基于Android平台的应用程序安全保护研究与应用
发布时间:2019-01-04 14:27
【摘要】:随着Android操作系统的广泛使用和移动互联网时代的到来,Android系统的安全问题也不断出现,给用户和开发者造成了许多困扰。Android应用程序面临着知识产权被侵犯、被二次打包、应用程序遭逆向等安全问题。如何加强Android平台上的应用程序的安全性就成了一个非常重要的问题。基于上述背景,本文将研究Android平台的应用程序的安全保护方案和技术,并依此为最终目的。本文主要通过研究Android操作系统的安全弱点、Android应用程序的安全弱点、Android应用程序的逆向工程技术等,提出一个完整的安全保护方案。本文提出基于Android平台的应用程序安全保护方案,该方案从逆向工程入手,借鉴传统PC端的安全保护技术,结合Android平台本身的特点,将混淆、防反编译、动态加载、完整性校验、加密等方面融合为一体,采用多层安全保护措施,全面提高了应用程序的安全性能。本文的主要工作有:1.对Android系统的安全性以及其平台的应用程序的安全性做出阐述。研究Android系统的体系结构和应用开发的技术要点,包括Dalvik虚拟机和DVM指令、Dex文件和Dalvik字节码、JNI技术等,重点分析Android应用程序开发的技术要点,详细阐述Android系统及其上的应用程序的安全基础。2.研究现有的逆向技术,包括其原理、使用到的工具以及技术细节,提出对这些工具和技术的“反制”措施,防范对Android应用程序逆向工程的技术。研究Android的安全模型及其存在的安全隐患,重点关注Android安全机制的缺点,提出安全保护技术。3.分析加密、解密、数据完整性算法,找到适合有限资源条件下的加密、解密措施。分析包括AES、MD5、NTRU、SSL/TLS安全协议等已有的加解密算法,将加解密技术适用到Android应用程序安全保护和开发中,保证应用程序的数据、网络通信、应用程序的安全性。4.结合加密、解密算法,在此技术基础之上提出针对Android平台上的应用程序的加壳、加固技术。旨在提高应用程序的反汇编能力,使利用现有的反编译、反汇编工具或方法失效,或只能较低程度的反编译、反汇编,从最根本上保护应用程序、用户数据、网络通信的安全性。5.Android平台上的应用程序的安全保护方案进行实现。对实现方案进行详细分析,主要是在应用程序的抗逆向能力、数据安全以及应用程序的运行效率做详细的分析。
[Abstract]:With the widespread use of the Android operating system and the arrival of the era of mobile Internet, the security problems of the Android system appear constantly, causing many troubles to the users and developers. Android applications are faced with intellectual property infringement and repackaged. The application suffers from security problems such as reverse. How to enhance the security of applications on Android platform has become a very important issue. Based on the above background, this paper will study the application security scheme and technology of Android platform, which is the ultimate purpose. This paper presents a complete security protection scheme by studying the security weakness of Android operating system, the security weakness of Android application, reverse engineering technology of Android application and so on. In this paper, the application program security protection scheme based on Android platform is put forward. This scheme starts with reverse engineering, draws lessons from the security protection technology of traditional PC terminal, and combines the characteristics of Android platform itself. It will be confused, decompiled, dynamically loaded, integrity checked. Encryption and other aspects are integrated and multi-layer security measures are adopted to improve the security performance of the application. The main work of this paper is as follows: 1. The security of Android system and the application program of its platform are expounded. This paper studies the architecture of Android system and the key technology of application development, including Dalvik virtual machine and DVM instruction, Dex file and Dalvik bytecode, JNI technology, etc. Android system and its application on the basis of security. 2. This paper studies the existing reverse technology, including its principle, the tools used and the technical details, and puts forward the "counter-measures" to these tools and technologies to guard against the reverse engineering technology of Android applications. This paper studies the security model of Android and its hidden dangers, focuses on the shortcomings of Android security mechanism, and puts forward the security protection technology. 3. Analysis encryption, decryption, data integrity algorithm, find suitable for limited resources under the condition of encryption, decryption measures. The existing encryption and decryption algorithms, including AES,MD5,NTRU,SSL/TLS security protocol, are analyzed. The encryption and decryption technology is applied to the security protection and development of Android application program, which ensures the application data, network communication and application program security. 4. Based on the encryption and decryption algorithm, the paper puts forward the technology of shell and reinforcement for the application program on Android platform. The aim is to improve the disassembly capability of applications, to invalidate existing decompilation, disassembly tools or methods, or to decompile, disassemble, and fundamentally protect application, user data, The security of network communication. The security protection scheme of application program on 5.Android platform is implemented. The implementation scheme is analyzed in detail, mainly in the application's anti-reverse ability, data security and application's running efficiency.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2015
【分类号】:TP316;TP309
本文编号:2400406
[Abstract]:With the widespread use of the Android operating system and the arrival of the era of mobile Internet, the security problems of the Android system appear constantly, causing many troubles to the users and developers. Android applications are faced with intellectual property infringement and repackaged. The application suffers from security problems such as reverse. How to enhance the security of applications on Android platform has become a very important issue. Based on the above background, this paper will study the application security scheme and technology of Android platform, which is the ultimate purpose. This paper presents a complete security protection scheme by studying the security weakness of Android operating system, the security weakness of Android application, reverse engineering technology of Android application and so on. In this paper, the application program security protection scheme based on Android platform is put forward. This scheme starts with reverse engineering, draws lessons from the security protection technology of traditional PC terminal, and combines the characteristics of Android platform itself. It will be confused, decompiled, dynamically loaded, integrity checked. Encryption and other aspects are integrated and multi-layer security measures are adopted to improve the security performance of the application. The main work of this paper is as follows: 1. The security of Android system and the application program of its platform are expounded. This paper studies the architecture of Android system and the key technology of application development, including Dalvik virtual machine and DVM instruction, Dex file and Dalvik bytecode, JNI technology, etc. Android system and its application on the basis of security. 2. This paper studies the existing reverse technology, including its principle, the tools used and the technical details, and puts forward the "counter-measures" to these tools and technologies to guard against the reverse engineering technology of Android applications. This paper studies the security model of Android and its hidden dangers, focuses on the shortcomings of Android security mechanism, and puts forward the security protection technology. 3. Analysis encryption, decryption, data integrity algorithm, find suitable for limited resources under the condition of encryption, decryption measures. The existing encryption and decryption algorithms, including AES,MD5,NTRU,SSL/TLS security protocol, are analyzed. The encryption and decryption technology is applied to the security protection and development of Android application program, which ensures the application data, network communication and application program security. 4. Based on the encryption and decryption algorithm, the paper puts forward the technology of shell and reinforcement for the application program on Android platform. The aim is to improve the disassembly capability of applications, to invalidate existing decompilation, disassembly tools or methods, or to decompile, disassemble, and fundamentally protect application, user data, The security of network communication. The security protection scheme of application program on 5.Android platform is implemented. The implementation scheme is analyzed in detail, mainly in the application's anti-reverse ability, data security and application's running efficiency.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2015
【分类号】:TP316;TP309
【参考文献】
相关期刊论文 前2条
1 吴大勇;郑紫微;;基于Android平台的访问权限机制优化方案[J];计算机工程;2013年05期
2 李宇翔;林柏钢;;基于Android重打包的应用程序安全策略加固系统设计[J];信息网络安全;2014年01期
相关硕士学位论文 前5条
1 杨勇义;基于Android平台的软件保护技术研究[D];北京邮电大学;2012年
2 李勇;基于Windows平台的目标代码混淆[D];电子科技大学;2007年
3 钟明林;基于Android智能手机平台方案[D];山东大学;2010年
4 杨博;Android系统下应用程序的安全性研究[D];上海交通大学;2013年
5 王舒;基于逆向工程的Android恶意代码的研究实现与预防[D];电子科技大学;2013年
,本文编号:2400406
本文链接:https://www.wllwen.com/falvlunwen/zhishichanquanfa/2400406.html
