CN103268438A - Android authority management method and system based on calling chain - Google Patents
Android authority management method and system based on calling chain Download PDFInfo
- Publication number
- CN103268438A CN103268438A CN2013100437998A CN201310043799A CN103268438A CN 103268438 A CN103268438 A CN 103268438A CN 2013100437998 A CN2013100437998 A CN 2013100437998A CN 201310043799 A CN201310043799 A CN 201310043799A CN 103268438 A CN103268438 A CN 103268438A
- Authority
- CN
- China
- Prior art keywords
- call chain
- strategy
- component
- call
- assembly
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Stored Programmes (AREA)
Abstract
The invention relates to an android authority management method and an android authority management system based on a calling chain. The system comprises a calling chain construction module, a strategy making module, a strategy judging module and a strategy executing module. The method comprises the following steps that 1) an application component requests for resources of a terminal system, a system application program interface (API) component is called for resource accessing, an application component calling chain is constructed, the property of the application component calling chain is set, and a system resource access strategy is made; 2) when the system API component is called, the calling chain to which the application component belongs is positioned, and strategy judgment and strategy execution are performed according to the property of the calling chain; and 3) if the property of the calling chain meets the strategy, the application component is permitted to call the system API component to successfully access the system resources, or otherwise, the application component is refused to access the system resources. According to the calling chain construction method, redundancy caused by the construction of calling chain for each component is avoided, and the system burden is reduced; the text environment of the calling chain and the authority requirement of all components of the calling chain are considered through the diversification of strategy elements; and therefore, the authority lifting attack is avoided.
Description
Technical field
The invention belongs to the portable terminal security fields, relate generally to the rights management of Android platform, more properly relate to a kind ofly manage the method for Android authority and a kind of Android Rights Management System based on call chain based on the application component call chain.
Background technology
The fast development of mobile Internet makes and presents intelligent mobile terminal rapid permeability on market the blowout formula and increase.Wherein, the market growth of intelligent cell phone is particularly remarkable, and popularity rate rises rapidly.Investigation data according to Internet data center show, between several big intelligent movable platforms, Android still is to maintain the leading position aspect the market share at terminal shipment, and Android just occupies 75% in the world market share of the third season in 2012.Show that according to the easy monitoring report of seeing think tank's industry database issue in China intelligent mobile phone terminal market, Android also occupies 90.1% in the market share of the third season in 2012.Android is Google and the mobile platform of opening the opening of mobile phone alliance establishment, and its opening makes the developer can carry out various systems and application and development very easily, thereby impels Android to occupy huge market like this.Yet, also Just because of this, numerous application at Android are very different, when these application are widely used in work and amusement by the terminal user, inevitably will participate in the activity of sensitive informations such as relating to individual privacy, property, thereby the serious threat terminal security, infringement individual subscriber interests.
For guaranteeing terminal security, the Android platform provides security mechanisms such as sandbox, authority.Sandbox mechanism is used for guaranteeing that the isolation between the application program moves, and authority mechanism is used for control to the visit of terminal protection resource and application component.Application component is the basic building piece of application program, each assembly is the different entrances of calling its application program, Android uses total activity, service, broadcast receiver, content provider four class application components, http://developer.android.com/guide/components/fundamentals.html.For such as important terminal resources such as network, GPS, short message, contact persons, Android provides the system API that visits these resources assembly, and the rights label that has been respectively the API of these systems component definition; For application component, application program can be its self-defined rights label.Only have the application program with the identical authority of rights label, just can obtain the visit to these assemblies.The Android application program will staticly be stated its authority demand when exploitation, authorized the authority of its request when mounted by the user, when moving as calling system API assembly, carry out scope check by system, make the application that only has corresponding authority just can call success.
Yet, studies show that existing Android authority mechanism exists a kind of significant privilege-escalation to attack, and can cause serious privacy leakage problem.So-called privilege-escalation is attacked the application that namely do not have a certain resource access authority should be used for realizing visit to this resource by what have this authority.The people such as Davi of ripple letter Rule university are published in Proceedings of the 13th international conference on Information security, the research report of " Privilege Escalation Attacks on Android " by name on 2010 has at first been showed a real privilege-escalation attack example, but does not provide corresponding solution.At this problem, people such as the Felt of University of California Berkeley are published in Proceedings of the 20th Usenix Security Symposium, the research report of " Permission Re-Delegation:Attacks and Defenses " by name on 2011 has provided an authority stipulations scheme, in case namely generating assembly calls, then the authority of caller and callee is carried out stipulations, and the authority after the stipulations is carried out the call request visit of back as the authority of callee.The privilege-escalation attack is carried out in the application that this mode can be avoided not having authority, but also causes a lot of the application to lose the authority that own script has simultaneously, thereby influences its normal operation.People such as the Dietz of Rice University are published in Proceedings of the 20th Usenix Security Symposium, the QUIRE system that the research report of " QUIRE:Lightweight Provenance for Smart Phone Operating Systems " by name on 2011 proposes avoids this attack by making up call chain, but the QUIRE system sets up call chain for each assembly, and need when component communication, give callee as its call chain basis of formation the call chain safe transfer of caller, the system burden that this mode causes is bigger, and only consider the authority of call chain assembly when the request visit, Consideration is more single.Also there be not at present a kind of improving effectively not only can avoid the privilege-escalation attack but also do not influence the normally right management method of operation of system.
Summary of the invention
At the problems referred to above, one object of the present invention is to provide a kind of right management method based on call chain.This method is attributed to the assembly that moves in the different tasks according to the difference of component call purpose; be that unit makes up call chain with the task; and based on call chain formulation resource access policies; implementation strategy is judged when calling system API component accesses system resource; to stop privilege-escalation to be attacked, protect terminal security.
Another object of the present invention is to provide a kind of effective Rights Management System that improves accordingly.This Rights Management System mainly is to the enhancing on a kind of function of Android authority mechanism, remedies it and can not resist the deficiency that privilege-escalation is attacked.For all system resource access requests, all can trace to its source, assurance has only all application components of the call chain of this request of access correspondence all to meet the demands could successfully obtain resource.
Technical scheme of the present invention the steps include: based on the Android right management method of call chain
1) application component is to Android terminal system resource request, and calling system API assembly carries out resource access;
1-1) when a system of calling system API component accesses resource, described calling system API assembly is set up call chain simultaneously as an operation task;
1-2) to described each bar call chain configuration attribute;
1-3) formulate the resource access policies of described Android terminal at system's API component call, with described call chain attribute as policy elements;
Locate call chain under the described application component when 2) calling described system API assembly, carry out strategy according to this call chain attribute and judge and enforcement;
3) if judge that described call chain attribute satisfies described strategy, then allow the success of application component calling system API component accesses system resource, otherwise denied access.
Further, it is as follows to set up the method for call chain:
2-1) in described four class application component activity, service, broadcast receiver and content provider, choose the activity assembly that triggers the application program launching operation;
2-2) system's resource of calling system API component accesses is that unit makes up call chain as an operation task with the task;
2-3) when making up described call chain, do not consider for the irrelevant assembly of system resource operation;
The call chain that 2-4) builds comprises uses activity assembly and those application components call relation each other.
Optionally, the application component that described call chain manually boots the user is as the initial assembly of call chain, with the API of system assembly as calling the end stopping of chain assembly.
Optionally, setting call chain is i and as follows to the call chain configuration attribute:
I.t, the expression call chain makes up time, the time of the API of component call system component accesses system resource in this call chain;
I.g, terminal geographic position of living in when the expression call chain makes up, the residing geographic position of terminal during the API of component call system component accesses system resource in this call chain;
I.l, expression call chain component call progression, related number of components before the calling system API component accesses system resource in this call chain;
I.n, the desired access rights of system's API assembly in the expression call chain.
Optionally, set described Android terminal resource access strategy as follows:
P represents the set of strategy, for
Can be expressed as a four-tuple (t, g, l, n),
P.t ∈ [t
1, t
2], the expression strategy requires to satisfy t
1≤ i.l≤t
2, require call chain to make up the time at moment t
1With t
2Between;
P.g ∈ g1, g2 ... }, expression strategy require to satisfy i.g ∈ g1, and g2 ... }, terminal geographic position of living in belongs to certain set when requiring call chain to make up;
P.l ∈ [l
1, l
2], the expression strategy requires to satisfy l
1≤ i.l≤l
2, require call chain component call progression to be in l
1With l
2Between;
P.n=n
1, the expression strategy requires the call chain all component all to have authority n
1, n
1=i.n, for
Require c to have authority i.n.
Further, the strategy of described call chain comprises in the above-mentioned four-tuple one or multinomial.
Further, the strategy of described call chain can expand to a n tuple, wherein n 〉=4.
Further, described strategy is judged with implementation method as follows:
1) based on the call chain of system constructing, according to the component call relation of call chain record, from the API of system assembly, its upper level caller of recursive lookup, until finding its initial invocation component, thereby navigate to call chain under the application component of the visit API of this system assembly;
2) find its corresponding operation task corresponding strategy according to described system API assembly name;
3) require the respective attributes of call chain is judged based on strategy, and provide the result of determination whether this call chain satisfies strategy;
4) advance to implement according to described tactful result of determination: if judgement call chain attribute satisfies the strategy requirement then allows the success of application component calling system API component accesses system resource, otherwise denied access.
The invention allows for the Android Rights Management System based on call chain, comprising:
Call chain makes up module, is used to the component construction call chain of access system resources conseravtion; The call chain storehouse, all call chain that storage makes up;
The strategy customized module is used for the access strategy that system formulates resources conseravtion; Policy library, the all-access strategy that storage is formulated;
Described tactful customized module arranges the strategy of access system resources according to customer requirements, and the policy elements that can arrange is corresponding to the call chain attribute, and the policy store of formation is in described policy library;
The strategy determination module is when call chain component requests access system resource, by relatively call chain property value and policy elements value provide the result of determination that whether allows this component accesses system resource;
Strategy is implemented module, carries out according to the result of determination of tactful determination module, implements resource access operations corresponding to the result of determination that allows visit, then tackles its visit corresponding to the result of determination of denied access.
Further, the Android Rights Management System based on call chain also has following characteristic:
Described module all is positioned at Android system applies layer, and the interface that utilizes the Android system to provide is realized application component protection to system resource when access system resources;
Described policy library is the strategy file that is stored on the hard disk, can read corresponding strategy file to internal memory when described tactful determination module is operated;
Described call chain storehouse be Android system maintenance in the data structure of internal memory, can be along with the operation dynamic change of assembly, except record call chain structure self, also record every property values such as structure time, present position, component call progression of call chain.
Beneficial effect of the present invention:
The present invention is directed to the Android system and proposed right management method based on call chain, can under the prerequisite that does not influence the normal operation of system, effectively resist the Android privilege-escalation with this Rights Management System that makes up and attack, guarantee the terminal personal secrets.The present invention with access system resources as a task, be that unit becomes call chain with the component construction that it relates to the task, safeguard the call relation between the assembly, the attribute of call chain is set simultaneously, and formulate the strategy of access system resources with these attributes as policy elements, control according to these strategies at last and implement assembly to the visit of system resource.Call chain building mode of the present invention has avoided being the caused redundancy of each component construction call chain, alleviated system burden, the context environmental of call chain, the authority requirement of call chain all component have been considered in the diversification of its policy elements, have avoided the privilege-escalation attack.
Description of drawings
Fig. 1 is embodiment of the invention Rights Management System synoptic diagram.
Fig. 2 is right management method schematic flow sheet in the embodiment of the invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, be understandable that described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those skilled in the art belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
As shown in Figure 2, be right management method schematic flow sheet in the embodiment of the invention.Now exemplify embodiment, method of the present invention is described in detail, right management method of the present invention relates generally to following three links:
(1) call chain makes up.In the operational process of application component, can there be certain call relation between the assembly.Call chain has characterized the sequence call relation of inter-module, makes up call chain, can be used as the foundation of securing component other module informations of related association when access resources.
(2) policy development.The strategy that existing Android authority mechanism is taked is that the assembly of calling system API component accesses system resource must satisfy its authority requirement, this strategy requires more single, can not take precautions against privilege-escalation and attack, can formulate abundant more strategy based on call chain and prevent from attacking.
(3) strategy is judged and is implemented.Choose the efficient strategy decision-point in the path of component accesses system resource and implement point, require component call chain etc. is judged based on strategy, and implement assembly to the visit of system resource according to result of determination, be to take precautions against the basic assurance that privilege-escalation is attacked.
Make up in the link in above-mentioned call chain, call chain be Android system maintenance in the data structure of internal memory, be that the operation of progressively calling along with application component makes up gradually and finishes.Call chain comprise to as if application component and these application components call relation each other, set up but call chain is unit with the operation task, rather than at single component, namely be not that each single component can correspondingly be safeguarded a call chain.For each assembly that moves in the system, its existence can not be to isolate, and perhaps can call other application components, perhaps can the calling system assembly.From certain angle, the operation purpose of assembly is direct or indirect pointing system resource all.Not at the assembly of system resource, it does not have influence to the system privacy terminal security, does not consider these assemblies when making up call chain for those operation intentions.As an operation task, the call chain that makes up for this task has just comprised all component relevant with this task with system's resource of calling system API component accesses.The relation of call chain and assembly can be expressed as:
C represents the set of all operating components;
T represents the set of all operation tasks;
I represents the call chain set,
Be expressed as two tuples (C, R), wherein i.C represents the assembly set that call chain comprises, i.R represents the call relation set of assembly in the call chain;
F (t:T) → I representative task is to the mapping function of call chain, and t refers to an element among the set T.
Then above-mentioned set, function satisfy following relation:
The relation of T and C satisfies
T is equal to the set of the API of system assembly;
The relation of I and C satisfies
For
Namely show assembly c
iAnd the call relation between the cj satisfies assembly c
iCall c
j
The f mapping function satisfies
Call chain is made up by systematic unity and safeguards.For an application program, its four class component makes up among piece activity, service, broadcast receiver and the content provider, the window screen of the representative of activity assembly and user interface, be the assembly for man-machine interaction, the startup of an application program often all is to trigger by starting its relevant activity assembly with operation.Therefore, the structure of call chain can carry out around the activity assembly that starts operation.The startup of activity assembly has dual mode usually: a kind of is to be called by other application components, and this mode is the Starting mode that all component all has, and the activity assembly that starts in this mode can be considered in the call chain constituent components; Another kind is to be started by user's manual triggers, and the activity assembly that starts in this mode can be considered the initial assembly of call chain.Owing to all component on the call chain finally is to visit system resource by calling system API assembly, therefore system's API assembly can be considered as calling the end stopping of chain assembly.The assembly that the user manually boots is as the head of call chain, and what other modes were called is the middle part, and the API of system assembly is afterbody then.Suppose that the activity assembly that the user manually boots is c
0, c
0By calling the last calling system API of a series of assemblies assembly c, i.e. c
0Call c
1, c
1Call c
2..., c
iCall c, the call chain i that then visits the operation task correspondence of this system resource can be expressed as follows:
i.C={c
0,c
1,c
2,…,c
i,c};
i.R={<c
0,c
1>,<c
1,c
2>,…,<c
i,c>}。
In the call chain building process, initial assembly is unique, can the mark location call chain according to initial assembly.Except initial assembly, same assembly is probably appeared in the different call chain by other a plurality of component call.For avoiding these component identification conflicts, the mode of employing component instanceization is come the assembly in the record identification call chain.Assembly for non-user's manual triggers startup, when this assembly was activated for the first time, first instance identification of this assembly of record in its respective calls chain was when this assembly is started by another different assemblies, second instance identification of this assembly of record in its corresponding call chain, by that analogy.Remember that this assembly is c
x, the example successively is designated c successively
x 1, c
x 2, c
x 3... suppose that this assembly is successively by three different initial assembly c
1, c
2, c
3Call, then c
xRespectively at c
1The call chain i at place
1, c
2The call chain i at place
2, c
3The call chain i at place
3In the form of expression as follows:
i
1.C={c
1,c
x 1,…},i
1.R={<c
1,c
x 1>,…};
i
2.C={c
2,c
x 2,…},i
2.R={<c
2,c
x 2>,…};
i
3.C={c
3,c
x 3,…},i
3.R={<c
3,c
x 3>,…}。
Can locate call chain under this assembly according to the instance identification of current operating component, thus related associated component can infer this component accesses system resource the time.
