Please wait a minute...
浙江大学学报(工学版)
J4  2010, Vol. 44 Issue (5): 903-909    DOI: 10.3785/j.issn.1008-973X.2010.05.012
自动化技术、计算机技术     
基于交叉控制流混淆技术的编译方法
付剑晶1,2, 王珂1
1.浙江大学 遥感与信息技术应用研究所,浙江 杭州 310029;
2.浙江财经学院 信息技术学院,浙江 杭州 310018
Compiling method for obfuscation technology based on crossing
control-flow
FU Jian-jing1, 2, WANG Ke1
1.Institute of Remote Sensing and Information System, Zhejiang University, Hangzhou 310029,China;
2.School of Information Technology, Zhejiang University of Finances and Economics, Hangzhou 310018, China
 全文: PDF  HTML
摘要:

为了保护软件知识产权,阻止逆向工程和静态分析,研究内置迷惑技术的编译器.提出交叉控制流的代码迷惑技术以及应用这种技术的编译实现方案.给出if语句和while循环语句控制流交叉原理,产生多入口多出口控制块,使代码控制流复杂化.同时把被保护代码块放置于交叉控制块间,以达到隐蔽真实控制流的目的,因而能有效阻止自动反编译并增强软件分析的难度.由于源代码级不可形成控制交叉,给出内置此功能的兼容编译实现方法,使得程序员书写的代码简单而安全.经仿真和分析,提出的技术对代码具有很好的保护效果,编译后的目标指令有略微增加,而运行效率几乎不受影响.
Abstract:

 A compiler builtin obfuscating technology was developed in order to protect software intellectual property and keep from reverse engineering and static analysis. A crossing controlflow code obfuscation technology and the corresponding compiling solution were presented. The control crossing principle of If statement and While loop statement were given out, which produced the control blocks of multilevel exit and entry, so the code control flow became more complicated. Meanwhile, the protected code block was placed in the crossing control blocks to conceal the true control flow. Then the automatic anticompile can be effectively prevented and the difficulty of software analysis was enhanced. Because the crossing controlflow in source code level cannot be passed by compiler, a compatible compiling method of builtin functions was presented, which made programming simple and safe. The simulation and analysis results indicated that the technology had good protection effect for source code; the target code was slightly increased after compiled, and its running efficiency was almost not affected.
出版日期: 2012-03-19
:  TP 309  
基金资助:

国家“十一五”科技支撑计划资助项目(2006BAD10A07)
作者简介: 付剑晶(1976—),男,江西太和人,讲师,从事网络与信息安全研究.E-mail:fjjmsn@163.com
服务  
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章  

引用本文:

付剑晶, 王珂. 基于交叉控制流混淆技术的编译方法[J]. J4, 2010, 44(5): 903-909.

FU Jian-Jing, WANG Ke. Compiling method for obfuscation technology based on crossing
control-flow. J4, 2010, 44(5): 903-909.

链接本文:

http://www.zjujournals.com/eng/CN/10.3785/j.issn.1008-973X.2010.05.012        http://www.zjujournals.com/eng/CN/Y2010/V44/I5/903

[1] 芦斌,罗向阳,刘粉林.一种基于混沌的软件水印算法框架及实现[J].软件学报,2007,18(2): 351360.
LU Bin, LUO Xiangyang, LIU Fenlin. A chaosbased framework and implementation for software watermarking algorithm[J]. Journal of Software, 2007, 18(2): 351360.
[2] SIVADASAN P, LAL P S, SIVADASAN N. JDATATRANS for array obfuscation in Java source codes to defeat reverse engineering from decompiled codes [C] ∥ Proceedings of the 2nd Bangalore Annual Compute Conference. Bangalore India: ACM, 2009: 115 124.
[3] 罗宏,蒋剑琴,曾庆凯.用于软件保护的代码迷惑技术[J].计算机工程,2008,32(11): 177179.
LUO Hong, JIANG Jianqin, ZENG Qingkai. Code obfuscation for software protection [J]. Computer Engineering, 2008, 32 (11): 177179.
[4] 王一宾,陈意云.代码迷惑技术研究进展[J].吉林大学学报:信息科学版,2008,26(4): 386390.
WANG Yibin, CHEN Yiyun. Progress of research on code obfuscation technology[J]. Journal of Jilin University: Information Science Edition, 2008, 26 (4): 386390.
[5] COLLBERG C, THOMBORSON C, LOW D. A taxonomy of obfuscating transformations[R].New Zealand: University of Auckland, 1997: 148.
[6] CECCATO M, DI PENTA M, NAGRA J, et al. The effectiveness of source code obfuscation: an experimental assessment [C]∥ ICPC ′09, IEEE 17th International Conference. Vancouver, BC, Canada: IEEE, 2009: 178187.
[7] BOAZ B, GOLDREICH O, RUSELL I, et al. On the (im)possibility of obfuscating programs[M]. [S.l.]: Springer, 2001: 118.
[8] ANCKAERT B, MADOU M, SUTTER B D, et al. Program obfuscation: a quantitative approach [C]∥3rd Workshop on Quality of Protection/14th ACM Computer and Communications Security Conference. Alexandria VA: ACM, 2009: 1520.
[9] CHAN J T, YANG W. Advanced obfuscation techniques for Java bytecode\
[J]. Journal of Systems and Software, 2004,71(1/2): 110.
[10] HOU T W, CHEN H Y, TSAI M H. Three control flow obfuscation methods for Java software [C]∥ IEE Proceeding of Software. [S.l.]: IEE, 2006: 8186.
[11] TSAI H Y, HUANG Y L, DAVID W. A graph approach to quantitative analysis of controlflow obfuscating transformations [J]. IEEE Transactions on Information Forensics and Security, 2009, 4(2): 257267.
[12] 吕映芝,张素琴,蒋维杜.编译原理[M].北京:清华大学出版社,1998: 162178.
[13] 陈火旺,刘春林,谭庆平,等.程序设计语言编译原理[M].北京:国防工业出版社,2000: 166200.
[1] 王友卫, 刘元宁, 朱晓冬. 用于图像内容认证的半脆弱水印新算法[J]. J4, 2013, 47(6): 969-976.
[2] 李卓,陈健,蒋晓宁,曾宪庭,潘雪增. 基于多域特征的JPEG图像盲检测算法[J]. J4, 2011, 45(9): 1528-1538.
[3] 陈珂, 胡天磊, 陈刚. 基于角色的信任证覆盖网络中高效信任链搜索[J]. J4, 2010, 44(12): 2241-2250.
[4] 马晨华, 王进, 裘炅, 陆国栋. 基于情景约束的工作流柔性访问控制模型[J]. J4, 2010, 44(12): 2297-2308.
[5] 彭志宇, 李善平, 杨朝晖, 林欣. 信任管理中的匿名授权方法[J]. J4, 2010, 44(5): 897-902.
[6] 余利华, 陈刚, 王伟, 陈柯, 董金祥. 一种基于容器的自组织存储模型[J]. J4, 2010, 44(5): 915-922.
[7] 姜励, 陈健, 平玲娣, 陈小平. 多线程程序的信息抹除和降密安全策略[J]. J4, 2010, 44(5): 854-862.
[8] 江颉, 张杰, 陈德人. 基于推理的上下文感知RBAC模型设计和实现[J]. J4, 2009, 43(09): 1609-1614.
[9] 陈珂, 邵峰, 陈刚, 等. XML结构化匹配中的位图过滤加速法[J]. J4, 2009, 43(09): 1549-1556.
[10] 黄勇, 陈小平, 陈文智, 等. 支持动态调节的保密性和完整性统一模型[J]. J4, 2009, 43(8): 1377-1382.