###

计算机系统应用英文版:2019,28(8):1-9

View/Add Comment 过刊浏览高级检索 HTML

←前一篇 | 后一篇→

码上扫一扫！

下载全文

Android框架层完整性度量方案

周星锦¹, 秦宇¹, 吴秋新², 习伟³, 赵世军¹

(1.中国科学院软件研究所可信计算与信息保障实验室, 北京 100190;2.北京信息科技大学理学院, 北京 100196;3.南方电网科学研究院有限责任公司, 广州 510080)

Integrity Measurement Method for Android Framework

ZHOU Xing-Jin¹, QIN Yu¹, WU Qiu-Xin², XI Wei³, ZHAO Shi-Jun¹

(1.Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;2.College of Science, Beijing Information Science and Technology University, Beijing 100196, China;3.China Southern Power GRID, Guangzhou 510080, China)

摘要

图/表

参考文献

相似文献

本文已被：浏览 1710次下载 1967次
Received:January 28, 2019 Revised:February 26, 2019

中文摘要: 长期以来Android系统一直是黑客攻击的主要目标之一，自发布以来一直面临着root、镜像篡改、恶意程序等安全风险，框架层是在系统安全中容易被忽视但又能产生极高的安全风险.本文分析了Android系统中框架层的表现形式和框架层的使用方式，针对框架层特点提出了一种框架层完整性度量方法（FIMM），以此保障Android系统框架层代码完整性和运行时的完整性.对于Android系统针对框架层组件完整性保护的缺失，该方法能提供框架层组件在加载时的完整性度量和完整性校验.而对于Android的系统服务，我们考虑到其较长的运行周期的特征，于是研究了系统服务的调用过程并为其提供了较为细粒度的动态度量，在每次系统服务调用时确认系统服务进程代码段的完整性.最后我们给出了基于Android模拟器的原型系统的实现，并分析了FIMM的安全性和性能损耗，认为FIMM能完全达到我们的安全预期，并且只会造成少量的性能损耗.

中文关键词: Android安全完整性度量系统服务动态度量

Abstract:Android system has been one of main targets of hacking. Since its realease, it has been facing security risks such as root, image tampering, and malicious programs. System security usually overlooks framework layer which may cause high security risks. This study analyzes the component in Android framework and how it works. We present an Integrity Measurement Method for Android Framework (FIMM) to ensure Android framework's code integrity and runtime integrity. We focus on the issue of lack of protection for Android framework. The method is able to measure the integrity of component of Android framework and verity it. We consider that Android system service has a long running period, then we analysis the calling process for Android system services and present a dynamic integrity measurement for process providing fine-grained measurement. It measures and verities system service process every time system service is called. Finally, the FIMM impelemention based on Android emulator is discussed and presented. We believe that FIMM achieves the security goals, nevertheless, it causes a little performance loss as well.

keywords: Android security integrity measurement system service dynamic integrity measurement

文章编号： 中图分类号： 文献标志码：

基金项目:国家自然科学基金（61872343，61602455，61802375）；国家重点研发计划（2018YFB0904900，2018YFB0904903）

引用文本：
周星锦,秦宇,吴秋新,习伟,赵世军.Android框架层完整性度量方案.计算机系统应用,2019,28(8):1-9
ZHOU Xing-Jin,QIN Yu,WU Qiu-Xin,XI Wei,ZHAO Shi-Jun.Integrity Measurement Method for Android Framework.COMPUTER SYSTEMS APPLICATIONS,2019,28(8):1-9

Author Name	Affiliation	E-mail
ZHOU Xing-Jin	Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China	zhouxingjin@tca.iscas.ac.cn
QIN Yu	Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
WU Qiu-Xin	College of Science, Beijing Information Science and Technology University, Beijing 100196, China
XI Wei	China Southern Power GRID, Guangzhou 510080, China
ZHAO Shi-Jun	Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China