此文档是毕业设计外文翻译成品（ 含英文原文+中文翻译），无需调整复杂的格式！下载之后直接可用，方便快捷！本文价格不贵,也就几十块钱！一辈子也就一次的事！外文标题：On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis外文作者：Michael Backes，Sven Bugiel，Erik Derr文献出处:IEEE security,2018 (如觉得年份太老，可改为近2年，毕竟很多毕业生都这样做)英文5530单词，35129字符(字符就是印刷符)，中文9411汉字。（如果字数多了，可自行删减，大多数学校都是要求选取外文的一部分内容进行翻译的。）On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification AnalysisAbstract: In contrast to the Android application layer, Androids application frameworks internals and their influence on the platform security and user privacy are still largely a black box for us. In this paper, we establish a static runtime model of the application framework in order to study its internals and provide the first high-level classification of the frameworks protected resources. We thereby uncover design patterns that differ highly from the runtime model at the application layer. We demonstrate the benefits of our insights for security-focused analysis of the framework by re-visiting the important use-case of mapping Android permissions to framework/ SDK API methods. We, in particular, present a novel map- ping based on our findings that significantly improves on prior results in this area that were established based on insufficient knowledge about the frameworks internals. Moreover, we introduce the concept of permission locality to show that although frame- work services follow the principle of separation of duty, the accompanying permission checks to guard sensitive operations violate it.1IntroductionAndroids application frameworki.e.,the middle-ware code that implements the bulk of the Android SDK on top of which Android apps are developedis responsible for the enforcement of Androids permission-based privilege model and as such is also a popular subject of recent research on security extensions to the Android OS. These extensions provide various security enhancements to Androids security, ranging from improving protection of the users privacy 26, 46, to establishing domain isolation 29, 12, to enabling extensible access control 21, 8.Androids permission model and its security extensions are currently designed and implemented as best- effort approaches. As such they have raised questions about the efficacy, consistency, or completeness 3 of the policy enforcement. Past research has shown that even the best-efforts of experienced researchers and developers working in this environment introduce potentially exploitable errors 15, 44, 35, 33. In light of the framework size (i.e., millions of lines of code) and based on past experience 15, 44, 16, 33, 36, static analysis promises to be a suitable and effective approach to (help to) answer those questions and hence to demystify the application framework from a security perspective. Unfortunately, on Android, the technical peculiarities of the framework impinging on the analysis of the same have not been investigated enough. As a consequence, past attempts on analyzing the framework had to resort to simple static analysis techniques 7which we will show in this paper as being insufficient for precise resultsor resort to heuristics 33.In order to improve on this situation and to raise efficiency of static analysis of the Android application framework, one is confronted with open questions on how to enable more precise static analysis of the frameworks codebase: where to start the analysis (i.e., what is the publicly exposed functionality)?Where to end the analysis (i.e., what are the data and control flow sinks)? Are there particular design patterns of the framework runtime model that impede or prevent a static analysis? For the Android application layer, those questions have been addressed in a large body of literature. Thanks to those works, the community has a solid understanding of the sinks and sources of security- and privacy-critical flows within apps (e.g., well-known Android SDK methods) and a dedicated line of work further addressed various challenges that the Android application runtime model poses for precise analysis (e.g., inter-component com- munication 28, 40, 24, 27 or modelling the Android app life-cycle25, 6). Together those results form a strong foundation on which effective security- and privacy-oriented analysis is built upon. In contrast to the app layer, for the application framework we have an intuitive understanding of what constitutes its entry points, but no in-depth technical knowledge has been established on the runtime model, and almost no insights exist on what forms the security and privacy relevant targets of those flows (i.e., what technically forms the sinks or “protected resources”).Our Contributions. This paper contributes to the demystification of the application framework from a security perspective by addressing technical questions of the underlying problem on how to statically analyze