项目名称: 白盒攻击环境下安全关键代码保护的广义混淆变换方法研究
项目编号: No.61202382
项目类型: 青年科学基金项目
立项/批准年度: 2013
项目学科: 计算机科学学科
项目作者: 史扬
作者单位: 同济大学
项目金额: 20万元
中文摘要: 对软件的攻击环境包括黑盒、灰盒与白盒三种,当攻击者对软件及其运行环境拥有完全的控制权时,软件处于白盒攻击环境之下。混淆变换是一种程序转换机制,在保持程序可观测行为不变的前提下使转换后的程序难以被理解、分析和攻击,是提高白盒攻击环境下软件安全性的重要方法,但对于程序中安全关键代码的变换方法尚需深入研究。本研究提出了广义混淆变换这一新概念和相关的研究思路,放宽了对变换的限制,允许程序可观测行为的合理改变,但要求这种改变并不影响善意用户的正常使用,也不会干扰系统中其他合法程序的运行。主要内容是针对程序中对称加密、签名(包括前向安全签名和密钥隔离签名)及计算消息认证码等安全关键操作,构造安全性较好的专用的广义混淆变换。同时也对广义混淆变换的安全性和代价的度量与分析方法进行研究,并对研究出的广义混淆变换进行评价。研究有助于解决白盒攻击环境下的各类安全问题,也有助于在灰盒攻击环境下对抗旁道攻击等威胁。
中文关键词: 白盒攻击环境;广义混淆;加密;数字签名;软件安全
英文摘要: Attacks to software can be categorized into three classes: black-box, gray-box, and white box. When the intruder obtains a full control over a software and its running environment, the software is under the "white-box attack context". Obfuscation is a mechanism of program transformation, which make the program observable to humans while maintains the observable behavior of the program. Therefore, obfuscation is an effective way to improve the security of the software being threatened by "white-box" attacks. However, how to transform security critical codes efficiently is still underexplored. In this project, we propose a new approach to generalize obfuscating transformation and its related schemes. The approach relaxes constraints to the transform in that it allows rational changes of software running behavior without interfering other running programs and authorized users' operations. In this project, in order to construct generalized obfuscation schemes with high security level, we will focus on symmetric encryption, digital signature (both forward-secure signature and key-insulated signature) and message authentication code computation. Additionally, we will evaluate these transformation schemes' security level and the related costs to implement those schemes. The findings will contribute to "white-box" secur
英文关键词: white-box attack context;generalized obfuscation;encryption;digital signature;software security