摘要
基于Android平台的手机用户量逐年增长,随即而来的安全问题也备受关注。Android安全机制中采用了沙箱机制,签名机制,权限机制等各种方式保证应用程序的安全性,但是也存在一些严重安全问题,比如特权提升攻击。本文提出的方案主要是基于权限的基础上,对传输的数据进行加密处理,如果存在特权提升攻击,但是访问者没有权限访问的情况下,则无法访问到隐私敏感数据。
With the Android platform of mobile phone subscribers increasing, the security problem is be-coming more serious and receives much concern. The security mechanisms, such as sandbox me-chanism, signature mechanism and permission mechanism, are adopted in the Android platform in various ways such as to ensure the security of application, but there are still some serious security issues, such as elevation of privilege attacks. The proposed scheme is to encrypt the transmission data mainly based on the permissions. If there is an elevation of privilege attacks, but the visitors do not have access to the case, then the sensitive data privacy cannot be accessed.
出处
《计算机科学与应用》
2016年第10期590-596,共7页
Computer Science and Application
基金
国家自然科学基金项目(61070207,61370195)
北京市自然科学基金项目(4132060)
“十二五”国家密码发展基金密码理论课题项目(MMJJ201201002)。