CN109977670B - Android application security monitoring method based on plug-in loading and storage medium - Google Patents

Android application security monitoring method based on plug-in loading and storage medium Download PDF

Info

Publication number
CN109977670B
CN109977670B CN201910183861.0A CN201910183861A CN109977670B CN 109977670 B CN109977670 B CN 109977670B CN 201910183861 A CN201910183861 A CN 201910183861A CN 109977670 B CN109977670 B CN 109977670B
Authority
CN
China
Prior art keywords
plug
information
detection
application
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910183861.0A
Other languages
Chinese (zh)
Other versions
CN109977670A (en
Inventor
刘德建
周友禄
张晓威
黄文成
林琛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian TQ Digital Co Ltd
Original Assignee
Fujian TQ Digital Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian TQ Digital Co Ltd filed Critical Fujian TQ Digital Co Ltd
Priority to CN201910183861.0A priority Critical patent/CN109977670B/en
Publication of CN109977670A publication Critical patent/CN109977670A/en
Application granted granted Critical
Publication of CN109977670B publication Critical patent/CN109977670B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
    • G06F9/44526Plug-ins; Add-ons
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Abstract

The invention provides an android application security monitoring method and a storage medium based on plug-in loading, wherein the method comprises the following steps: defining a detection plug-in base class; constructing a detection plug-in library by inheriting a detection plug-in base class and storing the detection plug-in library to the local; updating a local detection plug-in library according to a latest detection plug-in list acquired from a cloud server at regular time; acquiring relevant information parameters of an apk file of an application to be detected, organizing the relevant information parameters into an information dictionary format, and storing the information dictionary format; dynamically loading and detecting all plug-ins in the plug-in library; transmitting related information parameters of an information dictionary format; and executing the loaded plug-ins in sequence. The invention not only has the function of automatically updating the detection plug-in, but also can ensure that the latest security hole can be detected timely and accurately, and the detection rate is improved; and moreover, the efficiency and the collaboration of plug-in iterative development and maintenance can be obviously improved by defining and detecting a plug-in base class, so that comprehensive security detection on android application can be efficiently realized.

Description

Android application security monitoring method based on plug-in loading and storage medium
Technical Field
The invention relates to the field of information security, in particular to an android application security monitoring method and a storage medium based on plug-in loading.
Background
During the design, development, installation and operation of the Android APP, some security problems may be introduced or brought, including APP installation package security, sensitive information leakage, data communication security, component security, server interface security, service logic security and the like.
The existing security detection aiming at Android APP is mostly based on a decompilation method. For example, a decompiling tool is used to decompile the APK to obtain a code, and then the vulnerability detection is realized by combining the vulnerability feature code with the analysis and scanning technology of the static code. However, such highly-coupled security detection tools are difficult to quickly update, and have the capability of finding and detecting the latest vulnerability, and tool maintenance and system iterative development are also poor in collaboration. Therefore, a structured, universal, low-coupling detection method is needed to realize the scalable, highly available, and cooperative detection of APP security detection system.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the android application security monitoring method and the storage medium based on plug-in loading are provided, and have low coupling, high availability, expandability and universality.
In order to solve the technical problems, the invention adopts the technical scheme that:
the android application safety monitoring method based on plug-in loading comprises the following steps:
defining a detection plug-in base class;
constructing a detection plug-in library corresponding to common android application bugs by inheriting the detection plug-in base class, and storing the detection plug-in library to the local;
updating a local detection plug-in library according to a latest detection plug-in list acquired from a cloud server at regular time;
acquiring relevant information parameters of an apk file of an application to be detected, organizing the relevant information parameters into an information dictionary format, and storing the information dictionary format;
dynamically loading and detecting all plug-ins in the plug-in library; transmitting related information parameters of an information dictionary format;
and executing the loaded plug-ins in sequence.
The invention provides another technical scheme as follows:
a computer readable storage medium, on which a computer program is stored, which, when executed by a processor, is capable of implementing the steps included in the above-mentioned plug-in loading based security monitoring method for an android application.
The invention has the beneficial effects that:
1. the invention completely defines the properties such as the class member variable of all the detection plugins and the like by defining the detection plugin base class, all the detection plugins can be obtained only by carrying out function expansion based on the plugin base class, and all the detection plugins are kept uniform on a data structure. Therefore, the construction and acquisition efficiency and the operation convenience of the detection plug-in can be obviously improved; meanwhile, the reusability of the plug-in is improved, and the plug-in is easier to maintain; furthermore, the coupling of the detection plug-in and the detection system can be greatly reduced, and the cooperation of iterative development of the system is improved.
2. The invention has the function of automatically and timely updating the local detection plug-in library, and can ensure that the latest security vulnerability problem can be timely and effectively detected.
3. The invention unitedly organizes the specific detection content of the application to be detected into the information dictionary format for storage and transmission detection, which not only facilitates the detection work, but also avoids the repeated calculation and acquisition, thereby obviously improving the development and operation effect of the detection plug-in.
4. The invention can realize dynamic loading of each detection plug-in unit and ensure that different detection plug-in units can carry out detection work orderly.
Drawings
FIG. 1 is a schematic flow chart of an android application security monitoring method based on plug-in loading according to an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating the components and connections of a third plug-in loading-based android application security monitoring system according to an embodiment of the present invention.
Description of reference numerals:
10. a base analysis module; 20. a plug-in module; 30. a plug-in loading module;
40. a plug-in running module; 50. a storage module; 60. a reporting module;
70. and inserting an updating and upgrading module.
Detailed Description
In order to explain technical contents, achieved objects, and effects of the present invention in detail, the following description is made with reference to the accompanying drawings in combination with the embodiments.
The most key concept of the invention is as follows: all the detection plug-ins perform function expansion based on the well-defined detection plug-in base class, so that the reusability and the cooperability of the plug-ins are greatly improved, and meanwhile, the coupling performance and the maintenance cost of a detection system are reduced; the detection efficiency and the effectiveness of the detection result can be obviously improved by matching with the functions of automatically updating the local detection plug-in, dynamically loading the plug-in and detecting the content information dictionary.
The technical terms related to the invention are explained as follows:
Figure BDA0001992183210000031
Figure BDA0001992183210000041
referring to fig. 1, the present invention provides a plug-in loading based android application security monitoring method, including:
defining a detection plug-in base class;
constructing a detection plug-in library corresponding to common android application bugs by inheriting the detection plug-in base class, and storing the detection plug-in library to the local;
updating a local detection plug-in library according to a latest detection plug-in list acquired from a cloud server at regular time;
acquiring relevant information parameters of an apk file of an application to be detected, organizing the relevant information parameters into an information dictionary format, and storing the information dictionary format;
dynamically loading and detecting all plug-ins in the plug-in library; transmitting related information parameters of an information dictionary format;
and executing the loaded plug-ins in sequence.
From the above description, the beneficial effects of the present invention are: the APP safety detection method is realized through a structured, universal and low-coupling detection framework, and has the characteristics of expandability, high availability, cooperation and the like.
And in the aspect of expandability, dynamic loading of each detection plug-in is adopted.
The method has the advantages that the latest security hole detection plug-in developed by security technicians can be updated and obtained regularly, the security hole detection rate of the Android APP can be effectively improved, and the security hole of the Android APP can be found timely.
In the aspect of collaboration, the method pre-defines the detection plug-in base class, and completely defines the attributes such as class member variables. Therefore, the problems that other high-coupling safety detection tools are difficult to update quickly and tool maintenance and system iterative development cooperation are poor are solved; and then, the capability of iteratively developing security detection plug-ins in remote collaboration of teams, communities and the like is realized, and the timeliness and effectiveness of Android APP security vulnerability detection discovery are ensured.
Further, the member variable attributes in the detection plug-in base class include a plug-in name, an associated vulnerability number, a plug-in version, a detection result, a plug-in priority, a discovery number and a detection state.
According to the above description, the names of all the plug-ins used by all the detection plug-ins, the associated bug numbers, the plug-in versions, the detection results, the plug-in priorities, the discovery numbers and the detection states are stipulated in advance, so that the consistency of all the detection plug-ins on the data structure is ensured.
Further, the obtaining of the relevant information parameters of the apk file of the application to be detected and organizing the apk file into an information dictionary format for storage specifically comprises:
analyzing an apk file of the application to be detected to acquire application basic information;
acquiring information related to the installation and starting operation process of an application to be detected;
acquiring file characteristic information of the apk file;
and organizing related information parameters including the application basic information, the information and the file characteristic information into an information dictionary format and then storing the information dictionary format.
According to the description, the basic information and the file characteristic information of the apk file of the application to be detected and all information related to the installation and starting operation process are collected, so that the detected content is ensured to be more comprehensive and targeted, and the accuracy of the detection result is improved.
Further, the analyzing the apk file of the application to be detected to obtain the application basic information specifically includes:
extracting static information of an apk file of an application to be detected;
obtaining an information description file of the application to be detected by decompiling the apk file;
and acquiring basic application information comprising application signature information, package names, application names, authority list information, component information and version information by analyzing the static information and the information description file.
According to the description, the basic information of the application to be detected is obtained through static analysis, and the comprehensiveness of the content to be detected is improved.
Further, the acquiring information related to the installation and starting operation process of the application to be detected specifically includes:
initializing installation and operation equipment of an application to be detected;
installing an apk file of the application to be detected to the equipment, and starting to operate;
and collecting information related to the apk file in the installation and starting operation processes, wherein the information comprises generated file information, network request information, API (application program interface) calling information and an operation interface screenshot.
As can be seen from the above description, all information related to the installation and start-up operation processes of the application will be collected at the same time, and the comprehensiveness of the detection content and the validity of the detection result are further improved.
Further, the file property information includes an application file path, md5, and a file size.
As can be seen from the above description, the file characteristic information of the application to be detected is also detected, so that the comprehensiveness of the detection and the reliability of the detection result are ensured.
Further, the dynamic loading detects all the plug-ins in the plug-in library, specifically:
acquiring files which are under the local storage directory of the detection plug-in library except for __ init __. py and with the. py as a suffix name by searching;
dynamically loading all classes and function functions thereof in the file by utilizing __ import __ () of Python to obtain corresponding plug-in instances;
storing each plug-in instance to the instance list.
From the above description, it can be seen that, by adopting a plug-in loading mechanism based on directory search, all files except __ init __. py under a specified plug-in directory are searched, and the dynamic loading of the plug-in is realized by using __ import __ () dynamic loading class and function of Python, so that the invention has extensibility.
Further, the sequentially executing the loaded plug-ins specifically includes:
taking out the plug-in examples in the example list one by one, and executing a vulcheck function for calling the taken-out plug-in examples after the plug-in examples are taken out;
and carrying out special vulnerability detection on the related information parameters of the transmitted information dictionary format through the currently called vulcheck function and returning a corresponding detection result.
According to the description, the plug-in instances are executed one by one, so that the safety detection of the safety detection items corresponding to the plug-in instances is completed one by one, the detection orderliness is realized, and omission is avoided.
Further, the method also comprises the following steps:
and outputting a detection result report.
