博碩士論文 104522041 詳細資訊




以作者查詢圖書館館藏 以作者查詢臺灣博碩士 以作者查詢全國書目 勘誤回報 、線上人數:19 、訪客IP:18.97.14.83
姓名 陳昌毅(Chang-Yi Chen)  查詢紙本館藏   畢業系所 資訊工程學系
論文名稱
(DPC:A Dynamic Permission Control Mechanism for Android Third-party Libraries)
相關論文
★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制★ SRA系統防禦ARP欺騙劫持路由器
★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ KKBB: Kernel Keylogger Bye-Bye★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment
檔案 [Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   [檢視]  [下載]
  1. 本電子論文使用權限為同意立即開放。
  2. 已達開放權限電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。
  3. 請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。

摘要(中) 隨著智慧型手機的發展,具備各式功能的APP爭相上架,但為了降低開發時間及成本,許多開發者使用不安全或不熟悉的third-party library,而Android的權限機制卻給予third-party library擁有與host-app一模一樣的存取權限。因此如何阻止third-party library進行越權行為成了值得探討的問題。
在先前的研究 [1]、 [2]都有提到了third-party library會有越權的行為,進一步地對使用者隱私造成威脅。為此本篇論文做出兩點貢獻(一)針對Android framework中的權限控制機制做出修改並且讓運行時的權限管理更加彈性。(二)阻擋third-party library的越權行為,開發者能夠動態的關閉/開啟APP所擁有的敏感權限,保護使用者隱私。
為了證明此機制的可用性,本論文對許多Real-world APP進行實際測試,在Google Play商店中獲得熱門APP,將這些APP套用我們所開發出來的機制,提供開發者動態地阻止敏感功能運作藉此證明此機制,限制third-party library存取敏感權限。
摘要(英)
App with all kinds of features arise in today′s smart phone market, many developers use unsafe or unknown Third-party Library to reduce the development time and cost; however, host-app and Third-party Library has the same permissions, there is no clear distinctions between them. Therefore, how to prevent Third-party Libraries from overriding permissions has become an worth discussing issue.
Previous research [1], [2] have mentioned the third-party library might have the issue of exceeding the permission and threat the users’ privacy. This thesis has two contributions: (1) Modify the permission mechanism of Android framework and achieve more dynamically control permission in the runtime. (2) Prevent third-party library from exceeding the permission. Developer enable to open/close permissions of the App have to protect users’ privacy.
In order to prove the practicality of this mechanism, this thesis examines many Real-world APPs obtaining popular APPs in the Google Play store. The results of applying these APPs not only shows that our proposed mechanism successfully enables the developer to dynamically control permission in the runtime but being able to restrict third-party library to access sensitive permission.
關鍵字(中) ★ 權限分離
★ Android系統第三方函式庫
★ 動態控制權限
關鍵字(英)
論文目次
摘要 i
Abstract ii
誌謝 iii
圖目錄 vi
表目錄 vii
第一章 緒論 1
1.1 動機 1
1.2 貢獻 2
1.3 論文架構 3
第二章 背景介紹 5
2.1 Application元件 5
2.2 Android架構 7
2.3 Android模擬器 9
2.4 Third-party library 10
2.5 Normal permission & Dangerous Permission 11
第三章 相關研究 12
第四章 系統設計 14
4.1 設計的重點 14
4.2 系統總覽 15
4.3 Permission Requester module 17
4.4 Dynamic Permissions Flag module 18
4.5 DPC Control Library 19
4.6 Permission Checker module 20
第五章 系統評估 22
5.1 有效性驗證 22
5.2 效能評估 30
第六章 結論 36
參考文獻 37
參考文獻
[1] J. Seo, D. Kim, D. Cho, T. Kim and I. Shin, "FLEXDROID: Enforcing In-App Privilege Separation in Android," Network and Distributed System Security Symposium (NDSS), 2016.
[2] M. C. Grace, W. Zhou, X. Jiang and A.-R. Sadeghi, "Unsafe exposure analysis of mobile in-app advertisements," Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks, 2012.
[3] L. Li, T. F. Bissyandé, J. Klein and Y. Traon, "An Investigation into the Use of Common Libraries in Android Apps," Software Analysis, Evolution, and Reengineering (SANER), IEEE 23rd International Conference on, 2016.
[4] T. Book, A. Pridgen and D. S. Wallach, "Longitudinal Analysis of Android Ad Library," arXiv preprint arXiv:1303.0857, 2013.
[5] "Firm fined for angry birds mobile billing scam," [Online]. Available: http://ipkonfig.com/firm-fined-for-angry-birds-mobile-billing-scam.
[6] "Android Developer Reference, Fundamental Components.," [Online]. Available: https://developer.android.com/guide/components/fundamentals.html.
[7] "ART and Dalvik," [Online]. Available: https://source.android.com/devices/tech/dalvik/.
[8] "Normal and Dangerous Permissions," [Online]. Available: https://developer.android.com/guide/topics/permissions/requesting.html.
[9] "Compare with emulators," [Online]. Available: http://www.androidauthority.com/best-android-emulators-for-pc-655308/.
[10] B. Livshits and J. Jung, "Automatic mediation of privacy-sensitive," The Network and Distributed System Security Symposium (NDSS), 2013.
[11] R. Bhoraskar, S. Han, J. Jeon, T. Azim, S. Chen, J. Jung, S. Nath, R. Wang and D. Wetherall, "Brahmastra: Driving Apps to Test the Security of Third-Party Components," 23rd USENIX Security Symposium, 2014.
[12] J. Crussell, R. Stevens and H. Chen, "MAdFraud: investigating ad fraud in android applications," Proceedings of the 12th annual international conference on Mobile systems, applications, and services, 2014.
[13] J. Huang, Z. Li, X. Xiao, Z. Wu, K. Lu, X. Zhang and G. Jiang, "SUPOR: Precise and Scalable Sensitive User Input," 24th USENIX Security Symposium, 2015.
[14] "Android Open Source Project emulators," [Online]. Available: https://source.android.com/source/building.
[15] "Android Developer Reference, ActivityManager.," [Online]. Available: https://developer.android.com/reference/android/app/ActivityManager.html.
[16] "Google Developers ,AdWords API ,Client Libraries," [Online]. Available: https://developers.google.com/adwords/api/docs/clientlibraries.
[17] W. Meng, R. Ding, S. P. Chung, S. Han and W. Lee, "The Price of Free:Privacy Leakage in Personalized Mobile In-App Ads," The Network and Distributed System Security Symposium, 2016.
[18] "Google Developers ,AdWords help, Targeting your ads," [Online]. Available: https://support.google.com/adwords/answer/1704368?hl=en.
[19] "Android Developer Reference, ContextWrapper.," [Online]. Available: https://developer.android.com/reference/android/content/ContextWrapper.html.
[20] "Android Developer Reference, Activity.," [Online]. Available: https://developer.android.com/reference/android/app/Activity.html.
[21] "Android Open Source Project," [Online]. Available: https://source.android.com/.
[22] "Google Play store," [Online]. Available: https://play.google.com/store?hl=zh_TW.
[23] "AnTuTu-Benchmark," [Online]. Available: http://www.antutu.com/.
[24] "K9 Mail," [Online]. Available: https://k9mail.github.io/.
指導教授 許富皓 審核日期 2017-7-17
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   
網路書籤 Google bookmarks   del.icio.us   hemidemi   myshare   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明