当前位置:
X-MOL 学术
›
Comput. Secur.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Compile-time Code Virtualization for Android Applications
Computers & Security ( IF 4.8 ) Pub Date : 2020-07-01 , DOI: 10.1016/j.cose.2020.101821 Yujie Zhao , Zhanyong Tang , Guixin Ye , Dongxu Peng , Dingyi Fang , Xiaojiang Chen , Zheng Wang
Computers & Security ( IF 4.8 ) Pub Date : 2020-07-01 , DOI: 10.1016/j.cose.2020.101821 Yujie Zhao , Zhanyong Tang , Guixin Ye , Dongxu Peng , Dingyi Fang , Xiaojiang Chen , Zheng Wang
Abstract Infringing intellectual property by reverse analysis is a severe threat to Android applications. By replacing the program instructions with virtual instructions that an adversary is unfamiliar with, code obfuscation based on virtualization is a promising way of protecting Android applications against reverse engineering. However, the current code virtualization approaches for Android only target at the DEX bytecode level. The DEX file with the open file format and more semantic information makes the decode-dispatch pattern easier to expose, which has been identified as a severe vulnerability of security and can be exploited by various attacks. Further, decode-dispatch interpretation frequently uses indirect branches in this structure to introduce extra overhead. This paper presents a novel approach to transfer code virtualization from DEX level to native level, which possesses strong security strength and good stealth, with only modest cost. Our approach contains two components: pre-compilation and compile-time virtualization. Pre-compilation is designed for performance improvement by identifying and decompiling the critical functions which consume a significant fraction of execution time. Compile-time virtualization builds upon the widely used LLVM compiler framework. It automatically translates the DEX bytecode into the common LLVM intermediate representations where a unified code virtualization pass can be applied for DEX code. We have implemented a working prototype Dex2VM of our technique and applied it to eight representative Android applications. Our experimental results show that the proposed approach can effectively protect the target code against a state-of-the-art code reverse engineering tool that is specifically designed for code virtualization, and it achieves good stealth with only modest cost.
中文翻译:
Android 应用程序的编译时代码虚拟化
摘要 逆向分析侵犯知识产权是Android应用程序的严重威胁。通过用对手不熟悉的虚拟指令替换程序指令,基于虚拟化的代码混淆是保护 Android 应用程序免受逆向工程的一种很有前途的方法。但是,当前的 Android 代码虚拟化方法仅针对 DEX 字节码级别。DEX 文件的开放文件格式和更多的语义信息使得解码分发模式更容易暴露,这已被确定为严重的安全漏洞,可以被各种攻击利用。此外,解码-调度解释经常在这种结构中使用间接分支来引入额外的开销。本文提出了一种将代码虚拟化从 DEX 级别转移到本机级别的新方法,该方法具有强大的安全强度和良好的隐蔽性,并且成本适中。我们的方法包含两个组件:预编译和编译时虚拟化。预编译旨在通过识别和反编译消耗大量执行时间的关键函数来提高性能。编译时虚拟化建立在广泛使用的 LLVM 编译器框架之上。它自动将 DEX 字节码转换为常见的 LLVM 中间表示,其中可以对 DEX 代码应用统一的代码虚拟化通道。我们已经实现了我们技术的工作原型 Dex2VM,并将其应用于八个具有代表性的 Android 应用程序。
更新日期:2020-07-01
中文翻译:
Android 应用程序的编译时代码虚拟化
摘要 逆向分析侵犯知识产权是Android应用程序的严重威胁。通过用对手不熟悉的虚拟指令替换程序指令,基于虚拟化的代码混淆是保护 Android 应用程序免受逆向工程的一种很有前途的方法。但是,当前的 Android 代码虚拟化方法仅针对 DEX 字节码级别。DEX 文件的开放文件格式和更多的语义信息使得解码分发模式更容易暴露,这已被确定为严重的安全漏洞,可以被各种攻击利用。此外,解码-调度解释经常在这种结构中使用间接分支来引入额外的开销。本文提出了一种将代码虚拟化从 DEX 级别转移到本机级别的新方法,该方法具有强大的安全强度和良好的隐蔽性,并且成本适中。我们的方法包含两个组件:预编译和编译时虚拟化。预编译旨在通过识别和反编译消耗大量执行时间的关键函数来提高性能。编译时虚拟化建立在广泛使用的 LLVM 编译器框架之上。它自动将 DEX 字节码转换为常见的 LLVM 中间表示,其中可以对 DEX 代码应用统一的代码虚拟化通道。我们已经实现了我们技术的工作原型 Dex2VM,并将其应用于八个具有代表性的 Android 应用程序。
京公网安备 11010802027423号