| With the continuous expansion of the smart mobile terminal device market,the Android system has become a leader in the smart mobile terminal market,occupying an extremely large market share.At the same time,due to the hidden dangers of the Android system's own security mechanism,sensitive data leakage is likely to occur on Android m obile intelligent terminals.The SEAndroid mechanism is a mandatory access control mechanism on the Android system,which provides fine-grained permissions management and prevents unauthorized access attacks.By analyzing the principle and characteristics of SEAndroid mechanism,this paper designs and implements the active and passive defense mechanism of sensitive data based on SEAndroid for the protection of sensitive data on Android system,including active defense security mechanism and passive defense management technology.The active defense security mechanism includes the permissions control part and the content encryption part.Under the original security goal of ensuring the SEAndroid security mechanism,deep customization is provided for sensitive data protection to provide permissions control,supplemented by content encryption to enhance the security of sensitive data.The passive defense management technology includes two parts:the policy analysis tool based on SEAndroid source code and the dynamic update technology of SEAndroid policy.The strategy analysis tool can analyze the strategy based on the source code,help the strategy development and analysis personnel to conduct manual audits,and provide a more concise and secure strategy for the active defense security mechanism.The strategy dynamic update technology is to solve the problem that the SEAndroid policy update is inconvenient.Try to quickly update the SEAndroid policy on the device without restarting the mobile phone or updating the system,and ensure that the active defense mechanism can be quickly updated and iterated. |
PDF Full Text Request