| Software security has been an increasingly urgent problem. According to BSA's Global Software Survey (2014),43 percent of the software installed on PCs around the world was not properly licensed, the economic losses caused to software vendors reaching to more than $60 billion. How to protect software to increase the difficulty of reverse analyzing the protected software, and to narrow the impact when a successful attack arises are crucial for protecting the benefits of software vendors.To solve the presented software security requirements, this thesis integrates software diversity into code virtualization protection and proposes Code Virtualization Protection with Diversity, or DCVP for short. DCVP introduces two improvements to code virtualization protection. For one hand, four obfuscation methods are applied to the virtual interpreter to generate large amount of diversified interpreter copies. For the other, DCVP randomizes the process of encoding virtual instruction, making the resulted bytecode instructions with multiple semantics. With such improvements, the protected program instances will vary from each other, both statically and dynamically, which can solve the security requirements to some extent. The main contents of this thesis are summarized as follows:First of all, this thesis presents the details of designing code virtualization protection. We make a detailed discussion of the process from three points:the architecture of virtual machine, the virtual instruction and virtual interpreter, and the mapping from x86 instructions to virtual instructions.Secondly, this thesis diversifies the obfuscation of virtual interpreter. We employ four obfuscation methods to obscure and diversify the virtual interpreter. Each method has several arguments to control the obfuscation results. These arguments will be assigned with random and different values for each protection instance, able to generate large amount of virtual interpreter variations.Thirdly, this thesis diversifies the encoding of virtual instructions. We first partition the virtual instructions into different blocks. For each block, we randomly choose an encoding scheme to encode its virtual instructions into bytecode. As a result, identical bytecode in different blocks will probably have different semantics. The difference will be revealed during the interpretation of bytecode instructions.Finally, we implements a prototype of DCVP and conduct some experiments with the prototype system. Analytical and experimental results shows that DCVP is effective as well as practical to increase code complexity and to provide diversity protection. |
PDF Full Text Request