安卓（Android）系统提供了诸如文件访问控制、安全沙箱（Sandbox）、权限机制、应用程序签名机制等措施来保护系统与应用程序的安全，然而Android系统仍然暴露出诸如权限机制漏洞、隐私信息泄露等严重的安全问题。造成这些安全问题的原因之一是安卓应用程序（Android App）的组件配置不合理。尽管在Android官方文档中对组件配置元素已经进行了描述，但是这些自然语言描述存在不确定性、二义性，会造成开发者一些理解性的偏差，可能致使开发者对应用程序配置不当，进而产生安全漏洞。因此，对Android应用程序组件配置元素的语义以及各元素之间关系的认定和发掘，对于保障应用程序安全性具有重要意义。主要研究内容如下：

    （1）针对Android官方文档中部分组件配置描述语义模糊的问题，用模糊测试和组合测试方法构造测试用例，通过对用例运行结果的分析，明确这些配置项的含义，在此基础上进一步采用一阶谓词逻辑描述这些配置项的语义，形成若干形式化配置规则，以供设计及开发人员使用，进而减少设计漏洞。

    （2）为了展示由于配置方面的漏洞所引发的App安全问题，以三种典型的任务劫持攻击为例，研究了配置方面的脆弱性，实现了五组实例，其中包括网络钓鱼攻击（2组实例），欺骗攻击（1组实例），勒索App（2组实例），再现了由于配置引起的几种劫持攻击过程，例证了配置对漏洞发现所产生的关键作用，并给出了缓解此类攻击的安全指南。

    （3）基于上述若干配置规则以及劫持攻击相关的配置漏洞，提出了一种Android App配置安全性检查方法，并设计和开发了一个Android App配置安全检测工具，其中包括逆向分析模块、组件信息分析模块、日志输出模块三个模块。使用CICMalDroid 2020公开数据集和各大应用厂商中下载的应用程序进行了实验，证明了该工具的有效性。进一步将该工具与现有成熟工具MobSF中的配置安全性检测进行了对比，结果表明该工具能够额外检测launchMode、allowTaskReparenting、taskAffinity等配置项可能造成的安全漏洞，形成了对MobSF的有益扩展和补充。

       The Android system provides measures such as file access control, security sandbox, permission mechanism, and application signature mechanism to protect the security of the system and applications. However, the Android system still exposes serious problems such as permission mechanism loopholes and privacy information leakage. One of the reasons for these security problems is that the components of Android applications are not properly configured. Although the component configuration elements have been described in the official Android documentation, these natural language descriptions have uncertainty and ambiguity, which will cause some deviations in developers' understanding, which may cause developers to improperly configure the application, and then Create security holes. Therefore, the identification and exploration of the semantics of Android App component configuration elements and the relationship between each element are of great significance for ensuring application security. The main research contents are as follows:

      (1) Aiming at the problem of vague semantics in some component configuration descriptions in Android official documents, construct test cases with fuzz testing and combined testing methods, and clarify the meaning of these configuration items by analyzing the results of the use cases. The order predicate logic describes the semantics of these configuration items and forms of several formal configuration rules for designers and developers to use, thereby reducing design loopholes.

      (2) To show the App security problems caused by the vulnerabilities in the configuration, taking three typical task hijacking attacks as examples, the vulnerabilities in the configuration are studied, and five groups of instances are implemented, including phishing attacks (2 groups). Examples), spoofing attacks (1 group of examples), ransomware App (2 groups of examples), reproduced several hijacking attack processes caused by configuration, exemplified the key role of configuration on vulnerability discovery, and gave mitigations for such Security Guidelines for Attacks.

       (3) Based on the above configuration rules and configuration vulnerabilities related to hijacking attacks, a security check method for Android App configuration is proposed, and an Android App configuration security detection tool is designed and developed, including a reverse analysis module, component information analysis Module, log output module three modules. Experiments are carried out using the CICMalDroid 2020 public dataset and apps downloaded from major app vendors to demonstrate the effectiveness of the tool. The tool is further compared with the configuration security detection in the existing mature tool MobSF. The results show that the tool can additionally detect the possible security vulnerabilities caused by configuration items such as launchMode, allowTaskReparenting, taskAffinity, etc., forming a useful extension and supplement to MobSF.

[1] 洞见研报. 2021年中国手机操作系统行业[EB/OL]. https://baijiahao.baidu.com /s?id=1701330565823407684&wfr=spider&for=pc. 2021-06-01.

[2] 傅建明, 李鹏伟, 易乔, 黄诗勇. Android组件间通信的安全缺陷静态检测方法[J]. 华中科技大学学报(自然科学版), 2013, 41(S2): 259-264.

[3] 韩继登. 基于Android系统组件劫持的漏洞分析[D]. 北京: 北京邮电大学, 2015.

[4] Xiao J, Chen S, He Q, Feng Z, Xue X. An Android application risk evaluation framework based on minimum permission set identification[J]. Journal of Systems and Software, 2020, 163: 110533.

[5] 李秀, 陆南. 基于数据挖掘的Android恶意应用检测方法的研究[J]. 计算机与数字工程, 2019, 47(12): 3089-3094.

[6] 刘倩, 韩斌. Android平台下的基于应用分类和敏感权限挖掘的恶意应用检测方法研究[J]. 计算机与数字工程, 2019, 47(06): 1446-1451+1481.

[7] Enck W, Ongtang M, McDaniel P. On lightweight mobile phone application certification[C]//Proceedings of the 16th ACM conference on Computer and communications security. 2009: 235-245.

[8] 卜同同, 曹天杰. 基于权限的Android应用风险评估方法[J]. 计算机应用, 2019, 39(01): 131-135.

[9] 金俊杰. 基于系统函数拦截的Android应用权限细粒度控制方案研究与实现[D]. 南京: 南京邮电大学, 2018.

[10] Meng Z, Xiong Y, Huang W, Qin L, Jin X, Yan H. AppScalpel: Combining static analysis and outlier detection to identify and prune undesirable usage of sensitive data in Android applications[J]. Neurocomputing, 2019, 341: 10-25.

[11] Bohluli Z, Shahriari H R. Detecting privacy leaks in android apps using inter-component information flow control analysis[C]//2018 15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC). IEEE, 2018: 1-6.

[12] 李智, 陈金威, 陈世喆, 张金龙. 基于静态污点分析法的Android信息泄露研究[J]. 电子质量, 2015(10): 71-74.

[13] Enck W, Octeau D, McDaniel P D, Chaudhuri S. A study of android application security[C]//Proceedings of the 20th USENIX security symposium. 2011, 21-44.

[14] Choi K, Ko M, Chang B M. A Practical Intent Fuzzing Tool for Robustness of Inter-Component Communication in Android Apps[J]. KSII Transactions on Internet and Information Systems (TIIS), 2018, 12(9): 4248-4270.

[15] 肖卫, 张源, 杨珉. 安卓应用软件中Intent数据验证漏洞的检测方法[J]. 小型微型计算机系统, 2017, 38(04): 813-819.

[16] 王国珍, 杨红丽. Android应用中Exported Activity测试途径研究[J]. 计算机系统应用, 2018, 27(09): 262-267.

[17] Fuzzer[EB/OL]. https://blackarch.org/fuzzer.html. 2022-01-26.

[18] American Fuzzy Lop[EB/OL]. https://www.likecs.com/show-203683235.html. 2021-04-01.

[19] Li Y, Chen B, Chandramohan M, Lin S, Liu Y, Tiu A. Steelix: program-state based binary fuzzing[C]//Proceedings of the 2017 Joint Meeting on Foundations of Software Engineering. New York: ACM, 2017: 627-637.

[20] Rawat S, Jain V, Kumar A, Cojocar L, Giuffrida C, Bos H. VUzzer: Application-aware Evolutionary Fuzzing[C]//NDSS. 2017, 17: 1-14.

[21] She D, Pei K, Epstein D, Yang J, Ray B, Jana S. Neuzz: Efficient fuzzing with neural program smoothing[C]//2019 IEEE Symposium on Security and Privacy (SP). IEEE, 2019: 803-817.

[22] Rustamov F, Kim J, Yun J B. DeepDiver: Diving into abysmal depth of the binary for hunting deeply hidden software vulnerabilities[J]. Future Internet, 2020, 12(4): 74.

[23] Mandl R. Orthogonal Latin squares: an application of experiment design to compiler testing[J]. Communications of the ACM, 1985, 28(10): 1054-1058.

[24] GB/T 38639-2020, 系统与软件工程 软件组合测试方法[S]. 北京: 国家市场监督管理总局, 国家标准化管理委员会, 2020.

[25] 陈翔, 顾庆, 王新平, 陈道蓄. 组合测试研究进展[J]. 计算机科学, 2010, 37(03): 1-5.

[26] Sherwood G. Effective testing of factor combinations[C]//Proc. Third International Conference on Software Testing, Analysis and Review (STAR'94). 1994.

[27] 包晓安, 杨亚娟, 张娜, 林青霞, 俞成海. 基于自适应粒子群优化的组合测试用例生成方法[J]. 计算机科学, 2017, 44(06): 177-181.

[28] Lei Y, Tai K C. In-parameter-order: A test generation strategy for pairwise testing[C]//Proceedings Third IEEE International High-Assurance Systems Engineering Symposium (Cat. No. 98EX231). IEEE, 1998: 254-261.

[29] 周进. 基于交互关系的组合测试用例生成算法研究[D]. 湖南: 南华大学, 2021.

[30] Cyber security breaches survey 2020[EB/OL]. https://www.gov.uk/government/statistics/ cyber-security-breaches-survey-2020/cyber-security-breaches-survey-2020. 2020-03-26.

[31] Felt A P, Wagner D. Phishing on mobile devices[M]. na, 2011.

[32] Aonzo S, Merlo A, Tavella G, Fratantonio Y. Phishing attacks on modern android[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018: 1788-1801.

[33] Chen Q A, Qian Z, Mao Z M. Peeking into your app without actually seeing it: {UI} state inference and novel android attacks[C]//23rd USENIX Security Symposium (USENIX Security 14). 2014: 1037-1052.

[34] Fratantonio Y, Qian C, Chung S P, Lee W. Cloak and dagger: from two permissions to complete control of the UI feedback loop[C]//2017 IEEE Symposium on Security and Privacy (SP). IEEE, 2017: 1041-1057.

[35] Liu Y, Wang J, Xu C, Ma X, Lu J. NavyDroid: an efficient tool of energy inefficiency problem diagnosis for Android applications[J]. Science China Information Sciences, 2018, 61(5): 1-20.

[36] Android permission[EB/OL]. http://developer.android.com/guide/topics/manifest/permiss ion-element.html. Android developers. 2022-03-01.

[37] Manès V J M, Han H S, Han C, Cha S K, Egele M, Schwartz E J, Woo M. The art, science, and engineering of fuzzing: A survey[J]. IEEE Transactions on Software Engineering, 2019, 47(11): 2312-2331.

[38] 宋博宇. 模糊测试与符号执行相结合的漏洞发现技术研究[D]. 哈尔滨: 哈尔滨工业大学, 2017.

[39] Schuckert F, Katt B, Langweg H. Difficult XSS Code Patterns for Static Code Analysis Tools[M]//Computer Security. Springer, Cham, 2019: 123-139.

[40] 倪涛, 张瑞武, 叶星. 基于语料库及语法变异的浏览器Fuzzing安全测试[J]. 信息工程大学学报, 2018, 19(03): 369-372+384.

[41] 章晓芳, 冯洋, 刘頔, 陈振宇, 徐宝文. 众包软件测试技术研究进展[J]. 软件学报, 2018, 29(01): 69-88.

[42] 左万娟, 虞砺琨, 王小丽, 黄晨. 航天嵌入式软件测试用例典型设计缺陷研究[J]. 计算机测量与控制, 2019, 27(10): 36-40.

[43] Aghajani E, Bavota G, Linares-Vásquez M, Lanza M. Automated documentation of android apps[J]. IEEE Transactions on Software Engineering, 2019, 47(1): 204-220.