| In the mobile Internet era,the application program based on Android operating system plays an important media role in the connection between the user and the society,and has become an inseparable part of people's daily life.However,because the security mechanism of Android system is not perfect,and the security consciousness of some developers is weak,vulnerabilities are common in Android application program,which brings security risks to the users' privacy and property.Privilege leak vulnerability is one of the Android application vulnerabilities,which is caused by unreasonably exposing the program component or not legitimating the validation of the received Intent by exposing a privileged API to the outer through an open component,the attacker can construct data to access the API to escalate privilege.In this paper,we study detection technology of Privilege leak vulnerability of Android application program.In this paper,we find that the current Android privilege leak detection method is inadequate,which is manifested as incomplete detection of vulnerabilities,and the lack of high efficiency and loss of precision when using static analysis.The purpose of this paper is to rectify the shortcomings and comprehensively and efficiently detect privilege leak.This paper proposes a method to detect privilege leak vulnerabilities from the risk components using static taint analysis technology.For privilege leak detection,the following improvements were made.1.A vulnerability pattern extraction method based on static analysis is designed.Using the static analysis tool Soot to separate the source code of the Android system,locate the explicit permission audit point and the implicit permission audit point in the source code,then start from the permission audit point,execute backward reachability analyze with the help of CG map,and extract the mapping relationship between all permission and API,and then get a relatively complete vulnerability pattern.This method makes the vulnerability detection more comprehensive.2.A android application analysis process construction method is designed.Create a virtual main function,collect program components and callback methods,fill in the main function,and organize program execution sequence according to the component lifecycle and established strategy,and then get the program analysis process.The method solves the analysis difficulties caused by multiple entry points of Android application and callback method.3.A taint path detection method for privilege leak vulnerabilities is designed.Start from the risk component of the measured program,construct the minimum analysis unit of the vulnerability detection with the help of CG,and generate ICFG.Then the taint propagation analysis is carried out according to the data flow propagation rules,and the taint path is solved using Heros.The method greatly reduces the scale of program being analyed,and can effectively improve the efficiency of vulnerability analysis.This paper designs and implements the Android application privilege leak detection system ECMiner.The whole system includes the risk component scanning module,the program analysis process construction module,the vulnerability model extraction module and the privilege leakage path detection module.The ECMiner system tests 225 practical applications in the xiaomi application mall.The experimental results show that all applications have the risk of permission leakage.Each application contains 7.3 risk components on average,the average detection time of ECMiner is 60.1 seconds,which is relative efficient.Experiments also found unknown vulnerabilities of applications such as kuaishou,indicating that ECMiner can effectively detect the unknown vulnerabilities of real applications. |
PDF Full Text Request