KR101885146B1 - Method and apparatus for protecting an application - Google Patents

Abstract

The present invention provides an application transition method and apparatus. The method includes the following steps: a server generates a transition code formed by changing some codes constituting an application; the server transmits the transition code to a target terminal; the target terminal receives the transition code; the target terminal replaces the some codes of the application installed in the target terminal with the transition code; and the target terminal executes the application replaced with the transition code. It is difficult to analyze the code for the application.

Description

≪ Desc / Clms Page number 1 > METHOD AND APPARATUS FOR PROTECTING AN APPLICATION [

The present invention relates to techniques for protecting applications from hacking attempts. More specifically, the present invention relates to techniques for continuously modifying some code in an application to protect the application from hacking.

Advanced devices such as smart phones have played an important role in life, and users have stored various personal information in advanced devices. Also, in case of a server that controls a plurality of devices, various public information is stored in the server. These advanced devices are often connected to the network to exchange information. Therefore, when the smartphone is lost, hacked, or the server is hacked, the risk of exposure of fatal personal information or public information to the outside is increasing.

Along with the development of security technologies, hacking techniques to steal information are also evolving. Reverse engineering is one of the most used methods in hacking technology.

Reverse engineering can be understood as the reverse of the process of developing an application. Generally, the process of developing an application is through compilation and packaging from the source code to generate the installation files. On the contrary, reverse engineering is the process of checking the source code through installation files, packaging, compiling, and source code.

Reverse engineering is a technique that is primarily aimed at finding defects in the development process or repairing defects in the product if the source code is undisclosed. However, in recent years, it has been used extensively for the purpose of grasping the structure of internal systems as a means of hacking for the purpose of stealing key technologies of competitive products or borrowing ideas.

Reverse engineering is easily exploited by hackers along with repackaging techniques. You can reverse-engineer your application to the source code level and then recompile and package critical code. When creating and distributing similar applications through this, it is possible for the original application to steal personal information and public information from a good user and cause unintended behavior of the original application.

Repackaging refers to the way in which compiled files are bundled (packaging), which is called repackaging because code decomposed by reverse engineering is modified and repackaged.

An attacker such as a hacker attempts to perform a static analysis by obtaining source code from a binary executable file using reverse engineering techniques and tools to detect vulnerabilities in the application. Even if code analysis takes time, it can finally find vulnerabilities and attack the application in the desired form.

Therefore, there is a need for techniques to protect applications against hacking attempts based on reverse engineering and repackaging.

The present invention can provide a terminal and a method that makes it difficult to analyze code for an application by continuously replacing some code of the application with a mutation code.

In addition, the present invention can provide a server and a method capable of continuously generating an application variation code through an application management server that can manage an application and controlling a terminal installed with the application.

According to an embodiment of the present invention, there is provided a communication system including a storage unit for storing information on an application and a target terminal in which the application is installed; A control unit for generating a variation code in which a part of codes constituting the application are changed; And a communication unit for transmitting the mutation code to the target terminal.

The control unit of the application server generates the mutation code in an obfuscation manner. The storage unit of the application variation server stores a source application for the application and an application to which the variation code is applied. The control section of the application generates a mutation code that has been changed again after a certain period of time. Wherein the mutation code replaces a part of the code of the application installed in the target terminal, and the function operation of the application of the application and the application to which the mutation code is applied are identical. The control unit transmits the token information together with the mutation code to the communication unit, and the mutation code replaces the partial code only when the token information is correct.

According to another embodiment of the present invention, there is provided an information processing apparatus comprising: a storage for storing an application; A communication unit for receiving a mutation code for the application from an application server; And a control unit that replaces some code of the application with the mutation code and executes the replaced application.

The storage unit of the application execution terminal stores the application to which the mutation code is applied. The control unit of the application executing terminal checks whether or not the application is executable, and transmits the executable state checking related information to the application server via the communication unit. The control unit of the application execution terminal executes the replaced application to recover the previous application stored in the storage unit when an error occurs.

According to another embodiment of the present invention, there is provided a method of generating a code, the method comprising: generating a variation code in which a server changes some codes constituting an application; The server transmitting the mutation code to a target terminal; Receiving the mutation code from the target terminal; Replacing the partial code of the application installed in the target terminal by the target terminal with the variation code; And executing the application in which the target terminal is replaced with the mutation code.

The server generates the mutation code when a predetermined period of time has elapsed. The mutation code is generated in a randomized manner.

The application mutation method further includes the step of the server storing the application to which the mutation code is applied, and the server stores history information related to the original application and the application to which the mutation code is applied.

The application mutation method may further comprise: the target terminal executing an application to which the mutation code is applied; And if the application has an error in execution, the step of rewriting the application.

According to another embodiment of the present invention,

Generating a mutation code that alters some of the code for the application when the period is reached; Storing the mutation code and an application to which the mutation code is applied; Transmitting the mutation code to a target terminal; And receiving information on the success or failure of execution from the target terminal; And storing an execution success history for the mutation code.

The application mutation method may further include: transmitting a mutable state confirmation request to the target terminal before the mutation code generation step; And receiving a response to the mutable state confirmation.

The method also includes receiving a variation code for the application from the server; Replacing some code of the previously installed application with the mutation code; And executing the replaced application.

Further, the application mutation method further includes restoring, after the execution step, the application before the mutation code replacement if there is an error in the application. And the function operation of the original application of the application and the application to which the mutation code is applied are the same.

According to at least one embodiment of the present invention, it is possible to provide an effect that makes code analysis for an application very difficult, because the code of the application is constantly or non-periodically changing.

In addition, the present invention can provide an effect of making it difficult to track the original code by separately storing the original and the variation code of the application in an external server.

Brief Description of the Drawings Fig. 1 shows an application server and a target terminal. Fig.
2 is a view showing a flow of an application installation operation;
3 is a diagram showing a flow of an authentication operation between an application server and a target terminal.
4 illustrates an embodiment of an application of a mutation code between an application server and a target terminal.
5 illustrates another embodiment of an application of a mutation code between an application server and a target terminal.
6 is a diagram showing another embodiment of the application of the mutation code between the application server and the target terminal.
7 illustrates an example of application of a variation code to an application;
8 is a diagram showing an example of source code obfuscation.

Hereinafter, a mobile terminal related to the present invention will be described in detail with reference to the drawings. The suffix "module" and " part "for the components used in the following description are given or mixed in consideration of ease of specification, and do not have their own meaning or role.

The term "application" as used in the following description refers to a set of computer programs designed to perform a specific task, and there is no restriction on a specific task. For example, an application may be a variety of programs installed on a smart phone, or an OS operating a smart phone or a server. The smart car OS can also be an application.

The target terminal described in this specification may include a server, a mobile phone, a smart phone, a laptop computer, a digital broadcasting terminal, a PDA (personal digital assistant), a portable multimedia player (PMP) . However, it will be readily apparent to those skilled in the art that the configuration according to the embodiments described herein may be applied to a fixed terminal such as a digital TV, a desktop computer, or the like, except when applicable only to a mobile terminal.

1 is a diagram showing an application server and a target terminal.

The target terminal 100 is a target terminal for executing an application. The target terminal 100 may be a fixed or mobile terminal. The target terminal 100 may include a communication unit 102, a control unit 104, and a storage unit 106. Although not shown in the figure, it may include a user input portion and an output portion as necessary.

The application variation server 200 is a server that manages an application installed in the target terminal 100. Specifically, it is a server that manages to replace some code of an application with a mutation code continuously. The application variation server 200 may include a communication unit 202, a control unit 204, and a storage unit 206. [

The components shown in FIG. 1 are not essential, but may be implemented as a target terminal or application server having more or fewer components.

The communication unit 102 may include one or more modules for enabling wireless communication between the target terminal 100 and the external network or between the target terminal 100 and the network in which the application server 200 is located. The communication unit 102 of the target terminal may download an application from an application storage server or the like through a network. In addition, the communication unit 102 can receive various information such as a variation code from the application server 200. [ The communication unit 102 can process the communication by defining commands, information, and a state protocol between the control unit 104 and the application transition server 200.

The controller 104 controls the overall operation of the target terminal 100. For example, the control unit 104 may control various functions of the communication unit 102 and the storage unit 106, as well as the functions of the control unit itself. The control unit 104 may execute an application installed in the target terminal 100. [

The control unit 104 may optionally include an agent program 105. In the present invention, functions such as application mutation code replacement can be performed through the agent program 105. The agent program 105 may perform functions associated with code substitution of multiple applications. The application mutation server 200 can control the application code of the target terminal 100 through the agent program 105. [ The agent program 105 alters all or part of the code and components (components, or modules) of the application. The agent program replaces the module (executable file, library file) stored in the storage unit 106 with the code or component of the application according to a predetermined schedule.

The application code or module is changed dynamically and the application is restarted to cause the replacement of the execution process. Depending on the application, there may be a case where the application is restarted after the execution is stopped or the execution is not interrupted, There may be cases where this is possible. At this time, the agent program 105 is preferably operated as a background service. This is because it is not visible to the user, and it is ideal from the service point of view to naturally cause the transformation to run in the application.

It is preferable that the agent program is implemented in a function-specific execution separation structure in processing a module file managed by the code management unit 205 of the server 200, because execution independence is ensured.

The storage unit 106 stores a program for processing and controlling the control unit 104 and performs a function for storing input / output data (for example, a variation code for application code variation) You may.

On the other hand, the application server 200 also has a structure similar to that of the target terminal 100. That is, the application server 200 has a communication unit 202, a control unit 204, and a storage unit 206. However, the functions of the target terminal 100 and the variation server 200 are partially different.

The communication unit 202 of the application server 200 transmits and receives various information to and from the target terminal 100. For example, the communication unit 202 may transmit an application mutation code, an application authentication code, and the like to the target terminal 100, and may receive the mutable confirmation signal from the target terminal 100. [

The control unit 204 controls the overall operation of the application transition server 200. [ Various operations such as generation of a mutation code of the application server 200 can be controlled by the control unit 204. [ For example, the control unit 204 may generate a mutation code for the application when a predetermined period has been reached, or when a specific event occurrence has been acknowledged.

The function related to the variation code may be performed in the code management unit 205 of the control unit 204. [ The code management unit 205 can manage a plurality of applications to be protected, and it is preferable that the application is managed to register, modify, and delete the applications in the storage unit 206. On the other hand, a security function for managing registration, modification, and deletion of a user account that can access the management target application can be implemented as needed.

In addition, the authentication processing unit and the access control unit must be implemented to more securely protect the code access target.

In terms of system management, functions such as management process setting, security policy setting, code randomization (obfuscation) and schedule management should be implemented.

When the software becomes a self-mutation point according to the schedule, it commands the agent to transfer the module file from the repository of the code management unit, and processes the application variation through the file processing process.

At this time, it is desirable to implement a process of performing integrity check (integrity check) in the file processing process to check whether the network transmission is up / modulated.

And can manage the application through the code management unit 205. [ That is, the main code of the protection target application can be designated through the code management unit, and the area to which the obfuscation technique is applied can be set and managed.

The storage unit 206 stores information about the application under the control of the control unit 204. [ For example, the storage unit 206 stores application source codes, and can store information on various mutation codes, mutation code history information, existing applications codes to which mutation codes are applied, and the like.

The various embodiments described herein may be embodied in a recording medium readable by a computer or similar device using, for example, software, hardware, or a combination thereof.

In accordance with a hardware implementation, the embodiments described herein may be implemented as application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays May be implemented using at least one of a processor, controllers, micro-controllers, microprocessors, and other electronic units for performing other functions. In some cases, The embodiments to be described can be implemented by the control unit itself.

According to a software implementation, embodiments such as the procedures and functions described herein may be implemented in separate software modules. Each of the software modules may perform one or more of the functions and operations described herein. Software code can be implemented in a software application written in a suitable programming language. The software code is stored in a memory and can be executed by the control unit.

2 is a diagram showing the flow of the application installation operation. Specifically, a process in which an application is installed in the target terminal 100 and a process in which application management information is registered / stored in the application server 200 will be described.

The target terminal 100 firstly downloads / receives the application from the application storage server 300 (S210). Here, the application storage server 300 may be a third server, or may be implemented as one device with the application transition server 200. [ Alternatively, a user of the target terminal 100 may manually install an application manually using a separate device. In this case, various pieces of information about the application need to be manually registered / stored in the application server 200 directly.

The application variation server 200 receives application management information from the application storage server 300 (S220). The application management information can receive the application authentication information, the application source code, the information about the target terminal 100, the registrant of the application, the build number, the time, the source code to be protected, and the binary code to be protected. The application authentication information may be information necessary for the application server 200 to access the application of the target terminal 100. [ The application source code is information of the application source state in which the application does not apply the mutation code. In the initial state in which the mutation code is not applied, the application source code stored by the target mutual terminal 100 and the application server 200 coincides with each other.

The application variation server 200 stores application management information (S240). When there are one or more applications to be managed or there are one or more target terminals 100 to be managed, they may be separately managed or not. The application stored in the application server 200 need not necessarily be stored in an executable state as in the target terminal. It may also be stored as the code of the application itself.

As an optional process, the application transition server 200 may provide an application agent program to the target terminal 100 (S250). A communication session is established between the application server 200 and the target terminal 100 in the preceding operation. Alternatively, an agent program may be directly installed in the target terminal 100. [ The agent program is installed in the control unit 104 or the storage unit 106 of the target terminal 100 and is driven under the control of the control unit 104. [ The agent program 105 performs a function of actually applying the mutation code when receiving the instruction or the related information for applying the mutation code from the application mutation server 200. [ That is, the target terminal 100 plays a role of performing external control related to the mutated code from the application mutation server 200.

When the agent program 105 is installed in the target terminal 100 (S260), the target terminal 100 is prepared to be able to mutate the application according to the control of the application server 200. [

Here, there is no particular limitation on the application, and it is only required that the application server 200 knows exactly the code information for the application. In addition, the subject who executes the application and the subject who manages the application (the subject generating the mutation code) do not necessarily have to be the same.

3 is a diagram showing a flow of an authentication operation between the application server and the target terminal. Specifically, it is an operation for mutual authentication between the mutation server 200 and the target terminal 100 before applying the application mutation code.

A communication session may be continuously connected between the application transition server 200 and the target terminal 100, but this case is undesirable in terms of power consumption and security. Therefore, it will be described below that a communication session is formed only at the time of applying the mutation code.

The target terminal 100 transmits a communication session start request to the application transition server 200 (S310). And sends the information about the target terminal and the application authentication code together with the communication session start request.

The application authorization code may be a data value (e.g., a random 16-digit value) created by combining some data.

When the application transition server 200 receives the communication session start request, it compares the previously stored application authentication code with the transmitted authentication code (S320). If not authenticated, no communication session is established. When the authentication codes match each other, a communication session is started (S330). When the communication session is started, communication between the application server 200 and the target terminal 100 becomes possible.

The application variation server 200 generates a temporary token (S340). The temporary token is information for the target terminal 100 to authenticate information provided by the application server. There are various ways to generate temporary tokens. For example, an OTP (One Time Password) method can be used. At this time, the temporary token can be encrypted in various ways, and the encryption method can be agreed with the target terminal 100 in advance.

The application transition server 200 provides a temporary token to the target terminal 100 (S350). At this time, it is preferable that the temporary token is encrypted with a cipher system pre-shared with the target terminal 100. If the token is encrypted, the target terminal 100 decrypts the temporary token.

The target terminal 100 stores the temporary token (S370). The temporary token stored at this time is used for comparison with the temporary token associated with the mutation code to be used later.

The application variation server 200 generates transmission information including the variation code according to the determination of the code management unit 205 (S360). The code management unit 205 preferably generates a variation code when a predetermined period (for example, 24 hours) has been reached. However, if a particular event is known to have occurred (for example, a hacking attempt), a mutation code may be generated.

The application server 200 inserts a temporary token into the generated transmission information (S365). At this time, the temporary token is preferably encrypted as described above.

The application variation server 200 provides transmission information to the target terminal 100 (S375).

The target terminal 100 extracts a temporary token from the transmission information (S380), and decrypts the temporary token when the temporary token is not encrypted.

The target terminal 100 checks whether or not the extracted temporary token matches the stored temporary token (S385). If the extracted temporary token is inconsistent, the target terminal 100 ends the transmission and deletes the transmission information.

If they match, the transmission information is confirmed and the mutation code is confirmed (S390). If a mutation code is identified, subsequent operations associated with the mutation code are followed.

4 is a diagram showing an embodiment of an application of a mutation code between an application server and a target terminal. Specifically, a process in which the application server 200 generates the client code and the target terminal 100 applies the client code will be described.

The target terminal 100 and the application transition server 200 assume a state in which a communication session is started.

It is confirmed whether the control unit 204 of the application variation server 200 is an application variation cycle (S402). The variation period can be set by the user in various ways. For example, the variation period can be set to 24 hours.

When the mutation period has arrived, the application server 200 transmits an application status confirmation request to the target terminal 100 (S404).

The target terminal 100 confirms the application status in response to the status check request (S406), and determines whether the application is in the mutable status (S408). If the application is abnormal, the application may fail to operate, the network may be disconnected, or the integrity of the module may be abnormal.

When it is determined that the target terminal 100 is in the mutable state, the target terminal 100 transmits the mutable state to the application server 200 (S410).

The code management unit 205 of the application variation server 200 generates a variation code (S412). A randomization method is applied to a method of generating a variation code.

The application server 200 stores the generated code in the storage unit 206 (S414). At this time, the storage unit 206 of the application server 200 may store not only the previously stored mutation codes but also any mutated codes previously generated. Accordingly, when a mutation code or an application has an error, it can be appropriately rewritten through a previous mutation code or an application.

The application variation server 200 transmits a variation instruction including a variation code or the like to the target terminal 100. [

When a shift instruction including a shift code is received, although not shown in the figure, the authentication process described in FIG. 3 may be performed.

The target terminal 100 performs integrity verification of the mutation code (S418). In general, when a file is transmitted and received through a network, data loss may occur if the connection is short-circuited depending on the network conditions. In order to check the loss, the sender attaches a hash value (HASH) to the file size and file data. Then, the receiver calculates the file size and hash value after the download is completed, Integrity verification can be performed.

The target terminal 100 executes the application to which the variation code is applied (S422).

Run the application for a period of time (usually about 10 seconds) after restarting the application to see if it runs properly.

The result of the execution is determined (S424), and a successful ACK is transmitted to the application server 200. The application server 200 stores the success history in the storage unit 206. [

The storage unit 206 may store information such as an application name, a module name, a randomization time (a variation code generation time), a failure status, a language code, and a file name.

If an error occurs in the application to which the mutation code is applied, the existing application stored in the storage unit 106 of the target terminal 100 is restored (S426). The storage unit 106 of the target terminal 100 may store recent application code information such as an application to which a variation code is applied and a previous application.

In case of failure, the target terminal 100 delivers the failure information to the application server 200 and stores the history in the storage unit 206 (S430).

5 is a diagram showing another embodiment of the application of the mutation codes between the application server and the target terminal. More specifically, a case where the application server 200 manages two or more applications installed in the target terminal 100 will be described.

The application variation method according to the present invention can be applied even when one or more applications are installed in one or more target terminals. In this case, the application variation server 200 can manage a plurality of target terminals or a plurality of applications concurrently or in parallel. That is, the application server 200 may control the mutating functions for other target terminals and other applications without being interfered with each other for control of the other applications. In this case, the storage unit 206 may store history information and application information for the respective target terminals at different locations.

The example illustrated in FIG. 5 is an example of performing a mutating function for two applications installed in one target terminal 100. FIG.

A communication session is connected between the target terminal 100 and the application server 200. [

The code management unit 205 of the application server 200 independently determines whether or not the transition period for the first application is reached (S501) or whether the transition period for the second application is reached (S511).

In step S501, when the mutation period for application # 1 is reached, the application server 200 transmits a status confirmation request for the application # 1 to the target terminal 100 (S502).

In step S511, when the mutation period for the second application is reached, the application server 200 transmits a status check request for the second application to the target terminal 100 (S512).

When receiving the status confirmation request, the agent program of the control unit 104 of the target terminal 100 confirms the mutable status for the first or second application (S521). At this time, the agent program of the target terminal 100 judges the priority request among the first request or the second request. In the drawing, it is shown that the mutable state for application 1 is confirmed after S512, but the mutable state can be selectively confirmed for only one application before S512 and after S502.

As shown in the figure, if the priority is for application # 1, it can perform a transition operation for application # 1. That is, the agent program transmits that the first application is in the mutable state (S531). The application mutation server 200 generates a mutation code for the first application and performs related operations, and the procedure is the same as that described in Fig.

When the application server 200 transmits the dispatch code for the application 1 to the target terminal 100 in step S532, the agent program in the target terminal 100 applies the dispatch code to the first application in step S541. When the overall operation related to the mutation code operation for the first application is completed, the operation for the second application is performed.

The agent program of the target terminal 100 notifies the application server 200 of the application mutable state 2 (S551) after completing the mutation code replacement operation for the first application. The application variation server 200 generates a variation code for application # 2 and performs related operations, and the procedure is the same as that described in FIG.

In a case where the application server 200 transmits a mutation code for the second application to the target terminal 100 in step S552, the agent program in the target terminal 100 applies the mutation code to the second application in step S541.

In the drawings, the condition check request is first applied, but other methods may be applied. For example, applications with high priorities specified in advance may be given top priority.

6 is a diagram showing another embodiment of the application of the mutation codes between the application server and the target terminal. More specifically, a case where a specific event occurs and a variation code is applied irregularly will be described. In general, for example, once the code management unit 205 of the application server 200 determines the application of the mutation code every 24 hours, even if it is necessary to mutate the application such as an external hacking attempt, It needs to be applied.

The control unit 104 of the target terminal 100 determines whether a specific event has occurred in the target terminal (S601). When an event occurs, the control unit 104 determines the type of the event (S602). The event may include various phenomena occurring in the target terminal 100, such as an external hacking attempt, an application execution error, or an application code error. The control unit 104 may define an event to which the variation code is to be applied in advance. As a most representative case, an external hacking attempt may be defined as an event to which a mutation code is to be applied.

If it is determined that the event is an event such as hacking, the target terminal 100 delivers an event detection notification signal to the application server 200 (S603).

When the application variation server 200 receives the event detection notification signal, the application variation server 200 may optionally determine once again whether the event is an event to which the variation code is to be applied.

The application variation server 200 stores a history of an event such as a hacking, and generates a variation code for the application (S604). The created mutation code is stored in the storage unit 206 (S605).

The application transition server 200 transmits an application state confirmation request to the target terminal 100 in step S606. The agent program confirms the current state of the application in step S607, confirms the state in step S608, And informs the server 200 that it is in the mutable state (S609).

The application server 200 transfers the mutation code for the application to the target terminal 100 (S610). The agent program replaces some code of the application with the mutation code for the application and executes the corresponding application (S611 ).

7 is a diagram showing an example of application of a variation code to an application.

In the drawings, the code and modules that make up the application are shown simplified.

Each of FIGS. 7 (a), 7 (b), 7 (c) and 7 (d) represents one application and is functionally the same application. That is, supposing that the application of (a) is the application original code, (b) is a case where some code of the application is replaced with a mutation code, and (c) (D) is a case where some code of the application is replaced with the next code.

In the simplest case, each of A, B, C, D, E, F, G, H, I, J, K, L, M, N, The modules of the codes (A, B, C, D), (E, F, G, H), (I, J, K, L) . An example of a module is a function module that can be implemented in an application, such as an authentication module, a communication module, and an input module. The sum of the modules can be viewed as an application.

The present invention is an invention for replacing a code constituting an application with a mutation code. Referring to FIG. 7, the original application code of FIG. 7A is composed of A ', B, C, D, E', F, G, H, I, J, K, L ', M, , And P, respectively. That is, the original codes A, E, and L are replaced with the mutation codes A ', E', and L '. (c), the mutation codes A '', E '', and L '' are substituted. (d), the mutation codes A '' ', E' '', and L '' 'are substituted. Keeping the functionality of your application intact, but it is extremely difficult to analyze your application, even if you analyze code by reverse engineering, if some code in your application changes on a regular or irregular basis.

The application transition server 200 determines in advance which code of the application is to be applied as the mutation code.

In the module side, (A, B, C, D), (E, F, G, H) P) is a state in which the mutation code is not applied.

On the other hand, the mutation codes A ', A' ', and A' '' are obfuscated (randomized).

8 is a diagram showing an example of source code obfuscation.

Obfuscation is a way of changing a program, which means that it makes it harder to read code and prevents attacks through reverse engineering. Obfuscation can be divided into 1) source code obfuscation and 2) binary obfuscation according to obfuscation object. Source code obfuscation is a technique to convert source code of programs such as C / C ++ / Java into a form that is difficult to understand. Binary obfuscation is a technique that modifies the binary generated after compilation by reverse engineering.

Source code randomization (obfuscation) means to twist the source code to make it difficult to understand the entire flow, even if you can make some changes to the customer or internal or service developer by releasing some of the source code.

Even if only a small part of it can be modified, it is very difficult to grasp the whole flow, so it is difficult to use it for other purposes. Source code security is also referred to as internal security.

Specifically, source code obfuscation is a technique that changes the source code of a program such as C / C ++ / C # / Java / java script into a form difficult to understand.

If the source code is obfuscated, the control flow is changed as shown in FIG.

The original code of FIG. 8 represents a function having one loop structure by summing integers from 1 to 100. Here, the control flow obfuscation is applied, and the switch condition branch control is added, making it difficult to analyze the code structure. However, the resultant value is transformed so that it can be derived equally.

Examples of obfuscation of the source code include layout obfuscation, data obfuscation, control obfuscation, and preventive obfuscation. Layout obfuscation is a method of converting the source code format or the name of a variable to a target. Data obfuscation is a method of transforming the data structure used by the program by changing the method of storing the data in the memory or the method of interpreting the stored data or changing the order of the data. Control obfuscation is a way to make it difficult to implement the control flow in individual program functions.

 Preventive obfuscation is a technique for blocking known methods of automated reverse obfuscation.

In the above description, the application server 200 and the target terminal 100 are mutually independent devices. Alternatively, the function of the application server 200 and the function of the target terminal 100 may be performed by one device Lt; / RTI > That is, the code management unit 205 of the application server 200 and the agent program 105 of the target terminal 100 can be implemented in one device. Accordingly, when the code management unit 205 generates the mutation code, the agent program 105 may replace some code of the application accordingly.

100 target terminal
105 Agent Program
200 application variation server
205 code management unit

Claims (20)

In an application transition server,
A storage unit for storing information on an application and a target terminal on which the application is installed;
A control unit for generating a mutation code associated with the application; And
And a communication unit for transmitting the mutation code to the target terminal,
Wherein the application is comprised of a plurality of codes, the mutation code is a modification of a predetermined one of the plurality of codes,
Wherein the communication unit transmits only the mutation code to the target terminal without transmitting all of the plurality of codes constituting the application,
Wherein the storage stores the history information associated with the original application for the application, the variation code, and the previous variation code. The method according to claim 1,
The control unit generates the mutation code in an obfuscation manner,
Wherein the obfuscation scheme is one of a layout obfuscation, a data obfuscation, a control obfuscation, and a preventive obfuscation. delete The method according to claim 1,
Wherein,
And controls the communication unit to transmit an application status confirmation request to the target terminal when a predetermined period has been reached,
And generating a mutation code in which the predetermined code is re-changed if the application of the target terminal is determined to be mutable in response to the status confirmation request,
Wherein the re-altered mutation code is different from an existing mutation code. 5. The method of claim 4,
Wherein the application installed in the target terminal comprises a plurality of codes and the mutation code transmitted to the target terminal replaces a predetermined code among a plurality of codes constituting the application installed in the target terminal,
The plurality of codes constituting an application and an application stored in the application server and the plurality of codes constituting an application and an application installed in the target terminal correspond to each other,
Wherein the functional operation of the original application of the application and the application in which some code is replaced by the mutation code are the same. The method according to claim 1,
Wherein the control unit predetermines the partial code to be changed to the variation code among a plurality of codes constituting the application, and the plurality of codes except the partial code are not changed. In an application execution terminal,
A storage unit for storing an application;
A communication unit for receiving a mutation code associated with the application from an application server; And
And a control unit for executing the application,
Wherein the application is composed of a plurality of codes, the received mutation code is generated by the application server, for a predetermined part of the plurality of codes,
Wherein the control unit replaces only the predetermined code not the whole of the plurality of codes constituting the application with the received mutation code,
Wherein the control unit determines whether the application is normally executed after replacing the partial code of the application with the variation code,
Wherein the storage stores history information associated with the original application for the application, the variation code, and the previous variation code. delete 8. The method of claim 7,
Wherein,
Checking whether the application is executable,
And transmits the executable state confirmation related information to the application server via the communication unit. 8. The method of claim 7,
Wherein,
If the error is detected by checking whether the application is normally executed after replacing the partial code of the application with the mutation code, the application is restored to a state immediately before being replaced by the mutation code by utilizing the information stored in the storage unit Application execution terminal. In an application variation method,
The server generating a variation code related to the application, wherein the application is composed of a plurality of codes, and the variation code changes a predetermined one of the plurality of codes;
The server transmitting the mutation code to the target terminal, wherein the server transmits only the mutation code, not the whole of the plurality of codes;
Receiving the mutation code from the target terminal;
Replacing some code among a plurality of codes constituting an application installed in the target terminal by the target terminal with the mutation code; And
The target terminal executing the application in which some code has been replaced by the mutation code,
Further comprising the step of the server storing the mutation code,
Wherein the server stores history information associated with the original application and the previous variation code for the application. 12. The method of claim 11,
When the predetermined period is reached, the server transmits an application status confirmation request to the target terminal;
Determining whether an application of the target terminal is in a mutable state in response to the status confirmation request;
When the target terminal determines that the mobile terminal is in a mutable state, transmitting a mutable state signal to the server;
Generating a mutation code in which the predetermined code has been re-modified in response to the mutable state signal; And
And transmitting the modified code to the target terminal,
Wherein the re-altered mutation code is different from an existing mutation code. 12. The method of claim 11,
The mutation code is generated in obfuscation manner,
Wherein the obfuscation scheme is one of a layout obfuscation, a data obfuscation, a control obfuscation, and a preventive obfuscation. delete 12. The method of claim 11,
Determining whether the application is normally executed after replacing the partial code of the application with the mutation code; And
Further comprising the step of restoring the application to a state immediately before the target terminal is replaced with the mutation code when it is confirmed that an error has occurred in the execution of the application. In an application variation method,
Determining whether a predetermined period has been reached;
Generating a mutation code associated with the application when the period has reached, wherein the application is composed of a plurality of codes, and the mutation code is a change of a predetermined one of the plurality of codes;
Storing the variation code;
The transmitting step of transmitting the mutation code to the target terminal, wherein the transmitting step transmits only the mutation code not the whole of the plurality of codes constituting the application;
Receiving information on the success or failure of execution of an application replaced by the mutation code from the target terminal; And
And storing an execution success history for the mutation code. 17. The method of claim 16,
Transmitting a mutable state confirmation request to the target terminal before the generation of the mutation code;
Further comprising receiving a response to the mutable state confirmation. delete delete delete

Images