基于Android平台的软件保护方案的研究与实现

发布时间：2018-05-16 23:42

本文选题：Android + 白盒密钥　；参考：《北京邮电大学》2013年硕士论文

【摘要】：Android操作系统快速发展,已经成为目前智能手机最受欢迎的操作系统之一,但同时其安全问题日益凸显。在智能手机恶意软件OS平台排名中Android迅速超越Symbian,成为攻击者的头号目标。而Android自身安全体系不够强大,第三方防护软件保护能力欠缺,Android在恶意攻击环境下面临着盗版、逆向工程、代码篡改等严峻的安全形势。因此Android的安全方向何去何从非常重要。在此背景之下,本课题旨在通过研究设计实现一个防止逆向工程攻击的软件保护方案,提高Android应用的自卫能力,防止知识产权被侵害、重要信息被泄露等。本文主要进行了如下几方面的工作： [1]对Android的安全现状进行阐述,说明Android安全形势非常严峻,亟需加强其安全保护能力。本文对Android的体系结构和开发编译等进行讲解,并通过分析Android系统的安全模型以及其权限、沙箱、签名等安全机制的不足,深度解剖Android存在的安全隐患及其根源,接着阐述Android平台的应用软件被恶意攻击的严峻形势。 [2]分析传统的软件攻击于段和传统的软件保护方式,结合Android系统的自身特点,提出一套适用于Android平台的软件保护方案。 [3]对本文方案中应用到的关键技术实现进行可行性分析和编程应用,包括通过动态加载译文、混淆技术、反调试技术等在一定程度上制止逆向工程的脚步,特别是针对本方案中核心技术点(白盒密码、加密防篡改完整性校验)进行了非常详细的阐述分析和设计实现。本文也对方案中涉及到的其它算法如AES、MD5和HMAC的应用进行了简单的介绍。 [4]对本技术方案的抗攻击性能、完整性和运行效率等进行数据和实验分析。实验结果表明,该方案在软件测试阶段一定程度上满足反逆向工程攻击的软件保护目的。本论文提出的基于Android平台的软件保护方案成功借鉴传统软件保护方案的实现方式,采用将加密、混淆、防篡改、完整性校验等融合一体,全方位增强软件的抵抗逆向工程的能力。
[Abstract]:The rapid development of the Android operating system has become one of the most popular operating systems for smartphones, but at the same time its security problems are becoming increasingly prominent. In the rankings of the OS platform for smart phone malware, Android has quickly surpassed Symbian, becoming the number one target of the attacker. And the Android self security system is not strong enough, and the third party protection software is not strong The lack of protection ability, Android in the environment of malicious attacks faced with piracy, reverse engineering, code tampering and other severe security situation. So what is the direction of the security of Android is very important.
In this context, the purpose of this project is to implement a software protection scheme to prevent reverse engineering attacks, to improve the self-defense capability of Android applications, to prevent intellectual property rights from being infringed, and to reveal important information.
This article mainly carried out the following aspects of the work:
[1] expounds the security status of Android, indicating that the security situation of Android is very severe and needs to strengthen its security protection ability. This article explains the architecture and development of Android, and analyzes the security model of the Android system and its limits of security mechanism such as its authority, sandbox, and signature, and deeply dissected the existence of Android. Security risks and their root causes, then describes the grim situation of Android platform application software being attacked by malicious.
[2] analyzes the traditional software protection mode of traditional software, and combines the characteristics of Android system, and puts forward a set of software protection scheme for Android platform.
[3] carries out the feasibility analysis and programming application of the key technology implemented in this scheme, including the dynamic load translation, obfuscation technology, anti debugging technology and so on to a certain extent to stop the reverse engineering steps, especially for the core technical points in this scheme (white box cipher, encryption and tamper proof integrity verification). Detailed analysis, design and implementation. This article also gives a brief introduction to other algorithms involved in the scheme, such as AES, MD5 and HMAC.
[4] carries out data and experimental analysis on the anti attack performance, integrity and efficiency of this technical scheme. The experimental results show that the scheme satisfies the software protection aim of anti reverse engineering attack to some extent in the software testing stage.
In this paper, the software protection scheme based on Android platform has been successfully used for the implementation of the traditional software protection scheme. It integrates the integration of encryption, confusion, tamper proof, integrity check and so on, and improves the ability of the software to resist reverse engineering in all directions.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2013
【分类号】：TP311.53;TN929.5

【参考文献】