计算机工程与应用 ›› 2018, Vol. 54 ›› Issue (4): 117-121.DOI: 10.3778/j.issn.1002-8331.1608-0546

• 网络、通信与安全 • 上一篇    下一篇

Android应用安全缺陷的静态分析技术研究

陈  璐,马媛媛,石聪聪,李尼格,李伟伟   

  1. 全球能源互联网研究院 信息通信研究所,南京 210003
  • 出版日期:2018-02-15 发布日期:2018-03-07

Research on Android application security flaws static analysis technology

CHEN Lu, MA Yuanyuan, SHI Congcong, LI Nige, LI Weiwei   

  1. Institute of Information and Communication, Global Energy Interconnection Research Institute, Nanjing 210003, China
  • Online:2018-02-15 Published:2018-03-07

摘要: 随着移动互联网的快速发展,智能手机特别是Android智能手机的用户日益增多,Android应用的安全缺陷层出不穷。将Android应用安全缺陷分为漏洞缺陷、组件缺陷和配置缺陷等三方面,针对这些安全缺陷,对字节码文件进行静态分析,将解析的Android字节码作为检查载体,采用访问者模式为每一种脆弱性检测设计检测器。最后给出了部分代码实现,实践证明能够满足Android应用安全缺陷的静态检测需求。

关键词: Android应用, 静态分析, 安全缺陷, 安全漏洞, 访问者模式

Abstract: With the rapid development of mobile Internet, the number of smart phone users is increasing, especially Android smart phone users, and the security flaws of Android application security abound. Android application security flaws are divided into three, including vulnerabilities flaws, components flaws and configuration flaws. Focusing on these security flaws, first the bytecode file is static analysis, then the resolution Android bytecode as an inspection vehicle, it uses the visitor pattern to design detector for each species vulnerability. Finally, part of the code is achieved. Practice has proven able to meet the Android application security flaws static inspection requirements.

Key words: Android application, static analysis, security flaws, security vulnerabilities, visitor pattern