安卓应用程序误用用户信息的监测与控制

AIPUB归智期刊联盟

微信公众号

网站二维码

2025年8月13日 8:50 星期三

首页 > 过刊浏览>2014年第23卷第6期 >215-219

PDF HTML阅读 XML下载导出引用引用提醒

安卓应用程序误用用户信息的监测与控制
DOI:
                        
                    
CSTR:
                        
                    
作者:
                        廖明华廖明华
华南师范大学增城学院 计算机系, 广州 511363
在期刊界中查找
在百度中查找
在本站中查找

                    
作者单位:
作者简介:
通讯作者:
中图分类号:
基金项目:

Monitoring and Control for Android Application in Misusing Users’ Private Information

Author:

LIAO Ming-Hua
LIAO Ming-Hua
Department of Computer Science, Zengcheng College of South China Normal University, Guangzhou 511363, China
在期刊界中查找
在百度中查找
在本站中查找

Affiliation:

Fund Project:

摘要

图/表

访问统计

参考文献 [10]

相似文献 [20]

引证文献

资源附件

文章评论

摘要:

针对Android应用程序常被不完全地审查，不充分的隔离，且毫无限制地被用户安装所引起的用户私有敏感信息的泄露，通过采用动态污点分析技术监测敏感信息何时通过不可信的应用程序离开系统，同时根据需要采用无害的影子数据遮蔽敏感信息，或者阻断泄露私有信息的通信，防止应用程序访问用户希望保密的数据，在系统的层面上实现实时监测和控制Android应用程序使用用户私有敏感信息.

关键词:安卓;用户私有敏感信息;动态污点分析;信息流追踪;隐私控制

Abstract:

Smartphone applications are frequently incompletely vetted, poorly isolated and installed by users without restraint. Such behavior causes users' private sensitive information leakage. By means of employing dynamic taint analysis technology, our work detects when sensitive data leaves the system via untrusted applications. Meanwhile, according to the need, it uses harmless data to cover the sensitive information, or cuts off the exfiltration communication. Then it can prevent an application to access the data which user wants to keep confidential, achieve real-time monitoring and control for Android applications in misusing the user private information from system level.

Key words:Android;users’ private sensitive information;dynamic taint analysis;information-flow tracking system; privacy control system

参考文献

1 Hornyack P, Han SY, Jung JY, Schechter S, Wetherall D. These Aren't the Droids You're Looking For: Retrofitting Android to Protect Data from Imperious Applications. ACM, 2011:1-6.

2 Leek T, Baker G, Brown R, Zhivich M, Lippmann R. Coverage Maximization using Dynamic Taint Tracing. [Technical Report] TR-1112. MIT Lincoln Laboratory. 2007: 2-3.

3 Masri W, Podgurski A, Leon D. Detecting and debugging insecure information flows. International Symposium on Software Reliability Engineering (ISSRE 2004). 2004. 198-209.

4 Kong J, Zou CC, Zhou H. Improving software security via runtime instruction-level taint checking. ASID'06, Proc. of the 1st Workshop on Architectural and System Support for Improving Software Dependability. 2008. 18-24.

5 Newsome J, Song D. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. Proc. of the Network and Distributed System Security Symposium (NDSS 2005). 2005. 55-59.

6 Qin F, Wang C, Li Z, seop Kim H, Zhou Y, Wu Y. LIFT: A low-overhead practical information flow tracking system for detecting security attacks. MICRO '06: Proc. of the 39th Annual IEEE/ACM International Symposium on Microarchitecture. 2009. 135-148.

7 Pietraszek T, Berghe CV. Defending against injection attacks through context-sensitive string evaluation. Proc. of Recent Advances in Intrusion Detection (RAID 2005). 2005. 3-8.

8 Nguyen-Tuong A, Guarnieri S, Greene D, Shirley J, Evans D. Automatically hardening web applications using precise tainting. 20th IFIP International Information Security Conference. 2005. 3-5.

9 周凌.基于信息流的动态污点分析技术研究[学位论文].成都:电子科技大学, 2010:24-25.

10 Enck W, Gilbert P, Chun BG, Cox LP, Jung J, Mcdaniel P. Sheth AN. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. Proc. of the USENIX Symposiumon Operating Systems Design and Implementation. 2010. 1-7.

引用本文

廖明华.安卓应用程序误用用户信息的监测与控制.计算机系统应用,2014,23(6):215-219

复制

文章指标

点击次数:
下载次数:
HTML阅读次数:
引用次数:

历史

收稿日期:2013-10-24
最后修改日期:2013-11-22
录用日期:
在线发布日期: 2014-06-20
出版日期:

微信公众号

网站二维码

引用本文

相关视频

分享

文章指标

历史

文章二维码

微信公众号

网站二维码

引用本文

相关视频

分享

微信扫一扫：分享

文章指标

历史

文章二维码