Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for detecting local rejection service vulnerabilities of dynamic Receiver components of android applications

A denial of service and vulnerability detection technology, applied in software testing/debugging, error detection/correction, instruments, etc.

Active Publication Date: 2018-09-04
CENT SOUTH UNIV
View PDF6 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The technical problem solved by the present invention is to provide a local denial-of-service vulnerability detection method for the Android application dynamic Receiver component, which overcomes the problem that the existing detection method can only detect the exposed components declared in the Android configuration file. The problem

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for detecting local rejection service vulnerabilities of dynamic Receiver components of android applications
  • Method for detecting local rejection service vulnerabilities of dynamic Receiver components of android applications
  • Method for detecting local rejection service vulnerabilities of dynamic Receiver components of android applications

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0068] Step 1: Analyze dynamic Receiver component information

[0069] a) Get dynamic Receiver component name and intent-filter object

[0070]Ic3 is a tool for attribute value analysis of complex objects. The present invention uses the control flow graph between application processes constructed by the Ic3 tool to analyze the dynamic Receiver component information registered by the registerReceiver method in the application, including component name, intent-filter information (by action , category and data).

[0071] image 3 Shows an example of registering a dynamic Receiver component in code. Line 19 of the code registers a dynamic Receiver component named TestReceiver, which is defined as Figure 4 . The action attribute value of the dynamic Receiver component intent-filter is ACTION_VIEW; the category attribute value is CATEGORY_BROWSABLE; the Scheme attribute value in Data is http.

[0072] b) Analyze the data format that the dynamic Receiver component can receive ...

Embodiment 2

[0110] 300 applications were randomly downloaded from the application market and tested using the method of the present invention, and it was found that 61 applications contained a total of 139 dynamic Receiver components, of which 79 components did not obtain data from the intent, and were directly determined not to contain local denial of service vulnerabilities . Among the other 60 dynamic Receiver components, there are 45 parameters that are empty or component names, which belong to the detection scope of the present invention. The present invention that the remaining 15 parameters are not component names cannot be detected.

[0111] Utilize the inventive method to test these 45 dynamic Receiver components after rewriting, and the start-up situation test result is as shown in table 8, in 45 dynamic Receiver components, there are 42 just can start when application starts, can finish test, start test The success rate is about 93%. The reason for the failure of the thre...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for detecting local rejection service vulnerabilities of dynamic Receiver components of android applications. The method comprises the following steps of: obtaining information of a dynamic Receiver component in an application through static analysis; constructing a registration function according to the information of the dynamic Receiver component, and insertingthe constructed registration function and calling of the registration function into a registration component; constructing data to start the registration component to register the dynamic Receiver component and carrying out test; and analyzing an operation log of the dynamic Receiver component to judge whether a local rejection service vulnerability exists or not. According to the method, the problem that existing detection methods only can detect exposed components in android configuration files is overcome, and local rejection service vulnerability detection can be carried out for dynamic Receiver components.

Description

technical field [0001] The invention relates to the field of mobile application program vulnerability detection, specifically, a local denial of service vulnerability detection method of an Android application dynamic Receiver component. Background technique [0002] The local denial-of-service vulnerability of Android application components means that the exposed components in the Android application do not filter the external data well in the implementation, resulting in abnormal operation of the component when specific external data is passed to the exposed component, thus cause the application to crash or the system to restart. The existence of local denial of service vulnerabilities may be exploited by malicious applications to attack systems that contain vulnerable applications. [0003] In the existing local denial of service vulnerability detection method, after the application is started, the test data is directly sent to the exposed component for testing. This req...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F11/36
CPCG06F11/3644G06F11/366
Inventor 王伟平吴洪磊宋虹王建新
Owner CENT SOUTH UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com