CN104683336B - A kind of Android private data guard method and system based on security domain - Google Patents
A kind of Android private data guard method and system based on security domain Download PDFInfo
- Publication number
- CN104683336B CN104683336B CN201510076651.3A CN201510076651A CN104683336B CN 104683336 B CN104683336 B CN 104683336B CN 201510076651 A CN201510076651 A CN 201510076651A CN 104683336 B CN104683336 B CN 104683336B
- Authority
- CN
- China
- Prior art keywords
- private data
- application program
- domain
- user
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention relates to a kind of Android private data guard method and system based on security domain.Security domain and user domain is arranged in this method in Android system, and the private data of user encrypts storage in a secure domain, and in a secure domain, fly-by-night application program operation is in the customer domain for application program operation trusty;Access control policy is set in a secure domain, prevents trustless application from directly accessing private data, and the application of management and control trusted directly accesses private data;In a secure domain by controlling interprocess communication and network communication socket, prevent fly-by-night application program in user domain from utilizing the permission dereference private data of trusted application program in security domain.The present invention can prevent trustless application from obtaining private data, and management and control trusted application program accesses private data, and the private data of user is enable to be valid protected.
Description
Technical field
The invention belongs to technical field of the computer network, are related to a kind of Android private data guard method based on security domain
And system.
Background technology
With the rapid proliferation of intelligent terminal and the fast development of mobile Internet, saved on smart mobile phone more and more
Individual privacy information, such as address list, message registration, short message and personal account.However, the approach of user sensitive information leakage
Also more and more with classification, malicious application steals user sensitive information behavior and emerges one after another, current Android operation system
Can not effective protection user privacy information, there are following major defects for secure scheme framework:
1) Android operation system is only capable of providing the right access control of coarseness, and can limitation application program obtain when installation
To permission and then private data is obtained, and can not profound ground management and control private data.For example, when application program is installed, user
It allows for using the permission for obtaining reading associated person information, but user is not aware that apply whether be sent to associated person information
Advertiser, application developer or other network entities.
2) there are privilege-escalation attacks for Android operation system, do not apply for the application for obtaining a certain permission, can utilize process
Between communication and the modes such as network communication socket obtain the permission of other application, and then can be with dereference private data.
3) Android operation system merely provides single database and is stored, such as short message, calendar and contact person's letter
Breath, any application can store and obtain the privacy information in database, lack the effective and safe that can protect private data
Isolation mech isolation test.
From this, there are problems that leakage of private information and stealing in Android operation system, lack private data guard and
Mechanism of control.
Invention content
The purpose of the present invention is to provide a kind of Android private data guard method and system based on security domain is effectively protected
Protect the private data of user.
For this purpose, according to an aspect of the present invention, providing a kind of Android private data guard method based on security domain, wrap
Include following steps:
1) security domain is set in Android system and user domain, the private data of user encrypts storage in a secure domain, it can
In a secure domain, fly-by-night application program operation is in the customer domain for the application program operation of trust;
2) access control policy is set in a secure domain, prevents trustless application from directly accessing private data, and management and control
Trusted application directly accesses private data;
3) it is prevented fly-by-night in user domain by controlling interprocess communication and network communication socket in a secure domain
Application program utilizes the permission dereference private data of trusted application program in security domain.
Further, privacy policy execution module and privacy policy management module, management and control application program are set in security domain
Directly access private data;Certificate Authority module is set in security domain, and trustless application in management and control user domain utilizes safety
The permission dereference private data of trusted application program in domain.
Further, according to the present invention, management and control application program directly accesses private data, includes the following steps:
Trustless application requests directly access private data in trusted application program and user domain in security domain
(such as short message reading, contact person, calendar), the packet management services module in Android system receive this request;
Packet management services module carries out scope check first according to application identities and request permissions, if application program is not gathered around
There is the permission, the corresponding private data of this permission cannot be accessed;If application program possesses the permission, according to packet management service
Access request is sent to privacy policy execution module by the Hook Function being arranged in module;
Privacy policy execution module receives request, privacy policy table is inquired according to application identities, due to trustless application
Label is that trustless application program will be forbidden to access private data in privacy policy table, and trusted application is
The no private data that can access initiates to ask to privacy policy management module;
Privacy policy management module receives request, and inquiry user should apply the corresponding privacy number of the permission whether can be obtained
According to returning result to privacy policy execution module;
Privacy policy execution module receives query result, is sent to packet management services module;
Packet management services module judges whether trusted application program can access private data according to the user's choice.
Further, according to the present invention, the trustless application program dereference private data of management and control user domain, including with
Lower content:
When application program sends access request using interprocess communication to other applications, Certificate Authority module intercepts and captures this
Access request, if the application program and requested application program of request are all in the same user domain or security domain, certification is awarded
Power module prevents the request;If this access request is that trusted application trustless application into user domain is initiated in security domain
, Certificate Authority module does not prevent the request;If this access request is that trustless apply can into security domain in user domain
Letter application is initiated, and Certificate Authority module prevents the request;
When trustless application program sends access request using sockets to trusted application program, fire wall is cut
It obtains this access request and initiates to inquire to Certificate Authority module, Certificate Authority module decision request is to be applied from trustless to can
Trust what application was initiated, this request will be prevented to prevent trustless application dereference private data.
According to another aspect of the present invention, a kind of Android private data guard system based on security domain is provided, is wrapped
Security domain and user domain are included, in a secure domain, application program trusty is run in a secure domain for the private data storage of user,
Fly-by-night application program operation is in the customer domain;Access control policy is set in security domain, prevents trustless application straight
Receiving asks that private data, the application of management and control trusted directly access private data, and by controlling interprocess communication and network communication
Socket prevents fly-by-night application program in user domain from utilizing the permission dereference of trusted application program in security domain
Private data.
Compared with prior art, beneficial effects of the present invention are as follows:
Android private data guard method and system provided by the invention based on security domain, isolation safe domain and user
Trusted application program and trustless application program are distinguished in domain, can prevent trustless application from obtaining private data, and
Management and control trusted application program accesses private data, such as address list, message registration, short message and personal account, the privacy of user
Data can be valid protected.
Description of the drawings
Fig. 1 is the Android private data guard system construction drawing based on security domain in the specific embodiment of the invention;
Fig. 2 is the flow chart of the Android private data guard method based on security domain in the specific embodiment of the invention.
Fig. 3 is the schematic diagram of privacy policy table structure in the specific embodiment of the invention.
Specific implementation mode
In order to make the foregoing objectives, features and advantages of the present invention clearer and more comprehensible, below by specific embodiment and
Attached drawing, the present invention will be further described.
Fig. 1 is the Android private data guard system construction drawing based on security domain, and Android operation system is divided into safety
Domain 101 and user domain 102, the private datas such as contact person, short message, the address list of user encrypt storage in security domain 101, safety
The application program run in domain 101 is trusty, and trusted application program 103 is needed through security evaluation, and confirmation does not include
Malicious code and do not have information leakage behavior could be mounted on security domain 101 in, not by the application of security evaluation be can not
Trusted application 104 operates in user domain 102.Implement isolation management and control between security domain 101 and user domain 102, prevents from using
Family private data is by trustless application access in user domain.
Fig. 2 is the flow chart of the Android private data guard method based on security domain, including management and control application program directly visits
Ask that the flow of private data and trustless application in management and control user domain utilize the trusted application program in security domain
The flow of permission dereference private data.
Management and control application program directly accesses private data, includes the following steps:
Step 201, trustless application requests directly access in trusted application program and user domain in security domain
Private data (such as short message, contact person, calendar, address list), the packet management services module in Android system receive this request;
Step 202, packet management services module carries out scope check first according to application identities and request permissions, if using
Program does not possess the permission, cannot access the corresponding private data of this permission;If application program possesses the permission, according to packet
Access request is sent to privacy policy execution module by the Hook Function being arranged in management services module.
Step 203, privacy policy execution module receives request, privacy policy table is inquired according to application identities, due to can not
It is that trustless application program will be forbidden to access private data that trust, which applies the label in privacy policy table, credible
Appoint application whether can access private data to initiate to ask to privacy policy management module;
Step 204, privacy policy management module receives request, and whether inquiry user should apply can obtain permission correspondence
Private data, return result to privacy policy execution module;
Step 205, privacy policy execution module receives query result, is sent to packet management services module;
Step 206, it is hidden to judge whether trusted application program can access according to the user's choice for packet management services module
Private data;
The trustless application program dereference private data of management and control user domain, including the following contents:
Step 207, when application program sends access request, certification using interprocess communication (ICC) to other applications
Authorization module intercepts and captures this access request, if the application program and requested application program of request all in the same user domain or
In security domain, Certificate Authority module prevents the request;If this access request be in security domain trusted application into user domain not
Trusted application is initiated, and Certificate Authority module does not prevent the request;If this access request is trustless in user domain answers
With the trusted application initiation into security domain, Certificate Authority module prevents the request.
Step 208, when trustless application program is sent using sockets (Socket) to trusted application program
Access request, fire wall intercept and capture this access request and initiate to inquire to Certificate Authority module, and Certificate Authority module decision request is
It is applied from trustless to trusted application initiation, this request will be prevented to prevent trustless application dereference privacy number
According to.
Fig. 3 is the schematic diagram of privacy policy table structure, including application identities cryptographic Hash, trust state flag bit and user set
Set flag bit.It is stored after application identities Hash in privacy policy table, when privacy policy execution module receives inquiry request,
Application identities are extracted from request message, then Hash calculation, so as to the corresponding entry of quick search.Trust state flag bit area
Point application is trusted or trustless, when trust state flag bit is 0, shows that this application is fly-by-night to apply journey
Sequence shows that this application is application program trusty when trust state flag bit is 1.When user setting flag bit is 0,
Show whether trusted application can access private data and need to agree to by user, privacy policy execution module will be to privacy plan
Slightly management module initiates inquiry request.When user setting flag bit is 1, show that the user setting trusted application can access
Private data need not initiate inquiry request to privacy policy management module.
Presently preferred embodiments of the present invention is above are only, protection domain not for the purpose of limiting the invention.That is Fan Yiben
The equivalent variations and modification that the thought and spirit of invention are made, are all that protection scope of the present invention is covered.
Claims (5)
1. a kind of Android private data guard method based on security domain, step include:
1) security domain is set in the middleware layer of Android system and application layer and user domain, the private data of user is stored in peace
In universe, in a secure domain, fly-by-night application program operation is in the customer domain for application program operation trusty;
2) access control policy is set in a secure domain, prevents trustless application from directly accessing private data, and management and control is credible
Application is appointed directly to access private data;
3) fly-by-night application in user domain is prevented by controlling interprocess communication and network communication socket in a secure domain
Program utilizes the permission dereference private data of trusted application program in security domain;
Privacy policy execution module and privacy policy management module are set in the security domain, directly visited for management and control application program
Ask private data;And Certificate Authority module is set, for controlling interprocess communication and network communication socket, prevent in user domain
Fly-by-night application program utilizes the permission dereference private data of trusted application program in security domain;
The method that the management and control application program directly accesses private data is:
A) trustless application requests directly access private data in trusted application program and user domain in security domain, pacify
Packet management services module in tall and erect system receives this request;
B) packet management services module carries out scope check according to application identities and request permissions, if application program does not possess the power
Limit, cannot access the corresponding private data of this permission;If application program possesses the permission, according in packet management services module
Access request is sent to privacy policy execution module by the Hook Function of setting;
C) privacy policy execution module receives request, according to application identities inquire privacy policy table with judge application program whether be
It is trusty, if it is trustless application program, then forbid accessing private data;If it is trusted application program, then to
Privacy policy management module initiates request;
D) privacy policy management module receives request, and inquiry user should apply the corresponding privacy number of the permission whether can be obtained
According to returning result to privacy policy execution module;
E) privacy policy execution module receives query result, is sent to packet management services module;
F) packet management services module judges whether trusted application program can access private data according to the user's choice.
