面向Android平台的混淆算法研究
|
摘要
随着智能手机的不断普及,Android平台上的软件安全性越来越受到重视。以其他平台中应用最普遍且效果最好的代码混淆技术为基础,对比分析经典的控制流混淆算法,结合Android平台自身特点,提出一种面向Android平台的Dalvik字节码层次的控制流混淆算法,并从代码量、执行开销角度对主流混淆工具Proguard进行对比测试,丰富了混淆手段,进一步增强了Android应用程序的安全性。
With the popularity of smartphones, Android software attracts security more and more attention from people. Based on the most common and effective code obfuscation technology in other platforms, some classic control flow obfuscation algorithms are compared, and combined with the characteristics of Android platform, the control flow obfuscation algorithm of Android platform-oriented Dalvik bytecode level for is proposed, and comparison test on mainstream confusion tools like Proguard also done from the angles of code number and executive overhead. The proposed algorithm enriches the obfuscation means and further enhances the security of Android applications.
With the popularity of smartphones, Android software attracts security more and more attention from people. Based on the most common and effective code obfuscation technology in other platforms, some classic control flow obfuscation algorithms are compared, and combined with the characteristics of Android platform, the control flow obfuscation algorithm of Android platform-oriented Dalvik bytecode level for is proposed, and comparison test on mainstream confusion tools like Proguard also done from the angles of code number and executive overhead. The proposed algorithm enriches the obfuscation means and further enhances the security of Android applications.
引文
[1]Cnbeta.Android恶意代码发展报告[EB/OL].(2015-04-09)[2016-12-29].http://news.mydrivers.com/1/411/411950.htm.Cnbeta.Android Malicious Code Development Report[EB/OL].(2015-04-09)[2016-12-29].http://news.mydrivers.com/1/411/411950.htm.
[2]中国新闻网(北京).百度手机卫士——2015年上半年中国互联网移动安全报告[EB/OL].(2015-08-12)[2016-12-30].http://money.163.com/15/0812/17/B0R82N9600254TI5.html.China Mobile News(Beijing).Baidu Mobile Guards-the First Half of 2015 China Internet Mobile Security Report[EB/OL].(2015-08-12)[2016-12-30].http://money.163.com/15/0812/17/B0R82N9600254TI5.html.
[3]赵玉洁,汤战勇,王妮等.代码混淆算法有效性评估[J].软件学报,2012(03):700-711.ZHAO Yu-jie,TANG Zhan-yong,WANG Ni,et al.Evaluation of Code Obfuscating Transformation[J].Journal of Software,2012,23(03):700-711.
[4]孟姗姗.移动智能终端的软件保护研究[D].南京:东南大学,2015.MENG Shan-shan.Research on Software Protection of Smart Mobile Devices[D].Nanjing:Southeast University,2015.
[5]王琳.基于Android平台软件保护方法研究[D].西安:西北大学,2014.WANG Lin.Research on Protection Methods of Android Software[D].Xi’an:Northwest University,2014.
[6]Protsenko M,Müller M.Protecting Android Apps Against Reverse Engineering by the Use of the Native Code[M].Trust,Privacy and Security in Digital Business,2015.
[7]Enck,Octeau D,Mcdaniel P,et al.A Study of Android Application Security[C].Usenix Conference on Security USENIX Association,2011:21.
[8]Cabutto A,Falcarin P,Abrath B,et al.Software Protection with Code Mobility[C].ACM Workshop ACM,2015:95-103.
[2]中国新闻网(北京).百度手机卫士——2015年上半年中国互联网移动安全报告[EB/OL].(2015-08-12)[2016-12-30].http://money.163.com/15/0812/17/B0R82N9600254TI5.html.China Mobile News(Beijing).Baidu Mobile Guards-the First Half of 2015 China Internet Mobile Security Report[EB/OL].(2015-08-12)[2016-12-30].http://money.163.com/15/0812/17/B0R82N9600254TI5.html.
[3]赵玉洁,汤战勇,王妮等.代码混淆算法有效性评估[J].软件学报,2012(03):700-711.ZHAO Yu-jie,TANG Zhan-yong,WANG Ni,et al.Evaluation of Code Obfuscating Transformation[J].Journal of Software,2012,23(03):700-711.
[4]孟姗姗.移动智能终端的软件保护研究[D].南京:东南大学,2015.MENG Shan-shan.Research on Software Protection of Smart Mobile Devices[D].Nanjing:Southeast University,2015.
[5]王琳.基于Android平台软件保护方法研究[D].西安:西北大学,2014.WANG Lin.Research on Protection Methods of Android Software[D].Xi’an:Northwest University,2014.
[6]Protsenko M,Müller M.Protecting Android Apps Against Reverse Engineering by the Use of the Native Code[M].Trust,Privacy and Security in Digital Business,2015.
[7]Enck,Octeau D,Mcdaniel P,et al.A Study of Android Application Security[C].Usenix Conference on Security USENIX Association,2011:21.
[8]Cabutto A,Falcarin P,Abrath B,et al.Software Protection with Code Mobility[C].ACM Workshop ACM,2015:95-103.