代码纠缠：针对重包装攻击的新型Android应用自我保护方法研究

Inspired by a proof-of-storage technique for cloud storage call “data entanglement”, this project aims to explore a novel Android app self-protection method which we named “code entanglement”, in order to comprehensively investigate the problem of fighting app repackaging under the disadvantageous condition that Android system is by nature prone to reverse engineering and code tampering. In specific, the content of this project includes: (1) starting from a formal definition, establish the basic concept and methodology for the “code entanglement” idea; (2) set up the thread model that code entanglement must face, while define the key security notions for the method; (3) propose concrete technical tools for building the code entanglement system, starting from code obfuscation and software tamper-proofing methods; (4) establish a targeted evaluation system, and analyze performance and effectiveness of the proposed code entanglement method. Finally, this project also plans to build an automated code entanglement system for Android apps on top of the above researches..The goal of this project includes: for mitigating the shortcomings of the current anti-repackaging techniques, propose a new Android app self-protection method based on the “code entanglement” idea; provide technical solutions, practical realizations and security evaluation protocols for the newly proposed code entanglement model, and further establish an automated app protection system based on this model. Eventually, accomplish a complete system of new theory and techniques on Android anti-repackaging with full proprietary intellectual property rights.

本项目受应用于云存储数据安全的“数据纠缠”技术之启发，尝试探索“代码纠缠”这一新型Android应用自我保护方法，就Android系统在易于逆向工程、易于篡改的现状下对移动应用重包装攻击的防护问题进行深入研究。项目的研究内容包括：（1）从形式化定义出发，形成“代码纠缠”的基本概念与思想；（2）明确代码纠缠所面对的威胁模型及其主要安全概念；（3）从代码混淆和软件防篡改技术两方面入手，研究代码纠缠概念的具体实现方法；（4）分析代码纠缠方案的性能开销与安全强度，建立相应的评估体系。在此基础上，开发自动化的Android代码纠缠原型系统。.项目的目标是：以克服现有Android反重包装技术之主要缺陷为目标，利用“代码纠缠”思想构建新型Android应用自我保护方法，提供相应的技术方案、实现手段和评估方法，开发自动化的代码纠缠保护系统，力求形成具有自主知识产权的Android反重包装攻击新技术。

本项目受应用于云存储数据安全的“数据纠缠”技术之启发，尝试探索“代码纠缠”这一新型Android应用自我保护方法，就Android系统在易于逆向工程、易于篡改的现状下对移动应用重包装攻击的防护问题进行深入研究。项目的研究内容包括：（1）从形式化定义出发，形成“代码纠缠”的基本概念与思想；（2）明确代码纠缠所面对的威胁模型及其主要安全概念；（3）从代码混淆和软件防篡改技术两方面入手，研究代码纠缠概念的具体实现方法；（4）分析代码纠缠方案的性能开销与安全强度，建立相应的评估体系。在此基础上，开发自动化的Android代码纠缠原型系统。..本项目取得了丰硕的成果。其中包括：基于3x+1数学难题的软件水印及Android应用防篡改方法、基于API侧信道的Android应用敏感行为实时监测方法、基于GPU中断的侧信道攻击手段研究等。目前，本项目已在国际学术会议及期刊发表论文3篇、申请专利1项，并培养研究生6人。