| With the development and widely use of information technology,people in today's society increasingly rely on mobile smart phones to store and process personal information.As we all know,intelligent operating system is the soul of the smartphone.It is the basis for the success of smart phones.Android is currently the most popular intelligent operating system on the market,which has a large share at home and abroad.Android platform and application markets(such as Google Play)not only benefits developers and users but also brings all kinds of hidden security risks.Research shows that Android application software security issues have brought economic losses,such as the adverse consequences of privacy leaks to the users.In this paper,we start the research on the improvement of application software permission escalation attack based on the Android security system and the component communication mechanism,putting forward the static detection framework based on environment permission escalation attack vulnerability.We take the Android system of the users as the research background,the third-party application software as object detection to find the communication link between the application software source code and configuration files in the search application components.In addition,we analyze the typical features of the permission escalation attack and propose four basic principles to determine whether the communication link has the permission to enhance the risk of attack.Finally,we implemented a static detection framework based on the environment of permission escalation attack and designed two kinds of experiments,which verify the rationality of the four principles and the validity of the framework.Meanwhile,our experiments also pointed out:compared with many common Android security software and antivirus software,our static detection framework can detect the security vulnerabilities and risks that the former cannot find,which further demonstrates the value of this paper. |
PDF Full Text Request