白盒环境中防动态攻击的软件保护方法研究

doi:10.3969/j.iss.0372-2012-2014.03.017

电子学报 ›› 2014, Vol. 42 ›› Issue (3): 529-537.DOI: 10.3969/j.iss.0372-2012-2014.03.017

白盒环境中防动态攻击的软件保护方法研究

王怀军, 房鼎益, 董浩, 陈晓江, 汤战勇

西北大学信息科学与技术学院, 西北大学-爱迪德信息安全联合实验室, 陕西西安 710127

收稿日期:2013-04-01 修回日期:2013-10-20 出版日期:2014-03-25
- 作者简介:
- 王怀军 男，1981年6月出生，山东滕州人.博士生，主要研究领域为软件安全与保护，软件攻击技术，软件保护方法有效性评测
- 基金资助:
- 教育部科学技术研究重点项目 (No.21181）; 教育部博士点基金 (No.20106101110018）; 国家科技支撑计划课题 (No.2013BAK02B02）; 国家自科学基金 (No.61070176，No.61170218，No.61272461，No.61202393）; 陕西省科技攻关 (No.2011K06-07，No.2012K06-17）; 陕西省科技计划 (No.2011K06-09）; 陕西省教育厅产业化培育项目 (No.2011jg06）; 陕西省自然科学基础研究计划 (No.2012JQ8049）

Research on Software Protection Defending Dynamic Attack in White-Box Environment

WANG Huai-jun, FANG Ding-yi, DONG Hao, CHEN Xiao-jiang, TANG Zhan-yong

NWU-Irdeto Network-Information Security Joint Laboratory(NISL), Department of Information Science, Northwest University, Xi'an, Shaanxi 710127, China

Received:2013-04-01 Revised:2013-10-20 Online:2014-03-25 Published:2014-03-25
- Supported by:
- Key Project of Chinese Ministry of Education of China (No.21181); Ph.D. Programs Foundation of Ministry of Education of China (No.20106101110018); Subject of National Key Technology R&D Program (No.2013BAK02B02); National Natural Science Fund (No.61070176, No.61170218, No.61272461, No.61202393); Key Technology Research and Development Program of Shaanxi Province (No.2011K06-07, No.2012K06-17); Science Technology Project of Shaanxi Province (No.2011K06-09); Industrial Project of Education Department of Shaanxi Province (No.2011jg06); Natural Science Basic Research Priorities Program of Shaanxi Province (No.2012JQ8049)

摘要/Abstract

摘要： 运行态软件常常面临着核心算法被逆向和机密信息被泄漏的严峻威胁，急需研究有效的防动态攻击的软件保护方法.本文包含两方面研究内容：（1）对现有防动态攻击的软件保护方法进行深入分析和综合比较，针对当前主流的防动态攻击的四类保护方法，从实现难度，性能影响和安全性三个指标进行综合对比；（2）通过实例介绍我们在防动态攻击的软件保护方面两项研究工作.分别研究了基于变形引擎的动态软件保护方法和一种安全性增强的虚拟机软件保护方法.

关键词: 白盒环境, 防动态攻击, 软件保护, 虚拟机软件保护

Abstract: Running software often faces serious threats,for example,the core algorithm is reversed or confidential information is leaked.So,it is needed to study effective protection methods against dynamic attack.The paper includes two aspects.First,do in-depth analysis and comprehensive comparison of the existing method of software protection against dynamic attacks.According to four mainstream software protection methods against anti-dynamic attack,we do comprehensive comparison of these four protection methods from three indicators of implementation difficulty,performance impact and security.Second,Introduce the work of our two studies in software protection against anti-dynamic attacks through examples.They are a software protection method based on dynamic deformation engine and a security-enhanced software protection based on virtual machine.

Key words: white-box attack environment, anti-dynamic attack, software protection, virtual machine based software protection

中图分类号:

TP309.7

王怀军, 房鼎益, 董浩, 等. 白盒环境中防动态攻击的软件保护方法研究[J]. 电子学报, 2014, 42(3): 529-537.

WANG Huai-jun, FANG Ding-yi, DONG Hao, et al. Research on Software Protection Defending Dynamic Attack in White-Box Environment[J]. Acta Electronica Sinica, 2014, 42(3): 529-537.

参考文献

[1] Chow S, Eisen P, Johnson H, Van Oorschot P.A white-box DES implementation for DRM applications[A].Revised Papers of ACM CCS-9 Workshop, DRM[C].Berlin, Heidelberg:Springer-Verlag, 2003, 2696:1-15.

[2] Madou M, Anckaert B, De Sutter B, De Bosschere K.Hybrid static-dynamic attacks against software protection mechanisms[A].Proceedings of the 5th ACM Workshop on Digital Rights Managemen[C].New York, US:ACM, 2005.75-82.

[3] Gu Y X, Larose G, Liem C.Software protection patterns:A new language of security[A].Proceedings of ACM SIGPLAN Software Security and Protection Workshop[C].Beijing, China:ACM, 2011.1-5.

[4] Dube T E, Birrer B D, Raines R A, Baldwin R O, Mullins B E, Bennington R W, Reuter C E.Hindering reverse engineering:Thinking outside the box[J].IEEE Security & Privacy, 2008, 6(2):58-65.

[5] Collberg C, Nagra J, Myilibrary.Surreptitious Software:Obfuscation, Watermarking, and Tamperproofing for Software Protection[M].USA:Addison-Wesley Professional, 2010.

[6] 段钢.加密与解密[M].第三版.北京:电子工业出版社, 2009.

[7] Suzaki K, Iijima K, Yagi T, Artho C.Software side channel attack on memory deduplication[A].Proceedings of the 23rd ACM Symposium on Operating Systems Principles, Poster[C].Cascais, Portugal:ACM, 2011.1-5.

[8] Kanzaki Y, Monden A, Nakamura M, Matsumoto K.Exploiting self-modification mechanism for program protection[A].Proceedings of the 27th IEEE Computer Software and Applications Conference[C].Dallas, USA:IEEE, 2003.170-179.

[9] Kanzaki Y, Monden A, Nakamura M, Matsumoto K.Program camouflage:A systematic instruction hiding method for protecting secrets[A].Proceedings of World Academy of Science, Engineering and Technology[C].Heidelberg, Germany:WASET, 2008.557-563.

[10] Kanzaki Y, Monden A.A software protection method based on time-sensitive code and self-modification mechanism[A].Proceedings of the IASTED International Conferences on Informatics Software Engineering and Applications (SEA)[C].Marina Del Rey, USA:EBSCO, 2010.325-331.

[11] Madou M, Anckacrt B, Moseley P, Debray S, De Sutter B, De Bosschere K.Software protection through dynamic code mutaion[A].Proceedings of the 6th International Conference on Information Security Applications[C].Berlin, Heidelberg:Springer-Verlag, 2006.194-206.

[12] Wu Y, Zhao Z, Chui T.An attack on SMC-based software protection[J].Proceedings of the 8th Intermational Conference on Information and Communications Security[C].Heidelberg:Springer-Verlag, 2006, 4307:352-368.

[13] Dux B, Iyer A, Debray S, Forrester D, Kobourov S.Visualizing the behavior of dynamically modifiable code[A].Proceedings of 13th International Workshop on Program Comprehension (IWPC)[C].Louis, MO, USA:IEEE, 2005.337-340.

[14] Collberg C, Thomborson C, Low D.A taxonomy of obfuscating transformations[R].New Zealand:The University of Auckland, 1997, 1173-3500.

[15] Barak B, Goldreich O, Impagliazzo R, Rudich S, Sahai A, Vadhan S, Yang K.On the (im) possibility of obfuscating programs[A].Advances in Cryptology, CRYPTO'01, LNCS 2139[C].California, USA:Springer Verlag, 2010.1-18.

[16] Chow S, Eisen P, Johnson H, Van Oorschot P.White-box cryptography and an AES implementation[A].Proceedings of the 9th Annual International Workshop on Selected Areas in Cryptography[C].London, UK:Springer-Verlag, 2003.250-270.

[17] Jacob M, Boneh D, Felten E.Attacking an obfuscated cipher by injecting faults[A].Proceedings of ACM CCS-9 Workshop Digital Rights Management[C].London, UK:Springer-Verlag, 2003.16-31.

[18] Billet O, Gilbert H, Ech-Chatbi C.Cryptanalysis of a white box AES implementation[A].Proceedings of the 11th International Conference on Selected Areas in Cryptography[C].India:Springer-Verlag, 2005.227-240.

[19] Link H E, Neumann W D.Clarifying obfuscation:Improving the security of white-box encoding[A].Proceedings of International Conference on Information Technology:Coding and Computing-ITCC[C].Washington, DC:Springer, 2005.679-684.

[20] Wyseur B, Michiels W, Gorissen P, Preneel B.Cryptanalysis of white-box DES implementations with arbitrary external encodings[A].Proceedings of the 14th International Workshop on Selected Areas in Cryptography[C].Ottawa, Canada:Springer, 2007.264-277.

