外文翻译--谷歌机器人-全面的安全评估.doc

《外文翻译--谷歌机器人-全面的安全评估.doc》由会员分享，可在线阅读，更多相关《外文翻译--谷歌机器人-全面的安全评估.doc（5页珍藏版）》请在淘文阁 - 分享文档赚钱的网站上搜索。

1、英文原文GoogleAndroid:A Comprehensive Security AssessmentAs an operating system for mobile devices,Googles Androidan open, programmable software frameworkis vulnerable to typical smart-phone attacks. Such attacks can make the phone partially or fully unusable, cause unwanted SMS/MMS (short message servi

2、ce/multi-media messaging service) billing, or expose private information.1 Smart-phone attack vectors include cellular networks, Bluetooth, the Internet (via Wi-Fi,General Packet Radio Service/Enhanced Data Rates for Global Evolution, or 3G network access), USB, and other peripherals.2 Smart-phone m

3、alware evolve very quickly due to the experience malware writers have gained with PC malware. As Alexander Gostevestimates,3 two years are sufficient for smart-phone viruses to evolve to a level that computer viruses only reached after 20 years. Thus, the challenge in ensuring smart-phone security i

4、s becoming similar to that confronting the PC.4 Among the most prominent smart-phone malware types are the Lasco/Cabir5 and Commwarrior/Mabir worm families,6 the Flex- iSpy, RedBrowser, and Skulls Trojan horses, the WinCE.Duts and CardTrap viruses,7 and, recently,the iPhone ikee worm and iPhone/Priv

5、acy.A hack-ing tool that exploited vulnerabilities in jail-broken iPhone systems.So far, smart-phone pandemic outbreaks have been limited in their scale and impact due to a re-stricted number of potential victims. Nevertheless,smart-phone market share in the US has increased from 11 percent of all c

6、ellular phone subscribers in 2008 to 17 percent in 2009, and it is expected to in-crease significantly over the next few years.8 Conse- quently, smart phones are likely to become a fertile ground for various types of malware. The number of smart phones based on the Google Android operating system ar

7、e expected to increase 10 percent during 2010.8 The risks to Android are never-theless significant, mainly because its an open source software stack operated in a heterogenic mobile en-vironment. Thus, hackers can more easily access, manipulate,and exploit the operating system code.Here, we review a

8、nd assess the security mechanisms incorporated into Googles new Android framework and whether theyre adequate in light of the emerging threats to smart phones. Android is an application execution environment formobile devices. It includes an operating system, ap-plication framework, and core applica

9、tions. The Android software stack is built on the Linux kernel, which is used for its device drivers, memory management, process management, and networking. The next level up contains the Android native libraries. Various system components in the upper layers use these libraries, which are written i

10、n C/C+. Incorporating these libraries in Android applications is achieved via Java native interfaces. The next level is the Android run-time, comprising the Dalvik virtual machine and the core libraries. Dalvik runs .dex (Dalvik-executable) files that are designed to be more compact and memory-effic

11、ient than Java class files. The core libraries are written in Java and provide a substantial subset of the Java 5 SE packages as well as some Android-specific libraries. The application framework layer, written fully in Java, includes Google-provided tools as well as pro-prietary extensions or servi

12、ces. The topmost application layer provides applications such as a phone, Web browser, email client, and more.Each application in Android is packaged in an .apk archive for installation. This archive is similar to a Java standard jar file in the way that it holds all code and noncode resources (such

13、 as images or manifest) for the application. Android applications are written in Java based on the APIs the Android software de-velopment kit (SDK) provides. William Enck and his colleagues discussed the main components of an An-droid application and how to use an Android-specific mechanism to prote

14、ct Android applications.9 In general, several security mechanisms are incor-porated into the Android framework (see Table 1). We can cluster them into three general groups: Linux mechanisms, environmental features, and Android-specific mechanisms.中文翻译：谷歌机器人：全面的安全评估作为移动设备的操作系统，谷歌的Android，一个开放的，可编程的软件

15、框架，很容易受到典型的智能手机的攻击。这种攻击可以使手机部分或全部无法使用，造成不必要的短信/彩信（短消息服务/多媒体信息服务）计费，或暴露私人信息。智能手机的攻击行为主要包含有以下几点：1、蜂窝网络，蓝牙，互联网（经无线网络连接，通用分组无线业务/增强型数据速率全球演进，或3G网络访问），USB和其他外设设备。2、智能手机恶意软件的发展非常迅速，由于恶意软件编写者已经与PC恶意软件取得的经验。3、正如Alexander Gostev估计，经过两三年时间智能手机病毒足以发展到电脑病毒20年后才能达到的水平。因此，目前最大的挑战在于确保智能手机的安全问题与PC电脑达到相同的水平。4、是Lasco

16、/Cabir两种反病毒软件的没落。5、CommWarrior病毒/ Mabir蠕虫家庭等新一代病毒的崛起。6、 Flex的iSpy，RedBrowser，和骷髅特洛伊木马病毒的WinCE.Duts和CardTrap，7、最近，iPhone ikee蠕虫和iPhone / Privacy.A成为荷兰国际集团的工具，利用在iPhone系统的漏洞上进行越狱。到目前为止，由于潜在的受害者未曝光，智能手机木马在其规模和影响数量受到一定的限制。然而，智能手机在美国的市场份额已由原来的11个移动电话用户都在2008年百分之到百分之十七，2009年，它预计在数年内迅速得到发展。8、形成机制，智能手机最大的特点

17、使其有可能成为不同类型恶意软件的沃土。基于Google平台的android智能手机用户从2010年8月起预期会提高10%，然而，由于它主要是一个在手机开发平台下的开源软件。因此，黑客们可以更方便地访问，操作，并利用操作系统代码。现在，我们必须审查和评估到谷歌安全的Android框架，无论他们能否成为新兴威胁，不仅仅是智能手机。Android是一个为手机应用环境执行的设备。它包括一个操作系统、虚拟机、本框架及核心应用。Android软件堆栈是基于Linux内核，这是它的设备驱动，内存管理，进程管理，联网使用内置。下一级就包含了Android原生库。在上层各种系统组件使用这些库，它们是用C/C+的

18、语言编写。纳入Android应用通过这些库实现Java本机接口。下一级是Android运行时间，包括在Dalvik虚拟机和核心库。Dalvik的运行。虚拟机（Dalvik的可执行）层的设计更加紧凑，比Java类文件存储效率的文件。核心库是用Java编写的，并提供了Java 5 SE的包以及一些Android的特定的库等重要子集。应用程序框架层，完全用Java编写的，包括谷歌提供的是其扩展或工具，以及服务。最上面的应用层提供诸如电话，Web浏览器，电子邮件客户端以及更多的应用。 每个Android应用程序被打包在一个安装.apk文件存档。该归档文件采用类似于Java的方式，它拥有所有的代码和noncode资源（如图像或清单）标准的应用程序的jar文件。Android应用程序是用Java编写的基于Android软件的开发应用平台（SDK）提供。威廉恩克和他的同事讨论了一台装有Android手机应用的主要组件，以及如何使用Android的具体机制，保护android新一代系统的安全。 在一般情况下，一些安全机制从最基础到Android框架部分。一般我们可以分为三个组群来定义：Linux的机制，环境功能和Android的具体机制。