基于动态污点分析技术的Android软件漏洞挖掘框架

2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC) Pub Date : 2019-03-15 DOI:10.1109/ITNEC.2019.8729217

Zhao Min, Yang Haimin, Chen Ping, Yang Zhengxing

{"title":"基于动态污点分析技术的Android软件漏洞挖掘框架","authors":"Zhao Min, Yang Haimin, Chen Ping, Yang Zhengxing","doi":"10.1109/ITNEC.2019.8729217","DOIUrl":null,"url":null,"abstract":"Security vulnerability mining is at the core of Android system security research. How to effectively exploit Android system security vulnerabilities has become an important technical means to enhance the security of smartphones and protect user security and privacy. An Android software vulnerability mining framework based on dynamic taint analysis technology is designed in this paper. Firstly, it analyzes the shortcomings of existing vulnerability mining technology, then gives the detailed design of the framework, and then discusses in detail the taint propagation analysis under Java context. Complete the switching between Java context and native context taint analysis environment at runtime, instruction preprocessing and other key techniques of Android vulnerability mining based on dynamic taint analysis theory. Finally, summarizes the whole paper and puts forward the problem worthy of further study.","PeriodicalId":202966,"journal":{"name":"2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-03-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Android software vulnerability mining framework based on dynamic taint analysis technology\",\"authors\":\"Zhao Min, Yang Haimin, Chen Ping, Yang Zhengxing\",\"doi\":\"10.1109/ITNEC.2019.8729217\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security vulnerability mining is at the core of Android system security research. How to effectively exploit Android system security vulnerabilities has become an important technical means to enhance the security of smartphones and protect user security and privacy. An Android software vulnerability mining framework based on dynamic taint analysis technology is designed in this paper. Firstly, it analyzes the shortcomings of existing vulnerability mining technology, then gives the detailed design of the framework, and then discusses in detail the taint propagation analysis under Java context. Complete the switching between Java context and native context taint analysis environment at runtime, instruction preprocessing and other key techniques of Android vulnerability mining based on dynamic taint analysis theory. Finally, summarizes the whole paper and puts forward the problem worthy of further study.\",\"PeriodicalId\":202966,\"journal\":{\"name\":\"2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC)\",\"volume\":\"23 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-03-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ITNEC.2019.8729217\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ITNEC.2019.8729217","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

安全漏洞挖掘是Android系统安全研究的核心。如何有效利用Android系统的安全漏洞，已成为提升智能手机安全性、保护用户安全隐私的重要技术手段。本文设计了一个基于动态污点分析技术的Android软件漏洞挖掘框架。首先分析了现有漏洞挖掘技术的不足，然后给出了框架的详细设计，然后详细讨论了Java环境下的污染传播分析。基于动态污染分析理论，完成运行时Java上下文与本机上下文污染分析环境切换、指令预处理等Android漏洞挖掘关键技术。最后对全文进行了总结，并提出了值得进一步研究的问题。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Android software vulnerability mining framework based on dynamic taint analysis technology

Security vulnerability mining is at the core of Android system security research. How to effectively exploit Android system security vulnerabilities has become an important technical means to enhance the security of smartphones and protect user security and privacy. An Android software vulnerability mining framework based on dynamic taint analysis technology is designed in this paper. Firstly, it analyzes the shortcomings of existing vulnerability mining technology, then gives the detailed design of the framework, and then discusses in detail the taint propagation analysis under Java context. Complete the switching between Java context and native context taint analysis environment at runtime, instruction preprocessing and other key techniques of Android vulnerability mining based on dynamic taint analysis theory. Finally, summarizes the whole paper and puts forward the problem worthy of further study.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC)

自引率

0.00%

发文量