Android防护技术研究进展

摘要/Abstract

摘要： 在移动互联网高速发展的过程中,Android设备的安全问题也日益凸显,给移动互联网用户带来了许多安全隐患。为此,介绍近年来Android安全防护领域的相关研究,指出其优点和不足,并提出改进方向。通过对比分析现有工作和相关安全防护技术,给出Android安全防护领域面临的挑战和机遇,展望Android安全防护领域的广阔前景。

关键词: 安全防护, 恶意软件, 应用部署阶段, 静态分析, 动态分析, 安全增强, 访问控制

Abstract: In the rapid development of mobile Internet,the security of Android devices becomes more and more prominent,bringing many security risks to mobile Internet users.In this paper,the authors introduce related researches on Android security protection in recent years,point out its advantages and disadvantages,and put forward some improvements.By comparing and analyzing the existing work and related security protection technologies,the challenges and opportunities of Android security protection are given,and the broad prospects of the field of Android security protection are prospected.

Key words: safety protection, malware, application deployment phase, static analysis, dynamic analysis, security enhancement, access control

中图分类号:

TP391

谢佳筠,伏晓,骆斌. Android防护技术研究进展[J]. 计算机工程.

XIE Jiayun,FU Xiao,LUO Bin. Research Progress of Android Protection Technology[J]. Computer Engineering.

