Sparse Framework Based Static Taint Analysis Optimization

Wang Lei; He Dongjie; Li Lian; Feng Xiaobing

doi:10.7544/issn1000-1239.2019.20180071

Journal of Computer Research and Development > 2019 > 56(3): 480-495. > DOI: 10.7544/issn1000-1239.2019.20180071 CSTR: 32373.14.issn1000-1239.2019.20180071

Wang Lei, He Dongjie, Li Lian, Feng Xiaobing. Sparse Framework Based Static Taint Analysis Optimization[J]. Journal of Computer Research and Development, 2019, 56(3): 480-495. DOI: 10.7544/issn1000-1239.2019.20180071

Citation:

PDF (3357 KB)

Sparse Framework Based Static Taint Analysis Optimization

(State Key Laboratory of Computer Architecture(Institute of Computing Technology, Chinese Academy of Sciences), Beijing 100190) (University of Chinese Academy of Sciences, Beijing 100049)

More Information

Published Date: February 28, 2019

Graphical Abstract

Abstract

Abstract

At present, privacy preserving is an important research challenge of information system security. Privacy leak detection for applications is an effective solution for privacy preserving. Taint analysis can effectively protect the confidentiality and integrity of information in the system, and report the privacy leak risk of applications in advance. However, the existing static taint analysis tool still has the problem of high analysis overhead especially in high sensitive mode. This work first deeply analyzes that there exists a large number of unrelated propagation which leads to unnecessary expenses in current IFDS-based taint analysis, and statistical results show that the proportion of it is up to 85.5%. Aiming at this problem, this paper attempts to use an effective optimization method, sparse optimization in recent years, to eliminate the unrelated propagation in static taint analysis, and achieve the optimization of time and space cost. We have innovatively extended the classic data flow analysis framework (IFDS) into a sparse form, and provide a corresponding taint analysis algorithm. We implemented a tool called FlowDroidSP. Experimental results show that the tool has 4.8 times of time acceleration and 61.5% memory reduction compared with the original FlowDroid under the non-pruning mode. Under pruning mode, it has an average time of 18.1 times speedup and 76.1% memory reduction.
- privacy leakage detection,
- static program analysis,
- taint analysis,
- program optimization,
- Android

FullText(HTML)

References (0)

[1]	Pan Jianwen, Cui Zhanqi, Lin Gaoyi, Chen Xiang, Zheng Liwei. A Review of Static Detection Methods for Android Malicious Application[J]. Journal of Computer Research and Development, 2023, 60(8): 1875-1894. DOI: 10.7544/issn1000-1239.202220297
[2]	Zheng Wei, Tang Hui, Chen Xiang, Zhang Manqing, Xia Xin. State-of-the-Art Survey of Compatibility Test for Android Mobile Application[J]. Journal of Computer Research and Development, 2022, 59(6): 1370-1387. DOI: 10.7544/issn1000-1239.20210105
[3]	Zhang Bing, Wen Zheng, Wei Xiaoyu, Ren Jiadong. InterDroid: An Interpretable Android Malware Detection Method for Conceptual Drift[J]. Journal of Computer Research and Development, 2021, 58(11): 2456-2474. DOI: 10.7544/issn1000-1239.2021.20210560
[4]	Zhang Lei, Yang Zhemin, Li Mingqi, Yang Min. TipTracer: Detecting Android Application Vulnerabilities Based on the Compliance with Security Guidance[J]. Journal of Computer Research and Development, 2019, 56(11): 2315-2329. DOI: 10.7544/issn1000-1239.2019.20190348
[5]	Tang Benxiao, Wang Lina, Wang Run, Zhao Lei, Wang Danlei. A Defensive Method Against Android Physical Sensor-Based Side-Channel Attack Based on Differential Privacy[J]. Journal of Computer Research and Development, 2018, 55(7): 1371-1392. DOI: 10.7544/issn1000-1239.2018.20170982
[6]	Yue Hongzhou, Zhang Yuqing, Wang Wenjie, Liu Qixu. Android Static Taint Analysis of Dynamic Loading and Reflection Mechanism[J]. Journal of Computer Research and Development, 2017, 54(2): 313-327. DOI: 10.7544/issn1000-1239.2017.20150928
[7]	Lu Yemian, Ying Lingyun, Su Purui, Feng Dengguo, Jing Erxia, Gu Yacong. Security Analysis and Evaluation for the Usage of Settings Mechanism in Android[J]. Journal of Computer Research and Development, 2016, 53(10): 2248-2261. DOI: 10.7544/issn1000-1239.2016.20160449
[8]	Zhang Yuqing, Fang Zhejun, Wang Kai, Wang Zhiqiang, Yue Hongzhou, Liu Qixu, He Yuan, Li Xiaoqi, Yang Gang. Survey of Android Vulnerability Detection[J]. Journal of Computer Research and Development, 2015, 52(10): 2167-2177. DOI: 10.7544/issn1000-1239.2015.20150572
[9]	Zhang Yuqing, Wang Kai, Yang Huan, Fang Zhejun, Wang Zhiqiang, and Cao Chen. Survey of Android OS Security[J]. Journal of Computer Research and Development, 2014, 51(7): 1385-1396.
[10]	Lei Lingguang, Jing Jiwu, Wang Yuewu, Zhang Zhongwen. A Behavior-Based System Resources Access Control Scheme for Android[J]. Journal of Computer Research and Development, 2014, 51(5): 1028-1038.

Cited By

Cited by

Periodical cited type(8)

1.	汪全盛，王田田，马锐，张迎周. 基于动态程序切片和污点分析的安卓应用隐私泄露检测. 小型微型计算机系统. 2025(03): 704-712 .
2.	唐成华，杜征，关晓龙，强保华. 隐式信息流重组粒度与污点传播能力判别. 小型微型计算机系统. 2024(06): 1512-1520 .
3.	尹小康，蔡瑞杰，杨启超，刘胜利. 基于静态和动态混合分析的内存拷贝类函数识别. 软件学报. 2024(07): 3291-3313 .
4.	尹小康，芦斌，蔡瑞杰，朱肖雅，杨启超，刘胜利. 基于控制流和数据流分析的内存拷贝类函数识别技术. 计算机研究与发展. 2023(02): 326-340 . 本站查看
5.	谭添，马晓星，许畅，马春燕，李樾. Java指针分析综述. 计算机研究与发展. 2023(02): 274-293 . 本站查看
6.	吴月明，齐蒙，邹德清，金海. 图卷积网络的抗混淆安卓恶意软件检测. 软件学报. 2023(06): 2526-2542 .
7.	郭帆，范威威. 面向Java EE程序的SQLIA漏洞分析和验证方法. 计算机科学与探索. 2021(02): 270-283 .
8.	胡英杰，张琳琳，赵楷，方文波，于媛尔. 基于静态污点分析的Android隐私泄露检测方法研究. 信息安全学报. 2020(05): 144-151 .