CN108932427A - A kind of Android is using the control method and system for limiting access in more open loop borders - Google Patents

A kind of Android is using the control method and system for limiting access in more open loop borders Download PDF

Info

Publication number
CN108932427A
CN108932427A CN201810480808.2A CN201810480808A CN108932427A CN 108932427 A CN108932427 A CN 108932427A CN 201810480808 A CN201810480808 A CN 201810480808A CN 108932427 A CN108932427 A CN 108932427A
Authority
CN
China
Prior art keywords
access
clientapp
module
current
call
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810480808.2A
Other languages
Chinese (zh)
Inventor
李瑞轩
代德顺
汤俊伟
韩洪木
辜希武
张婧
涂建伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huazhong University of Science and Technology
Original Assignee
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huazhong University of Science and Technology filed Critical Huazhong University of Science and Technology
Priority to CN201810480808.2A priority Critical patent/CN108932427A/en
Publication of CN108932427A publication Critical patent/CN108932427A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention discloses a kind of Android using the control method and system for limiting access in more open loop borders, extends the virtualization frame of open source, and limitation ClientApp is due to sharing the permission of HostApp and that initiates propose power attack.Including:When ClientApp operation, if current operation is sensitive API call operation, judge whether current sensitive API call operation is legal in conjunction with the policy information loaded, the ClientApp is then allowed to call real API if legal;If current operation belongs to file access operation, IOHook module will be triggered, and obtain the file directory of current accessed, then check whether current accessed is legal by IoCheck module combination policy library, real system is then called to carry out file operation if legal;HostApp parses its right list while loading ClientApp, as the grant authorizations set of default, then the strategy of comprehensive exploitation person's configuration, forms sets of authorizations.The present invention realizes the sensitive API access control in the more open loop borders of third-party application.

