Focusing on the problems existing in Android permission mechanism and poor capability of traditional measurement methods of Android software security, a risk assessment method of Android APP based on permission was proposed. Firstly, the system permissions declared by application, the permissions obtained through static analysis and custom permissions were extracted by reverse-engineering analysis of application. At the same time, the permissions used by executing application were extracted through dynamic detection. Secondly, quantitative risk assessment of applications was performed from three aspects:permission combination of hiding malicious intent, "over-privilege" problem and custom permission vulnerability. Finally, the Analytic Hierarchy Process (AHP) evaluation model was adopted to calculate the weights of three aspects above for estimating risk value of application. In addition, custom permission data set and permissions combination dataset with hiding malicious intent were built by training 6245 software samples collected from application store and VirusShare. The experimental results show that the proposed method can assess risk value of application software more accurately compared with Androguard.

Considering rapid growth of Android malware and poor capability of detecting malware, a static detection method based on non-user operation sequences was proposed. Firstly, the Application Programming Interface (API) call information of malware was extracted by reverse engineering analysis. Secondly, the malware's function-call graph was established by using breadth-first traversal algorithm; then, non-user operation sequence was extracted from the function-call graph to form malicious behavior database. Finally, the similarity of the detected sample and non-user operation sequence in the malicious behavior database was calculated by using the edit distance algorithm for malware identification. In the detection of 360 malicious samples and 300 normal samples, the proposed method could reach the recall rate of 90.8% and the accuracy rate of 90.3%. Compared with the Android malware detection system Androguard, the recall rate of the proposed method increased by 30 percentage points in the detection of malicious samples; and compared with the FlowDroid method, the precision rate increased by 11 percentage points in the detection of normal sample and the recall rate increased by 4.4 percentage points in the detection of malicious samples. The experimental results show that the proposed method improves the recall rate of malware detection and promotes the detection effect of malware.

Lots of anonymous protocols for Ad Hoc network have been proposed to enforce the anonymity of the nodes in the network. However, most of the protocols utilize many asymmetric key computations which consume vast time and resources, thus, these protocols are not so suitable for those nodes in Ad Hoc network with limited power and poor computational ability. Hence, a new lightweight protocol with anonymity for Ad Hoc network was proposed. The new protocol ensured many security features and anonymity; most importantly, it employed bilinear pairings to realize the authenticated key exchange. Compared with other protocols, the proposed protocol is more efficient in routing construction by lowering the computing time to large extent and reducing the asymmetric key computation.