CN109033763A - A kind of program encryption method, apparatus, readable medium and storage control - Google Patents
A kind of program encryption method, apparatus, readable medium and storage control Download PDFInfo
- Publication number
- CN109033763A CN109033763A CN201810860163.5A CN201810860163A CN109033763A CN 109033763 A CN109033763 A CN 109033763A CN 201810860163 A CN201810860163 A CN 201810860163A CN 109033763 A CN109033763 A CN 109033763A
- Authority
- CN
- China
- Prior art keywords
- sensitivity function
- data space
- program
- function
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 230000035945 sensitivity Effects 0.000 claims abstract description 143
- 230000006870 function Effects 0.000 claims description 189
- 238000012545 processing Methods 0.000 claims description 15
- 238000013475 authorization Methods 0.000 claims description 11
- 230000005055 memory storage Effects 0.000 claims description 3
- 230000008569 process Effects 0.000 description 7
- 238000006073 displacement reaction Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 239000007787 solid Substances 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000002441 reversible effect Effects 0.000 description 2
- 230000010415 tropism Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The present invention provides a kind of program encryption method, apparatus, readable medium and storage controls, this method comprises: constructing multidimensional data space management device;Wherein, the multidimensional data space management device includes: at least one sample function and the corresponding data space of each described sample function;Obtain program to be encrypted;At least one sensitivity function is determined from the program to be encrypted;According to sample function corresponding with the sensitivity function in the multidimensional data space management device, the corresponding target data space of each described sensitivity function is determined;The target data space corresponding to each described sensitivity function generates the corresponding target location coordinate of the sensitivity function at random;According to the corresponding target location coordinate of each sensitivity function, the corresponding encryption data of the program to be encrypted is generated.This programme can improve the safety of program.
Description
Technical field
The present invention relates to field of computer technology, in particular to a kind of program encryption method, apparatus, readable medium and storage
Controller.
Background technique
For the application demand for meeting user's different field, different problems, miscellaneous program is come into being.In order to avoid
Application program is maliciously tampered, and need to usually encrypt to program, to increase the safety of program.
Existing program encryption mode is generally by carrying out the sensitivity function in program to obscure processing, to carry out to program
Encryption.For example, being obscured by function of the meaningless parameter name to sensitivity function.But encrypted journey in this way
Sequence, the return state of sensitivity function is still the memory address that can be tampered, therefore the safety of program is lower.
Summary of the invention
The embodiment of the invention provides a kind of program encryption method, apparatus, readable medium and storage controls, can improve journey
The safety of sequence.
In a first aspect, the embodiment of the invention provides a kind of program encryption methods, comprising:
Construct multidimensional data space management device;Wherein, the multidimensional data space management device includes: at least one sample
This function and the corresponding data space of each described sample function;
Obtain program to be encrypted;
At least one sensitivity function is determined from the program to be encrypted;
According to sample function corresponding with the sensitivity function in the multidimensional data space management device, determine each
The corresponding target data space of a sensitivity function;
The target data space corresponding to each described sensitivity function generates the corresponding mesh of the sensitivity function at random
Cursor position coordinate;
According to the corresponding target location coordinate of each sensitivity function, it is corresponding to generate the program to be encrypted
Encryption data.
Optionally,
The multidimensional data space management device further comprises: at least one variable-definition and each described sample
Call relation between this function and at least one described variable-definition;
It is corresponding to generate the sensitivity function at random for the target data space corresponding to each described sensitivity function
Target location coordinate, comprising:
For sensitivity function described in each, execute:
According to the corresponding sample function of the sensitivity function, the corresponding object invocation relationship of the sensitivity function is determined;
According to the object invocation relationship, target variable definition is determined from least one described variable-definition;
It generates each described target variable at random in the target data space and defines corresponding target location coordinate.
Optionally,
When the number of the sensitivity function is at least two,
It is described according to the corresponding target location coordinate of each sensitivity function, generate the program to be encrypted
Corresponding encryption data, comprising:
For sensitivity function described in each, A1 to A3 is executed:
A1: in the target location coordinate described in each of described target data space, setting and the target variable
Define corresponding target entity variable;
A2: according to the target entity variable, the corresponding return state of the sensitivity function is determined;
A3: the corresponding random site coordinate of the return state is generated at random in the target data space;
It is random to generate sensitivity function described in every two according to the corresponding random site coordinate of each sensitivity function
Between data space authorization key;
According to the spatial authority key, the corresponding encryption data of the program to be encrypted is generated.
Optionally,
It is described according to the spatial authority key, generate the corresponding encryption data of the program to be encrypted, comprising:
The access pointer between sensitivity function described in every two is parsed from the spatial authority key;
According to the access pointer, the access road between the corresponding target data space of sensitivity function described in every two is determined
Diameter;
It is raw according to the access path determined and the corresponding target location coordinate of each described objective function
At the corresponding encryption data of the program to be encrypted.
Second aspect, the embodiment of the invention provides a kind of program encryption devices, comprising: building module, determining module, seat
Mark generation module and encrypting module;Wherein,
The building module, for constructing multidimensional data space management device;Wherein, the multidimensional data space management
Device includes: at least one sample function and the corresponding data space of each described sample function;
The determining module determines that at least one is quick for obtaining program to be encrypted, and from the program to be encrypted
Feel function;
The Coordinate generation module, for according to opposite with the sensitivity function in the multidimensional data space management device
The sample function answered determines the corresponding target data space of each described sensitivity function;In each sensitivity function institute
Corresponding target data space generates the corresponding target location coordinate of the sensitivity function at random;
The encrypting module, for generating according to the corresponding target location coordinate of each sensitivity function
The corresponding encryption data of the program to be encrypted.
Optionally,
The multidimensional data space management device further comprises: at least one variable-definition and each described sample
Call relation between this function and at least one described variable-definition;
The Coordinate generation module executes: corresponding according to the sensitivity function for being directed to each described sensitivity function
Sample function, determine the corresponding object invocation relationship of the sensitivity function;According to the object invocation relationship, from it is described at least
Target variable definition is determined in one variable-definition;Generate each described target variable at random in the target data space
Define corresponding target location coordinate.
Optionally,
When the number of the sensitivity function is at least two,
The encrypting module includes: processing unit, Key generating unit and encryption data generation unit;Wherein,
The processing unit executes: every in the target data space for being directed to each described sensitivity function
In one target location coordinate, it is arranged and defines corresponding target entity variable with the target variable;According to the mesh
Instance variable is marked, determines the corresponding return state of the sensitivity function;It is returned described in being generated at random in the target data space
Return the corresponding random site coordinate of state;
The Key generating unit, for according to the corresponding random site coordinate of each sensitivity function, at random
Generate the data space authorization key between sensitivity function described in every two;
The encryption data generation unit, for it is corresponding to generate the program to be encrypted according to the spatial authority key
Encryption data.
Optionally,
The encryption data generation unit, for parsing sensitivity function described in every two from the spatial authority key
Between access pointer;According to the access pointer, determine between the corresponding target data space of sensitivity function described in every two
Access path;According to the access path determined and the corresponding target location coordinate of each described objective function,
Generate the corresponding encryption data of the program to be encrypted.
The third aspect, the embodiment of the invention provides a kind of readable mediums, including execute instruction, when the place of storage control
When executing instruction described in reason device execution, the storage control executes the method that any of the above-described embodiment of the present invention provides.
Fourth aspect, the embodiment of the invention provides a kind of storage controls, comprising: processor, memory and bus;Institute
State memory for store execute instruction, the processor is connect with the memory by the bus, when the storage control
When device processed is run, the processor executes the described of memory storage and executes instruction, so that the storage control executes
The method that any of the above-described embodiment of the present invention provides.
The embodiment of the invention provides a kind of program encryption method, apparatus, readable medium and storage controls, by preparatory
Building includes the multidimensional data space management device in sample function and its corresponding data space, after getting program to be encrypted,
Sensitivity function is determined from program to be encrypted, and the corresponding target data of sensitivity function is determined according to multidimensional space manager
Space generates the corresponding target location coordinate of the sensitivity function, then according to each in each target data space at random
Target location coordinate generates the corresponding encryption data of program to be encrypted.Since each sensitivity function has its corresponding data empty
Between, and the corresponding target location coordinate of each sensitivity function is random generation, the logic flow not repeated, different data sky
Between between and be unaware of mutual structure and target location coordinate definition, therefore can prevent repeatedly trace debug carry out program it is illegal
The possibility for modifying or being accessed sensitive data which thereby enhances the safety of program.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the present invention
Some embodiments for those of ordinary skill in the art without creative efforts, can also basis
These attached drawings obtain other attached drawings.
Fig. 1 is a kind of flow chart of program encryption method provided by one embodiment of the present invention;
Fig. 2 is a kind of structural schematic diagram of program encryption device provided by one embodiment of the present invention;
Fig. 3 is a kind of structural schematic diagram for program encryption device that another embodiment of the present invention provides;
Fig. 4 is a kind of structural schematic diagram for program encryption device that another embodiment of the invention provides.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments, based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
As shown in Figure 1, this method may comprise steps of the embodiment of the invention provides a kind of program encryption method:
Step 101: constructing multidimensional data space management device;Wherein, the multidimensional data space management device include: to
A few sample function and the corresponding data space of each described sample function;
Step 102: obtaining program to be encrypted;
Step 103: determining at least one sensitivity function from the program to be encrypted;
Step 104: according to sample function corresponding with the sensitivity function in the multidimensional data space management device,
Determine the corresponding target data space of each described sensitivity function;
Step 105: the target data space corresponding to each described sensitivity function generates the sensitivity function at random
Corresponding target location coordinate;
Step 106: according to the corresponding target location coordinate of each sensitivity function, generating described to be encrypted
The corresponding encryption data of program.
In above-described embodiment, by constructing the multidimensional data space including sample function and its corresponding data space in advance
Manager determines sensitivity function, and according to multidimensional space management after getting program to be encrypted from program to be encrypted
Device determines that the corresponding target data space of sensitivity function generates the sensitivity function pair in each target data space at random
The target location coordinate answered generates the corresponding encryption data of program to be encrypted then according to each target location coordinate.Due to every
A sensitivity function has its corresponding data space, and the corresponding target location coordinate of each sensitivity function is random generation, is not had
There is a repeatable logic flow, between different data space and is unaware of mutual structure and target location coordinate definition, therefore
It can prevent repeatedly trace debug to carry out program illegal modifications or the possibility of sensitive data is accessed, which thereby enhance the safety of program
Property.
In one embodiment of the invention, the multidimensional data space management device further comprises: at least one variable is fixed
Call relation between justice and each described sample function and at least one described variable-definition;
The specific embodiment of step 105 may include:
For sensitivity function described in each, execute:
According to the corresponding sample function of the sensitivity function, the corresponding object invocation relationship of the sensitivity function is determined;
According to the object invocation relationship, target variable definition is determined from least one described variable-definition;
It generates each described target variable at random in the target data space and defines corresponding target location coordinate.
After determining sensitivity function from function to be encrypted, according in multidimensional space manager with the sensitivity function
Corresponding sample function and its call relation determine the corresponding object invocation relationship of the sensitivity function, then according to the target
Call relation, it may be determined that go out target variable definition corresponding with the sensitivity function, then in the corresponding number of targets of the sensitivity function
The position coordinates defined according to each target variable is generated in space at random.Due to the position coordinates of each variable-definition be with
Machine generates, i.e., uses multidimensional solid stochastic regime assignment characteristic completely, so that data do not have visibility or reversible tropism,
So that the corresponding processing logical process of the sensitivity function and returning the result can be completely hidden, so that data do not have
Readability ensure that the safety of data to greatest extent.
In one embodiment of the invention, when the number of the sensitivity function is at least two, the specific implementation of step 106
Mode may include:
For sensitivity function described in each, A1 to A3 is executed:
A1: in the target location coordinate described in each of described target data space, setting and the target variable
Define corresponding target entity variable;
A2: according to the target entity variable, the corresponding return state of the sensitivity function is determined;
A3: the corresponding random site coordinate of the return state is generated at random in the target data space;
It is random to generate sensitivity function described in every two according to the corresponding random site coordinate of each sensitivity function
Between data space authorization key;
According to the spatial authority key, the corresponding encryption data of the program to be encrypted is generated.
For example, the target location coordinate that the target variable generated at random defines A is (1,1), target variable defines the target of B
Position coordinates are (2,2), then target entity variables A is arranged on (1,1), and target entity variable B is arranged on (2,2).Work as mesh
Instance variable is marked when setting completed, determines that each target location coordinate is active, it at this time can be according to each target entity
Processing logic between variable determines the return state of corresponding sensitivity function, then generate at random again the return state with
Machine position coordinates are achieved in hiding completely for function processing logic.Then, further according to the return state pair of each sensitivity function
The random site coordinate answered generates the data space authorization key between every two sensitivity function, to determine every two sensitivity letter
Processing logic between number, since data space authorization key is also to generate at random, the processing logic between sensitivity function
Also it is completely hidden, avoids function processing logic from illegally being distorted, to improve the safety of program.
It is described according to the spatial authority key in one embodiment of the invention, it is corresponding to generate the program to be encrypted
Encryption data, comprising:
The access pointer between sensitivity function described in every two is parsed from the spatial authority key;
According to the access pointer, the access road between the corresponding target data space of sensitivity function described in every two is determined
Diameter;
It is raw according to the access path determined and the corresponding target location coordinate of each described objective function
At the corresponding encryption data of the program to be encrypted.
The access pointer of next data space is contained in spatial authority key, the access pointer is quick corresponding to one
Feel the access path of random site coordinate of the corresponding random site coordinate of function to another sensitivity function.For example, sensitive letter
The corresponding random site coordinate of number A is (5,3), and the corresponding random site coordinate of sensitivity function B is (6,4), then from sensitivity function A
Access path to sensitivity function B can be (5,3)-(6,3)-(6,4), or (5,3)-(5,4)-(6,4).And the visit
Diameter of asking the way by the access pointer in the spatial authority key that generates at random determines that is, the access path is also to generate at random.Therefore,
In the handoff procedure of variable transferring and data space, all access are operated based on space displacement, such as function A=" function B,
Practical operation in data space is that random site coordinate A is displaced to random coordinates position B, therefore can completely hide function
Between logic, improve the safety of program.
In conclusion by importing the letter such as program class, sample function, variable-definition in multidimensional data space management device
Breath, by data space management device analysis program processing logic and call relation.When receiving program to be encrypted, selected by user
Several sensitive operation function entrance points, such as authorization functions or inspection function etc. are turned the return state of function by Boolean type
It is changed to one group of data space position coordinates comprising random factor.It can also be context initialization and authorization in program initialization
Check the independent data space of module creation.It then is each checkpoint and the unique space of specification of variables in data space
Data coordinates generate data space authorization key when all coordinates are activated.Then switched in variable transferring and data space
Cheng Zhong, all access are based on space displacement operation.Due between different data spaces, and it is unaware of mutual structure and has
Coordinate definition is imitated, the only responsible program process for creating this data space just understands the specific meaning of each coordinate and displacement,
And because be to create at random every time, the logic flow not repeated, thus theoretically just prevented repeatedly with
Track debugging carries out program illegal modifications or the possibility of sensitive data is accessed, and improves the safety of program.
As shown in Figure 2 and Figure 3, the embodiment of the invention provides a kind of program encryption devices.Installation practice can be by soft
Part is realized, can also be realized by way of hardware or software and hardware combining.For hardware view, as shown in Fig. 2, being this hair
A kind of hardware structure diagram of equipment where the program encryption device that bright embodiment provides, in addition to processor shown in Fig. 2, memory,
Except network interface and nonvolatile memory, the equipment in embodiment where device usually can also include other hardware,
Such as it is responsible for the forwarding chip of processing message.Taking software implementation as an example, as shown in figure 3, as the dress on a logical meaning
It sets, is that computer program instructions corresponding in nonvolatile memory are read into memory by fortune by the CPU of equipment where it
What row was formed.A kind of program encryption device provided in this embodiment, comprising: building module 301, determining module 302, Coordinate generation
Module 303 and encrypting module 304;Wherein,
The building module 301, for constructing multidimensional data space management device;Wherein, the multidimensional data space
Manager includes: at least one sample function and the corresponding data space of each described sample function;
The determining module 302 determines at least one for obtaining program to be encrypted, and from the program to be encrypted
Sensitivity function;
The Coordinate generation module 303, for according in the multidimensional data space management device with the sensitivity function
Corresponding sample function determines the corresponding target data space of each described sensitivity function;In each sensitive letter
The corresponding target data space of number, generates the corresponding target location coordinate of the sensitivity function at random;
The encrypting module 304, it is raw for according to the corresponding target location coordinate of each sensitivity function
At the corresponding encryption data of the program to be encrypted.
In one embodiment of the invention, the multidimensional data space management device further comprises: at least one variable is fixed
Call relation between justice and each described sample function and at least one described variable-definition;
The Coordinate generation module executes: corresponding according to the sensitivity function for being directed to each described sensitivity function
Sample function, determine the corresponding object invocation relationship of the sensitivity function;According to the object invocation relationship, from it is described at least
Target variable definition is determined in one variable-definition;Generate each described target variable at random in the target data space
Define corresponding target location coordinate.
As shown in figure 4, in one embodiment of the invention, it is described to add when the number of the sensitivity function is at least two
Close module 304 includes: processing unit 3041, Key generating unit 3042 and encryption data generation unit 3043;Wherein,
The processing unit 3041 executes: in the target data space for being directed to each described sensitivity function
Each described target location coordinate on, be arranged and with the target variable define corresponding target entity variable;According to institute
Target entity variable is stated, determines the corresponding return state of the sensitivity function;Institute is generated at random in the target data space
State the corresponding random site coordinate of return state;
The Key generating unit 3042, for according to the corresponding random site coordinate of each sensitivity function,
The random data space authorization key generated between sensitivity function described in every two;
The encryption data generation unit 3043, for generating the program to be encrypted according to the spatial authority key
Corresponding encryption data.
In one embodiment of the invention, the encryption data generation unit 3043, for from the spatial authority key
Parse the access pointer between sensitivity function described in every two;According to the access pointer, sensitivity letter described in every two is determined
Access path between the corresponding target data space of number;According to the access path determined and each described mesh
The corresponding target location coordinate of scalar functions generates the corresponding encryption data of the program to be encrypted.
The contents such as the information exchange between each unit, implementation procedure in above-mentioned apparatus, due to implementing with the method for the present invention
Example is based on same design, and for details, please refer to the description in the embodiment of the method for the present invention, and details are not described herein again.
The embodiment of the invention provides a kind of readable mediums, including execute instruction, when the processor of storage control executes
Described when executing instruction, the storage control executes the method that any of the above-described embodiment of the present invention provides.
The embodiment of the invention provides a kind of storage controls, comprising: processor, memory and bus;The memory
It is executed instruction for storing, the processor is connect with the memory by the bus, when the storage control is run
When, the processor executes the described of memory storage and executes instruction, so that the storage control executes in the present invention
The method that any embodiment offer is provided.
In conclusion more than the present invention each embodiment at least has the following beneficial effects:
1, in embodiments of the present invention, by constructing the multidimensional number including sample function and its corresponding data space in advance
According to space manager, after getting program to be encrypted, sensitivity function is determined from program to be encrypted, and according to multidimensional sky
Between manager determine that the corresponding target data space of sensitivity function generates the sensitivity in each target data space at random
The corresponding target location coordinate of function generates the corresponding encryption data of program to be encrypted then according to each target location coordinate.
Since each sensitivity function has its corresponding data space, and the corresponding target location coordinate of each sensitivity function is random raw
At, the logic flow not repeated, between different data space and it is unaware of mutual structure and target location coordinate definition,
Therefore it can prevent repeatedly trace debug to carry out program illegal modifications or the possibility of sensitive data is accessed, which thereby enhance program
Safety.
