An Automatic Detection Method for Privacy Leakage Across Application Components

Li Zhen; Tang Zhanyong; Li Zhengqiao; Wang Hai; Gong Xiaoqing; Chen Feng; Chen Xiaojiang; Fang Dingyi

doi:10.7544/issn1000-1239.2019.20180548

Journal of Computer Research and Development > 2019 > 56(6): 1252-1262. > DOI: 10.7544/issn1000-1239.2019.20180548 CSTR: 32373.14.issn1000-1239.2019.20180548

Li Zhen, Tang Zhanyong, Li Zhengqiao, Wang Hai, Gong Xiaoqing, Chen Feng, Chen Xiaojiang, Fang Dingyi. An Automatic Detection Method for Privacy Leakage Across Application Components[J]. Journal of Computer Research and Development, 2019, 56(6): 1252-1262. DOI: 10.7544/issn1000-1239.2019.20180548

Citation:

PDF (1170 KB)

An Automatic Detection Method for Privacy Leakage Across Application Components

¹(School of Computer Science and Technology, Northwest University, Xi’an 710075)
²(Shaanxi International Joint Research Centre for the Battery-free Internet of Things, Xi’an 710075)

Funds: This work was supported by the National Natural Science Foundation of China (61672427), the International Cooperation Program of Shaanxi Province (2017KW-008), the International Cooperation Program of Shaanxi Province(2019KW-009), the Key R&D Project of Shaanxi Province (2017GY-191), and the Innovation Research Team of Shaanxi Province (2018SD0011).

More Information

Published Date: May 31, 2019

Graphical Abstract

Abstract

Abstract

In recent years, Android operating system has developed rapidly. A large number of mobile users use Android smart devices as tools for personal communication and work. The privacy information of Android mobile users has become one of the main targets of black industry practitioners. Existing privacy detection research mainly focuses on addressing privacy leakage risk within Android applications, including the detection of privacy leakage within program components, the detection of privacy leakage between components, and the detection of ICC vulnerability. Actually, the behavior of sharing users’ privacy through collaboration among application components is widespread, which causes a large number of users’ privacy information to be leaked. How to effectively detect and prevent privacy leakage between application components is an urgent problem. However, the number of components in Android applications is huge and there are plenty of components unrelated to privacy leaks between applications. Therefore, how to detect possible privacy leaks between applications meets a serious challenge. Aiming at this problem, this paper presents a method to construct a component sequence with potential privacy leaks, and the method uses data flow analysis technology to realize a detection system for privacy leakage between application components, named PLDetect. PLDetect solves the problem of incomplete coverage of code and lagging detection results in the existing technology. Finally, based on the privacy leak path, PLDetect utilizes an encryption-based privacy leak protection method to encrypt privacy information, ensuring that information is effectively prevented from being maliciously transmitted without affecting application runtime performance. The final experiment shows that PLDetect detects 5 groups of applications with privacy leaks across application components in 81 applications and effectively blocks privacy data leaks.
- Android security,
- privacy leakage,
- static analysis,
- data-flow analysis,
- taint analysis

FullText(HTML)

References (0)

[1]	Zhou Peng, Zuo Zhiqiang. Design and Implementation of a Parallel Symbolic Execution Engine Based on Multi-Threading[J]. Journal of Computer Research and Development, 2023, 60(2): 248-261. DOI: 10.7544/issn1000-1239.202220920
[2]	Tian Zhenzhou, Wang Ningning, Wang Qing, Gao Cong, Liu Ting, Zheng Qinghua. Plagiarism Detection of Multi-Threaded Programs by Mining Behavioral motifs[J]. Journal of Computer Research and Development, 2020, 57(1): 202-213. DOI: 10.7544/issn1000-1239.2020.20180871
[3]	Wang Bohong, Liu Yi, Zhang Guozhen, Qian Depei. Debugging Multi-Core Parallel Programs by Gradually Refined Snapshot Sequences[J]. Journal of Computer Research and Development, 2017, 54(4): 821-831. DOI: 10.7544/issn1000-1239.2017.20151060
[4]	Gao Ke, Fan Dongrui, Liu Zhiyong. Decoupling Contention with VRB Mechanism for Multi-Threaded Applications[J]. Journal of Computer Research and Development, 2015, 52(11): 2577-2588. DOI: 10.7544/issn1000-1239.2015.20148178
[5]	Tang Yixuan, Wu Junmin, Chen Guoliang, Sui Xiufeng, Huang Jing. A Utility Based Cache Optimization Mechanism for Multi-Thread Workloads[J]. Journal of Computer Research and Development, 2013, 50(1): 170-180.
[6]	Shou Lidan, Hu Wei, Luo Xinyuan, Chen Ke, and Chen Gang. An Implementation of Attributive Predicate Lock in Database System[J]. Journal of Computer Research and Development, 2012, 49(10): 2260-2270.
[7]	Wen Shuguang, Xie Gaogang. libpcap-MT: A General Purpose Packet Capture Library with Multi-Thread[J]. Journal of Computer Research and Development, 2011, 48(5): 756-764.
[8]	Tian Hangpei, Gao Deyuan, Fan Xiaoya, and Zhu Yian. Memory Request Queue of Multi-Core Multi-Threading Processor for Real-Time Stream Processing[J]. Journal of Computer Research and Development, 2009, 46(10): 1634-1641.
[9]	Wu Ping, Chen Yiyun, Zhang Jian. Static Data-Race Detection for Multithread Programs[J]. Journal of Computer Research and Development, 2006, 43(2): 329-335.
[10]	Yao Nianmin, Shu Jiwu, and Zheng Weimin. The Distributed Lock Scheme in SAN[J]. Journal of Computer Research and Development, 2005, 42(2): 338-343.

Cited By

Cited by

Periodical cited type(5)

1.	彭牧尧，魏建军，王乾舟，王琨. 基于最大最小蚂蚁系统的容迟网络缓存机制. 无线电通信技术. 2023(06): 1095-1103 .
2.	刘涛. 基于机会网络节点定位算法的优化设计. 白城师范学院学报. 2021(02): 38-42 .
3.	刘慧，钱育蓉，张振宇，杨文忠. 机会网络中基于陌生节点的竞争转发策略. 计算机工程与设计. 2021(10): 2710-2717 .
4.	龙浩，张书奎，张力. 一种车载机会网络文件调度与数据传输算法. 计算机应用与软件. 2020(04): 82-88 .
5.	葛宇，梁静. 基于相遇概率时效性和重复扩散感知的机会网络消息转发算法. 计算机应用. 2020(05): 1397-1402 .