The popularity of apps makes smartphones rapidly become the most widespread form of communication. Due to the impact of resource constraints on mobile phones, users prefer to outsource data from the local device to the cloud. Access control of outsourced data drives the research for protecting sensitive data from all the possibly malicious software access or cloud service provider misbehavior. The unexpected attacks from the local device or the cloud trying to breach the data access policy imposed by data owners have resulted in inadequate access control solutions. Therefore, this paper proposes one access control scheme for Android devices to avoid authentication bypass attacks from both sides. Attribute-Based encryption is used to design one app-level fine-grained data access for data confidentiality on the local side. Further, Trusted Execution Environment is employed as a trusted computing environment that provides essential security services to protect encrypted data from unwanted access by cloud service providers or unauthorized apps from the local side. Finally, a prototype system is implemented, and the performance is evaluated on the various operations used in the scheme. The experimental results show that the enhanced secure access model is flexible, efficient, and secure for outsourcing data to the cloud.

应用程序的普及使智能手机迅速成为最广泛的通信形式。由于资源限制对移动电话的影响，用户倾向于将数据从本地设备外包给云。外包数据的访问控制推动了针对保护敏感数据免受所有可能的恶意软件访问或云服务提供商的不当行为的研究。本地设备或云的意外攻击试图破坏数据所有者施加的数据访问策略，导致访问控制解决方案不足。因此，本文提出了一种针对Android设备的访问控制方案，以避免双方的身份验证旁路攻击。基于属性的加密用于设计一个应用程序级别的细粒度数据访问，以实现本地数据的机密性。进一步，受信任的执行环境被用作受信任的计算环境，该环境提供基本的安全服务，以保护加密的数据免受云服务提供商或本地未授权应用程序的有害访问。最后，实现了原型系统，并对方案中使用的各种操作进行了性能评估。实验结果表明，增强的安全访问模型灵活，高效且安全，可以将数据外包给云。