CN104992112A - Method and device used for detecting sensitive information leakage of Android - Google Patents
Method and device used for detecting sensitive information leakage of Android Download PDFInfo
- Publication number
- CN104992112A CN104992112A CN201510255820.XA CN201510255820A CN104992112A CN 104992112 A CN104992112 A CN 104992112A CN 201510255820 A CN201510255820 A CN 201510255820A CN 104992112 A CN104992112 A CN 104992112A
- Authority
- CN
- China
- Prior art keywords
- function
- sensitive information
- built
- sendtobytes
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/556—Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6281—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Databases & Information Systems (AREA)
- Bioethics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention relates to a method used for detecting sensitive information leakage of the Android. The function names of a library function ioctl (), a library function sendToBytes (), and a library function SSLWrite () are prefixed in a natinve layer, the library function ioctl (), the library function sendToBytes (), and the library function SSLWrite () are packed to form shell functions, the packed library function ioctl () can mark stains of an application process to be detected, the packed library function sendToBytes () and the packed library function SSLWrite () can carry out stain inspection to plaintexts and ciphertexts of the application process to be detected, and therefore the probability of missed detection can be reduced. In the application layer, a control module can customize sensitive information, and can carry out calculating and early warning to the dangerous level of the application process to be detected, static instrumentation of the application process to be detected is not needed, the execution environment does need to be reconfigured, dynamic stain detection of the natinve layer can be achieved, the detection environments are layered and are connected with one another, and the method used for detecting sensitive information leakage of the Android can be implemented simply, and can pre-warn people about danger classes.
Description
Technical field
The invention belongs to and detect sensitive information leakage field, be specifically related to a kind of method and apparatus detecting Android system sensitive information leakage.
Background technology
Due to characteristics such as Android increase income, Android has become the most popular mobile terminal operating system in the whole world.According to the investigational data display 2014 third seasons of StrategyAnalytics, android system market share is 83.6%, occupies Mobile operating system market first.Along with the widespread use of Android mobile device, large-scale malicious application also produces thereupon.To 2013, the share that Android accounts for global mobile malicious application was 97%.
The application of being issued by a large amount of unofficial market (comprising official market google play) can be found out, owing to lacking effective testing mechanism, malicious application is spread unchecked.Malicious application is mainly divided into consumes resources type, destroys system type, and type of maliciously deducting fees, steals private data type etc.Nowadays, a lot of user saves a large amount of individual privacy data at mobile terminal, and a lot of business people also saving trade secret data, and these data become the target that increasing malicious application is stolen.
The method of current detection android privacy leakage main flow has Static and dynamic two kinds.By inverse compiling technique, static method finds that the sensitive data whether had in source code reveals approach.Dynamic approach is the behavioural information of collection procedure when running, and it is mutual to detect between application program and external environment condition, thus has judged whether malicious act.Dynamic stain analysis is a kind of typical privacy leakage detection method, and usually need three links, stain marks, and tainting and dust detection, belong to the category of dynamic testing method.
The existing detection method based on stain, normally by the specific blot detecting system of customization, is carried out static state or dynamic pitching pile to Android system or simulator, is added stain label, trigger corresponding behavior, detect when program is run.These methods mostly need to configure complicated Android system or simulator environment, pitching pile process more complicated, are usually difficult to accurate trigger malicious behavior and occur, also cannot detect the leakage of password etc. of stain data.
At present, Chinese patent application publication No. is that CN103177210A discloses a kind of method implanting dynamic stain analysis module in Android, the method carries out static pitching pile to the system class libraries of android system and application program, by the method reconstruct execution environment of redirection of virtual machine run function, the system class libraries after pitching pile can be quoted when application program is loaded, in operational process, the synchronous operation of dynamic stain analysis module, implements dynamic stain trace analysis.Although the method does not need amendment android system source code and system architecture, but all to carry out static pitching pile to system class libraries and application to be measured, also need to reconstruct execution environment, realize complicated, and stain data cannot be detected reveal with ciphertext form, more cannot self-defined sensitive data source the danger classes etc. of early warning application to be measured.
Summary of the invention
The present invention carries out to solve above-mentioned problem, object be to provide a kind of realize simple, can self-defined sensitive information and can simultaneously detect with expressly or the stain data revealed of ciphertext form can the method and apparatus of detection Android system sensitive information leakage of early warning danger classes.
The invention provides a kind of realization simple, can self-defined sensitive information and can simultaneously detect with expressly or the stain data revealed of ciphertext form can the method for detection Android system sensitive information leakage of early warning danger classes, it is characterized in that, comprise the following steps: step 1, by the function name prefixing of built-in function ioctl (), built-in function sendtoBytes () and built-in function SSL_write (), then form so file, import in android native layer;
Step 2, built-in function ioctl (), the built-in function sendtoBytes () and the built-in function SSL_write () that function body corresponding to built-in function ioctl (), built-in function sendtoBytes () and built-in function SSL_write () are passed through prefixing corresponding in invocation step 1 form corresponding shell function respectively, then form so file, import in android native layer;
Step 3, definition sensitive information, is stored in shared region by the information of all sensitive information processes and application process to be measured;
Step 4, when application process to be measured call described built-in function ioctl () carry out process communication and access object process belong to coexistence time, adopt sensitive information process, the constant stain data of mark and the tlv triple stain mark pattern of access sensitive information weight carry out stain mark to described application process to be measured and form label information, and by position, marked position corresponding in shared region, the constant stain data of described mark are stored into share and deposit in the marked data in district;
Step 5, carries out dust detection according to label information to the packet that shell function sendtoBytes () and shell function SSL_write () send;
Step 6, judges that the described packet comprising label information is the need of again detecting;
Step 7, calculates the access sensitive information weight sum in application process to be measured and the danger classes of early warning application process to be measured.
The method of detection Android system sensitive information leakage of the present invention can also have such feature: wherein, the function signature of the function signature of shell function and built-in function ioctl (), built-in function sendtoBytes () and built-in function SSL_write () just as.
The method of detection Android system sensitive information leakage of the present invention can also have such feature: wherein, when described application to be measured does not use cryptographic algorithm, what shell function sendtoBytes () sent is clear data bag, the encrypt data bag for transport layer SSL encryption that shell function SSL_write () sends; When described application to be measured uses cryptographic algorithm, two shell functions all send encrypt data bag.
The method of detection Android system sensitive information leakage of the present invention can also have such feature: wherein, step 6 comprises following steps:
Step 6-1, the packet that buffer memory comprises label information is to the checked data of shared region and weight position; Step 6-2, if checked data is consistent with marked data, then remarked is for setting to 0, if checked data and marked data is inconsistent, then remarked is for putting 1, the value of temporary checked data, re-starts stain mark and detects.
The present invention also comprises the device detecting Android system sensitive information leakage, it is characterized in that, comprises: stain mark module, be positioned at android native layer, for carrying out stain mark to application process to be detected; Dust detection module, is positioned at android native layer, for filtering and intercepting and capturing the packet that shell function sendtoBytes () and shell function SSL_write () send; Control module, be positioned at android application layer, for User Defined sensitive information, search the information of all sensitive information processes and application process to be detected voluntarily and write in shared region, receive the described packet that described dust detection module sends, and described packet is calculated, to the danger classes of application process to be detected described in testing staff's early warning; And sharing storage module, be positioned at the global data district of process, for storing described application process to be detected, sensitive information process and label information.
The effect of invention and effect
According to the method for detection Android system sensitive information leakage involved in the present invention, by by the built-in function ioctl () at natinve layer, the function name prefixing of built-in function sendtoBytes () and built-in function SSL_write (), and to built-in function ioctl (), built-in function sendtoBytes () and built-in function SSL_write () adds hull shape and becomes shell function, the built-in function ioctl () adding shell can carry out stain mark to application process to be measured, the built-in function sendtoBytes () and the built-in function SSL_write () that add shell can carry out expressly and the stain inspection of ciphertext application process to be measured, thus reduce false dismissal probability, in application layer, control module can self-defined sensitive information, and the hazard level of application to be measured is calculated and early warning, the method of detection Android system sensitive information leakage therefore involved in the present invention does not need to carry out static pitching pile to application to be measured, do not need to reconstruct execution environment yet, namely the dynamic dust detection of natinve layer can be realized, and testing environment layering is interconnected, realize simple, and can early warning danger classes.
Accompanying drawing explanation
Fig. 1 is the process flow diagram of the method detecting Android system sensitive information leakage in embodiments of the invention; And
Fig. 2 is the structural drawing of the device detecting Android system sensitive information leakage in embodiments of the invention.
Concrete case study on implementation
The technological means realized to make the present invention, creation characteristic, reach object and effect is easy to understand, following examples are specifically addressed the method and apparatus of detection Android system sensitive information leakage of the present invention by reference to the accompanying drawings.
In Android, some sensitive informations, such as address list, photograph album, view log etc., are all store with the form of system service, access these information, must access corresponding service processes.
Malicious application obtains sensitive information data, and major part can send to remote server by network.These sensitive information data are sent by plaintext or ciphertext.Two the local library functions called are sendtoBytes () and SSL_write ().
Fig. 1 is the process flow diagram of the method detecting Android system sensitive information leakage in embodiments of the invention.
As shown in Figure 1, detect the method for Android system sensitive information leakage for detecting the malicious application in Android system, prevent malicious application from wantonly propagating, the method of detection Android system sensitive information leakage of the present invention realizes simple, can self-defined sensitive information and can simultaneously detect with expressly or the stain data revealed of ciphertext form can early warning danger classes.The method 100 detecting Android system sensitive information leakage comprises following steps:
Step S1, derive the shared library file of the built-in function ioctl (), built-in function sendtoBytes () and the built-in function SSL_write () that comprise in android local library respectively, resolution file obtains file prototype, then the built-in function ioctl () given, built-in function sendtoBytes () and built-in function SSL_write () function name prefixing, be compiled into so file, again import in local library layer.
To function name prefixing, as added " ctlmark_ ", obtain with ctlmark_ioctl (), ctlmark_sendtoBytes (), the form that ctlmark_SSL_write () names, will with ctlmark_ioctl (), ctlmark_sendtoBytes (), after the built-in function that ctlmark_SSL_write () names is compiled into so file, again import in local library layer.Then step S2 is entered.
Step S2, function body corresponding to built-in function ioctl (), built-in function sendtoBytes () and described built-in function SSL_write () is formed corresponding shell function respectively by built-in function ioctl (), the built-in function sendtoBytes () of prefixing corresponding in invocation step 1 and built-in function SSL_write (), then form so file, import in local library layer.
Stain mark module:
Mark.so comprises following content:
ioctl(para…){
Stain mark function code;
Pass ginseng code;
return ctlmark_ioclt(para…);
}
Dust detection module:
Check.so comprises following content:
sendToBytes(para…){
Measuring ability code;
Pass ginseng code;
return ctlmark_sendToBytes(para…);
}
SSLWrite(para…){
Measuring ability code;
Pass ginseng code;
return ctlmark_SSLWrite(para…);
}
Finally mark.so, check.so are imported in local library layer.
Then step S3 is entered.
Step S3, in application layer, self-defined sensitive information, is stored in the information of all sensitive information processes and application process to be measured in shared region.
In application layer, control module apk file is installed, user is self-defined sensitive information in the control module, then, control module searches the PID of all sensitive information processes and the PID of application process to be measured automatically, the PID of following sensitive information process represents with SPID, and the PID of application process to be measured represents with MPID, and is stored in shared region by SPID and MPID.Then step S4 is entered.
Step S4, when MPID Using Call Library Function ioctl () carries out process communication, if the PID of object process belongs to shared region, then stain mark is carried out to the PID of object process and form label information, mark pattern is tlv triple <SPID, data, weight>, wherein, SPID is the PID of sensitive information process, data is the constant stain data marked, and weight is the weight of access sensitive information, then by position, marked position corresponding in shared region, and data is stored in the marked data of shared region.Then step S5 is entered.
Step S5, carries out dust detection according to label information to the packet that shell function sendtoBytes () and shell function SSL_write () send.
When MPID does not use cryptographic algorithm, what shell function sendtoBytes () sent is clear data bag, the encrypt data bag for transport layer SSL encryption that shell function SSL_write () sends; When MPID uses cryptographic algorithm, two shell functions all send encrypt data bag.
If the position, marked position in shared region, then dust detection module detects the packet intercepted and captured shell function the sendtoBytes () packet that sends and shell function SSL_write () and send, and sends to control module.PID as object process is the PID marked by stain, be then sent to control module, if the PID of object process is not labeled, then abandons.Then step S6 is entered.
