摘要
提出了一种基于静态分析的Android应用动态分析事件输入生成方法。以组件间调用图和单个组件内部系统依赖图为基础,提取组件内部安全相关回调方法依赖的事件输入,并设计了一种事件输入算法,自动生成Android应用运行时依赖的事件输入。实验结果表明,相比已有工作,所提方法能够达到更高的权限方法和基本组件覆盖率,覆盖更多安全相关的执行路径,有助于动态分析过程中收集更多安全相关的运行时行为。
A static-analysis-based event input generation approach for Android applications was proposed. Based on the inter-component call graph and the system dependence graph of single component, the event inputs that security-related callbacks depend on were extracted. Furthermore, an event input algorithm was designed to automatically generate event inputs according to Android application runtime. The experimental results show that the proposed method can achieve higher coverage of permission methods and basic components, which can cover more security-related execution paths and help to collect more security-related runtime behaviors during the process of dynamic analysis.
出处
《网络与信息安全学报》
2017年第6期21-32,共12页
Chinese Journal of Network and Information Security
基金
江苏省自然科学基金资助项目(No.BK20131069)~~
