[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN109255235B - Mobile application third-party library isolation method based on user mode sandbox - Google Patents

Mobile application third-party library isolation method based on user mode sandbox Download PDF

Info

Publication number
CN109255235B
CN109255235B CN201811083714.8A CN201811083714A CN109255235B CN 109255235 B CN109255235 B CN 109255235B CN 201811083714 A CN201811083714 A CN 201811083714A CN 109255235 B CN109255235 B CN 109255235B
Authority
CN
China
Prior art keywords
code
file
class
smali
party library
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811083714.8A
Other languages
Chinese (zh)
Other versions
CN109255235A (en
Inventor
李金库
朱孝南
邱军
周亚金
马建峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shaanxi Shutuxing Information Technology Co ltd
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201811083714.8A priority Critical patent/CN109255235B/en
Publication of CN109255235A publication Critical patent/CN109255235A/en
Application granted granted Critical
Publication of CN109255235B publication Critical patent/CN109255235B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Stored Programmes (AREA)

Abstract

本发明提供基于用户态沙箱的移动应用第三方库隔离方法,基于代码改写实现,包括第三方库代码改写和动态加载代码改写两个部分。第三方库代码改写部分,采用自定义接口的调用代码替换掉第三方库本身的敏感API的调用代码,使得第三方库代码中隐私敏感的行为都被限制在用户态沙箱中,第三方库的权限受到了很好地约束;动态加载代码改写部分主要被改写后的第三方库在运行过程中使用,当第三方动态加载代码时,动态加载的代码会被实时上传到服务器进行改写为自定义接口的调用代码,解决了已有代码改写方案不能处理的动态代码加载问题。本发明通过对已有第三方库的字节码和动态加载代码进行改写,保护应用和用户的隐私安全。

Figure 201811083714

The invention provides a mobile application third-party library isolation method based on a user state sandbox, which is implemented based on code rewriting and includes two parts: third-party library code rewriting and dynamic loading code rewriting. The third-party library code rewriting part uses the calling code of the custom interface to replace the sensitive API calling code of the third-party library itself, so that the privacy-sensitive behaviors in the third-party library code are restricted to the user-mode sandbox. The permissions are well constrained; the rewriting part of the dynamically loaded code is mainly used by the rewritten third-party library during the running process. When the third-party dynamically loads the code, the dynamically loaded code will be uploaded to the server in real time for rewriting as self- The calling code of the interface is defined, which solves the problem of dynamic code loading that cannot be handled by existing code rewriting solutions. The present invention protects the privacy and security of applications and users by rewriting the byte codes and dynamic loading codes of existing third-party libraries.

