Application permission divulgence detection method and system based on reverse symbolic execution

• Main Authors: LONG XIANG, WAN HAN, GAO XIAOPENG, CHEN PENG, JIANG BO, WU YU
• Format: Patent
• Language: English
• Published: 25.03.2015
• Subjects: CALCULATING; COMPUTING; COUNTING; ELECTRIC DIGITAL DATA PROCESSING; PHYSICS

The invention relates to an application permission divulgence detection method and system based on reverse symbolic execution. The method comprises the steps of S1, establishing a control flow diagram of an application to be detected; S2, according to the mapping relation between an API and a preset permission, marking a node possibly divulging the permission on the control flow diagram; S3, with the node possibly divulging the permission as a starting point, searching for all paths between the starting point and a program entry point by traversing the control flow diagram through reverse symbolic execution, wherein all the paths between the starting point and the program entry point are paths possibly divulging the permission. By adopting the reverse symbolic execution mode, it is only needed to traverse all the possible paths between a calling point of the sensitive API and the program entry point, it is avoided that paths unrelated to permission divulgence are traversed, and therefore detection efficiency is improved.