| With the universality increasing of the mobile terminal, the mobile terminal operating system developed very rapidly, Android is a platform designed specifically for mobile devices, by the hardware platform independence of the application, good portability and openness, it quickly became one of the mainstream phone platform., at the same time, the Android user information security has also become the focus of the industry. But now, the research about Android Trojan and its protection domestic are lags behind foreign, and kernel-level Trojan aspects of research is still in closed technology stage. At current commonly used Trojan detection database, are lack of the data of Trojan which is update increasingly, that make it late for protecting against Trojan, what’s more, not only the general public but also the person who predominate locate political and economy issue, and the individual who predominate the latest information of official research institutions, are the user of Android system, with the promotion of the High-tech science and technology product, users are weak awareness on protecting personal information, High-tech crime, unknown leaks constantly threatens public personal information, absolutely, threatens country’s economy and political, for that, this paper surround the key technology of Android operating system Trojan, user-level and kernel-level.There are two detections on Rootkit which based on Linux:Static detection firstly self-define some system illegal actions, for example illegal memory access, illegal running path changes and so on, when found the action which match the self-define illegal actions, then send out invade warning, the defect of this detection is, there are a variety of operation systems, the self-define illegal actions can not make sure is accurate on so much operation systems; Dynamic detection firstly choose a safe system state, compare the system runtime state with the safe state every same short time, due to make sure whether Trojan exist in system, but this detection can not make sure when choose the safe state, there is no Trojan in system. So. current detection technology can not make sure the safe of Android system.This paper start from the topic background, take a brief description of the development status of the rootkit. secondly, the research object is the composition and structure of the Android system architecture, in-depth analysis of the architecture of the Android operating system、interprocess communication security mechanism and current commonly used Trojan detection technology and so on, thirdly, take the android system environment as a target to attack, analysis the attack principle and implement technology of Android system user-level Rootkit, combining system shared libraries injection technology, realize an user-level Trojan of Android system environment based on Rootkit which can hook process then inject dynamic library; finally, focus of analysis and research the process of Android system call, using the traditional rootkit technology based on LKM to intercept、replace and add Android system call, also, in-depth research of implement of Rootkit’s concealment based on LKM, to realize the kernel-level Trojan of Android with certain invisibility, these are helpful to take depth insight into the operation of Android system’s user-level and kernel-level Trojan based on Rootkit, and has important practical significance to further improve the security of the Android system, and also provide a good platform for further development of the research in this area.Due to the time, this page introduce in the Android system which based on Rootkit technology, as a attracter, the principle、mechanism and implement of attracting, to defending, just pick out some reference working. The direction of future research of this page should be locus on researching the network communication of Android system, the implement of remote communication based on Rootkit. to realize attract from network and remote control Android system. |
PDF Full Text Request