Research And Implementation In Penetration Testing Integrated Platform Of Android-Based System

With the popularity of Android smart phones, people paid more and more attention on Android system security issues. For ordinary users, the time of using Android mobile phone is long. Usually, there are important documents and confidential information within the system. Compared with the traditional desktop devices, user behaviors call on higher requirements on the security. Relative to other security detection methods, the penetration testing, which simulate hacker attack behavior, has a great advantage.The paper studies the architecture and security mechanisms of Android system, Android application common security questions, common penetration testing process and methods, gets the OVAL-based vulnerability detection model. On the basis of these, the paper designs and implements the penetration testing integrated platform of Android-based system.On the basis of in-depth analysis of the architecture and security mechanisms of the Android system, first of all, the Android application common security questions are described in summary. Through the research of universal penetration testing technology, the Android penetration testing process is obtained. Open vulnerability assessment language is commonly used in the field of vulnerability detection in traditional desktop devices, the paper creatively applies it on the Android system vulnerability analysis, gets the OVAL-based vulnerability detection model.The paper studies system design goals and functional requirements, designs the overall architecture of penetration testing integrated platform and workflow in outline, analyses the function modules design divided by agents-side and server-side. Through the use of open vulnerability assessment language, the paper satisfies the requirement of the system accuracy and scalability. In this paper, the design and implementation of vulnerability evaluation subsystem, communication module, attack module in system based on Android are described in detail. Vulnerability assessment subsystem is based on OVAL, which provides the direction of the penetration attack. The communication module uses reflective interaction, so that most of the functions are in the server side, reduces the impact on the performance of Android agent. The attack module integrated the distributed security tool, which can solve the problem that can not be unified.Finally, the paper carries on the function and the performance test to the penetration testing integrated platform, the result shows that the system can carry on the comprehensive, accurate vulnerability evaluation to the Android system, and the system has the excellent penetration efficiency and the test completeness.