Figure 201811083714

Description

Mobile application third-party library isolation method based on user state sandbox
Technical Field
The invention belongs to the field of mobile security, relates to authority protection of a mobile application third-party library, and particularly relates to a mobile application third-party library isolation method based on a user state sandbox.
Background
Currently, applications on the Android platform are mostly free. Application developers often incorporate one or more third party libraries in free applications to reduce their development efforts or to profit through advertising revenue.
According to the existing permission control model of Android, the permission of the application is applied and distributed through a configuration file when the application is installed for the first time, that is, all components in the application share one permission strategy, so that a third-party library integrated in the application inherits all permissions of the application, wherein the permissions include some permissions which are not used by the third-party library. These third party libraries are often provided to developers in the form of jar packages, so the developers do not know what they will do in their own applications, such as reading user address books, short messages, geographical location information, etc. As a developer, even if the third-party library is configured in the process of integrating the third-party library, the conventional Android permission control mechanism is too rough, and the separate monitoring of different module permissions in the application cannot be realized.
The authority of the third-party library can not be controlled by a developer, and can not be distinguished from the application by the Android framework layer, so that the potential safety hazard of the third-party library is more and more sensitive. First, since third-party libraries inherit the permissions of applications, they can perform sensitive operations by detecting the permissions that an application has, abusing those permissions, reading the user's private data. Secondly, since the third-party library runs in the context of the application, the framework layer and the operating system do not strictly distinguish the third-party library from the application itself, and the third-party library can freely read the file of the application, which may also result in modification of application information or leakage of application privacy data. Third, even where third party libraries are trusted, these third party libraries may themselves have vulnerabilities that attackers may utilize to attack applications.
In order to deal with the potential safety hazard in the third-party library, a plurality of researchers provide corresponding solutions. For example, AdDroid [ Paul Pearce et al, ACM conference ] at Berkeley, California university, USA, proposes to design a new API for the third-party library, thereby separating the operation of the third-party library into one system service for execution; the rights operations are separate, but this requires the participation of a third party library and is therefore opaque to the third party library. The AFrame of snow city university of America [ Xiao Zhang et al, ACSAC conference ] separates the third party library into a process of a single UID for execution, thereby enabling the third party library and the application to be two different applications and separating the authority; but it modifies the framework layer code of the system, requiring ROOT privileges or rebooting, and therefore has limited feasibility. The patent refers to the field of 'transmission of digital information'.
Disclosure of Invention
In order to make up for the defects of the prior art, the invention provides a mobile application third-party library isolation method based on a user-mode sandbox, which is a method for isolating a third-party library realized on a user layer.
The invention is realized by the following technical scheme:
a mobile application third-party library isolation method based on a user state sandbox comprises the following steps:
(1) rewriting the calling code of the third-party library sensitive API:
(1.1) initializing input and output:
(1.11) initializing a directory where the JAR package is located, and generating a tmp _ class folder;
(1.12) initializing a JAR package output directory to generate an out folder;
(1.13) loading predefined sensitive API information;
(1.14) adding a custom interface class corresponding to the sensitive API in the tmp _ class folder;
(1.2) rewriting the tool package by using the byte codes, traversing the JAR package to be rewritten, and acquiring information lists of all classes in the JAR package;
(1.3) traversing and rewriting each class in the JAR package, and replacing a sensitive API calling code in the JAR package with a corresponding custom interface calling code;
and (1.4) packaging the rewritten class files to generate a new JAR package to the directory tmp _ class folder.
Preferably, (1.13) loading the predefined sensitive API information specifically operates to:
(1.131) defining sensitive API information needing to be rewritten by a developer according to needs, wherein the sensitive API information comprises a class name, a method name and a method signature, and the sensitive API information is stored in a file;
(1.132) reading the file of the sensitive API information, and analyzing the class name, the method name and the method signature.
Preferably, (1.14) is specifically operative to:
(1.141) defining a corresponding custom interface according to the sensitive API information, returning a false value in the custom interface or directly blocking the original operation to generate a custom interface class;
(1.142) adding the custom interface class to the rewritten class file directory tmp _ class folder.
4. The user state sandbox based mobile application third party library isolation method of claim 1, wherein in (1.2), the bytecode rewriting toolkit employs javasist.
Preferably, (1.3) is specifically operative to:
(1.31) loading byte codes of classes from the JAR package;
(1.32) traversing and searching calling codes of the sensitive API in the byte codes according to the loaded sensitive API information;
(1.33) rewriting calling codes of the sensitive API and replacing the calling codes with calling codes of the corresponding custom interfaces;
(1.34) writing the rewritten bytecode back to the class file, and placing the class file in the rewritten class file directory tmp _ class folder.
Preferably, the method further comprises the following steps:
(2) rewriting third-party library dynamic loading code:
(2.1) initializing the input output directory:
(2.11) initializing a directory for receiving the dynamic loading file and generating an in folder;
(2.12) initializing a directory for storing the smali file, and generating a tmp _ smali folder;
(2.13) initializing the dynamic loading code to rewrite the output directory and generating an out folder;
(2.2) when the client dynamically loads the code in the running process, uploading the dynamically loaded code to the server for rewriting;
(2.3) the server receives the dynamic loading code uploaded by the client;
(2.4) the server preliminarily processes the dynamic loading code, and extracts a dex file;
(2.5) decompiling the dex file by utilizing a smali/bakamali tool chain to generate various kinds of smali files, and storing the smali files into a tmp _ smali folder;
(2.6) adding a custom interface class corresponding to the sensitive API into a tmp _ smal folder in the rewritten smal file directory;
(2.7) traversing each of the smali files, searching a calling code of the sensitive API and replacing the calling code with a calling code of a corresponding custom interface;
(2.8) compiling the tmp _ smal folder in the rewritten smali file directory by utilizing a smali/bakmali tool chain to generate a new dex file and converting the dex file into a dynamic loading code in an original format;
and (2.9) the server side informs the client side to download the rewritten dynamic loading codes and to load and execute the codes.
Further, (2.4) is specifically operative to:
(2.41) if the dynamic loading code is the apk file, extracting dex;
(2.42) if the dynamic loading code is a jar file, extracting dex;
(2.43) if the dynamic loading code is the dex file, directly entering the next step.
Further, (2.7) is specifically operative to:
(2.71) reading the contents of the smali file;
(2.72) traversing and searching calling codes of sensitive APIs in the smali;
(2.73) rewriting the calling codes of the sensitive API and replacing the calling codes with the calling codes of the corresponding custom interfaces;
(2.74) writing the rewritten smali code back to the smali file and placing the rewritten smali code in a tmp _ smali folder in the rewritten smali file directory.
Compared with the prior art, the invention has the following beneficial technical effects:
the method is realized based on code rewriting, the codes of the existing third-party library are analyzed and rewritten, the calling codes of the sensitive API are replaced, privacy-sensitive behaviors in the codes of the third-party library are all limited in the user-mode sandbox through rewriting of the codes of the third-party library, the authority of the third-party library is well restricted, and the method can be used for protecting user privacy data in mobile equipment from being stolen by a malicious third-party library. The invention has good expandability as a loosely coupled framework. The method mainly rewrites the third-party library according to the configuration file provided by the developer, and can rewrite the calling codes of the new sensitive API in the third-party library as long as the information of the new sensitive API and the corresponding custom interface function are defined. The method makes up the defects of the current permission model of the android system, can make independent limitation on the permission of the third-party library in the mobile application, prevents the third-party library from abusing the permission of the host application, and harms the privacy and safety of users and applications. The invention is mainly realized in the user layer and has obvious advantages compared with the prior scheme. Compared with the traditional system level solution, the system source code does not need to be modified, the ROOT authority does not need to be applied, and the system can be used as an independent tool, so that the system is easy to use and popularize. Compared with the existing byte code rewriting scheme, the method mainly works in the development stage, directly processes the third-party library, and does not need to process code confusion in the existing application.
Furthermore, the invention also monitors the behavior of the third-party library for dynamically loading the code, when the third-party dynamically loads the code, the dynamically loaded code can be uploaded to the server in real time for rewriting, thereby solving the problem that the dynamic code loading cannot be processed by the existing code rewriting scheme, further preventing the third-party library from abusing the authority of the host application, and more effectively protecting the privacy and the safety of the user and the application.
Drawings
FIG. 1 is a third party library rewrite module workflow of the present invention;
FIG. 2 is a third-party library dynamic loading code rewrite module workflow of the present invention.
Detailed Description
The present invention will now be described in further detail with reference to specific examples, which are intended to be illustrative, but not limiting, of the invention. Referring to fig. 1 and 2, the present invention includes two parts, a third-party library rewrite module and a dynamic load code rewrite module. The dynamic loading code rewriting module is mainly used by the third-party library in the running process and is used for rewriting the code dynamically loaded by the third-party library.
Third party library sensitive API call code rewrite
Referring to fig. 1, the detailed implementation of this section is as follows:
step 1, initializing input and output.
The part is mainly used for rewriting the JAR file of the third-party library, so the system firstly initializes the storage directory of the hash file after the JAR file is rewritten and the output directory of the JAR package after the JAR file is rewritten.
And (1.1) initializing a directory where the JAR package is located, and generating a tmp _ class folder.
And (1.2) initializing the JAR package output directory to generate an out folder.
(1.3) loading predefined target sensitive API information;
the method mainly isolates the code of the third-party library according to the requirement of a developer and limits the specified behavior of the third-party library, so that the method needs the developer to specify the sensitive API call list of the third-party library needing to be limited according to the format provided by the invention, and the system rewrites the byte code of the third-party library according to the sensitive API information provided by the developer and controls the call of the specified sensitive API in the third-party library.
(1.31) defining sensitive API information needing to be rewritten by a developer according to the requirement, wherein the sensitive API information comprises a class name, a method name and a method signature, and storing the sensitive API information in a file;
the sensitive API information mainly comprises class names, method names and method signatures, the sensitive API information is separated by commas and is arranged according to a row, a developer can put all sensitive API information into a txt file, and a system can read the file and analyze the file according to the rules.
(1.32) reading a file of the sensitive API information, and analyzing a class name, a method name and a method signature;
the system reads out the sensitive API information from the file provided by the developer, and analyzes and stores the sensitive API information into the system for use when the subsequent codes are rewritten.
(1.4) adding a custom interface class corresponding to the sensitive API in the tmp _ class folder;
the custom interface class is mainly used by the rewritten third-party library to replace a system sensitive API, and the original privacy sensitive operation of the third-party library is blocked.
(1.41) defining a corresponding custom interface according to the sensitive API information, and returning a false value in the custom interface or directly blocking the original operation;
the custom interface is mainly used for blocking original operation of the third-party library, and different system privacy APIs have different return values, so that the method has different processing modes aiming at different system privacy APIs. For example, a self-defined interface corresponding to the short message sending API directly returns a null value without any operation; and the custom interface corresponding to the API for obtaining the device ID may return a false device ID to spoof the third party library. Therefore, the private data of the user and the application can be prevented from being stolen by the third-party library, and the third-party library can be prevented from running abnormally or crashing due to the blocked operation.
(1.42) writing the custom interface into the new class as an independent class to be rewritten and used by the code;
(1.43) adding the custom interface class into a tmp _ class folder in the rewritten class file directory;
since the custom interface class is finally called by the rewritten third-party library, the class file needs to be added to the rewritten third-party library.
Step 2, rewriting the javasissst of the toolkit by using the byte codes, traversing the JAR package to be rewritten, and acquiring a list of all classes in the JAR package, wherein the list comprises a package name and a class name;
the part adopts a javasissist tool to rewrite the byte codes of the third-party library, and the javasissist tool supports the extraction of the specified classes from the JAR files for rewriting, so that all class file lists in the JAR package are obtained firstly, and then rewriting is performed one by one according to the lists.
Step 3, traversing and rewriting each class in the JAR package, and replacing a sensitive API calling code therein;
the main working principle of the invention is to rewrite the code of the third-party library, rewrite the calling code of the system sensitive API in the code of the third-party library, and replace the calling code of the corresponding self-defined interface, and the self-defined interface returns a false value or returns a null value to block the original operation of the third-party library, thereby ensuring that the system sensitive API can not be used by the third-party library at will and protecting the privacy sensitive data of users and applications.
(3.1) loading byte codes of the classes from the JAR packet;
the part mainly adopts a javasissist tool to rewrite byte codes of classes in a JAR packet of a third party. The javasissist tool supports direct loading of the JAR package, and takes out the specified class file from the JAR package and rewrites the byte code of the specified class file, so that the byte code of the specified class is taken out from the JAR package one by one according to the list of the class files in the JAR package obtained in the step 2, and traversal rewriting is performed.
(3.2) traversing and searching calling codes of the sensitive API in the byte codes according to the loaded sensitive API information;
according to the sensitive API information to be rewritten provided by the developer, the system searches the byte codes of each class in a traversing way, finds out the calling codes of the sensitive API from the byte codes, and rewrites the next step.
(3.3) rewriting the calling codes of the sensitive API, replacing the calling codes with the calling codes of the custom interface, and blocking related operations in the custom interface;
and according to the found calling code of the sensitive API, the system calls the javascript tool to rewrite and replace, rewrite the original code into the calling code of the user-defined interface, and block the original operation in the user-defined interface.
(3.4) writing the rewritten bytecode back to the class file, and putting the class file into a rewritten class file directory tmp _ class folder;
after the byte code file of the specified class is rewritten, rewriting the rewritten byte code into the class file according to the path of the package name and the class name. And traversing and rewriting the next class by the system according to the list of the class files of the JAR package until all the byte codes of all the class files in the JAR package are rewritten, and storing the class files in a temporary directory tmp _ class folder according to the path of the package name class name.
Step 6, packing the rewritten class files, and generating a new JAR package to a directory tmp _ class folder;
and packaging the rewritten class bytecode folder tmp _ class directory to generate a new JAR file, wherein the JAR file is processed at the moment, and the calling code of the sensitive API is rewritten, so that the behavior of the third-party library can be well controlled.
Step two, rewriting dynamic loading code
The second part of the invention is dynamic load code rewriting, since the third party library can dynamically load code during the operation process. The part is mainly deployed on a remote server, when a third-party library rewritten by the first part dynamically loads codes in operation, the codes to be loaded can be uploaded to the remote server in real time, and a dynamically loaded code rewriting module deployed on the server can receive the codes uploaded by a client in real time and rewrite the dynamically loaded codes. After rewriting is completed, the client can download the rewritten code to the local dynamic loading execution. Therefore, the behavior of dynamically loading the code by the third-party library is well controlled.
Referring to fig. 2, the specific implementation of this section is as follows:
step 1, initializing an input/output directory;
the system is mainly used for rewriting the code files dynamically loaded by the third-party library, so that the system firstly initializes the directory stored in the received code files, then initializes the directory stored after the dynamically loaded code files are decompiled, and finally initializes the directory output after the dynamically loaded codes are rewritten.
(1.1) initializing a directory for receiving the dynamically loaded file and generating an in folder;
(1.2) initializing a directory for storing the smali file, and generating a tmp _ smali folder;
(1.3) initializing a dynamic loading code to rewrite an output directory and generating an out folder;
step 2, when the client dynamically loads the code in the running process, uploading the dynamically loaded code to the server for rewriting;
because the JAR code of the third-party library of the client is rewritten by the first part of the rewriting module of the third-party library, the third-party library can upload the code file to be loaded to the server in real time when the code is dynamically loaded in the running process, and the server can rewrite the dynamically loaded code.
Step 3, the server receives the dynamic loading code uploaded by the client;
after the server is deployed, the server can monitor the file uploading request of the client in real time, timely accept the dynamic loading code file uploaded by the client and rewrite the code.
Step 4, the server side initially processes the dynamic loading code to prepare for the next rewriting;
the third-party library dynamically loads codes in three formats, namely dex, apk and JAR files, so that different rewriting schemes are required to be adopted for different file formats. The JAR package used in the dynamic code loading is a compressed package containing the dex file, and when the JAR package is loaded, the dex file in the JAR package is unpacked firstly, and then various classes in the dex file are continuously loaded in an analyzing mode. When the system dynamically loads the apk code, the dex file in the file is mainly loaded. Therefore, for processing the JAR package and the apk file, the system extracts the dex file from the JAR package and the apk file, and then the dex file is used as the dex file to be rewritten in the next step.
(4.1) if the apk file is the apk file, extracting dex;
(4.2) if the file is the jar file, extracting dex;
(4.3) if the file is the dex file, directly entering the next step.
Step 5, decompiling the dex files by utilizing a smali/bakamali tool chain to generate various kinds of smali files, and storing the smali files into a tmp _ smali folder;
for the rewriting of the dex file, the invention adopts a smali/bakamali tool chain to perform decompiling to obtain the smali file, and then the next step of traversal rewriting is performed. The smali file is mainly a code file written in the smali language and is a specific file format of the android platform. The smali language is a register language of the Dalvik virtual machine, with language features similar to assembly language. Although the main programming code of the android platform is java, the java code does not generate a class file after being compiled, but is packaged in a dex file generated in an apk file. The compiled smili language is various assembly instructions, but basically keeps structural features and language logic features of classes, methods and the like of the original java language, and is easier to understand compared with the assembly language.
Step 6, adding a custom interface class;
