Research On Fast Recovery Method Of Android System Based On UnionFS

The rapid development of mobile Internet makes the security of mobile devices become more and more important,a variety of malicious applications to steal user privacy after another.To protect the security of user-sensitive information,researchers use an emulator-based analytics platform to analyze potential malware in application market.However,there is much fundamental difference between the emulator and the real equipment,so the malware can use these differences to detect the emulator,if the detection environment is the emulator,the malware will not run malicious code,which bypasses the analysis of the platform.Although there are some ways to modify the emulator to make it as much as possible like the real device,but there are many hardware-level differences can not be eliminated,such as CPU architecture differences,GPU performance differences,sensor differences,etc.Therefore,in order to continue to analyze the malicious application,deploy the analysis platform with real devices become another option.The first problem with real equipment is how to quickly restore the system to a trusted state.This is especially important in the analysis platform,because the malicious program in the process of being analyzed may damage the system,in order to ensure that each program in the analysis has a trusted operating environment,we must restore the system after the end of the privious tested application.Because the emulator is essentially a virtual machine,it can benefit from its snapshot function and can recover the system in seconds.Real equipment system recovery operation is generally restart to recovery mode,through the adb tool to the computer system image file brush into the device to achieve the purpose of recovery system,but the process is extremely time-consuming,up to about 140 seconds.At present,the only solution at home and abroad is BareDroid proposed by Mutti et al,it complete the data partition redundant backup,through the resumption of recovery mode to restore the use of data partition and unused data partition,saving a re-brush into the data partition time overhead,to a certain extent,speed up the system recovery speed,the fastest recovery system in about 32 seconds.But BareDroid's full backup solution wastes storage space and the 32-second system recovery process is still time-consuming and reduces the efficiency of the analytics platform.To solve this problem,this article through the UnionFS file system ported to the Android kernel,while the study of the Android system partition,boot process and Framework layer services,proposed a way to restore the system without reboot,and based on the Method to achieve in the real equipment on the rapid recovery of the Department of CleanDroid.In addition,this article uses TEE local metrics and SafetyNet remote authentication in two ways to achieve the run-time measurement of the Android system,supplemented by SELinux to further enhance the reliability of measurement results.Due to avoid the system restart and re-brush,significantly reducing the recovery system time.The test found that,CleanDroid can complete the system recovery in about 5 seconds.