【摘要】：隨著移動(dòng)互聯(lián)網(wǎng)技術(shù)的高速發(fā)展,智能終端使用數(shù)量也快速增加,使用移動(dòng)智能終端上網(wǎng)的客戶數(shù)量更是快速上升。以電腦接入互聯(lián)網(wǎng)的用戶正在向移動(dòng)終端接入互聯(lián)網(wǎng)方式轉(zhuǎn)變。在接入移動(dòng)互聯(lián)網(wǎng)的眾多設(shè)備中手機(jī)瀏覽器扮演很重要的角色,具有極大的商業(yè)價(jià)值。在應(yīng)用中內(nèi)嵌有瀏覽器,這種應(yīng)用越來越流行。當(dāng)應(yīng)用程序訪問網(wǎng)頁時(shí),網(wǎng)頁中含有JavaScript腳本代碼,網(wǎng)頁則可以調(diào)用本地信息,造成安全漏洞。 在許多智能終端操作系統(tǒng)中,Android操作系統(tǒng)占有較高市場份額。于是對Android操作系統(tǒng)進(jìn)行了深入研究。以瀏覽器作為研究的切入點(diǎn),從應(yīng)用層的瀏覽器應(yīng)用,到Framework層的WebView,接著到JNI,最后到核心庫層的WebKit的整個(gè)數(shù)據(jù)傳輸流程逐層深入地學(xué)習(xí)。其中對WebView的漏洞和攻擊方式進(jìn)行了深入學(xué)習(xí)和研究,實(shí)驗(yàn)仿真了攻擊模型,接著對WebKit的工作原理進(jìn)行深入學(xué)習(xí)和研究。根據(jù)WebView的漏洞和攻擊方式研究,是由于JavaScript語句能夠隨意調(diào)用本地資源的特性給本地信息帶來極大的安全隱患。 為了研究防御方法,學(xué)習(xí)WebCore和JavaScriptCore的解析工作過程,并對JavaScript代碼解析過程進(jìn)行了深入分析和研究。在以上工作原理和開發(fā)設(shè)計(jì)的基礎(chǔ)上,學(xué)習(xí)沙盒安全機(jī)制的設(shè)計(jì)理念和瀏覽器的設(shè)計(jì)方式,然后設(shè)計(jì)了瀏覽器中的沙盒安全機(jī)制。這個(gè)沙盒安全機(jī)制是在處理JavaScript代碼前做代碼檢測。對進(jìn)入瀏覽器的網(wǎng)頁內(nèi)容,通過使用JNI接口實(shí)現(xiàn)對底層動(dòng)態(tài)庫的調(diào)用,這個(gè)動(dòng)態(tài)庫是對網(wǎng)頁內(nèi)容進(jìn)行檢測,然后將檢測結(jié)果返回,用提示框形式顯示給用戶。最后對設(shè)計(jì)的瀏覽器沙盒安全機(jī)制進(jìn)行檢測和驗(yàn)證。
[Abstract]:With the rapid development of mobile Internet technology, the number of intelligent terminals is also increasing rapidly, and the number of customers using mobile intelligent terminals is increasing rapidly. Access to the Internet by computer users are changing to mobile terminals access to the Internet. Mobile browser plays an important role in many devices connected to the mobile Internet and has great commercial value. With browsers embedded in applications, they are becoming more and more popular. When an application visits a web page, the web page contains JavaScript script code, and the web page can call local information, resulting in a security vulnerability. Android has a high market share in many intelligent terminal operating systems. So the Android operating system is deeply studied. From browser application to Framework layer WebView, to JNI, finally to the core library layer of WebKit the whole data transmission process is studied layer by layer. The vulnerability and attack mode of WebView are studied deeply, the attack model is simulated, and the working principle of WebKit is studied. According to the research of vulnerability and attack mode of WebView, it is because JavaScript statement can call local resource at will, which brings great security trouble to local information. In order to study the defense method, we study the parsing process of WebCore and JavaScriptCore, and deeply analyze and study the JavaScript code parsing process. On the basis of the above working principle and development design, this paper studies the design concept of sandboxie security mechanism and the design method of browser, and then designs the sandboxie security mechanism in browser. This sandboxie security mechanism is to do code detection before processing JavaScript code. For the content of the web page that enters the browser, the dynamic library detects the content of the web page by using the JNI interface to realize the call of the underlying dynamic library, and then returns the result of the detection and displays it to the user in the form of prompt box. Finally, the design of the browser sandboxie security mechanism for detection and verification.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.092

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 趙經(jīng)緯;周余;王自強(qiáng);都思丹;;基于Webkit的嵌入式瀏覽器的研究與實(shí)現(xiàn)[J];電子測量技術(shù);2009年03期

，

本文編號：2244361