Android应用程序隐私数据泄露检测  被引量：2

作　　者：蒋煦[1] 张长胜[2] 戴大蒙[2] 阮婧[3] 慕德俊[1] JIANG Xu ZHANG Chang-sheng DAI Da-meng RUAN Jing MU De-jun(Department of Automation , Northwestern Polytechnical University , Xi’ an 710071, China Department of Physics and Electronic Information Engineering , Wenzhou University , Wenzhou 325000, China Wenzhou Vocational and Technical College, Wenzhou 325000, China)

机构地区：[1]西北工业大学自动化学院,陕西西安710071 [2]温州大学物理与电子信息工程学院,浙江温州325000 [3]温州职业技术学院,浙江温州325000

出　　处：《浙江大学学报（工学版）》2016年第12期2357-2363,2379,共8页Journal of Zhejiang University：Engineering Science

基　　金：国家自然科学基金资助项目(6130324);浙江省自然科学基金资助项目(LY13F020024);浙江省科技厅公益性资助项目(2014C31079)

摘　　要：针对安卓(Android)系统的隐私数据泄露问题,提出基于半格理论数据流分析的分层架构检测方法.对未获取Root权限的应用程序,根据应用程序申请的权限信息,细粒度地锁定产生污点数据的源函数和泄露隐私数据的锚函数范围.当源函数和锚函数同时存在于应用程序时,进行数据流分析.当源函数和锚函数位于不同组件时,将组件间通讯(ICC)问题转换为IDE分析问题.实验结果表明,该方法能够有效地检测出应用程序组件内或组件间的隐私数据泄露,正确率达到91.5%;与同类具有代表性的检测工具相比,在准确率和召回率接近的情况下,所提出方法的检测时间明显缩短.A multi-level detection method based on semi-lattice data flow analysis was proposed in order to solve the problem of Android privacy data leakage.For the applications without root privilege,the finegrained range of source functions was determined that generated privacy data and sink functions that leaked them,according to the permissions for the application.If the source functions and the sink functions existed in the same application,the detection system began to analyze data flow.When the two kinds of functions located in different components,the method could transform inter-component communication（ICC）problem into inter-procedural distributive environment（IDE）problem.Results show that the proposed method can detect the privacy data leakage not only for communication in the same component,but also for communication between different components.The accuracy of the proposed method reaches91.5%,which can significantly save detection time compared with other state-of-the-art methods under the condition of similar precision and recall rate.

关 键 词：安卓系统 静态检测 隐私数据 组件间通讯(ICC) 半格 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]