技术领域technical field
本发明属于计算机网络技术领域,涉及一种基于安全域的安卓隐私数据保护方法及系统。The invention belongs to the technical field of computer networks, and relates to a security domain-based Android privacy data protection method and system.
背景技术Background technique
随着智能终端的迅速普及和移动互联网的快速发展,智能手机上保存了越来越多的个人隐私信息,如通讯录、通话记录、短信和个人账户等。然而,用户敏感信息泄露的途径和类别也越来越多,恶意应用程序窃取用户敏感信息行为层出不穷,当前安卓操作系统的无法有效保护用户隐私信息,其安全体制架构存在以下主要缺陷:With the rapid popularization of smart terminals and the rapid development of the mobile Internet, more and more personal privacy information is stored on smart phones, such as address books, call records, text messages and personal accounts. However, there are more and more ways and categories of user sensitive information leakage. Malicious applications steal user sensitive information behaviors emerge in an endless stream. The current Android operating system cannot effectively protect user privacy information. Its security system architecture has the following major flaws:
1)安卓操作系统仅仅能提供粗粒度的权限访问控制,安装时限制应用程序能否得到权限进而获取隐私数据,而并不能深层次地管控隐私数据。比如,应用程序安装时,用户允许了应用获得读取联系人信息的权限,但用户并不知道应用是否将联系人信息发送给了广告商、应用开发者还是其他网络实体。1) The Android operating system can only provide coarse-grained permission access control. When installing, it restricts whether the application can obtain permission and then obtain private data, but cannot deeply control private data. For example, when an application is installed, the user allows the application to obtain the permission to read contact information, but the user does not know whether the application sends the contact information to advertisers, application developers or other network entities.
2)安卓操作系统存在权限提升攻击,未申请获得某一权限的应用,能够利用进程间通信和网络通信套接口等方式获取其他应用的权限,进而可以间接访问隐私数据。2) There are privilege escalation attacks in the Android operating system. Applications that have not applied for a certain permission can use inter-process communication and network communication sockets to obtain permissions of other applications, and then indirectly access private data.
3)安卓操作系统仅仅提供了单一的数据库进行存储,如短信、日历和联系人等信息,任何应用都可以存储并获取数据库中的隐私信息,缺少能够保护隐私数据的有效安全隔离机制。3) The Android operating system only provides a single database for storage, such as text messages, calendars, and contacts. Any application can store and obtain private information in the database, and lacks an effective security isolation mechanism that can protect private data.
由此看来,安卓操作系统中存在隐私信息泄露和窃取问题,缺乏隐私数据保护和管控机制。From this point of view, there are privacy information leakage and theft problems in the Android operating system, and there is a lack of privacy data protection and control mechanisms.
发明内容Contents of the invention
本发明的目的在于提供一种基于安全域的安卓隐私数据保护方法及系统,有效保护用户的隐私数据。The purpose of the present invention is to provide a security domain-based Android privacy data protection method and system to effectively protect user privacy data.
为此,根据本发明的一个方面,提供一种基于安全域的安卓隐私数据保护方法,包括如下步骤:For this reason, according to one aspect of the present invention, provide a kind of Android privacy data protection method based on security domain, comprise the steps:
1)在安卓系统中设置安全域和用户域,用户的隐私数据在安全域中加密存储,可信任的应用程序运行在安全域中,不可信任的应用程序运行在用户域中;1) Set up a security domain and a user domain in the Android system. The user's private data is encrypted and stored in the security domain. Trusted applications run in the security domain, and untrustworthy applications run in the user domain;
2)在安全域中设置访问控制策略,防止不可信任应用直接访问隐私数据,并管控可信任应用直接访问隐私数据;2) Set access control policies in the security domain to prevent untrustworthy applications from directly accessing private data, and control trustworthy applications from directly accessing private data;
3)在安全域中通过控制进程间通信和网络通信套接口,防止用户域中不可信任的应用程序利用安全域中可信任应用程序的权限间接访问隐私数据。3) By controlling inter-process communication and network communication sockets in the security domain, prevent untrusted applications in the user domain from indirectly accessing private data with the authority of trusted applications in the security domain.
