| With the rapid development of the applications that based on Internet, Android smart phones play more and more important role in society, for privacy data security issues in the android smartphones also appears more and more serious. Among them, the problem of third-party application leading to the leakage of data is the focus of the current social topics. Related research on this safety issue has become an important research topic in the field of mobile terminal security. According to the current mainstream research, although the static-testing-management can minimize the loss, but accuracy is not high and likely to cause misjudgment. Although the dynamic-analysis-management requires a efficiency coss, it gets a balance between security and convenience. However, the mechanism based on dynamic-analysis-management is implemented by the interface level of granularity, it can not get more in-depth information about system call level monitoring. If you can get system call information of the process when Android applications accessing privacy data, you can achieve more accurate protections for privacy data.To this end, this paper presented a system call level monitoring mechanism based on Binder driver. This mechanism mainly consists of two modules: identification module and the monitoring module. Specifically, take a judgment in the system service registration stage, for service calls involving privacy data apply a custom registration command, Binder drive intercept the command and modify the description of the relevant service; privacy data access phase, according to the registration phase identification module description tag to filter out data access request privacy, and access transaction marked for privacy, which is mounted to the system service process transaction queue and wake up an idle thread in service process thread pool wait queue; When the service thread executing, the identification module initiates monitoring transactions to monitoring module, through synchronization loop waiting to start monitor thread, so that the monitoring module monitoring service prior to the execution of service thread;After obtained accessing information,the monitoring module analyzes the monitor transaction, then hijacks the target thread by ptrace system call and do synchronization to let target thread continue to execute; throughout the process of privacy data access, monitoring module get the value of the relevant register when the system call command, thereby obtaining a system call information; After the service thread complete privacy data access, identification module determines that privacy transaction again, and modify the monitoring stop identification, so making monitoring program to stop the monitoring. By the analysis of system call information got through the process of access privacy data, this paper complete the security audit of application accessing privacy data and do more protection measures at deeper level.Finally, in order to verify the proposed monitoring mechanism, this paper designed and implemented a prototype system based on Android4.1.1 system and goldfish2.6.9 kernel. The effectiveness and efficiency of monitoring mechanism is verified by functional testing and performance testing of the prototype system. |
PDF Full Text Request