Design And Implementation Of Fine-grained Behavior Monitor System For Applications On Android

Android platform provides a variety of permissions for applications to access to sensitive resources on the Android platform,including network,geographic location and telephone information.In order to protect these sensitive resources from the use of the applications,Android platform itself provides a permission system,but it is coarse-grained to some extent which means that the application can be granted wider range of permissions than it requires,for example,when an application is granted of the permission to access the network,the permission does not restrict the domain the application can really access.This paper designs and implements a fine-grained behavior monitor system for applications on the Android platform for the coarse granularity of the Android permission system.The main work of this paper can be summarized as the following aspects:1.This paper studies the common methods of fine-grained behavior control on the Android platform,including bytecode-rewriting,native library modification and Android system modification,summarizes the advantages and disadvantages of these methods,and puts forward a new system design idea.2.This paper studies the overall architecture of Android platform,including the interaction between application and operating system,Binder communication mechanism and Zygote process.At the same time,we achieve the shared library injection of Zygote process by studying the ptrace mechanism provided by Linux kernel and function redirection of libc by studying the dynamic link mechanism of Linux.3.This paper implements the fine-grained behavior monitor system for applications on the Android platform,mainly including two modules: Behavior Monitoring Module and Behavior Decision Module.The former hijacks the invocation to libc functions of applications,thereby analyzing and extracting the behavior of the application;the latter makes a decision on the behavior of the application,in which blacklist filtering is used for the behavior of accessing the network or sending text messages,and the user makes a decision on the other behavior.4.This paper tests the functionality of all modules of the system and performance impact on applications access to Android system services after system monitoring is enabled on the Android real machine.The final experimental results show that the system is well completed the design goals.