计算机科学 ›› 2017, Vol. 44 ›› Issue (10): 127-133.doi: 10.11896/j.issn.1002-137X.2017.10.025
燕季薇,李明素,卢琼,严俊,高红雨
YAN Ji-wei, LI Ming-su, LU Qiong, YAN Jun and GAO Hong-yu
摘要: 近年来,Android平台应用程序的隐私泄漏问题受到越来越多的关注。应用程序恶意获取用户隐私信息将会增加智能手机用户的隐私泄漏风险,针对该问题,国内外研究人员研究并提出了多种Android平台应用程序的隐私泄漏检测工具。对9种Android平台应用程序的隐私泄漏静态检测工具进行了分析与比较,总结了这些静态检测工具的检测对象、检测方法、能够检测的错误类型和检测效果,并为两种开源工具FlowDroid和IccTA设计了相关实验,以检验其性能及检测效果。针对50个下载的应用程序,FlowDroid成功检测出9个应用存在隐私泄漏,IccTA成功检测到7个组件间泄漏;针对12个自主设计的测试集,FlowDroid和IccTA都成功检测出其中涉及的多种隐私泄漏。
[1] 刘涛.基于过程间分析的Android程序隐私泄漏检测的研究[D].上海:上海交通大学,2014. [2] CAI S M.Research on Program slicing technology and its application[J].Software Guide,2010,9(11):44-46.(in Chinese) 蔡素梅.程序切片技术及其应用的研究[J].软件导刊,2010,9(11):44-46. [3] KIM J,YOON Y,YI K,et al.ScanDal:Static analyzer for detecting privacy leaks in Android applications.http://lim.univ-reunion.fr/staff/epayet/teaching/securite/scandel.pdf. [4] YANG Z,YANG M.LeakMiner:Detect information leakage on Android with static taint analysis[C]∥Software Engineering (WCSE).IEEE,2012:101-104. [5] GILBER C,CRUSSELL J,ERICKSON J.AndroidLeaks:automatically detecting potential privacy leaks in Aandroid applications on a large scale[M].Springer Berlin Heidelberg,2012:291-307. [6] YANG Z,YANG M,ZHANG Y.Appintent:Analyzing sensitive data transmission in Android for privacy leakage detection[C]∥Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security.ACM,2013:1043-1054. [7] ARZT S,RASTHOFER S,FRITZ C.FlowDroid:Precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for Android apps[J].ACM SIGPLAN Notices,2014,49(6):259-269. [8] LAM P,BODDEN E,LHOTK O.The Soot framework for Java program analysis:a retrospective[C]∥Cetus Users and Compiler Infastructure Workshop (CETUS).2012. [9] LI L,BARTEL A,BISSYAND T F.IccTA:Detecting inter-component privacy leaks in Android apps[C]∥Proceedings of the 37th International Conference on Software Engineering.IEEE,2015:280-291. [10] LI L,BARTEL A,KLEIN J,et al.Automatically Exploiting Potential Component Leaks in Android Applications[C]∥2014 IEEE 13th International Conference on Trust,Security and Privacy in Computing and Communications.IEEE,2014. [11] SCHUTTE J,TITZE D,DE FUENTES J M.AppCaulk:Dataleak prevention by injecting targeted taint tracking into Android apps[C]∥Trust,Security and Privacy in Computing and Communications (TrustCom).IEEE,2014:370-379. [12] YANG W,XIAO X,ANDOWS B.AppContext:Differentiating malicious and benign mobile app behaviors using context[C]∥Software Engineering (ICSE).IEEE,2015:303-313. |
No related articles found! |
|