改进的Android强制访问控制模型

doi:10.3724/SP.J.1087.2013.01630

计算机应用 ›› 2013, Vol. 33 ›› Issue (06): 1630-1636.DOI: 10.3724/SP.J.1087.2013.01630

改进的Android强制访问控制模型

蒋绍林,王金双,于晗,张涛,陈融

解放军理工大学指挥信息系统学院,南京 210007

收稿日期:2012-12-03 修回日期:2013-01-15 出版日期:2013-06-01 发布日期:2013-06-05
通讯作者: 蒋绍林
作者简介:蒋绍林(1988-),男,贵州贵阳人,硕士研究生,主要研究方向:信息安全、嵌入式系统;王金双(1978-),男,黑龙江佳木斯人,副教授,博士,主要研究方向:信息安全、可信计算；于晗(1982-),男,辽宁沈阳人,讲师,主要研究方向:信息安全;张涛(1973-), 男,甘肃泾川人,教授,博士,CCF高级会员,主要研究方向:计算机系统结构、信息安全、嵌入式系统；陈融(1976), 女,湖北公安人,讲师,博士研究生,主要研究方向:信息安全、嵌入式系统。
基金资助:
理工大学预先研究基金资助项目（KYZYZLXY1208）

Improved mandatory access control model for Android

JIANG Shaolin,WANG Jinshuang,YU Han,ZHANG Tao,CHEN Rong

College of Command Information System, PLA University of Science and Technology, Nanjing Jiangsu 210007, China

Received:2012-12-03 Revised:2013-01-15 Online:2013-06-05 Published:2013-06-01
Contact: JIANG Shaolin

摘要/Abstract

摘要： 为了降低Android平台受应用层权限提升攻击的可能性，研究分析了对利用隐蔽信道进行的合谋攻击具有较好防御能力的XManDroid模型，针对该模型存在无法检测多应用多权限合谋攻击的问题，采用构建进程间通信连接图并利用有色图记录应用通信历史的方法，提出了一种基于通信历史的细粒度强制访问控制模型。对原型系统的测试结果表明：所提出的模型能够很好地解决XManDroid模型存在的问题。

关键词: 安卓系统, 权限机制, 安全沙盒, 强制访问控制, 权限提升攻击

Abstract: In order to protect Android platforms from the application-level privilege escalation attacks, this paper analyzed the XManDroid access control model, which has better ability on fighting these attacks, especially the collusion attack on the covert channel. To address the problem that XManDroid could not detect the multi-application and multi-permissions collusion attacks, this paper proposed an improved mandatory access control model which recorded the communication history of applications by building an IPC links colored diagram. At last, the test result on the prototype system show that the new model can solve the problem in the XManDroid well.

Key words: Android system, permission, sandbox, mandatory access control, privilege escalation attack

中图分类号:

TP309.1

蒋绍林王金双于晗张涛陈融. 改进的Android强制访问控制模型[J]. 计算机应用, 2013, 33(06): 1630-1636.

JIANG Shaolin WANG Jinshuang YU Han ZHANG Tao CHEN Rong. Improved mandatory access control model for Android[J]. Journal of Computer Applications, 2013, 33(06): 1630-1636.

参考文献

［1］ BUGIEL S, DAVI L, DMITRIENKO A, et al. Towards taming privilege-escalation attacks on Android［EB/OL］.［2012-07-20］. http://www.trust.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_TRUST/PubsPDF/NDSS_2012_Towards_Taming_Privilege-Escalation_Attacks_on_Android.pdf.

［2］ DAVI L, DMITRIENKO A, SADEGHI A R, et al. Privilege escalation attacks on Android［C］// Proceedings of the 13th International Conference on Information Security. Berlin: Springer-Verlag, 2011:346-360.

［3］ ROMAN S, ZHANG K H, ZHOU X Y, et al. Soundcomber: A stealthy and context-aware sound trojan for smartphones［C/OL］.［2011-05-15］.http://www.isoc.org/isoc/conferen-ces/ndss/11/pdf/1_1.pdf.

［4］ KLEIDERMACHER D. Bringing security to Android-based devices［EB/OL］. ［2010-10-22］. http://www. igmagazineonline.com/current/pdf/Pg56-58_IQ_32-Bringing_Security_to_Android-based_Devices.pdf.

［5］ NIGHTINGALE A, MIJAT R. Virtualization is coming to a platform near you［EB/OL］. ［2011-10-11］. http://www.arm.com/files/pdf/System-MMU-Whitepaper-v8.0.pdf.

［6］ MATTHIAS L, STEFFEN L, LACKORZYNSKI A, et al. L4Android: A generic operating system framework for secure smartphones［C］// Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. New York:ACM,2011:39-50.

［7］ SHABTAI A, FLEDEL Y, ELOVICI Y. Securing Android-powered mobile devices using SELinux［J］. IEEE Security and Privacy, 2010, 8(3): 36-44.

［8］刘昌平，范明钰，王光卫，等. Android手机的轻量级访问控制［J］. 计算机应用研究，2010，27(7):2611-2613, 2628.

［9］ NAUMAN M, KHAN S, ZHANG X W. Apex: Extending Android permission model and enforcement with user-defined runtime constraints［C］// Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security. New York: ACM, 2010: 328-332.

［10］ ENCK W, ONGTANG M,MCDANIEL P. On lightweight mobile phone application certification［C］// ACM Conference on Computer and Communications Security. New York: ACM, 2009: 235-245.

［11］ FELT A P, WANG H J, MOSHCHUK A, et al. Permission re-delegation: Attacks and defenses［C］// Proceedings of the 20th USENIX Security Symposium. Berkeley, CA:USENIX Association, 2011: 22-37.

［12］ ONGTANG M, MCLAUGHLIN S, ENCK W, et al. Semantically rich application-centric security in Android［J］. Security and Communication Networks, 2011, 5(6): 658-673.

［13］ DIETZ M, SHEKHAR S, PISETSKY Y, et al. QUIRE: light-weight provenance for smart phone operating systems［C］// Proceedings of the 20th USENIX Conference on Security. Berkeley, CA:USENIX Association,2011: 23-34.

［14］ ENCK W, OCTEAU D, MCDANIEL P, et al. A study of Android application security［C］// Proceedings of the 20th USENIX Conference on Security. Berkeley, CA:USENIX Association, 2011: 21-44.

［15］ CHIN E, FELT A P, GREENWOOD K, et al. Analyzing inter-application communication in Android［C］// Proceedings of the 9th International Conference on Mobile Systems, Applications, and Service. New York:ACM, 2011:239-252.

［16］ FUCHS A P, CHAUDHURI A, FOSTER J S. SCanDroid: Automated security certification of Android applications［J/OL］.［2012-06-20］. http://www.cs.umd.edu/~avik/projects/scandroidascaa.pdf.

［17］ BUGIEL S, DAVI L, DMITRIENKO A, et al. XManDroid: A new Android evolution to mitigate privilege escalation attacks［R］. Darmstadt: Technische University Darmstadt, System Security Lab, 2011.

[1]	王雷庄毅潘龙平 . 基于强制访问控制的文件安全监控系统的设计与实现[J]. 计算机应用, 2006, 26(12): 2941-2944.
[2]	林宏刚;戴宗坤;李焕洲. BLP模型的时域安全研究[J]. 计算机应用, 2005, 25(12): 2723-2724.
[3]	陈晓林;吴永英;李专. 细粒度的XML推理控制及实现[J]. 计算机应用, 2005, 25(11): 2544-2546.

改进的Android强制访问控制模型

Improved mandatory access control model for Android

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 3

编辑推荐

Metrics