南京理工大学学报(自然科学版)2017,Vol.41Issue(4):434-441,8.DOI:10.14177/j.cnki.32-1397n.2017.41.04.006
基于状态机的移动应用越权访问漏洞检测方法
Unauthorized access vulnerability detection method based on finite state machines for mobile applications
摘要
Abstract
In order to solve the problem of unauthorized access vulnerability in mobile applications due to the lack of permission verification in the background,this paper proposes a method of mobile applications unauthorized access vulnerability detection based on finite state machines.By constructing the finite state machines of different users,the complete state machine of mobile application is synthesized.Each request in the complete state machine is dynamically reconstructed and the execution result is analyzed to realize the efficient and complete test of the unauthorized access vulnerabilities.Internal mobile applications are selected to do experiments.The experimental results show that the proposed method finds all hidden unauthorized access vulnerabilities.Unauthorized access vulnerabilities can be accurately detected through the proposed unauthorized access vulnerability detection method.关键词
移动应用/状态机/越权访问/漏洞检测/动态重构Key words
mobile applications/finite state machines/unauthorized access/vulnerability detection/dynamic reconstruction分类
信息技术与安全科学引用本文复制引用
姜海涛,郭雅娟,陈昊,郭静,周超,徐建..基于状态机的移动应用越权访问漏洞检测方法[J].南京理工大学学报(自然科学版),2017,41(4):434-441,8.基金项目
国网江苏省电力公司科技项目资助(J2016022) (J2016022)
