本文選題：Android + 信息安全��； 參考：《江蘇科技大學(xué)》2014年碩士論文

【摘要】：隨著Android智能手機的飛速發(fā)展，越來越多的人們已經(jīng)習(xí)慣了在Android智能手機上面存儲大量用戶信息包括個人隱私信息如：通訊錄、通話記錄、短信息、地理位置等，以及一些商業(yè)信息，以提高學(xué)習(xí)、工作、生活的效率。但是于此同時Android智能手機也正成為不法份子的目標，他們利用這些移動設(shè)備，植入惡意程序，，竊取用戶隱私數(shù)據(jù)，謀取商業(yè)利益，嚴重損害了用戶利益，這些隱私數(shù)據(jù)對用戶來說至關(guān)重要，用戶并不希望這些數(shù)據(jù)被其他人非法獲取和使用，因此研究和提高Android智能手機的安全，阻止惡意程序竊取手機隱私信息顯得很有必要。 本文首先分析了Android系統(tǒng)的安全體系，著重分析了Android權(quán)限控制機制及其存在的安全隱患，并通過開發(fā)的一款惡意音樂播放器軟件對該隱患進行了驗證，指出Android系統(tǒng)安全性的不足，普通Android手機用戶如果沒有安全軟件對系統(tǒng)進行保護，將面臨用戶重要個人信息泄露的可能。本文從兩個方面出發(fā)來保護用戶個人信息，一方面從權(quán)限控制入手，分析了市場上現(xiàn)有的應(yīng)用程序安裝前權(quán)限控制和應(yīng)用程序運行時權(quán)限控制兩類權(quán)限控制軟件的不足，然后對兩者進行了結(jié)合并引入kirin策略提高權(quán)限控制的準確度以及降低了用戶負擔(dān)，改善了用戶體驗；另一方面從數(shù)據(jù)加密入手，分析了Android系統(tǒng)上數(shù)據(jù)以明文存儲帶來的不安全，引出了對數(shù)據(jù)加密的需要，由于終端的特殊性以及資源的有限性，使得現(xiàn)有的大量數(shù)據(jù)加密技術(shù)并不完全適用于Android智能手機，這就要求對數(shù)據(jù)進行加密保護時不能忽略終端資源的限制，本文通過設(shè)計一個具有決策數(shù)據(jù)加密方案的系統(tǒng)，找出適合終端當(dāng)前狀態(tài)的數(shù)據(jù)加密方案，從而在保護數(shù)據(jù)的同時，減少資源的消耗以及提升用戶的體驗。 本文從Android智能手機數(shù)據(jù)保護的角度，設(shè)計了一個安全系統(tǒng)，具有權(quán)限控制功能和數(shù)據(jù)加密功能。權(quán)限控制功能包括安裝前權(quán)限控制和運行時權(quán)限控制，可以有效對應(yīng)用程序申請的權(quán)限進行控制，加密功能包括信息收集、信息處理、策略決策、策略執(zhí)行、策略改進、性能評測，即通過收集終端資源使用情況和文件信息，對收集的信息進行歸一化和量化處理，對處理之后的數(shù)據(jù)進行分類，給出推薦加密方案AES或XTEA，并根據(jù)用戶反饋對策略進行改進，本文最后對系統(tǒng)進行了簡單的測試，表明本文設(shè)計的系統(tǒng)能夠較好的對應(yīng)用程序進行權(quán)限控制以及對重要隱私數(shù)據(jù)進行加密。
[Abstract]:With the rapid development of Android smartphones, more and more people have been used to store a large number of user information on Android smartphones, including personal privacy information such as: address book, call record, short message, geographical location, etc. As well as some business information to improve learning, work, life efficiency. But at the same time, Android smartphones are also being targeted by illegal elements, who use these devices to plant malicious programs, steal user privacy data, seek commercial benefits, and seriously harm users' interests. The privacy data is very important to the user. The user does not want the data to be illegally obtained and used by others. So it is necessary to research and improve the security of Android smartphone and prevent malicious program from stealing privacy information. In this paper, the security system of Android system is analyzed at first, and the mechanism of Android privilege control and its security hidden danger are emphatically analyzed. The hidden trouble is verified by a malicious music player software developed, and the deficiency of Android system security is pointed out. If ordinary Android mobile phone users do not have security software to protect the system, they will face the possibility of important personal information leakage. In this paper, the user's personal information is protected from two aspects. On the one hand, starting with the privilege control, this paper analyzes the deficiency of the two kinds of permission control software, which are the pre-installation permission control of the application program and the permission control software of the application program running time. Then we combine the two and introduce kirin strategy to improve the accuracy of privilege control and reduce the user burden, improve the user experience. On the other hand, from the point of data encryption, we analyze the insecurity of data storage in clear text on Android system. Because of the particularity of terminal and the limitation of resource, the existing data encryption technology is not suitable for Android smart phone. In this paper, we design a system with decision data encryption scheme to find out the data encryption scheme suitable for the current state of the terminal, so as to protect the data at the same time. Reduce resource consumption and improve user experience. From the point of view of Android smart phone data protection, this paper designs a security system with privilege control function and data encryption function. The privilege control function includes pre-installation permission control and run-time permission control, which can effectively control the permission applied by the application. Encryption functions include information collection, information processing, policy decision, policy execution, policy improvement, etc. Performance evaluation, that is, through collecting terminal resource usage and document information, normalizing and quantifying the collected information, classifying the processed data, The recommended encryption scheme AES or XTEAA is given, and the policy is improved according to the user feedback. Finally, a simple test of the system is given in this paper. It shows that the system designed in this paper can control the rights of the application program and encrypt the important privacy data.
【學(xué)位授予單位】：江蘇科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TN929.53

【參考文獻】

相關(guān)期刊論文 前8條

1 呂世磊;張春;;XTEA加密算法在超高頻RFID芯片上的實現(xiàn)[J];半導(dǎo)體技術(shù);2009年11期

2 黃汝維;桂小林;余思;莊威;;云環(huán)境中支持隱私保護的可計算加密方法[J];計算機學(xué)報;2011年12期

3 廖明華;鄭力明;;Android安全機制分析與解決方案初探[J];科學(xué)技術(shù)與工程;2011年26期

4 蔣紹林;王金雙;張濤;陳融;;Android安全研究綜述[J];計算機應(yīng)用與軟件;2012年10期

5 李中平;邱健峰;李璐;王勇;;Android手機遠程控制關(guān)鍵技術(shù)分析[J];計算機應(yīng)用與軟件;2013年04期

6 閆梅;彭新光;;基于Android安全機制的權(quán)限檢測系統(tǒng)[J];計算機工程與設(shè)計;2013年03期

7 楊珉;王曉陽;張濤;張建軍;;國內(nèi)Android應(yīng)用商城中程序隱私泄露分析[J];清華大學(xué)學(xué)報(自然科學(xué)版);2012年10期

8 彭國軍;邵玉如;王泰格;;基于Android的手機隱私保護技術(shù)及實現(xiàn)[J];信息網(wǎng)絡(luò)安全;2012年04期

本文編號：2080896