计算机应用与软件Issue(1):311-314,333,5.DOI:10.3969/j.issn.1000-386x.2014.01.084
Android平台下软件安全漏洞挖掘方法研究
RESEARCH ON SECURITY VULNERABILITIES MINING METHOD FOR SOFTWARE ON ANDROID PLATFORM
龚炳江 1唐宇敬1
作者信息
- 1. 河北工程大学信息与电气工程学院 河北 邯郸056038
- 折叠
摘要
Abstract
In order to reduce the privacy data leak problems of the Android system users,we put forward a vulnerability mining method aiming at the source code of the Android applications.On the basis of Android vulnerability database and permission-method set,the method adopts static analysis to obtain the algebraic expression of special permission vulnerability matrix of Android and the test case of vulnerability points,mutates the test cases based on vulnerability knowledge to obtain semi-efficient data,and uses stain injection and data flow analysis to mine Fuzzing.Through example analyses on 400 Android applications source code,the results show that the method can mine the conventional vulnerability and has distinct effect in mining the special permission information vulnerability of Android.The number of the test cases derived from using constraint analysis is less,and the pertinency of semi-efficient data derived from vulnerability knowledge is high.This method has high code coverage and precision as well.关键词
安全漏洞/Android/权限/静态分析/FuzzingKey words
Security vulnerability/Android Permission/Static analysis/Fuzzing分类
信息技术与安全科学引用本文复制引用
龚炳江,唐宇敬..Android平台下软件安全漏洞挖掘方法研究[J].计算机应用与软件,2014,(1):311-314,333,5.
