DexDefender: A DEX Protection Scheme to Withstand Memory Dump Attack Based on Android Platform

doi:10.19729/j.cnki.1673-5188.2018.03.008

ZTE Communications ›› 2018, Vol. 16 ›› Issue (3): 45-51.DOI: 10.19729/j.cnki.1673-5188.2018.03.008

• Research Paper • Previous Articles Next Articles

DexDefender: A DEX Protection Scheme to Withstand Memory Dump Attack Based on Android Platform

RONG Yu¹, LIU Yiyi¹, LI Hui¹, WANG Wei²

1.Beijing University of Posts and Telecommunications, Beijing 100876, China
2.Government & Enterprise Communications Institute, ZTE Corporation, Nanjing 210012, China

Online:2018-08-25 Published:2020-03-18
About author:RONG Yu (463397867@qq.com) graduated from Xidian University, China in 2015 and now she is studying for her master’s degree at the Beijing University of Posts and Telecommunications (BUPT), China. Her research interests are software security and information security.|LIU Yiyi (793645428@qq.com) graduated from University of Electronic Science and Technology of China (UESTC) in 2016 and now she is studying for her master’s degree at the Beijing University of Posts and Telecommunications (BUPT). Her research interests are software security and information security.|LI Hui (lihuill@bupt.edu.cn) got her Ph.D. in cryptography from BUPT, China in 2005. From July 2005, she has been working at BUPT as lecturer and associate professor. Her research interests are cryptography and its applications, information security, and wireless communication security.|WANG Wei (wang.wei8@zte.com.cn) received her B.S. degree from Nanjing University of Aeronautics and Astronautics, China. She is an engineer and project manager in the field of mobile Internet at Government & Enterprise Communications Institute of ZTE Corporation. Her research interests include new mobile Internet services and applications, PaaS, terminal application development, and other technologies. She has authored five academic papers.

Abstract

Abstract:

Since Dalvik Executable (DEX) files are prone to be reversed to the Java source code using some decompiling tools, how to protect the DEX files from attackers becomes an important research issue. The traditional way to protect the DEX files from reverse engineering is to encrypt the entire DEX file, but after the complete plain code has been loaded into the memory while the application is running, the attackers can retrieve the code by using memory dump attack. This paper presents a novel DEX protection scheme to withstand memory dump attack on the Android platform with the name of DexDefender, which adopts the dynamic class-restoration method to ensure that the complete plain DEX data not appear in the memory while the application is being loaded into the memory. Experimental results show that the proposed scheme can protect the DEX files from both reverse engineering and memory dump attacks with an acceptable performance.

Key words: Android, DEX, memory dump, reverse engineering

RONG Yu, LIU Yiyi, LI Hui, WANG Wei. DexDefender: A DEX Protection Scheme to Withstand Memory Dump Attack Based on Android Platform[J]. ZTE Communications, 2018, 16(3): 45-51.

Figures/Tables 10

References 10

[1]	E. Ravenscraft. ( 2012, Jul. 31). Just how bad is app piracy on android anyway? Hint: we’re asking the wrong question. [Online]. Available:
[2]	M. T Yuan , “China Mobile Payment Security Report,” Business Culture, pp. 54-56, May 2014.
[3]	Y. C. Moon, J. H. Noh, A. R. Kim , et al., “Design of copy protection system for android platform,” in International Conference on Information Technology, System and Management, Chongqing, China, 2012.
[4]	Y. S. Jeong, J. C. Moon, D. Kim , et al., “An anti-piracy mechanism based on class separation and dynamic loading for android application,” in ACM Research in Applied Computation Symposium, San Antonio, USA, 2012, pp. 328-332. doi: 10.1145/2401603.2401674.
[5]	C. Collberg, C. Thomborso, D. Low. (1997). A taxonomy of obfuscating transformations [Online]. Available:
[6]	B. Yadegari, B. Johannesmeyer, B. Whitely, S. Debray , “A generic approach to automatic deobfuscation of executable code,” in IEEE Symposium on Security and Privacy, San Jose, USA, pp. 674-691, 2015. doi: 10.1109/SP.2015.47.
[7]	W. Zhou, Y. Zhou, M. Grace, X. Jiang, S. Zou , “Fast, scalable detection of ‘piggybacked’ mobile application,” in ACM Conference on Data and Application Security and Privacy, San Antonio, USA, pp. 185-196, 2013. doi: 10.1145/2435349.2435377.
[8]	W. Zhou, X. Zhang, X. Jiang , “AppInk: watermarking android apps for repackaging deterrence,” in Proc. 8th ACM SIGSAC Symposium on Information, Computer and Communications Security (ASLA CCS’13), Hangzhou, China, pp. 1-12, 2013. doi: 10.1145/2484313.2484315.
[9]	Z. J. Dong, W. Wang, H. Li , et al., “SeSoa: security enhancement system with online authentication for android APK,” ZTE Communications, vol. 14, no.S0,pp. 44-50, Jun. 2016. doi: 10.3969/j.issn.1673-5188.2016.S0.005.
[10]	R. X. Fan, D. Y. Fang, Z. Y. Tang , et al., “A method of preventing android app repackaging based on code splitting,” Journal of Chinese Mini-Micro Computer Systems, vol. 37, no.9,pp. 1969-1974, Sept. 2016.

APK	APK version	Mean of the initial startup time before reinforcement (ms)	Mean of the initial startup time after reinforcement (ms)	Mean of the restart time before reinforcement (ms)	Mean of the restart time after reinforcement (ms)	Initial startup time increment (ms)	Restart time increment (ms)
DicProvider	1	399	717	378	276	318	-102
file_rc4	1	377	815	162	352	438	190
calculator	1	299	680	180	320	381	140
appstore	1	568	942	480	496	374	16
autorun	null	223	1213	219	246	990	27
iietransfer	2.1.0901.2146	785	2037	835	813	1252	-22
baifashop	1.0.0	2920	4184	1827	2875	1264	1048
MicroMessage	1	346	761	340	524	415	184
KuaiGeng	2.1.1	1119	4853	550	2534	3934	1984
Ofo	1.8.9	2358	4784	2524	3170	2426	646
Flipboard	3.5.3.0	2563	5819	2487	4239	3256	1752
Course plaid	9.0.4	1140	4694	1425	2254	3554	829
Gaokao Bang	4.1.1	1198	3969	603	2251	2771	1648
Dubbing hall	1.6.02.01	620	3378	595	1216	2758	621
Translator	5.8.1	2208	6216	2435	3056	4008	621
Tuhua	7.9.A.2.0	948	4113	847	1935	3165	1088
Lily	6.9.0	2368	5990	2385	3899	3622	1514
Yaolan	2.2.2	2580	6172	2297	4290	3592	1993
Xiao D Location	1.0.1	844	3693	645	1610	2849	965
Chuangbie Bookstore	4.1.1	756	3018	1567	2684	2262	1117

APK	APK version	Mean of the initial startup time before reinforcement (ms)	Mean of the initial startup time after reinforcement (ms)	Mean of the restart time before reinforcement (ms)	Mean of the restart time after reinforcement (ms)	Initial startup time increment (ms)	Restart time increment (ms)
DicProvider	1	399	717	378	276	318	-102
file_rc4	1	377	815	162	352	438	190
calculator	1	299	680	180	320	381	140
appstore	1	568	942	480	496	374	16
autorun	null	223	1213	219	246	990	27
iietransfer	2.1.0901.2146	785	2037	835	813	1252	-22
baifashop	1.0.0	2920	4184	1827	2875	1264	1048
MicroMessage	1	346	761	340	524	415	184
KuaiGeng	2.1.1	1119	4853	550	2534	3934	1984
Ofo	1.8.9	2358	4784	2524	3170	2426	646
Flipboard	3.5.3.0	2563	5819	2487	4239	3256	1752
Course plaid	9.0.4	1140	4694	1425	2254	3554	829
Gaokao Bang	4.1.1	1198	3969	603	2251	2771	1648
Dubbing hall	1.6.02.01	620	3378	595	1216	2758	621
Translator	5.8.1	2208	6216	2435	3056	4008	621
Tuhua	7.9.A.2.0	948	4113	847	1935	3165	1088
Lily	6.9.0	2368	5990	2385	3899	3622	1514
Yaolan	2.2.2	2580	6172	2297	4290	3592	1993
Xiao D Location	1.0.1	844	3693	645	1610	2849	965
Chuangbie Bookstore	4.1.1	756	3018	1567	2684	2262	1117

APK	APK version	Mean of the initial startup time before reinforcement (ms)	Mean of the initial startup time after reinforcement (ms)	Mean of the restart time before reinforcement (ms)	Mean of the restart time after reinforcement (ms)	Initial startup time increment (ms)	Restart time increment (ms)
DicProvider	1	388	820	398	704	432	306
file_rc4	1	364	740	390	731	376	341
calculator	1	273	701	277	712	428	435
appstore	1	437	862	838	813	425	-25
autorun	null	338	744	218	711	406	493
iietransfer	2.1.0901.2146	972	1533	1055	1491	561	436
baifashop	1.0.0	1647	3756	1679	3356	2109	1677
MicroMessage	1	376	702	343	722	326	379
KuaiGeng	2.1.1	1882	2525	706	1885	643	1179
Ofo	1.8.9	4369	5923	2850	3734	1554	884
Flipboard	3.5.3.0	1926	4604	1595	3586	2678	1991
Course plaid	9.0.4	1925	2733	1099	2184	808	1085
Gaokao Bang	4.1.1	871	2662	368	1349	1791	981
Dubbing hall	1.6.02.01	527	2526	559	2268	1999	1709
Translator	5.8.1	1786	4236	1108	2703	2450	1595
Tuhua	7.9.A.2.0	1051	2728	842	2221	1677	1379
Lily	6.9.0	2340	5909	1306	2529	3569	1223
Yaolan	2.2.2	1429	4073	1284	3169	2644	1885
Xiao D Location	1.0.1	708	2138	663	2590	1430	1927
Chuangbie Bookstore	4.1.1	493	2510	1070	2947	2017	1877

APK	APK version	Mean of the initial startup time before reinforcement (ms)	Mean of the initial startup time after reinforcement (ms)	Mean of the restart time before reinforcement (ms)	Mean of the restart time after reinforcement (ms)	Initial startup time increment (ms)	Restart time increment (ms)
DicProvider	1	388	820	398	704	432	306
file_rc4	1	364	740	390	731	376	341
calculator	1	273	701	277	712	428	435
appstore	1	437	862	838	813	425	-25
autorun	null	338	744	218	711	406	493
iietransfer	2.1.0901.2146	972	1533	1055	1491	561	436
baifashop	1.0.0	1647	3756	1679	3356	2109	1677
MicroMessage	1	376	702	343	722	326	379
KuaiGeng	2.1.1	1882	2525	706	1885	643	1179
Ofo	1.8.9	4369	5923	2850	3734	1554	884
Flipboard	3.5.3.0	1926	4604	1595	3586	2678	1991
Course plaid	9.0.4	1925	2733	1099	2184	808	1085
Gaokao Bang	4.1.1	871	2662	368	1349	1791	981
Dubbing hall	1.6.02.01	527	2526	559	2268	1999	1709
Translator	5.8.1	1786	4236	1108	2703	2450	1595
Tuhua	7.9.A.2.0	1051	2728	842	2221	1677	1379
Lily	6.9.0	2340	5909	1306	2529	3569	1223
Yaolan	2.2.2	1429	4073	1284	3169	2644	1885
Xiao D Location	1.0.1	708	2138	663	2590	1430	1927
Chuangbie Bookstore	4.1.1	493	2510	1070	2947	2017	1877

DexDefender: A DEX Protection Scheme to Withstand Memory Dump Attack Based on Android Platform

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 10

References 10

Related Articles 5

Recommended Articles

Metrics

[1]	CHEN Kuan-Lin, YANG Chung-Huang. Design and Implementation of Privacy Impact Assessment for Android Mobile Devices [J]. ZTE Communications, 2016, 14(S0): 37-43.
[2]	DONG Zhenjiang, WANG Wei, LI Hui, ZHANG Yateng, ZHANG Hongrui, ZHAO Hanyu. SeSoa: Security Enhancement System with Online Authentication for Android APK [J]. ZTE Communications, 2016, 14(S0): 44-50.
[3]	QIN Zhongyuan, PAN Wanpeng, XU Ying, FENG Kerong, and YANG Zhongyun. An Efficient Scheme of Detecting Repackaged Android Applications [J]. ZTE Communications, 2016, 14(3): 60-66.
[4]	Shengmei Luo, Di Zhao, Wei Ge, Rong Gu, Chunfeng Yuan, and Yihua Huang. HMIBase: An Hierarchical Indexing System for Storing and Querying Big Data [J]. ZTE Communications, 2014, 12(4): 8-15.
[5]	Zhenjiang Dong, Hui Ye, Yan Wu, Shaoyin Cheng, and Fan Jiang. Android Apps: Static Analysis Based on Permission Classification [J]. ZTE Communications, 2013, 11(1): 62-66.