基于ARM虚拟化扩展的Android内核动态度量方法

针对现阶段内核级攻击对Android系统完整性的威胁，提出一种基于ARM虚拟化扩展的Android内核动态度量方法DIMDroid。该方法利用ARM架构中的硬件辅助虚拟化技术，提供度量模块与被度量Android系统的隔离，首先通过分析在Android系统运行时影响内核完整性的因素从而得到静态和动态度量对象，其次在度量层对这些度量对象进行语义重构，最后对其进行完整性分析来判断Android内核是否受到攻击；同时通过基于硬件信任链的启动保护和基于内存隔离的运行时防护来保证DIMDroid自身安全。实验结果表明，DIMDroid能够及时发现破环Android内核完整性的rootkit，且该方法的性能损失在可接受范围内。

Dynamic measurement of Android kernel based on ARM virtualization extension

Aiming at the integrity threat of Android systems at present brought by kernel-level attacks, a method for dynamic measurement of Android kernel, namely DIMDroid (Dynamic Integrity Measurement of Android), was proposed. The hardware-assisted virtualization technology was used to provide the isolation between the measurement module and the measured Android system. First of all, the static and dynamic measurement objects were obtained by analyzing the kernel elements that affect kernel integrity in the running of the Android system. Secondly, these measurement objects were semantically reconstructed at the measurement layer. Finally, an integrity analysis was performed to determine whether the Android kernel is under attack or not. At the same time, the boot protection based on hardware-based trust chain and the runtime protection based on memory isolation were performed to ensure the security of DIMDroid itself. The experimental results show that DIMDroid can detect the rootkit which breaks Android kernel integrity in time, and the performance loss of the method is within an acceptable range.