进一步地,安全域中设置隐私策略执行模块和隐私策略管理模块,管控应用程序直接访问隐私数据;安全域中设置认证授权模块,管控用户域中的不可信任应用利用安全域中的可信任应用程序的权限间接访问隐私数据。Furthermore, a privacy policy execution module and a privacy policy management module are set in the security domain to control applications directly accessing private data; an authentication and authorization module is set in the security domain to control untrustworthy applications in the user domain to use trusted applications in the security domain permissions to indirectly access private data.
进一步地,根据本发明,管控应用程序直接访问隐私数据,包括以下步骤:Further, according to the present invention, the direct access of private data by the control application includes the following steps:
安全域中可信任应用程序和用户域中不可信任应用程序请求直接访问隐私数据(如读取短信、联系人、日历等),安卓系统中的包管理服务模块收到此请求;Trusted applications in the security domain and untrusted applications in the user domain request direct access to private data (such as reading text messages, contacts, calendars, etc.), and the package management service module in the Android system receives this request;
包管理服务模块根据应用标识和请求权限首先进行权限检查,如果应用程序不拥有该权限,其不能访问此权限对应的隐私数据;如果应用程序拥有该权限,根据包管理服务模块中设置的钩子函数,将访问请求发送给隐私策略执行模块;The package management service module first checks the permission according to the application identification and the requested permission. If the application does not have the permission, it cannot access the private data corresponding to this permission; if the application has the permission, according to the hook function set in the package management service module , sending the access request to the privacy policy enforcement module;
隐私策略执行模块收到请求,根据应用标识查询隐私策略表,由于不可信任应用在隐私策略表中标记为不可访问,将禁止不可信任应用程序访问隐私数据,可信任应用是否可以访问隐私数据向隐私策略管理模块发起请求;The privacy policy execution module receives the request and queries the privacy policy table according to the application ID. Since the untrustworthy application is marked as inaccessible in the privacy policy table, the untrustworthy application will be prohibited from accessing the private data. The policy management module initiates a request;
隐私策略管理模块收到请求,询问用户该应用是否能够获取该权限对应的隐私数据,将结果返回给隐私策略执行模块;The privacy policy management module receives the request, asks the user whether the application can obtain the privacy data corresponding to the permission, and returns the result to the privacy policy execution module;
隐私策略执行模块收到查询结果,发送给包管理服务模块;The privacy policy execution module receives the query result and sends it to the package management service module;
包管理服务模块根据用户的选择判定可信任应用程序是否可以访问隐私数据。The package management service module determines whether the trusted application can access private data according to the user's choice.
进一步地,根据本发明,管控用户域不可信任应用程序间接访问隐私数据,包括以下内容:Further, according to the present invention, the indirect access to private data by untrustworthy applications in the control user domain includes the following content:
当应用程序利用进程间通信向其他应用程序发送访问请求,认证授权模块截获此访问请求,如果请求的应用程序和被请求的应用程序都在同一个用户域或安全域,认证授权模块阻止该请求;如果此访问请求是安全域中可信应用向用户域中不可信任应用发起的,认证授权模块不阻止该请求;如果此访问请求是用户域中不可信任应用向安全域中可信应用发起的,认证授权模块阻止该请求;When an application uses inter-process communication to send an access request to other applications, the authentication and authorization module intercepts the access request, and if the requesting application and the requested application are in the same user domain or security domain, the authentication and authorization module blocks the request ; If the access request is initiated by a trusted application in the security domain to an untrusted application in the user domain, the authentication and authorization module does not block the request; if the access request is initiated by an untrusted application in the user domain to a trusted application in the security domain , the authentication and authorization module blocks the request;
当不可信任应用程序利用网络套接口向可信任应用程序发送访问请求,防火墙截获此访问请求并向认证授权模块发起询问,认证授权模块判定请求是由不可信任应用向可信任应用发起的,将阻止此请求防止不可信任应用间接访问隐私数据。When an untrusted application sends an access request to a trusted application through a network socket, the firewall intercepts the access request and initiates an inquiry to the authentication and authorization module. The authentication and authorization module determines that the request is initiated by an untrusted application to a trusted application, and blocks This request prevents indirect access to private data by untrusted applications.
