Android安全的研究现状与展望

卿斯汉

doi:10.11959/j.issn.1000-0801.2016256

您当前的位置：

首页 >

文章列表页 >

Android安全的研究现状与展望

专题：基于Android系统的终端安全 | 更新时间：2024-06-05

- Android安全的研究现状与展望
- Research status and outlook of Android security
- 电信科学 2016年32卷第10期页码：2-14
- 作者机构：
  
  1. 中国科学院软件研究所，北京100190
  2. 北京大学软件与微电子学院，北京102600
  3. 中国科学院信息工程研究所信息安全国家重点实验室，北京100093
- 作者简介：
  
  [ "卿斯汉（1939-），男，中国科学院软件研究所首席研究员，北京大学软件与微电子学院教授，主要研究方向为移动安全、可信计算、云安全、操作系统安全等。" ]
- 基金信息：
  
  国家自然科学基金资助项目;The National Natural Science Foundation of China(61170282)
- DOI：10.11959/j.issn.1000-0801.2016256
  中图分类号： TP301
- 网络出版日期：2016-10，
  
  纸质出版日期：2016-10-20
- 稿件说明：
移动端阅览
卿斯汉. Android安全的研究现状与展望[J]. 电信科学, 2016,32(10):2-14.

Sihan QING. Research status and outlook of Android security[J]. Telecommunications science, 2016, 32(10): 2-14.
卿斯汉. Android安全的研究现状与展望[J]. 电信科学, 2016,32(10):2-14. DOI： 10.11959/j.issn.1000-0801.2016256.

Sihan QING. Research status and outlook of Android security[J]. Telecommunications science, 2016, 32(10): 2-14. DOI： 10.11959/j.issn.1000-0801.2016256.

摘要

Android 是目前最受用户欢迎的智能手机操作系统，与此同时，其安全态势也日益严重。介绍了Android 版本更新的发展历程、Android 系统的特色、Android 的安全机制、Android 的安全隐患分析、Android 恶意软件与攻击、Android的分析与防御。最后，阐述了Android安全的研究现状与发展趋势以及今后可能的研究方向。

Abstract

Currently

Android is the most popular operating system for smartphones. At the same time

its security situation is becoming increasingly serious. The following topics: the development course of Android version updates

the features of Android system

Android security mechanism

analysis of Android security risks

Android malware and attack

and the analysis and defense measures were covered. Finally

the current research status and progress

and the future research directions regarding Android security were addressed.

关键词

Keywords

references

Gartner . Gartner report [EB/OL ] . [ 2016 - 02 - 16 ] http://www. gartner.com/newsroom/id/3215217 http://www. gartner.com/newsroom/id/3215217 .

ENCK W , ONGTANG M , MCDANIEL P . Understanding Android security [J ] . IEEE Security ＆ Privacy , 2009 , 7 ( 1 ): 50 - 57 .

ENCK W , OCTEAU D , MCDANIEL P , et al . A study of Android application security [J ] . British Medical Journal , 2015 , 2 ( 3859 ): 1175 .

卿斯汉 . Android 安全研究进展 [J ] . 软件学报， 2016 , 27 ( 1 ): 45 - 71 .

QING S H . Research progress on Android security [J ] . Journal of Software , 2016 , 27 ( 1 ): 45 - 71 .

ELISH K O , SHU X , YAO D , et al . Profiling user-trigger dependence for Android malware detection [J ] . Computers ＆Security , 2015 , 49 ( C ): 255 - 273 .

FANG Z , HAN W , LI Y . Permission-based Android security:issues and counter measures [J ] . Computers ＆ Security , 2014 ( 43 ): 205 - 218 .

SHABTAI A , KANONOV U , ELOVICI Y , et al . Andromaly: a behavioral malware detection framework for android devices [J ] . Journal of Intelligent Information Systems , 2012 , 38 ( 1 ): 161 - 190 .

ZHANG X , YING K , AAFER Y , et al . Life after app uninstallation: are the data still alive data residue attacks on Android [C ] // The 23rd Network and Distributed System Security Symposium（NDSS 2016） , February 21 - 24 , 2016 , San Diego, California, USA .[S.l.:s.n. ] , 2016 .

XING L , PAN X , WANG R , et al . Upgrading your android, elevating my malware: privilege escalation through mobile os updating [C ] // The 2014 IEEE Symposium on Security and Privacy （SP 2014） , May 18 - 21 , 2014 , San Jose, California, USA . New Jersey : IEEE Press , 2014 : 393 - 408 .

SEO J , KIM D , CHO D , et al . FLEXDROID: enforcing in-app privilege separation in Android [C ] // The 23rd Network and Distributed System Security Symp（NDSS 2016） , February 21 - 24 , 2016 , San Diego, California, USA .[S.l.:s.n. ] , 2016 .

ARP D , SPREITZENBARTH M , HUBNER M D , et al . Drebin:effective and explainable detection of Android malware in your pocket [C ] // The 21st Network and Distributed System Security Symp（NDSS 2014） , February 23 - 26 , 2014 , San Diego, California, USA .[S.l .:s.n. ] , 2014 .

CHECK POINT HummingBad: a persistent mobile chain attack [EB/OL ] . [ 2016 - 02 - 16 ] . http://blog.checkpoint.com/2016/02/04/hummingbad-a-persistent-mobile-chain-attack/ http://blog.checkpoint.com/2016/02/04/hummingbad-a-persistent-mobile-chain-attack/ .

Ded: decompiling Android applications [EB/OL ] . [ 2016 - 02 - 16 ] . http://siis.cse.psu.edu/ded/ http://siis.cse.psu.edu/ded/ .

