摘要
二进制代码保护技术不受源码语言约束,适用性更广。结合等价变形、控制流混淆、动态加解密等技术,研究并实现了二进制代码混淆保护原型系统MEPE。在MEPE中,基于拆分或替换指令的操作,以及算术和逻辑等价式,设计等价变形规则及对应的等价变形模板函数,对二进制代码进行等价变形。通过理论分析,证明了变形的多样性效果;利用控制流混淆对变形后代码块进行"切片乱序",由地址跳转表管理跳转地址,并通过动态加解密对其进行保护;深入分析循环体中被保护指令对时间开销的影响,提出了与指令循环深度相关联的迭代次数与切片粒度的计算方法。MEPE具有保护强度可调节、功能可扩展、保护效果多样、性能消耗低等特点。通过实验分析迭代次数、切片粒度对时间消耗的影响,验证了对循环体中被保护指令控制的作用和意义,以及保护效果的多样性。经过MEPE处理后的二进制代码在时间损耗较小的情况下,可有效增加攻击者静态和动态分析的难度,提高了二进制可执行代码的安全性。
A binary code protection system, named MEPE, was developed. In MEPE, some functions were designed to substitute an o- riginal instruction with a functional equivalent sequence of instructions. Theoretical analysis showed that the binary code protected with this method would have diverse appearances. After deformation, the protected codes were fragmented into small snippets which were connected through jump instructions. The destination addresses of these jump instructions were managed by an address table, and the table itself was protected by the technique of dynamic eneryption and decryption. Based on the analysis of the impact of instructions in loops on execution time , a tuning method was proposed to balance the effect of protection and time overhead. The experimental results and the analyses showed that the tuning method is effective and the protected codes are much more resistant to static and dynamic analysis.
出处
《四川大学学报(工程科学版)》
EI
CAS
CSCD
北大核心
2014年第1期14-21,共8页
Journal of Sichuan University (Engineering Science Edition)
基金
教育部科学技术研究重点项目资助(211181)
教育部博士点基金资助项目(20106101110018)
国家科技支撑计划资助项目(2013BAK01B02)
国家自然科学基金资助项目(61070176
61170218
61272461
61202393)
陕西省科技攻关项目(2011K06-07
2012K06-17)
陕西省科技计划资助项目(2011K06-09)
陕西省教育厅产业化培育项目(2011jg06)
陕西省自然科学基础研究计划资助项目(2012JQ8049)
关键词
二进制代码混淆
迭代变形
变形引擎
多样性
binary code obfuscation
iterative transform
metamorphic engine
diversity
