| 一种自动化的Android应用定向行为测试方法 |
| |
| 作者姓名: | 叶延玲 傅晓彤 张玉清 乐洪舟 |
| |
| 作者单位: | 1.西安电子科技大学网络与信息安全学院, 西安 710071;2.中国科学院大学国家计算机网络入侵防范中心, 北京 101408 |
| |
| 基金项目: | 国家重点研发计划(2016YFB0800700)、国家自然科学基金(61572460,61272481)、国家发展和改革委员会国家信息安全专项((2012)1424)和信息安全国家重点实验室开放基金(2017-ZD-01)资助 |
| |
| 摘 要: | Android应用特定行为的定向测试通常被用来测试应用是否存在隐私泄漏、远程控制等恶意行为。为解决已有定向测试方法存在的失败率高和耗时多等问题,提出一种以目标API调用代表程序特定行为的自动化测试方法。首先,用静态分析得出到达目标API调用位置的路径;然后在动态测试过程中,排除无关组件和控件,使应用沿路径自动运行至目标API调用的位置,触发特定行为。实验证明,本方法完成Android应用定向行为测试的效率较高。
|
| 关 键 词: | Android 定向测试 目标API 静态分析 动态测试 |
| 收稿时间: | 2017-01-13 |
| 修稿时间: | 2017-04-21 |
An automated and directed testing technique for target behavior of Android application |
| |
| Authors: | YE Yanling FU Xiaotong ZHANG Yuqing YUE Hongzhou |
| |
| Institution: | 1.School of Cyber Engineering, Xidian University, Xi'an 710071, China;2.National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing 101408, China |
| |
| Abstract: | Directed testing of specific behaviors for Android applications is usually used to detect privacy leak, remote control, or other malicious behaviors. In order to solve the problems of the high failure-rate and large time-consuming of the present approaches, an automated testing method that uses target API invocation to represent the application's behavior is proposed. First, the method gets the invocation paths to the target API by using static analysis. Then dynamic testing is adopted to exclude extraneous components and GUI elements, and the application is driven to automatically run along the specific paths to reach the target API invocations and the specific behavior is triggered. Experimental results show that the method achieves a high efficiency. |
| |
| Keywords: | Android directed test target API static analysis dynamic testing |
|
| 点击此处可从《》浏览原始摘要信息 |
| 点击此处可从《》下载免费的PDF全文 |
