Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges and Solutions for Analyzing Android

Bartel A.; Klein J.; Monperrus M.; Le Traon Y.

首页> 外文期刊>Software Engineering, IEEE Transactions on >Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges and Solutions for Analyzing Android

【24h】

Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges and Solutions for Analyzing Android

机译：提取大型框架权限检查的静态分析：Android分析的挑战和解决方案

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

A common security architecture is based on the protection of certain resources by permission checks (used e.g., in Android and Blackberry). It has some limitations, for instance, when applications are granted more permissions than they actually need, which facilitates all kinds of malicious usage (e.g., through code injection). The analysis of permission-based framework requires a precise mapping between API methods of the framework and the permissions they require. In this paper, we show that naive static analysis fails miserably when applied with off-the-shelf components on the Android framework. We then present an advanced class-hierarchy and field-sensitive set of analyses to extract this mapping. Those static analyses are capable of analyzing the Android framework. They use novel domain specific optimizations dedicated to Android.

机译：常见的安全架构基于通过权限检查（例如，在Android和Blackberry中使用）对某些资源的保护。它有一些限制，例如，当授予应用程序超出其实际需要的权限时，这会促进各种恶意使用（例如，通过代码注入）。对基于权限的框架的分析需要在框架的API方法与其所需的权限之间进行精确映射。在本文中，我们证明了当在Android框架上与现成的组件一起应用时，幼稚的静态分析会惨遭失败。然后，我们提出了一个高级的类层次结构和字段敏感的分析集，以提取此映射。这些静态分析能够分析Android框架。他们使用专门针对Android的新颖领域特定优化。

著录项

来源
《Software Engineering, IEEE Transactions on》 |2014年第6期|617-632|共16页
作者
Bartel A.; Klein J.; Monperrus M.; Le Traon Y.;
展开▼
作者单位

Interdisciplinary Centre for Security, Reliability and Trust, University of Luxembourg, 4, rue Alphonse Weicker, Luxembourg, Kirchberg|c|;

展开▼
收录信息美国《科学引文索引》(SCI);美国《工程索引》(EI);
原文格式 PDF
正文语种 eng
中图分类
关键词
Android; Java; Large scale framework; Soot; call-graph; permissions; security; static analysis;

机译：安卓;Java;大型框架;煤烟;调用图;权限;安全性;静态分析;

相似文献

外文文献
中文文献
专利

1. Static Analysis Tool for Identification of Permission Misuse by Android Applications [J] . Karthick S., Sumitra Binu International Journal of Applied Engineering Research . 2017,第24aPta8期

机译：静态分析工具，用于识别Android应用程序的许可滥用
2. Android Apps:Static Analysis Based on Permission Classification [J] . Zhenjiang Dong, Hui Ye, Yan Wu, 中兴通讯技术（英文版） . 2013,第001期

机译：Android Apps：基于权限分类的静态分析
3. PGFIT: Static permission analysis of health and fitness apps in IoT programming frameworks [J] . Nobakht Mehdi, Sui Yulei, Seneviratne Aruna, Journal of network and computer applications . 2020,第Feba期

机译：PGFIT：IOT编程框架中健康和健身应用的静态许可分析
4. ER Catcher: A Static Analysis Framework for Accurate and Scalable Event-Race Detection in Android [C] . Navid Salehnamadi, Abdulaziz Alshayban, Iftekhar Ahmed, IEEE/ACM International Conference on Automated Software Engineering . 2020

机译：ER捕手：Android中准确和可扩展的事件竞争检测的静态分析框架
5. Exploring Optimal Subsets of Statically Registered Broadcast Receivers and Permissions for the Prediction of Malicious Behavior in Android Applications [D] . Nwobodo, Vincent Chukwuebuka 2019

机译：探索静态注册的广播接收器的最佳子集和Android应用程序中恶意行为预测的权限
6. A Model-Checking-Based Framework for Analyzing Ambient Assisted Living Solutions [O] . Ashalatha Kunnappilly, Raluca Marinescu, Cristina Seceleanu 2019

机译：基于模型检查的环境辅助生活解决方案分析框架
7. Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android [O] . Bartel, Alexandre, Klein, Jacques, Monperrus, Martin, 2014

机译：提取大型框架权限检查的静态分析：Android分析的挑战和解决方案
8. Combining Static Analysis and Model Checking for Software Analysis [R] . Brat, Guillaume, Visser, Willem 2003

机译：结合静态分析和模型检验进行软件分析

Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges and Solutions for Analyzing Android

摘要

著录项

相似文献

相关主题

期刊订阅