Step S6, judges that the packet comprising label information is the need of again detecting.
Control module does following process after receiving packet:
Step S6-1, temporary cache <SPID, data, weight> packet is to shared memory checked data, weight position.
Step S6-2, judge that the packet comprising label information is the need of heavily examining, when checkeddata and marked data consistent time, the marked data such as marked is " 0000 ", the checked data received also is " 0000 ", then remarked is for setting to 0, and then enters step S7; When checked data and marked data inconsistent time, remarked is set to 1, this checked data value temporary, then step S4 is entered, re-start stain mark and detect, the checked data before if the checked data received can reappear, then the weight of the SPID and correspondence that record MPID access is in shared region.Whether the marked data such as marked is " 0000 ", and the checked data received is " 8888 ", and again marking marked data is " 0000 ", check the checked dataa received can reappear " 8888 ".Also can change a constant value again to verify.
Step S7, in application layer, calculates the weight sum of all SPID the danger classes of early warning MPID that in shared region, same MPID is corresponding, then enters done state.
Fig. 2 is the structural drawing of the device detecting Android system sensitive information leakage in embodiments of the invention.
As shown in Figure 2, the device 200 detecting Android system sensitive information leakage comprises: stain mark module 210 and dust detection module 220, control module 230, sharing storage module 240.
Stain mark module 210 is positioned at android native layer, during for communicating to application process IPC to be detected, carries out stain mark.The built-in function ioctl () communicated by IPC BinDer is added hull shape and becomes shell function to realize stain mark function.The built-in function ioctl () adding shell is arranged in the shared library mark.so of android native layer.
Dust detection module 220 is positioned at android native layer, for filtering and intercepting and capturing the packet that shell function sendtoBytes () and shell function SSL_write () send.Shell function is become to realize the function of dust detection by adding hull shape to built-in function sendtoBytes () and built-in function SSL_write ().Add the shared library check.so that the built-in function sendtoBytes () of shell and built-in function SSL_write () is arranged in androidnative layer.
Control module 230 is positioned at android application layer, for the list of User Defined sensitive information, search the PID of sensitive information process and the PID of malicious process voluntarily, and write shared memory, start and wait for thread and receive the packet that dust detection module sends, to calculate and to testing staff's early warning danger classes.
Sharing storage module 240, is positioned at the global data district of control module process, for storing described application process to be detected, sensitive information process and label information.
The effect of embodiment and effect
The method of the detection Android system sensitive information leakage involved by the present embodiment, by at natinve layer by built-in function ioctl (), the function name prefixing of built-in function sendtoBytes () and built-in function SSL_write (), and to built-in function ioctl (), built-in function sendtoBytes () and built-in function SSL_write () adds hull shape and becomes shell function, the built-in function ioctl () adding shell can carry out stain mark to application process to be measured, the built-in function sendtoBytes () and the built-in function SSL_write () that add shell can carry out expressly and the stain inspection of ciphertext application process to be measured, thus reduce false dismissal probability, in application layer, control module can self-defined sensitive information, and the hazard level of application to be measured is calculated and early warning, the method of the detection Android system sensitive information leakage therefore involved by the present embodiment does not need to carry out static pitching pile to application to be measured, do not need to reconstruct execution environment yet, namely the dynamic dust detection of natinve layer can be realized, and testing environment layering is interconnected, realize simple, and can early warning danger classes.
Above-mentioned embodiment is preferred case of the present invention, is not used for limiting the scope of the invention.
