信息网络安全 ›› 2017, Vol. 17 ›› Issue (1): 63-67.doi: 10.3969/j.issn.1671-1122.2017.01.010

• • 上一篇    下一篇

一种基于虚拟机定制的应用保护方法研究

刘佳佳, 俞研(), 胡恒伟, 吴家顺   

  1. 南京理工大学计算机科学与工程学院,江苏南京 210094
  • 收稿日期:2016-11-15 出版日期:2017-01-20 发布日期:2020-05-12
  • 作者简介:

    作者简介:刘佳佳(1990—),女,山东,硕士研究生,主要研究方向为网络与信息安全;俞研(1972—),男,吉林,副教授,博士,主要研究方向为网络与信息安全;胡恒伟(1992—),男,江苏,硕士研究生,主要研究方向为Android安全、漏洞挖掘;吴家顺(1984—),男,江苏,工程师,硕士研究生,主要研究方向为网络与信息安全。

  • 基金资助:
    国家自然科学基金[61572255];中兴通讯研究基金

Research on a Protection Mechanism Based on Virtual Machine Customization

Jiajia LIU, Yan YU(), Hengwei HU, Jiashun WU   

  1. School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing Jiangsu 210094, China
  • Received:2016-11-15 Online:2017-01-20 Published:2020-05-12

摘要:

移动互联网的快速发展促进了智能手机应用的繁荣,Android系统凭借其开源特点迅速成为市场份额最大的智能手机系统。与此同时,Android应用也成为了攻击者的重要攻击目标,加上第三方应用市场监管不周,导致Android应用面临重打包、恶意篡改等严峻的安全威胁。为提高攻击者逆向分析Android APP中DEX文件的难度,文章提出了一种基于虚拟机定制的Android应用保护方法。首先提取待保护方法的指令及其属性信息,并通过一定的转换规则将其转换成特定的虚拟指令格式;然后通过专用的VM解释器解释执行生成的虚拟指令;最后构建轻量级原型系统,以开源应用程序为测试样本完成实验验证。实验结果表明,该方法可以有效提高代码不可读性,从而在较小的时空消耗上大幅增加攻击者逆向分析的难度。

关键词: Android, 虚拟机定制, 保护方法

Abstract:

The rapid development of mobile Internet has been promoting the development of smart phone applications, Android system soon became the largest market share of smart phone system because of the characteristics of open source. Meanwhile Android application has become an important target for attackers due to the third-party application market imperfect regulation, resulting in Android application faces repackaging, tampering and other security threats.In order to make reverse analysis of Android APP DEX file more difficult,this paper proposes an android application protection method based on the custom virtual machine.First extract the instructions and attribute informations of protected method,then transform them into a custom instruction format according to certain rules.Next,explain virtual instruction execution using a self-defined VM interpreter.Finally,realizate a lightweight prototype system,take the open source applications as test samples to complete the experimental verification. Experimental results show that this method can improve the unreadability of the code effectively,and thus increase the difficulty of the reverse analysis of the attacker at lower cost of time and space overhead.

Key words: Android, virtual machine customization, protected method

中图分类号: