【摘要】：隨著移動互聯(lián)網(wǎng)技術(shù)的快速發(fā)展、智能終端在世界范圍內(nèi)的普及,智能終端在人們生活和工作中扮演著越來越重要的角色。用戶使用手中的智能終端可以方便地進行網(wǎng)絡(luò)購物、手機付款、視頻聊天等各種活動。然而,由于Android系統(tǒng)的開放性,Android智能終端給用戶帶來便利的同時也出現(xiàn)各種各樣的安全問題,比如,隱私泄露、資費消耗、系統(tǒng)破壞等,這些問題不但損害了用戶的經(jīng)濟利益,也威脅到用戶的人身與隱私安全。針對Android平臺上應(yīng)用軟件的安全問題,現(xiàn)有研究成果主要針對單個應(yīng)用做分析,利用靜態(tài)或動態(tài)技術(shù)檢測出應(yīng)用軟件的安全缺陷。眾所周知,缺陷是普遍存在的,只檢測出安全缺陷而沒有給出其觸發(fā)條件以及防護方法對移動智能終端的保護作用十分有限。本論文首先提出了一種針對Android應(yīng)用軟件的安全缺陷分析方法,采用靜態(tài)檢測技術(shù)與缺陷規(guī)則結(jié)合的新思路滿足了 Android應(yīng)用缺陷檢測的需求,對每個應(yīng)用類別進行建立缺陷觸發(fā)模型,突破了傳統(tǒng)方法對缺陷本身進行建模的局限性;其次,基于這種方法設(shè)計了相應(yīng)的檢測系統(tǒng);之后,將所設(shè)計的系統(tǒng)進行了實際開發(fā)及部署,并用大量數(shù)據(jù)對系統(tǒng)進行了測試與驗證。本文主要工作如下:(1)研究現(xiàn)階段Android平臺的安全現(xiàn)狀。介紹了 Android平臺應(yīng)用缺陷檢測技術(shù)的研究現(xiàn)狀,對Android系統(tǒng)架構(gòu)、安全機制進行了深入研究。(2)提出了一種Android應(yīng)用缺陷分析方法,闡述了其方法流程。從缺陷檢測、缺陷觸發(fā)兩個角度來分析,分別介紹了應(yīng)用缺陷檢測方法、應(yīng)用缺陷觸發(fā)模型建立方法及它們相應(yīng)的原理。(3)研究了 Android應(yīng)用缺陷分析的關(guān)鍵技術(shù),從而給出了一套基于Android應(yīng)用軟件缺陷分析系統(tǒng)的總體設(shè)計方案,并對各個子系統(tǒng)進行了詳細的模塊設(shè)計與實現(xiàn)。(4)給出了系統(tǒng)測試流程和驗證流程。通過系統(tǒng)運行流程來檢測系統(tǒng)各個模塊的功能,驗證了系統(tǒng)的可用性;利用已經(jīng)公開的漏洞和攻擊方法進行驗證,通過分析結(jié)果驗證了系統(tǒng)的有效性。
[Abstract]:With the rapid development of mobile Internet technology and the popularity of intelligent terminals in the world, intelligent terminals play an increasingly important role in people's life and work. Users can use their smart terminals to easily do online shopping, mobile phone payments, video chat and other activities. However, as the opening of Android system brings convenience to users, there are also a variety of security problems, such as privacy disclosure, tariff consumption, system damage and so on. These problems not only harm the economic interests of users. Also threatens the user's personal and privacy security. In order to solve the security problem of application software on Android platform, the existing research results mainly focus on the analysis of single application, and use static or dynamic technology to detect the security defects of application software. As we all know, the defects are common, only the security defects are detected, but the trigger conditions are not given, and the protective methods are very limited to the protection of mobile intelligent terminals. In this paper, a new method of security defect analysis for Android application software is proposed. The new idea of combining static detection technology with defect rules meets the needs of Android application defect detection. A defect trigger model is established for each application category, which breaks through the limitation of the traditional method to model the defect itself. Secondly, the corresponding detection system is designed based on this method. The system is developed and deployed, and the system is tested and verified with a lot of data. The main work of this paper is as follows: (1) the present security status of Android platform is studied. This paper introduces the research status of Android application defect detection technology, and makes a deep research on the Android system architecture and security mechanism. (2) A Android application defect analysis method is proposed and its method flow is expounded. Based on the analysis of defect detection and defect trigger, the application of defect detection method, the establishment of defect trigger model and their corresponding principles are introduced respectively. (3) the key technologies of Android application defect analysis are studied. Thus, a general design scheme of defect analysis system based on Android application software is presented, and each subsystem is designed and implemented in detail. (4) the system test flow and verification flow are given. The availability of the system is verified by detecting the function of each module of the system through the running process of the system, and the effectiveness of the system is verified by using the vulnerabilities and attack methods that have been disclosed.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2016
【分類號】：TP316;TP309

【相似文獻】

相關(guān)期刊論文 前10條

1 袁萌;;Android計劃為什么要懸賞1000萬[J];信息系統(tǒng)工程;2007年12期

2 林耕宇;;觀摩50名Google Android程序開發(fā)競賽作品[J];電子與電腦;2008年08期

3 樹子;;Android中文版不完全體驗[J];互聯(lián)網(wǎng)天地;2009年04期

4 Jason Whitmire;;產(chǎn)業(yè)軟件專家如何協(xié)助解決Android的分裂困境[J];電子與電腦;2010年02期

5 蔣彬;;10款A(yù)ndroid手機必備應(yīng)用——Android操作系下的軟件評測[J];微電腦世界;2010年04期

6 ;PCWorld Windows Phone 7挑戰(zhàn)Android 毅然崛起的AndroidⅠ洗心革面的Windows Phone 7[J];微電腦世界;2010年08期

7 韓青;;Android平臺發(fā)展的動力與挑戰(zhàn)[J];中國電子商情(基礎(chǔ)電子);2010年09期

8 方智勇;;Android手機這樣用[J];電腦迷;2010年15期

9 缺少浪漫;;Android的另一面[J];電腦迷;2010年13期

10 ;ZTE and Three Release Android ，

本文編號：2154905