移动终端感知安全管控机制与优化方法研究

Mobile users dramatically benefit from the rapid development of mobile terminals, such as smart phones and wearable glasses. But the mobile terminals are suffering from the enlarging attack surfaces due to the equipped sensing capacities, which lead to several severe security challenges. That is, adversaries have more chances to compromise personal terminals, steal private data, and even launch a large scale mobile networked attack. As a result, it is necessary to securely control these sensing capacities and data, especially the continuous sensing capacities and composite sensing data. The solution to controlling sensing capacities and data expects the improvement of automatic policy administration, too. The proposed project will be carried out from three perspectives: security models, authorization mechanisms, security analysis and optimization. That is, at first, we will design an adaptive security model which support efficiently control sensing capabilities and data in mobile terminals; secondly, we will present the multiple dimensions mechanisms and protocols of collaborative policy administration to automatize the authorization process; thirdly, we will analyze the security of the proposed mechanism of sensing control in mobile terminals, design the efficient control algorithm, then measure and optimize the side effects when the new models and mechanisms are leveraged in the current mobile ecosystem. The proposed project aims to analyze and counter the threats from the sensing capacities and data in mobile terminals, especially study the efficient countermeasures of continuous sensing and composite sensing data. The proposed project also aims to lay a foundation for the analysis methodology of the security of adaptive access control, offering the guide to measure the side effects of the evolving mobile security mechanism. Finally, the study of this proposed project would support the further security design of mobile operating systems.

拥有丰富感知能力移动终端的普及，极大改善了移动用户应用体验，但也改变着移动终端所遭受的攻击面，因而对移动终端系统安全提出严峻挑战。移动终端感知安全问题面临着持续感知能力和混合感知数据安全管控挑战，解决该问题也亟待改善策略管理自动化程度。为此，本项目拟从“安全模型-管理机制-分析及优化实现”三个视角展开项目研究：面向移动终端泛在感知能力和敏感数据安全构造自适应管控模型；面向移动互联环境设计多维度协同策略管理机制和协议，提升授权过程自动化；分析移动终端安全管控机制安全性，设计高效感知安全管控算法，并度量和优化新机制对当前移动终端应用生态的影响。本项目旨在为移动终端面临的感知安全问题，特别是为持续感知能力和混合感知数据的安全管控提供有效机制与方法，为研究自适应访问控制的安全性分析奠定方法基础，为分析安全技术演进对移动终端应用生态影响提供度量方法指导，为移动终端操作系统的安全性设计提供良好借鉴。

拥有丰富感知能力移动终端的普及，极大改善了移动用户应用体验，但也改变着移动终端所遭受的攻击面，因而对移动终端系统安全提出严峻挑战。移动终端感知安全问题面 临着持续感知能力和混合感知数据安全管控挑战，解决该问题也亟待改善策略管理自动化程度。为此，本项目从“安全模型-管理机制-分析及优化实现”三个视角展开项目研究：面向移动终端泛在感知能力和敏感数据安全构造自适应管控模型；面向移动互联环境设计多维度协同策略管理机制和协议，提升授权过程自动化；分析移动终端安全管控机制安全性，设计高效感知安全管控算法，并度量和优化新机制对当前移动终端应用生态的影响 。.项目相关研究在CCF A类期刊TDSC发表和录用四篇论文，TIFS发表一篇，中国计算机学报发表一篇论文，共计发表学术论文18篇，做出如下主要工作进展：.1. 提出revDroid框架。为移动终端安全访问控制的策略回收，设计了一个有效工具，发表在系统安全领域权威会议AsiaCCS上。.2. 提出senDroid，为移动终端对于感知安全的防御的短板，提出系统层审计机制，为抵御几乎所有的感知安全威胁提供了新的有效防御，论文被系统安全顶级期刊TDSC录用。.3. 提出一种面向移动终端中最重要的感知能力：语音的细粒度安全管控机制，论文被系统安全顶级期刊TDSC录用。.4. 提出一种社交化的策略管理方法，简化终端策略管理的难度。论文发表在系统安全权威期刊Computers & Security上。.5. 提出一种红外线对于移动终端摄像头的威胁及其管控机制，论文发表在SIMA上。.6. 提出了诸多安全机制，包括口令安全、物品追溯等，可以有效保护移动终端及相关系统的安全。.上述研究成果被系统安全顶尖会议如IEEE S&P等正面引用。