Research And Implementation Of Android System Vulnerability Correlation Technology Based On Global Function Call

With the development of mobile Internet,mobile smart terminals are becoming more and more popular,and their functions are becoming more and more powerful.At present,the Android system is one of the most popular mobile operating systems on mobile smart terminals.According to data,Android phones account for 85.1%of smartphone shipments.At the same time,due to its openness and scalability,the Android system has also appeared in smart TVs,car navigation systems,and home automation systems.Its applications are very wide and diverse.However,the Android operating system has frequent vulnerabilities over the years,the security vulnerability of the system itself will directly lead to the risk of malicious invasion and control of mobile smart terminals applying the system.Therefore,it is necessary to conduct research on the Android system vulnerabilities.At present,most of the research on Android system vulnerabilities focuses on application-level vulnerabilities,and there is less research on system-level vulnerabilities,and the research on Android system-level vulnerabilities either focuses specifically on a certain type of vulnerabilities,does not have universality,and requires deeper professional knowledge,which is less efficient and difficult;or stops at the Java framework layer of the Android system and ignores its C/C++ layer,vulnerability analysis of the Java framework layer alone will result in incomplete analysis results.In order to make up for the lack of previous research,this paper takes the static analysis of the Android system source as the starting point,studies the construction method of the global function call relationship of the Android system,and studies the system vulnerability analysis method associated with the function call relationship.The main research results of this article include:(1)An analysis method for the global function call relationship of the Android system is proposed,which specifically includes the function call relationship analysis of the Java layer,C/C++layer,JNI layer and Binder IPC layer.The analysis method designs different functions according to the characteristics of different levels.The function call relationship is constructed in a way that covers all levels of the Android system as comprehensively as possible,and the analysis result is relatively complete.(2)Based on the above analysis methods,a vulnerability analysis system based on the global function call relationship of the Android system is designed and implemented.This system makes the vulnerability analysis process simpler and more efficient.Finally,the feasibility and effectiveness of the vulnerability analysis system were verified with two actual vulnerability analysis cases.