LLVM-based Android Application Compile-time Virtualization Protection Method Research

With the rapid development of the mobile Internet,the Android platform has become popular and penetrates into every aspect of people's lives.Behind the development prospects,Android applications face serious security issues,which poses a huge threat to both application developers and users.Both the DEX file and the Davilk instructions are highly semantic,which makes it easy for reverse analyst to obtain Java source code from an application installation package.In order to prevent the Android program from being attacked by reverse analysis and the threat of repackaging,protection measures such as anti-tamper,obfuscation,packing are mainly used.However,these protection methods show various deficiencies in dynamic analysis.In view of the fact that the DEX file is easily decompiled and the SO file has insufficient protection,this paper comprehensively considers the particularity and complexity of the Android platform,and designs the system D2VM(DEX bytecode to VM-based Binary).The system converts the method in DEX into C code by means extraction and semantic recombination,and implements virtualization protection during the compilation stage.Compile-time virtualization protection is not only a stage of protection for core code in DEX,but also can be encapsulated as a separate security compilation chain acting on the regular Native program development process.As a result,the overall code security of an Android application is addressed once and for all through virtualization.The main research points of this paper include the following aspects:(1)Study the security mechanisms of the Android system,the basic principles,technical features,and technical disadvantages of the current mainstream protection methods.To overcome the shortcomings of current Android application protection methods,a compiletime virtualization protection scheme is proposed.(2)Research an ahead of time compilation method,analyze and design the code extraction and DEX-to-C conversion process,it converts the published bytecode method into a lowerlevel implementation.This conversion prevents applications from being dumped at runtime and allows virtualization protection machine can be applied to the upper layers of code.(3)Research on the LLVM-based Android program compile-time virtualization implementation,through the customization of the Android NDK toolchain to achieve a language-independent and platform-independent virtualization framework,to protect and hide the core code in Native layer in compilation process.(4)Design and implement the prototype system.Selecting the real-world application as test cases.A series of attack experiment and performance analysis experiment full prove that the prototype system has good practicability and anti-attack ability.