Software encryption and just-in-time decryption for software protection
-
摘要: 通过加密来保护软件,是防止盗版者通过逆向工程理解程序的一种有效方式.传统加密保护方式,运行时解密开销大,又由于采用一次性解密方式,易受到攻击而直接从存储器中获得解密后的程序映像.提出了即时解密技术,摒弃了传统的一步解密的方式,在运行时通过即时解码器以函数为单位一步步揭开隐藏在软件中的秘密.仅对一次运行中必须的部分解密,使得攻击者难以获得完整的解密后程序,难以篡改并绕过未解密部分中的软件保护功能,增强了抗攻击性.在运行效果上,由于解密分散进行,就解决了启动延时长的问题.用基于一次一密加密技术,与对称密钥加密算法相比,进一步减少了运行时开销,使得该技术在目前处理器上可以流畅运行.该方法增强了基于加密的软件保护的实用性,增大了破解的难度.Abstract: Software protection via encryption is an effective way to prevent software pirate from understanding the program by means of reverse engineering. Traditional software protection method via encryption has obvious runtime overhead and start up delay because of its one-time decryption prior to execution. Moreover, fully decrypted code can easily be obtained from memory. A novel approach, called just-in-time(JIT) decryption, was proposed. JIT decryption differs from traditional decryption method in that it decrypts only one function in a time and reveal the secret of the software step by step. The runtime JIT decipherator only decrypts called functions in a certain run of the program. The uncalled functions remain a secret for an attacker, where self-checking code can be hidden. So it is hard for an attacker to understand the entire program and thus hard to remove all the protecting code. Because decryption is scattered, the start up delay no longer exists. One-time pad based cipher further reduce the runtime overhead as compared with symmetric algorithms. JIT decryption makes encryption based software protection more applicable in practice and harder to attack.
-
Key words:
- software engineering /
- security of data /
- protection
-
[1] Devanbu P, Stubblebine S.Software engineering for security, a roadmap Proceedings of the Conference on the Future of Software Engineering. New York:ACM Press,2000:227-239 [2] Schneier B. 应用密码学,协议,算法和C源程序[M].第二版. 北京:机械工业出版社,1996:11-13 Schneier B. Applied cryptography, protocols, algorithms, and source code in C . 2nd ed. Beijing:China Machine Press,1996:11-13(in Chinese) [3] AYCOCK J.A brief history of just-in-time[J].ACM Computing Surveys, 2003, 35(2):97-113 [4] Cramer T, Friedman R, Miller T, et al. Compiling Java just in time[J]. IEEE Micro, 1997,17(3):36-43 [5] Collberg C, Thomborson C. Software watermarking:models and dynamic embeddings Principles of Programming Languages. San Antonio:ACM Press, 1999:311-324 [6] Collberg C, Thomborson C. Watermarking, tamper-proofing, and obfuscation-tools for software protection[J].IEEE Transactions on Software Engineering, 2002, 28:735-746 [7] Horne B, Matheson L R, Sheehan C, et al. Dynamic self-checking techniques for improved tamper resistance Security and Privacy in Digital Rights Management, LNCS 2320. London:Springer Verlag,2001:141-159
点击查看大图
计量
- 文章访问数: 2914
- HTML全文浏览量: 209
- PDF下载量: 926
- 被引次数: 0