The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
O Android ocupa uma grande participação de mercado na área de dispositivos móveis, e uma grande quantidade de aplicativos são criados todos os dias, permitindo que os usuários os utilizem facilmente. No entanto, as fugas de privacidade nos terminais Android podem resultar em graves perdas para empresas e indivíduos. O modelo de permissão atual não consegue prevenir eficazmente o vazamento de dados de privacidade. Neste artigo, encontramos uma maneira de proteger os dados de privacidade em terminais Android do ponto de vista da propagação de informações de privacidade, transferindo o conceito de integridade contextual para o domínio da proteção da privacidade. Propomos um modelo computacional de integridade contextual adequado para a plataforma Android e projetamos um sistema de proteção de privacidade baseado no modelo. O sistema consiste em uma fase online e uma fase offline; a principal função da fase online é calcular o valor da norma de distribuição e tomar decisões de privacidade, enquanto a principal função da fase offline é criar um modelo de classificação que possa calcular o valor da norma de adequação. Com base nos 6 milhões de registros de solicitações de permissão, juntamente com 2.3 milhões de registros contextuais de tempo de execução coletados por análise dinâmica, construímos o sistema e verificamos sua viabilidade. A experiência mostra que a precisão do classificador offline chega a 0.94. O experimento de viabilidade geral do sistema ilustra que 70% das solicitações de dados de localização, 84% das solicitações de dados telefônicos e 46% das solicitações de armazenamento, etc., violam a integridade contextual.
Fan WU
the Beijing University of Posts and Telecommunications
He LI
the Beijing University of Posts and Telecommunications
Wenhao FAN
the Beijing University of Posts and Telecommunications
Bihua TANG
the Beijing University of Posts and Telecommunications
Yuanan LIU
the Beijing University of Posts and Telecommunications
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Fan WU, He LI, Wenhao FAN, Bihua TANG, Yuanan LIU, "Contextual Integrity Based Android Privacy Data Protection System" in IEICE TRANSACTIONS on Fundamentals,
vol. E103-A, no. 7, pp. 906-916, July 2020, doi: 10.1587/transfun.2019EAP1128.
Abstract: Android occupies a very large market share in the field of mobile devices, and quantities of applications are created everyday allowing users to easily use them. However, privacy leaks on Android terminals may result in serious losses to businesses and individuals. Current permission model cannot effectively prevent privacy data leakage. In this paper, we find a way to protect privacy data on Android terminals from the perspective of privacy information propagation by porting the concept of contextual integrity to the realm of privacy protection. We propose a computational model of contextual integrity suiting for Android platform and design a privacy protection system based on the model. The system consists of an online phase and offline phase; the main function of online phase is to computing the value of distribution norm and making privacy decisions, while the main function of offline phase is to create a classification model that can calculate the value of the appropriateness norm. Based on the 6 million permission requests records along with 2.3 million runtime contextual records collected by dynamic analysis, we build the system and verify its feasibility. Experiment shows that the accuracy of offline classifier reaches up to 0.94. The experiment of the overall system feasibility illustrates that 70% location data requests, 84% phone data requests and 46% storage requests etc., violate the contextual integrity.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.2019EAP1128/_p
Copiar
@ARTICLE{e103-a_7_906,
author={Fan WU, He LI, Wenhao FAN, Bihua TANG, Yuanan LIU, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Contextual Integrity Based Android Privacy Data Protection System},
year={2020},
volume={E103-A},
number={7},
pages={906-916},
abstract={Android occupies a very large market share in the field of mobile devices, and quantities of applications are created everyday allowing users to easily use them. However, privacy leaks on Android terminals may result in serious losses to businesses and individuals. Current permission model cannot effectively prevent privacy data leakage. In this paper, we find a way to protect privacy data on Android terminals from the perspective of privacy information propagation by porting the concept of contextual integrity to the realm of privacy protection. We propose a computational model of contextual integrity suiting for Android platform and design a privacy protection system based on the model. The system consists of an online phase and offline phase; the main function of online phase is to computing the value of distribution norm and making privacy decisions, while the main function of offline phase is to create a classification model that can calculate the value of the appropriateness norm. Based on the 6 million permission requests records along with 2.3 million runtime contextual records collected by dynamic analysis, we build the system and verify its feasibility. Experiment shows that the accuracy of offline classifier reaches up to 0.94. The experiment of the overall system feasibility illustrates that 70% location data requests, 84% phone data requests and 46% storage requests etc., violate the contextual integrity.},
keywords={},
doi={10.1587/transfun.2019EAP1128},
ISSN={1745-1337},
month={July},}
Copiar
TY - JOUR
TI - Contextual Integrity Based Android Privacy Data Protection System
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 906
EP - 916
AU - Fan WU
AU - He LI
AU - Wenhao FAN
AU - Bihua TANG
AU - Yuanan LIU
PY - 2020
DO - 10.1587/transfun.2019EAP1128
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E103-A
IS - 7
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - July 2020
AB - Android occupies a very large market share in the field of mobile devices, and quantities of applications are created everyday allowing users to easily use them. However, privacy leaks on Android terminals may result in serious losses to businesses and individuals. Current permission model cannot effectively prevent privacy data leakage. In this paper, we find a way to protect privacy data on Android terminals from the perspective of privacy information propagation by porting the concept of contextual integrity to the realm of privacy protection. We propose a computational model of contextual integrity suiting for Android platform and design a privacy protection system based on the model. The system consists of an online phase and offline phase; the main function of online phase is to computing the value of distribution norm and making privacy decisions, while the main function of offline phase is to create a classification model that can calculate the value of the appropriateness norm. Based on the 6 million permission requests records along with 2.3 million runtime contextual records collected by dynamic analysis, we build the system and verify its feasibility. Experiment shows that the accuracy of offline classifier reaches up to 0.94. The experiment of the overall system feasibility illustrates that 70% location data requests, 84% phone data requests and 46% storage requests etc., violate the contextual integrity.
ER -