首页 | 本学科首页   官方微博 | 高级检索  
     

改进的基于底层虚拟机混淆器的指令混淆框架
引用本文:王雅仪,刘琛,黄天波,文伟平. 改进的基于底层虚拟机混淆器的指令混淆框架[J]. 计算机应用, 2023, 43(2): 490-498. DOI: 10.11772/j.issn.1001-9081.2021122234
作者姓名:王雅仪  刘琛  黄天波  文伟平
作者单位:北京大学 软件与微电子学院,北京 102600
基金项目:北京大学横向课题(2020001763)
摘    要:针对底层虚拟机混淆器(OLLVM)在指令混淆层面只支持指令替换一种算法,且仅支持5种运算符和13种替换方案的问题,设计了一种改进版的指令混淆框架InsObf,以加强OLLVM指令层面的混淆效果。InsObf包含指令加花和指令替换,其中指令加花首先对基本块的指令进行依赖分析,然后插入叠加跳转和虚假循环两种花指令;指令替换在OLLVM的基础上,拓展至13种运算符,共计52种指令替换方案。在底层虚拟机(LLVM)上实现了框架原型后,通过实验表明,与OLLVM相比,InsObf在时间开销增长约10个百分点,空间开销增长约20个百分点的情况下,圈复杂度和抗逆向能力均可提高近4倍;与同样基于OLLVM改进的Armariris和Hikari相比,InsObf在同一量级的时空开销下,可以提供更高的代码复杂度。因此,InsObf可提供指令层级的有效保护。

关 键 词:软件保护  代码混淆  指令混淆  底层虚拟机混淆器  指令加花  指令替换
收稿时间:2022-01-06
修稿时间:2022-05-20

Improved instruction obfuscation framework based on obfuscator low level virtual machine
Yayi WANG,Chen LIU,Tianbo HUANG,Weiping WEN. Improved instruction obfuscation framework based on obfuscator low level virtual machine[J]. Journal of Computer Applications, 2023, 43(2): 490-498. DOI: 10.11772/j.issn.1001-9081.2021122234
Authors:Yayi WANG  Chen LIU  Tianbo HUANG  Weiping WEN
Affiliation:School of Software and Microelectronics,Peking University,Beijing 102600,China
Abstract:Focusing on the issue that only one instruction substitution with 5 operators and 13 substitution schemes is supported in Obfuscator Low Level Virtual Machine (OLLVM) at the instruction obfuscation level, an improved instruction obfuscation framework InsObf was proposed. InsObf, including junk code insertion and instruction substitution, was able to enhance the obfuscation effect at the instruction level based on OLLVM. For junk code insertion, firstly, the dependency of the instruction inside the basic block was analyzed, and then two kinds of junk code, multiple jump and bogus loop, were inserted to disrupt the structure of the basic block. For instruction substitution, based on OLLVM, it was expanded to 13 operators, with 52 instruction substitution schemes. The framework prototype was implemented on Low Level Virtual Machine (LLVM). Experimental results show that compared to OLLVM, InsObf has the cyclomatic complexity and resilience increased by almost four times, with a time cost of about 10 percentage points and a space cost of about 20 percentage points higher. Moreover, InsObf can provide higher code complexity compared to Armariris and Hikari, which are also improved on the basis of OLLVM, at the same order of magnitude of time and space costs. Therefore, InsObf can provide effective protection at the instruction level.
Keywords:software protection  code obfuscation  instruction obfuscation  Obfuscator Low Level Virtual Machine (OLLVM)  junk code insertion  instruction substitution  
点击此处可从《计算机应用》浏览原始摘要信息
点击此处可从《计算机应用》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号