| With the continuous development of communication facilities and mobile hardware,mobile smart phones are becoming more and more popular.Android operating system for smart phones has become the most popular mobile operating system in the world with the continuous improvement.The rise of Android platform has also produced a large number of excellent Android applications,greatly enriching people's lives.However,due to the openness of Android system and the lack of-security awareness of application developers in the process of developing applications,there are security holes in Android applications.Malicious attackers can attack applications and even systems by using application vulnerabilities,which brings large losses to applications and users.Therefore,in view of two kinds of common application vulnerabilities:dynamic code loading vulnerability and cryption misuse vulnerability,this paper proposes a container-based system which hot fixes Android application vulnerabilities.The system can detect the dynamic code loading vulnerability and cryption misuse vulnerability in applications,and fix vulnerabilities when the application runs without modifying the Android system or the application.In addition,in order to develop a reasonable strategy for detecting and fixing vulnerabilities,we define a vulnerability assessment model to evaluate vulnerability risk level based on in-depth study of vulnerability features.The following are the concrete research contents and results of this paper:1.Based on in-depth study of Android application vulnerabilities,we vulnerability features and establish a four-dimensional eigenvector assessment model.This assessment model is used to evaluate two kinds of common application vulnerabilities:dynamic code loading vulnerability and cryption misuse vulnerability.2.According to the evaluation results,a reasonable detection and fix strategy for dynamic code loading vulnerability and cryption misuse vulnerability is designed.3.Based on the above research results,a hot fix system for Android application vulnerabilities is implemented.This fix system provides a safe running environment for applications.By controlling the detection and fix process with reasonable strategies,the security holes in applications can be accurately fixed at Runtime.Applications do not influence external Android systems,and there is no need to modify Android systems and applications in the process of fixing vulnerabilities. |
PDF Full Text Request