基于类型感知动态数据流分析的Android安全漏洞检测缓解技术

项目名称： 基于类型感知动态数据流分析的Android安全漏洞检测缓解技术

项目编号： No.61472209

项目类型： 面上项目

立项/批准年度： 2015

项目学科： 自动化技术、计算机技术

项目作者： 诸葛建伟

作者单位： 清华大学

项目金额： 86万元

中文摘要： Android系统的开放性促成了在移动智能终端市场上的巨大成功，但同时也带来了Android平台上的大量安全风险，对用户隐私与经济利益造成威胁。本项目针对Android平台的开、闭源代码混合共生系统生态环境与版本碎片化的独特特性，从开源代码及交互接口分析获取高层类型信息，从补丁分析提取安全漏洞语义信息，从而支持研究基于类型感知动态数据流分析的安全漏洞检测与缓解技术，构建出适用Android兼容移动智能终端平台的安全漏洞检测缓解原型系统。通过本项目的研究，希望能够推进混合代码环境下的安全漏洞检测理论与技术方法，并为国产Android兼容移动智能终端操作系统提供安全性测试平台，从而帮助提升系统的安全性。本项目计划完成高水平学术论文6-8篇，申请国家发明专利4项，协助培养博士生3名，培养硕士生5名。

中文关键词： 系统安全；安全漏洞；安全漏洞检测；安全漏洞缓解；Android安全

英文摘要： While the openness of the Android system helped to achieve the great success of Android on the Mobile Smart Device market, however, it also brought a large amount of security risks to the Android platform, which have raised threats to the privacy and profit of users. In this project, targeting the unique characteristics of Android platform, including the mixed ecosystem of open-source and close-sourced software, and the fragmentation of versions, we propose to recover the high-level type information from the open-source codes and the interaction interface analysis, extract the vulnerability semantic information from the patch analysis, to support the research of novel vulnerability detection and mitigation technique based on the type-aware data flow tracking and analysis, and implementation of a prototype system for detecting and mitigating vulnerabilities from Android-family Smart Device systems. Through the research of this project, we propose to promote the vulnerability detection theory and techniques in the mixed code ecosystem, meanwhile, we also plan to provide the security testing platform for domestic Android-family Smart Device operation systems, to help with the improvement of security. In this project, we plan to publish 6-8 solid academic papers, to apply 4 national patents, and to train 3 Ph.D. candidates and 5 M.S. students.

英文关键词： System Security;Vulnerability;Vulnerability Detection;Vulnerability Mitigation;Android Security