• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>IEEE transactions on dependable and secure computing >senDroid: Auditing Sensor Access in Android System-Wide
【24h】

senDroid: Auditing Sensor Access in Android System-Wide

机译:Constroid:在Android系统中审核传感器访问

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Sensors are widely used in modern mobile devices (e.g., smartphones, watches) and may gather abundant information from environments as well as about users, e.g., photos, sounds and locations. The rich set of sensor data enables various applications (e.g., health monitoring) and personalized apps as well. However, the powerful sensing abilities provide opportunities for attackers to steal both personal sensitive data and commercial secrets like never before. Unfortunately, the current design of smart devices only provides a coarse access control on sensors and does not have the capability to audit sensing. We argue that knowing how often the sensors are accessed and how much sensor data are collected is the first-line defense against sensor data breach. Such an ability is yet to be designed. In this paper, we propose a framework that allows users to acquire sensor data usages. In particular, we leverage a hook-based track method to track sensor accesses. Thus, with no need to change the source codes of the Android system and applications, we can intercept sensing operations to graphic sensors, audio sensors, location sensors, and standard sensors, and audit them from four aspects: flow audit, frequency audit, duration audit and invoker audit. Then, we implement a prototype, referred to as senDroid, which visually shows the quantitative usages of these sensors in real time at a performance overhead of [0.04-8.05] percent. senDroid allows Android users to audit the applications even when they bypass the Android framework via JNI invocations or when the malicious codes are dynamically loaded from the server side. Our empirical study on 1,489 popular apps in three well-known Android app markets shows that 26.32 percent apps access sensors when the apps are launched, and 11.01 percent apps access sensors while the apps run in the background. Furthermore, we analyze the relevance between sensor usage patterns and third-party libraries, and reverse-engineering on suspicious third-party libraries shows that 77.27 percent apps access sensors via third-party libraries. Our results call attentions to address the users' privacy concerns caused by sensor access.
机译:传感器广泛用于现代移动设备(例如,智能手机,手表),并可从环境中收集丰富的信息以及关于用户,例如照片,声音和位置。丰富的传感器数据以及各种应用程序(例如,健康监控)和个性化应用。然而,强大的传感能力为攻击者窃取个人敏感数据和以前的商业秘密提供了机会。遗憾的是,智能设备的当前设计仅在传感器上提供粗略的访问控制,并且没有能够审核感测。我们认为,了解传感器访问的频率以及收集的传感器数据是多少,是对传感器数据漏洞的一线防御。这种能力尚未设计。在本文中,我们提出了一个框架,允许用户获取传感器数据使用。特别是,我们利用基于钩的轨道方法跟踪传感器访问。因此,无需更改Android系统和应用程序的源代码,我们可以将传感操作拦截到图形传感器,音频传感器,位置传感器和标准传感器,以及从四个方面审核它们:流量审计,频率审计,持续时间审计和调用审计。然后,我们实施原型,称为Consenroid,其直观地显示了在[0.04-8.05]百分比的性能开销的实时数量的定量用途。 ConstroID允许Android用户允许通过JNI调用绕过Android框架或者当恶意代码从服务器端进行动态加载时审核应用程序。我们对三个着名的Android App Markets中的1,489个流行应用的实证研究表明,在Apps启动时,26.32%的应用访问传感器,11.01%的应用程序访问传感器,而应用程序在后台运行。此外,我们分析了传感器使用模式和第三方库之间的相关性,并且可疑第三方库的逆向工程显示,77.27%的应用访问传感器通过第三方库。我们的结果呼叫注意解决了传感器访问引起的用户隐私问题。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号