臺灣博碩士論文加值系統

行動軟體的發展推動了智慧型行動裝置的普及化，更進一步的促進行動軟體的數量快速成長。行動裝置平台的個人化及隨身化的特性，加上不斷增加到行動平台的資料紀錄或感知功能連結行動平台的通訊能力，行動軟體很容易成為洩露使用者隱私的管道，如何能在享有行動軟體服務的便利的同時保護使用者隱私資訊，這個問題的重要性與日俱增。目前的做法，有些牽涉行動裝置平台系統架構的更改，或需要高複雜度的處理，並非一般使用者可採用的方式，因此我們提出運用代理伺服器的架構提供可行且實用的行動軟體使用者隱私保護的方法，我們完成保護機制架構的設計並進行了實作，我們所提出的方法能夠提供使用者有效且實用的隱私保護。

Mobile apps is moving power behind the prevalence of intelligent mobile devices, which, in turn, bring in the exponentially growing number of mobile apps being developed. The personalized and ubiquitous characteristics of intelligent mobile devices, with the added variety of record taking and data sensing capabilities become a serious threat to user privacy when linked with the communication ability of the mobile devices. How to allow us to enjoy all the conveniences and services without privacy risk is an important issue to all users of mobile devices. The available privacy protection schemes or methods either require change made at the mobile device system framework and core, or require complicate technology process and skill. In this thesis, we proposed a proxy server based approach to develop a solution practical to ordinary users. A prototype has been implemented to demonstrate the practicality and usability of the privacy protection mechanism.

目次
摘要 I
Abstract II
誌謝 III
目次 IV
圖目錄 VI
表目錄 VII
第一章 緒論 1
1.1 背景 1
1.2 動機目的 4
1.3 目的 5
1.4 論文架構 5
2. 背景與相關研究 6
2.1 背景 6
2.2 相關研究 7
2.3 問題探討 14
3. 需求分析與系統規劃 16
3.1 需求分析 16
3.2系統規劃 16
3.3 結論 24
4. 系統實作 25
4.1 實驗環境介紹 25
4.2 操作流程 25
5. 結論與未來工作 32
5.1 結論 32
5.2 未來工作 32
參考文獻 34


圖目錄
圖3.1 APP運作流程圖 17
圖3.2 本研究提出的系統架構 20
圖3.3 伺服器端流程圖 21
圖3.4 客戶端流程圖 23
圖4.1 選擇功能 26
圖4.2 註冊畫面 27
圖4.3 APP列表 28
圖4.4 選擇要保護的權限 28
圖4.5 設定代理伺服器 29
圖4.6 正常使用情形 30
圖4.7 經過保護後的使用情形 31

表目錄
表2.1 現行方法比較 13

[1] A. Porter Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner, “A Survey of Mobile Malware in the Wild”, In Proceedings of the ACM CCS Workshop on Security and Privacy in Smartphone and Mobile Device, CSS-SPSM’11, 2011.

[2] Dalvik Virtual Machine, https://source.android.com/devices/tech/dalvik/index.html

[3] M. Nauman, S. Khan, X. Zhang, “Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints”, In Proceedings of the ACM Symposium on Information, Computer, and Communications Security, ASIACCS’10, 2010.

[4] L. Yang, N. Boushehrinejadmoradi, P. Roy, V. Ganapathy, L. Iftode, “Short Paper: Enhancing Users’ Comprehension of Android Permissions”, In Proceedings of the ACM CCS Workshop on Security and Privacy in Smartphone and Mobile Device, CSS-SPSM’12, 2012.

[5] P. Pearce, A.Porter Felt, G. Nunez, D. Wagner, “AdDroid: Privilege Separation for Applications and Advertisers in Android”, In Proceedings of the ACM Symposium on Information, Computer, and Communications Security, ASIACCS’12, 2012.

[6] J. Jeon, K. K. Micinski, J. A. Vaughan, N. Reddy, Y. Zhu, J. S. Foster, T. Millstein, “Dr. Android and Mr. Hide: Fine-grained security policies on unmodified Android”, In Proceedings of the ACM CCS Workshop on Security and Privacy in Smartphone and Mobile Device, CSS-SPSM’12, 2012.

[7] W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, A. N. Sheth, “TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones”, In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation, USENIX OSDI’10, 2010.

[8]AdMob , http://www.google.com.tw/ads/admob/

[9]Android Content Provider , http://developer.android.com/guide/topics/providers/content-providers.html

[10] Ubuntu, http://www.ubuntu.com/
[11] Mitmproxy, http://mitmproxy.org/

[12] Eclipse ADT bundle ,
http://developer.android.com/tools/sdk/eclipse-adt.html

[13]Genymotion , http://www.genymotion.com/