2. the method as described in claim 1, it is characterised in that:The privacy policy table includes application identities cryptographic Hash, trusts
State flag bit and user setting flag bit;After privacy policy execution module receives inquiry request, extracts and answer from request message
With identifying and carrying out Hash calculation, then pass through the corresponding entry of application identities cryptographic Hash quick search in privacy policy table;
It is trusted or trustless that the trust state flag bit, which distinguishes application,;The user setting flag bit for distinguish about
Whether trusted application can access the information-setting by user of private data.
3. method as claimed in claim 2, it is characterised in that:The trust state flag bit, which is that 0 expression is fly-by-night, answers
With program, the trust state flag bit is 1 expression application program trusty;The user setting flag bit is that 0 expression can
Whether trust application, which can access private data, needs to agree to by user, and privacy policy execution module will be to privacy policy management
Module initiates inquiry request, and the user setting flag bit indicates that the user setting trusted application can access privacy number for 1
According to, need not to privacy policy management module initiate inquiry request.
4. the method as described in claim 1, which is characterized in that the trustless application program dereference privacy of management and control user domain
The method of data is:
When application program sends access request using interprocess communication to other applications, Certificate Authority module intercepts and captures this access
Request, if the application program and requested application program of request are all in the same user domain or security domain, Certificate Authority mould
Block prevents the request;If this access request is that trusted application trustless application into user domain is initiated in security domain, recognize
Card authorization module does not prevent the request;If this access request is trustless in user domain to apply the trusted application into security domain
It initiates, Certificate Authority module prevents the request;
When trustless application program sends access request using sockets to trusted application program, fire wall intercepts and captures this
Access request simultaneously initiates inquiry to Certificate Authority module, and Certificate Authority module decision request is to be applied from trustless to trusted
Using initiation, this request will be prevented to prevent trustless application dereference private data.
5. a kind of Android based on security domain using the Android private data guard method based on security domain described in claim 1
Private data guard system, which is characterized in that including security domain and user domain, the security domain and user domain are located at Android system
Middleware layer and application layer, user private data storage in a secure domain, application program trusty operates in security domain
In, fly-by-night application program operation is in the customer domain;Access control policy is set in security domain, prevents trustless application
Private data is directly accessed, the application of management and control trusted directly accesses private data, and logical by controlling interprocess communication and network
Believe socket, prevents fly-by-night application program in user domain from utilizing receiving between the permission of trusted application program in security domain
Ask private data;Following module is set in the security domain:Privacy policy execution module and privacy policy management module, for managing
Control application program directly accesses private data;Certificate Authority module is prevented for controlling interprocess communication and network communication socket
Only in user domain fly-by-night application program using trusted application program in security domain permission dereference private data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510076651.3A CN104683336B (en) | 2015-02-12 | 2015-02-12 | A kind of Android private data guard method and system based on security domain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510076651.3A CN104683336B (en) | 2015-02-12 | 2015-02-12 | A kind of Android private data guard method and system based on security domain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104683336A CN104683336A (en) | 2015-06-03 |
