Android智慧行動裝置組態萃取與系統功能管控

Abstract

對於攜入個人智慧行動裝置(Bring Your Own Device)於軍事管制區，目前國防部已著手導入行動裝置管理(Mobile Device Management)第三方解決方案來處理其所造成的資安隱憂。但由於管制區內的人事物有其敏感性，若僅仰賴第三方解決方案，恐形成一極大的國安漏洞。採用第三方解決方案雖可解燃眉之渴，但中長期而言，針對智慧行動裝置之管理我們勢必要有絕對的自主能力。 在本論文中，我們對Android智慧行動裝置安全管控各項功能之實作可行性進行評估進而掌握其背後所需的關鍵技術，包括如裝置資訊取得、裝置控制、裝置端Agent佈署流程、管控系統自體防護等。本論文的成果可立即作為國防部於初期導入第三方MDM解決方案的採購評量參考，而針對中長期須自行開發MDM系統的目標，本研究所發展的諸項關鍵技術也將具有極高的參考價值。

In view of the security concerns caused by Bring Your Own Device (BYOD) in military controlled zones, the department of defense is now in the process of evaluating third-party mobile device management (MDM) solutions to address the concerns. However, due to the sensitive nature of military controlled zones and the widespread usage of mobile devices across all ranks of military personnel, the trustworthiness of a third-party MDM is no doubt a security threat by itself. Even though third-party MDM solutions may address the short-term needs, a thorough understanding of the MDM technologies and ultimately building an in-house MDM solution are deemed essential for the security of BYOD in military controlled zones. The ultimate goal of the research is to acquire the technologies needed for building an in-house MDM solution. We master the key technologies required for implementing an effective MDM solution through exhaustive literature survey and research. The key technologies that we master include device status checking, device controlling, MDM agent deployment, MDM self-protection mechanism. The conclusions drawn from this work can serve as the guideline for evaluating third-party MDM solutions. The key technologies explored in this work serve as the foundation for the construction of in-house MDM solution.