Research on a Protection Mechanism Based on Virtual Machine Customization

doi:10.3969/j.issn.1671-1122.2017.01.010

Abstract

Abstract:

The rapid development of mobile Internet has been promoting the development of smart phone applications, Android system soon became the largest market share of smart phone system because of the characteristics of open source. Meanwhile Android application has become an important target for attackers due to the third-party application market imperfect regulation, resulting in Android application faces repackaging, tampering and other security threats.In order to make reverse analysis of Android APP DEX file more difficult,this paper proposes an android application protection method based on the custom virtual machine.First extract the instructions and attribute informations of protected method,then transform them into a custom instruction format according to certain rules.Next,explain virtual instruction execution using a self-defined VM interpreter.Finally,realizate a lightweight prototype system,take the open source applications as test samples to complete the experimental verification. Experimental results show that this method can improve the unreadability of the code effectively,and thus increase the difficulty of the reverse analysis of the attacker at lower cost of time and space overhead.

Key words: Android, virtual machine customization, protected method

CLC Number:

TP393

Jiajia LIU, Yan YU, Hengwei HU, Jiashun WU. Research on a Protection Mechanism Based on Virtual Machine Customization[J]. Netinfo Security, 2017, 17(1): 63-67.

Figures/Tables 6

References 14

[1]	ZHOU W, WANG Z, ZHOU Y, et al.DIVILAR:Diversifying Intermediate Language for Anti-Repackaging on Android Platform[C]// ACM.Proceeding CODASPY '14 Proceedings of the 4th ACM conference on Data and application security and privacy, March 3-5, 2014, San Antonio, Texas, USA. New York:ACM, 2014: 199-210.
[2]	YASEMIN A, MICHAEL B.SoK:Lessons Learned from Android Security Research for Appified Software Platforms[C]// IEEE. IEEE Symposium on Security and Privacy, May 22-26, 2016, San Jose, CA, USA. New York:IEEE, 2016: 433-451.
[3]	KOVACHEVA A.Efficient Code Obfuscation for Android[C]// Springer. 6th International Conference ,IAIT, December 12-13, 2013, Bangkok,Thailand. Berlin Heidelberg: Springer,2013:104-119.
[4]	LUCA F, YANICK F.Grab 'n Run:Secure and Practical Dynamic Code Loading for Android Applications[C]// ACM.ACSAC 2015 Proceedings of the 31st Annual Computer Security Applications Conference, December 7-11, 2015, Los Angeles, CA, USA. New York:ACM, 2015: 201-210.
[5]	FELIPE S, ANTHONY R.Defending Your Android App[C]// ACM.Proceeding RIIT '15 Proceedings of the 4th Annual ACM Conference on Research in Information Technology, September 30-October 3, 2015, Chicago, Illinois, USA. New York:ACM, 2015: 29-34.
[6]	RAI P O.Android Application Security Essentials[M]. Birmingham:Packt Publishing, 2013.
[7]	Androidxref.Android常见App加固厂商脱壳方法的整理[EB/OL]. 2015-9-10.
[8]	Dalvik ExecutableFormat[EB/OL]. 2016-9-10.
[9]	Google Dalvik bytecode[EB/OL]. , 2016-5-19.
[10]	文伟平,张汉,曹向磊. 基于Android可执行文件重组的混淆方案的设计与实现[J]. 信息网络安全,2016(5):71-77.
[11]	卿斯汉. Android安全研究进展[J]. 软件学报,2016,27(1):45-71.
[12]	徐剑. 面向Android应用程序的代码保护方法研究[J]. 信息网络安全,2014(10):11-17.
[13]	吴艳霞. Android Dalvik虚拟机结构及机制剖析[M]. 北京:清华大学出版社,2014:117-126.
[14]	文伟平,汤炀,谌力. 一种基于Android内核的APP敏感行为检测方法及实现[J]. 信息网络安全,2016(8):18-23.

[1]	Liuyang HOU, Senlin LUO, Limin PAN, Ji ZHANG. Multi-feature Android Malware Detection Method [J]. Netinfo Security, 2020, 20(1): 67-74.
[2]	Xin SONG, Kai ZHAO, Linlin ZHANG, Wenbo FANG. Research on Android Malware Detection Based on Random Forest [J]. Netinfo Security, 2019, 19(9): 1-5.
[3]	Liping DING, Xuehua LIU, Guangxuan CHEN, Yin LI. Overview of Digital Forensics Technologies of RAM in Android Devices [J]. Netinfo Security, 2019, 19(2): 10-17.
[4]	Zhongyuan QIN, Junrui ZHANG, Qunfang ZHANG, Zhiyong SONG. Android Terminals Control Technology Based on Inject and Hook [J]. Netinfo Security, 2018, 18(9): 66-73.
[5]	SONG Xinlong, ZHENG Dong, YANG Zhonghuang. Mobile Device Management System Based on AOSP and SELinux [J]. 信息网络安全, 2017, 17(9): 103-106.
[6]	LU Debing, CUI Haoliang, ZHANG Wen, NIU Shaozhang. Application Security Reinforcement Scheme Based on Intent Filter [J]. 信息网络安全, 2017, 17(11): 67-73.
[7]	LEI Qing, JING Lihua, ZHAO Deming, ZHENG Jilong. Research on the Technology of Gun Detection System for Android APP Videos Based on Deep Learning [J]. 信息网络安全, 2016, 16(9): 149-153.
[8]	WEN Weiping, TANG Yang, SHEN Li. An APP Sensitive Behaviors Detection Method Based on Android Kernel and Its Implementation [J]. 信息网络安全, 2016, 16(8): 18-23.
[9]	YU Lifang, YANG Tianchang, NIU Shaozhang. An Enhanced Security Access Control Scheme for Inter-component Communication in Android [J]. 信息网络安全, 2016, 16(8): 54-60.
[10]	QU Lewei, LUO Senlin, SUN Zhipeng, ZHU Shuai. Research on the Method of Data Integrity Detecting on Android System [J]. 信息网络安全, 2016, 16(8): 61-67.
[11]	ZHANG Jiawang, LI Yanwei. Research and Design on Malware Detection System Based on N-gram Algorithm [J]. 信息网络安全, 2016, 16(8): 74-80.
[12]	YANG Jingya, LUO Senlin, ZHU Shuai, QU Lewei. Research on Method of Android System Malware Behavior Monitoring Based on Multi-level and Cross-view Analysis [J]. 信息网络安全, 2016, 16(7): 40-46.
[13]	LI Yameng, HE Jingsha. Research on Different Versions of YAFFS2 File Recovery Algorithm Based on Hash [J]. 信息网络安全, 2016, 16(5): 51-57.
[14]	WEN Weiping, ZHANG Han, CAO Xianglei. Design and Implementation of the Scheme of Obfuscation Based on the Recombination of the Android Executable File [J]. 信息网络安全, 2016, 16(5): 71-77.
[15]	DING Yong, CAO Wei, LUO Senlin. Research on the Technology of Malware Behavior Monitoring Based on LKM System Call Hijacking [J]. 信息网络安全, 2016, 16(4): 1-8.