Android应用程序权限自动裁剪系统

Android系统使用权限机制对应用程序进行控制,即应用程序需要使用哪些系统资源就必须提前声明相应的权限。为了确保安全性和可靠性,应用程序声明权限时应该满足最小特权原则,即只声明其所需要使用到的最少权限,但现实中有很多应用存在权限过度声明的现象,给用户带来安全隐患。提出了一种Android应用程序权限自动裁剪系统PTailor,通过对Android应用程序安装文件（APK文件）进行分析和修改,使其满足最小特权原则。PTailor首先从APK文件中提取程序所调用的所有系统API,并在预先生成的API权限映射表中查找该API所对应的系统权限,从而得到应用程序实际使用到的最少权限列表。然后根据该权限列表对程序的权限声明文件进行修改,裁剪掉已声明但未使用的权限。最后将裁剪过的权限声明文件与程序的其他部分重新合并成新的APK文件,新的APK文件中除了所声明权限满足最小特权原则外,其结构和语义都没有发生改变。使用PTailor对现实中的1 246个Android应用进行权限裁剪实验,实验结果表明,PTailor能够在很短的时间内完成权限分析和裁剪,而且大多数被裁剪的程序都能够正确运行。     

Common Permissions in Microsoft Windows Server 2008 and Windows Vista

This article provides a compact overview of the rich permission model used for access control in modern Microsoft Windows operating systems with special emphasis upon the file, directory, and registry subsystems. Guidance on avoiding common security mistakes is provided.     

Android application behavioural analysis for data leakage

An android application requires specific permissions from the user to access the system resources and perform required functionalities. Recently, the android market has experienced exponential growth, which leads to malware applications. These applications are purposefully developed by hackers to access private data of the users and adversely affect the application usability. A suitable tool to detect malware is urgently needed, as malware may harm the user. As both malware and clean applications require similar types of permissions, so it becomes a very challenging task to differentiate between them. A novel algorithm is proposed to identify the malware‐based applications by probing the permission patterns. The proposed method uses the k‐means algorithm to quarantine the malware application by obtaining permission clusters. An efficiency of 90% (approx.) is attained for malicious behaviour, which validates this work. This work substantiates the use of application permissions for potential applications in android malware detection.     

如何在现代企业内部构建安全信息化网络

本文从网络管理,补丁管理,用户权限和文件权限四个方面来阐述现代信息化网络的安全性,并根据这四个方面的安全性分析,结合实际应用提出了充分利用网络设备提高信息化网络的安全性,建立完善的补丁管理流程,利用分层的密码管理实现用户的区分,对用户权限和文件权限实行“最小特权原则”的安全性措施。     

Kosha: A Peer-to-Peer Enhancement for the Network File System

The storage needs of modern scientific applications are growing exponentially, and designing economical storage solutions for such applications – especially in Grid environments – is an important research topic. This work presents Kosha, a system that aims to harvest redundant storage space on cluster nodes and user desktops to provide a reliable, shared file system that acts as a large distributed storage. Kosha utilizes peer-to-peer (p2p) mechanisms to enhance the widely-used Network File System (NFS). P2P storage systems provide location transparency, mobility transparency, load balancing, and file replication – features that are not available in NFS. On the other hand, NFS provides hierarchical file organization, directory listings, and file permissions, which are missing from p2p storage systems. By blending the strengths of NFS and p2p storage systems, Kosha provides a low overhead storage solution. Our experiments show that compared to unmodified NFS, Kosha introduces a 3.3% fixed overhead and 4.5% additional overhead as nodes are increased from two to sixteen. For larger number of nodes, the additional overhead increases slowly. Kosha achieves load balancing in distributed directories, and guarantees or better file availability.*This work was supported in part by an NSF CAREER award (ACI-0238379).Troy A. Johnson was supported by a U.S. Department of Education GAANN doctoral fellowship.     

基于关联分析的Android权限滥用攻击检测系统

为了限制应用软件的行为,Android系统设计了权限机制.然而对于用户授予的权限,Android应用软件却可以不受权限机制的约束,任意使用这些权限,造成潜在的权限滥用攻击.为检测应用是否存在权限滥用行为,提出了一种基于关联分析的检测方法.该方法动态检测应用的敏感行为与用户的操作,并获得两者的关联程度.通过比较待检测应用与良性应用的关联程度的差别,得到检测结果.基于上述方法,设计并实现了一个原型系统DroidDect.实验结果表明,DroidDect可以有效检测出Android应用的权限滥用行为,并具有系统额外开销低等优点.     

一种面向HDFS的数据随机访问方法

为了简化文件系统的实现,支持超大规模数据集的流式访问,HDFS牺牲了文件的随机访问功能,而在实际场景中很多应用都需要对文件进行随机访问。在深入分析HDFS数据读写原理的基础上,提出了一种面向HDFS的数据随机访问方法。其设计思想是为Datanode添加本地数据访问接口,用户程序可以读取Datanode上存放的数据块文件以及把数据写入到Datanode上的数据块存放目录。文件的首副本由用户程序直接产生,其余副本在首副本写入完成之后采用数据复制的方式生成。此外,为数据块添加了权限管理功能,Datanode上的文件副本属于用户所有。若名字空间中文件权限发生变化,文件对应的数据块权限也会改变。测试表明,数据读取性能提升了约10%,数据写入性能提升了20%以上,在高并发下写入性能最大可提升2.5倍。     

面向Android系统的目录自适应日志模式选择机制

在写磁盘的过程中如果意外掉电或系统崩溃很有可能导致文件系统中用户数据和元数据不一致,现有文件系统主要采取写前日志或写时拷贝等一致性技术来解决该问题,但均没有考虑目录对可靠性需求的差异性。针对现有的文件自适应日志模式存在的需要逐一修改应用程序的不足,提出了面向Android系统的目录自适应的日志模式选择机制,即针对不同的目录对可靠性需求的高低等级,选择相应的强弱程度不同的日志模式,同时分配可靠性不同的存储区域,这种机制对开发者完全透明,也符合Android系统的应用特征,在可靠性需求不变的前提下最大限度地减少了一致性保证引入的额外开销。实验结果表明,修改后的文件系统可以识别文件所在目录,并根据目录选择预先定义的日志模式。     

Performance of the Java security manager

The Java Security Manager is one major security feature of the Java programming language. However, in many Java applications the Security Manager is not enabled because it slows execution time. This paper explores the performance of the Java Security Manager in depth, identifies the permissions with the worst performance and gives advice on how to use the Security Manager in a more efficient way.Our performance test shows that the CPU execution time penalty varies between 5% and 100% per resource access statement. This extreme range is due to the fact that some resource accesses are costly (such as file and socket access) and therefore hide the performance penalty for the access control check almost completely. The time penalty is much more noticeable with access to main memory resources (such as Java objects).In order to achieve reasonable response times, it is of utmost importance to tune garbage collection because the Java Security Manager creates short-lived objects during its permission check. Also, the order of permissions in the policy file can be important.     

云计算平台基于角色的权限管理系统设计与实现

随着互联网技术的飞速发展,Web服务业务量激增,这使得操作系统和应用服务的部署面临着越来越大的挑战,而云计算和虚拟化技术的发展使得上述问题得以改善。虽然虚拟机技术具有很好的隔离性,但是常需面对虚拟化开销大、可扩展性差、部署时间长等问题。一方面以Docker为代表的容器技术能很好地改善这些问题,这使得服务的快速构建、部署、运维和扩展成为可能;另一方面,权限管理是一个几乎所有应用系统都会涉及的一个重要组成部分,其目的是对系统进行权限的控制和管理。对于系统权限的控制是十分重要且必要的,否则会造成系统信息泄露、系统漏洞,对使用者造成难以预估的损失。因此,文章提出了一种将基于角色的权限管理模型实现对权限的管理,并将其部署在云平台上,使得开发人员能够在云平台上高效弹性对地系统进行开发、部署和运维,大大提高了资源利用率和时间效率。     

基于权限分析的Android隐私数据泄露动态检测方法

针对现有Android平台隐私数据泄露动态检测方法检测效率较低的情况,文章设计并实现了一种基于权限分析的Android隐私数据泄露动态检测方法。该方法将Android静态检测中的权限分析与动态污点检测结合,根据应用程序申请的权限确定动态污点检测的隐私数据类型和隐私出口类型。检测选项保存在系统属性中。实验结果显示,该方法能够在保证隐私数据泄露检测有效性的前提下,提高动态污点检测的效率。     

ITTDAF:不依赖父权限信息传递的去中心化授权框架

为了解决现有去中心化授权协议在支持传递权限时需要传递父权限信息从而容易导致权限信息泄露的问题以及单个用户信息泄露会威胁到其他用户权限的机密性的问题,本文提出了基于检索树结构和可信平台模块的去中心化授权框架ITTDAF,其核心思想是用户在授予其他用户权限时,需要将授权信息告知提供相关资源的实体,由资源实体基于授权信息生成检索树结构,得知权限的传递关系。当用户在向资源实体请求资源时只提供自己拥有的权限信息即可证明权限有效性,并不需要用户得知父权限的相关信息。避免了用户的权限信息泄露对其他用户的权限信息机密性的破坏,同时降低了权限验证所需传输的数据量并减少权限验证所需要的时间。所有信息通过可信平台模块进行签名,以保证数据的来源的唯一性并实现权限与设备的绑定,使得权限信息不会在非用户设备上得到执行。相较于比对方案,在相同条件下本文所提出的方案在描述权限所需数据量上缩小44.2%,权限验证所需时间减少51.2%,在拥有更高安全性的同时,也有着更好的可用性。     

A technique for the identification and analysis of icebergs in synthetic aperture radar images of Antarctica

This paper describes an image analysis technique developed to identify icebergs depicted in synthetic aperture radar images of Antarctica and to determine the outlines of these icebergs. The technique uses a pixel bonding process to delineate the edges of the icebergs. It then separates them from the background water and sea ice by an edge-guided image segmentation process. Characteristics such as centroid position and iceberg area were calculated for each iceberg segment and placed in a file for input to appropriate statistical data analysis software. The technique has been tested on three ERS-1 SAR sub-images in which it succeeded in identifying virtually all segments containing icebergs of size six pixels or larger. The images were first passed through an averaging filter to reduce speckle. This process produced a pixel size of 100m x 100m. As implemented, the technique overestimates iceberg areas by about 20% on average and the detection rate falls off rapidly for icebergs less than six pixels in size. Performance in these areas is expected to improve when additional stages, based on a more detailed analysis of pixel intensity, are implemented.     

