首页 | 本学科首页   官方微博 | 高级检索  
     

多层次的Android系统权限控制方法
引用本文:罗杨,张齐勋,沈晴霓,刘宏志,吴中海.多层次的Android系统权限控制方法[J].软件学报,2015,26(S2):263-271.
作者姓名:罗杨  张齐勋  沈晴霓  刘宏志  吴中海
作者单位:北京大学软件与微电子学院, 北京 100871;网络与软件安全保障教育部重点实验室(北京大学), 北京 100871;北京大学服务计算与大数据技术研究室, 北京 100871,北京大学软件与微电子学院, 北京 100871;网络与软件安全保障教育部重点实验室(北京大学), 北京 100871;北京大学服务计算与大数据技术研究室, 北京 100871,北京大学软件与微电子学院, 北京 100871;网络与软件安全保障教育部重点实验室(北京大学), 北京 100871;北京大学服务计算与大数据技术研究室, 北京 100871,北京大学软件与微电子学院, 北京 100871;网络与软件安全保障教育部重点实验室(北京大学), 北京 100871;北京大学服务计算与大数据技术研究室, 北京 100871,北京大学软件与微电子学院, 北京 100871;网络与软件安全保障教育部重点实验室(北京大学), 北京 100871;北京大学服务计算与大数据技术研究室, 北京 100871
基金项目:国家科技重大专项(2012ZX03002022);国家自然科学基金(61232005);国家高新技术研究发展计划(863)(2015AA016009)
摘    要:随着Android智能平台的普及,其安全问题日益受到人们关注.在底层安全方面,部分root工具已经实现了对最新版本Android的root提权,从而给恶意软件滥用权限造成可乘之机;在上层应用安全方面,目前还没有能够在应用权限进行有效管理的方法.基于安全策略的思想,提出了一种Android应用权限动态管理机制,利用安全策略对授权进行描述,在Android框架层设置权限检查点,并调用请求评估算法进行授权评估,从而实现对应用行为的监控.实验结果表明,该方法能够有效管理Android应用权限的正常调用,约束非法调用,并且系统开销较小.
关 键 词:权限管理  安全策略  SELinux  请求评估  权限检查
收稿时间:8/7/2015 12:00:00 AM
修稿时间:2015/10/12 0:00:00

Android Multi-Level System Permission Management Approach
LUO Yang,ZHANG Qi-Xun,SHEN Qing-Ni,LIU Hong-Zhi and WU Zhong-Hai.Android Multi-Level System Permission Management Approach[J].Journal of Software,2015,26(S2):263-271.
Authors:LUO Yang  ZHANG Qi-Xun  SHEN Qing-Ni  LIU Hong-Zhi and WU Zhong-Hai
Affiliation:School of Software and Microelectronics, Peking University, Beijing 100871, China;MoE Key Laboratory of Network and Software Assurance(Peking University), Beijing 100871, China;Research Laboratory of Service Computing and Big Data Technology, Peking University, Beijing 100871, China,School of Software and Microelectronics, Peking University, Beijing 100871, China;MoE Key Laboratory of Network and Software Assurance(Peking University), Beijing 100871, China;Research Laboratory of Service Computing and Big Data Technology, Peking University, Beijing 100871, China,School of Software and Microelectronics, Peking University, Beijing 100871, China;MoE Key Laboratory of Network and Software Assurance(Peking University), Beijing 100871, China;Research Laboratory of Service Computing and Big Data Technology, Peking University, Beijing 100871, China,School of Software and Microelectronics, Peking University, Beijing 100871, China;MoE Key Laboratory of Network and Software Assurance(Peking University), Beijing 100871, China;Research Laboratory of Service Computing and Big Data Technology, Peking University, Beijing 100871, China and School of Software and Microelectronics, Peking University, Beijing 100871, China;MoE Key Laboratory of Network and Software Assurance(Peking University), Beijing 100871, China;Research Laboratory of Service Computing and Big Data Technology, Peking University, Beijing 100871, China
Abstract:With the expansion of the market share occupied by the Android platform, security issues (especially application security) have become attention focus of researchers. In fact, the existing methods lack the capabilities to manage application permissions without root privilege. This study proposes a dynamic management mechanism of Android application permissions based on security policies. The paper first describes the permissions by security policies, then implementes permission checking code and request evaluation algorithm in Android framework layer. Experimental results indicate that the presented approach succeeds in permission management of Android applications, and its system overhead is low, which makes it an effective method for Android permission management.
Keywords:permission management  security policy  SELinux  request evaluation  permission check
点击此处可从《软件学报》浏览原始摘要信息
点击此处可从《软件学报》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号