| 引用本文: |
-
秦婷,宋振宇,黄庆佳,贾晓启,杜海超,郭璇,王睿怡.基于Intel SGX的动态条件代码混淆方法[J].信息安全学报,已采用 [点击复制]
- QinTing,Song zhenyu,Huang qingjia,Jia xiaoqi,Du haichao,Guo xuan,Wang ruiyi.Conditional Code Dynamic Obfuscation Method based on Intel SGX[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 知识产权的保护对工程应用和学术研究具有实际意义,尤其是在软件产业蓬勃发展的时代。近些年来,很多基于软件混淆的方法被提出用于保护专有代码免受逆向工程的威胁,其中,控制流混淆和密码学机制是两种最直接的方法。控制流混淆通过转移条件或分支的方法来隐藏控制流,但无法防止通过分析控制流上下文来推断控制流。基于密码学机制的方案通过对可执行文件进行编码或加密,在运行时解密以保证静态时的机密性。但其加密粒度过粗,解密后的代码整体暴露在内存中,难以防止内存转储攻击,并且缺乏对解密函数进行保护,跟踪解密函数会威胁到密钥安全性,导致其抵抗动态分析的能力较弱。可信执行环境可以有效地防止动态分析,CFHider是一种基于可信执行环境辅助的方法来保证程序的机密性,将控制流信息从程序中分离出来并转移到Enclave中,利用Intel SGX支持的Enclave为控制流机密性提供了强大的安全保证,但其仍存在保护范围过小的问题。本文对CFHider进行增强,提出了一种基于Intel SGX的动态条件代码混淆方法。保留了将条件从程序中分离的基本策略,并对条件代码进行加密,通过在运行时重新加密条件代码来进一步减少代码在内存中的暴露时间。通过对无条件分支进行变体进一步混淆程序,还提出一种三维密钥的即时性生成机制来保证密钥的安全性。理论分析和实验结果表明,本文方法有效地提高了程序的复杂性和机密性,并引入了可接受的性能开销。 |
| 关键词: Intel SGX 控制流混淆 动态加密 条件代码 |
| DOI: |
| 投稿时间:2022-11-28修订日期:2023-02-16 |
| 基金项目:中国科学院网络测评技术重点实验室资助项目、网络安全防护技术北京市重点实验室资助项目、国家重点研发计划项目(课题编号:2019YFB1005201)、 国家重点研发计划项目(课题编号:2021YFB2910109)、中国科学院战略性先导科技专项(C类)(课题编号:XDC02010900)、 国家自然科学基金面上项目(项目批准号:61772078) |
|
| Conditional Code Dynamic Obfuscation Method based on Intel SGX |
|
QinTing, Song zhenyu, Huang qingjia, Jia xiaoqi, Du haichao, Guo xuan, Wang ruiyi
|
| (Institute of Information Engineering, Chinese Academy of Sciences) |
| Abstract: |
| The protection of intellectual property has practical significance for engineering applications and academic research, especially in the era of booming software industry. In recent years, many methods based on software obfuscation have been proposed to protect proprietary code from the threat of reverse engineering. Among them, control flow obfuscation and cryptography are the two most direct methods. Control flow obfuscation can hide control flow by means of transition conditions or branches, but it cannot prevent control flow from being inferred by analyzing the control flow context. The scheme based on the cryptography mechanism guarantees the confidentiality at static time by encoding or encrypting the executable file and decrypting it at runtime. But its ability to resist dynamic analysis is weak. The encryption granularity is too coarse, and the entire decrypted code is exposed in the memory, which is difficult to prevent memory dump attacks. The decryption function is not protected, and tracking the decryption function would threaten the security of the key. The trusted execution environment can effectively prevent dynamic analysis. CFHider is a method based on the trusted exe-cution environment to ensure the confidentiality of the program, which separates the control flow information from the program and transfers it to the Enclave, using the Enclave supported by Intel SGX. And it provides strong security guar-antees for control flow confidentiality, but it still has the problem of too small protection scope. This paper enhances CFHider and proposes a dynamic conditional code obfuscation method based on Intel SGX. Retains the basic strategy of decoupling the condition from the program and encrypts the condition code, further reduces the time exposure of the code in memory by re-encrypting the condition code at runtime. A variant of the unconditional branch is used to further obfuscate the control flow, and an instant generation mechanism of three-dimensional keys is proposed to ensure the security of keys. Theoretical analysis and experimental results show that the method in this paper effectively increases the complexity and confidentiality of the program, and introduces acceptable performance overhead. |
| Key words: Intel SGX, control flow obfuscation, dynamic encryption, conditional code |
