| The open-source Android system faces growing malicious attacks,endangering user data security.Unlike cloud servers that can collaborate with the edge for enhanced verification and authorization,the edge alone lacks robust hardware support,making independent secure verification of Android application launches extremely challenging.Storing the source measurement of Android applications in the cloud reduces data leakage risks and ensures secure transmission during application upgrades.This thesis aims to achieve secure verification of Android application launches through a remote trusted measurement and verification method that leverages collaboration of cloud servers and edge devices.The research focuses on two key aspects.1.This thesis presents a cloud-edge collaborative verification method,using Intel SGX.to address trusted integrity verification during the launch of Android applications.A trusted environment is established from the edge to the cloud,leveraging trusted computing principles.The Android application launch pre-measurement tool is designed and implemented in the Android system framework layer,and combined with the secure boot mechanism based on TrustZone technology,ensuring the secure launch of Android system and the Android application launch pre-measurement tool.Based on the trusted measurement tool and the cloud-edge collaborative strategy.the Android application launch pre-measurement and authorization operations are committed,ensuring the complete trustworthiness during application launch process.Further combined with the trusted boot mechanism based on TrustZone technology,a complete trusted chain from device power-on to Android application launch is constructed.Experimental results show that the suggested method can detect and prevent malicious attacks,with only a startup time increment of 21.9%,and the performance loss is within an acceptable range.2.This thesis examines the security of Enclave under high concurrency and identifies that the internal resource scheduling may not be secure when a single Enclave handles a significant concurrency load.In response to this risk,this thesis proposes and implements a scheme for mitigating abnormal threads in high-concurrency Enclaves and providing early warnings.The scheme incorporates a service container for load balancing Enclaves,reducing the concurrency peak of individual Enclaves.For abnormal threads,their corresponding functions are queued in the service container for secondary execution.While this sacrifices the execution efficiency of some threads,it ensures the system thread safety.The system generates alarm information for administrators,who can enhance the system’s hardware resources to improve its load capacity.Experimental results demonstrate that the scheme effectively reduces the frequency of abnormal threads,achieving a reduction rate of approximately 89%.In terms of time cost,it increases by 5.602%compared to using the conventional measurement scheme and by 29.743%compared to not using pre-measurement before application startup.The associated performance loss remains within an acceptable range. |
PDF Full Text Request