摘要
Android平台的恶意代码主要通过调用敏感API的方式,盗取用户隐私,造成危害,因此有必要通过拦截敏感API的方式来增强安全能力。然而,现有的防护技术大多都需要对Android系统做出修改。论文设计了一种基于smali注入的敏感API拦截方法,该方法能通过权限-API映射关系识别出敏感API调用,进而在敏感调用中通过插桩方式植入监控和日志功能,从而实现在不更改安卓系统的基础上,实现对敏感API调用的拦截,为运行时的动态授权和控制提供了实施可能。
The malware in Android mainly collects user privacy by calling sensitive APIs. Thus,it is necessary to intercept the sensitive API calls to enhance the security capabilities. At present,most of the existing protection technologies need to make changes to the Android system. This paper designs a sensitive API interception method using the smali injection. This method can identify sensitive API calls through the permission-API mapping,and then embeds monitoring and logging functions into a sensitive call to achieve the effect of intercepting sensitive API calls without changing the Android system.
作者
朱旭超
徐建
ZHU Xuchao;XU Jian(School of Computer Science and Engineering,Nanjing University of Science and Technology,Nanjing 210094)
出处
《计算机与数字工程》
2018年第11期2296-2300,共5页
Computer & Digital Engineering
基金
江苏省研究生科研创新计划(编号:SJLX16_0148)资助
