KR20170103561A - Method and apparatus for tracing permission - Google Patents
Method and apparatus for tracing permission Download PDFInfo
- Publication number
- KR20170103561A KR20170103561A KR1020160026639A KR20160026639A KR20170103561A KR 20170103561 A KR20170103561 A KR 20170103561A KR 1020160026639 A KR1020160026639 A KR 1020160026639A KR 20160026639 A KR20160026639 A KR 20160026639A KR 20170103561 A KR20170103561 A KR 20170103561A
- Authority
- KR
- South Korea
- Prior art keywords
- list
- methods
- class
- dictionary
- mobile application
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/302—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3466—Performance evaluation by tracing or monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Quality & Reliability (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a method and apparatus for tracking rights usage. The disclosed method includes: extracting header information from an executable file of a mobile application, extracting methods of classes of the mobile application from header information to generate a method list, and generating a method list and API- A step of acquiring and storing a list of privileges required by the methods using a dictionary, and a step of recursively analyzing the privilege list requested by the methods based on the reference information between the methods obtained by analyzing the codes included in the methods . The present invention analyzes a code included in a method after acquiring a list of privileges required by methods of classes of a mobile application, updates a list of privileges required by the methods based on reference information between the methods, The ability to track which code in the entire code is used to increase the ability of the security program to detect malicious code.
Description
BACKGROUND OF THE INVENTION 1. Field of the Invention [0001] The present invention relates to tracking rights usage, and more particularly, to a method and apparatus for tracking rights usage by a mobile application that can be executed in a mobile communication terminal device equipped with a mobile operating system.
One of the main features of a mobile application that can be executed in a mobile communication terminal device equipped with a mobile operating system is that a certain privilege is necessarily required to perform a specific action. Therefore, if it is possible to track which malicious code is used in malicious code, malicious code can be easily detected by judging whether malicious code is the only traceable code among all the malicious codes In addition, it is possible to judge very quickly, thereby enhancing malicious code diagnosis performance.
On the other hand, Android applications, one of the mobile operating systems, are required to specify the necessary permissions for the application to run in the AndroidManifest.xml file. However, the AndroidManifest.xml file contains a list of required privileges, but does not describe in detail what specific privileges the code requires.
Thus, conventionally, a list of privileges required for a mobile application to operate is extracted and, if there is a potentially dangerous privilege, the user is informed that the corresponding mobile application is potentially dangerous.
As described above, conventionally, there is a limit in that it is not possible to judge whether the mobile application is malicious due to lack of detailed information on authority except for the authority list, and it operates in a manner of delegating all judgment and processing to the user There is a problem that accurate judgment and processing can not be guaranteed.
The embodiment of the present invention analyzes a code included in a method after acquiring an authorization list required by the methods of classes of the mobile application and updates the authorization list required by the methods based on the reference information between the methods, Allows the application to keep track of which of the complete code is used to exercise the necessary privileges.
The problems to be solved by the present invention are not limited to those mentioned above, and another problem to be solved can be clearly understood by those skilled in the art from the following description.
As a first aspect of the present invention, a method for tracking rights usage by a mobile application that can be executed in a mobile communication terminal device loaded with a mobile operating system, comprises the steps of extracting header information from an executable file of the mobile application, Extracting the methods of the classes of the mobile application from the header information to generate a method list, and transmitting the generated method list and the privileges required by the methods using an API (Application Program Interface) And a step of recursively analyzing and updating the authority list requested by the methods based on the reference information between the methods obtained by analyzing the code included in the methods.
According to a second aspect of the present invention, there is provided a computer-readable recording medium having stored thereon a computer program for causing a processor to perform the above-described method for tracking usage of rights.
As a third aspect of the present invention, an apparatus for tracking usage rights includes an input unit for inputting a mobile application executable in a mobile communication terminal device loaded with a mobile operating system, a data unit for storing a previously secured API- A storage unit for storing a method-authority dictionary including a list of rights required by the methods of the classes of the application; and a control unit for controlling generation and storage of the method-authority dictionary, Extracts the header information from the executable file of the mobile application, extracts the methods of the classes of the mobile application from the header information to generate a method list, and uses the generated method list and the API- Acquires and stores the list, The method includes the steps of analyzing the code included in the methods and recursively analyzing and updating the list of privileges required by the methods based on the reference information between the methods.
According to the embodiment of the present invention, after obtaining the authorization list required by the methods of the classes of the mobile application, the code included in the methods is analyzed and the authorization list required by the methods is updated based on the reference information between the methods. It is possible to track which code of the entire code is used for the privilege required for the mobile application to operate, thereby enhancing the malicious code diagnosis performance of the security program.
In addition, by allowing the mobile application to separately identify the actual usage rights, it is possible to enhance the pre-application inspection performance in the application store or the like.
1 is a block diagram of an apparatus for tracking usage according to an embodiment of the present invention.
2 is a flowchart for explaining a method in which an authorization usage tracking device for authorization of a mobile application that can execute in the mobile communication terminal shown in Fig.
BRIEF DESCRIPTION OF THE DRAWINGS The advantages and features of the present invention and the manner of achieving them will become apparent with reference to the embodiments described in detail below with reference to the accompanying drawings. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. To fully disclose the scope of the invention to those skilled in the art, and the invention is only defined by the scope of the claims. Like reference numerals refer to like elements throughout the specification.
In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The following terms are defined in consideration of the functions in the embodiments of the present invention, which may vary depending on the intention of the user, the intention or the custom of the operator. Therefore, the definition should be based on the contents throughout this specification.
1 is a block diagram of an apparatus for tracking usage according to an embodiment of the present invention.
As shown, the
The
The
The
The
The extracting
The
Then, the
The
The
The
The
2 is a flowchart for explaining a method in which an authorization usage tracking device for authorization of a mobile application that can execute in the mobile communication terminal shown in Fig.
As shown in the figure, the method for extracting header information from an executable file of an input mobile application, extracting methods of classes of the mobile application from the header information to generate a method list (S201 To S205). For example, header information such as header, string_ids, type_ids, proto_ids, field_ids, method_ids, class_defs, data, and link_data can be extracted from a classes.dex file that is an executable file of the Android application.
The method further includes a step S207 of obtaining a list of privileges required by the methods using the method list generated in step S205 and the API-privilege dictionary obtained in advance and storing them as a method-privilege dictionary. For example, the privileges possessed by a particular method are listed to form an entry, and these entries are aggregated to form a method-privilege dictionary.
The method further includes a step S209 of storing reference information between the methods obtained by analyzing the code included in the methods as a method-reference dictionary. Here, after obtaining the code data of the method, the dumbby byte code of the code data is parsed, and the method reference information for calling the other code can be extracted.
Thereafter, the method further includes a step (S211) of recursively analyzing the authorization list requested by the methods based on the reference information between the methods obtained by analyzing the code included in the methods and updating the method-authority dictionary. The update of the method-authority dictionary 133 is performed until all reference information between all methods is processed.
The method further includes a step (S213) of storing the relationship information between classes as a class-relationship dictionary.
The method further includes a step S215 of acquiring a privilege list of the class including the methods based on the privilege list requested by the methods and storing the class-privilege dictionary.
Also, the class-authority dictionary is updated based on the relationship information between the classes according to the class-relation dictionary, or the API of the method invoked by the method included in the class is recursively checked to acquire the privilege list of the class And updating the class-authority dictionary (S217). The update of this class-privilege dictionary 135 is performed until all the relationship information and all the call parameters between all classes are processed.
The method further includes a step S219 of outputting a stored authority list, a method-authority dictionary, a method-reference dictionary, a class-authority dictionary, and a class-relationship dictionary.
Hereinafter, with reference to FIG. 1 and FIG. 2, a process of tracking the use of rights by a rights use tracking device for a mobile application executable by the mobile communication terminal will be described in detail.
First, an API-authority dictionary 121 is secured and stored in the
As described above, the API-authority dictionary 121 is secured in advance, and the mobile application that can be executed in the mobile communication terminal device loaded with the mobile operating system is input to the input unit 110 (S201). For example, an application that can run on the Android operating system can be input to the
The
Next, the
The
Next, the
The
The
The
The
As described above, according to the embodiment of the present invention, after obtaining a list of privileges required by the methods of the classes of the mobile application, the code included in the methods is analyzed and the privileges required by the methods based on the reference information between the methods By updating the list, it is possible to track which code of the entire code is used for the authority required for the mobile application to operate, thereby enhancing the malicious code diagnosis performance of the security program.
In addition, by allowing the mobile application to separately identify the actual usage rights, it is possible to enhance the pre-application inspection performance in the application store or the like.
Each block of the accompanying block diagrams and combinations of steps of the flowchart may be performed by computer program instructions. These computer program instructions may be loaded into a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus so that the instructions, which may be executed by a processor of a computer or other programmable data processing apparatus, And means for performing the functions described in each step are created. These computer program instructions may also be stored in a computer usable or computer readable memory capable of directing a computer or other programmable data processing apparatus to implement the functionality in a particular manner so that the computer usable or computer readable memory It is also possible for the instructions stored in the block diagram to produce a manufacturing item containing instruction means for performing the functions described in each block or flowchart of the block diagram. Computer program instructions may also be stored on a computer or other programmable data processing equipment so that a series of operating steps may be performed on a computer or other programmable data processing equipment to create a computer- It is also possible that the instructions that perform the processing equipment provide the steps for executing the functions described in each block of the block diagram and at each step of the flowchart.
Also, each block or each step may represent a module, segment, or portion of code that includes one or more executable instructions for executing the specified logical function (s). It should also be noted that in some alternative embodiments, the functions mentioned in the blocks or steps may occur out of order. For example, two blocks or steps shown in succession may in fact be performed substantially concurrently, or the blocks or steps may sometimes be performed in reverse order according to the corresponding function.
The foregoing description is merely illustrative of the technical idea of the present invention, and various changes and modifications may be made by those skilled in the art without departing from the essential characteristics of the present invention. Therefore, the embodiments disclosed in the present invention are intended to illustrate rather than limit the scope of the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be construed according to the following claims, and all technical ideas within the scope of equivalents should be construed as falling within the scope of the present invention.
100: permission use tracking device 110: input
120: Data part 121: API-authority dictionary
130: storage unit 131: permission list
132: header information 133: method-authority dictionary
134: Method - Reference Dictionary 135: Class - Privilege Dictionary
136: class-relation dictionary 140: control unit
150:
Claims (9)
Extracting header information from an executable file of the mobile application, extracting methods of the classes of the mobile application from the header information to generate a method list,
Acquiring and storing a list of privileges required by the methods using the generated method list and an API-privilege dictionary secured in advance;
And recursively analyzing and updating the authorization list requested by the methods based on the reference information between the methods obtained by analyzing the codes included in the methods.
And acquiring and storing an authorization list of a class including the methods based on the authorization list requested by the methods.
And updating the privilege list of the class based on the relationship information between the classes.
Further comprising the step of recursively checking an argument of an API called by a method included in the class to update an authorization list of the class.
A computer-readable recording medium storing a computer program.
A data portion in which a previously obtained API-authority dictionary is stored,
A storage unit for storing a method-authority dictionary including a list of rights requested by the methods of the classes of the mobile application;
And a controller for controlling generation and storage of the method-authority dictionary,
Wherein the control unit extracts header information from an executable file of the mobile application, extracts methods of the classes of the mobile application from the header information to generate a method list,
Acquiring and storing an authorization list requested by the methods using the generated method list and the API-authorization dictionary,
And recursively analyzes and updates the authorization list requested by the methods based on the reference information between the methods obtained by analyzing the codes included in the methods.
Wherein the control unit obtains a permission list of a class including the methods based on a permission list requested by the methods and stores the obtained permission list in the storage unit.
Wherein the control unit updates the authority list of the class based on the relationship information between the classes.
Wherein the control unit recursively checks an argument of an API called by a method included in the class and updates an authorization list of the class.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020160026639A KR20170103561A (en) | 2016-03-04 | 2016-03-04 | Method and apparatus for tracing permission |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020160026639A KR20170103561A (en) | 2016-03-04 | 2016-03-04 | Method and apparatus for tracing permission |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20170103561A true KR20170103561A (en) | 2017-09-13 |
Family
ID=59967883
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020160026639A KR20170103561A (en) | 2016-03-04 | 2016-03-04 | Method and apparatus for tracing permission |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20170103561A (en) |
-
2016
- 2016-03-04 KR KR1020160026639A patent/KR20170103561A/en active Search and Examination
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11216256B2 (en) | Determining based on static compiler analysis that execution of compiler code would result in unacceptable program behavior | |
US9720798B2 (en) | Simulating black box test results using information from white box testing | |
KR101739125B1 (en) | Apparatus and method for analysing a permission of application for mobile device and detecting risk | |
US9525706B2 (en) | Apparatus and method for diagnosing malicious applications | |
Doupe et al. | deDacota: toward preventing server-side XSS via automatic code and data separation | |
CN106897607B (en) | Application program monitoring method and device | |
US9189204B2 (en) | Static analysis of computer software applications having a model-view-controller architecture | |
CN103177210A (en) | Method of implanting dynamic stain analysis module in Android | |
CN107016282B (en) | information processing method and device | |
US8904492B2 (en) | Method of controlling information processing system, computer-readable recording medium storing program for controlling apparatus | |
CN110333872B (en) | Application processing method, device, equipment and medium | |
CN104102880A (en) | Application rewriting method and system for detecting Android privilege elevation attack | |
CN104732146A (en) | Android program bug detection method and system | |
US9158923B2 (en) | Mitigating security risks via code movement | |
US20240143739A1 (en) | Intelligent obfuscation of mobile applications | |
CN109241746B (en) | Code processing method and device, computing equipment and storage medium | |
KR101926142B1 (en) | Apparatus and method for analyzing programs | |
Lim et al. | Structural analysis of packing schemes for extracting hidden codes in mobile malware | |
KR101428915B1 (en) | Feedback based application rewriting framework method and system for android security | |
Tran et al. | Security issues in android application development and plug-in for android studio to support secure programming | |
KR101557455B1 (en) | Application Code Analysis Apparatus and Method For Code Analysis Using The Same | |
CN106569868B (en) | Gradle-based compiling optimization method and device | |
KR20210025885A (en) | Apparatus for minimal permission analysis of applications in software defined network and the method thereof | |
Niu et al. | Clone analysis and detection in android applications | |
CN104751026A (en) | Software protection method and software application method of android system, and related devices |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E601 | Decision to refuse application | ||
AMND | Amendment |