计算机科学 ›› 2017, Vol. 44 ›› Issue (4): 79-81.doi: 10.11896/j.issn.1002-137X.2017.04.017
万燕,赵希,王国林
WAN Yan, ZHAO Xi and WANG Guo-lin
摘要: 传统漏洞检测工具检测时间长,占用大量系统资源,需要对系统进行模拟攻击,难以应对越来越复杂的安卓漏洞威胁。提出了一种“C/S”架构的、基于开放漏洞评估语言(OVAL)的安卓漏洞检测评估系统。这种架构将大部分评估工作放在控制台端执行,减少了对安卓系统性能的影响,其以OVAL作为漏洞评估标准,在保证评估高精度的同时也具有更好的开放性和可扩展性。
[1] ENCK W,ONGTANG M,MCDANIEL P.Understanding An-droid Security[J].IEEE Security & Privacy Magazine,2009,7(1):50-57. [2] SHABTAI A,FLEDEL Y,KANONOV U,et al.Google An-droid:A Comprehensive Security Assessment[J].IEEE Security & Privacy,2010,8(2):35-44. [3] BARTEL A,KLEIN J,TRAON Y L,et al.Automatically securing permission-based software by reducing the attack surface:an application to Android[C]∥Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.ACM,2012:274-277. [4] HANNA S,HUANG L,WU E,et al.Juxtapp:A Scalable System for Detecting Code Reuse among Android Applications[M]∥Detection of Intrusions and Malware,and Vulnerability Assessment.Springer Berlin Heidelberg,2013:62-81. [5] The MITRE Corporation.OVAL[EB/OL].(2015-07-09)[2015-11-15].http://oval.mitre.org. [6] The MITRE Corporation.CVE[EB/OL].(2015-07-24)[2015-11-15].http://cve.mitre.org. [7] Internet Security SystemsTM.Vulnerability assessment[EB/OL].(2015-07-26)[2015-11-15].http://www.iss.net/find_produ-cts/vulnerability-assessment.php. [8] WANG X D,GAO L,ZHANG L.Design and implementation of OVAL-compatible VAS on multi-platform[J].Computer Engineering and Applications,2009,5(36):82-85.(in Chinese) 王旭冬,高岭,张林.兼容OVAL的多平台VAS设计与实现[J].计算机工程与应用,2009,45(36):82-85. |
No related articles found! |
|