期刊文献+

基于污染变量关系图的Android应用污点分析工具 被引量:5

Taint Analysis Tool of Android Applications Based on Tainted Value Graph
下载PDF
导出
摘要 污点分析技术是检测Android智能手机隐私数据泄露的有效方法,目前主流的Android应用污点分析工具主要关注分析的精度,常常忽略运行效率的提升.在分析一些复杂应用时,过大的开销可能造成超时或程序崩溃等问题,影响工具的广泛使用.为了减少分析时间、提高效率,提出一种基于污染变量关系图的污点分析方法.该方法定义了污染变量关系图用于描述程序中污染变量及其关系,摒弃了传统数据流分析框架,将污点分析和别名分析进行结合,从程序中抽象出污染变量关系图和潜在污染流,并在控制流图上对潜在污染流进行验证以提高精度.详细描述了基于该方法所实现的工具FastDroid的架构、模块及算法细节.实验使用了3个不同的测试集,分别为DroidBench-2.0,MalGenome以及Google Play上随机下载的1517个应用.实验结果表明:FastDroid在DroidBench-2.0测试集上的查准率和查全率分别达到93.3%和85.8%,比目前主流工具Flow Droid更高,并且在3个测试集上所用的分析时间更少且更稳定. The taint analysis technology is an effective method to detect the privacy data leakage of Android smart phones.However,the state-of-the-art tools of taint analysis for Android applications mainly focus on the accuracy with few of them addressing the importance of the efficiency and time cost.Actually,the high cost may cause problems such as timeouts or program crashes when the tools analyze some complex applications,which block them from wide usage.This study proposes a novel taint analysis approach based on the tainted value graph,which reduces the time cost and improves the efficiency.The tainted value graph is formalized to describe the tainted values and their relationships and the taint analysis and alias analysis are combined together without using the traditional data flow analysis framework.In addition,the taint flows are verified on the control flow graph to improve accuracy.The architecture,modules,and algorithmic details of the proposed tool FastDroid are also described in this paper.The tool is evaluated on three test suites:DroidBench-2.0,MalGenome,and 1517 apps randomly downloaded from Google Play.The experimental results show that,compared with the tool FlowDroid,FastDroid has a higher precision of 93.3%and a higher recall of 85.8%on DroidBench-2.0,and the time cost for analysis is less and more stable on all the test suites.
作者 张捷 田聪 段振华 ZHANG Jie;TIAN Cong;DUAN Zhen-Hua(School of Computer Science and Technology,Xidian University,Xi’an 710071,China)
出处 《软件学报》 EI CSCD 北大核心 2021年第6期1701-1716,共16页 Journal of Software
基金 科技部重点研发计划(2018AAA0103202) 国家自然科学基金(61732013,61751207) 陕西省科技创新团队(2019TD-001)。
关键词 静态分析 污点分析 软件安全 隐私保护 ANDROID应用 static analysis taint analysis software security privacy protection Android applications
  • 相关文献

参考文献2

二级参考文献57

  • 1Shaw M. Truth Vs. knowledge: The difference between what a component does and what we know it does//Proeeedings of the 8th International Workshop Software Specification and Design. Budapest, Hungary, 1996: 181- 185.
  • 2Binkley David. Source code analysis: A road map//Proceedings of the Future of Software Engineering. Minneapolis, MN, USA, 2007:104 -119.
  • 3Dwyer Matthew B, Hatcliff John, Robby, Pasareanu Corina S, Visser Willem. Formal software analysis emerging trends in software model cheeking//Proceedings of the Future of Software Engineering. Minneapolis, MN, USA, 2007: 120- 136.
  • 4Flemming Nielson, Hanne Riis Nielson, Chris Hankin. Principles of Program Analysis. Berlin, Germany: Springer Verlag, 2005.
  • 5Jackson Daniel, Rinard Martin. Software analysis: A roadmap//Proceedings of the Future of Software Engineering. Limerick, Ireland, 2000:133-145.
  • 6Aho Alfred V, Sethi Ravi, Ullman Jeffrey D. Compilers: Principles, Techniques, and Tools. New Jersey, USA: Addison-Wesley, 1986.
  • 7Clarke E M, Jr Grumberg O, Peled D A. Model Checking, Cambridge, MA: MIT Press, 2000.
  • 8Ball T, Rajamani S K. Automatically validating temporal safety properties of interfaces//Dwyer M B ed. Proceedings of the 8th SPIN Workshop. LNCS 2057. Springer, 2001:103-122.
  • 9Chen H, Wagner D A. MOPS: An infrastructure for examining security properties of software//Proceedings of the 9th ACM Conference on Computer and Communications Security. Washengton, DC, USA, 2002:235-244.
  • 10Corbett J et al. Bandera: Extracting finite-state models from Java source code//Proceedings of the 22nd ICSE. Limerick, Ireland, 2000:439-458.

共引文献147

同被引文献56

引证文献5

二级引证文献4

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部