基于攻击威胁监控的软件保护方法

doi:10.11772/j.issn.1001-9081.2017.01.0120

计算机应用 ›› 2017, Vol. 37 ›› Issue (1): 120-127.DOI: 10.11772/j.issn.1001-9081.2017.01.0120

• 2016年全国开放式分布与并行计算学术年会(DPCS2016)论文 • 上一篇下一篇

基于攻击威胁监控的软件保护方法

汤战勇^1,2, 李振^1,2, 张聪^1,2, 龚晓庆^1,2, 房鼎益^1,2

1. 西北大学信息科学与技术学院, 西安 710127;
2. 西北大学爱迪德信息安全联合实验室, 西安 710127

收稿日期:2016-08-20 修回日期:2016-09-12 出版日期:2017-01-10 发布日期:2017-01-09
通讯作者: 龚晓庆
作者简介:汤战勇(1979-),男,湖南常德人,讲师,博士,CCF会员,主要研究方向:网络与信息安全、软件安全与保护;李振(1993-),男,陕西安康人,硕士研究生,主要研究方向:软件安全保护;张聪(1990-),女,陕西西安人,硕士研究生,主要研究方向:软件安全与保护、软件攻击;龚晓庆(1974-),女,陕西咸阳人,副教授,博士,CCF会员,主要研究方向:软件工程与软件理论、软件安全;房鼎益(1959-),男,陕西汉中人,教授,博士,CCF高级会员,主要研究方向:网络与信息安全、软件安全与保护、无线传感器、网络关键技术及其研究应用。
基金资助:
国家自然科学基金资助项目（61373177，61572402）；陕西省国际合作项目（2015KW-003，2016KW-034）；陕西省教育厅产业化培育项目（2013JC07）；陕西省教育厅自然科学基金资助项目（15JK1734）；西北大学自然科学基金资助项目（14NW28）。

Software protection method based on monitoring attack threats

TANG Zhanyong^1,2, LI Zhen^1,2, ZHANG Cong^1,2, GONG Xiaoqing^1,2, FANG Dingyi^1,2

1. School of Information and Technology, Northwest University, Xi'an Shaanxi 710127, China;
2. NWU-Irdeto Network-Information Security Joint Laboratory(NISL), Northwest University, Xi'an Shaanxi 710127, China

Received:2016-08-20 Revised:2016-09-12 Online:2017-01-10 Published:2017-01-09
Supported by:
This work is partially supported by the Natural Science Foundation of China (61373177, 61572402), the International Cooperation Project of Shaanxi Province (2015KW-003, 2016KW-034), the Industrialization Cultivation Project of Shaanxi Education Department (2013JC07), the Natural Science Foundation of Shaanxi Education Department (15JK1734), the Natural Science Foundation of Northwest University (14NW28).

摘要/Abstract

摘要： 为了增加软件逆向分析的难度，提高软件的安全性，提出了一种基于攻击威胁监控的软件保护方法。该方法通过在软件中部署威胁监控网，来实时检测并处理软件执行过程遇到的多种攻击威胁，确保软件处于一个相对安全的执行环境中，难以被逆向分析。对该保护方法的研究，主要分为以下三个方面：1）攻击威胁描述。分析软件面临的潜在攻击威胁，并按照<威胁目的，实施方式，作用对象>的表示方式对每种威胁进行描述。2）攻击威胁监控网部署。分析各种威胁的特点并设计对应的检测方法，生成节点库；根据节点自身特点，选取合理的部署方案，将节点安插到软件的不同位置。3）原型系统实现与实验设计。按照保护方案的思路实现原型系统，保护一组程序实例，对提出的方案从性能损耗和安全性影响两方面来评估，实验分析结果表明该保护方案是可行且有效的。

关键词: 白盒攻击环境, 软件逆向分析, 攻击威胁描述, 节点库, 威胁监控网

Abstract: To increase the difficulty of software reverse analysis and improve software security, a software protection method based on monitoring attack threats was proposed. By deploying the threat-monitoring net, a variety of threats in software execution process could be real-time detected and resolved, so that the software is in a relatively safe environment and difficult to be reversely analyzed. There are three main research aspects in this protection scheme:1) Attack threat description. The potential attack threats were analyzed and then they were described with a triple . 2) Deployment of threat-monitoring net. The node base was constructed after analyzing the feature of each threat and designing the corresponding detection methods. The reasonable deployment scheme based on characteristics of nodes was selected, and these nodes were deployed effectively into different places of software. 3) Prototype system implementation and experimental design. According to the idea of this protection scheme, a prototype system was implemented, and a group of test cases was protected with the system to collect the experimental data. The evaluation on the aspects of performance consumption and security was made. The final result shows the proposed method is feasible and effective to protect software.

Key words: white-box attack context, software reverse analysis, description of attack thereat, node base, threat-monitoring net

中图分类号:

汤战勇, 李振, 张聪, 龚晓庆, 房鼎益. 基于攻击威胁监控的软件保护方法[J]. 计算机应用, 2017, 37(1): 120-127.

TANG Zhanyong, LI Zhen, ZHANG Cong, GONG Xiaoqing, FANG Dingyi. Software protection method based on monitoring attack threats[J]. Journal of Computer Applications, 2017, 37(1): 120-127.

参考文献

[1] Microsoft official website of SDL. Microsoft security development lifecycle[EB/OL].[2016-05-02] . http://www.microsoft.com/security/sdl/default.aspx.
[2] GU Y X. Software security patterns:white-box attack analysis and software protection technology[C]//Proceedings of the 1st International ACM Summer School on Information Security and Protection Theme on Software Security and Protection. New York:ACM, 2010:7.
[3] COLLBERG C.软件加密与解密[M].3版.北京:人民邮电出版社,2012:43-44.(COLLBERG C. Surreptitious Software:Obfuscation, Watermarking, and Tamper Proofing for Software Protection[M]. 3rd ed. Beijing:Posts & Telecom Press, 2012:43-44.)
[4] 黄山.基于动态二进制程序切片技术的软件攻击诊断[D].上海:上海交通大学,2012:25-39.(HUANG S. Attack diagnosis on binary executables using dynamic program slicing[D]. Shanghai:Shanghai Jiao Tong University, 2012:25-39.)
[5] 张璇,廖鸿志.基于信息熵和攻击面的软件安全度量[J].计算机应用,2013,33(1):19-22.(ZHANG X, LIAO H Z. Software security measurement based on information entropy and attack surface[J]. Journal of Computer Applications, 2013,33(1):19-22.)
[6] 诸葛建伟,唐勇.蜜罐技术研究与应用进展[J].软件学报,2013,24(4):825-842.(ZHUGE J W, TANG Y. Honeypot technology research and application[J]. Journal of Software, 2013, 24(4):825-842.)
[7] 武少杰,鹤荣育.软件哨兵安全动态检测模型的研究与实现[J].计算机应用研究,2012,29(8):3008-3011.(WU S J, HE R Y. Study and implementation of software guards' security dynamic testing model[J]. Application Research of Computers, 2012, 29(8):3008-3011.)
[8] 余艳玮,赵亚鑫.基于三线程保护和软件哨兵的防篡改技术[J].计算机应用,2013,33(1):1-3.(YU Y W, ZHAO Y X, Tamper proofing technique based on three-thread protection and software guard[J]. Journal of Computer Applications, 2013, 33(1):1-3.)
[9] The official website of Themida. Oreans technology:software security defined[EB/OL].[2016-01-20] . http://www.oreans.com/themida.php.
[10] The official website of SafeEngine. Safengine[EB/OL].[2015-12-14] . http://www.safengine.com/downloads/get-demo.
[11] DT Protect官方网站.动态变形壳DTProtect V1.018免费版[EB/OL].[2015-10-21] . http://www.dtdishui.com/a/chanpinzhanshi/3/2014/0423/42.html.(The official website of DT Protect. Dynamic deformation shell:DTProtect V1.018 for free[EB/OL].[2015-10-21] . http://www.dtdishui.com/a/chanpinzhanshi/3/2014/0423/42.html.)
[12] TenProtect.腾讯的TenProtect系统-网络安全-中国红客联盟-Powered by HUC[EB/OL].[2015-08-01] . http://www.cnhonkerarmy.com/thread-175642-1-1.html.(TenProtect. TenProtect system-network security-Chinese hacker union-Powered by HUC[EB/OL].[2015-08-01] . http://www.cnhonkerarmy.com/thread-175642-1-1.html.)
[13] 王瑾榕.基于攻击知识库的软件攻击自动化建模研究与实现[D].西安:西北大学,2014:33-35.(WANG J R. Research and implementation of software attack automated modeling based on attack knowledge base[D]. Xi'an:Northwest University, 2014:33-35.)

基于攻击威胁监控的软件保护方法

Software protection method based on monitoring attack threats

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 1

编辑推荐

Metrics