Hmily 发表于 2010-3-10 21:21

Software Protection Against Reverse Engineering Tools

Advances in technology have led to the use of simple to use automated debugging tools which can be extremely helpful in troubleshooting problems in code. However, a malicious attacker can use these same tools. Securely designing software and keeping it secure has become extremely difficult. These same easy to use debuggers can be used to bypass security built into software. While the detection of an altered executable file is possible, it is not as easy to prevent alteration in the first place. One way to prevent alteration is through code obfuscation or hiding the true function of software so as to make alteration difficult. This research executes blocks of code in parallel from within a hidden function to obscure functionality.

This method is tested on six programs; a DOS version of the UNIX grep utility and five computational functions: Fast Fourier Transfer, Successive Over-Relaxation, Sparse matrix-multiply, Monte Carlo integration, and dense LU factorization. It tests the impact of using four, eight, and twelve parallel threads of execution to obscure functionality.

The concept is effective, but is limited due to the cost associated with using threads. The computational functions make millions of calls to the hidden function. The average cost per thread for these five functions turns out to be 7.04906 x 10-6 seconds. The grep function does not make millions of calls and is therefore more feasible. Care must be taken to ensure the compiler does not remove parallel threads if optimization is used.
页: [1]
查看完整版本: Software Protection Against Reverse Engineering Tools