Font Size: a A A

A Security Requirement Recommendation Method Based On Sensitive APIs For Android Applications

Posted on:2019-12-28Degree:MasterType:Thesis
Country:ChinaCandidate:F J ZhanFull Text:PDF
GTID:2428330548456883Subject:Engineering
Abstract/Summary:
With the rapid growth of smart phones,applications with high variety and flexibility provide an unprecedented convenience to people's daily life.Compared with the traditional PC,mobile terminals contain a lot of privacy resources,such as GPS,MIC,contacts,SMS,etc.However,because of the various software development capabilities and the growing diversification of black industry,the security of mobile terminals is also becoming more complex.Android,as the largest market share of mobile phone system,has attracted a large number of third party developers to develop a lot of various applications with rich functions because of its open source nature.But the Android platform is short of the ability for the unified management of these applications,which makes a lot of malicious applications crowed to steal users' privacy data and affects their daily life.Although a lot of researchers have put their attention on Android platform security,most of them focus on how to detect malicious application by static or dynamic analysis techniques.There is nobody doing the research on the security requirements of applications in the stage of requirement engineering.In order to solve the problem,we propose a security requirements recommendation method for Android applications,which helps developers to understand the potential risk of undeveloped application and offer a reference for developing security requirements.The method finds out the relationship between requirements and malicious behaviors of applications in a domain by analyzing its description and sensitive API calls,based on the data offed by related applications.Firstly,we obtain basic functions from the description of applications by topic modeling and extract sensitive APIs from APK files to construct relational model between function and sensitive API,called FSAM(Function to Sensitive API Model).Secondly,this paper builds links between functions and malicious behaviors and gives a quantitative analysis method.On this basis,we recommend malicious behaviors to developers as a security requirement.Finally,we evaluated the effectiveness of our method with the high coverage rate and precision of malicious behaviors by experiments.It indicates that our method can provide an important reference for developers to develop security requirements in the stage of requirement engineering.
Keywords/Search Tags:Android application security, sensitive APIs, security requirement, recommendation method
Related items