多层次的Android系统权限控制方法

微信服务号

微信订阅号

2025年4月7日 0:01 星期一

首页 > 过刊浏览>2015年第26卷第S2期 >263-271

PDF HTML阅读 XML下载导出引用引用提醒

多层次的Android系统权限控制方法
DOI:
                        
                    
CSTR:
                        
                    
作者:
                        罗杨罗杨
北京大学软件与微电子学院, 北京 100871;网络与软件安全保障教育部重点实验室(北京大学), 北京 100871;北京大学服务计算与大数据技术研究室, 北京 100871
在期刊界中查找
在百度中查找
在本站中查找
张齐勋张齐勋
北京大学软件与微电子学院, 北京 100871;网络与软件安全保障教育部重点实验室(北京大学), 北京 100871;北京大学服务计算与大数据技术研究室, 北京 100871
在期刊界中查找
在百度中查找
在本站中查找
沈晴霓沈晴霓
北京大学软件与微电子学院, 北京 100871;网络与软件安全保障教育部重点实验室(北京大学), 北京 100871;北京大学服务计算与大数据技术研究室, 北京 100871
在期刊界中查找
在百度中查找
在本站中查找
刘宏志刘宏志
北京大学软件与微电子学院, 北京 100871;网络与软件安全保障教育部重点实验室(北京大学), 北京 100871;北京大学服务计算与大数据技术研究室, 北京 100871
在期刊界中查找
在百度中查找
在本站中查找
吴中海吴中海
北京大学软件与微电子学院, 北京 100871;网络与软件安全保障教育部重点实验室(北京大学), 北京 100871;北京大学服务计算与大数据技术研究室, 北京 100871
在期刊界中查找
在百度中查找
在本站中查找

                    
作者单位:
作者简介:
通讯作者:
中图分类号:
基金项目:国家科技重大专项(2012ZX03002022);国家自然科学基金(61232005);国家高新技术研究发展计划(863)(2015AA016009)

Android Multi-Level System Permission Management Approach

Author:

LUO Yang
LUO Yang
School of Software and Microelectronics, Peking University, Beijing 100871, China;MoE Key Laboratory of Network and Software Assurance(Peking University), Beijing 100871, China;Research Laboratory of Service Computing and Big Data Technology, Peking University, Beijing 100871, China
在期刊界中查找
在百度中查找
在本站中查找
ZHANG Qi-Xun
ZHANG Qi-Xun
School of Software and Microelectronics, Peking University, Beijing 100871, China;MoE Key Laboratory of Network and Software Assurance(Peking University), Beijing 100871, China;Research Laboratory of Service Computing and Big Data Technology, Peking University, Beijing 100871, China
在期刊界中查找
在百度中查找
在本站中查找
SHEN Qing-Ni
SHEN Qing-Ni
School of Software and Microelectronics, Peking University, Beijing 100871, China;MoE Key Laboratory of Network and Software Assurance(Peking University), Beijing 100871, China;Research Laboratory of Service Computing and Big Data Technology, Peking University, Beijing 100871, China
在期刊界中查找
在百度中查找
在本站中查找
LIU Hong-Zhi
LIU Hong-Zhi
School of Software and Microelectronics, Peking University, Beijing 100871, China;MoE Key Laboratory of Network and Software Assurance(Peking University), Beijing 100871, China;Research Laboratory of Service Computing and Big Data Technology, Peking University, Beijing 100871, China
在期刊界中查找
在百度中查找
在本站中查找
WU Zhong-Hai
WU Zhong-Hai
School of Software and Microelectronics, Peking University, Beijing 100871, China;MoE Key Laboratory of Network and Software Assurance(Peking University), Beijing 100871, China;Research Laboratory of Service Computing and Big Data Technology, Peking University, Beijing 100871, China
在期刊界中查找
在百度中查找
在本站中查找

Affiliation:

Fund Project:

摘要

图/表

访问统计

参考文献 [20]

相似文献 [20]

引证文献

资源附件

文章评论

摘要:

随着Android智能平台的普及,其安全问题日益受到人们关注.在底层安全方面,部分root工具已经实现了对最新版本Android的root提权,从而给恶意软件滥用权限造成可乘之机;在上层应用安全方面,目前还没有能够在应用权限进行有效管理的方法.基于安全策略的思想,提出了一种Android应用权限动态管理机制,利用安全策略对授权进行描述,在Android框架层设置权限检查点,并调用请求评估算法进行授权评估,从而实现对应用行为的监控.实验结果表明,该方法能够有效管理Android应用权限的正常调用,约束非法调用,并且系统开销较小.

关键词:权限管理;安全策略;SELinux;请求评估;权限检查

Abstract:

With the expansion of the market share occupied by the Android platform, security issues (especially application security) have become attention focus of researchers. In fact, the existing methods lack the capabilities to manage application permissions without root privilege. This study proposes a dynamic management mechanism of Android application permissions based on security policies. The paper first describes the permissions by security policies, then implementes permission checking code and request evaluation algorithm in Android framework layer. Experimental results indicate that the presented approach succeeds in permission management of Android applications, and its system overhead is low, which makes it an effective method for Android permission management.

Key words:permission management;security policy;SELinux;request evaluation;permission check

参考文献

[1] Arzt S, Bartel A, Gay R, et al. Poster:Software security for mobile devices. In:Proc. of the 36th IEEE Symp. on Security and Privacy. Piscataway:IEEE, 2015. 1-2.

[2] Enck W, Ongtang M, Mcdaniel P. Understanding android security. In:Proc. of the 30th IEEE Symp. on Security and Privacy. Piscataway:IEEE, 2009. 50-57.

[3] Zhang YQ, Wang K, Yang H, et al. Survey of Android OS security. Journal of Computer Research and Development, 2014,51(7):1385-1396(in Chinese with English abstract).

[4] Lei LG, Jing JW, Wang YW, et al. A behavior-based system resources access control scheme for Android. Journal of Computer Research and Development, 2014,51(5):1028-1038(in Chinese with English abstract).

[5] Yang H, Zhang YQ, Hu YP, et al. A malware behavior detection system of Android applications based on multi-class features. Chinese Journal of Computers, 2014,37(1):15-27(in Chinese with English abstract).

[6] Grace M, Zhou Y, Zhang Q, et al. Riskranker:Scalable and accurate zero-day Android malware detection. In:Proc. of the 10th Int'l Conf. on Mobile Systems, Applications, and Services. New York:ACM, 2012. 281-294.

[7] Wang HY, Wang ZY, Guo Y, et al. Detecting repackaged Android applications based on code clone detection technique. SCIENTIA SINICA Informationis, 2014,44(1):142-157(in Chinese with English abstract).

[8] Sarwar G, Mehani O, Boreli R, et al. On the effectiveness of dynamic taint analysis for protecting against private information leaks on Android-based devices. In:Proc. of the 10th Int'l Conf. on Security and Cryptography. Berlin, Heidelberg:Springer-Verlag, 2013. 461-468.

[9] Conti M, Nguyen VTN, Crispo B. CRePE:Context-Related policy enforcement for Android. In:Proc. of the 13th Information Security Conf. Berlin, Heidelberg:Springer-Verlag, 2011. 331-345.

[10] Tesfay WB, Booth T, Andersson K. Reputation based security model for Android applications. In:Proc. of the 11th Int'l Conf. on Trust, Security and Privacy in Computing and Communications (TrustCom). Piscataway:IEEE, 2012. 896-901.

[11] Zhang Y, Yang M, Xu B, et al. Vetting undesirable behaviors in Android apps with permission use analysis. In:Proc. of the 2013 ACM SIGSAC Conf. on Computer & Communications Security. New York:ACM, 2013. 611-622.

[12] Felt AP, Ha E, Egelman S, et al. Android permissions:User attention, comprehension, and behavior. In:Proc. of the 8th Symp. on Usable Privacy and Security. New York:ACM, 2012. 3-16.

[13] Standard O. Extensible access control markup language (xacml) version 2.0. 2005.

[14] Wang YZ, Feng DG, Zhang LW, Zhang M. XACMl policy evaluation engine based on multi-level optimization technology. Ruan Jian Xue Bao/Journal of Software, 2011,22(2):323-338(in Chinese with English abstract). http://www.jos.org.cn/1000-9825/3707.htm[doi:10.3724/SP.J.1001.2011.03707]

[15] Zhou Y, Jiang X. Dissecting Android malware:Characterization and evolution. In:Proc. of the 33th IEEE Symp. on Security and Privacy. Piscataway:IEEE, 2012. 95-109.

[3] 张玉清,王凯,杨欢,方喆君,王志强,曹琛.Android安全综述.计算机研究与发展,2014,51(7):1385-1396.

[4] 雷灵光,荆继武,王跃武,张中文.一种基于行为的Android系统资源访问控制方案.计算机研究与发展,2014,51(5):1028-1038.

[5] 杨欢,张玉清,胡予濮,刘奇旭.基于多类特征的Android应用恶意行为检测系统.计算机学报,2014,37(1):15-27.

[7] 王浩宇,王仲禹,郭耀,陈向群.基于代码克隆检测技术的Android应用重打包检测.中国科学(信息科学),2014,44(1):142-157.

[14] 王雅哲,冯登国,张立武,张敏.基于多层次优化技术的XACML策略评估引擎.软件学报,2011,22(2):323-338. http://www.jos.org.cn/1000-9825/3707.htm[doi:10.3724/SP.J.1001.2011.03707]

引用本文

罗杨,张齐勋,沈晴霓,刘宏志,吴中海.多层次的Android系统权限控制方法.软件学报,2015,26(S2):263-271

复制

文章指标

点击次数:
下载次数:
HTML阅读次数:
引用次数:

历史

收稿日期:2015-08-07
最后修改日期:2015-10-12
录用日期:
在线发布日期: 2016-01-11
出版日期:

微信服务号

微信订阅号

引用本文

分享

文章指标

历史

文章二维码

微信服务号

微信订阅号

引用本文

分享

微信扫一扫：分享

文章指标

历史

文章二维码