| With the rapid development of the mobile Internet and the rapid increasement of mobile intelligent terminal, our living standards were greatly improved and the way we live was changed. However, with the great enjoy and convenient brought by them, sensitive data stored on the smart terminal has been faced unprecedented security challenge.The information flow control protection technology can effectively solve the problem, but the existing information flow models and techniques are unavailable and too difficult to implementation on mobile platforms.Meanwhile, the importance of ensuring the basic software operating system security is is self-evident.Therefore, the study of fine-grained information flow protection for mobile platform operating system is particularly important.According to the features and security needs of Android mobile operating system, a fine-grained information flow control model and its key technologies are studied.The main innovations and contributions of this paper are as follows:1.For the poor availability and flexibility of existing information flow control model when Applied to the mobile platform, a fine-grained information flow control model based on decentralized taint marks was proposed, which support the confidentiality, integrity and availability, the principle of least privilege, the principles of separation of duties, fine-grained data sharing and explicit declassification capabilities.Inspired by the mind of decentralized labels management, taint-labels were assigned to each data to improve fine-grained information flow control.At the same time, capacities of taint-infection were defined to each peer to support for least privilege characteristic. In this model, the information flow is determined by the contaminate data and infection capacities of peer to improve the flexibility and availability. This paper also uses Multi Value-passing Security Process Algebra (MVSPA) to clear the formal semantics of FIFC model.Moreover, the verification of system equivalence proves that FIFC mode has the security property of Strong Bisimulation-based Non Deducibility on Compositions (SBNDC) in virtue of CoPS tool. At last, Expression ability and application examples of the model were given.2.For the low efficiency of the dynamic taint propagation and control technology, a dynamic adaptive taint tracking optimization method based on Dalivk just-in-time compile was proposed. First, taint propagation logic was separate from the program logic precisely to simplifying the complexity of the taint propagation analysis.Then, a taint propagation framework proved to be was proposed, and the taint propagation analysis algorithms were proved to be correctness, validity and accuracy under this framework, the optimization algorithms such as redundant load or store stain elimination, double computing stain elimination, loop-invariant stain code mention and unreachable stain code elimination were given.Finally, the optimization framework and optimization algorithm performance testing were introduced. The results show that the performance of dynamic taint tracking system was effectively improved by saving 6.6% of memory usage and the instruction execution time for every single hot trace.3.For the complexity of configure the security labels of application which can properly expressed the system security requirements, an optimization method to mining the security labels of system application was proposed.First, the system application labels optimization problem is mapped to the application permissions optimization problem.Then, the permission mechanisms were formal descripted and security policy and utility policy were defined, an unauthorized detection algorithm based on matrix transitive closure was proposed. Finally, the optimization problem was defined,towards the application components, an optimized permission solution based on genetic algorithms was proposed.The experimental results show that the proposed algorithm can find the approximate optimal solution effectively and precisely.4.A prototype system named OFCDroid which can provide fine-grained information tracking and control was implemented.First, the overall framework and workflow of the prototype system was designed.Then, the implementation detail of the key technologies such as application ability mark,data taint mark technology, taint propagation technology and compiler optimization of taint propagation technology was introduced.Finally, several schemes of function and performance tests on OFCDroid are introduced.The result shows that OFCDroid is a fine-gained,accurate, efficient and flexible system that tracking and controlling the privacy information flow at runtime. |
PDF Full Text Request