参考文献

参考文献［1］卿斯汉.Android 安全研究进展［J］.软件学报,2016,27(1):45-71. ［2］张玉清,王凯,杨欢,等.Android 安全综述［J］.计算机研究与发展,2014,51(7):1385-1396. ［3］TAN D J J,CHUA T W,THING V L L.Securing Android:A Survey,Taxonomy,and Challenges［J］.ACM Computing Surveys,2015,47(4):58-99. ［4］ZHOU Yajin,JIANG Xuxian.Dissecting Android Malware:Characterization and Evolution［C］//Proceedings of IEEE Symposium on Security and Privacy.IEEE Computer Society.Washington D.C.,USA:IEEE Press,2012:95-109. ［5］ZHOU Wu,ZHANG Xinwen,JIANG Xuxian.AppInk:Water-marking Android Apps for Repackaging Deterrence［C］//Proceedings of the 8th ACM SIGSAC Symposium on Information,Computer and Communications Security.New York,USA:ACM Press,2013:1-12. ［6］RASTHOFER S,ARZT S,LOVAT E,et al.Droidforce:Enforcing Complex,Data-centric,System-wide Policies in Android［C］//Proceedings of Ninth International Conference on Availability,Reliability and Security.Washington D.C.,USA:IEEE Press,2014:40-49. ［7］ZHOU Wu,ZHOU Yajin,JIANG Xuxian,et al.Detecting Repackaged Smartphone Applications in Third-party Android Marketplaces［C］//Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy.New York,USA:ACM Press,2012:317-326. ［8］CRUSSELL J,GIBLER C,CHEN Hao.Attack of the Clones:Detecting Cloned Applications on Android Markets［C］//Proceedings of European Symposium on Research in Computer Security.Berlin,Germany:Springer-Verlag,2012:37-54. ［9］FELT A P,CHIN E,HANNA S,et al.Android Permissions Demystified［C］//Proceedings of the 18th ACM Conference on Computer and Communications Security.New York,USA:ACM Press,2011:627-638. ［10］AU K W Y,ZHOU Yifan,HUANG Zhen,et al.Pscout:Analyzing the Android Permission Specification［C］//Proceedings of the 2012 ACM Conference on Computer and Communications Security.New York,USA:ACM Press,2012:217-228. ［11］GRACE M C,ZHOU Yajin,WANG Zhi,et al.Systematic Detection of Capability Leaks in Stock Android Smartphones［C］//Proceedings of the 19th Network and Distributed System Security Symposium.Washington D.C.,USA:IEEE Press,2012:19. ［12］LU Long,LI Zhichun,WU Zhenyu,et al.Chex:Statically Vetting Android Apps for Component Hijacking Vulner-abilities［C］//Proceedings of 2012 ACM Conference on Computer and Communications Security.New York,USA:ACM Press,2012:229-240. ［13］GRACE M,ZHOU Yajin,ZHANG Qiang,et al.Riskranker:Scalable and Accurate Zero-day Android Malware Detec-tion［C］//Proceedings of the 10th International Conference on Mobile Systems,Applications,and Services.New York,USA:ACM Press,2012:281-294. ［14］ARZT S,RASTHOFER S,FRITZ C,et al.Flowdroid:Precise Context,Flow,Field,Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps［C］//Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation.New York,USA:ACM Press,259-269. ［15］YANG Zhemin,YANG Min,ZHANG Yuan,et al.Appintent:Analyzing Sensitive Data Transmission in Android for Privacy Leakage Detection［C］//Proceedings of ACM SIGSAC Conference on Computer & Com-munications Security.New York,USA:ACM Press,2013:1043-1054. ［16］CHIN E,FELT A P,GREENWOOD K,et al.Analyzing Inter-application Communication in Android［C］//Proceedings of the 9th International Conference on Mobile Systems,Applications,and Services.New York,USA:ACM Press,2011:239-252. ［17］OCTEAU D,MCDANIEL P,JHA S,et al.Effective Inter-component Communication Mapping in Android with Epicc:An Essential Step Towards Holistic Security Analysis［C］//Proceedings of the 22nd USENIX Conference on Security.USENIX Association.Washington D.C.,USA:［s.n.］,2013:543-558. ［18］LI Li,BARTEL A,BISSYANDE T F,et al.IccTA:Detecting Inter-component Privacy Leaks in Android Apps［C］//Proceedings of the 37th International Conference on Software Engineering-Volume 1.Washington D.C.,USA:IEEE Press,2015:280-291. ［19］WEI Fengguo,ROY S,OU Xinming.Amandroid:A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps［C］//Proceedings of 2014 ACM SIGSAC Conference on Computer and Communications Security.New York,USA:ACM Press,2014:1329-1341. ［20］ENCK W,ONGTANG M,MCDANIEL P.Understanding Android Security［J］.IEEE Security & Privacy,2009(1):50-57. ［21］ZHANG Mu,DUAN Yue,FENG Qian,et al.Towards Automatic Generation of Security-centric Descriptions for Android Apps［C］//Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security.New York,USA:ACM Press,2015:518-529. ［22］WANG Ruowen,ENCK W,REEVES D,et al.Easeandroid:Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-scale Semi-supervised Learn-ing［C］//Proceedings of the 24th USENIX Security Symposium.USENIX Association.Washington,D.C.:［s.n.］,2015:351-366. ［23］BUGIEL S,DAVI L,DMITRIENKO A,et al.Towards Taming Privilege-escalation Attacks on Android［J］.Proceedings of Annual Network & Distributed System Security Symposium,2013,130(130):346-360. ［24］BUGIEL S,HEUSER S,SADEGHI A R.Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies［C］//Proceedings of the 22nd USENIX Conference on Security.Washington D.C.,USA:USENIX Association,2013:131-146. ［25］ZHAO Zhibo,OSONO F C C.“TrustDroidTM”:Preventing the Use of SmartPhones for Information Leaking in Corporate Networks Through the Use of Static Analysis Taint Tracking［C］//Proceedings of International Conference on Malicious and Unwanted Software.Washington D.C.,USA:IEEE Press,2012:135-143. ［26］WANG Rui,XING Luyi,WANG Xiaofeng,et al.Unauthorized Origin Crossing on Mobile Platforms:Threats and Mitiga-tion［C］//Proceedings of ACM SIGSAC Conference on Computer & Communications Security.New York,USA:ACM Press,2013:635-646. ［27］ENCK W,GILBERT P,CHUN B G,et al.TaintDroid:An Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones［J］.ACM Tran-sactions on Computer Systems,2014,32(2):1-29. (下转第176页) (上接第170页) ［28］FELT A P,WANG H J,MOSHCHUK A,et al.Permission Re-delegation:Attacks and Defenses［C］//Proceedings of Usenix Conference on Security.New York,USA:USENIX Association,2011:22. ［29］DIETZ M,SHEKHAR S,PISETSKY Y,et al.QUIRE:Lightweight Provenance for Smart Phone Operating Systems［C］//Proceedings of USENIX Conference on Security.San Francisco,USA:USENIX Association,2011:23. ［30］ZHANG Yuan,YANG Min,XU Bingquan,et al.Vetting Undesirable Behaviors in Android Apps with Permission Use Analysis［C］//Proceedings of 2013 ACM SIGSAC Conference on Computer & Communications Security.New York,USA:ACM Press,2013:611-622. ［31］XU Rubin,SAIDI H,ANDERSON R.Aurasium:Practical Policy Enforcement for Android Applications［C］//Proceedings of USENIX Conference on Security Symposium.Bellevue,USA:USENIX Association,2012:27. ［32］BACKES M,GERLING S,HAMMER C,et al.AppGuard-Enforcing User Requirements on Android Apps［C］//Proceedings of Tools and Algorithms for the Construction and Analysis of Systems.Berlin,Germany:Springer-Verlag,2013:543-548. ［33］BACKES M,BUGIEL S,HAMMER C,et al.Boxify:Full-fledged App Sandboxing for Stock Android［C］//Pro-ceedings of USENIX Conference on Security Symposium.Washington D.C.,USA:USENIX Association,2015:691-706. ［34］XING Luyi,PAN Xiaorui,WANG Rui,et al.Upgrading Your Android,Elevating My malware:Privilege Escalation Through Mobile OS Updating［C］//Proceedings of IEEE Symposium on Security and Privacy.Washington D.C.,USA:IEEE Press,2014:393-408. 编辑刘冰

[1]	黄保华, 郑慧颖, 屈锡, 陈宁江. 联盟链高效存储访问控制方案[J]. 计算机工程, 2023, 49(8): 37-45.
[2]	田秀霞, 杨明夷. 家庭物联网中基于智能合约的访问控制机制[J]. 计算机工程, 2023, 49(3): 18-28.
[3]	刘晶, 朱炳旭, 梁佳杭, 任女尔, 季海鹏. 基于主侧链合作的区块链访问控制策略[J]. 计算机工程, 2022, 48(3): 10-16,22.
[4]	王静宇, 周雪娟. 一种支持属性撤销的密文策略属性基加密方案[J]. 计算机工程, 2021, 47(7): 95-100.
[5]	张本宏, 吴浩浩, 俞磊. 车载自组织网络中基于竞争的时分多址MAC协议[J]. 计算机工程, 2021, 47(5): 154-159.
[6]	张建国, 胡晓辉. 基于以太坊的改进物联网设备访问控制机制研究[J]. 计算机工程, 2021, 47(4): 32-39,47.
[7]	张江徽, 崔波, 李茹, 史锦山. 基于智能合约的物联网访问控制系统[J]. 计算机工程, 2021, 47(4): 21-31.
[8]	詹长健, 雷磊, 沈高青, 李志林. 适用于水声传感网络的多链路传输MAC协议[J]. 计算机工程, 2021, 47(2): 194-200.
[9]	李峰, 舒斐, 李明轩, 王斌, 杨慧婷. 基于深度学习的Linux远控木马检测[J]. 计算机工程, 2020, 46(7): 159-164.
[10]	韩舒艳, 努尔买买提·黑力力. 选择性隐藏树型访问结构的CP-ABE方案[J]. 计算机工程, 2020, 46(7): 150-158.
[11]	曾娅琴, 张琳琳, 张若楠, 杨波. 基于MobileNet的恶意软件家族分类模型[J]. 计算机工程, 2020, 46(4): 162-168.
[12]	李民政, 资文彬, 王浩. LoRa无线网络MAC层TDMA时隙分配协议研究[J]. 计算机工程, 2019, 45(9): 95-99,118.
[13]	严海升, 李强, 孙开伟. 基于特征占比差的恶意软件检测方法[J]. 计算机工程, 2019, 45(8): 309-314.
[14]	谭跃生,鲁黎明,王静宇. 基于安全三方计算的密文策略加密方案[J]. 计算机工程, 2019, 45(1): 115-120,128.
[15]	马富天,钱雪忠,宋威. 一种自动化的跨站脚本漏洞发现模型[J]. 计算机工程, 2018, 44(8): 167-173.

选择文件类型/文献管理软件名称

选择包含的内容