Claims (5)
1. detect a method for Android system sensitive information leakage, for detecting the malicious application in Android system, preventing the propagation of malicious application, it is characterized in that, comprising the following steps:
Step 1, by the function name prefixing of built-in function ioctl (), built-in function sendtoBytes () and built-in function SSL_write (), then forms so file, imports in android native layer;
Step 2, built-in function ioctl (), the built-in function sendtoBytes () and the built-in function SSL_write () that function body corresponding to described built-in function ioctl (), described built-in function sendtoBytes () and described built-in function SSL_write () are passed through prefixing corresponding in invocation step 1 form corresponding shell function respectively, then form so file, import in android native layer;
Step 3, in application layer, definition sensitive information, is stored in shared region by the information of all sensitive information processes and application process to be measured;
Step 4, when described application process to be measured call described built-in function ioctl () carry out process communication and access object process belong to described coexistence time, adopt sensitive information process, the constant stain data of mark and the tlv triple stain mark pattern of access sensitive information weight carry out stain mark to described application process to be measured and form label information, and by position, marked position corresponding in described shared region, the constant stain data of described mark are stored into described sharing and deposit in the marked data in district;
Step 5, carries out dust detection according to described label information to the packet that shell function sendtoBytes () and shell function SSL_write () send;
Step 6, judges that the described packet comprising described label information is the need of again detecting;
Step 7, in application layer, calculates described access sensitive information weight sum in described application process to be measured and the danger classes of application process to be measured described in early warning.
2. the method for detection Android system sensitive information leakage according to claim 1, is characterized in that:
Wherein, the function signature of described shell function and described built-in function ioctl (), described built-in function sendtoBytes () and described built-in function SSL_write () function signature just as.
3. the method for detection Android system sensitive information leakage according to claim 1, is characterized in that:
Wherein, when described application to be measured does not use cryptographic algorithm, what described shell function sendtoBytes () sent is clear data bag, the encrypt data bag for transport layer SSL encryption that described shell function SSL_write () sends; When described application to be measured uses cryptographic algorithm, two described shell functions all send encrypt data bag.
4. the method for detection Android system sensitive information leakage according to claim 1, is characterized in that:
Wherein, step 6 comprises following steps:
Step 6-1, the described packet that buffer memory comprises described label information is to the checked data of described shared region and weight position;
Step 6-2, if described checked data is consistent with described marked data, then remarked is for setting to 0, if described checked data and described marked data is inconsistent, then remarked is for putting 1, the value of temporary described checked data, re-starts stain mark and detects.
5. a device for the detection Android system sensitive information leakage as described in Claims 1-4, is characterized in that, comprise:
Stain mark module, is positioned at android native layer, for carrying out stain mark to application process to be detected;
Dust detection module, is positioned at android native layer, for filtering and intercepting and capturing the packet that shell function sendtoBytes () and shell function SSL_write () send;
Control module, be positioned at android application layer, for User Defined sensitive information, search all sensitive information processes and application process to be detected voluntarily and write in shared region, receive the described packet that described dust detection module sends, and described packet is calculated, to the danger classes of application process to be detected described in testing staff's early warning; And
Sharing storage module, is positioned at the global data district of process, for storing described application process to be detected, sensitive information process and label information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510255820.XA CN104992112B (en) | 2015-05-19 | 2015-05-19 | The method and apparatus for detecting Android system sensitive information leakage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510255820.XA CN104992112B (en) | 2015-05-19 | 2015-05-19 | The method and apparatus for detecting Android system sensitive information leakage |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104992112A true CN104992112A (en) | 2015-10-21 |
| CN104992112B CN104992112B (en) | 2017-10-13 |
Family
ID=54303925