According to the description, the detection result report is generated according to the detection result corresponding to each detection item, and the data security condition of the application to be detected can be visually and comprehensively displayed for research personnel, so that the processing and perfecting can be performed in time, and the product security is improved.
The invention provides another technical scheme as follows:
a computer readable storage medium, on which a computer program is stored, which, when executed by a processor, is capable of implementing the steps included in the above-mentioned plug-in loading based security monitoring method for an android application.
As can be understood from the above description, those skilled in the art can understand that all or part of the processes in the above technical solutions can be implemented by instructing related hardware through a computer program, where the program can be stored in a computer-readable storage medium, and when the program is executed, the program can include the processes of the above methods, and through the execution of the processes, the following effects can be obtained:
1. the invention completely defines the properties such as the class member variable of all the detection plugins and the like by defining the detection plugin base class, all the detection plugins can be obtained only by carrying out function expansion based on the plugin base class, and all the detection plugins are kept uniform on a data structure. Therefore, the construction and acquisition efficiency and the operation convenience of the detection plug-in can be obviously improved; meanwhile, the reusability of the plug-in is improved, and the plug-in is easier to maintain; furthermore, the coupling of the detection plug-in and the detection system can be greatly reduced, and the cooperation of iterative development of the system is improved.
2. The invention has the function of automatically and timely updating the local detection plug-in library, and can ensure that the latest security vulnerability problem can be timely and effectively detected.
3. The invention unitedly organizes the specific detection content of the application to be detected into the information dictionary format for storage and transmission detection, which not only facilitates the detection work, but also avoids the repeated calculation and acquisition, thereby obviously improving the development and operation effect of the detection plug-in.
4. The invention can realize dynamic loading of each detection plug-in unit and ensure that different detection plug-in units can carry out detection work orderly.
Example one
Referring to fig. 1, the embodiment provides a plug-in loading based Android application security monitoring method, which is suitable for performing comprehensive and effective security vulnerability detection on an Android APP, and the detection method has low coupling, high availability and expandability.
The method of the embodiment comprises the following steps:
test card preparation process
S1: defining a detection plug-in base class;
defining and appointing a vulnerability detection plug-in base class, wherein the definition in the base class comprises member variable attributes such as plug-in names, associated vulnerability numbers, plug-in versions, detection results, plug-in priorities, discovery numbers, detection states and the like. By utilizing the characteristic of class inheritance in object-oriented programming (the inheritance is the most important concept of the object-oriented programming, and the inheritance allows existing classes to be utilized and expanded in a hierarchical structure forming a software system so as to support new functions), different detection plugins are obtained by rewriting member variables and methods of the base class of the detection plugins, so that the evaluation and detection of different security risk vulnerability detection items are realized; therefore, basic functions and data structures of plug-ins in a vulnerability detection plug-in library established on the basis of the detection plug-in base class in the next step are kept consistent, reusability of the plug-ins is improved, and meanwhile, the plug-ins are easier to maintain.
In one embodiment, the specific definition of the detection plug-in base class is as follows:
Figure BDA0001992183210000081
Figure BDA0001992183210000091
the vulcheck function is a safety detection function of the plug-in and is realized by inheritance of a specific plug-in. The function defines a parameter APK _ info _ fact, the APK _ info _ fact is a public APK file information dictionary, and comprises md5, sha256, signature information, package names, application names, authority information, component information, version information and the like of APK files, and the public APK file information dictionary is uniformly collected and obtained before plug-in calling and running, and is mainly used for conveniently detecting the use of the plug-in, avoiding repeated calculation and obtaining and improving the development and running effects of the plug-in.
The detection base class also defines a uniform format of the detection result, the returned result must be in a list form, a result _ item _ tpl object is arranged in the list, the result _ item _ tpl is a dictionary template, and triple constraints of the detection result, the vulnerability position and the vulnerability content are used to ensure the completeness and uniformity of the detection result of the detection plug-in.
S2: constructing a detection plug-in library;
specifically, a detection plug-in library corresponding to common android application bugs is constructed by inheriting the detection plug-in base class, and is stored in a local specified plug-in directory. That is, the initially constructed detection plug-in library only contains detection plug-ins for detecting common android application vulnerabilities.
S3: updating a local detection plug-in library according to a latest detection plug-in list acquired from a cloud server at regular time;
specifically, the system automatically acquires the latest Android application security detection plug-in list from the cloud server according to a preset period, and then performs difference comparison on the latest Android application security detection plug-in list and a local plug-in directory file (namely a detection plug-in library) to perform upgrading operations such as local plug-in updating and adding. By establishing an automatic updating and upgrading mechanism of the detection plug-in library, the system can be ensured to detect the latest security vulnerability risk.
(II) automatic security vulnerability scanning and detecting process
S4: acquiring relevant information parameters of an apk file of an application to be detected, organizing the relevant information parameters into an information dictionary format, and storing the information dictionary format;
