CUI Haoliang, SHAO Shuai, NIU Shaozhang, et al., “Container-Based Privacy Preserving Scheme for Android Applications,” Chinese Journal of Electronics, vol. 29, no. 4, pp. 731-737, 2020, doi: 10.1049/cje.2020.06.001
Citation: CUI Haoliang, SHAO Shuai, NIU Shaozhang, et al., “Container-Based Privacy Preserving Scheme for Android Applications,” Chinese Journal of Electronics, vol. 29, no. 4, pp. 731-737, 2020, doi: 10.1049/cje.2020.06.001

Container-Based Privacy Preserving Scheme for Android Applications

doi: 10.1049/cje.2020.06.001
Funds:  This work is supported by the National Natural Science Foundation of China (No.U1536121, No.61370195).
  • Received Date: 2019-07-09
  • Rev Recd Date: 2019-09-04
  • Publish Date: 2020-07-10
  • An application layer privacy data protection scheme combining dynamic and static analysis is proposed. Android component life cycle and system calls are first studied, and the taint propagation path under the cross-component scenario in static analysis is optimized. Based on the static analysis, a privacy preserving container is designed and implemented on both the Framework layer and the Native layer of Android. The scheme generates a privacy protection policy file by constructing leakage paths for privacy data propagation in Android applications, and monitors privacy leakage in the running environment of the target application according to the policy file. Experiments show that the proposed scheme can effectively protect user privacy while running third-party applications.
  • loading
  • “Tongfudun released the ‘2018 Mobile Security Situation Report”’, https://cloud.tencent.com/developer/news/391770, 2019-5-26(in Chinese)
    L. Li, Tegawendé F. Bissyandé, M. Papadakis, et al., “Static analysis of android apps: A systematic literature review”, Information and Software Technology, Vol.2017, No.88, pp.67-95, 2017.
    J. LI, Z. WANG, T. WANG, et al., “An Android malware detection system based on feature fusion”, Chinese Journal of Electronics, Vol. 27, No.06, pp.100-107, 2018.
    L. Lu, Z. Li, Z. Wu, et al., “CHEX: Statically vetting Android apps for component hijacking vulnerabilities”, Proc. of ACM Conference on Computer & Communications Security, North Carolina, USA, pp.229-240, 2012
    Y. Zhang, M. Yang, Z. Yang, et al., “Permission use analysis for vetting undesirable behaviors in android apps”, IEEE Transactions on Information Forensics and Security, Vol.9, No.11, pp.1828-1842, 2014.
    O. Tripp and J. Rubin, “A Bayesian approach to privacy enforcement in smartphones”, Proc. of Usenix Conference on Security Symposium, San Diego, CA, USA, pp.175-190, 2014.
    X. Cui, D. Yu, P. Chan, et al., “Cochecker: Detecting capability and sensitive data leaks from component chains in android”, Proc. of Australasian Conference on Information Security and Privacy. Springer, Cham, pp.446-453, 2014.
    S. H. Hung, S. W. Hsiao, Y. C. Teng, et al., “Realtime and intelligent private data protection for the Android platform”, Pervasive and Mobile Computing, Vol.2015, No.24, pp.231-242, 2015.
    W. Enck, P. Gilbert, P. Landon, et al., “TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones”, Acm Transactions on Computer Systems, Vol.32, No.2, pp.1-29, 2014.
    Y. J. Jia, Q. A. Chen, Y. Lin, et al., “Open doors for Bob and Mallory: Open port usage in Android apps and security implications”, Proc. of IEEE European Symposium on Security and Privacy, Paris, France, pp.190-203, 2017.
    W. Song, Q. Huang and Jeff. Huang, “Understanding JavaScript vulnerabilities in large real-world Android applications”, IEEE Transactions on Dependable and Secure Computing, Vol.10, No.1109, pp.1-15, 2018.
    G. Russello, B. Crispo, E. Fernandes, et al., “YAASE: Yet another Android security extension”, Proc. of IEEE Third International Conference on Privacy, Security, Risk and Trust and IEEE Third International Conference on Social Computing, Bertinoro, Italy, pp.1033-1040, 2011.
    Zhauniarovich, Yury, Russello, et al., “MOSES: Supporting and enforcing security profiles on smartphones”, Proc. of IEEE Transactions on Dependable and Secure Computing, Vol.11, No.3, pp.211-223, 2014.
    C. Wu, Y. Zhou, K. Patel, et al., “AirBag: Boosting smartphone resistance to malware infection”, Proc. of the Network and Distributed System Security Symposium, San Diego, CA, USA, http://dx.doi.org/10.14722/ndss.2014.23164, 2014.
    X. Wang, K. Sun, Y. Wang, et al., “DeepDroid: Dynamically enforcing enterprise policy on android devices”, Proc. of the Network and Distributed System Security Symposium, San Diego, CA, USA, DOI:10.14722/ndss.2015.23263, 2015.
    Y. Chen, Y. Zhang, Z. Wang, et al., “Adaptive android kernel live patching”, Proc. of the 26th USENIX Conference on Security Symposium, Vancouver, BC, Canada, pp.1253-1270, 2017.
    J. Jeon, K. K. Micinski, J. A. Vaughan, et al., “Dr. Android and Mr. Hide:fine-grained permissions in android applications”, Proc. of the 2nd Acm Workshop on Security & Privacy in Smartphones & Mobile Devices, Raleigh, North Carolina, USA, pp.3-14, 2012.
    S. Rasthofer, S. Arzt, E. Lovat, et al., “DroidForce: Enforcing Complex, Data-centric, System-wide Policies in Android”, Proc. of IEEE 2014 Ninth International Conference on Availability, Reliability and Security, Fribourg, Switzerland, pp.40-49, 2014.
    P. Lam, E. Bodden, L. Hendren, et al., “The Soot framework for Java program analysis: a retrospective”, Cetus Users and Compiler Infastructure Workshop, Galveston, Texas, USA, pp.35-43, 2011.
    S. Arzt, S. Rasthofer, Fritz C, et al., “Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps”, ACM SIGPLAN Notices, Vol.49, No.6, pp.259-269, 2014.
    L. Yan, Y. Guo and X. Chen, “SplitDroid: Isolated execution of sensitive components for mobile applications”, Proc. of International Conference on Security and Privacy in Communication Systems, Dallas, TX, USA, pp.78-96, 2015.
    L. Wu, X. Du and H. Zhang, “An effective access control scheme for preventing permission leak in Android”, Proc. of International Conference on Computing, Networking and Communications, Anaheim, California, USA, pp.57-61, 2015.
    B. Shebaro, O. Oluwatimi and E. Bertino, “Contextbased access control systems for mobile devices”, IEEE Transactions on Dependable and Secure Computing, Vol.12, No.2, pp.150-163, 2015.
    X. Bai, J. Yin and Y. P. Wang, “Sensor guardian: Prevent privacy inference on Android sensors”, EURASIP Journal on Information Security, Vol. 2017, No.1, pp.1-17, 2017.
    T. Dai, X. Li, B. Hassanshahi, et al., “RoppDroid: Robust permission re-delegation prevention in Android intercomponent communication”, Computers & Security, vol.2017, No.68, pp.98-111, 2017.
    D. Davidson, V. Rastogi, M. Christodorescu, et al., “Enhancing Android security through app splitting”, Proc. of International Conference on Security and Privacy in Communication Systems, Niagara Falls, Ontario, Canada, pp.24-44, 2017.
    Xiang Pan, Yinzhi Cao, Xuechao Du, et al., “FlowCog: Context-aware semantics extraction and analysis of information flow leaks in Android apps”, Proc. of the 27th USENIX Security Symposium, Baltimore, Maryland, USA, pp.1669-1685, 2018.
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Article Metrics

    Article views (286) PDF downloads(97) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return