首页 | 本学科首页   官方微博 | 高级检索  
     

Android系统应用程序组件安全性分析
引用本文:曾立鹍,唐泉彬,牛斗. Android系统应用程序组件安全性分析[J]. 软件, 2014, 0(3): 147-151
作者姓名:曾立鹍  唐泉彬  牛斗
作者单位:东北电力大学信息工程学院,吉林132012
摘    要:针对当前Android系统第三方应用程序组件中普遍存在的各种安全问题,分析了引起这种问题的原因。提出了一种基于静态分析Android应用程序中四种组件的属性信息和Java系统服务中的敏感API(Application Programming Interface)调用信息,通过构建Android应用程序的函数调用关系图,检测组件入口函数和和敏感API之间可能存在的不安全的静态可执行路径。该方案主要利用反编译、XML(extensible markup language)文件解析和正则表达式匹配技术以获取应用程序的组件和敏感API的调用信息。实验结果表明了该方案的可行性和有效性。

关 键 词:组件安全性  静态检测  函数调用关系图  静态可执行路径

Analysis the Security of Components in Android Application
ZENG Li-kun,TANG Quan-bin,NIU Dou. Analysis the Security of Components in Android Application[J]. Software, 2014, 0(3): 147-151
Authors:ZENG Li-kun  TANG Quan-bin  NIU Dou
Affiliation:(College of Information Engineering, Northeast Dianli University, Jilin,Jilin 132012, China.)
Abstract:In order to reduce the variety of security issues of Android application components widespread in the third markets, the article analyzed the cause of this issues at first, and then proposed a detection method by static detecting the attribute information of four components and sensitive Java system services APIs (Application Programming Interface) in Android application, perform static executable path detection to detect security risks that might exist from components entry function to services APIs in the Android application components by constructing a function calling graph. The system mainly use decompile, XML (extensible markup language) file parsing and regular expression matching techniques to obtain information about the application's components and sensitive APIs. Experimental results show the feasibility and effectiveness of this system.
Keywords:Android  Android  Component Security  Static Detection  Function Calling Graph  Static Executable Path
本文献已被 维普 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号