【摘要】：隨著移動(dòng)互聯(lián)網(wǎng)技術(shù)的發(fā)展,越來越多的移動(dòng)設(shè)備走進(jìn)了人們的生活,其中智能手機(jī)已經(jīng)成為人們必不可少的工具,Android和iOS已經(jīng)占領(lǐng)全球智能手機(jī)的96%的份額,顯然已經(jīng)成為世界上最主流的兩大操作系統(tǒng)。由于iOS系統(tǒng)上先進(jìn)的安全機(jī)制和蘋果應(yīng)用官方商店嚴(yán)格的審查制度,導(dǎo)致iOS應(yīng)用軟件的安全性相比于Android應(yīng)用軟件的要高許多,但是從最近幾年來看,iOS應(yīng)用軟件安全性問題正在顯著增多,各種應(yīng)用軟件由于其自身的安全性導(dǎo)致用戶和企業(yè)財(cái)產(chǎn)損失的新聞也是層出不窮,iOS應(yīng)用軟件的安全性也受到企業(yè)越來越多的關(guān)注。本文系統(tǒng)的總結(jié)了 iOS應(yīng)用軟件目前所面臨的安全威脅,深入了分析了每個(gè)安全威脅的具體的原因,基于這些總結(jié)出來的安全威脅,本文提出了兩套針對(duì)于不同應(yīng)用場(chǎng)景的漏洞檢測(cè)方案,并對(duì)檢測(cè)方案進(jìn)行了實(shí)現(xiàn),利用所實(shí)現(xiàn)的工具進(jìn)行了實(shí)際的檢測(cè),并對(duì)檢測(cè)的結(jié)果進(jìn)行了準(zhǔn)確性分析,分析結(jié)果表明兩套檢測(cè)方案都能很好的檢測(cè)出iOS應(yīng)用軟件中存在的安全性問題,其中涉及的主要工作如下:1.設(shè)計(jì)并實(shí)現(xiàn)了基于源碼的檢測(cè)方案,本方案是在Clang Static Analyzer之上編寫Checker插件實(shí)現(xiàn)的,該工具分析的對(duì)象是程序編譯時(shí)的中間代碼,通過符號(hào)執(zhí)行的技術(shù),能夠模擬執(zhí)行應(yīng)用軟件,遍歷程序的所有分支,Checker在模擬執(zhí)行的過程中通過檢測(cè)程序的相應(yīng)的狀態(tài)來判斷應(yīng)用軟件是否有相應(yīng)的漏洞。本文實(shí)現(xiàn)了 3大類共16個(gè)小項(xiàng)的Checker,能夠幫助企業(yè)的iOS開發(fā)人員在編譯應(yīng)用軟件時(shí),就能及時(shí)發(fā)現(xiàn)應(yīng)用軟件中存在的安全性問題,防患于未然。2.設(shè)計(jì)并實(shí)現(xiàn)了基于二進(jìn)制的檢測(cè)方案,本方案主要運(yùn)用了 iOS的逆向分析技術(shù),結(jié)合iOS逆向分析的工具來實(shí)現(xiàn)的。本文設(shè)計(jì)了 5大類共21項(xiàng)安全檢測(cè)項(xiàng),并針對(duì)每一個(gè)安全檢測(cè)項(xiàng),給出了具體的檢測(cè)方法,本方案能夠幫助企業(yè)在發(fā)布應(yīng)用軟件之后,仍然能夠?qū)OS應(yīng)用軟件做一次系統(tǒng)的安全檢測(cè)。3.針對(duì)兩套檢測(cè)方案的實(shí)現(xiàn),分別進(jìn)行了實(shí)驗(yàn)來驗(yàn)證檢測(cè)方案的有效性和準(zhǔn)確性,通過對(duì)實(shí)驗(yàn)結(jié)果的分析,可以發(fā)現(xiàn)兩套檢測(cè)方案都能夠準(zhǔn)確地檢測(cè)出iOS應(yīng)用軟件所存在的安全性問題。
[Abstract]:With the development of mobile Internet technology, more and more mobile devices have come into people's lives. Among them, the smartphone has become an indispensable tool. Android and iOS have occupied 96% of the global smartphone share. Apparently, it has become the two most popular operating systems in the world. Because of the advanced security mechanism on the iOS system and the strict censorship in the Apple App Store, the security of the iOS application is much higher than that of the Android application, but in recent years, the security of the iOS application is much higher than that of the Android application. The security problem of iOS application software is increasing significantly. The news of the loss of user and enterprise property caused by the security of all kinds of application software is also endless. The security of iOS application software has also been paid more and more attention by enterprises. This paper systematically summarizes the security threats faced by the iOS application software, analyzes the specific reasons of each security threat, and based on these summarized security threats, In this paper, two sets of vulnerability detection schemes for different application scenarios are put forward, and the detection scheme is implemented. The actual detection is carried out by using the realized tools, and the accuracy of the detection results is analyzed. The analysis results show that the two detection schemes can well detect the security problems in iOS application software. The main work involved is as follows: 1. Design and implement the detection scheme based on source code. This scheme is implemented by writing Checker plug-in on Clang Static Analyzer. The object of the tool analysis is the intermediate code when the program is compiled. Through symbolic execution technology, it can simulate the execution of application software. Traversing all branches of the program, Checker detects the corresponding state of the program in the process of simulation execution to determine whether the application has a corresponding vulnerability. In this paper, the implementation of three categories of 16 sub-items of Checker, can help enterprise iOS developers compile the application software, can timely discover the security problems in the application software, and prevent trouble in the future. 2. A binary based detection scheme is designed and implemented, which mainly uses the reverse analysis technology of iOS and the tool of iOS reverse analysis. In this paper, 21 items are designed in 5 categories, and specific detection methods are given for each security detection item. This scheme can help enterprises to release application software. Still be able to do a iOS application system security detection. 3. According to the implementation of two sets of detection schemes, experiments are carried out to verify the effectiveness and accuracy of the detection scheme. Through the analysis of the experimental results, It can be found that both detection schemes can accurately detect the security problems of iOS application software.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2016
【分類號(hào)】：TP316;TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前6條

1 羅騰飛;;移動(dòng)終端安全威脅分析及對(duì)策[J];郵電設(shè)計(jì)技術(shù);2015年08期

2 趙金龍;王莉娟;惠合意;;IOS手機(jī)安全漏洞防范研究[J];電腦知識(shí)與技術(shù);2013年34期

3 羅成;武s，

本文編號(hào)：2428791