首页 | 本学科首页   官方微博 | 高级检索  
     

Android应用安全缺陷的静态分析技术研究
引用本文:陈 璐,马媛媛,石聪聪,李尼格,李伟伟. Android应用安全缺陷的静态分析技术研究[J]. 计算机工程与应用, 2018, 54(4): 117-121. DOI: 10.3778/j.issn.1002-8331.1608-0546
作者姓名:陈 璐  马媛媛  石聪聪  李尼格  李伟伟
作者单位:全球能源互联网研究院 信息通信研究所,南京 210003
摘    要:随着移动互联网的快速发展,智能手机特别是Android智能手机的用户日益增多,Android应用的安全缺陷层出不穷。将Android应用安全缺陷分为漏洞缺陷、组件缺陷和配置缺陷等三方面,针对这些安全缺陷,对字节码文件进行静态分析,将解析的Android字节码作为检查载体,采用访问者模式为每一种脆弱性检测设计检测器。最后给出了部分代码实现,实践证明能够满足Android应用安全缺陷的静态检测需求。

关 键 词:Android应用  静态分析  安全缺陷  安全漏洞  访问者模式  

Research on Android application security flaws static analysis technology
CHEN Lu,MA Yuanyuan,SHI Congcong,LI Nige,LI Weiwei. Research on Android application security flaws static analysis technology[J]. Computer Engineering and Applications, 2018, 54(4): 117-121. DOI: 10.3778/j.issn.1002-8331.1608-0546
Authors:CHEN Lu  MA Yuanyuan  SHI Congcong  LI Nige  LI Weiwei
Affiliation:Institute of Information and Communication, Global Energy Interconnection Research Institute, Nanjing 210003, China
Abstract:With the rapid development of mobile Internet, the number of smart phone users is increasing, especially Android smart phone users, and the security flaws of Android application security abound. Android application security flaws are divided into three, including vulnerabilities flaws, components flaws and configuration flaws. Focusing on these security flaws, first the bytecode file is static analysis, then the resolution Android bytecode as an inspection vehicle, it uses the visitor pattern to design detector for each species vulnerability. Finally, part of the code is achieved. Practice has proven able to meet the Android application security flaws static inspection requirements.
Keywords:Android application  static analysis  security flaws  security vulnerabilities  visitor pattern  
点击此处可从《计算机工程与应用》浏览原始摘要信息
点击此处可从《计算机工程与应用》下载免费的PDF全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号