软件学报 ISSN 1000-9825, CODEN RUXUEW                                        E-mail: jos@iscas.ac.cn
         Journal of Software,2021,32(6):1701−1716 [doi: 10.13328/j.cnki.jos.006245]   http://www.jos.org.cn
         ©中国科学院软件研究所版权所有.                                                          Tel: +86-10-62562563


                                                                        ∗
         基于污染变量关系图的 Android 应用污点分析工具

         张   捷,   田   聪,   段振华


         (西安电子科技大学  计算机科学与技术学院,陕西  西安  710071)
         通讯作者:  田聪, E-mail: ctian@mail.xidian.edu.cn

         摘   要:  污点分析技术是检测 Android 智能手机隐私数据泄露的有效方法,目前主流的 Android 应用污点分析工
         具主要关注分析的精度,常常忽略运行效率的提升.在分析一些复杂应用时,过大的开销可能造成超时或程序崩溃等
         问题,影响工具的广泛使用.为了减少分析时间、提高效率,提出一种基于污染变量关系图的污点分析方法.该方法
         定义了污染变量关系图用于描述程序中污染变量及其关系,摒弃了传统数据流分析框架,将污点分析和别名分析进
         行结合,从程序中抽象出污染变量关系图和潜在污染流,并在控制流图上对潜在污染流进行验证以提高精度.详细描
         述了基于该方法所实现的工具 FastDroid 的架构、模块及算法细节.实验使用了 3 个不同的测试集,分别为
         DroidBench-2.0,MalGenome 以及 Google Play 上随机下载的 1517 个应用.实验结果表明:FastDroid 在 DroidBench-2.0
         测试集上的查准率和查全率分别达到 93.3%和 85.8%,比目前主流工具 FlowDroid 更高,并且在 3 个测试集上所用的
         分析时间更少且更稳定.
         关键词:  静态分析;污点分析;软件安全;隐私保护;Android 应用
         中图法分类号: TP311

         中文引用格式:  张捷,田聪,段振华.基于污染变量关系图的 Android 应用污点分析工具.软件学报,2021,32(6):1701−1716.
         http://www.jos.org.cn/1000-9825/6245.htm
         英文引用格式: Zhang J, Tian C, Duan ZH. Taint analysis tool of Android applications based on tainted value graph. Ruan Jian
         Xue Bao/Journal of Software, 2021,32(6):1701−1716 (in Chinese). http://www.jos.org.cn/1000-9825/6245.htm

         Taint Analysis Tool of Android Applications Based on Tainted Value Graph
         ZHANG Jie,    TIAN Cong,    DUAN Zhen-Hua

         (School of Computer Science and Technology, Xidian University, Xi’an 710071, China)
         Abstract:    The taint analysis technology is an effective method to detect the privacy data leakage of Android smart phones. However, the
         state-of-the-art tools of taint analysis for Android applications mainly focus on the accuracy with few of them addressing the importance
         of the efficiency and time cost. Actually, the high cost may cause problems such as timeouts or program crashes when the tools analyze
         some complex applications, which block them from wide usage. This study proposes a novel taint analysis approach based on the tainted
         value graph, which reduces the time cost and improves the efficiency. The tainted value graph is formalized to describe the tainted values
         and their  relationships and the  taint analysis and alias analysis are combined together  without  using  the traditional  data flow analysis
         framework.  In addition,  the  taint  flows are  verified  on  the control flow graph  to improve accuracy. The architecture, modules,  and
         algorithmic details of  the proposed tool FastDroid  are  also described in  this paper.  The tool is  evaluated on three test  suites:
         DroidBench-2.0,  MalGenome,  and  1517  apps randomly downloaded from  Google Play. The  experimental results show that,  compared


            ∗  基金项目:  科技部重点研发计划 (2018AAA0103202);  国家自然科学基金(61732013, 61751207);  陕西省科技创新团队
         (2019TD-001)
              Foundation item: Major  Program of  the Ministry  of Science and Technology  of China  (2018AAA0103202); National Natural
         Science Foundation of China (61732013, 61751207); Key Science and Technology Innovation Team of Shaanxi Provience (2019TD-001)
              本文由“形式化方法与应用”专题特约编辑邓玉欣教授推荐.
             收稿时间: 2020-08-29;  修改时间: 2020-10-26, 2020-12-19;  采用时间: 2021-01-18; jos 在线出版时间: 2021-02-07