| With the rapid development of mobile Internet technology, the intelligent terminalallows the user to work, email, shopping, online payment and other activities throughmobile networks. Due to the function of the intelligent terminal is getting stronger andstronger, People’s Daily activities such as office, study gradually shifted from traditionaldesktop to the intelligent terminal. The intelligent terminal stores a lot of importantinformation about the user, and becomes a carrier of information.Android, the Google’s smartphone software is the bestselling smartphone systembecause of its open source now. Android intellectual terminal plays an increasinglyimportant role in the user’s life because of its powerful features and rich applications. Atthe same time, the Android intellectual terminal stores a large number of importantinformation of the user, it has also become a prime target for malicious attacks. Privateinformation leakage and malicious chargeback and system damage caused tremendousdamage to Android users,so solve the problem of Android’s security is very important.Android smartphone operating system easy to be attacked, one of the main reasonis there are security vulnerabilities in Android applications. This paper studies theAndroid security mechanism and development language, as well as a variety ofvulnerability exploiting,and presents a vulnerability exploiting method on the source ofthe Android application. Main work of this paper is:(1)The thesis describes and analyzes the Current Situation of Android security,Android system architecture a, security mechanisms and the development language. TheThesis analyzes the causes of security vulnerabilities and vulnerability classification,research the security vulnerabilities mining static analysis method and dynamic analysismethod, and presents a new security vulnerability mining method by combining thesetwo methods.(2) Then create the collection of mappings between permissions and methods,builtthe Android Vulnerability Database,and decompile Android application to get thesource code and preprocess it.(3)Using the static methods which is Combined by Type inference methods andconstraints analysis methods to analyze the Android source code and getting the point ofvulnerability. Finally, get the test case at point of vulnerability by using vulnerability constraint method.(4)According the Android vulnerability library, we mutation test cases and getsemi-valid data, then exploit vulnerability precisely by using Fuzzing technology.Finally, the thesis analyzes the test cases which are obtained by using vulnerabilityconstraint method, make the mining method into reality and prove its effectiveness. |
PDF Full Text Request