引用本文
  • 黄庆佳,陈家宇,张伟娟,周梦婷,唐静,贾晓启.基于滑动窗口的代码虚拟化保护方法[J].信息安全学报,已采用    [点击复制]
  • HUANG Qingjia,CHEN Jiayu,ZHANG Weijuan,ZHOU Mengting,TANG Jing,JIA Xiaoqi.Code Virtualization Protection Method Based on Sliding Window[J].Journal of Cyber Security,Accept   [点击复制]
【打印本页】 【在线阅读全文】【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

过刊浏览    高级检索

本文已被:浏览 421次   下载 0  
基于滑动窗口的代码虚拟化保护方法
黄庆佳, 陈家宇, 张伟娟, 周梦婷, 唐静, 贾晓启
0
(中国科学院信息工程研究所 北京中国)
摘要:
随着软件行业的蓬勃发展,软件规模在不断扩大的同时,软件本身面临日益严重的安全威胁。攻击者可以通过逆向工程等技巧,对软件的核心算法和具体功能进行分析,达到破解软件等目的。常用的软件保护方法强度太低,无法有效对抗这些分析。代码虚拟化作为一种新型的软件保护方法,在近些年被提出。其核心是对原始指令进行虚拟化,虚拟指令通过内嵌的自定义解释器进行解释执行,并配合代码混淆和加壳保护等技术,有效提高了静态分析的难度。但代码虚拟化也存在着一些不足,本文讨论了攻击者的逆向分析技巧和各类提出的代码虚拟化保护方法,认为现有方法中仍存在代码加密粒度粗,以及对抗动态分析能力弱等缺陷。为此,本文提出将虚拟指令作为整个保护方法的核心,设计了一种基于滑动窗口的代码虚拟化保护方法,以实现更细粒度的代码加解密过程。整个滑动窗口的模型由解密、执行、加密和滑动四种状态构成,互相配合以实现对虚拟指令的运行时保护。并利用完整性校验的方法,实现密钥动态生成机制,降低密钥泄露的可能性。理论分析和实验结果显示,滑动窗口模型提高了代码加密粒度,且窗口大小可根据情况进行调整,方法对程序运行的性能影响较小。实验最后还验证了模型对抗动态调试、代码注入和内存转储等攻击方式的有效性,证明方法进一步增加了攻击者理解语义和逆向分析的难度。
关键词:  代码虚拟化  滑动窗口  虚拟指令
DOI:
投稿时间:2021-10-22修订日期:2021-12-19
基金项目:中国科学院战略性先导科技专项(C类)(课题编号XDC02010900)和国家重点研发计划(课题编号2019YFB1005201)
Code Virtualization Protection Method Based on Sliding Window
HUANG Qingjia, CHEN Jiayu, ZHANG Weijuan, ZHOU Mengting, TANG Jing, JIA Xiaoqi
(Institute of Information Engineering,Chinese Academy of Sciences)
Abstract:
With the vigorous development of the software industry, while the scale of software continues to expand, the soft-ware itself is facing increasingly serious security threats. Attackers can analyze the core algorithms and specific functions of the software through techniques such as reverse engineering to achieve the purpose of cracking the software. The commonly used software protection methods are too weak to effectively counter these analyses. As a new type of software protection method, code virtualization has been proposed in recent years. Its core is to virtu-alize the original instructions. The virtual instructions are interpreted and executed through a built-in custom inter-preter, combined with technologies such as code obfuscation and shell protection, which effectively increase the difficulty of static analysis. However, code virtualization also has some shortcomings. This article discusses the attacker’s reverse analysis techniques and various proposed code virtualization protection methods. It is believed that the existing methods still have coarse code encryption granularity and weak anti-dynamic analysis capabilities. In order to solve this problem, this paper proposes to take virtual instructions as the core of the entire protection method, and designs a sliding window-based code virtualization protection method to achieve a more fine-grained code encryption and decryption process. The entire sliding window model is composed of four states: decryption, execution, encryption and sliding, which cooperate with each other to realize the runtime protection of virtual in-structions. And use the method of integrity verification to realize the dynamic key generation mechanism and re-duce the possibility of key leakage. Theoretical analysis and experimental results show that the sliding window model improves the code encryption granularity, and the window size can be adjusted according to the situation. The method has less impact on the performance of the program. At the end of the experiment, the effectiveness of the model against attacks such as dynamic debugging, code injection, and memory dumping was also verified, and the proof method further increased the difficulty for attackers to understand semantics and reverse analysis.
Key words:  code virtualization  sliding window  virtual instruction