|Table of Contents|

Unauthorized access vulnerability detection method based on finite state machines for mobile applications(PDF)


Research Field:
Publishing date:


Unauthorized access vulnerability detection method based on finite state machines for mobile applications
Jiang Haitao1Guo Yajuan1Chen Hao1Guo Jing1Zhou Chao1Xu Jian2
1.Jiangsu Electric Power Company Research Institute,Nanjing 211103,China; 2.School of ComputerScience and Engineering,Nanjing University of Science and Technology,Nanjing 210094,China
mobile applications finite state machines unauthorized access vulnerability detection dynamic reconstruction
In order to solve the problem of unauthorized access vulnerability in mobile applications due to the lack of permission verification in the background,this paper proposes a method of mobile applications unauthorized access vulnerability detection based on finite state machines.By constructing the finite state machines of different users,the complete state machine of mobile application is synthesized.Each request in the complete state machine is dynamically reconstructed and the execution result is analyzed to realize the efficient and complete test of the unauthorized access vulnerabilities.Internal mobile applications are selected to do experiments.The experimental results show that the proposed method finds all hidden unauthorized access vulnerabilities.Unauthorized access vulnerabilities can be accurately detected through the proposed unauthorized access vulnerability detection method.


[1] 卿斯汉.Android安全研究进展[J].软件学报,2016,27(1):45-71.
Qing Sihan.Research progress on Android security[J].Journal of Software,2016,27(1):45-71.
Zhang Yuqing,Fang Zhejun,Wang Kai,et al.Survey of Android OS security[J].Journal of Computer Research and Development,2015,52(10):2167-2177.
[3]Chin E,Felt A P,Greenwood K,et al.Analyzing inter-application communication in Android[C]//Proceedings of the 9th International Conference on Mobile Systems,Applications,and Services.New York,USA:Association for Computing Machinery,2011:239-252.
[4]Chan P P F,Hui L C K,Yiu S M.DroidChecker:analyzing Android applications for capability leak[C]//Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks.New York,USA:Association for Computing Machinery,2012:125-136.
[5]Gibler C,Crussell J,Erickson J,et al.AndroidLeaks:automatically detecting potential privacy leaks in Android applications on a large scale[C]//Proceedings of the 5th International Conference on Trust and Trustworthy Computing.Heidelberg,Germany:Springer,2012:291-307.
[6]Enck W,Gilbert P,Han S,et al.TaintDroid:An information-flow tracking system for realtime privacy monitoring on smartphones[J].ACM Transactions on Computer Systems,2014,32(2):393-407.
Wang Kai,Liu Qixu,Zhang Yuqing.Android Inter-application communication vulnerability mining technique based on fuzzing[J].Journal of University of Chinese Academy of Sciences,2014,31(6):827-835.
[8]Wolfe B,Elish K,Yao D F.High precision screening for Android malware with dimensionality reduction[C]//Proceedings of the 13th International Conference on Machine Learning and Applications.Detroit,USA:IEEE,2014:21-28.
Huang Wei,Chen Hao,Guo Yajuan,et al.Mobile malware detection approach using ensemble classification[J].Journal of Nanjing University of Science and Technology,2016,40(1):35-40.
Li Yuxiang,Lin Baigang.Repackaging Android applications for enforcing security policy[J].Information Network Security,2014(1):43-47.
Hu Yangbo,Wang Chenxian,Yuan Jie.Design and realization of a mobile application system for electric distribution network rush repair[J].Jiangsu Electrical Engineering,2014,33(3):49-52.
Li Yunpeng,Ji Chenyu,Fan Guoxiang.Designing of mobile marketing system based on the internet of things technique[J].Jiangsu Electrical Engineering,2015,34(5):80-84.


Last Update: 2017-08-31