• • 上一篇    下一篇

电力移动智能终端安全技术研究

王春新%李信%于然%易平   

  • 基金资助:
    国家重点基础研究发展计划[2013CB329603]、国家自然科学基金(61170164、60932003)

Attack and Defense Research on Mobile Intelligent Terminals Used in Electrical Systems

WANG Chun-xin%LI Xin%YU Ran%YI Ping   

  • About author:北京国电通网络技术有限公司,北京,100070%国网冀北电力有限公司信通分公司,北京,100053%上海交通大学,上海,200240

摘要: 电力移动智能终端中存储的用户身份、电力运维数据、电网管理数据等大量重要信息使其具有巨大的攻击价值。Android作为目前全球最广泛使用的移动终端操作系统,也为相当规模的电力移动智能终端所应用,然而,其开放性(第三方开发)等特征在增强其功能和提升应用灵活性的同时也为系统漏洞、恶意应用等多种类型的攻击提供了渠道。文章通过对Android系统安全模型和安全威胁的研究,总结了针对Android平台上的电力移动智能终端的远程和本地攻击、隐私窃取、通信劫持和远程控制技术及方法。最后,提出了在基于Android系统的电力移动智能终端上加载恶意代码检测模块和操作系统加固的建议方案。

Abstract: Mobile intelligent terminals used in electrical systems store much information,including user identity,operation data of electricity, management information,and etc, which makes them have a great value of being attacked. . As the world's most widely used mobile operating system, Android is applied in a large number of applications within the area of power grid. However, the openness (third-party developers) has provided the possibility to vulnerabilities, malicious behaviors and other types of attacks along with the powerful functionality and flexibility. This paper,based on the Android system security model and existing security threats research, summarizez security threats in Android security, including remote and local attacks, privacy theft, hijacking and remote control techniques. And then this paper provides a corresponding solution by adding malicious code detection module and operating system reinforcement which can help us improve the security of grid management system.