CN105550584A - RBAC based malicious program interception and processing method in Android platform - Google Patents
RBAC based malicious program interception and processing method in Android platform Download PDFInfo
- Publication number
- CN105550584A CN105550584A CN201511032125.3A CN201511032125A CN105550584A CN 105550584 A CN105550584 A CN 105550584A CN 201511032125 A CN201511032125 A CN 201511032125A CN 105550584 A CN105550584 A CN 105550584A
- Authority
- CN
- China
- Prior art keywords
- user
- rbac
- module
- application program
- interception
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Abstract
The invention discloses an RBAC based malicious program interception and processing method in an Android platform, and belongs to the technical field of mobile security. For the technical field of existing mobile security, privacy data of a user have a leakage risk and a current malicious program detection method has problems to be solved, so that an RBAC based malicious program interception method is proposed. When an application accesses to the privacy data of the user, whether related operations are permitted or not is determined according to a role that the application belongs to and permission information corresponding to the application by querying an RBAC policy library, so that the privacy security of the user is ensured.
Description
Technical field
The invention belongs to mobile security technical field, tackle and method of disposal based on the rogue program of RBAC under being specifically related to a kind of Android platform.
Background technology
Along with the fast development of android system and smart mobile phone, Android application program presents explosive growth.The thing followed is the safety issue of android system, and malicious application is to the malicious attack of mobile terminal, day by day serious to the problem such as to steal of user privacy information.Because the supervision of Android third-party application market is not tight, a lot of normal application program has been embedded into the malicious code of stealing privacy of user and has repacked and has been uploaded to Android market, and in a lot of situation, antivirus software cannot tackle the malicious requests of similar application program.The malware detection methods of current main flow is divided into Static Detection and detection of dynamic, the dependence of Static Detection to malicious code storehouse is higher, when there is novel rogue program, it often cannot identify malicious act accurately, and its recall rate and accuracy rate need to improve; Dynamic testing method comprises MonkeyRunner, DroidBox, TaintDroid, Hips etc., be characterized in that the Intensity-dependent for code characteristic storehouse is little, determining whether Malware by catching operating real malicious act, there is the risk that rogue program walks around systems axiol-ogy simultaneously.Such as the Programmable detection mode of traditional HIPS, APIHOOK is realized by injecting .so and .jar file at User space, if malicious application realizes APIHOOK in this way, the detection of HIPS system will be walked around, bring threat safely to a certain extent privacy of user.
For the problems referred to above, tackle and method of disposal based on the rogue program of RBAC under the present invention proposes a kind of Android platform, by dynamic insertion LinuxHook kernel module, realize the monitoring of reading the malicious acts such as privacy of user in inner nuclear layer application programs, because application program cannot revise AndroidLinux kernel source code, therefore avoid malicious application and walk around systems axiol-ogy.Meanwhile, the present invention be directed to the monitoring of the concrete malicious act of application program, avoid the dependence to malicious program code storehouse, improve detection efficiency and accuracy rate.When application program calling party private data, the present invention provides the prompting of user's related system by definition RBAC access control policy, and user based on system prompt from main separation, thus can protect the personal secrets of user.
Summary of the invention
The present invention tackles and method of disposal based on the rogue program of RBAC under proposing a kind of Android platform, it is characterized in that, comprise malicious act detection module, core message feedback module, interception reminding module and the blocking module based on RBAC, step is as follows:
Step 1: the kernel module that malicious act detection module is used for Hook by dynamic insertion in AndroidLinux system realizes the inner nuclear layer monitoring that application programs reads the behavior of privacy of user data, for core message feedback module provides message source;
Step 2: core message feedback module realizes the message communicating of inner nuclear layer and client layer by netlinksocket, Netlinksocket adopts full duplex, asynchronous communication modes, like this when the Hook intercepting api calls of kernel state goes process to the program being sent to User space during the information of rogue program, and result is sent to kernel state, linux kernel determines according to this information the associative operation whether allowing this program; By core message feedback module, the application behavior record collected by malicious act detection module is delivered to interception reminding module;
Step 3: interception reminding module is used for, after receiving the message that inner nuclear layer sends, according to the result that the blocking module based on RBAC feeds back, providing the fine-grained prompting of user;
Step 4: the authority information being got role belonging to current application program and correspondence thereof based on the blocking module of RBAC by inquiry RBAC policy library, Query Result is fed back to interception reminding module, blocking module provides the fine-grained prompting of user according to this result; According to the Query Result of RBAC policy library; Support that user is from main separation, in the nonoptional situation of user, system can give tacit consent to the respective request determining whether allowing application program according to the Query Result of RBAC policy library.
Further, RBAC policy library can also be dynamically updated, be specially: when the first installation and operation of application program, based on its basic function for it assigns corresponding role, this role has only had the least privilege set of this application program basic function, during authority outside its least privilege set of application requests, interception reminding module can provide the prompting of user's associated safety, when user clearly selects to authorize this authority of this application program, adjust RBAC policy library by arranging new role, namely arrange new role have user allow least privilege outside other authorities.
By dynamic insertion LinuxHook kernel module, realize the real-time monitoring of reading the malicious acts such as privacy of user in inner nuclear layer application programs; The application program malicious act adopting netlinksocket technology to be captured by inner nuclear layer in Android framework feeds back to application layer, the kernel module inserted realizes sending malicious act information and the feedback receiving application layer by socket, is deployed in inner nuclear layer thus protects this process not by the interference of malicious application due to it; In the application layer of Android framework, introduce the thought of RBAC, by arranging RBAC policy library, distributing corresponding authority according to role belonging to application program to it, the minimum authorization to malicious application can be realized.Corresponding selection is made in the behavior simultaneously allowing user to read privacy of user data according to the prompting application programs of RBAC policy library; but not single permission or forbid all behaviors of application program; while protection privacy of user safety, balance the experience of user.
The present invention just can obtain the problem of all authorities that it is applied for after can avoiding legacy application installation; it clicks the authority agreeing to that imparting application program is applied for user after; monitored by kernel state; when this application actual motion concrete power limit; do secondary interception by the authority application arranging RBAC strategy application programs, really can reach the object of protection privacy of user.In addition, the present invention is when building RBAC policy library, for the feature that current Android is applied, done further constraint and specification to the role under Android application scenarios, authority, appointment relation and mutually exclusive roles etc., the setting of RBAC strategy has fully demonstrated minimum authorization, responsibility is separated and the large security doctrine of data abstraction three.
Compared with prior art, the present invention has the following advantages:
The malware detection methods of current main flow is divided into Static Detection and dynamic monitoring, and wherein the major way of Static Detection comprises: the signing messages, APK source code conversed analysis, malicious code storehouse coupling etc. of analysis application.The dependence of Static Detection to malicious code storehouse is higher, and the recall rate of rogue program and accuracy rate need to improve.Detection of dynamic, by actual motion application program, has expected the malicious act triggered wherein, reaches the object that rogue program detects.The dynamic testing method of main flow comprises: MonkeyRunner, DroidBox, TaintDroid, HIPS etc., be characterized in that the Intensity-dependent for code characteristic storehouse is little, determining whether Malware by catching operating real malicious act, there is the risk that rogue program walks around systems axiol-ogy simultaneously.Such as HIPS does not need amendment AndroidLinux kernel, and it is by injecting the Hook of .so and Jar file realize target API at User space, thus the associative operation of interception application program.Because it realizes APIhook by injecting so file, same application program oneself also can realize APIhook in this way.Therefore, if the developer of rogue program achieves APIHook, the systems axiol-ogy of HIPS will be walked around, bring threat to a certain extent the personal secrets of user.
This method adopts LinuxHook technology, the malicious act at inner nuclear layer monitoring application program is achieved by dynamic insertion kernel module, because this method detects the malicious act of application program, and application program cannot revise inner nuclear layer function call, therefore avoid the risk that rogue program walks around traditional HIPS systems axiol-ogy; Meanwhile, this method based on the access control technology of RBAC to role corresponding to application assigned, give simultaneously corresponding role assignments its can complete the least privilege combination of self task, provide the relevant prompting of user according to RBAC policy library.Such as, when map class application program reads the positional information of user, system ejects caution frame prompting user, allows the behavior when user without acquiescence when selection; When audio-visual amusement class application program reads the address list information of user, system ejects caution frame and acquiescence blocks the behavior, thus on the basis of main separation, has better met the demand of user permission user, protects the personal secrets of user simultaneously.Put forward the methods of the present invention just can obtain the problem of all authorities that it is applied for after can avoiding traditional APP installation; it clicks the authority agreeing to that imparting APP applies for user after; monitoring during by running this application; before this application actual use concrete power limit; by arranging RBAC strategy, secondary interception being done to the authority application of APP, really can reach the object of protection privacy of user.
Put forward the methods of the present invention, in the operation of the inner nuclear layer monitoring application program of AndroidLinux, can reduce the risk that malicious application walks around systems axiol-ogy, and the testing mechanism avoiding traditional HIPS method is bypassed problem, has better safety and reliability.
Put forward the methods of the present invention is when building RBAC policy library, for the feature of current Android application program, further constraint and specification have been done to the role under Android application scenarios, authority, appointment relation and mutually exclusive roles etc., the setting of RBAC strategy has fully demonstrated minimum authorization, responsibility is separated and the large security doctrine of data abstraction three, support the dynamic conditioning of RBAC policy library, support the balance of privacy of user safety and Consumer's Experience.
Accompanying drawing explanation
Fig. 1 is based on the rogue program interception architecture design of RBAC;
Fig. 2 is based on the rogue program interception flow process of RBAC;
Fig. 3 is based on the rogue program interception accuracy rate of RBAC;
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention will be further described.
Fig. 1 is the interception of the rogue program based on RBAC Organization Chart of the present invention.According to android system framework, android system is divided into user's space and kernel spacing two parts in figure, this Figure illustrates after application program is installed to Android mobile device, the monitoring of the application programs malicious act how inner nuclear layer and application layer realize when application program performs, the rogue program interception specifically based on RBAC comprises following four modules: malicious act detection module, core message feedback module, interception reminding module, blocking module based on RBAC.
Wherein, malicious act detection module is deployed in AndroidLinux inner nuclear layer, it achieves the monitoring of application programs malicious act by the LinuxHook module inserted, when monitoring application program and reading the behavior of privacy of user, interception reminding module can be delivered to by core message feedback module.Core message feedback module is deployed between application layer and inner nuclear layer, is the bridge communicated between the two, and the information that malicious act detection module is collected is delivered to interception reminding module and does further process by this module in charge.
Interception reminding module is deployed in JNI layer, when it receives the message that core message feedback module sends, can present in front of the user with the form of dialog box, by means of the Query Result of the blocking module based on RBAC, provides the relevant prompting of user.Based on the blocking module of RBAC, easily leaking the security permission of privacy of user and three famous security doctrines of RBAC by analyzing, having formulated RBAC policy library, strict restriction has been done to the authority information of the role belonging to Android application program and correspondence thereof.When the private data that application program calling party is relevant, the Query Result of RBAC policy library can be fed back to interception reminding module.
Fig. 2 is the rogue program interception process flow diagram based on RBAC, comprises the following steps:
Step 1: android system application program to be tested being installed to the kernel module inserted for Hook, runs application.
Step 2: the behavior that can relate to calling party private data in application program operational process, such as, read the behaviors such as user communication record.
Step 3: according to step 2, inquiry system RBAC policy library, obtains the Role Information of current application program.
Step 4: judge the authority information that the corresponding role of application program has, such as certain application requests calling party address list, the role that this application program belongs to is communication class role, the authority of the accessing address list that this role is corresponding is that " 1 " (" 1 " represents to have corresponding authority, " 0 " represents do not have corresponding authority), Query Result is fed back to next step.
Step 5: according to Query Result, ejects prompted dialog frame, provides the relevant prompting of user.
Step 6: user according to system suggestion makes a choice, selects the associative operation determining whether to allow application program according to user, if user does not select, then give tacit consent to the associative operation determining whether allowing application program according to the Query Result of RBAC policy library.
Step 7: the selection result of user is fed back to Android inner nuclear layer, determines whether allow application program to the request of respective resources.
Fig. 3 is the rogue program interception accuracy rate comparison diagram based on RBAC.In figure, transverse axis represents the authority information that android system is corresponding, A-G represents location information access, log access successively, address list reads, note record reads, send note, e-mail messages reads, interconnection network, and the longitudinal axis represents the interception number of times of system application programs calling party privacy behavior.The present invention compares with traditional HIPS, and when experiment shows the privacy record when malicious application calling party, this method has higher system interception rate.
Method proposed by the invention is detected by malicious act, core message feeds back, tackle prompting and interception 4 modules based on RBAC form, as shown in Figure 1.
Wherein, malicious act detection module is deployed in AndroidLinux inner nuclear layer, for reading the malicious act of privacy of user data at inner nuclear layer monitoring application program, for core message feedback module provides message source.Core message feedback module uses for reference netlinksocket technology, achieve the communication between malicious act detection module and interception reminding module, the application program malicious act that malicious act detection module finds can be delivered to interception reminding module and further dispose by this module.Interception reminding module is deployed in user's space, when receiving malicious act detection module and sending the malicious act of the application program detected, by the feedback result of the blocking module based on RBAC, provides the relevant prompting of user with the form of dialog box.Blocking module based on RBAC passes through inquiry RBAC policy library, when the private data of application requests calling party, the role of meeting belonging to this application program and the authority information of correspondence thereof, determine whether the associative operation allowing application program, Query Result is returned interception reminding module simultaneously.
Malicious act detection module is responsible for the monitoring and the record that read privacy of user data malicious act at inner nuclear layer monitoring application program, and simultaneously for core message feedback module provides message source, its step is as follows:
1. be positioned at the private data of the application requests calling party of application layer, call related function and initiate system call request;
2. system function performs the instruction of int0x80 weaken rock, and the execution of this instruction can allow system jump to a default kernel control address, thus makes program enter operating system nucleus state;
3. revise the pointer address in subsystem call table, make it point to the self-defining function of the present invention, such as, revise sys_call_table [_ _ NR_open], make it point to our_sys_open () function;
4. search specified function according to sys_call_table [_ _ NR_open], now system first can call the our_sys_open () function of the present invention's definition, the information such as process id, file reading type of meeting records application program in this function, thus records application program steals the malicious act of privacy of user, record the system call function that complete rear steering sys_call_table [_ _ NR_open] is original;
5. call sys_open () function, and will call result retrieval system and call, relevant information is back to client layer application program the most at last.
Core message feedback module is responsible for the application program malicious act that malicious act detection module finds being delivered to interception reminding module and is further disposed, and realized the message communicating of inner nuclear layer and application layer by netlinksocket, concrete steps are as follows:
1. kernel state program is connected by function netlink_kernel_create () deinitialization netlinksocket;
2. User space program is by the socket of socket () function creation User space, indicates the address field of User space socket, protocol type.In order to establish a communications link with kernel state program, given core state program of the present invention and User space program use same protocol type;
3. User space program realizes the interrelated of socket address, source and the socket address of opening by bind () function, in its parameter, s_nladdr represents the address structure body of netlink, nl_pid represents the PID of netlinksocket current process, as the local address of current netlinksocket, the present invention obtains current process id value by getpid () function;
4. User space program realizes sending message from User space to kernel state by function sendmsg (fd, & msg, 0), the fields such as the address of oneself, process ID is sent to kernel state program, informs the process ID of kernel state program oneself;
5. the application program monitored is read the malicious act of privacy of user record by kernel state program, and the process id sent according to User space and address send message to assigned address;
6. User space program is by function recvmsg (fd, & msg, 0) accept the message from kernel, the application behavior record collected by malicious act detection module is delivered to interception reminding module, does further operation for it.
