{"updated":"2025-01-21T21:06:14.595669+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00075682","sets":["1164:3925:6360:6497"]},"path":["6497"],"owner":"10","recid":"75682","title":["Androidパーミッションを悪用するScriptの脅威と静的解析"],"pubdate":{"attribute_name":"公開日","attribute_value":"2011-05-05"},"_buckets":{"deposit":"2ff713ae-c071-43c1-a029-2d501f95a4eb"},"_deposit":{"id":"75682","pid":{"type":"depid","value":"75682","revision_id":0},"owners":[10],"status":"published","created_by":10},"item_title":"Androidパーミッションを悪用するScriptの脅威と静的解析","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"Androidパーミッションを悪用するScriptの脅威と静的解析"},{"subitem_title":"Threat of Script abuse Android Permissions and Static Analysis","subitem_title_language":"en"}]},"item_type_id":"4","publish_date":"2011-05-05","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"株式会社KDDI研究所ネットワークセキュリティグループ"},{"subitem_text_value":"株式会社KDDI研究所ネットワークセキュリティグループ"},{"subitem_text_value":"株式会社KDDI研究所ネットワークセキュリティグループ"},{"subitem_text_value":"株式会社KDDI研究所ネットワークセキュリティグループ"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"KDDI R&D Laboratories Inc. Network Security Laboratory","subitem_text_language":"en"},{"subitem_text_value":"KDDI R&D Laboratories Inc. Network Security Laboratory","subitem_text_language":"en"},{"subitem_text_value":"KDDI R&D Laboratories Inc. Network Security Laboratory","subitem_text_language":"en"},{"subitem_text_value":"KDDI R&D Laboratories Inc. Network Security Laboratory","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/75682/files/IPSJ-CSEC11053003.pdf"},"date":[{"dateType":"Available","dateValue":"2013-05-05"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSEC11053003.pdf","filesize":[{"value":"316.8 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"78bd564b-48b3-4e2a-bcd6-f9a779f1861c","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2011 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"川端, 秀明"},{"creatorName":"磯原, 隆将"},{"creatorName":"竹森, 敬祐"},{"creatorName":"窪田, 歩"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Hideaki, Kawabata","creatorNameLang":"en"},{"creatorName":"Takamasa, Isohara","creatorNameLang":"en"},{"creatorName":"Keisuke, Takemori","creatorNameLang":"en"},{"creatorName":"Ayumu, Kubota","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA11235941","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Android OS の特徴として，利便性の高いアプリケーション （以下，アプリ） を実現するパーミッションという機構があり，アプリケーションのインストール時にユーザが承認することで，端末の情報や機能へのアクセス権を制御している．また，アプリの可用性の向上のために web 機能をアプリに内包する webkit を搭載している．これを用いることで，Android アプリと HTML,CSS,JavaScript など Web アプリとを柔軟に連携できる．しかし，webkit を利用したアプリが，外部サーバから JavaScript を受け取り実行した場合，アプリに与えられたパーミッションの範囲で実行される脅威がある．要するに，アプリ単体では不正な動作をしないが，後から送り込まれた悪意の JavaScript によって端末を操作されてしまう．そこで本研究では，アプリの静的解析により得られるコードの特徴から，後から送り込まれる JavaScript の機能を把握し，潜在的な脅威を推定する手法を提案する．これはアプリの実行コードの逆コンパイルによるコード解析であり，外部サーバの JavaScript から呼び出されるメソッドを特定することで，情報漏洩や端末の不正操作を推定する．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"The access permission framework is designed in the Android OS in order to develop useful applications. When the user confirms the access permissions, the application can access confirmed information and/or functions. In addition, the webkit in the Android OS provides a web rendering engine to the application. The Android application using the webkit can execute web applications, e.g., HTML, CSS, JavaScript. When the application using webkit receives and executes the JavaScript, the access permissions are delegated to the JavaScript that can access functions and/or information in the Android phone. Then, threats of the JavaScript should be evaluated. In this paper, we proposed code analysis technique that extracts potential threats from the web rendering application. The information leakage and/or misuse functions are detected, when malicious methods for the JavaScript are described in the Android application.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"6","bibliographic_titles":[{"bibliographic_title":"研究報告コンピュータセキュリティ（CSEC）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2011-05-05","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"3","bibliographicVolumeNumber":"2011-CSEC-53"}]},"relation_version_is_last":true,"weko_creator_id":"10"},"created":"2025-01-18T23:32:43.350881+00:00","id":75682,"links":{}}