计算机应用 ›› 2016, Vol. 36 ›› Issue (10): 2811-2815.DOI: 10.11772/j.issn.1001-9081.2016.10.2811

• 计算机软件技术 • 上一篇    下一篇

基于静态分析的Android GUI遍历方法

汤杨1, 曾凡平1,2,3, 王健康1, 黄心依1   

  1. 1. 中国科学技术大学 计算机科学与技术学院, 合肥 230026;
    2. 计算机科学国家重点实验室(中国科学院软件研究所), 北京 100190;
    3. 安徽省计算与通讯软件重点实验室, 合肥 230026
  • 收稿日期:2016-04-18 修回日期:2016-06-07 发布日期:2016-10-10
  • 通讯作者: 汤杨,E-mail:tangyang@mail.ustc.edu.cn
  • 作者简介:汤杨(1991—),男,安徽肥西人,硕士研究生,主要研究方向:Android安全、软件测试;曾凡平(1967—),男,江西南康人,副教授,博士,主要研究方向:软件测试、信息安全;王健康(1991—),男,安徽滁州人,硕士研究生,主要研究方向:Android安全;黄心依(1993—),女,安徽滁州人,硕士研究生,主要研究方向:Android安全。
  • 基金资助:
    安徽省自然科学基金资助项目(11040606M131)。

Android GUI traversal method based on static analysis

TANG Yang1, ZENG Fanping1,2,3, WANG Jiankang1, HUANG Xinyi1   

  1. 1. School of Computer Science and Technology, University of Science and Technology of China, Hefei Anhui 230026, China;
    2. State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;
    3. Anhui Province Key Laboratory of Software in Computing and Communication, Hefei Anhui 230026, China
  • Received:2016-04-18 Revised:2016-06-07 Published:2016-10-10
  • Supported by:
    BackgroundThis work is partially supported by the Natural Science Foundation of Anhui Province (11040606M131).

摘要: 针对传统软件安全测试方法(例如:符号执行、模糊测试、污点分析等)无法获得较高的Android程序图形用户界面(GUI)覆盖率的问题,提出动态和静态相结合的Android程序测试方法。该方法在静态分析Android应用程序数据流的基础之上,构建程序活动转换图和函数调用图,解析程序GUI元素,进而编写测试脚本动态遍历应用程序GUI元素。将该方法应用于订票日历、WiFi万能钥匙和360天气应用的实际测试,结果表明:Activity的平均覆盖率达到76%,明显高于人工测试的平均值30.08%和基于控件树遍历的42.05%~61.29%,该方法能够有效遍历Android应用程序GUI元素。

关键词: 静态分析, 动态测试, 事件模拟, 活动调用图, 函数调用图, 图形用户界面遍历

Abstract: Traditional security testing methods (such as symbolic execution, fuzz testing, and taint analysis) cannot obtain high coverage of Graph User Interface (GUI) for Android programs. To solve this problem, an Android program testing method combining both static and dynamic analysis was proposed. Based on the static analysis of data flow of Android applications, activity translation graph and function call graph were constructed, and the GUI elements of the program were parsed, then scripts were written to dynamically traverse GUI elements of applications. This method was applied to the testing of the applications including Booking Calendar, Wifi Master Key and 360 Weather, the result showed that the average coverage of activity reached 76%, which was significantly higher than that of manual testing (30.08%) as well as GUI tree traversal (42.05%-61.29%). Experimental result demonstrate that the method can effectively traverse GUI of Android applications.

Key words: static analysis, dynamic test, event simulation, activity translation graph, function call graph, Graph User Interface (GUI) traversal

中图分类号: