期刊文献+

安卓应用程序误用用户信息的监测与控制

Monitoring and Control for Android Application in Misusing Users' Private Information
下载PDF
导出
摘要 针对Android应用程序常被不完全地审查,不充分的隔离,且毫无限制地被用户安装所引起的用户私有敏感信息的泄露,通过采用动态污点分析技术监测敏感信息何时通过不可信的应用程序离开系统,同时根据需要采用无害的影子数据遮蔽敏感信息,或者阻断泄露私有信息的通信,防止应用程序访问用户希望保密的数据,在系统的层面上实现实时监测和控制Android应用程序使用用户私有敏感信息. Smartphone applications are frequently incompletely vetted, poorly isolated and installed by users without restraint. Such behavior causes users' private sensitive information leakage. By means of employing dynamic taint analysis technology, our work detects when sensitive data leaves the system via untrusted applications. Meanwhile, according to the need, it uses harmless data to cover the sensitive information, or cuts off the exfiltration communication. Then it can prevent an application to access the data which user wants to keep confidential, achieve real-time monitoring and control for Android applications in misusing the user private information from system level.
作者 廖明华
出处 《计算机系统应用》 2014年第6期215-219,共5页 Computer Systems & Applications
关键词 安卓 用户私有敏感信息 动态污点分析 信息流追踪 隐私控制 Android users' private sensitive information dynamic taint analysis information-flow tracking system privacy control system
  • 引文网络
  • 相关文献

参考文献10

  • 1Hornyack P, Han SY, Jung JY, Schechter S, Wetherall D. These Aren't the Droids You're Looking For: Retrofitting Android to Protect Data from Imperious Applications. ACM, 2011:1-6. 被引量:1
  • 2Leek T, Baker G, Brown R, Zhivich M, Lippmann R Coverage Maximization using Dynamic Taint Tracing [Technical Report] TR-1112. MIT Lincoln Laboratory. 2007 2-3. 被引量:1
  • 3Masri W, Podgurski A, Leon D. Detecting and debugging insecure information flows. International Symposium on Software Reliability Engineering (ISSRE 2004). 2004. 198-209. 被引量:1
  • 4Kong J, Zou CC, Zhou H. Improving software security via runtime instruction-level taint checking. ASID'06, Proc. of the I st Workshop on Architectural and System Support for Improving Software Dependability. 2008. 18-24. 被引量:1
  • 5Newsome J, Song D. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. Proc. of the Network and Distributed System Security Symposium (NDSS 2005). 2005.55-59. 被引量:1
  • 6Qin F, Wang C, Li Z, seop Kim H, Zhou Y, Wu Y. LIFT: A low-overhead practical information flow tracking system for detecting security attacks. MICRO '06: Proc. of the 39th Annual IEEE/ACM International Symposium on Microarchitecture. 2009. 135-148. 被引量:1
  • 7Pietraszek T, Berghe CV. Defending against injection attacks through context-sensitive string evaluation. Proc. of Recent Advances in Intrusion Detection (RAID 2005). 2005.3-8. 被引量:1
  • 8Nguyen-Tuong A, Guarnieri S, Greene D, Shirley J, Evans D. Automatically hardening web applications using precise tainting. 20th IFIP International Information Security Conference. 2005.3-5. 被引量:1
  • 9周凌..基于信息流的动态污点分析技术研究[D].电子科技大学,2010:
  • 10Enck W, Gilbert P, Chun BG, Cox LP, Jung J, Mcdaniel E Sheth AN. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. Proc. of the USENIX Symposiumon Operating Systems Design and Implementation. 2010. 1-7. 被引量:1

相关主题

;
使用帮助 返回顶部