CN108875320A - Software security means of defence, device, electronic equipment and computer storage medium - Google Patents
Software security means of defence, device, electronic equipment and computer storage medium Download PDFInfo
- Publication number
- CN108875320A CN108875320A CN201810781959.1A CN201810781959A CN108875320A CN 108875320 A CN108875320 A CN 108875320A CN 201810781959 A CN201810781959 A CN 201810781959A CN 108875320 A CN108875320 A CN 108875320A
- Authority
- CN
- China
- Prior art keywords
- file
- binary function
- function
- original
- function file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000003860 storage Methods 0.000 title claims abstract description 19
- 230000006870 function Effects 0.000 claims abstract description 286
- 238000000034 method Methods 0.000 claims abstract description 63
- 230000004048 modification Effects 0.000 claims description 11
- 238000012986 modification Methods 0.000 claims description 11
- 230000001681 protective effect Effects 0.000 claims description 6
- 229910002056 binary alloy Inorganic materials 0.000 claims description 3
- 241000208340 Araliaceae Species 0.000 claims 1
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 claims 1
- 235000003140 Panax quinquefolius Nutrition 0.000 claims 1
- 235000008434 ginseng Nutrition 0.000 claims 1
- 230000000694 effects Effects 0.000 abstract description 8
- 230000002441 reversible effect Effects 0.000 abstract description 6
- 230000008859 change Effects 0.000 description 20
- 230000008569 process Effects 0.000 description 14
- 238000005516 engineering process Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 238000005457 optimization Methods 0.000 description 5
- 230000003068 static effect Effects 0.000 description 5
- 230000008901 benefit Effects 0.000 description 4
- 238000004590 computer program Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000008439 repair process Effects 0.000 description 2
- 230000007480 spreading Effects 0.000 description 2
- 238000003892 spreading Methods 0.000 description 2
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000004540 process dynamic Methods 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
- G06F8/656—Updates while running
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
This application involves internet security field, a kind of software security means of defence, device, electronic equipment and computer readable storage medium are disclosed, wherein software security means of defence includes:The sound code file for constituting each function of target software is compiled into corresponding at least two binary functions file respectively;When meeting scheduled update condition, the original binary function file of predetermined number in currently running target software is updated to corresponding object binary function file respectively, original binary function file is to compile to generate and indicated with different instruction sequence based on identical sound code file with object binary function file.The method of the embodiment of the present application realizes the polymorphic effect of target software, effectively increases reverse attack difficulty, the safety of all types network and terminal device is greatly improved, and stop externally service without target software, so that it may update at any time, greatly enhance user experience.
Description
Technical field
This application involves internet security fields, specifically, this application involves a kind of software security means of defences, dress
It sets, electronic equipment and computer storage medium.
Background technique
In recent years, the environment that mobile Internet field faces is increasingly complicated, and the threat for mobile device is also a variety of more
Sample.APT (Advanced Persistent Threat, advanced duration threaten) is all types network and terminal device institute face
The major security threat faced, it security threat become purposeful, organized, premeditated group formula from random attack to attack
It hits.Wherein, reverse-engineering is a kind of common basic means of APT attack, and most attack is all based on reverse-engineering.
Reverse-engineering simply says to be exactly to derive the operation logic or basis of program according to binary program and run entity
The fortune feature and rule of binary program achieve the purpose that attack and distorting original operation logic.
Traditional static safeguard procedures using high-intensity protective software and defence system, such as installation A security guard, B
Malicious despot, patching bugs patch etc., although can prevent to attack to a certain extent, inevitably have careless omission, and even if block
Most loophole will also will cause the collapse of whole systems, before causing once a loophole carelessness is not dealt carefully with
Effort be thrown into the eastward flowing stream therewith.In addition, defender in the open, and is since attacker and defender are in not reciprocity status
The operating status of system completely can by attacker grasp or observe, cause no matter how advanced guard technology, it is how advanced
Securing software and system, be all unable to undergo the long-term observation of attacker, analysis and attack repeatedly, and once obtained by attacker
Hand, it will the attack of large area is caused to spread.
Summary of the invention
To overcome above-mentioned technical problem or at least being partially solved above-mentioned technical problem, spy proposes following technical scheme:
In a first aspect, a kind of software security means of defence is provided, including:
The sound code file for constituting each function of target software is compiled into corresponding at least two binary function respectively
File;
When meeting scheduled update condition, by the original binary function of the predetermined number in currently running target software
File is updated to corresponding object binary function file, original binary function file and object binary function file respectively
It is to compile to generate and indicated with different instruction sequence based on identical sound code file.
Second aspect provides a kind of software security protective device, including:
Collector, for the sound code file for constituting each function of target software to be compiled into corresponding at least two respectively
A binary function file;
Update module, for when meeting scheduled update condition, by the predetermined number in currently running target software
Original binary function file is updated to corresponding object binary function file, original binary function file and target respectively
Binary function file is to compile to generate and indicated with different instruction sequence based on identical sound code file.
The third aspect, provides a kind of electronic equipment, including memory, processor and storage on a memory and can located
The computer program run on reason device, processor realize above-mentioned software security means of defence when executing described program.
Fourth aspect provides a kind of computer readable storage medium, calculating is stored on computer readable storage medium
Machine program, the program realize above-mentioned software security means of defence when being executed by processor.
The application implements the software security means of defence provided, will constitute the sound code file point of each function of target software
It is not compiled into corresponding at least two binary functions file, the dynamic change for the target software during follow-up operation is established
Necessary basis;When meeting scheduled update condition, by the original binary letter of the predetermined number in currently running target software
Number file is updated to corresponding object binary function file, original binary function file and object binary function text respectively
Part is to compile to generate and indicated with different instruction sequence based on identical sound code file, thus when meeting scheduled update condition,
I.e. using hot patch principle, original binary function file dynamic is updated to corresponding mesh in target software operational process
Binary function file is marked, the polymorphic effect of target software is not only realized, attacker is enabled to be difficult to find attack laws and abandon,
And even if attacker obtains a certain binary function file and carries out breaking through success using reverse-engineering, for same target software
Other binary function files not can be carried out reference but, avoid identical attack method from spreading, it is difficult to effectively increase reverse attack
Degree is greatly improved the safety of all types network and terminal device, and stops externally service without target software, so that it may
It updates at any time, greatly enhances user experience.
