基于攻击威胁监控的软件保护方法  

作　　者：汤战勇[1,2] 李振[1,2] 张聪[1,2] 龚晓庆[1,2] 房鼎益[1,2] 

机构地区：[1]西北大学信息科学与技术学院,西安710127 [2]西北大学爱迪德信息安全联合实验室,西安710127

出　　处：《计算机应用》2017年第1期120-127,共8页journal of Computer Applications

基　　金：国家自然科学基金资助项目(61373177;61572402);陕西省国际合作项目(2015KW-003;2016KW-034);陕西省教育厅产业化培育项目(2013JC07);陕西省教育厅自然科学基金资助项目(15JK1734);西北大学自然科学基金资助项目(14NW28)~~

摘　　要：为了增加软件逆向分析的难度,提高软件的安全性,提出了一种基于攻击威胁监控的软件保护方法。该方法通过在软件中部署威胁监控网,来实时检测并处理软件执行过程遇到的多种攻击威胁,确保软件处于一个相对安全的执行环境中,难以被逆向分析。对该保护方法的研究,主要分为以下三个方面:1)攻击威胁描述。分析软件面临的潜在攻击威胁,并按照〈威胁目的,实施方式,作用对象〉的表示方式对每种威胁进行描述。2)攻击威胁监控网部署。分析各种威胁的特点并设计对应的检测方法,生成节点库;根据节点自身特点,选取合理的部署方案,将节点安插到软件的不同位置。3)原型系统实现与实验设计。按照保护方案的思路实现原型系统,保护一组程序实例,对提出的方案从性能损耗和安全性影响两方面来评估,实验分析结果表明该保护方案是可行且有效的。To increase the difficulty of software reverse analysis and improve software security, a software protection method based on monitoring attack threats was proposed. By deploying the threat-monitoring net, a variety of threats in software execution process could be real-time detected and resolved, so that the software is in a relatively safe environment and difficult to be reversely analyzed. There are three main research aspects in this protection scheme： 1 ） Attack threat description. The potential attack threats were analyzed and then they were described with a triple 〈 threat target, execution way, object 〉. 2） Deployment of threat-monitoring net. The node base was constructed after analyzing the feature of each threat and designing the corresponding detection methods. The reasonable deployment scheme based on characteristics of nodes was selected, and these nodes were deployed effectively into different places of software. 3） Prototype system implementation and experimental design. According to the idea of this protection scheme, a prototype system was implemented, and a group of test cases was protected with the system to collect the experimental data. The evaluation on the aspects of performance consumption arid security was made. The final result shows the proposed method is feasible and effective to protect software.

关 键 词：白盒攻击环境 软件逆向分析 攻击威胁描述 节点库 威胁监控网 

分 类 号：TP391[自动化与计算机技术—计算机应用技术] TP309.2[自动化与计算机技术—计算机科学与技术]