| The open source feature of Android system makes it develop rapidly,but also brings huge security risks to Android applications.The purpose of research on Android application security reinforcement method is to increase the cost of application cracking from two aspects of cracking time and difficulty.This paper focuses on how to realize the ability of anti-static attack and dynamic attack of the consolidated Android application without obviously affecting the performance of Android application.First of all,based on the analysis of the basic principles of the mainstream attack methods and the corresponding reinforcement technology defects,this paper proposes a fine-grained security hardening model for Android applications based on JNI mechanism and cloud reinforcement platform.The model can make the hardened Android applications have the ability to resist static,dynamic and repackaging attacks at the same time,So as to form a three-dimensional protection of Android applications.The structure of APK file,DEX file and so file involved in the model is analyzed.Secondly,in order to reduce the workload of Android applications after the virtual machine running reinforcement,a function code reinforcement method based on JNI mechanism is proposed,and the research work on the application package name and entry class name automatic extraction algorithm,DEX file class and member function extraction algorithm,so file reinforcement method,function code mapping,multi-dimensional simulator detection,etc.is carried out.Thirdly,aiming at the problems of easy access of APK files and lack of protection of shell removal program in the existing shell adding and shell removal scheme,a shell adding and shell removal technology scheme based on cloud reinforcement platform is proposed,and the processes of shell adding program and Android application shell removal program on platform end are designed,and the involved DEX file fusion and modification,anti tampering,dynamic loading and related instance replacement are studied Law and other key issues.Finally,the prototype of CRMA reinforcement system is designed and developed,and the results of this study are verified from three aspects: the availability of Android applications after reinforcement,the effectiveness of CRMA reinforcement system functions,and the performance changes of Android applications after reinforcement.The test results show that the application availability of Android strengthened by CRMA is high,and it can effectively resist the mainstream attack mode,and the additional system overhead generated by application reinforcement is within the acceptable range,which has little impact on the user experience. |
PDF Full Text Request