Research On Fine-grained Multi-domain Access Control Security Model For Android System

The rapid popularization of smart phones makes it an important mobile computing terminal in the information age.Android system has become the most widely used operating system in the mobile computing terminal with its openness and good user experience.However,when the Android system brings convenience to users,its security problems are gradually exposed,mainly including the increasing of malicious applications,the endless stealing means and the grim data leakage situation.The existence of loopholes in the Android system security mechanisms is the fundamental reason for those problems.Therefore,this paper uses domain isolation technology and strong security access control mechanism to enhance the security of the Android system.The main work of the paper includes the following three aspects:1.Design of fine-grained multi-domain access control model for Android system.In fact,Android system authority mechanism is coarse-grained and the kernel layer access control mechanism is relatively weak.According to domain control theory,this paper designs a fine-grained multi-domain access control model integrating confidentiality,integrity and availability,which classify different kinds of applications and define the model state variables,invariants and inter domain access control rules.It achieves the purpose of greatly refining and enhancing the access control mechanism between application processes and constraining the access behavior of the application.And it can effectively prevent unauthorized applications accessing the protected data resources and enhance the security of the system.2.Formal analysis and verification of fine-grained multi-domain access control model for Android system.Firstly,this paper describes the fine-grained multi-domain access control model based on Z specification by using Z formal specification language,mainly including the Z specification of safe state and Z specification of access operation.And then it describes the initial state security theorem and the state transition security theorem,which are needed by the formal analysis of the model.Finally,this paper proves the model's security theorem with the help of formal verification tool Z/EVES.The result shows that the multi-domain access control model achieves consistency,and meets the security requirements of domain classification management and cross domain on-demand authorization.3.Design and implementation of fine-grained multi-domain access prototype system for android platform.Firstly,Combing with the characteristics of Android system architecture,the overall framework of the multi-domain access control prototype system is designed based on the fine-grained multi-domain access control security model,and the components of the system are described.Then we achieve the components of the system,complete the system test program and give the test results.The experimental results show that it can effectively enhance the security of Android system by sorting domain management and cross domain authorization access control.