| 基于静态污点分析的Android隐私泄露检测方法研究 |
| |
| 作者姓名: | 胡英杰 张琳琳 赵楷 方文波 于媛尔 |
| |
| 作者单位: | 新疆大学软件学院 乌鲁木齐 中国 830091,新疆大学信息科学与工程学院 乌鲁木齐 中国 830046,新疆大学信息科学与工程学院 乌鲁木齐 中国 830046,新疆大学软件学院 乌鲁木齐 中国 830091,新疆大学信息科学与工程学院 乌鲁木齐 中国 830046 |
| |
| 基金项目: | 本课题得到国家自然科学基金项目(No.61867006);新疆维吾尔自治区科技厅创新环境建设专项(PT1811);新疆维吾尔自治区创新环境建设专项(自然科学基金)联合基金项目(No.2019D01C062,2019D01C041);新疆维吾尔自治区高校科研计划项目(No.XJEDU2017M 005);国家级大学生创新创业训练计划项目(No.201910755047)资助。 |
| |
| 摘 要: | Android移动设备中存储了大量的敏感信息,如通话记录、联系人等,容易成为恶意攻击者的目标。基于静态污点分析技术,提出了一种面向Android平台的隐私泄露检测方法。通过提取Android敏感权限与API,创建两者之间的映射关系,生成Android应用程序的函数调用图,实现了对于大规模应用程序中潜在隐私数据泄露行为的检测。实验结果表明,本文所提出方法的准确率较高,且运行耗时较短,适合于大规模应用程序的检测。
|
| 关 键 词: | Android 敏感数据 隐私泄露 函数调用图 污点分析 |
| 收稿时间: | 2019/8/31 0:00:00 |
| 修稿时间: | 2020/3/9 0:00:00 |
Android Privacy Leak Detection Method Based on Static Taint Analysis |
| |
| Authors: | HU Yingjie ZHANG Linlin ZHAO Kai FANG Wenbo and YU Yuaner |
| |
| Affiliation: | College of Software, Xinjiang University, Urumqi 830091, China,College of Information Science and Engineering, Xinjiang University, Urumqi 830046, China,College of Information Science and Engineering, Xinjiang University, Urumqi 830046, China,College of Software, Xinjiang University, Urumqi 830091, China and College of Information Science and Engineering, Xinjiang University, Urumqi 830046, China |
| |
| Abstract: | Android mobile devices store a large amount of sensitive information, such as call records, contacts, and so on, which is easy to be target of malicious attackers. A privacy leakage detection method based on static taint analysis is proposed. A function call graph of the Android application is generated by extracting Android sensitive permissions and API to create a mapping relationship between them, and to detect potential privacy data leakage behavior in large-scale applications. The experimental results show that the accuracy of the proposed method is higher with shorter running time, which is suitable for the detection of large-scale applications. |
| |
| Keywords: | Android sensitive information privacy leakage call graph taint analysis |
|
| 点击此处可从《》浏览原始摘要信息 |
|
点击此处可从《》下载全文 |
|
