1 |
AppScan:手機應用程式行為靜態偵測掃描-以iOS為例 / AppScan : Static mobile application behavior scanning on iOS executable王韋仁, Wang, Wei Ren Unknown Date (has links)
行動應用程式是當今最受歡迎和最主要的軟體應用程式,因此應用程式的實際行為以及相關的安全和隱私問題變得越來越重要。另一方面,隨著時間的推移,AppStore上有越來越多的應用程式已經停止更新或停止服務,但沒有從AppStore中刪除。然而,用戶對於缺少維護問題一無所知,仍然下載並使用它。在本研究中,我們將解決在應用程式中檢查特定屬性方法序列的問題。通過使用IDApro生成Function call dependency graph和Subroutine control flow graph,我們使用語法分析方式來進行跨子程式的序列檢查方案。我們將通過預先定義屬性的方法序列作為模型來檢查應用程式行為。這個分析方法可以說明在App Store中可用的應用程式中是否存在屬性方法序列。有助於我們在應用程式中檢查一些惡意行為屬性方法序列或特定行為方法序列(例如使用不推薦的api方法)。
我們的網絡爬蟲從官方文件中摘取了的所有可用的iOS SDK方法,並從中提取做為我們的模型序列。我們將檢查應用程式是否包含所準備的模型序列。如果應用程式中存在該序列,我們將在應用程式中記錄子程式中包含的方法序列調用。然後將結果數據匯總到我們的數據庫中,並將結果視覺化、數據化,並建立系統的的API服務。最後,我們構建了一個使用上述檢查功能所識做的的分析系統,並以Web服務形式顯示結果。 / Mobile application is the most popular and dominant software applications nowadays, so the actual behaviors of the application and the related security and privacy issues become more and more important. On the other hand, as time goes by, there are more and more applications on the AppStore stop to update or being abandoned but not removed from AppStore. However, the users know nothing about the lack of maintenance problems and still download and use it. In this research, we will resolve the issue for checking specific property method sequence within an application. By using IDApro to generate function call graph and the subroutine control flow graphs, we use syntax checking strategy to perform a across subroutines sequential checking solution. We will check the application behavior by predefining a property method sequence as pattern and then check with applications’. The analysis method can illustrate whether a property method sequence exists in the application which is available on App Store. This may help us to check some malicious behavior property method sequence or specific behavior method sequence (ex. using deprecated api methods) in the applications. We have prepared some property method sequence as our system input pattern extracted from all the available iOS SDK methods fetching by our web crawler. We will check whether an application contains the prepared method sequence or not. If the sequence exists in the application, we would record the method sequence call included in the subroutine within the application. Then the results data will be aggregated in our database, and export as api service for visualizing and statistic uses. Finally, we construct a call sequence analysis system for the above checking functions and show the result in a web service form
|
Page generated in 0.0154 seconds