JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2015, Vol. 50 ›› Issue (01): 12-19.doi: 10.6040/j.issn.1671-9352.2.2014.321

Previous Articles     Next Articles

A software protection method base on concealment of API security attributes

ZHANG Cong1,2, FANG Ding-yi1,2, WANG Huai-jun3, QI Sheng-de1,2   

  1. 1. School of Information Science and Technology, Northwest University, Xi'an 710127, Shaanxi, China;
    2. NWU-Irdeto IoT-Information Security Joint Lab., Xi'an 710127, Shaanxi, China;
    3. School of Information Science and Engineering, Xi'an University of Technology, Xi'an 710048, Shaanxi, China
  • Received:2014-06-24 Revised:2014-11-25 Online:2015-01-20 Published:2015-01-24

Abstract: Based on three attacking targets of software, the role of each API security attribute was analyzed and the attributes set was collected. The attacking features (i.e. presence state and extracting ways) of each attribute were analyzed, based on which a method of concealing API security attributes was proposed. This method makes security attributes exist in a more subtle way. So it increases the difficulty of extracting them for attackers. In the end, experiments from two aspects: security effect and performance cost were conducted. And the experiment results show that the method can resist the API static security attributes of the acquisition. To a certain extent, it can also increase the difficulty of the dynamic acquisition without causing a great influence on the system performance.

Key words: reverse analysis, API security attributes, concealment method, attacking feature

CLC Number: 

  • TP309
[1] KLIMEK I, KELTIKA M, JAKAB F. Reverse engineering as an education tool in computer science[C]// Proceedings of 2011 IEEE 9th International Conference on Emerging Learning Technologies and Applications (ICETA). Piscataway: IEEE, 2011: 123-126.
[2] EILAM E. Reversing:secrets of reverse engineering[M]. New York: John Wiley & Sons, 2005.
[3] CHOI S, PARK H, LIM H, et al. A static API birthmark for Windows binary executables[J]. Journal of Systems and Software, 2009, 82(5):862-873.
[4] BAYER U, COMPARETTI P M, HLAUSCHEK C.et al.Scalable, behavior-based malware clustering[C]// Proceedings of the Network and Distributed System Security Symposium (NDSS 2009). San Diego, 2009: 1-18.
[5] MADOU M, ANCKAERT B, DE SUTTER B, et al. Hybrid static-dynamic attacks against software protection mechanisms[C]// Proceedings of the 5th ACM Workshop on Digital Rights Management. New York: ACM, 2010: 75-82.
[6] ALAZAB M, VENKATARAMAN S, WATTERS P. Towards understanding malware behaviour by the extraction of API calls[C]// Proceedings of 2010 IEEE 2nd Cybercrime and Trustworthy Computing Workshop (CTC). Piscataway: IEEE, 2010: 52-59.
[7] BRAND M, VALLI C, WOODWARD A. Lessons Learned from an investigation into the analysis avoidance techniques of malicious software[J]. Australian Digital Forensics, 2010, 15(6):100-106.
[8] 赵玉洁, 汤战勇. 代码混淆算法有效性评估[J]. 软件学报, 2012, 23(3):700-711. ZHAO Yujie, TANG Zhanyong. Evaluation of code obfuscating transformation[J]. Journal of Software, 2012, 23(3):700-711.
[1] GAO Yuan-zhao, LI Bing-long, WU Xi-xi. A forensic analysis algorithm of registry reverse reconstruction based on physical memory [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(9): 127-136.
[2] GAO Wei1, GAO Hong-xia2, HE Jing1. Research on function model of OS trusted mechanism [J]. J4, 2012, 47(9): 26-31.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!