CN108932427A - A kind of Android is using the control method and system for limiting access in more open loop borders - Google Patents
A kind of Android is using the control method and system for limiting access in more open loop borders Download PDFInfo
- Publication number
- CN108932427A CN108932427A CN201810480808.2A CN201810480808A CN108932427A CN 108932427 A CN108932427 A CN 108932427A CN 201810480808 A CN201810480808 A CN 201810480808A CN 108932427 A CN108932427 A CN 108932427A
- Authority
- CN
- China
- Prior art keywords
- access
- clientapp
- module
- current
- call
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention discloses a kind of Android using the control method and system for limiting access in more open loop borders, extends the virtualization frame of open source, and limitation ClientApp is due to sharing the permission of HostApp and that initiates propose power attack.Including:When ClientApp operation, if current operation is sensitive API call operation, judge whether current sensitive API call operation is legal in conjunction with the policy information loaded, the ClientApp is then allowed to call real API if legal;If current operation belongs to file access operation, IOHook module will be triggered, and obtain the file directory of current accessed, then check whether current accessed is legal by IoCheck module combination policy library, real system is then called to carry out file operation if legal;HostApp parses its right list while loading ClientApp, as the grant authorizations set of default, then the strategy of comprehensive exploitation person's configuration, forms sets of authorizations.The present invention realizes the sensitive API access control in the more open loop borders of third-party application.
Description
Technical field
The present invention relates to mobile securities and access control field, apply more open loop borders more particularly, to a kind of Android
The control method and system of middle limitation access.
Background technique
For Android phone as personal personal handheld device, the privacy of user data of many personalizations are stored in the inside,
These data some result from application process of the user using third party's exploitation, for example log in the account of social application, password,
Browsing record that browser generates etc., there are also some data such as GPS, cell phone apparatus ID etc. to be provided by Android phone itself,
In primary android system, for the safety for ensuring privacy of user data, each application program is with the same UID's
Identity runs an example, uses security sandbox technology to be isolated using between application, the realization of security sandbox is based on
The forced symmetric centralization of SELinux, can only access by default themselves file and very limited system service.
But under some scenes and demand, many users need to run the multiple of an application in Android phone
Example, such as some users need while using two social accounts, and one is used for work, and one, for social activity of living, is based on
Such demand, having some cell phone manufacturers at present realizes on its own mobile phone ROM using the function of more opening, such as China
Attend to anything else function etc. for the application of, millet, it is to have done corresponding transformation and liter on an operating system that this application opens the realization of function more
Grade, safety are higher.It is many when early stage but on the Dynamic loading technique provided based on android system itself
Third party developer realizes the plug-in unit of application function using this technology, and the incremental update of application is realized with this, avoids every
User is allowed to download complete application package when secondary update.This technology is gradually evolved into application virtualization technology, i.e.,
One application can be realized the other application stable operation inside it of load, and the realization of this function is without changing system and application
Bytecode, and be activated operation application do not need really to be mounted in the real handset of user.Many users are not having
In the case of having the mobile phone for applying and paying wages more and holding, third party's offer may be selected realizes that application is attended to anything else using more open systems.
For the research of application virtualization, early stage Bianchi et al. (Bianchi A, Fratantonio Y, Kruegel
C,et al.NJAS:Sandboxing Unmodified Applications in non-rooted Devices Running
stock Android,ACM CCS Workshop on Security and Privacy in Smartphones and
Mobile Devices,ACM,2015:The API for applying calling system 27-38.) is intercepted by the process injection technique of ptrace,
It realizes to apply for one and be run in the context environmental of another application.This mode can only realize the void for specific application
Quasi-ization, and many resist using meeting ptrace own process is injected.
Backes et al. (Backes M, Bugiel S, Hammer C, et al.Boxify:full-fledged app
sandboxing for stock android.USENIX Conference on Security Symposium,USENIX
Association,2015:691-706.) the isolated process special processing design being supplied to based on android system
It is a to apply sandbox, not trusted Android application is isolated in this special processing without any permission.It is this
The benefit of sandbox is that dangerous program can be isolated to run in sandbox, prevents dangerous program to other in system or system
Using causing damages.
It is found by researches that existing third party more open application virtualization central principle and system before it is substantially similar, all
It is to be accomplished by the kernel service layer of virtualization system in the effect of the application multiple applications of internal operation, mainly passes through
It realizes to the big basic service component of system Activity Manager Service and Package Manager Service two
Virtualization, the interaction using all and Activity Manager Service, Package Manager Service are logical first
Intermediate virtualization services Agent layer is crossed, completes the life cycle management to various components in application in the service layer of virtualization.
But the application with certain function can not be operated in this no any permission more by being to provide the applications for opening service
In isolated process process, other are run in a manner of common process so opening host's application more existing and being substantially
Using, the application being run and host apply with same permission, while the stable operation in order to support various types to apply,
Host's application can be applied largely can satisfy permission, the component type etc. used when other application operation.But whether how, this
Between a little applications, using host apply between share the same UID, however system bottom is the access control based on user,
Also mean that these apply permission same with host's Application share, catalogue.Once user is in use accidentally more
Load operating is wrapped in rogue program or application containing the application program for carrying out malicious attack for more open loop borders in open loop border
The all permissions that the malicious third parties code contained applies for available host application, that is to say, that apply, included in
Third party code and host's application possess same permission set.Possess simultaneously with host using same file system access right
Limit is read and write including the access to other important application file directorys in more open loop borders, to cause leakage of private information.
In conclusion the solution controlled for application permission in more open loop borders is proposed there is presently no people, it
Preceding research, which is concentrated mainly on, is isolated to constrained environment for malicious application, also different from the application in Android operation system
Isolation is the resource access control for the multiple processes run with single user's identity using the access control in more open loop borders
System.In view of the harm that may cause, it is bound to have a set of mechanism to propose power attack using in more open loop borders to alleviate.
Summary of the invention
In view of the drawbacks of the prior art, it is an object of the invention to solve the prior art not proposing in more open loop borders
The solution that application permission is controlled, research before, which is concentrated mainly on, is isolated to constrained environment for malicious application,
It is for single user's body using the access control in more open loop borders different from the application isolation in Android operation system
The resources accessing control of multiple processes of part operation needs a set of mechanism to alleviate and mention what power was attacked using in more open loop borders
Technical problem.
