摘要
在分析我国近年来移动应用安全现状的基础上,结合移动应用的检测需求和检测技术现状,提出了安全检测、源代码分析、渠道监测三位一体的移动应用安全评估平台的构架和部署模式,从漏洞检测、环境安全评估、程序安全评估、业务安全评估、数据安全性评估等方面构建了移动应用上线交付的安全评估指标,形成了全生命周期的移动应用安全能力评估框架和测试方法。最后,结合产业链的健康发展,给出了移动应用安全监管的对策与建议。
Based on analysis of the mobile application security status, and in combination of the detection demand with detection technology in mobile application, the framework of security appraisal, source-code analysis and channel monitoring trinity mobile application security assessment platform and deployment mode is proposed, and the security assessment indicator for mobile application online delivery is built up from vulnerability detection, environmental security assessment, program security assessment, business security assessment and data security assessment, thus to form the lifecycle assessment framework and testing method for mobile application security capabilities.Finally, combined with the healthy development of the industrial chain, the countermeasures and suggestions for mobile application security regulation are given.
出处
《通信技术》
2018年第2期471-475,共5页
Communications Technology
基金
浙江省科技计划项目"移动应用安全评估平台"(No.2016F10041)~~
关键词
移动应用
安全评估模型
评估指标
监管
mobile application
security evaluation model
evaluation index
supervise
