CN109033763B - Program encryption method and device, readable medium and storage controller - Google Patents
Program encryption method and device, readable medium and storage controller Download PDFInfo
- Publication number
- CN109033763B CN109033763B CN201810860163.5A CN201810860163A CN109033763B CN 109033763 B CN109033763 B CN 109033763B CN 201810860163 A CN201810860163 A CN 201810860163A CN 109033763 B CN109033763 B CN 109033763B
- Authority
- CN
- China
- Prior art keywords
- target
- sensitive
- function
- program
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 230000006870 function Effects 0.000 claims abstract description 207
- 238000013475 authorization Methods 0.000 claims description 27
- 238000012545 processing Methods 0.000 claims description 13
- 239000000126 substance Substances 0.000 claims description 6
- 238000010276 construction Methods 0.000 claims description 5
- 230000008569 process Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 4
- 238000006073 displacement reaction Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000012546 transfer Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The invention provides a program encryption method, a device, a readable medium and a storage controller, wherein the method comprises the following steps: constructing a multidimensional data space manager; wherein the multidimensional data space manager comprises: at least one sample function and a data space corresponding to each sample function; acquiring a program to be encrypted; determining at least one sensitive function from the program to be encrypted; determining a target data space corresponding to each sensitive function according to a sample function corresponding to the sensitive function in the multidimensional data space manager; randomly generating a target position coordinate corresponding to each sensitive function in a target data space corresponding to each sensitive function; and generating encrypted data corresponding to the program to be encrypted according to the target position coordinates corresponding to the sensitive functions respectively. The scheme can improve the safety of the program.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a program encryption method, apparatus, readable medium, and storage controller.
Background
In order to meet the application requirements of users in different fields and different problems, various programs are produced. In order to avoid malicious tampering of an application program, the program is usually encrypted to increase the security of the program.
The existing program encryption method generally performs obfuscation processing on sensitive functions in a program to encrypt the program. For example, the function of a sensitive function is obfuscated by meaningless parameter names. However, the return state of the sensitive function is still the memory address which can be tampered with, so that the security of the program is low.
Disclosure of Invention
The embodiment of the invention provides a program encryption method, a program encryption device, a readable medium and a storage controller, which can improve the safety of a program.
In a first aspect, an embodiment of the present invention provides a program encryption method, including:
constructing a multidimensional data space manager; wherein the multidimensional data space manager comprises: at least one sample function and a data space corresponding to each sample function;
acquiring a program to be encrypted;
determining at least one sensitive function from the program to be encrypted;
determining a target data space corresponding to each sensitive function according to a sample function corresponding to the sensitive function in the multidimensional data space manager;
randomly generating a target position coordinate corresponding to each sensitive function in a target data space corresponding to each sensitive function;
and generating encrypted data corresponding to the program to be encrypted according to the target position coordinates corresponding to the sensitive functions respectively.
Alternatively,
the multidimensional data space manager further comprises: at least one variable definition and a calling relationship between each of the sample functions and at least one of the variable definitions;
the randomly generating the target position coordinates corresponding to the sensitive functions in the target data space corresponding to each sensitive function includes:
for each of the sensitive functions, performing:
determining a target calling relation corresponding to the sensitive function according to the sample function corresponding to the sensitive function;
determining a target variable definition from the at least one variable definition according to the target calling relationship;
randomly generating a target position coordinate corresponding to each target variable definition in the target data space.
Alternatively,
when the number of said sensitive functions is at least two,
generating the encrypted data corresponding to the program to be encrypted according to the target position coordinates corresponding to the sensitive functions respectively, wherein the generating comprises:
for each of the sensitive functions, performing A1-A3:
a1: setting a target entity variable corresponding to the target variable definition on each target position coordinate in the target data space;
a2: determining a return state corresponding to the sensitive function according to the target entity variable;
a3: randomly generating random position coordinates corresponding to the return state in the target data space;
randomly generating a data space authorization key between every two sensitive functions according to the random position coordinates corresponding to the sensitive functions respectively;
and generating encrypted data corresponding to the program to be encrypted according to the space authorization key.
Alternatively,
generating the encrypted data corresponding to the program to be encrypted according to the space authorization key, including:
analyzing an access pointer between every two sensitive functions from the space authorization key;
determining an access path between target data spaces corresponding to every two sensitive functions according to the access pointer;
and generating encrypted data corresponding to the program to be encrypted according to the determined access path and the target position coordinate corresponding to each target function.
In a second aspect, an embodiment of the present invention provides a program encryption apparatus, including: the device comprises a construction module, a determination module, a coordinate generation module and an encryption module; wherein the content of the first and second substances,
the construction module is used for constructing a multidimensional data space manager; wherein the multidimensional data space manager comprises: at least one sample function and a data space corresponding to each sample function;
the determining module is used for acquiring a program to be encrypted and determining at least one sensitive function from the program to be encrypted;
the coordinate generating module is used for determining a target data space corresponding to each sensitive function according to a sample function corresponding to the sensitive function in the multidimensional data space manager; randomly generating a target position coordinate corresponding to each sensitive function in a target data space corresponding to each sensitive function;
and the encryption module is used for generating encrypted data corresponding to the program to be encrypted according to the target position coordinates corresponding to the sensitive functions respectively.
Alternatively,
the multidimensional data space manager further comprises: at least one variable definition and a calling relationship between each of the sample functions and at least one of the variable definitions;
the coordinate generation module is used for executing, for each sensitive function: determining a target calling relation corresponding to the sensitive function according to the sample function corresponding to the sensitive function; determining a target variable definition from the at least one variable definition according to the target calling relationship; randomly generating a target position coordinate corresponding to each target variable definition in the target data space.
Alternatively,
when the number of said sensitive functions is at least two,
the encryption module includes: a processing unit, a key generation unit and an encrypted data generation unit; wherein the content of the first and second substances,
the processing unit is configured to, for each sensitive function, perform: setting a target entity variable corresponding to the target variable definition on each target position coordinate in the target data space; determining a return state corresponding to the sensitive function according to the target entity variable; randomly generating random position coordinates corresponding to the return state in the target data space;
the key generation unit is used for randomly generating a data space authorization key between every two sensitive functions according to the random position coordinates corresponding to the sensitive functions respectively;
and the encrypted data generating unit is used for generating encrypted data corresponding to the program to be encrypted according to the space authorization key.
Alternatively,
the encrypted data generating unit is used for analyzing an access pointer between every two sensitive functions from the space authorization key; determining an access path between target data spaces corresponding to every two sensitive functions according to the access pointer; and generating encrypted data corresponding to the program to be encrypted according to the determined access path and the target position coordinate corresponding to each target function.
In a third aspect, an embodiment of the present invention provides a readable medium, which includes an execution instruction, and when a processor of a storage controller executes the execution instruction, the storage controller executes a method provided in any one of the above embodiments of the present invention.
In a fourth aspect, an embodiment of the present invention provides a storage controller, including: a processor, a memory, and a bus; the memory is used for storing execution instructions, the processor is connected with the memory through the bus, and when the storage controller runs, the processor executes the execution instructions stored in the memory, so that the storage controller executes the method provided by any one of the above embodiments of the invention.
The embodiment of the invention provides a program encryption method, a program encryption device, a readable medium and a storage controller, wherein a multidimensional data space manager comprising a sample function and a data space corresponding to the sample function is constructed in advance, after a program to be encrypted is obtained, a sensitive function is determined from the program to be encrypted, a target data space corresponding to the sensitive function is determined according to the multidimensional space manager, target position coordinates corresponding to the sensitive function are randomly generated in each target data space, and then encrypted data corresponding to the program to be encrypted are generated according to each target position coordinate. Because each sensitive function has a corresponding data space, the target position coordinate corresponding to each sensitive function is generated randomly, a repeatable logic flow does not exist, and the structures and the target position coordinate definitions of different data spaces are not known, the possibility that the program is illegally modified or sensitive data is accessed by repeatedly tracking and debugging can be avoided, and the safety of the program is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart of a method for encrypting a program according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a program encrypting apparatus according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a program encrypting apparatus according to another embodiment of the present invention;
fig. 4 is a schematic structural diagram of a program encrypting apparatus according to another embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
As shown in fig. 1, an embodiment of the present invention provides a program encryption method, which may include the following steps:
step 101: constructing a multidimensional data space manager; wherein the multidimensional data space manager comprises: at least one sample function and a data space corresponding to each sample function;
step 102: acquiring a program to be encrypted;
step 103: determining at least one sensitive function from the program to be encrypted;
step 104: determining a target data space corresponding to each sensitive function according to a sample function corresponding to the sensitive function in the multidimensional data space manager;
step 105: randomly generating a target position coordinate corresponding to each sensitive function in a target data space corresponding to each sensitive function;
step 106: and generating encrypted data corresponding to the program to be encrypted according to the target position coordinates corresponding to the sensitive functions respectively.
In the above embodiment, by pre-constructing a multidimensional data space manager including a sample function and a data space corresponding to the sample function, after a program to be encrypted is obtained, a sensitive function is determined from the program to be encrypted, a target data space corresponding to the sensitive function is determined according to the multidimensional space manager, in each target data space, a target position coordinate corresponding to the sensitive function is randomly generated, and then encrypted data corresponding to the program to be encrypted is generated according to each target position coordinate. Because each sensitive function has a corresponding data space, the target position coordinate corresponding to each sensitive function is generated randomly, a repeatable logic flow does not exist, and the structures and the target position coordinate definitions of different data spaces are not known, the possibility that the program is illegally modified or sensitive data is accessed by repeatedly tracking and debugging can be avoided, and the safety of the program is improved.
In one embodiment of the present invention, the multidimensional data space manager further comprises: at least one variable definition and a calling relationship between each of the sample functions and at least one of the variable definitions;
specific embodiments of step 105 may include:
for each of the sensitive functions, performing:
determining a target calling relation corresponding to the sensitive function according to the sample function corresponding to the sensitive function;
determining a target variable definition from the at least one variable definition according to the target calling relationship;
randomly generating a target position coordinate corresponding to each target variable definition in the target data space.
After a sensitive function is determined from a function to be encrypted, a target calling relation corresponding to the sensitive function is determined according to a sample function corresponding to the sensitive function and a calling relation thereof in a multi-dimensional space manager, then a target variable definition corresponding to the sensitive function is determined according to the target calling relation, and then position coordinates of each target variable definition are randomly generated in a target data space corresponding to the sensitive function. Because the position coordinate defined by each variable is randomly generated, namely the random state assignment characteristic of the multidimensional geometry is completely adopted, the data has no visibility or reversibility, the processing logic process and the return result corresponding to the sensitive function can be completely hidden, the data has no readability, and the safety of the data is ensured to the maximum extent.
In an embodiment of the present invention, when the number of the sensitive functions is at least two, the specific implementation manner of step 106 may include:
for each of the sensitive functions, performing A1-A3:
a1: setting a target entity variable corresponding to the target variable definition on each target position coordinate in the target data space;
a2: determining a return state corresponding to the sensitive function according to the target entity variable;
a3: randomly generating random position coordinates corresponding to the return state in the target data space;
randomly generating a data space authorization key between every two sensitive functions according to the random position coordinates corresponding to the sensitive functions respectively;
and generating encrypted data corresponding to the program to be encrypted according to the space authorization key.
For example, if the target position coordinates of the randomly generated target variable definition a are (1, 1) and the target position coordinates of the target variable definition B are (2, 2), the target entity variable a is set at (1, 1) and the target entity variable B is set at (2, 2). When the target entity variables are set, determining that each target position coordinate is in an activated state, determining a return state of a corresponding sensitive function according to processing logic among the target entity variables, and then randomly generating a random position coordinate of the return state, thereby completely hiding the function processing logic. And then, generating a data space authorization key between every two sensitive functions according to the random position coordinates corresponding to the return state of each sensitive function so as to determine the processing logic between every two sensitive functions.
In an embodiment of the present invention, the generating, according to the space authorization key, encrypted data corresponding to the program to be encrypted includes:
analyzing an access pointer between every two sensitive functions from the space authorization key;
determining an access path between target data spaces corresponding to every two sensitive functions according to the access pointer;
and generating encrypted data corresponding to the program to be encrypted according to the determined access path and the target position coordinate corresponding to each target function.
The access pointer of the next data space is contained in the space authorization key, and the access pointer corresponds to an access path from the random position coordinate corresponding to one sensitive function to the random position coordinate of another sensitive function. For example, if the random position coordinate corresponding to the sensitive function a is (5, 3), and the random position coordinate corresponding to the sensitive function B is (6, 4), the access path from the sensitive function a to the sensitive function B may be (5, 3) - (6, 3) - (6, 4), or (5, 3) - (5, 4) - (6, 4). And the access path is determined by an access pointer in the randomly generated space authorization key, i.e. the access path is also randomly generated. Therefore, in the process of switching between variable transfer and data space, all accesses are based on space displacement operation, such as function a ═ function B, and the actual operation in the data space is that the random position coordinate a is displaced to the random coordinate position B, so that the logic between the functions can be completely hidden, and the safety of the program is improved.
In summary, information such as program classes, sample functions, variable definitions, etc. is imported into the multidimensional data space manager, and the data space manager analyzes program processing logic and call relations. When a program to be encrypted is received, a user selects several sensitive operation function entry points, such as an authorization function or a check function, and converts the return state of the function from a Boolean type into a set of data space position coordinates containing a random factor. Separate data spaces may also be created for the environment initialization and authorization check modules at program initialization. Unique spatial data coordinates are then set in the data space for each checkpoint and variable, and when all coordinates are activated, a data space authorization key is generated. Then all accesses are based on the spatial shift operation during the variable transfer and data space switching process. Because the structure and effective coordinate definition of each other are not known among different data spaces, the specific meaning of each coordinate and displacement is only clear by the program process responsible for creating the data space, and because the data spaces are created randomly each time and have no repeatable logic flow, the possibility of illegally modifying the program or accessing sensitive data by repeatedly tracking and debugging is theoretically eliminated, and the safety of the program is improved.
As shown in fig. 2 and 3, an embodiment of the present invention provides a program encrypting apparatus. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. From a hardware level, as shown in fig. 2, a hardware structure diagram of a device in which a program encryption apparatus according to an embodiment of the present invention is located is shown, where in addition to the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 2, the device in which the apparatus is located may generally include other hardware, such as a forwarding chip responsible for processing a packet, and the like. Taking a software implementation as an example, as shown in fig. 3, as a logical apparatus, the apparatus is formed by reading, by a CPU of a device in which the apparatus is located, corresponding computer program instructions in a non-volatile memory into a memory for execution. The program encryption device provided by the embodiment comprises: a construction module 301, a determination module 302, a coordinate generation module 303 and an encryption module 304; wherein the content of the first and second substances,
the building module 301 is configured to build a multidimensional data space manager; wherein the multidimensional data space manager comprises: at least one sample function and a data space corresponding to each sample function;
the determining module 302 is configured to obtain a program to be encrypted, and determine at least one sensitive function from the program to be encrypted;
the coordinate generating module 303 is configured to determine a target data space corresponding to each sensitive function according to a sample function corresponding to the sensitive function in the multidimensional data space manager; randomly generating a target position coordinate corresponding to each sensitive function in a target data space corresponding to each sensitive function;
the encryption module 304 is configured to generate encrypted data corresponding to the program to be encrypted according to the target position coordinates respectively corresponding to each of the sensitive functions.
In one embodiment of the present invention, the multidimensional data space manager further comprises: at least one variable definition and a calling relationship between each of the sample functions and at least one of the variable definitions;
the coordinate generation module is used for executing, for each sensitive function: determining a target calling relation corresponding to the sensitive function according to the sample function corresponding to the sensitive function; determining a target variable definition from the at least one variable definition according to the target calling relationship; randomly generating a target position coordinate corresponding to each target variable definition in the target data space.
As shown in fig. 4, in an embodiment of the present invention, when the number of the sensitive functions is at least two, the encryption module 304 includes: a processing unit 3041, a key generation unit 3042, and an encrypted data generation unit 3043; wherein the content of the first and second substances,
the processing unit 3041, configured to execute, for each sensitive function: setting a target entity variable corresponding to the target variable definition on each target position coordinate in the target data space; determining a return state corresponding to the sensitive function according to the target entity variable; randomly generating random position coordinates corresponding to the return state in the target data space;
the key generating unit 3042 is configured to randomly generate a data space authorization key between every two sensitive functions according to the random position coordinates corresponding to each sensitive function;
the encrypted data generating unit 3043 is configured to generate encrypted data corresponding to the program to be encrypted according to the space authorization key.
In an embodiment of the present invention, the encrypted data generating unit 3043 is configured to parse an access pointer between each two sensitive functions from the spatial authorization key; determining an access path between target data spaces corresponding to every two sensitive functions according to the access pointer; and generating encrypted data corresponding to the program to be encrypted according to the determined access path and the target position coordinate corresponding to each target function.
Because the information interaction, execution process, and other contents between the units in the device are based on the same concept as the method embodiment of the present invention, specific contents may refer to the description in the method embodiment of the present invention, and are not described herein again.
Embodiments of the present invention provide a readable medium, which includes an execution instruction, and when a processor of a storage controller executes the execution instruction, the storage controller executes a method provided in any one of the above embodiments of the present invention.
An embodiment of the present invention provides a storage controller, including: a processor, a memory, and a bus; the memory is used for storing execution instructions, the processor is connected with the memory through the bus, and when the storage controller runs, the processor executes the execution instructions stored in the memory, so that the storage controller executes the method provided by any one of the above embodiments of the invention.
In summary, the above embodiments of the present invention have at least the following advantages:
1. in the embodiment of the invention, a multidimensional data space manager comprising a sample function and a data space corresponding to the sample function is constructed in advance, after a program to be encrypted is obtained, a sensitive function is determined from the program to be encrypted, a target data space corresponding to the sensitive function is determined according to the multidimensional space manager, target position coordinates corresponding to the sensitive function are randomly generated in each target data space, and then encrypted data corresponding to the program to be encrypted is generated according to each target position coordinate. Because each sensitive function has a corresponding data space, the target position coordinate corresponding to each sensitive function is generated randomly, a repeatable logic flow does not exist, and the structures and the target position coordinate definitions of different data spaces are not known, the possibility that the program is illegally modified or sensitive data is accessed by repeatedly tracking and debugging can be avoided, and the safety of the program is improved.
2. In the embodiment of the invention, after a sensitive function is determined from a function to be encrypted, a target calling relation corresponding to the sensitive function is determined according to a sample function corresponding to the sensitive function and a calling relation thereof in a multi-dimensional space manager, then a target variable definition corresponding to the sensitive function can be determined according to the target calling relation, and then a position coordinate defined by each target variable is randomly generated in a target data space corresponding to the sensitive function. Because the position coordinate defined by each variable is randomly generated, namely the random state assignment characteristic of the multidimensional geometry is completely adopted, the data has no visibility or reversibility, the processing logic process and the return result corresponding to the sensitive function can be completely hidden, the data has no readability, and the safety of the data is ensured to the maximum extent.
3. In the embodiment of the invention, all accesses are based on the space displacement operation in the variable transmission and data space switching process. Because the structure and effective coordinate definition of each other are not known among different data spaces, the specific meaning of each coordinate and displacement is only clear by the program process responsible for creating the data space, and because the data spaces are created randomly each time and have no repeatable logic flow, the possibility of illegally modifying the program or accessing sensitive data by repeatedly tracking and debugging is theoretically eliminated, and the safety of the program is improved.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a" does not exclude the presence of other similar elements in a process, method, article, or apparatus that comprises the element.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it is to be noted that: the above description is only a preferred embodiment of the present invention, and is only used to illustrate the technical solutions of the present invention, and not to limit the protection scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (10)
1. A program encryption method, comprising:
constructing a multidimensional data space manager; wherein the multidimensional data space manager comprises: at least one sample function and a data space corresponding to each sample function;
acquiring a program to be encrypted;
determining at least one sensitive function from the program to be encrypted;
determining a target data space corresponding to each sensitive function according to a sample function corresponding to the sensitive function in the multidimensional data space manager;
randomly generating a target position coordinate corresponding to each sensitive function in a target data space corresponding to each sensitive function;
and generating encrypted data corresponding to the program to be encrypted according to the target position coordinates corresponding to the sensitive functions respectively.
2. The method of claim 1,
the multidimensional data space manager further comprises: at least one variable definition and a calling relationship between each of the sample functions and at least one of the variable definitions;
the randomly generating the target position coordinates corresponding to the sensitive functions in the target data space corresponding to each sensitive function includes:
for each of the sensitive functions, performing:
determining a target calling relation corresponding to the sensitive function according to the sample function corresponding to the sensitive function;
determining a target variable definition from the at least one variable definition according to the target calling relationship;
randomly generating a target position coordinate corresponding to each target variable definition in the target data space.
3. The method of claim 2,
when the number of said sensitive functions is at least two,
generating the encrypted data corresponding to the program to be encrypted according to the target position coordinates corresponding to the sensitive functions respectively, wherein the generating comprises:
for each of the sensitive functions, performing A1-A3:
a1: setting a target entity variable corresponding to the target variable definition on each target position coordinate in the target data space;
a2: determining a return state corresponding to the sensitive function according to the target entity variable;
a3: randomly generating random position coordinates corresponding to the return state in the target data space;
randomly generating a data space authorization key between every two sensitive functions according to the random position coordinates corresponding to the sensitive functions respectively;
and generating encrypted data corresponding to the program to be encrypted according to the space authorization key.
4. The method of claim 3,
generating the encrypted data corresponding to the program to be encrypted according to the space authorization key, including:
analyzing an access pointer between every two sensitive functions from the space authorization key;
determining an access path between target data spaces corresponding to every two sensitive functions according to the access pointer;
and generating encrypted data corresponding to the program to be encrypted according to the determined access path and the target position coordinates corresponding to each target function.
5. A program encrypting apparatus, comprising: the device comprises a construction module, a determination module, a coordinate generation module and an encryption module; wherein the content of the first and second substances,
the construction module is used for constructing a multidimensional data space manager; wherein the multidimensional data space manager comprises: at least one sample function and a data space corresponding to each sample function;
the determining module is used for acquiring a program to be encrypted and determining at least one sensitive function from the program to be encrypted;
the coordinate generating module is used for determining a target data space corresponding to each sensitive function according to a sample function corresponding to the sensitive function in the multidimensional data space manager; randomly generating a target position coordinate corresponding to each sensitive function in a target data space corresponding to each sensitive function;
and the encryption module is used for generating encrypted data corresponding to the program to be encrypted according to the target position coordinates corresponding to the sensitive functions respectively.
6. The apparatus of claim 5,
the multidimensional data space manager further comprises: at least one variable definition and a calling relationship between each of the sample functions and at least one of the variable definitions;
the coordinate generation module is used for executing, for each sensitive function: determining a target calling relation corresponding to the sensitive function according to the sample function corresponding to the sensitive function; determining a target variable definition from the at least one variable definition according to the target calling relationship; randomly generating a target position coordinate corresponding to each target variable definition in the target data space.
7. The apparatus of claim 6,
when the number of said sensitive functions is at least two,
the encryption module includes: a processing unit, a key generation unit and an encrypted data generation unit; wherein the content of the first and second substances,
the processing unit is configured to, for each sensitive function, perform: setting a target entity variable corresponding to the target variable definition on each target position coordinate in the target data space; determining a return state corresponding to the sensitive function according to the target entity variable; randomly generating random position coordinates corresponding to the return state in the target data space;
the key generation unit is used for randomly generating a data space authorization key between every two sensitive functions according to the random position coordinates corresponding to the sensitive functions respectively;
and the encrypted data generating unit is used for generating encrypted data corresponding to the program to be encrypted according to the space authorization key.
8. The apparatus of claim 7,
the encrypted data generating unit is used for analyzing an access pointer between every two sensitive functions from the space authorization key; determining an access path between target data spaces corresponding to every two sensitive functions according to the access pointer; and generating encrypted data corresponding to the program to be encrypted according to the determined access path and the target position coordinates corresponding to each target function.
9. A readable medium comprising executable instructions which, when executed by a processor of a storage controller, cause the storage controller to perform the program encryption method of any one of claims 1 to 4.
