KR20170103561A - Method and apparatus for tracing permission - Google Patents

Method and apparatus for tracing permission Download PDF

Info

Publication number
KR20170103561A
KR20170103561A KR1020160026639A KR20160026639A KR20170103561A KR 20170103561 A KR20170103561 A KR 20170103561A KR 1020160026639 A KR1020160026639 A KR 1020160026639A KR 20160026639 A KR20160026639 A KR 20160026639A KR 20170103561 A KR20170103561 A KR 20170103561A
Authority
KR
South Korea
Prior art keywords
list
methods
class
dictionary
mobile application
Prior art date
Application number
KR1020160026639A
Other languages
Korean (ko)
Inventor
박준용
Original Assignee
주식회사 안랩
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 안랩 filed Critical 주식회사 안랩
Priority to KR1020160026639A priority Critical patent/KR20170103561A/en
Publication of KR20170103561A publication Critical patent/KR20170103561A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/302Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3466Performance evaluation by tracing or monitoring
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3604Software analysis for verifying properties of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Quality & Reliability (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a method and apparatus for tracking rights usage. The disclosed method includes: extracting header information from an executable file of a mobile application, extracting methods of classes of the mobile application from header information to generate a method list, and generating a method list and API- A step of acquiring and storing a list of privileges required by the methods using a dictionary, and a step of recursively analyzing the privilege list requested by the methods based on the reference information between the methods obtained by analyzing the codes included in the methods . The present invention analyzes a code included in a method after acquiring a list of privileges required by methods of classes of a mobile application, updates a list of privileges required by the methods based on reference information between the methods, The ability to track which code in the entire code is used to increase the ability of the security program to detect malicious code.

Description

[0001] METHOD AND APPARATUS FOR TRACING PERMISSION [0002]

BACKGROUND OF THE INVENTION 1. Field of the Invention [0001] The present invention relates to tracking rights usage, and more particularly, to a method and apparatus for tracking rights usage by a mobile application that can be executed in a mobile communication terminal device equipped with a mobile operating system.

One of the main features of a mobile application that can be executed in a mobile communication terminal device equipped with a mobile operating system is that a certain privilege is necessarily required to perform a specific action. Therefore, if it is possible to track which malicious code is used in malicious code, malicious code can be easily detected by judging whether malicious code is the only traceable code among all the malicious codes In addition, it is possible to judge very quickly, thereby enhancing malicious code diagnosis performance.

On the other hand, Android applications, one of the mobile operating systems, are required to specify the necessary permissions for the application to run in the AndroidManifest.xml file. However, the AndroidManifest.xml file contains a list of required privileges, but does not describe in detail what specific privileges the code requires.

Thus, conventionally, a list of privileges required for a mobile application to operate is extracted and, if there is a potentially dangerous privilege, the user is informed that the corresponding mobile application is potentially dangerous.

As described above, conventionally, there is a limit in that it is not possible to judge whether the mobile application is malicious due to lack of detailed information on authority except for the authority list, and it operates in a manner of delegating all judgment and processing to the user There is a problem that accurate judgment and processing can not be guaranteed.

Korean Published Patent Application No. 2014-0044974, published on April 16, 2014.

The embodiment of the present invention analyzes a code included in a method after acquiring an authorization list required by the methods of classes of the mobile application and updates the authorization list required by the methods based on the reference information between the methods, Allows the application to keep track of which of the complete code is used to exercise the necessary privileges.

The problems to be solved by the present invention are not limited to those mentioned above, and another problem to be solved can be clearly understood by those skilled in the art from the following description.

As a first aspect of the present invention, a method for tracking rights usage by a mobile application that can be executed in a mobile communication terminal device loaded with a mobile operating system, comprises the steps of extracting header information from an executable file of the mobile application, Extracting the methods of the classes of the mobile application from the header information to generate a method list, and transmitting the generated method list and the privileges required by the methods using an API (Application Program Interface) And a step of recursively analyzing and updating the authority list requested by the methods based on the reference information between the methods obtained by analyzing the code included in the methods.

According to a second aspect of the present invention, there is provided a computer-readable recording medium having stored thereon a computer program for causing a processor to perform the above-described method for tracking usage of rights.

As a third aspect of the present invention, an apparatus for tracking usage rights includes an input unit for inputting a mobile application executable in a mobile communication terminal device loaded with a mobile operating system, a data unit for storing a previously secured API- A storage unit for storing a method-authority dictionary including a list of rights required by the methods of the classes of the application; and a control unit for controlling generation and storage of the method-authority dictionary, Extracts the header information from the executable file of the mobile application, extracts the methods of the classes of the mobile application from the header information to generate a method list, and uses the generated method list and the API- Acquires and stores the list, The method includes the steps of analyzing the code included in the methods and recursively analyzing and updating the list of privileges required by the methods based on the reference information between the methods.

According to the embodiment of the present invention, after obtaining the authorization list required by the methods of the classes of the mobile application, the code included in the methods is analyzed and the authorization list required by the methods is updated based on the reference information between the methods. It is possible to track which code of the entire code is used for the privilege required for the mobile application to operate, thereby enhancing the malicious code diagnosis performance of the security program.

In addition, by allowing the mobile application to separately identify the actual usage rights, it is possible to enhance the pre-application inspection performance in the application store or the like.

1 is a block diagram of an apparatus for tracking usage according to an embodiment of the present invention.
2 is a flowchart for explaining a method in which an authorization usage tracking device for authorization of a mobile application that can execute in the mobile communication terminal shown in Fig.

BRIEF DESCRIPTION OF THE DRAWINGS The advantages and features of the present invention and the manner of achieving them will become apparent with reference to the embodiments described in detail below with reference to the accompanying drawings. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. To fully disclose the scope of the invention to those skilled in the art, and the invention is only defined by the scope of the claims. Like reference numerals refer to like elements throughout the specification.

In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The following terms are defined in consideration of the functions in the embodiments of the present invention, which may vary depending on the intention of the user, the intention or the custom of the operator. Therefore, the definition should be based on the contents throughout this specification.

1 is a block diagram of an apparatus for tracking usage according to an embodiment of the present invention.

As shown, the authority tracking apparatus 100 includes an input unit 110, a data unit 120, a storage unit 130, a control unit 140, and an output unit 150. The data part 120 includes an API-authority dictionary 121. The storage unit 130 stores the authority list 131, the header information 132, the method-authority dictionary 133, the method-reference dictionary 134, the class-authority dictionary 135, . The control unit 140 includes an extracting unit 141, a list generating unit 142, and a list updating unit 143.

The input unit 110 receives a mobile application that can be executed by a mobile communication terminal device on which a mobile operating system is installed. For example, when the rights-use tracking apparatus 100 is implemented separately from the mobile communication terminal apparatus, the mobile application terminal 100 can receive the mobile application from the mobile communication terminal apparatus via a separate communication path, When the terminal device is integrally implemented, the mobile application can receive the mobile application from the mobile operating system.

The data unit 120 stores the API-authority dictionary 121 secured in advance.

The storage unit 130 stores a method-privilege dictionary 133 including a list of privileges required by the methods of the classes of the mobile application. In addition, the storage unit 130 stores an authority list 131, header information 132, a method-reference dictionary 134, a class-authority dictionary 135, and a class-relationship dictionary 136. Here, the authority list 131 may be extracted from the xml file of the mobile application by the extracting unit 141 and stored. If the authorization list 131 is stored in the storage unit 130, the output unit 150 may output the authorization list 131 of the mobile application under the control of the control unit 140. [ Although the authority list 131 is not stored in the storage unit 130, functions equivalent to or superior to the method-authority dictionary 133 and the class-authority dictionary 135 can be exercised.

The control unit 140 controls an authority usage tracking process including a process of generating and storing the method-authority dictionary 133. [

The extracting unit 141 of the control unit 140 extracts the header information 132 from the executable file of the mobile application and stores the extracted header information 132 in the storage unit 130. In addition, the extracting unit 141 extracts the authority list 131 from the xml file of the mobile application and stores the extracted authority list 131 in the storage unit 130.

The list generation unit 142 of the control unit 140 generates a method list by extracting the methods of the classes of the mobile application from the header information and generates the method list and the API- And obtains a list of privileges required by the methods and stores them in the method-privilege dictionary 133 in the storage unit 130. The list generation unit 142 stores the reference information between the methods obtained by analyzing the code included in the methods in the storage unit 130 as the method-reference dictionary 134.

Then, the list generating unit 142 stores the relationship information between classes in the class-relation dictionary 136. For example, when a plurality of classes form a tree structure, parent relationship information and child relationship information between classes are stored in the class-relationship dictionary 136.

The list generation unit 142 acquires the privilege list of the class including the methods based on the privilege list requested by the methods according to the method-privilege dictionary 113, 135).

The list updating unit 143 of the control unit 140 recursively analyzes the authorization list requested by the methods based on the reference information between the methods by the method-reference dictionary 134, . The list updating unit 143 updates the authority list of the class of the class-authority dictionary 135 based on the relationship information between the classes according to the class-relation dictionary 136. [ The list updater 143 recursively checks the argument of the API invoked by the method included in the class according to the class-privilege dictionary 135 and updates the privilege list of the class to the class-privilege dictionary 135 do.

The output unit 150 outputs the method-authority dictionary 133, the method-reference dictionary 134, the class-authority dictionary 135, the class-relation dictionary 136 ). For example, the output unit 150 may display the method-authority dictionary 133, the method-reference dictionary 134, the class-authority dictionary 135, and the class-relationship dictionary 136 in a screen form Or output it in the form of a data file that can be recognized by the information processing device so that it can be utilized in an information processing device such as a computer.

The input unit 110, the control unit 140 and the output unit 150 may be implemented by a processor such as a microprocessor capable of computing operations. The data unit 120 and the storage unit 130 may be a computer readable recording medium such as a random access memory (RAM), and may be embedded in the control unit 140 or installed separately.

2 is a flowchart for explaining a method in which an authorization usage tracking device for authorization of a mobile application that can execute in the mobile communication terminal shown in Fig.

As shown in the figure, the method for extracting header information from an executable file of an input mobile application, extracting methods of classes of the mobile application from the header information to generate a method list (S201 To S205). For example, header information such as header, string_ids, type_ids, proto_ids, field_ids, method_ids, class_defs, data, and link_data can be extracted from a classes.dex file that is an executable file of the Android application.

The method further includes a step S207 of obtaining a list of privileges required by the methods using the method list generated in step S205 and the API-privilege dictionary obtained in advance and storing them as a method-privilege dictionary. For example, the privileges possessed by a particular method are listed to form an entry, and these entries are aggregated to form a method-privilege dictionary.

The method further includes a step S209 of storing reference information between the methods obtained by analyzing the code included in the methods as a method-reference dictionary. Here, after obtaining the code data of the method, the dumbby byte code of the code data is parsed, and the method reference information for calling the other code can be extracted.

Thereafter, the method further includes a step (S211) of recursively analyzing the authorization list requested by the methods based on the reference information between the methods obtained by analyzing the code included in the methods and updating the method-authority dictionary. The update of the method-authority dictionary 133 is performed until all reference information between all methods is processed.

The method further includes a step (S213) of storing the relationship information between classes as a class-relationship dictionary.

The method further includes a step S215 of acquiring a privilege list of the class including the methods based on the privilege list requested by the methods and storing the class-privilege dictionary.

Also, the class-authority dictionary is updated based on the relationship information between the classes according to the class-relation dictionary, or the API of the method invoked by the method included in the class is recursively checked to acquire the privilege list of the class And updating the class-authority dictionary (S217). The update of this class-privilege dictionary 135 is performed until all the relationship information and all the call parameters between all classes are processed.

The method further includes a step S219 of outputting a stored authority list, a method-authority dictionary, a method-reference dictionary, a class-authority dictionary, and a class-relationship dictionary.

Hereinafter, with reference to FIG. 1 and FIG. 2, a process of tracking the use of rights by a rights use tracking device for a mobile application executable by the mobile communication terminal will be described in detail.

First, an API-authority dictionary 121 is secured and stored in the data unit 120 in advance. This indicates that some APIs require some privilege to use. For example, the API-rights dictionary 121 may be created by a developer based on the Android reference, or may be provided from a mobile operating system provider, or a well-known library may be used.

As described above, the API-authority dictionary 121 is secured in advance, and the mobile application that can be executed in the mobile communication terminal device loaded with the mobile operating system is input to the input unit 110 (S201). For example, an application that can run on the Android operating system can be input to the input unit 110. [

The extraction unit 141 of the control unit 140 extracts the header information 132 from the executable file of the mobile application and stores it in the storage unit 130 (S203). For example, header, string_ids, type_ids, proto_ids, field_ids, method_ids, class_defs, data, link_data, etc. can be extracted from the classes.dex file.

Next, the list generation unit 142 of the control unit 140 extracts the methods of the classes of the mobile application from the header information 132 and generates a method list (S205). The list generating unit 142 compares the generated method list with the API-authority dictionary 121 of the data unit 120 to obtain a list of privileges required by the methods, and stores a list of privileges required by the acquired methods Authority dictionary 133 in step S307. For example, the privileges possessed by a particular method are listed to form an entry, and these entries are aggregated to form a method-privilege dictionary 133.

The list generation unit 142 stores the reference information between the methods obtained by analyzing the codes included in the methods in the storage unit 130 as the method-reference dictionary 134 (S209). Here, after obtaining the code data of the method, the dumbby byte code of the code data is parsed, and the method reference information for calling the other code can be extracted. For example, method A, method B, ... , Reference information between method Z and method A is stored in method-reference dictionary 134 when method Z refers to (calls) method A from among method Z.

Next, the list updating unit 143 of the control unit 140 recursively analyzes the authorization list requested by the methods based on the reference information between the methods by the method-reference dictionary 134, (S211). The update of the method-authority dictionary 133 is performed until all reference information between all methods is processed. For example, when method A has authority P1, method Z has authority P2, and method Z refers to method A, in step S207, method Z accesses method- The method-authority dictionary 133 is updated in such a manner that the method Z has both the rights P1 and P2 in step S211.

The list generation unit 142 of the control unit 140 stores the relationship information between classes in the class-relation dictionary 136 (S213). For example, when a plurality of classes form a tree structure, parent relationship information and child relationship information between classes are stored in the class-relationship dictionary 136.

The list generation unit 142 of the control unit 140 acquires the privilege list of the class including the methods based on the privilege list requested by the methods according to the method-privilege dictionary 113, And stores it in the class-authority dictionary 135 (S215). For example, when class X contains method A and method B, and method A has authority P1 and method B has authority P3, class Y is stored in class-privilege dictionary 135 as having rights P1 and P3 .

The list updating unit 143 of the control unit 140 updates the class-authority dictionary 135 based on the relationship information between classes according to the class-relation dictionary 136, or updates the class- The privilege list of the class is updated in the class-privilege dictionary 135 (S217), by recursively confirming the argument of the API called by the method included in the class. The update of this class-privilege dictionary 135 is performed until all the relationship information and all the call parameters between all classes are processed. For example, if class Y is a parent node of class A, class X contains method A and method B, method A has authority P1, and method B has authority P3, class Y has rights P1 and P3 And is stored in the class-authority dictionary 135. Alternatively, when the method A included in the class X invokes an API called start service, the argument of the start service is class Y, the class X has the rights P1 and P3, and the class Y has the authority P4, in step S215, Is stored in the class-privilege dictionary 135 as having the privileges P1 and P3, but in the step S217, the class-privilege dictionary 135 is updated such that the class X has both the privileges P1 and P3 and P4.

