本文選題：軟件攻擊 + 虛擬機(jī)保護(hù)指令還原�。� 參考：《西北大學(xué)》2013年碩士論文

【摘要】：隨著軟件安全技術(shù)的不斷發(fā)展,各種軟件保護(hù)方法(如軟件加密、混淆、防篡改、軟件水印等)應(yīng)運(yùn)而生。其中,基于虛擬機(jī)的保護(hù)技術(shù)(下文簡(jiǎn)稱(chēng)虛擬機(jī))是目前應(yīng)用最廣泛的一種軟件代碼保護(hù)技術(shù),其實(shí)現(xiàn)原理是將待保護(hù)的X86指令轉(zhuǎn)化為虛擬機(jī)可解釋的字節(jié)碼,使用虛擬機(jī)私有的解釋器對(duì)該字節(jié)碼解釋執(zhí)行。在安全性上,虛擬機(jī)解釋器中大量的混淆以及虛擬機(jī)解釋器自身的復(fù)雜性大大增加了逆向分析的難度。但是這并沒(méi)有阻止攻擊者對(duì)基于虛擬機(jī)的保護(hù)軟件的破解,在新興的軟件攻擊技術(shù)面前,現(xiàn)有的基于虛擬機(jī)的保護(hù)技術(shù)變的不堪一擊。本文基于博弈論與攻防對(duì)抗的思想,研究基于虛擬機(jī)的軟件保護(hù)的攻擊策略,旨在從攻擊過(guò)程中分析軟件的脆弱點(diǎn),為軟件保護(hù)者提供依據(jù),使其可以開(kāi)發(fā)出更有針對(duì)性的軟件保護(hù)技術(shù)。 本文的主要研究工作： 首先介紹目前軟件安全研究的現(xiàn)狀；其次,從逆向工程的角度出發(fā),對(duì)基于虛擬機(jī)的保護(hù)技術(shù)的基本框架與虛擬機(jī)解釋器的基本組成部分進(jìn)行了詳細(xì)的介紹；之后,在大量的逆向分析的基礎(chǔ)上,提出并詳細(xì)介紹了一種虛擬機(jī)還原的半自動(dòng)化攻擊方案：提出“動(dòng)態(tài)提取,靜態(tài)分析”與“反變形引擎”相結(jié)合的Handler還原方案；建立原子Handler庫(kù)、Handler組合庫(kù)以及無(wú)效Handler庫(kù)對(duì)Handler進(jìn)行管理；最后提出基于寄存器數(shù)據(jù)跟蹤的策略還原虛擬機(jī)保護(hù)的關(guān)鍵指令；最后,開(kāi)發(fā)出基于虛擬機(jī)軟件保護(hù)的半自動(dòng)化攻擊系統(tǒng),使用現(xiàn)有的虛擬機(jī)保護(hù)軟件Code Virtualizer作為攻擊對(duì)象,從實(shí)驗(yàn)角度對(duì)本文提出的虛擬機(jī)還原的半自動(dòng)化攻擊策略進(jìn)行驗(yàn)證。
[Abstract]:With the development of software security technology, various software protection methods (such as software encryption, confusion, tamper-proof, software watermarking, etc.) emerge as the times require. The protection technology based on virtual machine (hereinafter referred to as virtual machine) is one of the most widely used software code protection technology at present. Its implementation principle is to convert the protected X86 instruction into byte code that can be interpreted by virtual machine. Execute the bytecode interpretation using a virtual machine private interpreter. In terms of security, the confusion in the virtual machine interpreter and the complexity of the virtual machine interpreter greatly increase the difficulty of reverse analysis. But this has not prevented the attacker from cracking the protection software based on the virtual machine. In the face of the new software attack technology, the existing protection technology based on the virtual machine becomes vulnerable. Based on the idea of game theory and attack and defense confrontation, this paper studies the attack strategy of software protection based on virtual machine, in order to analyze the vulnerable point of software in the process of attack, and provide the basis for software protector. So that it can develop more targeted software protection technology. The main research work of this paper is as follows: Firstly, the present situation of software security research is introduced. Secondly, the basic framework of virtual machine based protection technology and the basic components of virtual machine interpreter are introduced in detail from the point of view of reverse engineering. On the basis of a lot of reverse analysis, a semi-automatic attack scheme of virtual machine restore is proposed and introduced in detail: a Handler restore scheme combining "dynamic extraction, static analysis" and "reverse deformation engine" is proposed. The atomic Handler library and the invalid Handler library are established to manage the Handler. At last, the key instructions of restoring virtual machine protection based on register data tracking are proposed. Finally, a semi-automatic attack system based on virtual machine software protection is developed. Using the existing virtual machine protection software Code Virtualizer as the object of attack, the semi-automatic attack strategy of virtual machine restore proposed in this paper is verified from the point of view of experiment.
【學(xué)位授予單位】：西北大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2013
【分類(lèi)號(hào)】：TP302;TP311.53

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 宋揚(yáng);李立新;周雁舟;沈平;;軟件防篡改技術(shù)研究[J];計(jì)算機(jī)安全;2009年01期

2 羅宏;蔣劍琴;曾慶凱;;用于軟件保護(hù)的代碼混淆技術(shù)[J];計(jì)算機(jī)工程;2006年11期

3 董耀祖;周正偉;;基于X86架構(gòu)的系統(tǒng)虛擬機(jī)技術(shù)與應(yīng)用[J];計(jì)算機(jī)工程;2006年13期

4 龐立會(huì);;PE文件動(dòng)態(tài)加殼技術(shù)的研究與實(shí)現(xiàn)[J];計(jì)算機(jī)工程;2008年19期

5 王建民;余志偉;王朝坤;付軍寧;;Java程序混淆技術(shù)綜述[J];計(jì)算機(jī)學(xué)報(bào);2011年09期

6 武少杰;鶴榮育;薛長(zhǎng)松;謝紅濤;;基于循環(huán)哨兵的軟件保護(hù)方法研究[J];計(jì)算機(jī)與現(xiàn)代化;2012年01期

7 杜華;;反Hook技術(shù)的虛核保護(hù)機(jī)制研究[J];價(jià)值工程;2012年06期

8 沈海波,史毓達(dá);軟件代碼的防篡改技術(shù)[J];武漢科技學(xué)院學(xué)報(bào);2004年05期

9 湯戰(zhàn)勇;王懷軍;房鼎益;陳曉江;;基于精簡(jiǎn)指令集的軟件保護(hù)虛擬機(jī)技術(shù)研究與實(shí)現(xiàn)[J];微電子學(xué)與計(jì)算機(jī);2011年08期

10 楊明;黃劉生;;一種采用嵌套虛擬機(jī)的軟件保護(hù)方案[J];小型微型計(jì)算機(jī)系統(tǒng);2011年02期

，

本文編號(hào)：1784150