标题: 软体控制流程之模糊化分析与评估
Analysis and Evaluation of Control Flow Obfuscations of Software Programs
作者: 蔡欣宜
黄育纶
电控工程研究所
关键字: 软体模糊化;software obfuscation
公开日期: 2006
摘要: 模糊软体程式码的执行/控制流程有助于阻挡反组译程式及防止攻击者恶意窜改程式码,进而达到保护软体程式码完整性与控制存取的保护目的。这些应用于程式码控制流程的模糊化作业通常可经由一连串的程式码转换来达成,在模糊控制逻辑的同时,仍能保有相同的执行结果。然而,目前相关研究仅止于提供可用于软体程式码控制流程转换的模糊化技巧,例如应用内嵌法或模组化、加入等值码或伪码等技巧,并未针对模糊化处理后软体程式码抵挡反组译的能力、下降的执行效能与增加的程式码成本等加以分析。因此,在本篇论文中,我们提出一套剖析原始码及评估模糊化技巧有效度的方法,藉由搭配软体程式控制流程的抽象概念,剖析原始码架构,并透过正规方法来分析模糊化技巧提供的保护能力。在本论文所提出的分析方法中,我们使用数种不同类型的基本转换元素表示现有的控制流程模糊化作业,用以转换程式码的控制流程,模糊化其执行逻辑,进而达到保护的目的。透过模糊转换的正规化,我们能容易地根据提出的评量准则对模糊化后的程式码架构进行分析。在我们提出的方法中,不但针对转换后程式码的复杂度和抵抗反组译攻击的强度加以评估,更讨论各种转换元素所造成的程式码大小的增加,使程式码所有者能在复杂度、抗反组译能力与成本之间,取得最佳平衡点。
Modern control flow obfuscation techniques are usually composed of a sequence of transformations to control flows and intended to discourage reverse engineering and malicious tampering of software codes. In this thesis, we present an approach to analyzing and evaluating the effectiveness of such techniques which was not addressed in detail in the previous work. Our work is implemented on a source level basis with abstractions of control flows of a software program. Existing control flow obfuscating transformations can be decomposed and categorized into various types of atomic operators and defined in formal algorithms that take abstracted control flows as inputs. These algorithms are evaluated in terms of their complexities and robustness against reverse engineering. The side effect of space penalty of each atomic operator is also evaluated. Given the individual results, the whole software program can thus be evaluated as well, providing an objective indication of the aggregated effectiveness of the overall obfuscation result.
URI: http://140.113.39.130/cdrfb3/record/nctu/#GT009412534
http://hdl.handle.net/11536/80664
显示于类别:Thesis


文件中的档案:

  1. 253401.pdf
  2. 253402.pdf

If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.