基于 Android 内核驱动的白名单网络控制

Android system is one of the most popular mobile terminal operating systems at present, and its data leakage problem has been increasingly concerned by the academic community. Malwares steal users’ sensitive data and spread it over the Internet to harm users further. In the Android system, network permissions belong to common permissions, and applications can send data by internet without user authorization. To solve the above problems, this paper proposes a network whitelist scheme to control network based on Android kernel driver. Users can monitor the network usage status of all applications and select trusted applications to be added to the whitelist, and a kernel-level signature verification for applications in the whitelist is applied to prevent illegal tampering of execution code, thereby creating a safe and controllable network usage environment. A dedicated channel is constructed for the communication between applications and the kernel to ensure that the network whitelist management permissions are not acquired by other applications. Then, the network permissions are controlled through process identification to achieve permission management without affecting normal application functions. Through experimental verification, this scheme can effectively prevent malwares from using the Internet to leak users' privacy data, and the success rate of network control has reached 100%. The system runs stably and the startup time of controlled applications increases by a maximum of 33.1% and a minimum of 3.6%.