外文翻译 - 实施和优化android上的加密文件系统

0外文原文ImplementingandOptimizinganEncryptionFilesystemonAndroidZhaohuiWang,RahulMurmuria,AngelosStavrouDepartmentofComputerScienceGeorgeMasonUniversityFairfax,VA22030,USA,,AbstractTherecentsurgeinpopularityofsmarthandhelddevices,includingsmart-phonesandtablets,hasgivenrisetonewchallengesinprotectionofPersonalIdentifiableInformation(PII).Indeed,modernmobiledevicesstorePIIforapplicationsthatspanfromemailtoSMSandfromsocialmediatolocation-basedservicesincreasingtheconcernsoftheendusersprivacy.Therefore,thereisaclearneedandexpectationforPIIdatatobeprotectedinthecaseofloss,theft,orcaptureoftheportabledevice.Inthispaper,wepresentanovelFUSE(FilesysteminUSErspace)encryptionfilesystemtoprotecttheremovableandpersistentstorageonheterogeneoussmartgadgetdevicesrunningtheAndroidplatform.TheproposedfilesystemleveragesNISTcertifiedcryptographicalgorithmstoencryptthedata-at-rest.Wepresentananalysisofthesecurityandperformancetrade-offsinawide-rangeofusageandloadscenarios.Usingexistingknownmicrobenchmarksindevicesusingencryptionwithoutanyoptimization,weshowthatencryptedoperationscanincurnegligibleoverheadforreadoperationsanduptotwenty(20)timesoverheadforwriteoperationsforI/Ointensiveprograms.Inaddition,wequantifiedthe1databasetransactionperformanceandweobserveda50%operationtimeslowdownonaveragewhenusingencryption.Wefurtherexploregenericanddevicespecificoptimizationsandgain10%to60%performancefordifferentoperationsreducingtheinitialcostofencryption.Finally,weshowthatourapproachiseasytoinstallandconfigureacrossallAndroidplatformsincludingmobilephones,tablets,andsmallnotebookswithoutanyuserperceivabledelayformostoftheregularAndroidapplications.Keywords-Smarthandhelddevices,Fulldiskencryption,Encryptedfilesystem,I/Operformance.I.BACKGROUND&THREATMODELA.BackgroundGooglesAndroidisacomprehensivesoftwareframeworkformobiledevices(i.e.,smartphones,PDAs),tabletcomputersandset-top-boxes.TheAndroidoperatingsystemincludesthesystemlibraryfiles,middle-ware,andasetofstandardapplicationsfortelephony,personalinformationmanagement,andInternetbrowsing.Thedeviceresources,likethecamera,GPS,radio,andWi-Fiareallcontrolledthroughtheoperatingsystem.AndroidkernelisbasedonanenhancedLinuxkerneltobetteraddresstheneedsofmobileplatformswithimprovementsonpowermanagement,betterhandlingoflimitedsystemresourcesandaspecialIPCmechanismtoisolatetheprocesses.Someofthesystemlibrariesincludedare:acustomCstandardlibrary(Bionic),cryptographic(OpenSSL)library,andlibrariesformediaand2D/3Dgraphics.ThefunctionalityoftheselibrariesareexposedtoapplicationsbytheAndroidApplicationFramework.ManylibrariesareinheritedfromopensourceprojectssuchasWebKitandSQLite.TheAndroidruntimecomprisesoftheDalvik,aregister-basedJavavirtualmachine.DalvikrunsJavacodecompiledintoadexformat,whichisoptimizedforlowmemoryfootprint.EverythingthatrunswithintheDalvikenvironmentisconsideredasanapplication,whichiswritteninJava.Forimprovedperformance,applicationscanmixnativecodewrittenintheC2languagethroughJavaNativeInterface(JNI).BothDalvikandnativeapplicationsrunwithinthesamesecurityenvironment,containedwithintheApplicationSandbox.However,nativecodedoesnotbenefitfromtheJavaabstractions(typechecking,automatedmemorymanagement,garbagecollection).TableIliststhehardwaremodulesofNexusS,whichisatypicalGooglebrandedAndroiddevice.Androidssecuritymodeldifferssignificantlyfromthetraditionaldesktopsecuritymodel2.Androidapplicationsaretreatedasmutuallydistrustingprincipals;theyareisolatedfromeachotheranddonothaveaccesstoeachothersprivatedata.Eachapplicationrunswithintheirowndistinctsystemidentity(LinuxuserIDandgroupID).Therefore,standardLinuxkernelfacilitiesforusermanagementisleveragedforenforcingsecuritybetweenapplications.SincetheApplicationSandboxisinthekernel,thissecuritymodelextendstonativecode.ForapplicationstousetheprotecteddeviceresourcesliketheGPS,theymustrequestforspecialpermissionsforeachactionintheirManifestfile,whichisanagreementapprovedduringinstallationtime.AndroidhasadoptedSQLite12databasetostorestructureddatainaprivatedatabase.SQLitesupportsstandardrelationaldatabasefeaturesandrequiresonlylittlememoryatruntime.SQLiteisanOpenSourcedatabasesoftwarelibrarythatimplementsaself-contained,server-less,zeroconfiguration,transactionalSQLdatabaseengine.AndroidprovidesfullsupportforSQLitedatabases.Anydatabasesyoucreatewillbeaccessiblebynametoanyjavaclassintheapplication,butnotoutsidetheapplication.TheAndroidSDKincludesasqlite3databasetoolthatallowsyoutobrowsetablecontents,runSQLcommands,andperformotherusefulfunctionsonSQLitedatabases.Applicationswrittenby3rdpartyvendorstendtousethesedatabasefeaturesextensivelyinordertostoredataoninternalmemory.Thedatabasesarestoredassinglefilesinthefilesystemandcarrythepermissionsforonlytheapplicationthatcreatedthefiletobeabletoaccessit.WorkingwithdatabasesinAndroid,however,canbeslowduetothenecessaryI/O.3EncFSisaFUSE-basedfile-systemofferingfile-systemencryptionontraditionaldesktopoperatingsystems.FUSEisthesupportivelibrarytoimplementafullyfunctionalfilesysteminauserspaceprogram5.EncFSusestheFUSElibraryandFUSEkernelmoduletoprovidethefilesysteminterfaceandrunswithoutanyspecialpermissions.EncFSrunsoveranexistingbasefile-system(forexample,ext4,yaffs2,vfat)andofferstheencryptedfile-system.OpenSSLisintegratedinEncFSforofferingcryptographicprimitives.Anydatathatiswrittentotheencryptedfilesystemisencryptedtransparentlyfromtheusersperspectiveandstoredontothebasefile-system.Readingoperationswilldecryptthedatatransparentlyfromthebasefilesystemandthenloaditintomemory.B.ThreatModelHandhelddevicesarebeingmanufacturedallovertheworldandmillionsofdevicesarebeingsoldeverymonthtotheconsumermarketwithincreasingexpectationforgrowthanddevicediversity.Thepriceforeachunitrangesfromfreetoeighthundreddollarswithorwithoutcellularservices.Inaddition,newsmartphonedevicesareconstantlyreleasedtothemarketwhichresultstheprecipitationoftheoldmodelswithinmonthsoftheirlaunch.Withtherichsetofsensorsintegratedwiththesedevices,thedatacollectedandgeneratedareextraordinarilysensitivetousersprivacy.Smartphonesarethereforedata-centricmodel,wherethecheappriceofthehardwareandthesignificanceofthedatastoredonthedevicechallengethetraditionalsecurityprovisions.Duetohighchurnofnewdevicesitiscompellingtocreatenewsecuritysolutionsthatarehardware-agnostic.WhiletheApplicationSandboxprotectsapplicationspecificdatafromotherapplicationsonthephone,sensitivedatamaybeleakedaccidentallyduetoimproperplacement,resaleordisposalofthedeviceanditsstoragemedia(e.g.removablesdcard).ItalsocanbeintentionallyexfiltratedbymaliciousprogramsviaoneofthecommunicationchannelssuchasUSB,WiFi,Bluetooth,NFC,cellularnetworketc.4Figure1.AbstractionofEncryptionFilesystemonAndroidForexample,anattackercancompromiseasmartphoneandgainfullcontrolofitbyconnectinganothercomputingdevicetoitusingtheUSBphysicallink33.Moreover,bysimplycapturingthesmartphonesphysically,adversarieshaveaccesstoconfidentialorevenclassifieddataiftheownersarethegovernmentofficialsormilitarypersonnels.Consideringthecheappriceofthehardware,thedataonthedevicesaremorecriticalandcancausedevastatingconsequencesifnotwellprotected.Toprotectthesecrecyofthedataofitsentirelifetime,wemusthaverobusttechniquestostoreanddeletedatawhilekeepingconfidentiality.Inourthreatmodel,weassumethatanadversaryisalreadyincontrolofthedeviceorthebarestoragemedia.Thememory-borneattacksanddefencesareoutofthescopeofthispaperandaddressedbyrelatedresearchesinSectionII.Arobustdataencryptioninfrastructureprovidedbytheoperatingsystemcanhelppreservetheconfidentialityofalldataonthesmartphone,giventhattheadversarycannotobtainthecryptographickey.Furthermore,bydestroyingthecryptographickeyonthesmartphonewecanmakethedatapracticallyirrecoverable.Havingestablishedathreatmodelandlistedourassumptions,wedetailthestepstobuildencryptionfilesystemonAndroidinthefollowingsections.V.PERFORMANCEA.ExperimentalSetupForourexperiments,weusetheGooglesNexusSsmartphonedevicewithAndroidversion2.3(codenameGingerbread).Thebootloaderofthedeviceis5unlockedandthedeviceisrooted.ThepersistentstorageonNexusSsmartphonesisa507MBMTD(MemoryTechnologyDevice).MTDisneitherablockdevicenotacharacterdevice,andwasdesignedforflashmemorytobehavelikeblockdevices.InadditiontotheMTDdevice,NexusShasadedicatedMMC(MultiMediaCard,whichisalsoaNANDflashstoragetechnique)devicededicatedtosystemanduserdatapartition,whichis512MBand1024MBrespectively.TableIIprovidestheMTDdeviceandMMCdevicepartitionlayout.Inordertoevaluatethissetupforperformance,weinstalledtwodifferenttypesofbenchmarkingtools.WeusedtheSQLitebenchmarkingapplicationcreatedbyRedLicenseLabs-RLBenchmarkSqlite.TobetterunderstandfinegrainedlowlevelfileI/OoperationsunderdifferentI/Opatterns,weuseIOzone7,whichisapopularopensourcefilesystemmicrobenchmarkingtool.Itistobenotedthatthesetoolsarebothaverygoodcasestudyforreal-useaswell.RLBenchmarkSqlitebehavesasanyapplicationthatisdatabase-heavywouldbehave.IOzoneusesthedirectfileI/Ointensivelyjustlikeanyapplicationwould,ifitwasreadingorwritingfilestothepersistantstorage.AllotherapplicationswhichruninmemoryandusetheCPU,graphics,GPSorotherdevicedriversareirrelevantforourstoragemediatestsandthepresenceofencryptedfilesystemwillnotaffecttheirperformance.IOzoneisafilesystembenchmarktool7.Thebenchmarkgeneratesandmeasuresavarietyoffileoperationsandhasbeenwidelyusedinresearchworkforbenchmarkingvariousfilesystemsondifferentplatforms.ThebenchmarktestsfileI/Operformanceforthegenericfileoperations,suchasRead,write,re-read,re-write,readbackwards,readstrided,fread,fwrite,randomread,pread,mmap,aioread,aiowrite.IOzonehasbeenportedtomanyplatformsandrunsundervariousoperatingsystems.Hereinourpaper,weuseARM-Linuxversion(Androidcompatible)oflatestIOzoneavailableandfocusontheencryptionoverhead.ThecacheeffectiseliminatedbycoldrebootingthedeviceforeachrunofIOzoneandRLBenchmarkSqlite.The6deviceisfullychargedandconnectedtoexternalUSBpowerwhileinexperiments.Wecollectthedataandplottheaverageresultsofthe5runsinthefiguresinallthefollowingexperiments.A.ThroughputPerformanceofEncFSInthissection,wepresenttheIOzoneperformanceresultsforrandomreadandwriteoperationsonuserdatapartition.Thebenchmarkisrunfordifferentfilesizesandforeachfilesize,withdifferentrecordlengths.ThemaximumfilesizeTableIIISQLITEPERFORMANCEONGOOGLENEXUSSisselectedas4MBduetotheobservationthat95%oftheuserdatafilesaresmallerthan4MBonatypicalAndroidsystem.Fig3comparesthethroughputforfourtypicalfileI/Ooperations,namelyread,randomread,writeandrandomwrite.TheIOzoneexperimentsarerunontheoriginalext4filesystemandEncFSwithdifferentAESkeylengths.Fig3showsforreadoperation,EncFSperformsthesamewithoriginalext4.However,forrandomread,write,randomwrite,EncFSonlygives3%,5%,4%oftheoriginalthroughputrespectively.Ouranalysisshowstheencryption/decryptioncontributestheoverhead7andistheexpectedtrade-offbetweensecurityandperformance.ThebufferedreadinEncFSmakesthereadoperationonlyincurmarginaloverhead.However,forrandomread,theneedforthedatablocksalignmentduringdecryptionresultsinslowerthroughput.Fordifferentkeylength,the256-bitskeyonlyincursadditional10%overheadcomparingto128-bitskeyforbettersecurity.Inparticular,AES-256runs12866KB/s,8915KB/s,9804KB/satpeakforrandomread,writeandrandomwriterespectivelywhileAES-128runs14378KB/s,9808KB/s,10922KB/s.Theperformancelossofalongerkeylengthtradingbettersecuritypropertiesisonlymarginaltotheperformancelossoftheencryptionscheme.Optimizationscancompensatesuchkey-lengthoverheadasillustratedinSectionV-D.Basedonthisobservation,AES-256isrecommendedandusedasdefaultinthefollowingsubsectionunlessotherwisementionedexplicitly.Similarly,sdcardpartitiongivestheidenticalpatternwithslightlydifferentvalue.DuetothefactthatthesdcardpartitionsharesthesameunderlyingphysicalMMCdevicewithuserdatapartitionaslistedinTableII,ourexperimentresultsdemonstratestheoriginalvfatfilesystemperforms16%fasterthanext4filesystemforreadandrandomreadoperationwhileext4outperformsvfat80%and5%forwriteandrandomwriteoperationsrespectively.However,comparingdifferentfilesystemsisoutofourfocusinthispaper.WeobserveddifferentthroughputvaluesandoverheadpatternsonotherdevicessuchasNexusOne,HTCDesireandDellStreakwhichusearemovablesdcardasseparatephysicalmediumtointernalNANDdevice.BothAES-128andAES-256throughputonsdcardarestatisticallyidenticaltotheonesonuserdatapartitiongivena95%confidenceinterval.SuchresultsshowthattheschemeofencryptioninEncFS(ernaldatablocksize,keylength)anditsFUSEIOprimitivesarethebottleneckoftheperformanceregardlessoftheunderlyingfilesystems.WesuggestcorrespondingoptimizationsinSectionV-D.InadditiontothebasicI/Ooperations,welookatthereadoperationindetailunderdifferentfileI/Orecordsizebeforeandafterencryption.Inparticular,weplot8the3Dsurfaceviewandcontourview.Inthe3Dsurfacegraph,thex-axisistherecordsize,they-axisisthethroughputinKilobytespersecond,andthez-axisisthefilesizes.Thecontourviewpresentsthedistributionofthethroughputacrossdifferentrecordsizesandfilesizes.Inasense,thisisatop-viewofthe3Dsurfacegraph.Figure4and5showthethroughputwhenIOzonereadpartialofthefilefromthebeginning.Figure4showsthedefaultext4filesysteminAndroid2.3favorsbiggerrecordsizeandfilesizeforbetterthroughput.Theperformancepeakcentersinthetop-rightcornerinthecontourviewofthe3-Dgraph.However,afterplacingEncFS,theperformancespikeshiftstothediagonalwheretherecordsizeequalstofilesize.Thisisaninterestingyetexpectedresultbecauseoftheinternalalignmentofthefileblocksindecryption.TobetterunderstandtheperformanceofourencryptionfilesystemunderAndroidsSQLiteIOaccesspattern,wepresentthedatabasetransactionsbenchmarkinthenextsubsection,whichismorerelatedtotheusersexperiences.C.SQLitePerformanceBenchmarkingInadditiontotheIOzonemicrobenchmarkresultsinlastsubsection,wemeasurethetimeforvarioustypicaldatabasetransactionsusingtheRLBenchmarkSQLitePerformanceApplicationintheAndroidmarket11.TableIIIgroupsthereadandwritefilesystemoperationsandliststheresultsindetail.WeconsiderthatrandomreadandwriteisafairrepresentationofdatabaseI/Ooperationsinourscenario.ThisisduetothefactthatforSQLite,thedatabasefileconsistsofoneormorepages.Allreadsfromandwritestothedatabasefilebeginatapageboundaryandallreads/writesareanintegernumberofpagesinsize.Sincetheexactpageismanagedbythedatabaseengine,file-systemonlyobserverandomI/Ooperations.Afterincorporatingtheencryptionfilesystem,thedatabase-transactions-intensiveappsslowsdownfrom81.68secondsto128.66secondsforthelistofoperationsasdescribedintheTableIII.Thereadoperationsreflectedbyselect9databasetransactionsshowstheconsistentresultswithIOzoneresult:theEncFSbuffershelptheperformance.However,anywriteoperationsresultingfrominsert,update,ordropdatabasetransactionswillincur3%to401%overhead.Theoveralloverheadis58%.Thisisthetrade-offbetweensecurityandperformance.10中文翻译实施和优化android上的加密文件系统王朝晖，拉胡尔Murmuria，安吉罗斯Stavrou计算机科学系乔治梅森大学费尔法克斯，VA22030，USA，，摘要：最近激增的智能手持设备，包括智能手机和平板电脑的普及，已经引起了在保护个人身份信息（PII），新的挑战。事实上，现代移动设备存储的PII用于跨越从电子邮件到手机短信和社交媒体来提供基于位置的服务，提高最终用户的隐私关注的应用程序。因此，有明确的需求和期望为丢失，被盗，或便携式设备捕获的情况下被保护PII数据。在本文中，我们提出了一种新的保险丝（文件系统在用户空间）的加密文件系统，以保护上运行的Android平台的异构聪明的小工具设备的可移动和持久存储。建议的文件系统利用NIST认证的加密算法对数据的静止加密。我们目前的安全性和性能权衡分析在大范围的使用和负载方案。通过使用加密不使用任何优化现有的设备称为微基准测试，我们发现加密的操作可以产生的开销可以忽略不计的读操作和高达20（20）倍的开销用于写操作的I/Ointensive方案。此外，我们量化了数据库事务性能，我们使用加密时，观察到平均50的操作时间放缓。我们进一步研究的通用和具体设备进行优化，并获得10至60的性能对不同的操作减少了加密的初始成本。最后，我们证明了我们的方法是易于安装和配置在所有的Android平台，包括移动电话，平板电脑，并且没有任何用户感知的延迟对于大多数普通的Android应用程序的小型笔记本电脑。关键词：智能手持设备，全磁盘加密，加密文件系统，I/O性能。引言技术发展趋势在硬件和软件推动了五金行业走向，可以支持更广泛范围的功能和开源操作系统的更小，更快，更强大的移动手持设备。移动手持设备俗称聪明的小工具（如智能手机，平板电脑，电子书阅读器）。聪明的小工具，生命周期已在最近几年大幅进化。尼尔森市场数据趋势9表明，移动设备有两代人之间大约6个月的寿命。多种因素影响，该行业的增长在这个快节奏。其中最重要的原因是操作系统的是与硬件无关设计的移动手持设备的可用性。这些新一代的智能小工具，设备，如iPhone和谷歌Android设备都强大到11足以完成大部分以前需要一台个人电脑的任务。事实上，这种新获得的计算能力给予了引起的试图利用新硬件的应用程序过多。这些包括但不限于互联网浏览，电子邮件，消息，社交网络，以及GPS导航。但是，聪明的小工具有很长的路要走在安全方面。组织已经认识到，这些市售聪明的小工具很快就会有作为其业务的一个组成部分。这需要安全，允许数据在静止的安全性和对支持安全通信的移动的水平。一个主要障碍是，有一个严重缺乏国家标准局（NIST）对这些市售的智能小工具批准的加密算法。更常见的是，可以通过在地方强大的政府验证过程中的对抗环境中使用任何计算设备的任何加密技术的存在。此外，期望为每个单独的应用程序，以支持加密跑进了密钥管理的问题：系统中的其他应用程序可能会获得访问密钥和渲染加密没用。因此，有必要建立一个实用的方法来构建在操作系统级别上操作共同的安全库，并提供强大的加密功能。这个系统必须是无处不在，融入聪明的小工具以最少的维护和安装成本的生态系统。然而，加密是有显著的性能开销。对聪明的小工具，其中的资源，如电池，是非常有限的，它不断地这种解决方案的低空间占用是非常重要的。在本文中，我们重点分析使用加密的智能小工具，设备的持久存储保护性能。我们用它采用认证的加密算法来存储每个文件的加密版本在源目录中的文件系统的加密。音量键时使用由用户提供的密码解密。这是从全磁盘加密软件不同，因为被保护的数据是在文件系统中的指定安装点安装在内存中。此外，功能和限制取决于底层分区的文件系统类型。一个文件系统加密了一个基于内核的全磁盘加密的详细比较超出了本文的范围。然而，我们列出了一些适用于我们的优势。我们能够利用NIST验证的加密库6这在内核空间不落实。我们的实现可以扩展到不同的硬件具有可忽略的努力。我们专注于数据的加密，而无需处理文件系统设计的其他方面。底层文件系统，如ext3和yaffs2的已经有处理数据的腐败和轴颈的大力支持。由于文件I/O上的挂接点的操作，最终击中了文件的加密副本底层的文件系统上，各种性能优化可以通过调整文件系统参数，如块大小，缓冲区大小是可能的。此外，我们分析在Android上各种SQLite数据库事务的性能。本文的主要贡献总结如下：我们是第一个研究中给出现代的NAND技术作为存储介质的商品聪明的小工具设备的文件系统的加密性能。为此，我们移植一个开源的加密文件系统，EncFS，对大宗商品的Android系统我们提出的各种I/O操作在Android系统上运行的EncFS的基准测试结果。特别是，我们重点分析了安全与性能的权衡，包括SQLite数据库事务最后，我们讨论的文件系统加密的局限性，并证明它是可行与合理的性能开销聪明的小工具设备。本文的其余部分安排如下：第二部分介绍了关于移动操作系统和文件系统基准相关的研究。第三部分介绍了背景信息和我们的威胁模型。设计和实施EncFS的Android平台在第四节适合。在第五节中，我们将讨论在不同的文件系统操作，并提供优化的解决方案和第七部分总结全文的性能结果。12一背景与威胁模型A.背景谷歌的Android是为移动设备（如智能手机，PDA），平板电脑和机顶盒盒一个全面的软件框架。Android操作系统包括系统库文件，中间件，和一套电话标准的应用程序，个人信息管理，和互联网浏览。该设备的资源，如摄像头，GPS，收音机和无线网络连接都是通过操作系统控制。机器人内核基于增强的Linux内核，以更好地解决与改进的电源管理的移动平台的需求，更好的处理的有限的系统资源和一个特殊的IPC机制以分离的过程。包括一些系统库是：一个自定义的C标准库（仿生），加密（OpenSSL的）库，并为传媒和2D/3D图形库。这些库的功能是由Android应用框架暴露给应用程序。许多图书馆是从开源项目，如WebKit和SQLite的继承。而Android运行时包括Dalvik的，一个基于寄存器的Java虚拟机。的Dalvik运行编译成索引格式，这是为低内存占用优化的Java代码。在Dalvik的环境中运行，一切都被认为是一个应用程序，它是用Java编写的。为了提高性能，应用程序可以混合用C语言通过Java本地接口（JNI）的本机代码。双方的Dalvik和本地应用相同的安全环境中运行，包含在“应用程序沙箱”内。然而，本地代码不利于从Java抽象（类型检查，自动内存管理，垃圾收集）。表I列出的NexusS，这是一个典型的谷歌自有品牌的Android设备的硬件模块。Android的安全模式从传统的桌面安全模型显著差异2。Android应用程序都被视为互相不信任的校长;它们是相互隔离的，并没有进入到每个人的私人数据。每个应用程序都在自己独特的系统标识（Linux的用户ID和组ID）运行。因此，标准的Linux内核设施进行用户管理是杠杆强制执行的应用程序之间的安全性。由于应用程序沙箱是在内核中，这种安全模型扩展到本地代码。对于应用程序使用，如全球定位系统被保护设备的资源，它们必须要求对每个动作的特殊权限在他们的清单文件，它是在安装时批准的协议。Android已经采用SQLite的12数据库中存储结构化数据存储在专用数据库。SQLite支持标准的关系数据库功能，只需要较少的内存在运行时。SQLite是一个实现一个自包含，服务器少，zeroconfiguration，事务的SQL数据库引擎的开源数据库软件库。Android提供了对SQLite数据库的全面支持