李道丰,陈海强,梁家荣,赵搏文.标准模型下可证明安全的APK二次开发授权机制.软件学报,0,(0):0 |
标准模型下可证明安全的APK二次开发授权机制 |
Provable Secure Authorization Mechanism for the APK Redevelopment in the Standard Model |
投稿时间:2017-03-30 修订日期:2017-09-26 |
DOI: |
中文关键词: 可净化签名 APK签名机制 二次开发 基于身份的签名 标准模型 |
英文关键词:Sanitizable Signature Provable Secure Redevelopment ID-Based Signature Standard Model |
基金项目:国家自然科学基金(61662004);广西自然科学基金(2016GXNSFAA380215) |
|
摘要点击次数: 1243 |
全文下载次数: 877 |
中文摘要: |
为了解决Android APK文件有效性和版权问题,需要签名才能发布.然而当第三方申请对原生APK文件进行二次开发和修改授权时,如何指定第三方的开发和修改权限以及确定APK文件二次开发完成后出现的版权问题仍是有待解决的问题.为此,文中提出一种细粒度的在标准模型下可证明安全的APK授权机制(APK-SAN).APK-SAN授权机制主要采用基于身份的可净化签名技术的特有属性,允许原生APK文件的开发者授权给第三方(指定修改者)对APK文件的许可区域或位置进行二次开发或修改,且修改后生成的新APK文件的签名仍然有效.分析结果表明,所提的APK-SAN授权机制无需证书存储和管理、提供细粒度修改授权功能,可维护原开发者和修改者双方的合法权益,减少了开发者的通信开销和计算开销. |
英文摘要: |
Signatures are used to address the validation and authorization issues of the APK file before publishing. When the modifier apply for the right to redevelop APK files how to authorize and ascertain the authorization issues are very important problems which have not been solved. In this work, a new APK authorization mechanism (APK-SAN) is proposed using the sanitizable signature scheme. APK-SAN authorization mechanism utilizes unique properties of sanitizable signature technology that allows original developer to authorize specified modifier to redevelop the designated part of source code of the APK file without interaction between developer and modifier. Moreover, APK-SAN authorization mechanism does not require to storage and management of Certification. Our scheme reduces communication overhead and computational overheads of the original developer. The signature of new APK files after redevelopment is still valid. This maintains the copyright of original developer and modifier. |
HTML 下载PDF全文 查看/发表评论 下载PDF阅读器 |