隨著人們對於通訊功能的需求越來越大,行動嵌入式系統(Mobile Embedded System) 的使用也就更為廣泛,現今台灣平均每個人擁有約1.59 隻行動電話,由此可知行動裝置已經漸漸成為人們生活的一部分,這些裝置內都記錄了些使用者的隱私資料,例如:簡訊、通話紀錄等等,而許多惡意攻擊者的魔爪,正指向這些行動裝置的安全性。本計畫將會針對行動作業系統—Android 作一系列完整之研究,目標為達成防止隱私資料外洩的威脅。 Android 作業系統是Google 公司在2008 發表的新一代行動裝置作業系統,Android 的核心為Linux,因此它的原始碼是完整公開的,而我們相信行動作業系統將會慢慢被統合成幾個主要系統,Android 便是其中之一,過去行動裝置上的攻擊者大都專注於 Windows Mobile 與Symbian,但由於Google 及許多重要廠商的支持,Android 未來勢必成為市場的主流之一,進而成為攻擊者攻擊的目標。本計畫將對Android 可能遭受到的攻擊做一系列的分析與研究,建立起威脅模型(Threat Model),最終使用行動裝置上獨有的使用特性結合管制流出通訊資料,以避免隱私外洩的可能,阻絕國家、公司或個人在資訊安全上的最大一塊死角。 ; Due to the demand of communication, mobile embedded systems have become more and more popular. Nowadays, in Taiwan the number of cellular phones that each person owns is about 1.59. This phenomenon shows mobile devices like cellular phones have become part of our every day lives. However, a lot of private information is stored in these devices, such as instance messages and communication logs. As a result, we believe in the near future mobile devices will become one of the major targets of attackers. This research would focus on the security issue of one of the most promising mobile operating systems, Android, to protect the private information stored in a cellular phone. Android was announced by Google in 2008. It is a novel mobile operating system based on Linux kernel. So, its source code is available publicly for research and commercial use. In the past, attackers often focused on Windows Mobile and Symbian systems; however, due to obtaining the full support of Google and many important companies, we believe in the future, Android will soon become one of the major products in the market, which in turn will make it a primary target of attackers. Our research would analyze the attacks and threats that Android may encounter and try to build a threat model for it. Finally, we will develop some mechanisms to prevent the leak of private information stored in an Android cellular phone through utilizing the special properties of mobile devices to control the transmission of private data. ; 研究期間 9808 ~ 9907
