计算机科学 ›› 2015, Vol. 42 ›› Issue (Z11): 329-332.
温瀚翔,李玉军,侯孟书
WEN Han-xiang, LI Yu-jun and HOU Meng-shu
摘要: 随着移动应用的迅猛发展,安卓手机用户群体日益庞大,而随之不断增加的用户数据也使安卓系统成为恶意攻击者的主要目标。通过对安卓4.4系统中加入的SELinux机制进行分析研究,指出了其中对root权限进行细化限制的可能性,并基于此机制提出了一种增强隐私安全的设计,使得用户的隐私数据即使存在于已获得root权限的手机中,也可以得到有效的保护。
| [1] Aukwy,Zhou Yi-fan,Huang Zhen,et al.PScout:analyzing the Android permission specification [C]∥Proc of ACM Conference on Computer and Communications Security.New York:ACM Press,2012:217-228 [2] Chen K Z,Johnson N,D’silva V,et al.Contextual policy en-forcement in Android programs with permission event graphs[C]∥Proc of the 20th Annual Network and Distributed System Security Symposium.San Diego:Internet Society,2013:455-464 [3] Grace M,Zhou Ya-jin,Wang Zhi,et al.Systematic detection of capability leaks in stock Android smartphones[C]∥Proc of the 19th Annual Symposium on Network and Distributed System Security.San Diego:Internet Society,2012:235-244 [4] Di C F,Girardell A,Michahelles F,et al.Detection of malicious applications on Android OS [C]∥Proc of the 4th International Conference on Computational Forensics.Berlin:Springer,2011:138-149 [5] Felt A P,Chin E,Hanna S,et al.Android permissions demystified [C]∥Proc of the 18th ACM Conference on Computer and Communications Security.New York:ACM Press,2011:627-638 [6] Meurer S,WismüL R.APEFS:an infrastructure for permis-sion-based filtering of Android apps[C]∥Security and Privacy in Mobile Information and Communication Systems.Berlin:Sprin-ger,2012:1-11 [7] Wu Dong-jie,Mao C H,Wei T E,et al.DroidMat:Android malware detection through manifest and API calls tracing[C]∥Proc of the 7th Asia Joint Conference on Information Security.2012:62-69 [8] Nauman M,Khan S,Zhang Xin-wen.Apex:extending Android permission model and enforcement with user-defined runtime constraints[C]∥Proc of the 5th ACM Symposium on Information,Computer and Communications Security.New York:ACM Press,2010:328-332 [9] Benats G,Bandara A,Yu Yi-jun,et al.PrimAndroid:privacy policy modelling and analysis for Android applications[C]∥Proc of IEEE International Symposium on Policies for Distributed Systems and Networks.2011:129-132 [10] Beresford A R,Rice A,Skehin N,et al.MockDroid trading privacy for application functionality on smartphones[C]∥Proc of the 12th Workshop on Mobile Computing Systems and Applications.New York:ACM Press,2011:49-54 [11] Dietz M,Shekhar S,Pisetsky Y,et al.Quire: lightweight provenance for smart phone operating systems[C]∥Proc of the 20th USENIX Security Symposium.Berkeley:USENIX Association,2011:232-241 [12] Bugiel S,Davi L,Dmitrienko A,et al.Towards taming privilege-escalation attacks on Android[C]∥Proc of the 19th Annual Networ & Distributed System Security Symposium.San Diego:Internet Society,2012:18-25 [13] Lu Long,Li Zhi-chun,Wu Zhen-yu,et al.CHEX: statically vetting Android apps for component hijacking vulnerabilities[C]∥Proc of ACM Conference on Computer and Communications Security.New York:ACM Press,2012:229-240 [14] Bugiel S,Davi L,Dmitrienko A,et al.XManDroid: a new Android evolution to mitigate privilege escalation attacks:TR-2011-04[R].Darmstadt:Technische Universitt Darmstadt,2011 [15] Smalley S,Craog R.Security enhanced(SE) Android:bringingflexible MAC to Android[C]∥Proc of the 20th Annual Network & Distributed System Security Symposium.San Diego: Internet Society,2013:75-84 [16] Russell G,Crispo B,Fernandes E,et al.YAASE: yet another Android security extension[C]∥Proc of the 3rd International Conference on Privacy,Security,Risk and Trust Social Computing.USA:IEEE Press,2011:1033-1040 |
| No related articles found! |
|
||