Chinese Journal of Network and Information Security ›› 2018, Vol. 4 ›› Issue (5): 47-54.doi: 10.11959/j.issn.2096-109x.2018038

• Papers • Previous Articles     Next Articles

Enhanced method based on virtual registers rotation

Yan PAN,Wei LIN   

  1. State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China
  • Revised:2018-04-27 Online:2018-05-01 Published:2018-08-04
  • Supported by:
    The National Key R&D Plan Program of China(2016YFB0801601);The National Key R&D Plan Program of China(2016YFB0801505)

Abstract:

Sematic attacks based on the data flow analysis bring big challenges to the code obfuscation.Concerning the data flow of virtual machine based (VM-based) code protection,the method transfers the mapping relation between the virtual registers and the op-code of the bytecode during executing,which means the uncertainty and complexity of the data flow during interpretive execution of the bytecode.In addition,three policies are proposed to address the problem that how to choose the length of rotation for each bytecode,which grows complexity of the protection.Finally,a prototype of VRR-VM (virtual machine protection system based on virtual registers rotation) was implemented.Experiment results show that the method is effective and applicable for anti-reversing.

Key words: VM-based code protection, virtual registers rotation, data flow analysis, sematic attacks

CLC Number: 

No Suggested Reading articles found!