基于虚拟机字节码注入的Android应用程序隐私保护机制

doi:10.11959/j.issn.1000-436x.2021115

Abstract

Abstract:

To solve the abuse of the Android application permission mechanism, a method of Android application access control based on virtual machine bytecode injection technology was proposed.The security policy in the form of virtual machine bytecode was generated according to the user’s security requirement and usage scenario, and injected into the coding unit of Android application that involves dangerous permission request and sensitive data access, to realize dynamic application behavior control.Tests on applications crawled from four mainstream domestic App stores show that the method can effectively intercept sensitive API calls and dangerous permission requests of legitimate App programs and implement control according to pre-specified security policies.Also, after injecting virtual machine bytecode, most of the App program operation is not affected by the injected code, and the robustness is guaranteed.The proposed method has a good universality.

Key words: Android security, privacy protection, security strategy, virtual machine bytecode

CLC Number:

TN92

Yubo SONG, Qi CHEN, Rui SONG, Aiqun HU. Android application privacy protection mechanism based on virtual machine bytecode injection[J]. Journal on Communications, 2021, 42(6): 171-181.

Figures/Tables 10

References 24

[1]	TALAL M , ZAIDAN A , ZAIDAN B B ,et al. Comprehensive review and analysis of anti-malware Apps for smartphones[J]. Telecommunication Systems, 2019,72(2): 285-337.
[2]	NAUMAN M , KHAN S , ZHANG X W . APEX:extending Android permission model and enforcement with user-defined runtime constraints[C]// The 5th ACM Symposium on Information,Computer and Communications Security. New York:ACM Press, 2010: 328-332.
[3]	MAHINDRU A , SANGAL A L . DeepDroid:feature selection approach to detect Android malware using deep learning[C]// 2019 IEEE 10th International Conference on Software Engineering and Service Science. Piscataway:IEEE Press, 2019: 16-19.
[4]	BL?SING T , BATYUK L , SCHMIDT A D ,et al. An Android application sandbox system for suspicious software detection[C]// 2010 5th International Conference on Malicious and Unwanted Software. Piscataway:IEEE Press, 2010: 55-62.
[5]	GIBLER C , CRUSSELL J , ERICKSON J ,et al. AndroidLeaks:automatically detecting potential privacy leaks in android applications on a large scale[C]// International Conference on Trust and Trustworthy Computing. Berlin:Springer, 2012: 291-307.
[6]	SCHUTTE J , TITZE D , DE FUENTES J M . AppCaulk:data leak prevention by injecting targeted taint tracking into android Apps[C]// 2014 IEEE 13th International Conference on Trust,Security and Privacy in Computing and Communications. Piscataway:IEEE Press, 2014: 370-379.
[7]	CHEN K , WANG P , LEE Y ,et al. Finding unknown malice in 10 seconds:mass vetting for new threats at the google-play scale[C]// 24th USENIX Security Symposium. Berkeley:USENIX Association, 2015: 659-674.
[8]	VIDAS T , CHRISTIN N . Evading android runtime analysis via sandbox detection[C]// The 9th ACM Symposium on Information,Computer and Communications Security. New York:ACM Press, 2014: 447-458.
[9]	FERREIRA J , RESENDE R , MARTINHO S . Beacons and BIM models for indoor guidance and location[J]. Sensors, 2018,18(12): 4374-4384.
[10]	FARUKI P , BHARMAL A , LAXMI V ,et al. Android security:a survey of issues,malware penetration,and defenses[J]. IEEE Communications Surveys ＆ Tutorials, 2015,17(2): 998-1022.
[11]	FELT A P , CHIN E , HANNA S ,et al. Android permissions demystified[C]// The 18th ACM conference on Computer and Communications Security. New York:ACM Press, 2011: 627-638.
[12]	LIU X L , DU X J , ZHANG X S ,et al. Adversarial samples on android malware detection systems for IoT systems[J]. Sensors, 2019,19(4): 974.
[13]	KANG H , JANG J W , MOHAISEN A ,et al. Detecting and classifying android malware using static analysis along with creator information[J]. International Journal of Distributed Sensor Networks, 2015,11(6): 474-479.
[14]	PENG H , GATES C , SARMA B ,et al. Using probabilistic generative models for ranking risks of Android apps[C]// The 2012 ACM Conference on Computer and Communications Security. New York:ACM Press, 2012: 241-252.
[15]	CHRISTODORESCU M , JHA S , SESHIA S A ,et al. Semantics-aware malware detection[C]// 2005 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2005: 32-46.
[16]	LEE J , JEONG K , LEE H . Detecting metamorphic malwares using code graphs[C]// The 2010 ACM Symposium on Applied Computing. New York:ACM Press, 2010: 1970-1977.
[17]	SUAREZ T G , DASH S K , AHMADI M ,et al. Droidsieve:Fast and accurate classification of obfuscated android malware[C]// The Seventh ACM on Conference on Data and Application Security and Privacy. New York:ACM Press, 2017. 309-320.
[18]	DE-MAIORCA D , DE-ARIU D , CORONA I ,et al. Stealth attacks:an extended insight into the obfuscation effects on Android malware[J]. Computers ＆ Security, 2015,51: 16-31.
[19]	MING J , XIN Z , LAN P W ,et al. Impeding behavior-based malware analysis via replacement attacks to malware specifications[J]. Journal of Computer Virology and Hacking Techniques, 2017,13(3): 193-207.
[20]	SARACINO A , SGANDURRA D , DINI G ,et al. MADAM:effective and efficient behavior-based android malware detection and prevention[J]. IEEE Transactions on Dependable and Secure Computing, 2018,15(1): 83-97.
[21]	VINOD P , SHOJAFAR M , KUMAR N ,et al. Identification of android malware using refined system calls[J]. Concurrency,Computation Practice and Experience, 2019,75(2): 1-30.
[22]	SHABTAI A , KANONOV U , ELOVICI Y ,et al. Andromaly:a behavioral malware detection framework for android devices[J]. Journal of Intelligent Information Systems, 2012,38(1): 161-190.
[23]	MA W , DUAN P , LIU S ,et al. Shadow attacks:automatically evading system-call-behavior based malware detection[J]. Journal in Computer Virology, 2012,8(12): 1-13.
[24]	LEE S H , KIM S H , KIM S ,et al. Appwrapping providing fine-grained security policy enforcement per method unit in android[C]// 2017 IEEE International Symposium on Software Reliability Engineering Workshops. Piscataway:IEEE Press, 2017: 36-39.

Metrics

Recommended 0

No Suggested Reading articles found!

权限	相关API调用
MANAGE_ACCOUNTS	invalidateAuthToken()
VIBRATE	NotificationManager.notify()
READ_CONTACTS	ContentResolver.openInputStream()
WAKE_LOCK	MediaPlayer.start()
ACCESS_NETWORK_STATE	MediaPlayer.stop()
INTERNET	getActiveNetworkInfo()

Android application privacy protection mechanism based on virtual machine bytecode injection

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 10

References 24

Related Articles 15

Metrics

Recommended 0

[1]	Xindi MA, Qinghua LI, Qi JIANG, Zhuo MA, Sheng GAO, Youliang TIAN, Jianfeng MA. Byzantine-robust federated learning over Non-IID data [J]. Journal on Communications, 2023, 44(6): 138-153.
[2]	Tao FENG, Liqiu CHEN, Junli FANG, Jianming SHI. Blockchain data sharing scheme based on localized difference privacy and attribute-based searchable encryption [J]. Journal on Communications, 2023, 44(5): 224-233.
[3]	Baiji HU, Xiaojuan ZHANG, Yuancheng LI, Rongxin LAI. Multi-function supported privacy protection data aggregation scheme for V2G network [J]. Journal on Communications, 2023, 44(4): 187-200.
[4]	Ming XU, Baojun ZHANG, Yiming WU, Chenduo YING, Ning ZHENG. Cyber attacks and privacy protection distributed consensus algorithm for multi-agent systems [J]. Journal on Communications, 2023, 44(3): 117-127.
[5]	Xuewang ZHANG, Zhihong LI, Jinzhao LIN. Privacy protection scheme based on fair blind signature and hierarchical encryption for consortium blockchain [J]. Journal on Communications, 2022, 43(8): 131-141.
[6]	Jifeng WANG, Guofeng WANG. Research on ciphertext search and sharing technology in edge computing mode [J]. Journal on Communications, 2022, 43(4): 227-238.
[7]	Huamin FENG, Rui SHI, Feng YUAN, Yanjun LI, Yang YANG. Efficient strong privacy protection and transferable attribute-based ticket scheme [J]. Journal on Communications, 2022, 43(3): 63-75.
[8]	Yan YAN, Yiming CONG, Mahmood Adnan, Quanzheng SHENG. Statistics release and privacy protection method of location big data based on deep learning [J]. Journal on Communications, 2022, 43(1): 203-216.
[9]	Hui LIU, Xinyan LIU, Yan XU, Hong ZHONG, Meng WANG. Privacy protection of warning message publishing protocol in VANET [J]. Journal on Communications, 2021, 42(8): 120-129.
[10]	Hongtao LI, Xiaoyu REN, Jie WANG, Jianfeng MA. Continuous location privacy protection mechanism based on differential privacy [J]. Journal on Communications, 2021, 42(8): 164-175.
[11]	Wenbo ZHANG, Wenhua HUANG, Jingyu FENG. Secure communication mechanism for VSN based on certificateless signcryption [J]. Journal on Communications, 2021, 42(7): 128-136.
[12]	Jie CUI, Xuefeng CHEN, Jing ZHANG, Lu WEI, Hong ZHONG. Bus cache-based location privacy protection scheme in the Internet of vehicles [J]. Journal on Communications, 2021, 42(7): 150-161.
[13]	Guangjun LIU, Wangmei GUO, Jinbo XIONG, Ximeng LIU, Changyu DONG. Lightweight privacy protection data auditing scheme for regenerating-coding-based distributed storage [J]. Journal on Communications, 2021, 42(7): 220-230.
[14]	Youhuizi LI, Yuyu YIN, Honghao GAO, Yi JIN, Xinheng WANG. Survey on privacy protection in non-aggregated data sharing [J]. Journal on Communications, 2021, 42(6): 195-212.
[15]	Yongming HUANG, Chong ZHENG, Zhengming ZHANG, Xiaohu YOU. Research on mobile edge computing and caching in massive wireless communication network [J]. Journal on Communications, 2021, 42(4): 44-61.