跳到主要內容

臺灣博碩士論文加值系統

(44.200.122.214) 您好!臺灣時間:2024/10/07 22:15
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:陳昱廷
研究生(外文):Yu-Ting Chen
論文名稱:Android系統防護研究
論文名稱(外文):A Study of Android Security Mechanism
指導教授:鄭進興鄭進興引用關係
指導教授(外文):Jinn-Shing Cheng
學位類別:碩士
校院名稱:國立高雄第一科技大學
系所名稱:資訊管理研究所
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2011
畢業學年度:99
語文別:中文
論文頁數:82
中文關鍵詞:系統防護安卓
外文關鍵詞:AndroidSecurity
相關次數:
  • 被引用被引用:0
  • 點閱點閱:722
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:1
隨著智慧型行動裝置的蓬勃發展,使用者傾向在其行動裝置上處理更多的日常及工作事務,意謂著行動裝置較以往儲存了更多的私人資訊以及機敏資料,而成為更有價值的攻擊目標。而Google Android為目前全球市占率超過三分之一的行動裝置作業系統,以其開放原始碼的系統架構在智慧型行動裝置的競爭佔得一席之地,然而其開放架構亦較其他如Apple iOS或RIM Blackberry等封閉平台較為容易遭受攻擊,故Android系統除了維持其方便及易用性以外,仍需兼顧系統安全性以保障使用者的行動裝置不會遭到入侵而導致私人敏感資訊的洩漏。本研究將檢視Google Android作業系統之架構以及安全機制,並彙整關於Google Android作業系統之資訊安全文獻以及現有系統防護解決方案,且針對Google Android作業系統之安全弱點以及系統漏洞提出改善的建議與方向。
With the rising of the development of smart phones, users tend to deal with more and more personal and business affairs on their portable devices. That means each device contains more and more private and sensitive data or information than before, and becomes a more valuable target for attackers as well. Google Android operation system, whose market share has exceeded one third around the world, has its place in the war of smart phone with its open-source system architecture. However, Google Android’s open-source system architecture makes itself a much more vulnerable target compared with those closed architecture systems, such as RIM Blackberry and Apple iOS. Thus, while maintaining the convenience and ease of use, Google Android operation system must care much about its system integrity and security to ensure that each user’s device won’t get intruded, which results in leakage of sensitive data and information. This study will examine Google Android operation system’s architecture and security mechanisms, compile studies about Google Android’s security issues, and collect solutions for portable device system protection, especially for Google Android operation system. Suggestions for security development will be put forward based on these studies and data collection.
摘要 ii
Abstract iii
致謝 iv
表目錄 vii
圖目錄 viii
壹、緒論 1
一、研究背景 1
二、研究動機 3
三、研究目的 3
四、論文架構 4
貳、文獻探討 6
一、Android作業系統發展歷史 6
二、常見的行動裝置安全威脅 15
(一)簡訊服務 16
(二)惡意程式 18
(三)瀏覽器漏洞 18
(四)藍牙功能 19
三、現有行動裝置防護措施 20
參、Android 系統架構與弱點分析 25
一、系統及應用程式架構 25
二、針對Android系統之特定安全威脅 28
(一)第三方應用程式及軟體 29
(二)Root超級管理員權限 34
(三)簡訊功能 35
(四)藍牙功能 35
(五)瀏覽器 36
肆、安全防護機制 37
一、可應用之Android系統防護機制 37
(一)惡意程式防護 37
(二)防火牆 39
(三)入侵偵測系統 42
(四)存取控制 44
(五)行動裝置持有者的身份認證 47
(六)服務請求許可 48
(七)資料加密 50
(八)通話加密 50
(九)虛擬私人網路 51
(十)垃圾信件及通話過濾 51
(十一)硬體資源管理 56
(十二)遠端連線管理 58
(十三)情境模式 58
二、現有防護軟體實際測試 60
(一) 病毒與惡意程式防護 61
(二)資料及通訊加密 64
(三)垃圾來電及簡訊過濾 68
伍、結論 72
參考文獻 76
1.“Android (operating system)”. Wikipedia.
http://zh.wikipedia.org/wiki/Android
2.“ClamAV”. http://www.clamav.net/lang/en/
3.“McAfee WaveScure”. Android Market.
https://market.android.com/details?id=com.wsandroid
4.“Symantec Norton Mobile Security”. http://us.norton.com/mobile-security/
5.“Trend Micro Mobile Security”. Trend Micro Taiwan
http://tw.trendmicro.com/tw/products/personal/mobile-security/
6. “全球Android手機安全報告。” 網秦NetQin,2011。
http://www.netqin.com/security/securityinfo.jsp?id=4043&type=2
7.Adam P.F., Chaudhuri, A., AND Foster, J.S., 2009, SCanDroid: Automated Security Certification of Android Applications.
