摘要
摘要
随着移动互联网的普及和智能手机的广泛使用,Android系统已经成为智能手机市场最主流的操作系统。Android操作系统的成功在一定程度上归因于其通信模型,即组件间通信(ICC),该模型促进了具有松散耦合特点的Android应用程序的开发。Android应用组件间的数据交换可以发生在单个应用程序上,也可以跨越多个应用程序。不幸的是,提供组件间数据交换机制的ICC模型会被Android恶意程序滥用,从而对移动终端用户的隐私造成严重的威胁。因此,对于检测Android恶意应用的隐私数据泄露来说,ICC分析将扮演一个极其关键的角,其分析结果能够直接影响泄露检测的准确性。
然而,在现有的ICC分析方法中,均没有考虑到组件间意图修改(一个Intent 在启动目标组件后、且在定义该Intent的组件外发生的修改,Inter-Component Intent Revision,ICIR)的使用。因此,与ICIR相关的隐私数据泄露可能会逃脱追踪。
本文致力于Android应用中包含ICIR的ICC分析,主要贡献分为以下几点:
1. 根据Android应用组件间通信模型的特点以及现有工具的缺点,提出相关的分析理论和方法。(1) 通过使用插桩的方法对Android应用程序进行分析,并对分析的结果进行整合,从而获得与ICIR相关的ICC值。
(2) 在补充分析ICIR的基础上,将污点流分析工具广泛使用的ICC Link模型扩展为表达性更强的ICC Flow (Inter-Component Communication Flow,ICCF)。(3) 为了更加直观地提供ICC分析结果,本文构建了ICCG(Inter-Component Communication Graph,ICCG),ICCG较ICCF更便于访问和使用。
2. 基于已有的工具Soot和IC3,实现了Android应用组件间通信分析工具Icca,该工具不仅能分析ICIR相关的ICC值,构建ICCF、ICCG,而且提供面向污点流分析工具IccTA的接口,从而使得该污点流分析工具的结果更加完备。
3. 为了测试方法的正确性和有效性,以及工具Icca的健壮性,本文设计了一系列的实验。该实验涵盖2260个Android应用程序,包括在Google Play上随机下载的1000个Android应用,以及MalGenome数据集中的1260个恶意Android应用。而且,本文从ICIR分析、目标组件分析等五个方面对Icca进行评估,总体结果是令人满意的。
安卓intent用法关键词:安卓应用程序,组件间通信,复用意图,组件间意图修改,组件间通信流,组件间通信图
ABSTRACT
ABSTRACT
With the popularity of mobile Internet and the widespread use of smart phones, Android has become the most popular operating system at the smartphone market. The success of Android OS can partially be attributed to the communication model, named Inter-Component Communication (ICC), which promotes the development of loosely coupled applications. Specifically, the applications are divided into components that can exchange data within a single application and across several applications. Unfortunately, the ICC models which provide a mechanism for data exchanging between components can be misused by malicious applications to threaten users' privacy. Thus, to detect privacy leaks in Android malware, ICC analyzing plays a fundamental role which directly affects the accuracy in tracking leaks.
However, in the existing ICC analysis approaches, Inter-Component Intent Revision (ICIR), i.e. revision of an Intent i outside the component where i is created, is not considered such that lots of potential leaks will escape from being tracked.
This paper is dedicated to ICC analysis containing ICIR in Android applications, the contributions are summarized as follows:
1. According to the attributes of the Inter-Component Communication in Android applications and the
shortcomings of the existing tools, the relative analysis theory and method are put forward. (1) The Android application is analyzed by using the plug-in method. To obtain more complete ICC values of ICIR, we integrate the results of ICC analysis. (2) On the basis of the analysis of ICIR, the ICC Link model, which is widely used in Flow, is extended to the ICCF (Inter-Component Communication, ICCF), which is more expressive. (3) In order to provide ICC analysis results for leak detecting tools, this paper constructs ICCG (Inter-Component Communication Graph, ICCG). Compared with ICCF, ICCG is not only more convenient to access, but also makes the results more accurate in the leak detection.
2. Based on the existing tools of Soot and IC3, we design the basic framework of Inter-Component Communication analysis tools on Android applications, called Icca. The
tool can analyze ICIR values, construct ICCF, build ICCG, and provide interface for the taint flow analysis tool called IccTA. Naturally, the results of IccTA will be more complete.
3. In order to check the correctness and effectiveness of our method, as well as the robustness of Icca, we conduct a series of experiments. The experiments cover 2260 Android applications, includin
g 1000 apps which are downloaded from Google Play randomly, and 1260 malicious apps from MalGenome dataset. Moreover, Icca is evaluated from five aspects such as ICIR analysis and targeting components in this thesis, and the results are encouraging.
Keywords: Android application, Inter-Component Communication (ICC), Reuse Intent, Inter-Component Intent Revision, ICC Flow, ICC Graph
插图索引
插图索引
图1.1Android恶意软件样本数量图 (2)
图1.2Android应用实例 (4)
图2.1Android系统分层结构图 (11)
图2.2Activity栈(Task) (13)
图2.3Activity生命周期图 (15)
图2.4Service生命周期图 (16)
图3.1Soot整体结构 (21)
图3.2Soot内部代码的转化和优化过程 (22)
图3.3MVC常量分析过程 (24)
图3.4sendMessage()方法代码 (24)
图3.5IccTA执行框架 (26)
图4.1整体方法流程 (27)
图4.2Icca工具运行框架 (28)
图4.3插桩模块工作流程 (29)
图4.4Android应用插桩模块算法框架 (30)
图4.5查ICIR的具体算法 (31)
图4.6MyIntent的数据结构 (31)
图4.7DataAndType数据结构 (32)
图4.8ExitPoint数据结构 (32)
图4.9Reuse Intent实例 (33)
图4.10插桩位置确定模块算法 (34)
图4.11遍历CallGraph确定插桩位置算法 (34)
图4.12Android应用插桩流程 (35)
图4.13Android应用插桩算法 (36)
图4.14插桩后的ExampleDes实例 (37)
图4.15组件间通信分析模块流程图 (37)
图4.16ICIR值整合模块算法 (38)
图4.17定位目标组件模块流程图 (40)
图4.18隐式Intent实例及Intent Filter信息 (40)
图4.19定位目标组件模块算法 (41)
图4.20IntentFilter使用的数据结构 (42)
图4.21结果生成及应用模块框架图 (42)
图4.22FlowNode的数据结构 (43)
图4.23ICCF构建模块算法 (44)
图4.24Android应用实例对应的ICCF (44)
图4.25ICCGraph的数据结构 (45)
图4.26ICCGraph涉及的其它数据结构 (46)
图4.27ICCG构建模块算法 (47)
图4.28Android应用实例对应的ICCG (47)
图4.29ICCLink的数据结构 (48)
图4.30IccTA接口构建模块算法 (48)
图5.1GooglePlay中修改属性与总体的对比结果 (53)
图5.2MalGenome中修改属性与总体的对比结果 (54)
图5.3插桩前后运行时间表现 (56)
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论