請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/60190
完整後設資料紀錄
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.advisor | 洪士灝 | |
dc.contributor.author | Shuen-Wen Hsiao | en |
dc.contributor.author | 蕭舜文 | zh_TW |
dc.date.accessioned | 2021-06-16T10:13:27Z | - |
dc.date.available | 2018-08-23 | |
dc.date.copyright | 2013-08-23 | |
dc.date.issued | 2013 | |
dc.date.submitted | 2013-08-20 | |
dc.identifier.citation | [1] Wikipedia, “Google Play,” 2013. [Online]. Available: http://en.wikipedia.org/wiki/
Google_Play [2] “NBCNEWS,” 2013. [Online]. Available: http://www.nbcnews.com/technology/ android-malware-more-doubled-worldwide-2012-6C9525347 [3] M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel, “Semantically rich applicationcentric security in android,” in Proceedings of the 2009 Annual Computer Security Applications Conference, ser. ACSAC ’09. Washington, DC, USA: IEEE Computer Society, 2009, pp. 340–349. [Online]. Available: http://dx.doi.org/10.1109/ACSAC. 2009.39 [4] M. Nauman, S. Khan, and X. Zhang, “Apex: extending android permission model and enforcement with user-defined runtime constraints,” in Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ser. ASIACCS ’10. New York, NY, USA: ACM, 2010, pp. 328–332. [Online]. Available: http://doi.acm.org/10.1145/1755688.1755732 [5] M. Conti, V. T. N. Nguyen, and B. Crispo, “Crepe: context-related policy enforcement for android,” in Proceedings of the 13th international conference on Information security, ser. ISC’10. Berlin, Heidelberg: Springer-Verlag, 2011, pp. 331–345. [Online]. Available: http://dl.acm.org/citation.cfm?id=1949317.1949355 25 [6] G. Bai, L. Gu, T. Feng, Y. Guo, and X. Chen, “Context-aware usage control for android,” in SecureComm, 2010, pp. 326–343. [7] A. R. Beresford, A. Rice, N. Skehin, and R. Sohan, “Mockdroid: trading privacy for application functionality on smartphones,” in Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, ser. HotMobile ’11. New York, NY, USA: ACM, 2011, pp. 49–54. [Online]. Available: http: //doi.acm.org/10.1145/2184489.2184500 [8] Y. Zhou, X. Zhang, X. Jiang, and V. W. Freeh, “Taming information-stealing smartphone applications (on android),” in Proceedings of the 4th international conference on Trust and trustworthy computing, ser. TRUST’11. Berlin, Heidelberg: Springer-Verlag, 2011, pp. 93–107. [Online]. Available: http://dl.acm.org/citation.cfm?id=2022245.2022255 [9] W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, “Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones,” in Proceedings of the 9th USENIX conference on Operating systems design and implementation, ser. OSDI’10. Berkeley, CA, USA: USENIX Association, 2010, pp. 1–6. [Online]. Available: http://dl.acm.org/citation.cfm?id=1924943.1924971 [10] M. Dietz, S. Shekhar, Y. Pisetsky, A. Shu, and D. S. Wallach, “Quire: Lightweight provenance for smart phone operating systems,” in 20th USENIX Security Symposium, San Francisco, CA, Aug. 2011. [11] S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, and A.-R. Sadeghi, “Xmandroid: A new android evolution to mitigate privilege escalation attacks,” Technische Universitat Darmstadt, Technical Report TR-2011-04, Apr. 2011. [12] R. Schlegel, K. Zhang, X. Zhou, M. Intwala, A. Kapadia, and X. Wang, “Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones,” in Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS), Feb. 2011, pp. 17–33. 26 [13] L. Davi, A. Dmitrienko, A.-R. Sadeghi, and M. Winandy, “Privilege escalation attacks on android,” in Proceedings of the 13th international conference on Information security, ser. ISC’10. Berlin, Heidelberg: Springer-Verlag, 2011, pp. 346–360. [Online]. Available: http://dl.acm.org/citation.cfm?id=1949317.1949356 [14] M. Dietz, S. Shekhar, Y. Pisetsky, A. Shu, and D. S. Wallach, “Quire: Lightweight provenance for smart phone operating systems,” in 20th USENIX Security Symposium, San Francisco, CA, Aug. 2011. [15] S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, and A.-R. Sadeghi, “Xmandroid: A new android evolution to mitigate privilege escalation attacks,” Technische Universitat Darmstadt, Technical Report TR-2011-04, Apr. 2011. [16] G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos, “Paranoid android: versatile protection for smartphones,” in Proceedings of the 26th Annual Computer Security Applications Conference, ser. ACSAC ’10. New York, NY, USA: ACM, 2010, pp. 347–356. [Online]. Available: http://doi.acm.org/10.1145/1920261.1920313 [17] G. Russello, B. Crispo, E. Fernandes, and Y. Zhauniarovich, “Yaase: Yet another android security extension.” in SocialCom/PASSAT. IEEE, 2011, pp. 1033– 1040. [Online]. Available: http://dblp.uni-trier.de/db/conf/socialcom/socialcom2011. html#RusselloCFZ11 [18] W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, “Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones,” in Proceedings of the 9th USENIX conference on Operating systems design and implementation, ser. OSDI’10. Berkeley, CA, USA: USENIX Association, 2010, pp. 1–6. [Online]. Available: http://dl.acm.org/citation.cfm?id=1924943.1924971 [19] “Android Content Provider,” 2013. [Online]. Available: http://developer.android.com/ guide/topics/providers/content-providers.html | |
dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/60190 | - |
dc.description.abstract | Android是目前最熱門的智慧型手機系統. 目前的Android系統無法讓使
用者知道應用程式何時存取用戶的私密資料. 再來, 由於Android缺少審核機 制, 使得惡意軟體正爆炸姓成長,而這些惡意軟體可能竊取使用者的私密資 料。利用PasDroid可以降低使用者私密資料被竊取的風險, 並且可以讓使用 者自行定義哪些檔案是私密資料並且持續追蹤這些資料。PasDroid提供白名 單機制讓使用者去控制應用程式允許送出的私密資料類型。當有未經授權 的私密資料被傳送出去前,PasDroid會阻止這筆資料的傳送並且跳出警告視 窗通知使用者。 | zh_TW |
dc.description.abstract | Today Android has become the most popular smartphone operating systems.
The current Android systems fail to provide users with adequate control over and visibility how third-party applications use their private data. Furthermore, Android doesn’t provide app review which brings to the explosion of malware. The malware might steal privacy data stored in Android phone. We reduce the risk of the private data leakage with PasDroid, allowing users to define their own sesntive source and taint tags to simultaneously tracking multiple sources of sensitive data. PasDroid maintains white list per applications installed in Android systems to control the sent data of the application. When there has an authorized data is goind to send out, PasDroid drops the data and shows dialog within detailed information to notify user. | en |
dc.description.provenance | Made available in DSpace on 2021-06-16T10:13:27Z (GMT). No. of bitstreams: 1 ntu-102-R00922122-1.pdf: 1620288 bytes, checksum: 8bc610e7c055ab4097e9336dff4e2fbc (MD5) Previous issue date: 2013 | en |
dc.description.tableofcontents | Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i
中文摘要. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii Abstract. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1 Thesis Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.1 TaintDroid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.1.1 TaintDroid Taint Source. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.2 POSIX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3.3 Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3.4 IPC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 3.4.1 Binder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 3.4.2 Parcel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.4.3 Looper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.4.4 Handler. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 iv 3.5 Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.6 JNI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 4 PasDroid Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 4.1 TokenManagerService . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 4.1.1 White List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 4.2 TaintManagerService . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 4.2.1 Add Private Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 4.2.2 Add Data Type Name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 4.3 JNIHelper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 4.3.1 Whit List Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 4.4 AlertDialogService . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 4.5 Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 4.5.1 System Flow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 4.5.2 Block Diagram. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 5 Experimental Results. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 5.1 Analyze Outgoing Messages of Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 5.1.1 IMEI Scams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 5.2 Application Launch Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 5.3 Network Uploading Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 6 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 6.1 Limitation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 6.2 Auto Tainting Potential Personal Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 v 6.3 Sending Dilemma . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 6.4 Tainting Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 6.5 Cloud Tuning Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 7 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 vi | |
dc.language.iso | en | |
dc.title | PasDroid: 在Android系統上即時防堵惡意軟體的保護方案 | zh_TW |
dc.title | PasDroid: A Real-Time Malware Protection Scheme for Android Systems | en |
dc.type | Thesis | |
dc.date.schoolyear | 101-2 | |
dc.description.degree | 碩士 | |
dc.contributor.oralexamcommittee | 鍾葉青,廖士偉,徐慰中 | |
dc.subject.keyword | 安全,安卓,智慧型手機,隱私,私密,保護,個人資料, | zh_TW |
dc.subject.keyword | Security,Android,SmartPhone,Private,Privacy,Protect,Personal Data, | en |
dc.relation.page | 31 | |
dc.rights.note | 有償授權 | |
dc.date.accepted | 2013-08-20 | |
dc.contributor.author-college | 電機資訊學院 | zh_TW |
dc.contributor.author-dept | 資訊工程學研究所 | zh_TW |
顯示於系所單位: | 資訊工程學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-102-1.pdf 目前未授權公開取用 | 1.58 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。