10. A storage controller, comprising: a processor, a memory, and a bus; the memory is used for storing execution instructions, the processor is connected with the memory through the bus, and when the storage controller runs, the processor executes the execution instructions stored in the memory so as to enable the storage controller to execute the program encryption method according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810860163.5A CN109033763B (en) | 2018-08-01 | 2018-08-01 | Program encryption method and device, readable medium and storage controller |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810860163.5A CN109033763B (en) | 2018-08-01 | 2018-08-01 | Program encryption method and device, readable medium and storage controller |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109033763A CN109033763A (en) | 2018-12-18 |
| CN109033763B true CN109033763B (en) | 2020-09-04 |
Family
ID=64648291
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810860163.5A Active CN109033763B (en) | 2018-08-01 | 2018-08-01 | Program encryption method and device, readable medium and storage controller |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109033763B (en) |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1288526C (en) * | 2004-09-01 | 2006-12-06 | 中国科学院计算技术研究所 | Software protective method based on function encrypting |
| EP3241302B1 (en) * | 2014-12-29 | 2020-11-04 | Visa International Service Association | Authorizing access to an application library |
| US10185599B2 (en) * | 2015-07-07 | 2019-01-22 | Openvpn Technologies, Inc. | Kernel mode accelerator |
| US10382489B2 (en) * | 2016-12-29 | 2019-08-13 | Mcafee, Llc | Technologies for privacy-preserving security policy evaluation |
| CN107391973A (en) * | 2017-07-17 | 2017-11-24 | 北京深思数盾科技股份有限公司 | A kind of function guard method and device |
-
2018
- 2018-08-01 CN CN201810860163.5A patent/CN109033763B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN109033763A (en) | 2018-12-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Kantarcioglu et al. | Securing big data in the age of AI | |
| JP3459649B2 (en) | Data exchange system including portable data processing unit | |
| Karger | Improving security and performance for capability systems | |
| CN102043915B (en) | Method and device for detecting malicious code contained in non-executable file | |
| US11593473B2 (en) | Stack pivot exploit detection and mitigation | |
| KR20090002140A (en) | Method to recognize information flows and detect information leakages by analyzing user's behaviors | |
| CN107145376A (en) | A kind of active defense method and device | |
| US20190197216A1 (en) | Method, apparatus, and computer-readable medium for executing a logic on a computing device and protecting the logic against reverse engineering | |
| Apvrille et al. | SysML-Sec attack graphs: compact representations for complex attacks | |
| Bouffard et al. | Reversing the operating system of a Java based smart card | |
| CN107122656A (en) | It is a kind of that the outside method and apparatus debugged are prevented by Self-debugging | |
| Yang et al. | Eavesdropping user credentials via GPU side channels on smartphones | |
| US20240061933A1 (en) | Systems and methods for causing nonpredictable environment states for exploit prevention and malicious code neutralization for javascript-enabled applications | |
| CN109033763B (en) | Program encryption method and device, readable medium and storage controller | |
| CN105184150B (en) | Means of interpretation, the device of a kind of sentence preprocess method, device and sentence | |
| CN112351008B (en) | Network attack analysis method and device, readable storage medium and computer equipment | |
| de Castro et al. | EVINCED: Integrity verification scheme for embedded systems based on time and clock cycles | |
| US8321668B2 (en) | Control of data access by dynamically verifying legal references | |
| Kim | The impact of platform vulnerabilities in AI systems | |
| CN113886774B (en) | Anti-debugging method and device | |
| Kaiya et al. | Eliciting security requirements for an information system using asset flows and processor deployment | |
| US11314855B2 (en) | Detecting stack pivots using stack artifact verification | |
| US20230205882A1 (en) | Detecting malicious queries using syntax metrics | |
| Sun | Understanding and Defending against the Security Threats on Mobile and IoT Devices | |
| Yakkundi | Security Implications of Memory Use on Java Card Platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200810 Address after: Wusong Industrial Park, Wuzhong Development District of Suzhou City, Jiangsu province 215100 Wusong Road No. 818 Applicant after: INSPUR FINANCIAL INFORMATION TECHNOLOGY Co.,Ltd. Address before: 215100 No. 178 Tayun Road, Yuexi Street, Wuzhong District, Suzhou City, Jiangsu Province Applicant before: SUZHOU INSPUR INTELLIGENT SOFTWARE Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |