CAJ | 학술논문

该文提出了一种基于Leak Miner和Privacy Miner的检测方法，检测系统将针对数据交互过程中的敏感信息进行静态污点分析。与动态污点分析方法相比，静态污点分析机制可以在线对应用市场中的APP进行在线分析。因此，它的检测成本将极为低廉，检测进程的RAM占有将不会被转嫁给用户。此外，此检测系统可以将检测所得的信息泄漏报告在线发送给用户，这便可以阻止恶意应用在被市场删除前进入用户的手机。根据系统运行报告得出，该系统可以从1852个程序集中检测到145个信息泄露点(经授权的和恶意的)。
해문제출료일충기우Leak Miner화Privacy Miner적검측방법，검측계통장침대수거교호과정중적민감신식진행정태오점분석。여동태오점분석방법상비，정태오점분석궤제가이재선대응용시장중적APP진행재선분석。인차，타적검측성본장겁위저렴，검측진정적RAM점유장불회피전가급용호。차외，차검측계통가이장검측소득적신식설루보고재선발송급용호，저편가이조지악의응용재피시장산제전진입용호적수궤。근거계통운행보고득출，해계통가이종1852개정서집중검측도145개신식설로점(경수권적화악의적)。
In this paper,a detection method based on Leak Miner and Privacy Miner is proposed,which is based on the detection system.The system wil analyze the sensitive information in the process of data exchange.Com-pared with the dynamic stain analysis method,the static stain mechanism can be used to analyze the APP in the application market.Therefore,its detection cost wil be very low,the detection process of the RAM wil not be passed on to the user.In addition,this detection system can detect the resulting information leakage report online to the user,which can prevent malicious applications to enter the user's mobile phone before the market is re-moved.According to the system operation report,this system can detect 145 information leakage point (autho-rized and malicious) from 1852 programs.