Interception reminding module is responsible for providing the relevant prompting that user application reads privacy of user data, the corelation behaviour information of its program that is applied based on core message feedback module in the mode of graphical interfaces, and concrete steps are as follows:
1. generate corresponding header file by JAVA program with the method callHelloFromJava () that native key word is modified by JAVAH order, the method is stated in JAVA program, realize in c program, netlinksocket for initialising subscriber layer communicates, and receives the application program malicious act information that inner nuclear layer is sent;
2., under the com_example_testjni_MainActivity.h header file of generation being kept at the jni catalogue of engineering, go the callHelloFromJava () method realizing stating in java class for Hello.c program;
3. introduce com_example_testjni_MainActivity.h header file, Java_com_exaple_testjni_MainActivity_callHelloFromJava (JNIEnv*env is realized in Hello.c file, jobjectobj) method, the method connects for the netlinksocket of initialising subscriber state, be responsible for establishing a communications link with the socket of kernel state, the information such as the process ID of oneself, communication protocol type are sent to kernel state process;
4. when User space socket receives the message that kernel state socket sends, popWindow (Stringparam) method can be called, the method is for ejecting prompted dialog frame, and malicious act application program being read user privacy information presents in front of the user in real time;
5. connected by the socket of User space according to the selection of user, message feedback is done further process to kernel state socket.
Blocking module based on RBAC is responsible for the role that has according to application program and the authority that is assigned determines whether allowing application program to carry out associative operation, Query Result is returned interception reminding module simultaneously, specific as follows:
Application program common for Android market is classified by the present invention, by class definition role, and note role set R={R
1, R
2..., R
n.Such as, six role R can be defined according to the daily life function of existing Android application program
1, R
2, R
3, R
4, R
5, R
6, wherein R
1represent audio-visual class, R
2represent map class, R
3represent communication class, R
4representative pays class, R
5representative shopping class, R
6game representation class.In addition, by analyzing malicious application sample common on Android market, easily can be revealed the authority combined situation of privacy of user, if utilized by malicious application combination than INTERNET and READ_CONTACTS two authorities, then can be revealed the address list privacy information of user.The authority set may revealing privacy after the present invention remembers combination is combined into P={P
1, P
2..., P
n, based on the analysis to existing authority combined situation, definable P
1=ACCESS_COARSE_LOCATION, P
2=ACCESS_FINE_LOCATION, P
3=WRITE_SMS, P
4=WRITE_OWNER_DATA, P
5=WRITE_CONTACTS, P
6=SEND_SMS, P
7=RECORD_AUDIO, P
8=RECEIVE_SMS, P
9=RECEIVE_MMS, P
10=READ_PHONE_SMS, P
11=READ_OWNER_DATA, P
12=READ_CONTACTS, P
13=PROCESS_OUTGOING_CALLS, P
14=INTERNET, P
15=CHANGE_WIFI_STATE, P
16=CHANGE_NETWORK_STATE, P
17=CALL_PHONE, P
18=BROADCAST_SMS, P
19=ACCESS_WIFI_STATE, P
20=ACCESS_NETWORK_STATE.
The present invention predicate G (R
m, P
n) represent role R
mwith authority P
nbetween appointment relation, wherein, G (R
m, P
n)=1 represents role R
mthere is authority P
n; G (R
m, P
n)=0 represents role R
mnot there is authority P
n.In order to protect the personal secrets of user, the present invention gives corresponding role the least privilege set of assigning it can realize needed for basic function.Such as, the basic function of communication class application program is interpolation address list good friend, transfers immediate news, sends note etc., therefore it realizes least privilege set of basic function for { SEND_SMS, RECEIVE_SMS, READ_PHONE_SMS, READ_CONTACTS, INTERNET, CALL_PHONE}.Concrete, apply for the Android that above-mentioned 6 classes are common and may reveal the authority of privacy after 20 kinds of combinations, role-security assigns relation as shown in table 1:
Table 1 role-security assigns relation table
Be separated to realize responsibility, the present invention predicate W (R
i, R
j) represent mutually exclusive roles relation, wherein, application program can not be assigned with the role of two mutual exclusions simultaneously, such as W (R
i, R
j)=1 represents role R
iand R
jbe not mutually exclusive roles, application program can have role R simultaneously
iand R
jthe authority be assigned, W (R
i, R
j)=0 represents role R
iand R
jbe two mutually exclusive roles, application program can not have role R simultaneously
iand R
jthe authority be assigned.Concrete, for above-mentioned 6 roles, Mutual exclusion of roles relation can be as shown in table 2, such as, communication class role comprises authority { SEND_SMS, RECEIVE_SMS, READ_PHONE_SMS, READ_CONTACTS, INTERNET, CALL_PHONE}, pay class role and comprise authority { INTERNET, ACCESS_WIFI_STATE}, when belonging to the application program paying class role and being assigned with communication class role, it is just provided with calling party address list and the ability uploaded onto the server, threat is caused to the personal secrets of user, therefore communication class role and payment class role definition are mutually exclusive roles by the present invention, namely communication class role can not be assigned with again when application program has and pays class role.
Table 2 mutually exclusive roles contextual definition table
In order to the experience of balancing user, support of the present invention dynamically updates RBAC policy library.When the first installation and operation of application program, based on its basic function for it assigns corresponding role, this role has only had the least privilege set of this application program basic function, appointment as shown in table 1.During authority outside its least privilege set of application requests, the interception reminding module that the present invention proposes can provide the prompting of user's associated safety, when user clearly selects to authorize this authority of this application program, adjust RBAC policy library by arranging new role, namely arrange new role have user allow least privilege outside other authorities.Like this, when same application operationally asks this authority again, the blocking module based on RBAC that the present invention proposes judges to allow or refuse the associative operation of application program according to the RBAC policy library after adjustment, avoiding repeatedly ejecting dialog box affects user's experience.
Claims (2)
1. tackle and a method of disposal based on the rogue program of RBAC under Android platform, it is characterized in that, comprise malicious act detection module, core message feedback module, interception reminding module and the blocking module based on RBAC, step is as follows:
Step 1: the kernel module that malicious act detection module is used for Hook by dynamic insertion in AndroidLinux system realizes the inner nuclear layer monitoring that application programs reads the behavior of privacy of user data, for core message feedback module provides message source;
Step 2: core message feedback module realizes the message communicating of inner nuclear layer and client layer by netlinksocket, Netlinksocket adopts full duplex, asynchronous communication modes, like this when the Hook intercepting api calls of kernel state goes process to the program being sent to User space during the information of rogue program, and result is sent to kernel state, linux kernel determines according to this information the associative operation whether allowing this program; By core message feedback module, the application behavior record collected by malicious act detection module is delivered to interception reminding module;
Step 3: interception reminding module is used for, after receiving the message that inner nuclear layer sends, according to the result that the blocking module based on RBAC feeds back, providing the fine-grained prompting of user;
Step 4: the authority information being got role belonging to current application program and correspondence thereof based on the blocking module of RBAC by inquiry RBAC policy library, Query Result is fed back to interception reminding module, blocking module provides the fine-grained prompting of user according to this result; According to the Query Result of RBAC policy library; Support that user is from main separation, in the nonoptional situation of user, system can give tacit consent to the respective request determining whether allowing application program according to the Query Result of RBAC policy library.
