摘要
程序在动态执行过程中泄露了大量的路径分支信息,这些路径分支信息是其内部逻辑关系的二进制表示.符号执行技术可以自动地收集并推理程序执行过程所泄露的路径信息,可用于逆向工程并可削弱代码混淆的保护强度.哈希函数可以有效保护基于等于关系的路径分支信息,但是难以保护基于上下边界判断的不等关系的路径分支信息.将保留前缀算法与哈希函数相结合提出了一种新的路径分支混淆技术,将符号执行推理路径分支信息的难度等价到逆向推理哈希函数的难度.该路径分支混淆方法在SPECint-2006程序测试集上进行了实验,试验结果表明该混淆方法能有效保护程序路径分支信息,具有实用性.
At run time,a large number of program branching information is leaked.Branching information is the binary rep- resentation of program internal logic. Symbolic execution could automatically collect and mason about the leaked branch informa- tion, which could be used for reverse engineering and weaken the strength of code obfuscation. Hash function can effectively safe- guard equal branch conditions,but it can' t be used to protect branching information containing unequal trigger conditions,such as greater than or less than.In this paper, a new branch obfuscation approach combining prefix-preserving algorithm and hash function, which extends the protection scope of hash function. The strength and resilience of the branch obfuscation are discussed. This branch obfuscation approach has been tested on 7 programs from the SPECint-2006 benchmark suite,and the experimental results show that this approach could effectively mitigate branch information leaking, yet practical in terms of performance.
出处
《电子学报》
EI
CAS
CSCD
北大核心
2015年第5期870-878,共9页
Acta Electronica Sinica
基金
国家自然科学基金(No.61300242
No.61272423
No.60973141)
国家"973"重点基础研究发展计划(No.2013CB834204)
中央高校基本科研业务费专项资金(No.65121012)
南开大学-腾讯联合项目
关键词
代码混淆
符号执行
哈希函数
保留前缀加密
code obfuscation
symbolic execution
Hash function
prefix-preserving encryption