| National,economic and public security of China depends on the reliable functioning of critical infrastructures.Network security threats exploit the increasing complexity and connectivity of critical infrastructure systems,placing the nation's security,economy and public safety at risk.Cyberspace security has been risen to national strategy.With the rapid development of mobile Internet,the trend of critical business mobility has been developed at high speed obviously.High security level mobile terminals and mobile applications,as the basic support,is of great significance to enhance the efficiency of high security demand industry and to ensure the security of mobile Internet information in China.Mobile Internet security has become an important part of the whole cyber space security.Safeguarding the security of mobile application ecosystem is the common goal of industry and academia research at home and abroad.However,with the development of mobile security ecosystem,the traditional technology used for code analysis has been a slightly out of date for security analysis of mobile applications.On the one hand,as high cohesion and low coupling widely accepted by developers,the operating system provides plenty of lifecycle callbacks for components,the basic unit of development,which can't be handled correctly through the traditional methods of instruction analysis;on the other hand,due to the increasing demand for modular design and functional reuse,inter-component communication mechanism has become the most important means for components to communicate with others,which can be used between applications,and between system and applications as well.The complexity of component permission mechanism leads to a large number of security issues,such as component hijacking,privilege disclosure and data theft.The traditional analysis methods,only analyzing for single applications,do not have the capability of analyzing security flaws between multiple applications.At present,scholars have begun to carry out in-depth study in related fields.In order to deal with the callback function in the component,scholars propose a static taint analysis technique which generates the dummy main function with the invocation flow of the callback functions,to solve the tracking issues of control and data flow of life cycle functions,as the basis for further ICC research.The study is the foundation of subsequent research on ICC.Aiming at the information transmission problem between components,scholars have put forward the concept of control flow super graphs of applications and the problem of multi-valued composite constant propagation,and gradually have the capability of code analysis across components and even across applications with a certain detection rate.Static taint analysis techniques proposed for multi-applications make it possible to analyze the combination behavior among multiple applications.However,the existing research techniques require a given set of test samples for multi-application analysis,which cannot yet have the capability to find out the applications those interacts with others in massive applications.Therefore,this dissertation systematically summarizes the current theoretical research results of mobile application security.In view of the current threat and challenge of mobile application security analysis,this dissertation analyzes the problems existing in traditional application security analysis in security analysis of massive applications,presents an interaction correlation analysis method for massive applications based on the formal description of ICC,studies the interaction between the massive applications from the component level,and constructs the interaction knowledge base for massive applications.The formal description of ICC and the interaction knowledge base for massive applications are of great significance to the flaw analysis of massive applications.Because of the huge scale of the Android applications and the interaction,how to assess the importance of the application and its components from the view of security is of vital importance for the security situation prediction,vulnerability identification and so on.Therefore,this dissertation summarizes the existing theories of complex networks,proposes a method for evaluating the security importance of massive applications in the interaction knowledge base,which evaluates and identifies the key apps and components in the interaction knowledge base.On the basis of the interaction knowledge base for massive applications,this dissertation further studies the ICC security threats including the vulnerability exploits and malicious attacks among a large number of applications,and proposes the security analysis methods of defects for the interaction knowledge base of massive applications.To summarize,this dissertation makes the following contributions:First,based on the deep research on Android ICC mechanism and the discovery of the control transfer and data transmission method in and between applications,this dissertation proposes a novel formal description method of ICC declaration and invocation features in massive applications,and proposes a new interaction analysis model of massive application components based on the formal description of ICC.This dissertation constructs an interactive knowledge base between massive applications from the perspective of component interaction,and find the association between massive applications and their components.On the basis of these associations,we built the AIG,and conducted in-depth research on the association between massive applications.CRSDroid,the application interaction analysis prototype tool,has been developed to analyze massive applications,to build the massive applications'interaction knowledge base and to generate the application interaction graph.Based on these research,this dissertation studies the collusion between massive applications in app stores both at home and abroad,and discusses the current overall security situation of massive applications.Through statistical analysis massive applications in the interaction knowledge base,we find that there is a common interaction between Android applications,especially among different applications with the same company or organization.Third-party library is the main reason leading to the interactions between different applications,so large amounts of third-party libraries are suffering the risks of defects and exploits.In order to reduce the risks,the interaction between applications must get more attention.Second,considering the vulnerability of nodes in the interaction knowledge base,this dissertation proposes the concept of extended activation force for massive applications,and creatively proposes the CRSPR algorithm,a topic-aware and weight-based importance evaluation algorithm combining the features of the application topic(such as the categories and downloads in third-party markets)and the intrinsic strength of associations between applications with the number of applications that can be affected by the ICC to highlight influential Android apps for ICC analysis.With in-depth analysis of a large number of samples based on the CRSPR algorithm,although most of the preset system applications are called more frequently,only a small part of them have a high security importance.Social and payment applications are often of high importance.Once they suffer security risks,the number of affected applications is huge,which deserves higher attention.Third,based on the analysis of typical ICC security issues among applications,this dissertation summarizes ICC security flaws of applications and the utilization methods,and proposes ICC security flaw analysis model for massive applications based on component declarations and communication instance attributes.From the interaction knowledge base built for massive applications,we can rapidly detect the ICC security issues among massive applications,solving the scale problems of security analysis.Through experimental study,we found that some components of the preset system applications are being hijacked by other applications in an overwritten manner.There is a risk of abuse of components in a large number of third-party libraries.Many serious privacy leakage is caused by the scale effect of ICC among third-party libraries.Privacy leakage in third party library leads to collusion in multiple applications,which eventually leads to serious resource consumption. |
PDF Full Text Request