【摘要】：Android系統(tǒng)已經(jīng)成為移動(dòng)端操作系統(tǒng)領(lǐng)軍者,Android應(yīng)用也以爆發(fā)式的飛速發(fā)展。伴隨而來的則是隱藏在普通應(yīng)用中的惡意應(yīng)用,這些應(yīng)用可能盜取個(gè)人隱私,惡意扣費(fèi),暴露賬號(hào)信息等,對(duì)用戶造成威脅。攻擊者通過反編譯獲得應(yīng)用源代碼,向其中植入惡意代碼生成惡意應(yīng)用后再重打包分發(fā),用戶在不知情的情況下下載使用了這些偽裝的應(yīng)用將會(huì)導(dǎo)致危害發(fā)生。Android加固技術(shù)是針對(duì)這種威脅的有效防御措施,通過對(duì)應(yīng)用源代碼進(jìn)行加殼保護(hù)可以防止黑客獲取源代碼實(shí)施攻擊。本文首先分析了 Android加固的現(xiàn)狀及現(xiàn)有加固技術(shù)的弊端,并針對(duì)弊端提出針對(duì)性改進(jìn)的措施,設(shè)計(jì)并實(shí)現(xiàn)了安全高效的基于DexClassLoader的應(yīng)用加固技術(shù)。本文所做的工作主要如下:1)介紹了 Android系統(tǒng)架構(gòu)和應(yīng)用程序結(jié)構(gòu)、組件及應(yīng)用程序啟動(dòng)流程,分析應(yīng)用程序面臨的主要威脅以及Android加固的有效性和必要性。2)介紹加固技術(shù)的概念,分析了現(xiàn)有的三種主流加固技術(shù)(基于UPX的加固技術(shù)、基于Dex嵌入的加固技術(shù)和基于DexClassLoader的傳統(tǒng)加固技術(shù))的實(shí)現(xiàn)流程,并從加固方案的廣泛性、安全性和簡(jiǎn)潔性三個(gè)方面指出了它們各自的優(yōu)點(diǎn)和缺陷。3)基于傳統(tǒng)加固技術(shù)和所研究的關(guān)于Android原理和Android安全的相關(guān)技術(shù),提出了針對(duì)Android應(yīng)用程序的一整套新型的加固解決方案。4)對(duì)本文所提出的關(guān)鍵技術(shù)進(jìn)行了技術(shù)研究和編程實(shí)現(xiàn),包括對(duì)二進(jìn)制Manifest的文件格式解析和加密,基于DexClassLoader原理的Dex文件內(nèi)存型加載,Android加固防調(diào)試的模擬器檢測(cè)技術(shù),so庫(kù)靜態(tài)保護(hù)技術(shù)。最后本文設(shè)計(jì)并實(shí)現(xiàn)了基于DexClassloader的Android加固系統(tǒng),通過和和傳統(tǒng)加固技術(shù)進(jìn)行實(shí)驗(yàn)對(duì)比,得出本文實(shí)現(xiàn)的應(yīng)用加固解決方案比傳統(tǒng)加固技術(shù)具有更廣泛的平臺(tái)和系統(tǒng)適用性,更強(qiáng)大的防破解安全保障以及更簡(jiǎn)潔的加固流程的結(jié)論。
[Abstract]:Android system has become the leader of mobile operating system, and Android application is developing rapidly. Along with it are malicious applications hidden in ordinary applications, which may steal personal privacy, maliciously withhold fees, expose account information, and pose a threat to users. An attacker obtains the application source code through decompilation, implants malicious code into it, generates a malicious application, and repackages and distributes, Using these camouflage applications without the user's knowledge can lead to harm. Android reinforcement is an effective defense against this threat. Through the application source code shell protection can prevent the hacker to obtain the source code to carry out the attack. This paper first analyzes the present situation of Android reinforcement and the disadvantages of existing reinforcement technology, and puts forward targeted improvement measures, and designs and implements a safe and efficient application reinforcement technology based on DexClassLoader. The main work of this paper is as follows: 1) introduce the Android system architecture and application program structure, components and application startup process, This paper analyzes the main threats faced by the application program and the effectiveness and necessity of Android reinforcement. 2) the concept of reinforcement technology is introduced, and three kinds of existing main reinforcement technologies (UPX based reinforcement technology, UPX based reinforcement technology) are analyzed. Based on the Dex embedded reinforcement technology and the traditional reinforcement technology based on DexClassLoader, the implementation process, and the extensiveness of the reinforcement scheme, The advantages and disadvantages of the three aspects of security and brevity are pointed out. 3) based on the traditional reinforcement technology and the related technologies about Android principle and Android security, A set of new reinforcement solutions for Android applications are proposed. 4) the key technologies proposed in this paper are studied and programmed, including the file format parsing and encryption of binary Manifest. Based on the principle of DexClassLoader, Dex file memory loading, Android strengthening and anti-debugging simulator detection technology, so library static protection technology. Finally, this paper designs and implements the Android reinforcement system based on DexClassloader. By comparing with the traditional reinforcement technology, it is concluded that the application reinforcement solution realized in this paper has more extensive platform and system applicability than the traditional reinforcement technology. More powerful anti-crack security and more concise reinforcement process conclusions.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2016
【分類號(hào)】：TP316;TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 巫志文;李煒;;基于Android平臺(tái)的軟件加固方案的設(shè)計(jì)與實(shí)現(xiàn)[J];電信工程技術(shù)與標(biāo)準(zhǔn)化;2015年01期

相關(guān)碩士學(xué)位論文 前4條

1 史成潔;Android平臺(tái)應(yīng)用軟件保護(hù)技術(shù)的研究與實(shí)現(xiàn)[D];北京郵電大學(xué);2015年

2 劉金梁;Android平臺(tái)軟件安全防護(hù)技術(shù)的研究與實(shí)現(xiàn)[D];北京郵電大學(xué);2015年

3 秘錫辰;Android應(yīng)用軟件安全加固技術(shù)研究[D];北京交通大學(xué);2013年

4 楊勇義;基于Android平臺(tái)的軟件保護(hù)技術(shù)研究[D];北京郵電大學(xué);2012年

，

本文編號(hào)：2313902