Advanced Search
Volume 42 Issue 9
Sep.  2020
Turn off MathJax
Article Contents
Xiaohan ZHANG, Yuan ZHANG, Xinjian CHI, Min YANG. Protecting Android Native Code Based on Instruction Virtualization[J]. Journal of Electronics & Information Technology, 2020, 42(9): 2108-2116. doi: 10.11999/JEIT191036
Citation: Xiaohan ZHANG, Yuan ZHANG, Xinjian CHI, Min YANG. Protecting Android Native Code Based on Instruction Virtualization[J]. Journal of Electronics & Information Technology, 2020, 42(9): 2108-2116. doi: 10.11999/JEIT191036

Protecting Android Native Code Based on Instruction Virtualization

doi: 10.11999/JEIT191036
Funds:  The National Natural Science Foundation of China (U1636204, U1836210, U1836213, U1736208, 61972099, 61602123, 61602121), The Natural Science Foundation of Shanghai (19ZR1404800), The National Basic Research Program of China (973 Program) (2015CB358800)
  • Received Date: 2019-12-24
  • Rev Recd Date: 2020-06-29
  • Available Online: 2020-07-17
  • Publish Date: 2020-09-27
  • Android system is now increasingly used in different kinds of smart devices, such as smart phones, smart watches, smart TVs and smart cars. Unfortunately, reverse attacks against Android applications are also emerging, which not only violates the intellectual right of application developers, but also brings security risks to end users. Existing Android application protection methods such as naming obfuscation, dynamic loading, and code hiding can protect Java code and native (C/C++) code, but are relatively simple and easy to be bypassed. A more promising method is to use instruction virtualization, but previous binary-based methods target specific architecture (x86), and cannot be applied to protect Android devices with different architectures. An architecture-independent instruction virtualization method is proposed, a prototype named Virtual Machine Packing Protection (VMPP) to protect Android native code is designed and implemented. VMPP includes a register-based fix-length instruction set, an interpreter to execute virtualized instructions, and a set of tool-chains for developers to use to protect their code. VMPP is tested on a large number of C/C++ code and real-world Android applications. The results show that VMPP can effectively protect the security of Android native code for different architectures with low overhead.
  • loading
  • 360安全互联网中心. 2015年Android手机应用盗版情况调研报告[EB/OL]. http://zt.360.cn/1101061855.php?dtid=1101061451&did=1101657409, 2019.

    360 Security Internet Center. Investigation report on piracy of Android mobile applications[EB/OL]. http://zt.360.cn/1101061855.php?dtid=1101061451&did=1101657409, 2019.
    HUO Meimei, WU Jianzhong, CAI Jianping, et al. An Anti-piracy method based on encryption and dynamic loading for android applications[J]. Applied Mechanics and Materials, 2014, 644/650: 2740–2743. doi: 10.4028/www.scientific.net/AMM.644-650.2740
    KIM N Y, SHIM J, CHO S J, et al. Android application protection against static reverse engineering based on multidexing[J]. Journal of Internet Services and Information Security, 2016, 6(4): 54–64.
    FALSINAT L, FRATANTONIO Y, ZANERO S, et al. Grab’n run: Secure and practical dynamic code loading for android applications[C]. The 31st Annual Computer Security Applications Conference, Los Angeles, USA, 2015: 201–210. doi: 10.1145/2818000.2818042.
    张震, 张龙. Android平台的Native层加固技术研究与实现[J]. 计算机与现代化, 2016(10): 88–91. doi: 10.3969/j.issn.1006-2475.2016.10.018

    ZHANG Zhen and ZHANG Long. Research and implementation of native layer reinnforcement technology based on android platform[J]. Computer and Modernization, 2016(10): 88–91. doi: 10.3969/j.issn.1006-2475.2016.10.018
    赵奇. 基于LLVM的Android应用代码保护技术研究与实现[D]. [硕士论文], 北京邮电大学, 2018.

    ZHAO Qi. Research and implementation of android application code protection based on LLVM[D]. [Master dissertation], Beijing University of Posts and Telecommunications, 2018.
    张一峰, 方勇. 基于LLVM的Android Native文件保护方法[J]. 通信技术, 2017, 50(3): 533–538. doi: 10.3969/j.issn.1002-0802.2017.03.026

    ZHANG Yifeng and FANG Yong. Android native file protection based on LLVM[J]. Communications Technology, 2017, 50(3): 533–538. doi: 10.3969/j.issn.1002-0802.2017.03.026
    胡恒伟. 基于动态虚拟指令集的Android应用保护技术研究[D]. [硕士论文], 南京理工大学, 2018.

    HU Hengwei. Research on android application protection technology based on dynamic virtual instruction set[D]. [Master dissertation], Nanjing University of Science and Technology, 2018.
    李振. 基于LLVM的Android应用程序编译时虚拟化保护研究[D]. [硕士论文], 西北大学, 2019.

    LI Zhen. LLVM-based android application compiletime virtualization protection method research[D]. [Master dissertation], Northwest University, 2019.
    YANG Wenbo, ZHANG Yuanyuan, LI Juanru, et al. AppSpear: Bytecode decrypting and DEX reassembling for packed android malware[C]. The 18th International Symposium on Recent Advances in Intrusion Detection, Kyoto, Japan, 2015: 359–381. doi: 10.1007/978-3-319-26362-5_17.
    KIM D, KWAK J, and RYOU J. Dwroiddump: Executable code extraction from android applications for malware analysis[J]. International Journal of Distributed Sensor Networks, 2015, 11(9): 379682. doi: 10.1155/2015/379682
    张汉宁. 基于精简指令集的软件保护虚拟机技术研究[D]. [硕士论文], 西北大学, 2010.

    ZHANG Hanning. Research on software protection virtual machine technology based on reduced instruction set[D]. [Master dissertation], Northwest University, 2010.
    汤战勇, 李光辉, 房鼎益, 等. 一种具有指令集随机化的代码虚拟化保护系统[J]. 华中科技大学学报: 自然科学版, 2016, 44(3): 28–33. doi: 10.13245/j.hust.160306

    TANG Zhanyong, LI Guanghui, FANG Dingyi, et al. A code virtualization protection system with instruction set randomization[J]. Journal of Huazhong University of Science and Technology:Natural Science Edition, 2016, 44(3): 28–33. doi: 10.13245/j.hust.160306
    杜春来, 孔丹丹, 王景中, 等. 一种基于指令虚拟化的代码保护模型[J]. 信息网络安全, 2017(2): 22–28. doi: 10.3969/j.issn.1671-1122.2017.02.004

    DU Chunlai, KONG Dandan, WANG Jingzhong, et al. A code protection model based on instruction virtualization[J]. Netinfo Security, 2017(2): 22–28. doi: 10.3969/j.issn.1671-1122.2017.02.004
    几维安全. 移动应用加固系统[EB/OL]. https://www.kiwisec.com/product/app-encrypt.html, 2019.
    SALWAN J, BARDIN S, and POTET M L. Symbolic deobfuscation: From virtualized code back to the original[C]. The 15th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Saclay, France, 2018: 372–392. doi: 10.1007/978-3-319-93411-2_17.
    梁光辉, 庞建民, 单征. 基于代码进化的恶意代码沙箱规避检测技术研究[J]. 电子与信息学报, 2019, 41(2): 341–347. doi: 10.11999/JEIT180257

    LIANG Guanghui, PANG Jianmin, and SHAN Zheng. Malware sandbox evasion detection based on code evolution[J]. Journal of Electronics &Information Technology, 2019, 41(2): 341–347. doi: 10.11999/JEIT180257
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(7)  / Tables(5)

    Article Metrics

    Article views (2165) PDF downloads(123) Cited by()
    Proportional views
    Related

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return