The output unit 150 outputs the authority list 131 of the storage unit 130, the method-authority dictionary 133, the method-reference dictionary 134, the class-authority dictionary 135, and the class-relation dictionary 136 in step S219. For example, the output unit 150 may display the method-authority dictionary 133, the method-reference dictionary 134, the class-authority dictionary 135, and the class-relationship dictionary 136 in a screen form Or output it in the form of a data file that can be recognized by the information processing device so that it can be utilized in an information processing device such as a computer.

As described above, according to the embodiment of the present invention, after obtaining a list of privileges required by the methods of the classes of the mobile application, the code included in the methods is analyzed and the privileges required by the methods based on the reference information between the methods By updating the list, it is possible to track which code of the entire code is used for the authority required for the mobile application to operate, thereby enhancing the malicious code diagnosis performance of the security program.

In addition, by allowing the mobile application to separately identify the actual usage rights, it is possible to enhance the pre-application inspection performance in the application store or the like.

Each block of the accompanying block diagrams and combinations of steps of the flowchart may be performed by computer program instructions. These computer program instructions may be loaded into a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus so that the instructions, which may be executed by a processor of a computer or other programmable data processing apparatus, And means for performing the functions described in each step are created. These computer program instructions may also be stored in a computer usable or computer readable memory capable of directing a computer or other programmable data processing apparatus to implement the functionality in a particular manner so that the computer usable or computer readable memory It is also possible for the instructions stored in the block diagram to produce a manufacturing item containing instruction means for performing the functions described in each block or flowchart of the block diagram. Computer program instructions may also be stored on a computer or other programmable data processing equipment so that a series of operating steps may be performed on a computer or other programmable data processing equipment to create a computer- It is also possible that the instructions that perform the processing equipment provide the steps for executing the functions described in each block of the block diagram and at each step of the flowchart.

Also, each block or each step may represent a module, segment, or portion of code that includes one or more executable instructions for executing the specified logical function (s). It should also be noted that in some alternative embodiments, the functions mentioned in the blocks or steps may occur out of order. For example, two blocks or steps shown in succession may in fact be performed substantially concurrently, or the blocks or steps may sometimes be performed in reverse order according to the corresponding function.

The foregoing description is merely illustrative of the technical idea of the present invention, and various changes and modifications may be made by those skilled in the art without departing from the essential characteristics of the present invention. Therefore, the embodiments disclosed in the present invention are intended to illustrate rather than limit the scope of the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be construed according to the following claims, and all technical ideas within the scope of equivalents should be construed as falling within the scope of the present invention.

100: permission use tracking device 110: input
120: Data part 121: API-authority dictionary
130: storage unit 131: permission list
132: header information 133: method-authority dictionary
134: Method - Reference Dictionary 135: Class - Privilege Dictionary
136: class-relation dictionary 140: control unit
150:

Claims (9)

CLAIMS What is claimed is: 1. A method for tracking rights usage by a mobile application capable of being executed in a mobile communication terminal device equipped with a mobile operating system,
Extracting header information from an executable file of the mobile application, extracting methods of the classes of the mobile application from the header information to generate a method list,
Acquiring and storing a list of privileges required by the methods using the generated method list and an API-privilege dictionary secured in advance;
And recursively analyzing and updating the authorization list requested by the methods based on the reference information between the methods obtained by analyzing the codes included in the methods.
The method according to claim 1,
And acquiring and storing an authorization list of a class including the methods based on the authorization list requested by the methods.
3. The method of claim 2,
And updating the privilege list of the class based on the relationship information between the classes.
3. The method of claim 2,
Further comprising the step of recursively checking an argument of an API called by a method included in the class to update an authorization list of the class.
A method for enabling a processor to perform an authorization usage tracking method of any one of claims 1 to 4
A computer-readable recording medium storing a computer program.
An input unit for inputting a mobile application executable in a mobile communication terminal device equipped with a mobile operating system;
A data portion in which a previously obtained API-authority dictionary is stored,
A storage unit for storing a method-authority dictionary including a list of rights requested by the methods of the classes of the mobile application;
And a controller for controlling generation and storage of the method-authority dictionary,
Wherein the control unit extracts header information from an executable file of the mobile application, extracts methods of the classes of the mobile application from the header information to generate a method list,
Acquiring and storing an authorization list requested by the methods using the generated method list and the API-authorization dictionary,
And recursively analyzes and updates the authorization list requested by the methods based on the reference information between the methods obtained by analyzing the codes included in the methods.
The method according to claim 6,
Wherein the control unit obtains a permission list of a class including the methods based on a permission list requested by the methods and stores the obtained permission list in the storage unit.
8. The method of claim 7,
Wherein the control unit updates the authority list of the class based on the relationship information between the classes.
8. The method of claim 7,
Wherein the control unit recursively checks an argument of an API called by a method included in the class and updates an authorization list of the class.
KR1020160026639A 2016-03-04 2016-03-04 Method and apparatus for tracing permission KR20170103561A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020160026639A KR20170103561A (en) 2016-03-04 2016-03-04 Method and apparatus for tracing permission

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020160026639A KR20170103561A (en) 2016-03-04 2016-03-04 Method and apparatus for tracing permission

Publications (1)

Publication Number Publication Date
KR20170103561A true KR20170103561A (en) 2017-09-13

Family

ID=59967883

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020160026639A KR20170103561A (en) 2016-03-04 2016-03-04 Method and apparatus for tracing permission

Country Status (1)

Country Link
KR (1) KR20170103561A (en)

Similar Documents

Publication Publication Date Title
US11216256B2 (en) Determining based on static compiler analysis that execution of compiler code would result in unacceptable program behavior
US9720798B2 (en) Simulating black box test results using information from white box testing
KR101739125B1 (en) Apparatus and method for analysing a permission of application for mobile device and detecting risk
US9525706B2 (en) Apparatus and method for diagnosing malicious applications
Doupe et al. deDacota: toward preventing server-side XSS via automatic code and data separation
CN106897607B (en) Application program monitoring method and device
US9189204B2 (en) Static analysis of computer software applications having a model-view-controller architecture
CN103177210A (en) Method of implanting dynamic stain analysis module in Android
CN107016282B (en) information processing method and device
US8904492B2 (en) Method of controlling information processing system, computer-readable recording medium storing program for controlling apparatus
CN110333872B (en) Application processing method, device, equipment and medium
CN104102880A (en) Application rewriting method and system for detecting Android privilege elevation attack
CN104732146A (en) Android program bug detection method and system
US9158923B2 (en) Mitigating security risks via code movement
US20240143739A1 (en) Intelligent obfuscation of mobile applications
CN109241746B (en) Code processing method and device, computing equipment and storage medium
KR101926142B1 (en) Apparatus and method for analyzing programs
Lim et al. Structural analysis of packing schemes for extracting hidden codes in mobile malware
KR101428915B1 (en) Feedback based application rewriting framework method and system for android security
Tran et al. Security issues in android application development and plug-in for android studio to support secure programming
KR101557455B1 (en) Application Code Analysis Apparatus and Method For Code Analysis Using The Same
CN106569868B (en) Gradle-based compiling optimization method and device
KR20210025885A (en) Apparatus for minimal permission analysis of applications in software defined network and the method thereof
Niu et al. Clone analysis and detection in android applications
CN104751026A (en) Software protection method and software application method of android system, and related devices

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E601 Decision to refuse application
AMND Amendment