Android应用安全加固技术研究与实现

发布时间：2018-03-25 20:05

本文选题：Android　切入点：应用加固　出处：《南京理工大学》2017年硕士论文

【摘要】：移动互联网的快速发展促进了智能手机应用的繁荣,Android系统凭借其开源特性迅速成为市场份额最大的智能手机系统。然而Android应用被逆向篡改等现象不仅对用户隐私及资产造成困扰,更损害了开发者的合法权益。如何有效保护Android应用成为移动安全领域研究的热点。传统Android应用加固技术有重打包检测、代码混淆、自我校验等,这些方法虽取得一定成效,却普遍面临原理固定、易被攻击者规避等问题。软件加壳作为一种可有效防止逆向的技术得到广泛关注,但是主流的基于类加载器和基于方法替换的加壳技术都已经出现了自动脱壳破解方案,因此必须寻求安全性更高的加固技术。针对以上问题,本文在深入研究Android应用安全特性与虚拟机保护技术基础上提出一种基于虚拟机定制的Android应用加固方法,并结合其他安全加固技术设计实现了一个Android应用安全加固系统原型。论文主要工作如下:(1)研究并分析了 Android系统安全机制、Android应用常见攻击类型和现有软件安全保护技术,梳理了当前存在的针对Android应用的主要攻击手段,确定了从Android应用逆向分析与内存DUMP攻击等攻击面着手、重点研究并实现基于Android虚拟机定制的Android应用安全加固方法的技术路线与思想。(2)提出一种基于虚拟机定制的Android应用安全加固方法,针对Android应用中的关键代码,利用静态分析技术实现关键代码的指令抽取;针对难以抵御内存分析的Dalvik指令,将抽取出的指令根据基于指令操作数个数分组的指令转换规则,随机转换为自定义的虚拟指令;针对映射得到的具有相同语义的虚拟指令,则由自定义与实现的定制虚拟机执行引擎——字节码解释器解释执行,从而在实现原始Android应用语义的前提下,最大限度地避免了针对Android应用的逆向分析与内存攻击。(3)设计并实现了一个基于虚拟机定制并结合其他安全增强技术的Android应用安全加固系统。利用基于虚拟机定制的Android应用安全加固方法,可以实现指令级的Android应用安全,有效抵御Android应用逆向分析与内存攻击;利用反调试与签名校验等技术手段,有效地防止了调试攻击与重打包攻击。(4)理论分析与实验验证结果表明,本文给出的Android应用加固方法与系统能够有效实现Android应用指令级代码的混淆,提高其不可读性,从而以较小的时间与空间代价大幅增加攻击者逆向分析的难度,进而实现针对Android应用的安全加固与保护。
[Abstract]:The rapid development of mobile internet has promoted the prosperity of smartphone application. Android system has become the largest smartphone system with its open source feature. However, the phenomenon that Android application is tampered with by reverse is not only to user privacy. And assets, It also damages the legitimate rights and interests of developers. How to effectively protect Android applications has become a hot topic in the field of mobile security. Traditional Android application reinforcement techniques include repackaging detection, code confusion, self-checking and so on, although these methods have achieved certain results. However, it is generally faced with problems such as fixed principle and easy to be circumvented by attackers. As a technique that can effectively prevent reverse, software shell has received extensive attention. But the mainstream classloader-based and method-based shell replacement technologies have emerged automatic shelled cracking schemes, so we must seek a more secure reinforcement technology. Based on the deep research of Android application security characteristics and virtual machine protection technology, this paper proposes a reinforcement method of Android application based on virtual machine customization. A prototype of Android application security reinforcement system is designed and implemented in combination with other security reinforcement technologies. The main work of this paper is as follows: 1) the main work of this paper is to study and analyze the security mechanism of Android system and the common attack types of Android application and the existing software security protection technology. Combing the existing main attack methods against Android applications, and determining the attack surface of Android application reverse analysis and memory DUMP attack, The technical route and idea of Android application security reinforcement method based on Android virtual machine customization are studied and realized. A Android application security reinforcement method based on virtual machine customization is proposed. The key codes in Android application are discussed. The instruction extraction of the key code is realized by static analysis technology, and the extracted instruction is randomly converted into a custom virtual instruction according to the instruction conversion rule based on the number of instruction operands grouping, aiming at the Dalvik instruction which is difficult to resist the memory analysis. For the virtual instructions with the same semantics, they are interpreted and executed by the custom virtual machine execution engine, the bytecode interpreter, which implements the semantic of the original Android application. The reverse analysis and memory attack for Android applications are avoided to the maximum extent.) A Android application security reinforcement system based on virtual machine customization and other security enhancement techniques is designed and implemented. The application security reinforcement system is based on virtual machine customization. The Android application security reinforcement method, It can realize instruction level Android application security, effectively resist Android application reverse analysis and memory attack, use technical means such as anti-debugging and signature checking, etc. The theoretical analysis and experimental results show that the Android application reinforcement method and system presented in this paper can effectively realize the confusion of Android application instruction level code and improve its unreadability. In order to reduce the cost of time and space, the difficulty of reverse analysis can be greatly increased, and then the security reinforcement and protection for Android applications can be realized.
【学位授予单位】：南京理工大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP309

【参考文献】