Research On Cross-Layer Static Analysis Technology For HarmonyOS Applications

In recent years,with the development of the era of the intelligent Internet of Things,the full-scene operating system HarmonyOS has rapidly emerged as the most potential operating system.Android system,which currently has the highest market share,faces millions of malware threats yearly.Therefore,many detection frameworks have been proposed to analyze Android applications in academia and industry.Due to HarmonyOS’unique architecture and design philosophy,traditional detection frameworks cannot be used directly to analyze HarmonyOS applications.Therefore,a security analysis tool is urgently needed to review HarmonyOS applications.The main research contents of this thesis are as follows:(1)Aiming at the problem that the current static analysis framework cannot analyze the HarmonyOS application,based on the existing Android static analysis technology and the research on the HarmonyOS system,a static analysis method for HarmonyOS application is proposed.The method first models the HarmonyOS runtime environment and system API then uses pointer analysis to achieve intra-component analysis,and finally realizes cross-component static analysis by connecting ICC summary tables between different components.Thus,the static analysis of the HarmonyOS application Java layer is achieved.(2)Aiming at the difficulty of Native layer analysis and the inaccuracy of cross-layer data flow analysis in existing frameworks,based on the research of Android cross-layer analysis framework JN-SAF,this thesis proposes a bottom-up data flow analysis algorithm based on the memorized summary and implements a cross-layer static analysis framework HMSAF for HarmonyOS applications.HM-SAF accurately models the HarmonyOS lifecycle and correctly handles callback methods of the HarmonyOS framework,analyzing pointing information of all objects in a HarmonyOS application in a context,flow,field,and object-sensitive manner.HM-SAF tracks the data flow between Ability components and between the Java layer and the Native layer,which can detect malicious behaviors in the HarmonyOS applications more accurately.This thesis also presents HMDroidBench,HMICCBench,and HMNativeFlowBench,some benchmark suites to evaluate the effectiveness and accuracy of taint analysis tools for HarmonyOS applications.The experimental results of this thesis show that HM-SAF can discover data leakage not only within components but also across components as well as in the Native layer,with high analysis accuracy.On the above three benchmark sets,HM-SAF achieves 93.6%accuracy,which is 4.1%higher than the FlowDroid framework and 4.0%higher than the JN-SAF framework in the Android world.At the same time,data leakage is also detected in real applications,which indicates that HM-SAF has practical value.