請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/86324完整後設資料紀錄
| DC 欄位 | 值 | 語言 |
|---|---|---|
| dc.contributor.advisor | 王凡(Fan Wang) | |
| dc.contributor.author | Hong-Jhih Chen | en |
| dc.contributor.author | 陳鴻智 | zh_TW |
| dc.date.accessioned | 2023-03-19T23:49:08Z | - |
| dc.date.copyright | 2022-08-29 | |
| dc.date.issued | 2022 | |
| dc.date.submitted | 2022-08-25 | |
| dc.identifier.citation | [AZM2015] S. I. Ahmed, M. H. Zaber, M. B. Morshed, Md. H. B. Ismail, D. Cosley, and S. J. Jackson. 'Suhrid: A Collaborative Mobile Phone Interface for Low Literate People. In Proceedings of the 2015 Annual Symposium on Computing for Development' (DEV '15). Association for Computing Machinery, New York, NY, USA, 95–103. (2015). [CCY2015] F. Cai, H. Chen, Y. Wu, and Y. Zhang. 'Appcracker: Widespread vulnerabilities in user and session authentication in mobile apps.' MoST 2015 (2015). [CGH2017] S. Chitkara, N. Gothoskar, S. Harish, J. I. Hong, and Y. Agarwal. 2017. 'Does this App Really Need My Location? Context-Aware Privacy Management for Smartphones'. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 1, 3, Article 42 (September 2017). [GSS2019] T. Giallanza, T. Siems, E. Smith, E. Gabrielsen, I. Johnson, M. A. Thornton, and E. C. Larson. 2019. 'Keyboard Snooping from Mobile Phone Arrays with Mixed Convolutional and Recurrent Neural Networks'. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 3, 2, Article 45 (June 2019). [GST2021] J. A. de Guzman, A. Seneviratne, and K. Thilakarathna. 2021. 'Unravelling Spatial Privacy Risks of Mobile Mixed Reality Data'. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 5, 1, Article 14 (March 2021). [H2013] K. Haller. 2013. 'Mobile Testing'. SIGSOFT Softw. Eng. Notes 38, 6 (November 2013), 1–8. [HFS2019] D. Hintze, M. Füller, S. Scholz, R. D. Findling, M. Muaaz, P. Kapfer, E. Koch, and R. Mayrhofer. 2019. 'CORMORANT: Ubiquitous Risk-Aware Multi-Modal Biometric Authentication across Mobile Devices'. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 3, 3, Article 85 (September 2019) [LZL2015] Y. Li, Y. Zhang, J. Li, and D. Gu. 'icryptotracer: Dynamic analysis on misuse of cryptography functions in ios applications.' In International Conference on Network and System Security, pp. 349-362. Springer, Cham, (2015). [MT2019] T. Mendel and E, Toch. 2019. 'My Mom was Getting this Popup: Understanding Motivations and Processes in Helping Older Relatives with Mobile Security and Privacy'. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 3, 4, Article 147 (December 2019). [PCY2013] S. Park, Q. Chen and H. Y. Yeom, 'PIOS: A platform-independent offloading system for a mobile web environment,' 10th IEEE Consumer Communications and Networking Conference (CCNC), (2013), pp. 137-142. [PM2004] B. Potter and G. McGraw, 'Software security testing,' in IEEE Security & Privacy, vol. 2, no. 5, pp. 81-85, Sept.-Oct. (2004). [WCY2019] X. Wang, A. Continella, Y. Yang, Y, He, and S. Zhu. 2019. 'LeakDoctor: Toward Automatically Diagnosing Privacy Leaks in Mobile Applications.' Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 3, 1, Article 28 (March 2019). [ZA2005] D. Zhang and B. Adipat “Challenges, Methodologies, and Issues in the Usability Testing of Mobile Applications, International Journal of Human–Computer Interaction', 18:3, 293-308. (2005) | |
| dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/86324 | - |
| dc.description.abstract | 在手機的作業系統存在許多安全性的問題,其中的一個是儲存空間的安全性。如果應用程式的開發者並沒有注意到這個問題,惡意的攻擊者可能透過行動裝置的內部儲存空間、裝置的偵錯訊息、裝置傳送到第三方的資料來進行攻擊。而人工進行檢測雖然可行,但是會花費大量的時間和金錢。由於目前現有技術不足,許多其它工具並沒有很方便使用,我們需要一個自動化的工具來檢測。我們所開發的技術可以偵測四種儲存空間的錯誤,並且可以自動化的產生測試報告,可以讓開發者更快速的找到應用程式出現的問題。 | zh_TW |
| dc.description.abstract | There are many security issues in mobile operating systems, one of which is Storage security. Malicious attackers might attack via internal storage, device log, or third-party services because of the carelessness of the app developers. If we check those vulnerabilities manually, it might cost a lot and lack performance. Thus, an automated tool to inspect these vulnerabilities could be beneficial. The technology we have developed can detect errors in four types of storage space, and can automatically generate test reports, allowing developers to find application problems more quickly. | en |
| dc.description.provenance | Made available in DSpace on 2023-03-19T23:49:08Z (GMT). No. of bitstreams: 1 U0001-2508202200113500.pdf: 5915763 bytes, checksum: db8547dc1ce81ebd4a2c3ca690615125 (MD5) Previous issue date: 2022 | en |
| dc.description.tableofcontents | Table of Contents 誌謝 iii 中文摘要 iv ABSTRACT v LIST OF FIGURES viii LIST OF TABLES x Chapter 1 Introduction 1 1. Background 1 2. Motivation 3 3. Our approach 4 4. Organization 5 Chapter 2 Related Work 6 1. Related academic work 6 2. Related tools 7 Chapter 3 Preliminaries 9 1. iOS security architecture 9 2. Jailbreak 11 3. Software analysis methods 13 Chapter 4 Procedures 15 1. Test preparation 17 2. Plist vulnerability detection 18 3. Core Data vulnerability detection 20 4. Keychain vulnerability detection 22 5. Cache vulnerability detection 24 Chapter 5 Implementation 26 1. Tools that we have used in this paper: 26 2. Test as a Dragon (TaaD) 28 Chapter 6 Experiment 30 1. Experimental setup 30 2. Target iOS Application 30 3. A controlled experiment with our app Storage Testing 31 4. Uncontrolled experiment 34 5. Discussion 38 6. Experiment Result: 40 Chapter 7 Conclusions and Future Work 71 REFERENCES 72 | |
| dc.language.iso | en | |
| dc.subject | 黑箱測試 | zh_TW |
| dc.subject | iOS 應用程式 | zh_TW |
| dc.subject | 軟體測試 | zh_TW |
| dc.subject | 自動化測試 | zh_TW |
| dc.subject | 應用程式安全性 | zh_TW |
| dc.subject | 軟體品質測試 | zh_TW |
| dc.subject | iOS application | en |
| dc.subject | application security | en |
| dc.subject | testing automation | en |
| dc.subject | black-box testing | en |
| dc.subject | quality testing | en |
| dc.subject | software testing | en |
| dc.title | iOS 用戶端應用程式內部儲存空間之自動化安全檢測 | zh_TW |
| dc.title | Automated Storage Security Testing for iOS Applications on Client Side | en |
| dc.type | Thesis | |
| dc.date.schoolyear | 110-2 | |
| dc.description.degree | 碩士 | |
| dc.contributor.oralexamcommittee | 黃世昆(Shi-Kun Huang),田謹維(Jin-Wei Tian),雷欽隆(Qin-Long Lei) | |
| dc.subject.keyword | 軟體測試,iOS 應用程式,軟體品質測試,黑箱測試,自動化測試,應用程式安全性, | zh_TW |
| dc.subject.keyword | software testing,iOS application,quality testing,black-box testing,testing automation,application security, | en |
| dc.relation.page | 73 | |
| dc.identifier.doi | 10.6342/NTU202202789 | |
| dc.rights.note | 同意授權(全球公開) | |
| dc.date.accepted | 2022-08-26 | |
| dc.contributor.author-college | 電機資訊學院 | zh_TW |
| dc.contributor.author-dept | 電機工程學研究所 | zh_TW |
| dc.date.embargo-lift | 2022-08-29 | - |
| 顯示於系所單位: | 電機工程學系 | |
文件中的檔案:
| 檔案 | 大小 | 格式 | |
|---|---|---|---|
| U0001-2508202200113500.pdf | 5.78 MB | Adobe PDF | 檢視/開啟 |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。