Android authority management method and system based on calling chain

Abstract

The invention relates to an android authority management method and an android authority management system based on a calling chain. The system comprises a calling chain construction module, a strategy making module, a strategy judging module and a strategy executing module. The method comprises the following steps that 1) an application component requests for resources of a terminal system, a system application program interface (API) component is called for resource accessing, an application component calling chain is constructed, the property of the application component calling chain is set, and a system resource access strategy is made; 2) when the system API component is called, the calling chain to which the application component belongs is positioned, and strategy judgment and strategy execution are performed according to the property of the calling chain; and 3) if the property of the calling chain meets the strategy, the application component is permitted to call the system API component to successfully access the system resources, or otherwise, the application component is refused to access the system resources. According to the calling chain construction method, redundancy caused by the construction of calling chain for each component is avoided, and the system burden is reduced; the text environment of the calling chain and the authority requirement of all components of the calling chain are considered through the diversification of strategy elements; and therefore, the authority lifting attack is avoided.

Description

technical field [0001] The invention belongs to the field of mobile terminal security, and mainly relates to the authority management of the Android platform, and more precisely relates to a method for managing Android authority based on an application component call chain, and an Android authority management system based on the call chain. Background technique [0002] The rapid development of the mobile Internet has enabled the rapid penetration of smart mobile terminals in the market, showing a blowout growth. Among them, the market growth of smart mobile phones is particularly significant, and the penetration rate is rising rapidly. According to the survey data of the Internet Data Center, among several major mobile smart platforms, Android is in a leading position in terms of terminal shipments and market share. In the third quarter of 2012, Android accounted for 75% of the global market share. . According to the monitoring report released by Analysys Think Tank Indus...

AI Technical Summary

Problems solved by technology

This method can avoid privilege escalation attacks by applications that do not have permissions, but it also causes many applications to lose their original permissions, which affects their normal operation.

Dietz et al. of Rice University published a research report titled "QUIRE: Lightweight Provenance for Smart Phone Operating Systems" on Proceedings of the 20th Usenix Security Symposium, 2011. The QUIRE system is proposed to avoid this attack by building a call chain , but the QUIRE system establishes a call

Images