通信学报 ›› 2016, Vol. 37 ›› Issue (6): 169-184.doi: 10.11959/j.issn.1000-436x.2016127

• 综述 • 上一篇    下一篇

Android智能终端安全综述

许艳萍1,马兆丰1,王中华2,钮心忻1,杨义先1   

  1. 1 北京邮电大学信息安全中心,北京 100876
    2 国家计算机网络应急技术处理协调中心,北京 100029
  • 出版日期:2016-06-25 发布日期:2017-08-04
  • 基金资助:
    国家自然科学基金资助项目;“十二五”国家科技支撑计划基金资助项目;国家科技支撑计划基金资助项目

Survey of security for Android smart terminal

Yan-ping XU1,Zhao-feng MA1,Zhong-hua WANG2,Xin-xin NIU1,Yi-xian YANG1   

  1. 1 Information Security Center,Beijing University of Posts and Telecommunications,Beijing 100876,China
    2 National Computer Network Emergency Response Technical Team/Coordination Center of China(CNCERT/CC),Beijing 100029,China
  • Online:2016-06-25 Published:2017-08-04
  • Supported by:
    The National Natural Science Foundation of China;The Twelfth-five National Science and Technology Support Program;The National Science and Technology Support Program

摘要:

针对Android智能终端安全问题,构建Android智能终端安全分层体系。首先从远程防盗、生物身份验证和硬件安全模块方面阐述了Android设备安全的安全威胁及保护措施,然后从无线安全网络、病毒传播查杀和防钓鱼攻击说明了Android网络安全的隐患及防范,之后从内核安全、本地库运行时环境安全和应用框架安全角度介绍了Android操作系统安全的研究内容,接着从静态检测和应用行为动态检测、应用加固和应用评估方面展示了Android应用安全的研究成果,接下来着眼于数据本身总结了Android数据的追踪、加密和备份等安全保护技术,最后结合实际需求展望了Android安全未来在安全增强框架、智能应用行为分析等方向的发展。

关键词: Android, 设备安全, 网络安全, 系统安全, 应用安全, 数据安全

Abstract:

Aiming at the security,the layered security system was constructed.Firstly,the devices safety protection based on remote anti-theft,biometric identity verification and hardware security module was expounded.Secondly,network security referring to the wireless security network,virus propagation killing and anti-phishing was illustrated.Thirdly,the OS safety was introduced from the perspective of system kernel,runtime environment and application framework.Fourthly,application security was showed containing the reverse engineering static analysis,behavior dynamic analysis,safety reinforcement and safety assessment.Fifthly,the privacy data protection was summarized including tracking,encryption and backup.Finally,the future development direction was prospected on the security framework and intelligent behavior analysis.

Key words: Android, device security, network security, system security, application security, data security