( 您好!臺灣時間:2023/10/02 06:56
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::


研究生(外文):Yi-chun Tsai
論文名稱(外文):A Study on Basic Verification System of Mobile App Security
指導教授(外文):Tsang-Long Pao
口試委員(外文):Tsang-Long Pao
外文關鍵詞:Basic Security Certification System for Mobile AValidationConformity AssessmentBusiness Model
  • 被引用被引用:0
  • 點閱點閱:155
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
The purpose of "validation" is to confirm that the product, service or system meets the standard or customer needs. The verification mechanism is first focused on the quality requirements. The developer could use the verification results to improve product quality and customer satisfaction and may also reduce the total cost of the product.
Various mobile applications have sprung up, bringing great convenience to life. Mobile devices have become an indispensable device for human. However, some mobile application developers lack awareness of security, which may lead to leakage of personal data or financial losses.
This study uses business models to analyze the role of government, professional validation/accreditation bodies, companies and users in the basic security verification system for mobile applications. The SWOT analysis analyzes is used to the Strengths, Weakness, Opportunities and Threats of the infrastructure. Finally, use the TOWS strategy is used to provide some improvement suggestions.
The mobile application basic security verification system is with sufficient technical energy. Governments and authorities use their influence to increase trustworthiness. However, the biggest difficulty in the application of the basic security verification system is the lack of visibility and awareness. Furthermore, a single source of income with a complex cost structure makes this situation even worse.
This study concludes that the verification system can provide App security development training and technical support to schools and enterprises. And improving the automatic detection technology, providing a variety of testing options, and cooperating with the government's policy should be able to accelerate the promotion of the verification system.
誌謝 i
摘要 ii
目錄 v
圖目錄 vii
表目錄 viii
第一章 緒論 1
1.1 前言 1
1.2 研究背景 2
1.3 動機和目標 2
1.4 論文架構 3
第二章 相關研究 4
2.1 符合性評鑑 4
2.2 行動應用App安全 8
2.3 商業模式 8
4.2 SWOT分析 14
4.3 TOWS策略 17
第三章 行動應用App基本資安檢測體系 19
3.1 TAF財團法人全國認證基金會 19
3.2 行動應用資安聯盟 19
3.3 實驗室認證 20
3.4 行動應用App基本資安檢測 25
3.5 小結 28
第四章 行動應用App驗證體系商業模式及策略分析 30
4.1 行動應用App驗證體系商業模式分析 30
4.2 行動應用App驗證體系SWOT分析 37
4.3 行動應用App驗證體系TOWS策略 41
第章 結論與未來展望 43
5.1 結論 43
5.2 未來展望 45
參考文獻 46
附錄一 App Store排行榜中Top50檢測情形 51
附錄二 Google Play排行榜中Top50檢測情形 53
[1]恐成資安「黑洞」!手機APP抽測合格率竟是0, [Online]. Available: https://news.ltn.com.tw/news/life/breakingnews/2469454. [Accessed Mar. 3, 2019]
[2]Android間諜軟體MOBSTSPY,竊取裝置個資及 Facebook和Google 帳號密碼,波及196國,[Online]. Available: https://blog.trendmicro.com.tw/?p=58483.
[Accessed Jun. 9, 2019]
[3]More than 1,000 Android apps harvest data even after you deny permissions, [Online]. Available: https://www.cnet.com/news/more-than-1000-android-apps-harvest-your-data-even-after-you-deny-permissions. [Accessed Jul. 16, 2019]
[4]Android版Skype有資料外洩瑕疵,[Online]. Available:
https://www.ithome.com.tw/node/67098. [Accessed Jun. 9, 2019]
[5]密碼重設功能不嚴謹,缺乏驗證,日本7 Pay用戶遭竄改密碼並盜刷,[Online]. Available: https://www.ithome.com.tw/news/131715. [Accessed Jul. 7, 2019]
[6]台灣人更黏手機了!近8成民眾每天使用手機逾2小時財團法人資訊工業策進會:掌握娛樂市場需求成下一波商機,[Online]. Available: https://www.iii.org.tw/Press/NewsDtl.aspx?nsp_sqno=2081&fm_sqno=14. [Accessed Mar. 22, 2019]
[7]國家發展委員會,107 年持有手機民眾數位機會調查報告,2018
[8]經濟部標準檢驗局,符合性評鑑(Conformity Assessment)基本概念,2018
[9]“Agreement on Technical Barriers to Trade of The World Trade Organization”, World Trade Organization, 1994
[11]財團法人全國認證基金會,認證、符合性評鑑與市場關係圖,[Online]. Available: https://www.taftw.org.tw/wSite/ct?xItem=215&ctNode=26&mp=1. [Accessed Feb. 11, 2019]
[12]TAF 成為ILAC 首批簽署檢驗機構認證相互承認協議之成員,[Online]. Available: https://www.taftw.org.tw/wSite/ct?xItem=284&ctNode=150&mp=1. [Accessed Feb. 11, 2019]
[14]Vulnerabilities and threats in mobile applications, 2019, Positive Technology, June 2019
[15]Kai Qian, Rze M. Parizi, and Dan Lo, “OWASP Risk Analysis Driven Security Requirements Specification for Secure Android Mobile Software Development,” 2018 IEEE Conference on Dependable and Secure Computing(DSC), pp.1-2, 2018
[16]Alexander Osterwalder, Yves Pigneur, Bussiness Modle Generation, John Wiley & Sons Inc, 2012
[18]Gürel, Emet – Tat, Merba, “Swot Analysis: A Theoretical Review”, The Journal of International Social Research, Vol. 10, No. 51, pp. 995-1006, 2017
[19]H. Weihrich, The TOWS matrix—A tool for situational analysis, University of San Francisco,‎ 1982
[25]2018 Cyber Safety Insights Report Global Results, Norton, 2019
[26]周靜雯,「驗證機構通路策略之研究」,國立中山大學碩士論文, 2011
[27]2019 企業資安大調查重點整理,[Online]. Available: https://ithome.com.tw/article/129719. [Accessed Jul. 3, 2019]
[28]“Mobile Security Testing Guide”, OWASP, [Online]. Available: https://github.com/OWASP/owasp-mstg/releases/download/1.1.2/MSTG-EN.pdf. [Accessed Jul. 3, 2019]
[36]行動應用資安App基本資安認證認可實驗室列表,[Online]. Available: https://mas.org.tw/web_doc.php?cid=lab-2. [Accessed Jul. 3, 2019]
[37]行動應用基本資安推動流程圖,[Online]. Available: https://mas.org.tw/web_doc.php?cid=about-2. [Accessed Jul. 3, 2019]
第一頁 上一頁 下一頁 最後一頁 top