根据本发明的另外一个方面,提供一种基于安全域的安卓隐私数据保护系统,包括安全域和用户域,用户的隐私数据存储在安全域中,可信任的应用程序运行在安全域中,不可信任的应用程序运行在用户域中;安全域中设置访问控制策略,防止不可信任应用直接访问隐私数据,管控可信任应用直接访问隐私数据,并通过控制进程间通信和网络通信套接口,防止用户域中不可信任的应用程序利用安全域中可信任应用程序的权限间接访问隐私数据。According to another aspect of the present invention, a security domain-based Android privacy data protection system is provided, including a security domain and a user domain. The user's private data is stored in the security domain, and trusted applications run in the security domain. Trusted applications run in the user domain; access control policies are set in the security domain to prevent untrusted applications from directly accessing private data, control trusted applications from directly accessing private data, and prevent users from accessing private data by controlling inter-process communication and network communication sockets. Untrusted applications in the domain use the permissions of trusted applications in the secure domain to indirectly access private data.
与现有技术相比,本发明的有益效果如下:Compared with the prior art, the beneficial effects of the present invention are as follows:
本发明提供的基于安全域的安卓隐私数据保护方法及系统,隔离安全域和用户域,区分可信任应用程序和不可信任应用程序,能够防止不可信任应用获取隐私数据,并且管控可信任应用程序访问隐私数据,如通讯录、通话记录、短信和个人账户等,用户的隐私数据能够被有效保护。The Android privacy data protection method and system based on the security domain provided by the present invention isolates the security domain and the user domain, distinguishes trusted applications from untrusted applications, prevents untrusted applications from obtaining private data, and controls the access of trusted applications Privacy data, such as address book, call records, text messages and personal accounts, etc., the user's privacy data can be effectively protected.
附图说明Description of drawings
图1为本发明具体实施例中基于安全域的安卓隐私数据保护系统结构图;Fig. 1 is a structural diagram of an Android privacy data protection system based on a security domain in a specific embodiment of the invention;
图2为本发明具体实施例中基于安全域的安卓隐私数据保护方法的流程图。Fig. 2 is a flow chart of a security domain-based Android privacy data protection method in a specific embodiment of the present invention.
图3为本发明具体实施例中隐私策略表结构的示意图。Fig. 3 is a schematic diagram of a privacy policy table structure in a specific embodiment of the present invention.
具体实施方式Detailed ways
为使本发明的上述目的、特征和优点能够更加明显易懂,下面通过具体实施例和附图,对本发明做进一步说明。In order to make the above objects, features and advantages of the present invention more obvious and understandable, the present invention will be further described below through specific embodiments and accompanying drawings.
图1为基于安全域的安卓隐私数据保护系统结构图,将安卓操作系统划分为安全域101和用户域102,用户的联系人、短信、通信录等隐私数据在安全域101中加密存储,安全域101中运行的应用程序为可信任的,可信任应用程序103需要通过安全评估,确认不包含恶意代码并且没有信息泄露行为才能安装在安全域101中,未通过安全评估的应用为不可信任应用程序104,运行在用户域102中。安全域101和用户域102之间实施隔离管控,防止用户隐私数据被用户域中的不可信任应用访问。Fig. 1 is a structural diagram of the Android privacy data protection system based on the security domain, and the Android operating system is divided into a security domain 101 and a user domain 102, and the user's private data such as contacts, short messages, and address books are encrypted and stored in the security domain 101, which is safe. The applications running in the domain 101 are trustworthy, and the trusted application 103 needs to pass the security assessment to confirm that it does not contain malicious code and has no information leakage before it can be installed in the security domain 101, and the application that fails the security assessment is an untrustworthy application The program 104 runs in the user domain 102 . Isolation control is implemented between the security domain 101 and the user domain 102 to prevent user privacy data from being accessed by untrusted applications in the user domain.
