[1]杨海民,张涛,赵敏,等. 基于gdb的Android软件漏洞挖掘系统[J].计算机技术与发展,2015,25(08):156-160.
 YANG Hai-min,ZHANG Tao,ZHAO Min,et al. Android Software Vulnerabilities Mining System Based on gdb[J].,2015,25(08):156-160.
点击复制

 基于gdb的Android软件漏洞挖掘系统()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
25
期数:
2015年08期
页码:
156-160
栏目:
安全与防范
出版日期:
2015-08-10

文章信息/Info

Title:
 Android Software Vulnerabilities Mining System Based on gdb
文章编号:
1673-629X(2015)08-0156-05
作者:
 杨海民张涛赵敏鲁小杰
 解放军理工大学 指挥信息系统学院
Author(s):
 YANG Hai-minZHANG TaoZHAO Min LU Xiao-jie
关键词:
 Android软件漏洞挖掘污点分析gdb
Keywords:
Android softwarevulnerabilities miningtaint analysisgdb
分类号:
TP302.1
文献标志码:
A
摘要:
 传统的漏洞挖掘技术一般适用于x86平台,且是面向PC的。随着Android手机的普及,需要有针对其上运行软件的漏洞挖掘技术。针对当前Android软件市场审核宽松以及该领域研究相对较少等方面存在的一些问题,设计并实现了一种基于gdb的Android软件漏洞挖掘系统。系统采用基于信息流追踪的污点分析技术,从污点标记、污点传播和污点检测三个方面进行设计,并通过指令模拟执行提高分析覆盖率。当系统发现可疑漏洞时,把结果通知给用户,并能对漏洞做出全面的分析。通过对Android软件的测试,发现了部分软件中的缓冲区溢出漏洞,证实了系统的有效性。
Abstract:
 The traditional vulnerability mining techniques are generally applicable to x86 platform,and intent to the PC. With the populari-ty of Android phones,the vulnerability mining technology running on it is needed. Because of the problems of the current accommodative Android software market audit and relatively small research in this area,a gdb-based Android software vulnerabilities mining system is designed and implemented. The system adopts taint analysis techniques based on tracking the flow of information,which is designed from taint marking,taint transmission and taint detection,and improves analysis coverage through instruction simulation. The result is notified to the user and the system can make a comprehensive analysis of vulnerability when the system finds the suspicious loopholes. By the test for Android software,some buffer overflow vulnerabilities in software is found,which proves the effectiveness of the system.

相似文献/References:

[1]张志宏,吴庆波,邵立松,等.基于飞腾平台TOE协议栈的设计与实现[J].计算机技术与发展,2014,24(07):1.
 ZHANG Zhi-hong,WU Qing-bo,SHAO Li-song,et al. Design and Implementation of TCP/IP Offload Engine Protocol Stack Based on FT Platform[J].,2014,24(08):1.
[2]梁文快,李毅. 改进的基因表达算法对航班优化排序问题研究[J].计算机技术与发展,2014,24(07):5.
 LIANG Wen-kuai,LI Yi. Research on Optimization of Flight Scheduling Problem Based on Improved Gene Expression Algorithm[J].,2014,24(08):5.
[3]黄静,王枫,谢志新,等. EAST文档管理系统的设计与实现[J].计算机技术与发展,2014,24(07):13.
 HUANG Jing,WANG Feng,XIE Zhi-xin,et al. Design and Implementation of EAST Document Management System[J].,2014,24(08):13.
[4]侯善江[],张代远[][][]. 基于样条权函数神经网络P2P流量识别方法[J].计算机技术与发展,2014,24(07):21.
 HOU Shan-jiang[],ZHANG Dai-yuan[][][]. P2P Traffic Identification Based on Spline Weight Function Neural Network[J].,2014,24(08):21.
[5]李璨,耿国华,李康,等. 一种基于三维模型的文物碎片线图生成方法[J].计算机技术与发展,2014,24(07):25.
 LI Can,GENG Guo-hua,LI Kang,et al. A Method of Obtaining Cultural Debris’ s Line Chart Based on Three-dimensional Model[J].,2014,24(08):25.
[6]翁鹤,皮德常. 混沌RBF神经网络异常检测算法[J].计算机技术与发展,2014,24(07):29.
 WENG He,PI De-chang. Chaotic RBF Neural Network Anomaly Detection Algorithm[J].,2014,24(08):29.
[7]刘茜[],荆晓远[],李文倩[],等. 基于流形学习的正交稀疏保留投影[J].计算机技术与发展,2014,24(07):34.
 LIU Qian[],JING Xiao-yuan[,LI Wen-qian[],et al. Orthogonal Sparsity Preserving Projections Based on Manifold Learning[J].,2014,24(08):34.
[8]尚福华,李想,巩淼. 基于模糊框架-产生式知识表示及推理研究[J].计算机技术与发展,2014,24(07):38.
 SHANG Fu-hua,LI Xiang,GONG Miao. Research on Knowledge Representation and Inference Based on Fuzzy Framework-production[J].,2014,24(08):38.
[9]叶偲,李良福,肖樟树. 一种去除运动目标重影的图像镶嵌方法研究[J].计算机技术与发展,2014,24(07):43.
 YE Si,LI Liang-fu,XIAO Zhang-shu. Research of an Image Mosaic Method for Removing Ghost of Moving Targets[J].,2014,24(08):43.
[10]余松平[][],蔡志平[],吴建进[],等. GSM-R信令监测选择录音系统设计与实现[J].计算机技术与发展,2014,24(07):47.
 YU Song-ping[][],CAI Zhi-ping[] WU Jian-jin[],GU Feng-zhi[]. Design and Implementation of an Optional Voice Recording System Based on GSM-R Signaling Monitoring[J].,2014,24(08):47.

更新日期/Last Update: 2015-09-14