【摘要】：近年來,隨著自帶設(shè)備辦公(BYOD)的普及,企業(yè)員工們傾向于使用個人移動設(shè)備訪問公司資源。同一個設(shè)備同時用于訪問企業(yè)數(shù)據(jù)和個人數(shù)據(jù)引入了新的安全威脅,例如企業(yè)機(jī)密數(shù)據(jù)的泄露�，F(xiàn)有BYOD解決方案缺乏多實體的管理、基于角色的訪問控制(RBAC)的支持和細(xì)粒度的數(shù)據(jù)訪問控制,因此不能解決當(dāng)同一個設(shè)備需要訪問多個公司的資源時外部企業(yè)合作的關(guān)鍵問題。在本文中,我們同時在Android和iOS設(shè)備上實現(xiàn)了一個跨平臺的解決方案AppShield,它除了滿足最基本的需求,如本地企業(yè)數(shù)據(jù)的共享和隔離,還能夠進(jìn)一步支持多實體的管理,文件級別細(xì)粒度的權(quán)限管理和RBAC,而且不需要修改操作系統(tǒng)。由于iOS閉源的特點,無法進(jìn)行太多的研究,本文主要介紹Android端的設(shè)計與實現(xiàn),其主要包括:(1)應(yīng)用程序重寫框架,用于將企業(yè)移動應(yīng)用管理(MAM)特性的hook代碼自動化地注入到普通的應(yīng)用程序中來構(gòu)造企業(yè)應(yīng)用;(2)跨平臺的基于代理的數(shù)據(jù)訪問機(jī)制,用來進(jìn)行企業(yè)數(shù)據(jù)的隔離、共享以及安全管控。在小規(guī)模測試中,超過90%的應(yīng)用有效執(zhí)行了本系統(tǒng)的安全策略。而在大規(guī)模測試中,只有不到5%的應(yīng)用存在運行時奔潰的問題,說明了 AppShield的有效性和可靠性。當(dāng)然,本系統(tǒng)也引入了一定的性能損耗并稍微增加了內(nèi)存消耗和代碼大小。此外,由于現(xiàn)在移動應(yīng)用上廣告的不斷增加,在一定程度上影響了應(yīng)用的用戶體驗。為了使用AppShield的IT管理員選擇企業(yè)應(yīng)用之前,能夠?qū)?yīng)用的廣告行為有一定的認(rèn)識,本文提出了一個Android廣告行為分析系統(tǒng)。首先將不同的廣告根據(jù)行為劃分為不同的類型,如積分墻廣告,內(nèi)嵌廣告等,然后通過手工分析的方法提取了一系列廣告類型特征,接著利用這些特征對應(yīng)用進(jìn)行靜態(tài)分析和動態(tài)分析。在對應(yīng)用的大規(guī)模測試中,廣告分析的準(zhǔn)確率高于85%。
[Abstract]:In recent years, with the popularity of (BYOD), employees tend to use personal mobile devices to access company resources. The same device for accessing both enterprise data and personal data introduces new security threats, such as disclosure of confidential enterprise data. Existing BYOD solutions lack of multi-entity management, role-based access control (RBAC) support and fine-grained data access control. Therefore, the key problem of external cooperation can not be solved when the same device needs to access the resources of multiple companies. In this article, we implement a cross-platform solution, AppShield, on both Android and iOS devices, which not only meets the most basic requirements, such as sharing and isolating local enterprise data, but also further supports the management of multiple entities. File-level fine-grained privilege management and RBAC, and no modification of the operating system is required. Because of the characteristic of iOS closed source, we can't do too much research. This paper mainly introduces the design and implementation of Android, which includes: (1) Application rewriting framework, The hook code used for enterprise mobile application management (MAM) feature is automatically injected into common application program to construct enterprise application. (2) Cross-platform agent-based data access mechanism is used to isolate, share and manage enterprise data. In the small scale test, more than 90% of the applications effectively implement the security policy of the system. However, in large scale testing, less than 5% of applications have the problem of run-time collapse, which shows the validity and reliability of AppShield. Of course, the system also introduced a certain performance loss and slightly increased memory consumption and code size. In addition, the increasing advertising in mobile applications has affected the user experience to some extent. In order to have a certain understanding of the advertising behavior of AppShield, a Android advertising behavior analysis system is proposed in this paper. First, different advertisements are divided into different types according to their behavior, such as integral wall ads, embedded advertisements, etc. Then a series of advertising type features are extracted by manual analysis. Then the static analysis and dynamic analysis of the application are carried out by using these characteristics. In large-scale testing of applications, the accuracy of advertising analysis is higher than 8510.
【學(xué)位授予單位】：浙江大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP311.52;TP309

【參考文獻(xiàn)】

相關(guān)碩士學(xué)位論文 前2條

1 朱天楠;Android系統(tǒng)中隱私數(shù)據(jù)保護(hù)技術(shù)研究[D];上海交通大學(xué);2015年

2 徐軍;自帶設(shè)備（BYOD）安全機(jī)制研究[D];廈門大學(xué);2014年

，

本文編號：2348569