The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Android occupe une part de marché très importante dans le domaine des appareils mobiles, et de nombreuses applications sont créées chaque jour permettant aux utilisateurs de les utiliser facilement. Cependant, les fuites de confidentialité sur les terminaux Android peuvent entraîner de graves pertes pour les entreprises et les particuliers. Le modèle d’autorisation actuel ne peut pas empêcher efficacement les fuites de données confidentielles. Dans cet article, nous trouvons un moyen de protéger les données confidentielles sur les terminaux Android du point de vue de la propagation des informations confidentielles en transférant le concept d'intégrité contextuelle au domaine de la protection de la vie privée. Nous proposons un modèle informatique d'intégrité contextuelle adapté à la plateforme Android et concevons un système de protection de la vie privée basé sur ce modèle. Le système se compose d'une phase en ligne et d'une phase hors ligne ; la fonction principale de la phase en ligne est de calculer la valeur de la norme de distribution et de prendre des décisions en matière de confidentialité, tandis que la fonction principale de la phase hors ligne est de créer un modèle de classification capable de calculer la valeur de la norme de pertinence. Sur la base des 6 millions d'enregistrements de demandes d'autorisation ainsi que de 2.3 millions d'enregistrements contextuels d'exécution collectés par analyse dynamique, nous construisons le système et vérifions sa faisabilité. L'expérience montre que la précision du classificateur hors ligne atteint jusqu'à 0.94. L'expérimentation de la faisabilité globale du système montre que 70 % des demandes de données de localisation, 84 % des demandes de données téléphoniques et 46 % des demandes de stockage, etc., violent l'intégrité contextuelle.
Fan WU
the Beijing University of Posts and Telecommunications
He LI
the Beijing University of Posts and Telecommunications
Wenhao FAN
the Beijing University of Posts and Telecommunications
Bihua TANG
the Beijing University of Posts and Telecommunications
Yuanan LIU
the Beijing University of Posts and Telecommunications
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
Fan WU, He LI, Wenhao FAN, Bihua TANG, Yuanan LIU, "Contextual Integrity Based Android Privacy Data Protection System" in IEICE TRANSACTIONS on Fundamentals,
vol. E103-A, no. 7, pp. 906-916, July 2020, doi: 10.1587/transfun.2019EAP1128.
Abstract: Android occupies a very large market share in the field of mobile devices, and quantities of applications are created everyday allowing users to easily use them. However, privacy leaks on Android terminals may result in serious losses to businesses and individuals. Current permission model cannot effectively prevent privacy data leakage. In this paper, we find a way to protect privacy data on Android terminals from the perspective of privacy information propagation by porting the concept of contextual integrity to the realm of privacy protection. We propose a computational model of contextual integrity suiting for Android platform and design a privacy protection system based on the model. The system consists of an online phase and offline phase; the main function of online phase is to computing the value of distribution norm and making privacy decisions, while the main function of offline phase is to create a classification model that can calculate the value of the appropriateness norm. Based on the 6 million permission requests records along with 2.3 million runtime contextual records collected by dynamic analysis, we build the system and verify its feasibility. Experiment shows that the accuracy of offline classifier reaches up to 0.94. The experiment of the overall system feasibility illustrates that 70% location data requests, 84% phone data requests and 46% storage requests etc., violate the contextual integrity.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.2019EAP1128/_p
Copier
@ARTICLE{e103-a_7_906,
author={Fan WU, He LI, Wenhao FAN, Bihua TANG, Yuanan LIU, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Contextual Integrity Based Android Privacy Data Protection System},
year={2020},
volume={E103-A},
number={7},
pages={906-916},
abstract={Android occupies a very large market share in the field of mobile devices, and quantities of applications are created everyday allowing users to easily use them. However, privacy leaks on Android terminals may result in serious losses to businesses and individuals. Current permission model cannot effectively prevent privacy data leakage. In this paper, we find a way to protect privacy data on Android terminals from the perspective of privacy information propagation by porting the concept of contextual integrity to the realm of privacy protection. We propose a computational model of contextual integrity suiting for Android platform and design a privacy protection system based on the model. The system consists of an online phase and offline phase; the main function of online phase is to computing the value of distribution norm and making privacy decisions, while the main function of offline phase is to create a classification model that can calculate the value of the appropriateness norm. Based on the 6 million permission requests records along with 2.3 million runtime contextual records collected by dynamic analysis, we build the system and verify its feasibility. Experiment shows that the accuracy of offline classifier reaches up to 0.94. The experiment of the overall system feasibility illustrates that 70% location data requests, 84% phone data requests and 46% storage requests etc., violate the contextual integrity.},
keywords={},
doi={10.1587/transfun.2019EAP1128},
ISSN={1745-1337},
month={July},}
Copier
TY - JOUR
TI - Contextual Integrity Based Android Privacy Data Protection System
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 906
EP - 916
AU - Fan WU
AU - He LI
AU - Wenhao FAN
AU - Bihua TANG
AU - Yuanan LIU
PY - 2020
DO - 10.1587/transfun.2019EAP1128
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E103-A
IS - 7
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - July 2020
AB - Android occupies a very large market share in the field of mobile devices, and quantities of applications are created everyday allowing users to easily use them. However, privacy leaks on Android terminals may result in serious losses to businesses and individuals. Current permission model cannot effectively prevent privacy data leakage. In this paper, we find a way to protect privacy data on Android terminals from the perspective of privacy information propagation by porting the concept of contextual integrity to the realm of privacy protection. We propose a computational model of contextual integrity suiting for Android platform and design a privacy protection system based on the model. The system consists of an online phase and offline phase; the main function of online phase is to computing the value of distribution norm and making privacy decisions, while the main function of offline phase is to create a classification model that can calculate the value of the appropriateness norm. Based on the 6 million permission requests records along with 2.3 million runtime contextual records collected by dynamic analysis, we build the system and verify its feasibility. Experiment shows that the accuracy of offline classifier reaches up to 0.94. The experiment of the overall system feasibility illustrates that 70% location data requests, 84% phone data requests and 46% storage requests etc., violate the contextual integrity.
ER -