2, in embodiments of the present invention, after determining sensitivity function from function to be encrypted, according to multidimensional space
Sample function corresponding with the sensitivity function and its call relation in manager, determine the corresponding object invocation of the sensitivity function
Relationship, then according to the object invocation relationship, it may be determined that go out target variable definition corresponding with the sensitivity function, it is then quick at this
Sense function generates the position coordinates that each target variable defines in corresponding target data space at random.Since each variable is fixed
The position coordinates of justice are all to generate at random, i.e., multidimensional solid stochastic regime assignment characteristic are used completely, so that data do not have
Standby visibility or reversible tropism, so that the corresponding processing logical process of the sensitivity function and return the result can be complete
It hides, so that data do not have readability, ensure that the safety of data to greatest extent.
3, in embodiments of the present invention, in variable transferring and data space handoff procedure, all access are based on space
Displacement operation.Due between different data spaces, and it is unaware of mutual structure and the definition of effective coordinate, is only responsible for creation
The program process of this data space just understands the specific meaning of each coordinate and displacement, and because is to create at random every time
It builds, the logic flow not repeated, thus has theoretically just prevented repeatedly trace debug and carried out program illegal modifications
Or the possibility of sensitive data is accessed, improve the safety of program.
It should be noted that, in this document, such as first and second etc relational terms are used merely to an entity
Or operation is distinguished with another entity or operation, is existed without necessarily requiring or implying between these entities or operation
Any actual relationship or order.Moreover, the terms "include", "comprise" or its any other variant be intended to it is non-
It is exclusive to include, so that the process, method, article or equipment for including a series of elements not only includes those elements,
It but also including other elements that are not explicitly listed, or further include solid by this process, method, article or equipment
Some elements.In the absence of more restrictions, the element limited by sentence " including one ", is not arranged
Except there is also other identical factors in the process, method, article or apparatus that includes the element.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above method embodiment can pass through
The relevant hardware of program instruction is completed, and program above-mentioned can store in computer-readable storage medium, the program
When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned includes: ROM, RAM, magnetic disk or light
In the various media that can store program code such as disk.
Finally, it should be noted that the foregoing is merely presently preferred embodiments of the present invention, it is merely to illustrate skill of the invention
Art scheme, is not intended to limit the scope of the present invention.Any modification for being made all within the spirits and principles of the present invention,
Equivalent replacement, improvement etc., are included within the scope of protection of the present invention.
Claims (10)
1. a kind of program encryption method characterized by comprising
Construct multidimensional data space management device;Wherein, the multidimensional data space management device includes: at least one sample letter
Number and the corresponding data space of each described sample function;
Obtain program to be encrypted;
At least one sensitivity function is determined from the program to be encrypted;
According to sample function corresponding with the sensitivity function in the multidimensional data space management device, each institute is determined
State the corresponding target data space of sensitivity function;
The target data space corresponding to each described sensitivity function generates the corresponding target position of the sensitivity function at random
Set coordinate;
According to the corresponding target location coordinate of each sensitivity function, generate the program to be encrypted it is corresponding plus
Ciphertext data.
2. the method according to claim 1, wherein
The multidimensional data space management device further comprises: at least one variable-definition and each described sample letter
Call relation between several and at least one described variable-definition;
The target data space corresponding to each described sensitivity function, generates the corresponding mesh of the sensitivity function at random
Cursor position coordinate, comprising:
For sensitivity function described in each, execute:
According to the corresponding sample function of the sensitivity function, the corresponding object invocation relationship of the sensitivity function is determined;
According to the object invocation relationship, target variable definition is determined from least one described variable-definition;
It generates each described target variable at random in the target data space and defines corresponding target location coordinate.
3. according to the method described in claim 2, it is characterized in that,
When the number of the sensitivity function is at least two,
It is described according to the corresponding target location coordinate of each sensitivity function, it is corresponding to generate the program to be encrypted
Encryption data, comprising:
For sensitivity function described in each, A1 to A3 is executed:
A1: in the target location coordinate described in each of described target data space, setting is defined with the target variable
Corresponding target entity variable;
A2: according to the target entity variable, the corresponding return state of the sensitivity function is determined;
A3: the corresponding random site coordinate of the return state is generated at random in the target data space;
It is random to generate between sensitivity function described in every two according to the corresponding random site coordinate of each sensitivity function
Data space authorization key;
According to the spatial authority key, the corresponding encryption data of the program to be encrypted is generated.
4. according to the method described in claim 3, it is characterized in that,
It is described according to the spatial authority key, generate the corresponding encryption data of the program to be encrypted, comprising:
The access pointer between sensitivity function described in every two is parsed from the spatial authority key;
According to the access pointer, the access path between the corresponding target data space of sensitivity function described in every two is determined;
According to the access path determined and the corresponding target location coordinate of each described objective function, institute is generated
State the corresponding encryption data of program to be encrypted.
5. a kind of program encryption device characterized by comprising building module, determining module, Coordinate generation module and encryption mould
Block;Wherein,
The building module, for constructing multidimensional data space management device;Wherein, the multidimensional data space management device packet
It includes: at least one sample function and the corresponding data space of each described sample function;
The determining module for obtaining program to be encrypted, and determines at least one sensitive letter from the program to be encrypted
Number;
The Coordinate generation module, for according to corresponding with the sensitivity function in the multidimensional data space management device
Sample function determines the corresponding target data space of each described sensitivity function;Corresponding to each described sensitivity function
Target data space, generate the corresponding target location coordinate of the sensitivity function at random;
The encrypting module, for according to the corresponding target location coordinate of each sensitivity function, described in generation
The corresponding encryption data of program to be encrypted.
6. device according to claim 5, which is characterized in that
The multidimensional data space management device further comprises: at least one variable-definition and each described sample letter
Call relation between several and at least one described variable-definition;
The Coordinate generation module executes: for being directed to each described sensitivity function according to the corresponding sample of the sensitivity function
This function determines the corresponding object invocation relationship of the sensitivity function;According to the object invocation relationship, from it is described at least one
Target variable definition is determined in variable-definition;Generate each described target variable definition at random in the target data space
Corresponding target location coordinate.
7. device according to claim 6, which is characterized in that
When the number of the sensitivity function is at least two,
The encrypting module includes: processing unit, Key generating unit and encryption data generation unit;Wherein,
The processing unit executes: for being directed to each described sensitivity function in each of described target data space
In the target location coordinate, it is arranged and defines corresponding target entity variable with the target variable;It is real according to the target
Body variable determines the corresponding return state of the sensitivity function;Generate the return shape at random in the target data space
The corresponding random site coordinate of state;
The Key generating unit, it is random to generate for according to the corresponding random site coordinate of each sensitivity function
Data space authorization key between sensitivity function described in every two;
The encryption data generation unit, for generating according to the spatial authority key, the program to be encrypted is corresponding to be added
Ciphertext data.
8. device according to claim 7, which is characterized in that
The encryption data generation unit, for being parsed between sensitivity function described in every two from the spatial authority key
Access pointer;According to the access pointer, the visit between the corresponding target data space of sensitivity function described in every two is determined
It asks the way diameter;According to the access path determined and the corresponding target location coordinate of each described objective function, generate
The corresponding encryption data of the program to be encrypted.
9. a kind of readable medium, including execute instruction, it is described to deposit when executing instruction described in the processor of storage control executes
It stores up controller perform claim and requires 1 to 4 any program encryption method.
10. a kind of storage control, comprising: processor, memory and bus;The memory is executed instruction for storing, institute
It states processor and is connect with the memory by the bus, when storage control operation, the processor executes institute
It states the described of memory storage to execute instruction, so that the storage control perform claim requires 1 to 4 any program to add
Decryption method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810860163.5A CN109033763B (en) | 2018-08-01 | 2018-08-01 | Program encryption method and device, readable medium and storage controller |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810860163.5A CN109033763B (en) | 2018-08-01 | 2018-08-01 | Program encryption method and device, readable medium and storage controller |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109033763A true CN109033763A (en) | 2018-12-18 |
| CN109033763B CN109033763B (en) | 2020-09-04 |
Family
ID=64648291
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810860163.5A Active CN109033763B (en) | 2018-08-01 | 2018-08-01 | Program encryption method and device, readable medium and storage controller |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109033763B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1588265A (en) * | 2004-09-01 | 2005-03-02 | 中国科学院计算技术研究所 | Software protective method based on function encrypting |
| US20170013015A1 (en) * | 2015-07-07 | 2017-01-12 | Openvpn Technologies, Inc. | Kernel mode accelerator |
| CN107210912A (en) * | 2014-12-29 | 2017-09-26 | 维萨国际服务协会 | Mandate to application library is accessed |
| CN107391973A (en) * | 2017-07-17 | 2017-11-24 | 北京深思数盾科技股份有限公司 | A kind of function guard method and device |
| CN108259474A (en) * | 2016-12-29 | 2018-07-06 | 迈克菲有限责任公司 | For the technology of secret protection security strategy evaluation |
-
2018
- 2018-08-01 CN CN201810860163.5A patent/CN109033763B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1588265A (en) * | 2004-09-01 | 2005-03-02 | 中国科学院计算技术研究所 | Software protective method based on function encrypting |
| CN107210912A (en) * | 2014-12-29 | 2017-09-26 | 维萨国际服务协会 | Mandate to application library is accessed |
| US20170013015A1 (en) * | 2015-07-07 | 2017-01-12 | Openvpn Technologies, Inc. | Kernel mode accelerator |
| CN108259474A (en) * | 2016-12-29 | 2018-07-06 | 迈克菲有限责任公司 | For the technology of secret protection security strategy evaluation |
| CN107391973A (en) * | 2017-07-17 | 2017-11-24 | 北京深思数盾科技股份有限公司 | A kind of function guard method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109033763B (en) | 2020-09-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Abdellatif et al. | Formal verification of smart contracts based on users and blockchain behaviors models | |
| Roudier et al. | SysML-Sec: A model driven approach for designing safe and secure systems | |
| US11816018B2 (en) | Systems and methods of formal verification | |
| CN104350504B (en) | The method and apparatus of program flow in being operated for software | |
| CN100578473C (en) | Embedded system and method for increasing embedded system security | |
| CN104272270B (en) | Application security is tested | |
| CN105229659B (en) | Obscure the access by software application to data storage device | |
| CN112840341B (en) | Method for detecting a security-related data stream | |
| CN108123956A (en) | Password misuse leak detection method and system based on Petri network | |
| Hansen et al. | Conformance checking of RBAC policy and its implementation | |
| US20190197216A1 (en) | Method, apparatus, and computer-readable medium for executing a logic on a computing device and protecting the logic against reverse engineering | |
| US20130066954A1 (en) | Computer software analysis system, client computer, method of controlling operation of same and operation program therefor | |
| CN109871312A (en) | A kind of interface test method, device, equipment and readable storage medium storing program for executing | |
| Apvrille et al. | SysML-Sec attack graphs: compact representations for complex attacks | |
| CN109960597A (en) | A kind of dynamic registration method and relevant apparatus of Applied layer interface | |
| CN111133434B (en) | Apparatus and method for cryptographically protected running of virtual machines | |
| CN106610859A (en) | Program update method, device and system, and imaging box | |
| CN105468970B (en) | A kind of Android application programs based on protection net are anti-to usurp method and system | |
| CN109977702A (en) | A kind of FPGA device encrypted authentication system and method based on DS2432 chip | |
| US20090327971A1 (en) | Informational elements in threat models | |
| CN101167299B (en) | Linking DIFFIE HELLMAN with HFS authentication by using a seed | |
| CN106844219A (en) | Using detection method and apply detection means | |
| CN109033763A (en) | A kind of program encryption method, apparatus, readable medium and storage control | |
| Liu et al. | Behavioral equivalence of security-oriented interactive systems | |
| CN114925033A (en) | Information uplink method, device, system and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200810 Address after: Wusong Industrial Park, Wuzhong Development District of Suzhou City, Jiangsu province 215100 Wusong Road No. 818 Applicant after: INSPUR FINANCIAL INFORMATION TECHNOLOGY Co.,Ltd. Address before: 215100 No. 178 Tayun Road, Yuexi Street, Wuzhong District, Suzhou City, Jiangsu Province Applicant before: SUZHOU INSPUR INTELLIGENT SOFTWARE Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |