###
Journal of Software:2015.26(6):1322-1339

一种具有时间多样性的虚拟机软件保护方法
房鼎益,赵媛,王怀军,顾元祥,许广莲
(西北大学 信息科学与技术学院, 陕西 西安 710127;西北大学-爱迪德信息安全联合实验室, 陕西 西安 710127;西北大学-爱迪德信息安全联合实验室, 陕西 西安 710127;西安理工大学 计算机科学与工程学院, 陕西 西安 710048;西北大学-爱迪德信息安全联合实验室, 陕西 西安 710127;爱迪德技术(北京)有限公司, 北京 100125)
Software Protection Based on Virtual Machine with Time Diversity
FANG Ding-Yi,ZHAO Yuan,WANG Huai-Jun,GU Yuan-Xiang,XU Guang-Lian
(School of Information Science and Technology, Northwest University, Xi'an 710127, China;NWU-Irdeto Network-Information Security Joint Laboratory (NISL), Xi'an 710127, China;NWU-Irdeto Network-Information Security Joint Laboratory (NISL), Xi'an 710127, China;School of Computer Science and Engineering, Xi'an University of Technology, Xi'an 710048, China;NWU-Irdeto Network-Information Security Joint Laboratory (NISL), Xi'an 710127, China;Irdeto Access Technology (Beijing) Co. Ltd., Beijing 100125, China)
Abstract
Chart / table
Reference
Similar Articles
Article :Browse 1846   Download 2218
Received:March 29, 2013    Revised:March 07, 2014
> 中文摘要: 软件核心算法防逆向保护,是软件研发乃至软件产业发展的迫切需求,也是当前软件安全研究领域的热点之一.虚拟机软件保护作为一种保护强度高、商业应用广的技术,已被用于软件核心算法保护,并在很大程度上能够抵御攻击者的逆向分析.但这种保护方法难以抵御累积攻击,无法提供更加持久的保护.时间多样性是指一个软件在不同时间被执行时,执行路径不同,主要用于抵御累积攻击.将时间多样性与虚拟机软件保护相结合,提出了一种具有时间多样性的虚拟机软件保护方法,称为TDVMP.在TDVMP中,通过构造多条相异的执行路径,使得被保护软件在不同次执行时,能够动态选取不同执行路径,从而极大地增加了攻击者进行累积的核心算法逆向分析攻击的难度.同时,对于TDVMP设计中的关键问题,比如多执行路径的构造与选择等进行了详细讨论.此外,提出了时间多样性保护效果的评价指标,并给出了其度量及计算方法.以所实现的原型系统为基础,通过一组具有一定实用价值的实例,对所提出的方法进行了测试、实验.结果表明,TDVMP对于软件核心算法防逆向保护是有效且实用的.
Abstract:Anti-Reversing protection for persistent and high-insensitive software core algorithm has become an insistent demand for the research of software security and even for the whole software industry. Virtual machine based software protection has been widely used to protect the core algorithm from being reversed, but it is not sufficient for the current method to defend against cumulative attack and thus cannot provide long-term effective protection. Time diversity is used to fight against cumulative attack to allow software to execute along variant paths in different running time. A virtual machine based software protection method with time diversity, called TDVMP, is proposed in the paper. The key idea of the method is to construct multiple execution paths with equivalent semantics leading to dynamically variant execution paths in running time. Main design issues of TDVMP, such as construction and selection of multiple execution paths, are discussed in detail. Furthermore, a metric named variation of execution paths to evaluate the effectiveness of time diversity is proposed, and the methods to measure and compute the metric are also presented. A prototype of TDVMP is implemented, and upon which the experiments are carried out with a set of practical use cases. Experiment results show that TDVMP is effective and applicable for core algorithm anti-reversing protection.
文章编号:     中图分类号:    文献标志码:
基金项目:国家自然科学基金(61070176, 61170218, 61272461); 教育部高等学校博士学科点专项科研基金(20106101110018); 陕西省科技攻关计划(2011K06-07) 国家自然科学基金(61070176, 61170218, 61272461); 教育部高等学校博士学科点专项科研基金(20106101110018); 陕西省科技攻关计划(2011K06-07)
Foundation items:
Reference text:

房鼎益,赵媛,王怀军,顾元祥,许广莲.一种具有时间多样性的虚拟机软件保护方法.软件学报,2015,26(6):1322-1339

FANG Ding-Yi,ZHAO Yuan,WANG Huai-Jun,GU Yuan-Xiang,XU Guang-Lian.Software Protection Based on Virtual Machine with Time Diversity.Journal of Software,2015,26(6):1322-1339