| In recent years,mobile devices have become more and more closely related to our daily lifes.Android apps,however,are prone to security vulnerabilities.Only identifying malicious applications has been difficult to meet the security requirements of the current situation.More and more apps will leak user's privacy information or pose a threat to user's property safety.Android apps update frequently and quickly,cause the assessment be lagged behind.In addition,those existing assessment techniques are insufficient to consider the benefits of attack-defense and the availability of vulnerabilities.Therefore,three problems are studied in this paper:dection of application vulnerabilities,prediction of vulnerabilities int future versions of application,and security assessment in the game of multi-stage attack-defense.Firstly,a new taxonomy method of Android application vulnerabilities named LSA is proposed.Vulnerabilities are divided into 3 layers and 4 classes,with a total of 16 types.Then,the formal description and scientific verification of LSA are carried out by Z representation.Compared with existing methods,LSA has advantages in preciseness,pertinence,scalability,etc.These advantages could be able to meet the needs of the Android Application security assessment and support the rest of the work in this paper.Secondly,the static detection technology of Android application is studied.Furthermore,logistic regression algorithm is used to explore the prediction of vulnerabilities.The experimental results show that the vulnerabilities of future versions of Android application can be predicted to some extent.Thirdly,a security assessment model of Android application in the game of multi-stage attack-defense is proposed due to the lack of consideration of attack-defense benefits and the availability of vulnerabilities in existing evaluation techniques.The calculation method of the optimal defense strategy in multi-stage attack-defense is given.Meanwhile,the calculation method of the probability of security risks in the future is also given.Comine the results of prediction and assessment,future integrated security risks of Android application will be able to be predicted.Finally,an Android application security assessment prototype system based on the above theories is implemented.The System development environment and development details are introduced,and the operating effect of the system is demonstrated.The system can help Android users to select security applications,help application developers to write security codes,help application market managers to eliminate undesirable applications. |
PDF Full Text Request