| Android系统应用程序组件安全性分析 |
| |
| 引用本文: | 曾立鹍,唐泉彬,牛斗.Android系统应用程序组件安全性分析[J].软件,2014(3):147-151. |
| |
| 作者姓名: | 曾立鹍 唐泉彬 牛斗 |
| |
| 作者单位: | 东北电力大学信息工程学院,吉林132012 |
| |
| 摘 要: | 针对当前Android系统第三方应用程序组件中普遍存在的各种安全问题,分析了引起这种问题的原因。提出了一种基于静态分析Android应用程序中四种组件的属性信息和Java系统服务中的敏感API(Application Programming Interface)调用信息,通过构建Android应用程序的函数调用关系图,检测组件入口函数和和敏感API之间可能存在的不安全的静态可执行路径。该方案主要利用反编译、XML(extensible markup language)文件解析和正则表达式匹配技术以获取应用程序的组件和敏感API的调用信息。实验结果表明了该方案的可行性和有效性。
|
| 关 键 词: | 组件安全性 静态检测 函数调用关系图 静态可执行路径 |
Analysis the Security of Components in Android Application |
| |
| ZENG Li-kun,TANG Quan-bin,NIU Dou.Analysis the Security of Components in Android Application[J].Software,2014(3):147-151. |
| |
| Authors: | ZENG Li-kun TANG Quan-bin NIU Dou |
| |
| Affiliation: | (College of Information Engineering, Northeast Dianli University, Jilin,Jilin 132012, China.) |
| |
| Abstract: | In order to reduce the variety of security issues of Android application components widespread in the third markets, the article analyzed the cause of this issues at first, and then proposed a detection method by static detecting the attribute information of four components and sensitive Java system services APIs (Application Programming Interface) in Android application, perform static executable path detection to detect security risks that might exist from components entry function to services APIs in the Android application components by constructing a function calling graph. The system mainly use decompile, XML (extensible markup language) file parsing and regular expression matching techniques to obtain information about the application's components and sensitive APIs. Experimental results show the feasibility and effectiveness of this system. |
| |
| Keywords: | Android Android Component Security Static Detection Function Calling Graph Static Executable Path |
| 本文献已被 维普 等数据库收录! |
