摘要
随着移动互联技术的迅速发展,Android系统在移动智能终端的应用日趋广泛.但随之带来的恶意软件攻击、网络数据泄密、系统漏洞缺陷等安全问题也日益严重.权限管理机制是Android一项重要的安全保护机制,旨在约束应用程序的行为,限制其对系统资源的访问.但目前的权限机制不能很好地解决内核缺乏保护的问题,安全隐患依然存在.在结合权限机制的基础上,综合考虑应用层应用程序和内核层系统内核两方面的安全,将系统内核资源根据重要性进行分区隔离,提出了一个由应用层、虚拟机监控器层和可信根层组成的权限安全控制体系结构方案.实验结果表明该方案能很好地拦截带有敏感权限的应用程序,综合硬件机制来保障Android系统的安全.
With the rapid development of mobile internet technology,the application of the Android system in mobile intelligent terminals is increasingly widespread.But the malware attacks,network data leakage,system vulnerabilities and other security issues are also increasingly serious.In Android,the permission management mechanism is an important security mechanism designed to constrain the applications'behaviors and limit the access to system resources.However,the current permission mechanism cannot properly solve the problem of protection lack in the kernel,and security risks still exist.Based on permission mechanism,and considering both the applications in the application layer and the system kernel in the kernel layer,the authors of this paper partition the kernel resources of the system according to the importance,and propose a control architecture of permissions security composed of application layer,hypervisor layer and trusted root layer.The experimental results show that the proposed architecture can intercept applications with sensitive permissions and integrate hardware mechanism to ensure the security of the Android system.
作者
赵敏强
赵娜
孙绍山
钱振江
殷旭东
孙高飞
张明新
ZHAO Minqiang;ZHAO Na;SUN Shaoshan;QIAN Zhenjiang;YIN Xudong;SUN Gaofei;ZHANG Mingxin(School of Computer Science and Engineering,Changshu Institute of Technology,Changshu 215500,China)
出处
《常熟理工学院学报》
2018年第5期33-38,共6页
Journal of Changshu Institute of Technology
基金
江苏省高校"青蓝工程"优秀青年骨干教师培养对象项目(2017)
江苏省"333高层次人才培养工程"培养对象项目(2018)