Design And Implementation Of Security Supervising System For Application Behaviors In Android

In recent years, the rapid development of mobile applications market and mobile Internet industry has been promoted by Mobile intelligent terminals which headed by Android. However, considering the great openness of Android system,terminal application software with different qualities is also embraced, which posing more potential security threats to Android. In this context, the framework of security mechanism in Android system is deeply analyzed in this paper. Furthermore, considering the threats from malicious applications, a new monitoring technology is proposed to enhance the existing Android security framework. On this basis, a security supervising system for application behaviors in Android is creatively designed and implemented.This paper deeply analyzes the need and goal of the security supervising system and designs the whole framework of the system. Accordingly,critical technology and development environment are introduced in detail.To roundly supervise the behaviors of any application inside and outside the process, this system provides extensible platform resolution for reinforcing Android security, of which, can be divided into two specific subsystems-the Android application permissions dynamic control subsystem based on process injection and the Android kernel real-time monitoring subsystem based on information flow. In the process’s external aspect, the subsystem, by process injection, intercepts data flow of Android Binder IPC and analyses the applications’ behaviour intentions, which generates a control system prototype over application permission to monitor and manage behaviors outside the process. Meanwhile, this paper comprehensively elaborates the code implementation of process injection, redirection of functions, extraction of applications’behaviors, obtaining of applications’permission list, storage of applications’permission and control of applications’ permissions.In the process’s internal aspect, seeing the specific characteristics of Android system execution flow, this paper accurately describes applications’behaviors inside the process in a form of information flow. With Linux system call as the monitoring point, Applications’runtime behaviors are intercepted and analyzed in this subsystem. In addition, this paper provides detailed procedure introduction and code implementation for access to system call, extraction of information flow, storage of information flow and the communication between kernel space and user space.In the last chapter of this paper, functional verification and performance test of each module in this monitoring system are carried out in real machine and emulator environment; the analysis of the test result shows that the system can operate stably and will achieve the anticipated effects within1%runtime, realizing the access control to application behaviors outside the process and the monitoring on application behaviors inside the process. In conclusion, this security monitoring system for supervising application behaviors is fully proved to be evidently effective, versatile and flexible in research of Android’s Hacking and Defence technology, providing both the users and the manufacturers with reference on system architecture for enhancing Android security. Moreover, this system prototype which supporting various customizations of secuirty applications enables users to reduce threats from malicious behaviors of Android applications on a large scale.