標題: | Android行動設備的安全分析器研究 SAM : Security Analyzer for Android Mobile Devices |
作者: | 林俞呈 Lin, Yu-Cheng 黃育綸 Huang, Yu-Lun 電控工程研究所 |
關鍵字: | 分析;安全;行動設備;安卓;Android;Android device;Security;mobile;Analyzer |
公開日期: | 2013 |
摘要: | 近年來,越來越多的人使用智慧型手機來進行撥打電話或是操作網路等較私人的工作,並將許多私人的資訊和重要的文件儲存於這類智慧型裝置上。所以對於智慧型手機的安全性便逐漸成為專家學者們研究的焦點,尤其以目前最普及的Android智慧型手機為甚。
目前已經有許多工具針對Android的手持裝置進行系統安全檢測。本論文收集、研究這些安全檢測工具,並發現這些安全檢測工具大多只注重於Android系統應用程式的安全性,甚少對智慧型手機進行全面性、系統性地檢測。這類全面性的系統檢測在智慧型手機在出廠前,提供品管人員做為手機上市前的最後一道安全防線。
本論文針對品管人員的檢測需求,提供一套針對Android行動裝置的安全分析工具(簡稱 SAM)。SAM提供一套安全測試工具的設計框架,品管人員可根據需求增減不同的安全測試模組。在SAM的框架下,又可分為主機端的分析器(簡稱SPST)與手機端的資訊收集應用程式(簡稱SPSA),藉由SPSA收集的資訊,SPST可提供品管人員及時的手機安全測試報告。為了驗證SAM框架的可行性,在本論文中,我們實作三個測試模組:埠號掃描、瀏覽器弱點攻擊和密碼強度分析,來提供給品管人員使用。
為了提供品管人員系統化的測試規劃,在本篇論文中,我們針對Android的安全性,整理設計三類安全測試基礎,包括應用程式安全、網安全路和系統安全,每個測試類別之下再細分多個測試項目,以幫助品管人員建立有系統化的安全測試計畫。 In recent years, mobile devices have become more and more popular in human life. As a popular operating system, Android Security has become one of the important issues and more and more researchers focus on the Android security. We study the existing researches for Android security test and find that the existing researches only focus on security of Android applications. As the last defense line before a user can use a secure smartphone, a quality assurancer should provide the baseline security for the Android smartphone. In this thesis, we design and develop a security testing tool, Security Analyser for Android Mobile Device (SAM) to help a quality assurancer to systematically analyze the security of an Android smartphone. SAM is a framework of an Android security testing tool, which is composed of a tester (called SPST) and an mobile application (called SPSA). SPST installed in a server or a personal computer can flexibly adopt a security testing module as a plugin. A quality assurancer can insert or remove the testing modules as required. To prove the design of our framework, we implement three testing modules, including Post Scan, Browser Vulnerability attack, and Password Strength in our testing tool. Moreover, to provide a systematic way to analyze the security of an Android smartphone, we also design the security baselines covering application security, network security, and system security. With the security baselines, a quality assurancers can conduct a test plan to systematically examine the security of an Android smartphone. |
URI: | http://140.113.39.130/cdrfb3/record/nctu/#GT070060062 http://hdl.handle.net/11536/74731 |
Appears in Collections: | Thesis |