###
工程科学与技术:2014,46(1):14-21
←前一篇   |   后一篇→
本文二维码信息
码上扫一扫!
基于变形的二进制代码混淆技术研究
(1.西北大学 信息科学与技术学院;2.西北大学-爱迪德物联网信息安全联合实验室)
ResearchonDeformationBasedBinaryCodeObfuscationTechnology
(1.SchoolofInfo.Sci.andTechnol.,NorthwestUniv.;2.NWU-Irdeto IoT-Info.SecurityJointLab.)
摘要
图/表
参考文献
相似文献
附件
本文已被:浏览 4131次   下载 103
投稿时间:2013-06-19    修订日期:2013-09-10
中文摘要: 二进制代码保护技术不受源码语言约束,适用性更广。结合等价变形、控制流混淆、动态加解密等技术,研究并实现了二进制代码混淆保护原型系统MEPE。在MEPE中,基于拆分或替换指令的操作,以及算术和逻辑等价式,设计等价变形规则及对应的等价变形模板函数,对二进制代码进行等价变形。通过理论分析,证明了变形的多样性效果;利用控制流混淆对变形后代码块进行“切片乱序”,由地址跳转表管理跳转地址,并通过动态加解密对其进行保护;深入分析循环体中被保护指令对时间开销的影响,提出了与指令循环深度相关联的迭代次数与切片粒度的计算方法。MEPE具有保护强度可调节、功能可扩展、保护效果多样、性能消耗低等特点。通过实验分析迭代次数、切片粒度对时间消耗的影响,验证了对循环体中被保护指令控制的作用和意义,以及保护效果的多样性。经过MEPE处理后的二进制代码在时间损耗较小的情况下,可有效增加攻击者静态和动态分析的难度,提高了二进制可执行代码的安全性。
Abstract:A binary code protection system, named MEPE, was developed. In MEPE, some functions were designed to substitute an original instruction with a functional equivalent sequence of instructions. Theoretical analysis showed that the binary code protected with this method would have diverse appearances. After deformation, the protected codes were fragmented into small snippets which were connected through jump instructions. The destination addresses of these jump instructions were managed by an address table, and the table itself was protected by the technique of dynamic encryption and decryption. Based on the analysis of the impact of instructions in loops on execution time , a tuning method was proposed to balance the effect of protection and time overhead. The experimental results and the analyses showed that the tuning method is effective and the protected codes are much more resistant to static and dynamic analysis.
文章编号:201300625     中图分类号:    文献标志码:
基金项目:教育部科学技术研究重点项目资助(211181);教育部博士点基金资助项目(20106101110018);国家科技支撑计划资助项目(2013BAK01B02);国家自然科学基金资助项目(61070176;61170218;61272461;61202393);陕西省科技攻关项目(2011K06-07;2012K06-17);陕西省科技计划资助项目(2011K06-09);陕西省教育厅产业化培育项目(2011jg06);陕西省自然科学基础研究计划资助项目(2012JQ8049)
作者简介:
引用文本:
王怀军,房鼎益,李光辉,张聪,姜河.基于变形的二进制代码混淆技术研究[J].工程科学与技术,2014,46(1):14-21.
Wang Huaijun,Fang Dingyi,Li Guanghui,Zhang Cong,Jiang He.ResearchonDeformationBasedBinaryCodeObfuscationTechnology[J].Advanced Engineering Sciences,2014,46(1):14-21.