標題: 行動式程式碼系統中之軟體授權與保護
Software Authorization and Protection in Mobile Code Systems
作者: 吳先祐
Wu, Shian-Yow
謝續平
Shiuh-Pyng Shieh
資訊科學與工程研究所
關鍵字: 行動式程式碼;軟體保護;Mobile code;Software protection
公開日期: 1996
摘要: Java語言的發展對於軟體的使用帶來了相當大的改變。在這個環境中
,從遠端下載的程式碼讓使用者能立刻使用任何他們想要使用的軟體。在
網際網路上,要保護軟體的板權,必須要防止非法的盜用。許多技術如母
片保護、硬體鎖、及序號保護常被用來做為軟體保護的方法。這類的保護
通常將驗證的程序隱藏在軟體某處,因而很難有效的防止高手的破解。在
網路環境下,軟體一旦被破解之後,在網路上往往迅速的被流傳,對於軟
體製造商造成了相當大的傷害。 在這篇論文中,我們提出了一個在行
動式程式碼 (mobile code) 系統中提供軟體授權與保護的模型。在這個
模型中,一個軟體被分為許多的物件,我們稱其中每一個物件為 applet
。這些 applet 執行的權利被分散在不同的機器上,其中某部份的applet
必須經由一個或多個稱為可信任的運算代理伺服器 (trusted
computational proxy) 來執行。一個軟體的執行則由這些分散在不同地
方的 applet合作完成。如果兩個 applet 之間有訊息的傳遞,我們稱這
兩個 applet 為相關。為了減少當這些代理伺服器遭受入侵者攻擊時所造
成的傷害,我們將有相關 applet的執行權利分散到不同的地方。因此,
當一個代理伺服器被入侵時,入侵者只能從中穫取少量的資訊。在這個環
境下,我們也對於這些 applet 的安排提出了一個最佳化的方法,使得在
安全的限制下,這些代理伺服器的運算負擔及這些代理伺服器與使用者間
的網路負擔能被減到最輕。
The development of Java language created a new environment
for software usage. In this environment, dynamically downloaded
codes allow users to execute any program they are interested in.
To protect the copyright of softwares on the Internet, software
piracy must be prevented. Many approaches have been proposed to
prevent software piracy, such as key disks, parallel-port locks,
and custom serial-number validations. These schemes with
authentication process embedded in the software cannot
effectively protect the security attacks by a smart cracker.
Once the software is cracked, it will be then distributed widely
on the network. In this thesis, a model for software
authorization and protection in mobile code systems is proposed.
In the model, a software is partitioned into objects, called
applets, and the privileges to access to these applets are
separated and distributed to a number of trusted principles
called trusted computational proxies. The execution of a
software are conducted by cooperation of the applets and the
proxies that contain them. Two applets are dependent if there
are messages passed between them. To reduce the risk of proxies
being attacked, dependent applets are distributed to different
proxies. In the case that a proxy is compromised, little
information can be acquired by the intruder. An optimal
assignment of applets to proxies is also proposed to minimize,
under the security constraint, the computation load of the
proxies and the communication load between proxies and users.
URI: http://140.113.39.130/cdrfb3/record/nctu/#NT850392049
http://hdl.handle.net/11536/61800
Appears in Collections:Thesis