CN106919844A - A kind of android system vulnerability of application program detection method - Google Patents

A kind of android system vulnerability of application program detection method Download PDF

Info

Publication number
CN106919844A
CN106919844A CN201710078479.4A CN201710078479A CN106919844A CN 106919844 A CN106919844 A CN 106919844A CN 201710078479 A CN201710078479 A CN 201710078479A CN 106919844 A CN106919844 A CN 106919844A
Authority
CN
China
Prior art keywords
apk
leak
bags
application program
apk bags
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710078479.4A
Other languages
Chinese (zh)
Other versions
CN106919844B (en
Inventor
翁健
张悦
魏林锋
侯琳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinan University
Original Assignee
Jinan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinan University filed Critical Jinan University
Priority to CN201710078479.4A priority Critical patent/CN106919844B/en
Publication of CN106919844A publication Critical patent/CN106919844A/en
Application granted granted Critical
Publication of CN106919844B publication Critical patent/CN106919844B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of android system vulnerability of application program detection method, can be used for penetration testing and APK security tests.The inventive method analyzes APK bags to be detected first, determines its leak species that may be present;The earlier version of APK bags is then looked for, and is sorted according to issuing time order;The APK bags of searching loop earlier version, APK usability testings are carried out to it;For the APK bags that there is network connection, the analysis test of network packet capturing sniff is carried out one by one, find leak;For the APK bags in the absence of network connection, unpacking Reverse engineering operation is carried out, analyse whether there is leak;Attacked using the leak for finding, soundd out whether attack succeeds, if it succeeds, being defined as leak.

