On the effectiveness of code-reuse-based Android application obfuscation
Gespeichert in:
| Titel: | On the effectiveness of code-reuse-based Android application obfuscation |
|---|---|
| Autoren: | TANG, Xiaoxiao, LIANG, Yu, MA, Xinjie, LIN, Yan, GAO, Debin |
| Quelle: | Research Collection School Of Computing and Information Systems |
| Verlagsinformationen: | Institutional Knowledge at Singapore Management University |
| Publikationsjahr: | 2017 |
| Bestand: | Institutional Knowledge (InK) at Singapore Management University |
| Schlagwörter: | Obfuscation, Android application, Code reuse, Java Native Interface, Information Security |
| Beschreibung: | Attackers use reverse engineering techniques to gain detailed understanding of executable for malicious purposes, such as re-packaging an Android app to inject malicious code or advertising components. To make reverse engineering more difficult, researchers have proposed various code obfuscation techniques to conceal purposes or logic of code segments. One interesting idea of code obfuscation is to apply codereuse techniques (e.g., Return-Oriented Programming) to (re-)distribute essential code segments before they are reconstructed at runtime. Such techniques are well understood on x86 platform, but relatively less explored on Android. In this paper, we present an evaluation on the extent to which code-reuse-based techniques can be applied to obfuscate Android apps. Moreover, we extend code-reuse-based obfuscation to the Android platform by proposing an obfuscation mechanism for both Java and native code. Results show that 835 gadgets are found in the C standard library (libc.so) which cover the entire Turing complete set. Furthermore, we implement a semi-automatic tool named AndroidCubo and show that it protects both Java and native code with comparable security to those obfuscated with Java reflection at a small runtime overhead. |
| Publikationsart: | text |
| Dateibeschreibung: | application/pdf |
| Sprache: | English |
| Relation: | https://ink.library.smu.edu.sg/sis_research/3426; https://ink.library.smu.edu.sg/context/sis_research/article/4427/viewcontent/Ontheeffectivenessofcode_reuse_based.pdf |
| DOI: | 10.1007/978-3-319-53177-9_18 |
| Verfügbarkeit: | https://ink.library.smu.edu.sg/sis_research/3426 https://doi.org/10.1007/978-3-319-53177-9_18 https://ink.library.smu.edu.sg/context/sis_research/article/4427/viewcontent/Ontheeffectivenessofcode_reuse_based.pdf |
| Rights: | http://creativecommons.org/licenses/by-nc-nd/4.0/ |
| Dokumentencode: | edsbas.1C0FF06 |
| Datenbank: | BASE |
| Abstract: | Attackers use reverse engineering techniques to gain detailed understanding of executable for malicious purposes, such as re-packaging an Android app to inject malicious code or advertising components. To make reverse engineering more difficult, researchers have proposed various code obfuscation techniques to conceal purposes or logic of code segments. One interesting idea of code obfuscation is to apply codereuse techniques (e.g., Return-Oriented Programming) to (re-)distribute essential code segments before they are reconstructed at runtime. Such techniques are well understood on x86 platform, but relatively less explored on Android. In this paper, we present an evaluation on the extent to which code-reuse-based techniques can be applied to obfuscate Android apps. Moreover, we extend code-reuse-based obfuscation to the Android platform by proposing an obfuscation mechanism for both Java and native code. Results show that 835 gadgets are found in the C standard library (libc.so) which cover the entire Turing complete set. Furthermore, we implement a semi-automatic tool named AndroidCubo and show that it protects both Java and native code with comparable security to those obfuscated with Java reflection at a small runtime overhead. |
|---|---|
| DOI: | 10.1007/978-3-319-53177-9_18 |