Research And Design Android Application Security-enhanced Framework

In recent years,due to the freedom and openness of the Android system platform,the market share of Android-based smart phone continues to expand,and applications running on Android platform also showes a trend of inflation.Due to the low cost of application software development and the loose online release management,we can see a sharp increase in the number of malicious mobile applications.The research on the security of Android application software has been carried out at home and abroad.Compared with the static detection technology,dynamic detection technology has the advantage of monitoring running state of application software in a real-time way.But there are still some problems to be addressed,such as limited coverage,lack of research,inaccurate analysis of test results.In this paper,we study the dynamic detection technology of Android application software by utilizing the context state information generated by malicious behavior,and put forward the scheme of Android application security-enhanced framework.We design and implement a lightweight and efficient security-enhanced framework named App Secure covering two aspects: dynamic monitoring system and analysis of test results.1.the development of dynamic monitoring system: Based on the scheme of CopperDroid,App Secure analyzes system calls executed by application to reconstruct malicious behaviors of the software.We design and implement dynamic monitoring system by using Android kernel monitoring technology.App Secure uses LKM compilation technology to reduce the difficulty of deploying security-enhanced framework,and provides customizable application monitoring lists at the application layer.So the kernel monitor programs can remain a small thread control block and the cost of the system can be reduced.2.Analysis of test results: Based on the context analysis method of App Intent framework and the parameter information of system call behavior in application softwares,this paper proposes a policy language standard to describe the behavior of target application.The App Secure defines the five operations and three kinds of context of the application behavior by studying the change of the context information when the application softwares generate malicious behaviors,and puts forward the software threat judgment strategy for detecting privacy disclosure,information destruction and money consumption.From the perspective of coding,the design of App Secure security-enhanced framework is divided into three layers: application layer,middle layer and kernel layer.The kernel part of App Secure is designed as a loadable kernel module,which analyzes the kernel system calls to obtain information about the target application and reconstructs the upper-level behavior of the application.The application layer implements the User Interface and the core policy control module,analyzes the behavior and data information of the application software through the threat assessment strategy,obtains the threat evaluation result,and updates the security level and evaluation information of the application software to the User Interface.The middle layer acts as the bridge between the application layer and the kernel layer,and the data interaction between the application and the kernel driver is performed by modifying the middle layer interface of the Android system.In general,the App Secure security-enhanced framework can dynamically monitor the system call process of all installed applications.According to the experiment of 15 typical malicious softwares,it is proved that the software threat assessment method based on context state information is effective,and App Secure supports the rough classification of malicious software in order to reduce the difficulty for users to make choice.Verified by performance testing tools,the overall performance cost of the App Secure security-enhanced framework is less than 5%,which has a high practical value.