一种具有时间多样性的虚拟机软件保护方法

Software Protection Based on Virtual Machine with Time Diversity

软件核心算法防逆向保护,是软件研发乃至软件产业发展的迫切需求,也是当前软件安全研究领域的热点之一.虚拟机软件保护作为一种保护强度高、商业应用广的技术,已被用于软件核心算法保护,并在很大程度上能够抵御攻击者的逆向分析.但这种保护方法难以抵御累积攻击,无法提供更加持久的保护.时间多样性是指一个软件在不同时间被执行时,执行路径不同,主要用于抵御累积攻击.将时间多样性与虚拟机软件保护相结合,提出了一种具有时间多样性的虚拟机软件保护方法,称为TDVMP.在TDVMP中,通过构造多条相异的执行路径,使得被保护软件在不同次执行时,能够动态选取不同执行路径,从而极大地增加了攻击者进行累积的核心算法逆向分析攻击的难度.同时,对于TDVMP设计中的关键问题,比如多执行路径的构造与选择等进行了详细讨论.此外,提出了时间多样性保护效果的评价指标,并给出了其度量及计算方法.以所实现的原型系统为基础,通过一组具有一定实用价值的实例,对所提出的方法进行了测试、实验.结果表明,TDVMP对于软件核心算法防逆向保护是有效且实用的.

Anti-Reversing protection for persistent and high-insensitive software core algorithm has become an insistent demand for the research of software security and even for the whole software industry. Virtual machine based software protection has been widely used to protect the core algorithm from being reversed, but it is not sufficient for the current method to defend against cumulative attack and thus cannot provide long-term effective protection. Time diversity is used to fight against cumulative attack to allow software to execute along variant paths in different running time. A virtual machine based software protection method with time diversity, called TDVMP, is proposed in the paper. The key idea of the method is to construct multiple execution paths with equivalent semantics leading to dynamically variant execution paths in running time. Main design issues of TDVMP, such as construction and selection of multiple execution paths, are discussed in detail. Furthermore, a metric named variation of execution paths to evaluate the effectiveness of time diversity is proposed, and the methods to measure and compute the metric are also presented. A prototype of TDVMP is implemented, and upon which the experiments are carried out with a set of practical use cases. Experiment results show that TDVMP is effective and applicable for core algorithm anti-reversing protection.