软件保护虚拟机改进方案研究

发布时间：2019-01-23 16:05

【摘要】：计算机软件方便了人们的工作和生活,如何高强度的保护软件,保障软件开发者的合法权益,促进软件行业的健康发展,是当今软件安全方向的热点问题。软件保护虚拟机作为当前保护强度高,稳定性强的保护技术,已经广泛应用于对软件核心算法的保护,并且获得了良好的保护效果。其实现原理是将待保护的X86指令,经过一套自己设计的虚拟指令的转化,变成只能由开发者设计的虚拟机解释的字节码,使用相应的虚拟机自带的解释器对该字节码进行解释执行。在安全性上,虚拟机解释器中大量的混淆,虚拟机解释器自身结构的复杂性大大增加了逆向人员的工作量。在实际应用中,虚拟机保护通常和其他保护手段相结合,进一步增强了安全性,但是这并不表示软件保护虚拟机无法攻破。同时,软件保护虚拟机也存在执行效率低,耗费时间长,只能用来保护少量关键核心代码的缺陷,这使得软件保护虚拟机的保护范围有限。本文主要完成了以下工作:(1)首先简要介绍了软件保护虚拟机的研究现状,随后详细介绍了软件保护虚拟机的保护原理和各个部分的作用。并介绍了针对软件保护虚拟机的攻击可行性分析。(2)使用OllyScript脚本动态提取Handler,并将它们进行裁剪,然后用基于FCM模糊聚类算法,将其进行聚类处理,对语义相同或相近的Handler完成自动归类分析,对程序中识别出来的相同的Handler进行标示,从而降低了逆向人员的工作量。最后对方案关键部分进行了简单的模拟,验证了方案的可行性。(3)针对软件保护虚拟机的执行效率低的特点,引入了分支预测的思想,对所有跳转分支进行预判。然后定量分析了该方案对执行效率的影响,给出BPVMP设计方案的关键部分。最后进行系统模拟,验证了改进方案的有效性。
[Abstract]:Computer software is convenient for people's work and life, how to protect software with high strength, to guarantee the legitimate rights and interests of software developers, to promote the healthy development of software industry, and is a hot issue in the direction of software security today. As the protection technology with high protection strength and strong stability, the software protection virtual machine has been widely used in the protection of the software core algorithm, and has obtained a good protection effect. The implementation principle is that the X86 instruction to be protected is converted into a byte code which can only be interpreted by the virtual machine designed by the developer through the transformation of a set of virtual instructions designed by the developer, and the byte code is interpreted and executed by using an interpreter provided by the corresponding virtual machine. in security, that complexity of the self-structure of the virtual machine interpreter greatly increases the workload of the reverse engineer. In practical applications, virtual machine protection is usually combined with other protection means to further enhance security, but this does not mean that the software protection virtual machine cannot break. At the same time, the software protection virtual machine also has the defects of low execution efficiency and long time, and can only be used for protecting a small number of key core codes, which makes the protection range of the software protection virtual machine limited. In this paper, the following work is done: (1) Firstly, the research status of the software protection virtual machine is briefly introduced, and the protection principle and the function of each part of the software protection virtual machine are introduced in detail. The feasibility of the attack on the software protection virtual machine is also introduced. and (2) dynamically extracting the Handler by using the OllyScript script, and cutting the Handler, then carrying out clustering processing on the Handler based on the FCM fuzzy clustering algorithm, performing automatic classification analysis on the Handler with the same or similar semantics, marking the same Handler identified in the program, so that the workload of the reverse personnel is reduced. Finally, a simple simulation of the key part of the scheme is carried out, and the feasibility of the scheme is verified. (3) Aiming at the characteristics of low execution efficiency of the software protection virtual machine, the idea of branch prediction is introduced, and all the jump branches are pre-judged. Then the effect of the scheme on the execution efficiency is analyzed, and the key part of the design of the BPVMP is given. and finally, the system simulation is carried out, and the effectiveness of the improved scheme is verified.
【学位授予单位】：武汉工程大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：TP311.5;TP309

【参考文献】