| With the rapid development of mobile Internet and smartphones,various application(app)market provide a great quantity of apps in each aspect of humans' daily life,such as smart travelling,social networking,health care.However,when people enjoy these apps,they inevitably store personal privacy information in smartphones.Problems of permission use and privacy disclosure behinds apps are gradually revealed.On the one hand,smartphone apps request permissions irrelevant to the main function.People usually do not seriously read the relevant explanatory terms of data collection and distinguish different permissions.Once people agree to get their privacy information,they will not withdraw and smartphone apps can over-request permissions.On the other hand,smartphone apps over-collect user's data,i.e.smartphone apps collect users' data more than its original function while within the permission scope.For example,weather app can achieve querying the local weather by collecting users' location data once.If location permission is invoked only once,privacy leak problem can be ignored.As a matter of fact,generous weather apps call location permission thousands of times,resulting in a sharp increase in privacy risks.Therefore,this paper utilizes the game theory,alarm mechanism,access control and other technologies to comprehensively solve the problem of privacy leakage in smartphones.The main research work of this paper is as follows:Firstly,the current privacy protection methods of smartphones lack the necessary theoretical support,and some protection methods can not fundamentally solve the problem of privacy disclosure.Consequently,an evolutionary game model on permission request strategy of application providers is proposed.By analyzing the factors affecting the providers' profit,the payment matrix of the evolutionary game of providers is constructed.On the basis,the replication dynamic equation and evolutionary stable strategy of providers are obtained.The necessary conditions for providers applying ?request basic permissions? strategy and dynamic evolutionary direction of the game are analyzed,which provides theoretical support and suggestions for solving problems of privacy leak in smartphones.Secondly,aiming at the problem of over-requesting permissions and over-collecting data in smartphones,we proposed a personalized authorization decision recommendation model.By analyzing the influence factors of privacy risk and usability of APPs,a measurement model of privacy risk and usability is established.Then taking privacy risk as cost and usability as benefit,the profit evaluation function of users using APP is established synthetically.Aiming at maximizing profit,simulated annealing algorithm is introduced to calculate personalized authorization decision,so as to guide users to rationally authorize.Finally,aiming at the problem of limited storage space and battery power of smartphones,and the characteristics of mixed end-cloud storage data in the future,we propose a privacy protection method for smartphone data based on cloud environment.By using cloud to store users' sensitive data and providing encryption,decryption and access control services,the sensitive data can be used reasonably and controlled.In order to improve the flexibility and adaptability of access control,security risk and operation requirement assessment are introduced into XACML. |
PDF Full Text Request