《安卓的机制与安全性外文翻译》由会员分享,可在线阅读,更多相关《安卓的机制与安全性外文翻译(11页珍藏版)》请在金锄头文库上搜索。
1、附录A 外文翻译-原文部分Android security mechanismThenextgenerationofopenoperatingsystemswontbeondesktopsormainframesbutonthesmallmobiledeviceswecarryeveryday.Theopennessofthesenewenvironmentswillleadtonewapplicationsandmarketsandwillenablegreaterintegrationwithexistingonlineservices.However,astheimportanceoft
2、hedataandservicesourcellphonessupportincreases,sotoodotheopportunitiesforvulnerability.Itsessentialthatthisnextgenerationofplatformsprovidesacomprehensiveandusablesecurityinfrastructure.DevelopedbytheOpenHandsetAlliance(visiblyledbyGoogle),Androidisawidelyanticipatedopensourceoperatingsystemformobil
3、edevicesthatprovidesabaseoperatingsystem,anapplicationmiddlewarelayer,aJavasoftwaredevelopmentkit(SDK),andacollectionofsystemapplications.AlthoughtheAndroidSDKhasbeenavailablesincelate2007,thefirstpubliclyavailableAndroidready“G1”phonedebutedinlateOctober2008.Sincethen,Androidsgrowthhasbeenphenomena
4、l:T-MobilesG1manufacturerHTCestimatesshipmentvolumesofmorethan1millionphonesbytheendof2008,andindustryinsidersexpectpublicadoptiontoincreasesteeplyin2009.Manyothercellphoneprovidershaveeitherpromisedorplantosupportitinthenearfuture.AlargecommunityofdevelopershasorganizedaroundAndroid,andmanynewprodu
5、ctsandapplicationsarenowavailableforit.OneofAndroidschiefsellingpointsisthatitletsdevelopersseamlesslyextendonlineservicestophones.Themostvisibleexampleofthisfeatureis,unsurprisingly,thetightintegrationofGooglesGmail,Calendar,andContactsWebapplicationswithsystemutilities.Androiduserssimplysupplyause
6、rnameandpassword,andtheirphonesautomaticallysynchronizewithGoogleservices.Othervendorsarerapidlyadaptingtheirexistinginstantmessaging,socialnetworks,andgamingservicestoAndroid,andmanyenterprisesarelookingforwaystointegratetheirowninternaloperations(suchasinventorymanagement,purchasing,receiving,ands
7、oforth)intoitaswell.Traditionaldesktopandserveroperatingsystemshavestruggledtosecurelyintegratesuchpersonalandbusinessapplicationsandservicesonasingleplatform.AlthoughdoingsoonamobileplatformsuchasAndroidremainsnontrivial,manyresearchershopeitprovidesacleanslatedevoidofthecomplicationsthatlegacysoft
8、warecancause.Androiddoesntofficiallysupportapplicationsdevelopedforotherplatforms:applicationsexecuteontopofaJavamiddlewarelayerrunningonanembeddedLinuxkernel,sodeveloperswishingtoporttheirapplicationtoAndroidmustuseitscustomuserinterfaceenvironment.Additionally,Androidrestrictsapplicationinteractio
9、ntoitsspecialAPIsbyrunningeachapplicationasitsownuseridentity.Althoughthiscontrolledinteractionhasseveralbeneficialsecurityfeatures,ourexperiencesdevelopingAndroidapplicationshaverevealedthatdesigningsecureapplicationsisntalwaysstraightforward.Androidusesasimplepermissionlabelassignmentmodeltorestri
10、ctaccesstoresourcesandotherapplications,butforreasonsofnecessityandconvenience,itsdesignershaveaddedseveralpotentiallyconfusingrefinementsasthesystemhasevolved.ThisarticleattemptstounmaskthecomplexityofAndroidsecurityandnotesomepossibledevelopmentpitfallsthatoccurwhendefininganapplicationssecurity.W
11、econcludebyattemptingtodrawsomelessonsandidentifyopportunitiesforfutureenhancementsthatshouldaidinclarityandcorrectness.AndroidApplicationsTheAndroidapplicationframeworkforcesastructureondevelopers.Itdoesnthaveamain()functionorsingleentrypointforexecutioninstead,developersmustdesignapplicationsinter
12、msofcomponents.ExampleApplicationWedevelopedapairofapplicationstohelpdescribehowAndroidapplicationsoperate.InterestedreaderscandownloadthesourcecodefromourWebsite(http:/siis.cse.psu.edu/android_sec_tutorial.html).Letsconsideralocation-sensitivesocialnetworkingapplicationformobilephonesinwhichusersca
13、ndiscovertheirfriendslocations.Wesplitthefunctionalityintotwoapplications:onefortrackingfriendsandoneforviewingthem.AsFigure1shows,theFriendTrackerapplicationconsistsofcomponentsspecifictotrackingfriendlocations(forexample,viaaWebservice),storinggeographiccoordinates,andsharingthosecoordinateswithot
14、herapplications.TheuserthenusestheFriendViewerapplicationtoretrievethestoredgeographiccoordinatesandviewfriendsonamap.Bothapplicationscontainmultiplecomponentsforperformingtheirrespectivetasks;thecomponentsthemselvesareclassifiedbytheircomponenttypes.AnAndroiddeveloperchoosesfrompredefinedcomponenttypesdependingonthecomponentspurpose(suchas
