期刊文献+

一种面向Android应用第三方库的安全性分析框架 被引量:1

Framework for analyzing security of third-party libraries in Android apps
下载PDF
导出
摘要 针对目前Android应用第三方库增大了应用程序攻击面的现状,随机选取国内5大知名官方市场上的305个应用进行了安全性分析研究,设计了Android第三方库安全性分析系统。该系统先进行第三方库的检测,细粒度识别出Android应用中的第三方库,再通过逆向工程技术静态分析apk文件,同时在Android模拟器中安装运行apk并监控其相关行为,从而检测出第三方库带来的安全威胁。分析结果显示,相对于当下的移动漏洞扫描平台不能很好对地第三方库进行安全检测的不足,该系统能够有效地检测应用中第三方库的漏洞,具有一定的实用性。 In order to reduce the attack surfaces from third-party used in Android apps, this paper selected 305 official apps randomly from 5 famous markets and proposed a third-party android library security analysis system.First,the system made fine grained identification of the third-party libraries in Android app.Secondly it analyzed apk files through reverse engineering statically,and monitored its related behavior dynamically by installing and running it on the Android emulator.Based those,the system could detect security vulnerabilities resulted from third-party libraries.The experiment shows that this system can effectively detect vulnerabilities from third-party libraries compared to current vulnerability scanning platform,and must be practical.
作者 周敏 周安民 贾鹏 Zhou Min;Zhou Anmin;Jia Peng(College of Electronic & Information Engineering,Sichuan University,Chengdu 610065,China)
出处 《计算机应用研究》 CSCD 北大核心 2018年第8期2417-2420,共4页 Application Research of Computers
关键词 安卓 第三方库 安全威胁 漏洞检测 逆向工程 Android third-party library;security threat vulnerability detection reverse engineering
  • 相关文献

参考文献3

二级参考文献25

  • 1Ritchie 0 M,Thompson K. The UNIX time-sharing system [ J ]. BellSystem Technical Journal, 1978,57(6): 1905-1929.
  • 2Qiu Lili, Zhang Yin, Wang Feng, et al. Trusted computer systemevaluation criteria [ S ]. [ S. 1. ] : National Computer Security Center,1985.
  • 3Barrera D, Kayacik H G, Van Oorschot P C, ei al. A methodologyfor empirical analysis of permission-based security models and its ap-plication to Android[ C ] //Proc of the 17th ACM Conference on Com-puter and Communications Security. New York : ACM Press, 2010 :73-84.
  • 4Felt A P, Greenwood K, Wagner D. The effectiveness of install-timepermission systems for third-party applications, UCB/EECS-2010-143[R]. Berkeley: University of California, 2010.
  • 5Felt A P, Ha E, Egelman S, et al. Android permissions: user atten-tion, comprehension, and behavior[ C ] //Proc of the 8th Symposiumon Usable Privacy and Security. New York : ACM Press, 2012 : 3.
  • 6Nauman M, Khan S, Zhang X. Apex: extending Android permissionmodel and enforcement with user-defined runtime constraints [ C ]//Proc of the 5th ACM Symposium on Information, Computer and Com-munications Security. New York:ACM Press, 2010: 328-332.
  • 7Conti M,Nguyen V T N, Crispo B. CRePE: context-related policyenforcement for Android [ M ] //Information Security. Berlin : Sprin-ger, 2011: 331-345.
  • 8Ongtang M,McLaughlin S,Enck W,et al. Semantically rich appli-cation-centric security in Android [ J ]. Security 3nd Communica-tion Networks, 2012, 5(6) : 658-673.
  • 9Davi L, Dmitrienko A, Sadeghi A R, ef al. Privilege escalationattacks on Android [ M ]//Information Security. Berlin : Springer,2011: 346-360.
  • 10Dietz M, Shekhar S, Pisetsky Y,et al. QUIRE : lightweight prove-nance for smart phone operating systems [ C ] //Proc of the 20 th USE-NIX Security Symposium. 2011.

共引文献39

同被引文献20

引证文献1

二级引证文献1

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部