在通信过程中,如果Android应用对其私有组件保护不充分,会导致组件暴露漏洞的存在.以往针对Android应用通信过程的漏洞挖掘方法不能准确发现这种安全威胁.为解决上述问题,提出一种结合Fuzzing技术和逆向分析的漏洞挖掘方法,设计并实现了漏洞挖掘工具KMDroid.实验结果表明,KMDroid可以有效挖掘应用通信过程中存在的安全漏洞.%If an Android application could not protect its private components well in the process of inter-application communication,there would exist exposed component vulnerabilities.The current vulnerability mining technique cannot identify such vulnerabilities accurately.To solve this problem,we propose a new vulnerability mining method which combines Fuzzing with reverse analysis,and design a vulnerability mining tool named KMDroid.Experimental results show that KMDroid can discover the vulnerability of inter-application communication effectively.
展开▼