北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2016, Vol. 39 ›› Issue (3): 16-21.doi: 10.13190/j.jbupt.2016.03.002

• 论文 • 上一篇    下一篇

基于细粒度污点跟踪策略的Android应用敏感信息泄露检测

杨天长, 崔浩亮, 牛少彰, 宋文   

  1. 北京邮电大学 智能通信软件与多媒体北京市重点实验室, 北京 100876
  • 收稿日期:2016-01-10 出版日期:2016-06-28 发布日期:2016-06-27
  • 作者简介:杨天长(1983-),男,博士生,E-mail:gunzai-00@163.com;牛少彰(1963-),男,教授,博士生导师.
  • 基金资助:

    国家自然科学基金项目(61370195,U1536121)

Sensitive Information Leakage Detection for Android Applications Based on Fine-Grained Taint Tracking Strategies

YANG Tian-chang, CUI Hao-liang, NIU Shao-zhang, SONG Wen   

  1. Beijing Key Laboratory of Intelligent Telecommunication Software and Multimedia, Beijing University of Posts and Telecommunications, Beijing 100876, China
  • Received:2016-01-10 Online:2016-06-28 Published:2016-06-27

摘要:

针对Android应用存在的敏感信息泄露问题,基于细粒度信息流跟踪策略,利用静态污点跟踪技术设计了一个Android应用敏感信息泄露检测方案.该方案根据Smali代码的语法语义特点、应用内部的函数调用关系及Android通信机制建立了细粒度的污点传播策略,用不同的泄露检测策略和污点传播策略来驱动检测过程,根据跟踪结果确定应用是否存在敏感信息泄露.实验结果表明该方案能够对敏感信息泄露进行有效检测,增加了检测的准确性和灵活性,减少了分析过程中存在的信息流不全面和误报问题.

关键词: 信息流, 污点跟踪, 敏感信息, 信息泄露

Abstract:

In response to the sensitive information leakage problem of Android applications, a detection scheme based on fine-grained information flow tracking strategies and static taint tracking technology was proposed. According to the syntax and semantic of Smali code, the internal call graph of application, the Android communication mechanism, and the fine-grained taint track rules were constructed, the taint analysis was executed as well on the application according to the different leak manner and the propagation strategies. The sensitive information leakage was determined by the taint analysis result. Experiments show that the scheme can detect a variety of ways of sensitive data leakage effectively, improve the detection accuracy and flexibility, and reduce the uncomprehensive of information flow path and false positive rate in the process of detection.

Key words: information flow, taint tracking, sensitive information, information leakage

中图分类号: