北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2018, Vol. 41 ›› Issue (6): 1-6,13.doi: 10.13190/j.jbupt.2018-017

• 论文 •    下一篇

一种基于CFI保护的Android Native代码保护框架

张文1, 刘文灵2, 李晖2, 陈泽2, 牛少彰1   

  1. 1. 北京邮电大学 智能通信软件与多媒体北京市重点实验室, 北京 100876;
    2. 北京邮电大学 网络空间安全学院, 北京 100876
  • 收稿日期:2018-01-15 出版日期:2018-12-28 发布日期:2018-12-24
  • 作者简介:张文(1981-),男,博士生,E-mail:roy.zhang@bupt.edu.cn;李晖(1970-),女,副教授.
  • 基金资助:
    国家自然科学基金项目(61628202)

A Protection Framework for Android Native Code Based on CFI

ZHANG Wen1, LIU Wen-ling2, LI Hui2, CHEN Ze2, NIU Shao-zhang1   

  1. 1. Beijing Key Laboratory of Intelligent Telecommunication Software and Multimedia, Beijing University of Posts and Telecommunications, Beijing 100876, China;
    2. School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China
  • Received:2018-01-15 Online:2018-12-28 Published:2018-12-24

摘要: 针对Android应用的native代码面对的关键代码提取攻击和恶意代码植入攻击问题,提出了一个基于控制流完整性(CFI)保护的代码保护框架DroidCFI.该框架通过对被保护应用进行静态分析,提取其native代码的控制流特征,向开发者提供可视化策略配置视图设定关键函数,并根据策略配置生成对应的加固代码,与被保护应用的其他部分一起形成目标应用;目标应用在运行时,通过对关键函数进行动态CFI检查判定是否遭遇上述攻击,从而达到保护目的.实验结果表明,DroidCFI能够通过极小的性能开销实现对应用软件native代码的安全性保护.

关键词: native代码, 关键代码提取攻击, 恶意代码植入攻击, 控制流完整性保护

Abstract: A native code reinforcement framework based on control-flow integrity (CFI), DroidCFI is proposed, to prevent native code of Android applications from core code extraction and malicious injection. This framework can extract the control-flow features of subroutine invocation process by static analysis, provide developers with a visual policy configuration view to set the reinforced points, generate the reinforcement code based on the CFI policy, and integrate the verification module into the target application. Then a CFI check is enforced during the run-time of the application to defend against the malicious attack. Experiments show that DroidCFI can provide secure protection to native code of applications by minimal performance overhead.

Key words: native code, core code extraction attack, malicious code injection attack, control-flow integrity protect

中图分类号: