计算机科学 ›› 2017, Vol. 44 ›› Issue (4): 79-81.doi: 10.11896/j.issn.1002-137X.2017.04.017

• NASAC 2015 • 上一篇    下一篇

基于OVAL的安卓漏洞检测评估系统

万燕,赵希,王国林   

  1. 东华大学计算机科学与技术学院 上海201620,东华大学计算机科学与技术学院 上海201620,东华大学计算机科学与技术学院 上海201620
  • 出版日期:2018-11-13 发布日期:2018-11-13

Android Vulnerability Detection and Assessment System Based on OVAL

WAN Yan, ZHAO Xi and WANG Guo-lin   

  • Online:2018-11-13 Published:2018-11-13

摘要: 传统漏洞检测工具检测时间长,占用大量系统资源,需要对系统进行模拟攻击,难以应对越来越复杂的安卓漏洞威胁。提出了一种“C/S”架构的、基于开放漏洞评估语言(OVAL)的安卓漏洞检测评估系统。这种架构将大部分评估工作放在控制台端执行,减少了对安卓系统性能的影响,其以OVAL作为漏洞评估标准,在保证评估高精度的同时也具有更好的开放性和可扩展性。

关键词: 漏洞检测,开放漏洞评估语言,安卓

Abstract: It is difficult to deal with more and more complex security vulnerabilities for the traditional detection tool,which takes a long time,takes up a large number of system resources and needs to simulate the attack.This paper pre-sented a C/S,open vulnerability and assessment language(OVAL) based android vulnerability detection and assessment system.This architecture puts most of the evaluation work to the central control and reduces the impact on the android system performance.Using OVAL as vulnerability assessment standard,the architecture guarantees the high accuracy of the evaluation,and it also has better openness and scalability.

Key words: Vulnerability detection,OVAL,Android

[1] ENCK W,ONGTANG M,MCDANIEL P.Understanding An-droid Security[J].IEEE Security & Privacy Magazine,2009,7(1):50-57.
[2] SHABTAI A,FLEDEL Y,KANONOV U,et al.Google An-droid:A Comprehensive Security Assessment[J].IEEE Security & Privacy,2010,8(2):35-44.
[3] BARTEL A,KLEIN J,TRAON Y L,et al.Automatically securing permission-based software by reducing the attack surface:an application to Android[C]∥Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.ACM,2012:274-277.
[4] HANNA S,HUANG L,WU E,et al.Juxtapp:A Scalable System for Detecting Code Reuse among Android Applications[M]∥Detection of Intrusions and Malware,and Vulnerability Assessment.Springer Berlin Heidelberg,2013:62-81.
[5] The MITRE Corporation.OVAL[EB/OL].(2015-07-09)[2015-11-15].http://oval.mitre.org.
[6] The MITRE Corporation.CVE[EB/OL].(2015-07-24)[2015-11-15].http://cve.mitre.org.
[7] Internet Security SystemsTM.Vulnerability assessment[EB/OL].(2015-07-26)[2015-11-15].http://www.iss.net/find_produ-cts/vulnerability-assessment.php.
[8] WANG X D,GAO L,ZHANG L.Design and implementation of OVAL-compatible VAS on multi-platform[J].Computer Engineering and Applications,2009,5(36):82-85.(in Chinese) 王旭冬,高岭,张林.兼容OVAL的多平台VAS设计与实现[J].计算机工程与应用,2009,45(36):82-85.

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!