Description

A kind of Android is using the control method and system for limiting access in more open loop borders
Technical field
The present invention relates to mobile securities and access control field, apply more open loop borders more particularly, to a kind of Android The control method and system of middle limitation access.
Background technique
For Android phone as personal personal handheld device, the privacy of user data of many personalizations are stored in the inside, These data some result from application process of the user using third party's exploitation, for example log in the account of social application, password, Browsing record that browser generates etc., there are also some data such as GPS, cell phone apparatus ID etc. to be provided by Android phone itself, In primary android system, for the safety for ensuring privacy of user data, each application program is with the same UID's Identity runs an example, uses security sandbox technology to be isolated using between application, the realization of security sandbox is based on The forced symmetric centralization of SELinux, can only access by default themselves file and very limited system service.
But under some scenes and demand, many users need to run the multiple of an application in Android phone Example, such as some users need while using two social accounts, and one is used for work, and one, for social activity of living, is based on Such demand, having some cell phone manufacturers at present realizes on its own mobile phone ROM using the function of more opening, such as China Attend to anything else function etc. for the application of, millet, it is to have done corresponding transformation and liter on an operating system that this application opens the realization of function more Grade, safety are higher.It is many when early stage but on the Dynamic loading technique provided based on android system itself Third party developer realizes the plug-in unit of application function using this technology, and the incremental update of application is realized with this, avoids every User is allowed to download complete application package when secondary update.This technology is gradually evolved into application virtualization technology, i.e., One application can be realized the other application stable operation inside it of load, and the realization of this function is without changing system and application Bytecode, and be activated operation application do not need really to be mounted in the real handset of user.Many users are not having In the case of having the mobile phone for applying and paying wages more and holding, third party's offer may be selected realizes that application is attended to anything else using more open systems.
For the research of application virtualization, early stage Bianchi et al. (Bianchi A, Fratantonio Y, Kruegel C,et al.NJAS:Sandboxing Unmodified Applications in non-rooted Devices Running stock Android,ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices,ACM,2015:The API for applying calling system 27-38.) is intercepted by the process injection technique of ptrace, It realizes to apply for one and be run in the context environmental of another application.This mode can only realize the void for specific application Quasi-ization, and many resist using meeting ptrace own process is injected.
Backes et al. (Backes M, Bugiel S, Hammer C, et al.Boxify:full-fledged app sandboxing for stock android.USENIX Conference on Security Symposium,USENIX Association,2015:691-706.) the isolated process special processing design being supplied to based on android system It is a to apply sandbox, not trusted Android application is isolated in this special processing without any permission.It is this The benefit of sandbox is that dangerous program can be isolated to run in sandbox, prevents dangerous program to other in system or system Using causing damages.
It is found by researches that existing third party more open application virtualization central principle and system before it is substantially similar, all It is to be accomplished by the kernel service layer of virtualization system in the effect of the application multiple applications of internal operation, mainly passes through It realizes to the big basic service component of system Activity Manager Service and Package Manager Service two Virtualization, the interaction using all and Activity Manager Service, Package Manager Service are logical first Intermediate virtualization services Agent layer is crossed, completes the life cycle management to various components in application in the service layer of virtualization. But the application with certain function can not be operated in this no any permission more by being to provide the applications for opening service In isolated process process, other are run in a manner of common process so opening host's application more existing and being substantially Using, the application being run and host apply with same permission, while the stable operation in order to support various types to apply, Host's application can be applied largely can satisfy permission, the component type etc. used when other application operation.But whether how, this Between a little applications, using host apply between share the same UID, however system bottom is the access control based on user, Also mean that these apply permission same with host's Application share, catalogue.Once user is in use accidentally more Load operating is wrapped in rogue program or application containing the application program for carrying out malicious attack for more open loop borders in open loop border The all permissions that the malicious third parties code contained applies for available host application, that is to say, that apply, included in Third party code and host's application possess same permission set.Possess simultaneously with host using same file system access right Limit is read and write including the access to other important application file directorys in more open loop borders, to cause leakage of private information.
In conclusion the solution controlled for application permission in more open loop borders is proposed there is presently no people, it Preceding research, which is concentrated mainly on, is isolated to constrained environment for malicious application, also different from the application in Android operation system Isolation is the resource access control for the multiple processes run with single user's identity using the access control in more open loop borders System.In view of the harm that may cause, it is bound to have a set of mechanism to propose power attack using in more open loop borders to alleviate.
Summary of the invention
In view of the drawbacks of the prior art, it is an object of the invention to solve the prior art not proposing in more open loop borders The solution that application permission is controlled, research before, which is concentrated mainly on, is isolated to constrained environment for malicious application, It is for single user's body using the access control in more open loop borders different from the application isolation in Android operation system The resources accessing control of multiple processes of part operation needs a set of mechanism to alleviate and mention what power was attacked using in more open loop borders Technical problem.
To achieve the above object, on the one hand, the present invention provides a kind of Android using the control for limiting access in more open loop borders Method processed, if the application for providing virtualization running environment in Andriod system is HostApp, HostApp supports Andriod system In system applying its building virtualization running environment in run, be located at be loaded in this virtualized environment operation application be ClientApp, including:
When ClientApp operation, if current operation is sensitive API call operation, in conjunction with the policy information loaded Judge whether current sensitive API call operation is legal, then allows the ClientApp to call real API if legal, otherwise forbid Power is proposed to call;
If current operation belongs to file access operation, IOHook module will be triggered, and obtain the text for currently needing to access Then part catalogue checks whether current accessed is legal, then calls real system if legal by IoCheck module combination policy library File operation is carried out, otherwise throw exception, terminates access;
HostApp is parsed it includes the file of right list data, is obtained in file while loading ClientApp The right list listed forms final award as the tactful configuration information of the grant authorizations set of default, then comprehensive exploitation person Power set.
Wherein, it is Manifest.xml file that ClientApp, which includes the file of right list data,.
Optionally, when ClientApp is run, if current operation is sensitive API call operation, in conjunction with the plan loaded Slightly information judges whether the sensitive API call operation is legal, and the ClientApp is then allowed to call real API if legal, no Then forbid proposing power calling, including:
Step 1.1, when ClientApp is run, if current operation belongs to sensitive API call operation, APIHook module It will be triggered automatically and obtain the call chain currently called, the main body source information for initiating this time to call is obtained by call chain, i.e., Existing Hook module in frame is modified, i.e., realizes the calling end Binder to sensitive resource service using the technology of dynamic proxy It is intercepted, Hook module sends current recalls information to long-range VPMS;
Step 1.2, VPMS obtains calling first the information of promoter, and then VPMS will call Pcheck module, Pcheck Whether the current calling of policy information judgement that module combination PolicyManager has been loaded is legal, then feeds back to result APIHook module;
Step 1.3, APIHook module is verified according to feedback result, allows to call if verifying and passing through real Otherwise system API forbids proposing power calling.
Optionally, step 1.1 specifically includes following sub-step:
Step 1.1.1, ClientApp initiate sensitive API call request;
Step 1.1.2, sensitive API call request are intercepted by Hook code;
Sensitive API title that step 1.1.3, Hook Code obtaining currently calls, the packet name of current ClientApp and into Journey pid;
Step 1.1.4, Hook module creates Throwable pairs at the API interception of the process space where ClientApp As;
Step 1.1.5, by Throwable object acquisition system allocating stack information, according to system allocating stack information The initiation main information for obtaining this calling calls source information;
Step 1.1.6, Hook module current will call source information, the sensitive API information of calling and current The packet name of ClientApp, process pid are encapsulated into Parcel object;
Step 1.1.7, by the object after step 1.1.6 encapsulation by the remote agent interface of VPMS with inter-process calling Mode is sent to VPMS.
Optionally, step 1.2 specifically includes following sub-step:
Step 1.2.1, VPMS read first from Parcel object it is current call source information, the sensitive API information of calling, And the packet name and process pid of current ClientApp;
Step 1.2.2 obtains the permission name applied needed for calling current sensitive API according to the mapping relations of permission and API Claim;
Step 1.2.3 searches relevant strategy configuration according to the packet name of ClientApp in policy library, including is directed to The access control policy for the third party code for including in the access control policy information and ClientApp of ClientApp is believed Breath;
Step 1.2.4, if current calling main body source is the third party code set for being not belonging to configure in policy library, 1.2.5 is thened follow the steps, it is no to then follow the steps 1.2.8;
The packet name of step 1.2.5, the authority name of the application according to needed for sensitive API and ClientApp, the access of allowance are awarded Whether power set, judge permission involved in current operation in the access mandate set of allowance;
Step 1.2.6 then returns to PERMISSION_GRANTED in the access mandate set of allowance;Knot Beam step 1.2;
Step 1.2.7 in the access mandate set if there is no allowance, then returns PERMISSION_DENIED;Terminate Step 1.2;
Step 1.2.8, if current calling main body source belongs to the third party code set configured in policy library, basis The access control policy information of third party code judges whether current operation permits;
Step 1.2.9, if current operation permission executes not in the access mandate set of the allowance of third party code Step 1.2.5;
Step 1.2.10, if current operation permission in the allowance access mandate set of third party code, according to visit Ask that control strategy information returns to Authorization result information, end step 1.2.
Optionally, step 1.3 specifically includes following sub-step:
Step 1.3.1, Hook module receives the return information of VPMS, if return information is PERMISSION_ GRANTED executes step 1.3.2, no to then follow the steps 1.3.3;
Step 1.3.2, authorization pass through, then call the sensitive API of real system;
Step 1.3.3, authorization failure return to mistake, end step 1.3.
Optionally, if current operation belongs to file access operation, IOHook module will be triggered, and acquisition currently needs to visit The file directory asked, then gives IoCheck module combination policy library and checks whether current accessed is legal, then calls if legal true Positive system carries out file operation, otherwise forbids proposing power access, including following sub-step:
Step 2.1.1, if the path of current accessed be the read-only catalogue of some systems, using itself path or Sdcard catalogue then allows through access, no to then follow the steps 2.1.2;
Step 2.1.2, if the catalogue of current accessed is other ClientApp catalogue, the privately owned catalogue of HostApp or deposits The security catalog of control strategy library is put, then throw exception, terminates access.
On the other hand, the present invention provides a kind of Android using the control system for limiting access in more open loop borders, if The application that virtualization running environment is provided in Andriod system is HostApp, and HostApp supports the application in Andriod system It is run in the virtualization running environment of its building, being located at and being loaded the application of operation in this virtualized environment is ClientApp, Including:
Sensitive API Access Control Module is used for when ClientApp operation, if current operation is sensitive API calling Operation, then judge whether the sensitive API call operation is legal, then allows this if legal in conjunction with the policy information loaded ClientApp calls real API, otherwise forbids proposing power calling;
The access control module of file directory, if belonging to file access operation for current operation, IOHook module will It is triggered, obtains the file directory for currently needing to access, then give IoCheck module combination policy library and check that current accessed is It is no legal, it then calls real system to carry out file operation if legal, otherwise throw exception, terminates access;
Tactful database management module, for HostApp while loading ClientApp, it includes right list numbers for parsing According to file, obtain the right list listed in file, match as the grant authorizations set of default, then the strategy of comprehensive exploitation person Confidence breath, forms final sets of authorizations.
Optionally, the sensitive API Access Control Module is used for when ClientApp operation, if current operation Belong to sensitive API call operation, APIHook module will be triggered automatically and obtain the call chain currently called, and pass through call chain The main body source information for initiating this time to call is obtained, i.e. existing Hook module in modification frame;Hook module is by current calling Information is sent to long-range VPMS;VPMS obtains calling first the information of promoter, and then VPMS will call Pcheck module, Whether the current calling of policy information judgement that Pcheck module combination PolicyManager has been loaded is legal, then that result is anti- It feeds APIHook module;APIHook module is verified according to feedback result, allows to call if verifying and passing through real Otherwise system API forbids proposing power calling.
In general, through the invention it is contemplated above technical scheme is compared with the prior art, have below beneficial to effect Fruit:
1, the sensitive API access privilege control more opened in application runtime environment for third party is realized, due to using step Rapid 1.1, step 1.2, step 1.3 can not only limit ClientApp and use the permission beyond itself application, and can also limit The third party code for including in ClientApp processed uses the permission beyond ClientApp application.
2, it realizes limitation ClientApp and accesses its file directory that should not be accessed, prevent the malice being loaded ClientApp accesses the privately owned file of other ClientApp, causes the leakage of user privacy information.
3, other than the access strategy of default, also support developer configures relevant access strategy, further fine granularity Limitation operate in the application permission in more open loop borders.
4, compatible original system and application.In step adopted by the present invention, be not related to change application program and The process of system.
5, system overall overhead is small.Due to using step 1.2, a striding course is only increased on original system and is called Expense, and the additional information involved in authorization check process is as at the beginning of the mapping relations of sensitive API and permission can be in system It is loaded when beginningization, system operation later is had little effect.
Detailed description of the invention
Fig. 1 is Android provided by the invention using the control system overall architecture for limiting access in more open loop borders;
Fig. 2 is Android provided by the invention using the control method flow chart for limiting access in more open loop borders;
Fig. 3 is the refined flow chart of the step 1.1 of module one provided by the invention;
Fig. 4 is the refined flow chart of the step 1.2 of module one provided by the invention;
Fig. 5 is the refined flow chart of the step 1.3 of module one provided by the invention;
Fig. 6 is the step refined flow chart of module two provided by the invention;
Fig. 7 is the step refined flow chart of module three provided by the invention.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and It is not used in the restriction present invention.As long as in addition, technical characteristic involved in the various embodiments of the present invention described below Not constituting a conflict with each other can be combined with each other.
Just technical term of the invention is explained and illustrated first below:
Android:By the Mobile operating system based on linux kernel of the leading exploitation of Google, the characteristic opened with it Possess higher occupation rate in the market in Mobile operating system.
Virtual machine:When referring to the application program operation in android system, Dalvik virtual machine is referred specifically to.
Android application program:The application program in android system is operated in, is mainly developed by Java language.
HostApp:Open application more, can support other application its building virtualization running environment in run answer With we are called HostApp.
ClientApp:It is loaded the Android application program operated in HostApp virtualized environment.
Wherein, HostApp is alternatively referred to as host's application, and ClientApp alternatively referred to as runs application.
Open application development framework more:For helping developer to realize HostApp using dynamic hook and Dynamic loading technique Frame, by taking VirtualApp increases income Development Framework as an example, currently, VirtualApp is capable of providing a variety of application phases inside it Include Java exploitation Android application to stable operation, native applications based on native exploitation and some is reinforced Application.
Third party code:Integrated some of application developer are opened by third party developer, company or other unit The library with certain specific function of hair.
Safety enhancing:System associated safety mechanism is improved for one kind safety problem present in system, with solution Certainly such safety problem.
Private data:The personal data of user's storage in systems, mainly include contact information, logical in a mobile device Words record, geographical location information and device-dependent message etc..
Application programming interface (Application Programming Interface, API):It is some fixed in advance to refer to The function of justice, main purpose is that Application developer is allowed to call one group of routine function, and regardless of the source of its bottom Code or the details for understanding its internal work mechanism.
System packet management service (Package Manager Service, PMS):One of android system kernel service, It is responsible for the peace loading, unloading and the authorization of permission assessment of application package, operates in system core process.
Virtual system packet management service (Virtual Package Manager Service, VPMS):It is true to system The virtualization of real Package Manager Service, it is main to complete to the authorization of ClientApp, package informatin, module information Etc. resources management.
In view of the drawbacks of the prior art, it applies in more open loop borders and limits the purpose of the present invention is to provide a kind of Android Malice mentions the access control method of power, opens frame VirtualApp based on existing application more, is extended to it, and develop one The application of money security-enhanced opens frame SecHostApp more, without modifying to android system itself and applying In the case of, propose in more open loop borders using to the access right control method of sensitive API, propose for more open loop borders Access control method of the middle application to file directory.By the granularity refinement of access control to third party code rank, because having very much Possible normal use carries the third party code that power is proposed containing malice, and it is therefore necessary to implement sensitive API to third party code Access privilege control.
To achieve the above object, the present invention provides one kind to open the access control side that limitation malice in application environment proposes power more Method, the application for providing virtualization running environment is referred to as HostApp, and the application that operation is loaded in virtualized environment is ClientApp.It mainly includes three modules;First is that the Access Control Module of sensitive API, second is that the access of file directory Control module, third is that tactful database management module.Module one:The Access Control Module implementation steps of sensitive API;
Step 1.1, when ClientApp is run, if current operation belongs to sensitive API call operation, APIHook module It will be triggered automatically and obtain the call chain currently called, the main body source information for initiating this time to call is obtained by call chain, i.e., Modify existing Hook module in frame;Hook module sends current recalls information to long-range VPMS;
Step 1.2, VPMS obtains calling first the information of promoter, and then VPMS will call Pcheck module, Pcheck Whether the judgement of policy information that module combination PolicyManager has been loaded is current calls legal etc., then feeds back to result APIHook module;
Step 1.3, APIHook module is handled according to feedback result, allows to call if verifying and passing through real Otherwise system API forbids proposing power calling;
Step 1.1 specifically includes following sub-step:
1.1.1, ClientApp initiates sensitive API call request;
1.1.2, sensitive API call request is intercepted by Hook code first;
1.1.3, Hook code obtain first the sensitive API title, current ClientApp currently called packet name and into Journey pid;
1.1.4, Hook module creates Throwable object at the API interception of the process space where application program;
1.1.5, by Throwable object acquisition system allocating stack information, according to system allocating stack acquisition of information This initiation main information called;
1.1.6, Hook module will currently call source information, the sensitive API information of calling and current ClientApp Packet name, process pid are encapsulated into Parcel object;
1.1.7, the side for this object being passed through into inter-process calling by the remote agent interface VPackageManager of VPMS Formula is sent to VPMS;
Step 1.2 specifically includes following sub-step:
1.2.1, VPMS read first from Parcel object it is current call source information, the sensitive API information of calling and The packet name of current ClientApp, process pid;
1.2.2, according to the mapping relations of permission and API, the authority name applied needed for calling current sensitive API is obtained;
1.2.3, according to the packet name of ClientApp, relevant strategy configuration is searched in policy library, including is directed to The access control policy for the third party code for including in the access control policy information and ClientApp of ClientApp is believed Breath;
1.2.4, it if current calling main body source is the third party code set for being not belonging to configure in policy library, holds Row step (1.2.5), it is no to then follow the steps (1.2.8);
1.2.5, according to the packet name of the authority name arrived and ClientApp in step 1.2.2, the access mandate collection of allowance It closes, judges permission involved in current operation whether in the access mandate set of allowance;
1.2.6, in if there is the access mandate set of allowance, then PERMISSION_GRANTED is returned;Terminate step Rapid 1.2;
1.2.7, in if there is no the access mandate set of allowance, then PERMISSION_DENIED is returned;End step 2;
1.2.8, if current calling main body source belongs to the third party code set configured in policy library, according to third The access control policy information of square code judges whether current operation permits;
1.2.9, if current operation permission thens follow the steps not in the access mandate set of the allowance of third party code (1.2.5);
1.2.10, it if current operation permission is in the allowance access mandate set of third party code, is controlled according to access Policy information processed returns to Authorization result information, end step 2;
Step 1.3 specifically includes following sub-step:
1.3.1, Hook module receives the return information of VPMS, if return information is PERMISSION_GRANTED, It executes step (1.3.2), it is no to then follow the steps (1.3.3);
1.3.2, authorization passes through, then calls the sensitive API of real system;
1.3.3, authorization failure returns to mistake, end step 1.3;
Module two:The Access Control Module implementation steps of file directory;
Step 2.1, if current operation belongs to file access operation, IOHook module will be triggered, and obtain current need Then the file directory of access gives IoCheck module combination policy library and checks whether current accessed is legal, if legal ability tune File operation is carried out with real system calling.
Step 2.1 specifically includes following sub-step:
2.1.1, if the path of current accessed is the read-only catalogue of some systems, the path using itself or sdcard Catalogue then allows through access, no to then follow the steps (2.1.2);
2.1.2, if the catalogue of current accessed is other application catalog, host using privately owned catalogue
Or the security catalog of storage control strategy library, then throw exception, terminates access;
Module three:The generation module implementation steps of policy library;
Step 3.1, host applies while load operating application, parses its Manifest.xml file, obtains file In the right list listed formed final as the tactful configuration information of the grant authorizations set of default, then comprehensive exploitation person Sets of authorizations;
The present invention will be further described with attached drawing with reference to embodiments.
Cause in HostApp running environment possible the main reason for proposing power attack be to apply between, application and host The same UID is shared between, however system bottom is the access control based on user, also means that these applications and place The same permission of main Application share, catalogue.Once load operating contains user in more open loop borders accidentally in use The application program of malicious attack is carried out for more open loop borders, the malicious third parties code for including in rogue program or application can The all permissions for obtaining HostApp application, including the access read-write to other important application file directorys, so that privacy be caused to believe Breath leakage.The present invention proposes a kind of new safe enhanced scheme, and the purpose is in the original application structure of compatibility and original more It opens and implements under conditions of application development framework to propose power access control in more open loop borders, and refine the main body grain of access control Degree, can control the third party code for including in ClientApp proposes power access.Meanwhile further realizing control ClientApp It is able to access that file directory.All control strategies can carry out dynamic configuration based on unified policy description language, support operation When policy update.
Fig. 1 shows the safe Enhancement Method overall architecture that frame more is opened for Android application virtualization, can from Fig. 1 To find out, the main work of the present invention concentrates on following three parts:First is that the verification that sensitive API calls permission is increased, It is related to carrying out hook interception at the calling of sensitive API.Second is that the access control of file directory is increased, by existing It increases file access on the basis of native hook newly and checks module.Third is that the management of policy library, main to pass through The interface that PolicyManager is provided carries out the management of policy library.
Fig. 2 shows the access control method overall flow that power is proposed for limitation in the more open loop borders Android, when user makes When the HostApp come out with developer using safe enhancing Development of Framework, user needs a load virtual installation first Process, by ClientApp virtual installation to be started HostApp to its distribute file directory under, next include tool The module and implementation steps of body:
Module one:The Access Control Module implementation steps of sensitive API;
Step 1.1, when ClientApp is run, if current operation belongs to sensitive API call operation, APIHook module It will be triggered automatically and obtain the call chain currently called, the main body source information for initiating this time to call is obtained by call chain, i.e., Modify existing hook module in frame;Hook module sends current recalls information to long-range VPMS;
Step 1.2, VPMS obtains calling first the information of promoter, and then VPMS will call Pcheck module, Pcheck Whether the judgement of policy information that module combination PolicyManager has been loaded is current calls legal etc., then feeds back to result APIHook module;
Step 1.3, APIHook module is handled according to feedback result, allows to call if verifying and passing through real Otherwise system API forbids proposing power calling.
Module two:The Access Control Module implementation steps of file directory;
Step 2.1, if current operation belongs to file access operation, IOHook module will be triggered, and obtain current need Then the file directory of access gives IoCheck module combination policy library and checks whether current accessed is legal, if legal ability tune File operation is carried out with real system calling.
Module three:The generation module implementation steps of policy library;
Step 3.1, host applies while load operating application, parses its Manifest.xml file, obtains file In the right list listed, the grant authorizations set as default;The tactful configuration information of comprehensive exploitation person again, forms final Grant authorizations set;
Further, as shown in figure 3, the step 1.1 of the module one includes following sub-step:
1.1.1, application program initiates sensitive API call request;Without loss of generality, it is assumed that the API is TelephonyManager.getDeviceId;
1.1.2, sensitive API call request is intercepted by GetDeviceIdHook code first, that is, in flow chart APIHook, all inheriting APIHook base class to the specific hook class of all API in system, (GetDeviceIdHook is inherited APIHook), so what is triggered first when sensitive API is called is the public check function of APIHook i.e. base class;
1.1.3, APIHook module obtains the sensitive API title apiName's, current ClientApp currently called first Packet name packageName, process pid;
1.1.4, APIHook module creates Throwable object at the API interception of the process space where application program;
1.1.5, system allocating stack is generated by Throwable objects trigger fillInStackTrace method, then led to It crosses getStackTrace method and obtains the system exception stacked data this time called, further obtain the call chain this time called, Initiation main information, that is, sourcePackage that this is called according to system allocating stack acquisition of information;
1.1.6, APIHook module will currently call the sensitive API information of source information sourcePackage, calling Packet name packageName, the process pid of apiName and current ClientApp are encapsulated into Parcel object;
1.1.7, this object is passed through the remote agent VPackageManager of VPMS to adjust between process by APIHook module Mode is sent to VPMS;
Further, as shown in figure 4, the step 1.2 of the module one includes following sub-step:
1.2.1, VPMS read first from Parcel object it is current call source information sourcePackage, calling it is quick Feel packet name packageName, the process pid of API information apiName and current ClientApp;
1.2.2, PolicyManager.getPermissionByApi () is called, according to the mapping relations of permission and API, Obtain the authority name cur_permission applied needed for calling current sensitive API;
1.2.3, according to the packet name of ClientApp, relevant strategy is searched using PolicyManager and is configured, is called PolicyManager.getAppLevelAllowSet (packageName) obtains the access control delegated strategy of ClientApp Set appAllows is called PolicyManager.getLibLevelAllowSet (packageName), is obtained The access control delegated strategy information aggregate libAllows for the third party code for including in ClientApp;
1.2.4, if the third party code that current calling main body source sourcePackage is not configured in policy library In access control policy aggregate libAllows, then follow the steps (1.2.5), it is no to then follow the steps (1.2.8);
1.2.5, according to the packet name of the authority name arrived and ClientApp in step 1.2.2, the access mandate collection of allowance Close appAllows, judge permission involved in current operation whether in the access mandate set of allowance, i.e. ClientApp Current accessed cannot use
1.2.6, in if there is the access mandate set of allowance, then PERMISSION_GRANTED is returned;Terminate step Rapid 1.2;
1.2.7, in if there is no the access mandate set of allowance, then PERMISSION_DENIED is returned;End step 1.2;
1.2.8, if current calling main body source belongs to the third party code set libAllows configured in policy library, Then judge whether current operation permits according to the access control policy information of third party code;
1.2.9, if the current operation permission not libAllows in the access mandate set of the allowance of third party code, Then follow the steps (1.2.5);
1.2.10, if current operation permission returns in the allowance access mandate set of third party code PERMISSION_GRANTED;End step 1.2;
Further, as shown in figure 5, the step 1.3 of the module one includes following sub-step:
1.3.1, APIHook module receives the return information message of VPMS, if the information returned is PERMISSION_GRANTED is executed step (1.3.2), no to then follow the steps (1.3.3);
1.3.2, authorization passes through, then calls the sensitive API of real system;
1.3.3, authorization failure returns to mistake, end step 1.3.
Further, as shown in fig. 6, refinement process includes following sub-step the step of the module two:
2.1.1, when application carries out file access operation, IOHook module meeting automatic trigger, interception will currently be accessed Catalogue path, give IoCheck function check current accessed it is whether legal.If the path path of current accessed is some systems Unite the catalogues such as read-only catalogue system, dev), using the path of itself (here with/data/data/com.host.app/ For virtual/com.client_1/) or sdcard catalogue (/sdcard/), then allow otherwise to execute step by access Suddenly (2.1.2);
2.1.2, if the catalogue of current accessed is other application catalog (such as/data/data/com.host.app/ Virtual/com.client_2/), host then dishes out different using the security catalog of privately owned catalogue or storage control strategy library Often, terminate access.
Further, as shown in fig. 7, refinement process includes following sub-step the step of the module three:
Step 3.1.1, host apply while load operating application, parse its Manifest.xml file, obtain text The right list listed in part, the grant authorizations set as default;Call the remote interface of PolicyManager PolicyManagerProxy will allow the set authorized to update by PolicyManager into policy library;
Step 3.1.2, PolicyManager integrate the tactful configuration information of the developers for opening application more again, developer's Configuration information is placed on/data/data/com.host.app/private/ catalogue under, with the Unified Policy description language of XML It is configured, does not lose generality, it will be assumed that the strategy of configuration is:
The configuration is meant that the application access needs for forbidding wrapping entitled com.client_1 The API of android.permission.READ_PHONE_STATE permission, PolicyManager are formed finally according to configuration Grant authorizations set, it is packet that the final function updatePolicy for calling PolicyManager, which is updated with current packageName, The application authorization access strategy of name.
Android provided by the invention mentions the access control method and system of power using limitation malice in more open loop borders, right The application virtualization for having open source opens frame more and carries out safe enhancing, limits the application more opened due to sharing the super of host's application Grade permission and caused by propose power attack.Main safety enhancing module includes:The third for including in limitation application and application Square code proposes the access that power accesses, the access control of file directory and design are unified to sensitive application programming interface (API) Control strategy language supports dynamic configuration;The access privilege control of sensitive API is mainly blocked by Java layers of hook (Hook) technology It cuts sensitive API all between application and system to call, the configuration further according to access strategy finally determines whether to call to work as Preceding sensitive API.The access control of file directory mainly passes through the Hook technology of Android (Native) itself, adapter tube application and All file access operations of system judge whether current application has accessed the file that should not be accessed according to the path of current accessed Catalogue.Technical standard based on XML devises unified policy language and supports dynamic strategy configuration.The present invention is with lesser property Energy expense is that cost carries out safe enhancing to original more open systems of application, relative to original more open systems of application, access control grain It is more careful to spend, and can limit and propose power attack using opening in border more, and method using flexible, be not required to android system and Using modifying, there is good availability.
As it will be easily appreciated by one skilled in the art that the foregoing is merely illustrative of the preferred embodiments of the present invention, not to The limitation present invention, any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should all include Within protection scope of the present invention.

