Software protection method based on self-modification mechanism

doi:10.7523/j.issn.2095-6134.2009.5.015

›› 2009, Vol. 26 ›› Issue (5): 688-694.DOI: 10.7523/j.issn.2095-6134.2009.5.015

• Research Articles • Previous Articles Next Articles

Software protection method based on self-modification mechanism

WANG Xiang-Gen^1,2,3, SI Duan-Feng², FENG Deng-Guo², SU Pu-Rui²

1. Department of Electronic Engineering and Information Science, University of Science and Technology of China, Hefei 230027, China;
2. State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China;
3. National Engineering Research Center for Information Security, Beijing 100190, China

Received:2009-02-13 Revised:2009-04-24 Online:2009-09-15

Abstract

Abstract:

In this paper, we present a new method based on self-modification mechanism to protect softwares against illegal acts of hacking. The key idea is to converse key codes into data in the original program so as to make programs harder to analyze correctly. Then, we translate data to executable codes by enabling the virtual memory page which stores the hidden code to be executable at run-time. Our experiments demonstrate that the method is practical and efficient.

Key words: self-modifying code(SMC), software protection, dynamic analysis, static analysis

CLC Number:

TP393

WANG Xiang-Gen, SI Duan-Feng, FENG Deng-Guo, SU Pu-Rui. Software protection method based on self-modification mechanism[J]. , 2009, 26(5): 688-694.

References

[1] Yuichiro K, Akito M, Masahide N, et al. Exploiting self-modification mechanism for program protection //Proceedings of the 27th Annual International Computer Software and Applications Conference. Washington, DC, USA: IEEE Computer Society, 2003: 170-181.

[2] Yuichiro K, Akito M, Masahide N, et al. A software protection method based on instruction camouflage //Electronics and Communications in Japan (Part 3). Wiley Publishers, 2006, 89(1): 47-59.

[3] Yuichiro K, Akito M, Masahide N, et al. Program camouflage: a systematic instruction hiding method for protecting secrets //Proceedings of World Congress on Science, Engineering and Technology. Heidelberg, Germany: WASET, 2008, 33: 557-563.

[4] Linn C, Debray S. Obfuscation of executable code to improve resistance to static disassembly //Jajodia S, Atluri V, Jaeger T(eds). Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS 2003). New York: ACM, 2003: 290-299.

[5] Madou M, Anckaert B, Moseley P, et al. Software protection through dynamic code mutation //Proceedings of the 6th International Workshop on Information Security Applications. Springer Berlin:Heidelberg, 2005, 3786: 194-206.

[6] Royal P, Halpin M, Dagon D, et al. PolyUnpack: Automating the hidden-code extraction of unpack-executing malware //Proceedings of the 22nd Annual Computer Security Applications Conference on Annual Computer Security Applications Conference (ACSAC ’06). Washington, DC, USA: IEEE Computer Society, 2006: 289-300.

[7] Kang M, Poosankam P, Yin H. Renovo: A hidden code extractor for packed executables //Proceedings of the 5th ACM Workshop on Recurring Malcode (WORM 2007). New York: ACM, 2007: 46-53.

[8] Wu Y D, Zhao Z G, Chui T W. An attack on SMC-based software protection //Proceedings of the International Conference on Computational Science 2006 (ICCS 2006). Springer Berlin:Heidelberg, 2006, 4307: 352-368.

Software protection method based on self-modification mechanism

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 3

Recommended Articles

Metrics

Comments

[1]	YE Yanling, FU Xiaotong, ZHANG Yuqing, YUE Hongzhou. An automated and directed testing technique for target behavior of Android application [J]. , 2018, 35(3): 409-416.
[2]	FANG Zhejun, LIU Qixu, ZHANG Yuqing. Design and implementation of capability leak detection for Android applications [J]. , 2015, 32(1): 127-135.
[3]	WANG Jia-Jie, JIANG Fan, ZHANG Tao. Detection method for memory overrun in multi-loop programs [J]. , 2010, 27(1): 117-126.