微信小程序基于资源访问控制的Android平台隐私保护方法研究
【中文摘要】随着移动智能设备的普及以及计算能力的不断提升,应用程序开发者们利用智能设备所提供的各种资源(外设、系统服务以及用户数据等)为用户开发出各类功能强大的应用程序。一方面,在对隐私要求较低的应用场景中,比如公共咖啡馆和家庭中等,这些应用程序可以为用户的日常生活带来便捷和娱乐功能。另一方面,在对隐私有较高要求的应用场景中,比如机密的商业谈话等,应用程序对智能设备中各类资源的滥用也会为用户带来潜在的隐私威胁。因此,如何针对不同的上下文环境,合理的控制应用程序对智能设备中各类资源的使用,成为普适环境中有效保护用户隐私的关键问题。作为在移动操作系统市场份额中占据主导地位的操作系统,Android系统也因其开放的生态环境而成为攻击者的主要目标。
为了限制应用程序滥用设备中的各类资源,Android系统提供了基于权限的资源访问控制机制,虽然一定程度上保护了用户的个人隐私和系统安全,但是仍然存在一些缺陷。为此,本文从资源访问控制的角度出发,深入的研究和分析了Android平台中隐私保护方法。[1]
【关键词】上下文感知 资源访问控制 恶意软件检测
Research on Privacy Protection Method of Android Platform Based on Resource Access Control
Abstract:With the popularity of mobile smart devices and the continuousimprovement of computing power, numerous applications (apps) aredeveloped by using various resources (peripherals, sensors, networkaccess and other system privileges) provided by smart devices. On theone hand, these apps can bring convenience and entertainment to users’daily lives in contexts with low privacy requirements, such as publiccafes and homes. On the other hand, the abuse of these resources in smartdevices by malicious apps will also bring potential privacy threats tousers in application scenarios with high privacy requirements, such asconfidential business conversations. Therefore, how to reasonably controlthe use of these resources according to different contexts has become akey issue to effectively protect user privacy in the pervasive environment.As the dominant operating system in the market share of mobileoperating system, Android system has become the main target ofattackers due to its openness.
In order to limit the abuse of these resources in devices by maliciousapps, the Android system provides a permission-based resource accesscontrol mechanism. Using permissions that are granted at the time ofinstallation, apps can access sensitive data and resources on mobiledevices. Although the permission-based mechanism has played asignificant role in protecting the user privacy and system security to someextent, there are still some shortcomings. To this end, this paper studiesthe privacy protection methods in Android platform from the point ofview of the resource access control mechanism.
Key Words:Context-aware Resource Access Control Potential Malware Detection
目录
1.绪论……………………………………………………………………….. 1
1.1研究背景及意义………………………………………………………….. 1
1.2Android平台资源访问控制的突出问题………………………… 3
Android系统架构及其资源保护相关研究……………… 4
2.1Android系统架构…………………………… 4
2.1.1四层体系结构……………………………. 4
2.1.2安全体系架构……………………………. 6
2.2资源访问控制机制………………………….. 7
2.2.1各类资源……………………………….. 7
2.2.2资源保护机制及其不足与缺陷……………….. 7
2.3上下文感知计算……………………………. 8
Android系统架构及其资源保护相关研究……………… 8
3.1研究动机及问题分析…………………………………………………… 8
3.2基于机器学习组合算法的恶意软件检测模型……………….. 9
3.2.1监督分类器……………………………………………………………… 9
3.2.2基于主流机器学习模型的组合算法………………………… 11
基于声波隐藏通信的隐私问题研究……………………… 12
4.1研究动机…………………………………………………………………… 12
4.2基于正常频率的声波隐藏通信的研究………………………… 13
4.2.1可用正常频率带宽…………………………………………………. 13
4.2.2调制技术的选择…………………………………………………….. 13
4.2.3特殊信号本身声音和其他噪音的消除…………………….. 14
基于用户使用的隐私保护研究…………………………….. 15
5.1不要用USB模式下直接安装应用………………. 16
5.2 看到危险权限请谨慎安装…………………… 16
5.3关闭位置信息访问权限……………………… 16
5.4禁止浏览器接受Cookie…………………….. 16
致 谢…………………………………………………………………… 17
参考文献…………………………………………………………………. 18
请先 !