Claims (8)

1. a kind of Android is using the control method for limiting access in more open loop borders, if providing virtualization fortune in Andriod system The application of row environment is HostApp, and HostApp supports the virtualization running environment applied in its building in Andriod system Middle operation, being located at and being loaded the application of operation in this virtualized environment is ClientApp, which is characterized in that including:
When ClientApp operation, if current operation is sensitive API call operation, in conjunction with the policy information judgement loaded Whether current sensitive API call operation is legal, then allows the ClientApp to call real API if legal, otherwise forbids proposing power It calls;
If current operation belongs to file access operation, IOHook module will be triggered, and obtain the file mesh for currently needing to access Then record checks whether current accessed is legal by IoCheck module combination policy library, real system is then called to carry out if legal File operation, otherwise throw exception, terminates access;
HostApp is parsed it includes the file of right list data while loading ClientApp, is obtained listing in file Right list form final authorization set as the tactful configuration information of the grant authorizations set of default, then comprehensive exploitation person It closes.
2. Android according to claim 1 is using the control method for limiting access in more open loop borders, which is characterized in that When ClientApp operation, if current operation is sensitive API call operation, in conjunction with described in the policy information judgement loaded Whether sensitive API call operation is legal, and the ClientApp is then allowed to call real API if legal, otherwise forbids mentioning power tune With, including:
Step 1.1, when ClientApp is run, if current operation belongs to sensitive API call operation, APIHook module will be certainly It is dynamic to be triggered and obtain the call chain currently called, the main body source information for initiating this time to call is obtained by call chain, that is, is modified Existing Hook module in frame is realized using the technology of dynamic proxy and is carried out to the calling end Binder of sensitive resource service It intercepts, Hook module sends current recalls information to long-range VPMS;
Step 1.2, VPMS obtains calling first the information of promoter, and then VPMS will call Pcheck module, Pcheck module Whether the current calling of policy information judgement loaded in conjunction with PolicyManager is legal, and result is then fed back to APIHook Module;
Step 1.3, APIHook module is verified according to feedback result, allows to call real system if verifying and passing through Otherwise API forbids proposing power calling.
3. Android according to claim 2 is using the control method for limiting access in more open loop borders, which is characterized in that The step 1.1 specifically includes following sub-step:
Step 1.1.1, ClientApp initiate sensitive API call request;
Step 1.1.2, sensitive API call request are intercepted by Hook code;
Sensitive API title, the packet name of current ClientApp and the process that step 1.1.3, Hook Code obtaining currently calls pid;
Step 1.1.4, Hook module creates Throwable object at the API interception of the process space where ClientApp;
Step 1.1.5, by Throwable object acquisition system allocating stack information, according to system allocating stack acquisition of information This initiation main information called calls source information;
Step 1.1.6, Hook module will currently call source information, the sensitive API information of calling and current ClientApp Packet name, process pid are encapsulated into Parcel object;
Step 1.1.7, by the object after step 1.1.6 encapsulation through the remote agent interface of VPMS in a manner of inter-process calling It is sent to VPMS.
4. Android according to claim 2 is using the control method for limiting access in more open loop borders, which is characterized in that The step 1.2 specifically includes following sub-step:
Step 1.2.1, VPMS read first from Parcel object it is current call source information, the sensitive API information of calling and The packet name and process pid of current ClientApp;
Step 1.2.2 obtains the authority name applied needed for calling current sensitive API according to the mapping relations of permission and API;
Step 1.2.3 searches relevant strategy configuration according to the packet name of ClientApp in policy library, including is directed to The access control policy for the third party code for including in the access control policy information and ClientApp of ClientApp is believed Breath;
Step 1.2.4 is held if current calling main body source is the third party code set for being not belonging to configure in policy library Row step 1.2.5, it is no to then follow the steps 1.2.8;
The packet name of step 1.2.5, the authority name of the application according to needed for sensitive API and ClientApp, allowance access mandate collection It closes, judges permission involved in current operation whether in the access mandate set of allowance;
Step 1.2.6 then returns to PERMISSION_GRANTED in the access mandate set of allowance;Terminate step Rapid 1.2;
Step 1.2.7 in the access mandate set if there is no allowance, then returns PERMISSION_DENIED;End step 1.2;
Step 1.2.8, if current calling main body source belongs to the third party code set configured in policy library, according to third The access control policy information of square code judges whether current operation permits;
Step 1.2.9, if current operation permission thens follow the steps not in the access mandate set of the allowance of third party code 1.2.5;
Step 1.2.10, if current operation permission in the allowance access mandate set of third party code, is controlled according to access Policy information processed returns to Authorization result information, end step 1.2.
5. Android according to claim 2 is using the control method for limiting access in more open loop borders, which is characterized in that The step 1.3 specifically includes following sub-step:
Step 1.3.1, Hook module receives the return information of VPMS, if return information is PERMISSION_GRANTED, Step 1.3.2 is executed, it is no to then follow the steps 1.3.3;
Step 1.3.2, authorization pass through, then call the sensitive API of real system;
Step 1.3.3, authorization failure return to mistake, end step 1.3.
6. Android according to claim 2 is using the control method for limiting access in more open loop borders, which is characterized in that If current operation belongs to file access operation, IOHook module will be triggered, and obtain the file directory for currently needing to access, so After give IoCheck module combination policy library and check whether current accessed legal, then call real system to carry out text if legal Otherwise part operation is forbidden proposing power access, including:
Step 2.1.1, if the path of current accessed is the read-only catalogue of some systems, the path using itself or sdcard Catalogue then allows through access, no to then follow the steps 2.1.2;
Step 2.1.2, if the catalogue of current accessed is other ClientApp catalogue, the privately owned catalogue of HostApp or storage control The security catalog of policy library processed, then throw exception, terminates access.
7. a kind of Android is using the control system for limiting access in more open loop borders, if providing virtualization fortune in Andriod system The application of row environment is HostApp, and HostApp supports the virtualization running environment applied in its building in Andriod system Middle operation, being located at and being loaded the application of operation in this virtualized environment is ClientApp, which is characterized in that including:
Sensitive API Access Control Module, for when ClientApp operation, calling to be grasped if current operation is sensitive API Make, then combines the policy information loaded judges whether current sensitive API call operation is legal, then allows this if legal ClientApp calls real API, otherwise forbids proposing power calling;
The access control module of file directory, if belonging to file access operation for current operation, IOHook module will be touched Hair obtains the file directory for currently needing to access, and then checks whether current accessed closes by IoCheck module combination policy library Method then calls real system to carry out file operation, otherwise throw exception if legal, terminates access;
Tactful database management module, for HostApp while loading ClientApp, it includes right list data for parsing File obtains the right list listed in file, and the strategy as the grant authorizations set of default, then comprehensive exploitation person matches confidence Breath, forms final sets of authorizations.
8. Android according to claim 7 is using the control system for limiting access in more open loop borders, which is characterized in that The sensitive API Access Control Module is used for when ClientApp operation, if current operation belongs to sensitive API calling Operation, APIHook module will be triggered automatically and obtain the call chain currently called, obtained by call chain and initiate this time to call Main body source information, i.e., modification frame in existing Hook module;Hook module sends current recalls information to long-range VPMS;VPMS obtains calling first the information of promoter, and then VPMS will call Pcheck module, and Pcheck module combines Whether the current calling of policy information judgement that PolicyManager has been loaded is legal, and result is then fed back to APIHook mould Block;APIHook module is verified according to feedback result, is allowed to call real system API if verifying and passing through, otherwise be prohibited Power is only proposed to call.
CN201810480808.2A 2018-05-18 2018-05-18 A kind of Android is using the control method and system for limiting access in more open loop borders Pending CN108932427A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810480808.2A CN108932427A (en) 2018-05-18 2018-05-18 A kind of Android is using the control method and system for limiting access in more open loop borders

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810480808.2A CN108932427A (en) 2018-05-18 2018-05-18 A kind of Android is using the control method and system for limiting access in more open loop borders

Publications (1)

Publication Number Publication Date
CN108932427A true CN108932427A (en) 2018-12-04

Family

ID=64449096

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810480808.2A Pending CN108932427A (en) 2018-05-18 2018-05-18 A kind of Android is using the control method and system for limiting access in more open loop borders

Country Status (1)

Country Link
CN (1) CN108932427A (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109558730A (en) * 2018-12-29 2019-04-02 360企业安全技术(珠海)有限公司 A kind of safety protecting method and device of browser
CN109784051A (en) * 2018-12-29 2019-05-21 360企业安全技术(珠海)有限公司 Protecting information safety method, device and equipment
CN109977644A (en) * 2019-04-03 2019-07-05 山东超越数控电子股份有限公司 Right management method is classified under a kind of Android platform
CN110457925A (en) * 2019-08-12 2019-11-15 深圳市网心科技有限公司 Data isolation method, device, terminal and storage medium are applied in the storage of inside and outside
CN111273967A (en) * 2019-12-30 2020-06-12 上海上讯信息技术股份有限公司 Remote hook setting method and device suitable for Android system and electronic equipment
CN111399927A (en) * 2018-12-14 2020-07-10 北京奇虎科技有限公司 Method and device for sharing Class file by application and computing equipment
CN111400757A (en) * 2020-03-13 2020-07-10 西安电子科技大学 Method for preventing native code in android third-party library from revealing user privacy
CN111444539A (en) * 2020-03-26 2020-07-24 惠州Tcl移动通信有限公司 Authority processing method and device, storage medium and terminal
CN111737664A (en) * 2020-05-20 2020-10-02 广州市格利网络技术有限公司 Re-authorization use control method and device of borrowing equipment
CN112540903A (en) * 2020-12-11 2021-03-23 武汉斗鱼鱼乐网络科技有限公司 Method, storage medium, electronic device and system for quickly searching for multi-open prevention
CN112600786A (en) * 2020-11-12 2021-04-02 湖南快乐阳光互动娱乐传媒有限公司 Data interaction method and device
CN112764798A (en) * 2021-01-08 2021-05-07 重庆创通联智物联网有限公司 Electronic equipment customization mode realization method and electronic equipment
CN113393001A (en) * 2021-05-12 2021-09-14 浙江吉利控股集团有限公司 Order receiving and queuing method and device for network appointment vehicle and storage medium
CN114021176A (en) * 2022-01-06 2022-02-08 麒麟软件有限公司 SELinux dynamic authorization method and system
WO2022179379A1 (en) * 2021-02-24 2022-09-01 华为技术有限公司 Access control method, electronic device and system
WO2022199499A1 (en) * 2021-03-23 2022-09-29 华为技术有限公司 Access control method, electronic device, and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100287598A1 (en) * 2009-05-08 2010-11-11 Samsung Electronics Co., Ltd. Method and system for providing security policy for linux-based security operating system
CN104992081A (en) * 2015-06-24 2015-10-21 华中科技大学 Security enhancement method for third-party code of Android application program
CN106446672A (en) * 2016-07-25 2017-02-22 中国科学院大学 Privilege isolation method and device of Android third-party class library
CN106850545A (en) * 2016-12-15 2017-06-13 华中科技大学 A kind of fine-grained access control method of Android mixing application

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100287598A1 (en) * 2009-05-08 2010-11-11 Samsung Electronics Co., Ltd. Method and system for providing security policy for linux-based security operating system
CN104992081A (en) * 2015-06-24 2015-10-21 华中科技大学 Security enhancement method for third-party code of Android application program
CN106446672A (en) * 2016-07-25 2017-02-22 中国科学院大学 Privilege isolation method and device of Android third-party class library
CN106850545A (en) * 2016-12-15 2017-06-13 华中科技大学 A kind of fine-grained access control method of Android mixing application

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111399927A (en) * 2018-12-14 2020-07-10 北京奇虎科技有限公司 Method and device for sharing Class file by application and computing equipment
CN109784051A (en) * 2018-12-29 2019-05-21 360企业安全技术(珠海)有限公司 Protecting information safety method, device and equipment
CN109784051B (en) * 2018-12-29 2021-01-15 360企业安全技术(珠海)有限公司 Information security protection method, device and equipment
CN109558730A (en) * 2018-12-29 2019-04-02 360企业安全技术(珠海)有限公司 A kind of safety protecting method and device of browser
CN109558730B (en) * 2018-12-29 2020-10-16 360企业安全技术(珠海)有限公司 Safety protection method and device for browser
CN109977644B (en) * 2019-04-03 2021-01-01 山东超越数控电子股份有限公司 Hierarchical authority management method under Android platform
CN109977644A (en) * 2019-04-03 2019-07-05 山东超越数控电子股份有限公司 Right management method is classified under a kind of Android platform
CN110457925A (en) * 2019-08-12 2019-11-15 深圳市网心科技有限公司 Data isolation method, device, terminal and storage medium are applied in the storage of inside and outside
CN110457925B (en) * 2019-08-12 2023-05-09 深圳市网心科技有限公司 Application data isolation method and device in internal and external storage, terminal and storage medium
CN111273967A (en) * 2019-12-30 2020-06-12 上海上讯信息技术股份有限公司 Remote hook setting method and device suitable for Android system and electronic equipment
CN111400757A (en) * 2020-03-13 2020-07-10 西安电子科技大学 Method for preventing native code in android third-party library from revealing user privacy
CN111444539A (en) * 2020-03-26 2020-07-24 惠州Tcl移动通信有限公司 Authority processing method and device, storage medium and terminal
CN111444539B (en) * 2020-03-26 2023-10-03 惠州Tcl移动通信有限公司 Authority processing method and device, storage medium and terminal
CN111737664A (en) * 2020-05-20 2020-10-02 广州市格利网络技术有限公司 Re-authorization use control method and device of borrowing equipment
CN112600786A (en) * 2020-11-12 2021-04-02 湖南快乐阳光互动娱乐传媒有限公司 Data interaction method and device
CN112540903B (en) * 2020-12-11 2022-07-05 武汉斗鱼鱼乐网络科技有限公司 Method, storage medium, electronic device and system for quickly searching for multi-open prevention
CN112540903A (en) * 2020-12-11 2021-03-23 武汉斗鱼鱼乐网络科技有限公司 Method, storage medium, electronic device and system for quickly searching for multi-open prevention
CN112764798A (en) * 2021-01-08 2021-05-07 重庆创通联智物联网有限公司 Electronic equipment customization mode realization method and electronic equipment
CN112764798B (en) * 2021-01-08 2023-10-03 重庆创通联智物联网有限公司 Method for realizing customization mode of electronic equipment and electronic equipment
WO2022179379A1 (en) * 2021-02-24 2022-09-01 华为技术有限公司 Access control method, electronic device and system
WO2022199499A1 (en) * 2021-03-23 2022-09-29 华为技术有限公司 Access control method, electronic device, and system
CN113393001A (en) * 2021-05-12 2021-09-14 浙江吉利控股集团有限公司 Order receiving and queuing method and device for network appointment vehicle and storage medium
CN114021176A (en) * 2022-01-06 2022-02-08 麒麟软件有限公司 SELinux dynamic authorization method and system

Similar Documents

Publication Publication Date Title
CN108932427A (en) A kind of Android is using the control method and system for limiting access in more open loop borders
Nadkarni et al. Practical {DIFC} Enforcement on Android
Bugiel et al. Flexible and fine-grained mandatory access control on android for diverse security and privacy policies
Wallach et al. Understanding Java stack inspection
US9210194B2 (en) Method and system for protecting data flow at a mobile device
US9916475B2 (en) Programmable interface for extending security of application-based operating system
US8955142B2 (en) Secure execution of unsecured apps on a device
KR101970744B1 (en) Trust level activation
US20120246484A1 (en) Secure execution of unsecured apps on a device
US8752130B2 (en) Trusted multi-stakeholder environment
Kodeswaran et al. Securing enterprise data on smartphones using run time information flow control
US20150341362A1 (en) Method and system for selectively permitting non-secure application to communicate with secure application
US7770202B2 (en) Cross assembly call interception
CN105550595A (en) Private data access method and system for intelligent communication equipment
Gollamudi et al. Automatic enforcement of expressive security policies using enclaves
Dean et al. Java security: Web browsers and beyond
US20150358357A1 (en) Processing device and method of operation thereof
Bugiel et al. Towards a framework for android security modules: Extending se android type enforcement to android middleware
Armando et al. Developing a NATO BYOD security policy
Papagiannis et al. Enforcing user privacy in web applications using Erlang
Bousquet et al. Mandatory access control for the android dalvik virtual machine
Nagaratnam et al. Resource access control for an internet user agent
de Melo et al. PUPDroid-Personalized user privacy mechanism for android
Oh et al. The multi-level security for the android OS
Bugiel Establishing mandatory access control on Android OS

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20181204

WD01 Invention patent application deemed withdrawn after publication