一种基于权限控制机制的Android系统隐蔽信道限制方法

doi:10.7523/j.issn.2095-6134.2015.05.013

中国科学院大学学报 ›› 2015, Vol. 32 ›› Issue (5): 667-675.DOI: 10.7523/j.issn.2095-6134.2015.05.013

一种基于权限控制机制的Android系统隐蔽信道限制方法

吴敬征^1,3, 武延军^1,3, 罗天悦¹, 武志飞¹, 杨牧天¹, 王永吉^2,3

1. 中国科学院软件研究所总体部, 北京 100190;
2. 中国科学院软件研究所基础软件国家工程中心, 北京 100190;
3. 中国科学院软件研究所计算机科学国家重点实验室, 北京 100190

收稿日期:2014-10-11 修回日期:2015-03-27 发布日期:2015-09-15
通讯作者: 吴敬征
基金资助:
国家自然科学基金(61303057, 61170072)和核高基国家科技重大专项(2012ZX01039-004)资助

A new mitigation approach for covert channel of Android operating system based on permission mechanism

WU Jingzheng^1,3, WU Yanjun^1,3, LUO Tianyue¹, WU Zhifei¹, YANG Mutian¹, WANG Yongji^2,3

1. Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;
2. National Engineering Research Center for Fundamental Software, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;
3. State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China

Received:2014-10-11 Revised:2015-03-27 Published:2015-09-15

摘要/Abstract

摘要：

移动智能终端凭借全新的体系结构、安全机制、丰富的传感设备及应用,在国内拥有近5亿台的市场.然而这些新特性却导致了比经典的攻击行为更复杂的新安全问题——移动智能终端隐蔽信道,泄漏用户隐私.针对Android移动智能终端这种新的复杂环境,目前仍缺乏有效的消除限制方法.本文将Android系统隐蔽信道分成基于共享资源的智能终端隐蔽信道和基于传感器设备的隐蔽信道两种基本模型,并深入研究传感器隐蔽信道的形成机理.通过对Android系统权限控制安全机制的分析,扩展权限控制机制的保护范围,设计和实现了基于权限控制机制的Android系统传感器隐蔽信道限制方法.实验证明该方法在实际的隐蔽信道限制中能够达到限制效果.

关键词: Android, 隐蔽信道, 权限控制机制, Android传感器, 隐蔽信道限制

Abstract:

About 500 million of smart mobile devices have been sold in China because of the new architecture, secure mechanism, rich sensors, and applications. However, the new features cause a new secure problem named smart mobile device covert channel, which is more dangerous than the traditional attacks and leaks users' privacy. At the present stage there are no elimination and mitigation methods. In this work, the Android covert channels are classified into two models including the shared resource-based Android covert channel and the sensor-based covert channel. The latter one has been carefully studied in this work. The new secure features of permission mechanisms is analyzed and extended to protect the sensors. A new mitigation approach for sensor-based channel is designed and implemented, and the experiments show that the covert channel can be mitigated perfectly.

Key words: Android, covert channel, permission mechanism, Android sensors, covert channel mitigation

中图分类号:

TP393

吴敬征, 武延军, 罗天悦, 武志飞, 杨牧天, 王永吉. 一种基于权限控制机制的Android系统隐蔽信道限制方法[J]. 中国科学院大学学报, 2015, 32(5): 667-675.

WU Jingzheng, WU Yanjun, LUO Tianyue, WU Zhifei, YANG Mutian, WANG Yongji. A new mitigation approach for covert channel of Android operating system based on permission mechanism[J]. , 2015, 32(5): 667-675.

参考文献

[1] Zhou Y J, Jiang X X. Detecting passive content leaks and pollution in Android applications[C]//Proc of the 20th Annual Network and Distributed System Security Symposium (NDSS'13). San Diego, California, USA, 2013:1-16.

[2] Grace M, Zhou Y J, Zhang Q, et al. RiskRanker:scalable and accurate zero-day android malware detection[C]//Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services (MobiSys'12). Low Wood Bay, Lake District, UK, 2012:281-294.

[3] La Polla M, Martinelli F, Sgandurra D. A survey on security for mobile devices[J]. IEEE Communications Surveys & Tutorials, 2012, 15(1):446-471.

[4] Wu J Z, Wu Y J, Yang M T, et at. Vulnerability detection of Android system in fuzzing cloud[C]//Proceedings of the 2013 IEEE Sixth International Conference on Cloud Computing. IEEE Computer Society, 2013:954-955.

[5] Enck W, Octeau D, Mcdaniel P, et al. A study of android application security[C]//Proceedings of the 20th USENIX Conference on Security. San Francisco, California, USA; USENIX Association,2011:21-36.

[6] Schlegel R, Zhang K H, Zhou X Y, et al. Soundcomber:a stealthy and context-aware sound trojan for smartphones[C]//Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS'11). San Diego, California, USA,2011:17-33.

[7] Lampson B W. A note on the confinement problem[J]. Commun ACM, 1973, 16(10):613-615.

[8] 王永吉, 吴敬征, 曾海涛,等. 隐蔽信道研究[J]. 软件学报, 2010, 21(9):2262-2288.

[9] Cai L, Chen H. TouchLogger:inferring keystrokes on touch screen from smartphone motion[C]//Proceedings of the 6th USENIX Conference on Hot Topics in Security. San Francisco, California, USA; USENIX Association. 2011,9-14.

[10] Wu J Z, Wu Y J, Wu Z F, et al. Vulcloud:scalable and hybrid vulnerability detection in cloud computing[C]//Proceedings of the Software Security and Reliability-Companion (SERE-C), 2013 IEEE 7th International Conference on. 2013:18-20.

[11] Yang M T, Wu J Z, Wu Y J, et al. Policykeeper:recommending proper security mechanisms based on the severity of vulnerability considering user experience[C]//Proceedings of the Software Security and Reliability-Companion (SERE-C), 2013 IEEE 7th International Conference on. 2013:F 18-20.

[12] Au K W Y, Zhou Y F, Huang Z, et al. PScout:analyzing the Android permission specification[C]//Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS'12). Raleigh, North Carolina, USA,2012:217-228.

[13] Shah G, Molina A, Blaze M. Keyboards and covert channels[C]//Proceedings of the 15th Conference on USENIX Security Symposium:Volume 15. Vancouver B C, Canada; USENIX Association,2006.

[14] Owusu E, Han J, Das S, et al. ACCessory:password inference using accelerometers on smartphones[C]//Proceedings of the 12th Workshop on Mobile Computing Systems & Applications (HotMobile'12). San Diego, California, USA, 2012:1-6.

[15] Miluzzo E, Varshavsky A, Balakrishnan S, et al. Tapprints:your finger taps have fingerprints[C]//Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services (MobiSys'12). Low Wood Bay, Lake District, UK, 2012:323-336.

[16] 王昌达, 鞠时光, 周从华,等. 一种隐通道威胁审计的度量方法[J]. 计算机学报, 2009, 32(4):751-762.

[17] 卿斯汉, 朱继锋. 安胜安全操作系统的隐蔽通道分析[J]. 软件学报, 2004, 15(09):1385-1392.

[18] Wu J Z, Wang Y J, Ding L P, et al. A practical covert channel identification approach in source code based on directed information flow graph[C]//The Fifth Annual International Conference on Secure Software Integration and Reliability Improvement (SSIRI 2011). Jeju Island, Korea, Jun 27-29, 2011:98-107.

[19] Wu J Z, Wang Y J, Ding L P, et al. Constructing scenario of event-flag covert channel in secure operating system[C]//2nd International Conference on Information and Multimedia Technology (ICIMT 2010). Hongkong, Dec 28-30, 2010:371-375.

[20] Yao L H, Zi X C, Pan L, et al.A study of on/off timing channel based on packet delay distribution[J] Compwters & Security, 2009, 28(8):785-794.

[21] Wu J Z, Wang Y J, Ding L P, et al. Improving performance of network covert timing channel through Huffman coding[J]. Mathematical and Computer Modelling, 2012, 55(1/2):69-79.

[22] 王永吉, 吴敬征, 曾海涛,等. 一种基于并发冲突间隔时间的隐蔽信道检测方法[J]. 计算机研究与发展, 2011, 48(8):1542-1553.

[23] Wu J Z, Wang Y J, Ding L P, et al. Identification and evaluation of sharing memory covert timing channel in Xen virtual machines[C]//IEEE 4th International Conference on Cloud Computing (CLOUD 2011). Washington DC, USA, Jul 4-9, 2011:283-291.

[24] Ristenpart T, Tromer E, Shacham H, et al. Hey, you, get off of my cloud:exploring information leakage in third-party compute clouds[C]//Proceedings of the 16th ACM Conference on Computer and Communications Security. Chicago, Illinois, USA; ACM, 2009:199-212.

[25] 吴敬征, 丁丽萍, 王永吉. 云计算环境下隐蔽信道关键问题研究[J]. 通信学报, 2011, 32(9A):184-203.

[26] Sailer R, Jaeger T, Valdez E, et al. Building a MAC-based security architecture for the Xen open-source hypervisor[C]//Proceedings of the Computer Security Applications Conference, 21st Annual. F, 2005.

[27] Payne B D, Carbone M, Sharif M, et al. Lares:an architecture for secure active monitoring using virtualization[C]//Proceedings of the Security and Privacy, 2008 SP 2008 IEEE Symposium on. F, 2008.

[28] Azab A M, Ning P, Wang Z, et al. HyperSentry:enabling stealthy in-context measurement of hypervisor integrity[C]//Proceedings of the 17th ACM Conference on Computer and Communications Security. Chicago, Illinois, USA; ACM, 2010:38-49.

[29] Wang Z, Jiang X X. HyperSafe:a lightweight approach to provide lifetime hypervisor control-flow Integrity[C]//Proceedings of the Security and Privacy (SP), 2010 IEEE Symposium on. F 16-19 May, 2010.

[30] Seshadri A, Luk M, Qu N, et al. SecVisor:a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes[J]. SIGOPS Oper Syst Rev, 2007, 41(6):335-350.

[31] Wu J Z, Ding L P, Lin Y Q, et al. XenPump:a new method to mitigate timing channel in cloud computing[C]//Proceedings of the 2012 IEEE Fifth International Conference on Cloud Computing (CLOUD'12). Hawaii, USA; IEEE Computer Society,2012:678-685.

[32] Tsai C R. Covert channel analysis in secure compwter systems[D]. University of Maryland, College Park, MD,1987.

一种基于权限控制机制的Android系统隐蔽信道限制方法

A new mitigation approach for covert channel of Android operating system based on permission mechanism

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 8

编辑推荐

Metrics

本文评价

访问统计

联系我们

[1]	叶延玲, 傅晓彤, 张玉清, 乐洪舟. 一种自动化的Android应用定向行为测试方法[J]. 中国科学院大学学报, 2018, 35(3): 409-416.
[2]	吴敬征, 武延军, 武志飞, 杨牧天, 罗天悦, 王永吉. 基于有向信息流的Android隐私泄露类恶意应用检测方法[J]. 中国科学院大学学报, 2015, 32(6): 807-815.
[3]	王学强, 雷灵光, 王跃武. 一种易部署的Android APP动态行为监控方法[J]. 中国科学院大学学报, 2015, 32(5): 689-694.
[4]	张明庆, 张灿, 陈德元, 张克楠. 一种基于Android系统的短信息移动分级安全方法[J]. 中国科学院大学学报, 2015, 32(2): 281-287.
[5]	方喆君, 刘奇旭, 张玉清. Android应用软件功能泄露漏洞挖掘工具的设计与实现[J]. 中国科学院大学学报, 2015, 32(1): 127-135.
[6]	王凯, 刘奇旭, 张玉清. 基于Fuzzing的Android应用通信过程漏洞挖掘技术[J]. 中国科学院大学学报, 2014, 31(6): 827-835.
[7]	田雪, 徐震, 陈驰. 若干新型数据库隐蔽信道应用场景研究[J]. 中国科学院大学学报, 2013, 30(3): 403-409.
[8]	李昭, 王跃武, 雷灵光, 张中文. 基于动态密钥的Android短信加密方案[J]. 中国科学院大学学报, 2013, 30(2): 272-277.