网络与信息安全学报 ›› 2020, Vol. 6 ›› Issue (6): 25-34.doi: 10.11959/j.issn.2096-109x.2020061

• 专栏:网络应用与防护技术 • 上一篇    下一篇

分支混淆中的条件异常代码构造研究

耿普(),祝跃飞   

  1. 信息工程大学,河南 郑州 450001
  • 修回日期:2020-02-04 出版日期:2020-12-15 发布日期:2020-12-16
  • 作者简介:耿普(1982- ),男,云南宣威人,信息工程大学博士生,主要研究方向信息安全|祝跃飞(1962- ),男,浙江杭州人,博士,信息工程大学教授、博士生导师,主要研究方向为网络空间安全
  • 基金资助:
    国家重点研发计划(2016YFB0801601);国家重点研发计划(2016YFB0801505)

Research on construction of conditional exception code used in branch obfuscation

Pu GENG(),Yuefei ZHU   

  1. Information Engineering University,Zhengzhou 450001,China
  • Revised:2020-02-04 Online:2020-12-15 Published:2020-12-16
  • Supported by:
    The National Key R&D Program of China(2016YFB0801601);The National Key R&D Program of China(2016YFB0801505)

摘要:

当前分支混淆技术通过构造条件异常代码和异常处理替代条件跳转指令,隐藏分支选择指令的地址,提高约束条件获取的难度,从而对抗符号执行。当前方法构造的条件异常代码中,关键数据具有二值性问题,有利于分支混淆的检测、发现和约束条件获取,降低了混淆的隐蔽性和与符号执行的对抗性;基于该缺点,提出一种使关键数据具有多样性特征的条件异常代码构造方法,增加了混淆的隐蔽性和约束条件的获取难度,提高分支混淆对抗符号执行的强度;通过结构化异常处理实现了基于新型条件异常代码构造的分支混淆原型系统,并对混淆进行了测试和分析。

关键词: 条件异常代码构造, 分支混淆, 符号执行, 结构化异常处理

Abstract:

Using conditional exception code construction and exception handler to replace conditional jump code,the branch obfuscation get the right branch selection,but the address of branch point was concealed,so this obfuscation method can defeat symbolic execution by impeding the constraint condition collecting.The normal method of conditional exception code construction has a fault that the key data in conditional exception code has two-value problem,this fault make down the ability of branch obfuscation in impeding symbolic execution.Based on this shortcoming,a novel method which can make the key data in conditional exception code diversity was proposed.This method can improve the difficulty of constraint condition fetching,so the ability to defeat symbolic execution of branch obfuscation was enhanced.At last,a prototype obfuscation system based on structural exception handler was implemented to test the new method of conditional exception code construction.

Key words: conditional exception code construction, branch obfuscation, symbolic execution, structural exception handler

中图分类号: