期刊文献+

Android生态系统中面向第三方SDK安全的静态和动态分析

Static and Dynamic Analysis of Third-party SDK Security in Android Ecosystems
下载PDF
导出
摘要 提出Android生态第三方SDK安全性的分析框架,考虑到单独的第三方SDK无法独立运行,选择第三方SDK的demo应用作为分析对象。为了提高分析准确性,采用静态污点追踪、动态污点追踪建立第三方SDK的静态、动态分析框架。通过动态执行第三方demo应用,进行安全问题验证。最后通过选取目前市场上流行的第三方SDK进行安全性分析,分析结果表明,超过60%的SDK中存在不同类型的漏洞对应用程序造成严重威胁。 The security analysis framework of Android ecological third party SDK is proposed.Considering that individual third-party SDK cannot run independently,the demo application of the third-party SDK is selected as the analysis object.In order to improve the analysis accuracy,the static and dynamic analysis framework of third-party SDK is established by using static stain tracking and dynamic stain tracking.By dynamically executing third-party demo applications,security problem verification is carried out.Finally,through the selection of the current market popular third-party SDKs for security analysis,the analysis results show that more than 60%of the SDKs have different types of vulnerabilities that pose a serious threat to the application.
作者 蔡迎兵 CAI Yingbing(Management Office of Teaching Equipment and Laboratory, Shaanxi Xueqian Normal University, Xi’an 710100, China)
出处 《微型电脑应用》 2021年第6期55-57,共3页 Microcomputer Applications
基金 2019年陕西省教育厅专项科学研究项目(19JK0212)。
关键词 第三方SDK 静态分析 动态分析 安全隐患 third party SDK static analysis dynamic analysis security risks
  • 相关文献

参考文献5

二级参考文献17

共引文献11

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部