摘要
当前,面向iOS系统个人信息保护的研究主要集中在恶意APP分析与识别领域,缺少对iOS越狱和iOS系统漏洞的探讨。文中将三者融合,提出了一种针对iOS设备的风险评估方法。首先,定义了风险指标分值和风险要素权重值,然后根据预定义规则计算了风险指标和风险要素得分,最后确定了设备风险级别,并给出了风险控制建议。基于该方法,构建了iOS设备风险管理系统。该系统采用客户端-服务器架构,客户端负责抓取并上传设备信息,服务器根据设备信息进行风险分析与评估,并反馈结果。运行结果表明,该系统能有效帮助用户发现iOS设备存在的各种风险。
At present,the research on personal information protection for iOS systems mainly focuses on the field of malicious APP analysis and identification,and lacks the discussion of iOS jailbreaking and iOS system vulnerabilities.This paper integrates the three,and proposes a threat and risk assessment method for iOS equipment.First,the risk index score and risk element weight value are defined,and then the risk index and risk element score are calculated according to predefined rules,and finally the equipment risk level is determined,and risk control suggestions are given.Based on this method,a iOS equipment risk management system is built.The system adopts client side-server architecture.The client side is responsible for grabbing and uploading device information.The server conducts risk analysis and evaluation according to the device information,and feeds back the results.The operation results show that the system can effectively help users discover various risks existing in iOS equipment.
作者
甄扬
ZHEN Yang(School of Computer and Art,Anhui Technical College of Industry and Economy,Hefei 230051,China)
出处
《移动信息》
2023年第8期116-119,共4页
MOBILE INFORMATION
基金
安徽省高等学校科学研究项目(自然科学类)重点项目(2022AH052664)
2021年中国高校产学研创新基金“新一代信息技术创新项目”(2021ITA09022)。