Description

A kind of android system vulnerability of application program detection method
Technical field
The invention belongs to cyberspace security technology area, more particularly to a kind of inspection of android system vulnerability of application program Survey method.
Background technology
In recent years, intelligent sliding moved end is quickly grown, and Android operation system is increased income with it, beautiful interface, Consumer's Experience are good Deng many advantages in the case where intelligent sliding moved end operating system stands in great numbers the situation emerged in large numbers, the market share of maximum is occupied rapidly. Gate threshold is relatively low also due to its developer enters for the installation procedure APK of Android, and the reason such as support third party's exploitation enjoys exploitation The favor of person.During an APK exploitation to application, normal condition will experience many versions, interior survey from the beginning Version is to public testing version, then commercial version finally.More new capital each time is the once lifting to itself, earlier version APK is limited by technology, and developer's lacks experience, and Networks and information security problem is especially related on stream Deal with improperly, it is likely that cause earlier version to there is leak or defect in many logical designs or in safety applications.
For the APK application programs of latest edition, it is very difficult to want to be analyzed by reverse-engineering means, because Its code typically takes corresponding safeguard measure.But this point is not obvious in earlier version.If in fact, attacked Person can launch to attack to the APK bags of early stage, recover source code, or by analyzing agreement, take some enterprises and still using RestfulAPI interfaces, then the ability of attacker will become very strong, it is likely that take some valuable information, very To directly to enterprise servers expansion attack.
Foregoing reverse-engineering, as the term suggests, it is exactly, by existing product, it to be carried out inversely using some technological means Deduce, finally restore the original system architecture of product, module composition etc..For an Android application program, we Logical code, framework, function call tree, the interface source of APK can be restored using some instruments by the APK bags of most original Code etc..Common instrument has APKTool and dex2jar, and this is also the instrument that we mainly use.In addition, have specifically designed in The (SuSE) Linux OS of Android reverse-engineerings, is integrated with the instrument that can much carry out decompiling.
Traditional APK leak detection methods, lay particular emphasis on carries out Hole Detection in newest version, can only so find to work as The leak of preceding version client application, and the leak for being present in server end but not used in redaction cannot be found.This is One blind spot of traditional detection method.
Additionally, traditional APK leak detection methods, only carry out Hole Detection to an APK for version, have ignored version with Contact between version, thus testing result has limitation, it is impossible to the security to APK carries out the evaluation and test of Comprehensive.
The content of the invention
It is an object of the invention to provide a kind of android system vulnerability of application program detection method, energy effective detection goes out The leak of application program, aids in the security of server penetration testing or penetration testing engineer to third party's APK softwares Assessment etc..
Android system vulnerability of application program detection method of the present invention, comprises the following steps:
Step one, analysis APK bags to be detected, determine its leak species that may be present;
Step 2, the earlier version for finding APK bags, and from morning to night sorted each version according to issuing time order;
Step 3, the APK bags from earliest issue carry out the test of APK availabilities, that is, can test APK bags normally use; If can not normally use, continue to select next APK bags to be tested according to issuing time order, by that analogy, until looking for To an available APK bag, step 4 is entered after finding;
Step 4, for the APK bags in the absence of network connection, step 5 is directly entered, for the APK that there is network connection Bag, the analysis test of network packet capturing sniff is carried out to APK bags, finds leak;After being completed, to remaining available earlier version APK bags carry out the analysis test of network packet capturing sniff one by one, find leak, and record each leak for finding;
Step 5, unpacking Reverse engineering operation is carried out to APK bags, analyze it and whether there is leak;To remaining available morning Phase version APK carries out reverse-engineering test, each leak that record finds;
Step 6, attacked using the leak for finding, sound out to attack and whether succeed, if it succeeds, being defined as leak.
As can be known from the above technical solutions, the present invention APK bag to be detected by analyzing test, determines its leakage that may be present Hole species;The earlier version of APK bags is then looked for, according to each version that sorts from the old to the new;The APK of searching loop earlier version Bag, APK usability testings are carried out to it, for the APK bags that there is network connection, packet capturing analysis operation are carried out to APK, are recorded The various parameters that APK is produced.For the APK in the absence of network connection, or the APK that packet capturing analysis is finished, unpack inversely Engineering operation, with reference to network flow analysis, it whether there is leak, finally, be attacked using the leak for finding, and sound out what is attacked Whether succeed.
Compared with prior art, the invention has the advantages that and beneficial effect:To numerous versions of APK bags, from old edition This carries out leak test one by one to redaction, i.e., carry out Hole Detection by the way of global version.On the one hand, using former The leak of version infers the leak of redaction so that more purposive in detection process;Still further aspect, global version Hole Detection mode, leak can be more fully detected, so as to have a more comprehensive evaluation and test knot to the security of APK Really.
Brief description of the drawings
Fig. 1 is a kind of flow chart of android system vulnerability of application program detection method provided in an embodiment of the present invention.
Specific embodiment
With reference to embodiment and Figure of description, the present invention is described in further detail, but specific reality of the invention Apply mode not limited to this.
Embodiment
Android system vulnerability of application program detection method of the present invention first determine prepare detection APK application programs and its Leak species that may be present;Then, the earlier version of APK bags is found, earlier version is launched one one by one according to certain order The penetration testing of series;Finally, the test of packet capturing sniff and converse works analyzing are carried out to APK bags;Finally, sent out using earlier version Existing leak, attacks the APK applications of existing version.Such as Fig. 1, each step is specific as follows:
Step one, analysis APK bags to be detected, determine its leak species that may be present.Leak species that may be present Including scenario described below:
1st, the core algorithm continued to use is revealed.Most prominent be exactly in gaming, many algorithms once it is determined that after all without change More.Such as 2048, pixel bird, plant Great War corpse, the fruit person of bearing game.If the source code of early stage is cracked, present Game is just easy to pirate.
2nd, the UI designs that leakage is continued to use.In existing many android system application programs, it is understood that there may be part interface It is similar or even identical with early stage.
3rd, communication mechanism and internal agreement.Such as the Andriod system clients of the version of Baidu's cloud 3.0, still can access The existing server of Baidu's cloud.
4th, the security parameter that client and server are consulted, the parameter can be used as the Service Ticket of APK logins.
5th, the coding style of enterprise is revealed.Different enterprises has different management to want in code development management regulation Ask.Have plenty of can with disclosed, and some coding styles or the code administration specification revealed to be that enterprise does not allow disclosed.
6th, weak security mechanism operate interface.The operate interface being exposed by earlier version, directly attacks security mechanism Poor server.
7th, attacker tries to figure out the code and algorithm of other platforms by android system platform.It is likely to their calculation Method is the same, and at least structure is the same.
8th, source code is distorted.Bypass the embedded inspection mechanism of client or implantation virus, if any client exist and visit The limitation in number of times and time limit is asked, if the easily client release of decompiling before taking, we just can again be usurped using it Change source code and be transferred to backstage.
Step 2, the earlier version for finding the APK bags, and from morning to night sorted each version according to issuing time order.Seek Look for the earlier version can be in the following way:
1st, third-party platform:Many third-party platforms, such as Android market, mobile phone paradise, both provide an APK correspondence The download link of old version.
2nd, official's issue:Official has oneself website, microblog account, mhkc etc., and oneself is issued most by these channels New APK versions.By the issue situation of its multiple version, we can get the APK versions of early stage.
3rd, search engine.Scanned for by Baidu or google search engine, the keyword of search includes:
1) APK titles+" old version ", such as Taobao's old version;
2) APK titles+blurry versions number, such as Taobao 1.0, Baidu's cloud 2.0, youku.com 2.2;
3) APK titles+specific version number, specific version number is typically set up on the basis of blurry versions number, if work as search Suo Liao Taobaos 1.0, what search engine fed back is all version informations relevant with 1.0, and such as Taobao 1.0.5 is issued today, The important renewals of Taobao 3.1.0.In consideration of it, version number can be refined, complete precise search and download.
Step 3, the APK bags from earliest issue carry out the test of APK availabilities, that is, whether test the APK bags can be normal Use;If cannot normally use, continue to select next APK bags to be tested according to issuing time order, by that analogy, Untill an available APK bag is found, step 4 is entered after finding.
Determine an issuing time for application program, method that can be by decompressing APK bags obtains it The generation time of files such as " classes.dex ", the time may be considered the issuing time of APK, and this uses programming language right and wrong What Chang Rongyi was realized.
Usability testing can combine step 4.If an APK cannot be used, then the follow-up institute carried out to it It is all futile to have operation.Thus it is possible to it is no normal using the first step for being APK detection operations, it is also a step the most basic.
Step 4, for the APK bags in the absence of network connection, step 5 is directly entered, for the APK that there is network connection Bag, the analysis test of network packet capturing sniff is carried out to APK bags, finds leak;After being completed, to remaining available earlier version APK bags carry out the analysis test of network packet capturing sniff one by one, find leak, and record each leak for finding.
Network packet capturing sniff, refers to the communication data by capturing proper network, packet sniffing is carried out, to what is grabbed Packet is unpacked and is unpacked, it is intended to understand the concrete meaning of each field references of data in bag, and attempts to data Bag simulant-client is interacted with server.
Leak is found, mainly the parameter related to operation is searched by the data flow between client and server, Data stream is analyzed, with quick lock in target (i.e. leak).Aforementioned parameters generally comprise variable name and corresponding value, generally By operator "=" connection, it is very easy to identified.Specifically, judge that leak valuable parameter can be divided into following three Kind:
(1) operation behavior parameter:Indicate the key-value pair of operation behavior.Now, variable name is probably an abbreviation, such as " op ", " method " etc..Its corresponding value may look like some character strings, comprising the behavior that will be carried out at present, such as “del”、“delete”。
(2) object parameter is operated:The key-value pair of operation object is indicated, variable name represents " to delete title ", these changes Amount name may shape such as " name ", " file ".Corresponding value is specific filename etc..
(3) parameters for authentication:Indicate the key-value pairs such as subscriber identity information or session key.Ordinary circumstance, the change of user name Amount shape such as " u ", " username ".Cryptographic variable name then shape such as " password ", " pwd ".The variable name of parameters for authentication Then shape such as " secret ", " sig ".Not always in plain text, if value is ciphertext, encryption key is necessarily embedded in visitor to the value of submission In the source code of family end, the further operation of waiting step five is recorded.
Step 5, unpacking Reverse engineering operation is carried out to the APK bags, analyze it and whether there is leak.To remaining available Earlier version APK carries out reverse-engineering test, each leak that record finds.
Because the parameters for authentication obtained in step 4, often it is not necessarily in plain text, it is impossible to be directly used in certification or attack Behavior, so, general way is that APK bags are carried out into Reverse engineering operation, parses the parameters for authentication algorithm of inside or solid Change the authentication secret inside application program.Using the version of linked network, we can decode communication mechanism and internal agreement, The leak of the aspects such as security parameter, the weak security mechanism that client is consulted with server.
For the version for being not connected to network, we can utilize the source code for parsing, thus it is speculated that the core that application program is continued to use Center algorithm, the UI for continuing to use designs, the attack leak of the coding style of enterprise, spanning operation system platform and distort source code authority and bypass Deng being that enterprise android system application program development leak in these areas is sounded the alarm.
Step 6, attacked using the leak for finding, sound out to attack and whether succeed, if it succeeds, being defined as leak. The method of attack can be:
1) source code is read, core algorithm is decoded.
2) source code is read, UI designs are decoded.
3) source code, parsing enterprise coding style are read.
4) source code is read, the cross-platform point of attack is found.
5) source code is read, authority is carried out and is bypassed.
6) network flow is packed, carrying out data to operation behavior parameter, operation object parameter etc. Reseals, and utilizes The instruments such as TCPReplay, Fiddler carry out Replay Attack and man-in-the-middle attack etc..
7) source code is read, authentication mechanism and packaging network flow is understood, to specifying user name and password to carry out exhaustion.
8) source code is read, weak security mechanism interface and packaging network flow is understood, directly weak security mechanism interface is carried out Leak is attacked.
Presently preferred embodiments of the present invention is the foregoing is only, is not intended to limit the invention, it is all in essence of the invention Any modification, equivalent and improvement made within god and principle etc., should be included within the scope of the present invention.

Claims (7)

1. a kind of android system vulnerability of application program detection method, it is characterised in that comprise the following steps:
Step one, analysis APK bags to be detected, determine its leak species that may be present;
Step 2, the earlier version for finding APK bags, and from morning to night sorted each version according to issuing time order;
Step 3, the APK bags from earliest issue carry out the test of APK availabilities, that is, can test APK bags normally use;If Can not normally use, continue to select next APK bags to be tested according to issuing time order, by that analogy, until finding one Untill individual available APK bags, step 4 is entered after finding;
Step 4, for the APK bags in the absence of network connection, be directly entered step 5, for the APK bags that there is network connection, The analysis test of network packet capturing sniff is carried out to APK bags, leak is found;After being completed, to remaining available earlier version APK bags The analysis test of network packet capturing sniff is carried out one by one, finds leak, and record each leak for finding;
Step 5, unpacking Reverse engineering operation is carried out to APK bags, analyze it and whether there is leak;To remaining available early stage version This APK carries out reverse-engineering test, each leak that record finds;
Step 6, attacked using the leak for finding, sound out to attack and whether succeed, if it succeeds, being defined as leak.
2. android system vulnerability of application program detection method as claimed in claim 1, it is characterised in that described in step one Leak species that may be present includes:The core algorithm that leakage is continued to use;The UI designs that leakage is continued to use;Communication mechanism and internal association View;The security parameter that client is consulted with server;Reveal the coding style of enterprise;Weak security mechanism operate interface;Early stage version Originally the operate interface being exposed;Distort source code.
3. android system vulnerability of application program detection method as claimed in claim 1, it is characterised in that described in step 2 The mode for finding APK bag earlier versions includes:Third-party platform, official's issue or search engine.
4. android system vulnerability of application program detection method as claimed in claim 1, it is characterised in that during the issue Between determination mode be:The generation time of its " classes.dex " file is obtained as the issue of APK bags by decompressing APK bags Time.
5. android system vulnerability of application program detection method as claimed in claim 1, it is characterised in that described in step 4 Find leak mode be:By the data flow between client and server, search and operation relevant parameter, data are flowed into Row analysis, to lock leak.
6. android system vulnerability of application program detection method as claimed in claim 5, it is characterised in that the related ginseng Number includes:
(1) operation behavior parameter, the operation behavior parameter indicates the key-value pair of operation behavior;
(2) object parameter, the operation object parameter is operated to indicate the key-value pair of operation object;
(3) parameters for authentication, the parameters for authentication indicates subscriber identity information or session key key-value pair.
7. android system vulnerability of application program detection method as claimed in claim 1, it is characterised in that described in step 6 The method of attack includes:
A, read source code, decode core algorithm, decode UI designs, parsing enterprise coding style, find the cross-platform point of attack or Authority is carried out to bypass;
B, packaging network flow, carry out data and Reseal to operation behavior parameter, operation object parameter, using TCPReplay, Fiddler instruments carry out Replay Attack and man-in-the-middle attack;
C, reading source code, understand authentication mechanism and packaging network flow, to specifying user name and password to carry out exhaustion;
D, reading source code, understand weak security mechanism interface and packaging network flow, directly carry out leak to weak security mechanism interface Attack.
CN201710078479.4A 2017-02-14 2017-02-14 A kind of android system vulnerability of application program detection method Active CN106919844B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710078479.4A CN106919844B (en) 2017-02-14 2017-02-14 A kind of android system vulnerability of application program detection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710078479.4A CN106919844B (en) 2017-02-14 2017-02-14 A kind of android system vulnerability of application program detection method

Publications (2)

Publication Number Publication Date
CN106919844A true CN106919844A (en) 2017-07-04
CN106919844B CN106919844B (en) 2019-08-02

Family

ID=59453606

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710078479.4A Active CN106919844B (en) 2017-02-14 2017-02-14 A kind of android system vulnerability of application program detection method

Country Status (1)

Country Link
CN (1) CN106919844B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108173832A (en) * 2017-12-25 2018-06-15 四川长虹电器股份有限公司 Family's Internet of Things application system penetration testing method based on end cloud translocation
CN109858252A (en) * 2017-11-30 2019-06-07 中标软件有限公司 The leak analysis restorative procedure of self-control system
CN109981715A (en) * 2017-12-28 2019-07-05 中移信息技术有限公司 A kind of method and device of session management

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110119765A1 (en) * 2009-11-18 2011-05-19 Flexilis, Inc. System and method for identifying and assessing vulnerabilities on a mobile communication device
CN103227992A (en) * 2013-04-01 2013-07-31 南京理工大学常熟研究院有限公司 Android terminal-based vulnerability scanning system
US20140245440A1 (en) * 2013-02-28 2014-08-28 Trustees Of Boston Univeristy Software Inspection System
CN104537309A (en) * 2015-01-23 2015-04-22 北京奇虎科技有限公司 Application program bug detection method, application program bug detection device and server
US20150242635A1 (en) * 2014-02-27 2015-08-27 Nec Laboratories America, Inc. DuLeak: A Scalable App Engine for High-Impact Privacy Leaks
CN105653943A (en) * 2015-12-24 2016-06-08 北京奇虎科技有限公司 Log auditing method and system for android applications
CN105989251A (en) * 2015-02-12 2016-10-05 卓望数码技术(深圳)有限公司 Piratic android application discrimination method and piratic android application discrimination system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110119765A1 (en) * 2009-11-18 2011-05-19 Flexilis, Inc. System and method for identifying and assessing vulnerabilities on a mobile communication device
US20140245440A1 (en) * 2013-02-28 2014-08-28 Trustees Of Boston Univeristy Software Inspection System
CN103227992A (en) * 2013-04-01 2013-07-31 南京理工大学常熟研究院有限公司 Android terminal-based vulnerability scanning system
US20150242635A1 (en) * 2014-02-27 2015-08-27 Nec Laboratories America, Inc. DuLeak: A Scalable App Engine for High-Impact Privacy Leaks
US9245125B2 (en) * 2014-02-27 2016-01-26 Nec Laboratories America, Inc. Duleak: a scalable app engine for high-impact privacy leaks
CN104537309A (en) * 2015-01-23 2015-04-22 北京奇虎科技有限公司 Application program bug detection method, application program bug detection device and server
CN105989251A (en) * 2015-02-12 2016-10-05 卓望数码技术(深圳)有限公司 Piratic android application discrimination method and piratic android application discrimination system
CN105653943A (en) * 2015-12-24 2016-06-08 北京奇虎科技有限公司 Log auditing method and system for android applications

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张焕: ""安卓平台下恶意软件的检测"", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109858252A (en) * 2017-11-30 2019-06-07 中标软件有限公司 The leak analysis restorative procedure of self-control system
CN109858252B (en) * 2017-11-30 2023-04-25 中标软件有限公司 Vulnerability analysis and repair method for homemade system
CN108173832A (en) * 2017-12-25 2018-06-15 四川长虹电器股份有限公司 Family's Internet of Things application system penetration testing method based on end cloud translocation
CN109981715A (en) * 2017-12-28 2019-07-05 中移信息技术有限公司 A kind of method and device of session management
CN109981715B (en) * 2017-12-28 2021-11-16 中移动信息技术有限公司 Session management method and device

Also Published As

Publication number Publication date
CN106919844B (en) 2019-08-02

Similar Documents

Publication Publication Date Title
Zuo et al. Why does your data leak? uncovering the data leakage in cloud from mobile apps
US20210067529A1 (en) System and method of adding tags for use in detecting computer attacks
Barmpatsalou et al. A critical review of 7 years of Mobile Device Forensics
US9894090B2 (en) Penetration test attack tree generator
US9479526B1 (en) Dynamic comparative analysis method and apparatus for detecting and preventing code injection and other network attacks
JP5396051B2 (en) Method and system for creating and updating a database of authorized files and trusted domains
CN110855676B (en) Network attack processing method and device and storage medium
Xue et al. RootAgency: A digital signature-based root privilege management agency for cloud terminal devices
TW201642135A (en) Detecting malicious files
WO2009021070A1 (en) System and method for authentication, data transfer, and protection against phishing
O'Connor Violent Python: a cookbook for hackers, forensic analysts, penetration testers and security engineers
Chen et al. Mass discovery of android traffic imprints through instantiated partial execution
CN111182060A (en) Message detection method and device
CN106919844B (en) A kind of android system vulnerability of application program detection method
CN115552401A (en) Fast application detection method, device, equipment and storage medium
CN105205398B (en) It is a kind of that shell side method is looked into based on APK shell adding software dynamic behaviours
TWI671655B (en) System and method for program security protection
Vecchiato et al. A security configuration assessment for android devices
CN112214769B (en) Active measurement system of Windows system based on SGX architecture
WO2022193517A1 (en) Platform for constructing sample for capability verification of mobile phone forensics, and method
JP6676790B2 (en) Request control device, request control method, and request control program
Ostrovskaya et al. Practical Memory Forensics: Jumpstart effective forensic analysis of volatile memory
Raza et al. Digital Forensic Analysis of Telegram Messenger App in Android Virtual Environment
Pham Foundations of Adaptive Cyber Defense against Advanced Persistent Threats
Clarke Computer forensics a pocket guide

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant