The design and implemention of Android sandbox based on vitualization and redirection technology
CUI Haina
1
2
崔海娜(1991-),女,北京邮电大学硕士研究生,主要研究方向:终端安全
ZHANG Tianle
1
2
张天乐(1977-),男,副教授、硕导,主要研究方向:终端安全
1、School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing, China
2、 Key Laboratory of Trustworthy Distributed Computing and Service (BUPT), Ministry of Education, Beijing, China 100876
Abstract:The employees are getting rid of the shackles of the original fixed working environment with the popularity of mobile devices. Enterprise mobility management(EMM) as a solution to enterprise mobile security and the problems of management arises at the historic moment. Mobile content management(MCM), one of the elements of EMM\'s mobility management, achieves the isolation, monitoring and controlling of distribution and accessing of sensitive information by using the sandbox technology. That is to say, mobile security sandbox is one of the kernel technologies of EMM. Mobile security sandbox is divided into ordinary sandbox and the core competitiveness of the sandbox, mobile security sandbox is a non-antivirus security tool. This paper analyzes the existing problems of current mobile sandboxes, and the existing PC end sandbox systems, and then proposes a new Android sandbox system which based on virtual and redirect technology. By virtualizing and redirecting the four major components, system services and IO operations of the Android system, the sandbox which designed in this article provides an independent and safe running environment for the applications that with untrustworthy property and enables the application to be ran both inside and outside the sandbox. The sandbox provides file system isolation so that file data generated by applications running in the sandbox can be managed. The sandbox provides file system isolation so that file data generated by applications running in the sandbox can be managed. Redirection technology resolves resource conflicts that may occur when the sandbox is started simultaneously and externally. In addition, this article also achieved without modifying the application installation package and in transparent external circumstances installed directly inside the sandbox.And the test results show that the classification of data manipulation enhances the sandbox protection of data integrity.