| Android应用安全缺陷的静态分析技术研究 |
| |
| 引用本文: | 陈 璐,马媛媛,石聪聪,李尼格,李伟伟.Android应用安全缺陷的静态分析技术研究[J].计算机工程与应用,2018,54(4):117-121. |
| |
| 作者姓名: | 陈 璐 马媛媛 石聪聪 李尼格 李伟伟 |
| |
| 作者单位: | 全球能源互联网研究院 信息通信研究所,南京 210003 |
| |
| 摘 要: | 随着移动互联网的快速发展,智能手机特别是Android智能手机的用户日益增多,Android应用的安全缺陷层出不穷。将Android应用安全缺陷分为漏洞缺陷、组件缺陷和配置缺陷等三方面,针对这些安全缺陷,对字节码文件进行静态分析,将解析的Android字节码作为检查载体,采用访问者模式为每一种脆弱性检测设计检测器。最后给出了部分代码实现,实践证明能够满足Android应用安全缺陷的静态检测需求。
|
| 关 键 词: | Android应用 静态分析 安全缺陷 安全漏洞 访问者模式 |
Research on Android application security flaws static analysis technology |
| |
| CHEN Lu,MA Yuanyuan,SHI Congcong,LI Nige,LI Weiwei.Research on Android application security flaws static analysis technology[J].Computer Engineering and Applications,2018,54(4):117-121. |
| |
| Authors: | CHEN Lu MA Yuanyuan SHI Congcong LI Nige LI Weiwei |
| |
| Affiliation: | Institute of Information and Communication, Global Energy Interconnection Research Institute, Nanjing 210003, China |
| |
| Abstract: | With the rapid development of mobile Internet, the number of smart phone users is increasing, especially Android smart phone users, and the security flaws of Android application security abound. Android application security flaws are divided into three, including vulnerabilities flaws, components flaws and configuration flaws. Focusing on these security flaws, first the bytecode file is static analysis, then the resolution Android bytecode as an inspection vehicle, it uses the visitor pattern to design detector for each species vulnerability. Finally, part of the code is achieved. Practice has proven able to meet the Android application security flaws static inspection requirements. |
| |
| Keywords: | Android application static analysis security flaws security vulnerabilities visitor pattern |
|
| 点击此处可从《计算机工程与应用》浏览原始摘要信息 |
|
点击此处可从《计算机工程与应用》下载全文 |
|
