| The iphone 4 launched by Apple has brought a new revolution in the traditional mobile phone world.Today,smartphones have become an integral part of people's lives.Smart phone has been carrying on the function of traditional cell phone perfectly,also brings more colorful functions,people can through the mobile phone system platform on the Application software for office,interpersonal communication,entertainment and other functions.But it can not be ignored that mobile devices correlate a large amount of user data and privacy information,Application developers only pay attention to function and efficiency,and ignore the Appeal of users who want Applications to protect users' use security.As malicious attacks against Applications on mobile platforms become more and more serious,resulting in the security of users is seriously eroded.With the concept of "security first",iOS operating system has provided many reliable security protection mechanisms for users at the beginning of its existence.As a popular mobile intelligent Application platform and a high occ upancy operating system,of course,many malicious attacks against its Application programs have been spawned,which pose a serious threat to the personal sensitive information and property security of users.Therefore,in order to ensure the security of people's mobile life,it is very important to audit the security before the Application goes online.Based on the analysis of iOS security mechanism and Application security,a security audit model is proposed and a tool for iOS Application security audit is designed and implemented in this paper.The main tasks are as follows:(1)After deeply analyzing the iOS system architecture and the level of iOS security mechanism,this paper comprehensively expounds the security architecture of iOS from the aspects including system-level security mechanism,encryption and protection mechanism,and Application security.(2)Firstly,based on the in-depth study of the iOS security architecture and the comprehensive analysis of the Application program,combined with the current security threats faced by the iOS Application,the iOS runtime,tweak cracking,code injection,binary file analysis and other technical principles are summarized,and then the traditional iOS security audit method is analyzed.(3)The security audit model of iOS Application is designed,which includes static audit module based on Application decryption,and reverse engineering,and a dynamic audit module based on Objective-C runtime characteristic and hook technology.It is extensible,and the security auditing system can be Applied to Applications.The program conducts a security audit assessment.(4)A security audit tool based on MAC terminal was developed and the test Application was evaluated,the audit results are obtained,and the feasibility of the iOS security audit system and the effectiveness of the audit tool were verified... |
PDF Full Text Request