2. method according to claim 1, it is characterized in that dynamically updating RBAC policy library, be specially: when the first installation and operation of application program, based on its basic function for it assigns corresponding role, this role has only had the least privilege set of this application program basic function, during authority outside its least privilege set of application requests, interception reminding module can provide the prompting of user's associated safety, when user clearly selects to authorize this authority of this application program, RBAC policy library is adjusted by arranging new role, namely arrange new role have user allow least privilege outside other authorities.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511032125.3A CN105550584A (en) | 2015-12-31 | 2015-12-31 | RBAC based malicious program interception and processing method in Android platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511032125.3A CN105550584A (en) | 2015-12-31 | 2015-12-31 | RBAC based malicious program interception and processing method in Android platform |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105550584A true CN105550584A (en) | 2016-05-04 |
Family
ID=55829771
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201511032125.3A Pending CN105550584A (en) | 2015-12-31 | 2015-12-31 | RBAC based malicious program interception and processing method in Android platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105550584A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106657022A (en) * | 2016-11-24 | 2017-05-10 | 北京瑞星信息技术股份有限公司 | Linux network access control method and device |
| CN106791168A (en) * | 2017-01-13 | 2017-05-31 | 北京奇虎科技有限公司 | Information of mobile terminal guard method, device and mobile terminal |
| CN107547495A (en) * | 2016-06-24 | 2018-01-05 | 卡巴斯基实验室股份制公司 | For protecting computer from the system and method for unwarranted remote management |
| CN108595945A (en) * | 2018-04-18 | 2018-09-28 | Oppo广东移动通信有限公司 | Permission reminding method, device, mobile terminal, server and storage medium |
| CN109145598A (en) * | 2017-06-19 | 2019-01-04 | 腾讯科技(深圳)有限公司 | Method for detecting virus, device, terminal and the storage medium of script file |
| CN110119615A (en) * | 2019-05-24 | 2019-08-13 | 北京智游网安科技有限公司 | A kind of control method, device and the computer equipment of Android log anti-leak |
| CN110175452A (en) * | 2019-05-14 | 2019-08-27 | 维沃移动通信有限公司 | The guard method of data file and mobile terminal |
| CN112231699A (en) * | 2020-10-15 | 2021-01-15 | 北京明略昭辉科技有限公司 | Interception method and device for reading function, electronic equipment and computer readable medium |
| WO2021098327A1 (en) * | 2019-11-22 | 2021-05-27 | 支付宝(杭州)信息技术有限公司 | Private data protection-based method and device for abnormal collection behavior recognition |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140137184A1 (en) * | 2012-11-13 | 2014-05-15 | Auckland Uniservices Ltd. | Security system and method for operating systems |
| CN104462970A (en) * | 2014-12-17 | 2015-03-25 | 中国科学院软件研究所 | Android application program permission abuse detecting method based on process communication |
| CN104951707A (en) * | 2015-05-13 | 2015-09-30 | 上海交通大学 | Sensitive resource access control policy system based on Android platform |
-
2015
- 2015-12-31 CN CN201511032125.3A patent/CN105550584A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140137184A1 (en) * | 2012-11-13 | 2014-05-15 | Auckland Uniservices Ltd. | Security system and method for operating systems |
| CN104462970A (en) * | 2014-12-17 | 2015-03-25 | 中国科学院软件研究所 | Android application program permission abuse detecting method based on process communication |
| CN104951707A (en) * | 2015-05-13 | 2015-09-30 | 上海交通大学 | Sensitive resource access control policy system based on Android platform |
Non-Patent Citations (1)
| Title |
|---|
| LI LIN等: "RbacIP: A RBAC-Based Method for Intercepting and Processing Malicious Applications in Android Platform", 《INTRUST 2015 REVISED SELECTED PAPERS OF THE 7TH INTERNATIONAL CONFERENCE ON TRUSTED》 * |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107547495A (en) * | 2016-06-24 | 2018-01-05 | 卡巴斯基实验室股份制公司 | For protecting computer from the system and method for unwarranted remote management |
