B. Sarma, Ninghui Li, Christopher S. Gates, Rahul Potharaju, C. Nita-Rotaru, Ian Molloy
The phenomenal growth of the Android platform in the past few years has made it a lucrative target of malicious application (app) developers. There are numerous instances of malware apps that send premium rate SMS messages, track users' private data, or apps that, even if not characterized as malware, conduct questionable actions affecting the user's privacy or costing them money. In this paper, we investigate the feasibility of using both the permissions an app requests, the category of the app, and what permissions are requested by other apps in the same category to better inform users whether the risks of installing an app is commensurate with its expected benefit. Existing approaches consider only the risks of the permissions requested by an app and ignore both the benefits and what permissions are requested by other apps, thus having a limited effect. We propose several risk signals that and evaluate them using two datasets, one consists of 158,062 Android apps from the Android Market, and another consists of 121 malicious apps. We demonstrate the effectiveness of our proposal through extensive data analysis.
{"title":"Android permissions: a perspective combining risks and benefits","authors":"B. Sarma, Ninghui Li, Christopher S. Gates, Rahul Potharaju, C. Nita-Rotaru, Ian Molloy","doi":"10.1145/2295136.2295141","DOIUrl":"https://doi.org/10.1145/2295136.2295141","url":null,"abstract":"The phenomenal growth of the Android platform in the past few years has made it a lucrative target of malicious application (app) developers. There are numerous instances of malware apps that send premium rate SMS messages, track users' private data, or apps that, even if not characterized as malware, conduct questionable actions affecting the user's privacy or costing them money. In this paper, we investigate the feasibility of using both the permissions an app requests, the category of the app, and what permissions are requested by other apps in the same category to better inform users whether the risks of installing an app is commensurate with its expected benefit. Existing approaches consider only the risks of the permissions requested by an app and ignore both the benefits and what permissions are requested by other apps, thus having a limited effect. We propose several risk signals that and evaluate them using two datasets, one consists of 158,062 Android apps from the Android Market, and another consists of 121 malicious apps. We demonstrate the effectiveness of our proposal through extensive data analysis.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"57 1","pages":"13-22"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81344362","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Balancing protection and empowerment is a central problem when specifying authorizations. The principle of least privilege, the classical approach to balancing these two conflicting objectives, says that users shall only be authorized to execute the tasks necessary to complete their job. However, when there are multiple authorization policies satisfying least privilege, which one should be chosen?� In this paper, we model the tasks that users must execute as workflows, and the risk and cost associated with authorization policies and their administration. We then formulate the balancing of empowerment and protection as an optimization problem: finding a cost-minimizing authorization policy that allows a successful workflow execution. We show that finding an optimal solution for a role-based cost function is NP-complete. We support our results with a series of examples, which we also use to measure the performance of our prototype implementation.
{"title":"Optimal workflow-aware authorizations","authors":"D. Basin, Samuel J. Burri, G. Karjoth","doi":"10.1145/2295136.2295154","DOIUrl":"https://doi.org/10.1145/2295136.2295154","url":null,"abstract":"Balancing protection and empowerment is a central problem when specifying authorizations. The principle of least privilege, the classical approach to balancing these two conflicting objectives, says that users shall only be authorized to execute the tasks necessary to complete their job. However, when there are multiple authorization policies satisfying least privilege, which one should be chosen?\u0000 In this paper, we model the tasks that users must execute as workflows, and the risk and cost associated with authorization policies and their administration. We then formulate the balancing of empowerment and protection as an optimization problem: finding a cost-minimizing authorization policy that allows a successful workflow execution. We show that finding an optimal solution for a role-based cost function is NP-complete. We support our results with a series of examples, which we also use to measure the performance of our prototype implementation.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"9 1","pages":"93-102"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85063369","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The immensity and variety of personal information (e.g., profile, photo, and microblog) on social sites require access control policies tailored to individuals' privacy needs. Today such policies are still mainly specified manually by ordinary users, which is usually coarse-grained, tedious, and error-prone. This paper presents the design, implementation, and evaluation of an automated access control policy specification tool, XACCESS, that helps non-expert users effectively specify who should have access to which part of their data. A series of key features distinguish XACCESS from prior work: 1) it adopts a role-based access control model (instead of the conventional rule-based paradigm) to capture the implicit privacy/interest preference of social site users; 2) it employs a novel hybrid mining method to extract a set of semantically interpretable, functional "social roles", from both static network structures and dynamic historical activities; 3) based on the identified social roles, confidentiality setting of personal data, and (optional and possibly inconsistent) predefined user-permission assignments, it recommends a set of high-quality privacy settings; 4) it allows user feedback in every phase of the process to further improve the quality of the suggested privacy policies. A comprehensive experimental evaluation is conducted over real social network and user study data to validate the efficacy of XACCESS.
{"title":"Fine-grained access control of personal data","authors":"Ting Wang, M. Srivatsa, Ling Liu","doi":"10.1145/2295136.2295165","DOIUrl":"https://doi.org/10.1145/2295136.2295165","url":null,"abstract":"The immensity and variety of personal information (e.g., profile, photo, and microblog) on social sites require access control policies tailored to individuals' privacy needs. Today such policies are still mainly specified manually by ordinary users, which is usually coarse-grained, tedious, and error-prone. This paper presents the design, implementation, and evaluation of an automated access control policy specification tool, XACCESS, that helps non-expert users effectively specify who should have access to which part of their data. A series of key features distinguish XACCESS from prior work: 1) it adopts a role-based access control model (instead of the conventional rule-based paradigm) to capture the implicit privacy/interest preference of social site users; 2) it employs a novel hybrid mining method to extract a set of semantically interpretable, functional \"social roles\", from both static network structures and dynamic historical activities; 3) based on the identified social roles, confidentiality setting of personal data, and (optional and possibly inconsistent) predefined user-permission assignments, it recommends a set of high-quality privacy settings; 4) it allows user feedback in every phase of the process to further improve the quality of the suggested privacy policies. A comprehensive experimental evaluation is conducted over real social network and user study data to validate the efficacy of XACCESS.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"19 1","pages":"145-156"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78782507","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Omar Chowdhury, M. Pontual, W. Winsborough, Ting Yu, Keith Irwin, Jianwei Niu
User obligations are actions that the human users are required to perform in some future time. These are common in many practical access control and privacy and can depend on and affect the authorization state. Consequently, a user can incur an obligation that she is not authorized to perform which may hamper the usability of a system. To mitigate this problem, previous work introduced a property of the authorization state, accountability, which requires that all the obligatory actions to be authorized when they are attempted. Although, existing work provides a specific and tractable decision procedure for a variation of the accountability property, it makes a simplified assumption that no cascading obligations may happen, i.e., obligatory actions cannot further incur obligations. This is a strong assumption which reduces the expressive power of past models, and thus cannot support many obligation scenarios in practical security and privacy policies. In this work, we precisely specify the strong accountability property in the presence of cascading obligations and prove that deciding it is NP-hard. We provide for several special yet practical cases of cascading obligations (i.e., repetitive, finite cascading, etc.) a tractable decision procedure for accountability. Our experimental results illustrate that supporting such special cases is feasible in practice.
{"title":"Ensuring authorization privileges for cascading user obligations","authors":"Omar Chowdhury, M. Pontual, W. Winsborough, Ting Yu, Keith Irwin, Jianwei Niu","doi":"10.1145/2295136.2295144","DOIUrl":"https://doi.org/10.1145/2295136.2295144","url":null,"abstract":"User obligations are actions that the human users are required to perform in some future time. These are common in many practical access control and privacy and can depend on and affect the authorization state. Consequently, a user can incur an obligation that she is not authorized to perform which may hamper the usability of a system. To mitigate this problem, previous work introduced a property of the authorization state, accountability, which requires that all the obligatory actions to be authorized when they are attempted. Although, existing work provides a specific and tractable decision procedure for a variation of the accountability property, it makes a simplified assumption that no cascading obligations may happen, i.e., obligatory actions cannot further incur obligations. This is a strong assumption which reduces the expressive power of past models, and thus cannot support many obligation scenarios in practical security and privacy policies. In this work, we precisely specify the strong accountability property in the presence of cascading obligations and prove that deciding it is NP-hard. We provide for several special yet practical cases of cascading obligations (i.e., repetitive, finite cascading, etc.) a tractable decision procedure for accountability. Our experimental results illustrate that supporting such special cases is feasible in practice.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"38 1","pages":"33-44"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81277451","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper describes our system, built as part of a commercially available product, for inferring the risk in an RBAC policy model, i.e., the assignment of permissions to roles and roles to users. Our system implements a general model of risk based on any arbitrary set of properties of permissions and users. Our experience shows that fuzzy inferencing systems are best suited to capture how humans assign risk to such assignments. To implement fuzzy inferencing practically we need the axiom of monotonicity, i.e., risk can not decrease when more permissions are assigned to a role or when the role is assigned to fewer users. We describe the visualization component which administrators can use to infer aggregate risk in role assignments as well as drill down into which assignments are actually risky. Administrators can then use this knowledge to refactor roles and assignments.
{"title":"Practical risk aggregation in RBAC models","authors":"Suresh Chari, Jorge Lobo, Ian Molloy","doi":"10.1145/2295136.2295158","DOIUrl":"https://doi.org/10.1145/2295136.2295158","url":null,"abstract":"This paper describes our system, built as part of a commercially available product, for inferring the risk in an RBAC policy model, i.e., the assignment of permissions to roles and roles to users. Our system implements a general model of risk based on any arbitrary set of properties of permissions and users. Our experience shows that fuzzy inferencing systems are best suited to capture how humans assign risk to such assignments. To implement fuzzy inferencing practically we need the axiom of monotonicity, i.e., risk can not decrease when more permissions are assigned to a role or when the role is assigned to fewer users. We describe the visualization component which administrators can use to infer aggregate risk in role assignments as well as drill down into which assignments are actually risky. Administrators can then use this knowledge to refactor roles and assignments.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"1 1","pages":"117-118"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77929937","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this demonstration we present a novel encryption scheme for enforcing access control in a Discovery Service. A Discovery Service is a piece of software that allows one to "discover" item-level data which is stored in data repositories of different companies. Such data can be gathered with the help of Radio Frequency Identification or 2D bar codes. Our software allows the data owner to enforce access control on an item-level by managing the corresponding keys. Data remains confidential even against the provider of the Discovery Service. We present three ways of querying data and evaluate them with databases containing up to 50 million tuples.
{"title":"Encryption-enforced access control for an RFID discovery service","authors":"F. Kerschbaum, Leonardo Weiss Ferreira Chaves","doi":"10.1145/2295136.2295161","DOIUrl":"https://doi.org/10.1145/2295136.2295161","url":null,"abstract":"In this demonstration we present a novel encryption scheme for enforcing access control in a Discovery Service. A Discovery Service is a piece of software that allows one to \"discover\" item-level data which is stored in data repositories of different companies. Such data can be gathered with the help of Radio Frequency Identification or 2D bar codes. Our software allows the data owner to enforce access control on an item-level by managing the corresponding keys. Data remains confidential even against the provider of the Discovery Service. We present three ways of querying data and evaluate them with databases containing up to 50 million tuples.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"122 1","pages":"127-130"},"PeriodicalIF":0.0,"publicationDate":"2012-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87654675","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Defining constraints at the business process level is an often demanded feature. Our approach guides a business user in the analysis of threats to resources used in a business process, and provides the means to specify appropriate controls on the identified threats. These controls are of a highly visual nature and address both safety as well as security concerns.
{"title":"Visualizing security in business processes","authors":"Ganna Monakova, A. Schaad","doi":"10.1145/1998441.1998465","DOIUrl":"https://doi.org/10.1145/1998441.1998465","url":null,"abstract":"Defining constraints at the business process level is an often demanded feature. Our approach guides a business user in the analysis of threats to resources used in a business process, and provides the means to specify appropriate controls on the identified threats. These controls are of a highly visual nature and address both safety as well as security concerns.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"8 1","pages":"147-148"},"PeriodicalIF":0.0,"publicationDate":"2011-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87568816","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Sitaram Chamarty, Hiren D. Patel, Mahesh V. Tripunitara
We present gitolite, an authorization scheme for Version Control Systems (VCSes). We have implemented it for the Git VCS. A VCS enables versioning, distributed collaboration and several other features, and is an important context for authorization and access control. Our main consideration behind the design of gitolite is the balance between expressive power, correctness and usability in realistic settings. We discuss our design of gitolite, and in particular the four user-classes in its delegation model, and the administrative actions a user at each class performs. We discuss also our ongoing work on expressing gitolite precisely in first-order logic, to thereby give it a precise semantics and establish correctness properties. gitolite has been adopted in open-source software development, university and industry settings. We discuss our experience with these deployments, and present some performance results related to access enforcement from a real deployment.
{"title":"An authorization scheme for version control systems","authors":"Sitaram Chamarty, Hiren D. Patel, Mahesh V. Tripunitara","doi":"10.1145/1998441.1998460","DOIUrl":"https://doi.org/10.1145/1998441.1998460","url":null,"abstract":"We present gitolite, an authorization scheme for Version Control Systems (VCSes). We have implemented it for the Git VCS. A VCS enables versioning, distributed collaboration and several other features, and is an important context for authorization and access control. Our main consideration behind the design of gitolite is the balance between expressive power, correctness and usability in realistic settings. We discuss our design of gitolite, and in particular the four user-classes in its delegation model, and the administrative actions a user at each class performs. We discuss also our ongoing work on expressing gitolite precisely in first-order logic, to thereby give it a precise semantics and establish correctness properties. gitolite has been adopted in open-source software development, university and industry settings. We discuss our experience with these deployments, and present some performance results related to access enforcement from a real deployment.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"37 1","pages":"123-132"},"PeriodicalIF":0.0,"publicationDate":"2011-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90855245","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
PANEL SUMMARY Managing access-control policies has traditionally been the domain of information security experts or system administrators, but is increasingly performed by individual consumers who may have no technical expertise. A variety of new applications create the need for consumers to use access control, including online social networks, online healthcare records databases, location-based mobile applications, mobile application stores, and cloud-based file shares. With these applications, data that is both personal and highly sensitive is being moved online, where it can be conveniently accessed by others. There are great benefits to be gained by making this sensitive data available to some--for example, by making an individual’s medical history available to healthcare providers---and great risks to making the data available to others---for example, making location data available to stalkers. Access-control technologies thus become the gateway to enabling applications to provide value through sharing data while keeping that data safe from those who should not be allowed to have it.
{"title":"Usable access control for all","authors":"R. Reeder","doi":"10.1145/1998441.1998469","DOIUrl":"https://doi.org/10.1145/1998441.1998469","url":null,"abstract":"PANEL SUMMARY Managing access-control policies has traditionally been the domain of information security experts or system administrators, but is increasingly performed by individual consumers who may have no technical expertise. A variety of new applications create the need for consumers to use access control, including online social networks, online healthcare records databases, location-based mobile applications, mobile application stores, and cloud-based file shares. With these applications, data that is both personal and highly sensitive is being moved online, where it can be conveniently accessed by others. There are great benefits to be gained by making this sensitive data available to some--for example, by making an individual’s medical history available to healthcare providers---and great risks to making the data available to others---for example, making location data available to stalkers. Access-control technologies thus become the gateway to enabling applications to provide value through sharing data while keeping that data safe from those who should not be allowed to have it.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"5 1","pages":"153-154"},"PeriodicalIF":0.0,"publicationDate":"2011-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77250629","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Information leakage via the networks formed by subjects (e.g., Facebook, Twitter) and objects (e.g., blogosphere) - some of whom may be controlled by malicious insiders - often leads to unpredicted access control risks. While it may be impossible to precisely quantify information flows between two entities (e.g., two friends in a social network), this paper presents a first attempt towards leveraging recent advances in modeling socio-information networks to develop a statistical risk estimation paradigm for quantifying such insider threats. In the context of socio-information networks, our models estimate the following likelihoods: prior flow - has a subject $s$ acquired covert access to object o via the networks? posterior flow - if s is granted access to o, what is its impact on information flows between subject s' and object o'? network evolution - how will a newly created social relationship between s and s' influence current risk estimates? Our goal is not to prescribe a one-size-fits-all solution; instead we develop a set of composable network-centric risk estimation operators, with implementations configurable to concrete socio-information networks. The efficacy of our solutions is empirically evaluated using real-life datasets collected from the IBM SmallBlue project and Twitter.
{"title":"Modeling data flow in socio-information networks: a risk estimation approach","authors":"Ting Wang, M. Srivatsa, D. Agrawal, Ling Liu","doi":"10.1145/1998441.1998458","DOIUrl":"https://doi.org/10.1145/1998441.1998458","url":null,"abstract":"Information leakage via the networks formed by subjects (e.g., Facebook, Twitter) and objects (e.g., blogosphere) - some of whom may be controlled by malicious insiders - often leads to unpredicted access control risks. While it may be impossible to precisely quantify information flows between two entities (e.g., two friends in a social network), this paper presents a first attempt towards leveraging recent advances in modeling socio-information networks to develop a statistical risk estimation paradigm for quantifying such insider threats. In the context of socio-information networks, our models estimate the following likelihoods: prior flow - has a subject $s$ acquired covert access to object o via the networks? posterior flow - if s is granted access to o, what is its impact on information flows between subject s' and object o'? network evolution - how will a newly created social relationship between s and s' influence current risk estimates? Our goal is not to prescribe a one-size-fits-all solution; instead we develop a set of composable network-centric risk estimation operators, with implementations configurable to concrete socio-information networks. The efficacy of our solutions is empirically evaluated using real-life datasets collected from the IBM SmallBlue project and Twitter.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"54 1","pages":"113-122"},"PeriodicalIF":0.0,"publicationDate":"2011-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77765749","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: