Research and Application of Security Requirements Testing Technology for mobile terminals

Journal of Information Security Research ›› 2020, Vol. 6 ›› Issue (5): 427-432.

Previous Articles Next Articles

Research and Application of Security Requirements Testing Technology for mobile terminals

Received:2020-04-29 Online:2020-05-15 Published:2020-04-29

移动终端安全要求测评技术研究及应用

张艳¹,彭华熹²,何申²

1. 中国移动通信有限公司研究院安全技术研究所
2. 中国移动通信有限公司研究院

通讯作者: 张艳
作者简介: 张艳，1984年生，硕士，工程师，主要研究领域为终端安全、网络与信息安全彭华熹，1978年生，博士，高级工程师，主要研究领域为终端安全、网络与信息安全何申，1980年生，博士，高级工程师，主要研究领域为网络与信息安全、移动互联网安全、可信计算

Abstract

Abstract: “Technical Requirements for Security Capability of Smart Mobile Terminal” is the industry standard for the mobile terminal security which is promulgated in 2013. IWe analyzed the status and problems of security testing according to “Technical Requirements for Security Capability of Smart Mobile Terminal”. In order to solve these problems, we designed a security testing model based on the PC client and the testing agent, which realized the batch automatic script running and the security testing monitoring, effectively reduced the threshold of the security testing and improved the efficiency and quality of the security testing. This paper designed the cloud management platform, and researched the mechanism such as the testing data analyzing mechanism based on the label, which effectively improved the statistical analysis efficiency of the testing output data.

Key words: Mobile Terminal, Security Capability, Security Requirements, Security Testing, Testing Model

摘要： 《移动智能终端安全能力技术要求》是工信部2013年颁布的移动终端安全的行业标准。通过分析和梳理了上述移动终端安全要求的测评现状，并针对其中存在的问题，设计了基于PC客户端配套Android代理的自动化安全测评模型架构，实现了安全要求的批量自动化测评、测评行为全程监控，有效降低了测评人员技术门槛，提升了测评效率和测评质量；设计了云管理平台，研究实现了基于标签的测评数据多维度分析机制，有效提升了安全测评数据的统计分析效率。

关键词: 移动终端, 安全能力, 安全要求, 安全测评, 测评模型

张艳彭华熹何申. 移动终端安全要求测评技术研究及应用[J]. 信息安全研究, 2020, 6(5): 427-432.

References

[1] Pan Juan, Kuang Xiao-Xuan, Luo Hong-Wei et al. YD/T 2407-2013 Technical requirements for recurity capability of smart mobile terminal [S]. Beijing: The People's Posts and Telecommunications Press, 2013 (in Chinese) (潘娟, 匡晓烜, 落红卫等. YD/T 2407-2013移动智能终端安全能力技术要求 [S]. 北京:人民邮电出版社, 2013) [2] Pan Juan, Kuang Xiao-Xuan, Luo Hong-Wei et al. YD/T 2408-2013 Test methods for security capability of smart mobile terminal [S]. Beijing: The People's Posts and Telecommunications Press, 2013 (in Chinese) (潘娟, 匡晓烜, 落红卫等. YD/T 2408-2013移动智能终端安全能力测试方法 [S]. 北京:人民邮电出版社, 2013) [3] Luo Ying-Luo, Pan Juan. Evolution and reformation of security evaluation system for mobile smart terminal [J]. Mobile Communications, 2015, 39(11): 13-17 (in Chinese) (罗璎珞, 潘娟. 移动智能终端安全测评体系的演进与革新 [J]. 移动通信, 2015, 39(11): 13-17) [4] Zheng Hui, Zhang Bing. Security level evaluation solution design for mobile intelligent terminal [C] // The first banking and third-party payment industry information security level protection technology conference. Beijing: Information Network Security, 2014: 48-51 (in Chinese) (郑辉, 张冰. 移动智能终端安全等级评测解决方案设计 [C]. 首届银行和第三方支付行业信息安全等级保护技术大会论文集. 北京:信息网络安全, 2014: 48-51) [5] Lu Quan-Fang, Tang Jie, Wen Hong. The evaluation of security mechanism based on android mobile intelligent terminal operating system [J]. Information Security and Technology, 2013, 4(8): 54-58 (in Chinese) (逯全芳, 唐杰, 文红. Android移动智能终端操作系统安全机制的安全性评估 [J]. 信息安全与技术, 2013, 4(8): 54-58) [6] Zhang Yu-Qing, Zhou Wei, Peng Anni. Survey of Internet of things security [J]. Journal of Computer Research and Development, 2017, 54(10): 2130-2143 (in Chinese) (张玉清, 周威, 彭安妮. 物联网安全综述 [J]. 计算机研究与发展, 2017, 54(10): 2130-2143) [7] Chen Zhao, Zeng Fan-Ping, Chen Guo-Zhu, Zhang Yan-Yong, Li Xiang-Yang. A survey for IoT security assessment technologies [J]. Journal of Cyber Security, 2019, 4(3): 2-16 (in Chinese) (陈钊, 曾凡平, 陈国柱, 张燕咏, 李向阳. 物联网安全测评技术综述 [J]. 信息安全学报, 2019, 4(3): 2-16) [8] Zhuo Sheng-Jie. Security and reliability evaluation technology of Internet of things system [J]. Super Science, 2017, (36): 288-289 (in Chinese) (卓圣杰. 物联网系统安全与可靠性测评技术 [J]. 大科技, 2017, (36): 288-289) [9] Zhao Jian, Wang Rui, Li Zheng-Min, Lei Min, Ma Min-Yao. Security threats and risk assessment of IoT system [J]. Journal of Beijing University of Posts and Telecommunications, 2017, 40(z1):135-139 (in Chinese) (赵健, 王瑞, 李正民, 雷敏, 马敏耀. 物联网系统安全威胁和风险评估 [J]. 北京邮电大学学报, 2017, 40(z1):135-139)

Research and Application of Security Requirements Testing Technology for mobile terminals

移动终端安全要求测评技术研究及应用

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 8

Recommended Articles

Metrics

[1]	. Research on the Requirements and Standard System of 5G Cyber Security [J]. Journal of Information Security Research, 2020, 6(8): 673-679.
[2]	. Research on Security of 5G Mobile Communication Network [J]. Journal of Information Security Research, 2020, 6(8): 699-704.
[3]	. Research on the Safety Grade Protection Evaluation for Industrial Control Systems [J]. Journal of Information Security Research, 2020, 6(3): 272-278.
[4]	. Research on Evaluation System and Index of Cloud Computing Platform Security Capability [J]. Journal of Information Security Research, 2020, 6(11): 0-0.
[5]	. Research on Information Security Requirements and Certification Model of Geographic Information Products [J]. Journal of Information Security Research, 2019, 5(5): 430-433.
[6]	. An overview of Privacy disclosure based on location of mobile terminal and methods of privacy protection [J]. Journal of Information Security Research, 2018, 4(8): 698-703.
[7]	. An Analysis Model and Application for Mobile Payment [J]. Journal of Information Security Research, 2016, 2(6): 548-552.
[8]	Fu Hongyan, Liu Bei. Research on Security Technology Framework of Mobile E-government System [J]. Journal of Information Security Research, 2015, 1(1): 74-80.