The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
안드로이드는 모바일 기기 분야에서 매우 큰 시장 점유율을 차지하고 있으며, 사용자가 쉽게 사용할 수 있도록 매일 수많은 애플리케이션이 생성되고 있습니다. 그러나 안드로이드 단말기의 개인정보 유출은 기업과 개인에게 심각한 손실을 초래할 수 있습니다. 현재 권한 모델은 개인 정보 유출을 효과적으로 방지할 수 없습니다. 본 논문에서는 상황적 무결성의 개념을 개인정보 보호 영역에 적용하여 개인정보 전파의 관점에서 안드로이드 단말의 개인정보 데이터를 보호하는 방법을 찾는다. 우리는 안드로이드 플랫폼에 적합한 상황적 무결성 계산 모델을 제안하고, 이를 기반으로 개인정보 보호 시스템을 설계합니다. 시스템은 온라인 단계와 오프라인 단계로 구성됩니다. 온라인 단계의 주요 기능은 분포 규범의 가치를 계산하고 개인 정보 보호 결정을 내리는 것인 반면, 오프라인 단계의 주요 기능은 적절성 규범의 가치를 계산할 수 있는 분류 모델을 만드는 것입니다. 6만 건의 권한 요청 기록과 동적 분석을 통해 수집된 2.3만 건의 런타임 상황별 기록을 바탕으로 시스템을 구축하고 타당성을 검증합니다. 실험에 따르면 오프라인 분류기의 정확도는 최대 0.94에 이릅니다. 전체 시스템 타당성에 대한 실험에서는 위치 데이터 요청 70%, 전화 데이터 요청 84%, 저장 요청 46% 등이 상황적 무결성을 위반하는 것으로 나타났습니다.
Fan WU
the Beijing University of Posts and Telecommunications
He LI
the Beijing University of Posts and Telecommunications
Wenhao FAN
the Beijing University of Posts and Telecommunications
Bihua TANG
the Beijing University of Posts and Telecommunications
Yuanan LIU
the Beijing University of Posts and Telecommunications
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
부
Fan WU, He LI, Wenhao FAN, Bihua TANG, Yuanan LIU, "Contextual Integrity Based Android Privacy Data Protection System" in IEICE TRANSACTIONS on Fundamentals,
vol. E103-A, no. 7, pp. 906-916, July 2020, doi: 10.1587/transfun.2019EAP1128.
Abstract: Android occupies a very large market share in the field of mobile devices, and quantities of applications are created everyday allowing users to easily use them. However, privacy leaks on Android terminals may result in serious losses to businesses and individuals. Current permission model cannot effectively prevent privacy data leakage. In this paper, we find a way to protect privacy data on Android terminals from the perspective of privacy information propagation by porting the concept of contextual integrity to the realm of privacy protection. We propose a computational model of contextual integrity suiting for Android platform and design a privacy protection system based on the model. The system consists of an online phase and offline phase; the main function of online phase is to computing the value of distribution norm and making privacy decisions, while the main function of offline phase is to create a classification model that can calculate the value of the appropriateness norm. Based on the 6 million permission requests records along with 2.3 million runtime contextual records collected by dynamic analysis, we build the system and verify its feasibility. Experiment shows that the accuracy of offline classifier reaches up to 0.94. The experiment of the overall system feasibility illustrates that 70% location data requests, 84% phone data requests and 46% storage requests etc., violate the contextual integrity.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.2019EAP1128/_p
부
@ARTICLE{e103-a_7_906,
author={Fan WU, He LI, Wenhao FAN, Bihua TANG, Yuanan LIU, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Contextual Integrity Based Android Privacy Data Protection System},
year={2020},
volume={E103-A},
number={7},
pages={906-916},
abstract={Android occupies a very large market share in the field of mobile devices, and quantities of applications are created everyday allowing users to easily use them. However, privacy leaks on Android terminals may result in serious losses to businesses and individuals. Current permission model cannot effectively prevent privacy data leakage. In this paper, we find a way to protect privacy data on Android terminals from the perspective of privacy information propagation by porting the concept of contextual integrity to the realm of privacy protection. We propose a computational model of contextual integrity suiting for Android platform and design a privacy protection system based on the model. The system consists of an online phase and offline phase; the main function of online phase is to computing the value of distribution norm and making privacy decisions, while the main function of offline phase is to create a classification model that can calculate the value of the appropriateness norm. Based on the 6 million permission requests records along with 2.3 million runtime contextual records collected by dynamic analysis, we build the system and verify its feasibility. Experiment shows that the accuracy of offline classifier reaches up to 0.94. The experiment of the overall system feasibility illustrates that 70% location data requests, 84% phone data requests and 46% storage requests etc., violate the contextual integrity.},
keywords={},
doi={10.1587/transfun.2019EAP1128},
ISSN={1745-1337},
month={July},}
부
TY - JOUR
TI - Contextual Integrity Based Android Privacy Data Protection System
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 906
EP - 916
AU - Fan WU
AU - He LI
AU - Wenhao FAN
AU - Bihua TANG
AU - Yuanan LIU
PY - 2020
DO - 10.1587/transfun.2019EAP1128
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E103-A
IS - 7
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - July 2020
AB - Android occupies a very large market share in the field of mobile devices, and quantities of applications are created everyday allowing users to easily use them. However, privacy leaks on Android terminals may result in serious losses to businesses and individuals. Current permission model cannot effectively prevent privacy data leakage. In this paper, we find a way to protect privacy data on Android terminals from the perspective of privacy information propagation by porting the concept of contextual integrity to the realm of privacy protection. We propose a computational model of contextual integrity suiting for Android platform and design a privacy protection system based on the model. The system consists of an online phase and offline phase; the main function of online phase is to computing the value of distribution norm and making privacy decisions, while the main function of offline phase is to create a classification model that can calculate the value of the appropriateness norm. Based on the 6 million permission requests records along with 2.3 million runtime contextual records collected by dynamic analysis, we build the system and verify its feasibility. Experiment shows that the accuracy of offline classifier reaches up to 0.94. The experiment of the overall system feasibility illustrates that 70% location data requests, 84% phone data requests and 46% storage requests etc., violate the contextual integrity.
ER -