• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>IEEE International Conference on Software Maintenance and Evolution >Evaluating State-of-the-Art Free and Open Source Static Analysis Tools Against Buffer Errors in Android Apps
【24h】

Evaluating State-of-the-Art Free and Open Source Static Analysis Tools Against Buffer Errors in Android Apps

机译:评估最先进的免费和开源静态分析工具,免受Android应用程序中的缓冲错误

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Modern mobile apps incorporate rich and complex features, opening the doors for different security concerns. Android is the dominant platform in mobile app markets, and enhancing its apps security is a considerable area of research. Android malware (introduced intentionally by developers) has been well studied and many tools are available to detect them. However, little attention has been directed to address vulnerabilities caused unintentionally by developers in Android apps. Static analysis has been one way to detect such vulnerabilities in traditional desktop and server side desktop. Therefore, our research aims at assessing static analysis tools that could be used by Android developers. Our preliminary analysis revealed that Buffer Errors are the most frequent type of vulnerabilities that threaten Android apps. Also, we found that Buffer Errors in Android apps have the highest risk on Android that affects data integrity, confidentiality, and availability. Our main study therefore tested whether state-of-the-art static analysis tools could detect Buffer Errors in Android apps. We investigated 6 static analysis tools that are designed to detect Buffer Errors. The study shows that the free and open source state-of-the-art static analysis tools do not efficiently discover Buffer Error vulnerabilities in Android apps. We analyzed the tools carefully to see why they could not discover Buffer Errors and found that the lack of semantic analysis capabilities, inapplicability to Android apps, and the gap between native code and other contexts were some of the reasons. Thus, we concluded that there is a need to build better free and open source static analysis tools for detecting Buffer Errors in Android apps.
机译:现代移动应用程序包含丰富和复杂的功能,为不同的安全问题打开门。 Android是移动应用市场的主导平台,并加强其应用程序安全性是一个相当大的研究领域。 Android Malware(开发人员故意引入)已经很好地研究,并且可以使用许多工具来检测它们。但是,很少的注意力旨在通过Android应用程序的开发人员无意地解决脆弱性。静态分析是检测传统桌面和服务器端桌面中此类漏洞的一种方法。因此,我们的研究旨在评估Android开发人员可以使用的静态分析工具。我们的初步分析显示,缓冲错误是威胁Android应用程序的最常见类型的漏洞。此外,我们发现Android应用程序中的缓冲区错误具有影响数据完整性,机密性和可用性的Android的最高风险。因此,我们的主要学习测试了最先进的静态分析工具是否可以检测到Android应用程序中的缓冲错误。我们调查了6个静态分析工具,旨在检测缓冲错误。该研究表明,自由和开源最先进的静态分析工具在Android应用程序中没有有效地发现缓冲区错误漏洞。我们仔细分析了工具,了解为什么他们无法发现缓冲错误,发现缺乏语义分析功能,对Android应用程序的不适用以及本机代码与其他背景之间的差距是其中一些原因。因此,我们得出结论,需要建立更好的自由和开放的源静态分析工具,用于检测Android应用程序中的缓冲错误。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号