![](/images/graphics-bg.png)
SSLDetecter: Detecting SSL Security Vulnerabilities of Android Applications Based on a Novel Automatic Traversal Method
المؤلفون المشاركون
Xu, Zhiyong
Tang, Junwei
Li, Jingjing
Li, Ruixuan
Han, Hongmu
Gu, Xiwu
المصدر
Security and Communication Networks
العدد
المجلد 2019، العدد 2019 (31 ديسمبر/كانون الأول 2019)، ص ص. 1-20، 20ص.
الناشر
Hindawi Publishing Corporation
تاريخ النشر
2019-10-31
دولة النشر
مصر
عدد الصفحات
20
التخصصات الرئيسية
تكنولوجيا المعلومات وعلم الحاسوب
الملخص EN
Android usually employs the Secure Socket Layer (SSL) protocol to protect the user’s privacy in network transmission.
However, developers may misuse SSL-related APIs, which would lead attackers to steal user’s privacy through man-in-the-middle attacks.
Existing methods based on static decompiling technology to detect SSL security vulnerabilities of Android applications cannot cope with the increasingly common packed applications.
Meanwhile, dynamic analysis approaches have the disadvantages of excessive resource consumption and time-consuming.
In this paper, we propose a dynamic method to solve this issue based on our novel automatic traversal model.
At first, we propose several new traversal strategies to optimize the widget tree according to the user interface (UI) types and the interface state similarity.
Furthermore, we develop a more granular traversal model by refining the traversal level from the Activity component to the Widget and implement a heuristic depth-first traversal algorithm in combination with our customized traversal strategy.
In addition, the man-in-the-middle agent plug-in is extended to implement real-time attack test and return the attack results.
Based on the above ideas, we have implemented SSLDetecter, an efficient automated detection system of Android application SSL security vulnerability.
We apply it on multiple devices in parallel to detect 2456 popular applications in several mainstream application markets and find that 424 applications are suffering from SSL security vulnerabilities.
Compared with the existing system SMV-HUNTER, the time efficiency of our system increases by 38% and the average detection rate increases by 6.39 percentage points, with many types of SSL vulnerabilities detected.
نمط استشهاد جمعية علماء النفس الأمريكية (APA)
Tang, Junwei& Li, Jingjing& Li, Ruixuan& Han, Hongmu& Gu, Xiwu& Xu, Zhiyong. 2019. SSLDetecter: Detecting SSL Security Vulnerabilities of Android Applications Based on a Novel Automatic Traversal Method. Security and Communication Networks،Vol. 2019, no. 2019, pp.1-20.
https://search.emarefa.net/detail/BIM-1210544
نمط استشهاد الجمعية الأمريكية للغات الحديثة (MLA)
Tang, Junwei…[et al.]. SSLDetecter: Detecting SSL Security Vulnerabilities of Android Applications Based on a Novel Automatic Traversal Method. Security and Communication Networks No. 2019 (2019), pp.1-20.
https://search.emarefa.net/detail/BIM-1210544
نمط استشهاد الجمعية الطبية الأمريكية (AMA)
Tang, Junwei& Li, Jingjing& Li, Ruixuan& Han, Hongmu& Gu, Xiwu& Xu, Zhiyong. SSLDetecter: Detecting SSL Security Vulnerabilities of Android Applications Based on a Novel Automatic Traversal Method. Security and Communication Networks. 2019. Vol. 2019, no. 2019, pp.1-20.
https://search.emarefa.net/detail/BIM-1210544
نوع البيانات
مقالات
لغة النص
الإنجليزية
الملاحظات
Includes bibliographical references
رقم السجل
BIM-1210544
قاعدة معامل التأثير والاستشهادات المرجعية العربي "ارسيف Arcif"
أضخم قاعدة بيانات عربية للاستشهادات المرجعية للمجلات العلمية المحكمة الصادرة في العالم العربي
![](/images/ebook-kashef.png)
تقوم هذه الخدمة بالتحقق من التشابه أو الانتحال في الأبحاث والمقالات العلمية والأطروحات الجامعية والكتب والأبحاث باللغة العربية، وتحديد درجة التشابه أو أصالة الأعمال البحثية وحماية ملكيتها الفكرية. تعرف اكثر
![](/images/kashef-image.png)