传统漏洞检测工具检测时间长,占用大量系统资源,需要对系统进行模拟攻击,难以应对越来越复杂的安卓漏洞威胁.提出了一种“C/S"架构的、基于开放漏洞评估语言(OVAL)的安卓漏洞检测评估系统.这种架构将大部分评估工作放在控制台端执行,减少了对安卓系统挂能的影响,其以OVAL作为漏洞评估标准,在保证评估高精度的同时也具有更好的开放性和可扩展性.%It is difficult to deal with more and more complex security vulnerabilities for the traditional detection tool,which takes a long time,takes up a large number of system resources and needs to simulate the attack.This paper presented a C/S,open vulnerability and assessment language(OVAL) based android vulnerability detection and assessment system.This architecture puts most of the evaluation work to the central control and reduces the impact on the android system performance.Using OVAL as vulnerability assessment standard,the architecture guarantees the high accuracy of the evaluation,and it also has better openness and scalability.
展开▼
