Research On Vulnerability Analysis Technology Of Android System Based On Symbolic Execution

With the rapid development of Android platform,Android system has a large number of users and applications market,but its security is worrying.Many Android applications are written with low thresholds.Small companies or individuals who lack security oversight developed most of the apps,which may cause serious security issues.Most of the app stores do not conduct rigorous audits and vulnerability detection on its apps,resulting in Android application vulnerability.These potential security vulnerabilities may be a huge loss to the Android user,so detection security vulnerabilities of Android are necessary.Based on the analysis of the characteristics of Android system and the security status quo,this paper optimizes symbolic execution technology and raises an Android system vulnerability analysis method based on target-based symbolic execution technology.This method combines sensitive keyword matching,information flow analyzing and symbol execution technology,and can effectively analyze the potential security vulnerabilities in Android system application.The main works are as follows:(1)Researching Android security mechanism,analyzing its security objectives and performance defects.Studying Android security vulnerabilities,understanding the types,features and causes of vulnerabilities.Collecting and sorting out the Android system in the category,typical examples,access and disclosure of ways of privacy information.(2)Combining with the characteristics of the Android programming model,this paper proposes a more efficient target-based symbol-execution analysis method for Android system,and gives the overall architecture,algorithm implementation and optimization scheme of the method.The target-based symbol-execution analysis method can solve the path explosion problem prevalent in symbolic execution technology,and has higher path coverage and low resource consumption.It is applicable to the detection of loopholes in the Android platform.(3)Implementing the target-based symbol-execution approach to the Android privacy-leak vulnerability analysis.This method constructs the control flow diagram and function call graph of the application program precisely based on decompilation,and identifies and locates the privacy information.Taking the sensitive node as the entrance,the symbol value as the input,and the interested variable of the objective function as guide,this method reversely executes the program,and obtains the result of the vulnerability analysis.(4)Based on this method,this paper designs and implements an Android privacy-leak vulnerability analysis tool--SymFinder.In addition,this paper evaluated it in accuracy,miss detection rate,analysis efficiency and comprehensive analysis rate,and compared with other Android static vulnerability analysis methods.The test results show that the method has the advantages of high accuracy,low miss detection rate and high efficiency.It is an effective analysis method for Android system.