期刊文献+

安卓应用软件代码签名的风险挑战与应对措施

Risk Challenges and Countermeasures for Code Signing inAndroid Application Software
下载PDF
导出
摘要 在移动互联网时代,安卓移动应用软件已经渗透到人们生产生活的方方面面,安卓代码签名的安全问题一直是黑灰产关注的重点。通过分析不同版本的安卓代码签名机制以及代码签名在证书算法、证书使用、软件权责、软件保护、证书更新等方面存在的风险挑战,从行业标准、企业内部、政策监管、产业链责任和义务等方面向产业相关方提出对策建议,为行业相关技术研究、标准制定和政策发布提供参考。 In the era of mobile Internet,Android mobile application software has penetrated into every aspect of people’s production and life,and the security issue of Android code signature is always a focus of attention for BlackGrey.By analyzing the Android code signing mechanism of different versions and the risk and challenge of code signing in terms of certificate algorithm, certificate usage, software rightsand responsibilities, software protection, certificate update, etc., this paper puts forward countermeasuresand suggestions to industry stakeholders from industry standards, internal enterprises, policy supervision,industry chain responsibilities and obligations, which provides a reference for the industry to carry outrelevant technical research, standard formulation and policy issuance.
作者 宋恺 邓佑军 王浩仟 张静怡 汪海 SONG Kai;DENG Youjun;WANG Haoqian;ZHANG Jingyi;WANG Hai(China Academy of Information and Communications Technology,Beijing 100191,China;Key Laboratory of Mobile Application Innovation and Governance Technology,Ministry of Industry and Information Technology,Beijing 100191,China)
出处 《信息安全与通信保密》 2023年第9期36-44,共9页 Information Security and Communications Privacy
基金 工业和信息化部财政项目“面向移动互联网应用程序的检测及认证公共服务平台”(No.20230087)。
关键词 安卓应用软件 代码签名 数字证书 第三方认证 Android application software code signing digital certificate third-party certification
  • 相关文献

参考文献4

二级参考文献34

  • 1王一平,韦卫.Windows下代码签名验证的研究与实现[J].计算机应用与软件,2007,24(1):162-164. 被引量:3
  • 2RUSSINOVICH M E, SOLOMON D A. Windows Internals[M]. 6^th Edition, 2012.
  • 3j00ru. A Quick Insight into the Driver Signature Enforcement[EB/OL]. (2010-6-19). http : //j00ru.vexillium.org/?p=377.
  • 4j0Oru. Defeating Windows Driver Signature. Enfomement[EB/OL]. (2012-11-3). http: //j00ru.vexillium.org/?p=1169.
  • 5MJ0011. Using a Patched Vulnerability to Bypass Windows 8 x64 Driver Signature Enforcemen[R]. POC2012, 2012.
  • 6STEVENS M, LENSTRA A K, WEGER B. Chosen-prefix Collisions for MD5 and Applications[J]. Int. J. Applied Cryptography, 2012, 2(4): 322-359.
  • 7SOTIROV A, STEVENS M, APPELBAUM J, et al. MD5 Considered harmful Today-Creating a Rogue CA Certificate[EB/OL]. http: //www.win.tue.nl/hashclash/ rogue-ca/.
  • 8Wiki.Google Play[EB/OL].[2014-04-16].http://en.wikipedia.org/wiki/Google_Play.
  • 9Wiki.App Store(i OS)[EB/OL].[2014-04-21].http://en.wikipedia.org/wiki/App_Store_(i OS).
  • 10艾瑞.2013年中国移动安全数据报告[R/OL].[2014-01-16].http://report.iresearch.cn/2103.html.

共引文献4

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部