标题:
组件间数据传输安全访问设计Secure Access to Data Transmission for Inter-Component Communication
作者:
余丽芳, 杨天长, 牛少彰
关键字:
安全, 特权提升攻击, 隐私敏感数据, 加密Security, Privilege Escalation Attacks, Privacy of Sensitive Data, Encryption
期刊名称:
《Computer Science and Application》, Vol.6 No.10, 2016-10-26
摘要:
基于Android平台的手机用户量逐年增长,随即而来的安全问题也备受关注。Android安全机制中采用了沙箱机制,签名机制,权限机制等各种方式保证应用程序的安全性,但是也存在一些严重安全问题,比如特权提升攻击。本文提出的方案主要是基于权限的基础上,对传输的数据进行加密处理,如果存在特权提升攻击,但是访问者没有权限访问的情况下,则无法访问到隐私敏感数据。
With the Android platform of mobile phone subscribers increasing, the security problem is be-coming more serious and receives much concern. The security mechanisms, such as sandbox me-chanism, signature mechanism and permission mechanism, are adopted in the Android platform in various ways such as to ensure the security of application, but there are still some serious security issues, such as elevation of privilege attacks. The proposed scheme is to encrypt the transmission data mainly based on the permissions. If there is an elevation of privilege attacks, but the visitors do not have access to the case, then the sensitive data privacy cannot be accessed.