ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2017, Vol. 54 ›› Issue (2): 313-327.doi: 10.7544/issn1000-1239.2017.20150928

• 信息安全 • 上一篇    下一篇

Android动态加载与反射机制的静态污点分析研究

乐洪舟1,张玉清1,2,王文杰2,3,刘奇旭2,3   

  1. 1(综合业务网理论及关键技术国家重点实验室(西安电子科技大学) 西安 710071); 2(中国科学院大学国家计算机网络入侵防范中心 北京 101408); 3(信息安全国家重点实验室(中国科学院信息工程研究所) 北京 100093) (yuehz@nipc.org.cn)
  • 出版日期: 2017-02-01
  • 基金资助: 
    国家自然科学基金项目(61572460,61272481,61303239);信息安全国家重点实验室开放课题(2015-MS-06,2015-MS-04)

Android Static Taint Analysis of Dynamic Loading and Reflection Mechanism

Yue Hongzhou1, Zhang Yuqing1,2, Wang Wenjie2,3, Liu Qixu2,3   

  1. 1(State Key Laboratory of Integrated Services Networks (Xidian University), Xi'an 710071);2(National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 101408);3(State Key Laboratory of Information Security (Institute of Information Engineering, Chinese Academy of Sciences), Beijing 100093)
  • Online: 2017-02-01

摘要: 隐私泄露是当前Android安全中最为重要的问题之一,目前检测隐私泄露的最主要方法是污点分析.Android静态污点分析技术凭借其代码覆盖率高、漏报率低的特点而被广泛应用在Android应用隐私泄露的检测上.然而,现有的静态污点分析工具却不能对Android动态加载和反射机制进行有效污点分析.鉴于当前Android动态加载和反射机制被越来越广泛地应用的现状,对如何使Android静态污点分析工具有效地处理Android应用的动态加载和反射机制的问题进行了研究.对Android源码进行了修改,使Android系统能够对Android应用实际运行中加载的dex文件和反射调用信息进行实时存储,并利用这些信息对Android静态污点分析过程进行引导.以当前领先的静态污点分析工具FlowDroid为基础,对其进行了改进,提出了使用非反射调用语句替换反射调用语句的策略,实现了一个能够对Android动态加载和反射机制进行有效污点分析的工具——DyLoadDroid,并通过实验验证了其在处理Android动态加载和反射机制的污点分析问题上的有效性.

关键词: 安卓, 隐私泄露, 污点分析, 动态加载, 反射

Abstract: Privacy leakage is one of the most important issues in the current Android security. The present most important method to detect privacy leakage is taint analysis. Because of its high code coverage and low false negative, the technique of static taint analysis is widely used in the detection of Android privacy leakage. However, the existing static taint analysis tools cannot do effective taint analysis for Android dynamic loading and reflection mechanism. Taking into account the present situation that Android dynamic loading and reflection mechanism are being used more and more widely, we focus on how to enable static taint analysis tools to effectively deal with Android dynamic loading and reflection mechanism. We modify the Android source code to enable the Android system to timely store the loaded dex files and reflection invocation information during the running process of an Android app. This information will be used to guide the static taint analysis process of the app and a policy that replacing the reflective method invocation with non-reflective method invocation is proposed. Based on these ideas, a taint analysis tool—DyLoadDroid is proposed, which has made some improvements of the state-of-the-art static taint analysis tool—FlowDroid and can do effective taint analysis for Android dynamic loading and reflection mechanism. Sufficient experimental results show that DyLoadDroid is very effective in tackling the problem of static taint analysis of Android dynamic loading and reflection mechanism.

Key words: Android privacy leakage, taint analysis, dynamic loading, reflection

中图分类号: