{"title":"基于Android应用静态呼叫图的方法级权限分析","authors":"Yan Hu, W. Kong, Deng Ding, Jun Yan","doi":"10.1109/DSA.2018.00014","DOIUrl":null,"url":null,"abstract":"Android permission system is important for protecting the privacy of mobile phone users. However, Android apps may not always use permissions correctly. In Android, accesses to priviledged hardware or private information are generally conducted by calling APIs protected by certain types of permissions. Thus, people can analyze the method call statistics to gain insights into the usage of permissions in the Android App code. For Android Apps whose source codes are not available, the analysis process will face two major challenges: (1) mapping permission to APIs; (2) handle the thousands of methods and method invocations. To deal with the challenges, we propose a method-level permission usage analysis, which is adopted to analyze the disassembled bytecode of an Android App. We model the behaviors of App code by its static call graph. A social ranking method is applied upon the static call graph, and generate a ranking of all the methods in the target Android App. Based on the ranking results, we further provide a configurable permission-sensitive subgraph generation algorithm to direct our analysis to high ranked method, and inspect permission-specific subgraph of that typical method to get a very clear view of the compact calling structure of permission-sensitive methods.","PeriodicalId":117496,"journal":{"name":"2018 5th International Conference on Dependable Systems and Their Applications (DSA)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Method-Level Permission Analysis Based on Static Call Graph of Android Apps\",\"authors\":\"Yan Hu, W. Kong, Deng Ding, Jun Yan\",\"doi\":\"10.1109/DSA.2018.00014\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Android permission system is important for protecting the privacy of mobile phone users. However, Android apps may not always use permissions correctly. In Android, accesses to priviledged hardware or private information are generally conducted by calling APIs protected by certain types of permissions. Thus, people can analyze the method call statistics to gain insights into the usage of permissions in the Android App code. For Android Apps whose source codes are not available, the analysis process will face two major challenges: (1) mapping permission to APIs; (2) handle the thousands of methods and method invocations. To deal with the challenges, we propose a method-level permission usage analysis, which is adopted to analyze the disassembled bytecode of an Android App. We model the behaviors of App code by its static call graph. A social ranking method is applied upon the static call graph, and generate a ranking of all the methods in the target Android App. Based on the ranking results, we further provide a configurable permission-sensitive subgraph generation algorithm to direct our analysis to high ranked method, and inspect permission-specific subgraph of that typical method to get a very clear view of the compact calling structure of permission-sensitive methods.\",\"PeriodicalId\":117496,\"journal\":{\"name\":\"2018 5th International Conference on Dependable Systems and Their Applications (DSA)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 5th International Conference on Dependable Systems and Their Applications (DSA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DSA.2018.00014\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 5th International Conference on Dependable Systems and Their Applications (DSA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSA.2018.00014","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Method-Level Permission Analysis Based on Static Call Graph of Android Apps
Android permission system is important for protecting the privacy of mobile phone users. However, Android apps may not always use permissions correctly. In Android, accesses to priviledged hardware or private information are generally conducted by calling APIs protected by certain types of permissions. Thus, people can analyze the method call statistics to gain insights into the usage of permissions in the Android App code. For Android Apps whose source codes are not available, the analysis process will face two major challenges: (1) mapping permission to APIs; (2) handle the thousands of methods and method invocations. To deal with the challenges, we propose a method-level permission usage analysis, which is adopted to analyze the disassembled bytecode of an Android App. We model the behaviors of App code by its static call graph. A social ranking method is applied upon the static call graph, and generate a ranking of all the methods in the target Android App. Based on the ranking results, we further provide a configurable permission-sensitive subgraph generation algorithm to direct our analysis to high ranked method, and inspect permission-specific subgraph of that typical method to get a very clear view of the compact calling structure of permission-sensitive methods.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
