摘要
考虑到现有虚拟机的软件保护方法一般是通过改进虚拟指令处理函数(Handler)来提升保护强度,而调度器(Dispatcher)是除了Handler之外构成虚拟机保护框架的重要模块,为逆向分析者的重点攻击目标。针对Dispatcher模块易受静动态逆向攻击的问题,提出一种基于增强型Dispatcher的虚拟机软件保护方法。对Dispatcher模块中的指令序列进行多样化,切分所有指令序列。随机选择不同的指令片段进行控制流迭代混淆和加密。采用随机函数对指令片段进行连接,形成新的Dispatcher模块。实验表明,该方法在给受保护程序引入部分时间和空间开销下,能有效提升整体虚拟机保护框架的安全性。
The existing software protection method for virtual machine enhances protection strength by improving the virtual instruction handler.Dispatcher is an important module in the virtual machine protection framework besides Handler,which is the key attack target for reverse analysts.Aiming at the problem that dispatcher module was vulnerable to static and dynamic reverse attacks,we proposed a software protection method for virtual machine based on enhanced dispatcher.The method diversified instruction sequences in dispatcher module.All the instruction sequences were segmented and different instruction segments were randomly selected for control flow iterative confusion and encryption.Random functions were adopted to connect the instruction segments to form a new dispatcher module.The experiment shows that the proposed method can effectively improve the security of the overall virtual machine protection framework by introducing some time and space overhead to the protected program.
作者
谢鑫
向飞
Xie Xin;Xiang Fei(Hunan Institute of Information Technology,Changsha 410151,Hunan,China;Information Engineering University,Zhengzhou 450000,Henan,China)
出处
《计算机应用与软件》
北大核心
2018年第11期8-15,48,共9页
Computer Applications and Software
基金
国家重点研发项目(2016YFB0801303
2016QY01W0105)
河南省重点技术研发项目(162102210032)
河南省科学技术研究重点项目(152102210005)
关键词
调度器
虚拟机保护
多样化
控制流迭代混淆
加解密
Dispatcher
Virtual machine protection
Diversification
Control flow iteration confusion
Encryption and decryption
