当前位置: X-MOL 学术Pervasive Mob. Comput. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
ARMAND: Anti-Repackaging through Multi-pattern Anti-tampering based on Native Detection
Pervasive and Mobile Computing ( IF 4.3 ) Pub Date : 2021-07-17 , DOI: 10.1016/j.pmcj.2021.101443
Alessio Merlo 1 , Antonio Ruggia 1 , Luigi Sciolla 1 , Luca Verderame 1
Affiliation  

App repackaging refers to the practice of customizing an existing mobile app and redistributing it in the wild to fool the final user into installing the repackaged app instead of the original one. In this way, an attacker can embed malicious payload into a legitimate app for different aims, such as access to premium features, redirect revenue, or access to user’s private data. In the Android ecosystem, apps are available on public stores, and the only requirement for an app to execute properly is to be digitally signed. Due to this, the repackaging threat is widely spread.

Anti-repackaging techniques aim to make harder the repackaging process for an attack adding logical controls – called detection node – in the app at compile-time. Such controls check the app integrity at runtime to detect tampering. If tampering is recognized, the detection nodes lead the repackaged app to fail (e.g., throwing an exception). From an attacker’s standpoint, she must detect and bypass all controls to repackage safely.

In this work, we propose a novel anti-repackaging scheme – called ARMAND – which aims to overcome the limitations of the current protection schemes. We have implemented this scheme into a prototype – named ARMANDroid – which leverages multiple protection patterns and relies on native code. The evaluation phase of ARMANDroid on 30.000 real-world Android apps showed that the scheme is robust against the common attack vectors and efficient in terms of time and space overhead.



中文翻译:

ARMAND:基于原生检测的多模式防篡改防重包装

应用程序重新打包是指自定义现有移动应用程序并在野外重新分发以欺骗最终用户安装重新打包的应用程序而不是原始应用程序的做法。通过这种方式,攻击者可以出于不同目的将恶意负载嵌入到合法应用程序中,例如访问高级功能、重定向收入或访问用户的私人数据。在 Android 生态系统中,应用程序可在公共商店中获得,应用程序正确执行的唯一要求是进行数字签名。因此,重新包装威胁广泛传播。

反重新打包技术旨在使攻击的重新打包过程更加困难,在编译时在应用程序中添加逻辑控件(称为检测节点)。此类控件在运行时检查应用程序完整性以检测篡改。如果发现篡改,检测节点将导致重新打包的应用程序失败(例如,抛出异常)。从攻击者的角度来看,她必须检测并绕过所有控制才能安全地重新打包。

在这项工作中,我们提出了一种新的反重新包装方案——称为ARMAND——旨在克服当前保护方案的局限性。我们已将此方案实施到一个名为ARMANDroid的原型中,该原型利用多种保护模式并依赖于本机代码。ARMANDroid 在 30.000 个真实世界的 Android 应用程序上的评估阶段表明,该方案对常见的攻击向量具有鲁棒性,并且在时间和空间开销方面是有效的。

更新日期:2021-07-22
down
wechat
bug