Android decompiling with Dex2jar [EB/OL ] . [ 2016 - 02 - 16 ] . http://code.google.com/p/dex2jar/2015 http://code.google.com/p/dex2jar/2015 .

ENCK W , GILBERT P , CHUN B G , et al . TaintDroid: an information flow tracking system for real- time privacy monitoringon smartphones [J ] . Communications of the ACM , 2014 , 57 ( 3 ): 99 - 106 .

FUCHS A P , CHAUDHURI A , FOSTER J S . SCanDroid:automated security certification of Android Applications [R/OL ] . ( 2015 - 02 03 ) [ 2016 - 02 - 16 ] . http://www.cs.umd.edu/～avik/papers/scandroidascaa.pdf http://www.cs.umd.edu/～avik/papers/scandroidascaa.pdf .

ARZT S , RASTHOFER S , FRITZ C , et al . FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps [J ] . ACM Sigplan Notices , 2014 , 49 ( 6 ): 259 - 269 .

WEI F , ROY S , FRITZ C , et al . Amandroid: a precise and general inter-component data flow analysisframework for security vetting of Android apps [C ] // The 21st ACM Conference on Computerand Communications Security （CCS'14） , November 3 - 7 , 2014 , Scottsdale,Arizona,USA .[S.l.:s.n. ] , 2014 : 1329 - 1341 .

FELT A P , CHIN E , HANNA S , et al . Android permissions demystied [C ] // The 18th ACM Conference on Computer and Communications Security（CCS'11） , Oct 17 - 21 , 2011 , Chicago, IL,USA .[S.l.:s.n. ] , 2011 : 627 - 638 .

AU K W Y , ZHOU Y F , HUANG Z , et al . 2012 . PScout:analyzing the Android permission specification [C ] // The 19th ACM Conference on Computer and Communications Security （CCS'12） , Oct 16 - 18 , 2012 , Raleigh,NC,USA . New York : ACM Press , 2012 : 217 - 228 .

CHIN E , FELT A P , GREENWOOD K , et al . Analyzing inter-application communication inAndroid [C ] // The 9th International Conference on Mobile Systems, Applications, and Services（MobiSys'11） , June 29 - July 1 , 2011 , Washington, DC, USA .[S.l.:s.n. ] , 2011 : 239 - 252 .

LU L , LI Z , WU Z , et al . Chex: statically vetting Android apps for component hijacking vulnerabilities [C ] // The 19th ACM Conference on Computer and Communications Security（CCS 2012） , Oct 16 - 18 , 2012 , Raleigh, NC, USA . New York : ACM Press , 2012 : 219 - 240 .

CHAN P P F , HUI L C K , YIU S M , et al . Droidchecker: analyzing Android applications for capability leak [C ] // The 15th ACM Conf.on Security and Privacy in Wireless and Mobile Networks（WiSec 2012） , April 16 - 18 , 2012 , Tucson, Arizona, USA . New York : ACM Press , 2012 : 125 - 136 .

BLASING T , BATYUK L , SCHMIDT A D , et al . An android application sandbox system for suspicious software detection [C ] // The 5th International Conference on Malicious and Unwanted Software（MALWARE） , Oct 19 - 20 , 2010 , Fajardo, USA . New Jersey : IEEE Press , 2010 : 55 - 62 .

SHABTAI A , KANONOV U , ELOVICI Y , et al . Andromaly: a behavioral malware detection framework for android devices [J ] . Journal of Intelligent Information Systems , 2012 , 38 ( 1 ): 161 - 160 .

TAM K , KHAN S J , FATTORI A , et al . Copperdroid: automatic reconstruction of android malware behaviors [C ] // The Symposium on Network and Distributed System Security（NDSS） , Aug 18 , 2015 , San Diego,USA .[S.l.:s.n. ] , 2015 .

BURGUERA I , ZURUTUZA U , NADJM-TEHRANI S . Crowdroid:behavior-based malware detection system for android [C ] // The 1st ACM Workshop on Security and Privacy in Smart Phones and Mobile Devices , October 17 , 2011 , New York, NY, USA . New York : ACM Press , 2011 : 15 - 26 .

DESNOS A , LANTZ P . DroidBox: an Android application sandboxfor dynamic analysis [EB/OL ] . [ 2016 - 02 - 16 ] . https://code. google.com/p/droidbox/ https://code. google.com/p/droidbox/ .

ZHOU Y , WANG Z , ZHOU W , et al . Hey, you, get off of my market: detecting malicious apps in official and alternative Android markets [C ] // NDSS 2012 , February 5 - 8 , 2012 , San Diego,California,USA .[S.l.:s.n. ] , 2012 .

YAN L K , YIN H . DroidScope: seamlessly reconstructing OS and Dalvik semantic views for dynamic Android malware analysis [C ] // The 21st USENIX Conference on Security Symposium , August 8 - 10 , Bellevue, WA, USA . New York : ACM Press , 2012 : 29 .

GRACE M , ZHOU Y , ZHANG Q , et al . RiskRanker: scalableand accurate zero -day android malware detection [C ] // The 10th International Conference on Mobile Systems, Applications and Services , June 26 - 29 , 2012 Low Wood Bay, The Lake District, UK . New York : ACM Press , 2012 : 281 - 294 .

ZHANG Y , YANG M , XU B , et al . Vetting undesirable behaviors in Android apps with permissionuse analysis [C ] // The 2013 ACM SIGSAC Conference on Computer ＆ Communications Security , November 4 - 8 , 2013 Berlin, Germany . New York : ACM Press , 2013 : 611 - 622 .

浏览量

1550

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

Android广播机制安全性研究

eMBMS安全机制及内容保护研究

运营商恶意软件防护体系与关键技术研究

移动办公在发电企业中的研究和应用