计算机应用 ›› 2019, Vol. 39 ›› Issue (11): 3316-3322.DOI: 10.11772/j.issn.1001-9081.2019040685

• 网络空间安全 • 上一篇    下一篇

基于访问控制列表机制的Android权限管控方案

曹震寰1, 蔡小孩2, 顾梦鹤3, 顾小卓2, 李晓伟4   

  1. 1. 甘肃省信息中心, 兰州 730030;
    2. 中国科学院 信息工程研究所, 北京 100093;
    3. 中国科学院 西北生态环境资源研究院, 兰州 730000;
    4. 甘肃省科协信息中心, 兰州 730070
  • 收稿日期:2019-04-23 修回日期:2019-07-25 出版日期:2019-11-10 发布日期:2019-08-26
  • 通讯作者: 顾小卓
  • 作者简介:曹震寰(1976-),男,甘肃庄浪人,高级工程师,CCF会员,主要研究方向:网络信息安全;蔡小孩(1992-),女,浙江温州人,硕士研究生,主要研究方向:网络安全;顾梦鹤(1974-),女,甘肃白银人,助理研究员,博士,主要研究方向:生态数学模型;顾小卓(1978-),女,甘肃白银人,高级工程师,博士,主要研究方向:网络安全协议;李晓伟(1982-),男,甘肃临洮人,硕士研究生,主要研究方向:信息项目管理。
  • 基金资助:
    国家自然科学基金资助项目(61602475);国家密码发展基金资助项目(MMJJ20170212);甘肃省科技支撑计划项目(1504FKCA096)。

Android permission management and control scheme based on access control list mechanism

CAO Zhenhuan1, CAI Xiaohai2, GU Menghe3, GU Xiaozhuo2, LI Xiaowei4   

  1. 1. Gansu Information Center, Lanzhou Gansu 730030, China;
    2. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;
    3. Northwest Institute of Eco-Environment and Resources, Chinese Academy of Sciences, Lanzhou Gansu 730030, China;
    4. Information Center of Gansu Association for Science and Technology, Lanzhou Gansu 730030, China
  • Received:2019-04-23 Revised:2019-07-25 Online:2019-11-10 Published:2019-08-26
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (61602475), the National Cryptographic Foundation of China (MMJJ20170212), the Gansu Science and Technology Support Project (1504FKCA096).

摘要: Android采用基于权限的访问控制方式对系统资源进行保护,其权限管控存在管控力度过粗的问题。同时,部分恶意程序会在用户不知情的情况下,在隐私场景下偷偷地对资源进行访问,给用户隐私和系统资源带来一定的威胁。在原有权限管控的基础上引入了访问控制列表(ACL)机制,设计并实现了一个基于ACL机制的Android细粒度权限管控系统。所提系统能根据用户的策略动态地设置应用程序的访问权限,避免恶意代码的访问,保护系统资源。对该系统的兼容性、有效性的测试结果表明,该系统能够为应用程序提供稳定的环境。

关键词: Android, 数据安全, 细粒度权限管控, 访问控制列表机制, 系统资源

Abstract: Android uses the permission-based access control method to protect the system resources, which has the problem of rough management. At the same time, some malicious applications can secretly access resources in a privacy scenario without the user's permission, bringing certain threats to user privacy and system resources. Based on the original permission management and control and with the introduction of Access Control List (ACL) mechanism, an Android fine-grained permission management and control system based on ACL mechanism was designed and implemented. The proposed system can dynamically set the access rights of the applications according to the user's policy, avoiding the access of malicious codes to protect system resources. Tests of compatibility and effectiveness show that the system provides a stable environment for applications.

Key words: Android, information security, fine-grained permission control, Access Control List (ACL) mechanism, system resource

中图分类号: