Explore the vast range of titles available.

Input validation vulnerabilities are common in Android apps, especially in inter-component communications. Malicious attacks can exploit this kind of vulnerability to bypass Android security mechanism and compromise the integrity, confidentiality and availability of Android devices. However, so far there is not a sound approach at the source code level for app developers aiming to detect input validation vulnerabilities in Android apps. In this paper, we propose a novel approach for detecting input validation flaws in Android apps and we implement a prototype named Easy IVD, which provides practical static analysis of Java source code.Easy IVD leverages backward program slicing to extract transaction and constraint slices from Java source code.Then Easy IVD validates these slices with predefined security rules to detect vulnerabilities in a known pattern.To detect vulnerabilities in an unknown pattern, Easy IVD extracts implicit security specifications as frequent patterns from the duplicated slices and verifies them. Then Easy IVD semi-automatically confirms the suspicious rule violations and reports the confirmed ones as vulnerabilities. We evaluate Easy IVD on four versions of original Android apps spanning from version 2.2 to 5.0. It detects 58 vulnerabilities including confused deputy attacks and denial of service attacks. Our results prove that Easy IVD can provide a practical defensive solution for app developers.

为免去降斑预处理及克服选择分布模型的限制,结合差异图的特点和一种不涉及分布模型的交互式分割方法,产生不同＂种子点＂下的变化检测结果后,再利用投票策略进行决策级融合给出最终的变化检测结果。分割中,将每个像素的特征设置为由差异图及静态小波变换分解差异图再丢弃高频系数后重构得到的各层表示内,对应位置上的灰度值构成的矢量。此特征及决策级融合的策略使本文变化检测技术对SAR图像中的斑点噪声具有一定的抗差性。在无需对SAR图像做预处理的情况下,对真实SAR图像数据集的变化检测结果证实了方法的有效性。