發(fā)布時間：2018-05-30 06:52

  本文選題：安卓 + 混合應用　； 參考：《華中科技大學》2016年碩士論文

【摘要】：移動智能終端的迅速普及吸引了眾多的應用開發(fā)者開發(fā)豐富的應用來為人們提供便捷的服務。近段時間,隨著移動設備性能提升和以HTML5為代表的移動Web技術的發(fā)展,一種新的基于HTML5的混合應用以其開發(fā)的便捷性和良好的可移植性越來越受到開發(fā)者的青睞。在Android、iOS和Windows Phone等平臺中,混合應用,又稱為移動網絡應用,使用系統(tǒng)內置的瀏覽器組件WebView來加載HTML5頁面和執(zhí)行JavaScript腳本。與移動平臺原生應用不同,混合應用包含實現(xiàn)應用功能邏輯的Web端代碼和訪問設備系統(tǒng)資源的本地代碼,WebView組件為Web端代碼和本地代碼之間的通信提供了多種橋接機制�；旌蠎玫倪@種新特性在豐富應用功能的同時也引入了新的安全問題。首先對Android混合應用的安全性進行研究,結合混合應用軟件架構和中間件開發(fā)框架的特點,系統(tǒng)分析了混合應用的安全模型和可能產生的安全問題,指出Android混合應用產生安全問題的主要原因在于其核心組件WebView在引入新的特性時打破了傳統(tǒng)瀏覽器應用的沙箱模型,使得混合應用中加載的Web內容可以訪問設備上的系統(tǒng)資源,而Android系統(tǒng)并沒有提供系統(tǒng)級別的機制對這類訪問進行訪問控制。針對這一問題,提出了一種基于混合應用中間件開發(fā)框架PhoneGap的細粒度訪問控制模型。訪問控制模型將對系統(tǒng)資源的訪問操作以PhoneGap插件的形式進行封裝,并對混合應用中可能加載的來自不同的源的網絡內容授予不同的插件的訪問權限,以此來控制網絡代碼對系統(tǒng)資源的訪問操作。通過實驗分析,本文提出的訪問控制模型能有效的控制WebView中加載的Web內容對系統(tǒng)資源的訪問,且框架引入的計算負載很低,對應用的性能幾乎沒有影響。
[Abstract]:The rapid popularity of mobile intelligent terminals has attracted a large number of application developers to develop rich applications to provide convenient services for people. Recently, with the improvement of mobile device performance and the development of mobile Web technology represented by HTML5, a new hybrid application based on HTML5 is becoming more and more popular by developers for its convenience and good portability. In platforms such as Android iOS and Windows Phone, hybrid applications, also known as mobile network applications, use the built-in browser component WebView to load HTML5 pages and execute JavaScript scripts. Unlike native applications of mobile platforms, hybrid applications include Web terminal code that implements application function logic and native code WebView component that accesses device system resources. WebView components provide a variety of bridging mechanisms for communication between Web side code and local code. This new feature of hybrid applications not only enriches application functions, but also introduces new security issues. First of all, the security of Android hybrid application is studied, and the security model and possible security problems of hybrid application are systematically analyzed according to the characteristics of hybrid application software architecture and middleware development framework. It is pointed out that the main reason for the security problems in Android hybrid applications is that its core component, WebView, breaks the sandbox model of traditional browser applications when introducing new features, so that the Web content loaded in hybrid applications can access the system resources on the device. The Android system does not provide a system-level mechanism to control such access. To solve this problem, a fine-grained access control model based on mixed application middleware development framework (PhoneGap) is proposed. The access control model encapsulates the access operations of system resources in the form of PhoneGap plug-ins, and grants different plug-in access rights to network content from different sources that may be loaded in hybrid applications. In order to control the network code to access the system resources operation. Through the experimental analysis, the access control model proposed in this paper can effectively control the access of the Web content loaded in WebView to the system resources, and the computational load introduced by the framework is very low, which has little effect on the performance of the application.
【學位授予單位】：華中科技大學
【學位級別】：碩士
【學位授予年份】：2016
【分類號】：TP316;TP309

【參考文獻】

相關期刊論文 前4條

1 葉嘉羲;張權;王劍;;基于權限控制和腳本檢測的Webview漏洞防護方案研究[J];信息網絡安全;2015年03期

2 蔣紹林;王金雙;張濤;陳融;;Android安全研究綜述[J];計算機應用與軟件;2012年10期

3 張中文;雷靈光;王躍武;;Android Permission機制的實現(xiàn)與安全分析[J];信息網絡安全;2012年08期

4 丁麗萍;;Android操作系統(tǒng)的安全性分析[J];信息網絡安全;2012年03期

，

本文編號：1954360