| Mobile internet technology has made rapid development and penetrated into all aspects of people's daily lives recently.Mobile devices began to become a popular internet interface instead of traditional computers because of their portability,but with which the issue of information security has become more and more serious.Obviously,Android system is easy to be attacked because of its openness.Therefore,it's necessary to assess the security of Android applications comprehensively and systematically.The purpose of this paper is to study and establish a security test plan to achieve the assessment for the security of Android applications.Firstly,all types of security threats to Android applications are analyzed based on STRIDE model and a threat description framework for android applications is constructed according to the collection of various types of vulnerabilities.Secondly,a security test plan is proposed corresponding to the threat description framework,in which each method is analyzed elaborately.Finally,a test platform is built and the security test plan is applied and analyzed by a test experiment on the platform.The result shows that the security test plan based on STRIDE model has realized a complete security test and evaluation for Android applications comprehensively and systematically.It has provided an effective test model to assess the security of Android applications,the design and implementation process of which has a good theoretical and practicable significance.The conclusion of this paper has reference value and guidance significance to improve the security of Android applications. |
PDF Full Text Request