| CN106657022A (en) * | 2016-11-24 | 2017-05-10 | 北京瑞星信息技术股份有限公司 | Linux network access control method and device |
| CN106657022B (en) * | 2016-11-24 | 2019-08-30 | 北京瑞星网安技术股份有限公司 | Linux method for network access control and device |
| CN106791168A (en) * | 2017-01-13 | 2017-05-31 | 北京奇虎科技有限公司 | Information of mobile terminal guard method, device and mobile terminal |
| CN109145598A (en) * | 2017-06-19 | 2019-01-04 | 腾讯科技(深圳)有限公司 | Method for detecting virus, device, terminal and the storage medium of script file |
| CN109145598B (en) * | 2017-06-19 | 2021-01-22 | 腾讯科技(深圳)有限公司 | Virus detection method and device for script file, terminal and storage medium |
| CN108595945B (en) * | 2018-04-18 | 2021-01-05 | Oppo广东移动通信有限公司 | Permission prompting method and device, mobile terminal, server and storage medium |
| CN108595945A (en) * | 2018-04-18 | 2018-09-28 | Oppo广东移动通信有限公司 | Permission reminding method, device, mobile terminal, server and storage medium |
| CN110175452A (en) * | 2019-05-14 | 2019-08-27 | 维沃移动通信有限公司 | The guard method of data file and mobile terminal |
| CN110119615A (en) * | 2019-05-24 | 2019-08-13 | 北京智游网安科技有限公司 | A kind of control method, device and the computer equipment of Android log anti-leak |
| CN110119615B (en) * | 2019-05-24 | 2021-06-08 | 北京智游网安科技有限公司 | Android log leakage-prevention control method and device and computer equipment |
| WO2021098327A1 (en) * | 2019-11-22 | 2021-05-27 | 支付宝(杭州)信息技术有限公司 | Private data protection-based method and device for abnormal collection behavior recognition |
| CN112231699A (en) * | 2020-10-15 | 2021-01-15 | 北京明略昭辉科技有限公司 | Interception method and device for reading function, electronic equipment and computer readable medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105550584A (en) | RBAC based malicious program interception and processing method in Android platform | |
| US8626125B2 (en) | Apparatus and method for securing mobile terminal | |
| CN104462952A (en) | Method and device for preventing self-starting of application | |
| CN103198255A (en) | Method and system for monitoring and intercepting sensitive behaviour of Android software | |
| CN104462879A (en) | Root-free running control method and device of application program | |
| CA2944586A1 (en) | Systems and methods to enforce security policies on the loading, linking, and execution of native code by mobile applications running inside of virtual machines | |
| CN104376263A (en) | Application behavior intercepting method and application behavior intercepting device | |
| CN104376255A (en) | Application program running control method and device | |
| CN105427096A (en) | Payment security sandbox realization method and system and application program monitoring method and system | |
| CN103108320A (en) | Method and system for monitoring application program of mobile device | |
| CN1869927B (en) | Device controller, method for controlling a device, and program therefor | |
| CN105074718A (en) | On-line behavioral analysis engine in mobile device with multiple analyzer model providers | |
| CN104239814A (en) | Mobile office safety method and mobile office safety system | |
| CN105550595A (en) | Private data access method and system for intelligent communication equipment | |
| CN104408367A (en) | Application program configuration method and device | |
| CN104881601A (en) | Floating window display setup, control method and device | |
| CN105631326A (en) | Security protection method and device for sensitive information | |
| CN104239786A (en) | ROOT-free active defense configuration method and device | |
| CN103559437B (en) | Access control method and system for Android operation system | |
| US20160055344A1 (en) | Data loss prevention during app execution using e-mail enforcement on a mobile device | |
| US20150150119A1 (en) | Framework for fine-grain access control from high-level application permissions | |
| CN104462880A (en) | Application program packing configuration method and device | |
| CN103218552A (en) | Safety management method and device based on user behavior | |
| CN103685194A (en) | Capacity calling method and device, and terminal | |
| CN112202704A (en) | Block chain intelligent contract safety protection system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160504 |