摘要
随着计算机软件的广泛使用,软件安全性问题日益突出.如何设计切实可行的软件保护方案已成为必须直面的挑战,具有重要的现实意义.近年来,软件防篡改技术作为软件保护的重要手段之一受到国内外研究者的重视.软件防篡改的目标在于阻止程序中的关键信息被非法修改或使用;检测篡改并作出适当的响应.针对这两个目标,重点介绍了基于代码混淆的静态防篡改技术和基于检测-响应的动态防篡改技术,对现有主流的软件防篡改技术进行分类,并分析和讨论了各类方法的优劣和局限性.最后,总结软件防篡改领域存在的问题,并对其未来可能的发展与研究方向提出建议.
With the wide use of computer technologies,software has become indispensable in our daily life and the corresponding security issues in software systems are more and more prominent.Especially,how to design a practical protection scheme is quite important and has great significance in the software research and development industries.As one of the key methods for software protection,the software tamper proofing technique attracts much attention from researchers both at home and abroad in recent years.Such technique aims at preventing the critical program information from the unauthorized modifications and uses,and also at generating the responses once the tampering is detected.Presented in this paper is a review of the analysis of software tamper proofing.In our discussion,different tamper proofing methods are classified into two categories:the static tamper proofing methods based on the code obfuscation as well as the dynamic tamper proofing methods based on the verification-response.The advantages and disadvantages,strengths and weaknesses of these methods are presented in detail.In the end,through the survey of these tamper proofing techniques,a summary is obtained which includes not only the characteristics,but also the existing problems and future work of the software tamper proofing technique.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2011年第6期923-933,共11页
Journal of Computer Research and Development
基金
国家自然科学基金项目(90718010
60803016)
国家"九七三"重点基础研究计划基金项目(2007CB310802)
国家"八六三"高技术研究发展计划基金项目(2008AA042301)
国家核高基科技重大专项(2010ZX01042-002-002-01)
清华信息科学与技术国家实验室(筹)学科交叉基金项目
关键词
防篡改
软件保护
静态防篡改技术
动态防篡改技术
检测-响应
代码混淆
tamper proofing
software protection
static tamper proofing technique
dynamic tamper proofing technique
verification-response
code obfuscation
