Research And Design Of Security Policy Dynamic Analysis And Configuration Based On SEAndroid Set-top Box

As the Android system continues to expand its market share in education,entertainment,public services,and mobile payments,there are more and more malicious software and vulnerability attacks targeting Android systems.In order to deal with the security problems,the Android system introduced a mandatory access control mechanism(Security-Enhanced Android),which is based on the original security mechanism and is suitable for Android,the mandatory access control mechanism is highly dependent on perfect security policy when enforced system security.The security policy plays an important role in the SEAndroid security mechanism,it will be used to check and restrict the access rights of privileged resources.To deal with the continuous updating of system functions and malicious attacks,the development of security policy must be improved constantly.The existing methods for developing and perfecting the security policy require the policy development engineers to update the operation manually according to the Audit Log,which is not only time-consuming but also error-prone,resulting in the increasing development cost and easily lead to potential escalation attacks.Therefore,researching and designing the system,which security policy is analyzed and configured dynamically to ease the development,ensure the development quality as well as improve the flexibility of the configuration operation in the SEAndroid mechanism possess practical significance.Taking the demands of the development of the security policy of SEAndroid security mechanism as prerequisite,the system with the security policy analyzed and configured dynamically is designed,which is combined with some technologies such as classical Sorting Algorithms about learning machine,the rule risk rate,the trust algorithm and the dynamic configuration of security policy.The main function modules of the system include the audit module,the policy dynamic configuration module,the policy dynamic analysis module,and the policy rule evaluate module.In this thesis,the SEAndroid system scheme with the security policy analyzed and configured dynamically:1)The scheme will dynamically configure security labels for application processes based on user's choice of application permissions.It solved the shortcomings of the existing security mechanism that can't set thesecurity label flexibly according to the actual requirements.At the same time,the user participation in security protection is realized.2)The system scheme realized the dynamic analysis of the security policy.It dynamically analyzes and classifies the newly-acquired access pattern datas captured in the system audit logs,and then improve and perfect the existing security policys according to the classification and analysis result,so the security of the Android system has been further improved.Finally,the feasibility of the system's main modules in the general Android set-top box system is verified.The test result is that the system can analyze and configure the security policy dynamically,and work with high reliability.And the classification algorithm designed in this paper is more effective than the traditional keyword classification algorithm,especially for the new form of access pattern with certain learning ability,which making the classification efficiency and accuracy further improved.The desired design goal is achieved.