摘要
各大Android应用市场上的App的数量不断增加,Android应用程序安全问题也日益突出。其中能力泄露也是众多安全问题之一,这种能力泄露可能使恶意软件通过Android安全机制绕过达到权限提升和隐私泄露,因此在此前提下,研究一种基于静态污点分析检测能力泄露框架,该框架采用静态污点分析,使用过程间控制流图搜索和静态污点检查来检测Android应用中的可利用的数据路径,从而达到检测能力泄露漏洞的目的。
The number of App in each major market is increasing,and the problem of Android application security is more and more prominent.One of the many security issues is capability leak,which may allow malware to bypass privilege escalation and privacy leaks through Android se.curity mechanisms.Therefore,based on static stain analysis,proposes a leak detection framework.The framework uses static stain analysis,interprocess control flow graph search and static stain checking to detect the available data paths in Android application,in order to achieve the purpose of detecting the leak.
作者
陈纯
周安民
CHEN Chun;ZHOU An-min(College of Electronic Information,Sichuan University,Chengdu 610065)
出处
《现代计算机》
2019年第9期94-100,共7页
Modern Computer