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510255820.XA Expired - Fee Related CN104992112B (en) | 2015-05-19 | 2015-05-19 | The method and apparatus for detecting Android system sensitive information leakage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104992112B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105825087A (en) * | 2016-03-16 | 2016-08-03 | 福建联迪商用设备有限公司 | ELF shared library protection method and system thereof |
| CN107958018A (en) * | 2017-10-17 | 2018-04-24 | 北京百度网讯科技有限公司 | Data-updating method, device and computer-readable medium in caching |
| CN109409080A (en) * | 2018-10-09 | 2019-03-01 | 北京北信源信息安全技术有限公司 | A kind of browser HTTPS auditing method and device |
| CN110413420A (en) * | 2019-01-23 | 2019-11-05 | 腾讯科技(深圳)有限公司 | Data transmission method, device, terminal and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080016339A1 (en) * | 2006-06-29 | 2008-01-17 | Jayant Shukla | Application Sandbox to Detect, Remove, and Prevent Malware |
| US20110271343A1 (en) * | 2010-04-28 | 2011-11-03 | Electronics And Telecommunications Research Institute | Apparatus, system and method for detecting malicious code |
| CN103559446A (en) * | 2013-11-13 | 2014-02-05 | 厦门市美亚柏科信息股份有限公司 | Dynamic virus detection method and device for equipment based on Android system |
| CN104504337A (en) * | 2014-12-31 | 2015-04-08 | 中国人民解放军理工大学 | Method for detecting malicious application disclosing Android data |
-
2015
- 2015-05-19 CN CN201510255820.XA patent/CN104992112B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080016339A1 (en) * | 2006-06-29 | 2008-01-17 | Jayant Shukla | Application Sandbox to Detect, Remove, and Prevent Malware |
| US20110271343A1 (en) * | 2010-04-28 | 2011-11-03 | Electronics And Telecommunications Research Institute | Apparatus, system and method for detecting malicious code |
| CN103559446A (en) * | 2013-11-13 | 2014-02-05 | 厦门市美亚柏科信息股份有限公司 | Dynamic virus detection method and device for equipment based on Android system |
| CN104504337A (en) * | 2014-12-31 | 2015-04-08 | 中国人民解放军理工大学 | Method for detecting malicious application disclosing Android data |
Non-Patent Citations (2)
| Title |
|---|
| 任飞飞等: "《跨主机动态污点跟踪技术研究》", 《计算机工程》 * |
| 黄强等: "《基于信息流策略的污点传播分析及动态验证》", 《软件学报》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105825087A (en) * | 2016-03-16 | 2016-08-03 | 福建联迪商用设备有限公司 | ELF shared library protection method and system thereof |
| CN105825087B (en) * | 2016-03-16 | 2019-07-26 | 福建联迪商用设备有限公司 | The guard method of ELF shared library and its system |
| CN107958018A (en) * | 2017-10-17 | 2018-04-24 | 北京百度网讯科技有限公司 | Data-updating method, device and computer-readable medium in caching |
| CN109409080A (en) * | 2018-10-09 | 2019-03-01 | 北京北信源信息安全技术有限公司 | A kind of browser HTTPS auditing method and device |
| CN110413420A (en) * | 2019-01-23 | 2019-11-05 | 腾讯科技(深圳)有限公司 | Data transmission method, device, terminal and storage medium |
| CN110413420B (en) * | 2019-01-23 | 2024-01-30 | 腾讯科技(深圳)有限公司 | Data transmission method, device, terminal and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104992112B (en) | 2017-10-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104766012B (en) | The data safety dynamic testing method and system followed the trail of based on dynamic stain | |
| US11080399B2 (en) | System and method for vetting mobile phone software applications | |
| CN104992112A (en) | Method and device used for detecting sensitive information leakage of Android | |
| US9280665B2 (en) | Fast and accurate identification of message-based API calls in application binaries | |
| US10686821B2 (en) | Analysis of mobile applications | |
| US10754717B2 (en) | Fast and accurate identification of message-based API calls in application binaries | |
| CN107729121A (en) | Simulator detection method and device | |
| CN107870860A (en) | Bury a checking system and method | |
| CN108777687B (en) | Crawler intercepting method based on user behavior portrait, electronic equipment and storage medium | |
| CN105631326A (en) | Security protection method and device for sensitive information | |
| CN103336730B (en) | A kind of data back up method based on cloud storage and system | |
| CN110197075A (en) | Resource access method, calculates equipment and storage medium at device | |
| WO2018133654A1 (en) | Protected positioning method and device | |
| CN107729750A (en) | With reference to configuration information and the Android simulator detection method and device of ardware feature | |
| CN110224897A (en) | Vulnerable network test method, device, mobile device and the storage medium of application program | |
| CN106874763A (en) | The Android software malicious act triggering system and method for modelling customer behavior | |
| CN107733837A (en) | Method for detecting abnormality and device based on application layer Network Abnormal message | |
| CN106302515B (en) | A kind of method and apparatus of web portal security protection | |
| CN106888238A (en) | A kind of method of data synchronization and device | |
| CN104298918A (en) | Virus scanning method and system based on data block in virtual machine | |
| CN107341389B (en) | The method and device for preventing equipment to be multiplexed | |
| CN103034584B (en) | The method and apparatus of test distributed lock | |
| CN112257037A (en) | Process watermarking method and system and electronic equipment | |
| CN105868622A (en) | Method and device for controlling startup of application | |
| CN105678187A (en) | Intelligent terminal privacy data protection method and system based on Android system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20171013 Termination date: 20200519 |