[21] Bringer J, Chabanne H, Dottax E.White box cryptography:Another attempt[J].IACR Cryptology ePrint Archive, 2006, 22(2011):468-482.

[22] Yaying X, Xuejia L.A secure implementation of white-box AES[A].Proceedings of the 2009 2nd International Conference on Computer Science and its Applocations[C].Jeju, Korea:IEEE eXpress Conference Publishing, 2009.410-415.

[23] Birrer B D, Raines R A, Baldwin R O, Mullins B E, Bennington R W.Program fragmentation as a metamorphic software protection[A].Proceedings of the Third International Symposium on Information Assurance and Security[C].USA:IEEE Computer Society, 2007.369-374.

[24] Oreans.Code Virtualizer[OL].http://www.oreans.com/codevirtualizer.php, 2013.

[25] Collberg C, Thomborson C, Low D.Breaking abstractions and unstructuring data structures[A].Proceedings of International Conference on Computer Languages[C].Chicago, IL:IEEE Computer Society, 1998.28-38.

[26] Anckaert B, Jakubowski M H, Venkatesan R, Saw C W N.Practical data location obfuscation[R].USA:Microsoft, 2009.

[27] Falk R, Goudalo W, Chen E Y, Savola R, Popescu M, Anckaert B, Jakubowski M H, Venkatesan R, Saw C W.Runtime protection via datflow flattening[A].Proceeings of the Third International Conference on Emerging Security Information, Systems and Technologies (SECURWARE)[C].Washington DC:IEEE Computer Society, 2009.242-248.

[28] 李顺东, 王道顺.基于同态加密的高效多方保密计算[J].电子学报, 2013, 41(4):798-803 Li Shundong, Wang Daoshun.Efficient secure multiparty computation based on homomorphic encryption[J].Acta Electronica Sinica, 2013, 41(4):798-803.(in Chinese)

[29] Maude T, Maude D.Hardware protection against software piracy[J].Communications of the ACM, 1984, 27(9):950-959.

[30] Herzberg A, Shulman H, Saxena A, Crispo B.Towards a theory of white-box security[J].Emerging Challenges for Security, Privacy and Trust, 2009, 297:342-352.

[31] Herzberg A, Shulman H.Robust combiners for software hardening[J].Proceedings of the Third International Conference on Trust and Trustworthy Computing[C].Berlin, Heidelberg:Springer-Varlag, 2010, 6101:282-289.

[32] Oreans Technologies.Themida[OL].http://www.oreans.com/themida.php, 2012.

[33] Co.VMProtect.VMProtect[OL].http://vmpsoft.com, 2012.

[34] Co.ASProtect.ASProtect[OL].http://www.aspack.com, 2012.

[35] Fang H, Wu Y, Wang S, Huang Y.Multi-stage binary code obfuscation using improved virtual machine[A].Proceedings of the 14th International Conference on Information Security[C].Xi'an, China:Berlin Springer-Verlag, 2011.168-181.

[36] Blunden B.Virtual Machine Design and Implementation in C/C++[M].USA:Wordware Pub, 2002.

[37] Sharif M, Lanzi A, Giffin J, Lee W.Automatic reverse engineering of malware emulators[A].Proceeings of the 30th IEEE Symposium on Security and Privacy[C].Oakland, California:IEEE Computer Society, 2009.94-109.

[38] Rolles R.Unpacking virtualization obfuscators[A].Proceeings of the 3rd USENIX Workshop on Offensive Technologies(WOOT)[C].Montreal, Canada:ACM, 2009.1-17.

[39] Protections H B.A survey of anti-tamper technologies[J].CrossTalk:The Journal of Defense Software Engineering, 2004, 12(11):12-16.

[40] 王朝坤, 付军宁, 王建民, 余志伟.软件防篡改技术综述[J].计算机研究与发展, 2011, 48(6):923-933. Qiankun Wang, Junning Fu, Jianmin Wang, Zhiwei Yu.Survey of software tamper proofing technique[J].Journal of Computer Research and Development, 2011, 48(6):923-933.(in Chinese)

[41] Anckaert B, Jakubowski M, Venkatesan R, De Bosschere K.Run-time randomization to mitigate tampering[J].Advances in Information and Computer Security, 2007, 4752:153-168.

[42] Li D, Hu Y, Hu X, Ling H.Self-checking tamper-proofing based on software behavior model[A].Proceeings of the Fourth International Conference on Frontier of Computer Science and Technology[C].Shanghai, China:IEEE Computer Society, 2009.639-643.

[43] Chang H, Atallah M.Protecting software code by guards[A].Proceedings of the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management[C].London, UK:Springer-Verlag, 2002.160-175.

[44] Dedic[DD(]＇[DD)] N, Jakubowski M, Venkatesan R.A graph game model for software tamper protection[A].Proceedings of the 9th International Workshop on Information Hiding[C].Saint, Malo:Springer-Verlag, 2007.80-95.

[45] Abadi M, Budiu M, Erlingsson, Ligatti J.Control-flow integrity principles, implementations, and applications[J].ACM Transactions on Information and System Security (TISSEC), 2009, 13(1):1-40.

[46] Gilbert B, Kemmerer R, Kruegel C, Vigna G.Dymo:Tracking dynamic code identity[A].Proceeings of the 14th International Symposium, RAID[C].Menlo Park, CA:Springer-Verlag, 2011.21-40.

[47] Gagnon M N, Taylor S, Ghosh A K.Software protection through anti-debugging[J].IEEE Security & Privacy, 2007, 5(3):82-84.

[48] Sikorski M, Honig A.Practical Malware Analysis:The Hands-On Guide to Dissecting Malicious Software[M].USA:No Starch Press.2012.

[49] Schneider T.Hardening registration number protection schemes against reverse code engineering with multithreaded petri nets[A].Proceedings of Recon[C].Montreal, Canada:Recon, 2005.1-7.

[50] 王蕊, 苏璞睿, 杨轶, 冯登国.一种抗混淆的恶意代码变种识别系统[J].电子学报, 2011, 39(10):2322-2331. Wang Rui, Su Purui, Yang Yi, Feng Dengguo.An anti-obfuscation malware variants identification system[J].Acta Electronica Sinica, 2011, 39(10):2322-2331.(in Chinese)

白盒环境中防动态攻击的软件保护方法研究

Research on Software Protection Defending Dynamic Attack in White-Box Environment

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	郭庆, 田有亮, 万良. 基于代理重加密的区块链数据受控共享方案[J]. 电子学报, 2023, 51(2): 477-488.
[2]	王经纬, 吴静雯, 殷新春. 抗共谋攻击的多授权电子健康记录共享方案[J]. 电子学报, 2023, (): 1-8.
[3]	杨小东, 周航, 汪志松, 袁森, 王彩芬. 基于区块链的无线体域网无证书密文等值测试签密方案[J]. 电子学报, 2022, (): 1-11.
[4]	李玮, 张雨希, 谷大武, 张金煜, 朱晓铭, 刘春, 蔡天培, 李嘉耀. 轻量级密码MANTIS的唯密文故障分析[J]. 电子学报, 2022, 50(4): 967-976.
[5]	窦家维, 王颖囡, 葛雪. 区间关系保密计算若干问题研究[J]. 电子学报, 2021, 49(1): 50-57.
[6]	杜怡然, 李伟, 戴紫彬. PVHArray:一种流水可伸缩的层次化可重构密码逻辑阵列结构[J]. 电子学报, 2020, 48(4): 781-789.
[7]	杨启良, 周彦伟, 杨坤伟, 王涛. 标准模型下可公开验证的匿名IBE方案的安全性分析[J]. 电子学报, 2020, 48(2): 291-295.
[8]	杨小东, 王美丁, 裴喜祯, 李雨潼, 陈春霖, 麻婷春. 一种标准模型下无证书签名方案的安全性分析与改进[J]. 电子学报, 2019, 47(9): 1972-1978.
[9]	刘良桂, 孙辉, 贾会玲, 张宇. 面向高效加密云数据排序搜索的类别分组索引方法[J]. 电子学报, 2019, 47(2): 331-336.
[10]	邵利平, 乐志芳. 多版本备份和限制性双重认证主密钥(t,s,k,n)图像分存[J]. 电子学报, 2019, 47(2): 390-403.
[11]	杜怡然, 南龙梅, 戴紫彬, 李伟. 可重构分组密码逻辑阵列加权度量模型及高能效映射算法[J]. 电子学报, 2019, 47(1): 82-91.
[12]	段然, 顾纯祥, 祝跃飞, 郑永辉, 陈莉. 一种NTRU格上基于身份全同态加密体制设计[J]. 电子学报, 2018, 46(10): 2410-2417.
[13]	窦家维, 李顺东. 数据相等问题的安全多方计算方案研究[J]. 电子学报, 2018, 46(5): 1107-1112.
[14]	李子臣, 张卷美, 杨亚涛, 张峰娟. 基于NTRU的全同态加密方案[J]. 电子学报, 2018, 46(4): 938-944.
[15]	王寿成, 李功丽, 严迎建, 徐进辉. 面向分组密码的四维度并行处理架构研究[J]. 电子学报, 2017, 45(10): 2457-2463.