A Review on the Technology of Legal Software Protection

Abstract

Abstract: In the field of computer security, software protection has been a popular research content, because the software piracy technology and cracking technology emerge in endlessly, in order to protect the software from being damaged, software protection technology is also continuous progress. Therefore, we have proposed code obfuscation, digital watermarking, software tampering and other techniques for the attacking agents on the destruction of the legal subject. This paper starts with the attack and defense of the software legal subject, focuses on the code obfuscation technology, and makes a detailed classification of the code obfuscation research, and points out the advantages and disadvantages of various technologies, the effectiveness of code obfuscation. Finally, the future development directions of software legitimacy protection technology are summarized and prospected.

Key words: software protection, anti-reverse, code obfuscation, anti-tampering, software legitimacy

摘要： 在计算机安全领域，软件保护一直是热门的研究内容，而在计算机安全领域，就是要保护软件合法主体的信息完整性.因此，针对攻击者对软件合法主体的破坏行为，提出了代码混淆、数字水印、软件防篡改等技术.从软件合法主体的攻击和防御入手，重点研究了代码混淆技术，并对国内外的代码混淆技术研究进行详细的分类，并指出各种技术的优点和不足，以及代码混淆技术有效性的度量标准.最后展望了未来软件合法性保护技术的发展方向.

关键词: 软件保护, 逆向工程, 代码混淆, 软件篡改, 软件合法性

Sun Wei. A Review on the Technology of Legal Software Protection[J]. Journal of Information Security Research, 2017, 3(5): 451-461.

孙伟. 软件合法性保护技术及应用研究综述[J]. 信息安全研究, 2017, 3(5): 451-461.

References

［1］Landwehr C E, Bull A R, Mcdermott J P, et al. A taxonomy of computer program security flaws［J］. ACM Computing Surveys, 1993, 26(3): 211254［2］Wahbe R, Lucco S, Anderson T E, et al. Efficient softwarebased fault isolation［J］. ACM SIGOPS Operating Systems Review, 2000, 27(5): 203216［3］张玉清, 王凯, 杨欢, 等. Android安全综述［J］. 计算机研究与发展, 2014, 51(7): 13851396［4］陈佳霖. iOS平台应用程序安全性研究［D］. 上海: 上海交通大学, 2014［5］Anckaert B, Jakubowski M, Venkatesan R, et al. Runtime randomization to mitigate tampering［C］ Proc of the 2nd Int Workshop on Security:Advances in Information and Computer Security(IWSEC2007). New York: ACM, 2007: 153168［6］Barak B, Goldreich O, Impagliazzo R, et al. On the (im)possibility of obfuscating programs ［J］. Journal of the ACM, 2012, 59(2): 118［7］Sebastian S A, Malgaonkar S, Shah P, et al. A study & review on code obfuscation［C］ Proc of World Conf on Futuristic Trends in Research and Innovation for Social Welfare (Startup Conclave). Piscataway, NJ: IEEE, 2016: 16［8］Collberg C S, Thomborson C, Low D. A taxonomy of obfuscating transformations［R］. Auckland, New Zealand : The University of Auckland, 1997［9］Collberg C S, Thomborson C. Watermarking, tamperproofing, and obfuscationtools for software protection［J］. IEEE Trans on Software Engineering, 2002, 28(8): 735746［10］Cohen F B. Operating system protection through program evolution ［J］. Computers & Security, 1993, 12(6): 565584［11］Cohen F B, Cohen D F. A Short Course on Computer Viruses［M］. Hoboken, NJ: John Wiley & Sons, Inc, 1994［12］Chan J T, Yang W. Advanced obfuscation techniques for Java bytecode［J］. Journal of Systems & Software, 2004, 71(12):110［13］Chen H, Yuan L, Wu X, et al. Control flow obfuscation with information flow tracking［C］ Proc of IEEEACM Int Symp on Microarchitecture. New York: ACM, 2009: 391400［14］Preda M D, Madou M, Bosschere K D, et al. Opaque predicates detection by abstract interpretation［C］ Proc of Int Conf on Algebraic Methodology and Software Technology, Kuressaare, Estonia. New York: ACM, 2006: 8195 ［15］Wang C, Hill J, Knight J C, et al. Protection of softwaresased survivability mechanisms［C］ Proc of Int Conf on Dependable Systems and Networks. Los Alamitos: IEEE Computer Society, 2001: 193202［16］Cesare S, Xiang Y. Classification of malware using structured control flow［C］ Proc of the 8th Australasian Symp on Parallel and Distributed Computing. Sydney: Australian Computer Society, Inc, 2010: 6170［17］Gentry C, Sahai A, Waters B. Homomorphic encryption from learning with errors: Conceptuallysimpler, asymptoticallyfaster, attributebased［C］ Proc of Advances in Cryptology—CRYPTO 2013. Berlin: Springer, 2013: 7592［18］ Ansel J, Marchenko P, Erlingsson,et al. Languageindependent sandboxing of justintime compilation and selfmodifying code［J］. ACM SIGPLAN Notices, 2011, 46(6): 355366［19］Myles G, Collberg C. Software watermarking via opaque predicates: Implementation, analysis, and attacks［J］. Electronic Commerce Research, 2006, 6(2): 155171［20］Bedrune J B, ricFiliol, Raynal F. Cryptography: Allout attacks or how to attack cryptography without intensive cryptanalysis［J］. Journal of Computer Virology and Hacking Techniques, 2010, 6(3): 207237［21］Pietro R D, Mancini L V, Soriente C, et al. Playing hideandseek with a focused mobile adversary in unattended wireless sensor networks［J］. Ad Hoc Networks, 2009, 7(8): 14631475［22］Zhu W, Thomborson C, Wang F Y. Obfuscate arrays by homomorphic functions［C］ Proc of IEEE Int Conf on Granular Computing. Piscataway, NJ: IEEE, 2006: 770773［23］Wang C. A security architecture for survivability mechanisms［D］. Virginia: University of Virginia, 2001［24］Collberg C, Thomborson C, Low D. Breaking abstractions and unstructuring data structures［C］ Proc of IEEE Int Conf on Computer Languages. Piscataway, NJ: IEEE, 1998: 2838［25］Anna L, Matt B, Reisse A, et al. Selfprotecting mobile agents obfuscation report［R］. Virginia: Network Associates Laboratories, 2003［26］Anckaert B, Jakubowski M, Venkatesan R. Proteus: Virtualization for diversified tamperresistance［C］ Proc of ACM Workshop on Digital Rights Management. New York: ACM, 2006: 4758［27］Kanzaki Y, Monden A, Nakamura M, et al. Exploiting selfmodification mechanism for program protection［C］ Proc of Int Conf on Computer Software and Applications. Los Alamitos: IEEE Computer Society, 2003: 170179［28］Aucsmith D. Tamper resistant software: An implementation［G］ LNCS 1174. Berlin: Springer, 1996: 317333 ［29］Madou M, Anckaert B, Moseley P, et al. Software protection through dynamic code mutation［C］ Proc of Int Conf on Information Security Applications. Berlin: Springer, 2005: 194206