Privacy leak detection in .NET framework

摘要

A binary application suitable for the .Net framework is disassembled into human readable code. Or, CIL or MSIL code is obtained. The methods are put into a representation indicating which methods of the code call other methods. A source method call chain having a source API and a sink method call chain having a sink API are discerned from the representation. APIs are put into the same format as the methods to allow matching. A method in common between the two call chains indicates that a privacy leak exists. The application is downloaded from a remote server to a computing device where the analysis occurs.

主权项

1. A computer implemented method of detecting a privacy leak in a .Net software application, said method comprising:
receiving a binary computer file suitable for execution within the .Net framework; disassembling said binary computer file into a human-readable language, said language including a plurality of methods wherein each method includes at least one instruction; using said language, constructing a representation of a relationship between said methods, said representation indicating which of said methods call others of said methods; determining a source method call chain within said representation that includes a source API (application programming interface) function in a first one of said methods that retrieves information from the computing device, said source API function being in a source leaf node of said source method call chain; determining a sink method call chain within said representation that includes a sink API function in a second one of said methods that sends information from said computing device, said sink API function being in a sink leaf node of said sink method call chain; and generating an alert only when it is determined that a method exists in common between said source method call chain having said source API function in said source leaf node and said sink method call chain having said sink API function in said sink leaf node.