[ "卢文雄(1992- ),男,北京邮电大学计算机学院硕士生,主要研究方向为移动计算" ]
[ "王浩宇(1991- ),男,北京邮电大学计算机学院副教授,主要研究方向为软件安全和程序分析" ]
网络首发:2020-01,
纸质出版:2020-01-15
移动端阅览
卢文雄, 王浩宇. 基于同源策略的移动应用细粒度隐私保护技术[J]. 大数据, 2020,6(1):2020003-1.
Wenxiong LU, Haoyu WANG. Same origin based fine-grained privacy protection for mobile applications[J]. Big Data Research, 2020, 6(1): 2020003-1.
卢文雄, 王浩宇. 基于同源策略的移动应用细粒度隐私保护技术[J]. 大数据, 2020,6(1):2020003-1. DOI: 10.11959/j.issn.2096-0271.2020003.
Wenxiong LU, Haoyu WANG. Same origin based fine-grained privacy protection for mobile applications[J]. Big Data Research, 2020, 6(1): 2020003-1. DOI: 10.11959/j.issn.2096-0271.2020003.
Android等移动平台基于权限的访问控制机制是作用在应用粒度上的。应用中除了包含应用开发者本身的代码以外,还包含第三方库代码,导致应用权限滥用情况严重。引入类似浏览器同源策略的细粒度控制机制,打破了应用之间的界限,将粒度细化到代码来源。将控制机制实现到Android系统层,并提供了一套插桩工具对应用进行修改。实验结果表明,系统能够起到允许或禁止特定开发者执行特定敏感行为的作用。
Mobile systems
such as Android
use permission-based access control mechanism
which is at the granularity of each application.Apart from the code from developers themselves
applications also contain code from third-party libraries
which has led to serious overuse of application permissions.A novel origin-based (similar to browsers) and fine-grained control mechanism was introduced
which broke the boundary between applications in terms of access control and finegrained the granularity to the level of code source.The mechanism was implemented onto Android framework
and a set of tools to modify applications were also offered.Experiment results suggest that system can allow (or limit) certain developers to execute certain sensitive behaviors.
WANG H Y , LIU Z , LIANG J Y , et al . Beyond Google play:a large-scale comparative study of Chinese Android App markets [C ] // 2018 ACM Internet Measurement Conference,October 31November 2,Boston,USA . New York:ACM Press , 2018 : 293 - 307 .
MICHAEL C G , ZHOU W , JIANG X X , et al . Unsafe exposure analysis of mobile inApp advertisements [C ] // The 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks,April 16-18,2012,Tucson,USA . New York:ACM Press , 2012 : 101 - 112 .
RYAN S , CLINT G , JON C , et al . Investigating user privacy in Android ad libraries [C ] // The 3rd Workshop on Mobile Security Technologies,May 24,2012,San Francisco,USA.[S.l:s.n] . 2012 .
WANG H Y , GUO Y , MA Z , et al . WuKong:a scalable and accurate twophase approach to android App clone detection [C ] // 2015 International Symposium on Software Testing and Analysis,July 14-17,2015,Baltimore,USA . New York:ACM Press , 2015 : 71 - 78 .
LIU B , JIN H X , RAMESH G . Efficient privilege de-escalation for ad libraries in mobile apps [C ] // The 13th Annual International Conference on Mobile Systems,Applications,and Services,May 19-22,2015,Florence,Italy . New York:ACM Press , 2015 : 89 - 103 .
SHASHI S , MICHAEL D , WALLACH D S . AdSplit:separating smartphone advertising from applications [C ] // The 21st USENIX Conference on Security Symposium,August 8-10,2012,Bellevue,USA . Berkeley:USENIX Association , 2012 :28.
PEARCE P , FELT A P , NUNEZ G , et al . AdDroid:privilege separation for applications and advertisers in Android [C ] // The 7th ACM Symposium on Information,Computer and Communications Security.May 2-4,2012,Seoul,Korea . New York:ACM Press , 2012 : 71 - 72 .
ROESNER F , KOHNO T . Securing embedded user interfaces:Android and beyond [C ] // The 22nd Security Symposium,August 14-16,2013,Washington,USA . Berkeley:USENIX Association , 2013 : 97 - 112 .
FU J J , ZHOU Y F , LIU H , et al . Perman:fine-grained permission management for Android applications [C ] // The 28th International Symposium on Software Reliability Engineering,October 23-27,2017,Toulouse,France . Piscataway:IEEE Press , 2017 : 250 - 259 .
FU J J , ZHOU Y F , WANG X . Componentbased permission management of Android applications [J ] . Software:Practice and Experience , 2019 , 49 ( 3 ).
胡冰惠 . 基于细粒度动态分析的Android平台第三方库隐私泄露分析 [D ] . 北京:北京交通大学 , 2018 .
HU B H . Privacy disclosure analysis of third-party library on Android platform based on free grained dynamic analysis [D ] . Beijing:Beijing Jiaotong University , 2018 .
DIAMANTARIS M , PAPADOPOULOS E P , MARKATOS E P , et al . REAPER:real-time App analysis for augmenting the Android permission system [C ] // The 9th ACM Conference on Data and Application Security and Privacy,March 19-21,2018,Tempe,USA . New York:ACM Press , 2018 : 37 - 48 .
WANG H Y , HONG J , GUO Y . Using text mining to infer the purpose of permission use in mobile Apps [C ] // The 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing,September 7-11,2015,Osaka,Japan . New York:ACM Press , 2015 : 1107 - 1118 .
WANG H Y , LI Y C , GUO Y , et al . Understanding the purpose of permission use in mobile Apps [J ] . ACM Transactions on Information Systems , 2017 , 35 ( 4 ): 1 - 40 .
ARZT S , RASTHOFER S , FRITZ C , et al . FlowDroid:precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for Android Apps [J ] . ACM SIGPLAN Notices , 2014 , 49 ( 6 ): 259 - 269 .
YANG W , XIAO X , ANDOW B , et al . Appcontext:differentiating malicious and benign mobile App behaviors using context [C ] // The 37th International Conference on Software Engineering,May 16-24,2015,Florence,Italy . Piscataway:IEEE Press , 2015 : 303 - 313 .
YUVRAJ A , MALCOLM H . Protect my privacy:detecting and mitigating privacy leaks on iOS devices using crowdsourcing [C ] // The 11th Annual International Conference on Mobile Systems,Applications,and Services,June 25-28,2013,Taipei,China . New York:ACM Press , 2013 : 97 - 110 .
ENCK W , ONGTANG M , MCDANIEL P . On lightweight mobile phone application certification [C ] // The 16th ACM Conference on Computer and Communications Security,November 9-13,2009,Chicago,USA . New York:ACM Press , 2009 : 235 - 245 .
HAMMAD M , BAGHERI H , MALEK S . Determination and enforcement of leastprivilege architecture in Android [C ] // 2017 IEEE International Conference on Software Architecture,April 3-7,2017,Gothenburg,Sweden . Amsterdam:Elsevier , 2019 : 83 - 100 ,149.
WANG H , GUO Y , TANG Z , et al . Reevaluating Android permission gaps with static and dynamic analysis [C ] // 2015 IEEE Global Communications Conference,December 6-10,2015,San Diego,USA . Piscataway:IEEE Press , 2015 : 1 - 6 .
0
浏览量
620
下载量
0
CSCD
关联资源
相关文章
相关作者
相关机构
京公网安备11010802024621