摘要
为了对抗基于数据流逆向分析的语义攻击,以虚拟寄存器为切入点,提出了一种增强型虚拟寄存器轮转算法。该算法通过在解释执行中随机打乱部分虚拟寄存器与操作数的虚拟编译映射关系,有效地增加了虚拟机在解释执行过程中的数据流复杂度;同时,随机采用3种机制对轮转长度进行设定,增强了虚拟机代码保护系统的多样性。最后,设计实现了采用增强型虚拟寄存器轮转算法的虚拟机代码保护原型系统,验证了该算法的有效性。
Sematic attacks based on the data flow analysis bring big challenges to the code obfuscation. Concerning the data flow of virtual machine based(VM-based) code protection, the method transfers the mapping relation between the virtual registers and the op-code of the bytecode during executing, which means the uncertainty and complexity of the data flow during interpretive execution of the bytecode. In addition, three policies are proposed to address the problem that how to choose the length of rotation for each bytecode, which grows complexity of the protection. Finally, a prototype of VRR-VM(virtual machine protection system based on virtual registers rotation) was implemented. Experiment results show that the method is effective and applicable for anti-reversing.
作者
潘雁
林伟
PAN Yan;LIN Wei(State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China)
出处
《网络与信息安全学报》
2018年第5期47-54,共8页
Chinese Journal of Network and Information Security
基金
国家重点研发计划基金资助项目(No.2016YFB0801601
No.2016YFB0801505)~~
关键词
虚拟机代码保护
寄存器轮转
数据流分析
语义攻击
VM-based code protection
virtual registers rotation
data flow analysis
sematic attacks