本文選題：Android　切入點(diǎn)：應(yīng)用加固　出處：《南京理工大學(xué)》2017年碩士論文

【摘要】：移動(dòng)互聯(lián)網(wǎng)的快速發(fā)展促進(jìn)了智能手機(jī)應(yīng)用的繁榮,Android系統(tǒng)憑借其開源特性迅速成為市場(chǎng)份額最大的智能手機(jī)系統(tǒng)。然而Android應(yīng)用被逆向篡改等現(xiàn)象不僅對(duì)用戶隱私及資產(chǎn)造成困擾,更損害了開發(fā)者的合法權(quán)益。如何有效保護(hù)Android應(yīng)用成為移動(dòng)安全領(lǐng)域研究的熱點(diǎn)。傳統(tǒng)Android應(yīng)用加固技術(shù)有重打包檢測(cè)、代碼混淆、自我校驗(yàn)等,這些方法雖取得一定成效,卻普遍面臨原理固定、易被攻擊者規(guī)避等問題。軟件加殼作為一種可有效防止逆向的技術(shù)得到廣泛關(guān)注,但是主流的基于類加載器和基于方法替換的加殼技術(shù)都已經(jīng)出現(xiàn)了自動(dòng)脫殼破解方案,因此必須尋求安全性更高的加固技術(shù)。針對(duì)以上問題,本文在深入研究Android應(yīng)用安全特性與虛擬機(jī)保護(hù)技術(shù)基礎(chǔ)上提出一種基于虛擬機(jī)定制的Android應(yīng)用加固方法,并結(jié)合其他安全加固技術(shù)設(shè)計(jì)實(shí)現(xiàn)了一個(gè)Android應(yīng)用安全加固系統(tǒng)原型。論文主要工作如下:(1)研究并分析了 Android系統(tǒng)安全機(jī)制、Android應(yīng)用常見攻擊類型和現(xiàn)有軟件安全保護(hù)技術(shù),梳理了當(dāng)前存在的針對(duì)Android應(yīng)用的主要攻擊手段,確定了從Android應(yīng)用逆向分析與內(nèi)存DUMP攻擊等攻擊面著手、重點(diǎn)研究并實(shí)現(xiàn)基于Android虛擬機(jī)定制的Android應(yīng)用安全加固方法的技術(shù)路線與思想。(2)提出一種基于虛擬機(jī)定制的Android應(yīng)用安全加固方法,針對(duì)Android應(yīng)用中的關(guān)鍵代碼,利用靜態(tài)分析技術(shù)實(shí)現(xiàn)關(guān)鍵代碼的指令抽取;針對(duì)難以抵御內(nèi)存分析的Dalvik指令,將抽取出的指令根據(jù)基于指令操作數(shù)個(gè)數(shù)分組的指令轉(zhuǎn)換規(guī)則,隨機(jī)轉(zhuǎn)換為自定義的虛擬指令;針對(duì)映射得到的具有相同語(yǔ)義的虛擬指令,則由自定義與實(shí)現(xiàn)的定制虛擬機(jī)執(zhí)行引擎——字節(jié)碼解釋器解釋執(zhí)行,從而在實(shí)現(xiàn)原始Android應(yīng)用語(yǔ)義的前提下,最大限度地避免了針對(duì)Android應(yīng)用的逆向分析與內(nèi)存攻擊。(3)設(shè)計(jì)并實(shí)現(xiàn)了一個(gè)基于虛擬機(jī)定制并結(jié)合其他安全增強(qiáng)技術(shù)的Android應(yīng)用安全加固系統(tǒng)。利用基于虛擬機(jī)定制的Android應(yīng)用安全加固方法,可以實(shí)現(xiàn)指令級(jí)的Android應(yīng)用安全,有效抵御Android應(yīng)用逆向分析與內(nèi)存攻擊;利用反調(diào)試與簽名校驗(yàn)等技術(shù)手段,有效地防止了調(diào)試攻擊與重打包攻擊。(4)理論分析與實(shí)驗(yàn)驗(yàn)證結(jié)果表明,本文給出的Android應(yīng)用加固方法與系統(tǒng)能夠有效實(shí)現(xiàn)Android應(yīng)用指令級(jí)代碼的混淆,提高其不可讀性,從而以較小的時(shí)間與空間代價(jià)大幅增加攻擊者逆向分析的難度,進(jìn)而實(shí)現(xiàn)針對(duì)Android應(yīng)用的安全加固與保護(hù)。
[Abstract]:The rapid development of mobile internet has promoted the prosperity of smartphone application. Android system has become the largest smartphone system with its open source feature. However, the phenomenon that Android application is tampered with by reverse is not only to user privacy. And assets, It also damages the legitimate rights and interests of developers. How to effectively protect Android applications has become a hot topic in the field of mobile security. Traditional Android application reinforcement techniques include repackaging detection, code confusion, self-checking and so on, although these methods have achieved certain results. However, it is generally faced with problems such as fixed principle and easy to be circumvented by attackers. As a technique that can effectively prevent reverse, software shell has received extensive attention. But the mainstream classloader-based and method-based shell replacement technologies have emerged automatic shelled cracking schemes, so we must seek a more secure reinforcement technology. Based on the deep research of Android application security characteristics and virtual machine protection technology, this paper proposes a reinforcement method of Android application based on virtual machine customization. A prototype of Android application security reinforcement system is designed and implemented in combination with other security reinforcement technologies. The main work of this paper is as follows: 1) the main work of this paper is to study and analyze the security mechanism of Android system and the common attack types of Android application and the existing software security protection technology. Combing the existing main attack methods against Android applications, and determining the attack surface of Android application reverse analysis and memory DUMP attack, The technical route and idea of Android application security reinforcement method based on Android virtual machine customization are studied and realized. A Android application security reinforcement method based on virtual machine customization is proposed. The key codes in Android application are discussed. The instruction extraction of the key code is realized by static analysis technology, and the extracted instruction is randomly converted into a custom virtual instruction according to the instruction conversion rule based on the number of instruction operands grouping, aiming at the Dalvik instruction which is difficult to resist the memory analysis. For the virtual instructions with the same semantics, they are interpreted and executed by the custom virtual machine execution engine, the bytecode interpreter, which implements the semantic of the original Android application. The reverse analysis and memory attack for Android applications are avoided to the maximum extent.) A Android application security reinforcement system based on virtual machine customization and other security enhancement techniques is designed and implemented. The application security reinforcement system is based on virtual machine customization. The Android application security reinforcement method, It can realize instruction level Android application security, effectively resist Android application reverse analysis and memory attack, use technical means such as anti-debugging and signature checking, etc. The theoretical analysis and experimental results show that the Android application reinforcement method and system presented in this paper can effectively realize the confusion of Android application instruction level code and improve its unreadability. In order to reduce the cost of time and space, the difficulty of reverse analysis can be greatly increased, and then the security reinforcement and protection for Android applications can be realized.
【學(xué)位授予單位】：南京理工大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 吳文煥;;Android應(yīng)用程序數(shù)字簽名機(jī)制研究[J];軟件;2014年02期

，

本文編號(hào)：1664658