摘要
针对目前Android应用第三方库增大了应用程序攻击面的现状,随机选取国内5大知名官方市场上的305个应用进行了安全性分析研究,设计了Android第三方库安全性分析系统。该系统先进行第三方库的检测,细粒度识别出Android应用中的第三方库,再通过逆向工程技术静态分析apk文件,同时在Android模拟器中安装运行apk并监控其相关行为,从而检测出第三方库带来的安全威胁。分析结果显示,相对于当下的移动漏洞扫描平台不能很好对地第三方库进行安全检测的不足,该系统能够有效地检测应用中第三方库的漏洞,具有一定的实用性。
In order to reduce the attack surfaces from third-party used in Android apps, this paper selected 305 official apps randomly from 5 famous markets and proposed a third-party android library security analysis system.First,the system made fine grained identification of the third-party libraries in Android app.Secondly it analyzed apk files through reverse engineering statically,and monitored its related behavior dynamically by installing and running it on the Android emulator.Based those,the system could detect security vulnerabilities resulted from third-party libraries.The experiment shows that this system can effectively detect vulnerabilities from third-party libraries compared to current vulnerability scanning platform,and must be practical.
作者
周敏
周安民
贾鹏
Zhou Min;Zhou Anmin;Jia Peng(College of Electronic & Information Engineering,Sichuan University,Chengdu 610065,China)
出处
《计算机应用研究》
CSCD
北大核心
2018年第8期2417-2420,共4页
Application Research of Computers
关键词
安卓
第三方库
安全威胁
漏洞检测
逆向工程
Android
third-party library;security threat
vulnerability detection
reverse engineering