| Android安全漏洞挖掘技术综述 |
| |
| 引用本文: | 张玉清, 方喆君, 王凯, 王志强, 乐洪舟, 刘奇旭, 何远, 李晓琦, 杨刚. Android安全漏洞挖掘技术综述[J]. 计算机研究与发展, 2015, 52(10): 2167-2177. DOI: 10.7544/issn1000-1239.2015.20150572 |
| |
| 作者姓名: | 张玉清 方喆君 王凯 王志强 乐洪舟 刘奇旭 何远 李晓琦 杨刚 |
| |
| 作者单位: | 1.1(中国科学院大学国家计算机网络入侵防范中心 北京 101408);2.2(综合业务网理论及关键技术国家重点实验室(西安电子科技大学) 西安 710071);3.3(国家计算机网络应急技术处理协调中心 北京 100029);4.4(北京电子科技学院 北京 100070) (zhangyq@ucas.ac.cn) |
| |
| 基金项目: | 国家自然科学基金项目(61272481,61572460);国家发改委信息安全专项(发改办高技[2012]1424号) |
| |
| 摘 要: | 安全漏洞在Android系统的安全性中处于核心地位,因此如何有效挖掘Android系统安全漏洞,已成为增强移动终端安全性、保护用户安全和隐私的重要技术手段,具有重要的理论和现实意义.首先对Android领域2008—2015年间漏洞数量趋势和种类进行了汇总,然后分类分析了Android安全领域顶级会议上2012—2014年间的学术研究进展.在此基础上,给出了Android漏洞挖掘技术的总体概览,并针对漏洞挖掘领域中使用较多的污染流传播分析、可达路径分析、符号执行、Fuzzing测试等技术进行详细阐述,还对混合符号执行和定向Fuzzing等动静态结合的技术进行了介绍.最后对Android漏洞挖掘领域的开源工具进行了总结,并讨论了值得进一步深入研究的安全问题.
|
| 关 键 词: | Android安全 综述 漏洞挖掘 静态分析 动态分析 |
Survey of Android Vulnerability Detection |
| |
| Zhang Yuqing, Fang Zhejun, Wang Kai, Wang Zhiqiang, Yue Hongzhou, Liu Qixu, He Yuan, Li Xiaoqi, Yang Gang. Survey of Android Vulnerability Detection[J]. Journal of Computer Research and Development, 2015, 52(10): 2167-2177. DOI: 10.7544/issn1000-1239.2015.20150572 |
| |
| Authors: | Zhang Yuqing Fang Zhejun Wang Kai Wang Zhiqiang Yue Hongzhou Liu Qixu He Yuan Li Xiaoqi Yang Gang |
| |
| Affiliation: | 1.1(National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 101408);2.2(State Key Laboratory of Integrated Services Networks (Xidian University), Xi’an 710071);3.3(National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing 100029);4.4(Beijing Electronic Science and Technology Institute, Beijing 100070) |
| |
| Abstract: | Vulnerability plays a critical role in Android security. Therefore it is very meaningful to do research on vulnerability detection techniques, which can enhance Android security and protect user’s privacy. In this paper, we firstly summary the number trends and categories of Android vulnerabilities from 2008 to 2015. Then we analyze the research progress of Android security from 2012 to 2014 and propose an overview of Android vulnerability detection techniques. After that, we detail the techniques frequently using in current researches, such as taint analysis, reachable path discovery, symbolic execution and fuzzing test. In addition, we also focus on the techniques combining static analysis and dynamic test such as concolic testing and directed fuzzing. At last, we conclude the status quo and open source tools in Android vulnerability detection, and propose valuable issues which are worth further studying. |
| |
| Keywords: | Android security survey vulnerability detection static analysis dynamic analysis |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机研究与发展》浏览原始摘要信息 |
|
点击此处可从《计算机研究与发展》下载全文 |
|
