计算机工程与应用 ›› 2018, Vol. 54 ›› Issue (14): 127-132.DOI: 10.3778/j.issn.1002-8331.1703-0191

• 网络、通信与安全 • 上一篇    下一篇

云环境下面向隐私保护的用户行为分析

蒋洁琦,杨  庚,李  鹏   

  1. 南京邮电大学 计算机学院、软件学院,南京 210046
  • 出版日期:2018-07-15 发布日期:2018-08-06

Analysis of users’ behavior under cloud computing environment

JIANG Jieqi, YANG Geng, LI Peng   

  1. School of Computer Science and Software, Nanjing University of Posts and Telecommunications, Nanjing 210046, China
  • Online:2018-07-15 Published:2018-08-06

摘要: 针对云环境下基于隐私Petri网(PPN)的用户行为,主要是存在隐私泄露的行为,通过软件监测应用程序获取调用的相关接口,分析存在隐私泄露用户行为的特点。主要通过研究正常QQ软件与植入了木马病毒的QQ软件在运行时所调用的系统序列的异同,根据调用的序列在建模软件中分别建立全局PPN模型,进行分析对比。最后对所分析的用户行为进行测试,研究PPN模型的相关算法,对PPN模型进行定性分析和定量分析,分别计算其4项指标值:可能性、严重性、操纵性、隐秘性。实验结果表明,与正常QQ相比,恶意的QQ不仅会越权访问其他数据,未经授权篡改权限获取相应数据;其次,包含隐私泄露行为的软件访问重要资源的能力更强,甚至会通过网络发送隐私数据。

关键词: 云计算, 隐私Petri网(PPN), 用户行为, 隐私泄露, 性能分析

Abstract: The user’s behavior, especially these exists privacy disclosure, which is based on Privacy Petri Net(PPN) under the cloud computing environment is analyzed, and then the method to acquire the relevant interface when the user monitors the application software is introduced. In addition, the characteristics of user’s behavior which exists privacy data leakage are analyzed. The normal QQ software and the malicious QQ software which is infected virus are running respectively, and the similarities and differences between the calling sequences are monitored. According to the calling sequences, the global PPN model in the modeling software is set up, and then analysis and comparison is made. Finally, the analysis of the user’s behavior is tested and relevant algorithm is analyzed. Furthermore, qualitative analysis and quantitative analysis are made, including computing the value of its four indices:possibility, severity, manipulability, and crypticity. As the results show that compared with the normal QQ software, the malicious QQ software not only accesses other data beyond its authority but also tampers its rights without permission in order to obtain the corresponding data. Besides, the malicious software which exists privacy data leakage usually has strong ability to access important resources, particularly some even send privacy data to remote host through the network.

Key words: cloud computing, Privacy Petri Net(PPN), user behavior, privacy leakage, performance analysis