iOS应用软件的脆弱性研究
发布时间:2019-02-23 11:48
【摘要】:随着移动互联网技术的发展,越来越多的移动设备走进了人们的生活,其中智能手机已经成为人们必不可少的工具,Android和iOS已经占领全球智能手机的96%的份额,显然已经成为世界上最主流的两大操作系统。由于iOS系统上先进的安全机制和苹果应用官方商店严格的审查制度,导致iOS应用软件的安全性相比于Android应用软件的要高许多,但是从最近几年来看,iOS应用软件安全性问题正在显著增多,各种应用软件由于其自身的安全性导致用户和企业财产损失的新闻也是层出不穷,iOS应用软件的安全性也受到企业越来越多的关注。本文系统的总结了 iOS应用软件目前所面临的安全威胁,深入了分析了每个安全威胁的具体的原因,基于这些总结出来的安全威胁,本文提出了两套针对于不同应用场景的漏洞检测方案,并对检测方案进行了实现,利用所实现的工具进行了实际的检测,并对检测的结果进行了准确性分析,分析结果表明两套检测方案都能很好的检测出iOS应用软件中存在的安全性问题,其中涉及的主要工作如下:1.设计并实现了基于源码的检测方案,本方案是在Clang Static Analyzer之上编写Checker插件实现的,该工具分析的对象是程序编译时的中间代码,通过符号执行的技术,能够模拟执行应用软件,遍历程序的所有分支,Checker在模拟执行的过程中通过检测程序的相应的状态来判断应用软件是否有相应的漏洞。本文实现了 3大类共16个小项的Checker,能够帮助企业的iOS开发人员在编译应用软件时,就能及时发现应用软件中存在的安全性问题,防患于未然。2.设计并实现了基于二进制的检测方案,本方案主要运用了 iOS的逆向分析技术,结合iOS逆向分析的工具来实现的。本文设计了 5大类共21项安全检测项,并针对每一个安全检测项,给出了具体的检测方法,本方案能够帮助企业在发布应用软件之后,仍然能够对iOS应用软件做一次系统的安全检测。3.针对两套检测方案的实现,分别进行了实验来验证检测方案的有效性和准确性,通过对实验结果的分析,可以发现两套检测方案都能够准确地检测出iOS应用软件所存在的安全性问题。
[Abstract]:With the development of mobile Internet technology, more and more mobile devices have come into people's lives. Among them, the smartphone has become an indispensable tool. Android and iOS have occupied 96% of the global smartphone share. Apparently, it has become the two most popular operating systems in the world. Because of the advanced security mechanism on the iOS system and the strict censorship in the Apple App Store, the security of the iOS application is much higher than that of the Android application, but in recent years, the security of the iOS application is much higher than that of the Android application. The security problem of iOS application software is increasing significantly. The news of the loss of user and enterprise property caused by the security of all kinds of application software is also endless. The security of iOS application software has also been paid more and more attention by enterprises. This paper systematically summarizes the security threats faced by the iOS application software, analyzes the specific reasons of each security threat, and based on these summarized security threats, In this paper, two sets of vulnerability detection schemes for different application scenarios are put forward, and the detection scheme is implemented. The actual detection is carried out by using the realized tools, and the accuracy of the detection results is analyzed. The analysis results show that the two detection schemes can well detect the security problems in iOS application software. The main work involved is as follows: 1. Design and implement the detection scheme based on source code. This scheme is implemented by writing Checker plug-in on Clang Static Analyzer. The object of the tool analysis is the intermediate code when the program is compiled. Through symbolic execution technology, it can simulate the execution of application software. Traversing all branches of the program, Checker detects the corresponding state of the program in the process of simulation execution to determine whether the application has a corresponding vulnerability. In this paper, the implementation of three categories of 16 sub-items of Checker, can help enterprise iOS developers compile the application software, can timely discover the security problems in the application software, and prevent trouble in the future. 2. A binary based detection scheme is designed and implemented, which mainly uses the reverse analysis technology of iOS and the tool of iOS reverse analysis. In this paper, 21 items are designed in 5 categories, and specific detection methods are given for each security detection item. This scheme can help enterprises to release application software. Still be able to do a iOS application system security detection. 3. According to the implementation of two sets of detection schemes, experiments are carried out to verify the effectiveness and accuracy of the detection scheme. Through the analysis of the experimental results, It can be found that both detection schemes can accurately detect the security problems of iOS application software.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP316;TP309
[Abstract]:With the development of mobile Internet technology, more and more mobile devices have come into people's lives. Among them, the smartphone has become an indispensable tool. Android and iOS have occupied 96% of the global smartphone share. Apparently, it has become the two most popular operating systems in the world. Because of the advanced security mechanism on the iOS system and the strict censorship in the Apple App Store, the security of the iOS application is much higher than that of the Android application, but in recent years, the security of the iOS application is much higher than that of the Android application. The security problem of iOS application software is increasing significantly. The news of the loss of user and enterprise property caused by the security of all kinds of application software is also endless. The security of iOS application software has also been paid more and more attention by enterprises. This paper systematically summarizes the security threats faced by the iOS application software, analyzes the specific reasons of each security threat, and based on these summarized security threats, In this paper, two sets of vulnerability detection schemes for different application scenarios are put forward, and the detection scheme is implemented. The actual detection is carried out by using the realized tools, and the accuracy of the detection results is analyzed. The analysis results show that the two detection schemes can well detect the security problems in iOS application software. The main work involved is as follows: 1. Design and implement the detection scheme based on source code. This scheme is implemented by writing Checker plug-in on Clang Static Analyzer. The object of the tool analysis is the intermediate code when the program is compiled. Through symbolic execution technology, it can simulate the execution of application software. Traversing all branches of the program, Checker detects the corresponding state of the program in the process of simulation execution to determine whether the application has a corresponding vulnerability. In this paper, the implementation of three categories of 16 sub-items of Checker, can help enterprise iOS developers compile the application software, can timely discover the security problems in the application software, and prevent trouble in the future. 2. A binary based detection scheme is designed and implemented, which mainly uses the reverse analysis technology of iOS and the tool of iOS reverse analysis. In this paper, 21 items are designed in 5 categories, and specific detection methods are given for each security detection item. This scheme can help enterprises to release application software. Still be able to do a iOS application system security detection. 3. According to the implementation of two sets of detection schemes, experiments are carried out to verify the effectiveness and accuracy of the detection scheme. Through the analysis of the experimental results, It can be found that both detection schemes can accurately detect the security problems of iOS application software.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP316;TP309
【参考文献】
相关期刊论文 前6条
1 罗腾飞;;移动终端安全威胁分析及对策[J];邮电设计技术;2015年08期
2 赵金龙;王莉娟;惠合意;;IOS手机安全漏洞防范研究[J];电脑知识与技术;2013年34期
3 罗成;武s,
本文编号:2428791
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2428791.html