To achieve the above object, on the one hand, the present invention provides a kind of Android using the control for limiting access in more open loop borders
Method processed, if the application for providing virtualization running environment in Andriod system is HostApp, HostApp supports Andriod system
In system applying its building virtualization running environment in run, be located at be loaded in this virtualized environment operation application be
ClientApp, including:
When ClientApp operation, if current operation is sensitive API call operation, in conjunction with the policy information loaded
Judge whether current sensitive API call operation is legal, then allows the ClientApp to call real API if legal, otherwise forbid
Power is proposed to call;
If current operation belongs to file access operation, IOHook module will be triggered, and obtain the text for currently needing to access
Then part catalogue checks whether current accessed is legal, then calls real system if legal by IoCheck module combination policy library
File operation is carried out, otherwise throw exception, terminates access;
HostApp is parsed it includes the file of right list data, is obtained in file while loading ClientApp
The right list listed forms final award as the tactful configuration information of the grant authorizations set of default, then comprehensive exploitation person
Power set.
Wherein, it is Manifest.xml file that ClientApp, which includes the file of right list data,.
Optionally, when ClientApp is run, if current operation is sensitive API call operation, in conjunction with the plan loaded
Slightly information judges whether the sensitive API call operation is legal, and the ClientApp is then allowed to call real API if legal, no
Then forbid proposing power calling, including:
Step 1.1, when ClientApp is run, if current operation belongs to sensitive API call operation, APIHook module
It will be triggered automatically and obtain the call chain currently called, the main body source information for initiating this time to call is obtained by call chain, i.e.,
Existing Hook module in frame is modified, i.e., realizes the calling end Binder to sensitive resource service using the technology of dynamic proxy
It is intercepted, Hook module sends current recalls information to long-range VPMS;
Step 1.2, VPMS obtains calling first the information of promoter, and then VPMS will call Pcheck module, Pcheck
Whether the current calling of policy information judgement that module combination PolicyManager has been loaded is legal, then feeds back to result
APIHook module;
Step 1.3, APIHook module is verified according to feedback result, allows to call if verifying and passing through real
Otherwise system API forbids proposing power calling.
Optionally, step 1.1 specifically includes following sub-step:
Step 1.1.1, ClientApp initiate sensitive API call request;
Step 1.1.2, sensitive API call request are intercepted by Hook code;
Sensitive API title that step 1.1.3, Hook Code obtaining currently calls, the packet name of current ClientApp and into
Journey pid;
Step 1.1.4, Hook module creates Throwable pairs at the API interception of the process space where ClientApp
As;
Step 1.1.5, by Throwable object acquisition system allocating stack information, according to system allocating stack information
The initiation main information for obtaining this calling calls source information;
Step 1.1.6, Hook module current will call source information, the sensitive API information of calling and current
The packet name of ClientApp, process pid are encapsulated into Parcel object;
Step 1.1.7, by the object after step 1.1.6 encapsulation by the remote agent interface of VPMS with inter-process calling
Mode is sent to VPMS.
Optionally, step 1.2 specifically includes following sub-step:
Step 1.2.1, VPMS read first from Parcel object it is current call source information, the sensitive API information of calling,
And the packet name and process pid of current ClientApp;
Step 1.2.2 obtains the permission name applied needed for calling current sensitive API according to the mapping relations of permission and API
Claim;
Step 1.2.3 searches relevant strategy configuration according to the packet name of ClientApp in policy library, including is directed to
The access control policy for the third party code for including in the access control policy information and ClientApp of ClientApp is believed
Breath;
Step 1.2.4, if current calling main body source is the third party code set for being not belonging to configure in policy library,
1.2.5 is thened follow the steps, it is no to then follow the steps 1.2.8;
The packet name of step 1.2.5, the authority name of the application according to needed for sensitive API and ClientApp, the access of allowance are awarded
Whether power set, judge permission involved in current operation in the access mandate set of allowance;
Step 1.2.6 then returns to PERMISSION_GRANTED in the access mandate set of allowance;Knot
Beam step 1.2;
Step 1.2.7 in the access mandate set if there is no allowance, then returns PERMISSION_DENIED;Terminate
Step 1.2;
Step 1.2.8, if current calling main body source belongs to the third party code set configured in policy library, basis
The access control policy information of third party code judges whether current operation permits;
Step 1.2.9, if current operation permission executes not in the access mandate set of the allowance of third party code
Step 1.2.5;
Step 1.2.10, if current operation permission in the allowance access mandate set of third party code, according to visit
Ask that control strategy information returns to Authorization result information, end step 1.2.
Optionally, step 1.3 specifically includes following sub-step:
Step 1.3.1, Hook module receives the return information of VPMS, if return information is PERMISSION_
GRANTED executes step 1.3.2, no to then follow the steps 1.3.3;
Step 1.3.2, authorization pass through, then call the sensitive API of real system;
Step 1.3.3, authorization failure return to mistake, end step 1.3.
Optionally, if current operation belongs to file access operation, IOHook module will be triggered, and acquisition currently needs to visit
The file directory asked, then gives IoCheck module combination policy library and checks whether current accessed is legal, then calls if legal true
Positive system carries out file operation, otherwise forbids proposing power access, including following sub-step:
Step 2.1.1, if the path of current accessed be the read-only catalogue of some systems, using itself path or
Sdcard catalogue then allows through access, no to then follow the steps 2.1.2;
Step 2.1.2, if the catalogue of current accessed is other ClientApp catalogue, the privately owned catalogue of HostApp or deposits
The security catalog of control strategy library is put, then throw exception, terminates access.
On the other hand, the present invention provides a kind of Android using the control system for limiting access in more open loop borders, if
The application that virtualization running environment is provided in Andriod system is HostApp, and HostApp supports the application in Andriod system
It is run in the virtualization running environment of its building, being located at and being loaded the application of operation in this virtualized environment is ClientApp,
Including:
Sensitive API Access Control Module is used for when ClientApp operation, if current operation is sensitive API calling
Operation, then judge whether the sensitive API call operation is legal, then allows this if legal in conjunction with the policy information loaded
ClientApp calls real API, otherwise forbids proposing power calling;
The access control module of file directory, if belonging to file access operation for current operation, IOHook module will
It is triggered, obtains the file directory for currently needing to access, then give IoCheck module combination policy library and check that current accessed is
It is no legal, it then calls real system to carry out file operation if legal, otherwise throw exception, terminates access;
Tactful database management module, for HostApp while loading ClientApp, it includes right list numbers for parsing
According to file, obtain the right list listed in file, match as the grant authorizations set of default, then the strategy of comprehensive exploitation person
Confidence breath, forms final sets of authorizations.
