您的位置:山东大学 -> 科技期刊社 -> 《山东大学学报(理学版)》

山东大学学报(理学版) ›› 2015, Vol. 50 ›› Issue (01): 12-19.doi: 10.6040/j.issn.1671-9352.2.2014.321

• 论文 • 上一篇    下一篇

一种基于API安全属性隐藏的软件保护方法

张聪1,2, 房鼎益1,2, 王怀军3, 祁生德1,2   

  1. 1. 西北大学信息科学与技术学院, 陕西 西安 710127;
    2. 西北大学-爱迪德物联网信息安全联合实验室, 陕西 西安 710127;
    3. 西安理工大学计算机科学与工程学院, 陕西 西安 710048
  • 收稿日期:2014-06-24 修回日期:2014-11-25 出版日期:2015-01-20 发布日期:2015-01-24
  • 作者简介:张聪(1990-),女,硕士研究生,研究方向为软件安全防护.E-mail:xdzc2008@126.com
  • 基金资助:
    国家科技支撑计划资助项目(2013BAK01B02);国家自然科学基金资助项目(61170218, 61272461, 61202393);陕西省教育厅产业化培育项目(2013JC07);陕西省自然科学基础研究计划项目(2012JQ8049)

A software protection method base on concealment of API security attributes

ZHANG Cong1,2, FANG Ding-yi1,2, WANG Huai-jun3, QI Sheng-de1,2   

  1. 1. School of Information Science and Technology, Northwest University, Xi'an 710127, Shaanxi, China;
    2. NWU-Irdeto IoT-Information Security Joint Lab., Xi'an 710127, Shaanxi, China;
    3. School of Information Science and Engineering, Xi'an University of Technology, Xi'an 710048, Shaanxi, China
  • Received:2014-06-24 Revised:2014-11-25 Online:2015-01-20 Published:2015-01-24

摘要: 基于三种软件攻击目的,分析了不同API(application programming interface)安全属性在软件攻击过程中的作用,确定出API安全属性集,并分析了每一种API安全属性的攻击特点。借鉴现有的API保护方法,提出了基于API安全属性隐藏的软件保护方法。该方法使安全属性以一种更加隐蔽的方式存在,以此增加攻击者动态获取它们的难度。分别从安全性和性能影响两方面进行评价,实验结果表明该方法能够抵御API安全属性的静态获取,也能在一定程度上增加动态获取的难度,同时,未对性能造成较大影响。

关键词: 攻击特点, 逆向分析, API安全属性, 隐藏方案

Abstract: Based on three attacking targets of software, the role of each API security attribute was analyzed and the attributes set was collected. The attacking features (i.e. presence state and extracting ways) of each attribute were analyzed, based on which a method of concealing API security attributes was proposed. This method makes security attributes exist in a more subtle way. So it increases the difficulty of extracting them for attackers. In the end, experiments from two aspects: security effect and performance cost were conducted. And the experiment results show that the method can resist the API static security attributes of the acquisition. To a certain extent, it can also increase the difficulty of the dynamic acquisition without causing a great influence on the system performance.

Key words: reverse analysis, API security attributes, concealment method, attacking feature

中图分类号: 

  • TP309
[1] KLIMEK I, KELTIKA M, JAKAB F. Reverse engineering as an education tool in computer science[C]// Proceedings of 2011 IEEE 9th International Conference on Emerging Learning Technologies and Applications (ICETA). Piscataway: IEEE, 2011: 123-126.
[2] EILAM E. Reversing:secrets of reverse engineering[M]. New York: John Wiley & Sons, 2005.
[3] CHOI S, PARK H, LIM H, et al. A static API birthmark for Windows binary executables[J]. Journal of Systems and Software, 2009, 82(5):862-873.
[4] BAYER U, COMPARETTI P M, HLAUSCHEK C.et al.Scalable, behavior-based malware clustering[C]// Proceedings of the Network and Distributed System Security Symposium (NDSS 2009). San Diego, 2009: 1-18.
[5] MADOU M, ANCKAERT B, DE SUTTER B, et al. Hybrid static-dynamic attacks against software protection mechanisms[C]// Proceedings of the 5th ACM Workshop on Digital Rights Management. New York: ACM, 2010: 75-82.
[6] ALAZAB M, VENKATARAMAN S, WATTERS P. Towards understanding malware behaviour by the extraction of API calls[C]// Proceedings of 2010 IEEE 2nd Cybercrime and Trustworthy Computing Workshop (CTC). Piscataway: IEEE, 2010: 52-59.
[7] BRAND M, VALLI C, WOODWARD A. Lessons Learned from an investigation into the analysis avoidance techniques of malicious software[J]. Australian Digital Forensics, 2010, 15(6):100-106.
[8] 赵玉洁, 汤战勇. 代码混淆算法有效性评估[J]. 软件学报, 2012, 23(3):700-711. ZHAO Yujie, TANG Zhanyong. Evaluation of code obfuscating transformation[J]. Journal of Software, 2012, 23(3):700-711.
[1] 高元照,李炳龙,吴熙曦. 基于物理内存的注册表逆向重建取证分析算法[J]. 山东大学学报(理学版), 2016, 51(9): 127-136.
[2] 郜伟1,高红霞2,何静1. 操作系统可信机制功能模型研究[J]. J4, 2012, 47(9): 26-31.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!