计算机应用 ›› 2018, Vol. 38 ›› Issue (9): 2644-2649.DOI: 10.11772/j.issn.1001-9081.2018010224

• 计算机软件技术 • 上一篇    下一篇

基于ARM虚拟化扩展的Android内核动态度量方法

路子聪, 徐开勇, 郭松, 肖警续   

  1. 信息工程大学, 郑州 450000
  • 收稿日期:2018-01-25 修回日期:2018-04-17 出版日期:2018-09-10 发布日期:2018-09-06
  • 通讯作者: 路子聪
  • 作者简介:路子聪(1994—),男,河北衡水人,硕士研究生,主要研究方向:信息安全;徐开勇(1963—),男,河南郑州人,研究员,博士,主要研究方向:信息安全、可信计算;郭松(1985—),男,河北保定人,讲师,博士,主要研究方向:密码协处理器、信息安全;肖警续(1994—),男,吉林长春人,硕士研究生,主要研究方向:信息安全。
  • 基金资助:
    国家重点研发计划项目(2016YFB0501900,2017YFB0801900)。

Dynamic measurement of Android kernel based on ARM virtualization extension

LU Zicong, XU Kaiyong, GUO Song, XIAO Jingxu   

  1. Information Engineering University, Zhengzhou Henan 450000, China
  • Received:2018-01-25 Revised:2018-04-17 Online:2018-09-10 Published:2018-09-06
  • Contact: 路子聪
  • Supported by:
    This work is partially supported by the National Key Research and Development Project (2016YFB0501900, 2017YFB0801900).

摘要: 针对现阶段内核级攻击对Android系统完整性的威胁,提出一种基于ARM虚拟化扩展的Android内核动态度量方法DIMDroid。该方法利用ARM架构中的硬件辅助虚拟化技术,提供度量模块与被度量Android系统的隔离,首先通过分析在Android系统运行时影响内核完整性的因素从而得到静态和动态度量对象,其次在度量层对这些度量对象进行语义重构,最后对其进行完整性分析来判断Android内核是否受到攻击;同时通过基于硬件信任链的启动保护和基于内存隔离的运行时防护来保证DIMDroid自身安全。实验结果表明,DIMDroid能够及时发现破环Android内核完整性的rootkit,且该方法的性能损失在可接受范围内。

关键词: ARM硬件虚拟化, Android内核, 动态完整性度量, 内核级攻击, hypervisor

Abstract: Aiming at the integrity threat of Android systems at present brought by kernel-level attacks, a method for dynamic measurement of Android kernel, namely DIMDroid (Dynamic Integrity Measurement of Android), was proposed. The hardware-assisted virtualization technology was used to provide the isolation between the measurement module and the measured Android system. First of all, the static and dynamic measurement objects were obtained by analyzing the kernel elements that affect kernel integrity in the running of the Android system. Secondly, these measurement objects were semantically reconstructed at the measurement layer. Finally, an integrity analysis was performed to determine whether the Android kernel is under attack or not. At the same time, the boot protection based on hardware-based trust chain and the runtime protection based on memory isolation were performed to ensure the security of DIMDroid itself. The experimental results show that DIMDroid can detect the rootkit which breaks Android kernel integrity in time, and the performance loss of the method is within an acceptable range.

Key words: ARM hardware virtualization, Android kernel, Dynamic Integrity Measurement (DIM), kernel-level attack, hypervisor

中图分类号: