Research And Implementation Of Mobile Terminal Security Function Evaluation

Recently, with the rapid development of mobile internet, the use of mobile terminal becomes more and more popular. Various types of applications and the convenient interaction between devices on terminal make it an indispensable product for life and an important carrier to realize mobile internet. However, due to its operating system vulnerabilities,irregular interface implementation, application software design flaws and user data management vulnerabilities, the mobile terminal is facing serious security threats.To ensure the security capabilities of mobile terminal, Ministry of Industry and Information Technology has developed the "Technical requirements for security capability of smart mobile terminal" and "Test methods for security capability of smart mobile terminal". Based on the analysis of typical security threats and attacks, the standards put forward the requirements of security capability and design test methods to verify.Considering the rapid development of mobile terminal technology in recent years, security requirements become more diverse and then put forward higer requirements to the mobile terminal's own security capacity. In this paper, based on the current standard development work, the security mechanism and the corresponding test method for the security function of the mobile terminal are studied deeply. The main work is as follows:(1) Research on existing standards about safety capability. Analyze the technical requirements for security capability of mobile terminal, and get the shortcomings in two aspects of theory and technology. Based on the existing experience of CC standard in the information system security capability construction, analyze ideas and methods in the database management system security capacity construction to guide the mobile terminal security capability construction.(2) Analyzing the security of Android platform. Analyze security of the operating system, peripheral interface, application software and user data on Android platform, and get the targets that each level environment should meet. Research the current mobile terminal technology, and analyze and summarize the security mechanisms which in order to ensure the security targets, including the sandbox mechanism, access control mechanism, the access control mechanism and so on.(3) Designing security function indicators and test methods of mobile terminal. Deep study the principle of achieving technology of the mobile terminal security mechanism. The CC standard which describes the requirements of safety functions is as a guide. Define the corresponding relationship between security mechanism and security function, design a comprehensive mobile terminal security function index, and solve the problem of the original standard in theory. According to the security function index, combine with the practical situations and the existing technical means of the security mechanism, the corresponding test method is designed to realize the inspection of the safety function index.(4) Realizing test methods. Use the test methods designed in this paper,carry out some projects to test, and test the mobile terminal samples,.According to the experimental results, the rationality of the indicators and the feasibility of the test method are verified.