基于Android系统的移动智能终端敏感信息保护技术研究与实现

发布时间：2018-08-15 16:50

【摘要】：随着移动终端的发展进入智能化时代,其性能得到极大提高的同时,功能也日益丰富多彩。用户将很多重要敏感信息和隐私数据直接存储在移动智能终端上,一旦这些信息和数据被泄露,会直接影响到用户的经济利益,因此这些数据的安全显得尤为重要。本文针对以上现状,研究了敏感信息的防泄漏方法,以用户为中心,设计实现一款全方位保护敏感信息的安全防护系统。课题设计实现了包括源端敏感信息加密处理隐私空间模块、程序运行中恶意行为检测模块、基于访问控制的软件锁模块和终端丢失后敏感信息的控制防盗模块。论文主要内容和创新点如下:(1)提出了基于分层架构的敏感信息安全防护模型。模型通过数据层、系统交互层、应用层和功能层的设计,协同保护终端上敏感信息的安全。数据层保证了敏感信息的安全存储;系统交互层对终端操作者的访问进行控制;通过应用层划分不同的功能,为功能层防护技术的实现提供了接口。(2)研究了 Android移动智能终端图片、视频、文件和短信加密、存储、提取的方法,设计了敏感信息加密隐私空间模块。基于AES算法对终端上敏感信息进行加密存储,保证此类信息的安全。(3)分析了 Android移动智能终端应用程序访问控制机制,提出了基于黑白名单保护程序应用的软件锁方案。通过设置黑名单,对携带有个人敏感信息的软件进行锁定保护;通过临时设置白名单,保证了合法用户对黑名单锁定软件的正常使用。(4)设计并实现了移动智能终端智能防盗功能。通过监听SIM卡状态和获取终端位置信息,为终端找回提供了线索;通过对终端敏感信息的远程操作,实现对终端敏感信息的擦除,保证了移动智能终端丢失后敏感信息依然处于可控状态。(5)设计了基于权限分析的恶意软件监控模块。通过逆向应用程序安装文件,解析权限申请,对程序安装时的敏感权限申请给予提示;并通过监测程序的访问,对敏感信息操作行为进行控制;通过对Android系统内部文件内容的修改,实现对程序应用权限的重新授权。本文通过对Android智能终端敏感信息安全防护技术的研究,实现了基于分层架构的敏感信息安全防护系统。经测试表明,系统在功能和性能上都能很好的满足实际需求,验证了系统的可行性、实用性和安全性,对同类敏感信息安全防护系统具有一定的参考意义。
[Abstract]:With the development of mobile terminal into the era of intelligence, its performance has been greatly improved, and its functions have become increasingly colorful. Users store a lot of important sensitive information and privacy data directly on mobile intelligent terminals. Once these information and data are leaked, it will directly affect the economic interests of users, so these data. In view of the above situation, this paper studies the anti-leakage methods of sensitive information, designs and implements a user-centered security protection system for all-round protection of sensitive information. The main contents and innovations of this paper are as follows: (1) A layered sensitive information security protection model is proposed. The model protects the security of sensitive information on the terminal through the design of data layer, system interaction layer, application layer and function layer. The data layer guarantees the safe storage of sensitive information; the system interaction layer controls the access of terminal operators; the application layer divides different functions to provide an interface for the implementation of functional layer protection technology. (2) The encryption, storage and extraction methods of Android mobile intelligent terminal pictures, videos, files and short messages are studied, and the sensitive information is designed. Information Encryption Privacy Space Module. Encrypt and store sensitive information on the terminal based on AES algorithm to ensure the security of this kind of information. (3) Analyze the access control mechanism of Android mobile intelligent terminal application program, put forward a software lock scheme based on black and white list protection program application. (4) Intelligent anti-theft function of mobile intelligent terminal is designed and implemented. By monitoring the status of SIM card and acquiring terminal location information, clues are provided for the terminal to retrieve. Remote manipulation of sensitive information of terminal is carried out. (5) Designed a malicious software monitoring module based on privilege analysis. Through reverse application program installation file, parsed the privilege application, prompted the sensitive privilege application when the program was installed; and through the monitoring process. By modifying the contents of the files in the Android system, the application authority of the program is re-authorized. Through the research on the sensitive information security protection technology of Android intelligent terminal, the sensitive information security protection system based on hierarchical structure is realized. The function and performance of the system can meet the actual needs very well, which verifies the feasibility, practicability and security of the system. It has a certain reference significance for similar sensitive information security protection systems.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：TP309;TP316

【相似文献】