| Nowadays,with the rapid popularization of mobile intelligent terminals,the smartphones which is represented by android system have gradually entered people's lives.As a result,android platform is often targeted by attackers.From the application layer to the development tool chain,then to the bottom of Android system,malicious code implantation events occur frequently.The user data security has become one of the most important issues faced by android users.In view of android applications are driven by messages,each security event executed by the application results in tens of thousands of mobile phone users having to face the threat of data leakage.Although android system provides a relatively complete security permission management mechanism,malicious code can easily bypass the security permission mechanism due to android system flaws.Malicious code inject itself which can intercept the system sensitive event information.How to design and implement a secure and reliable data protection method on android platform has become the topic of current system security research and discussion.The mainly work of this dissertation as follows:First,this paper introduces the architecture of android system,studies the start-up process of android system and the security mechanism of the multi-level platform.In addition,analyses the threat of interception of sensitive events in the process of transferring and consuming the application program by user touch screen,as well as the security defects of the security mechanism.Second,taking advantage of the vulnerability of the trigger mechanism of android system,this paper takes the touch screen event as an example to design and implement the simulation attack by injecting malicious code from the system layer and promoting the kernel layer permissions.This attack scheme can effectively intercept sensitive event information such as the name and time of the application process triggered by the user,the triggered action as well as the physical coordinates of the application process.The inj ection of malicious code into the android system will inevitably lead to the destruction of the integrity of android native system.Third,this paper using the openSSL software library package,which can design and implement an integrity check module(check_jar module)for the trigger mechanism core code in the android native system.The functions of this module include hash integrity verification and digital signature verification.In addition,it can automatically complete the integrity verification of the core code of android system in the process of system startup,so as to achieve the purpose of verifying the code integrity based on the system layer. |
PDF Full Text Request