| CN104683336B true CN104683336B (en) | 2018-11-13 |
Family
ID=53317932
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510076651.3A Active CN104683336B (en) | 2015-02-12 | 2015-02-12 | A kind of Android private data guard method and system based on security domain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104683336B (en) |
Families Citing this family (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106341369A (en) * | 2015-07-06 | 2017-01-18 | 深圳市中兴微电子技术有限公司 | Security control method and device |
| WO2017035758A1 (en) * | 2015-08-31 | 2017-03-09 | 华为技术有限公司 | Sms processing method, apparatus and terminal |
| CN105260663B (en) * | 2015-09-15 | 2017-12-01 | 中国科学院信息工程研究所 | A kind of safe storage service system and method based on TrustZone technologies |
| CN106815518B (en) * | 2015-11-30 | 2020-08-25 | 华为技术有限公司 | Application installation method and electronic equipment |
| CN106845174B (en) * | 2015-12-03 | 2020-07-10 | 福州瑞芯微电子股份有限公司 | Application authority management method and system under security system |
| CN105809036B (en) * | 2016-04-01 | 2019-05-10 | 中国银联股份有限公司 | A kind of TEE access control method and the mobile terminal for realizing this method |
| CN105843653B (en) * | 2016-04-12 | 2017-11-24 | 恒宝股份有限公司 | A kind of safety applications collocation method and device |
| CN106027376A (en) * | 2016-06-30 | 2016-10-12 | 深圳市金立通信设备有限公司 | Instant communication message processing method and terminal |
| CN107871062A (en) * | 2016-09-28 | 2018-04-03 | 中兴通讯股份有限公司 | A kind of application permission control method, device and terminal |
| CN106789893A (en) * | 2016-11-22 | 2017-05-31 | 北京奇虎科技有限公司 | A kind of system and method for carrying out safe handling to item of information |
| CN106789900A (en) * | 2016-11-22 | 2017-05-31 | 北京奇虎科技有限公司 | A kind of system and method that safeguard protection is carried out based on isolated area |
| CN106355100A (en) * | 2016-11-22 | 2017-01-25 | 北京奇虎科技有限公司 | Safety protection system and method |
| CN106453398B (en) * | 2016-11-22 | 2019-07-09 | 北京安云世纪科技有限公司 | A kind of data encryption system and method |
| CN111542061B (en) * | 2017-04-25 | 2023-07-18 | 北京五洲天宇认证中心 | Information synchronization security authentication method |
| CN107133513B (en) * | 2017-05-10 | 2019-09-17 | 中南大学 | It is a kind of support Android run when authority mechanism third-party application between communications access control method |
| CN107220538A (en) * | 2017-06-27 | 2017-09-29 | 广东欧珀移动通信有限公司 | Pay class application management method, device and mobile terminal |
| CN107454112A (en) * | 2017-09-29 | 2017-12-08 | 恒宝股份有限公司 | A kind of method and its system for accessing trusted application |
| CN109787943B (en) * | 2017-11-14 | 2022-02-22 | 华为技术有限公司 | Method and equipment for resisting denial of service attack |
| CN107888614A (en) * | 2017-12-01 | 2018-04-06 | 大猫网络科技(北京)股份有限公司 | A kind of user right determination methods and device |
| CN109831575A (en) * | 2018-12-26 | 2019-05-31 | 上海悦易网络信息技术有限公司 | The method for deleting and erasing system of private data in Android mobile phone |
| CN110460716A (en) * | 2019-06-28 | 2019-11-15 | 华为技术有限公司 | A kind of method and electronic equipment of respond request |
| CN111008836B (en) * | 2019-11-15 | 2023-09-05 | 哈尔滨工业大学(深圳) | Privacy security transfer payment method, device, system and storage medium |
| WO2022077013A1 (en) * | 2020-10-07 | 2022-04-14 | WhiteBeam Security, Incorporated | System for detecting and preventing unauthorized software activity |
| WO2024007096A1 (en) * | 2022-07-04 | 2024-01-11 | 嘉兴尚坤科技有限公司 | Privacy data protection method for android system |
| CN117407843B (en) * | 2023-10-13 | 2024-04-19 | 成都安美勤信息技术股份有限公司 | Privacy information access detection management method |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103020531A (en) * | 2012-12-06 | 2013-04-03 | 中国科学院信息工程研究所 | Method and system for trusted control of operating environment of Android intelligent terminal |
| CN103559437A (en) * | 2013-11-12 | 2014-02-05 | 中国科学院信息工程研究所 | Access control method and system for Android operation system |
