网络与信息安全学报 ›› 2020, Vol. 6 ›› Issue (6): 13-24.doi: 10.11959/j.issn.2096-109x.2020075

• 专栏:网络应用与防护技术 • 上一篇    下一篇

基于融合编译的软件多样化保护方法

熊小兵(),舒辉,康绯   

  1. 信息工程大学,河南 郑州 450001
  • 修回日期:2019-09-27 出版日期:2020-12-15 发布日期:2020-12-16
  • 作者简介:熊小兵(1985- ),男,江西丰城人,博士,信息工程大学讲师,主要研究方向为网络信息安全、软件逆向分析。|舒辉(1974- ),男,江苏盐城人,博士,信息工程大学教授、博士生导师,主要研究方向为网络信息安全、嵌入式系统分析与信息安全。|康绯(1972- ),女,北京人,信息工程大学教授,主要研究方向为网络信息安全、加解密机制分析。
  • 基金资助:
    国家重点研发计划(2016YFB08011601)

Method of diversity software protection based on fusion compilation

Xiaobing XIONG(),Hui SHU,Fei KANG   

  1. Information Engineering University,Zhengzhou 450001,China
  • Revised:2019-09-27 Online:2020-12-15 Published:2020-12-16
  • Supported by:
    National Key Research and Development Project(2016YFB08011601)

摘要:

针对现有主流保护方法存在的特征明显、模式单一等问题,以 LLVM 开源编译框架为基础,提出了一种基于融合编译的软件多样化保护方法,该方法将目标软件进行随机化加密处理,并在编译层面与掩护软件进行深度融合,通过内存执行技术,将加密后的目标软件进行解密处理,进而在内存中以无进程的形式执行,利用掩护代码的多样性、融合策略的随机性来实现目标软件的多样化保护效果。选取了多款常用软件作为测试集,从资源开销、保护效果、对比实验等多个角度对所提方法进行了实例测试,从测试结果可以看出,所提方法资源开销较小,相较于混淆、加壳等传统方法,所提方法在抗静态分析、抗动态调试等方面具有较大优势,能有效对抗主流代码逆向分析和破解手段。

关键词: 软件保护, 多样化, 融合编译, 内存执行, 底层虚拟机, 中间表示

Abstract:

For the obvious characteristics and single mode of the existing common protection methods,with the help of the LLVM framework,a diversity software protection method based on fusion compilation was proposed.In the proposed method,the target software is encrypted randomly,and deeply integrated with the bunker code at the compilation level,and the encrypted target software is decrypted by memory execution technology.Then it is executed in the form of no process in memory,and the diversified protection effect of the target software is realized by the diversity of the bunker and the randomness of the fusion strategies.A number of commonly used software are selected as the test case,and the proposed method is tested from the aspects of resource cost,protection effect,comparative experiment and so on.Compared with the traditional methods such as obfuscation and packing,the proposed method has great advantages in anti-static analysis and anti-dynamic debugging,and can effectively resist the mainstream methods of reverse analyzing and cracking.

Key words: software protection, diversification, fusion compilation, memory execution, LLVM, intermediate representation

中图分类号: