In order to improve the coverage and automation level of Graphical User Interface (GUI) by automatic execution technology for Android applications, an Android Package (APK)-based automatic traversal method which meets the requirements of dynamic security analysis and GUI testing was proposed. The GUI of the target application was captured dynamically, and the interaction of user actions was simulated with applications running automatically. Based on the open source project of Appium, a platform-crossed prototype tool of automatic traversal method which can automatically traverse GUIs of lightweight Android applications was implemented. The experimental results show that the proposed method with a high coverage is feasible and effective.

Since it's hard to analyze the cryptographic procedure using method of property scan or debugging for the variety and different implementation of cryptographic algorithms, a method was proposed based on library function prototype analysis and their calling-graph building. Library functions prototype analysis is analyzing cryptographic algorithm knowledge and library frame knowledge to form a knowledge base. Calling-graph building is building a calling-graph that reflects the function calling order according to parameter value of the functions. Finally cryptographic algorithm knowledge and library frame knowledge on the calling-graph were extracted. The method discriminated common cryptographic algorithm almost 100%, and it could not only recover cryptographic data, key and cryptographic mode, but also help to analyze the relationship between more than two cryptographic algorithms dealing with the same data. The method could be used to analyze Trojan, worm and test whether the library is used correctly.

For malware analysis and cipher application security validating, identification and filtration of cryptographic function from binary code has great significance. The memory operation and basic block loop characters were analyzed from cryptographic functions. According to the theory of binary data's information entropy, the characteristic of high-entropy of cryptographic algorithms was verified, a cryptographic functions filtration model was constructed based on dynamic loop entropy, and the hybrid (dynamic and static) method was adopted to reconstruct dynamic memory data in basic block loop. The experimental result shows that the filtration model has reliability and veracity.