计算机科学 ›› 2017, Vol. 44 ›› Issue (10): 127-133.doi: 10.11896/j.issn.1002-137X.2017.10.025

• 信息安全 • 上一篇    下一篇

基于Android平台的隐私泄漏静态检测工具的分析与比较

燕季薇,李明素,卢琼,严俊,高红雨   

  1. 中国科学院软件研究所计算机科学国家重点实验室 北京100190;中国科学院大学计算机与控制学院 北京100049,北京工业大学计算机学院 北京100124,中国科学院软件研究所软件工程技术研究开发中心 北京100190,中国科学院软件研究所计算机科学国家重点实验室 北京100190;中国科学院大学计算机与控制学院 北京100049;中国科学院软件研究所软件工程技术研究开发中心 北京100190,北京工业大学计算机学院 北京100124
  • 出版日期:2018-12-01 发布日期:2018-12-01
  • 基金资助:
    本文受国家自然科学基金(91418206)资助

Analysis and Comparison of Privacy Leak Static Detection Tools for Android Applications

YAN Ji-wei, LI Ming-su, LU Qiong, YAN Jun and GAO Hong-yu   

  • Online:2018-12-01 Published:2018-12-01

摘要: 近年来,Android平台应用程序的隐私泄漏问题受到越来越多的关注。应用程序恶意获取用户隐私信息将会增加智能手机用户的隐私泄漏风险,针对该问题,国内外研究人员研究并提出了多种Android平台应用程序的隐私泄漏检测工具。对9种Android平台应用程序的隐私泄漏静态检测工具进行了分析与比较,总结了这些静态检测工具的检测对象、检测方法、能够检测的错误类型和检测效果,并为两种开源工具FlowDroid和IccTA设计了相关实验,以检验其性能及检测效果。针对50个下载的应用程序,FlowDroid成功检测出9个应用存在隐私泄漏,IccTA成功检测到7个组件间泄漏;针对12个自主设计的测试集,FlowDroid和IccTA都成功检测出其中涉及的多种隐私泄漏。

关键词: Android应用,隐私泄漏,静态检测

Abstract: In recent years,the problems of privacy leak in Android applications attract more and more attention.The maliciously access of private information will increase the risk of users’ privacy leak.To solve this problem,researchers have proposed many privacy-leak detection tools that have differences in emphasis point and performance.In order to facilitate the understanding and using for researchers,this paper analyzed and compared nine kinds of privacy leak static detection tools for Android apps.We summarized the detection targets,methods,types of error detection and their efficiency.We also designed and conducted experiments for two open source tools,FlowDroid and IccTA,to test their perfor-mance and detecting ability.For the 50 downloaded apps,FlowDroid successfully detected 9 apps possessing privacy leak and IccTA detected 7 apps possessing ICC leak.For the 12 self-designed test cases,FlowDroid and IccTA can successfully detect all privacy leaks.

Key words: Android application,Privacy leak,Static detection

[1] 刘涛.基于过程间分析的Android程序隐私泄漏检测的研究[D].上海:上海交通大学,2014.
[2] CAI S M.Research on Program slicing technology and its application[J].Software Guide,2010,9(11):44-46.(in Chinese) 蔡素梅.程序切片技术及其应用的研究[J].软件导刊,2010,9(11):44-46.
[3] KIM J,YOON Y,YI K,et al.ScanDal:Static analyzer for detecting privacy leaks in Android applications.http://lim.univ-reunion.fr/staff/epayet/teaching/securite/scandel.pdf.
[4] YANG Z,YANG M.LeakMiner:Detect information leakage on Android with static taint analysis[C]∥Software Engineering (WCSE).IEEE,2012:101-104.
[5] GILBER C,CRUSSELL J,ERICKSON J.AndroidLeaks:automatically detecting potential privacy leaks in Aandroid applications on a large scale[M].Springer Berlin Heidelberg,2012:291-307.
[6] YANG Z,YANG M,ZHANG Y.Appintent:Analyzing sensitive data transmission in Android for privacy leakage detection[C]∥Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security.ACM,2013:1043-1054.
[7] ARZT S,RASTHOFER S,FRITZ C.FlowDroid:Precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for Android apps[J].ACM SIGPLAN Notices,2014,49(6):259-269.
[8] LAM P,BODDEN E,LHOTK O.The Soot framework for Java program analysis:a retrospective[C]∥Cetus Users and Compiler Infastructure Workshop (CETUS).2012.
[9] LI L,BARTEL A,BISSYAND T F.IccTA:Detecting inter-component privacy leaks in Android apps[C]∥Proceedings of the 37th International Conference on Software Engineering.IEEE,2015:280-291.
[10] LI L,BARTEL A,KLEIN J,et al.Automatically Exploiting Potential Component Leaks in Android Applications[C]∥2014 IEEE 13th International Conference on Trust,Security and Privacy in Computing and Communications.IEEE,2014.
[11] SCHUTTE J,TITZE D,DE FUENTES J M.AppCaulk:Dataleak prevention by injecting targeted taint tracking into Android apps[C]∥Trust,Security and Privacy in Computing and Communications (TrustCom).IEEE,2014:370-379.
[12] YANG W,XIAO X,ANDOWS B.AppContext:Differentiating malicious and benign mobile app behaviors using context[C]∥Software Engineering (ICSE).IEEE,2015:303-313.

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] 雷丽晖,王静. 可能性测度下的LTL模型检测并行化研究[J]. 计算机科学, 2018, 45(4): 71 -75, 88 .
[2] 夏庆勋,庄毅. 一种基于局部性原理的远程验证机制[J]. 计算机科学, 2018, 45(4): 148 -151, 162 .
[3] 厉柏伸,李领治,孙涌,朱艳琴. 基于伪梯度提升决策树的内网防御算法[J]. 计算机科学, 2018, 45(4): 157 -162 .
[4] 王欢,张云峰,张艳. 一种基于CFDs规则的修复序列快速判定方法[J]. 计算机科学, 2018, 45(3): 311 -316 .
[5] 孙启,金燕,何琨,徐凌轩. 用于求解混合车辆路径问题的混合进化算法[J]. 计算机科学, 2018, 45(4): 76 -82 .
[6] 张佳男,肖鸣宇. 带权混合支配问题的近似算法研究[J]. 计算机科学, 2018, 45(4): 83 -88 .
[7] 伍建辉,黄中祥,李武,吴健辉,彭鑫,张生. 城市道路建设时序决策的鲁棒优化[J]. 计算机科学, 2018, 45(4): 89 -93 .
[8] 刘琴. 计算机取证过程中基于约束的数据质量问题研究[J]. 计算机科学, 2018, 45(4): 169 -172 .
[9] 钟菲,杨斌. 基于主成分分析网络的车牌检测方法[J]. 计算机科学, 2018, 45(3): 268 -273 .
[10] 史雯隽,武继刚,罗裕春. 针对移动云计算任务迁移的快速高效调度算法[J]. 计算机科学, 2018, 45(4): 94 -99, 116 .