| CN103856485A (en) * | 2014-02-14 | 2014-06-11 | 武汉天喻信息产业股份有限公司 | System and method for initializing safety indicator of credible user interface |
| WO2014144908A1 (en) * | 2013-03-15 | 2014-09-18 | Fuhu Holdings, Inc. | Tablet computer |
| CN104318171A (en) * | 2014-10-09 | 2015-01-28 | 中国科学院信息工程研究所 | Android privacy data protection method and system based on authority tags |
| CN104346572A (en) * | 2013-07-25 | 2015-02-11 | 中国科学院信息工程研究所 | Construction method of universal external intelligent terminal safety operation environment |
-
2015
- 2015-02-12 CN CN201510076651.3A patent/CN104683336B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103020531A (en) * | 2012-12-06 | 2013-04-03 | 中国科学院信息工程研究所 | Method and system for trusted control of operating environment of Android intelligent terminal |
| WO2014144908A1 (en) * | 2013-03-15 | 2014-09-18 | Fuhu Holdings, Inc. | Tablet computer |
| CN104346572A (en) * | 2013-07-25 | 2015-02-11 | 中国科学院信息工程研究所 | Construction method of universal external intelligent terminal safety operation environment |
| CN103559437A (en) * | 2013-11-12 | 2014-02-05 | 中国科学院信息工程研究所 | Access control method and system for Android operation system |
| CN103856485A (en) * | 2014-02-14 | 2014-06-11 | 武汉天喻信息产业股份有限公司 | System and method for initializing safety indicator of credible user interface |
| CN104318171A (en) * | 2014-10-09 | 2015-01-28 | 中国科学院信息工程研究所 | Android privacy data protection method and system based on authority tags |
Non-Patent Citations (4)
| Title |
|---|
| 《Building a Secure System using TrustZone Technology》;ARM;《ARM Security Technology》;20091231;第4章、附图2 * |
| 《The theory and practice in the evolution of trusted computing》;Dengguo Feng,et.al;《Computer Science & Technology》;20141231;全文 * |
| 《Trustworthy Execution on Mobile Devices:What Security Properties Can My Mobile Platform Give Me?》;Amit Vasudevan,et.al;《Springer-Verlag Berlin Heidelberg》;20121231;第3章 * |
| 《Trustworthy Execution on Mobile Devices》;Amit Vasudevan,et.al;《SpringerBriefs in Computer Science》;20141231;第3-5章、附图4.2 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104683336A (en) | 2015-06-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104683336B (en) | A kind of Android private data guard method and system based on security domain | |
| EP2656270B1 (en) | Tamper proof location services | |
| US9712565B2 (en) | System and method to provide server control for access to mobile client data | |
| US8402508B2 (en) | Delegated authentication for web services | |
| US20140007215A1 (en) | Mobile applications platform | |
| CN105447406A (en) | Method and apparatus for accessing storage space | |
| CN105531664A (en) | Mobile communication device and method of operating thereof | |
| CN106897586B (en) | Application Programming Interface (API) authority management method and device | |
| JP2016031760A (en) | Private analytics with controlled information disclosure | |
| CN106330958A (en) | Secure accessing method and device | |
| KR101441581B1 (en) | Multi-layer security apparatus and multi-layer security method for cloud computing environment | |
| US20170329963A1 (en) | Method for data protection using isolated environment in mobile device | |
| WO2015117523A1 (en) | Access control method and device | |
| WO2015078247A1 (en) | Method, apparatus and terminal for monitoring phishing | |
| US9635017B2 (en) | Computer network security management system and method | |
| CN104052829A (en) | Adaptive name resolution | |
| WO2013168255A1 (en) | Application program execution device | |
| US20140237567A1 (en) | Authentication method | |
| EP3759629B1 (en) | Method, entity and system for managing access to data through a late dynamic binding of its associated metadata | |
| Raisian et al. | Security issues model on cloud computing: A case of Malaysia | |
| CN105743883B (en) | A kind of the identity attribute acquisition methods and device of network application | |
| Birnstill et al. | Building blocks for identity management and protection for smart environments and interactive assistance systems | |
| CN113612776A (en) | Private network access method, device, computer equipment and storage medium | |
| JP2015162225A (en) | Web relay server device and web page browsing system | |
| KR20140023085A (en) | A method for user authentication, a authentication server and a user authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |