Research On Android Application Protection Based On Diversity Of Virtual Machines

Android operating system occupies a large market share in the field of smart terminals because of its open source and portable features.At the same time,the number of staff working on Android application development has been increasing,and the variety and number of Android applications in major application markets have increased,which is very convenient to people.However,Android application is facing some severe problems,such as cracking,pirate,advertisements addition and malicious code addition,which seriously damages the interests of users and Android developers.Therefore,how to strengthen Android application protection on the Internet has become an inevitable problem.According to this situation,this paper designs and implements a protection system of Android application which is based on the diversity of virtual machines.The main work is as follows:(1)This paper analyses the file structure of Android application and Dalvik virtual machine.And it points out the security threats of Android applications,including the static and dynamic attack techniques.According to reverse analysis,the paper elaborates the specific process of static and dynamic attack approaches.Moreover,this paper analyzes the defects in the existing protection technology of Android application as the followings: The code obfuscation technology is tended to be dynamically debugged.The overall encryption technology of Dex files is tended to be attacked by memory Dump.The encryption technology of Dex file extraction can be attacked by building a modified virtual machine.(2)This paper proposes an Android application protection method based on the diversity of virtual machines,aiming to overcome static and dynamic attacks,memory dump attacks and custom sheller cracking.Firstly,the core method instructions of the Android application are extracted through a static analysis technique.Secondly,the extracted method instructions are randomly replaced in a different protection process into a structured virtual instruction sequence.The diversity makes it impossible to crack the application by establishing a mapping relationship in reverse analysis,and the converted virtual instructions are interpreted and executed by custom virtual machines.This protection method not only can effectively prevent the attacker from directly reading the complete method code through reverse analysis,but also can prevent the original Dex file from obtaining through the memory dump.It breaks through the problem of cracked Dex file.(3)This paper implements dynamic defense method based on the diversity of virtual machines.For dynamic debugging attacks,the paper combines Ptrace detection and Inotify to monitor the essential files to anti-debug.If the application is in debugging state,an error message will pop up and the application will exit.For the detection of operating environment,according to the differences between the ARM architecture and the x86 architecture the paper determines the architecture of the running device to implement simulator detection.If Android application is detected that its current running environment is a simulator,the application will be terminated directly.(4)A protection system of Android application which is based on the diversity of virtual machines is tested in terms of availability,security,and operational efficiency.The experimental result shows that the system achieves the goal of effectively protecting the Android application within the acceptable range of performance loss,and the protected application can operate properly according to the original logic.