本文選題：軟件保護(hù)　切入點(diǎn)：有限狀態(tài)自動機(jī)　出處：《西北大學(xué)》2014年博士論文　論文類型：學(xué)位論文

【摘要】：信息化時代,軟件已成為人們生產(chǎn)和生活中不可缺少的部分。由此引起的軟件盜版、篡改和逆向攻擊等問題也日趨增多,嚴(yán)重影響了軟件產(chǎn)業(yè)的可持續(xù)發(fā)展。軟件保護(hù)已受到各國政府、工業(yè)界和學(xué)術(shù)界的重視,由此使得軟件保護(hù)也已成為關(guān)鍵和熱點(diǎn)研究問題。 目前,已有很多軟件保護(hù)方法,如應(yīng)用于軟件特征識別的保護(hù)方法—軟件水印,在發(fā)生版權(quán)糾紛時提供法律依據(jù)；應(yīng)用于軟件核心算法或機(jī)密信息的保護(hù)方法—代碼自修改、代碼加密、代碼混淆等,增加軟件核心算法或機(jī)密信息被逆向分析的難度,這也是本文重點(diǎn)研究的對象�，F(xiàn)有的軟件保護(hù)方法可有效防止靜態(tài)分析,但由于當(dāng)前軟件生存的白盒環(huán)境,攻擊者通過調(diào)試等動態(tài)分析技術(shù)可以直接獲取軟件核心算法或機(jī)密信息。因此,軟件保護(hù)在防攻擊者動態(tài)分析方面依然面臨許多挑戰(zhàn)。 從攻擊者動態(tài)分析過程的角度,防動態(tài)攻擊的軟件保護(hù)方法可分為三個階段：①禁止攻擊者動態(tài)調(diào)試或執(zhí)行軟件,由于相應(yīng)的反調(diào)試等保護(hù)方法具有明顯的特征,保護(hù)強(qiáng)度較小,需要靈活應(yīng)用；②增加攻擊者在動態(tài)分析過程中的理解難度,大部分軟件保護(hù)的研究都屬于該階段,如代碼混淆、虛擬機(jī)軟件保護(hù)等,但存在性能消耗大或保護(hù)強(qiáng)度不足等問題；③防止攻擊者基于經(jīng)驗(yàn)累積的攻擊或成功攻擊后共享、傳播攻擊經(jīng)驗(yàn),該階段主要的保護(hù)方法是多樣性,但多樣性效果依然需要提高。因此,論文展開了白盒環(huán)境中防動態(tài)攻擊的軟件保護(hù)方法的研究,為構(gòu)建更有效的軟件保護(hù)方法提供理論分析和技術(shù)支撐。 論文的主要創(chuàng)新性研究內(nèi)容概括如下： 1.提出一種軟件保護(hù)有限狀態(tài)自動機(jī)模型 軟件保護(hù)方法通常是多種保護(hù)技術(shù)的組合,而保護(hù)技術(shù)間具有一定的依存關(guān)系。本文基于正則表達(dá)式描述保護(hù)技術(shù)之間的依存關(guān)系,提出了軟件保護(hù)有限狀態(tài)自動機(jī)模型,保護(hù)技術(shù)間的依存關(guān)系即為模型的狀態(tài)轉(zhuǎn)移函數(shù),模型中起始狀態(tài)到任一可接受狀態(tài)的路徑都是一種合理的保護(hù)方法。通過提出的軟件保護(hù)有限狀態(tài)自動機(jī)模型,可以合理組織保護(hù)技術(shù)生成軟件保護(hù)方法。最后構(gòu)造了具體的軟件保護(hù)有限狀態(tài)自動機(jī)模型,基于模型提出了本文重點(diǎn)研究的三種軟件保護(hù)方法。 2.提出一種基于指令變形與反調(diào)試技術(shù)相結(jié)合的軟件保護(hù)方法 通過對指令變形和反調(diào)試技術(shù)的理解和研究,結(jié)合兩種保護(hù)技術(shù)研究保護(hù)方法。通過程序差異構(gòu)造待保護(hù)指令片段的變形子引擎；利用一些指令片段執(zhí)行時間控制變形子引擎的調(diào)度,實(shí)現(xiàn)反調(diào)試。同時,用動態(tài)加解密技術(shù)對變形子引擎進(jìn)行保護(hù),提高變形子引擎的安全性。通過分析,基于指令變形與反調(diào)試技術(shù)相結(jié)合的軟件保護(hù)方法即可有效抵抗攻擊者的靜態(tài)分析,又可在一定程度上抵抗動態(tài)分析。 3.提出一種具有版本多樣性的混淆變換軟件保護(hù)方法 通過指令拆分或替換操作,以及算術(shù)和邏輯等價式,研究等價變換規(guī)則及對應(yīng)的等價變換模板函數(shù),提高了混淆保護(hù)強(qiáng)度以及版本多樣性效果；針對混淆變換的時間開銷,深入分析被保護(hù)指令對時間開銷的影響因素,提出了基于指令循環(huán)深度降低時間開銷的方法。設(shè)計了混淆變換保護(hù)原型系統(tǒng)MEPE(Metamorphic Engine of Portable Executable File),并通過實(shí)驗(yàn)說明了該方法具有較好的版本多樣性效果,可有效抵抗基于“經(jīng)驗(yàn)共享”的攻擊,同時也有效降低了軟件保護(hù)的時間開銷。 4.提出一種具有時間多樣性的虛擬機(jī)軟件保護(hù)方法 針對虛擬機(jī)指令集的功能單一性(為解釋x86指令而設(shè)計),對虛擬機(jī)指令集進(jìn)行擴(kuò)展,提出了安全虛擬指令,從反調(diào)試能力、執(zhí)行環(huán)境變化、無效分析等多方面增強(qiáng)虛擬機(jī)保護(hù)效果；另一方面,提出虛擬機(jī)軟件保護(hù)的時間多樣性方法,分析了多樣性效果。最后實(shí)現(xiàn)原型系統(tǒng)IVMP(Improved Virtual Machine based Software Protection System),通過實(shí)驗(yàn)說明了該方法具有較好的時間多樣性效果,可有效抵抗“累積經(jīng)驗(yàn)”的攻擊,同時未對保護(hù)軟件造成較大的性能開銷。 5.提出一種基于攻擊模型的軟件保護(hù)有效性評測方法 從理論上分析軟件保護(hù)有效性評測方法,提出基于軟件攻擊模型進(jìn)行評測具有普適性�；趯浖暨^程的分析,利用Petri網(wǎng)對軟件攻擊過程進(jìn)行建模,提出了攻擊模型在軟件攻擊過程指導(dǎo)、軟件保護(hù)方法有效性評測和改進(jìn)等方面的應(yīng)用方法。實(shí)現(xiàn)了軟件攻擊指導(dǎo)及保護(hù)方法有效性評測平臺SASPEE(Software Attack and Software Protection Effectiveness Evaluation Platform),通過實(shí)驗(yàn)說明了攻擊模型可以有效度量軟件保護(hù)強(qiáng)度,并有助于改進(jìn)軟件保護(hù)方法。
[Abstract]:The information age, software has become an indispensable part in people's production and life. The resulting software piracy, tampering and reverse attack problems are also increasing, which affect the sustainable development of the software industry. Software protection has been by the governments, industry and academia's attention, which makes the software protection has become the key and the focus of the research.
At present, there are many software protection methods, such as for protection of software watermarking method of feature recognition software, to provide a legal basis in the case of copyright disputes; code protection method used in the software algorithm or confidential information from the modified code encryption, code obfuscation, software to increase the core algorithm or confidential information by reverse analysis the difficulty is the focus of the research object. The existing software protection method can effectively prevent static analysis, but due to the current software white box environment to survive, the attacker through dynamic analysis technology debugging software can directly obtain the core algorithm or confidential information. Therefore, software protection still faces many challenges in preventing the attacker dynamic analysis.
Analysis from the perspective of the attacker dynamic software protection method against dynamic attack can be divided into three stages: the prohibition of the attacker or perform dynamic debugging software, because the corresponding different test methods to protect the distinctive feature, the protection strength is small, flexible application; increase the attacker in the dynamic analysis in the process of understanding difficult. Most of the research on software protection belong to the stage, such as code obfuscation, virtual machine software protection, but there are problems or lack of protection strength consumption performance; to prevent the attacker's attack based on the accumulated experience of success or attack after attack experience sharing, communication, protection method of the main stage is diversity, but diversity the effect still needs to be improved. Therefore, this paper carries out research on software protection methods against dynamic attack of the white box in the environment, to provide for the construction of a more effective method of software protection Theoretical analysis and technical support.
The main innovative research contents of this paper are summarized as follows:
1. a finite state automata model for software protection is proposed
Software protection method is usually a combination of various protection technology, and protection technology has a certain dependency relation. In this paper, regular expressions describing the dependency relation between protection technology based on the proposed software protection model of finite state automaton, dependency relation between protection technology is the state of the model transfer function model, in the initial state to any acceptable the path is a protection method for reasonable protection. Finite state automaton model proposed by the software, can organize protection technology generation software protection method. The final structure of the specific software model of finite state automaton model put forward three kinds of protection, this paper focuses on the research of software protection method based on.
2. a software protection method based on the combination of instruction deformation and anti debugging technology is proposed.
Through the understanding and study of the instruction of deformation and anti debugging techniques, combined with the two kinds of protection technology research and protection method. Through the program to be protected instruction fragments of differential structural deformation sub engine; using some instruction fragment execution control engine deformation time scheduling, to achieve anti debugging. At the same time, for the protection of the engine with the deformation of dynamic encryption and decryption technology, to improve the safety of the engine. Through the analysis of deformation, static analysis and anti debugging software protection method can be combined effectively resist the attacker's deformation based instruction can resist dynamic analysis to a certain extent.
3. a software protection method for confusion transformation with version diversity is proposed.
Through the instruction split or replace operation, and the arithmetic and logical equivalence, equivalent transformation of template function equivalence transformation rules and corresponding, improves the strength and diversity of version confusion protection effect; at last transform time overhead, in-depth analysis of the protected instruction influence factors of time cost, and puts forward the method of instruction cycle time reduced depth based on the design of the overhead obfuscation prototype system (Metamorphic MEPE Engine of Portable Executable File), and the experimental results shows that this method has a better version of diversity effect, can effectively resist attacks based on experience sharing ", at the same time to reduce the time overhead of software protection.
4. a virtual machine software protection method with time diversity is proposed
For the virtual machine instruction set single function (designed to explain the x86 command), to expand the virtual machine instruction set, put forward the virtual instruction, from the anti debugging ability, execution environment changes, invalid enhanced virtual machine protection effect analysis and other aspects; on the other hand, the method of software protection virtual machine time diversity, analyzes the diversity effect. Finally the prototype system realization of IVMP (Improved Virtual Machine based Software Protection System), the experimental results show that the method has the effect of time varied, can effectively resist the "experience" attacks, but did not cause large performance overhead on the protection of software.
5. a method of evaluating the effectiveness of software protection based on attack model is proposed
Analysis of software protection effectiveness evaluation method in theory, put forward software attack model based on the evaluation of universality. Analysis of the software attack process based on modeling the software attack process using Petri net, put forward the attack model in software attack guidance process, the application method of software protection method of the effective evaluation and improvement the realization of the software. The validity of the method of attack guidance and protection evaluation platform SASPEE (Software Attack and Software Protection Effectiveness Evaluation Platform), the experiment shows that the attack model can effectively measure software protection strength, and contribute to the improvement of software protection method.

【學(xué)位授予單位】：西北大學(xué)
【學(xué)位級別】：博士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前7條

1 賈春福;王志;劉昕;劉昕海;;路徑模糊:一種有效抵抗符號執(zhí)行的二進(jìn)制混淆技術(shù)[J];計算機(jī)研究與發(fā)展;2011年11期

2 李永祥,陳意云;基于函數(shù)指針數(shù)組的代碼迷惑技術(shù)[J];計算機(jī)學(xué)報;2004年12期

3 高鷹;陳意云;;基于抽象解釋的代碼迷惑有效性比較框架[J];計算機(jī)學(xué)報;2007年05期

4 趙玉潔;湯戰(zhàn)勇;王妮;房鼎益;顧元祥;;代碼混淆算法有效性評估[J];軟件學(xué)報;2012年03期

5 史揚(yáng),曹立明,王小平;混淆算法研究綜述[J];同濟(jì)大學(xué)學(xué)報(自然科學(xué)版);2005年06期

6 付劍晶;王珂;;軟件迷惑變換的魯棒性量化評價[J];軟件學(xué)報;2013年04期

7 王祥根;司端鋒;馮登國;蘇璞睿;;一種基于自修改代碼技術(shù)的軟件保護(hù)方法[J];中國科學(xué)院研究生院學(xué)報;2009年05期

，

本文編號：1619445