| As mobile Internet and smart terminals have changed the way of living and production, a growingnumber of users have already been accustomed to handling their own affairs, social relations and businessinformation with intelligent terminals at hand, which are often used to store and record a large sum of userprivate data. From the traditional PC platform to the mobile platform, privacy protection has been not onlythe research emphasis and difficulty in the field of security, but also the ultimate goal of all securitymechanisms. Due to the potential commercial value of user privacy and the seamless data accessmechanisms of mobile platforms, user privacy is facing unprecedented security threats.In the existing mobile Internet, it is extremely difficult to maintain a pure and safe mobile terminalenvironment, and meanwhile, existing privacy protection mechanisms also cannot satisfy the needs of therapid social mobile process. By analyzing the characteristics and threats of the private data, the mobile userprivacy protection mechanism is studied in combination with the mobile platform system framework andthe security mechanism. Details are as follows.The first is MDAC. By analyzing the advantages and disadvantages of the data access managementframework and the application permissions granted mode in the existing mobile platform, we give anextensible framework MDAC (Model of Data Access Control) to control the access to private data. Incertain scenarios, MDAC can be well-developed with the specific system, towards a more perfect andpractical scheme for the protection of users’ privacy.Secondly, we study the shortcomings of coarse granularity authorization model of the Androidplatform, and design a new protection scheme based on grey list. Based on the original authority and audit,this scheme has added the access control framework, which depends on the applications’ credibility set bymobile users, to ensure the security of privacy data further.Thirdly, combining with the existing evaluation criteria on safety grade and the malice of applications,the private data protection scheme with the adjustable trust threshold is proposed on Android terminals. Inthe scheme, a proxy data request processing module is added into the authentication center of the AndroidOS, and simultaneously, it provides mock services to the requestor, which is below the trust threshold setby mobile users, to ensure the security of privacy data.Finally, a protection scheme for users’ privacy is raised based on the mechanism of permissionreduction. In this scheme, the installed applications are abstracted into the nodes of an oriented graph andthe information interaction is also compared among applications. In consideration of lack of privacysupervision in the data communication among applications, a permission reduction mechanism is designedto defense the coordinating attacks and authorization-raised attacks. The main efforts are not only focusedon how to specify the representation of permission lists and the storage scheme, but also on how to simplifythe interaction graph.According to the work above, we have finished experiments on the open Android platform to test thefeasibility. These experiments show that the schemes can obtain the expected out comings and can be easilyimplemented in a real phone. |
PDF Full Text Request