大规模用户隐私风险量化研究  被引量：6

作　　者：孟小峰[1] 朱敏杰 刘俊旭 Meng Xiaofeng;Zhu Minjie;Liu Junxu(School of Information,Renmin University of China,Beijing 100872)

机构地区：[1]中国人民大学信息学院

出　　处：《信息安全研究》2019年第9期778-788,共11页Journal of Information Security Research

基　　金：国家自然科学基金项目(91646203,91846204,61532016,61532010,61762082);国家重点研发计划项目(2016YFB1000602,2016YFB1000603);中国人民大学科学研究基金项目(11XNL010);河南省科技开放合作项目(172106000077)

摘　　要：移动应用程序的日益繁多使得移动互联网服务提供商有机会收集到大规模的用户数据,然而其数据收集和使用的不规范使移动用户面临着极其严峻的隐私风险问题.如何分析用户隐私风险状况并进行隐私保护成为当前亟待解决的重要问题.基于移动应用程序的权限分析方法,提出一种用户隐私风险量化模型.该模型首先通过39个敏感权限识别移动应用程序内个人隐私数据收集状况,并以此为数据泄露源,考虑数据泄露的可能性及数据的隐私危害程度.然后,利用3000万移动设备上的移动应用程序数据,进一步构建隐私风险量化模型.最后,基于该模型分析单个用户的隐私风险值分布,并进一步研究各用户群体的隐私风险趋势,从而构建中国隐私风险指数体系,以区域隐私风险指数、人群隐私风险指数、行为隐私风险指数分别反映不同属性用户群体面临隐私风险的差异.The increasing number of mobile applications have given mobile Internet service providers the opportunity to collect large amounts of user data. However, the unreasonable and abnormal collection and use of data have made mobile users face extremely serious privacy risk. How to analyze the status of user privacy risk and protect user privacy have become an urgent issue. Based on the permission analysis of mobile applications, this paper proposes a novel user privacy risk quantification model. This model first identifies the personal privacy-related data collection of mobile applications through 39 privacy permissions which are considered as leakage data source, then consider the possibility of data leakage and the privacy hazard degree of data. This model is further constructed with the assist of application usage data of 30 million mobile devices. Finally, the distribution of privacy risks of individual users is analyzed. Then through analyzing the average user privacy risk value of each user group, the China privacy risk index is formulated to reflect the differences in privacy risks among various user groups, including the regional privacy risk index, the population privacy risk index, and the behavioral privacy risk index.

关 键 词：大数据隐私 移动应用程序 风险量化 权限分析 中国隐私风险指数 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]