Computer Science

Computer Science ›› 2017, Vol. 44 ›› Issue (Z11): 353-356.doi: 10.11896/j.issn.1002-137X.2017.11A.074

Previous Articles     Next Articles

MacDroid:A Lightweight Kernel-level Mandatory Access Control Framework for Android

LI Ni-ge, MA Yuan-yuan, CHEN Mu, CHEN Lu and XU Min   

  • Online:2018-12-01 Published:2018-12-01

PDF (PC)

572

Abstract: Smart terminal has become an important information processing platform in the mobile Internet era,and its security threats are becoming more and more serious.The security protection architecture for traditional computers has been unable to meet the special needs of smart terminal security protection.By analyzing the characteristics and levels of the smart terminal operating system,a lightweight kernel-level mandatory access control framework(MacDroid) was designed.The key issues of MacDroid security policy definition,security policy compilation,security policy implementation and so on were deeply studied in this paper.The MacDroid security policy description language(PSL) was proposed and the PSL lexical and grammar formal definition were given.Finally,the effect of MacDroid access control framework on the behavior of different layers of intelligent mobile terminals was evaluted.The experimental results show that the MacDroid framework has good control effect on application layer,native layer and kernel layer malware behavior of Android smart terminal.()

Key words: Android,Kernel,Mandatory access control,Malware detection

[1] PIRRETTI M,TRAYNOR P,MCDANIEL P,et al.Secure Atrribute-Based Systems[J].Journal of Computer Security,2010,8(5):799-837.
[2] ION I,DRAGOVIC B,CRISPO B.Extending the Java Virtual Machine to Enforce Fine-Grained Security Policies in Mobile Devices[C]∥Proc.of the Annual Computer Security Applications Conference.2007:233-242.
[3] ZHANG X W,ACIIMEZ O,SEIFER J.A Trusted MobilePhone Reference Architecture via Secure Kernel[C]∥Proc.of the ACM workshop on Scalable Trusted Computing.2007:7-14.
[4] ENCK,WILLIAM ONGTANG,et al.On Lightweight Phone Ap-plication Certification[C]∥Proceedings of the 16th ACM Conference on Computer and Communications Security.2009:235-245.
[5] KIRKPATRICK M S,BERTINO E.Enforcing Spatial Constr-aints for Mobile RBAC Systems[C]∥Proc.of the 15th ACM Symposium on Access Control Models and Technologies.2010:99-108.
[6] NAUMAN M,KHAN S,ZHANG X W,et al.Beyond Kernel-Level Integrity Measurement Enabling Remote Attestation for the Android Platform[C]∥International Conference on Trust and Trustworthy Computing.2010:1-15.
[7] NSA.http://selinuxproject.org/page/SEAndroid.
[8] 黄琳雅.基于内核的Android文件访问控制研究[D].北京:北京邮电大学,2012.
[9] 易筱茂.面向Android操作系统的强制访问控制研究[D].北京:中国科学院大学,2015.
[10] 卿斯汉.Android 安全的研究现状与展望[J].电信科学,2016(10):1-8.
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.