摘要
基于安卓平台应用极易被病毒或恶意软件攻击,除了其平台开源开放等原因外,移动应用自身代码保护强度较弱也是主要因素。针对该问题,以安卓平台应用为研究对象,分析移动应用安全威胁模型及代码安全需求,研究代码混淆、代码隐藏、代码加密及代码签名等代码保护技术机制及优缺点;设计并实现了安卓应用代码保护技术分析引擎,对实验数据进行分析和总结。结果表明,不同规模和类型的样本都存在一定比例应用,其代码保护强度较弱;特别地,应用规模越小,代码保护强度越弱,致使该类应用极其容易被恶意攻击。
Android platform-based applications are easily to be attacked by viruses or malware. Apart from the causes of the platforms being open source and opening and so on,the weaker protection ability of the mobile applications code itself is also a main factor. For this problem,in the paper we take Android platform applications as the research objects,analyse the security threats model and the codes security demands of the mobile applications,study the mechanisms of code protection techniques,such as code obfuscation,code-behind,code encryption and code signature,and describe their advantages and disadvantages; Then,we design and implement an Android application code protection technology analysis engine,and analyse and summarise the experimental data. Result shows that all the samples in different sizes and types have the Android applications to certain proportion,their code protection strengths are not strong; in particular,the smaller the scale of the applications,the weaker the code protection strength,and this results in such class of applications being maliciously attacked much easier.
出处
《计算机应用与软件》
CSCD
2016年第3期314-319,333,共7页
Computer Applications and Software
基金
中国计算机学会-腾讯科研基金项目(CCF-Tencent AGR20130105)
苏州市科技计划应用基础研究项目(SYG201406)
关键词
代码保护
移动应用
安卓
逆向工程
Code protection
Mobile application
Android
Reverse engineering