the dex file is used for replacing the original system sensitive API, and the original privacy sensitive operation of dynamically loading the code in the third-party library is blocked.
(6.1) defining a corresponding custom interface according to the sensitive API information, and returning a false value in the custom interface or directly blocking the original operation;
the custom interface is mainly used for blocking the original operation of dynamically loading the code in the third-party library, and different system sensitive APIs have different return values, so that the invention has different processing modes aiming at different system sensitive APIs. For example, a self-defined interface corresponding to the short message sending API directly returns a null value without any operation; and the custom interface corresponding to the API for obtaining the device ID may return a false device ID to spoof the third party library. Therefore, the method can not only ensure that private data of users and applications are not stolen by the dynamic loading codes, but also ensure that the dynamic loading codes are not operated abnormally or crashed because the operation is blocked.
(6.2) writing the custom interface into a new Smali file, and rewriting and using the SMI file as an independent class by the code;
(6.3) adding the custom interface class into the tmp _ smal folder in the rewritten smali file directory;
since the custom interface class is finally called by the rewritten dynamic loading code, the class file needs to be added to the rewritten dynamic loading code.
Step 7, traversing each Smali file, searching the calling code of the sensitive API, rewriting and replacing the calling code with the calling code of the corresponding custom interface;
sensitive API calling codes in the smali codes are analyzed in a traversing mode, then text rewriting is directly carried out, as long as new parameters are not introduced in the rewriting process, a register is added or the logic structure of the original codes is changed, the running logic of the original codes can be kept, and compiling errors are not introduced. And through rewriting, the privacy sensitive behavior of the dynamic loading code can be effectively controlled.
(7.1) reading the contents of the smali file;
(7.2) traversing and searching calling codes of sensitive APIs in the smali;
the calling code in the smali language also comprises information such as calling type, class name, method name and method signature, so that the calling code of the API sensitive to the system can be easily found out by analyzing the smali code.
(7.3) rewriting the calling codes of the sensitive API, replacing the calling codes with the calling codes of the corresponding custom interface, and blocking related operations in the custom interface;
according to the searched calling code of the sensitive API and the format of the smili language, text replacement is directly carried out on the code, the original code is rewritten into the calling code of the custom interface, and the original operation is blocked in the custom interface.
(7.4) writing the rewritten smali code back to the smali file, and putting the rewritten smali file directory tmp _ smali folder;
after the SMali file of the specified class is rewritten, rewriting the rewritten SMali codes into the class file according to the path of the package name and the class name. And traversing and rewriting the next class until the smali codes of all class files in the dex file are rewritten, and storing the class codes in a temporary directory tmp _ smal folder according to the path of the packet name class name.
Step 8, compiling the rewritten smali file directory tmp _ smali folder by using a smali/bakmali tool chain to generate a new dex file and converting the dex file into a dynamic loading code of an original format;
and packing the tmp _ smal directory of the rewritten smali file by using a smali/bakmali tool chain, and recompiling to generate a dex file, wherein the dex file is processed at the moment, and the calling code of the sensitive API is rewritten, so that the behavior of dynamically loading the code can be well controlled.
Step 9, the server side informs the client side to download the rewritten dynamic loading code;
after the rewriting is completed, the server needs to notify the client to download the rewritten dynamic loading code back to the local.
Step 10, the client downloads the rewritten dynamic loading code to the local and loads and executes the code;
after the client receives the notification of the server, the client downloads the rewritten dynamic loading code to the local, and the dynamic loading is executed, at this time, the dynamically loaded code is rewritten by the server, wherein the privacy sensitive behavior is limited, and the privacy data of the user and the host application can be well protected.
The performance effects of the present invention can be further illustrated by the following experiments:
1) conditions of the experiment
The third-party library rewriting module is used as an independent java program and is used for rewriting a JAR packet of the third-party library, and the dynamic loading code rewriting module is directly deployed on an Apache Tomcat server and is accessed by the rewritten third-party library in the running process. The hardware platform selects a common PC and an LG Nexsus 5 mobile phone which is brushed into a native android 6.0 operating system.
2) Content of the experiment
And respectively downloading 20 popular third-party libraries at home and abroad, and respectively integrating the third-party libraries into the test application. And after the third-party library can normally run in the application, rewriting the JAR package of the third-party library by using the third-party library rewriting tool of the invention, and putting the rewritten third-party library into the test application again for running to compare the effects before and after the rewriting.
Developing a simulation third-party library, performing various privacy-sensitive operations and dynamic code loading in the simulation third-party library, rewriting the simulation third-party library, and observing the limit condition of the invention on the self code and the dynamic code loading of the simulation third-party library.
And (3) performing various privacy sensitive operations by using a simulation third-party library, testing the consumed time before and after rewriting for each operation, executing each operation 100 times, calculating the average time, comparing the performance load before and after rewriting, and measuring the performance loss caused by the method.
3) Analysis of results
As can be seen from Table 1, the present invention can effectively control the codes of the entity third-party library itself, isolate them in a user-mode sandbox, and prevent the third-party library from freely accessing the private data of the user and the host application.
Table 1 results of functional testing in entity third party libraries using the present invention
Figure BDA0001802586460000131
Figure BDA0001802586460000141
As can be seen from Table 2, the present invention can effectively control the simulated third-party library and the dynamically loaded code thereof, isolate them in a user-mode sandbox, and prevent the third-party library and the dynamically loaded code thereof from randomly accessing the private data of the user and the host application.
Table 2 functional test results of simulation of third party library using the present invention
Figure BDA0001802586460000142
As can be seen from Table 3, the rewriting of the third-party library by the present invention does not substantially bring extra time overhead to the third-party library, and since the operation in the third-party library is blocked after the rewriting, most of the time required for the operation is also reduced.
Table 3 performance test results of simulation of third party library using the present invention
Figure BDA0001802586460000143
Figure BDA0001802586460000151

