安卓应用组件间通信的分析方法与实现

合集下载
  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。

摘要

摘要

随着移动互联网的普及和智能手机的广泛使用,Android系统已经成为智能手机市场最主流的操作系统。Android操作系统的成功在一定程度上归因于其通信模型,即组件间通信(ICC),该模型促进了具有松散耦合特点的Android应用程序的开发。Android应用组件间的数据交换可以发生在单个应用程序上,也可以跨越多个应用程序。不幸的是,提供组件间数据交换机制的ICC模型会被Android恶意程序滥用,从而对移动终端用户的隐私造成严重的威胁。因此,对于检测Android恶意应用的隐私数据泄露来说,ICC分析将扮演一个极其关键的角色,其分析结果能够直接影响泄露检测的准确性。

然而,在现有的ICC分析方法中,均没有考虑到组件间意图修改(一个Intent 在启动目标组件后、且在定义该Intent的组件外发生的修改,Inter-Component Intent Revision,ICIR)的使用。因此,与ICIR相关的隐私数据泄露可能会逃脱追踪。

本文致力于Android应用中包含ICIR的ICC分析,主要贡献分为以下几点:

1. 根据Android应用组件间通信模型的特点以及现有工具的缺点,提出相关的分析理论和方法。(1) 通过使用插桩的方法对Android应用程序进行分析,并对分析的结果进行整合,从而获得与ICIR相关的ICC值。(2) 在补充分析ICIR的基础上,将污点流分析工具广泛使用的ICC Link模型扩展为表达性更强的ICC Flow (Inter-Component Communication Flow,ICCF)。(3) 为了更加直观地提供ICC分析结果,本文构建了ICCG(Inter-Component Communication Graph,ICCG),ICCG较ICCF更便于访问和使用。

2. 基于已有的工具Soot和IC3,实现了Android应用组件间通信分析工具Icca,该工具不仅能分析ICIR相关的ICC值,构建ICCF、ICCG,而且提供面向污点流分析工具IccTA的接口,从而使得该污点流分析工具的结果更加完备。

3. 为了测试方法的正确性和有效性,以及工具Icca的健壮性,本文设计了一系列的实验。该实验涵盖2260个Android应用程序,包括在Google Play上随机下载的1000个Android应用,以及MalGenome数据集中的1260个恶意Android应用。而且,本文从ICIR分析、目标组件分析等五个方面对Icca进行评估,总体结果是令人满意的。

关键词:安卓应用程序,组件间通信,复用意图,组件间意图修改,组件间通信流,组件间通信图

ABSTRACT

ABSTRACT

With the popularity of mobile Internet and the widespread use of smart phones, Android has become the most popular operating system at the smartphone market. The success of Android OS can partially be attributed to the communication model, named Inter-Component Communication (ICC), which promotes the development of loosely coupled applications. Specifically, the applications are divided into components that can exchange data within a single application and across several applications. Unfortunately, the ICC models which provide a mechanism for data exchanging between components can be misused by malicious applications to threaten users' privacy. Thus, to detect privacy leaks in Android malware, ICC analyzing plays a fundamental role which directly affects the accuracy in tracking leaks.

However, in the existing ICC analysis approaches, Inter-Component Intent Revision (ICIR), i.e. revision of an Intent i outside the component where i is created, is not considered such that lots of potential leaks will escape from being tracked.

This paper is dedicated to ICC analysis containing ICIR in Android applications, the contributions are summarized as follows:

1. According to the attributes of the Inter-Component Communication in Android applications and the shortcomings of the existing tools, the relative analysis theory and method are put forward. (1) The Android application is analyzed by using the plug-in method. To obtain more complete ICC values of ICIR, we integrate the results of ICC analysis. (2) On the basis of the analysis of ICIR, the ICC Link model, which is widely used in Flow, is extended to the ICCF (Inter-Component Communication, ICCF), which is more expressive. (3) In order to provide ICC analysis results for leak detecting tools, this paper constructs ICCG (Inter-Component Communication Graph, ICCG). Compared with ICCF, ICCG is not only more convenient to access, but also makes the results more accurate in the leak detection.

2. Based on the existing tools of Soot and IC3, we design the basic framework of Inter-Component Communication analysis tools on Android applications, called Icca. The

相关文档
最新文档