Android移动终端多语种基础软件组合的安全技术研究

项目名称： Android移动终端多语种基础软件组合的安全技术研究

项目编号： No.61462086

项目类型： 地区科学基金项目

立项/批准年度： 2015

项目学科： 自动化技术、计算机技术

项目作者： 石刚

作者单位： 新疆大学

项目金额： 46万元

中文摘要： 由Android操作系统和维哈柯文输入法、浏览器、阅读器构成的智能终端多语种基础软件，在新疆少数民族青少年的手机系统中起着重要支撑作用。由于Android系统的软件间相互调用造成的权限传播已成为是重要的安全隐患，单独研究某个软件的安全性已不足以保证用户信息的安全，上述多语种基础软件具有权限大、开放性强及与其他软件交互性强的特点，成为研究软件组合的安全性的重要样本。本项目将多语种基础软件组合为多语种软件支撑环境，研究其他APP在此环境下的安全性问题。通过构建全系统扩展调用图（ECG），分析其他多语种APP对支撑环境中权限节点调用关系，对比其权限声明，检测是否可能具有权限传播等非法操作。进一步分析可疑的被测APP的ByteCode，构建控制流图查找调用路径，建立调用依赖数据流，利用符号计算求解异常调用引发条件。这既是检测软件组合中权限传播的方法，又是保护新疆少数民族青少年信息安全的重要手段。

中文关键词： 多语种；权限传播；扩展调用图；符号执行；控制流图

英文摘要： A group of multi-lingual base software , the Android operating system and the associated input method programs, browsers and readers supporting Uygur, Kazakh, Kyrgyz languages, plays an important infrastructure role in the cell-phone system for Xinjiang minority adolescents. Since the authority spreading caused by the interactive calls among the software in Android system has become a major safety concerns, it is insufficient to consider separately the safety of some single software. The multilingual infrastructure software stated above has the features with high permissions, strong openness and highly interactiveness, hence has become an important sample in the safety research for software groups. The project combines the group of multilingual software into a multilingual software support environment, under which the safety of other APP's in this environment will be studied.By building a system-wide extended call graph (ECG), the call information of the other multi-lingual APP's to some node with special permission in the supporting environment is analyzed, so that the illegal operations， such as permission dissemination, can be detected by comparing with its permission declaration. Further analysis of suspicious tested APP ByteCode can be made, by constructing the control flow graph to find the call path, establishing call-dependent data flow and solving the trigger condition of an anomaly by using symbolic computation. In this way, the permissions propagation in a software group can be detected succesfuly, which is also important to keep information security in Xinjiang minority youth.

英文关键词： Multilingual;Permission spreading;Extend call graph;Symbolic execution;Control flow graph