计算机科学 ›› 2018, Vol. 45 ›› Issue (4): 163-168.doi: 10.11896/j.issn.1002-137X.2018.04.027
吴姝,周安民,左政
WU Shu, ZHOU An-min and ZUO Zheng
摘要: 苹果公司对App Store上的每一款应用程序都进行了审核,包括是否存在访问用户敏感信息的私有API调用,但是仍有恶意应用通过了该项审查。针对iOS应用程序中私有API的调用问题,提出了一种动、静态相结合的检测技术PDiOS。通过反向分片和常量传播的静态分析方式来处理大部分API调用,基于强制执行的动态迭代分析来处理剩余API。静态分析包含了对二进制文件的全面分析以及对资源文件中隐式调用的处理,动态分析主要依赖于二进制动态分析框架进行迭代分析。最后通过对比公开头文件中的API来确定私有API的调用。在对官方商店的1012款应用程序的检测中,确认有82款应用程序存在共128个不同的私有API调用。在对企业证书签名的32款应用程序的检测中,确认有26款使用了私有API调用。
[1] JOORABCHI M E,MESBAH A.Reverse engineering iOS mobile applications[C]∥2012 19th Working Conference on Reverse Engineering(WCRE).IEEE,2012:177-186. [2] KURTZ A,GASCON H,BECKER T,et al.Fingerprinting mobile devices using personalized configurations[J].Proceedings on Privacy Enhancing Technologies,2016,6(1):4-19. [3] EGELE M,KRUEGEL C,KIRDA E,et al.PiOS:Detecting Privacy Leaks in iOS Applications[C]∥NDSS.2011:177-183. [4] DENG Z,SALTAFORMAGGIO B,ZHANG X,et al.iRiS:Vetting private api abuse in ios applications[C]∥Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security.ACM,2015:44-56. [5] SERIOT N.iPhone Privacy[EB/OL].[2010-02-03].http://seriot.ch/resources/talks_papers/iPhonePrivacy.pdf. [6] iOS Technology Overview[EB/OL].[2016-05-01].https://developer.apple.com/library/content/documentation/Miscellaneous/Conceptual/iPhoneOSTechOverview/Introduction/Introduction.html#//apple_ref/doc/uid/TP40007898-CH1-SW1. [7] 关东升.iOS开发指南[M].北京:人民邮电出版社,2016. [8] AGARWAL Y,HALL M.ProtectMyPrivacy:detecting and mi-tigating privacy leaks on iOS devices using crowdsourcing[C]∥11th Annual International Conference on Mobile Systems,Applications,and Services.ACM,2013:97-110. [9] GARCA L,RODRGUEZ R J.A Peek under the Hood of iOS Malware[C]∥2016 11th International Conference on Availability,Reliability and Security(ARES).IEEE,2016:590-598. [10] MOU L,LU Z,LI H,et al.Coupling distributed and symbolicexecution for natural language queries[J].arXiv preprint arXiv:1612.02741,2016. [11] PENG F,DENG Z,ZHANG X,et al.X-Force:Force-Executing Binary Programs for Security Applications[C]∥USENIX Security Symposium.2014:829-844. [12] Hex-Rays.IDA Pro.http://www.hex-rays.com/idapro. [13] WEISER M.Program slicing[C]∥International Conference on Software Engineering.IEEE Press,1981:439-449. [14] SABELFELD A,MYERS A C.Language-based information-flow security[J].IEEE Journal on Selected Areas in Communications,2003,21(1):5-19. [15] NETHERCOTE N,SEWARD J.Valgrind:a framework forheavy weight dynamic binary instrumentation[J].ACM Sigplan notices,ACM,2007,42(6):89-100. [16] LEVIN J.Mac OS X and IOS Internals:To the Apple’s Core[M].England:John Wiley & Sons,2012. |
No related articles found! |
|