A kind of System Privileges management-control method of low interferenceTechnical field
The present invention relates to authority control method, the System Privileges management-control method of particularly a kind of low interference.
Background technology
Along with the rise of intelligent machine, intelligent machine safety more and more pay attention to by users, Ministry of Industry and Information of country has also issued " notice about strengthening mobile intelligent terminal management ", the one-level security capabilities requirement of the communication industry standard that requires that intelligent terminal should meet " technical requirement of mobile intelligent terminal security capabilities " in the notification.Provide the requirement that intelligent machine networks, Ge great cell phone manufacturer under this background, solution development business one after another from application layer, operating system layer, hardware level releases oneself intelligent machine system item security one after another, to collection user profile, call peripheral data interface, expend flow, that reveals privacy information all needs the control obtaining user, the agreement that must obtain user just can be carried out, and namely intelligent operating system will have System Privileges management and control technology.
Current operating system, application layer various commercial fail-safe software, comprise domestic and international Norton, LookOut, McAfee, Kingsoft mobile phone bodyguard, 360 mobile phone bodyguards, Tengxun mobile phone house keeper, the net Qin and LBE etc., what the application layer being operated in Android platform had had is operated in operating system layer.These business software trade editions provide the killing of Malware usually according to the technology such as blacklist and software signatures, have also to the security mechanism management and control of Android system core; The senior version of part business software needs " to escape from prison " after (ROOT puies forward power) by mobile phone, can provide the dynamic management and control of ccf layer authority to Android system.What have is ejecting in dialog box, also needs to allow user's secondary carry out confirmation and authorizes, still can bring interference to user.
Be wherein in 201210218971.4 patents at application number, the killing of virus base is adopted to a kind of safety detection method and system of application program, the technology wherein realized comprises: scan A ndroid installation kit, and extracts the characteristic information of specifying from described Android installation kit; Described characteristic information of specifying is uploaded onto the server, searches in the safety identification storehouse that server is preset and combine with the single characteristic information of specifying or its feature record matched; The safety detection result for described Android installation kit that reception server returns, and show in client user interface.This is that main sweep object mainly carries out killing from viral wooden horse aspect from local high in the clouds storage attribute code with condition code, can not carry out effective management and control to the private data of user, adopts the mode of black and white lists to carry out management and control to private data.
Summary of the invention
The object of this invention is to provide a kind of System Privileges management-control method of low interference, follow the tracks of from the operation behavior of user, from file-level, function rank, the behavior of variable levels recording user, and the essential behavioural characteristic set of the searching malicious application forming oneself, and the safety rule of a set of low interference of formulation of deriving based on this characteristic set.
In order to realize above object, the present invention is achieved by the following technical solutions:
A System Privileges management-control method for low interference, be characterized in, the method comprises following steps:
S1, the data of amendment Android system send interface code module outside;
S2, the implicit expression authority usage behavior of authority usage behavior sampling module application programs carries out sampling analysis;
S3, scope check module is to described Application inspection, and the authority deriving this application program uses feature;
S4, uses feature according to the authority of described application program, judges whether described application program is malicious application, if so, then by result feedback to user interface.
Also comprise before described step S2: recognition application attempts this step of positional information of the system resource of access.
In described step S2, the sampling analysis of application programs adopts the mode of dynamic tainting to carry out trace analysis.
Described step S2 comprises:
S2.1, authority usage behavior sampling module is followed the tracks of by the propagation of program variable in application program in system resource;
S2.2, authority usage behavior sampling module is followed the tracks of when application call system function;
S2.3, authority usage behavior sampling module follows the tracks of the system resource propagated to local file and external unit.
Described step S2.2 comprises following steps:
S2.2.1, the function interface of application call self;
S2.2.2, application call Android framework function, the i.e. external interface that defined by Android system of application program, use the preset class libraries of Android system;
S2.2.3, Android system calls linux kernel function, makes Android system by the request forwarding of application program to linux kernel, and is realized the function of application requests by linux kernel.
Instruction pitching pile is adopted to carry out data tracking when the function interface of application call self and/or Android framework function by amendment Android interpreter.
Described step S3 is specially scope check module carries out authority information respectively collection in Android frame end and linux kernel end.
When the system resource that application program access is protected by Android frame end, Android frame end is responsible for scope check to judge whether this application program has the authority of the system resource of this Android frame protection of access;
When the system resource that application program access is protected by linux kernel end; all application program authorities checked by linux kernel end are endowed one group of ID, and whether the authority that described linux kernel end is protected is met by inspection group ID to realize the isolation of corresponding authority.
Described step S4 is specially: to use and after being blocked when privacy of user data are employed program, system decision-making module will be inquired about private data and sent behavior outside and contrast malicious application characteristic set, whether the application program described in judgement meets the behavioural characteristic of malicious application, if meet, then require that user makes instant decision.
The present invention compared with prior art, has the following advantages:
The present invention follows the tracks of from the operation behavior of user, from file-level, function rank, the behavior of variable levels recording user, and the essential behavioural characteristic set of the searching malicious application forming oneself, and the safety rule of a set of low interference of formulation of deriving based on this characteristic set.
Accompanying drawing explanation
Fig. 1 is the method flow diagram of the System Privileges management-control method of a kind of low interference of the present invention;
Fig. 2 is the dynamic tainting schematic diagram of Android system
Fig. 3 is the scope check schematic diagram of mechanism of Android system.
Embodiment
Below in conjunction with accompanying drawing, by describing a preferably specific embodiment in detail, the present invention is further elaborated.
As shown in Figure 1, a kind of System Privileges management-control method of low interference, the method comprises following steps:
S1, the data of amendment Android system send interface code module outside;
S2, the implicit expression authority usage behavior of authority usage behavior sampling module application programs carries out sampling analysis;
S3, scope check module is to described Application inspection, and the authority deriving this application program uses feature;
S4, uses feature according to the authority of described application program, judges whether described application program is malicious application, if so, then by result feedback to user interface.
In a particular embodiment, also comprise before described step S2: recognition application attempts this step of positional information of the system resource of access, because the call back function that uses a large amount of in Android system carrys out asynchronous push system resource, such as when the positional information variation of mobile phone time, the call back function of system meeting invokes application registration triggers application program and carries out response process.This programming model of Android and resource asynchronous access pattern make recognition system resource submit and a little become very difficult, and Android system provides 10 in addition, and more than 000 API obtains protected system resource for application program, more make recognizer become complicated.Intend adopting automatic API filter method, from application program, filter out the API that is likely used to registered callbacks function and be labeled as system resource and submit a little.For other API, rreturn value is just submitted a little as system resource.
In described step S2, the sampling analysis of application programs adopts the mode of dynamic tainting to carry out trace analysis, see Fig. 2.
Described step S2 comprises:
S2.1; authority usage behavior sampling module is followed the tracks of by the propagation of program variable in application program in system resource; the shielded system resource that application program obtains can be concrete external device data; also can be shielded user data, as user communication record, geographical location information etc.These shielded system resources can be stored in program variable, and are propagated in application program by the assignment between variable.Therefore, in order to the behavior that application program implicit expression authority of sampling uses, first we need tracker resource by the propagation of program variable in application program;
S2.2, authority usage behavior sampling module is followed the tracks of when application call system function;
Particularly, described step S2.2 comprises following steps:
S2.2.1, the function interface of application call self;
S2.2.2, application call Android framework function, the i.e. external interface that defined by Android system of application program, use the preset class libraries of Android system, the preset class libraries of Android system comprises: the class libraries of the java class storehouse of Dalvik virtual machine and Android framework and core system service.;
S2.2.3, Android system calls linux kernel function, make Android system by the request forwarding of application program to linux kernel, and the function of application requests is realized by linux kernel, in the process, system resource passes to linux kernel by Android system, and may be propagated to other system module by Linux further.
S2.3, authority usage behavior sampling module follows the tracks of the system resource propagated to local file and external unit, and system resource can also be delivered to local file and external unit, and is passed to other assemblies further by file and peripheral hardware.In order to realize the coverage rate guaranteeing to use implicit expression authority, also need to carry out pitching pile to the I/O interface of these equipment, and the system resource that record is propagated by it.Identifying after each implicit expression authority uses point, also needing to record the function information of this use point, code attribute (being application code or system code), runtime parameter and rreturn value, use dot informations for the authority information of parameters and all display authorities corresponding with it.
Instruction pitching pile is adopted to carry out data tracking when the function interface of application call self and/or Android framework function by amendment Android interpreter, Android interpreter achieves the function call stipulations (Calling Convention) of program when explaining execution, whenever Android routine call Java function, interpreter can create call stack according to calling stipulations, record call function state, Transfer Parameters and rreturn value simultaneously.
Above-mentioned step S3 is specially scope check module carries out authority information respectively collection in Android frame end and linux kernel end, see Fig. 3.
When the system resource that application program access is protected by Android frame end, as IMEI, daily record and geographical location information etc., Android frame end is responsible for scope check to judge whether this application program has the authority of the system resource of this Android frame protection of access;
When the system resource that application program access is protected by linux kernel end; all application program authorities checked by linux kernel end are endowed one group of ID, and whether the authority that described linux kernel end is protected is met by inspection group ID to realize the isolation of corresponding authority.
Described step S4 is specially: to use and after being blocked when privacy of user data are employed program, system decision-making module will be inquired about private data and sent behavior outside and contrast malicious application characteristic set, whether the application program described in judgement meets the behavioural characteristic of malicious application, if meet, then require that user makes instant decision.
Go out malicious application authority by Security requirements analysis and use feature, part malicious application authority uses feature sample as shown in table 1, and the application program wherein meeting feature (1) can be debugged other application programs.The application program meeting feature (2) can obtain notice when system receives note, and uses abortBroadcast method to stop broadcast, reaches the object of shielding note.The application program meeting feature (3) can carry out write operation to note data storehouse.The application program meeting feature (4) and feature (5) can obtain notice (PHONE_STATE or PROCESS_OUTGOING_CALL) when talking state is changed, can also carry out record (RECORD_AUDIO) if user starts call, recording can be sent to far-end server (INTERNET) subsequently.The application program meeting feature (6) and feature (7) can obtain geographical location information (ACCESS_FINE_LOCATION or ACCESS_COARSE_LOCATION) and be sent to far-end server (INTERNET).The application program meeting feature (8) can read the address list information (READ_CONTACTS) of user and be sent to internet (INTERNET).The application program meeting feature (9) can be taken pictures (CAMERA) in the unwitting situation of user, and photo is sent to far-end server (INTERNET).Meet feature (10) application program can fetch equipment place geographical location information (ACCESS_FINE_LOCATION) and go out (SEND_SMS) by short message sending.
Table 1 malicious application authority uses feature sample
In sum, the System Privileges management-control method of a kind of low interference of the present invention, follow the tracks of from the operation behavior of user, from file-level, function rank, the behavior of variable levels recording user, and the essential behavioural characteristic set of the searching malicious application forming oneself, and the safety rule of a set of low interference of formulation of deriving based on this characteristic set.
Although content of the present invention has done detailed introduction by above preferred embodiment, will be appreciated that above-mentioned description should not be considered to limitation of the present invention.After those skilled in the art have read foregoing, for multiple amendment of the present invention and substitute will be all apparent.Therefore, protection scope of the present invention should be limited to the appended claims.