电子学报 ›› 2015, Vol. 43 ›› Issue (5): 870-878.DOI: 10.3969/j.issn.0372-2112.2015.05.006

• 学术论文 • 上一篇    下一篇

一种抵抗符号执行的路径分支混淆技术

王志, 贾春福, 刘伟杰, 王晓初, 张海宁, 于晓旭, 陈喆   

  1. 南开大学 计算机与控制工程学院, 天津 300071
  • 收稿日期:2014-02-24 修回日期:2014-08-04 出版日期:2015-05-25
    • 通讯作者:
    • 贾春福
    • 作者简介:
    • 王志 男,1981年8月出生,山西长治人,现为南开大学计算机与控制工程学院讲师,主要研究方向为二进制代码混淆和恶意代码分析与防治.E-mail:zwang@nankai.edu.cn
    • 基金资助:
    • 国家自然科学基金 (No.61300242,No.61272423,No.60973141); 国家“973”重点基础研究发展计划 (No.2013CB834204); 中央高校基本科研业务费专项资金 (No.65121012); 南开大学-腾讯联合项目

Branch Obfuscation to Combat Symbolic Execution

WANG Zhi, JIA Chun-fu, LIU Wei-jie, WANG Xiao-chu, ZHANG Hai-ning, YU Xiao-xu, CHEN Zhe   

  1. College of Computer and Control Engineering, Nankai University, Tianjin 300071, China
  • Received:2014-02-24 Revised:2014-08-04 Online:2015-05-25 Published:2015-05-25
    • Supported by:
    • National Natural Science Foundation of China (No.61300242, No.61272423, No.60973141); National Key Basic Research Program of China  (973 Program) (No.2013CB834204); Fundamental Research Funds for the Central Universities (No.65121012); Nankai University-Tencent Joint Project

摘要:

程序在动态执行过程中泄露了大量的路径分支信息,这些路径分支信息是其内部逻辑关系的二进制表示.符号执行技术可以自动地收集并推理程序执行过程所泄露的路径信息,可用于逆向工程并可削弱代码混淆的保护强度.哈希函数可以有效保护基于等于关系的路径分支信息,但是难以保护基于上下边界判断的不等关系的路径分支信息.将保留前缀算法与哈希函数相结合提出了一种新的路径分支混淆技术,将符号执行推理路径分支信息的难度等价到逆向推理哈希函数的难度.该路径分支混淆方法在SPECint-2006程序测试集上进行了实验,试验结果表明该混淆方法能有效保护程序路径分支信息,具有实用性.

关键词: 代码混淆, 符号执行, 哈希函数, 保留前缀加密

Abstract:

At run time,a large number of program branching information is leaked.Branching information is the binary representation of program internal logic.Symbolic execution could automatically collect and reason about the leaked branch information,which could be used for reverse engineering and weaken the strength of code obfuscation.Hash function can effectively safeguard equal branch conditions,but it can't be used to protect branching information containing unequal trigger conditions,such as greater than or less than.In this paper,a new branch obfuscation approach combining prefix-preserving algorithm and hash function,which extends the protection scope of hash function.The strength and resilience of the branch obfuscation are discussed.This branch obfuscation approach has been tested on 7 programs from the SPECint-2006 benchmark suite,and the experimental results show that this approach could effectively mitigate branch information leaking,yet practical in terms of performance.

Key words: code obfuscation, symbolic execution, Hash function, prefix-preserving encryption

中图分类号: