文献类型：期刊文献

英文题名：A Behavior-based Scheme to Block Privacy Leakage on Smartphone Sensors When You Exercise

作者：Yang, Liuqing[1];Zhang, Xiaorui[1];Wang, Qiuju[1]

第一作者：杨柳青

通讯作者：Wang, QJ[1]

机构：[1]Beijing Union Univ, Tourism Coll, 97 North Fourth Ring East Rd, Beijing 100101, Peoples R China

第一机构：北京联合大学旅游学院

通讯机构：[1]corresponding author), Beijing Union Univ, Tourism Coll, 97 North Fourth Ring East Rd, Beijing 100101, Peoples R China.|[1141732]北京联合大学旅游学院;[11417]北京联合大学;

年份：2023

卷号：35

期号：2

起止页码：579-588

外文期刊名：SENSORS AND MATERIALS

收录：;EI(收录号：20231313803451);Scopus(收录号：2-s2.0-85150855367);WOS:【SCI-EXPANDED(收录号:WOS:000939396700001)】；

基金：The authors thank the anonymous reviewers and editors for their valuable comments and suggestions. This work was supported by the Science and Technology Innovation Service Capacity Building Project of the Beijing Municipal Education Commission (Grant No. KM201811417012) .

语种：英文

外文关键词：behavior-based access control; smartphone sensor; privacy leakage; block; API call monitoring

摘要：Smartphone sensors are widely used in the development of fitness, running, workout, or health applications (apps). However, smartphone sensors may increase the risk of privacy leakage when they bring convenience to users. Traditional access control mechanisms, such as Android Permission, cannot prevent authorized malicious apps from abusing sensor resources. In this paper, a novel behavior-based sensor access control scheme is presented. This scheme can further regulate the behavior of an app after it is authorized, so that it can only access sensor resources with secure behavior patterns (SBPs), and sensor-based privacy leakage may thereby be blocked. On the basis of user interface (UI) operation tracking and tagging, this scheme implements the dynamic perception of app sensor access behaviors. With a temporal logic known as temporal logic of causal knowledge (TLCK), we developed a method to construct the secure sensor access behavior pattern. Every sensor may be given a SBP. By comparing the dynamic sensor access behavior of an app with SBP, we can determine if the sensor access is secure. Moreover, by supervising the call stack of the app's sensor access application programming interface (API), we may timely block a sensor access when it is not secure. In this report, we also describe the implementation of a prototype defense system to analyze the effectiveness and efficiency of the scheme. The experimental results show that this scheme can effectively block the abnormal sensor access of an app with a performance overhead of about 10%.