本文已被:浏览 1636次 下载 2671次
Received:January 24, 2016 Revised:March 08, 2016
Received:January 24, 2016 Revised:March 08, 2016
中文摘要: 凭借开源策略及精准的市场定位,Android系统占据了智能移动终端操作系统84.2%的市场份额.然而,其开放的权限机制带来更多使用者和开发者的同时,也带来了相应的安全问题.中国互联网络信息中心调查数据显示,仅有44.4%的用户在下载安装Android应用的过程中会仔细查看授权说明,而大部分人存在着盲目授权的行为.对于应用开发者来说,由于缺乏安全开发监管,缺乏权限申请相关代码规范,权限滥用问题在Android应用开发中普遍存在,严重影响了代码的规范和质量.其次,用户的盲目授权和软件开发者的权限申请滥用也是用户信息泄露的主要原因,存在严重的安全风险.针对以上问题,本文在现有的权限检测方案基础上,设计和实现了一套新的权限滥用检测系统PACS(Pemission Abuse Checking System).PACS针对1077个应用进行分析,发现812个应用存在权限滥用问题,约占全部应用的75.4%,同时对实验结果进行抽样验证,证明了PACS的权限检测结果的准确性和有效性.
Abstract:Android is the mobile operating system which has the highest market share of 84.2%. Its open access mechanism not only brings more users and developers, but also a lot of security issues. According to the survey by China Internet Network Information Center, only 44.4% of users will view the authorization instructions carefully in the process of downloading and installing an application. Most people have the risk of blind authorization. For software developers, due to the lack of strong supervision and proper permission specifications, application authority abuse in the procedure of Android application development has been widespread, which seriously affected the code and quality specifications. Besides, the user's blind authorization and the software developer's permission application abuse has become the main reason for the users' information leakage. In this paper, based on the existing permission detection scheme, it designs and implements an abuse of authority detection system named PACS. Test results show that 812 applications abuses permission among 1077 applications, which account for about 75.4%. Meanwhile the sampling of test results proves the accuracy and validity of the PACS's results.
文章编号: 中图分类号: 文献标志码:
基金项目:国家自然科学基金(61432001,91218302,61303057)
引用文本:
徐尉,吴敬征.Android权限滥用检测系统.计算机系统应用,2016,25(10):39-46
XU Wei,WU Jing-Zheng.Abused Detection System of Android.COMPUTER SYSTEMS APPLICATIONS,2016,25(10):39-46
徐尉,吴敬征.Android权限滥用检测系统.计算机系统应用,2016,25(10):39-46
XU Wei,WU Jing-Zheng.Abused Detection System of Android.COMPUTER SYSTEMS APPLICATIONS,2016,25(10):39-46