摘要
针对目前iOS平台隐私泄露检测缺乏系统性的评估方法,提出了一种多维度iOS隐私泄露评估模型。该模型分为综合静态分析、动态分析和网络数据分析方法,从多维度对应用程序隐私泄露行为进行特征抽取和评估。实验测试了30款来自苹果App Store不同类型的应用程序,发现超过50%的应用程序会读取用户位置信息,约40%的应用程序存在未经用户同意发送数据到服务器的情况。该模型弥补了单一使用静态分析或动态分析方法的局限性,有效解决了隐私泄露的量化问题。
The existing i OS platform is lacking ofsystematic assessment methods of privacy leak detection. To solve this problem, a multi-dimensional i OSprivacy disclosure evaluation model was presented. This model combined static analysis, dynamic analysis and network data analysis method to extract the features of the application's privacy disclosure behavior and evaluate it form multiple dimensions way. The model on 30 different types of apps from the i OS App Store and found out that more than 50% of all investigated apps aretracking users' locations were evaluated, almost 40% of all send data to a server without the user's consent. The model makes up for the limitations of single static analysis or dynamic analysis methods, solves the quantization problem of privacy disclosure effectively.
出处
《网络与信息安全学报》
2016年第4期73-79,共7页
Chinese Journal of Network and Information Security
基金
国家重点基础研究发展计划("973"计划)基金资助项目(No.2013CB338003)~~
关键词
IOS
隐私泄露
静态分析
动态分析
网络数据分析
iOS
privacy disclosure
static analysis
dynamic analysis
network data analysis