Paper related notes 1

One, Android security mechanism analysis (2012 "Exploration and observation")

Safety design principles for 1.Android

(1) By default, applications running under the Android platform do not have permissions to perform actions that are harmful to other applications or operating systems.

(2) The Android application process is running in a secure "sandbox" environment. It cannot interfere with other applications unless it explicitly declares permissions.

2.Android Data security mechanism

(1) Realization of data integrity. According to the security principles of Android, the data in Android is not corrupted, read, modified, deleted or lost by default (except system authorization).

(2) Realization of data availability. On the basis of ensuring data integrity and confidentiality, Android uses the appropriate authority to ensure that data can be used effectively, which guarantees the availability of data. General procedures to operate the file (or system services), it takes three steps-permission declaration, permission audit and permission confirmation.

3.Android Security Performance Analysis

(1) There are a number of vulnerabilities in the Android kernel.

(2) Android lacks a powerful virus protection or firewall.

(3) Lack of security audit and supervision of Android application software (low entry threshold for third-party app stores).

4. Solution

(1) Set advanced permissions.

You can set advanced permissions through the Androidmanifest.xml file to restrict access to all components of the system or to use the application. Activity permissions restrict the ability to start a component or application that is associated with activity permissions. If the caller does not request permission, a security exception is thrown for the call. Service permissions restrict the startup, the component or application that binds the associated service. If the caller does not request permission, a security exception is thrown for the caller.

(2) host-based intrusion detection system. A knowledge-based time abstraction method that includes an anomaly detection box.

Anomaly detection: Refers to the intrusion detection system framework continuous use of a variety of system parameter indicators, using machine learning and time series reasoning method to analyze the collected data. By collecting system parameter metrics, compare the system parameter indicators that are caused by known malware and detect the same points, and then discover new malware that was not previously encountered.

Knowledge-based Time abstraction method: refers to the combination of time abstract knowledge Base, continuous measurement of data and events, from the time-oriented primitive security data abstraction to derive high-level meaningful concepts and patterns.

(3) SELinux (security-enhanced Linux).

SELinux is a security system for enforcing access control based on the domain-one type model. This is a hybrid security policy whose logic and common interfaces are packaged together in a secure server that is independent of the operating system, and can support two different security policies by replacing the secure server: The target policy and the strict policy. The target policy enforces selinux policies only for some system network services and processes. The strict policy is to perform a global default policy, at which point almost all network services are controlled.

5. Summary

(1) In order to avoid security attacks on Android phones, to develop a good habit of using smart phones, to avoid the leakage of mobile phone information.

(2) When installing the software, carefully review the software permission requirements list. When you do not normally install software, you can turn off root privileges or turn on app Rights Management.

Paper related notes 1