计算机科学 ›› 2020, Vol. 47 ›› Issue (2): 262-268.doi: 10.11896/jsjkx.190100117
苏祥,胡建伟,崔艳鹏
SU Xiang,HU Jian-wei,CUI Yan-peng
摘要: Android应用程序动态监测方案通常有3种实现形式:1)定制ROM镜像;2)在获取设备Root权限的情况下,修改系统文件或者利用ptrace技术对目标进程注入代码;3)重打包APK。这3种方式都是以侵入式方式实现,依赖于系统环境,难以部署到不同的设备上。针对上述问题,文中提出了一种基于插件化技术的非侵入式动态监测方案。该方案将监测系统以宿主App形式发布并安装到目标设备上;将待监测应用以插件形式加载到宿主App环境中运行,同时由宿主App加载相应的监控模块,完成对待监测App应用行为的动态监测。在待监测应用作为插件运行前,预先启动一个进程,通过动态代理方式对该进程中的Binder服务代理对象进行替换,将Binder服务请求重定向到虚拟服务进程中的虚拟服务进行处理,从而使待监测应用中的四大组件能在预先启动的进程中运行。然后,在待监测应用Application的初始化过程中加载Java层和Native层监控模块,完成监控。根据该思想,在VirtualApp沙箱基础上实现了原型系统AndroidMonitor,并在Nexus5设备上对其进行测试。实验结果表明,与其他方案相比,该方案虽然会使待监测应用的启动时间增加1.4s左右,但不需要获取设备系统Root权限,能够同时对Java层和Native层的敏感API进行监控;同时,引入了设备信息防护模块,以防止App监控过程中设备信息发生泄露。系统以App形式发布,容易部署到不同设备上,同时适应多种应用场景。
中图分类号:
[1]PAKW,CHA Y,YEO S.Detecting and tracing leaked private phone number data in Android smartphones[C]∥International Conference on Information Networking(ICOIN).IEEE,2015:503-508. [2]ZHENG M,SUN M,LUI J C S.DroidTrace:A ptrace based Android dynamic analysis system with forward execution capability[C]∥Wireless Communications and Mobile Computing Confe-rence (IWCMC).IEEE,2014:128-133. [3]SHEN K,YE X J,LIU X N,LI B.Android App behavior-intent inference based on API usage analysis[J].Journal of Tsinghua University,2017,57(11):1139-1144. [4]ARZT S,RASTHOFER S,FRITZ C,et al.Flowdroid:Precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for android apps[J].Acm Sigplan Notices,2014,49(6):259-269. [5]ENCK W,GILBERT P,HAN S,et al.TaintDroid:an information-flow tracking system for realtime privacy monitoring on smartphones[J].ACM Transactions on Computer Systems (TOCS),2014,32(2):5-34. [6]REINA A,FATTORI A,CAVALLARO L.A system call-centric analysis and stimulation technique to automatically reconstruct android malware behaviors.EuroSec,April,2013. [7]FAN W,SANG Y,ZHANG D,et al.DroidInjector:A process injection-based dynamic tracking system for runtime behaviors of Android applications[J].Computers & Security,2017,70:224-237. [8]YANG C,XU Z Y,GU G F,et al.DroidMiner:Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications[C]∥European Symposium on Research in Computer Security.2014:163-182. [9]SCHREIBER T.Android BinderAndroid Interprocess Communication∥Seminar thesis,Ruhr-Universität Bochum,2011. [10]CONSTANTINESCU A S.Ensuring privacy in the android os by hooking methods in its api[J].Journal of Mobile,Embedded and Distributed Systems,2015,7(3):107-112. [11]CHEN X Y,WANG D Q.Research and Implementation of Android Proxy Based on Dynamic Agent [J].Industrial Control Computer,2017(7):99-100. [12]JI S B.Basic principles of VirtualApp[EB/OL].http://rk700.github.io/2017/03/15/virtualapp-basic/. [13]JIA P,HE X,LIU L,et al.A framework for privacy information protection on Android[C]∥2015 International Conference on Computing,Networking and Communications (ICNC).IEEE,2015:1127-1131. [14]WIβFELD M.ArtHook:Callee-side Method Hook Injection on the New Android Runtime ART.Saarbrücken:Saarland University,2015. [15]WEI S.AOP implementation on ART [EB/OL].http://wei-shu.me/2017/11/23/dexposed-on-art/. [16]JIANG X,ZHANG H X,MU D J A Method for Dynamically Monitoring Android Applications [J].Journal of Northwestern Polytechnical University,2016,34(6):1074-1081. [17]vul_wish.Inspeckage-Android Package Inspector[EB/OL].https://www.freebuf.com/sectool/98607.html. [18]vul_wish.Inspeckage:安卓动态分析工具[EB/OL].https://www.freebuf.com/sectool/98607.html. [19]Tencent.GT[EB/OL].https://gt.qq.com/index.html. |
[1] | 孙雅静,赵旭,颜学雄,王清贤. 面向数据泄漏的Web沙箱测试方法 Data Leakage Oriented Testing Method for Web Sandbox 计算机科学, 2017, 44(Z11): 322-328. https://doi.org/10.11896/j.issn.1002-137X.2017.11A.068 |
[2] | 刁铭智,周渊,李舟军,赵宇飞. 基于Wine的Windows安全机制模拟及沙箱系统实现 Windows Security Mechanisms Simulation and Sandbox System Implementation Based on Wine 计算机科学, 2017, 44(11): 246-252. https://doi.org/10.11896/j.issn.1002-137X.2017.11.037 |
[3] | 毛斐巧 齐德昱. 适应性构件设计实现关键问题研究 计算机科学, 2008, 35(4): 268-272. |
[4] | . 一个组件安全自动化测试平台的设计与实现 计算机科学, 2008, 35(12): 229-233. |
[5] | 张阳 曹迎春 黄皓 谢立. 移动Agent系统中的安全问题和技术研究综述 计算机科学, 2005, 32(3): 21-25. |
|