Research On Detection Method Of Intent Injection Based On Taint Analysis

In recent years,the Android operating system has become one of the most popular mobile operating systems.However,while the Android application is booming,security vulnerabilities have become a key factor affecting the security of Android applications.Therefore,it is very meaningful to do research on detecting and repairing vulnerabilities before Android applications are published,which can enhance Android application security and protect user's privacy.In this paper,we study the detection of Intent injection vulnerabilities from static taint analysis and dynamic taint analysis respectively.The main work of this thesis is listed as follows:(1)For the data flow interruption between components in static taint analysis,this paper proposed an Inter-Component Taint Tracking method(ICTT)based on a mapping table.First,a mapping table between the inter-component communication method(such as startActivity method)and the target component's lifecycle method(such as Activity's onCreate method)is constructed,and then the taint data between components is tracked according to the mapping table.When taint data tracking is performed within a component,if an inter-component communication(ICC)method is encountered and its parameter Intent is taint data,the target component is determined according to the Intent,and the target component's lifecycle method corresponding to the ICC method will be found in the mapping table.Then,the ICC method is replaced by the target component's lifecycle method and taint data tracking within the target component is continued.(2)For the data flow interruption during reflection mechanism in static taint analysis,this paper proposed a Reflection Function Transformation algorithm(RFT)based on Jimple,transforms reflection function into the intermediate representation language(Jimple)that can be identified in static taint analysis.When the reflection function is detected in the program,the system for detecting vulnerabilities transforms the intermediate representation language(Jimple)corresponding to the reflection function according to the algorithm,and then continues static taint analysis.(3)It is difficult for dynamic fuzzing technology to detect Intent inject vulnerabilities.This paper proposed a Multi-Granularity Taint Tracking approach(MTT)based on dynamic taint analysis,reduced the loss of taint tag in the interpretation code,Native method,file storage and IPC,which can effectively increase the detection rate.To summarize,this paper proposed a solution to the data flow interruption caused by the communication between components and reflection mechanism in the static taint analysis,and proposed a Multi-Granularity Taint Tracking approach based on dynamic taint analysis to solve the problem of fuzzing technology.Experimental results validate the effectiveness of the solution.