本文選題：代碼混淆　切入點(diǎn)：布局混淆　出處：《中國(guó)科學(xué)技術(shù)大學(xué)》2017年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著互聯(lián)網(wǎng)技術(shù)和計(jì)算機(jī)軟件產(chǎn)業(yè)的快速發(fā)展,軟件的獲取和使用變的更加容易�，F(xiàn)階段,大量的付費(fèi)軟件被攻擊者破解,并發(fā)布到網(wǎng)絡(luò)上供人們免費(fèi)使用。而軟件被破解后,攻擊者可能會(huì)竊取軟件中的核心代碼或重要信息,使軟件的知識(shí)產(chǎn)權(quán)很難得到保障,限制了軟件產(chǎn)業(yè)的快速發(fā)展。近年來(lái),由于Python語(yǔ)言的語(yǔ)法簡(jiǎn)潔清晰,擁有功能強(qiáng)大而豐富的類庫(kù),可以大幅提高軟件開(kāi)發(fā)人員的開(kāi)發(fā)效率,越來(lái)越多的代碼開(kāi)始使用Python語(yǔ)言來(lái)編寫,而Python的字節(jié)碼很容易被現(xiàn)有的反編譯工具破解,導(dǎo)致其中的關(guān)鍵信息被竊取。為了解決上述問(wèn)題,在調(diào)研了現(xiàn)有的代碼混淆技術(shù)的基礎(chǔ)上,本文基于布局混淆和控制混淆設(shè)計(jì)實(shí)現(xiàn)了一個(gè)Python代碼混淆系統(tǒng),該混淆系統(tǒng)可以增加攻擊者破解Python代碼的難度。主要工作如下:(1)對(duì)代碼混淆技術(shù)進(jìn)行分析。首先,介紹代碼混淆中包含的布局混淆、數(shù)據(jù)混淆、預(yù)防性混淆、控制混淆,并給出了每種混淆下面包括的具體的混淆方法。然后,描述了代碼混淆的四個(gè)評(píng)價(jià)標(biāo)準(zhǔn),后面將使用這四個(gè)標(biāo)準(zhǔn)來(lái)對(duì)本文設(shè)計(jì)的Python代碼混淆系統(tǒng)進(jìn)行評(píng)價(jià)。(2)分析本文采用的控制混淆中需要用到的不透明謂詞和壓扁控制流算法。首先,分析了 Logistic和En_Logistic兩個(gè)混沌映射中存在的問(wèn)題,給出了本文設(shè)計(jì)的代碼混淆系統(tǒng)中將會(huì)使用的分段Logistic混沌映射,它克服了前兩個(gè)映射中存在的對(duì)初始值不夠敏感和容易產(chǎn)生小區(qū)域聚集現(xiàn)象的缺點(diǎn)。然后,介紹了不透明謂詞的定義,給出了一種使用混沌映射構(gòu)造混沌不透明謂詞的方法。最后,分析了現(xiàn)有的壓扁控制流算法中存在的缺陷。(3)實(shí)現(xiàn)本文設(shè)計(jì)的Python代碼混淆系統(tǒng)。首先,介紹了該系統(tǒng)中使用到的布局混淆。其次,提出并實(shí)現(xiàn)了該系統(tǒng)中需要用到的基于同余方程構(gòu)造的不透明謂詞算法和基于分段Logistic混沌映射構(gòu)造的N態(tài)不透明謂詞算法,并分析了如何在代碼中插入基于同余方程構(gòu)造的不透明謂詞。然后,提出了一種改進(jìn)的壓扁控制流算法,該算法克服了現(xiàn)有的壓扁控制流算法中存在的缺陷。最后,在該代碼混淆系統(tǒng)中實(shí)現(xiàn)了控制混淆和布局混淆的算法。(4)對(duì)本文設(shè)計(jì)的Python代碼混淆系統(tǒng)進(jìn)行實(shí)驗(yàn)與分析。使用開(kāi)源的測(cè)試用例在提出的實(shí)驗(yàn)平臺(tái)上對(duì)本文設(shè)計(jì)的代碼混淆系統(tǒng)進(jìn)行了實(shí)驗(yàn),并在正確性、安全性、有效性方面對(duì)其進(jìn)行了分析。實(shí)驗(yàn)結(jié)果表明,本文使用布局混淆和控制混淆算法設(shè)計(jì)的Python代碼混淆系統(tǒng)能夠保證混淆后代碼的正確性,并且與現(xiàn)有的不透明謂詞生成算法相比具有更好的均衡性,計(jì)算不透明謂詞輸出時(shí)帶來(lái)的額外時(shí)間開(kāi)銷更低,同時(shí)具有很高的安全性、強(qiáng)度、耐受力、隱蔽性,能夠有效地增加攻擊者破解代碼的難度,同時(shí)也存在一定的時(shí)間開(kāi)銷和空間開(kāi)銷。
[Abstract]:With the rapid development of Internet technology and computer software industry, the acquisition and use of software becomes easier. At this stage, a large number of paid software has been cracked by attackers and released to the network for free. Attackers can steal core code or important information from software, making it difficult to secure intellectual property rights and limiting the rapid growth of the software industry. Having powerful and rich class libraries can greatly improve the development efficiency of software developers. More and more code is being written in the Python language, and the bytecode of Python can be easily cracked by existing decompilation tools. In order to solve the above problems, this paper studies the existing code confusion technology, and implements a Python code confusion system based on layout confusion and control confusion design. This confusion system can make it more difficult for an attacker to crack Python code. The main work is as follows: 1) analyze the code confusion technology. First, introduce the layout confusion, data confusion, prevention confusion, control confusion, which are included in code confusion. Then, the four evaluation criteria of code confusion are described. The following four criteria will be used to evaluate the Python code confusion system designed in this paper.) the opaque predicates and flattening control flow algorithms used in this paper will be analyzed. The problems in Logistic and En_Logistic chaotic maps are analyzed, and the piecewise Logistic chaotic maps that will be used in the code confusion system designed in this paper are given. It overcomes the shortcomings of the first two mappings, which are insensitive to initial values and easy to produce small region aggregation. Then, the definition of opaque predicates is introduced. A method of constructing chaotic opaque predicates using chaotic mapping is presented. Finally, the defects in the existing flattening control flow algorithms are analyzed to implement the Python code confusion system designed in this paper. The layout confusion used in the system is introduced. Secondly, the opaque predicate algorithm based on congruence equation and the N-state opaque predicate algorithm based on piecewise Logistic chaotic mapping are proposed and implemented. Then, an improved flattening control flow algorithm is proposed, which overcomes the defects of the existing flattening control flow algorithms. The algorithm of controlling confusion and layout confusion is implemented in the code confusion system. The experiment and analysis of the Python code confusion system designed in this paper are carried out. The code confusion system is experimented with, The experimental results show that the Python code confusion system designed by using layout confusion and control obfuscation algorithm can ensure the correctness of the obfuscation code. Compared with the existing algorithms, it has better balance, lower extra time cost when calculating the output of opaque predicates, and has high security, strength, endurance and concealment. It can effectively increase the difficulty of the attacker to break the code, at the same time, there is a certain amount of time and space overhead.
【學(xué)位授予單位】：中國(guó)科學(xué)技術(shù)大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP311.5;TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前5條

1 吳偉民;林水明;林志毅;;一種基于混沌不透明謂詞的壓扁控制流算法[J];計(jì)算機(jī)科學(xué);2015年05期

2 陳代梅;范希輝;朱靜;汪玉美;;基于同余方程和中國(guó)剩余定理的混淆算法[J];計(jì)算機(jī)應(yīng)用研究;2015年02期

3 蘇慶;吳偉民;李忠良;李景j;陳為德;;混沌不透明謂詞在代碼混淆中的研究與應(yīng)用[J];計(jì)算機(jī)科學(xué);2013年06期

4 楊樂(lè);周強(qiáng)強(qiáng);薛錦云;;基于垃圾代碼的控制流混淆算法[J];計(jì)算機(jī)工程;2011年12期

5 范九倫;張雪鋒;;分段Logistic混沌映射及其性能分析[J];電子學(xué)報(bào);2009年04期

，

本文編號(hào)：1635765