• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

J4 ›› 2014, Vol. 36 ›› Issue (11): 2074-2086.

• 论文 • 上一篇    下一篇

Android应用程序权限自动裁剪系统

白小龙   

  1. (清华大学计算机系,北京 100084)
  • 收稿日期:2014-06-11 修回日期:2014-08-16 出版日期:2014-11-25 发布日期:2014-11-25
  • 基金资助:

    国家863高技术研究发展计划资助项目(2011AA01A203)

A system for automatically tailoring
Android applications’permissions

BAI Xiaolong   

  1. (Department of Computer Science and Technology,Tsinghua University,Beijing 100084,China)
  • Received:2014-06-11 Revised:2014-08-16 Online:2014-11-25 Published:2014-11-25

摘要:

Android系统使用权限机制对应用程序进行控制,即应用程序需要使用哪些系统资源就必须提前声明相应的权限。为了确保安全性和可靠性,应用程序声明权限时应该满足最小特权原则,即只声明其所需要使用到的最少权限,但现实中有很多应用存在权限过度声明的现象,给用户带来安全隐患。提出了一种Android应用程序权限自动裁剪系统PTailor,通过对Android应用程序安装文件(APK文件)进行分析和修改,使其满足最小特权原则。PTailor首先从APK文件中提取程序所调用的所有系统API,并在预先生成的API权限映射表中查找该API所对应的系统权限,从而得到应用程序实际使用到的最少权限列表。然后根据该权限列表对程序的权限声明文件进行修改,裁剪掉已声明但未使用的权限。最后将裁剪过的权限声明文件与程序的其他部分重新合并成新的APK文件,新的APK文件中除了所声明权限满足最小特权原则外,其结构和语义都没有发生改变。使用PTailor对现实中的1 246个Android应用进行权限裁剪实验,实验结果表明,PTailor能够在很短的时间内完成权限分析和裁剪,而且大多数被裁剪的程序都能够正确运行。

关键词: Android应用程序, 最小特权原则, 权限过度声明, 权限自动裁剪

Abstract:

Android uses the permission system to control application access.In the permission system,applications have to declare relevant permissions before they access some system resources.To be secure and trusted,applications should follow the principle of least privilege.However,in reality,many applications do not follow this principle,which may bring security threats.To solve this problem, we design and implement a novel system for automatically tailoring Android applications’permissions,called PTailor. PTailor analyzes and modifies the Android application installation file (APK file) so as to make it follow the principle of least privilege.Firstly,PTailor extracts the system API calls from the APK file and gets the API’s corresponding required permissions from a predefined APItopermissions map.In this way,PTailor can get the shortest permission list that this application really requires.PTailor uses this permission list to match the application’s permission declaration file and removes those unused permissions.At last,the modified permission declaration file and the original code file are zipped to a new APK file that follows the principle of least privilege without changing its structure and semantics.PTailor is used to process 1246 Android applications in order to evaluate its performance.The experimental results show that APK files can be processed in a short time and PTailor has little influence on most tailored applications.

Key words: Android application;the principle of least privilege;overprivileged;automatically tailor permissions