基于同源策略的移动应用细粒度隐私保护技术

doi:10.11959/j.issn.2096-0271.2020003

Abstract

Abstract:

Mobile systems,such as Android,use permission-based access control mechanism,which is at the granularity of each application.Apart from the code from developers themselves,applications also contain code from third-party libraries,which has led to serious overuse of application permissions.A novel origin-based (similar to browsers) and fine-grained control mechanism was introduced,which broke the boundary between applications in terms of access control and finegrained the granularity to the level of code source.The mechanism was implemented onto Android framework,and a set of tools to modify applications were also offered.Experiment results suggest that system can allow (or limit) certain developers to execute certain sensitive behaviors.

Key words: privacy protection, third-party library, access control, mobile application

CLC Number:

TP309.2

Wenxiong LU, Haoyu WANG. Same origin based fine-grained privacy protection for mobile applications[J]. Big Data Research, 2020, 6(1): 23-34.

Figures/Tables 10

References 20

[1]	WANG H Y , LIU Z , LIANG J Y ,et al. Beyond Google play:a large-scale comparative study of Chinese Android App markets[C]// 2018 ACM Internet Measurement Conference,October 31November 2,Boston,USA. New York:ACM Press, 2018: 293-307.
[2]	MICHAEL C G , ZHOU W , JIANG X X ,et al. Unsafe exposure analysis of mobile inApp advertisements[C]// The 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks,April 16-18,2012,Tucson,USA. New York:ACM Press, 2012: 101-112.
[3]	RYAN S , CLINT G , JON C ,et al. Investigating user privacy in Android ad libraries[C]// The 3rd Workshop on Mobile Security Technologies,May 24,2012,San Francisco,USA.[S.l:s.n]. 2012.
[4]	WANG H Y , GUO Y , MA Z ,et al. WuKong:a scalable and accurate twophase approach to android App clone detection[C]// 2015 International Symposium on Software Testing and Analysis,July 14-17,2015,Baltimore,USA. New York:ACM Press, 2015: 71-78.
[5]	LIU B , JIN H X , RAMESH G . Efficient privilege de-escalation for ad libraries in mobile apps[C]// The 13th Annual International Conference on Mobile Systems,Applications,and Services,May 19-22,2015,Florence,Italy. New York:ACM Press, 2015: 89-103.
[6]	SHASHI S , MICHAEL D , WALLACH D S . AdSplit:separating smartphone advertising from applications[C]// The 21st USENIX Conference on Security Symposium,August 8-10,2012,Bellevue,USA. Berkeley:USENIX Association, 2012:28.
[7]	PEARCE P , FELT A P , NUNEZ G ,et al. AdDroid:privilege separation for applications and advertisers in Android[C]// The 7th ACM Symposium on Information,Computer and Communications Security.May 2-4,2012,Seoul,Korea. New York:ACM Press, 2012: 71-72.
[8]	ROESNER F , KOHNO T . Securing embedded user interfaces:Android and beyond[C]// The 22nd Security Symposium,August 14-16,2013,Washington,USA. Berkeley:USENIX Association, 2013: 97-112.
[9]	FU J J , ZHOU Y F , LIU H ,et al. Perman:fine-grained permission management for Android applications[C]// The 28th International Symposium on Software Reliability Engineering,October 23-27,2017,Toulouse,France. Piscataway:IEEE Press, 2017: 250-259.
[10]	FU J J , ZHOU Y F , WANG X . Componentbased permission management of Android applications[J]. Software:Practice and Experience, 2019,49(3).
[11]	胡冰惠 . 基于细粒度动态分析的Android平台第三方库隐私泄露分析[D]. 北京:北京交通大学, 2018.
	HU B H . Privacy disclosure analysis of third-party library on Android platform based on free grained dynamic analysis[D]. Beijing:Beijing Jiaotong University, 2018.
[12]	DIAMANTARIS M , PAPADOPOULOS E P , MARKATOS E P ,et al. REAPER:real-time App analysis for augmenting the Android permission system[C]// The 9th ACM Conference on Data and Application Security and Privacy,March 19-21,2018,Tempe,USA. New York:ACM Press, 2018: 37-48.
[13]	WANG H Y , HONG J , GUO Y . Using text mining to infer the purpose of permission use in mobile Apps[C]// The 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing,September 7-11,2015,Osaka,Japan. New York:ACM Press, 2015: 1107-1118.
[14]	WANG H Y , LI Y C , GUO Y ,et al. Understanding the purpose of permission use in mobile Apps[J]. ACM Transactions on Information Systems, 2017,35(4): 1-40.
[15]	ARZT S , RASTHOFER S , FRITZ C ,et al. FlowDroid:precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for Android Apps[J]. ACM SIGPLAN Notices, 2014,49(6): 259-269.
[16]	YANG W , XIAO X , ANDOW B ,et al. Appcontext:differentiating malicious and benign mobile App behaviors using context[C]// The 37th International Conference on Software Engineering,May 16-24,2015,Florence,Italy. Piscataway:IEEE Press, 2015: 303-313.
[17]	YUVRAJ A , MALCOLM H . Protect my privacy:detecting and mitigating privacy leaks on iOS devices using crowdsourcing[C]// The 11th Annual International Conference on Mobile Systems,Applications,and Services,June 25-28,2013,Taipei,China. New York:ACM Press, 2013: 97-110.
[18]	ENCK W , ONGTANG M , MCDANIEL P . On lightweight mobile phone application certification[C]// The 16th ACM Conference on Computer and Communications Security,November 9-13,2009,Chicago,USA. New York:ACM Press, 2009: 235-245.
[19]	HAMMAD M , BAGHERI H , MALEK S . Determination and enforcement of leastprivilege architecture in Android[C]// 2017 IEEE International Conference on Software Architecture,April 3-7,2017,Gothenburg,Sweden. Amsterdam:Elsevier, 2019: 83-100,149.
[20]	WANG H , GUO Y , TANG Z ,et al. Reevaluating Android permission gaps with static and dynamic analysis[C]// 2015 IEEE Global Communications Conference,December 6-10,2015,San Diego,USA. Piscataway:IEEE Press, 2015: 1-6.

Metrics

Recommended 0

No Suggested Reading articles found!

测试组别	行为类别	第三方开发者	应用核心功能	现象
实验组1	位置	允许	不允许	标注点与设备定位点不重合，偏移量符合预期
实验组2		不允许	允许	标注点与设备定位点不重合，偏移量符合预期
对照组1		允许	允许	标注点与设备定位点重合
对照组2		不允许	不允许	标注点与设备定位点不重合，有些标注点偏移量超出预期

测试次数	行为类别	联系人应用	现象
1	联系人	不允许	启动时不显示联系人
2		允许	启动时显示联系人

Same origin based fine-grained privacy protection for mobile applications

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 10

References 20

Related Articles 14

Metrics

Recommended 0

[1]	Chuanyao ZHANG, Shijing SI, Jianzong WANG, Jing XIAO. Federated meta learning: a review [J]. Big Data Research, 2023, 9(2): 122-146.
[2]	Jianhan WU, Shijing SI, Jianzong WANG, Jing XIAO. Threats and defenses of federated learning: a survey [J]. Big Data Research, 2022, 8(5): 12-32.
[3]	Yi LI, Jinsong WANG, Hongwei ZHANG. Research on privacy data security sharing scheme based on blockchain and function encryption [J]. Big Data Research, 2022, 8(5): 33-44.
[4]	Qiaozhuoran CAO, Zugang CHEN, Guoqing LI, Jing LI. Resource and user access control system of scientific data center [J]. Big Data Research, 2022, 8(1): 98-112.
[5]	Jianzong WANG, Lingwei KONG, Zhangcheng HUANG, Linjie CHEN, Yi LIU, Chunxi LU, Jing XIAO. Research advances on privacy protection of federated learning [J]. Big Data Research, 2021, 7(3): 130-149.
[6]	Jieyu YUE, Chaoyang LUO, Jingshu DING, Qing LI. Research on privacy protection mechanism and technology of educational big data [J]. Big Data Research, 2020, 6(6): 52-63.
[7]	Jingwei WANG, Zhenzhe ZHENG, Fan WU, Guihai CHEN. Blockchain based data marketplace [J]. Big Data Research, 2020, 6(3): 21-35.
[8]	Huizhong SUN, Jianyu YANG, Xiang CHENG, Sen SU. A high-dimensional numeric data collection algorithm for local difference privacy based on random projection [J]. Big Data Research, 2020, 6(1): 3-11.
[9]	Ping WANG, Yushu ZHANG, Xing HE, Sheng ZHONG. Big data privacy protection based on secure compressive sensing [J]. Big Data Research, 2020, 6(1): 12-22.
[10]	Liehuang ZHU, Hui DONG, Meng SHEN. Privacy protection mechanism for blockchain transaction data [J]. Big Data Research, 2018, 4(1): 46-56.
[11]	Kang LI, Yi SUN, Jun ZHANG, Jun LI, Jihua ZHOU, Zhongcheng LI. Technical challenges in applying zero-knowledge proof to blockchain [J]. Big Data Research, 2018, 4(1): 57-65.
[12]	Shudong LI, Yan JIA, Xiaobo WU, Aiping LI, Xiaodong YANG, Dawei ZHAO. Techniques of big data security from the perspective of life cycle management [J]. Big Data Research, 2017, 3(5): 3-19.
[13]	Chaohui MA, Ruihua NIE, Haoxiang TAN, Jiaming LIN, Xinming WANG, Hua TANG, Jinji YANG, Gansen ZHAO. Research on data schema and security in data governance [J]. Big Data Research, 2016, 2(3): 83-95.
[14]	Haiying LI. Legal challenges and recommendations for big data [J]. Big Data Research, 2016, 2(2): 100-107.