题名

適用於Android應用程式的隱私風險評估機制

作者

葉國暉(Kuo-Hui Yeh);郭仁宗(Ren-Zong Kuo);廖皓翔(Hao-Xiang Liao);楊芳捷(Fang-Jie Yang);林秉賢(Ping-Hsien Lin);林子鈞(Tzu-Chun Lin)

关键词

Android應用程式 ; 安全 ; 隱私 ; 風險評估

期刊名称

資訊安全通訊

卷期/出版年月

21卷2期(2015 / 04 / 01)

页次

67 - 78

内容语文

繁體中文
中文摘要

近來,Android系統上的行動應用服務逐漸普及在人們的日常生活之中,然而,在這些行動服務帶來便利性的同時,越來越多的個人敏感性資料皆被有意且無意地儲存在Android系統之中,如此將使得駭客有較高的機會來拼湊出個人(或組織)的隱私。鑑於此,本研究將針對Android系統上的隱私管理進行探討與研究,文中主要提出了一套適用於Android系統上的應用程式隱私分析框架,稱為AppLeak,用以對Android應用程式進行資訊損失評估、隱私洩漏檢測和隱私風險評估。於實作面,AppLeak系統採用使用者感知和客觀攻擊意識等新興觀點,用以針對Android系統上的Facebook與LINE兩套行動軟體進行隱私分析,作為本研究框架之可行性測試。
主题分类 基礎與應用科學 > 資訊科學
参考文献
  1. Naver corporation, http://www.navercorp.com/en/index.nhn
  2. Facebook Corporation, https://www.facebook.com/facebook
  3. Bi, C.(2009).Research and Application of SQLite Embedded Database Technology.WSEAS Transactions on Computers,8(1),539-543.
  4. Biswas, D.,Aad, I.,Perrucci, G. P.(2013).Privacy Panel: Usable and Quantifiable Mobile Privacy.Proc. of the 8th International Conference on Availability, Reliability and Security
  5. Chen, D.,Han, X.,Wang, W.(2010).Use of SQLite on Embedded System.Proc. of the 2010 International Conference on Intelligent Computing and Cognitive Informatics
  6. Enck, W.,Gilbert, P.,Chun, B. G.,Cox, L. P.,Jung, J.,McDaniel, P.,Sheth, A. N.(2010).TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones.Proc. of the 9th USENIX conference on Operating systems design and implementation
  7. Frank, M.,Dong, B.,Porter-Felt, A.,Song, D.(2012).Mining Permission Request Patterns from Android and Facebook Applications.Proc. of the 2012 IEEE International Conference on Data Mining
  8. Gibler, C.,Crussell, J.,Erickson, J.,Chen, H.(2012).AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale.Proc. of the 5th international conference on Trust and Trustworthy Computing
  9. Grace, M.,Zhou, Y.,Zhang, Q.,Zou, S.,Jiang, X.(2012).RiskRanker: scalable and accurate zero-day android malware detection.Proc. of the 10th international conference on Mobile systems, applications, and services
  10. Kuzuno, H.,Tonami., S.(2013).Signature Generation for Sensitive Information Leakage in Android Applications.Proc. of the 29th IEEE International Conference on Data Engineering Workshops
  11. Landman, M.(2010).Managing Smart Phone Security Risks.Proc. of the 2010 Information Security Curriculum Development Conference
  12. Lv, J.,Xu, S.,Li, Y.(2009).Application Research of Embedded Database SQLite.Proc.of the 2009 International Forum on Information Technology and Applications
  13. Manning, C. D.,Raghavan, Pr.,Schtze, H.(2008).Introduction to information retrieval.NY, USA:Cambridge University Press.
  14. Mutawa, N. A.,Baggili, I.,Marrington, A.(2012).Forensic analysis of social networking applications on mobile devices.Proc. of the 12th Annual Digital Forensics Research Conference
  15. Portokalidis, G.,Homburg, P.,Anagnostakis, K.,Bos, H.(2010).Paranoid Android:versatile protection for smartphones.Proc. of the 26th Annual Computer Security Applications Conference
  16. Rosen, S.,Qian, Z.,Mao, Z. M.(2013).AppProfiler: a flexible method of exposing privacy-related behavior in android applications to end users.Proc. of the 3rd ACM conference on Data and application security and privacy
  17. Samarati, P.(2001).Protecting respondents' identities in microdata release.IEEE Transactions on Knowledge and Data Engineering,13(6),1010-1027.
  18. Samarati, P.,Sweeney, L.(1998).Generalizing data to provide anonymity when disclosing information.Proc. of the 7th ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
  19. Sweeney, L.(2002).Achieving k-anonymity privacy protection using generalization and suppression.International Journal of Uncertainty, Fuzziness, and Knowledge-Base Systems,10(5),571-588.
  20. Ulltveit-Moe, N,Gjøsæter, T,Assev, S. M.,Køien, G. M.,Oleshchuk, V.(2013).Privacy Handling for Critical Information Infrastructures.Proc. of the IEEE International Conference on Industrial Informatics
  21. Whang, S. E.,Garcia-Molina, H.(2012).A model for quantifying information leakage.Lecture Notes in Computer Science,7482,25-44.
  22. Yang, Z.,Yang, M.,Zhang, Y.,Gu, G.,Ning, P.,Wang, X. S.(2013).AppIntent: analyzing sensitive data transmission in android for privacy leakage detection.Proc. of the 2013 ACM SIGSAC conference on Computer & communications security
  23. Zheng, C.,Zhu, S.,Dai, S.,Gu, G.,Gong, X.,Han, X.,Zou, W.(2012).SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications.Proc. Of the 2nd ACM workshop on Security and privacy in smartphones and mobile devices
print cancel