面向移动终端隐私保护的访问控制研究

doi:10.3969/j.issn.1671-1122.2019.08.008

摘要/Abstract

摘要：

随着计算机技术的深入发展,各种物联网应用在人们生活中日益普及,然而面临的隐私和安全问题也日益突出,移动终端过度索权和过度收集数据是目前物联网环境下的严重隐患。为此,文章提出一种面向移动终端隐私保护的访问控制模型,通过将用户所有敏感数据存储在云端,由云端提供加解密和访问控制服务,进而保证敏感数据合理、受控地被使用。针对当前访问控制的不足,文章在XACML的基础上引入安全风险和操作需求评估进行扩展,提高访问控制的灵活性和适应性。仿真实验结果表明,文章方法能够准确、动态地实行访问控制,极大提高移动终端的安全性,并能有效减少移动终端的存储空间和电池电量开销。

关键词: 物联网, 移动终端, XACML, 风险访问控制, 操作需求

Abstract:

With the in-depth development of computer technology, various Internet of Things applications are becoming more popular in people's lives. However, the privacy and security issues are becoming more prominent. One of the serious hidden issues is that the permissions over-request and the data over-collection in mobile terminals in the current Internet of Things environment. To address the above problems, this paper proposes an access control model for privacy protection of mobile terminals. By storing all sensitive data in the cloud, the cloud provides the encryption, decryption and access control services to ensure that the sensitive data is used reasonably and in controlled. In view of the disadvantages of current access control, this paper introduces security risk and operational needs assessment based on XACML (eXtendable Access Control Markup Language) to improve the flexibility and adaptability of access control. The simulation results show that the proposed method can implement access control accurately and dynamically, greatly improve the security of mobile terminals, and can effectively reduce the storage space and battery power consumption of mobile terminals.

Key words: Internet of Things, smartphone, XACML, risk access control, operational need

中图分类号:

TP309

叶阿勇, 金俊林, 孟玲玉, 赵子文. 面向移动终端隐私保护的访问控制研究[J]. 信息网络安全, 2019, 19(8): 51-60.

A-yong YE, Junlin JIN, Lingyu MENG, Ziwen ZHAO. Research on Access Control for Privacy Protection of Mobile Terminals[J]. Netinfo Security, 2019, 19(8): 51-60.

图/表 13

图1

图2

图3

图4

表1

表2

图5

表3

图6

表4

表5

图7

图8

参考文献 20

[1]	FELT A P, CHIN E, HANNA S, et al.Android Permissions Demystified[C]//ACM. ACM Conference on Computer & Communications Security, October 17-21, 2011, Chicago, USA. New York: ACM, 2011: 627-638.
[2]	ENCK W, ONGTANG M, MCDANIEL P.On Lightweight Mobile Phone Application Certification[C]//ACM. The 16th ACM Conference on Computer and Communications Security, November 9-13, 2009, Chicago, Illinois, USA. New York: ACM, 2009: 235.
[3]	CHUN B G.TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones.[J]. Acm Transactions on Computer Systems, 2014, 32(2): 1-29.
[4]	YOUNGROK C, WOOGUIL P, HUANG C H.Protecting Contacts against Privacy Leaks in Smartphones[J]. Plos One, 2018, 13(7): e0191502.
[5]	BHATT A J, GUPTA C, MITTAL S. iABC-AL: Active Learning-based Privacy Leaks Threat Detection for iOS Applications[EB/OL]. , 2018-5-23.
[6]	LI Tao, ZHANG Chi.Research on Network Security Risk Model Based on the Information Security Level Protection Standards[J]. Netinfo Security, 2016, 16(9): 177-183.
	李涛,张驰.基于信息安全等保标准的网络安全风险模型研究[J].信息网络安全,2016,16(9):177-183.
[7]	Jason Program Office.Horizontal Integration: Broader Access Models for Realizing Information Dominance[R]. Mclean Virginia: The Mitrf Corporation, JSR-04-132, 2004.
[8]	SHAIKH R A, ADI K, LOGRIPPO L.Dynamic Risk-based Decision Methods for Access Control Systems[J]. Computers & Security, 2012, 31(4): 447-464.
[9]	TAN Zhiyong LIU Duo, SI Tiange, et al. A Multilevel Security Model with Credibility Characteristics[J]. Acta Electronica Sinica, 2008, 36(8): 1637-1641.
	谭智勇,刘铎,司天歌,等. 一种具有可信度特征的多级安全模型[J]. 电子学报,2008,36(8):1637-1641.
[10]	CHENG P C, ROHATGIP P, KESER C, et al.Fuzzy Multi-level Security: An Experiment on Quantified Risk-adaptive Access Control[C]//IEEE. IEEE Symposium on Security and Privacy, May 20-23, 2007, Berkeley, CA, USA. NJ: IEEE, 2007: 222-230.
[11]	NI Qun, BERTINO E, LOBO J.Risk-based Access Control Systems Built on Fuzzy Inferences[C]//ACM. The 5th ACM Symposium on Information, Computer and Communications Security, April 13-16, 2010, Beijing, China. New York: ACM, 2010: 250-260.
[12]	DIMMOCK N, BELOKOSZTOLSZKI A, EYERS D, et al.Using Trust and Risk in Role-based Access Control Policies[C]//ACM. The Ninth ACM Symposium on Access Control Models and Technologies, June 2-4, 2004, Yorktown Heights, New York, USA. New York: ACM, 2004: 156-162.
[13]	CHEN Liang, CRAMPTON J.Risk-aware Role-based Access Control[C]//Springer. The 7th International Conference on Security and Trust Management, June 27-28, 2011, Copenhagen, Denmark. Heidelberg: Springer-Verlag, 2011: 140-156.
[14]	LI Ruixuan, HU Jinwei, TANG Zhuo, et al.R2BAC: A Risk-based Multi-domain Secure Interoperation Model[J]. Journal on Communications, 2008, 29(10): 58-69.
	李瑞轩,胡劲纬,唐卓,等. R2BAC:基于风险的多自治域安全互操作模型[J]. 通信学报,2008,29(10):58-69.
[15]	BIJON K Z, KRISHNAN R, SANDHU R.A Framework for Risk-aware Role-based Access Control[C]//IEEE. 2013 IEEE Conference on Communications and Network Security, October 14-16, 2013, National Harbor, MD, USA. NJ: IEEE, 2013: 1-18.
[16]	WU Shasha, XIONG Jinbo, YE Guohua, et al.Research on Location Privacy Protection Based on Dummy Locations in Mobile Internet Environment[J]. Netinfo Security, 2016, 16(10): 54-59.
	吴莎莎,熊金波,叶帼华,姚志强.移动互联网环境下基于假位置的位置隐私保护研究[J].信息网络安全,2016,16(10):54-59.
[17]	BRITTON D W, BROWN I A. A Security Risk Measurement for the Radac Model[EB/OL]. , 2019-3-15.
[18]	ZHOU Lintao, LI Hongxing, SUN Kaibiao.Teaching Performance Evaluation by Means of a Hierarchical Multifactorial Evaluation Model Based on Type-2 Fuzzy Sets[J]. Applied Intelligence, 2016, 46(1): 1-11.
[19]	SAATY T L.How to Make a Decision: The Analytic Hierarchy Process[J]. European Journal of Operational Research, 1994, 24(6): 19-43.
[20]	WEN Weiping, GUO Ronghua, MENG Zheng, et al.Research and Implementation on Information Security Risk Assessment Key Technology[J]. Netinfo Security, 2015, 15(2): 7-14.
	文伟平,郭荣华,孟正,柏皛.信息安全风险评估关键技术研究与实现[J]. 信息网络安全,2015,15(2):7-14.

三角模糊数判断标度值	含义（因素i相对于因素j）
(1, 1, 1)	完全相同
(1/2, 1, 3/2)	同等重要
(1, 3/2, 2)	稍微重要
(3/2, 2, 5/2)	较强重要
(2, 5/2, 3)	强烈重要
(5/2, 3, 7/2)	极端重要
上述判断标度值的倒数	表示相反值

空间设备	全部 /GB	已使用 /GB	应用程序 /GB	图片 /GB	音频 /MB	其他 /GB
A	32	29.28	11.78	1.46	467	15.57
B	16	15.5	9.45	1.2	823	4.03
C	64	35.23	14.73	7.06	1200	9.24
D	32	26.7	12.26	2.47	696	11.27

	f₁	f₂	f₃	f₄	f₅	f₆
f₁	(1,1,1)	(1,1.31,2)	(1,0.667,0.5)	(1,1.817,2.5)	(0.667,0.55,0.5)	(1,1.778,3)
f₂	(0.5,0.763,1.5)	(1,1,1)	(0.667,0.55,0.5)	(1,1.5,2)	(0.5,0.464,0.4)	(0.5,1.44,2.5)
f₃	(1,1.5,2)	(1,1.817,2.5)	(1,1,1)	(1.5,2.32,3)	(0.5,0.763,1.5)	(1.5,2.289,3)
f₄	(0.667,0.55,0.5)	(1,0.667,0.5)	(0.5,0.464,0.4)	(1,1,1)	(0.4,0.354,0.26)	(1,1,2)
f₅	(1,1.817,2.5)	(1.5,2.154,3)	(0.5,1.31,2)	(2,2.657,3.5)	(1,1,1)	(2,2.657,3.5)
f₆	(0.5,0.562,0.5)	(0.67,0.69,0.67)	(0.4,0.437,0.4)	(0.5,1,2)	(0.4,0.333,0.26)	(1,1,1)