Research on Access Control for Privacy Protection of Mobile Terminals

doi:10.3969/j.issn.1671-1122.2019.08.008

Abstract

Abstract:

With the in-depth development of computer technology, various Internet of Things applications are becoming more popular in people's lives. However, the privacy and security issues are becoming more prominent. One of the serious hidden issues is that the permissions over-request and the data over-collection in mobile terminals in the current Internet of Things environment. To address the above problems, this paper proposes an access control model for privacy protection of mobile terminals. By storing all sensitive data in the cloud, the cloud provides the encryption, decryption and access control services to ensure that the sensitive data is used reasonably and in controlled. In view of the disadvantages of current access control, this paper introduces security risk and operational needs assessment based on XACML (eXtendable Access Control Markup Language) to improve the flexibility and adaptability of access control. The simulation results show that the proposed method can implement access control accurately and dynamically, greatly improve the security of mobile terminals, and can effectively reduce the storage space and battery power consumption of mobile terminals.

Key words: Internet of Things, smartphone, XACML, risk access control, operational need

CLC Number:

TP309

A-yong YE, Junlin JIN, Lingyu MENG, Ziwen ZHAO. Research on Access Control for Privacy Protection of Mobile Terminals[J]. Netinfo Security, 2019, 19(8): 51-60.

Figures/Tables 13

References 20

[1]	FELT A P, CHIN E, HANNA S, et al.Android Permissions Demystified[C]//ACM. ACM Conference on Computer & Communications Security, October 17-21, 2011, Chicago, USA. New York: ACM, 2011: 627-638.
[2]	ENCK W, ONGTANG M, MCDANIEL P.On Lightweight Mobile Phone Application Certification[C]//ACM. The 16th ACM Conference on Computer and Communications Security, November 9-13, 2009, Chicago, Illinois, USA. New York: ACM, 2009: 235.
[3]	CHUN B G.TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones.[J]. Acm Transactions on Computer Systems, 2014, 32(2): 1-29.
[4]	YOUNGROK C, WOOGUIL P, HUANG C H.Protecting Contacts against Privacy Leaks in Smartphones[J]. Plos One, 2018, 13(7): e0191502.
[5]	BHATT A J, GUPTA C, MITTAL S. iABC-AL: Active Learning-based Privacy Leaks Threat Detection for iOS Applications[EB/OL]. , 2018-5-23.
[6]	LI Tao, ZHANG Chi.Research on Network Security Risk Model Based on the Information Security Level Protection Standards[J]. Netinfo Security, 2016, 16(9): 177-183.
	李涛,张驰.基于信息安全等保标准的网络安全风险模型研究[J].信息网络安全,2016,16(9):177-183.
[7]	Jason Program Office.Horizontal Integration: Broader Access Models for Realizing Information Dominance[R]. Mclean Virginia: The Mitrf Corporation, JSR-04-132, 2004.
[8]	SHAIKH R A, ADI K, LOGRIPPO L.Dynamic Risk-based Decision Methods for Access Control Systems[J]. Computers & Security, 2012, 31(4): 447-464.
[9]	TAN Zhiyong LIU Duo, SI Tiange, et al. A Multilevel Security Model with Credibility Characteristics[J]. Acta Electronica Sinica, 2008, 36(8): 1637-1641.
	谭智勇,刘铎,司天歌,等. 一种具有可信度特征的多级安全模型[J]. 电子学报,2008,36(8):1637-1641.
[10]	CHENG P C, ROHATGIP P, KESER C, et al.Fuzzy Multi-level Security: An Experiment on Quantified Risk-adaptive Access Control[C]//IEEE. IEEE Symposium on Security and Privacy, May 20-23, 2007, Berkeley, CA, USA. NJ: IEEE, 2007: 222-230.
[11]	NI Qun, BERTINO E, LOBO J.Risk-based Access Control Systems Built on Fuzzy Inferences[C]//ACM. The 5th ACM Symposium on Information, Computer and Communications Security, April 13-16, 2010, Beijing, China. New York: ACM, 2010: 250-260.
[12]	DIMMOCK N, BELOKOSZTOLSZKI A, EYERS D, et al.Using Trust and Risk in Role-based Access Control Policies[C]//ACM. The Ninth ACM Symposium on Access Control Models and Technologies, June 2-4, 2004, Yorktown Heights, New York, USA. New York: ACM, 2004: 156-162.
[13]	CHEN Liang, CRAMPTON J.Risk-aware Role-based Access Control[C]//Springer. The 7th International Conference on Security and Trust Management, June 27-28, 2011, Copenhagen, Denmark. Heidelberg: Springer-Verlag, 2011: 140-156.
[14]	LI Ruixuan, HU Jinwei, TANG Zhuo, et al.R2BAC: A Risk-based Multi-domain Secure Interoperation Model[J]. Journal on Communications, 2008, 29(10): 58-69.
	李瑞轩,胡劲纬,唐卓,等. R2BAC:基于风险的多自治域安全互操作模型[J]. 通信学报,2008,29(10):58-69.
[15]	BIJON K Z, KRISHNAN R, SANDHU R.A Framework for Risk-aware Role-based Access Control[C]//IEEE. 2013 IEEE Conference on Communications and Network Security, October 14-16, 2013, National Harbor, MD, USA. NJ: IEEE, 2013: 1-18.
[16]	WU Shasha, XIONG Jinbo, YE Guohua, et al.Research on Location Privacy Protection Based on Dummy Locations in Mobile Internet Environment[J]. Netinfo Security, 2016, 16(10): 54-59.
	吴莎莎,熊金波,叶帼华,姚志强.移动互联网环境下基于假位置的位置隐私保护研究[J].信息网络安全,2016,16(10):54-59.
[17]	BRITTON D W, BROWN I A. A Security Risk Measurement for the Radac Model[EB/OL]. , 2019-3-15.
[18]	ZHOU Lintao, LI Hongxing, SUN Kaibiao.Teaching Performance Evaluation by Means of a Hierarchical Multifactorial Evaluation Model Based on Type-2 Fuzzy Sets[J]. Applied Intelligence, 2016, 46(1): 1-11.
[19]	SAATY T L.How to Make a Decision: The Analytic Hierarchy Process[J]. European Journal of Operational Research, 1994, 24(6): 19-43.
[20]	WEN Weiping, GUO Ronghua, MENG Zheng, et al.Research and Implementation on Information Security Risk Assessment Key Technology[J]. Netinfo Security, 2015, 15(2): 7-14.
	文伟平,郭荣华,孟正,柏皛.信息安全风险评估关键技术研究与实现[J]. 信息网络安全,2015,15(2):7-14.

三角模糊数判断标度值	含义（因素i相对于因素j）
(1, 1, 1)	完全相同
(1/2, 1, 3/2)	同等重要
(1, 3/2, 2)	稍微重要
(3/2, 2, 5/2)	较强重要
(2, 5/2, 3)	强烈重要
(5/2, 3, 7/2)	极端重要
上述判断标度值的倒数	表示相反值

空间设备	全部 /GB	已使用 /GB	应用程序 /GB	图片 /GB	音频 /MB	其他 /GB
A	32	29.28	11.78	1.46	467	15.57
B	16	15.5	9.45	1.2	823	4.03
C	64	35.23	14.73	7.06	1200	9.24
D	32	26.7	12.26	2.47	696	11.27

	f₁	f₂	f₃	f₄	f₅	f₆
f₁	(1,1,1)	(1,1.31,2)	(1,0.667,0.5)	(1,1.817,2.5)	(0.667,0.55,0.5)	(1,1.778,3)
f₂	(0.5,0.763,1.5)	(1,1,1)	(0.667,0.55,0.5)	(1,1.5,2)	(0.5,0.464,0.4)	(0.5,1.44,2.5)
f₃	(1,1.5,2)	(1,1.817,2.5)	(1,1,1)	(1.5,2.32,3)	(0.5,0.763,1.5)	(1.5,2.289,3)
f₄	(0.667,0.55,0.5)	(1,0.667,0.5)	(0.5,0.464,0.4)	(1,1,1)	(0.4,0.354,0.26)	(1,1,2)
f₅	(1,1.817,2.5)	(1.5,2.154,3)	(0.5,1.31,2)	(2,2.657,3.5)	(1,1,1)	(2,2.657,3.5)
f₆	(0.5,0.562,0.5)	(0.67,0.69,0.67)	(0.4,0.437,0.4)	(0.5,1,2)	(0.4,0.333,0.26)	(1,1,1)