• 中国精品科技期刊
  • CCF推荐A类中文期刊
  • 计算领域高质量科技期刊T1类
Advanced Search
Li Zhen, Tang Zhanyong, Li Zhengqiao, Wang Hai, Gong Xiaoqing, Chen Feng, Chen Xiaojiang, Fang Dingyi. An Automatic Detection Method for Privacy Leakage Across Application Components[J]. Journal of Computer Research and Development, 2019, 56(6): 1252-1262. DOI: 10.7544/issn1000-1239.2019.20180548
Citation: Li Zhen, Tang Zhanyong, Li Zhengqiao, Wang Hai, Gong Xiaoqing, Chen Feng, Chen Xiaojiang, Fang Dingyi. An Automatic Detection Method for Privacy Leakage Across Application Components[J]. Journal of Computer Research and Development, 2019, 56(6): 1252-1262. DOI: 10.7544/issn1000-1239.2019.20180548

An Automatic Detection Method for Privacy Leakage Across Application Components

Funds: This work was supported by the National Natural Science Foundation of China (61672427), the International Cooperation Program of Shaanxi Province (2017KW-008), the International Cooperation Program of Shaanxi Province(2019KW-009), the Key R&D Project of Shaanxi Province (2017GY-191), and the Innovation Research Team of Shaanxi Province (2018SD0011).
More Information
  • Published Date: May 31, 2019
  • In recent years, Android operating system has developed rapidly. A large number of mobile users use Android smart devices as tools for personal communication and work. The privacy information of Android mobile users has become one of the main targets of black industry practitioners. Existing privacy detection research mainly focuses on addressing privacy leakage risk within Android applications, including the detection of privacy leakage within program components, the detection of privacy leakage between components, and the detection of ICC vulnerability. Actually, the behavior of sharing users’ privacy through collaboration among application components is widespread, which causes a large number of users’ privacy information to be leaked. How to effectively detect and prevent privacy leakage between application components is an urgent problem. However, the number of components in Android applications is huge and there are plenty of components unrelated to privacy leaks between applications. Therefore, how to detect possible privacy leaks between applications meets a serious challenge. Aiming at this problem, this paper presents a method to construct a component sequence with potential privacy leaks, and the method uses data flow analysis technology to realize a detection system for privacy leakage between application components, named PLDetect. PLDetect solves the problem of incomplete coverage of code and lagging detection results in the existing technology. Finally, based on the privacy leak path, PLDetect utilizes an encryption-based privacy leak protection method to encrypt privacy information, ensuring that information is effectively prevented from being maliciously transmitted without affecting application runtime performance. The final experiment shows that PLDetect detects 5 groups of applications with privacy leaks across application components in 81 applications and effectively blocks privacy data leaks.
  • Related Articles

    [1]Fu Liguo, Pang Jianmin, Wang Jun, Zhang Jiahao, Yue Feng. Formal Model of Correctness and Optimization on Binary Translation[J]. Journal of Computer Research and Development, 2019, 56(9): 2001-2011. DOI: 10.7544/issn1000-1239.2019.20180513
    [2]Zhou Zhibin, Wang Guojun, Liu Qin, Jia Weijia. A RFID Anonymous Grouping Proof Protocol Using Dual-Layer Verification[J]. Journal of Computer Research and Development, 2018, 55(12): 2674-2684. DOI: 10.7544/issn1000-1239.2018.20170787
    [3]Fu Yanyan, Zhang Min, Chen Kaiqu, Feng Dengguo. Proofs of Data Possession of Multiple Copies[J]. Journal of Computer Research and Development, 2014, 51(7): 1410-1416.
    [4]Li Tao, Zhang Jingzhong. Machine Proofs in Geometry Based on Complex Number Method[J]. Journal of Computer Research and Development, 2013, 50(9): 1963-1969.
    [5]Ma Yanfang, Zhang Min, Chen Yixiang. Formal Description of Software Dynamic Correctness[J]. Journal of Computer Research and Development, 2013, 50(3): 626-635.
    [6]Wang Yong, Fang Juan, Ren Xingtian, and Lin Li. Formal Verification of TCG Remote Attestation Protocols Based on Process Algebra[J]. Journal of Computer Research and Development, 2013, 50(2): 325-331.
    [7]Wang Changjing. Verifying the Correctness of Loop Optimization Based on Extended Logic Transformation System μTS[J]. Journal of Computer Research and Development, 2012, 49(9): 1863-1873.
    [8]Jing Shuxu, He Fazhi, Cai Xiantao, Cheng Yuan. A Method for Object Reference in Collaborative Modeling System[J]. Journal of Computer Research and Development, 2011, 48(11): 2031-2038.
    [9]Si Tiange, Tan Zhiyong, and Dai Yiqi. A Security Proof Method for Multilevel Security Models[J]. Journal of Computer Research and Development, 2008, 45(10): 1711-1717.
    [10]Wang Guilin, Qing Sihan. Security Notes on Two Cheat-Proof Secret Sharing Schemes[J]. Journal of Computer Research and Development, 2005, 42(11): 1924-1927.

Catalog

    Article views (1207) PDF downloads (499) Cited by()

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return