Computer Science ›› 2017, Vol. 44 ›› Issue (4): 79-81.doi: 10.11896/j.issn.1002-137X.2017.04.017

Previous Articles     Next Articles

Android Vulnerability Detection and Assessment System Based on OVAL

WAN Yan, ZHAO Xi and WANG Guo-lin   

  • Online:2018-11-13 Published:2018-11-13

Abstract: It is difficult to deal with more and more complex security vulnerabilities for the traditional detection tool,which takes a long time,takes up a large number of system resources and needs to simulate the attack.This paper pre-sented a C/S,open vulnerability and assessment language(OVAL) based android vulnerability detection and assessment system.This architecture puts most of the evaluation work to the central control and reduces the impact on the android system performance.Using OVAL as vulnerability assessment standard,the architecture guarantees the high accuracy of the evaluation,and it also has better openness and scalability.

Key words: Vulnerability detection,OVAL,Android

[1] ENCK W,ONGTANG M,MCDANIEL P.Understanding An-droid Security[J].IEEE Security & Privacy Magazine,2009,7(1):50-57.
[2] SHABTAI A,FLEDEL Y,KANONOV U,et al.Google An-droid:A Comprehensive Security Assessment[J].IEEE Security & Privacy,2010,8(2):35-44.
[3] BARTEL A,KLEIN J,TRAON Y L,et al.Automatically securing permission-based software by reducing the attack surface:an application to Android[C]∥Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.ACM,2012:274-277.
[4] HANNA S,HUANG L,WU E,et al.Juxtapp:A Scalable System for Detecting Code Reuse among Android Applications[M]∥Detection of Intrusions and Malware,and Vulnerability Assessment.Springer Berlin Heidelberg,2013:62-81.
[5] The MITRE Corporation.OVAL[EB/OL].(2015-07-09)[2015-11-15].http://oval.mitre.org.
[6] The MITRE Corporation.CVE[EB/OL].(2015-07-24)[2015-11-15].http://cve.mitre.org.
[7] Internet Security SystemsTM.Vulnerability assessment[EB/OL].(2015-07-26)[2015-11-15].http://www.iss.net/find_produ-cts/vulnerability-assessment.php.
[8] WANG X D,GAO L,ZHANG L.Design and implementation of OVAL-compatible VAS on multi-platform[J].Computer Engineering and Applications,2009,5(36):82-85.(in Chinese) 王旭冬,高岭,张林.兼容OVAL的多平台VAS设计与实现[J].计算机工程与应用,2009,45(36):82-85.

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] LEI Li-hui and WANG Jing. Parallelization of LTL Model Checking Based on Possibility Measure[J]. Computer Science, 2018, 45(4): 71 -75, 88 .
[2] XIA Qing-xun and ZHUANG Yi. Remote Attestation Mechanism Based on Locality Principle[J]. Computer Science, 2018, 45(4): 148 -151, 162 .
[3] LI Bai-shen, LI Ling-zhi, SUN Yong and ZHU Yan-qin. Intranet Defense Algorithm Based on Pseudo Boosting Decision Tree[J]. Computer Science, 2018, 45(4): 157 -162 .
[4] WANG Huan, ZHANG Yun-feng and ZHANG Yan. Rapid Decision Method for Repairing Sequence Based on CFDs[J]. Computer Science, 2018, 45(3): 311 -316 .
[5] SUN Qi, JIN Yan, HE Kun and XU Ling-xuan. Hybrid Evolutionary Algorithm for Solving Mixed Capacitated General Routing Problem[J]. Computer Science, 2018, 45(4): 76 -82 .
[6] ZHANG Jia-nan and XIAO Ming-yu. Approximation Algorithm for Weighted Mixed Domination Problem[J]. Computer Science, 2018, 45(4): 83 -88 .
[7] WU Jian-hui, HUANG Zhong-xiang, LI Wu, WU Jian-hui, PENG Xin and ZHANG Sheng. Robustness Optimization of Sequence Decision in Urban Road Construction[J]. Computer Science, 2018, 45(4): 89 -93 .
[8] LIU Qin. Study on Data Quality Based on Constraint in Computer Forensics[J]. Computer Science, 2018, 45(4): 169 -172 .
[9] ZHONG Fei and YANG Bin. License Plate Detection Based on Principal Component Analysis Network[J]. Computer Science, 2018, 45(3): 268 -273 .
[10] SHI Wen-jun, WU Ji-gang and LUO Yu-chun. Fast and Efficient Scheduling Algorithms for Mobile Cloud Offloading[J]. Computer Science, 2018, 45(4): 94 -99, 116 .