The additional aspect of the application and advantage will be set forth in part in the description, these will become from the following description
It obtains obviously, or recognized by the practice of the application.
Detailed description of the invention
The application is above-mentioned and/or additional aspect and advantage will become from the following description of the accompanying drawings of embodiments
Obviously and it is readily appreciated that, wherein:
Fig. 1 is the basic schematic diagram of existing module Shift Method;
Fig. 2 is the flow diagram of the software security means of defence of the embodiment of the present application;
Fig. 3 is the basic schematic diagram of the binary function library file replacement technology of the embodiment of the present application;
Fig. 4 is the basic structure schematic diagram of the software security protective device of the embodiment of the present application;
Fig. 5 is the detailed construction schematic diagram of the software security protective device of the embodiment of the present application;
Fig. 6 is the structural schematic diagram of the electronic equipment of the embodiment of the present application.
Specific embodiment
Embodiments herein is described below in detail, examples of the embodiments are shown in the accompanying drawings, wherein from beginning to end
Same or similar label indicates same or similar element or element with the same or similar functions.Below with reference to attached
The embodiment of figure description is exemplary, and is only used for explaining the application, and cannot be construed to the limitation to the application.
Those skilled in the art of the present technique are appreciated that unless expressly stated, singular " one " used herein, " one
It is a ", " described " and "the" may also comprise plural form.It is to be further understood that being arranged used in the description of the present application
Diction " comprising " refer to that there are the feature, integer, step, operation, element and/or component, but it is not excluded that in the presence of or addition
Other one or more features, integer, step, operation, element, component and/or their group.It should be understood that when we claim member
Part is " connected " or when " coupled " to another element, it can be directly connected or coupled to other elements, or there may also be
Intermediary element.In addition, " connection " used herein or " coupling " may include being wirelessly connected or wirelessly coupling.It is used herein to arrange
Diction "and/or" includes one or more associated wholes for listing item or any cell and all combinations.
To keep the purposes, technical schemes and advantages of the application clearer, below in conjunction with attached drawing to the application embodiment party
Formula is described in further detail.
Unify legislation first is carried out to the middle some relevant technical informations that can be used described below below, it is specific as follows shown:
A:Hot patch technology
Hot patch technology generally refers to software systems in the case where not out of service or restarting, to being currently running
Software implementation modification or enhancing because being the modification to software in software operation, thus referred to as hot patch or
" HotPatch ", the benefit of hot patch are not need software systems to stop externally service, so that it may update or repair at any time and ask
Topic, greatly enhances user experience.In field of mobile equipment, hot patch is using less, and after all, mobile device belongs to individual mostly
Equipment, the upgrading mode for restarting system can receive, not necessarily have to " hot repair is multiple ".The particular technique of hot patch also has very
More, what is used in the embodiment of the present application is a kind of hot-fixing based on function suitable for C/C++ lingware, behind it is real
Applying example will specifically introduce.
B:Software polymorphic concept and principle
Mobile Internet field environment is complicated, the threat for mobile device be also it is varied, based on traditional static state
Safeguard procedures inevitably have careless omission, even if having blocked most loophole, once a loophole carelessness is not handled, will also make
At the collapse of whole systems, the effort before causing is thrown into the eastward flowing stream therewith.Why there is the problem of this respect, mainly due to
Attacker and defender are in not reciprocity status, and in the open, and the operating status of system completely can be by attacker by defender
It grasps or observes, for attacker by constantly attempting, trial and error repeatedly can find the loophole of system.
In order to change this not reciprocity status, the thinking of defender is changed, and unalterable is by original
The system that system is changed to dynamic mapping, such system is always in variation, and attacker cannot find loophole by repetition test, i.e.,
Make to have found part attack achievement, but due to the change of system, causes part attack achievement that may also can not continue to use, from
And defender is made to change from passive to active.
Changeable system has many specific technologies, and the main body of variation is also different, for example, network system, changes
Can be network topology structure, in another example, mobile terminal system, the structure that can be software itself of variation.Although system
It is changeable, but original operation logic and the function of externally providing are constant, if function also becomes, that is not just former
The system come.
Polymorphic software is exactly a kind of changeable method of local system, and basic thought may be summarized to be:System operation itself is patrolled
In the case where volume constant, the binary program structure of each component software in change system.Due in binary program itself
Appearance is exactly the instruction code run, so attacker would generally utilize reverse-engineering, binary program dis-assembling, and according to anti-
The internal logic for the binary instruction code that compilation obtains is found loophole and is attacked, and once attack is gone smoothly, all same
System can be attacked with same method, cause to endanger fast propagation.Software is polymorphic inherently to change this shape
State, because having different binary program structures between multiple examples of software systems after software is polymorphic, i.e., multiple examples
Operation logic is identical but the instruction sequence of binary program is different, so that aforementioned problem is effectively avoided, so that single
Attack method cannot be adapted to all software systems examples, and by software upgrading, each example is changing, and enables anti-
Defence changes from passive to active namely software polymorphic method is that different software systems realities is formed using different binary programs
Example, is finally reached the polymorphic effect of software.
It is substantially a kind of changing method of relative quiescent that software is polymorphic, because while in each example of system factory
Software binary program is different, but after the starting of each example, during operation, each software module be it is constant, only arrive
After system upgrade, whole system can just change again, and therefore, it is the variation side of relative quiescent that above-mentioned software is polymorphic
Method.
Present applicant proposes a kind of schemes on the basis of the software of relative quiescent is polymorphic, dynamically changed, that is,
It says, in an example of polymorphic software systems, from starting up during cycle power, software binary program
In the method that dynamic change occurs, this method compensates for the deficiency of the polymorphic relative quiescent of software.
Dynamic change method in the application is completed using hot patch technology, i.e., two in operational process into
Other binary systems that processing procedure sequence is identical with function but instruction sequence is different replace, to achieve the effect that polymorphic.
Dynamic change method in the application, other than hot patch method, industry also has other ways, for example, module is replaced
Change method.Wherein, module Shift Method is that binary module identical using function but different instruction sequence replaces the mould being currently running
Block, as shown in Figure 1.In Fig. 1, active program calling module A, but modules A have other two function it is identical but two
The different modules A of system sequence ' and A " is dynamically determined with A ' or A " in calling process.However, module Shift Method was using
There are shortcomings in journey, as follows:
(1) a module agency is needed to replacement module in the case where to caller unaware in module Shift Method, by
Module agency's dynamic determines to use the module of which par;
(2) module Shift Method has an actual functional module, thus needs a module agency;
(3) each module agency is to customize, and to design difference according to the difference of the function of proxied module
Module agency, for example, in proxied module include a variety of different functions, and understand these functions will be customization
Module agency, what the module agency at this moment customized could follow a well mapped-out plan finds the function to be called;
(4) each module (such as A, A ') is using library file as entity, i.e., each library file constitutes a module, one
Module has many functions, and one replaces some module, then whole functions under some module will be replaced;
(5) each module can have module status in the process of running, and typical module status is exactly complete in module
The operation of office's variable and static variable, each function interface in module is likely to change module status.Thus, in module generation
Reason not only wants switching module code, but also need the state of switching module, i.e., the shape of previous block in switching module
State variable copies in new module;
(6) once the operation code of some module, which is in, does not exit state for a long time, entire module all will be unable to replace.
Software security means of defence, device, electronic equipment and computer readable storage medium provided by the present application, it is intended to solve
The certainly technical problem as above of the prior art.
How the technical solution of the application and the technical solution of the application are solved with specifically embodiment below above-mentioned
Technical problem is described in detail.These specific embodiments can be combined with each other below, for the same or similar concept
Or process may repeat no more in certain embodiments.Below in conjunction with attached drawing, embodiments herein is described.
Embodiment one
The embodiment of the present application provides a kind of software security means of defence, as shown in Fig. 2, including:
The sound code file for constituting each function of target software is compiled into corresponding at least two 2 by step S210 respectively
System function file.
Specifically, the either objective software for realizing any function is by corresponding programming language (such as C/C++, JAVA etc.
Programming language) function code realize, wherein the software write by programming languages such as C/C++, JAVA is mostly with function
Come tissue and calling, i.e., target software is made of function one by one.Wherein, operational objective software is actually and holds
The corresponding binary function file of each function of the row target software, binary function file is passed through by corresponding function
Cross what compiling generated.
Further, in order to complete the dynamic change of target software using hot patch technology, i.e., operational process
In target software any one binary program (such as program A), identical with function but different instruction sequence other two
Binary program (such as program A ', A " etc.) replaces, thus at least need that two functions are identical but instruction sequence is different two into
Processing procedure sequence is just able to achieve the dynamic change of target software, i.e. binary program A and A ' is to realize identical function, only with not
The instruction sequence of energy indicates namely binary program A and A ' are the sound code file compilings by realizing the function of above-mentioned function
The binary function file of generation.
Further, the sound code file for constituting each function of target software is compiled into accordingly extremely by terminal system respectively
Few two binary function files, the dynamic change for the target software during follow-up operation establish necessary basis.
Step S220, when meeting scheduled update condition, by the original of the predetermined number in currently running target software
Binary function file is updated to corresponding object binary function file respectively, original binary function file and target two into
Function file processed is to compile to generate and indicated with different instruction sequence based on identical sound code file.
Specifically, when thinking suitable opportunity in terminal system, such as monitoring that danger signal generates, or enter high guard against
Before standby state, in another example, monitor it is abnormal (such as occur failed authentication, it is abnormal exit, the visit of resource access conflict and illegal memory
Ask) when, for another example when target software runs preset duration (such as 30 minutes, 50 minutes), the mesh that will be currently running
The original binary function file of predetermined number in mark software is updated to corresponding object binary function file respectively.Its
In, monitor that danger signal generates, is on the alert into height, monitoring exception and target software operation preset duration etc., i.e.,
To meet scheduled update condition, predetermined number can be 1,2 and 5 etc., and the application is without limitation.
For example, the original binary function file A in the target software being currently running can be updated to accordingly
Object binary function file A ', in another example, it can be by the original binary function text in the target software being currently running
Part A is updated to corresponding object binary function file A " and B ' with B respectively.Wherein, A, A ' it with A " is based on identical source code text
Part compiling is generated and is indicated with different instruction sequence, and B and B ' are also based on identical sound code file compiling and generate and with different fingers
Sequence is enabled to indicate.
Further, at no point in the update process, a corresponding object binary function file can be randomly selected to replace
The original binary function file, such as binary function file A, A ' and A " be to realize identical function but with different instruction sequence
Indicate, i.e. A, A ' it is to compile to generate and indicated with different instruction sequence based on identical sound code file with A ", if currently
Original binary function file in the target software of operation is A, then at this time can be from object binary function file A ' and A "
In randomly select one, to replace original binary function file A.
Software security means of defence provided by the embodiments of the present application will constitute each of target software compared with prior art
The sound code file of a function is compiled into corresponding at least two binary functions file respectively, is the target during follow-up operation
The dynamic change of software establishes necessary basis;It, will be default in currently running target software when meeting scheduled update condition
The original binary function file of number is updated to corresponding object binary function file, original binary function file respectively
It is to compile to generate and indicated with different instruction sequence based on identical sound code file with object binary function file, thus full
When sufficient scheduled update condition, i.e., using hot patch principle, by original binary function file in target software operational process
Dynamic is updated to corresponding object binary function file, not only realizes the polymorphic effect of target software, attacker is enabled to be difficult to
It finds attack laws and abandons, and even if attacker is obtained a certain binary function file and broken through into using reverse-engineering
Function not can be carried out reference but for other binary function files of same target software, and identical attack method is avoided to spread,
Reverse attack difficulty is effectively increased, the safety of all types network and terminal device is greatly improved, and be not necessarily to target software
Stop externally service, so that it may update at any time, greatly enhance user experience.
Embodiment two
The embodiment of the present application provides alternatively possible implementation, further includes implementing on the basis of example 1
Method shown in example two, wherein
Step S210 includes step S2101 (being not marked in figure) and step S2102 (being not marked in figure), wherein
Step S2101:For the sound code file of any function, determine that at least two compiling modes of the sound code file are distinguished
Corresponding compiling parameter.
Step S2102:The sound code file is compiled according to the compiling parameter of any compiling mode, is obtained and any compiling side
The corresponding binary function file of formula.
Step S220 is specifically as follows:Based on following at least one mode, determined from currently running target software pre-
If the original binary function file of number:It randomly selects;Logic according to each original binary function file executes sequence
Successively choose;Priority level according to each original binary function file is successively chosen.
Specifically, terminal system uses different Compilation Methods, can make two inside the sound code file of the same function
System structure is also had nothing in common with each other.In the embodiment of the present application, for the sound code file of any function, a variety of of the sound code file are determined
The corresponding compiling parameter of compiling mode, to execute step S2102, a variety of two of the sound code file to generate the function
System function file version, such as A, A ' and A ".
Further, different Compilation Methods corresponds to the Different Optimization rank of the sound code file of function.Wherein optimization level
The out-of-order degree of binary structure can not be respectively corresponded, for example, compiling parameter needed for optimizing the higher Compilation Method of rank
It is more complicated, but the degree of difficulty that attacker can be made to capture is higher.Those skilled in the art can be according to the actual situation for difference
The suitable optimization rank of target software matching under field or scene.
Further, when generating binary function file, it can be directed to the sound code file of any function of target software,
The optimization rank for determining the sound code file obtains the compiling parameter of corresponding compiling mode, then according to optimization rank to hold
Row step S2102.
Further, when determining the original binary function file of predetermined number from currently running target software,
The original binary function file of predetermined number can be randomly selected, for example, randomly select original binary function file A, B, E,
H, M etc.;Original the two of predetermined number can also be successively chosen according to the logic execution sequence of each original binary function file
System function file, wherein logic execution sequence refers to that successively execution of the original binary function file in logical relation is suitable
Sequence, such as the processing of original binary function file A should be before original binary function file B, original binary function
The processing of file B should be before original binary function file C etc., at this time can be according to each original binary function file
Logic execution sequence successively choose original binary function file A and B;It can also be according to each original binary function file
Priority level successively choose, wherein priority level refers to the significance level of each original binary function file, such as original
The priority of binary function file B is higher than original binary function file C, and the priority of original binary function file C is high
In original binary function file D, can successively be selected according to the logic execution sequence of each original binary function file at this time
Take original binary function file B and C.
For the embodiment of the present application, the corresponding compiling parameter by way of at least two compilings is obtained any with this
The corresponding binary function file of compiling mode, and determine the mode of the original binary function file of predetermined number, order is attacked
The person of hitting is difficult to find attack laws and abandon, and even if attacker obtain a certain binary function file and using reverse-engineering into
Row breaks through success, not can be carried out reference but for other binary function files of same target software, avoids identical attack
Method sprawling effectively increases reverse attack difficulty, improves the safety of all types network and terminal device.
Embodiment three
The embodiment of the present application provides alternatively possible implementation, further includes implementing on the basis of example 2
Method shown in example three, wherein
Step S220 includes step S2201 (being not marked in figure), step S2202 (being not marked in figure) and step S2103 (figure
In do not mark), wherein
Step S2201:Replacement module is loaded, replacement module includes multiple object binary function files.
Step S2202:Determine that the original binary function file of predetermined number is corresponding at least from replacement module
One object binary function file.
Step S2203:Any original binary function file is updated to corresponding either objective binary function
File.
Specifically, any original binary function file is updated to corresponding either objective binary function text
Part, including:
Predetermined system is called to call function by executive program;
The first parameter preset that function is called according to predetermined system, tracks any original binary function file;
The second parameter preset that function is called according to predetermined system, by tracked any original binary function file
The instruction modification for executing inlet is absolute jump instruction;
Wherein, either objective binary function corresponding with any original binary function file is directed toward in absolute jump instruction
File.
It further, is being exhausted by the instruction modification at the starting position for any original binary function file being tracked
After jump instruction, further include:
The third parameter preset of function is called according to predetermined system, terminates to track any original binary function file.
Specifically, analogy module Shift Method, after hot patch technology, module Shift Method can become function replacement
Method, i.e., with object binary function file (such as A ' and A ") replacement original binary function file (such as A), wherein target
Binary function file A ' and A " and original binary function file A are the differences two that are come out by identical compilation of source code into
The function file of form processed, compilation process are carried out using file and module as basic unit, Compilation Method and module replacement
Method is the same, and the process only replaced is different, carries out below to the replacement technology based on function in the embodiment of the present application as follows
It is discussed in detail:
Firstly, terminal system loads replacement module, replacement module includes multiple object binary function files, then at end
End system thinks suitable opportunity, such as monitors that danger signal generates, monitors that exception and target are soft into height is on the alert
When part runs preset duration, the original binary function file of predetermined number is determined from the target software being currently running,
Then at least one corresponding target of original binary function file of above-mentioned predetermined number is determined from the replacement module
Binary function file then calls predetermined system to call function (such as ptrace function) by executive program, and according to this
Predetermined system calls the first parameter preset (such as ptrace_attach) of function, tracks any original binary function file,
The second parameter preset (such as ptrace_pokedata) for calling function according to above-mentioned predetermined system simultaneously, should by what is be tracked
The instruction modification of the execution inlet of any original binary function file is absolute jump instruction, wherein this absolutely jumps finger
It enables and is directed toward either objective binary function file corresponding with any original binary function file, thus by any original two
System function file is updated to corresponding either objective binary function file, for other original binary function texts
Part is also replaced using above-mentioned strategy, finally according to above-mentioned predetermined system call function third parameter preset (such as
Ptrace_detach), terminate to track any original binary function file.
Further, the above-mentioned replacement technology based on function realized using hot patch principle, as shown in figure 3, in Fig. 3
In, left side process is the normal course of operation of target software, and right side is the replacement based on function realized based on hot patch principle
Technology, wherein function B ' (i.e. the object binary function file of the embodiment of the present application) has replaced function B, and (i.e. the application is real
Apply the original binary function file of example), the most essential idea of replacement is exactly that (i.e. the application is real in the most beginning of function B
The function for applying example executes inlet) the original instruction of modification, become an absolute jump instruction, the target jumped is exactly new function
B ', since absolute jump instruction does not change any CPU (Central Processing Unit, central processing unit) environment,
The value of register is not changed, so when function B ' is run to finally, also can be in the same old way back to the address in calling function A.
For the embodiment of the present application, replacement process does not need additional module agency, it is only necessary to which one has permission search system
It symbol table in system and has the right to track the executive program of target program, the replacement of function is specifically responsible for by executive program;And
And this method more flexible can replace target program by basic unit of function, make target program polymorphicization, without whole
A module replacement, while the combination of replacement is also increased, so that polymorphicization is more random;Importantly, not needing to remember
Any program module operating status is recorded and shifts, because of the program replaced as unit of function, and each function is all of equal value
Operation logic, although function is substituted, variable that function to be accessed or original, it is possible to seamless connection;In addition,
Even if there is the code not exited in module, the code section for avoiding not exiting of the embodiment of the present application also property of can choose, after all
The part that do not exit is final only to be fallen in limited several functions, as long as function as avoiding is all right, to improve processing
Efficiency.
Example IV
Fig. 4 is a kind of structural schematic diagram of software security protective device provided by the embodiments of the present application, as shown in figure 4, should
Device 40 may include collector 41 and update module 42, wherein
Collector 41 is used to for the sound code file for each function for constituting target software being compiled into respectively accordingly at least
Two binary function files;
Update module 42 is used for when meeting scheduled update condition, by the predetermined number in currently running target software
Original binary function file is updated to corresponding object binary function file, original binary function file and target respectively
Binary function file is to compile to generate and indicated with different instruction sequence based on identical sound code file.
Specifically, update module 42 is specifically used for based on following at least one mode, from currently running target software
Determine the original binary function file of predetermined number:
It randomly selects;Logic execution sequence according to each original binary function file is successively chosen;According to each original
The beginning priority level of binary function file is successively chosen.
Further, update module 42 includes that load submodule 421, first determines that submodule 422 updates submodule with file
Block 423, as shown in Figure 5, wherein
For load submodule 421 for loading replacement module, replacement module includes multiple object binary function files;
First determines submodule 422 for determining the original binary function file difference of predetermined number from replacement module
At least one corresponding object binary function file;
File updates submodule 423 and is used to any original binary function file being updated to corresponding either objective
Binary function file.
Further, file updates submodule 423 and is specifically used for calling predetermined system to call function by executive program;With
And the first parameter preset for calling function according to predetermined system, track any original binary function file;And it is used for
The second parameter preset that function is called according to predetermined system, by the execution entrance of tracked any original binary function file
The instruction modification at place is absolute jump instruction;
Wherein, either objective binary function corresponding with any original binary function file is directed toward in absolute jump instruction
File.
Further, file updates the third parameter preset that submodule 423 is also used to call function according to predetermined system, knot
Beam tracks any original binary function file.
Further, collector 41 includes the second determining submodule 411 and compiles submodule 412, as shown in figure 5, its
In,
Second determines that submodule 411 is used for the sound code file for any function, determines at least two of the sound code file
The corresponding compiling parameter of compiling mode;
Compiling submodule for 412 for according to the compiling parameter of any compiling mode compiling the sound code file, obtain with
The corresponding binary function file of any compiling mode.
Device provided by the embodiments of the present application will constitute the source code of each function of target software compared with prior art
File is compiled into corresponding at least two binary functions file respectively, is that the dynamic of the target software during follow-up operation becomes
Necessary basis is established in change;When meeting scheduled update condition, by original two of the predetermined number in currently running target software
System function file is updated to corresponding object binary function file, original binary function file and object binary respectively
Function file is to compile to generate and indicated with different instruction sequence based on identical sound code file, thus meeting scheduled update item
When part, i.e., using hot patch principle, original binary function file dynamic is updated to phase in target software operational process
The object binary function file answered not only realizes the polymorphic effect of target software, attacker is enabled to be difficult to find attack laws
And abandon, and even if attacker obtains a certain binary function file and carries out breaking through success using reverse-engineering, for same
Other binary function files of target software not can be carried out reference but, avoids identical attack method from spreading, effectively increases inverse
To attack difficulty, the safety of all types network and terminal device is greatly improved, and stops externally clothes without target software
Business, so that it may update at any time, greatly enhance user experience.
Embodiment five
The embodiment of the present application provides a kind of electronic equipment, as shown in fig. 6, electronic equipment shown in fig. 6 600 includes:Place
Manage device 601 and memory 603.Wherein, processor 601 is connected with memory 603, is such as connected by bus 602.Further,
Electronic equipment 600 can also include transceiver 604.It should be noted that transceiver 604 is not limited to one in practical application, it should
The structure of electronic equipment 600 does not constitute the restriction to the embodiment of the present application.
Wherein, processor 601 is applied in the embodiment of the present application, for realizing collector shown in Fig. 4 and updates mould
The function of block.Transceiver 604 includes Receiver And Transmitter, and transceiver 604 is applied in the embodiment of the present application, for realizing figure
The function of submodule is loaded shown in 5.
Processor 601 can be CPU, general processor, DSP, ASIC, FPGA or other programmable logic device, crystalline substance
Body pipe logical device, hardware component or any combination thereof.It, which may be implemented or executes, combines described by present disclosure
Various illustrative logic blocks, module and circuit.Processor 601 is also possible to realize the combination of computing function, such as wraps
It is combined containing one or more microprocessors, DSP and the combination of microprocessor etc..
Bus 602 may include an access, and information is transmitted between said modules.Bus 602 can be pci bus or EISA
Bus etc..Bus 602 can be divided into address bus, data/address bus, control bus etc..For convenient for indicating, in Fig. 6 only with one slightly
Line indicates, it is not intended that an only bus or a type of bus.
Memory 603 can be ROM or can store the other kinds of static storage device of static information and instruction, RAM
Or the other kinds of dynamic memory of information and instruction can be stored, it is also possible to EEPROM, CD-ROM or other CDs
Storage, optical disc storage (including compression optical disc, laser disc, optical disc, Digital Versatile Disc, Blu-ray Disc etc.), magnetic disk storage medium
Or other magnetic storage apparatus or can be used in carry or store have instruction or data structure form desired program generation
Code and can by any other medium of computer access, but not limited to this.
Memory 603 is used to store the application code for executing application scheme, and is held by processor 601 to control
Row.Processor 601 is for executing the application code stored in memory 603, to realize that embodiment illustrated in fig. 4 provides soft
The movement of part safety device.
Electronic equipment provided by the embodiments of the present application, including memory, processor and storage on a memory and can located
The computer program that runs on reason device, when processor executes program, compared with prior art, it can be achieved that:Target software will be constituted
The sound code file of each function be compiled into corresponding at least two binary functions file respectively, during being follow-up operation
The dynamic change of target software establishes necessary basis;It, will be in currently running target software when meeting scheduled update condition
The original binary function file of predetermined number is updated to corresponding object binary function file, original binary function respectively
File and object binary function file be compile to generate and indicated with different instruction sequence based on identical sound code file, thus
When meeting scheduled update condition, i.e., using hot patch principle, by original binary function in target software operational process
File dynamic is updated to corresponding object binary function file, not only realizes the polymorphic effect of target software, enables attacker
It is difficult to find attack laws and abandon, and even if attacker is obtained a certain binary function file and attacked using reverse-engineering
It is broken into function, reference is not can be carried out but for other binary function files of same target software, avoids identical attack method
Sprawling effectively increases reverse attack difficulty, the safety of all types network and terminal device is greatly improved, and be not necessarily to target
Software stops externally service, so that it may update at any time, greatly enhance user experience.
The embodiment of the present application provides a kind of computer readable storage medium, is stored on the computer readable storage medium
Computer program realizes method shown in embodiment one when the program is executed by processor.Compared with prior art, mesh will be constituted
The sound code file for marking each function of software is compiled into corresponding at least two binary functions file respectively, is follow-up operation mistake
The dynamic change of target software in journey establishes necessary basis;It is when meeting scheduled update condition, currently running target is soft
The original binary function file of predetermined number in part is updated to corresponding object binary function file respectively, original two into
Function file processed is to be generated based on the compiling of identical sound code file and indicated with different instruction sequence with object binary function file
, thus when meeting scheduled update condition, i.e., using hot patch principle, in target software operational process by original two into
Function file dynamic processed is updated to corresponding object binary function file, not only realizes the polymorphic effect of target software, enables
Attacker is difficult to find attack laws and abandon, and even if attacker obtains a certain binary function file and uses reverse-engineering
It carries out breaking through success, not can be carried out reference but for other binary function files of same target software, avoid identical attack
Method sprawling is hit, reverse attack difficulty is effectively increased, the safety of all types network and terminal device, Er Qiewu is greatly improved
Target software is needed to stop externally service, so that it may update at any time, greatly enhance user experience.
Computer readable storage medium provided by the embodiments of the present application is suitable for any embodiment of the above method.Herein not
It repeats again.
It should be understood that although each step in the flow chart of attached drawing is successively shown according to the instruction of arrow,
These steps are not that the inevitable sequence according to arrow instruction successively executes.Unless expressly stating otherwise herein, these steps
Execution there is no stringent sequences to limit, can execute in the other order.Moreover, at least one in the flow chart of attached drawing
Part steps may include that perhaps these sub-steps of multiple stages or stage are not necessarily in synchronization to multiple sub-steps
Completion is executed, but can be executed at different times, execution sequence, which is also not necessarily, successively to be carried out, but can be with other
At least part of the sub-step or stage of step or other steps executes in turn or alternately.
The above is only some embodiments of the application, it is noted that for the ordinary skill people of the art
For member, under the premise of not departing from the application principle, several improvements and modifications can also be made, these improvements and modifications are also answered
It is considered as the protection scope of the application.
Claims (10)
1. a kind of software security means of defence, which is characterized in that including:
The sound code file for constituting each function of target software is compiled into corresponding at least two binary functions file respectively;
When meeting scheduled update condition, by the original binary function file of the predetermined number in currently running target software
It is updated to corresponding object binary function file, the original binary function file and the object binary function respectively
File is to compile to generate and indicated with different instruction sequence based on identical sound code file.
2. the method according to claim 1, wherein by the original of the predetermined number in currently running target software
Beginning binary function file is updated to corresponding object binary function file respectively, including:
Based on following at least one mode, the original binary function text of predetermined number is determined from currently running target software
Part:
It randomly selects;Logic execution sequence according to each original binary function file is successively chosen;According to each original two
The priority level of system function file is successively chosen.
3. the method according to claim 1, wherein by the original of the predetermined number in currently running target software
Beginning binary function file is updated to corresponding object binary function file respectively, including:
Replacement module is loaded, the replacement module includes multiple object binary function files;
At least one corresponding mesh of original binary function file of the predetermined number is determined from the replacement module
Mark binary function file;
Any original binary function file is updated to corresponding either objective binary function file.
4. according to the method described in claim 3, it is characterized in that, any original binary function file is updated to it is right with it
The either objective binary function file answered, including:
Predetermined system is called to call function by executive program;
The first parameter preset of function is called according to the predetermined system, tracks any original binary function file;
The second parameter preset that function is called according to the predetermined system, any original binary function text that will be tracked
The instruction modification of the execution inlet of part is absolute jump instruction;
Wherein, either objective binary system corresponding with any original binary function file is directed toward in the absolute jump instruction
Function file.
5. according to the method described in claim 4, it is characterized in that, in any original binary function text that will be tracked
After instruction modification at the starting position of part is absolute jump instruction, further include:
The third parameter preset of function is called according to the predetermined system, terminates tracking any original binary function text
Part.
6. method according to claim 1-5, which is characterized in that the source of each function of target software will be constituted
Code file is compiled into corresponding at least two binary functions file respectively, including:
For the sound code file of any function, the corresponding compiling ginseng of at least two compiling modes of the sound code file is determined
Number;
The sound code file is compiled according to the compiling parameter of any compiling mode, obtains binary system corresponding with any compiling mode
Function file.
7. a kind of software security protective device, which is characterized in that including:
Collector, for the sound code file for constituting each function of target software to be compiled into corresponding at least two 2 respectively
System function file;
Update module, for when meeting scheduled update condition, by the original of the predetermined number in currently running target software
Binary function file is updated to corresponding object binary function file respectively, the original binary function file with it is described
Object binary function file is to compile to generate and indicated with different instruction sequence based on identical sound code file.
8. device according to claim 7, which is characterized in that the update module is specifically used for being based on following at least one
Mode determines the original binary function file of predetermined number from currently running target software:
It randomly selects;Logic execution sequence according to each original binary function file is successively chosen;According to each original two
The priority level of system function file is successively chosen.
9. a kind of electronic equipment including memory, processor and stores the calculating that can be run on a memory and on a processor
Machine program, which is characterized in that the processor realizes software security described in any one of claims 1-6 when executing described program
Means of defence.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium
Program, the program realize software security means of defence described in any one of claims 1-6 when being executed by processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810781959.1A CN108875320B (en) | 2018-07-17 | 2018-07-17 | Software security protection method and device, electronic equipment and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810781959.1A CN108875320B (en) | 2018-07-17 | 2018-07-17 | Software security protection method and device, electronic equipment and computer storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108875320A true CN108875320A (en) | 2018-11-23 |
| CN108875320B CN108875320B (en) | 2021-10-08 |
Family
ID=64302450
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810781959.1A Active CN108875320B (en) | 2018-07-17 | 2018-07-17 | Software security protection method and device, electronic equipment and computer storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108875320B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110262838A (en) * | 2019-06-14 | 2019-09-20 | 深圳乐信软件技术有限公司 | A kind of processing method of program crashing, device, terminal and storage medium |
| CN111459473A (en) * | 2020-03-31 | 2020-07-28 | 北京润科通用技术有限公司 | Model real-time method and device |
| CN111639344A (en) * | 2020-07-31 | 2020-09-08 | 中国人民解放军国防科技大学 | Vulnerability detection method and device based on neural network |
| CN112612999A (en) * | 2020-12-30 | 2021-04-06 | 中国人民解放军战略支援部队信息工程大学 | Method and system for generating diversified variants based on tree structure |
| CN112783736A (en) * | 2021-03-01 | 2021-05-11 | 苏州挚途科技有限公司 | Method and device for monitoring running body time of software component and electronic equipment |
| CN114428630A (en) * | 2022-03-31 | 2022-05-03 | 浙江地芯引力科技有限公司 | Chip algorithm upgrading method and device and chip |
| CN115186268B (en) * | 2022-07-12 | 2023-10-20 | 国网江苏省电力有限公司信息通信分公司 | Security measurement method, device and storage medium for endogeneous security architecture |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101557584A (en) * | 2009-05-14 | 2009-10-14 | 中兴通讯股份有限公司 | Method for realizing application authority control of mobile terminal and device |
| US20100083224A1 (en) * | 2008-10-01 | 2010-04-01 | Jeffrey Brian Arnold | Method of modifying code of a running computer program based on symbol values discovered from comparison of running code to corresponding object code |
| CN101916194A (en) * | 2010-06-01 | 2010-12-15 | 浙江大学 | Method for deploying node procedure of wireless sensing network |
| CN103077062A (en) * | 2012-11-30 | 2013-05-01 | 华为技术有限公司 | Method and device for detecting code change |
| CN103177215A (en) * | 2013-03-05 | 2013-06-26 | 四川电力科学研究院 | Computer malicious software detection novel method based on software control flow features |
| US20140157232A1 (en) * | 2012-11-30 | 2014-06-05 | Huawei Technologies Co., Ltd. | Method and Apparatus for Detecting Code Change |
| CN104063258A (en) * | 2013-03-21 | 2014-09-24 | 国际商业机器公司 | Code dynamic switching method and system for debugging process |
| WO2015043408A1 (en) * | 2013-09-27 | 2015-04-02 | Tencent Technology (Shenzhen) Company Limited | Method of protecting binary file from being decompiled and device thereof |
| CN106598659A (en) * | 2016-12-08 | 2017-04-26 | 浪潮(苏州)金融技术服务有限公司 | Data file construction method, method and device for updating application program |
| CN108021792A (en) * | 2017-12-04 | 2018-05-11 | 北京元心科技有限公司 | Mirror image software generation method and device and corresponding terminal |
-
2018
- 2018-07-17 CN CN201810781959.1A patent/CN108875320B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100083224A1 (en) * | 2008-10-01 | 2010-04-01 | Jeffrey Brian Arnold | Method of modifying code of a running computer program based on symbol values discovered from comparison of running code to corresponding object code |
| CN101557584A (en) * | 2009-05-14 | 2009-10-14 | 中兴通讯股份有限公司 | Method for realizing application authority control of mobile terminal and device |
| CN101916194A (en) * | 2010-06-01 | 2010-12-15 | 浙江大学 | Method for deploying node procedure of wireless sensing network |
| CN103077062A (en) * | 2012-11-30 | 2013-05-01 | 华为技术有限公司 | Method and device for detecting code change |
| US20140157232A1 (en) * | 2012-11-30 | 2014-06-05 | Huawei Technologies Co., Ltd. | Method and Apparatus for Detecting Code Change |
| CN103177215A (en) * | 2013-03-05 | 2013-06-26 | 四川电力科学研究院 | Computer malicious software detection novel method based on software control flow features |
| CN104063258A (en) * | 2013-03-21 | 2014-09-24 | 国际商业机器公司 | Code dynamic switching method and system for debugging process |
| WO2015043408A1 (en) * | 2013-09-27 | 2015-04-02 | Tencent Technology (Shenzhen) Company Limited | Method of protecting binary file from being decompiled and device thereof |
| CN106598659A (en) * | 2016-12-08 | 2017-04-26 | 浪潮(苏州)金融技术服务有限公司 | Data file construction method, method and device for updating application program |
| CN108021792A (en) * | 2017-12-04 | 2018-05-11 | 北京元心科技有限公司 | Mirror image software generation method and device and corresponding terminal |
Non-Patent Citations (1)
| Title |
|---|
| 陈晓斌: "基于二进制代码等价变换的代码伪装技术研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110262838A (en) * | 2019-06-14 | 2019-09-20 | 深圳乐信软件技术有限公司 | A kind of processing method of program crashing, device, terminal and storage medium |
| CN111459473A (en) * | 2020-03-31 | 2020-07-28 | 北京润科通用技术有限公司 | Model real-time method and device |
| CN111459473B (en) * | 2020-03-31 | 2023-07-14 | 北京润科通用技术有限公司 | Model real-time method and device |
| CN111639344A (en) * | 2020-07-31 | 2020-09-08 | 中国人民解放军国防科技大学 | Vulnerability detection method and device based on neural network |
| CN112612999A (en) * | 2020-12-30 | 2021-04-06 | 中国人民解放军战略支援部队信息工程大学 | Method and system for generating diversified variants based on tree structure |
| CN112612999B (en) * | 2020-12-30 | 2022-11-15 | 中国人民解放军战略支援部队信息工程大学 | Method and system for generating diversified variants based on tree structure |
| CN112783736A (en) * | 2021-03-01 | 2021-05-11 | 苏州挚途科技有限公司 | Method and device for monitoring running body time of software component and electronic equipment |
| CN112783736B (en) * | 2021-03-01 | 2024-04-19 | 苏州挚途科技有限公司 | Method and device for monitoring running body time of software component and electronic equipment |
| CN114428630A (en) * | 2022-03-31 | 2022-05-03 | 浙江地芯引力科技有限公司 | Chip algorithm upgrading method and device and chip |
| CN115186268B (en) * | 2022-07-12 | 2023-10-20 | 国网江苏省电力有限公司信息通信分公司 | Security measurement method, device and storage medium for endogeneous security architecture |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108875320B (en) | 2021-10-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108875320A (en) | Software security means of defence, device, electronic equipment and computer storage medium | |
| Moghimi et al. | Cachezoom: How SGX amplifies the power of cache attacks | |
| CN110263536B (en) | Method and device for monitoring intelligent contracts in block chain | |
| US10867050B2 (en) | Method and apparatus for generating dynamic security module | |
| CN107092518A (en) | A kind of Compilation Method for protecting mimicry system of defense software layer safe | |
| CN105843650A (en) | Application program management method and device in intelligent terminal | |
| CN109344612A (en) | The active defense method and system inversely attacked for program code static analysis | |
| Hemberg et al. | Adversarial co-evolution of attack and defense in a segmented computer network environment | |
| CN109067713A (en) | Software security means of defence, device, electronic equipment and computer storage medium | |
| KR102167644B1 (en) | Multi-Level Scenario Authoring Method for Threat in Cyber Training Environment | |
| Theodorides et al. | Breaking active-set backward-edge CFI | |
| CN106682493B (en) | A kind of method, apparatus for preventing process from maliciously being terminated and electronic equipment | |
| CN109543457A (en) | The method and device called between control intelligent contract | |
| Russo et al. | Securing timeout instructions in web applications | |
| CN112767155B (en) | Intelligent contract safe transaction sequence generation method, device, medium and equipment | |
| CN104008056A (en) | Software testing method and device | |
| CN111796911B (en) | Attack detection method for cloud platform virtual equipment and electronic device | |
| US11188378B2 (en) | Management of control parameters in electronic systems | |
| Eom et al. | Automated crash filtering for arm binary programs | |
| US20240264924A1 (en) | Automatic injection of weak code to attract or distract malicious actors | |
| CN112199667B (en) | Software protection method, device, equipment and storage medium | |
| CN109218255B (en) | Safety protection method, control system and safety protection system | |
| US20240211551A1 (en) | Method to protect program in integrated circuit | |
| CN107682314A (en) | A kind of detection method and device of APT attacks | |
| Chung et al. | A new approach to deterministic execution testing for concurrent programs |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230517 Address after: Room 401, Floor 4, No. 2, Haidian East Third Street, Haidian District, Beijing 100080 Patentee after: Yuanxin Information Technology Group Co.,Ltd. Address before: 100176 room 2222, building D, building 33, 99 Kechuang 14th Street, Beijing Economic and Technological Development Zone, Daxing District, Beijing Patentee before: YUANXIN TECHNOLOGY |