| In information age, the software has become indispensable in people’s production and life, which has caused the problem of software piracy, tampering and reverse analysis. Software protection has drawn attention from governments, industry and academic, thereby which has become a key and hot research issue.Currently, there are many software protection methods applied to protect the core software algorithms or confidential information, which increase the difficulty to analyze them, and were researched by more scholars. Software survives in the white-box environment currently. Though the existing software protection methods can effectively prevent static analysis, the attacker can directly access the software core algorithms or confidential information via dynamic analysis tools, such as debugging. Therefore, software protection in defending the dynamic analysis still faces many challenges.Therefore, the dissertation launched the study of software protection methods to anti-dynamic attack in white-box environment, which can provide theoretical analysis and technical support for building more effective software protection methodsThe main innovative research of the dissertation is summarized as follows:1. Propose a finite state automata model of software protectionDependencies among protection technologies are described by regular expressions, and we propose a finite state automata model of software protection based on it. This model can generate a rational protection method from initial state to any accepted state in it. It can also generate software protection methods by organizing protection techniques reasonably. Finally, the specific finite state automaton model of software protection is constructed, based on which we present three software protection methods focused in this dissertation.2. Propose a software protection method based on the combination of instruction deformation and anti-debugging techniquesDeformation sub engines of protected fragments are constructed based on the program differences and the execution time of other instruction segments is used to control scheduling of deformed sub engine. At the same time, we protect deformed sub engine with dynamic encryption technology, which can improve its security. Through analysis, software protection based on combination of instruction deformation and anti-debugging techniques can not only effectively resist static analysis of attackers, but also resist to dynamic analysis to a certain extent.3. Propose a software protection method of obufuscation conversion with version diversity Equivalent transformation rules and the corresponding equivalent transformation template function are researched through instruction splitting or replace operation, as well as arithmetic and logical equivalence formula, which can improve obfuscation strength and effect of version diversity. As for time overhead for the obfuscation transform, we propose a method to reduce time overhead based on the loop depth of the instructions. A prototype system called MEPE is designed, and experiment results show that the method has a better effect of the version diversity, which can effectively resist attacks based on the "shared experience" and reduce the time overhead of software protection effectively.4. Propose a virtual machine based software protection method with time diversityOn the one hand, for single function of the virtual machine instruction set, a virtual machine instruction set is extended by proposing secure virtual instruction, which can enhance protection strengh from some aspects, such as anti-debugging capabilities, change of execution environment, and invalid analysis. On the other hand, we propose a virtual machine based software protection with time diversity and implement a prototype system called IVMP. The experiment results show that the method has a better effect of time diversity, which can resist the "cumulative experience" attacks effectively without bringing much performance overhead for the protected software.5. Propose an effectiveness evaluation method of software protection based on attack modelWe model the software attack process with Petri nets based on the analysis of attack process. Then, the application of the model is used on attack guidance, the effectiveness evaluation and improvement of software protection. The platform of software attack guidance and effectiveness evaluation of protection method is implemented called SA&SPEE. And experiment results show that the attack model can effectively evaluate the strength of software protection and help to improve the software protection methods. |