Skip to main content
SpringerLink
Log in

A code protection scheme by process memory relocation for android devices

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Android devices is emerging as a significant force for multimedia big data, which hold an enormous amount of information about the users. The security and privacy concerns have arisen as a salient area of inquiry since malicious attackers can use memory dump to extract privacy or sensitive data from these devices. This paper presents a code protection approach for Android devices which protects certain processes from memory acquisition by process memory relocation. The protected processes are relocated to the special memory area where the kernel is loaded, and thus these processes will be covered when android reboots and attackers can not recognize which protected programs have been performed on the devices. The experiment results show that the proposed approach disables forensics tools like FROST to obtain these processes and has little impact on the normal operation of the protected program. Compared with the similar methods, the proposed method can protect greater data quantity but it occupies no additional storage resources.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. Albano P, Castiglione A, Cattaneo G, Santis AD (2011) A novel anti-forensics technique for the android os. In: 2011 International Conference on Broadband and wireless computing, communication and applications (BWCCA). IEEE, pp 380–385

  2. Anobah M, Saleem S, Popov O (2014) Testing framework for mobile device forensics tools. J Digital Forensics, Secur Law: JDFSL 9(2):221

    Google Scholar 

  3. Azadegan S, Wei Y, Liu H, Sistani M, Acharya S (2012) Novel anti-forensics approaches for smart phones. In: 2012 45th Hawaii International Conference on System Science (HICSS). IEEE, pp 5424–5431

  4. Berghel H (2007) Hiding data, forensics, and anti-forensics. Commun ACM 50(4):15–20

    Article  Google Scholar 

  5. Blunden B (2009) Anti-forensics: the rootkit connection. In: Black Hat USA 2009 Conference Proceedings. Citeseer, p 10

  6. Caloyannides MA (2009) Forensics is so yesterday. IEEE Secur Priv 7(2):18–25

    Article  Google Scholar 

  7. Chang X, Nie F, Wang S, Yi Y, Zhou X, Zhang C (2016) Compound rank- k projections for bilinear analysis. IEEE Trans Neural Netw Learning Syst 27(7):1502–1513

    Article  MathSciNet  Google Scholar 

  8. Chang X, Ma Z, Lin M, Yang Y, Hauptmann A (2017) Feature interaction augmented sparse learning for fast kinect motion detection. IEEE Trans Image Processing 26(8):3911–3920

    Article  MathSciNet  Google Scholar 

  9. Chang X, Ma Z, Yi Y, Zeng Z, Hauptmann AG (2017) Bi-level semantic representation analysis for multimedia event detection. IEEE Trans Cybern 47(5):1180–1197

    Article  Google Scholar 

  10. Chang X, Yao-Liang Y, Yi Y, Xing EP (2017) Semantic pooling for complex event analysis in untrimmed videos. IEEE Trans Pattern Anal Mach Intell 39(8):1617–1632

    Article  Google Scholar 

  11. Conlan K, Baggili I, Breitinger F (2016) Anti-forensics: Furthering digital forensic science through a new extended, granular taxonomy. Digit Investig 18:S66–S75

    Article  Google Scholar 

  12. Distefano A, Me G, Pace F (2010) Android anti-forensics through a local paradigm. Digit Investig 7:S83–S94

    Article  Google Scholar 

  13. Garfinkel S (2007) Anti-forensics: techniques, detection and countermeasures. In: 2Nd International Conference on i-Warfare and Security, p 77

  14. Geiger M (2005) Evaluating commercial counter-forensic tools. In: DFRWS

  15. Götzfried J, Müller T (2013) Armored: cpu-bound encryption for android-driven arm devices. In: 2013 eighth international conference on Availability, reliability and security (ARES). IEEE, pp 161–168

  16. Gupta S, Gupta BB (2017) Detection, avoidance, and attack pattern mechanisms in modern web application vulnerabilities: present and future challenges. International Journal of Cloud Applications and Computing (IJCAC) 7(3):1–43

    Article  Google Scholar 

  17. Gupta BB, Gupta S, Chaudhary P (2017) Enhancing the browser-side context-aware sanitization of suspicious html5 code for halting the dom-based xss vulnerabilities in cloud. International Journal of Cloud Applications and Computing (IJCAC) 7(1):1–31

    Article  Google Scholar 

  18. Harris R (2006) Arriving at an anti-forensics consensus: examining how to define and control the anti-forensics problem. Digit Investig 3:44–49

    Article  Google Scholar 

  19. Ibtihal M, Hassan N et al (2017) Homomorphic encryption as a service for outsourced images in mobile cloud computing environment. International Journal of Cloud Applications and Computing (IJCAC) 7(2):27–40

    Article  Google Scholar 

  20. Jansen W, Delaitre A, Moenner L (2008) Overcoming impediments to cell phone forensics. In: Proceedings of the 41st Annual Hawaii International Conference on System Sciences. IEEE, pp 483–483

  21. Karlsson K-J, Glisson WB (2014) Android anti-forensics: modifying cyanogenmod. In: 2014 47Th Hawaii International Conference on System Sciences. IEEE, pp 4828–4837

  22. Kessler GC (2007) Anti-forensics and the digital investigator. In: Australian Digital Forensics Conference, p 1

  23. Lee K, Choi HO, Min SD, Lee J, Gupta BB, Nam Y (2017) A comparative evaluation of atrial fibrillation detection methods in koreans based on optical recordings using a smartphone. IEEE Access

  24. Liu V, Brown F (2006) Bleeding-edge anti-forensics presentation at InfoSec World

  25. Liu H, Azadegan S, Yu W, Acharya S, Sistani A (2012) Are we relying too much on forensics tools?. In: Software Engineering Research, Management and Applications 2011. Springer, pp 145–156

  26. Müller T, Spreitzenbarth M (2013) Frost. In: International Conference on Applied Cryptography and Network Security. Springer, pp 373–388

  27. Müller T, Dewald A, Freiling FC (2010) Aesse: a cold-boot resistant implementation of aes. In: Proceedings of the Third European Workshop on System Security. ACM, pp 42–47

  28. Müller T, Freiling FC, Dewald A (2011) Tresor runs encryption securely outside ram. In: USENIX Security Symposium, vol 17

  29. Müller T, Taubmann B, Freiling FC (2012) Trevisor. In: International Conference on Applied Cryptography and Network Security. Springer, pp 66–83

  30. Nilsson A, Andersson M, Axelsson S (2014) Key-hiding on the arm platform. Digit Investig 11:S63– S67

    Article  Google Scholar 

  31. Peron CSJ, Legary M (2005) Digital anti-forensics: emerging trends in data transformation techniques. In: Proceedings of

  32. Rastogi S, Bhushan K, Gupta BB (2015) A framework to detect repackaged android applications in smartphone devices. Int J Sens Wireless Commun Control 5(1):47–57

    Article  Google Scholar 

  33. Rastogi S, Bhushan K, Gupta BB (2016) Android applications repackaging detection techniques for smartphone devices. Procedia Comput Sci 78:26–32

    Article  Google Scholar 

  34. Sharma K, Gupta BB (2016) Multi-layer defense against malware attacks on smartphone wi-fi access channel. Procedia Comput Sci 78:19–25

    Article  Google Scholar 

  35. Simmons P (2011) Security through amnesia: a software-based solution to the cold boot attack on disk encryption. In: Proceedings of the 27th Annual Computer Security Applications Conference. ACM, pp 73–82

  36. Sporea I, Aziz B, McIntyre Z (2012) On the availability of anti-forensic tools for smartphones. Int J Secur 6(4):58–64

    Google Scholar 

  37. Stüttgen J, Cohen M (2013) Anti-forensic resilient memory acquisition. Digit Investig 10:S105–S115

    Article  Google Scholar 

  38. Sun Z, Zhang Q, Li Y, Tan Y (2016) Dppdl: a dynamic partial-parallel data layout for green video surveillance storage. IEEE Transactions on Circuits and Systems for Video Technology PP(99):1–1

    Article  Google Scholar 

  39. Sylve J, Case A, Marziale L, Richard GG (2012) Acquisition and analysis of volatile memory from android devices. Digit Investig 8(3):175–184

    Article  Google Scholar 

  40. Thing VLL, Ng K-Y, Chang E-C (2010) Live memory forensics of mobile phones. Digit Investig 7:S74–S82

    Article  Google Scholar 

  41. Wundram M, Freiling FC, Moch C (2013) Anti-forensics: the next step in digital forensics tool testing. In: 2013 Seventh International Conference on IT Security Incident Management and IT Forensics

  42. Xiao Y, Zhang C, Xue Y, Zhu H, Li Y, Tan Y (2017) An extra-parity energy saving data layout for video surveillance. Multimed Tool Appl. https://doi.org/10.1007/s11042-017-4540-1

  43. Xue Y, Tan Y, Liang C, Zhang C, Zheng J (2017) An optimized data hiding scheme for deflate codes. Soft Comput. https://doi.org/10.1007/s00500-017-2651-2

  44. Yan F, Tan Y, Zhang Q, Fei W, Cheng Z, Zheng J (2016) An effective raid data layout for object-based de-duplication backup system. Chin J Electron 25(5):832–840

    Article  Google Scholar 

  45. Zhang X, Tan Y, Xue Y, Zhang Q, Li Y, Zhang C, Zheng J (2017) Cryptographic key protection against frost for mobile devices. Clust Comput 20(3):2393–2402

    Article  Google Scholar 

  46. Zhu H, Tan Y, Zhang X, Zhu L, Zhang C, Zheng J (2017) A round-optimal lattice-based blind signature scheme for cloud services. Futur Gener Comput Syst 73(C):106–114

    Article  Google Scholar 

  47. Zhu R, Tan Y, Zhang Q, Li Y, Zheng J (2016) Determining image base of firmware for arm devices by matching literal pools. Digit Investig 16:19–28

    Article  Google Scholar 

  48. Zhu R, Zhang B, Mao J, Zhang Q, Tan Y (2017) A methodology for determining the image base of arm-based industrial control system firmware. Int J Crit Infrastruct Prot 16:36–35

    Article  Google Scholar 

  49. Zkik K, Orhanou G, Hajji SE (2017) Secure mobile multi cloud architecture for authentication and data storage. International Journal of Cloud Applications and Computing (IJCAC) 7(2):62–76

    Article  Google Scholar 

Download references

Acknowledgements

This research was supported by the National Natural Science Foundation of China (No.U1636213), Beijing Municipal Natural Science Foundation (No.4172053).

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Beijing Institute of Technology, Beijing, 100081, China

    Xiaosong Zhang, Yu-an Tan, Yuan Xue, Yuanzhang Li & Jun Zheng

  2. Department of Computer Science and Technology, Tangshan University, Tangshan, 063000, China

    Xiaosong Zhang

  3. Research Center of Massive Language Information Processing and Cloud Computing Application, Beijing, 100081, China

    Yu-an Tan & Jun Zheng

  4. Institute of Software, Chinese Academy of Science, Beijing, 100190, China

    Changyou Zhang

Authors
  1. Xiaosong Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yu-an Tan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Changyou Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yuan Xue
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yuanzhang Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Jun Zheng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jun Zheng.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhang, X., Tan, Ya., Zhang, C. et al. A code protection scheme by process memory relocation for android devices. Multimed Tools Appl 77, 11137–11157 (2018). https://doi.org/10.1007/s11042-017-5363-9

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-017-5363-9

Keywords

Search

Navigation