Android平台隐私保护方法研究
发布时间:2018-08-03 10:38
【摘要】:随着智能手机的普及以及计算能力的不断提升,智能手机已经成为人们娱乐和通信的必备工具。智能手机在方便用户使用的同时,也保存了大量的个人隐私,如照片、视频等。特别是,移动互联网和云计算的快速发展,使得网上购物以及移动支付已经成为普通用户的主要消费方式。另外,为了提高雇员的工作效率,各大公司纷纷推出自己的移动办公APP。这些方式虽然给用户提供了极大的便利,但是也导致智能手机承载了更多个人隐私和商业机密。因此,智能手机安全已经成为广大普通用户关注的重点。在所有智能手机操作系统中,android系统由于其开放的特性及最大的市场占有率,成为恶意程序攻击的主要目标。为了保护用户的隐私,android系统提供了一些基本的保护措施,例如锁屏和全磁盘加密。同时,为了防止恶意程序攻击,android系统也采用了另外一些防护措施,如基于权限的访问控制策略、应用程序数字签名等。虽然这些措施在一定程度上保护用户的个人隐私和系统安全,但是仍然存在许多安全漏洞,并且在一些特定情况下,这些措施几乎是无效的。为此,本文从实际情况出发,分析android系统目前存在的不足,提出了三种防止隐私泄露的系统加固安全机制,即基于可否认加密的隐私保护机制、基于双系统空间的可信运行环境架构以及一种基于内存储器(仿真存储器)的细粒度文件访问控制及勒索软件探测。借助于对android系统架构和相关安全机制的研究,从实际的存在的问题出发,设计并实现了防止隐私泄露的相关原型系统。实验表明本文提出的原型系统是能够弥补android系统隐私保护强度的不足,增强了对用户隐私的保护。另外,原型系统所带来的额外开销,对于用户来说都是完全可以接受的。其次,本文的原型系统是可以在真实设备上进行实际部署的。本文的贡献主要包括以下三部分:1)用户的智能手机及锁屏密码被攻击者获取后,手机内的隐私数据将全部泄露。相关研究利用数据隐藏的方法,实现了隐私数据的保护。但这些方法存在严重的越界污染问题(隐私数据被其它数据覆盖),并且操作步骤繁琐,导致突发情况下隐私数据无法及时隐藏。针对这些不足,本文基于可否认加密和设备映射技术,提出了一种更完善、可靠的隐私保护机制,设计并实现了两种原型系统 MobiMimosa 和 Refugedroid。MobiMimosa 原型能够大幅度缓解越界污染问题,并在一定程度上提高空间的利用率。在MobiMimosa基础上,Refugedroid原型则能够完全克服越界污染问题,确保隐私数据的完整性。两个原型系统在智能手机内支持多个隐藏加密卷,即具有多级可否认性。为了简化隐私数据的存储过程,两个原型系统分别在android系统中各自添加了一个系统服务。该服务不仅能够为上层应用程序提供一系列操作隐藏卷的接口,而且也实时监控系统的状态,在简化操作步骤的同时,也能够实现隐私数据的动态保护。这能够降低在突发状况下隐私泄露的风险。因此,和相关研究相比,本文的原型系统有更好的交互性和可靠性。另外,性能测试结果表明,本文实现的两种原型系统并没有降低原有系统的性能,对用户来说是完全能够接受的。2) android系统内应用程序运行环境日益复杂,敏感应用程序(如支付类APP)经常遭受恶意程序的攻击,致使用户遭受财产损失和隐私泄露。为敏感应用程序提供一个安全可靠的运行环境是能够抑制这种攻击的。虽然相关研究利用系统虚拟化技术解决了上述问题,但是其需要占用大量的系统资源,这在资源受限的移动设备上是不可行的。因此,针对android系统运行的特性,本文提出了一种基于双系统空间的可信运行架构。该框架能够实现两个运行空间,并且不会额外占用任何系统资源,完全可以在真正移动设备上部署。为此,本文设计并实现了两种原型系统MobiGemini和VirtualMobi。这两种原型系统分别存在两种运行模式:正常运行空间模式和安全运行空间模式。通过两种运行空间将不可信的第三方APP和可信的第三方APP从时间和空间上进行隔离,从而避免恶意程序对敏感应用程序的影响和攻击。用户可以通过UI接口及相应的密码快速在两种运行空间进行切换,而无需关机重启。MobiGemini和VirtualMobi也提供一个额外的优势—安全运行空间的可否认性。在MobiGemini的基础上,VirtualMobi利用存储器虚拟技术,在提高存储空间利用率的同时,也使得安全运行空间具有更好的隐蔽性和可否认性。另外,本文也设计了一种新的密钥存储方式,以增强安全运行空间加密密钥的安全。实验结果表明,本文提出的设计方案是可行的,能够实现对APP的有效隔离,并且几乎不影响原系统的性能。3) APP在安装时如果申请了读写内存储器(仿真存储器)权限,该APP能够读写所有存储在其内的数据文件(包括用户的隐私数据)。针对android系统这种粗粒度的内存储器保护策略,相关研究提出了多种细粒度的文件访问控制方法。然而,这些方法在很大程度上影响了系统的I/O性能。因此,本文提出了一种基于DAC(Discretionary Access Control)的内存储器细粒度文件访问控制机制。该机制在实现细粒度的文件访问控制的同时,不会明显降低系统的I/O性能。为此,本文也设计并实现了一个框架原型SdGuard。该原型系统主要包含两个部分:修改后的fuse守护进程和一个应用程序Sdguards。修改后的fuse守护进程实现了一个类似于Ext4文件系统的细粒度文件访问控制策略,并且生成一个文件访问日志。Sdguards应用程序能够通过分析日志识别由应用程序导致的隐私泄露和加密类型勒索软件。和相关的研究相比,本文的原型系统能提供更高效的细粒度文件访问控制,并且具有一个额外的优势一隐私泄露及勒索软件探测。实验结果表明本文提出的原型系统能够实现细粒度的文件访问控制及隐私泄露探测。
[Abstract]:With the popularity of smart phones and the continuous improvement of computing power, smart phones have become a necessary tool for people to entertain and communicate. Smart phones have also saved a lot of personal privacy, such as photos and video, while it is convenient for users to use. In particular, the rapid development of mobile Internet and cloud computing makes online shopping and moving. In addition, in order to improve the efficiency of the employees, in order to improve the efficiency of the employees, the big companies have launched their own mobile office APP., which have provided the users with great convenience, but also lead to the smart phone carrying more personal privacy and business secrets. Therefore, the smart phone is safe already. In all smart phone operating systems, the Android system has become the main target of malicious program attack because of its open characteristics and maximum market share. In order to protect the privacy of users, the Android system provides some basic protection measures, such as lock screen and full disk encryption. In order to prevent malicious program attacks, the Android system also uses some other protective measures, such as access control strategy based on authority, application digital signature, etc. Although these measures protect the user's personal privacy and system security to a certain extent, there are still many security vulnerabilities, and in some cases, these The measures are almost ineffective. Therefore, from the actual situation, this paper analyzes the shortcomings of the Android system, and puts forward three kinds of system strengthening security mechanisms to prevent privacy disclosure, that is, the privacy protection mechanism based on deniable encryption, a trusted running environment architecture based on dual system space and a memory based storage (simulation storage). With the help of the research on the architecture of Android system and the related security mechanism, the prototype system is designed and implemented to prevent privacy leaks from the actual existing problems. The experiment shows that the prototype system proposed in this paper can make up for the privacy protection intensity of the Android system. In addition, the additional overhead caused by the prototype system is fully acceptable to the user. Secondly, the prototype system in this paper can be deployed on real devices. The contribution of this paper mainly includes the following three points: 1) the user's smart phone and the lock screen password are attacked After the acquisition, the privacy data in the mobile phone will be all leaked. The related research uses data hiding methods to achieve the protection of privacy data. But these methods have serious cross boundary pollution problems (privacy data are covered by other data), and the operation procedure is tedious, causing the privacy data can not be hidden in a timely manner. In this paper, based on repudiation and device mapping technology, this paper proposes a more perfect and reliable privacy protection mechanism, and designs and implements two prototype systems MobiMimosa and Refugedroid.MobiMimosa prototype to greatly alleviate the problem of cross border pollution, and to a certain extent, improve the utilization of space. On the basis of MobiMimosa, The Refugedroid prototype can completely overcome the problem of transboundary pollution and ensure the integrity of privacy data. Two prototype systems support multiple hidden encrypted volumes in the smartphone, that is, multilevel identifiability. In order to simplify the storage process of privacy data, the two prototype systems separately add a system service to the Android system respectively. The service can not only provide a series of operating hidden volumes for the upper application, but also monitor the state of the system in real time. While simplifying the operation steps, it can also realize the dynamic protection of the privacy data. This can reduce the risk of privacy disclosure in a sudden situation. Therefore, the prototype system of this paper is compared with the related research. There is better interaction and reliability. In addition, performance test results show that the two prototype systems implemented in this paper do not reduce the performance of the original system, and are fully acceptable to the user for.2) the application environment in the Android system is increasingly complex, and the sensitive applications (such as the payment class APP) often suffer from the attack of malicious programs. Attack, resulting in property loss and privacy disclosure. Providing a secure and reliable running environment for sensitive applications can inhibit this attack. Although the related research uses system virtualization technology to solve the above problems, it needs to take up a large amount of system resources, which is not feasible on a resource constrained mobile device. Therefore, in view of the characteristics of the Android system running, this paper proposes a trusted running architecture based on dual system space. This framework can implement two running spaces without taking up any additional system resources and can be deployed on real mobile devices. Therefore, this paper designs and implements two prototype systems, MobiGemini and V. IrtualMobi. two prototype systems have two operating modes: normal operating space mode and safe operation space mode. Through two operating spaces, the untrusted third party APP and trusted third party APP are isolated from time and space, thus avoiding the impact and attack of malicious programs on sensitive applications. In order to quickly switch over the two operating spaces through the UI interface and the corresponding password, and no shutdown to restart.MobiGemini and VirtualMobi also provides an additional advantage - the repudiation of the safe running space. On the basis of MobiGemini, VirtualMobi uses memory virtual techniques to improve storage space utilization and also make it possible The safe operation space has better concealment and repudiation. In addition, this paper also designs a new key storage method to enhance the security of secure operating space encryption key. Experimental results show that the proposed design scheme is feasible, and can effectively isolate the APP, and almost do not affect the performance of the original system. 3) APP is able to read and write all the data files stored in it (including the user's privacy data) if the APP has applied for the read and write memory (emulation memory) permissions at the time of installation. A variety of fine-grained file access control methods are proposed for the coarse grained memory storage protection strategy of the Android system. The method greatly affects the I/O performance of the system. Therefore, a fine grained file access control mechanism based on DAC (Discretionary Access Control) is proposed in this paper. This mechanism does not significantly reduce the I/O performance of the system while realizing fine grained file access control. This paper also designs and implements the system. A framework prototype SdGuard. the prototype system mainly contains two parts: the modified fuse daemon and an application Sdguards. modified fuse daemon implement a fine-grained file access control strategy similar to the Ext4 file system, and generate a text access log.Sdguards application that can pass through The analysis log identifies the privacy leaks and encrypted types of extortion software caused by the application. Compared with the related research, the prototype system can provide more efficient fine-grained file access control, and has an additional advantage of privacy disclosure and extortion software detection. The results show that the prototype system proposed in this paper can be used. Fine grained file access control and privacy leak detection.
【学位授予单位】:北京邮电大学
【学位级别】:博士
【学位授予年份】:2017
【分类号】:TP309;TP316
本文编号:2161484
[Abstract]:With the popularity of smart phones and the continuous improvement of computing power, smart phones have become a necessary tool for people to entertain and communicate. Smart phones have also saved a lot of personal privacy, such as photos and video, while it is convenient for users to use. In particular, the rapid development of mobile Internet and cloud computing makes online shopping and moving. In addition, in order to improve the efficiency of the employees, in order to improve the efficiency of the employees, the big companies have launched their own mobile office APP., which have provided the users with great convenience, but also lead to the smart phone carrying more personal privacy and business secrets. Therefore, the smart phone is safe already. In all smart phone operating systems, the Android system has become the main target of malicious program attack because of its open characteristics and maximum market share. In order to protect the privacy of users, the Android system provides some basic protection measures, such as lock screen and full disk encryption. In order to prevent malicious program attacks, the Android system also uses some other protective measures, such as access control strategy based on authority, application digital signature, etc. Although these measures protect the user's personal privacy and system security to a certain extent, there are still many security vulnerabilities, and in some cases, these The measures are almost ineffective. Therefore, from the actual situation, this paper analyzes the shortcomings of the Android system, and puts forward three kinds of system strengthening security mechanisms to prevent privacy disclosure, that is, the privacy protection mechanism based on deniable encryption, a trusted running environment architecture based on dual system space and a memory based storage (simulation storage). With the help of the research on the architecture of Android system and the related security mechanism, the prototype system is designed and implemented to prevent privacy leaks from the actual existing problems. The experiment shows that the prototype system proposed in this paper can make up for the privacy protection intensity of the Android system. In addition, the additional overhead caused by the prototype system is fully acceptable to the user. Secondly, the prototype system in this paper can be deployed on real devices. The contribution of this paper mainly includes the following three points: 1) the user's smart phone and the lock screen password are attacked After the acquisition, the privacy data in the mobile phone will be all leaked. The related research uses data hiding methods to achieve the protection of privacy data. But these methods have serious cross boundary pollution problems (privacy data are covered by other data), and the operation procedure is tedious, causing the privacy data can not be hidden in a timely manner. In this paper, based on repudiation and device mapping technology, this paper proposes a more perfect and reliable privacy protection mechanism, and designs and implements two prototype systems MobiMimosa and Refugedroid.MobiMimosa prototype to greatly alleviate the problem of cross border pollution, and to a certain extent, improve the utilization of space. On the basis of MobiMimosa, The Refugedroid prototype can completely overcome the problem of transboundary pollution and ensure the integrity of privacy data. Two prototype systems support multiple hidden encrypted volumes in the smartphone, that is, multilevel identifiability. In order to simplify the storage process of privacy data, the two prototype systems separately add a system service to the Android system respectively. The service can not only provide a series of operating hidden volumes for the upper application, but also monitor the state of the system in real time. While simplifying the operation steps, it can also realize the dynamic protection of the privacy data. This can reduce the risk of privacy disclosure in a sudden situation. Therefore, the prototype system of this paper is compared with the related research. There is better interaction and reliability. In addition, performance test results show that the two prototype systems implemented in this paper do not reduce the performance of the original system, and are fully acceptable to the user for.2) the application environment in the Android system is increasingly complex, and the sensitive applications (such as the payment class APP) often suffer from the attack of malicious programs. Attack, resulting in property loss and privacy disclosure. Providing a secure and reliable running environment for sensitive applications can inhibit this attack. Although the related research uses system virtualization technology to solve the above problems, it needs to take up a large amount of system resources, which is not feasible on a resource constrained mobile device. Therefore, in view of the characteristics of the Android system running, this paper proposes a trusted running architecture based on dual system space. This framework can implement two running spaces without taking up any additional system resources and can be deployed on real mobile devices. Therefore, this paper designs and implements two prototype systems, MobiGemini and V. IrtualMobi. two prototype systems have two operating modes: normal operating space mode and safe operation space mode. Through two operating spaces, the untrusted third party APP and trusted third party APP are isolated from time and space, thus avoiding the impact and attack of malicious programs on sensitive applications. In order to quickly switch over the two operating spaces through the UI interface and the corresponding password, and no shutdown to restart.MobiGemini and VirtualMobi also provides an additional advantage - the repudiation of the safe running space. On the basis of MobiGemini, VirtualMobi uses memory virtual techniques to improve storage space utilization and also make it possible The safe operation space has better concealment and repudiation. In addition, this paper also designs a new key storage method to enhance the security of secure operating space encryption key. Experimental results show that the proposed design scheme is feasible, and can effectively isolate the APP, and almost do not affect the performance of the original system. 3) APP is able to read and write all the data files stored in it (including the user's privacy data) if the APP has applied for the read and write memory (emulation memory) permissions at the time of installation. A variety of fine-grained file access control methods are proposed for the coarse grained memory storage protection strategy of the Android system. The method greatly affects the I/O performance of the system. Therefore, a fine grained file access control mechanism based on DAC (Discretionary Access Control) is proposed in this paper. This mechanism does not significantly reduce the I/O performance of the system while realizing fine grained file access control. This paper also designs and implements the system. A framework prototype SdGuard. the prototype system mainly contains two parts: the modified fuse daemon and an application Sdguards. modified fuse daemon implement a fine-grained file access control strategy similar to the Ext4 file system, and generate a text access log.Sdguards application that can pass through The analysis log identifies the privacy leaks and encrypted types of extortion software caused by the application. Compared with the related research, the prototype system can provide more efficient fine-grained file access control, and has an additional advantage of privacy disclosure and extortion software detection. The results show that the prototype system proposed in this paper can be used. Fine grained file access control and privacy leak detection.
【学位授予单位】:北京邮电大学
【学位级别】:博士
【学位授予年份】:2017
【分类号】:TP309;TP316
【相似文献】
相关期刊论文 前10条
1 ;守住你的秘密——隐私保护神[J];计算机与网络;2002年05期
2 李学聚;;新时期读者隐私保护探析[J];科技情报开发与经济;2006年13期
3 管重;;谁偷窥了你的隐私[J];数字通信;2007年15期
4 孔为民;;大学图书馆与隐私保护[J];科技情报开发与经济;2007年26期
5 尹凯华;熊璋;吴晶;;个性化服务中隐私保护技术综述[J];计算机应用研究;2008年07期
6 高枫;张峰;周伟;;网络环境中的隐私保护标准化研究[J];电信科学;2013年04期
7 高密;薛宝赏;;我的电脑信息 隐私保护很强大[J];网友世界;2010年11期
8 ;为自己的电子商务设计隐私保护[J];个人电脑;2000年07期
9 ;隐私保护的10个准则[J];个人电脑;2000年07期
10 岑婷婷;韩建民;王基一;李细雨;;隐私保护中K-匿名模型的综述[J];计算机工程与应用;2008年04期
相关会议论文 前10条
1 郑思琳;陈红;叶运莉;;实习护士病人隐私保护意识和行为调查分析[A];中华护理学会第8届全国造口、伤口、失禁护理学术交流会议、全国外科护理学术交流会议、全国神经内、外科护理学术交流会议论文汇编[C];2011年
2 孙通源;;基于局部聚类和杂度增益的数据信息隐私保护方法探讨[A];中国水利学会2013学术年会论文集——S4水利信息化建设与管理[C];2013年
3 张亚维;朱智武;叶晓俊;;数据空间隐私保护平台的设计[A];第二十五届中国数据库学术会议论文集(一)[C];2008年
4 公伟;隗玉凯;王庆升;胡鑫磊;李换双;;美国隐私保护标准及隐私保护控制思路研究[A];2013年度标准化学术研究论文集[C];2013年
5 张鹏;于波;童云海;唐世渭;;基于随机响应的隐私保护关联规则挖掘[A];第二十一届中国数据库学术会议论文集(技术报告篇)[C];2004年
6 桂琼;程小辉;;一种隐私保护的分布式关联规则挖掘方法[A];2009年全国开放式分布与并行计算机学术会议论文集(下册)[C];2009年
7 俞笛;徐向阳;解庆春;刘寅;;基于保序加密的隐私保护挖掘算法[A];第八届全国信息隐藏与多媒体安全学术大会湖南省计算机学会第十一届学术年会论文集[C];2009年
8 李贝贝;乐嘉锦;;分布式环境下的隐私保护关联规则挖掘[A];第二十二届中国数据库学术会议论文集(研究报告篇)[C];2005年
9 徐振龙;郭崇慧;;隐私保护数据挖掘研究的简要综述[A];第七届(2012)中国管理学年会商务智能分会场论文集(选编)[C];2012年
10 潘晓;郝兴;孟小峰;;基于位置服务中的连续查询隐私保护研究[A];第26届中国数据库学术会议论文集(A辑)[C];2009年
相关重要报纸文章 前10条
1 记者 李舒瑜;更关注隐私保护和人格尊重[N];深圳特区报;2011年
2 荷兰鹿特丹医学中心博士 吴舟桥;荷兰人的隐私[N];东方早报;2012年
3 本报记者 周静;私密社交应用风潮来袭 聚焦小众隐私保护是关键[N];通信信息报;2013年
4 独立分析师 陈志刚;隐私管理应归个人[N];通信产业报;2013年
5 本报记者 朱宁宁;商业利益与隐私保护需立法平衡[N];法制日报;2014年
6 袁元;手机隐私保护萌发商机[N];证券日报;2014年
7 王尔山;跟隐私说再见[N];21世纪经济报道;2008年
8 记者 武晓黎;360安全浏览器推“隐私浏览”模式[N];中国消费者报;2008年
9 早报记者 是冬冬;“美国隐私保护法律已过时”[N];东方早报;2012年
10 张晓明;隐私的两难[N];电脑报;2013年
相关博士学位论文 前10条
1 洪双喜;Android平台隐私保护方法研究[D];北京邮电大学;2017年
2 孟祥旭;基于位置的移动信息服务技术与应用研究[D];国防科学技术大学;2013年
3 兰丽辉;基于向量模型的加权社会网络发布隐私保护方法研究[D];江苏大学;2015年
4 柯昌博;云服务组合隐私分析与保护方法研究[D];南京航空航天大学;2014年
5 李敏;基于位置服务的隐私保护研究[D];电子科技大学;2014年
6 陈东;信息物理融合系统安全与隐私保护关键技术研究[D];东北大学;2014年
7 张柯丽;信誉系统安全和隐私保护机制的研究[D];北京邮电大学;2015年
8 Kamenyi Domenic Mutiria;[D];电子科技大学;2014年
9 孙崇敬;面向属性与关系的隐私保护数据挖掘理论研究[D];电子科技大学;2014年
10 刘向宇;面向社会网络的隐私保护关键技术研究[D];东北大学;2014年
相关硕士学位论文 前10条
1 邹朝斌;SNS用户隐私感知与自我表露行为的关系研究[D];西南大学;2015年
2 李汶龙;大数据时代的隐私保护与被遗忘权[D];中国政法大学;2015年
3 孙琪;基于位置服务的连续查询隐私保护研究[D];湖南工业大学;2015年
4 尹惠;无线传感器网络数据融合隐私保护技术研究[D];西南交通大学;2015年
5 王鹏飞;位置服务中的隐私保护技术研究[D];南京理工大学;2015年
6 顾铖;基于关联规则的隐私保护算法研究[D];南京理工大学;2015年
7 崔尧;基于匿名方案的位置隐私保护技术研究[D];西安工业大学;2015年
8 毕开圆;社会网络中用户身份隐私保护模型的研究[D];大连海事大学;2015年
9 黄奚芳;基于差分隐私保护的集值型数据发布技术研究[D];江西理工大学;2015年
10 高超;具有隐私保护意识的大样本双盲随机对照试验数据管理系统的设计与实现[D];山东大学;2015年
,本文编号:2161484
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2161484.html
