| 一种具有时间多样性的虚拟机软件保护方法 |
| |
| 引用本文: | 房鼎益,赵媛,王怀军,顾元祥,许广莲.一种具有时间多样性的虚拟机软件保护方法[J].软件学报,2015,26(6):1322-1339. |
| |
| 作者姓名: | 房鼎益 赵媛 王怀军 顾元祥 许广莲 |
| |
| 作者单位: | 西北大学 信息科学与技术学院, 陕西 西安 710127;西北大学-爱迪德信息安全联合实验室, 陕西 西安 710127,西北大学 信息科学与技术学院, 陕西 西安 710127;西北大学-爱迪德信息安全联合实验室, 陕西 西安 710127,西北大学-爱迪德信息安全联合实验室, 陕西 西安 710127;西安理工大学 计算机科学与工程学院, 陕西 西安 710048,西北大学-爱迪德信息安全联合实验室, 陕西 西安 710127;爱迪德技术(北京)有限公司, 北京 100125,西北大学 信息科学与技术学院, 陕西 西安 710127;西北大学-爱迪德信息安全联合实验室, 陕西 西安 710127 |
| |
| 基金项目: | 国家自然科学基金(61070176, 61170218, 61272461); 教育部高等学校博士学科点专项科研基金(20106101110018); 陕西省科技攻关计划(2011K06-07) |
| |
| 摘 要: | 软件核心算法防逆向保护,是软件研发乃至软件产业发展的迫切需求,也是当前软件安全研究领域的热点之一.虚拟机软件保护作为一种保护强度高、商业应用广的技术,已被用于软件核心算法保护,并在很大程度上能够抵御攻击者的逆向分析.但这种保护方法难以抵御累积攻击,无法提供更加持久的保护.时间多样性是指一个软件在不同时间被执行时,执行路径不同,主要用于抵御累积攻击.将时间多样性与虚拟机软件保护相结合,提出了一种具有时间多样性的虚拟机软件保护方法,称为TDVMP.在TDVMP中,通过构造多条相异的执行路径,使得被保护软件在不同次执行时,能够动态选取不同执行路径,从而极大地增加了攻击者进行累积的核心算法逆向分析攻击的难度.同时,对于TDVMP设计中的关键问题,比如多执行路径的构造与选择等进行了详细讨论.此外,提出了时间多样性保护效果的评价指标,并给出了其度量及计算方法.以所实现的原型系统为基础,通过一组具有一定实用价值的实例,对所提出的方法进行了测试、实验.结果表明,TDVMP对于软件核心算法防逆向保护是有效且实用的.
|
| 关 键 词: | 时间多样性 虚拟机软件保护 累积攻击 执行路径差异 |
| 收稿时间: | 2013/3/29 0:00:00 |
| 修稿时间: | 3/7/2014 12:00:00 AM |
Software Protection Based on Virtual Machine with Time Diversity |
| |
| FANG Ding-Yi,ZHAO Yuan,WANG Huai-Jun,GU Yuan-Xiang and XU Guang-Lian.Software Protection Based on Virtual Machine with Time Diversity[J].Journal of Software,2015,26(6):1322-1339. |
| |
| Authors: | FANG Ding-Yi ZHAO Yuan WANG Huai-Jun GU Yuan-Xiang and XU Guang-Lian |
| |
| Affiliation: | School of Information Science and Technology, Northwest University, Xi'an 710127, China;NWU-Irdeto Network-Information Security Joint Laboratory (NISL), Xi'an 710127, China,School of Information Science and Technology, Northwest University, Xi'an 710127, China;NWU-Irdeto Network-Information Security Joint Laboratory (NISL), Xi'an 710127, China,NWU-Irdeto Network-Information Security Joint Laboratory (NISL), Xi'an 710127, China;School of Computer Science and Engineering, Xi'an University of Technology, Xi'an 710048, China,NWU-Irdeto Network-Information Security Joint Laboratory (NISL), Xi'an 710127, China;Irdeto Access Technology (Beijing) Co. Ltd., Beijing 100125, China and School of Information Science and Technology, Northwest University, Xi'an 710127, China;NWU-Irdeto Network-Information Security Joint Laboratory (NISL), Xi'an 710127, China |
| |
| Abstract: | Anti-Reversing protection for persistent and high-insensitive software core algorithm has become an insistent demand for the research of software security and even for the whole software industry. Virtual machine based software protection has been widely used to protect the core algorithm from being reversed, but it is not sufficient for the current method to defend against cumulative attack and thus cannot provide long-term effective protection. Time diversity is used to fight against cumulative attack to allow software to execute along variant paths in different running time. A virtual machine based software protection method with time diversity, called TDVMP, is proposed in the paper. The key idea of the method is to construct multiple execution paths with equivalent semantics leading to dynamically variant execution paths in running time. Main design issues of TDVMP, such as construction and selection of multiple execution paths, are discussed in detail. Furthermore, a metric named variation of execution paths to evaluate the effectiveness of time diversity is proposed, and the methods to measure and compute the metric are also presented. A prototype of TDVMP is implemented, and upon which the experiments are carried out with a set of practical use cases. Experiment results show that TDVMP is effective and applicable for core algorithm anti-reversing protection. |
| |
| Keywords: | time diversity VM-based software protection cumulative attack variation of execution path |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
