| Android Permission机制的实现与安全分析 |
| |
| 引用本文: | 张中文,雷灵光,王跃武.Android Permission机制的实现与安全分析[J].信息网络安全,2012(8):3-6. |
| |
| 作者姓名: | 张中文 雷灵光 王跃武 |
| |
| 作者单位: | 中国科学院信息工程研究所信息安全国家重点实验室,北京 100093 |
| |
| 基金项目: | 国家自然科学基金[70890084、G021102];中国科学院战略性先导专项子课题海云信息安全共性关键技术研究[XDA06010702] |
| |
| 摘 要: | Permission机制作为Android安全的重要组成部分,受到了越来越多的关注,已有的研究主要集中在对应用程序申请的Permission进行静态分析上。文章从分析Permission机制的实现过程入手,分析了Permission机制自身的安全问题,发现了一个Permission机制漏洞。应用程序利用该漏洞可以绕过权限管理,主动提升应用程序的访问权限,为后续攻击提供支持。同时文章也对Permission机制其它方面的安全特性进行了分析。
|
| 关 键 词: | Android系统 Permission 安全 漏洞 |
Studying the Implementation and Security of the Permission Mechanism in Android |
| |
| ZHANG Zhong-wen, LEI Ling-guang, WANG Yue-wu.Studying the Implementation and Security of the Permission Mechanism in Android[J].Netinfo Security,2012(8):3-6. |
| |
| Authors: | ZHANG Zhong-wen LEI Ling-guang WANG Yue-wu |
| |
| Affiliation: | ( State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China ) |
| |
| Abstract: | As an important part of Android security model, Permission Mechanism has attracted more and more attentions. Most existing work mainly focuses on statically analyzing the request permissions of applications. In this paper, the implementation of Permission mechanism is analyzed thoroughly and a vulnerability of Permission mechanism is found. With this vulnerability, an application can bypass the access control and enhance its Permission by itself to carry out further attacks. Other security characters are also discussed in this paper. |
| |
| Keywords: | Android system permission security vulnerability |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
