Abstract: With the increasing dependence on mobile devices, the security of mobile platforms has aroused extensive attention. Android is a popular open source software stack for a wide range of embedded devices. As the core of system security, the access control mechanism of Android is always a hot spot. This paper focuses on access control mechanisms for the ARM-Android platform, including the hardware isolation, application sandbox and permission-based protection methods. Several model enhancements in different system levels are analyzed according to the comparison of specific control strategies. Then the status of research on multi-level comprehensive access control schemes is summarized. Furthermore, combining ARM TrustZone isolation environment, this paper proposes an access control model and its key technology. Mechanism specifications are obtained through the system analysis, and the formal method is applied to model abstraction and demonstration. Based on the vulnerability analysis and formal modeling work, directions for the relevant research are discussed at last.

Key words:  ARM-Android, access control, model enhancement

摘要： 随着人们对移动设备的依赖，移动设备的安全性问题日益凸显。Android设备是应用广泛的开源性移动平台，其访问控制机制作为系统安全的核心，更是备受关注。针对ARM-Android系统的硬件隔离、系统沙箱和权限保护机制，根据具体策略进行分类对比，综合分析了不同系统层次的模型改进方案，并总结了多层次综合策略访问控制的研究现状。进一步结合ARM TrustZone隔离环境，提出了一种系统访问控制的安全模型及关键实现技术，通过系统分析得到机制规范，并利用形式化方法进行了模型抽象和证明。最后根据安全机制的漏洞分析和形式化建模工作，梳理了相关研究方向。

关键词: ARM-Android, 访问控制, 模型改进