本文選題：安卓 + 混合應(yīng)用　； 參考：《華中科技大學(xué)》2016年碩士論文

【摘要】：移動(dòng)智能終端的迅速普及吸引了眾多的應(yīng)用開(kāi)發(fā)者開(kāi)發(fā)豐富的應(yīng)用來(lái)為人們提供便捷的服務(wù)。近段時(shí)間,隨著移動(dòng)設(shè)備性能提升和以HTML5為代表的移動(dòng)Web技術(shù)的發(fā)展,一種新的基于HTML5的混合應(yīng)用以其開(kāi)發(fā)的便捷性和良好的可移植性越來(lái)越受到開(kāi)發(fā)者的青睞。在Android、iOS和Windows Phone等平臺(tái)中,混合應(yīng)用,又稱(chēng)為移動(dòng)網(wǎng)絡(luò)應(yīng)用,使用系統(tǒng)內(nèi)置的瀏覽器組件WebView來(lái)加載HTML5頁(yè)面和執(zhí)行JavaScript腳本。與移動(dòng)平臺(tái)原生應(yīng)用不同,混合應(yīng)用包含實(shí)現(xiàn)應(yīng)用功能邏輯的Web端代碼和訪問(wèn)設(shè)備系統(tǒng)資源的本地代碼,WebView組件為Web端代碼和本地代碼之間的通信提供了多種橋接機(jī)制�；旌蠎�(yīng)用的這種新特性在豐富應(yīng)用功能的同時(shí)也引入了新的安全問(wèn)題。首先對(duì)Android混合應(yīng)用的安全性進(jìn)行研究,結(jié)合混合應(yīng)用軟件架構(gòu)和中間件開(kāi)發(fā)框架的特點(diǎn),系統(tǒng)分析了混合應(yīng)用的安全模型和可能產(chǎn)生的安全問(wèn)題,指出Android混合應(yīng)用產(chǎn)生安全問(wèn)題的主要原因在于其核心組件WebView在引入新的特性時(shí)打破了傳統(tǒng)瀏覽器應(yīng)用的沙箱模型,使得混合應(yīng)用中加載的Web內(nèi)容可以訪問(wèn)設(shè)備上的系統(tǒng)資源,而Android系統(tǒng)并沒(méi)有提供系統(tǒng)級(jí)別的機(jī)制對(duì)這類(lèi)訪問(wèn)進(jìn)行訪問(wèn)控制。針對(duì)這一問(wèn)題,提出了一種基于混合應(yīng)用中間件開(kāi)發(fā)框架PhoneGap的細(xì)粒度訪問(wèn)控制模型。訪問(wèn)控制模型將對(duì)系統(tǒng)資源的訪問(wèn)操作以PhoneGap插件的形式進(jìn)行封裝,并對(duì)混合應(yīng)用中可能加載的來(lái)自不同的源的網(wǎng)絡(luò)內(nèi)容授予不同的插件的訪問(wèn)權(quán)限,以此來(lái)控制網(wǎng)絡(luò)代碼對(duì)系統(tǒng)資源的訪問(wèn)操作。通過(guò)實(shí)驗(yàn)分析,本文提出的訪問(wèn)控制模型能有效的控制WebView中加載的Web內(nèi)容對(duì)系統(tǒng)資源的訪問(wèn),且框架引入的計(jì)算負(fù)載很低,對(duì)應(yīng)用的性能幾乎沒(méi)有影響。
[Abstract]:The rapid popularity of mobile intelligent terminals has attracted a large number of application developers to develop rich applications to provide convenient services for people. Recently, with the improvement of mobile device performance and the development of mobile Web technology represented by HTML5, a new hybrid application based on HTML5 is becoming more and more popular by developers for its convenience and good portability. In platforms such as Android iOS and Windows Phone, hybrid applications, also known as mobile network applications, use the built-in browser component WebView to load HTML5 pages and execute JavaScript scripts. Unlike native applications of mobile platforms, hybrid applications include Web terminal code that implements application function logic and native code WebView component that accesses device system resources. WebView components provide a variety of bridging mechanisms for communication between Web side code and local code. This new feature of hybrid applications not only enriches application functions, but also introduces new security issues. First of all, the security of Android hybrid application is studied, and the security model and possible security problems of hybrid application are systematically analyzed according to the characteristics of hybrid application software architecture and middleware development framework. It is pointed out that the main reason for the security problems in Android hybrid applications is that its core component, WebView, breaks the sandbox model of traditional browser applications when introducing new features, so that the Web content loaded in hybrid applications can access the system resources on the device. The Android system does not provide a system-level mechanism to control such access. To solve this problem, a fine-grained access control model based on mixed application middleware development framework (PhoneGap) is proposed. The access control model encapsulates the access operations of system resources in the form of PhoneGap plug-ins, and grants different plug-in access rights to network content from different sources that may be loaded in hybrid applications. In order to control the network code to access the system resources operation. Through the experimental analysis, the access control model proposed in this paper can effectively control the access of the Web content loaded in WebView to the system resources, and the computational load introduced by the framework is very low, which has little effect on the performance of the application.
【學(xué)位授予單位】：華中科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2016
【分類(lèi)號(hào)】：TP316;TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前4條

1 葉嘉羲;張權(quán);王劍;;基于權(quán)限控制和腳本檢測(cè)的Webview漏洞防護(hù)方案研究[J];信息網(wǎng)絡(luò)安全;2015年03期

2 蔣紹林;王金雙;張濤;陳融;;Android安全研究綜述[J];計(jì)算機(jī)應(yīng)用與軟件;2012年10期

3 張中文;雷靈光;王躍武;;Android Permission機(jī)制的實(shí)現(xiàn)與安全分析[J];信息網(wǎng)絡(luò)安全;2012年08期

4 丁麗萍;;Android操作系統(tǒng)的安全性分析[J];信息網(wǎng)絡(luò)安全;2012年03期

，

本文編號(hào)：1954360