Android storage application sandbox and communication method based on application virtualization

An application program and virtualization technology, applied in the field of communication, can solve problems such as violation of the same-origin model and poor security

Active Publication Date: 2020-10-27
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

As an alternative, inline reference monitoring moves the reference monitor to the application layer and allows users to install security extensions in the form of applications. However, the reference monitor and untrusted applications share the same process space, which is less secure, and at the same time The inline reference watcher needs to be modified and the application needs to be re-signed, which violates Android's signature-based same-origin model

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android storage application sandbox and communication method based on application virtualization

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] The technical solution of the present invention will be further described below in conjunction with the accompanying drawings.

[0031] like figure 1 As shown, the Android storage application sandbox based on application virtualization includes an agent running in a permission control process and one or more targets running in an isolated process. strong security circle;

[0032] The agent is an application program process, has all platform permissions assigned by the system, and can interact normally with the Android middleware as a mandatory agent for all interactions between the target and the Android system; the agent includes an API layer, a core logic layer and a virtual layer:

[0033] API layer: including inter-process communication receivers and system call receivers;

[0034] Core logic layer: Implement policy enforcement points for Binder inter-process communication and system calls, and provide basic functions for applications by replicating the functions ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an Android storage application sandbox based on application program virtualization, which includes an agent and a target. There is a strong security circle between the target and the agent for safely isolating untrusted applications; the agent is an application program process, which has All platform permissions assigned by the system can interact with Android middleware normally and act as a mandatory proxy for all interactions between the target and the Android system; the proxy includes API layer, core logic layer and virtual layer: the target has no platform permissions, cannot access Android firmware and cannot Change the file system, including sandbox services, Binder inter-process communication interceptors and system call interceptors. The present invention utilizes the security provided by the isolated process, avoids modifying the operating system and the untrusted application program by dynamically loading and executing the untrusted application program in the process, and at the same time allows the untrusted application program to perform input / output operations in a controllable method and access to system resources, encapsulating untrusted applications within a sandbox environment.

Description

technical field [0001] The invention belongs to the technical field of communication, and in particular relates to an Android storage application sandbox based on application virtualization and a communication method. Background technique [0002] With the ubiquity of Android and the popularity of the open source system, the privacy of smartphone users, especially Android OS users, is compromised by many different threats. These threats include increasingly sophisticated malware and spyware, developer negligence, and the lack of fail-safe defaults in the Android SDK. To address this situation, developing new ways to protect end-user privacy has become an active topic in the Android security field in recent years. [0003] Existing methods for deploying Android Security Extensions are OS Security Extensions and Inline Reference Monitoring. OS Security Extensions demonstrates a user identifier-centric Android security architecture that, while providing strong security guaran...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/53
CPCG06F21/53
Inventor 罗俊海刘佐婷吴琦付亮
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap