组件间数据传输安全访问设计
Secure Access to Data Transmission for Inter-Component Communication

作者: 余丽芳 * , 杨天长 , 牛少彰 :北京邮电大学智能通信软件与多媒体北京市重点实验室,北京;

关键词: 安全特权提升攻击隐私敏感数据加密Security Privilege Escalation Attacks Privacy of Sensitive Data Encryption

摘要: 基于Android平台的手机用户量逐年增长,随即而来的安全问题也备受关注。Android安全机制中采用了沙箱机制,签名机制,权限机制等各种方式保证应用程序的安全性,但是也存在一些严重安全问题,比如特权提升攻击。本文提出的方案主要是基于权限的基础上,对传输的数据进行加密处理,如果存在特权提升攻击,但是访问者没有权限访问的情况下,则无法访问到隐私敏感数据。

Abstract: With the Android platform of mobile phone subscribers increasing, the security problem is be-coming more serious and receives much concern. The security mechanisms, such as sandbox me-chanism, signature mechanism and permission mechanism, are adopted in the Android platform in various ways such as to ensure the security of application, but there are still some serious security issues, such as elevation of privilege attacks. The proposed scheme is to encrypt the transmission data mainly based on the permissions. If there is an elevation of privilege attacks, but the visitors do not have access to the case, then the sensitive data privacy cannot be accessed.

文章引用: 余丽芳 , 杨天长 , 牛少彰 (2016) 组件间数据传输安全访问设计。 计算机科学与应用, 6, 590-596. doi: 10.12677/CSA.2016.610073

参考文献

[1] Octeau, D., Mcdaniel, P., Jha, S., Bartel, A., Bodden, E., et al. (2013) Effective Inter-Component Communication Mapping in Android with Epicc: An Essential Step towards Holistic Security Analysis. Proceedings of the 22nd USENIX Security Symposium, Washington DC, August 2013, 543-558.

[2] Cui, X.M., Yu, D., Chan, P., Hui Lucas, C.K., Yiu, S.M. and Qing, S.H. (2014) CoChecker: Detecting Capability and Sensitive Data Leaks from Component Chains in Android. Proceedings of the 19th Australasian Conference on Information Security and Privacy (ACISP 2014), Springer-Verlag, 446-453.

[3] Backes, M., Bugiel, S. and Gerling, S. (2014) Scippa: System-Centric IPC Provenance on Android. In: 30th Annual Computer Security Applications Conference. http://dx.doi.org/10.1145/2664243.2664264

[4] Nauman, M., Khan, S., Othman, A.T., et al. (2014) Realization of a User-Centric, Privacy Preserving Permission Framework for Android. Security & Communication Networks, 8, 368-382. http://dx.doi.org/10.1002/sec.986

[5] Bugiel, S., Davi, L., Dmitrienko, A., et al. (2011) XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks. Technische Universat Darmstadt Center for Advanced Security Research, Darmstadt, 4-6.

[6] Beresford, A.R., Rice, A., Skehin, N. and Sohan, R. (2011) MockDroid: Trading Privacy for Application Functionality on Smartphones. Proceedings of the 12th Workshop on Mobile Computing Systems and Applications (Hot Mobile11), ACM, 49- 54.

[7] Hornyack, P., Han, S., Jung, J., Schechter, S. and Wetherall, D. (2011) These Aren’t the Droids You’re Looking for: Retro-fitting Android to Protect Data from Imperious Applications. Proceedings of the 18th ACM Conference on Computer and Communi-cations Security (CCS22011), Chicago, 639-652.

[8] Davi, L., Dmitrienko, A., Sadeghi, A.-R. and Winandy, M. (2010) Privilege Escalation Attacks on Android. Information Security-International Conference, 6531, 346-360.

[9] Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.-R. and Shastry, B. 2012 () Towards Taming Privilege- Escalation Attacks on Android. Proceedings of Annual Network & Distributed System Security Symposium, 130, 346- 360.

分享
Top