基于函数级控制流监控的软件防篡改

doi:10.11772/j.issn.1001-9081.2013.09.2520

计算机应用 ›› 2013, Vol. 33 ›› Issue (09): 2520-2524.DOI: 10.11772/j.issn.1001-9081.2013.09.2520

基于函数级控制流监控的软件防篡改

张贵民,李清宝,王炜,朱毅

数学工程与先进计算国家重点实验室(信息工程大学), 郑州 450000

收稿日期:2013-03-27 修回日期:2013-05-02 出版日期:2013-09-01 发布日期:2013-10-18
通讯作者: 张贵民
作者简介:张贵民(1987-),男,山东济南人, 硕士研究生,主要研究方向:信息安全、可信计算;
李清宝(1967-),男,四川乐山人,教授,博士生导师,博士,CCF会员,主要研究方向:计算机系统结构、信息安全、可信计算;
王炜(1975-),男,湖北武汉人,讲师,博士,CCF会员,主要研究方向:计算机系统结构、信息安全、可信计算;
朱毅(1986-),男,河北石家庄人,助理工程师,硕士研究生,主要研究方向:计算机系统结构、信息安全、可信计算。
基金资助:
国家核高基项目

Software tamper resistance based on function-level control-flow monitoring

ZHANG Guimin,LI Qingbao,WANG Wei,ZHU Yi

State Key Laboratory of Mathematical Engineering and Advanced Computing (Information Engineering University), Zhengzhou Henan 450000, China

Received:2013-03-27 Revised:2013-05-02 Online:2013-10-18 Published:2013-09-01
Contact: ZHANG Guimin

摘要/Abstract

摘要： 软件防篡改是软件保护的重要手段。针对由缓冲区溢出等攻击导致的控制流篡改,提出一种基于函数级控制流监控的软件防篡改方法。以函数级控制流描述软件正常行为,利用二进制重写技术在软件函数入口处植入哨兵,由监控模块实时获取哨兵发送的软件运行状态,通过对比运行状态和预期值判断程序是否被篡改。实现了原型系统并对其进行了性能分析,实验结果表明,基于函数级控制流监控的软件防篡改方法能有效检测对控制流的篡改攻击,无误报且开销较低,其实现不依赖程序源码,无需修改底层硬件和操作系统,监控机制与被保护软件隔离,提高了安全性。

关键词: 软件防篡改, 函数级控制流, 二进制重写, 哨兵, 可信平台模块

Abstract: Software tamper resistance is an important method for software protection. Concerning the control-flow tampering invoked by buffer overflow as well as some other software attacks, a software tamper-proofing method based on Function-Level Control-Flow (FLCF) monitoring was proposed. This method described the software's normal behaviors by FLCF and instrumented one guard at every entrance of functions by binary rewriting technology. The monitoring module decided whether the software was tampered or not by comparing the running status received from the guards' reports with the expected condition. A prototype system was realized and its performance was analyzed. The experimental results show that this method can effectively detect the control-flow tampering with less overhead and no false positives. It can be easily deployed and transplanted as its implementation does not need source code or any modifications of underlying devices, and system security is strengthened by isolating the monitoring module with the software being protected.

Key words: software tamper resistance, Function-Level Control-Flow (FLCF), binary rewriting, guard, Trusted Platform Module(TPM)

中图分类号:

张贵民李清宝王炜朱毅. 基于函数级控制流监控的软件防篡改[J]. 计算机应用, 2013, 33(09): 2520-2524.

ZHANG Guimin LI Qingbao WANG Wei ZHU Yi. Software tamper resistance based on function-level control-flow monitoring[J]. Journal of Computer Applications, 2013, 33(09): 2520-2524.

[1]	余艳玮赵亚鑫. 基于三线程保护和软件哨兵的防篡改技术[J]. 计算机应用, 2013, 33(01): 1-3.
[2]	闫建红彭新光. 度量行为信息基的可信认证[J]. 计算机应用, 2012, 32(01): 56-59.
[3]	常朝稳陈俊峰秦晰. 不可靠网络环境下的数字时间戳服务研究[J]. 计算机应用, 2012, 32(01): 60-65.
[4]	刘安战韩玉民. 可信平台模块数据保护能力测试与分析[J]. 计算机应用, 2010, 30(05): 1243-1245.
[5]	马新强 Huang Yi 李丹宁. 可信计算发展研究[J]. 计算机应用, 2009, 29(4): 920-923.
[6]	周彦伟吴振强叶建财种惠芳. 新的可信网络框架研究[J]. 计算机应用, 2009, 29(09): 2355-2359.
[7]	谭良周明天. 一种新的用户登录可信认证方案的设计与实现[J]. 计算机应用, 2007, 27(5): 1070-1072.
[8]	肖政韩英叶蓬侯紫峰 . 基于可信计算平台的体系结构研究与应用[J]. 计算机应用, 2006, 26(8): 1807-1809.

基于函数级控制流监控的软件防篡改

Software tamper resistance based on function-level control-flow monitoring

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 8

编辑推荐

Metrics