计算机科学 ›› 2015, Vol. 42 ›› Issue (12): 143-147.
闫晋佩,何晖,安文欢,张小辉,任建宝,齐勇
YAN Jin-pei, HE Hui, AN Wen-huan, ZHANG Xiao-hui, REN Jian-bao and QI Yong
摘要: 根据目前第三方Android应用市场应用存在的重新打包行为,随机选取国内官方的150个应用以及作为对比的第三方应用市场的572个同款应用,设计了Android重新打包应用安全检测系统。该系统先进行相似性计算,细粒度识别出重新打包应用,再通过逆向工程获得其资源文件,根据系统API与权限之间的映射匹配分析其越权行为,并根据构建的方法控制流图分析其权限滥用行为。系统通过并行化处理检测出第三方应用市场存在33.17%的重新打包应用,其中19.58%修改了权限。在修改过权限的应用中,45.95%存在越权行为,27.03%存在滥用权限行为。
| [1] AppBrain.http://www.appbrain.com/stats/number-of-android-apps [2] Au K W Y,Zhou Yi-fan,Huang Zhen,et al.D.PScout:analyzing the android permission specification[C]∥Proceedings of the 19thACM Conference on Computer and Communications Security.2012:217-228 [3] Aho A V,Lam M S,Sethi R,et al.Compilers:Principles,Techniques,and Tools[M].Prentice Hall,2006:399-408 [4] Gunasekera S.Android Apps Security[M].Beijing:Publishing House of Electronics Industry,2013:37-53 [5] Yang Bo,Tang Zhu-shou,Zhu Hao-jin,et al.Method of Android Applications Permission Detection Based on Static Dataflow Analysis[J].Computer Science,2012,9(11A):16-18 [6] Zhou Wu,Zhou Ya-jin,Jiang Xu-xian,et al.DroidMOSS:Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces[C]∥Proceedings of the 2nd ACM CODASPY.2012:317-326 [7] Mitchell M,Tian Guang-yu,Wang Zhi.Systematic Audit ofThird-Party Android Phones[C]∥Proceedings of the 4th ACM Conference on Data and Application Security and Privacy.2014:175-186 [8] Wu Lei,Grace M,Zhou Ya-jin,et al.The Impact of Vendor Customizations on Android Security[C]∥Proceedings of the 20th ACM Conference on Computer and Communications Security.2013:623-634 [9] Zhang Yuan,Yang Min,Xu Bing-quan,et al.Vetting Undesirable Behaviors in Android Apps with Permission Use Analysis[C]∥Proceedings of the 20th ACM Conference on Computer and Communications Security.2013:611-622 [10] Crussell J,Gibler C,Chen H.Attack of the Clones:Detecting Cloned Applications on Android Markets[C]∥Proceedings of 17th European Symposium on Research in Computer Security.2012:37-54 [11] Zhou Wu,Zhou Ya-jin,Grace M,et al.Fast,Scalable Detection of ‘Piggybacked’ Mobile Applications[C]∥Proceedings of the 3nd ACM Conference on Data and Application Security and Privacy.2013:185-195 [12] Zhou Ya-jin,Wang Zhi,Zhou Wu,et al.Hey,You,Get off of My Market:Detecting Malicious Apps in Official and Alternative Android Markets[C]∥Proceedings of the 19th NDSS.2012 [13] Felt A P,Chin E,Hanna S,et al.Android Permissions Demystified[C]∥Proceedings of the 18th ACM Conference on Computerand Communications Security.2011:627-637 |
| No related articles found! |
|
||
首页