發(fā)布時間：2018-03-25 20:05

  本文選題：Android　切入點：應用加固　出處：《南京理工大學》2017年碩士論文

【摘要】：移動互聯網的快速發(fā)展促進了智能手機應用的繁榮,Android系統(tǒng)憑借其開源特性迅速成為市場份額最大的智能手機系統(tǒng)。然而Android應用被逆向篡改等現象不僅對用戶隱私及資產造成困擾,更損害了開發(fā)者的合法權益。如何有效保護Android應用成為移動安全領域研究的熱點。傳統(tǒng)Android應用加固技術有重打包檢測、代碼混淆、自我校驗等,這些方法雖取得一定成效,卻普遍面臨原理固定、易被攻擊者規(guī)避等問題。軟件加殼作為一種可有效防止逆向的技術得到廣泛關注,但是主流的基于類加載器和基于方法替換的加殼技術都已經出現了自動脫殼破解方案,因此必須尋求安全性更高的加固技術。針對以上問題,本文在深入研究Android應用安全特性與虛擬機保護技術基礎上提出一種基于虛擬機定制的Android應用加固方法,并結合其他安全加固技術設計實現了一個Android應用安全加固系統(tǒng)原型。論文主要工作如下:(1)研究并分析了 Android系統(tǒng)安全機制、Android應用常見攻擊類型和現有軟件安全保護技術,梳理了當前存在的針對Android應用的主要攻擊手段,確定了從Android應用逆向分析與內存DUMP攻擊等攻擊面著手、重點研究并實現基于Android虛擬機定制的Android應用安全加固方法的技術路線與思想。(2)提出一種基于虛擬機定制的Android應用安全加固方法,針對Android應用中的關鍵代碼,利用靜態(tài)分析技術實現關鍵代碼的指令抽取;針對難以抵御內存分析的Dalvik指令,將抽取出的指令根據基于指令操作數個數分組的指令轉換規(guī)則,隨機轉換為自定義的虛擬指令;針對映射得到的具有相同語義的虛擬指令,則由自定義與實現的定制虛擬機執(zhí)行引擎——字節(jié)碼解釋器解釋執(zhí)行,從而在實現原始Android應用語義的前提下,最大限度地避免了針對Android應用的逆向分析與內存攻擊。(3)設計并實現了一個基于虛擬機定制并結合其他安全增強技術的Android應用安全加固系統(tǒng)。利用基于虛擬機定制的Android應用安全加固方法,可以實現指令級的Android應用安全,有效抵御Android應用逆向分析與內存攻擊;利用反調試與簽名校驗等技術手段,有效地防止了調試攻擊與重打包攻擊。(4)理論分析與實驗驗證結果表明,本文給出的Android應用加固方法與系統(tǒng)能夠有效實現Android應用指令級代碼的混淆,提高其不可讀性,從而以較小的時間與空間代價大幅增加攻擊者逆向分析的難度,進而實現針對Android應用的安全加固與保護。
[Abstract]:The rapid development of mobile internet has promoted the prosperity of smartphone application. Android system has become the largest smartphone system with its open source feature. However, the phenomenon that Android application is tampered with by reverse is not only to user privacy. And assets, It also damages the legitimate rights and interests of developers. How to effectively protect Android applications has become a hot topic in the field of mobile security. Traditional Android application reinforcement techniques include repackaging detection, code confusion, self-checking and so on, although these methods have achieved certain results. However, it is generally faced with problems such as fixed principle and easy to be circumvented by attackers. As a technique that can effectively prevent reverse, software shell has received extensive attention. But the mainstream classloader-based and method-based shell replacement technologies have emerged automatic shelled cracking schemes, so we must seek a more secure reinforcement technology. Based on the deep research of Android application security characteristics and virtual machine protection technology, this paper proposes a reinforcement method of Android application based on virtual machine customization. A prototype of Android application security reinforcement system is designed and implemented in combination with other security reinforcement technologies. The main work of this paper is as follows: 1) the main work of this paper is to study and analyze the security mechanism of Android system and the common attack types of Android application and the existing software security protection technology. Combing the existing main attack methods against Android applications, and determining the attack surface of Android application reverse analysis and memory DUMP attack, The technical route and idea of Android application security reinforcement method based on Android virtual machine customization are studied and realized. A Android application security reinforcement method based on virtual machine customization is proposed. The key codes in Android application are discussed. The instruction extraction of the key code is realized by static analysis technology, and the extracted instruction is randomly converted into a custom virtual instruction according to the instruction conversion rule based on the number of instruction operands grouping, aiming at the Dalvik instruction which is difficult to resist the memory analysis. For the virtual instructions with the same semantics, they are interpreted and executed by the custom virtual machine execution engine, the bytecode interpreter, which implements the semantic of the original Android application. The reverse analysis and memory attack for Android applications are avoided to the maximum extent.) A Android application security reinforcement system based on virtual machine customization and other security enhancement techniques is designed and implemented. The application security reinforcement system is based on virtual machine customization. The Android application security reinforcement method, It can realize instruction level Android application security, effectively resist Android application reverse analysis and memory attack, use technical means such as anti-debugging and signature checking, etc. The theoretical analysis and experimental results show that the Android application reinforcement method and system presented in this paper can effectively realize the confusion of Android application instruction level code and improve its unreadability. In order to reduce the cost of time and space, the difficulty of reverse analysis can be greatly increased, and then the security reinforcement and protection for Android applications can be realized.
【學位授予單位】：南京理工大學
【學位級別】：碩士
【學位授予年份】：2017
【分類號】：TP309

【參考文獻】

相關期刊論文 前1條

1 吳文煥;;Android應用程序數字簽名機制研究[J];軟件;2014年02期

，

本文編號：1664658