Page 141 - 《软件学报》2021年第6期
P. 141

张捷  等:基于污染变量关系图的 Android 应用污点分析工具                                                1715


          [2]    Mobile phone security report in 2019 (in Chinese). http://zt.360.cn/1101061855.php?dtid=1101061451&did=610435085
          [3]    Wang L, Li F, Li L, Feng XB. Principle and practice of taint analysis. Ruan Jian Xue Bao/Journal of Software, 2017,28(4):860−882
             (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5190.htm [doi: 10.13328/j.cnki.jos.005190]
          [4]    Yang W, Xiao X, Andow B, Li S, Xie T, Enck W. Appcontext: Differentiating malicious and benign mobile app behaviors using
             context. In: Proc.  of the 2015 IEEE/ACM 37th IEEE Int’l  Conf. on Software  Engineering. 2015. 303−313. [doi: 10.1109/ICSE.
             2015.50]
          [5]    Feng Y, Anand S, Dillig I, Alex Aiken. Apposcopy: Semantics-based detection of Android malware through static analysis. In:
             Proc. of the 22nd ACM SIGSOFT Int’l Symp. on Foundations of Software Engineering. 2014. 576−587. [doi: 10.1145/2635868.
             2635869]
          [6]    Arzt S, Rasthofer S, Fritz C, Bodden E, Bartel A, Klein J, Le Traon Y, Octeau D, McDaniel P. Flowdroid: Precise context, flow,
             field, object-sensitive  and lifecycle-aware taint  analysis for  Android  apps. ACM Sigplan Notices, 2014,49(6):259−269. [doi:
             10.1145/2594291.2594299]
          [7]    Li L, Bartel A, Bissyandé TF, Klein J, Le Traon Y, Arzt S, Rasthofer S, Bodden E, Octeau D, McDaniel P. Iccta: Detecting inter-
             component privacy leaks in Android apps. In: Proc. of the 2015 IEEE/ACM 37th IEEE Int’l Conf. on Software Engineering. 2015.
             280−291. [doi:10.1109/ICSE.2015.48]
          [8]    Wei F,  Roy S, Ou  X.  Amandroid:  A precise  and general inter-component data flow  analysis framework for security vetting of
             Android apps. ACM Transactions on Privacy & Security, 2018,21(3):1−32. [doi: 10.1145/3183575]
          [9]    Gordon MI, Kim D, Perkins J, Gilham L, Nguyen N, Rinard M. Information-Flow analysis of Android applications in droidsafe. In:
             Proc. of the Network and Distributed System Security Symposium. 2015,15(201):110. [doi: 10.14722/ndss.2015.23089]
         [10]    Li L, Bissyandé TF,  Papadakis M, Rasthofer S, Bartel A, Octeau D, Klein J, Le Traon  Y.  Static analysis  of Android apps: A
             systematic literature review. Information & Software Technology, 2017,88:67−95. [doi: 10.1016/j.infsof.2017.04.001]
         [11]    Enck W, Gilbert  P, Han  S, Tendulkar  V, Chun BG, Cox  LP,  Jung J, McDaniel  P,  Sheth AN. TaintDroid: An  information-flow
             tracking system  for realtime privacy  monitoring on smartphones. ACM  Trans. on Computer  System, 2014,32(2):393−407. [doi:
             10.1145/2619091]
         [12]    Zhu DY, Jung J, Song D, Kohno T, Wetherall D. Tainteraser: Protecting sensitive data leaks using application-level taint tracking.
             ACM SIGOPS Operating Systems Review, 2011,45(1):142−154. [doi: 10.1145/1945023.1945039]
         [13]    Mei H, Wang QX, Zhang L, Wang J. Soft analysis: A road map. Chinese Journal of Computers, 2009,32(9):1697−1710 (in Chinese
             with English abstract). [doi: 10.3724/SP.J.1016.2009.01697]
         [14]    Arzt S. Static data flow analysis for Android applications [Ph.D. Thesis]. Darmstadt: Technische Universität Darmstadt, 2017.
         [15]    Octeau D,  Luchaup D,  Dering M, Jha S,  Mcdaniel P.  Composite  constant propagation:  application to Android inter-component
             communication analysis. In: Proc. of the IEEE/ACM Int’l Conf. on Software Engineering. IEEE, 2015. 77−88. [doi: 10.1109/ICSE.
             2015.30]
         [16]    Octeau D, McDaniel P, Jha S, Bartel A, Bodden E, Klein J, Le Traon Y. Effective inter-component communication mapping in
             Android with epicc: An essential  step  towards  holistic  security analysis.  In: Proc. of  the 22nd USENIX  Security  Symp.  2013.
             543−558.
         [17]    Vallée-Rai R, Co P, Gagnon E, Hendren L, Lam P, Sundaresan V. Soot: A Java bytecode optimization framework. In: Proc. of the
             CASCON 1st Decade High Impact Papers. 2010. 214−224.
         [18]    Rami K, Desai V. Performance base static analysis of malware on Android. Int’l Journal of Computer Science & Mobile Computing,
             2013,2(9):247−255.
         [19]    Desnos A, Gueguen G. Android: From reversing to decompilation. In: Proc. of the Black Hat Abu Dhabi. 2011. 77−101.
         [20]    Rasthofer S, Arzt S, Bodden E. A machine-learning approach for classifying and categorizing Android sources and sinks. Network
             and Distributed System Security Symp., 2014,14:1125. [doi: 10.14722/ndss.2014.23039]
         [21]    Fritz C, Arzt S, Rasthofer S, Bodden E, Bartel A, Klein J, Le Traon Y, Octeau D, McDaniel P. Highly precise taint analysis for
             Android applications. Technical Report TUD-CS-2013-0113. EC  SPRIDE,  2013.  http://www.bodden.de/pubs/TUD-CS-2013-
             0113.pdf
   136   137   138   139   140   141   142   143   144   145   146