计算机科学 ›› 2017, Vol. 44 ›› Issue (Z11): 353-356.doi: 10.11896/j.issn.1002-137X.2017.11A.074

• 信息安全 • 上一篇    下一篇

MacDroid:一种Android轻量级内核层强制访问控制框架

李尼格,马媛媛,陈牧,陈璐,徐敏   

  1. 全球能源互联网研究院信息通信研究所 南京210003,全球能源互联网研究院信息通信研究所 南京210003,全球能源互联网研究院信息通信研究所 南京210003,全球能源互联网研究院信息通信研究所 南京210003,全球能源互联网研究院信息通信研究所 南京210003
  • 出版日期:2018-12-01 发布日期:2018-12-01
  • 基金资助:
    本文受国家电网公司科技项目:电力移动应用信息安全防护关键技术研究(SGRIXTKJ[2016]183号)资助

MacDroid:A Lightweight Kernel-level Mandatory Access Control Framework for Android

LI Ni-ge, MA Yuan-yuan, CHEN Mu, CHEN Lu and XU Min   

  • Online:2018-12-01 Published:2018-12-01

摘要: 智能移动终端已成为移动互联网时代重要的信息处理平台,其面临的安全威胁越来越严重,针对传统计算机的安全防护架构已无法适应智能移动终端安全防护的特殊需求。通过对智能移动终端操作系统的特点和层次进行分析,设计了一种轻量级内核层强制访问控制框架——MacDroid,深入研究了MacDroid 的安全策略定义、安全策略编译、安全策略实施等关键问题。提出了MacDroid 的安全策略描述语言——PSL,对PSL 的词法和语法进行了形式化定义。最后通过实验测试了MacDroid 访问控制框架对智能移动终端不同层的恶意软件行为的控制效果。实验结果表明,MacDroid框架对Android智能移动终端应用层、本地层和内核层的恶意软件行为均有较好的控制效果。

关键词: 安卓,内核,强制访问控制,恶意软件检测

Abstract: Smart terminal has become an important information processing platform in the mobile Internet era,and its security threats are becoming more and more serious.The security protection architecture for traditional computers has been unable to meet the special needs of smart terminal security protection.By analyzing the characteristics and levels of the smart terminal operating system,a lightweight kernel-level mandatory access control framework(MacDroid) was designed.The key issues of MacDroid security policy definition,security policy compilation,security policy implementation and so on were deeply studied in this paper.The MacDroid security policy description language(PSL) was proposed and the PSL lexical and grammar formal definition were given.Finally,the effect of MacDroid access control framework on the behavior of different layers of intelligent mobile terminals was evaluted.The experimental results show that the MacDroid framework has good control effect on application layer,native layer and kernel layer malware behavior of Android smart terminal.()

Key words: Android,Kernel,Mandatory access control,Malware detection

[1] PIRRETTI M,TRAYNOR P,MCDANIEL P,et al.Secure Atrribute-Based Systems[J].Journal of Computer Security,2010,8(5):799-837.
[2] ION I,DRAGOVIC B,CRISPO B.Extending the Java Virtual Machine to Enforce Fine-Grained Security Policies in Mobile Devices[C]∥Proc.of the Annual Computer Security Applications Conference.2007:233-242.
[3] ZHANG X W,ACIIMEZ O,SEIFER J.A Trusted MobilePhone Reference Architecture via Secure Kernel[C]∥Proc.of the ACM workshop on Scalable Trusted Computing.2007:7-14.
[4] ENCK,WILLIAM ONGTANG,et al.On Lightweight Phone Ap-plication Certification[C]∥Proceedings of the 16th ACM Conference on Computer and Communications Security.2009:235-245.
[5] KIRKPATRICK M S,BERTINO E.Enforcing Spatial Constr-aints for Mobile RBAC Systems[C]∥Proc.of the 15th ACM Symposium on Access Control Models and Technologies.2010:99-108.
[6] NAUMAN M,KHAN S,ZHANG X W,et al.Beyond Kernel-Level Integrity Measurement Enabling Remote Attestation for the Android Platform[C]∥International Conference on Trust and Trustworthy Computing.2010:1-15.
[7] NSA.http://selinuxproject.org/page/SEAndroid.
[8] 黄琳雅.基于内核的Android文件访问控制研究[D].北京:北京邮电大学,2012.
[9] 易筱茂.面向Android操作系统的强制访问控制研究[D].北京:中国科学院大学,2015.
[10] 卿斯汉.Android 安全的研究现状与展望[J].电信科学,2016(10):1-8.

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!