究了一种基于Soot的Android静态污点分析方案。在Soot构造的Android应用数据流图基础上,依据Android组件生命周期,提出了补全污点数据在数据流中传播过程的方案。通过给出污染传播中污染点和引爆点在Android应用中的定义,设计了检测应用组件内的信息泄露过程的算法。使用该方法对13类基准应用测试和40个第三方应用测试,实验结果表明该方法的可行性。
关键词: 信息安全 Soot Android应用 污点分析 信息泄露
For information in English, please click here
The Research of Android Application Taint Analysis Tool Based on Soot
Abstract:To realize a common path detection tool based on configuration file, this paper studies a Soot-based Android static stain analysis scheme for Android application information disclosure path detection. Based on the Android application data flow diagram constructed by Soot, this paper proposes a scheme to improve the propagation process of the tainted data in the data flow according to the Android component life cycle. The algorithm of detecting the information leakage process in the application component is designed by giving the definition of the pollution point and the tipping point in the Android application. Using this method for 13 benchmark applications and 40 third-party application tests, the experimental results show the feasibility of the method.
Keywords: Information Security Soot Android Application taint analysis information disclosure
基金:
论文图表:
引用
No.4741045121335215****
同行评议
共计0人参与
勘误表
基于Soot的Android应用静态污点分析工具的研究
评论
全部评论0/1000