立体安全防御系统TDSD-Droid的实现

计算机科学 ›› 2013, Vol. 40 ›› Issue (Z11): 228-234.

立体安全防御系统TDSD-Droid的实现

刘洋,邵旭东,潘程达,胡正梁

公安部第三研究所信息安全技术部上海201204;公安部第三研究所信息安全技术部上海201204;公安部第三研究所信息安全技术部上海201204;公安部第三研究所信息安全技术部上海201204

出版日期:2018-11-16 发布日期:2018-11-16

Implementation of Three-dimensional Security Defense System

LIU Yang,SHAO Xu-dong,PAN Cheng-da and HU Zheng-Liang

Online:2018-11-16 Published:2018-11-16

摘要/Abstract

摘要： 随着智能终端的日益普及,便捷易用的Android操作系统得到了广泛的使用。标准的Android安全架构ASF缺乏强有力的保护机制,而现有和正在研究的标准的Android安全加固技术都有一定片面性。TDSD-Droid通过吸收SELinux及其它Android安全加固技术优点,引入了基于内核的MAC机制；创新性地运用Flask访问架构实现了新的MMAC机制；创新性地实现了柔性安全策略FSP适配机制；创新性地实现了安全策略学习机制；同时基于TF智能卡实现了TDSD-Droid的完整性验证功能。TDSD-Droid为Android终端实现了一个上下一致、前后呼应的立体安全防御系统。

关键词: 安卓,安全加固,强制访问控制,自主访问控制

Abstract: With the increasing popularity of intelligent terminals,convenient-to-use Android operating system has been widely used．The standard Android Security Framework is lack of strong protection mechanism,even the existing and developing security technology for standard Android are one-sided.TDSD-Droid adopted the advantages of SELinux security enhancement and other Android security technology,and implemented a MAC mechanism in kernel,a new MMAC mechanism based on Flask access architecture,a novel Flexible Security Policy adaptation mechanism,an innovative security policy learning mechanism,and a new integrity verification function based on TF smart card. It achieved a consistent three-dimensional security defense system for Android terminals from top to bottom.

Key words: Android,Security enhancement,Mandatory access control ,Discretionary access control

刘洋,邵旭东,潘程达,胡正梁. 立体安全防御系统TDSD-Droid的实现[J]. 计算机科学, 2013, 40(Z11): 228-234. https://doi.org/

LIU Yang,SHAO Xu-dong,PAN Cheng-da and HU Zheng-Liang. Implementation of Three-dimensional Security Defense System[J]. Computer Science, 2013, 40(Z11): 228-234. https://doi.org/

参考文献

[1] Llamas R,Restivo K,Shirer M．Android Marks Fourth Anniversary Since Launch with 75.0% Market Share in Third Quarter[EB/OL].https://www.idc.com/getdoc.jsp?containerId=prUS23771812,IDC,2012
[2] Kleidermacher D,Kleidermacher M．Embedded System Security Practical Methods for Safe And Secure Software and Systems Development [M]．Waltham,MA,USA:Elsevier Inc,2012:4-24
[3] Armando A,Merlo A,Verderame L,et al．An Empirical Evaluation of the Android Security Framework [C]∥Proceedings of the 28th IFIP TC-11International Information Security and Privacy Conference (SEC 2013)．Auckland:Springer,2013:176-189
[4] Smalley S,Craig R．Security Enhanced (SE) Android:Bringing Flexible MAC to Android [C/OL]．http://selinuxproject.Org/~se-android/papers/NDSS2013-SEAndroid-Paper.pdf,NDSS,2013
[5] Jhswx84．SELinux详解[M/OL]．http://wenku.baidu.com/view/ 4d26594fc850ad02de804189.html,Baidu,2012
[6] Enck W,Ongtang M,McDaniel P．Understanding Android security [J]．IEEE Security and Privacy Magazine,20097(1):50-57
[7] Sally．SELinux学习笔记[M/OL]．http://wenku.it168.com/ d_001220063.shtml．IT168,2013
[8] Spencer R,Smalley S,Loscocco P,et al．The Flask security architecture:System support for diverse security policies [C]∥Proceedings of The Eighth USENIX Security Symposium．Washington:USENIX,1999:123-139
[9] Carter J．Using gconf as an example of how to create an userspace object manager[C/OL]．http://www.nsa.gov/re search/_files/selinux/papers/gconf07-paper.shtml,NSA,2009
[10] NSA．SE For Android[EB/OL]．http://selinuxproject.org/page/ SEforAndroid．NSA,2013
[11] Ongtang M,McLaughlin M,Enck W,et al．Semantically rich application-centric security in Android[J]．Security and Communication Networks,2012,5(6):658-673
[12] Bugiel S,Davi L,Dmitrienko A,et al．Practical and Lightweight Domain Isolation on Android[C]∥Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices(SPSM ''11)．New York:CCS,2011:51-62
[13] Enck I,Gilbert P,Chun B,et al．TaintDroid:An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones[C]∥proceeding of:9th USENIX Symposium on Operating Systems Design and Implementation,OSDI 2010．Vancouver,BC,Canada:USENIX,2010:1-6
[14] Bugiel S,Davi L,Dmitrienko A,et al．Towards Taming Privilege-Escalation Attacks on Android [C/OL]．http://www.trust.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_TRUST/PubsPDF/NDSS_2012_Towards_Taming_Privilege-Escalation_Attacks_on_Android.pdf,NDSS,2012
[15] Bea F．WhatsApp reads your phone contacts and is breaking pri-vacy laws[CP/OL]．http://www.digitaltrends.com/mobile/ whatsapp-breaks-privacy-laws/,DTDigital Trends,2013
[16] Cai H,Shao Z,Vaynberg A．Certified Self-Modifying Code [C]∥Proceedings of 2007ACM SIGPLAN Conference on Programming Language Design and Implementation．San Diego:PLDI’ 2007:66-77
[17] AnTuTu Labs．AnTuTu Benchmark[CP/OL]．https://play.google．com/store/apps/details?id=com.antutu.ABenchMark,Google,2013

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed