Á¤º¸°úÇÐȸ ³í¹®Áö A : ½Ã½ºÅÛ ¹× ÀÌ·Ð
| ÇѱÛÁ¦¸ñ(Korean Title) |
¾Èµå·ÎÀ̵忡¼ °³ÀÎÁ¤º¸ À¯ÃâÀ» ¹æÁöÇϱâ À§ÇÑ Á¢±ÙÁ¦¾î ¹× µð·ºÅ丮¸í »ç»ó ±â¹ý |
| ¿µ¹®Á¦¸ñ(English Title) |
Access Control and Directory Name Mapping Mechanisms to Prevent Personal Information Leakage on Android |
| ÀúÀÚ(Author) |
Á¤À±½Ä
¹Ú¿µ¿õ
Á¶¼ºÁ¦
Youn-Sik Jeong
Yeong-Ung Park
Seong-Je Cho
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 39 NO. 06 PP. 0366 ~ 0372 (2012. 12) |
Çѱ۳»¿ë
(Korean Abstract) |
½º¸¶Æ®Æù¿¡ ÁÖ¼Ò·ÏÀ̳ª ÀÎÁõ¼ µîÀÇ ´Ù¾çÇÑ °³ÀÎÁ¤º¸°¡ ÀúÀåµÇ¸é¼, °³ÀÎÁ¤º¸¸¦ ¼öÁýÇÏ¿© À¯Ãâ½ÃÅ°´Â ¾Ç¼º ¾Ûµéµµ Áõ°¡ÇÏ°í ÀÖ´Ù. ÀÌ¿¡ °³ÀÎÁ¤º¸ À¯ÃâÀ» ¹æÁöÇÏ´Â ¿¬±¸°¡ ÁøÇàµÇ¾î ¿ÔÀ¸³ª, À̸¦ ¿ìȸÇÏ´Â ¾Ç¼º ¾Ûµµ Áö¼ÓÀûÀ¸·Î ÃâÇöÇÏ°í ÀÖ´Ù. º» ³í¹®¿¡¼´Â ¾Èµå·ÎÀÌµå ½º¸¶Æ®Æù¿¡¼ °³ÀÎÁ¤º¸ À¯ÃâÀ» ¹æÁöÇϱâ À§ÇÑ Á¢±ÙÁ¦¾î ±â¹ý°ú µð·ºÅ丮¸í »ç»ó ±â¹ýÀ» Á¦¾ÈÇÑ´Ù. Á¢±ÙÁ¦¾î ±â¹ý¿¡¼´Â ¹Î°¨ÇÑ ÆÄÀÏÀ» Á¢±ÙÇÏ·Á´Â ÇÁ·Î±×·¥ÀÇ UID ¹× ½ÇÇà ÇÁ·Î±×·¥ À̸§À» µ¿½Ã¿¡ È®ÀÎÇÏ¿© Á¢±ÙÀ» Çã°¡ÇÑ´Ù. µð·ºÅ丮¸í »ç»ó ±â¹ý¿¡¼´Â, ½Ã½ºÅÛ ºÎÆà ÈÄ¿¡ °³ÀÎÁ¤º¸¸¦ Æ÷ÇÔÇÏ´Â µð·ºÅ丮¸íÀ» µ¿ÀûÀ¸·Î º¯È¯ÇÏ°í º¯È¯ ³»¿ªÀ» »ç»ó Å×À̺í·Î °ü¸®ÇÑ´Ù. ÇØ´ç µð·ºÅ丮¿¡ Á¢±ÙÇÏ·Á´Â ÇÁ·Î±×·¥ÀÌ Àû¹ýÇÑ °æ¿ì¿¡¸¸ º¯È¯µÈ À̸§À¸·Î Á¢±ÙÀ» Çã°¡ÇÑ´Ù. Á¦¾ÈÇÑ ¹æ¹ýÀ» ÀûÀç°¡´ÉÇÑ Ä¿³Î ¸ðµâ(LKM)À¸·Î ±¸ÇöÇÏ°í ½ÇÇèÀ» ÅëÇØ À¯È¿¼ºÀ» °ËÁõÇÏ¿´´Ù. ¶ÇÇÑ ¼º´ÉÆò°¡¸¦ ÅëÇØ Á¦¾È ±â¹ýÀÇ ¿À¹öÇìµå°¡ 0.5ÃÊ À̳»·Î ¹Ì¾àÇÔÀ» º¸¿´´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
As smartphones store and process a lot of personal information such as an address book and authentication certificate, malicious smartphone applications come out to intentionally collect and leak the personal information. Recent studies have tried to protect the private information, however new malicious applications to evade the existing solutions continuously appear. In this paper, we propose access control and directory name mapping mechanisms to protect the personal information against malicious applications on Android smartphones. The access control mechanism permits an application to access a sensitive data file only if the application has an appropriate UID and its name is same as that of the application corresponding to the UID. The directory name mapping mechanism first dynamically changes each directory path with personal information into a puzzled path using a hash function after system booting, and then keeps the relation between the original directory path and the changed one in a mapping table for directory traversal. When an application tries to access a directory with personal information, the mechanism allows the application to access it via a changed path only if the application is authorized. We implement our mechanisms as loadable kernel modules (LKMs) and evaluate them in Android. Our experiments demonstrate their effectiveness and practicality. Furthermore, the performance evaluation shows that our mechanisms introduce a low performance overhead within 0.5 sec.
|
| Å°¿öµå(Keyword) |
¾Èµå·ÎÀ̵å
°³ÀÎÁ¤º¸
Á¢±ÙÁ¦¾î
µð·ºÅ丮¸í º¯È¯
»ç»ó Å×À̺í
ÀûÀç°¡´É ÇÑ Ä¿³Î ¸ðµâ
Android
Personal Information
Access Control
Directory Name Translation
Mapping Table
Loadable Kernel Module (LKM)
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
