Nowadays,with more and more functions of smart phones,they have become smart devices with social,entertainment,business and other functions.Therefore,the privacy issue of mobile phones has attracted more and more attention.Now Android mobile phone has a high share in the market,with rich functions,the device security is also very guaranteed.However,at this stage,the protection of Android side channel privacy data needs to be improved.Because many sensors involved in the side channel are not protected by Android permission mechanism,and with the emergence of some side channel attacks,malicious three-party applications can obtain side channel privacy data and extract important privacy information.In order to solve the problem that the privacy leakage protection of Android side channel is not perfect,this paper proposes a security container to protect the privacy data of Android side channel.In the virtual environment constructed by the security container,the application side channel privacy leakage is detected,and the corresponding security policy scheme is generated according to the detection results.The following is the main work of this paper:(1)Firstly,a dynamic taint analysis scheme is proposed to generate the side channel privacy data call chain based on the operation principle of Android components.Then,according to the sensors involved in the side channel,a data source monitoring model is proposed to monitor the data generated by the sensors.Finally,combined with the characteristics of side channel privacy data,a privacy data risk determination scheme is proposed to determine the privacy leakage and generate protection strategy.(2)According to the above scheme,this paper constructs a security container,which takes over the system services through reflection and proxy technology in the proxy module,and constructs a virtual environment in which applications can run.In the service module,the security detection and protection scheme are implemented,the sensor data source involved in the side channel is monitored,the characteristics of the data generated by the data source are extracted,and the private data call chain is generated in the form of call stack.The leakage risk is judged by combining the data characteristics generated by the data source and the private data call chain,At the same time,privacy data is protected in data source and data disclosure point.Finally,through experiments,it is proved that the security container in this paper can complete the detection and protection of side channel privacy leakage. |