Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Automatic application bug mining system and method under Android platform

An application program and vulnerability technology, which is applied in the direction of platform integrity maintenance, instrumentation, electrical digital data processing, etc., can solve problems such as reduced efficiency, inability to obtain source points, false positives in vulnerability analysis, etc., to avoid errors, avoid false positives, well-structured effect

Active Publication Date: 2018-03-23
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF4 Cites 37 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Sensitive data in Android is mainly obtained by calling the API functions of sensitive data in the system, such as getCallState, getLineNumber, etc. Traditional tainted data tracking and analysis technologies are only applicable to the acquisition of sensitive information. This causes the problem that the source point cannot be obtained, and the analysis of the vulnerability will produce certain false positives
In addition, the traditional taint data tracking technology needs to check one sink point when marking one source data during data tracking. If there are multiple source data, it needs to analyze multiple sink points, which causes a drop in efficiency

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Automatic application bug mining system and method under Android platform
  • Automatic application bug mining system and method under Android platform
  • Automatic application bug mining system and method under Android platform

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0090] The present invention will be further described below in conjunction with the drawings and specific implementations.

[0091] The application vulnerability automatic mining system under the Android platform of the present invention is deployed on a server. The application vulnerability automatic mining system under the Android platform includes the following modules, including a static analysis module and a dynamic analysis module. The static analysis module mainly includes Application installation package APK decompilation module, Android configuration manifest file analysis module, control flow graph building module, Intent reachable path analysis module, taint data tracking module, API extraction module; dynamic analysis module includes Fuzzing test case construction module, Smali injection Module, running target program monitoring output module, analysis module;

[0092] Based on the above modules, the steps of using the application vulnerability automatic mining system ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an automatic application bug mining system and method under an Android platform, and belongs to the technical field of software analysis. The system is mainly divided into an application static analysis module and an application dynamic analysis module; the static analysis module mainly aims at carrying out analysis of control flow and dataflow on android package files (apk), extracting module permission and other property information, and carrying out reachable path analysis on communication problems among the modules in an application; during the dynamic analysis, a Fuzzing test case data is constructed on the basis of a static analysis result at first, Smali code instrumentation is conducted on decompiled Smali files, the application is enabled to run to obtain output information, and under the combination of the static analysis result, bugs existing in the application can be obtained finally. By adopting the automatic application bug mining system and methodunder the Android platform, the bugs possibly existing in the application can be automatically mined, the system and method have certain flexibility and solve the problem that a manual mining mode consumes a lot of time, and meanwhile, by combining the static analysis with the dynamic analysis, the accuracy can be greatly improved.

Description

Technical field [0001] The invention belongs to the technical field of software analysis, and in particular relates to a system and method for automatically digging application vulnerabilities under the Android platform, which mainly includes static analysis and dynamic analysis. Background technique [0002] Since Google officially released the Android system in 2007, it has been favored by many mobile phone manufacturers due to its open source features. At the same time, with the rapid growth of the mobile Internet market, various applications based on the Android platform are in the public eye However, these applications that bring convenience to the general public often have great security risks. Malicious third parties often use these security risks to attack and bring great threats to users. As we all know, the traditional PC-side security technology is relatively mature, but the security technology in the mobile Internet field is relatively backward. The traditional host s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57G06F11/36
CPCG06F11/3608G06F11/3612G06F21/577G06F2221/033
Inventor 张小松牛伟纳张林胡若川
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com