Android(操作系统)
计算机科学
密码学
计算机安全
密码原语
静态分析
嵌入式系统
密码协议
操作系统
程序设计语言
作者
Guosheng Xu,X. Sean Wang,Cheng Bo Yu,Haoran Zhao,Yajuan Guo,Jinghong Guo,Chenyu Wang
标识
DOI:10.1145/3603273.3634708
摘要
Android applications are developing rapidly in the Internet era, and the security functions in Android applications are becoming more and more important. When developing security functions in Android applications, cryptographic APIs are mainly used to deal with functions related to user privacy and important data protection. If the developers do not have a solid grasp of cryptographic basics or use the relevant cryptographic API calls incorrectly, it will cause the risk of leaking the private information of Android applications. In the existing research on cryptographic misuse of Android applications, static detection methods have the problems of high false alarm rates and low accuracy, while dynamic detection methods often have low coverage of misuse rules due to targeting specific misuse. Therefore, this paper proposes a cryptographic misuse detection method for Android applications based on the combination of dynamic and static methods, using a combination of static detection based on program slicing and dynamic detection based on logging technology to realize misuse detection, and proposes a more comprehensive cryptographic misuse rule set. Through the comparison experiments with existing tools, it is proved that the proposed method has significant improvement in both accuracy and coverage, and has better misuse detection capability.
科研通智能强力驱动
Strongly Powered by AbleSci AI