8.Arghire, I. January 15, 2010. “DROID’s Pattern Lock Bypass Sees a Temporary Solution: The official patch should arrive soon”. Softpedia news.
9.Bose, A., Hu, X., Shin, K.G., and Park, T. 2008. Behavioral detection of malware on mobile handsets.
10.Buennemeyer, T.K., et al, 2008. Mobile device profiling and intrusion detection using smart batteries. International Conference on System Sciences, pp. 296-296.
11.Burns, J., 2008. Developing Secure Mobile Applications for Android. Technical Report, iSEC.
12.Burns, J., 2009. Exploratory Android Surgery - Digging into Droids.
13.Chaudhuri, A. 2009. Language-Based Security on Android. ACM Workshop on Programming Languages and Analysis for Security (PLAS), pp. 1-7.
14.Cheng, J., Wong, S.H., Yang, H., and Lu, S. 2007. SmartSiren: virus detection and alert for smartphones.
15.Claburn, T. July 29, 2009. “Black Hat: Android, iPhone SMS Flaws Revealed”. InformationWeek.
16.Coursey, D. January 12, 2010. “Malware: Android Apps Threaten Mobile Security”. PCWorld: Tech Inciter.
17.Cox, J. June 23, 2008. “Are smartphone viruses really a threat to your network?”. NetworkWorld.
18.Danchev, D. November 10, 2009. “Commercial spying app for Android devices released”. Zero Day: Ryan Naraine and Dancho Danchev.
19.Danchev, D. March 9, 2010. “Vodaphone HTC Magic shipped with Conficker, Mariposa malware”. Zero Day: Ryan Naraine and Dancho Danchev.
20.Dagon, C., Martin, T., and Starner, T. 2004. Mobile phones as computing devices the viruses are coming. Pervasive Computing, pp. 11-15.
21.Emm, D., 2005. LASCO: the hybrid threat. Computer Fraud and Security.
22.Enck, W., Ongtang, M., and McDaniel, P. 2009a. On lightweight mobile phone application certification. Computer and Communications Security (CCS’09), pp. 235-245.
23.Enck, W., Ongtang, M., AND McDaniel, P. 2009b. Understanding Android Security. IEEE Security and Privacy, 7(1): 50-57.
24.Etengoff, A. November 26, 2009. “Smartphones face creeping malware threat”. TGDaily.
25.Frost and Sullivan, 2007. “World mobile anti-malware products markets,” Frost and Sullivan Report #M154-74
26.Garfinkel, S. April 1, 2010. “How Android Security Stacks Up”. Technology Review: Published by MIT.
27.Gostev, A. 2006. Mobile malware evolution: An overview.
28.Gross, D. October 29, 2009. “Smartphone security threats likely to rise”. CNN Tech.
29.Guo, C., Wang, H.J., and Zhu, W. 2004. SMART-phone attacks and defenses. HotNets III.
30.Higgins, Kelly Jackson. February 17, 2009. “Smartphone Threats Intensify”. DarkReading.
31.Higgins, Kelly Jackson. March 5, 2010. “Smartphone Weather App Bulids A Mobile Botnet”. DarkReading.
32.Hobbs. August 28, 2008. “Android Marketplace Officially Announced”. Hello Android: Android OS news, downloads, tutorials.
33.Hwang, S.S., Cho, S., and Park, S. 2009. Keystroke dynamics-based authentication for mobile Devices. Computer & Security, 28: 85-93.
34.Jacoby, G.A., and Davis, H.J. 2006. Battery-based intrusion detection. Global Telecommunications Conference.
35.Kameka, A. February 28, 2009. “Tips: Protect files on your Android phone”. Andronica: A Google Android Blog.
36.Kharif, O. November 17, 2009. “Smartphones: A Bigger Target for Security Threats”. BusinessWeek: Bloomberg.
37.Kim, H., Smith, J., and Shin, K.G. 2008. Detecting energy-greedy anomalies and mobile malware variants.
38.Lawton, G. 2008. Is It Finally Time to Worry about Mobile Malware? Computer, 41(5): 12-14.
39.Leavitt, N. 2005. Mobile phones: the next frontier for hackers?” Computer, 38(4): 20-23.
40.Martin, T., Hsiao, M., Ha, D., and Krishnaswami, J. 2004. Denial-of-Service Attacks on Battery-powered.
41.Miettinen, M., Halonen, P., and Hatonen, K., 2006. Host-based intrusion detection for advanced mobile devices. International Conference on Advanced Information Networking and Applications.
42.Moreau, Y., Verrelst, H., and Vandewalle, J. 1997. Detection of mobile phone fraud using supervised neural networks: A first prototype. International Conference on Artificial Neural Networks.
43.Mulliner, C. and Miller, C. 2009. “Fuzzing the Phone in your Phone”. Black Hat USA.
44.Muthukumaran, D., et al. 2008. Measuring integrity on mobile phone systems. ACM Symposium on Access Control Models and Technologies.
45.Nash, D.C., et al. 2005. Towards an intrusion detection system for battery exhaustion attacks on mobile computing devices. Pervasive Computing and Communications Workshops.
46.Ni, X., Yang, Z., Bai, X., Champion, A.C., and Xuan, D. 2009. DiffUser: Differentiated User Access Control on Smartphones. International Workshop on Wireless and Sensor Networks Security (WSNS ‘09).
47.Nusca, A. February 12, 2009. “Android exploit so dangerous, users warned to avoid phone’s web browser”. The ToyBox: Andrew Nusca & Rachel King. <http://blogs.zdnet.com/gadgetreviews/?p=1476>
48.Ogg, E. August 21, 2009. “Apple sheds light on App Store approval process”. CNet News.
49.Ongtang, M., McLaughlin, S., Enck, W., and McDaniel, P. 2009. Semantically Rich Application-Centric Security in Android. Annual Computer Security Applications Conference (ACSAC’09) Honolulu, Hawaii.
50.Open Mobile Terminal Plaform (OMTP), June, 2008. “Application Security Framework,”
51.Perez, M. 2009. “HTC Fixes Bluetooth Vulnerability in Smartphones.” InformationWeek.
52.Piercy, C. 2005. Embedded devices next on the virus target list. Electronic Systems and Software, pp. 42-43.
53.Plantey, D.R. 2005. New threats of Java viruses. Journal of Computer Virology, 1: 32-43.
54.Racic, R., Ma, D., and Chen, H. 2006. Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone’s Battery. Securecomm and Workshops, pp. 1-10.
55.Samfat, D., and Molva, R. 1997. IDAMN: An intrusion detection architecture for mobile networks. IEEE Journal on Selected Areas in Communications, 15(7): 1373-1380.
56.Shabtai, A., and Elovici, Y. 2009a. Detecting Malicious Applications on Android Using Anomaly Detection. Computer Security Applications Conference (ACSAC’09).
57.Shabtai, A., Fledel, Y., and Elovici, Y. 2009b. Detecting Malicious Applications on Android by Applying Machine Learning Classifiers to Static Features. Computer Security Applications Conference (ACSAC’09).
58.Shabtai, A., Fledel, Y., and Elovici, Y. 2009c. Securing Android-Powered Mobile Devices Using SELinux. IEEE Security and Privacy Magazine.
59.Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., and Glezer, C. 2009d. Google Android: A Comprehensive Security Assessment. IEEE Security and Privacy Magazine.
60.Shabtai, A., Kanonov, U., and Elovici, Y. 2009e. Detection, Alert and Response to Malicious Behavior in Mobile Devices: Knowledge-Based Approach. International Symposium on Recent Advances in Intrusion Detection (RAID 2009).
61.Schmidt, A., Peters, F., Lamour, F., Scheel, C., Camtepe, S.A., and Albayrak, S. 2009. Monitoring smartphones for anomaly detection. Mobile Networks and Applications, 14(1), pp. 92-106.
62.Schmidt, A.D., Schmidt H.G., Clausen, J.H., Yukse, L.K.A., Kiraz, O., Camtepe, S.A., Albayrak, S. 2008. Enhancing Security of Linux-based Android Devices. International Linux Kongress.
63.Schultz, E.E. 2006. Where have the worms and viruses gone?-new trends in malware. Computer Fraud and Security, pp. 4-8.
64.Shapcott, J. 2009. “The dangers of rooting your Android phone”. Android and Me.
65.Toyssy, S., and Helenius, M. 2006. About malicious software in smartphones. Journal of Computer Virology, 2: 109-119.
66.Wattanajantra, A. 2009. “As mobile handsets become more popular, the more PC-like the security problems will become”. ITPro: Fit for Business.
67.Wilson. 2009. “Mobile Web Browsers germinate New Mobile Security Threats”. <http://www.tgdaily.com/security-features/44824-smartphones-face-creeping-malware-threat>
68.Wong, Lih Wern. 2005. “Potential Bluetooth Vulnerabilities in Smartphones”. School of Computer and Information Sciences.
69.Yap, T.S., and Ewe, H.T. 2005. A mobile phone malicious software detection model with behavior checker. Lecture Notes in Computer Science, 3597: 57-65.
70.Zhang, X., ACIIÇMEZ, O., and Seifert, J.P. 2007. A Trusted Mobile Phone Reference Architecture via Secure Kernel. ACM workshop on Scalable Trusted Computing, pp. 7-14.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