计算机科学 ›› 2015, Vol. 42 ›› Issue (3): 167-173.doi: 10.11896/j.issn.1002-137X.2015.03.035
谢 鑫,刘粉林,芦 斌,巩道福
XIE Xin, LIU Fen-lin, LU Bin and GONG Dao-fu
摘要: 为了克服软件保护过程中代码混淆方法选择的偶然性和盲目性,针对代码混淆量化比较和评估困难的问题,提出一种基于多层次属性加权的代码混淆定量评估方法:从攻击者角度出发,采用静态和动态逆向分析手段对混淆前后程序进行分析,量化基于程序属性的评估指标。构建三级层次分析模型,运用专家评分法来比较程序属性之间的重要性,以确定属性权值。在程序属性指标量化值和权值的基础上,运用层次分析法对不同混淆方法进行评估。实验和分析表明,评估方法能够定量地对不同混淆算法的有效性进行比较。
| [1] Collberg C,Thomborson C,Low D.A taxonomy of obfuscating transformations[R].Department of Computer Science,University of Auckland,Auckland,NewZealand,1997 [2] 王建民,余志伟,王朝坤,等.Java程序混淆技术综述[J].计算机学报,2011,31(9):1578-1588 [3] Collberg C,Thomborson C,Low D.Manufacturing cheap,resi-lient,and stealthy opaque constructs[C]∥Proceedings of 25th SIGPLAN-SIGACT Symposium on Principles of Programming Languages.ACM,1998:184-196 [4] Barak B,Gold reich O,Impagliazzo R,et al.On the (im)possibility of obfuscating programs[C] ∥Proceedings of CRYPTO 2001.Santa Barbara:Springer-Verlag,2001:1-18 [5] Kuzurin N,Shokurov A,Varnovsky N,et al.On the concept of software obfuscation in computer security[C] ∥Proceedings of the 10th International Conference on Information Security.2007,4779:281-298 [6] Goldwasser S,Rothblum G.On best possible obfuscation[C]∥Proceedings of the 4th Theory of Cryptography Conference.2007,4392:194-213 [7] Barak B,Goldreich O,Impagliazzo R,et al.On the (Im)possibility of Obfuscating Programs[M]∥Advances in Cryptology-CRYRTO 2001.2001:1-18 [8] Dalla M,Giacobazzi R.Semantic-based code obfuscation by abstract interpretation[C] ∥Proceedings of the 32nd International Colloquium on Automata,Languages and Programming.2005,3580:1325-1336 [9] Dalla M,Giacobazzi R.Control code obfuscation by abstract interpretation[C] ∥Proceedings of the 3rd IEEE International Conference on Software Engineering and Formal Methods.2005:301-310 [10] 高鹰,陈意云.基于抽象解释的代码混淆有效性比较框架[J].计算机学报,2007,30(5):806-814 [11] Anckaert B,Madou M,De S B, et al.Program obfuscation:Aquantitative approach[C]∥Proceedings of the 2007 ACM Workshop on Quality of Protection.2007:15-20 [12] Tsai H Y,Huang Y L,Wagner D.A graph approach to quantitative analysis of control flow obfuscating[J].IEEE Transactions on Information Forensics and Security,2009,4(2):257-267 [13] Huang Y L,Tsai H Y.A framework for quantitative evaluation of parallel control-flow obfuscation[J].Computers & Security,2012,31(8):886-896 [14] 付剑晶,王珂.软件迷惑变换的鲁棒性量化评价[J].软件学报,2013,24(4):730-748 [15] Ogiso T,Sakabe Y,Soshi M,et al.Software obfuscation on a theoretical basis and its implementation[J].IEICE Transactions on Fundamentals of Electronics,Communications and Computer Sciences,2003,86(1):176-186 [16] Ceccato M,Di P M,Nagra J,et al.Towards experimental evaluation of code obfuscation techniques[C]∥Proceedings of the 4th ACM Workshop on Quality of Protection.Alexandria,VA,USA,2008:39-46 [17] Ceccato M,Di Penta M,Nagra J,et al.Towards experimentalevaluation of code obfuscation techniques[C]∥Proceedings of the 4th ACM Workshop on Quality of Protection.2008:39-46 [18] 赵玉洁,汤战勇,王妮,等.代码混淆有效性评估[J].软件学报,2012:700-711 [19] Satty T L.The Analytic Hierarchy Process [M].New York:McGraw-Hill,1980 |
| No related articles found! |
|
||
首页