摘要
针对Android系统粗粒度的权限机制及隐私保护机制安全性较低的问题,提出粒度可控的多域隔离隐私保护模型MDSDroid,并在Android系统上设计模型实现框架。通过定义模型变量以及访问控制策略,实现应用程序及其数据间的隔离和强安全访问控制机制。采用Z语言对模型进行形式定义,并运用形式验证工具Z/EVES进行形式分析,保证模型策略的正确执行,在增强系统安全的同时保护隐私数据的安全性。实验结果表明,该模型系统与Android原生系统相比具有较低的性能损耗。
Aiming at the problem of coarse granularity access mechanism and weak privacy protection mechanism in Android system. Multi-domain isolation privacy protection model (MDSDroid) with adjustable granularity is proposed and the model implementation framework is designed in the Android system. Through defining the model variables and access control policy, the framework can effectively isolate the applications and application data, and realize strong security access control mechanism. Z language is used to define the model which is then verified with the help of Z/EVES tool to ensure the correct performance of the model policy. The system security is enhanced and the security of privacy data is protected. Experimental results show that the model system is less than Android primary system performance.
出处
《计算机工程》
CAS
CSCD
北大核心
2017年第10期134-140,共7页
Computer Engineering
基金
国家重点研发计划项目"协同精密定位技术"(2016YFB0501900)
国家部委基金
关键词
安卓系统
隐私数据
域隔离
安全策略
形式化
Android system
privacy data
domain isolation
security policy
formalization