Optionally, the sensitive API Access Control Module is used for when ClientApp operation, if current operation
Belong to sensitive API call operation, APIHook module will be triggered automatically and obtain the call chain currently called, and pass through call chain
The main body source information for initiating this time to call is obtained, i.e. existing Hook module in modification frame;Hook module is by current calling
Information is sent to long-range VPMS;VPMS obtains calling first the information of promoter, and then VPMS will call Pcheck module,
Whether the current calling of policy information judgement that Pcheck module combination PolicyManager has been loaded is legal, then that result is anti-
It feeds APIHook module;APIHook module is verified according to feedback result, allows to call if verifying and passing through real
Otherwise system API forbids proposing power calling.
In general, through the invention it is contemplated above technical scheme is compared with the prior art, have below beneficial to effect
Fruit:
1, the sensitive API access privilege control more opened in application runtime environment for third party is realized, due to using step
Rapid 1.1, step 1.2, step 1.3 can not only limit ClientApp and use the permission beyond itself application, and can also limit
The third party code for including in ClientApp processed uses the permission beyond ClientApp application.
2, it realizes limitation ClientApp and accesses its file directory that should not be accessed, prevent the malice being loaded
ClientApp accesses the privately owned file of other ClientApp, causes the leakage of user privacy information.
3, other than the access strategy of default, also support developer configures relevant access strategy, further fine granularity
Limitation operate in the application permission in more open loop borders.
4, compatible original system and application.In step adopted by the present invention, be not related to change application program and
The process of system.
5, system overall overhead is small.Due to using step 1.2, a striding course is only increased on original system and is called
Expense, and the additional information involved in authorization check process is as at the beginning of the mapping relations of sensitive API and permission can be in system
It is loaded when beginningization, system operation later is had little effect.
Detailed description of the invention
Fig. 1 is Android provided by the invention using the control system overall architecture for limiting access in more open loop borders;
Fig. 2 is Android provided by the invention using the control method flow chart for limiting access in more open loop borders;
Fig. 3 is the refined flow chart of the step 1.1 of module one provided by the invention;
Fig. 4 is the refined flow chart of the step 1.2 of module one provided by the invention;
Fig. 5 is the refined flow chart of the step 1.3 of module one provided by the invention;
Fig. 6 is the step refined flow chart of module two provided by the invention;
Fig. 7 is the step refined flow chart of module three provided by the invention.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.As long as in addition, technical characteristic involved in the various embodiments of the present invention described below
Not constituting a conflict with each other can be combined with each other.
Just technical term of the invention is explained and illustrated first below:
Android:By the Mobile operating system based on linux kernel of the leading exploitation of Google, the characteristic opened with it
Possess higher occupation rate in the market in Mobile operating system.
Virtual machine:When referring to the application program operation in android system, Dalvik virtual machine is referred specifically to.
Android application program:The application program in android system is operated in, is mainly developed by Java language.
HostApp:Open application more, can support other application its building virtualization running environment in run answer
With we are called HostApp.
ClientApp:It is loaded the Android application program operated in HostApp virtualized environment.
Wherein, HostApp is alternatively referred to as host's application, and ClientApp alternatively referred to as runs application.
Open application development framework more:For helping developer to realize HostApp using dynamic hook and Dynamic loading technique
Frame, by taking VirtualApp increases income Development Framework as an example, currently, VirtualApp is capable of providing a variety of application phases inside it
Include Java exploitation Android application to stable operation, native applications based on native exploitation and some is reinforced
Application.
Third party code:Integrated some of application developer are opened by third party developer, company or other unit
The library with certain specific function of hair.
Safety enhancing:System associated safety mechanism is improved for one kind safety problem present in system, with solution
Certainly such safety problem.
Private data:The personal data of user's storage in systems, mainly include contact information, logical in a mobile device
Words record, geographical location information and device-dependent message etc..
Application programming interface (Application Programming Interface, API):It is some fixed in advance to refer to
The function of justice, main purpose is that Application developer is allowed to call one group of routine function, and regardless of the source of its bottom
Code or the details for understanding its internal work mechanism.
System packet management service (Package Manager Service, PMS):One of android system kernel service,
It is responsible for the peace loading, unloading and the authorization of permission assessment of application package, operates in system core process.
Virtual system packet management service (Virtual Package Manager Service, VPMS):It is true to system
The virtualization of real Package Manager Service, it is main to complete to the authorization of ClientApp, package informatin, module information
Etc. resources management.
In view of the drawbacks of the prior art, it applies in more open loop borders and limits the purpose of the present invention is to provide a kind of Android
Malice mentions the access control method of power, opens frame VirtualApp based on existing application more, is extended to it, and develop one
The application of money security-enhanced opens frame SecHostApp more, without modifying to android system itself and applying
In the case of, propose in more open loop borders using to the access right control method of sensitive API, propose for more open loop borders
Access control method of the middle application to file directory.By the granularity refinement of access control to third party code rank, because having very much
Possible normal use carries the third party code that power is proposed containing malice, and it is therefore necessary to implement sensitive API to third party code
Access privilege control.
