Android software vulnerability mining framework based on dynamic taint analysis technology

被引：0

作者：

Zhao Min ^{[1
]}

Yang Haimin ^{[1
]}

Chen Ping ^{[1
]}

Yang Zhengxing ^{[2
]}

机构：

[1] Army Engn Univ, Coll Command & Control Engn, Nanjing, Jiangsu, Peoples R China

[2] Acad Mil Sci, Acad Syst Engn, Inst Network Informat, Nanjing, Jiangsu, Peoples R China

来源：

PROCEEDINGS OF 2019 IEEE 3RD INFORMATION TECHNOLOGY, NETWORKING, ELECTRONIC AND AUTOMATION CONTROL CONFERENCE (ITNEC 2019) | 2019年

关键词：

dynamic taint analysis; software vulnerability mining; Android; context switch;

D O I：

10.1109/itnec.2019.8729217

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Security vulnerability mining is at the core of Android system security research. How to effectively exploit Android system security vulnerabilities has become an important technical means to enhance the security of smartphones and protect user security and privacy. An Android software vulnerability mining framework based on dynamic taint analysis technology is designed in this paper. Firstly, it analyzes the shortcomings of existing vulnerability mining technology, then gives the detailed design of the framework, and then discusses in detail the taint propagation analysis under Java context. Complete the switching between Java context and native context taint analysis environment at runtime, instruction preprocessing and other key techniques of Android vulnerability mining based on dynamic taint analysis theory. Finally, summarizes the whole paper and puts forward the problem worthy of further study.

引用

页码：2112 / 2115

页数：4

共 50 条

[41] Android static taint analysis based on multi branch search association
Tang, Chenghua
Du, Zheng
Yang, Mengmeng
Qiang, Baohua
[J]. COMPUTERS & SECURITY, 2023, 129
[42] Detecting Sensitive Behavior on Android with Static Taint Analysis Based on Classification
Chen, Yayun
Zhang, Hua
[J]. PROCEEDINGS OF THE 4TH INTERNATIONAL CONFERENCE ON MECHATRONICS, MATERIALS, CHEMISTRY AND COMPUTER ENGINEERING 2015 (ICMMCCE 2015), 2015, 39 : 3002 - 3006
[43] Effective Fuzzing Based on Dynamic Taint Analysis
Liang, Guangcheng
Liao, Lejian
Xu, Xin
Du, Jianguang
Li, Guoqiang
Zhao, Henglong
[J]. 2013 9TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND SECURITY (CIS), 2013, : 615 - 619
[44] Overview of Information Flow Tracking Techniques Based on Taint Analysis for Android
Lokhande, Bhushan
Dhavale, Sunita
[J]. 2014 INTERNATIONAL CONFERENCE ON COMPUTING FOR SUSTAINABLE GLOBAL DEVELOPMENT (INDIACOM), 2014, : 749 - 753
[45] Taint Analysis Tool of Android Applications Based on Tainted Value Graph
Zhang J.
Tian C.
Duan Z.-H.
[J]. Ruan Jian Xue Bao/Journal of Software, 2021, 32 (06): : 1701 - 1716
[46] Ovaldroid: an OVAL-based Vulnerability Assessment Framework for Android
Barrere, Martin
Hurel, Gaetan
Badonnel, Remi
Festor, Olivier
[J]. 2013 IFIP/IEEE INTERNATIONAL SYMPOSIUM ON INTEGRATED NETWORK MANAGEMENT (IM 2013), 2013, : 1074 - 1075
[47] A software framework for the generation of dynamic vulnerability maps for risk assessment
Arena, P.
Patane, L.
Caruso, S.
Anastasi, M.
Cannata, A.
[J]. DISASTER MANAGEMENT AND HUMAN HEALTH RISK: REDUCING RISK, IMPROVING OUTCOMES, 2009, 110 : 369 - +
[48] Sparse Framework Based Static Taint Analysis Optimization
Wang L.
He D.
Li L.
Feng X.
[J]. Jisuanji Yanjiu yu Fazhan/Computer Research and Development, 2019, 56 (03): : 480 - 495
[49] Detecting SQL Vulnerability Attack based on the Dynamic and Static Analysis Technology
Wang, Yaohui
Wang, Dan
Zhao, Wenbing
Liu, Yuan
[J]. IEEE 39TH ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE WORKSHOPS (COMPSAC 2015), VOL 3, 2015, : 604 - 607
[50] Survey of Software Vulnerability Mining Methods Based on Machine Learning
Li Y.
Huang C.-L.
Wang Z.-F.
Yuan L.
Wang X.-C.
[J]. Ruan Jian Xue Bao/Journal of Software, 2020, 31 (07): : 2040 - 2061

← 1 2 3 4 5 →