|Table of Contents|

Unauthorized access vulnerability detection method based on finite state machines for mobile applications(PDF)

《南京理工大学学报》(自然科学版)[ISSN:1005-9830/CN:32-1397/N]

Issue:
2017年04期
Page:
434-
Research Field:
Publishing date:

Info

Title:
Unauthorized access vulnerability detection method based on finite state machines for mobile applications
Author(s):
Jiang Haitao1Guo Yajuan1Chen Hao1Guo Jing1Zhou Chao1Xu Jian2
1.Jiangsu Electric Power Company Research Institute,Nanjing 211103,China; 2.School of ComputerScience and Engineering,Nanjing University of Science and Technology,Nanjing 210094,China
Keywords:
mobile applications finite state machines unauthorized access vulnerability detection dynamic reconstruction
PACS:
TP309.2
DOI:
10.14177/j.cnki.32-1397n.2017.41.04.006
Abstract:
In order to solve the problem of unauthorized access vulnerability in mobile applications due to the lack of permission verification in the background,this paper proposes a method of mobile applications unauthorized access vulnerability detection based on finite state machines.By constructing the finite state machines of different users,the complete state machine of mobile application is synthesized.Each request in the complete state machine is dynamically reconstructed and the execution result is analyzed to realize the efficient and complete test of the unauthorized access vulnerabilities.Internal mobile applications are selected to do experiments.The experimental results show that the proposed method finds all hidden unauthorized access vulnerabilities.Unauthorized access vulnerabilities can be accurately detected through the proposed unauthorized access vulnerability detection method.

References:

[1] 卿斯汉.Android安全研究进展[J].软件学报,2016,27(1):45-71.
Qing Sihan.Research progress on Android security[J].Journal of Software,2016,27(1):45-71.
[2]张玉清,方喆君,王凯,等.Android安全综述[J].计算机研究与发展,2015,52(10):2167-2177.
Zhang Yuqing,Fang Zhejun,Wang Kai,et al.Survey of Android OS security[J].Journal of Computer Research and Development,2015,52(10):2167-2177.
[3]Chin E,Felt A P,Greenwood K,et al.Analyzing inter-application communication in Android[C]//Proceedings of the 9th International Conference on Mobile Systems,Applications,and Services.New York,USA:Association for Computing Machinery,2011:239-252.
[4]Chan P P F,Hui L C K,Yiu S M.DroidChecker:analyzing Android applications for capability leak[C]//Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks.New York,USA:Association for Computing Machinery,2012:125-136.
[5]Gibler C,Crussell J,Erickson J,et al.AndroidLeaks:automatically detecting potential privacy leaks in Android applications on a large scale[C]//Proceedings of the 5th International Conference on Trust and Trustworthy Computing.Heidelberg,Germany:Springer,2012:291-307.
[6]Enck W,Gilbert P,Han S,et al.TaintDroid:An information-flow tracking system for realtime privacy monitoring on smartphones[J].ACM Transactions on Computer Systems,2014,32(2):393-407.
[7]王凯,刘奇旭,张玉清.基于Fuzzing的Android应用通信过程漏洞挖掘技术[J].中国科学院大学学报,2014,31(6):827-835.
Wang Kai,Liu Qixu,Zhang Yuqing.Android Inter-application communication vulnerability mining technique based on fuzzing[J].Journal of University of Chinese Academy of Sciences,2014,31(6):827-835.
[8]Wolfe B,Elish K,Yao D F.High precision screening for Android malware with dimensionality reduction[C]//Proceedings of the 13th International Conference on Machine Learning and Applications.Detroit,USA:IEEE,2014:21-28.
[9]黄伟,陈昊,郭雅娟,等.基于集成分类的恶意应用检测方法[J].南京理工大学学报,2016,40(1):35-40.
Huang Wei,Chen Hao,Guo Yajuan,et al.Mobile malware detection approach using ensemble classification[J].Journal of Nanjing University of Science and Technology,2016,40(1):35-40.
[10]李宇翔,林柏钢.基于Android重打包的应用程序安全策略加固系统设计[J].信息网络安全,2014(1):43-47.
Li Yuxiang,Lin Baigang.Repackaging Android applications for enforcing security policy[J].Information Network Security,2014(1):43-47.
[11]胡扬波,王成现,袁杰.配网抢修移动应用系统的设计与实现[J].江苏电机工程,2014,33(3):49-52.
Hu Yangbo,Wang Chenxian,Yuan Jie.Design and realization of a mobile application system for electric distribution network rush repair[J].Jiangsu Electrical Engineering,2014,33(3):49-52.
[12]李云鹏,季晨宇,范国祥.基于物联网技术的用电侧移动营销系统设计[J].江苏电机工程,2015,34(5):80-84.
Li Yunpeng,Ji Chenyu,Fan Guoxiang.Designing of mobile marketing system based on the internet of things technique[J].Jiangsu Electrical Engineering,2015,34(5):80-84.

Memo

Memo:
-
Last Update: 2017-08-31