Android Static Taint Analysis of Dynamic Loading and Reflection Mechanism

Yue Hongzhou; Zhang Yuqing; Wang Wenjie; Liu Qixu

doi:10.7544/issn1000-1239.2017.20150928

Journal of Computer Research and Development > 2017 > 54(2): 313-327. > DOI: 10.7544/issn1000-1239.2017.20150928 CSTR: 32373.14.issn1000-1239.2017.20150928

Yue Hongzhou, Zhang Yuqing, Wang Wenjie, Liu Qixu. Android Static Taint Analysis of Dynamic Loading and Reflection Mechanism[J]. Journal of Computer Research and Development, 2017, 54(2): 313-327. DOI: 10.7544/issn1000-1239.2017.20150928

Citation:

PDF (3602 KB)

Android Static Taint Analysis of Dynamic Loading and Reflection Mechanism

¹(State Key Laboratory of Integrated Services Networks (Xidian University), Xi'an 710071)
²(National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 101408)
³(State Key Laboratory of Information Security (Institute of Information Engineering, Chinese Academy of Sciences), Beijing 100093)

More Information

Published Date: January 31, 2017

Graphical Abstract

Abstract

Abstract

Privacy leakage is one of the most important issues in the current Android security. The present most important method to detect privacy leakage is taint analysis. Because of its high code coverage and low false negative, the technique of static taint analysis is widely used in the detection of Android privacy leakage. However, the existing static taint analysis tools cannot do effective taint analysis for Android dynamic loading and reflection mechanism. Taking into account the present situation that Android dynamic loading and reflection mechanism are being used more and more widely, we focus on how to enable static taint analysis tools to effectively deal with Android dynamic loading and reflection mechanism. We modify the Android source code to enable the Android system to timely store the loaded dex files and reflection invocation information during the running process of an Android app. This information will be used to guide the static taint analysis process of the app and a policy that replacing the reflective method invocation with non-reflective method invocation is proposed. Based on these ideas, a taint analysis tool—DyLoadDroid is proposed, which has made some improvements of the state-of-the-art static taint analysis tool—FlowDroid and can do effective taint analysis for Android dynamic loading and reflection mechanism. Sufficient experimental results show that DyLoadDroid is very effective in tackling the problem of static taint analysis of Android dynamic loading and reflection mechanism.
- Android privacy leakage,
- taint analysis,
- dynamic loading,
- reflection

FullText(HTML)

References (0)

[1]	Li Xiangyang, Wang Shanyue, Zhang Chi, Yan Yubo, Tan Haisheng. Enhanced Capacity for Multi-Tag Concurrent Backscatter Communication Systems under Spectrum Constraints[J]. Journal of Computer Research and Development, 2024, 61(11): 2776-2792. DOI: 10.7544/issn1000-1239.202440401
[2]	Guo Fangfang, Wang Xinyue, Wang Huiqiang, Lü Hongwu, Hu Yibing, Wu Fang, Feng Guangsheng, Zhao Qian. A Dynamic Stain Analysis Method on Maximal Frequent Sub Graph Mining[J]. Journal of Computer Research and Development, 2020, 57(3): 631-638. DOI: 10.7544/issn1000-1239.2020.20180846
[3]	Li Zhen, Tang Zhanyong, Li Zhengqiao, Wang Hai, Gong Xiaoqing, Chen Feng, Chen Xiaojiang, Fang Dingyi. An Automatic Detection Method for Privacy Leakage Across Application Components[J]. Journal of Computer Research and Development, 2019, 56(6): 1252-1262. DOI: 10.7544/issn1000-1239.2019.20180548
[4]	Wang Lei, He Dongjie, Li Lian, Feng Xiaobing. Sparse Framework Based Static Taint Analysis Optimization[J]. Journal of Computer Research and Development, 2019, 56(3): 480-495. DOI: 10.7544/issn1000-1239.2019.20180071
[5]	Lu Yemian, Ying Lingyun, Su Purui, Feng Dengguo, Jing Erxia, Gu Yacong. Security Analysis and Evaluation for the Usage of Settings Mechanism in Android[J]. Journal of Computer Research and Development, 2016, 53(10): 2248-2261. DOI: 10.7544/issn1000-1239.2016.20160449
[6]	Li Zhanhui, Liu Chang, Meng Jianyi, Yan Xiaolang. Cache Load Balancing Oriented Dynamic Binary Translation[J]. Journal of Computer Research and Development, 2015, 52(9): 2105-2113. DOI: 10.7544/issn1000-1239.2015.20140220
[7]	Duan Huixian and Li Guangyao. A Fitting Method of Central Catadioptric Line Images[J]. Journal of Computer Research and Development, 2013, 50(4): 823-833.
[8]	Duan Huixian. A Fitting Method of Paracatadioptric Line Images Based on Antipodal Image Points[J]. Journal of Computer Research and Development, 2013, 50(2): 361-370.
[9]	Hu Chaojian, Li Zhoujun, Guo Tao, Shi Zhiwei. Detecting the Vulnerability Pattern of Writing Tainted Value to Tainted Address[J]. Journal of Computer Research and Development, 2011, 48(8): 1455-1463.
[10]	Du Zhao, Wang Xiaoge, Chen Yu. An Overview of Reflective Middleware[J]. Journal of Computer Research and Development, 2005, 42(12): 2041-2047.