本文選題：Android + 信息安全�。� 參考：《江蘇科技大學(xué)》2014年碩士論文

【摘要】：隨著Android智能手機(jī)的飛速發(fā)展，越來(lái)越多的人們已經(jīng)習(xí)慣了在Android智能手機(jī)上面存儲(chǔ)大量用戶信息包括個(gè)人隱私信息如：通訊錄、通話記錄、短信息、地理位置等，以及一些商業(yè)信息，以提高學(xué)習(xí)、工作、生活的效率。但是于此同時(shí)Android智能手機(jī)也正成為不法份子的目標(biāo)，他們利用這些移動(dòng)設(shè)備，植入惡意程序，，竊取用戶隱私數(shù)據(jù)，謀取商業(yè)利益，嚴(yán)重?fù)p害了用戶利益，這些隱私數(shù)據(jù)對(duì)用戶來(lái)說(shuō)至關(guān)重要，用戶并不希望這些數(shù)據(jù)被其他人非法獲取和使用，因此研究和提高Android智能手機(jī)的安全，阻止惡意程序竊取手機(jī)隱私信息顯得很有必要。 本文首先分析了Android系統(tǒng)的安全體系，著重分析了Android權(quán)限控制機(jī)制及其存在的安全隱患，并通過(guò)開(kāi)發(fā)的一款惡意音樂(lè)播放器軟件對(duì)該隱患進(jìn)行了驗(yàn)證，指出Android系統(tǒng)安全性的不足，普通Android手機(jī)用戶如果沒(méi)有安全軟件對(duì)系統(tǒng)進(jìn)行保護(hù)，將面臨用戶重要個(gè)人信息泄露的可能。本文從兩個(gè)方面出發(fā)來(lái)保護(hù)用戶個(gè)人信息，一方面從權(quán)限控制入手，分析了市場(chǎng)上現(xiàn)有的應(yīng)用程序安裝前權(quán)限控制和應(yīng)用程序運(yùn)行時(shí)權(quán)限控制兩類權(quán)限控制軟件的不足，然后對(duì)兩者進(jìn)行了結(jié)合并引入kirin策略提高權(quán)限控制的準(zhǔn)確度以及降低了用戶負(fù)擔(dān)，改善了用戶體驗(yàn)；另一方面從數(shù)據(jù)加密入手，分析了Android系統(tǒng)上數(shù)據(jù)以明文存儲(chǔ)帶來(lái)的不安全，引出了對(duì)數(shù)據(jù)加密的需要，由于終端的特殊性以及資源的有限性，使得現(xiàn)有的大量數(shù)據(jù)加密技術(shù)并不完全適用于Android智能手機(jī)，這就要求對(duì)數(shù)據(jù)進(jìn)行加密保護(hù)時(shí)不能忽略終端資源的限制，本文通過(guò)設(shè)計(jì)一個(gè)具有決策數(shù)據(jù)加密方案的系統(tǒng)，找出適合終端當(dāng)前狀態(tài)的數(shù)據(jù)加密方案，從而在保護(hù)數(shù)據(jù)的同時(shí)，減少資源的消耗以及提升用戶的體驗(yàn)。 本文從Android智能手機(jī)數(shù)據(jù)保護(hù)的角度，設(shè)計(jì)了一個(gè)安全系統(tǒng)，具有權(quán)限控制功能和數(shù)據(jù)加密功能。權(quán)限控制功能包括安裝前權(quán)限控制和運(yùn)行時(shí)權(quán)限控制，可以有效對(duì)應(yīng)用程序申請(qǐng)的權(quán)限進(jìn)行控制，加密功能包括信息收集、信息處理、策略決策、策略執(zhí)行、策略改進(jìn)、性能評(píng)測(cè)，即通過(guò)收集終端資源使用情況和文件信息，對(duì)收集的信息進(jìn)行歸一化和量化處理，對(duì)處理之后的數(shù)據(jù)進(jìn)行分類，給出推薦加密方案AES或XTEA，并根據(jù)用戶反饋對(duì)策略進(jìn)行改進(jìn)，本文最后對(duì)系統(tǒng)進(jìn)行了簡(jiǎn)單的測(cè)試，表明本文設(shè)計(jì)的系統(tǒng)能夠較好的對(duì)應(yīng)用程序進(jìn)行權(quán)限控制以及對(duì)重要隱私數(shù)據(jù)進(jìn)行加密。
[Abstract]:With the rapid development of Android smartphones, more and more people have been used to store a large number of user information on Android smartphones, including personal privacy information such as: address book, call record, short message, geographical location, etc. As well as some business information to improve learning, work, life efficiency. But at the same time, Android smartphones are also being targeted by illegal elements, who use these devices to plant malicious programs, steal user privacy data, seek commercial benefits, and seriously harm users' interests. The privacy data is very important to the user. The user does not want the data to be illegally obtained and used by others. So it is necessary to research and improve the security of Android smartphone and prevent malicious program from stealing privacy information. In this paper, the security system of Android system is analyzed at first, and the mechanism of Android privilege control and its security hidden danger are emphatically analyzed. The hidden trouble is verified by a malicious music player software developed, and the deficiency of Android system security is pointed out. If ordinary Android mobile phone users do not have security software to protect the system, they will face the possibility of important personal information leakage. In this paper, the user's personal information is protected from two aspects. On the one hand, starting with the privilege control, this paper analyzes the deficiency of the two kinds of permission control software, which are the pre-installation permission control of the application program and the permission control software of the application program running time. Then we combine the two and introduce kirin strategy to improve the accuracy of privilege control and reduce the user burden, improve the user experience. On the other hand, from the point of data encryption, we analyze the insecurity of data storage in clear text on Android system. Because of the particularity of terminal and the limitation of resource, the existing data encryption technology is not suitable for Android smart phone. In this paper, we design a system with decision data encryption scheme to find out the data encryption scheme suitable for the current state of the terminal, so as to protect the data at the same time. Reduce resource consumption and improve user experience. From the point of view of Android smart phone data protection, this paper designs a security system with privilege control function and data encryption function. The privilege control function includes pre-installation permission control and run-time permission control, which can effectively control the permission applied by the application. Encryption functions include information collection, information processing, policy decision, policy execution, policy improvement, etc. Performance evaluation, that is, through collecting terminal resource usage and document information, normalizing and quantifying the collected information, classifying the processed data, The recommended encryption scheme AES or XTEAA is given, and the policy is improved according to the user feedback. Finally, a simple test of the system is given in this paper. It shows that the system designed in this paper can control the rights of the application program and encrypt the important privacy data.
【學(xué)位授予單位】：江蘇科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TN929.53

【參考文獻(xiàn)】

相關(guān)期刊論文 前8條

1 呂世磊;張春;;XTEA加密算法在超高頻RFID芯片上的實(shí)現(xiàn)[J];半導(dǎo)體技術(shù);2009年11期

2 黃汝維;桂小林;余思;莊威;;云環(huán)境中支持隱私保護(hù)的可計(jì)算加密方法[J];計(jì)算機(jī)學(xué)報(bào);2011年12期

3 廖明華;鄭力明;;Android安全機(jī)制分析與解決方案初探[J];科學(xué)技術(shù)與工程;2011年26期

4 蔣紹林;王金雙;張濤;陳融;;Android安全研究綜述[J];計(jì)算機(jī)應(yīng)用與軟件;2012年10期

5 李中平;邱健峰;李璐;王勇;;Android手機(jī)遠(yuǎn)程控制關(guān)鍵技術(shù)分析[J];計(jì)算機(jī)應(yīng)用與軟件;2013年04期

6 閆梅;彭新光;;基于Android安全機(jī)制的權(quán)限檢測(cè)系統(tǒng)[J];計(jì)算機(jī)工程與設(shè)計(jì);2013年03期

7 楊珉;王曉陽(yáng);張濤;張建軍;;國(guó)內(nèi)Android應(yīng)用商城中程序隱私泄露分析[J];清華大學(xué)學(xué)報(bào)(自然科學(xué)版);2012年10期

8 彭國(guó)軍;邵玉如;王泰格;;基于Android的手機(jī)隱私保護(hù)技術(shù)及實(shí)現(xiàn)[J];信息網(wǎng)絡(luò)安全;2012年04期

本文編號(hào)：2080896