Claims (7)

1.基于用户态沙箱的移动应用第三方库隔离方法,其特征在于,包括如下步骤:1. the mobile application third-party library isolation method based on user state sandbox, is characterized in that, comprises the steps: (1)在开发阶段,改写第三方库敏感API的调用代码:(1) In the development stage, rewrite the calling code of the sensitive API of the third-party library: (1.1)初始化输入输出:(1.1) Initialize input and output: (1.11)初始化JAR包所在目录,生成tmp_class文件夹;(1.11) Initialize the directory where the JAR package is located, and generate the tmp_class folder; (1.12)初始化JAR包输出目录,生成out文件夹;(1.12) Initialize the JAR package output directory and generate the out folder; (1.13)加载预定义的敏感API信息;(1.13) Load predefined sensitive API information; (1.14)tmp_class文件夹中添加与敏感API对应的自定义接口类;(1.14) Add custom interface classes corresponding to sensitive APIs in the tmp_class folder; (1.2)利用字节码改写工具包,遍历待改写的JAR包,获取JAR包中所有类的信息列表;(1.2) Use the bytecode rewriting toolkit to traverse the JAR package to be rewritten, and obtain the information list of all classes in the JAR package; (1.3)遍历改写JAR包中的每个类,以对应的自定义接口调用代码替换其中的敏感API调用代码;(1.3) Traverse and rewrite each class in the JAR package, and replace the sensitive API calling code with the corresponding custom interface calling code; (1.4)打包改写后的类文件,生成新的JAR包到目录tmp_class文件夹;(1.4) Package the rewritten class file and generate a new JAR package to the directory tmp_class folder; 还包括以下步骤:Also includes the following steps: (2)改写第三方库动态加载代码:(2) Rewrite the dynamic loading code of the third-party library: (2.1)初始化输入输出目录:(2.1) Initialize the input and output directory: (2.11)初始化接收动态加载文件的目录,生成in文件夹;(2.11) Initialize the directory that receives the dynamically loaded file, and generate the in folder; (2.12)初始化存放.smali文件的目录,生成tmp_smali文件夹;(2.12) Initialize the directory where the .smali file is stored, and generate the tmp_smali folder; (2.13)初始化动态加载代码改写输出目录,生成out文件夹;(2.13) Initialize the dynamic loading code to rewrite the output directory to generate the out folder; (2.2)客户端在运行过程中动态加载代码时,上传动态加载的代码到服务端进行改写;(2.2) When the client dynamically loads the code during the running process, upload the dynamically loaded code to the server for rewriting; (2.3)服务端接收客户端上传的动态加载代码;(2.3) The server receives the dynamic loading code uploaded by the client; (2.4)服务端初步处理动态加载代码,提取.dex文件;(2.4) The server initially processes the dynamic loading code and extracts the .dex file; (2.5)利用smali/baksmali工具链反编译.dex文件,生成各个类的.smali文件,存放到tmp_smali文件夹中;(2.5) Use the smali/baksmali toolchain to decompile the .dex file, generate the .smali files of each class, and store them in the tmp_smali folder; (2.6)将与敏感API对应的自定义接口类添加到改写后的.smali文件目录中tmp_smali文件夹中;(2.6) Add the custom interface class corresponding to the sensitive API to the tmp_smali folder in the rewritten .smali file directory; (2.7)遍历每个.smali文件,查找敏感API的调用代码并替换为对应的自定义接口的调用代码;(2.7) Traverse each .smali file, find the calling code of the sensitive API and replace it with the calling code of the corresponding custom interface; (2.8)利用smali/baksmali工具链编译改写后的.smali文件目录中的tmp_smali文件夹,生成新的.dex文件并转化为原有格式的动态加载代码;(2.8) Use the smali/baksmali toolchain to compile the tmp_smali folder in the rewritten .smali file directory, generate a new .dex file and convert it into the dynamic loading code of the original format; (2.9)服务端通知客户端下载改写后的动态加载代码,并加载执行。(2.9) The server notifies the client to download the rewritten dynamic loading code, and load and execute it. 2.根据权利要求1所述的基于用户态沙箱的移动应用第三方库隔离方法,其特征在于,(1.13)加载预定义的敏感API信息具体操作为:2. the mobile application third-party library isolation method based on user state sandbox according to claim 1, is characterized in that, (1.13) load predefined sensitive API information concrete operation is: (1.131)开发者根据需要,定义需要改写的敏感API信息,包括类名、方法名和方法签名,存储在文件中;(1.131) Developers define sensitive API information that needs to be rewritten, including class names, method names and method signatures, and store them in files as needed; (1.132)读取敏感API信息的文件,解析出类名、方法名和方法签名。(1.132) Read the file of sensitive API information, and parse out the class name, method name and method signature. 3.根据权利要求1所述的基于用户态沙箱的移动应用第三方库隔离方法,其特征在于,(1.14)具体操作为:3. the mobile application third-party library isolation method based on user state sandbox according to claim 1, is characterized in that, (1.14) concrete operation is: (1.141)根据敏感API信息,定义对应的自定义接口,在自定义接口中返回假值或直接阻塞原有操作,生成自定义接口类;(1.141) According to the sensitive API information, define the corresponding custom interface, return a false value in the custom interface or directly block the original operation, and generate a custom interface class; (1.142)将自定义接口类添加到改写后的类文件目录tmp_class文件夹中。(1.142) Add the custom interface class to the rewritten class file directory tmp_class folder. 4.根据权利要求1所述的基于用户态沙箱的移动应用第三方库隔离方法,其特征在于,(1.2)中,字节码改写工具包采用javassist。4 . The method for isolating a third-party library of mobile applications based on a user-mode sandbox according to claim 1 , wherein, in (1.2), the bytecode rewriting toolkit adopts javassist. 5 . 5.根据权利要求1所述的基于用户态沙箱的移动应用第三方库隔离方法,其特征在于,(1.3)具体操作为:5. the mobile application third-party library isolation method based on user state sandbox according to claim 1, is characterized in that, (1.3) concrete operation is: (1.31)从JAR包中加载类的字节码;(1.31) Load the bytecode of the class from the JAR package; (1.32)根据加载的敏感API信息,遍历查找字节码中敏感API的调用代码;(1.32) According to the loaded sensitive API information, traverse to find the calling code of the sensitive API in the bytecode; (1.33)改写敏感API的调用代码,替换为对应的自定义接口的调用代码;(1.33) Rewrite the calling code of the sensitive API and replace it with the calling code of the corresponding custom interface; (1.34)将改写后的字节码写回到类文件中,放入改写后的类文件目录tmp_class文件夹中。(1.34) Write the rewritten bytecode back to the class file and put it into the rewritten class file directory tmp_class folder. 6.根据权利要求1所述的基于用户态沙箱的移动应用第三方库隔离方法,其特征在于,(2.4)具体操作为:6. the mobile application third-party library isolation method based on user state sandbox according to claim 1, is characterized in that, (2.4) concrete operation is: (2.41)若动态加载代码为.apk文件,则提取出.dex;(2.41) If the dynamic loading code is an .apk file, .dex is extracted; (2.42)若动态加载代码为.jar文件,则提取出.dex;(2.42) If the dynamic loading code is a .jar file, extract .dex; (2.43)若动态加载代码为.dex文件,直接进入下一步。(2.43) If the dynamic loading code is a .dex file, go directly to the next step. 7.根据权利要求1所述的基于用户态沙箱的移动应用第三方库隔离方法,其特征在于,(2.7)具体操作为:7. the mobile application third-party library isolation method based on user state sandbox according to claim 1, is characterized in that, (2.7) concrete operation is: (2.71)读取.smali文件内容;(2.71) Read the content of the .smali file; (2.72)遍历查找.smali中敏感API的调用代码;(2.72) Traverse to find the calling code of the sensitive API in .smali; (2.73)改写敏感API的调用代码,替换为对应的自定义接口的调用代码;(2.73) Rewrite the calling code of the sensitive API and replace it with the calling code of the corresponding custom interface; (2.74)将改写后的smali代码写回到.smali文件中,放入改写后的.smali文件目录中的tmp_smali文件夹中。(2.74) Write the rewritten smali code back into the .smali file, and put it into the tmp_smali folder in the rewritten .smali file directory.
CN201811083714.8A 2018-09-17 2018-09-17 Mobile application third-party library isolation method based on user mode sandbox Active CN109255235B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811083714.8A CN109255235B (en) 2018-09-17 2018-09-17 Mobile application third-party library isolation method based on user mode sandbox

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811083714.8A CN109255235B (en) 2018-09-17 2018-09-17 Mobile application third-party library isolation method based on user mode sandbox

Publications (2)

Publication Number Publication Date
CN109255235A CN109255235A (en) 2019-01-22
CN109255235B true CN109255235B (en) 2021-08-24

Family

ID=65047926

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811083714.8A Active CN109255235B (en) 2018-09-17 2018-09-17 Mobile application third-party library isolation method based on user mode sandbox

Country Status (1)

Country Link
CN (1) CN109255235B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110309646A (en) * 2019-06-28 2019-10-08 广州小鹏汽车科技有限公司 Personal information protecting method, protective device and vehicle
CN110727952A (en) * 2019-08-30 2020-01-24 国家计算机网络与信息安全管理中心 Privacy collection and identification method for third-party library of mobile application program
CN111046386B (en) * 2019-12-05 2020-11-20 深圳开源互联网安全技术有限公司 Method and system for dynamically detecting program third-party library and performing security evaluation
CN111400757B (en) * 2020-03-13 2022-09-27 西安电子科技大学 Method for preventing native code in android third-party library from revealing user privacy
CN112379890A (en) * 2020-12-04 2021-02-19 深圳麦风科技有限公司 Data copying method of Whatsapp
CN114329359A (en) * 2021-12-30 2022-04-12 湖南快乐阳光互动娱乐传媒有限公司 API call control method and device, storage medium and electronic equipment
CN117874749A (en) * 2024-01-15 2024-04-12 北京盛邦赛云科技有限公司 Sandbox type code expansion isolation device and method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102760219A (en) * 2011-12-20 2012-10-31 北京安天电子设备有限公司 Android platform software protecting system, method and equipment
CN103970563A (en) * 2014-04-15 2014-08-06 四川长虹电器股份有限公司 Dynamic Android class loading method
CN108491235A (en) * 2018-03-21 2018-09-04 北京理工大学 In conjunction with the DEX guard methods of dynamic load and function Nativeization

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102591696A (en) * 2011-01-14 2012-07-18 中国科学院软件研究所 Method and system for extracting behavioral data of mobile phone software
CN103902859A (en) * 2013-12-25 2014-07-02 武汉安天信息技术有限责任公司 Code protecting method and system based on hook technology in JAVA
CN104866734B (en) * 2014-02-25 2018-10-09 北京娜迦信息科技发展有限公司 A kind of guard method of DEX file and device
CN104462959B (en) * 2014-12-04 2017-09-01 北京奇虎科技有限公司 A reinforcement protection method, server and system for Android applications
US11176267B2 (en) * 2015-02-24 2021-11-16 International Business Machines Corporation Fine-grained user control over usages of sensitive system resources having private data with applications in privacy enforcement
CN104992081B (en) * 2015-06-24 2018-02-27 华中科技大学 A kind of safe Enhancement Method of Android application programs third party code
CN106096394A (en) * 2016-06-16 2016-11-09 北京奇虎科技有限公司 A kind of Ad blocking method and apparatus of Android application
CN108229148B (en) * 2016-12-21 2022-06-21 武汉安天信息技术有限责任公司 Sandbox unshelling method and sandbox unshelling system based on Android virtual machine
CN108763924B (en) * 2018-04-26 2022-04-22 南京大学 A method for controlling access rights of untrusted third-party libraries in Android applications

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102760219A (en) * 2011-12-20 2012-10-31 北京安天电子设备有限公司 Android platform software protecting system, method and equipment
CN103970563A (en) * 2014-04-15 2014-08-06 四川长虹电器股份有限公司 Dynamic Android class loading method
CN108491235A (en) * 2018-03-21 2018-09-04 北京理工大学 In conjunction with the DEX guard methods of dynamic load and function Nativeization

Also Published As

Publication number Publication date
CN109255235A (en) 2019-01-22

Similar Documents

Publication Publication Date Title
CN109255235B (en) Mobile application third-party library isolation method based on user mode sandbox
Zhang et al. Dexhunter: toward extracting hidden code from packed android applications
Yang et al. Appspear: Bytecode decrypting and dex reassembling for packed android malware
CN106778103B (en) Reinforcement method, system and decryption method for preventing reverse cracking of android application program
Carmony et al. Extract Me If You Can: Abusing PDF Parsers in Malware Detectors.
US6907396B1 (en) Detecting computer viruses or malicious software by patching instructions into an emulator
JP6166839B2 (en) System and method for replacing application methods at runtime
US9223964B2 (en) Detecting JAVA sandbox escaping attacks based on JAVA bytecode instrumentation and JAVA method hooking
JP6837064B2 (en) Systems and methods for detecting malicious code in runtime-generated code
US9811663B2 (en) Generic unpacking of applications for malware detection
CN105574411B (en) A kind of dynamic hulling method, device and equipment
US20170372068A1 (en) Method to identify known compilers functions, libraries and objects inside files and data items containing an executable code
US9804948B2 (en) System, method, and computer program product for simulating at least one of a virtual environment and a debugging environment to prevent unwanted code from executing
Suk et al. UnThemida: Commercial obfuscation technique analysis with a fully obfuscated program
US20170171224A1 (en) Method and System for Determining Initial Execution of an Attack
Qiu et al. Libcapsule: Complete confinement of third-party libraries in android applications
David et al. Quack: Hindering deserialization attacks via static duck typing
US20220035920A1 (en) Systems and methods for automatically generating malware countermeasures
US20240394369A1 (en) Unpacking software via auto-unpacker interception
Graux Challenges of native android applications: obfuscation and vulnerabilities
Wong Dynamic Taint Analysis in JavaScript for JavaScript
Wang et al. WrapDroid: Flexible and fine-grained scheme towards regulating behaviors of Android apps
Costamagna Advances In Security Analysis Techniques To Increase Privacy And Security Of The Android Ecosystem
Maggio Improving Memory Forensics Through Emulation and Program Analysis
Yoon et al. A Hidden File Extraction Scheme Defeating Malware Using Android Dynamic Loading

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20220817

Address after: 29th Floor, Building 1, China Railway Xi'an Center, No. 10 Zhangba 1st Road, High-tech Zone, Xi'an City, Shaanxi Province 710065

Patentee after: Shaanxi shutuxing Information Technology Co.,Ltd.

Address before: 710071 No.2, Taibai South Road, Beilin District, Xi'an City, Shaanxi Province

Patentee before: XIDIAN University

TR01 Transfer of patent right