specifically, this step can be realized by the following substeps:
first, a running base analysis was performed:
s41: analyzing an apk file of the application to be detected to acquire application basic information;
the method specifically comprises the following steps:
41.1 extracting static information of an apk file to be detected;
41.2, obtaining an information description file (android manifest. xml file) of the application to be detected by decompiling the apk file;
and 41.3 acquiring application basic information including application signature information, package names, application names, authority list information, component information, version information and the like by analyzing the static information and the information description file.
Then, dynamic operating environment preparation is carried out:
s42: acquiring information related to the installation and starting operation process of an application to be detected;
the method specifically comprises the following steps:
42.1, the initialization preparation of installation and operation equipment (an Android simulator or a real machine) of an Android application (an application to be detected) is ensured to be completed through adb (an Android Debug Bridge, an Android equipment debugging tool);
42.2, automatically installing the APP to be detected into the equipment, and starting to run;
and 42.3, collecting information related to the installation and starting operation process of the APP, wherein the information comprises generated file information, network request information, API calling information, operation interface screenshot and the like.
Finally, the method also comprises the following steps:
s43: collecting the file characteristic information of APP file path, md5, file size and the like;
s44: all the above information, i.e., the relevant information parameters of the apk file (the application basic information acquired at S41, the information acquired at S42, and the file property information acquired at S43) are organized in a dictionary format storing a name apk _ info _ fact (apk information dictionary).
S5: dynamically loading and detecting all plug-ins in the plug-in library;
specifically, the method can be implemented by a plug-in loading mechanism based on directory search, and specifically comprises the following steps:
s51: acquiring files which are under the locally stored directory of the detection plug-in library except for __ init __. py and have the.py as a suffix name by searching;
s52: dynamically loading all classes and function functions thereof in the file acquired in the previous step by utilizing __ import __ () of Python to obtain corresponding plug-in instances, thereby realizing the dynamic loading of the plug-ins and completing the loading of the plug-ins meeting the conditions in turn;
s53: and storing each plug-in instance to an instance list, wherein the instance list can be preset, and the instances are uniformly stored in the instance list, so that the calling and the management are convenient.
S6: calling a detection plug-in for detection;
specifically, this step can be realized by the following substeps:
taking out the plug-in examples one by one from the example list; after a plug-in instance is taken out, relevant information parameters in the information dictionary format are transmitted, namely the apk _ info _ fact parameter of S44; and then, calling the currently-taken vulcheck function in the plug-in instance, and finishing the security detection of the security detection item corresponding to the current plug-in instance after the function is executed. After the execution is detected, the relevant execution result can be extracted from the member variables of the current plug-in and stored.
S7: and outputting a detection result report.
Specifically, after the detection results corresponding to the detection plugins are effectively organized and associated, Android application security detection reports in specified formats (such as word, pdf, html and the like) are generated and displayed.
As can be seen from the above, in the android application security monitoring method provided by this embodiment, first, a template plug-in is defined to specify the functions and formats of all detection plug-ins; then all the detection plug-ins need to be compiled for the detection plug-ins with different APP security risk vulnerabilities through inheriting template plug-ins and put in a designated plug-in directory in a unified mode; next, all available plug-ins under the plug-in directory are loaded; then, parameters with unified specifications are transmitted in, and the safety detection function of each plug-in is called to carry out detection in sequence; after the execution is finished, extracting relevant detection result data and storing the relevant detection result data in a warehouse; and finally, displaying the safety detection report of the Android APP through a necessary data organization form.
Example two
Corresponding to the first embodiment, a computer-readable storage medium is provided, where a computer program is stored, and when the computer program is executed by a processor, the steps included in the method for monitoring security of an android application based on plug-in loading according to the first embodiment can be implemented. The detailed steps are not repeated here, and please refer to the description of the first embodiment in detail.
The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
EXAMPLE III
The embodiment corresponds to the first embodiment, and provides an android application security monitoring system based on plug-in loading, and the method in the first embodiment is implemented through a specific functional module.
Specifically, the system of the present embodiment includes a basic analysis module 10, a plug-in module 20, a plug-in loading module 30, a plug-in operation module 40, a storage module 50, a reporting module 60, and an insertion update module 70, and please refer to fig. 2 for connection relationship among the modules.
The basic analysis module 10 is configured to prepare the apk _ info _ fact parameter in advance before the plug-in runs, and the specific implementation process refers to the content of S4 in embodiment one.
The plug-in module 10 is composed of a template plug-in, a plug-in directory, and all security detection plug-ins in the plug-in directory. The template plug-in is a base class of the plug-in, all the security detection plug-ins are placed in a specified plug-in directory, the template plug-ins are inherited, member variables and methods of the template plug-ins are rewritten, evaluation and detection of different security risk vulnerabilities are achieved, and meanwhile consistency of data structures can be guaranteed.
Attributes such as { plugin name, associated vulnerability number, plugin version, detection result, plugin priority, discovery number and detection state } are defined in the template plugin class member variables. For more contents of the template plug-in, reference may be made to the base class of the detection plug-in embodiment one.
The plug-in loading module 20, using a plug-in loading mechanism based on directory search, implements dynamic loading of plug-ins by searching all files except __ init __. py under a specified plug-in directory with. py as a suffix file, and using __ import __ () dynamic loading class and function of Python, and stores the recorded instances of the plug-ins in a list.
The plug-in running module 30 is configured to cyclically extract plug-in instances from the instance list, then import the apk _ info _ fact parameter prepared in advance before the plug-in runs, and execute a vulcheck function calling the plug-in. After the execution is finished, the safety detection of a certain safety detection item is finished. And after the execution is detected, extracting an execution related result from the plug-in member variable.
The storage module 40 is mainly used for storing a security risk and vulnerability library and a security detection result. The report module 50 extracts the relevant data and organizes the data to form a safety inspection report.
The plug-in updating and upgrading module 60 is also very important for the regular updating and upgrading of the safety detection plug-ins, and as the safety risk of the Android APP continuously evolves, the safety loopholes of the Android system are continuously disclosed, and the detection rate of the safety loopholes can be effectively ensured by updating and upgrading the existing detection plug-ins. Therefore, the latest Android application security detection plug-in list is obtained from the cloud server through the module, difference comparison is carried out on the Android application security detection plug-in list and the local plug-in directory file, updating, adding and other upgrading operations are carried out on the local plug-in, and the latest security vulnerability risk can be detected by the system.
The embodiment is an APP security detection system implemented by a structured, general, low-coupling detection architecture, and has the characteristics of extensibility, high availability, and collaboration.
Specifically, in the aspect of scalability, the scheme provides that a plug-in loading module adopts a plug-in loading mechanism based on directory search, all the components except __ init __. py under a specified plug-in directory are searched, the. py is used as a suffix file, and the class and the function of __ import __ () of Python are used for realizing dynamic loading of the plug-in.
In the aspect of high availability, the latest security vulnerability detection plug-in developed by security technicians can be regularly updated and obtained by the plug-in updating and upgrading module, the security vulnerability detection rate of the Android APP can be effectively ensured, and the security vulnerability of the Android APP can be timely found.
In the aspect of collaboration, template plug-in classes are proposed and defined in the scheme, and attributes such as class member variables are completely defined and reduced. The method solves the problems that other high-coupling safety detection tools are difficult to update quickly, and tool maintenance and system iterative development are poor in collaboration. According to the scheme, the iterative development security detection plug-in capability of remote collaboration of a team, a community and the like is realized, and the timeliness and effectiveness of Android APP security vulnerability detection discovery are ensured.
Example four
This embodiment corresponds to the first to third embodiments, and provides a specific application scenario:
android application security detection system and method based on plug-in loading can provide security vulnerability scanning detection for Android APP developed by enterprises, Android APP security detection reports are output, enterprise research and development personnel can timely repair security vulnerability risks of the APP, and security of Android application products is guaranteed.
According to the scheme, security vulnerability scanning can be performed on Android application in stages of research, development, testing, release and the like, and the specific application flow is as follows:
1. transmitting an APK installation package file of the Android application to be detected into the detection system of the scheme, and entering a security vulnerability scanning flow of the Android application;
2. the detection system extracts APK file information, prepares a dynamic operating environment and the like through a basic analysis module, collects necessary application basic information and organizes and forms a parameter dictionary APK _ info _ fact;
3. the detection system runs a plug-in loading module, loads the latest Android vulnerability detection plug-ins, initializes each detection plug-in one by one, and stores the instances in a list;
4. circularly taking out a detection plug-in instance list, calling the vulcheck functions in the instantiated plug-ins one by one, and transmitting a prepared parameter dictionary apk _ info _ dit, wherein the vulcheck functions in the plug-ins are responsible for carrying out security vulnerability detection on the vulnerability risk items;
5. storing the returned detection result in a storage module;
6. organizing and outputting an Android APP safety detection report aiming at the APK file through a report module;
the Android APP security detection report comprises the following description examples of each detection item:
Figure BDA0001992183210000141
Figure BDA0001992183210000151
7. enterprise research personnel can carry out security repair according to the vulnerability risk and repair suggestion prompted in the security detection report, and the security of the product is ensured.
In summary, the plug-in loading based android application security monitoring method and the storage medium provided by the invention have the function of detecting automatic update of the plug-in, can ensure timely and accurate detection of the latest security hole, and improve the detection rate; and moreover, the efficiency and the collaboration of plug-in iterative development and maintenance can be obviously improved by defining and detecting a plug-in base class, so that comprehensive security detection on android application can be efficiently realized.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all equivalent changes made by using the contents of the present specification and the drawings, or applied directly or indirectly to the related technical fields, are included in the scope of the present invention.

Claims (9)

1. The android application security monitoring method based on plug-in loading is characterized by comprising the following steps:
defining a detection plug-in base class;
constructing a detection plug-in library corresponding to common android application bugs by inheriting the detection plug-in base class, and storing the detection plug-in library to the local;
updating a local detection plug-in library according to a latest detection plug-in list acquired from a cloud server at regular time;
acquiring relevant information parameters of an apk file of an application to be detected, organizing the relevant information parameters into an information dictionary format, and storing the information dictionary format;
dynamically loading and detecting all plug-ins in the plug-in library; transmitting related information parameters of an information dictionary format;
sequentially executing the loaded plug-ins;
the method for acquiring the relevant information parameters of the apk file of the application to be detected and organizing the apk file into an information dictionary format for storage specifically comprises the following steps:
analyzing an apk file of the application to be detected to acquire application basic information;
acquiring information related to the installation and starting operation process of an application to be detected;
acquiring file characteristic information of the apk file;
and organizing related information parameters including the application basic information, the information and the file characteristic information into an information dictionary format and then storing the information dictionary format.
2. The plug-in loading based android application security monitoring method of claim 1, wherein the member variable attributes in the detection plug-in base class include a plug-in name, an associated vulnerability number, a plug-in version, a detection result, a plug-in priority, a discovery number, and a detection status.
3. The plug-in loading based android application security monitoring method of claim 1, characterized in that the analyzing the apk file of the application to be detected to obtain the application basic information specifically comprises:
extracting static information of an apk file of an application to be detected;
obtaining an information description file of the application to be detected by decompiling the apk file;
and acquiring basic application information comprising application signature information, package names, application names, authority list information, component information and version information by analyzing the static information and the information description file.
4. The plug-in loading based android application security monitoring method of claim 1, characterized in that the obtaining of information related to the installation and start-up running process of the application to be detected specifically comprises:
initializing installation and operation equipment of an application to be detected;
installing an apk file of the application to be detected to the equipment, and starting to operate;
and collecting information related to the apk file in the installation and starting operation processes, wherein the information comprises generated file information, network request information, API (application program interface) calling information and an operation interface screenshot.
5. The plug-in loading based android application security monitoring method of claim 1, wherein the file property information includes an application file path, md5, and a file size.
6. The plug-in loading based android application security monitoring method of claim 1, wherein the dynamic loading detects all plug-ins in a plug-in library, specifically:
acquiring files which are under the local storage directory of the detection plug-in library except for __ init __. py and with the. py as a suffix name by searching;
dynamically loading all classes and function functions thereof in the file by utilizing __ import __ () of Python to obtain corresponding plug-in instances;
storing each plug-in instance to the instance list.
7. The plug-in loading-based android application security monitoring method of claim 6, wherein the sequentially executing the loaded plug-ins specifically comprises:
taking out the plug-in examples in the example list one by one, and executing a vulcheck function for calling the taken-out plug-in examples after the plug-in examples are taken out;
and carrying out special vulnerability detection on the related information parameters of the transmitted information dictionary format through the currently called vulcheck function and returning a corresponding detection result.
8. The plug-in loading based android application security monitoring method of claim 1, further comprising:
and outputting a detection result report.
9. A computer readable storage medium having stored thereon a computer program, wherein the program is capable of implementing the steps of the plug-in loading based android application security monitoring method of any of claims 1-8 when executed by a processor.
CN201910183861.0A 2019-03-12 2019-03-12 Android application security monitoring method based on plug-in loading and storage medium Active CN109977670B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910183861.0A CN109977670B (en) 2019-03-12 2019-03-12 Android application security monitoring method based on plug-in loading and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910183861.0A CN109977670B (en) 2019-03-12 2019-03-12 Android application security monitoring method based on plug-in loading and storage medium

Publications (2)

Publication Number Publication Date
CN109977670A CN109977670A (en) 2019-07-05
CN109977670B true CN109977670B (en) 2021-06-29

Family

ID=67078515

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910183861.0A Active CN109977670B (en) 2019-03-12 2019-03-12 Android application security monitoring method based on plug-in loading and storage medium

Country Status (1)

Country Link
CN (1) CN109977670B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110704035A (en) * 2019-10-17 2020-01-17 北京首贝科技发展有限公司 Plug-in type software architecture system and implementation method thereof
CN111079150B (en) * 2019-11-25 2023-09-05 安天科技集团股份有限公司 Vulnerability risk assessment method and device for patch, electronic equipment and storage medium
CN111552524B (en) * 2020-05-06 2023-10-13 Oppo(重庆)智能科技有限公司 Plug-in loading method and device and computer readable storage medium
CN113821797A (en) * 2020-06-18 2021-12-21 中国电信股份有限公司 Security detection method and device for software development kit and storage medium
CN112100620B (en) * 2020-09-04 2024-02-06 百度在线网络技术(北京)有限公司 Code security detection method, apparatus, device and readable storage medium
CN112559083B (en) * 2020-12-24 2023-08-04 成都新希望金融信息有限公司 Function plug-in execution method, device, electronic equipment and storage medium
CN114217873A (en) * 2021-12-14 2022-03-22 北京鲸鲮信息系统技术有限公司 Plug-in determining method and device, electronic equipment and storage medium
CN115333939A (en) * 2022-07-27 2022-11-11 青岛海尔空调电子有限公司 Operation control method, device and medium of internet of things gateway supporting edge computing

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7788602B2 (en) * 2000-06-06 2010-08-31 Microsoft Corporation Method and system for providing restricted actions for recognized semantic categories
CN103377041A (en) * 2012-04-24 2013-10-30 腾讯科技(深圳)有限公司 Function bar achievement method and device
CN102902908B (en) * 2012-10-08 2015-10-21 北京奇虎科技有限公司 Exempt from ActiveX plug-in security pick-up unit and method are installed
CN103268444B (en) * 2012-12-28 2016-06-01 武汉安天信息技术有限责任公司 A kind of android Malicious Code Detection system and method loaded based on plug-in unit
CN103106368A (en) * 2013-02-26 2013-05-15 南京理工大学常熟研究院有限公司 Vulnerability scanning method for grade protection
CN108563429B (en) * 2014-12-10 2021-06-29 Oppo广东移动通信有限公司 Method for describing plug-in installation package and mobile terminal
CN104717301B (en) * 2015-03-27 2016-11-09 北京奇虎科技有限公司 Plug-in download method and device
CN105095348B (en) * 2015-06-09 2019-03-26 北京织星科技有限公司 A method of passing through XML dynamic configuration website
CN105610776A (en) * 2015-09-24 2016-05-25 中科信息安全共性技术国家工程研究中心有限公司 Cloud calculating IaaS layer high risk safety loophole detection method and system thereof
CN106020840A (en) * 2016-05-31 2016-10-12 浪潮软件股份有限公司 Device, system and method for constructing hybrid apk

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于动态行为分析的网页木马检测方法;张卫丰等;《软件学报》;20180619;第29卷(第5期);第1410-1421页 *

Also Published As

Publication number Publication date
CN109977670A (en) 2019-07-05

Similar Documents

Publication Publication Date Title
CN109977670B (en) Android application security monitoring method based on plug-in loading and storage medium
Plate et al. Impact assessment for vulnerabilities in open-source software libraries
KR101989802B1 (en) Method for performing test using test case and apparatus for the same
US9880832B2 (en) Software patch evaluator
US8954930B2 (en) System and method for reducing test effort by object risk analysis
CN107451474B (en) Software bug fixing method and device for terminal
CN111625839A (en) Third-party component vulnerability detection method, device, equipment and computer storage medium
US8516464B2 (en) Computer system and method for resolving dependencies in a computer system
Di Cosmo et al. Supporting software evolution in component-based FOSS systems
Soetens et al. Change-based test selection: an empirical evaluation
Zhao et al. Towards an understanding of change types in bug fixing code
CN103186463B (en) Determine the method and system of the test specification of software
JP2015011372A (en) Debug support system, method, program, and recording medium
CN111694612A (en) Configuration checking method, device, computer system and storage medium
CN115454869A (en) Interface automation test method, device, equipment and storage medium
CN104679500B (en) Method and device for realizing automatic generation of entity class
Chen et al. A study on the changes of dynamic feature code when fixing bugs: towards the benefits and costs of Python dynamic features
CN111597069A (en) Program processing method, program processing apparatus, electronic device, and storage medium
Du et al. Aexpy: Detecting api breaking changes in python packages
CN112650526A (en) Version consistency detection method and device, electronic equipment and medium
Durisic et al. ARCA--Automated Analysis of AUTOSAR Meta-model Changes
CN115033489A (en) Code resource detection method and device, electronic equipment and storage medium
CN113052501A (en) Automatic safe operation and maintenance method and terminal based on assets
Gamblin Software integration challenges
Di Ruscio et al. A model‐driven approach to detect faults in FOSS systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant