基于Hook技术的Android平台隐私保护系统

doi:10.11959/j.issn.2096-109x.2018033

Abstract

Abstract:

A privacy protection system based on Hook technology was designed and implemented to address the problem of user privacy leakage caused by malicious applications in Android.The system consists of three modules:application classification module,privacy information management module and collusion attack management module.The application classification module constructs classification model by using permission feature vectors and then classifies mobile applications into malicious applications and normal applications.The privacy information management module hooks all privacy-related application programming interfaces (API) based on Hook technology and then intercepts malicious applications by returning false data or empty data.The collusion attack management module hooks all inter-application communication channels and then intercepts corresponding communication contents by using the permission rules of collusion attack.Finally,the proposed privacy protection scheme on Android virtual machine was implemented to prove and its feasibility and effectiveness were proved.In addition,the system can intercept application behaviors of breaching privacy in real time with less memory,which does not need to modify Android system and applications.

Key words: privacy protection, Android platform, Hook technology, collusion attack, permission management

CLC Number:

TN91

Xiaoyan ZHU,Hui ZHANG,Jianfeng MA. Privacy protection system based on Hook for Android[J]. Chinese Journal of Network and Information Security, 2018, 4(4): 38-47.

Figures/Tables 13

References 18

[1]	Gartner. Market share:final PCs,ultramobiles and mobile phones,all countries,4Q17[R]. Connecticut:Gartner, 2018.
[2]	GIBLER C , CRUSSELL J , ERICKSON J ,et al. AndroidLeaks:automatically detecting potential privacy leaks in android applications on a large scale[J]. Trust, 2012,12: 291-307.
[3]	YANG Z , YANG M . Leakminer:detect information leakage on android with static taint analysis[C]// 2012 Third World Congress on Software Engineering (WCSE). 2012: 101-104.
[4]	ARZT S , RASTHOFER S , FRITZ C ,et al. Flowdroid:precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for android apps[J]. ACM Sigplan Notices, 2014,49(6): 259-269.
[5]	ENCK W , GILBERT P , CHUN B G ,et al. Taintdroid:an information-flow tracking system for realtime privacy monitoring on smartphones[C]// The 9th USENIX Conference on Operating Systems Design and Implementation. USENIX Association, 2010.
[6]	HORNYACK P , HAN S , JUNG J ,et al. These aren't the droids you're looking for:Retrofitting Android to protect data from imperious applications[C]// The 18th ACM Conference on Computer and Communications Security. ACM, 2011: 639-652.
[7]	Droidbox[EB/OL]. .
[8]	RASTOGI V , QU Z , MCCLURG J ,et al. Uranine:real-time privacy leakage monitoring without system modification for Android[J]. Security and Privacy in Communication Networks, 2015: 256-276.
[9]	YOU W , LIANG B , SHI W ,et al. TaintMan:an ART-compatible dynamic taint analysis framework on unmodified and non-rooted Android devices[J]. IEEE Transactions on Dependable and Secure Computing, 2017.
[10]	YANG Z , YANG M , ZHANG Y ,et al. Appintent:Analyzing sensitive data transmission in Android for privacy leakage detection[C]// 2013 ACM SIGSAC Conference on Computer ＆ Communications Security. ACM, 2013: 1043-1054.
[11]	XIA M , GONG L , LYU Y ,et al. Effective real-time android application auditing[C]// 2015 IEEE Symposium on Security and Privacy (SP). 2015: 899-914.
[12]	孙博文, 黄炎裔, 温俏琨 ,等. 基于静态多特征融合的恶意软件分类方法[J]. 网络与信息安全学报, 2017,3(11): 68-76.
	SUN B W , HUANG Y Y , WEN Q K ,et al. Malware classification method based on static multiple-feature fusion[J]. Chinese Journal of Network and Information Security, 2017,3(11): 68-76.
[13]	杨欢, 张玉清, 胡予濮 ,等. 基于多类特征的 Android 应用恶意行为检测系统[J]. 计算机学报, 2014,37(1): 15-27.
	YANG H , ZHANG Y Q , HU Y P ,et al. A malware behavior detection system of Android applications based on multi-class features[J]. Chinese Journal of Computers, 2014,37(1): 15-27.
[14]	TALHA K A , ALPER D I , AYDIN C . APK auditor:permission-based Android malware detection system[J]. Digital Investigation, 2015,13: 1-14.
[15]	BHANDARI S , LAXMI V , ZEMMARI A ,et al. Intersection automata based model for android application collusion[C]// 2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA). 2016: 901-908.
[16]	BUGIEL S , DAVI L , DMITRIENKO A ,et al. Xmandroid:a new android evolution to mitigate privilege escalation attacks[R]. Technical Report, 2011.
[17]	BUGIEL S , DAVI L , DMITRIENKO A ,et al. Towards taming privilege-escalation attacks on Android[C]// NDSS. 2012:19.
[18]	BLASCO J , CHEN T M . Automated generation of colluding Apps for experimental research[J]. Journal of Computer Virology and Hacking Techniques, 2017: 1-12.

Metrics

Recommended 0

No Suggested Reading articles found!

获取指定类的接口	指定类	类提供的接口（参数）
get System Service		getLast Known Location
	Location Manager	request Location Updates
		……
		getDeviceId
	TelephonyManager	getLine1Number
		……
getContentResolver	ContentResolver	query
		(content://call_log、content://browser……)

类	接口
Intent	putExtra、putExtras
	getExtras、getStringExtra……
ContentResolver	inert、update、query
IoBridge	open

预测结果	恶意应用	正常应用
恶意应用	TP(true positive)	FP(false positive)
正常应用	FN(false negative)	TN(true negative)

预测结果	恶意应用/个	正常应用/个
恶意应用	634	65
正常应用	54	529

检测结果	检测个数
检测出0个应用	62
检测出1个应用	126
检测出2个应用	53

Privacy protection system based on Hook for Android

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 13

References 18

Related Articles 15

Metrics

Recommended 0

应用	是否调用新浪微博	是否调用微信
QQ音乐	是	是
新浪新闻	是	否
腾讯新闻	是	是

[1]	Jianlong XU, Jian LIN, Yusen LI, Zhi XIONG. Distributed user privacy preserving adjustable personalized QoS prediction model for cloud services [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 70-80.
[2]	Zhe SUN, Hong NING, Lihua YIN, Binxing FANG. Preliminary study on the construction of a data privacy protection course based on a teaching-in-practice range [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 178-188.
[3]	Xue BAI, Baodong QIN, Rui GUO, Dong ZHENG. Two-party cooperative blind signature based on SM2 [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 39-51.
[4]	Min XIAO, Tao YAO, Yuanni LIU, Yonghong HUANG. Dynamic and efficient vehicular cloud management scheme with privacy protection [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 70-83.
[5]	Chenxin LU, Bing CHEN, Ning DING, Liquan CHEN, Ge WU. Identity-based anonymous cloud auditing scheme with compact tags [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 156-168.
[6]	Shengzhi MING, Jianming ZHU, Zhiyuan SUI, Xian ZHANG. Online medical privacy protection strategy under information value-added mechanism [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 169-177.
[7]	Xian ZHANG, Jianming ZHU, Zhiyuan SUI, Shengzhi MING. Analysis on anonymity and regulation of digital currency transactions based on game theory [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 150-157.
[8]	Feng LIU, Jie YANG, Jiayin QI. Survey on blockchain privacy protection techniques in cryptography [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 29-44.
[9]	Lin JIN, Youliang TIAN. Multi-authority attribute hidden for electronic medical record sharing scheme based on blockchain [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 66-76.
[10]	Weicheng ZHANG, Hongquan WEI, Shuxin LIU, Liming PU. Fast handover authentication scheme in 5G mobile edge computing scenarios [J]. Chinese Journal of Network and Information Security, 2022, 8(3): 154-168.
[11]	Zhensheng GAO, Lifeng CAO, Xuehui DU. Research progress of access control based on blockchain [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 68-87.
[12]	Chuanxin ZHOU, Yi SUN, Degang WANG, Huawei GE. Survey of federated learning research [J]. Chinese Journal of Network and Information Security, 2021, 7(5): 77-92.
[13]	Rongna XIE, Xiaonan FAN, Lin YUAN, Zichen GUO, Jiayu ZHU, Guozhen SHI. Research on extended access control mechanism in online social network [J]. Chinese Journal of Network and Information Security, 2021, 7(5): 123-131.
[14]	Zhanhui YUAN, Zhi YANG, Hongqi ZHANG, Shuyuan JIN, Xuehui DU. Android complex information flow analysis method based on communicating sequential process [J]. Chinese Journal of Network and Information Security, 2021, 7(5): 156-168.
[15]	Kui REN, Quanrun MENG, Shoukun YAN, Zhan QIN. Survey of artificial intelligence data security and privacy protection [J]. Chinese Journal of Network and Information Security, 2021, 7(1): 1-10.