In the policy development link, policy elements is not simple only at the application component of calling system API assembly, and must define in conjunction with the context context.Only the strategy at the application component of calling system API assembly has significant limitation, can only judge according to the authority of single component, can not reflect the historical call relation of assembly, thereby may be utilized by the lack of competence assembly of malice, implement privilege-escalation and attack.For preventing the generation of such attack, when generating strategy, introduce the call chain element, above-mentioned call chain is judged based on call chain as policy elements.All dispose corresponding attribute for every call chain, in strategy, these attributes are carried out requirement.The attribute of call chain i can be expressed as follows:
I.t, the expression call chain makes up time, the i.e. time of the API of component call system component accesses system resource in this call chain;
I.g, terminal geographic position of living in when the expression call chain makes up, the i.e. residing geographic position of terminal during the API of component call system component accesses system resource in this call chain;
I.l, expression call chain component call progression, i.e. related number of components before the calling system API component accesses system resource in this call chain, many assemblies mean the many one-levels of component call progression in the call chain, i.l is equal to the number of element in the i.R set;
I.n, the desired access rights of system's API assembly in the expression call chain, namely during other application component calling systems API component accesses system resource the authority that must have.
In case strategy is determined, no matter contain several elements in the strategy, just must be according to policy elements when reality is judged.
Based on the strategy that the call chain attribute is formulated, every strategy namely is illustrated in and must satisfies its strategy accordingly when calling a system of the API of system component accesses resource all corresponding to an operation task, and strategy can be expressed as follows:
P represents the set of strategy, for
Can be expressed as a four-tuple (t, g, l, n), wherein:
P.t ∈ [t
1, t
2], the expression strategy requires call chain to make up the time at moment t
1With t
2Between, i.e. t
1≤ i.l≤t
2
P.g ∈ g1, g2 ... }, terminal geographic position of living in belonged to certain set when the expression strategy required call chain to make up, namely i.g ∈ g1, and g2 ... };
P.l ∈ [l
1, l
2], the expression strategy requires call chain component call progression to be in l
1With l
2Between, i.e. l
1≤ i.l≤l
2
P.n=n
1, the expression strategy requires the call chain all component all to have authority n
1, n
1=i.n, namely for
C requires to have authority i.n.
The above-mentioned strategy that calls system's resource of the API of a system component accesses namely is used for judging whether access task can carry out or denied access.
Based on the strategy of call chain, its policy elements can only comprise in the above-mentioned four-tuple one or multinomial.
Based on the strategy of call chain, its call chain attribute is extendible, and corresponding policy elements also can be expanded, and namely its strategy can expand to a n tuple, wherein n 〉=4.
Judge and implement in the link that policy decision point is the same position that is positioned at system with implementing point, all is to implement application component sends calling system API components request after before the visit at strategy, the result that strategy is judged is as the foundation of strategy enforcement.System is after receiving the calling system API components request that application component sends, and call chain under this application component of location is carried out the strategy judgement and implemented based on this call chain then earlier.
Call chain make up be from initial assembly to stopping assembly, realize according to the relation of calling successively from the beginning to the end, and the described call chain of positioning component is to find initial assembly to realize according to the call relation backstepping in the call chain.
When carrying out the strategy judgement, be the strategy of formulating according at that time, wherein whether the call chain property value of Yao Qiuing to match according to the property value of its actual call chain
The step operation of carrying out is as follows:
1) based on the call chain of system constructing, according to the component call relation of call chain record, from the API of system assembly, continuous its upper level caller of recursive lookup, until finding its initial invocation component, thereby navigate to call chain under the application component of the visit API of this system assembly;
2) find its corresponding operation task corresponding strategy according to the API of this system assembly name;
3) based on tactful requirement, the respective attributes of call chain is judged, and provided the result of determination whether this call chain satisfies strategy;
4) further implement according to tactful result of determination, if judgement call chain attribute satisfies the strategy requirement then allows application component calling system API assembly, be i.e. access system resources success, otherwise denied access.
Based on above-mentioned right management method, Rights Management System of the present invention comprises:
Call chain makes up module, is the component construction call chain of access system resources conseravtion;
The call chain storehouse, all call chain that storage makes up;
The strategy customized module is for the system protection resource is formulated access strategy;
Policy library, the all-access strategy that storage is formulated;
The strategy determination module is based on the accordance of call chain judgement with corresponding strategy;
Strategy is implemented module, implementation strategy result of determination.
As shown in Figure 1, it is the basis in call chain storehouse that call chain makes up module, and tactful customized module is the basis of policy library, and tactful determination module depends on call chain storehouse and policy library, and last strategy is implemented module and depended on tactful determination module again.
Described module all is positioned at the application layer of Android system, and the interface that utilizes the Android system to provide is realized application component protection to system resource when access system resources.
The call chain that described call chain structure module is component construction is to begin with the assembly that user's manual triggers starts, and with the system API assembly end of access system resources, the call chain of its formation is stored in the described call chain storehouse.
Described call chain storehouse be Android system maintenance in the data structure of internal memory, can be along with the operation dynamic change of assembly, except record call chain structure self, also record every property values such as structure time, present position, component call progression of call chain.
Described tactful customized module can arrange the strategy of access system resources according to customer requirements, and the policy elements that can arrange is corresponding to the call chain attribute, and the policy store of formation is in described policy library.
Described policy library is the strategy file that is stored on the hard disk, can read corresponding strategy file to internal memory when described tactful determination module is operated.
Described tactful determination module is when call chain component requests access system resource, by relatively call chain property value and policy elements value provide the result of determination that whether allows this component accesses system resource.
It is to rely on the result of determination of tactful determination module to carry out that described strategy is implemented module, implements resource access operations corresponding to the result of determination that allows visit, then tackles its visit corresponding to the result of determination of denied access.
The strategy customization is before assembly operating, and it is in assembly operating that call chain makes up, and strategy judges that with enforcement be before the assembly operating access system resources.
Present embodiment is realized in the expansion of Android authority mechanism basis, judge that with the original permission system of Android is simple when the component requests access resource single component authority is different, present embodiment has been introduced concepts such as call chain, strategy customization, by making up the component call chain of access resources, safeguard the call relation between the assembly, and formulate the access strategy of resource based on call chain, judge whether allow the component accesses resource according to strategy.
The structure of call chain depends on the activity management service of Android.In four class application component activity, service, broadcast receiver, content provider, the startup of activity and application operation is closely related.The activity management service is responsible for dispatching the activity that each is used, and its process and internal memory are managed.For the activity of all operations, the activity management service has been safeguarded a tabulation for it, wherein to finish task stack of activity formation that a certain purpose of user is task.Because the user in fact can start launcher activity earlier when starting activity, and then start the actual activity that will start by launcher activity again, therefore for each task stack, the activity at the bottom of its stack is launcher activity.System provides a series of API assemblies with the visit resources conseravtion, and has stated the authority of its requirement.Suppose that the user need use a by the recursive call accessing address list associated person information of a series of activity
1, a
2, a
3, a
4The activity that expression is called successively, c
1The content provider that is used for accessing address list that the expression system provides, it is as follows then to finish this call relation of visiting related assembly:
launcher?activity→a
1→a
2→a
3→a
4→c
1
The call chain i of this task is at a
4Request call c
1In time, make up to form, wherein
i.C={a
1,a
2,a
3,a
4,c
1};
i.R={<a
1,a
2>,<a
2,a
3>,<a
3,a
4>,<a
4,c>}。
Record its every property value when forming call chain i, wherein the value of i.l, i.n can be obtained according to call chain assembly self, and the value of i.t is equal to the time value of current system, and the value of i.g is equal to current terminal present position value.
The strategy of formulating for access resources exists with the form of XML file, a resource is the corresponding tactful p of the API of a system assembly, the user can independently define its policy elements as requested, comprise component accesses time period, terminal geographic position of living in, call chain component call progression, and the call chain all component requires the authority have.When the components request calling system API assembly in the call chain, then intercept and capture this request, and from strategy file, find the API of this system assembly corresponding strategy, meanwhile check that by continuous recurrence the mode of its upper level invocation component comes positioning component place call chain, the attribute of the requirement of comparison strategy element and call chain provides result of determination and implements visit then.
In the present embodiment, dissimilar according to the API of system assembly, policy decision point is with to implement point also different.
1) if system's API assembly belongs to activity, because the startup of activity is to be handled by the startActivityLocked function of ActivityStack class, then directly in this function, introduce the policy decision function code, if result of determination is to allow then directly call success, otherwise returns miscue.
2) if system's API assembly belongs to service, the startup of service is to be handled by the retrieveServiceLocked function of ActivityManagerService class, directly in this function, introduce the policy decision function code, if result of determination is to allow then directly call success, otherwise returns miscue.
3) if system's API assembly belongs to broadcast, the startup of broadcast is to be handled by the processNextBroadcast function of ActivityManagerService class, directly in this function, introduce the policy decision function code, if result of determination is to allow then directly call success, otherwise returns miscue.
4) if system's API assembly belongs to content provider, because content provider can locally preserve after calling, when starting content provider, judge by the acquireProvider function of ActivityThread class whether this locality has preserved content provider earlier, if the direct backward reference result of preservation is arranged, otherwise search the corresponding content provider of coupling and startup by the ActivityManagerService class.For preventing owing to the local content provider that has preserved causes strategy to be bypassed, therefore at the system API assembly of content provider type, in the acquireProvider of ActivityThread class function, introduce the policy decision function code, if result of determination is to allow then the local content provider that has preserved of direct visit, perhaps call ActivityManagerService by the binder communication mechanism and call corresponding content provider, otherwise return miscue.
More than by simple explanation Android Rights Management System and the scheme based on call chain provided by the invention described, it should be appreciated by those skilled in the art, under the situation that does not exceed essence of the present invention and scope, can make amendment.
Claims (10)
1. based on the Android right management method of call chain, the steps include:
1) application component sends request to Android terminal system resource, and calling system API assembly carries out resource access;
1-1) when a system of calling system API component accesses resource, described calling system API assembly is set up call chain simultaneously as an operation task;
1-2) described each bar call chain attribute of configuration;
1-3) formulate the resource access policies of described Android terminal at system's API component call, with described call chain attribute as policy elements;
Locate call chain under the described application component when 2) calling described system API assembly, carry out strategy according to this call chain attribute and judge and enforcement;
3) if judge that described call chain attribute satisfies described strategy, then allow the success of application component calling system API component accesses system resource, otherwise denied access.
2. the Android right management method based on call chain as claimed in claim 1 is characterized in that the method for setting up call chain is as follows:
2-1) in described four class application component activity, service, broadcast receiver and content provider, choose the activity assembly that triggers the application program launching operation;
2-2) system's resource of calling system API component accesses is that unit makes up call chain as an operation task with the task;
2-3) when making up described call chain, do not consider for the irrelevant assembly of system resource operation;
The call chain that 2-4) builds comprises uses activity assembly and those application components call relation each other.
3. the Android right management method based on call chain as claimed in claim 2 is characterized in that, the application component that described call chain manually boots the user is as the initial assembly of call chain, with the API of system assembly as calling the end stopping of chain assembly.
4. the Android right management method based on call chain as claimed in claim 1 is characterized in that, sets call chain and be i and as follows to the call chain configuration attribute:
I.t, the expression call chain makes up time, the time of the API of component call system component accesses system resource in this call chain;
I.g, terminal geographic position of living in when the expression call chain makes up, the residing geographic position of terminal during the API of component call system component accesses system resource in this call chain;
I.l, expression call chain component call progression, related number of components before the calling system API component accesses system resource in this call chain;
I.n, the desired access rights of system's API assembly in the expression call chain.
5. the Android right management method based on call chain as claimed in claim 1 is characterized in that, sets described Android terminal resource access strategy as follows:
P represents the set of strategy, for
Can be expressed as a four-tuple (t, g, l, n),
P.t ∈ [t
1, t
2], the expression strategy requires to satisfy t
1≤ i.l≤t
2, require call chain to make up the time at moment t
1With t
2Between;
P.g ∈ g1, g2 ... }, expression strategy require to satisfy i.g ∈ g1, and g2 ... }, terminal geographic position of living in belongs to certain set when requiring call chain to make up;
P.l ∈ [l
1, l
2], the expression strategy requires to satisfy l
1≤ i.l≤l
2, require call chain component call progression to be in l
1With l
2Between;
P.n=n
1, the expression strategy requires the call chain all component all to have authority n
1, n
1=i.n, for
Require c to have authority i.n.
6. the Android right management method based on call chain as claimed in claim 5 is characterized in that, the strategy of described call chain comprises in the above-mentioned four-tuple one or multinomial.
7. the Android right management method based on call chain as claimed in claim 1 is characterized in that, the strategy of described call chain can expand to a n tuple, wherein n 〉=4.
8. the Android right management method based on call chain as claimed in claim 1 is characterized in that, described strategy is judged with implementation method as follows:
1) based on the call chain of system constructing, according to the component call relation of call chain record, from the API of system assembly, its upper level caller of recursive lookup, until finding its initial invocation component, thereby navigate to call chain under the application component of the visit API of this system assembly;
2) find its corresponding operation task corresponding strategy according to described system API assembly name;
3) require the respective attributes of call chain is judged based on strategy, and provide the result of determination whether this call chain satisfies strategy;
4) advance to implement according to described tactful result of determination: if judgement call chain attribute satisfies the strategy requirement then allows the success of application component calling system API component accesses system resource, otherwise denied access.
9. based on the Android Rights Management System of call chain, comprising:
Call chain makes up module, is used to the component construction call chain of access system resources conseravtion; The call chain storehouse, all call chain that storage makes up;
The strategy customized module is used for the access strategy that system formulates resources conseravtion; Policy library, the all-access strategy that storage is formulated;
Described tactful customized module arranges the strategy of access system resources according to customer requirements, and the policy elements that can arrange is corresponding to the call chain attribute, and the policy store of formation is in described policy library;
The strategy determination module is when call chain component requests access system resource, by relatively call chain property value and policy elements value provide the result of determination that whether allows this component accesses system resource;
Strategy is implemented module, carries out according to the result of determination of tactful determination module, implements resource access operations corresponding to the result of determination that allows visit, then tackles its visit corresponding to the result of determination of denied access.
10. the Android Rights Management System based on call chain as claimed in claim 9 is characterized in that,
Described module all is positioned at Android system applies layer, and the interface that utilizes the Android system to provide is realized application component protection to system resource when access system resources;
Described policy library is the strategy file that is stored on the hard disk, can read corresponding strategy file to internal memory when described tactful determination module is operated;
Described call chain storehouse be Android system maintenance in the data structure of internal memory, can be along with the operation dynamic change of assembly, except record call chain structure self, also record every property values such as structure time, present position, component call progression of call chain.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310043799.8A CN103268438B (en) | 2013-02-04 | 2013-02-04 | Based on Android right management method and the system of call chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310043799.8A CN103268438B (en) | 2013-02-04 | 2013-02-04 | Based on Android right management method and the system of call chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103268438A true CN103268438A (en) | 2013-08-28 |
| CN103268438B CN103268438B (en) | 2016-01-06 |
Family
ID=49012066
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310043799.8A Expired - Fee Related CN103268438B (en) | 2013-02-04 | 2013-02-04 | Based on Android right management method and the system of call chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103268438B (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103559437A (en) * | 2013-11-12 | 2014-02-05 | 中国科学院信息工程研究所 | Access control method and system for Android operation system |
| CN104102880A (en) * | 2014-06-30 | 2014-10-15 | 华中科技大学 | Application rewriting method and system for detecting Android privilege elevation attack |
| CN104268463A (en) * | 2014-09-16 | 2015-01-07 | 中国科学院信息工程研究所 | Method and device for managing calling authority of camera |
| CN104424403A (en) * | 2013-08-30 | 2015-03-18 | 联想(北京)有限公司 | Information processing method and electronic device |
| WO2015109668A1 (en) * | 2014-01-26 | 2015-07-30 | 中兴通讯股份有限公司 | Application program management method, device, terminal, and computer storage medium |
| CN104951288A (en) * | 2014-03-28 | 2015-09-30 | 上海斐讯数据通信技术有限公司 | Application program managing method and system |
| CN105468941A (en) * | 2015-12-30 | 2016-04-06 | 杭州华为数字技术有限公司 | Right control method and device |
| CN105701397A (en) * | 2014-11-24 | 2016-06-22 | 中国移动通信集团公司 | Method and device for controlling application program |
| CN106407797A (en) * | 2016-09-08 | 2017-02-15 | 努比亚技术有限公司 | Application right control device and method |
| CN103984900B (en) * | 2014-05-19 | 2017-03-01 | 南京赛宁信息技术有限公司 | Android application leak detection method and system |
| US9652608B2 (en) | 2014-09-30 | 2017-05-16 | Huawei Technologies Co., Ltd. | System and method for securing inter-component communications in an operating system |
| CN106951786A (en) * | 2017-03-30 | 2017-07-14 | 国网江苏省电力公司电力科学研究院 | Towards the Mobile solution legal power safety analysis method of Android platform |
| CN108021802A (en) * | 2017-10-24 | 2018-05-11 | 努比亚技术有限公司 | A kind of system resource access control method, terminal and computer-readable recording medium |
| CN109690544A (en) * | 2016-10-14 | 2019-04-26 | 华为技术有限公司 | Device and method for tracking the access permission across multiple performing environments |
| CN110532279A (en) * | 2019-07-12 | 2019-12-03 | 平安普惠企业管理有限公司 | Big data platform authority control method, device, computer equipment and storage medium |
| CN110865848A (en) * | 2018-08-21 | 2020-03-06 | 深圳市优必选科技有限公司 | Component interception method and terminal equipment |
| CN111367574A (en) * | 2014-02-06 | 2020-07-03 | 英特尔公司 | Media protection policy enforcement for multiple operating system environments |
| CN112199647A (en) * | 2020-12-07 | 2021-01-08 | 江苏东大集成电路系统工程技术有限公司 | Android cross-application resource access security reinforcing method and system |
| CN112948824A (en) * | 2021-03-31 | 2021-06-11 | 支付宝(杭州)信息技术有限公司 | Program communication method, device and equipment based on privacy protection |
| CN114880652A (en) * | 2021-02-05 | 2022-08-09 | 秀铺菲公司 | System and method for generating account permission based on application programming interface interaction |
-
2013
- 2013-02-04 CN CN201310043799.8A patent/CN103268438B/en not_active Expired - Fee Related
Non-Patent Citations (2)
| Title |
|---|
| 姚晓祺 等: "一种基于权限提升图的网络风险评估模型", 《学术研究》 * |
| 沈才樑 等: "Andriod权限提升漏洞攻击检测", 《电信科学》 * |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104424403B (en) * | 2013-08-30 | 2018-07-03 | 联想(北京)有限公司 | A kind of information processing method and electronic equipment |
| CN104424403A (en) * | 2013-08-30 | 2015-03-18 | 联想(北京)有限公司 | Information processing method and electronic device |
| CN103559437B (en) * | 2013-11-12 | 2016-07-06 | 中国科学院信息工程研究所 | Access control method and system for Android operation system |
| CN103559437A (en) * | 2013-11-12 | 2014-02-05 | 中国科学院信息工程研究所 | Access control method and system for Android operation system |
| WO2015109668A1 (en) * | 2014-01-26 | 2015-07-30 | 中兴通讯股份有限公司 | Application program management method, device, terminal, and computer storage medium |
| CN111367574A (en) * | 2014-02-06 | 2020-07-03 | 英特尔公司 | Media protection policy enforcement for multiple operating system environments |
| CN111367574B (en) * | 2014-02-06 | 2023-09-12 | 英特尔公司 | Method, system, device and medium for implementing medium protection policy for multi-operating system environment |
| CN104951288A (en) * | 2014-03-28 | 2015-09-30 | 上海斐讯数据通信技术有限公司 | Application program managing method and system |
| CN103984900B (en) * | 2014-05-19 | 2017-03-01 | 南京赛宁信息技术有限公司 | Android application leak detection method and system |
| CN104102880B (en) * | 2014-06-30 | 2016-10-05 | 华中科技大学 | A kind of application program rewrite method detecting the attack of Android privilege-escalation and system |
| CN104102880A (en) * | 2014-06-30 | 2014-10-15 | 华中科技大学 | Application rewriting method and system for detecting Android privilege elevation attack |
| CN104268463A (en) * | 2014-09-16 | 2015-01-07 | 中国科学院信息工程研究所 | Method and device for managing calling authority of camera |
| US9652608B2 (en) | 2014-09-30 | 2017-05-16 | Huawei Technologies Co., Ltd. | System and method for securing inter-component communications in an operating system |
| CN105701397A (en) * | 2014-11-24 | 2016-06-22 | 中国移动通信集团公司 | Method and device for controlling application program |
| CN105701397B (en) * | 2014-11-24 | 2019-01-01 | 中国移动通信集团公司 | A kind of application control method and device |
| CN105468941A (en) * | 2015-12-30 | 2016-04-06 | 杭州华为数字技术有限公司 | Right control method and device |
| CN105468941B (en) * | 2015-12-30 | 2021-04-09 | 华为技术有限公司 | Authority control method and device |
| CN106407797A (en) * | 2016-09-08 | 2017-02-15 | 努比亚技术有限公司 | Application right control device and method |
| CN109690544B (en) * | 2016-10-14 | 2020-12-15 | 华为技术有限公司 | Apparatus and method for tracking access permissions across multiple execution environments |
| CN109690544A (en) * | 2016-10-14 | 2019-04-26 | 华为技术有限公司 | Device and method for tracking the access permission across multiple performing environments |
| US11379621B2 (en) | 2016-10-14 | 2022-07-05 | Huawei Technologies Co., Ltd. | Apparatus and method for tracking access permissions over multiple execution environments |
| CN106951786A (en) * | 2017-03-30 | 2017-07-14 | 国网江苏省电力公司电力科学研究院 | Towards the Mobile solution legal power safety analysis method of Android platform |
| CN108021802A (en) * | 2017-10-24 | 2018-05-11 | 努比亚技术有限公司 | A kind of system resource access control method, terminal and computer-readable recording medium |
| CN110865848A (en) * | 2018-08-21 | 2020-03-06 | 深圳市优必选科技有限公司 | Component interception method and terminal equipment |
| CN110865848B (en) * | 2018-08-21 | 2024-03-29 | 深圳市优必选科技有限公司 | Component interception method and terminal equipment |
| CN110532279A (en) * | 2019-07-12 | 2019-12-03 | 平安普惠企业管理有限公司 | Big data platform authority control method, device, computer equipment and storage medium |
| CN112199647A (en) * | 2020-12-07 | 2021-01-08 | 江苏东大集成电路系统工程技术有限公司 | Android cross-application resource access security reinforcing method and system |
| CN114880652A (en) * | 2021-02-05 | 2022-08-09 | 秀铺菲公司 | System and method for generating account permission based on application programming interface interaction |
| CN112948824A (en) * | 2021-03-31 | 2021-06-11 | 支付宝(杭州)信息技术有限公司 | Program communication method, device and equipment based on privacy protection |
| CN112948824B (en) * | 2021-03-31 | 2022-04-26 | 支付宝(杭州)信息技术有限公司 | Program communication method, device and equipment based on privacy protection |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103268438B (en) | 2016-01-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103268438A (en) | Android authority management method and system based on calling chain | |
| CN103198255B (en) | Method and system for monitoring and intercepting sensitive behaviour of Android software | |
| CN104462978B (en) | A kind of method and apparatus of application program rights management | |
| CN111191210B (en) | Method and device for controlling data access authority, computer equipment and storage medium | |
| CN104376256B (en) | Program process hatching control and device | |
| CN103677935A (en) | Installation and control method, system and device for application programs | |
| CN109688097A (en) | Website protection method, website protective device, website safeguard and storage medium | |
| CN105427096A (en) | Payment security sandbox realization method and system and application program monitoring method and system | |
| CN102495989A (en) | Subject-label-based access control method and system | |
| CN104881601A (en) | Floating window display setup, control method and device | |
| CN105550595A (en) | Private data access method and system for intelligent communication equipment | |
| CN104346559A (en) | Authority request response method and device thereof | |
| CN105183307A (en) | Application message display control method and application message display control device | |
| CN104376255A (en) | Application program running control method and device | |
| CN104376263A (en) | Application behavior intercepting method and application behavior intercepting device | |
| CN104735091A (en) | Linux system-based user access control method and device | |
| Fisk | Cyber security, building automation, and the intelligent building | |
| CN110474870B (en) | Block chain-based network active defense method and system and computer readable storage medium | |
| CN107276986B (en) | Method, device and system for protecting website through machine learning | |
| CN104268463A (en) | Method and device for managing calling authority of camera | |
| CN102902911A (en) | Method for running third-party codes safely in Java virtual computer | |
| CN103646198A (en) | Method, system and device for locking working region of mobile terminal | |
| CN104486357A (en) | Method for achieving role-based access control (RBAC) based on SSH website | |
| CN112202704A (en) | Block chain intelligent contract safety protection system | |
| CN114154144A (en) | Application safety reinforcing system based on safety sandbox |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Applicant after: Huawei Technologies Co., Ltd. Applicant after: Institute of Information Engineering, Gas Address before: 100093 Beijing city Haidian District minzhuang Road No. 89 Applicant before: Institute of Information Engineering, Gas Applicant before: Huawei Technologies Co., Ltd. |
|
| COR | Change of bibliographic data | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160106 Termination date: 20190204 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |