【摘要】：隨著移動(dòng)互聯(lián)網(wǎng)技術(shù)的快速發(fā)展、智能終端在世界范圍內(nèi)的普及,智能終端在人們生活和工作中扮演著越來(lái)越重要的角色。用戶使用手中的智能終端可以方便地進(jìn)行網(wǎng)絡(luò)購(gòu)物、手機(jī)付款、視頻聊天等各種活動(dòng)。然而,由于Android系統(tǒng)的開(kāi)放性,Android智能終端給用戶帶來(lái)便利的同時(shí)也出現(xiàn)各種各樣的安全問(wèn)題,比如,隱私泄露、資費(fèi)消耗、系統(tǒng)破壞等,這些問(wèn)題不但損害了用戶的經(jīng)濟(jì)利益,也威脅到用戶的人身與隱私安全。針對(duì)Android平臺(tái)上應(yīng)用軟件的安全問(wèn)題,現(xiàn)有研究成果主要針對(duì)單個(gè)應(yīng)用做分析,利用靜態(tài)或動(dòng)態(tài)技術(shù)檢測(cè)出應(yīng)用軟件的安全缺陷。眾所周知,缺陷是普遍存在的,只檢測(cè)出安全缺陷而沒(méi)有給出其觸發(fā)條件以及防護(hù)方法對(duì)移動(dòng)智能終端的保護(hù)作用十分有限。本論文首先提出了一種針對(duì)Android應(yīng)用軟件的安全缺陷分析方法,采用靜態(tài)檢測(cè)技術(shù)與缺陷規(guī)則結(jié)合的新思路滿足了 Android應(yīng)用缺陷檢測(cè)的需求,對(duì)每個(gè)應(yīng)用類別進(jìn)行建立缺陷觸發(fā)模型,突破了傳統(tǒng)方法對(duì)缺陷本身進(jìn)行建模的局限性;其次,基于這種方法設(shè)計(jì)了相應(yīng)的檢測(cè)系統(tǒng);之后,將所設(shè)計(jì)的系統(tǒng)進(jìn)行了實(shí)際開(kāi)發(fā)及部署,并用大量數(shù)據(jù)對(duì)系統(tǒng)進(jìn)行了測(cè)試與驗(yàn)證。本文主要工作如下:(1)研究現(xiàn)階段Android平臺(tái)的安全現(xiàn)狀。介紹了 Android平臺(tái)應(yīng)用缺陷檢測(cè)技術(shù)的研究現(xiàn)狀,對(duì)Android系統(tǒng)架構(gòu)、安全機(jī)制進(jìn)行了深入研究。(2)提出了一種Android應(yīng)用缺陷分析方法,闡述了其方法流程。從缺陷檢測(cè)、缺陷觸發(fā)兩個(gè)角度來(lái)分析,分別介紹了應(yīng)用缺陷檢測(cè)方法、應(yīng)用缺陷觸發(fā)模型建立方法及它們相應(yīng)的原理。(3)研究了 Android應(yīng)用缺陷分析的關(guān)鍵技術(shù),從而給出了一套基于Android應(yīng)用軟件缺陷分析系統(tǒng)的總體設(shè)計(jì)方案,并對(duì)各個(gè)子系統(tǒng)進(jìn)行了詳細(xì)的模塊設(shè)計(jì)與實(shí)現(xiàn)。(4)給出了系統(tǒng)測(cè)試流程和驗(yàn)證流程。通過(guò)系統(tǒng)運(yùn)行流程來(lái)檢測(cè)系統(tǒng)各個(gè)模塊的功能,驗(yàn)證了系統(tǒng)的可用性;利用已經(jīng)公開(kāi)的漏洞和攻擊方法進(jìn)行驗(yàn)證,通過(guò)分析結(jié)果驗(yàn)證了系統(tǒng)的有效性。
[Abstract]:With the rapid development of mobile Internet technology and the popularity of intelligent terminals in the world, intelligent terminals play an increasingly important role in people's life and work. Users can use their smart terminals to easily do online shopping, mobile phone payments, video chat and other activities. However, as the opening of Android system brings convenience to users, there are also a variety of security problems, such as privacy disclosure, tariff consumption, system damage and so on. These problems not only harm the economic interests of users. Also threatens the user's personal and privacy security. In order to solve the security problem of application software on Android platform, the existing research results mainly focus on the analysis of single application, and use static or dynamic technology to detect the security defects of application software. As we all know, the defects are common, only the security defects are detected, but the trigger conditions are not given, and the protective methods are very limited to the protection of mobile intelligent terminals. In this paper, a new method of security defect analysis for Android application software is proposed. The new idea of combining static detection technology with defect rules meets the needs of Android application defect detection. A defect trigger model is established for each application category, which breaks through the limitation of the traditional method to model the defect itself. Secondly, the corresponding detection system is designed based on this method. The system is developed and deployed, and the system is tested and verified with a lot of data. The main work of this paper is as follows: (1) the present security status of Android platform is studied. This paper introduces the research status of Android application defect detection technology, and makes a deep research on the Android system architecture and security mechanism. (2) A Android application defect analysis method is proposed and its method flow is expounded. Based on the analysis of defect detection and defect trigger, the application of defect detection method, the establishment of defect trigger model and their corresponding principles are introduced respectively. (3) the key technologies of Android application defect analysis are studied. Thus, a general design scheme of defect analysis system based on Android application software is presented, and each subsystem is designed and implemented in detail. (4) the system test flow and verification flow are given. The availability of the system is verified by detecting the function of each module of the system through the running process of the system, and the effectiveness of the system is verified by using the vulnerabilities and attack methods that have been disclosed.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2016
【分類號(hào)】：TP316;TP309

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 袁萌;;Android計(jì)劃為什么要懸賞1000萬(wàn)[J];信息系統(tǒng)工程;2007年12期

2 林耕宇;;觀摩50名Google Android程序開(kāi)發(fā)競(jìng)賽作品[J];電子與電腦;2008年08期

3 樹(shù)子;;Android中文版不完全體驗(yàn)[J];互聯(lián)網(wǎng)天地;2009年04期

4 Jason Whitmire;;產(chǎn)業(yè)軟件專家如何協(xié)助解決Android的分裂困境[J];電子與電腦;2010年02期

5 蔣彬;;10款A(yù)ndroid手機(jī)必備應(yīng)用——Android操作系下的軟件評(píng)測(cè)[J];微電腦世界;2010年04期

6 ;PCWorld Windows Phone 7挑戰(zhàn)Android 毅然崛起的AndroidⅠ洗心革面的Windows Phone 7[J];微電腦世界;2010年08期

7 韓青;;Android平臺(tái)發(fā)展的動(dòng)力與挑戰(zhàn)[J];中國(guó)電子商情(基礎(chǔ)電子);2010年09期

8 方智勇;;Android手機(jī)這樣用[J];電腦迷;2010年15期

9 缺少浪漫;;Android的另一面[J];電腦迷;2010年13期

10 ;ZTE and Three Release Android ，

本文編號(hào)：2154905