【摘要】：Android的廣泛應(yīng)用使得Android系統(tǒng)缺陷越來越受到關(guān)注。由于Android平臺(tái)存在一些安全機(jī)制問題,使得簡(jiǎn)單的權(quán)限機(jī)制不足以用來保證手機(jī)端軟件行為的安全。而傳統(tǒng)的Android框架不能保證用戶利用權(quán)限對(duì)Android應(yīng)用軟件進(jìn)行訪問控制。本文針對(duì)Android安全機(jī)制不完善問題,對(duì)Android框架層進(jìn)行拓展。將RSBAC(基于規(guī)則集訪問控制)框架引入Android框架層,實(shí)現(xiàn)了基于多策略的訪問控制系統(tǒng)。首先,用androguard對(duì)應(yīng)用程序經(jīng)常訪問的敏感API特征進(jìn)行抽取,并對(duì)這些API進(jìn)行建模,設(shè)置用戶策略、上下文策略限制應(yīng)用程序訪問敏感API的能力。其次,對(duì)應(yīng)用程序的信息進(jìn)行抽取,包括應(yīng)用程序類型,應(yīng)用程序組件等信息,并對(duì)這些信息進(jìn)行建模,將其定義為應(yīng)用程序狀態(tài)。基于應(yīng)用程序狀態(tài),設(shè)置系統(tǒng)策略以防止權(quán)限提升攻擊。然后,當(dāng)應(yīng)用程序發(fā)出訪問請(qǐng)求時(shí),Android系統(tǒng)將根據(jù)請(qǐng)問請(qǐng)求客體的類型運(yùn)行策略加載算法,對(duì)應(yīng)用程序請(qǐng)求作出相應(yīng),從而完成對(duì)框架層API接口以及應(yīng)用程序間的通信行為的訪問控制。論文最后,對(duì)50個(gè)Android市場(chǎng)上應(yīng)用程序以及118個(gè)惡意軟件進(jìn)行測(cè)試,通過實(shí)驗(yàn)驗(yàn)證了本文系統(tǒng)的正確性及有效性。本文實(shí)現(xiàn)了用戶對(duì)應(yīng)用程序細(xì)粒度的訪問控制,而對(duì)于應(yīng)用程序之間的非法通信,用戶可以配置系統(tǒng)策略從而阻止應(yīng)用程序間的非法通信。通過多策略機(jī)制,完成對(duì)應(yīng)用程序行為的控制,實(shí)現(xiàn)了一個(gè)安全的、靈活的訪問控制系統(tǒng)。
[Abstract]:With the wide application of Android, more and more attention has been paid to the defects of Android system. Because of some security mechanism problems in Android platform, the simple privilege mechanism is not enough to ensure the security of mobile phone software behavior. However, the traditional Android framework can not guarantee the access control of Android application software. Aiming at the imperfect security mechanism of Android, this paper extends the Android framework layer. The RSBAC (ruleset based access control) framework is introduced into the Android framework layer, and a multi-policy based access control system is implemented. Firstly, androguard is used to extract the sensitive API features that are frequently accessed by applications, and to model these API, set user policies, and contextual policies restrict the ability of applications to access sensitive API. Secondly, the information of application program is extracted, including application type, application component and so on, and the information is modeled and defined as application state. System policy is set based on application state to prevent privilege escalation attacks. Then, when the application makes an access request, the Android system will load the algorithm according to the type of the request object, and make the corresponding request to the application. In order to complete the framework layer API interface and the communication behavior between applications access control. Finally, 50 applications and 118 malware in Android market are tested, and the correctness and effectiveness of the system are verified by experiments. In this paper, user access control to application program is realized, but for illegal communication between applications, users can configure system policy to prevent illegal communication between applications. A secure and flexible access control system is implemented by means of multi-policy mechanism to control the behavior of the application program.
【學(xué)位授予單位】：天津大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2016
【分類號(hào)】：TP316;TP309

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 袁萌;;Android計(jì)劃為什么要懸賞1000萬[J];信息系統(tǒng)工程;2007年12期

2 林耕宇;;觀摩50名Google Android程序開發(fā)競(jìng)賽作品[J];電子與電腦;2008年08期

3 樹子;;Android中文版不完全體驗(yàn)[J];互聯(lián)網(wǎng)天地;2009年04期

4 Jason Whitmire;;產(chǎn)業(yè)軟件專家如何協(xié)助解決Android的分裂困境[J];電子與電腦;2010年02期

5 蔣彬;;10款A(yù)ndroid手機(jī)必備應(yīng)用——Android操作系下的軟件評(píng)測(cè)[J];微電腦世界;2010年04期

6 ;PCWorld Windows Phone 7挑戰(zhàn)Android 毅然崛起的AndroidⅠ洗心革面的Windows Phone 7[J];微電腦世界;2010年08期

7 韓青;;Android平臺(tái)發(fā)展的動(dòng)力與挑戰(zhàn)[J];中國(guó)電子商情(基礎(chǔ)電子);2010年09期

8 方智勇;;Android手機(jī)這樣用[J];電腦迷;2010年15期

9 缺少浪漫;;Android的另一面[J];電腦迷;2010年13期

10 ;ZTE and Three Release Android ，

本文編號(hào)：2358668