| With the development of mobile Internet, the security of intelligent mobileterminals is becoming much more severe. As one of the most popular intelligentmobile operating systems, Android has drawn wide application market for itsopenness and practicability. But as an operating system focusing on functionality, thesafety of Android has always been a problem. Numerous malicious applicationsfetch user privacy data, accessing text messages, contacts and other privacyinformation. There are also some malicious applications performing automaticdialing and automatically sending SMS charging messages in the background,causing money loss. Although Android provides security mechanisms includingapplication sandbox and permission management, the attacks for Android are stillemerging because of the negligence of Android security mechanisms, carelessdevelopers and other reasons. One problem is the privilege escalation attack where aless privileged application steals privacy data and performs sensitive action via aprivileged application.Due to the popularity and openness of Android, the security scheme is based onAndroid, but the design idea of the scheme can also be applied to other mobileoperating systems to cover more intelligent mobile terminals. This paper aims toprotect the privacy data and sensitive action (both are collectively called sensitiveresources) in Android and to reinforce security on existing Android system. Toprevent the privilege escalation attack which results in privacy data leak andsensitive action misuse, this paper presents PreChain, a permission managementsolution based on call chains which record call relationships among components. Bycombining call chains with access policies, PreChain can prevent the sensitiveresources misuse caused by privilege escalation attack. Unlike other access polices providing attributes merely associated with system resources, the policy in PreChainis based on call chains and therefore constraint attributes (e.g., the maximum numberof applications in a chain) are put on the call chain for certain system resource.Considering the protection of PreChain will have omission, for the privacy data thathas been maliciously visited, the feasible way is to prevent its flow from intelligentmobile terminals, so this paper also presents PostBlack, a text privacy leak detectionand protection solution based on black-box label tracking. Based on preset labels,PostBlack examines the text privacy data sent by third-party apps via a black-boxway. Because of the black-box way, PostBlack need not intercept and analyze theoperation of instruction, also need not request much extra memory. So PostBlack canavoid the serious computing resources consumption caused by commonly usedwhite-box way.The performance experiments on PreChain and PostBlack show that bothsolutions incur little impact on system performance, suitable for the intelligentmobile terminals with limited computing resources. |
PDF Full Text Request