-
随着Android系统在智能手机、平板等嵌入式设备上的广泛使用,Android系统所面临的安全问题和隐私问题也日益严峻。采用虚拟化技术在同一硬件平台上运行多个操作系统,将不同安全等级应用隔离运行,可以提高Android系统的安全性并保护用户隐私。目前,Android系统主要采用加密方法对高安全性应用或者私密数据进行保护,并且高安全性或高秘密程度的应用与普通应用程序运行于相同的Android系统中,因此无法满足用户对安全性和私密性的需求。
由于Android操作系统基于Linux内核,这使容器技术(Linux container, LXC)可以较为方便地部署在Android系统上实现内核级的隔离。然而,容器技术对Android平台的设备虚拟化支持尚不完善,不便于多个容器对同一个硬件设备的复用。为了解决该问题,本文采用LXC技术实现了多个虚拟手机系统在同一个平台上的隔离运行,同时提出一种基于代理的设备虚拟化技术,有效地解决了多Android平台上某些物理设备不能复用的问题,由此,每个虚拟手机系统以为自己独占系统资源。每个虚拟手机的功能可以根据用户需要而特殊定制,如可以建立工作和生活两个虚拟手机,将工作和生活的应用分开执行,保护用户隐私。
Devices Virtualization Technology Based on the Proxy
-
摘要: 随着智能手机逐步成为人们工作和生活不可或缺的随身设备,其安全性和用户隐私问题也越来越突出。为解决该问题,提出一种基于Linux容器技术的方法,在同一台手机设备上建立多个虚拟手机系统,使多个相互隔离的Android系统同时运行。为了使多个子系统共享同一台设备资源,提出了基于代理的设备虚拟化技术,并以手机的Radio设备为例实现了该技术。然后,在一个实现了的原型系统上的测试结果表明每个虚拟手机系统均可正常使用所有物理设备,说明该方法可有效地实现设备的虚拟化。最后,通过对多系统的数据隔离、系统资源开销的测试验证了该方法的可行性。由于各虚拟手机系统之间相互隔离、互不影响,因而很好地保护了用户数据的隐私。此外,即使某一个Android子系统出现运行故障或者被恶意攻击,其他子系统照样可以正常运行,从而提高了整个系统的安全性。同时,各子系统的应用和功能可以根据不同的应用场景和需求特别定制,可满足用户的个性化需求。
-
关键词:
- Android操作系统 /
- 设备虚拟化技术 /
- Linux容器 /
- 智能手机
Abstract: As the mobile phone plays a more important role in our life, the problem about security and privacy of smart phone become more prominent. To solve this problem, this paper presents an approach to implement more virtual phone (VP), which is based on Linux container technology, running two or more Android systems in a single smart phone device. In order to allow each VP uses devices concurrently, we present a virtualization technology based on device proxy, and realize it on radio device. A prototype system is implemented on Nubia Z7max smartphone and the functionality of virtualization, data isolation etc. are tested. The experiment results show that our approach is useful and feasible. Each VP can simultaneously shares devices, user's data about devices and applications are isolated between isolated Android systems, and the system cost is kept in allowable range. Due to the VPs are isolated each other, there are three benefits:this approach can protect the user's privacy effectively, even one VP is corrupted the whole system can still work, and it also can satisfy user's personalized demand because the VP's functions can be customized by application scenarios and user's requirements.-
Key words:
- Android OS /
- device virtualization technology /
- Linux container /
- smartphones
-
[1] BARHAM P, DRAGOVIC B, FRASER K, et al. Xen and the art of virtualization[J]. ACM SIGOPS Operating Systems Review, 2003, 37(5):164-177. doi: 10.1145/1165389 [2] RUSSELL R. Virtio:towards a de-facto standard for virtual I/O devices[J]. ACM SIGOPS Operating Systems Review, 2008, 42(5):95-103. doi: 10.1145/1400097 [3] DONG Y, LI S, MALLICK A, et al. Extending Xen with intel virtualization technology[J]. Intel Technology Journal, 2006, 10(3):193-203. [4] KIVITY A, KAMAY Y, LAOR D, et al. KVM:the Linux virtual machine monitor[C]//Proceedings of the Linux symposium. Ottawa:Proc Linux Symposium, 2007, 1:225-230. [5] DALL C, NIEH J. KVM/ARM:the design and implementation of the linux ARM hypervisor[J]. ACM SIGARCH Computer Architecture News, 2014, 42(1):333-348. https://systems.cs.columbia.edu/archive/pub/2014/03/kvm-arm-the... [6] HWANG J Y, SUH S B, HEO S K, et al. Xen on ARM:System virtualization using Xen hypervisor for ARM-based secure mobile phones[C]//Consumer Communications and Networking Conference, 2008, CCNC 2008, 5th IEEE. Las Vegas:IEEE, 2008:257-261. [7] LEE S M, SUH S B, JEONG B, et al. Fine-grained i/o access control of the mobile devices based on the xen architecture[C]//Proceedings of the 15th Annual International Conference on Mobile Computing and Networking. Beijing:ACM, 2009:273-284. [8] VARANASI P, HEISER G. Hardware-supported virtualization on ARM[C]//Proceedings of the Second Asia-Pacific Workshop on Systems. Shanghai:ACM, 2011:11. [9] SOLTESZ S, PÖTZL H, FIUCZYNSKI M E, et al. Container-based operating system virtualization:a scalable, high-performance alternative to hypervisors[C]//ACM SIGOPS Operating Systems Review. Lisbon:ACM, 2007, 41(3):275-287. [10] Enterprise Mobility Solutions Samsung Electronics Co. Ltd. White paper:an overview of samsung KNOXTM[EB/OL].[2013-06-01]. http://www.samsung.com/global/business/business-images/resource/white-paper/2013/06/Samsung_KNOX_whitepaper_June-0. [11] LBE Tech. Parallel space[EB/OL].[2016-06-03]. http://parallel-app.com/. [12] YANG Xia, SUN Chao-qun. Research and implementation of multiple Android systems based on the container technique[J]. Journal of Chinese Computer Systems, 2016, 37(7):1422-1427. https://www.hindawi.com/journals/misy/2016/7968707/ [13] Google Inc. Hardware abstraction layer[EB/OL].[2016-06-03]. http://source.android.com/devices/index.html#Hardware-Abstraction-Layer.