摘要
该文描述一种动静态分析结合的Android系统隐私泄漏检测方法。该方法首先利用动态分析技术分析程序实时运行时的真实执行状态,从而识别出具有隐私泄露风险的应用程序及其隐私泄露行为执行路径。接着使用静态分析技术对范围内的应用内容进行分析,最终定位隐私泄露漏洞。实验结果显示,运用动静态分析相结合的方法能够缩短分析时间,同时提高漏洞分析的精确度,减少误判率。在此基础上,能够进一步发现多应用协作的隐私泄露行为,弥补了静态分析方法在检测效率和跨应用检测能力上的不足。
This paper proposes a new approach,which detects privacy leakage vulnerabilities on Android with both dynamic and static ways.Based on dynamic analysis,this method firstly constructs the real execution status in order to recognizing those applica⁃tions that have privacy leakage vulnerabilities and their execution path.Then,using the static analysis to locate the privacy leakage of those applications.The result of experiment shows that this fusion method can increase accuracy of vulnerability analysis and re⁃duce misjudgment ratio while using less time.Besides that,this method can further discovery multiple application privacy leakage vulnerabilities,which makes up the static analysis method in detection efficiency and cross-application detection capability.
作者
苏钰
SU Yu(Network Management and Information Office,Nanjing University of Chinese Medicine,Nanjing 210023,China)
出处
《电脑知识与技术》
2020年第30期42-44,共3页
Computer Knowledge and Technology
