Android移动智能终端渗透测试实验研究

发布时间：2018-02-16 19:47

本文关键词： 移动智能终端 Android 渗透测试安全漏洞安全机制　出处：《太原理工大学》2014年硕士论文　论文类型：学位论文

【摘要】：随着移动互联网的迅速发展,移动智能终端中包含了大量的个人信息及重要数据,其安全性也日益成为人们共同关注的问题。作为近几年在市场中的份额增长最快、最流行的开源手机操作系统Android,也顺势成为了主要的攻击目标。为了防范恶意攻击,必须在攻击者之前尽可能的发现和了解系统及网络的各项漏洞,并及时做出防范。检查系统漏洞,渗透测试是一个非常好的方式之一。然而,一般的渗透测试方案大多针对传统网络设备及环境,随着传统的网络安全问题出现在移动互联网领域中,针对移动智能终端的渗透测试也显得意义重大。针对以上问题本文实现了一种移动互联网环境下针对Android移动智能终端的渗透测试方案,主要包括以下工作： (1)分析了Android系统的整体架构及安全机制,通过研究对比国内外渗透测试方案及技术,结合Android系统、移动互联网环境及移动智能终端的特点,通过大量实验分析,利用移动互联网络环境搭建测试平台,设计了一种新的渗透测试实验方案。 (2)在实验设计上,针对多个版本的Android系统进行测试,对于基于Android的移动智能终端具有普遍适用性。此外将能耗指标加入渗透测试中,并对渗透造成的CPU使用率及能耗的影响进行量化,通过移动智能终端的相关技术指标表现出渗透测试的效果。 (3)实施Android移动智能终端渗透测试实验,分析研究实验过程及测试数据,发现了Android系统漏洞,并提出相应建议。通过对移动智能终端进行了渗透测试研究,建立了移动互联网环境下多种网络渗透的实例,可以为针对移动智能终端的多种网络渗透的特征提取、检测以及防御提供相关的实验数据,打下前期研究的基础。
[Abstract]:With the rapid development of mobile Internet, mobile intelligent terminals contain a lot of personal information and important data. Android, the most popular open-source mobile operating system, has also become a major target. In order to prevent malicious attacks, we must find out and understand the vulnerabilities of the system and network as much as possible before the attackers, and take precautions in time. It is a very good way to check the vulnerabilities in the system and test for penetration. However, Most of the general penetration testing schemes are aimed at the traditional network equipment and environment. With the traditional network security problems appear in the field of mobile Internet, penetration testing for mobile intelligent terminals is of great significance. In view of the above problems, this paper implements a penetration test scheme for Android mobile intelligent terminal under the mobile Internet environment, which mainly includes the following work:. 1) this paper analyzes the whole structure and security mechanism of Android system, through the research and comparison of domestic and foreign penetration testing schemes and technologies, combined with the characteristics of Android system, mobile Internet environment and mobile intelligent terminal, through a large number of experiments analysis, A new experimental scheme of penetration testing is designed by using mobile internet environment to build a test platform. 2) in the experimental design, the test is aimed at many versions of Android system, which is applicable to mobile intelligent terminal based on Android. In addition, the energy consumption index is added to the penetration test. The influence of CPU utilization rate and energy consumption caused by penetration is quantified, and the effect of penetration test is demonstrated by the related technical index of mobile intelligent terminal. The experiment of Android mobile intelligent terminal penetration test is carried out, the experimental process and test data are analyzed, the loopholes of Android system are found, and the corresponding suggestions are put forward. Based on the research of penetration test of mobile intelligent terminal, an example of multiple network penetration in mobile Internet environment is established, which can be used to extract the characteristics of multiple network penetration for mobile intelligent terminal. Detection and defense provide relevant experimental data and lay the foundation for earlier research.
【学位授予单位】：太原理工大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】