Static Extracting Method of Software Intended Behavior Based on API Functions Invoking  被引量：12

作　　者：PENG Guojun PAN Xuanchen FU Jianming ZHANG Huanguo 

机构地区：[1]School of Computer, Wuhan University, Wuhan 430072,Hubei, China

出　　处：《Wuhan University Journal of Natural Sciences》2008年第5期615-620,共6页武汉大学学报（自然科学英文版）

基　　金：the National Natural Science Foundation of China (60673071, 60743003, 90718005, 90718006);the National High Technology Research and Development Program of China (863 Program) (2006AA01Z442, 2007AA01Z411)

摘　　要：The method of extracting and describing the intended behavior of software precisely has become one of the key points in the fields of software behavior＇s dynamic and trusted authentication. In this paper, the author proposes a specified measure of extracting SIBDS （software intended behaviors describing sets） statically from the binary executable using the software＇s API functions invoking, and also introduces the definition of the structure used to store the SIBDS in detail. Experimental results demonstrate that the extracting method and the storage structure definition offers three strong properties： （i） it can describe the software＇s intended behavior accurately; （ii） it demands a small storage expense; （iii） it provides strong capability to defend against mimicry attack.The method of extracting and describing the intended behavior of software precisely has become one of the key points in the fields of software behavior＇s dynamic and trusted authentication. In this paper, the author proposes a specified measure of extracting SIBDS （software intended behaviors describing sets） statically from the binary executable using the software＇s API functions invoking, and also introduces the definition of the structure used to store the SIBDS in detail. Experimental results demonstrate that the extracting method and the storage structure definition offers three strong properties： （i） it can describe the software＇s intended behavior accurately; （ii） it demands a small storage expense; （iii） it provides strong capability to defend against mimicry attack.

关 键 词：API functions invoking software intended behavior trusted behavior 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]