报告名称:硬件辅助的加固安卓应用程序分析
报告人:香港理工大学薛磊博士
时间和地点:2021年12月29日(周三)上午10:30-11:30
北校区计算机楼212会议室
报告摘要:
Android packers have been widely adopted by developers to protect apps from being plagiarized. Meanwhile, various unpacking tools unpack the apps through direct memory dumping. To defend against these off-the-shelf unpacking tools, packers start to adopt virtual machine (VM) based protection techniques, which replace the original Dalvik bytecode (DCode) with customized bytecode (PCode) in memory. This defeats the unpackers using memory dumping mechanisms. However, little is known about whether such packers can provide enough protection to Android apps.
To shed light on these questions, we take the first step towards demystifying the protections provided to the apps by the VM-based packers and propose novel program analysis techniques to investigate existing commercial VM-based packers including a learning phase and a deobfuscation phase. We aim at deobfuscating the VM-protected DCode in three scenarios, recovering the original DCode or its semantics with training apps, and restoring the semantics without training apps. We also develop a prototype named Parema to automate much work of the deobfuscation procedure. By applying it to the online VM-based Android packers, we reveal that all evaluated packers do not provide adequate protection and could be compromised.
个人介绍:
香港理工大学计算学系助理教授(研究)、博士生导师,长期从事系统安全、软件工程、网络安全和网联汽车安全等相关领域的研究,目前已发表30余篇系统安全、软件工程相关论文,其中以第一作者身份发表CCF-A类会议和期刊论文10篇,包括IEEE S&P、USENIX Security、ICSE、ISSTA、TIFS、TSE等,并申请和授权多项中国和美国发明专利。目前主持国家自然科学青年基金、CCF-腾讯犀牛鸟基金等项目,并担任多个国际会议的TPC成员以及TIFS、TDSC、TMC等期刊审稿人。