Publication Type

Conference Proceeding Article

Version

submittedVersion

Publication Date

1-2017

Abstract

Attackers use reverse engineering techniques to gain detailed understanding of executable for malicious purposes, such as re-packaging an Android app to inject malicious code or advertising components. To make reverse engineering more difficult, researchers have proposed various code obfuscation techniques to conceal purposes or logic of code segments. One interesting idea of code obfuscation is to apply codereuse techniques (e.g., Return-Oriented Programming) to (re-)distribute essential code segments before they are reconstructed at runtime. Such techniques are well understood on x86 platform, but relatively less explored on Android. In this paper, we present an evaluation on the extent to which code-reuse-based techniques can be applied to obfuscate Android apps. Moreover, we extend code-reuse-based obfuscation to the Android platform by proposing an obfuscation mechanism for both Java and native code. Results show that 835 gadgets are found in the C standard library (libc.so) which cover the entire Turing complete set. Furthermore, we implement a semi-automatic tool named AndroidCubo and show that it protects both Java and native code with comparable security to those obfuscated with Java reflection at a small runtime overhead.

Keywords

Obfuscation, Android application, Code reuse, Java Native Interface

Discipline

Information Security

Research Areas

Cybersecurity

Publication

Information Security and Cryptology: ICISC 2016: 19th International Conference, Seoul, November 30 - December 2: Revised selected papers

Volume

10157

First Page

333

Last Page

349

ISBN

9783319531762

Identifier

10.1007/978-3-319-53177-9_18

Publisher

Springer

City or Country

Cham

Additional URL

https://doi.org/10.1007/978-3-319-53177-9_18

Download

Share

COinS