Understanding Android Application Programming and Security: A Dynamic Study

机译：了解Android应用程序编程和安全性：动态研究

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Most existing research for Android focuses on particular security issues, yet there is little broad understanding of Android application run-time characteristics and their implications. To mitigate this gap, we present the first systematic dynamic characterization study of Android apps that targets a broad understanding of application behaviors in Android. Through lightweight method-level profiling, we collected 59GB traces of method calls and Intent-based inter-component communication (ICC) from 125 popular Android apps and 62 pairs among them that enabled an intensive empirical investigation of their run-time behaviors. Our study revealed that, among other findings, (1) the application executions were overwhelmingly dominated by the Android framework, (2) Activity components dominated over other types of components and were responsible for most lifecycle callbacks (3) most event handlers dealt with user interactions as opposed to system events, (4) the majority of exercised ICCs did not carry any data payloads, and (5) sensitive data sources and sinks targeted only one/two dominant categories of information or operations. We also discuss the implications of our results for cost-effective program analysis and security defense for Android.

机译：Android的大多数现有研究侧重于特定的安全问题，但对Android应用程序运行时特征几乎没有广泛理解及其含义。为了缓解这种差距，我们展示了Android应用程序的第一个系统动态特征研究，这些研究针对Android中的应用程序行为广泛了解。通过轻量级方法级别的分析，我们收集了来自125个流行的Android应用程序的方法调用和基于意图的组件间通信（ICC）的59GB痕迹和62对之间他们，他们启用了运行时的行为进行了深入的实证调查。我们的研究表明，在其他发现中，（1）申请执行是由Android框架的压倒性地主导，（2）活动组件主导了其他类型的组件，并负责大多数生命周期回调（3）大多数事件处理程序处理用户与系统事件相反的交互（4）大多数行使ICC没有携带任何数据有效载荷，并且（5）敏感数据源和沉积只针对一个/两个主要的信息或操作类别。我们还讨论了我们对Android的成本效益的计划分析和安全防御的结果的影响。

著录项

来源
《IEEE International Conference on Software Maintenance and Evolution》|2017年|689p|共12页
会议地点
作者
Haipeng Cai; Barbara G. Ryder;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类 TP311.5-53;
关键词
Androids; Humanoid robots; Security; Measurement; Instruments; Tools; Benchmark testing;

机译：Androids;人形机器人;安全;测量;仪器;工具;基准测试;

相似文献

外文文献
中文文献
专利

1. StaDART: Addressing the problem of dynamic code updates in the security analysis of android applications [J] . Ahmad Maqsood, Costamagna Valerio, Crispo Bruno, The Journal of Systems and Software . 2020,第Jana期

机译：StanDARD：在android应用程序的安全性分析中解决动态代码更新的问题
2. Cybersecurity for Android Applications: Permissions in Android 5 and 6 [J] . Moore Scott R., Ge Huangyi, Li Ninghui, International journal of human-computer interaction . 2019,第6a10期

机译：Android应用程序的网络安全：Android 5和6中的权限
3. Android application security: detecting Android maiware and evaluating anti-malware software [J] . Sangeeta Rani, Kanwalvir Singh Dhindsa International Journal of Internet Technology and Secured Transactions . 2020,第4期

机译：Android应用程序安全性：检测Android Maiware和评估反恶意软件软件
4. Understanding Android Application Programming and Security: A Dynamic Study [C] . Haipeng Cai, Barbara G. Ryder IEEE International Conference on Software Maintenance and Evolution . 2017

机译：了解Android应用程序编程和安全性：动态研究
5. Securite des applications Android: Menaces et contre-mesures =ANDROID APPLICATIONS SECURITY : THREATS AND COUNTERMEASURES [D] . Hadhiri, Amine. 2012

机译：Android应用程序安全性：威胁与对策= ANDROID应用程序安全性：威胁与对策
6. An Informative and Comprehensive Behavioral Characteristics Analysis Methodology of Android Application for Data Security in Brain-Machine Interfacing [O] . Xin Su, Qingbo Gong, Yi Zheng, 2020

机译：Android在脑机接口数据安全中的应用性信息综合行为特征分析方法
7. A dynamically reconfigurable Field Programmable Gate Array hardware foundation for security applications [O] . Samuel J. Stone, Roy Porter, Yong C. Kim, 2008

机译：用于安全应用的动态可重新配置的现场可编程门阵列硬件基础

Understanding Android Application Programming and Security: A Dynamic Study

摘要

著录项

相似文献

相关主题

期刊订阅