基于多策略的Android访问控制系统设计与实现
发布时间:2018-11-26 13:17
【摘要】:Android的广泛应用使得Android系统缺陷越来越受到关注。由于Android平台存在一些安全机制问题,使得简单的权限机制不足以用来保证手机端软件行为的安全。而传统的Android框架不能保证用户利用权限对Android应用软件进行访问控制。本文针对Android安全机制不完善问题,对Android框架层进行拓展。将RSBAC(基于规则集访问控制)框架引入Android框架层,实现了基于多策略的访问控制系统。首先,用androguard对应用程序经常访问的敏感API特征进行抽取,并对这些API进行建模,设置用户策略、上下文策略限制应用程序访问敏感API的能力。其次,对应用程序的信息进行抽取,包括应用程序类型,应用程序组件等信息,并对这些信息进行建模,将其定义为应用程序状态。基于应用程序状态,设置系统策略以防止权限提升攻击。然后,当应用程序发出访问请求时,Android系统将根据请问请求客体的类型运行策略加载算法,对应用程序请求作出相应,从而完成对框架层API接口以及应用程序间的通信行为的访问控制。论文最后,对50个Android市场上应用程序以及118个恶意软件进行测试,通过实验验证了本文系统的正确性及有效性。本文实现了用户对应用程序细粒度的访问控制,而对于应用程序之间的非法通信,用户可以配置系统策略从而阻止应用程序间的非法通信。通过多策略机制,完成对应用程序行为的控制,实现了一个安全的、灵活的访问控制系统。
[Abstract]:With the wide application of Android, more and more attention has been paid to the defects of Android system. Because of some security mechanism problems in Android platform, the simple privilege mechanism is not enough to ensure the security of mobile phone software behavior. However, the traditional Android framework can not guarantee the access control of Android application software. Aiming at the imperfect security mechanism of Android, this paper extends the Android framework layer. The RSBAC (ruleset based access control) framework is introduced into the Android framework layer, and a multi-policy based access control system is implemented. Firstly, androguard is used to extract the sensitive API features that are frequently accessed by applications, and to model these API, set user policies, and contextual policies restrict the ability of applications to access sensitive API. Secondly, the information of application program is extracted, including application type, application component and so on, and the information is modeled and defined as application state. System policy is set based on application state to prevent privilege escalation attacks. Then, when the application makes an access request, the Android system will load the algorithm according to the type of the request object, and make the corresponding request to the application. In order to complete the framework layer API interface and the communication behavior between applications access control. Finally, 50 applications and 118 malware in Android market are tested, and the correctness and effectiveness of the system are verified by experiments. In this paper, user access control to application program is realized, but for illegal communication between applications, users can configure system policy to prevent illegal communication between applications. A secure and flexible access control system is implemented by means of multi-policy mechanism to control the behavior of the application program.
【学位授予单位】:天津大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP316;TP309
[Abstract]:With the wide application of Android, more and more attention has been paid to the defects of Android system. Because of some security mechanism problems in Android platform, the simple privilege mechanism is not enough to ensure the security of mobile phone software behavior. However, the traditional Android framework can not guarantee the access control of Android application software. Aiming at the imperfect security mechanism of Android, this paper extends the Android framework layer. The RSBAC (ruleset based access control) framework is introduced into the Android framework layer, and a multi-policy based access control system is implemented. Firstly, androguard is used to extract the sensitive API features that are frequently accessed by applications, and to model these API, set user policies, and contextual policies restrict the ability of applications to access sensitive API. Secondly, the information of application program is extracted, including application type, application component and so on, and the information is modeled and defined as application state. System policy is set based on application state to prevent privilege escalation attacks. Then, when the application makes an access request, the Android system will load the algorithm according to the type of the request object, and make the corresponding request to the application. In order to complete the framework layer API interface and the communication behavior between applications access control. Finally, 50 applications and 118 malware in Android market are tested, and the correctness and effectiveness of the system are verified by experiments. In this paper, user access control to application program is realized, but for illegal communication between applications, users can configure system policy to prevent illegal communication between applications. A secure and flexible access control system is implemented by means of multi-policy mechanism to control the behavior of the application program.
【学位授予单位】:天津大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP316;TP309
【相似文献】
相关期刊论文 前10条
1 袁萌;;Android计划为什么要悬赏1000万[J];信息系统工程;2007年12期
2 林耕宇;;观摩50名Google Android程序开发竞赛作品[J];电子与电脑;2008年08期
3 树子;;Android中文版不完全体验[J];互联网天地;2009年04期
4 Jason Whitmire;;产业软件专家如何协助解决Android的分裂困境[J];电子与电脑;2010年02期
5 蒋彬;;10款Android手机必备应用——Android操作系下的软件评测[J];微电脑世界;2010年04期
6 ;PCWorld Windows Phone 7挑战Android 毅然崛起的AndroidⅠ洗心革面的Windows Phone 7[J];微电脑世界;2010年08期
7 韩青;;Android平台发展的动力与挑战[J];中国电子商情(基础电子);2010年09期
8 方智勇;;Android手机这样用[J];电脑迷;2010年15期
9 缺少浪漫;;Android的另一面[J];电脑迷;2010年13期
10 ;ZTE and Three Release Android ,
本文编号:2358668
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2358668.html
