| Software protection has obtained the domestic and foreign widespread attention and become a hot spot in information security. It has a significant value in theory and practical applications. Currently, although researches have made a great progress in software protection, there are still many key issues needed to be studied and solved. This dissertation mainly focuses on the evalua-tion of three important techniques in software protection, which are code obfuscation, software birthmarking and software watermarking. The contents of the dissertation are summarized as fol-lows.1. Since the current researches on data obfuscation are still unable to clearly analyze and evaluate the correctness and potency of data obfuscation and there is a lack of a unified formal framework for data obfuscation, an abstract interpretation-based formal method for analyzing the correctness and potency of data obfuscation is presented. First, a formal description for data ob-fuscation is given based on abstract interpretation. Data obfuscation is specified as a semantic transformation with a variable transformation function and its inverse function. And the semantic transformation is called as semantic data obfuscation. Second, a systematic derivation of the data obfuscation algorithm is provided as abstractions of the corresponding semantic data obfuscation. Third, a method for characterizing and analyzing the correctness and the potency of data obfus-cation is given based on the formal description of data obfuscation. The correctness of data ob-fuscation is expressed by the equivalence of the observational abstraction of the program's se-mantics before and after the data obfuscation, and the potency of data obfuscation is measured by the imprecision of the abstraction that models the static program analysis with respect to a value property. Finally, the formal analysis method is demonstrated by considering a well-known data obfuscating transformation—variable encoding. The case study shows that the formal method can be used to specify and evaluate the existing data obfuscating transformations.2. To solve the problem that the evaluation of software birthmarks are mainly done through experiments and there is no theoretical framework, which makes it difficult to formally analyze and certify the effectiveness of software birthmarks, a semantic method for analyzing the credi-bility and the resilience of software birthmarks is proposed based on abstract interpretation. First, the criteria for the copy relation and semantics-preserving transformation attacks are formally characterized by abstract interpretation from a semantic point of view. Then based on the charac-terizing, the semantic definition of software birthmarks is presented, and the credibility and the resilience of software birthmarks are formally analyzed. Furthermore, software birthmarks are compared with respect to their credibilities and resilience in the lattice of abstract interpretation. Finally, the proposed method is demonstrated by a concrete example, where a typical software birthmark, the static API birthmark, is shown to be credible with respect to a given criterion for the copy relation and resilient to the substitution of equivalent commands.3. To improve the resilience of software watermarks, especially the ability to resist against substractive attacks and distortive attacks, a data obfuscation and software birthmarking-based software watermarking framework is proposed and the resilience of the software watermark is analyzed by abstract interpretation. First, a data obfuscation and software birthmarking-based software watermarking framework is given. In the proposed framework, software birthmarks are introduced into the process of watermark creating, where the watermark information is encoded into a software birthmark and a code that has the specific birthmark is constructed, so that im-proves the resilience of the watermark against distortive attacks. Furthermore, data obfuscation is used to embed the code that contains the watermark, so that makes it difficult to reverse engi-neering the program and enhance the resilience of the watermark against substractive attacks. Then, the resilience of the software watermark is discussed by abstract interpretation from a se-mantic point of view. Finally, a concrete software watermarking algorithm is given, and its resil-ience against substractive attacks and distortive attacks are analyzed. The case study shows that introduction of data obfuscation and software birthmarking improves the resilience of software watermarks.Finally, a conclusion with a discussion of the direction of the future research is given.
|
PDF Full Text Request