Linux的Ext2文件系统

介绍了Linux的基本文件系统Ext2。其中包括Ext2的核心概念i节点inode,超块Super block,块组Blockgroup,目录块Directory block,接着描述了Linux特有的虚拟文件系统（VFS）,它让Linux能灵活地处理多和中文件系统。最后介绍了Ext2对高速缓冲区的处理技术。     

非Root权限下ITV Traceroute和抓包功能研究

 为了提高ITV用户侧的感知质量,在ITV发生故障时用户可以自主地进行一系列的诊断,包括Traceroute、抓包测试等,但是要实现Traceroute和抓包功能就必须获取机顶盒的Root权限,而厂家一般不会开放机顶盒的Root权限,正常情况下用户也不能通过这2种测试方案对ITV故障进行测试。为此本文提出一种方法可在Root权限未开放的情况下,应用层与底层通过Socket通信,将Traceroute和Tcpdump命令编译成二进制文件在机顶盒运行。通过厂家增加相对应的服务项对固件进行升级,从而在非Root权限下实现Traceroute和抓包功能,提高用户侧的感知质量,减少用户投诉率。     

Accessing files in an Internet: the Jade file system

The Jade file system, which provides a uniform way to name and access files in an Internet environment, is introduced. Jade is a logical system that integrates a heterogeneous collection of existing file systems in which underlying file systems support different file access protocols. Because of autonomy, Jade is designed under the restriction that the underlying file systems may not be modified. In order to avoid the complexity of maintaining an Internet-wide, global name space, Jade permits each user to define a private name space. Jade's name space supports two features: it allows multiple file systems to be mounted under one directory, and it permits one logical name space to mount other logical name spaces. A prototype of Jade has been implemented to examine and validate its design. The prototype consists of interfaces to the Unix File System, the Sun Network File System, and the File Transfer Protocol. An overview of Jade's design is reported, and the authors' experiences in designing and implementing a large scale file system are reviewed     

Papilio: Visualizing Android Application Permissions

We introduce Papilio, a new visualization technique for visualizing permissions of real‐world Android applications. We explore the development of layouts that exploit the directed acyclic nature of Android application permission data to develop a new explicit layout technique that incorporates aspects of set membership, node‐link diagrams and matrix layouts. By grouping applications based on sets of requested permissions, a structure can be formed with partially ordered relations. The Papilio layout shows sets of applications centrally, the relations among applications on one side and application permissions, as the reason behind the existence of the partial order, on the other side. Using Papilio to explore a set of Android applications as a case study has led to new security findings regarding permission usage by Android applications.     

Mining permission patterns for contrasting clean and malicious android applications

An Android application uses a permission system to regulate the access to system resources and users’ privacy-relevant information. Existing works have demonstrated several techniques to study the required permissions declared by the developers, but little attention has been paid towards used permissions. Besides, no specific permission combination is identified to be effective for malware detection. To fill these gaps, we have proposed a novel pattern mining algorithm to identify a set of contrast permission patterns that aim to detect the difference between clean and malicious applications. A benchmark malware dataset and a dataset of 1227 clean applications has been collected by us to evaluate the performance of the proposed algorithm. Valuable findings are obtained by analyzing the returned contrast permission patterns.     

一种基于T-RBAC的访问控制改进模型

针对T-RBAC在权限控制及职责分离上存在的不足,提出一种改进模型。新模型简化T-RBAC模型的任务分类,为任务加入任务上下文及任务状态属性,使权限的授予与任务上下文、任务状态紧密联系,增强对权限的动态管理。利用私有角色解决互斥权限在继承过程中可能产生的权限共享问题。使用历史记录保证任务执行过程中的动态职责分离。该模型提供了更细粒度的权限管理,能更好地满足职责分离和最小特权原则。     

Windows NT的安全问题

本文从ＷｉｎｄｏｗｓＮＴ的交式登录过程、Ｗｉｎ３２ＷｉｎＬｏｇｏｎ进程进行用户信息登录、管理员利用域用户管理器用户建立帐号及设置安全属性、设置用户权限、目录访问权限类型、文件系统和打印机的安全性能、设置访问许可权、ＮＴＦＳ目录级别权限、对服务器系统进行物理性能方面的设置、审计、设置登录标语、注册表面的安全性,安全保障的几个方面、ＷｉｎｄｏｗｓＮＴ中的缺陷等诸多方面讨论了ＷｉｎｄｏｗｓＮＴ的安全问题