图2为基于安全域的安卓隐私数据保护方法的流程图,包括管控应用程序直接访问隐私数据的流程,以及管控用户域中的不可信任应用利用安全域中的可信任应用程序的权限间接访问隐私数据的流程。Figure 2 is a flowchart of a security domain-based Android privacy data protection method, including the process of controlling applications to directly access private data, and controlling untrustworthy applications in the user domain to use the permissions of trusted applications in the security domain to indirectly access privacy data flow.
管控应用程序直接访问隐私数据,包括以下步骤:Direct access to private data by control applications includes the following steps:
步骤201,安全域中可信任应用程序和用户域中不可信任应用程序请求直接访问隐私数据(如短信、联系人、日历、通信录等),安卓系统中的包管理服务模块收到此请求;Step 201, the trusted application program in the security domain and the untrustworthy application program in the user domain request direct access to private data (such as text messages, contacts, calendars, address books, etc.), and the package management service module in the Android system receives this request;
步骤202,包管理服务模块根据应用标识和请求权限首先进行权限检查,如果应用程序不拥有该权限,其不能访问此权限对应的隐私数据;如果应用程序拥有该权限,根据包管理服务模块中设置的钩子函数,将访问请求发送给隐私策略执行模块。Step 202, the package management service module first checks the permission according to the application identification and the requested permission. If the application does not have the permission, it cannot access the private data corresponding to the permission; The hook function that sends the access request to the privacy policy enforcement module.
步骤203,隐私策略执行模块收到请求,根据应用标识查询隐私策略表,由于不可信任应用在隐私策略表中标记为不可访问,将禁止不可信任应用程序访问隐私数据,可信任应用是否可以访问隐私数据向隐私策略管理模块发起请求;Step 203, the privacy policy execution module receives the request, and queries the privacy policy table according to the application identifier. Since the untrustworthy application is marked as inaccessible in the privacy policy table, the untrustworthy application is prohibited from accessing the private data. Whether the trustworthy application can access the private data The data initiates a request to the privacy policy management module;
步骤204,隐私策略管理模块收到请求,询问用户该应用是否能够获取该权限对应的隐私数据,将结果返回给隐私策略执行模块;Step 204, the privacy policy management module receives the request, asks the user whether the application can obtain the privacy data corresponding to the permission, and returns the result to the privacy policy execution module;
步骤205,隐私策略执行模块收到查询结果,发送给包管理服务模块;Step 205, the privacy policy execution module receives the query result and sends it to the package management service module;
步骤206,包管理服务模块根据用户的选择判定可信任应用程序是否可以访问隐私数据;Step 206, the package management service module determines whether the trusted application can access the private data according to the user's choice;
管控用户域不可信任应用程序间接访问隐私数据,包括以下内容:Control the indirect access to private data by untrustworthy applications in the user domain, including the following:
步骤207,当应用程序利用进程间通信(ICC)向其他应用程序发送访问请求,认证授权模块截获此访问请求,如果请求的应用程序和被请求的应用程序都在同一个用户域或安全域中,认证授权模块阻止该请求;如果此访问请求是安全域中可信应用向用户域中不可信任应用发起的,认证授权模块不阻止该请求;如果此访问请求是用户域中不可信任应用向安全域中可信应用发起的,认证授权模块阻止该请求。Step 207, when the application program utilizes inter-process communication (ICC) to send an access request to other application programs, the authentication and authorization module intercepts the access request, if the requested application program and the requested application program are in the same user domain or security domain , the authentication and authorization module blocks the request; if the access request is initiated from a trusted application in the security domain to an untrusted application in the user domain, the authentication and authorization module does not block the request; if the access request is from an untrusted application in the user domain to the security Initiated by a trusted application in the domain, the authentication and authorization module blocks the request.
步骤208,当不可信任应用程序利用网络套接口(Socket)向可信任应用程序发送访问请求,防火墙截获此访问请求并向认证授权模块发起询问,认证授权模块判定请求是由不可信任应用向可信任应用发起的,将阻止此请求防止不可信任应用间接访问隐私数据。Step 208, when the untrustworthy application program utilizes the network socket (Socket) to send an access request to the trusted application program, the firewall intercepts the access request and initiates an inquiry to the authentication and authorization module, and the authentication and authorization module determines that the request is from the untrustworthy application to the trusted application. Initiated by an application, this request will be blocked to prevent indirect access to private data by untrusted applications.
图3为隐私策略表结构的示意图,包括应用标识哈希值、信任状态标志位和用户设置标志位。隐私策略表中的应用标识哈希后进行存储,当隐私策略执行模块收到查询请求,从请求消息中提取应用标识,然后哈希计算,以便快速查询对应的条目。信任状态标志位区分应用为可信任还是不可信任,当信任状态标志位为0时,表明此应用为不可信任的应用程序,当信任状态标志位为1时,表明此应用为可信任的应用程序。当用户设置标志位为0时,表明可信任应用是否可以访问隐私数据需要经过用户同意,隐私策略执行模块将向隐私策略管理模块发起询问请求。当用户设置标志位为1时,表明用户设置该可信任应用可以访问隐私数据,不需要向隐私策略管理模块发起询问请求。FIG. 3 is a schematic diagram of the structure of the privacy policy table, including application identification hash values, trust status flags, and user setting flags. The application ID in the privacy policy table is hashed and stored. When the privacy policy execution module receives a query request, it extracts the application ID from the request message, and performs hash calculation to quickly query the corresponding entry. The trust status flag distinguishes whether the application is trustworthy or untrustworthy. When the trust status flag is 0, it indicates that the application is an untrusted application. When the trust status flag is 1, it indicates that the application is a trustworthy application. . When the user sets the flag bit to 0, it indicates that whether the trusted application can access the private data requires the consent of the user, and the privacy policy execution module will initiate an inquiry request to the privacy policy management module. When the user sets the flag bit to 1, it indicates that the user sets the trusted application to access private data, and does not need to initiate an inquiry request to the privacy policy management module.
上述仅为本发明的较佳实施例而已,并非用来限定本发明的保护范围。即凡依本发明的思想和精神所做的等同变化与修改,皆为本发明的保护范围所涵盖。The foregoing are only preferred embodiments of the present invention, and are not intended to limit the protection scope of the present invention. That is, all equivalent changes and modifications made according to the idea and spirit of the present invention are covered by the protection scope of the present invention.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510076651.3ACN104683336B (en) | 2015-02-12 | 2015-02-12 | A kind of Android private data guard method and system based on security domain |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510076651.3ACN104683336B (en) | 2015-02-12 | 2015-02-12 | A kind of Android private data guard method and system based on security domain |
| Publication Number | Publication Date |
|---|---|
| CN104683336A CN104683336A (en) | 2015-06-03 |
| CN104683336Btrue CN104683336B (en) | 2018-11-13 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510076651.3AExpired - Fee RelatedCN104683336B (en) | 2015-02-12 | 2015-02-12 | A kind of Android private data guard method and system based on security domain |
| Country | Link |
|---|---|
| CN (1) | CN104683336B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106341369A (en)* | 2015-07-06 | 2017-01-18 | 深圳市中兴微电子技术有限公司 | Security control method and device |
| CN107533603A (en)* | 2015-08-31 | 2018-01-02 | 华为技术有限公司 | SMS processing method, device and terminal |
| CN105260663B (en)* | 2015-09-15 | 2017-12-01 | 中国科学院信息工程研究所 | A kind of safe storage service system and method based on TrustZone technologies |
| CN106815518B (en)* | 2015-11-30 | 2020-08-25 | 华为技术有限公司 | Application installation method and electronic equipment |
| CN106845174B (en)* | 2015-12-03 | 2020-07-10 | 福州瑞芯微电子股份有限公司 | Application authority management method and system under security system |
| CN105809036B (en)* | 2016-04-01 | 2019-05-10 | 中国银联股份有限公司 | A TEE access control method and mobile terminal implementing the method |
| CN105843653B (en)* | 2016-04-12 | 2017-11-24 | 恒宝股份有限公司 | A kind of safety applications collocation method and device |
| CN106027376A (en)* | 2016-06-30 | 2016-10-12 | 深圳市金立通信设备有限公司 | Instant communication message processing method and terminal |
| CN107871062A (en)* | 2016-09-28 | 2018-04-03 | 中兴通讯股份有限公司 | A kind of application permission control method, device and terminal |
| CN106789900A (en)* | 2016-11-22 | 2017-05-31 | 北京奇虎科技有限公司 | A kind of system and method that safeguard protection is carried out based on isolated area |
| CN106355100A (en)* | 2016-11-22 | 2017-01-25 | 北京奇虎科技有限公司 | Safety protection system and method |
| CN106789893A (en)* | 2016-11-22 | 2017-05-31 | 北京奇虎科技有限公司 | A kind of system and method for carrying out safe handling to item of information |
| CN106453398B (en)* | 2016-11-22 | 2019-07-09 | 北京安云世纪科技有限公司 | A kind of data encryption system and method |
| CN107071769B (en)* | 2017-04-25 | 2020-10-27 | 上海盈联电信科技有限公司 | Security authentication device and method for information synchronization |
| CN107133513B (en)* | 2017-05-10 | 2019-09-17 | 中南大学 | It is a kind of support Android run when authority mechanism third-party application between communications access control method |
| CN107220538A (en)* | 2017-06-27 | 2017-09-29 | 广东欧珀移动通信有限公司 | Payment application management method, device and mobile terminal |
| CN107454112A (en)* | 2017-09-29 | 2017-12-08 | 恒宝股份有限公司 | A kind of method and its system for accessing trusted application |
| CN109787943B (en)* | 2017-11-14 | 2022-02-22 | 华为技术有限公司 | Method and equipment for resisting denial of service attack |
| CN107888614A (en)* | 2017-12-01 | 2018-04-06 | 大猫网络科技(北京)股份有限公司 | A kind of user right determination methods and device |
| CN113168476B (en)* | 2018-11-30 | 2024-11-01 | 百可德罗德公司 | Access control for personalized cryptographic security in an operating system |
| CN109831575A (en)* | 2018-12-26 | 2019-05-31 | 上海悦易网络信息技术有限公司 | The method for deleting and erasing system of private data in Android mobile phone |
| CN110460716A (en)* | 2019-06-28 | 2019-11-15 | 华为技术有限公司 | A method and electronic device for responding to a request |
| CN111008836B (en)* | 2019-11-15 | 2023-09-05 | 哈尔滨工业大学(深圳) | Privacy security transfer payment method, device, system and storage medium |
| US20220108001A1 (en)* | 2020-10-07 | 2022-04-07 | WhiteBeam Security, Incorporated | System for detecting and preventing unauthorized software activity |
| WO2024007096A1 (en)* | 2022-07-04 | 2024-01-11 | 嘉兴尚坤科技有限公司 | Privacy data protection method for android system |
| CN117407843B (en)* | 2023-10-13 | 2024-04-19 | 成都安美勤信息技术股份有限公司 | Privacy information access detection management method |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103020531A (en)* | 2012-12-06 | 2013-04-03 | 中国科学院信息工程研究所 | Android smart terminal operating environment trusted control method and system |
| CN103559437A (en)* | 2013-11-12 | 2014-02-05 | 中国科学院信息工程研究所 | Access control method and system for Android operation system |
| CN103856485A (en)* | 2014-02-14 | 2014-06-11 | 武汉天喻信息产业股份有限公司 | System and method for initializing safety indicator of credible user interface |
| WO2014144908A1 (en)* | 2013-03-15 | 2014-09-18 | Fuhu Holdings, Inc. | Tablet computer |
| CN104318171A (en)* | 2014-10-09 | 2015-01-28 | 中国科学院信息工程研究所 | Android privacy data protection method and system based on authority tags |
| CN104346572A (en)* | 2013-07-25 | 2015-02-11 | 中国科学院信息工程研究所 | Construction method of universal external intelligent terminal safety operation environment |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103020531A (en)* | 2012-12-06 | 2013-04-03 | 中国科学院信息工程研究所 | Android smart terminal operating environment trusted control method and system |
| WO2014144908A1 (en)* | 2013-03-15 | 2014-09-18 | Fuhu Holdings, Inc. | Tablet computer |
| CN104346572A (en)* | 2013-07-25 | 2015-02-11 | 中国科学院信息工程研究所 | Construction method of universal external intelligent terminal safety operation environment |
| CN103559437A (en)* | 2013-11-12 | 2014-02-05 | 中国科学院信息工程研究所 | Access control method and system for Android operation system |
| CN103856485A (en)* | 2014-02-14 | 2014-06-11 | 武汉天喻信息产业股份有限公司 | System and method for initializing safety indicator of credible user interface |
| CN104318171A (en)* | 2014-10-09 | 2015-01-28 | 中国科学院信息工程研究所 | Android privacy data protection method and system based on authority tags |
| Title |
|---|
| 《Building a Secure System using TrustZone Technology》;ARM;《ARM Security Technology》;20091231;第4章、附图2* |
| 《The theory and practice in the evolution of trusted computing》;Dengguo Feng,et.al;《Computer Science & Technology》;20141231;全文* |
| 《Trustworthy Execution on Mobile Devices:What Security Properties Can My Mobile Platform Give Me?》;Amit Vasudevan,et.al;《Springer-Verlag Berlin Heidelberg》;20121231;第3章* |
| 《Trustworthy Execution on Mobile Devices》;Amit Vasudevan,et.al;《SpringerBriefs in Computer Science》;20141231;第3-5章、附图4.2* |
| Publication number | Publication date |
|---|---|
| CN104683336A (en) | 2015-06-03 |
| Publication | Publication Date | Title |
|---|---|---|
| CN104683336B (en) | A kind of Android private data guard method and system based on security domain | |
| Shabtai et al. | Google android: A comprehensive security assessment | |
| JP7545419B2 (en) | Ransomware Mitigation in Integrated and Isolated Applications | |
| US10645091B2 (en) | Methods and systems for a portable data locker | |
| CN104318171B (en) | Android private data guard methods and system based on rights label | |
| US20120137375A1 (en) | Security systems and methods to reduce data leaks in enterprise networks | |
| WO2015096695A1 (en) | Installation control method, system and device for application program | |
| CN106330984B (en) | Dynamic updating method and device of access control strategy | |
| JP2014503909A (en) | Anti-tamper location service | |
| WO2013075419A1 (en) | Method for managing right to use of function, and mobile terminal | |
| KR101373542B1 (en) | System for Privacy Protection which uses Logical Network Division Method based on Virtualization | |
| WO2013075422A1 (en) | Method for protecting privacy information and mobile terminal | |
| KR101441581B1 (en) | Multi-layer security apparatus and multi-layer security method for cloud computing environment | |
| CN114553540A (en) | Zero-trust-based Internet of things system, data access method, device and medium | |
| CN104318176A (en) | Terminal and data management method and device thereof | |
| KR101403626B1 (en) | Method of integrated smart terminal security management in cloud computing environment | |
| CN105094996A (en) | Security-enhancing method and system of Android system based on dynamic authority verification | |
| WO2015117523A1 (en) | Access control method and device | |
| WO2007001046A1 (en) | Method for protecting confidential file of security countermeasure application and confidential file protection device | |
| US9432357B2 (en) | Computer network security management system and method | |
| Sikder et al. | A survey on android security: development and deployment hindrance and best practices | |
| KR101089157B1 (en) | Server Logical Network Separation System and Method Using Client Virtualization | |
| JP4526383B2 (en) | Tamper evident removable media for storing executable code | |
| CN106888224A (en) | Network safety prevention framework, method and system | |
| CN108664805A (en) | A kind of application security method of calibration and system |
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | Granted publication date:20181113 | |
| CF01 | Termination of patent right due to non-payment of annual fee |