| A smart phone is a very personal device to a user, hence its security, especially the protection of user privacy, is an important issue. However, as one of the most popular smart phone operating systems, Android has some problems in its security framework. The mainly used Android versions adopt a static permission mechanism to restrict applications'access to resources, which is not controllable for users; although the latest 6.0 version provides dynamic permission control functionality, it still lacks coverage of all the permissions. Moreover, the current permission mechanism cannot protect the massive privacy concerned data stored on the external storage.To enhance Android security, various solutions are proposed by researchers and developers. However some of them are limited to theoretical studies, which perform poorly in terms of practicability. Besides, few of them provide appropriate solutions for the protection of the sensitive data on external storage. To address these problems, a dynamic permission control mechanism is proposed in this thesis. It provides comprehensive access control for the sensitive resources, including dynamic control of all the permissions of Android system and fine-grained permission control for Android external storage. The detailed subjects of this thesis are:1) We study the current permission mechanism of Android, including the original static permission mech-anism and the new dynamic permission control functionality added in version 6.0; then we propose a method to enhance the Android permission mechanism, which makes permissions controllable in An-droid 4.4, and eliminates the limitations of permission control in Android 6.0;2) We analyse the technical details of the emulated external storage, and reveal the vulnerability of external storage based on the study of commonly used applications; then we design and implement a fine-grained permission control mechanism utilizing FUSE and the DAC model of Linux;3) On the basis of the studies, we build a customized Android system with the dynamic permission mech-anism, and carry out functional verification and performance benchmarks.The dynamic permission mechanism of this thesis consists the complete dynamic control of system permissions and the fine-grained permission control for external storage. These functionalities greatly enhance Android security, especially the privacy protection. Compared with the current studies, the work in this thesis is more comprehensive, and has better practicability. The benchmarks show that in most cases, the performance of the customized system is almost the same compared with the original system, only except in file-intensive operations which have certain amount of performance overhead. |
PDF Full Text Request