Android Privacy Protection System Based On SEAndroid

Google Android occupies a huge market share, and is also in increased year by year. In the face of such a large group of Android users, the security situation is more and more serious. Among existing various malicious software applications, the malicious deduction softwares occupy a large proportion, but malicious softwares with stealing privacy present a rapid soaring posture,and bring enormous threats to users’privacy. The Android system itself provides security mechanism such as sandbox and permissions mechanism to protect the security of the Android system,but they can’t effectively prevent transitivity use of the permissions,which will lead to privilege escalation attacks. Privilege escalation attacks mean that an application with less permissions is not restricted to access components of a more privileged application.To solve the problem of the privilege escalation attacks and protect the personal data of the Andriod system, researchers have proposed many solutions,but these solutions are all aiming at upgrading privilege escalation attacks at the application layer.In fact, malicious applications can communicate with authorized application bypassing permissions mechanism to obtain the users’ personal data at the Linux kernel layer. So, solutions to solve privilege escalation attacks at the Linux kernel layer should be proposed.It should prevent unauthorized application from communicating with authorization application via the file system to get access to unprivileged resources.Aiming at Privilege Escalation Attacks caused by process communication at the Linux kernel layer, this dissertation designes and implements a Android privacy protection system based on SEAndroid.SE Android provides Mandatory Access Control. Thd dissertation uses the SEAndroid relevant mechanism to provide a solution about privilege escalation attacks caused by communicating through file system at the Linux kernel layer. Android Privacy Protection System Based on SEAndroid automatically sets security label for Android applications based on user privacy permissions configuration at its installation, has control of process accessing files on the base of security label,prevents Android applications without permissions from accessing personal data through file system.Android Privacy Protection System Based on SEAndroid is made up of five modules.The first one is Privacy Rights Configuration Module which allows the user to independently configure privacy permissions to protect accordingly privacy information and is the precondition of system implementation.The second one is Security Label Setting Module that automatically sets security label for Android applications based on user privacy permissions configuration and permissions that be granted by user at its installation. The third ons is Access Policy Module which will makes strategy for process to access file based on the security label.The fourth one is Strategic Decision and Implementation Module that allows or refuses to perform the corresponding access operation based on the strategy before process accesses file system.The last one is File Security Label Update Module which updates the security label of file after being written successfully.The Privacy Protection System Based on Mandatory Access Control effectively prevents the occurrence of privilege escalation attacks at the Linux kernel layer, prevents unauthorized applications from communicating with authorized application through file system to obtain personal data.