| With the rapid development of the Android system in the mobile intelligent platform,the accompanying security issues are constantly increasing,especially the problems of malware,kernel attacks,privacy leaks,and so on,which caused by the applications.How to ensure the security of Android system has become an important research topic.In the Android system,control of the application is mainly based on the permissions,and the granting of sensitive authority involved in sensitive behavior is the main cause of security risk.The access of application privileges depends on the user's autonomous decision,and it is difficult for users to correctly understand the significance of permissions,resulting in fuzzy grant decisions.This paper will focus on two problems,one is about the incompatible authority grant,and the other one is the fuzzy grant decision.It takes the Android system kernel as a starting point,analyze Android source code,and research kernel protection scheme from the point of hardware mechanism.The main research contents are as follows:(1)Aiming at the kernel protection,this paper proposes a protection strategy based on isolation mechanism.It Uses the Trustzone hardware isolation mechanism to create an ordinary virtual machine and a security virtual machine,to provide two different operating spaces for applications.Depending on the permissions sensitivity results,applications are assigned to different virtual machines for isolation.(2)This paper puts forward a method based on comparison and analysis of permission combination to focus on fuzzy grant decision.It adds an access analysis function,to make a comparative judgment for sensitive behavior permissions and the hole applied permissions,to separates sensitive permission set,and weights the permissions,calculates standardized results,which is also the weight of sensitive permission in all permissions,as the basis for users to make grant decisions.(3)In aspect of incompatible authority grant,this paper proposes a privilege condition restriction method.It modifies the Installer part of kernel source code,to change the permissions restriction policies combined with the APEX mechanism,adding restriction rules for permissions.This paper is mainly based on the underlying mechanism of Android,from the analysis of the Android kernel source code,proposes the protection strategy of isolation mechanism,the method of analysis and comparison of the permission combination,and the method of privilege condition restriction,which has a certain reference value for the study of Android protection mechanism... |
PDF Full Text Request