To achieve the above object, the present invention provides one kind to open the access control side that limitation malice in application environment proposes power more
Method, the application for providing virtualization running environment is referred to as HostApp, and the application that operation is loaded in virtualized environment is
ClientApp.It mainly includes three modules;First is that the Access Control Module of sensitive API, second is that the access of file directory
Control module, third is that tactful database management module.Module one:The Access Control Module implementation steps of sensitive API;
Step 1.1, when ClientApp is run, if current operation belongs to sensitive API call operation, APIHook module
It will be triggered automatically and obtain the call chain currently called, the main body source information for initiating this time to call is obtained by call chain, i.e.,
Modify existing Hook module in frame;Hook module sends current recalls information to long-range VPMS;
Step 1.2, VPMS obtains calling first the information of promoter, and then VPMS will call Pcheck module, Pcheck
Whether the judgement of policy information that module combination PolicyManager has been loaded is current calls legal etc., then feeds back to result
APIHook module;
Step 1.3, APIHook module is handled according to feedback result, allows to call if verifying and passing through real
Otherwise system API forbids proposing power calling;
Step 1.1 specifically includes following sub-step:
1.1.1, ClientApp initiates sensitive API call request;
1.1.2, sensitive API call request is intercepted by Hook code first;
1.1.3, Hook code obtain first the sensitive API title, current ClientApp currently called packet name and into
Journey pid;
1.1.4, Hook module creates Throwable object at the API interception of the process space where application program;
1.1.5, by Throwable object acquisition system allocating stack information, according to system allocating stack acquisition of information
This initiation main information called;
1.1.6, Hook module will currently call source information, the sensitive API information of calling and current ClientApp
Packet name, process pid are encapsulated into Parcel object;
1.1.7, the side for this object being passed through into inter-process calling by the remote agent interface VPackageManager of VPMS
Formula is sent to VPMS;
Step 1.2 specifically includes following sub-step:
1.2.1, VPMS read first from Parcel object it is current call source information, the sensitive API information of calling and
The packet name of current ClientApp, process pid;
1.2.2, according to the mapping relations of permission and API, the authority name applied needed for calling current sensitive API is obtained;
1.2.3, according to the packet name of ClientApp, relevant strategy configuration is searched in policy library, including is directed to
The access control policy for the third party code for including in the access control policy information and ClientApp of ClientApp is believed
Breath;
1.2.4, it if current calling main body source is the third party code set for being not belonging to configure in policy library, holds
Row step (1.2.5), it is no to then follow the steps (1.2.8);
1.2.5, according to the packet name of the authority name arrived and ClientApp in step 1.2.2, the access mandate collection of allowance
It closes, judges permission involved in current operation whether in the access mandate set of allowance;
1.2.6, in if there is the access mandate set of allowance, then PERMISSION_GRANTED is returned;Terminate step
Rapid 1.2;
1.2.7, in if there is no the access mandate set of allowance, then PERMISSION_DENIED is returned;End step
2;
1.2.8, if current calling main body source belongs to the third party code set configured in policy library, according to third
The access control policy information of square code judges whether current operation permits;
1.2.9, if current operation permission thens follow the steps not in the access mandate set of the allowance of third party code
(1.2.5);
1.2.10, it if current operation permission is in the allowance access mandate set of third party code, is controlled according to access
Policy information processed returns to Authorization result information, end step 2;
Step 1.3 specifically includes following sub-step:
1.3.1, Hook module receives the return information of VPMS, if return information is PERMISSION_GRANTED,
It executes step (1.3.2), it is no to then follow the steps (1.3.3);
1.3.2, authorization passes through, then calls the sensitive API of real system;
1.3.3, authorization failure returns to mistake, end step 1.3;
Module two:The Access Control Module implementation steps of file directory;
Step 2.1, if current operation belongs to file access operation, IOHook module will be triggered, and obtain current need
Then the file directory of access gives IoCheck module combination policy library and checks whether current accessed is legal, if legal ability tune
File operation is carried out with real system calling.
Step 2.1 specifically includes following sub-step:
2.1.1, if the path of current accessed is the read-only catalogue of some systems, the path using itself or sdcard
Catalogue then allows through access, no to then follow the steps (2.1.2);
2.1.2, if the catalogue of current accessed is other application catalog, host using privately owned catalogue
Or the security catalog of storage control strategy library, then throw exception, terminates access;
Module three:The generation module implementation steps of policy library;
Step 3.1, host applies while load operating application, parses its Manifest.xml file, obtains file
In the right list listed formed final as the tactful configuration information of the grant authorizations set of default, then comprehensive exploitation person
Sets of authorizations;
The present invention will be further described with attached drawing with reference to embodiments.
Cause in HostApp running environment possible the main reason for proposing power attack be to apply between, application and host
The same UID is shared between, however system bottom is the access control based on user, also means that these applications and place
The same permission of main Application share, catalogue.Once load operating contains user in more open loop borders accidentally in use
The application program of malicious attack is carried out for more open loop borders, the malicious third parties code for including in rogue program or application can
The all permissions for obtaining HostApp application, including the access read-write to other important application file directorys, so that privacy be caused to believe
Breath leakage.The present invention proposes a kind of new safe enhanced scheme, and the purpose is in the original application structure of compatibility and original more
It opens and implements under conditions of application development framework to propose power access control in more open loop borders, and refine the main body grain of access control
Degree, can control the third party code for including in ClientApp proposes power access.Meanwhile further realizing control ClientApp
It is able to access that file directory.All control strategies can carry out dynamic configuration based on unified policy description language, support operation
When policy update.
Fig. 1 shows the safe Enhancement Method overall architecture that frame more is opened for Android application virtualization, can from Fig. 1
To find out, the main work of the present invention concentrates on following three parts:First is that the verification that sensitive API calls permission is increased,
It is related to carrying out hook interception at the calling of sensitive API.Second is that the access control of file directory is increased, by existing
It increases file access on the basis of native hook newly and checks module.Third is that the management of policy library, main to pass through
The interface that PolicyManager is provided carries out the management of policy library.
Fig. 2 shows the access control method overall flow that power is proposed for limitation in the more open loop borders Android, when user makes
When the HostApp come out with developer using safe enhancing Development of Framework, user needs a load virtual installation first
Process, by ClientApp virtual installation to be started HostApp to its distribute file directory under, next include tool
The module and implementation steps of body:
Module one:The Access Control Module implementation steps of sensitive API;
Step 1.1, when ClientApp is run, if current operation belongs to sensitive API call operation, APIHook module
It will be triggered automatically and obtain the call chain currently called, the main body source information for initiating this time to call is obtained by call chain, i.e.,
Modify existing hook module in frame;Hook module sends current recalls information to long-range VPMS;
Step 1.2, VPMS obtains calling first the information of promoter, and then VPMS will call Pcheck module, Pcheck
Whether the judgement of policy information that module combination PolicyManager has been loaded is current calls legal etc., then feeds back to result
APIHook module;
Step 1.3, APIHook module is handled according to feedback result, allows to call if verifying and passing through real
Otherwise system API forbids proposing power calling.
Module two:The Access Control Module implementation steps of file directory;
Step 2.1, if current operation belongs to file access operation, IOHook module will be triggered, and obtain current need
Then the file directory of access gives IoCheck module combination policy library and checks whether current accessed is legal, if legal ability tune
File operation is carried out with real system calling.
Module three:The generation module implementation steps of policy library;
Step 3.1, host applies while load operating application, parses its Manifest.xml file, obtains file
In the right list listed, the grant authorizations set as default;The tactful configuration information of comprehensive exploitation person again, forms final
Grant authorizations set;
Further, as shown in figure 3, the step 1.1 of the module one includes following sub-step:
1.1.1, application program initiates sensitive API call request;Without loss of generality, it is assumed that the API is
TelephonyManager.getDeviceId;
1.1.2, sensitive API call request is intercepted by GetDeviceIdHook code first, that is, in flow chart
APIHook, all inheriting APIHook base class to the specific hook class of all API in system, (GetDeviceIdHook is inherited
APIHook), so what is triggered first when sensitive API is called is the public check function of APIHook i.e. base class;
1.1.3, APIHook module obtains the sensitive API title apiName's, current ClientApp currently called first
Packet name packageName, process pid;
1.1.4, APIHook module creates Throwable object at the API interception of the process space where application program;
1.1.5, system allocating stack is generated by Throwable objects trigger fillInStackTrace method, then led to
It crosses getStackTrace method and obtains the system exception stacked data this time called, further obtain the call chain this time called,
Initiation main information, that is, sourcePackage that this is called according to system allocating stack acquisition of information;
1.1.6, APIHook module will currently call the sensitive API information of source information sourcePackage, calling
Packet name packageName, the process pid of apiName and current ClientApp are encapsulated into Parcel object;
1.1.7, this object is passed through the remote agent VPackageManager of VPMS to adjust between process by APIHook module
Mode is sent to VPMS;
Further, as shown in figure 4, the step 1.2 of the module one includes following sub-step:
1.2.1, VPMS read first from Parcel object it is current call source information sourcePackage, calling it is quick
Feel packet name packageName, the process pid of API information apiName and current ClientApp;
1.2.2, PolicyManager.getPermissionByApi () is called, according to the mapping relations of permission and API,
Obtain the authority name cur_permission applied needed for calling current sensitive API;
1.2.3, according to the packet name of ClientApp, relevant strategy is searched using PolicyManager and is configured, is called
PolicyManager.getAppLevelAllowSet (packageName) obtains the access control delegated strategy of ClientApp
Set appAllows is called PolicyManager.getLibLevelAllowSet (packageName), is obtained
The access control delegated strategy information aggregate libAllows for the third party code for including in ClientApp;
1.2.4, if the third party code that current calling main body source sourcePackage is not configured in policy library
In access control policy aggregate libAllows, then follow the steps (1.2.5), it is no to then follow the steps (1.2.8);
1.2.5, according to the packet name of the authority name arrived and ClientApp in step 1.2.2, the access mandate collection of allowance
Close appAllows, judge permission involved in current operation whether in the access mandate set of allowance, i.e. ClientApp
Current accessed cannot use
1.2.6, in if there is the access mandate set of allowance, then PERMISSION_GRANTED is returned;Terminate step
Rapid 1.2;
1.2.7, in if there is no the access mandate set of allowance, then PERMISSION_DENIED is returned;End step
1.2;
1.2.8, if current calling main body source belongs to the third party code set libAllows configured in policy library,
Then judge whether current operation permits according to the access control policy information of third party code;
1.2.9, if the current operation permission not libAllows in the access mandate set of the allowance of third party code,
Then follow the steps (1.2.5);
1.2.10, if current operation permission returns in the allowance access mandate set of third party code
PERMISSION_GRANTED;End step 1.2;
Further, as shown in figure 5, the step 1.3 of the module one includes following sub-step:
1.3.1, APIHook module receives the return information message of VPMS, if the information returned is
PERMISSION_GRANTED is executed step (1.3.2), no to then follow the steps (1.3.3);
1.3.2, authorization passes through, then calls the sensitive API of real system;
1.3.3, authorization failure returns to mistake, end step 1.3.
Further, as shown in fig. 6, refinement process includes following sub-step the step of the module two:
2.1.1, when application carries out file access operation, IOHook module meeting automatic trigger, interception will currently be accessed
Catalogue path, give IoCheck function check current accessed it is whether legal.If the path path of current accessed is some systems
Unite the catalogues such as read-only catalogue system, dev), using the path of itself (here with/data/data/com.host.app/
For virtual/com.client_1/) or sdcard catalogue (/sdcard/), then allow otherwise to execute step by access
Suddenly (2.1.2);
2.1.2, if the catalogue of current accessed is other application catalog (such as/data/data/com.host.app/
Virtual/com.client_2/), host then dishes out different using the security catalog of privately owned catalogue or storage control strategy library
Often, terminate access.
Further, as shown in fig. 7, refinement process includes following sub-step the step of the module three:
Step 3.1.1, host apply while load operating application, parse its Manifest.xml file, obtain text
The right list listed in part, the grant authorizations set as default;Call the remote interface of PolicyManager
PolicyManagerProxy will allow the set authorized to update by PolicyManager into policy library;
Step 3.1.2, PolicyManager integrate the tactful configuration information of the developers for opening application more again, developer's
Configuration information is placed on/data/data/com.host.app/private/ catalogue under, with the Unified Policy description language of XML
It is configured, does not lose generality, it will be assumed that the strategy of configuration is:
The configuration is meant that the application access needs for forbidding wrapping entitled com.client_1
The API of android.permission.READ_PHONE_STATE permission, PolicyManager are formed finally according to configuration
Grant authorizations set, it is packet that the final function updatePolicy for calling PolicyManager, which is updated with current packageName,
The application authorization access strategy of name.
Android provided by the invention mentions the access control method and system of power using limitation malice in more open loop borders, right
The application virtualization for having open source opens frame more and carries out safe enhancing, limits the application more opened due to sharing the super of host's application
Grade permission and caused by propose power attack.Main safety enhancing module includes:The third for including in limitation application and application
Square code proposes the access that power accesses, the access control of file directory and design are unified to sensitive application programming interface (API)
Control strategy language supports dynamic configuration;The access privilege control of sensitive API is mainly blocked by Java layers of hook (Hook) technology
It cuts sensitive API all between application and system to call, the configuration further according to access strategy finally determines whether to call to work as
Preceding sensitive API.The access control of file directory mainly passes through the Hook technology of Android (Native) itself, adapter tube application and
All file access operations of system judge whether current application has accessed the file that should not be accessed according to the path of current accessed
Catalogue.Technical standard based on XML devises unified policy language and supports dynamic strategy configuration.The present invention is with lesser property
Energy expense is that cost carries out safe enhancing to original more open systems of application, relative to original more open systems of application, access control grain
It is more careful to spend, and can limit and propose power attack using opening in border more, and method using flexible, be not required to android system and
Using modifying, there is good availability.
As it will be easily appreciated by one skilled in the art that the foregoing is merely illustrative of the preferred embodiments of the present invention, not to
The limitation present invention, any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should all include
Within protection scope of the present invention.
Claims (8)
1. a kind of Android is using the control method for limiting access in more open loop borders, if providing virtualization fortune in Andriod system
The application of row environment is HostApp, and HostApp supports the virtualization running environment applied in its building in Andriod system
Middle operation, being located at and being loaded the application of operation in this virtualized environment is ClientApp, which is characterized in that including:
When ClientApp operation, if current operation is sensitive API call operation, in conjunction with the policy information judgement loaded
Whether current sensitive API call operation is legal, then allows the ClientApp to call real API if legal, otherwise forbids proposing power
It calls;
If current operation belongs to file access operation, IOHook module will be triggered, and obtain the file mesh for currently needing to access
Then record checks whether current accessed is legal by IoCheck module combination policy library, real system is then called to carry out if legal
File operation, otherwise throw exception, terminates access;
HostApp is parsed it includes the file of right list data while loading ClientApp, is obtained listing in file
Right list form final authorization set as the tactful configuration information of the grant authorizations set of default, then comprehensive exploitation person
It closes.
2. Android according to claim 1 is using the control method for limiting access in more open loop borders, which is characterized in that
When ClientApp operation, if current operation is sensitive API call operation, in conjunction with described in the policy information judgement loaded
Whether sensitive API call operation is legal, and the ClientApp is then allowed to call real API if legal, otherwise forbids mentioning power tune
With, including:
Step 1.1, when ClientApp is run, if current operation belongs to sensitive API call operation, APIHook module will be certainly
It is dynamic to be triggered and obtain the call chain currently called, the main body source information for initiating this time to call is obtained by call chain, that is, is modified
Existing Hook module in frame is realized using the technology of dynamic proxy and is carried out to the calling end Binder of sensitive resource service
It intercepts, Hook module sends current recalls information to long-range VPMS;
Step 1.2, VPMS obtains calling first the information of promoter, and then VPMS will call Pcheck module, Pcheck module
Whether the current calling of policy information judgement loaded in conjunction with PolicyManager is legal, and result is then fed back to APIHook
Module;
Step 1.3, APIHook module is verified according to feedback result, allows to call real system if verifying and passing through
Otherwise API forbids proposing power calling.
3. Android according to claim 2 is using the control method for limiting access in more open loop borders, which is characterized in that
The step 1.1 specifically includes following sub-step:
Step 1.1.1, ClientApp initiate sensitive API call request;
Step 1.1.2, sensitive API call request are intercepted by Hook code;
Sensitive API title, the packet name of current ClientApp and the process that step 1.1.3, Hook Code obtaining currently calls
pid;
Step 1.1.4, Hook module creates Throwable object at the API interception of the process space where ClientApp;
Step 1.1.5, by Throwable object acquisition system allocating stack information, according to system allocating stack acquisition of information
This initiation main information called calls source information;
Step 1.1.6, Hook module will currently call source information, the sensitive API information of calling and current ClientApp
Packet name, process pid are encapsulated into Parcel object;
Step 1.1.7, by the object after step 1.1.6 encapsulation through the remote agent interface of VPMS in a manner of inter-process calling
It is sent to VPMS.
4. Android according to claim 2 is using the control method for limiting access in more open loop borders, which is characterized in that
The step 1.2 specifically includes following sub-step:
Step 1.2.1, VPMS read first from Parcel object it is current call source information, the sensitive API information of calling and
The packet name and process pid of current ClientApp;
Step 1.2.2 obtains the authority name applied needed for calling current sensitive API according to the mapping relations of permission and API;
Step 1.2.3 searches relevant strategy configuration according to the packet name of ClientApp in policy library, including is directed to
The access control policy for the third party code for including in the access control policy information and ClientApp of ClientApp is believed
Breath;
Step 1.2.4 is held if current calling main body source is the third party code set for being not belonging to configure in policy library
Row step 1.2.5, it is no to then follow the steps 1.2.8;
The packet name of step 1.2.5, the authority name of the application according to needed for sensitive API and ClientApp, allowance access mandate collection
It closes, judges permission involved in current operation whether in the access mandate set of allowance;
Step 1.2.6 then returns to PERMISSION_GRANTED in the access mandate set of allowance;Terminate step
Rapid 1.2;
Step 1.2.7 in the access mandate set if there is no allowance, then returns PERMISSION_DENIED;End step
1.2;
Step 1.2.8, if current calling main body source belongs to the third party code set configured in policy library, according to third
The access control policy information of square code judges whether current operation permits;
Step 1.2.9, if current operation permission thens follow the steps not in the access mandate set of the allowance of third party code
1.2.5;
Step 1.2.10, if current operation permission in the allowance access mandate set of third party code, is controlled according to access
Policy information processed returns to Authorization result information, end step 1.2.
5. Android according to claim 2 is using the control method for limiting access in more open loop borders, which is characterized in that
The step 1.3 specifically includes following sub-step:
Step 1.3.1, Hook module receives the return information of VPMS, if return information is PERMISSION_GRANTED,
Step 1.3.2 is executed, it is no to then follow the steps 1.3.3;
Step 1.3.2, authorization pass through, then call the sensitive API of real system;
Step 1.3.3, authorization failure return to mistake, end step 1.3.
6. Android according to claim 2 is using the control method for limiting access in more open loop borders, which is characterized in that
If current operation belongs to file access operation, IOHook module will be triggered, and obtain the file directory for currently needing to access, so
After give IoCheck module combination policy library and check whether current accessed legal, then call real system to carry out text if legal
Otherwise part operation is forbidden proposing power access, including:
Step 2.1.1, if the path of current accessed is the read-only catalogue of some systems, the path using itself or sdcard
Catalogue then allows through access, no to then follow the steps 2.1.2;
Step 2.1.2, if the catalogue of current accessed is other ClientApp catalogue, the privately owned catalogue of HostApp or storage control
The security catalog of policy library processed, then throw exception, terminates access.
7. a kind of Android is using the control system for limiting access in more open loop borders, if providing virtualization fortune in Andriod system
The application of row environment is HostApp, and HostApp supports the virtualization running environment applied in its building in Andriod system
Middle operation, being located at and being loaded the application of operation in this virtualized environment is ClientApp, which is characterized in that including:
Sensitive API Access Control Module, for when ClientApp operation, calling to be grasped if current operation is sensitive API
Make, then combines the policy information loaded judges whether current sensitive API call operation is legal, then allows this if legal
ClientApp calls real API, otherwise forbids proposing power calling;
The access control module of file directory, if belonging to file access operation for current operation, IOHook module will be touched
Hair obtains the file directory for currently needing to access, and then checks whether current accessed closes by IoCheck module combination policy library
Method then calls real system to carry out file operation, otherwise throw exception if legal, terminates access;
Tactful database management module, for HostApp while loading ClientApp, it includes right list data for parsing
File obtains the right list listed in file, and the strategy as the grant authorizations set of default, then comprehensive exploitation person matches confidence
Breath, forms final sets of authorizations.
8. Android according to claim 7 is using the control system for limiting access in more open loop borders, which is characterized in that
The sensitive API Access Control Module is used for when ClientApp operation, if current operation belongs to sensitive API calling
Operation, APIHook module will be triggered automatically and obtain the call chain currently called, obtained by call chain and initiate this time to call
Main body source information, i.e., modification frame in existing Hook module;Hook module sends current recalls information to long-range
VPMS;VPMS obtains calling first the information of promoter, and then VPMS will call Pcheck module, and Pcheck module combines
Whether the current calling of policy information judgement that PolicyManager has been loaded is legal, and result is then fed back to APIHook mould
Block;APIHook module is verified according to feedback result, is allowed to call real system API if verifying and passing through, otherwise be prohibited
Power is only proposed to call.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810480808.2A CN108932427A (en) | 2018-05-18 | 2018-05-18 | A kind of Android is using the control method and system for limiting access in more open loop borders |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810480808.2A CN108932427A (en) | 2018-05-18 | 2018-05-18 | A kind of Android is using the control method and system for limiting access in more open loop borders |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108932427A true CN108932427A (en) | 2018-12-04 |
Family
ID=64449096
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810480808.2A Pending CN108932427A (en) | 2018-05-18 | 2018-05-18 | A kind of Android is using the control method and system for limiting access in more open loop borders |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108932427A (en) |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109558730A (en) * | 2018-12-29 | 2019-04-02 | 360企业安全技术(珠海)有限公司 | A kind of safety protecting method and device of browser |
CN109784051A (en) * | 2018-12-29 | 2019-05-21 | 360企业安全技术(珠海)有限公司 | Protecting information safety method, device and equipment |
CN109977644A (en) * | 2019-04-03 | 2019-07-05 | 山东超越数控电子股份有限公司 | Right management method is classified under a kind of Android platform |
CN110457925A (en) * | 2019-08-12 | 2019-11-15 | 深圳市网心科技有限公司 | Data isolation method, device, terminal and storage medium are applied in the storage of inside and outside |
CN111273967A (en) * | 2019-12-30 | 2020-06-12 | 上海上讯信息技术股份有限公司 | Remote hook setting method and device suitable for Android system and electronic equipment |
CN111399927A (en) * | 2018-12-14 | 2020-07-10 | 北京奇虎科技有限公司 | Method and device for sharing Class file by application and computing equipment |
CN111400757A (en) * | 2020-03-13 | 2020-07-10 | 西安电子科技大学 | Method for preventing native code in android third-party library from revealing user privacy |
CN111444539A (en) * | 2020-03-26 | 2020-07-24 | 惠州Tcl移动通信有限公司 | Authority processing method and device, storage medium and terminal |
CN111737664A (en) * | 2020-05-20 | 2020-10-02 | 广州市格利网络技术有限公司 | Re-authorization use control method and device of borrowing equipment |
CN112540903A (en) * | 2020-12-11 | 2021-03-23 | 武汉斗鱼鱼乐网络科技有限公司 | Method, storage medium, electronic device and system for quickly searching for multi-open prevention |
CN112600786A (en) * | 2020-11-12 | 2021-04-02 | 湖南快乐阳光互动娱乐传媒有限公司 | Data interaction method and device |
CN112764798A (en) * | 2021-01-08 | 2021-05-07 | 重庆创通联智物联网有限公司 | Electronic equipment customization mode realization method and electronic equipment |
CN113393001A (en) * | 2021-05-12 | 2021-09-14 | 浙江吉利控股集团有限公司 | Order receiving and queuing method and device for network appointment vehicle and storage medium |
CN114021176A (en) * | 2022-01-06 | 2022-02-08 | 麒麟软件有限公司 | SELinux dynamic authorization method and system |
WO2022179379A1 (en) * | 2021-02-24 | 2022-09-01 | 华为技术有限公司 | Access control method, electronic device and system |
WO2022199499A1 (en) * | 2021-03-23 | 2022-09-29 | 华为技术有限公司 | Access control method, electronic device, and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100287598A1 (en) * | 2009-05-08 | 2010-11-11 | Samsung Electronics Co., Ltd. | Method and system for providing security policy for linux-based security operating system |
CN104992081A (en) * | 2015-06-24 | 2015-10-21 | 华中科技大学 | Security enhancement method for third-party code of Android application program |
CN106446672A (en) * | 2016-07-25 | 2017-02-22 | 中国科学院大学 | Privilege isolation method and device of Android third-party class library |
CN106850545A (en) * | 2016-12-15 | 2017-06-13 | 华中科技大学 | A kind of fine-grained access control method of Android mixing application |
-
2018
- 2018-05-18 CN CN201810480808.2A patent/CN108932427A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100287598A1 (en) * | 2009-05-08 | 2010-11-11 | Samsung Electronics Co., Ltd. | Method and system for providing security policy for linux-based security operating system |
CN104992081A (en) * | 2015-06-24 | 2015-10-21 | 华中科技大学 | Security enhancement method for third-party code of Android application program |
CN106446672A (en) * | 2016-07-25 | 2017-02-22 | 中国科学院大学 | Privilege isolation method and device of Android third-party class library |
CN106850545A (en) * | 2016-12-15 | 2017-06-13 | 华中科技大学 | A kind of fine-grained access control method of Android mixing application |
Cited By (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111399927A (en) * | 2018-12-14 | 2020-07-10 | 北京奇虎科技有限公司 | Method and device for sharing Class file by application and computing equipment |
CN109784051A (en) * | 2018-12-29 | 2019-05-21 | 360企业安全技术(珠海)有限公司 | Protecting information safety method, device and equipment |
CN109784051B (en) * | 2018-12-29 | 2021-01-15 | 360企业安全技术(珠海)有限公司 | Information security protection method, device and equipment |
CN109558730A (en) * | 2018-12-29 | 2019-04-02 | 360企业安全技术(珠海)有限公司 | A kind of safety protecting method and device of browser |
CN109558730B (en) * | 2018-12-29 | 2020-10-16 | 360企业安全技术(珠海)有限公司 | Safety protection method and device for browser |
CN109977644B (en) * | 2019-04-03 | 2021-01-01 | 山东超越数控电子股份有限公司 | Hierarchical authority management method under Android platform |
CN109977644A (en) * | 2019-04-03 | 2019-07-05 | 山东超越数控电子股份有限公司 | Right management method is classified under a kind of Android platform |
CN110457925A (en) * | 2019-08-12 | 2019-11-15 | 深圳市网心科技有限公司 | Data isolation method, device, terminal and storage medium are applied in the storage of inside and outside |
CN110457925B (en) * | 2019-08-12 | 2023-05-09 | 深圳市网心科技有限公司 | Application data isolation method and device in internal and external storage, terminal and storage medium |
CN111273967A (en) * | 2019-12-30 | 2020-06-12 | 上海上讯信息技术股份有限公司 | Remote hook setting method and device suitable for Android system and electronic equipment |
CN111400757A (en) * | 2020-03-13 | 2020-07-10 | 西安电子科技大学 | Method for preventing native code in android third-party library from revealing user privacy |
CN111444539A (en) * | 2020-03-26 | 2020-07-24 | 惠州Tcl移动通信有限公司 | Authority processing method and device, storage medium and terminal |
CN111444539B (en) * | 2020-03-26 | 2023-10-03 | 惠州Tcl移动通信有限公司 | Authority processing method and device, storage medium and terminal |
CN111737664A (en) * | 2020-05-20 | 2020-10-02 | 广州市格利网络技术有限公司 | Re-authorization use control method and device of borrowing equipment |
CN112600786A (en) * | 2020-11-12 | 2021-04-02 | 湖南快乐阳光互动娱乐传媒有限公司 | Data interaction method and device |
CN112540903B (en) * | 2020-12-11 | 2022-07-05 | 武汉斗鱼鱼乐网络科技有限公司 | Method, storage medium, electronic device and system for quickly searching for multi-open prevention |
CN112540903A (en) * | 2020-12-11 | 2021-03-23 | 武汉斗鱼鱼乐网络科技有限公司 | Method, storage medium, electronic device and system for quickly searching for multi-open prevention |
CN112764798A (en) * | 2021-01-08 | 2021-05-07 | 重庆创通联智物联网有限公司 | Electronic equipment customization mode realization method and electronic equipment |
CN112764798B (en) * | 2021-01-08 | 2023-10-03 | 重庆创通联智物联网有限公司 | Method for realizing customization mode of electronic equipment and electronic equipment |
WO2022179379A1 (en) * | 2021-02-24 | 2022-09-01 | 华为技术有限公司 | Access control method, electronic device and system |
WO2022199499A1 (en) * | 2021-03-23 | 2022-09-29 | 华为技术有限公司 | Access control method, electronic device, and system |
CN113393001A (en) * | 2021-05-12 | 2021-09-14 | 浙江吉利控股集团有限公司 | Order receiving and queuing method and device for network appointment vehicle and storage medium |
CN114021176A (en) * | 2022-01-06 | 2022-02-08 | 麒麟软件有限公司 | SELinux dynamic authorization method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108932427A (en) | A kind of Android is using the control method and system for limiting access in more open loop borders | |
Nadkarni et al. | Practical {DIFC} Enforcement on Android | |
Bugiel et al. | Flexible and fine-grained mandatory access control on android for diverse security and privacy policies | |
Wallach et al. | Understanding Java stack inspection | |
US9210194B2 (en) | Method and system for protecting data flow at a mobile device | |
US9916475B2 (en) | Programmable interface for extending security of application-based operating system | |
US8955142B2 (en) | Secure execution of unsecured apps on a device | |
KR101970744B1 (en) | Trust level activation | |
US20120246484A1 (en) | Secure execution of unsecured apps on a device | |
US8752130B2 (en) | Trusted multi-stakeholder environment | |
Kodeswaran et al. | Securing enterprise data on smartphones using run time information flow control | |
US20150341362A1 (en) | Method and system for selectively permitting non-secure application to communicate with secure application | |
US7770202B2 (en) | Cross assembly call interception | |
CN105550595A (en) | Private data access method and system for intelligent communication equipment | |
Gollamudi et al. | Automatic enforcement of expressive security policies using enclaves | |
Dean et al. | Java security: Web browsers and beyond | |
US20150358357A1 (en) | Processing device and method of operation thereof | |
Bugiel et al. | Towards a framework for android security modules: Extending se android type enforcement to android middleware | |
Armando et al. | Developing a NATO BYOD security policy | |
Papagiannis et al. | Enforcing user privacy in web applications using Erlang | |
Bousquet et al. | Mandatory access control for the android dalvik virtual machine | |
Nagaratnam et al. | Resource access control for an internet user agent | |
de Melo et al. | PUPDroid-Personalized user privacy mechanism for android | |
Oh et al. | The multi-level security for the android OS | |
Bugiel | Establishing mandatory access control on Android OS |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20181204 |
|
WD01 | Invention patent application deemed withdrawn after publication |