Skip navigation

DSpace JSPUI

DSpace preserves and enables easy and open access to all types of digital content including text, images, moving images, mpegs and data sets

Learn More
DSpace logo
English
中文
  • Browse
    • Communities
      & Collections
    • Publication Year
    • Author
    • Title
    • Subject
    • Advisor
  • Search TDR
  • Rights Q&A
    • My Page
    • Receive email
      updates
    • Edit Profile
  1. NTU Theses and Dissertations Repository
  2. 電機資訊學院
  3. 資訊工程學系
Please use this identifier to cite or link to this item: http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/60190
Full metadata record
???org.dspace.app.webui.jsptag.ItemTag.dcfield???ValueLanguage
dc.contributor.advisor洪士灝
dc.contributor.authorShuen-Wen Hsiaoen
dc.contributor.author蕭舜文zh_TW
dc.date.accessioned2021-06-16T10:13:27Z-
dc.date.available2018-08-23
dc.date.copyright2013-08-23
dc.date.issued2013
dc.date.submitted2013-08-20
dc.identifier.citation[1] Wikipedia, “Google Play,” 2013. [Online]. Available: http://en.wikipedia.org/wiki/
Google_Play
[2] “NBCNEWS,” 2013. [Online]. Available: http://www.nbcnews.com/technology/
android-malware-more-doubled-worldwide-2012-6C9525347
[3] M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel, “Semantically rich applicationcentric
security in android,” in Proceedings of the 2009 Annual Computer Security
Applications Conference, ser. ACSAC ’09. Washington, DC, USA: IEEE Computer
Society, 2009, pp. 340–349. [Online]. Available: http://dx.doi.org/10.1109/ACSAC.
2009.39
[4] M. Nauman, S. Khan, and X. Zhang, “Apex: extending android permission model
and enforcement with user-defined runtime constraints,” in Proceedings of the 5th
ACM Symposium on Information, Computer and Communications Security, ser.
ASIACCS ’10. New York, NY, USA: ACM, 2010, pp. 328–332. [Online]. Available:
http://doi.acm.org/10.1145/1755688.1755732
[5] M. Conti, V. T. N. Nguyen, and B. Crispo, “Crepe: context-related policy enforcement
for android,” in Proceedings of the 13th international conference on Information
security, ser. ISC’10. Berlin, Heidelberg: Springer-Verlag, 2011, pp. 331–345. [Online].
Available: http://dl.acm.org/citation.cfm?id=1949317.1949355
25
[6] G. Bai, L. Gu, T. Feng, Y. Guo, and X. Chen, “Context-aware usage control for android,”
in SecureComm, 2010, pp. 326–343.
[7] A. R. Beresford, A. Rice, N. Skehin, and R. Sohan, “Mockdroid: trading
privacy for application functionality on smartphones,” in Proceedings of the
12th Workshop on Mobile Computing Systems and Applications, ser. HotMobile
’11. New York, NY, USA: ACM, 2011, pp. 49–54. [Online]. Available: http:
//doi.acm.org/10.1145/2184489.2184500
[8] Y. Zhou, X. Zhang, X. Jiang, and V. W. Freeh, “Taming information-stealing smartphone
applications (on android),” in Proceedings of the 4th international conference on Trust
and trustworthy computing, ser. TRUST’11. Berlin, Heidelberg: Springer-Verlag, 2011,
pp. 93–107. [Online]. Available: http://dl.acm.org/citation.cfm?id=2022245.2022255
[9] W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth,
“Taintdroid: an information-flow tracking system for realtime privacy monitoring on
smartphones,” in Proceedings of the 9th USENIX conference on Operating systems
design and implementation, ser. OSDI’10. Berkeley, CA, USA: USENIX Association,
2010, pp. 1–6. [Online]. Available: http://dl.acm.org/citation.cfm?id=1924943.1924971
[10] M. Dietz, S. Shekhar, Y. Pisetsky, A. Shu, and D. S. Wallach, “Quire: Lightweight provenance
for smart phone operating systems,” in 20th USENIX Security Symposium, San
Francisco, CA, Aug. 2011.
[11] S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, and A.-R. Sadeghi, “Xmandroid: A new
android evolution to mitigate privilege escalation attacks,” Technische Universitat Darmstadt,
Technical Report TR-2011-04, Apr. 2011.
[12] R. Schlegel, K. Zhang, X. Zhou, M. Intwala, A. Kapadia, and X. Wang, “Soundcomber:
A Stealthy and Context-Aware Sound Trojan for Smartphones,” in Proceedings of the
18th Annual Network and Distributed System Security Symposium (NDSS), Feb. 2011,
pp. 17–33.
26
[13] L. Davi, A. Dmitrienko, A.-R. Sadeghi, and M. Winandy, “Privilege escalation attacks
on android,” in Proceedings of the 13th international conference on Information security,
ser. ISC’10. Berlin, Heidelberg: Springer-Verlag, 2011, pp. 346–360. [Online].
Available: http://dl.acm.org/citation.cfm?id=1949317.1949356
[14] M. Dietz, S. Shekhar, Y. Pisetsky, A. Shu, and D. S. Wallach, “Quire: Lightweight provenance
for smart phone operating systems,” in 20th USENIX Security Symposium, San
Francisco, CA, Aug. 2011.
[15] S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, and A.-R. Sadeghi, “Xmandroid: A new
android evolution to mitigate privilege escalation attacks,” Technische Universitat Darmstadt,
Technical Report TR-2011-04, Apr. 2011.
[16] G. Portokalidis, P. Homburg, K. Anagnostakis, and H. Bos, “Paranoid android: versatile
protection for smartphones,” in Proceedings of the 26th Annual Computer Security
Applications Conference, ser. ACSAC ’10. New York, NY, USA: ACM, 2010, pp.
347–356. [Online]. Available: http://doi.acm.org/10.1145/1920261.1920313
[17] G. Russello, B. Crispo, E. Fernandes, and Y. Zhauniarovich, “Yaase: Yet
another android security extension.” in SocialCom/PASSAT. IEEE, 2011, pp. 1033–
1040. [Online]. Available: http://dblp.uni-trier.de/db/conf/socialcom/socialcom2011.
html#RusselloCFZ11
[18] W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth,
“Taintdroid: an information-flow tracking system for realtime privacy monitoring on
smartphones,” in Proceedings of the 9th USENIX conference on Operating systems
design and implementation, ser. OSDI’10. Berkeley, CA, USA: USENIX Association,
2010, pp. 1–6. [Online]. Available: http://dl.acm.org/citation.cfm?id=1924943.1924971
[19] “Android Content Provider,” 2013. [Online]. Available: http://developer.android.com/
guide/topics/providers/content-providers.html
dc.identifier.urihttp://tdr.lib.ntu.edu.tw/jspui/handle/123456789/60190-
dc.description.abstractAndroid是目前最熱門的智慧型手機系統. 目前的Android系統無法讓使
用者知道應用程式何時存取用戶的私密資料. 再來, 由於Android缺少審核機
制, 使得惡意軟體正爆炸姓成長,而這些惡意軟體可能竊取使用者的私密資
料。利用PasDroid可以降低使用者私密資料被竊取的風險, 並且可以讓使用
者自行定義哪些檔案是私密資料並且持續追蹤這些資料。PasDroid提供白名
單機制讓使用者去控制應用程式允許送出的私密資料類型。當有未經授權
的私密資料被傳送出去前,PasDroid會阻止這筆資料的傳送並且跳出警告視
窗通知使用者。		zh_TW
dc.description.abstractToday Android has become the most popular smartphone operating systems.
The current Android systems fail to provide users with adequate control over and
visibility how third-party applications use their private data. Furthermore, Android
doesn’t provide app review which brings to the explosion of malware. The malware
might steal privacy data stored in Android phone. We reduce the risk of the private
data leakage with PasDroid, allowing users to define their own sesntive source and
taint tags to simultaneously tracking multiple sources of sensitive data. PasDroid
maintains white list per applications installed in Android systems to control the
sent data of the application. When there has an authorized data is goind to send
out, PasDroid drops the data and shows dialog within detailed information to notify
user.		en
dc.description.provenanceMade available in DSpace on 2021-06-16T10:13:27Z (GMT). No. of bitstreams: 1
ntu-102-R00922122-1.pdf: 1620288 bytes, checksum: 8bc610e7c055ab4097e9336dff4e2fbc (MD5)
Previous issue date: 2013		en
dc.description.tableofcontentsAcknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i
中文摘要. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii
Abstract. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.1 Thesis Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.1 TaintDroid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.1.1 TaintDroid Taint Source. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.2 POSIX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.3 Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.4 IPC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.4.1 Binder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.4.2 Parcel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.4.3 Looper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.4.4 Handler. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
iv
3.5 Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.6 JNI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
4 PasDroid Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
4.1 TokenManagerService . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
4.1.1 White List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
4.2 TaintManagerService . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4.2.1 Add Private Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.2.2 Add Data Type Name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.3 JNIHelper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.3.1 Whit List Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.4 AlertDialogService . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.5 Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
4.5.1 System Flow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
4.5.2 Block Diagram. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
5 Experimental Results. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
5.1 Analyze Outgoing Messages of Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.1.1 IMEI Scams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.2 Application Launch Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.3 Network Uploading Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
6 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
6.1 Limitation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
6.2 Auto Tainting Potential Personal Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
v
6.3 Sending Dilemma . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
6.4 Tainting Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
6.5 Cloud Tuning Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
7 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
vi
dc.language.isoen
dc.subject安全zh_TW
dc.subject安卓zh_TW
dc.subject智慧型手機zh_TW
dc.subject隱私zh_TW
dc.subject私密zh_TW
dc.subject保護zh_TW
dc.subject個人資料zh_TW
dc.subjectPersonal Dataen
dc.subjectSecurityen
dc.subjectAndroiden
dc.subjectSmartPhoneen
dc.subjectPrivateen
dc.subjectPrivacyen
dc.subjectProtecten
dc.titlePasDroid: 在Android系統上即時防堵惡意軟體的保護方案zh_TW
dc.titlePasDroid: A Real-Time Malware Protection Scheme for Android Systemsen
dc.typeThesis
dc.date.schoolyear101-2
dc.description.degree碩士
dc.contributor.oralexamcommittee鍾葉青,廖士偉,徐慰中
dc.subject.keyword安全,安卓,智慧型手機,隱私,私密,保護,個人資料,zh_TW
dc.subject.keywordSecurity,Android,SmartPhone,Private,Privacy,Protect,Personal Data,en
dc.relation.page31
dc.rights.note有償授權
dc.date.accepted2013-08-20
dc.contributor.author-college電機資訊學院zh_TW
dc.contributor.author-dept資訊工程學研究所zh_TW
Appears in Collections:資訊工程學系

Files in This Item:
File SizeFormat 
ntu-102-1.pdf
  Restricted Access 		1.58 MBAdobe PDF
Show simple item record


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

社群連結
聯絡資訊
10617臺北市大安區羅斯福路四段1號
No.1 Sec.4, Roosevelt Rd., Taipei, Taiwan, R.O.C. 106
Tel: (02)33662353
Email: ntuetds@ntu.edu.tw
意見箱
相關連結
館藏目錄
國內圖書館整合查詢 MetaCat
臺大學術典藏 NTU Scholars
臺大圖書館數位典藏館
本站聲明
© NTU Library All Rights Reserved