本文關(guān)鍵詞： 移動(dòng)智能終端 Android 滲透測(cè)試 安全漏洞 安全機(jī)制　出處：《太原理工大學(xué)》2014年碩士論文　論文類(lèi)型：學(xué)位論文

【摘要】：隨著移動(dòng)互聯(lián)網(wǎng)的迅速發(fā)展,移動(dòng)智能終端中包含了大量的個(gè)人信息及重要數(shù)據(jù),其安全性也日益成為人們共同關(guān)注的問(wèn)題。作為近幾年在市場(chǎng)中的份額增長(zhǎng)最快、最流行的開(kāi)源手機(jī)操作系統(tǒng)Android,也順勢(shì)成為了主要的攻擊目標(biāo)。 為了防范惡意攻擊,必須在攻擊者之前盡可能的發(fā)現(xiàn)和了解系統(tǒng)及網(wǎng)絡(luò)的各項(xiàng)漏洞,并及時(shí)做出防范。檢查系統(tǒng)漏洞,滲透測(cè)試是一個(gè)非常好的方式之一。然而,一般的滲透測(cè)試方案大多針對(duì)傳統(tǒng)網(wǎng)絡(luò)設(shè)備及環(huán)境,隨著傳統(tǒng)的網(wǎng)絡(luò)安全問(wèn)題出現(xiàn)在移動(dòng)互聯(lián)網(wǎng)領(lǐng)域中,針對(duì)移動(dòng)智能終端的滲透測(cè)試也顯得意義重大。 針對(duì)以上問(wèn)題本文實(shí)現(xiàn)了一種移動(dòng)互聯(lián)網(wǎng)環(huán)境下針對(duì)Android移動(dòng)智能終端的滲透測(cè)試方案,主要包括以下工作： (1)分析了Android系統(tǒng)的整體架構(gòu)及安全機(jī)制,通過(guò)研究對(duì)比國(guó)內(nèi)外滲透測(cè)試方案及技術(shù),結(jié)合Android系統(tǒng)、移動(dòng)互聯(lián)網(wǎng)環(huán)境及移動(dòng)智能終端的特點(diǎn),通過(guò)大量實(shí)驗(yàn)分析,利用移動(dòng)互聯(lián)網(wǎng)絡(luò)環(huán)境搭建測(cè)試平臺(tái),設(shè)計(jì)了一種新的滲透測(cè)試實(shí)驗(yàn)方案。 (2)在實(shí)驗(yàn)設(shè)計(jì)上,針對(duì)多個(gè)版本的Android系統(tǒng)進(jìn)行測(cè)試,對(duì)于基于Android的移動(dòng)智能終端具有普遍適用性。此外將能耗指標(biāo)加入滲透測(cè)試中,并對(duì)滲透造成的CPU使用率及能耗的影響進(jìn)行量化,通過(guò)移動(dòng)智能終端的相關(guān)技術(shù)指標(biāo)表現(xiàn)出滲透測(cè)試的效果。 (3)實(shí)施Android移動(dòng)智能終端滲透測(cè)試實(shí)驗(yàn),分析研究實(shí)驗(yàn)過(guò)程及測(cè)試數(shù)據(jù),發(fā)現(xiàn)了Android系統(tǒng)漏洞,并提出相應(yīng)建議。 通過(guò)對(duì)移動(dòng)智能終端進(jìn)行了滲透測(cè)試研究,建立了移動(dòng)互聯(lián)網(wǎng)環(huán)境下多種網(wǎng)絡(luò)滲透的實(shí)例,可以為針對(duì)移動(dòng)智能終端的多種網(wǎng)絡(luò)滲透的特征提取、檢測(cè)以及防御提供相關(guān)的實(shí)驗(yàn)數(shù)據(jù),打下前期研究的基礎(chǔ)。
[Abstract]:With the rapid development of mobile Internet, mobile intelligent terminals contain a lot of personal information and important data. Android, the most popular open-source mobile operating system, has also become a major target. In order to prevent malicious attacks, we must find out and understand the vulnerabilities of the system and network as much as possible before the attackers, and take precautions in time. It is a very good way to check the vulnerabilities in the system and test for penetration. However, Most of the general penetration testing schemes are aimed at the traditional network equipment and environment. With the traditional network security problems appear in the field of mobile Internet, penetration testing for mobile intelligent terminals is of great significance. In view of the above problems, this paper implements a penetration test scheme for Android mobile intelligent terminal under the mobile Internet environment, which mainly includes the following work:. 1) this paper analyzes the whole structure and security mechanism of Android system, through the research and comparison of domestic and foreign penetration testing schemes and technologies, combined with the characteristics of Android system, mobile Internet environment and mobile intelligent terminal, through a large number of experiments analysis, A new experimental scheme of penetration testing is designed by using mobile internet environment to build a test platform. 2) in the experimental design, the test is aimed at many versions of Android system, which is applicable to mobile intelligent terminal based on Android. In addition, the energy consumption index is added to the penetration test. The influence of CPU utilization rate and energy consumption caused by penetration is quantified, and the effect of penetration test is demonstrated by the related technical index of mobile intelligent terminal. The experiment of Android mobile intelligent terminal penetration test is carried out, the experimental process and test data are analyzed, the loopholes of Android system are found, and the corresponding suggestions are put forward. Based on the research of penetration test of mobile intelligent terminal, an example of multiple network penetration in mobile Internet environment is established, which can be used to extract the characteristics of multiple network penetration for mobile intelligent terminal. Detection and defense provide relevant experimental data and lay the foundation for earlier research.
【學(xué)位授予單位】：太原理工大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類(lèi)號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 鄭文兵,李成忠;ARP欺騙原理及一種防范算法[J];江南大學(xué)學(xué)報(bào);2003年06期

，

本文編號(hào)：1516299