基于目标代码的控制流混淆技术研究

发布时间：2018-04-04 22:23

本文选题：逆向工程　切入点：代码混淆　出处：《北京邮电大学》2013年硕士论文

【摘要】：一直以来,软件盗版、知识产权侵权问题都是困扰着全球信息技术发展的重要问题,也是计算机信息安全领域尚未解决的主要问题之一。软件源代码的安全保护受到越来越多的重视,各种安全保护措施这些年也得到了长足的发展。代码混淆技术就是其中一种非常有效的保护策略。本文从代码混淆的角度出发,提出了一种可以有效抵抗程序动态和静态分析的控制流混淆算法,并依此设计了一款目标代码混淆模型系统。本文首先介绍了逆向工程的相关概念和常用技术,然后介绍了几种国内外广泛采用的软件保护方法,引出了一种新型的软件保护策略,也就是代码混淆技术。接下来,本文介绍了代码混淆的分类,分析了几种前沿的控制流代码混淆算法,包括插入不透明谓词技术和平展控制流技术等,通过比较这些算法的优势和不足展示了当下代码混淆技术的研究现状。另一方面,恶意分析人员为了牟取暴利,也积极地投入到反混淆技术的研究中来,一些对抗混淆技术的攻击策略不断涌现,对软件的安全保护构成了极大的威胁。现有的控制流混淆算法无论在混淆强度和安全性方面都明显落后于反混淆技术的发展,本文在充分挖掘现有控制流混淆技术的弱点和不足的同时提出了一种增强型的平展控制流混淆算法,此方法可以在抵抗程序静态分析和动态分析两方面为软件提供更加全面的保护。最后,本文设计了一款应用增强型平展控制流混淆算法的目标代码混淆系统。此系统基于二进制指令层面对软件进行分析和代码混淆保护工作,可以实现对通用软件的强有力保护,同时降低了代码混淆技术的应用门槛。本文着重分析了此系统中的一些核心组件,包括反汇编引擎的设计,函数调用关系图和函数内部基本块构建的设计,以及重定位表修复模块的设计等。
[Abstract]:The problem of software piracy and intellectual property infringement is an important problem that puzzles the development of information technology all over the world. It is also one of the main unsolved problems in the field of computer information security.More and more attention has been paid to the security protection of software source code.Code obfuscation is one of the most effective protection strategies.In this paper, from the point of view of code confusion, a control flow confusion algorithm which can effectively resist the dynamic and static analysis of programs is proposed, and a target code confusion model system is designed accordingly.This paper first introduces the related concepts and common techniques of reverse engineering, then introduces several software protection methods which are widely used at home and abroad, and introduces a new software protection strategy, namely code confusion technology.Then, this paper introduces the classification of code obfuscation, analyzes several advanced control flow code confusion algorithms, including inserting opaque predicate technology and flattening control flow technology, etc.By comparing the advantages and disadvantages of these algorithms, the current research status of code obfuscation technology is demonstrated.On the other hand, in order to make great profits, malicious analysts are also actively engaged in the research of anti-obfuscation technology, and some anti-obfuscation techniques are emerging, which pose a great threat to the security protection of software.The existing control flow obfuscation algorithms lag behind the development of anti-obfuscation technology in terms of confusion intensity and security.In this paper, an enhanced flattened control flow confusion algorithm is proposed while fully mining the weaknesses and shortcomings of the existing control flow confusion techniques.This method can provide more comprehensive protection for software in static analysis and dynamic analysis.Finally, an object code obfuscation system based on enhanced flattening control flow confusion algorithm is designed.Based on the binary instruction level, the system can analyze the software and protect the code confusion. It can protect the general software and reduce the threshold of the code confusion technology.This paper focuses on the analysis of some core components of the system, including the design of disassembly engine, the design of the function call diagram and the building of the basic block inside the function, and the design of the repositioning table repair module.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2013
【分类号】：TP309;TP311.53

【参考文献】