CN111399844B - Secure compiling method, secure compiling device, electronic equipment and computer readable medium - Google Patents

Secure compiling method, secure compiling device, electronic equipment and computer readable medium Download PDF

Info

Publication number
CN111399844B
CN111399844B CN202010170921.8A CN202010170921A CN111399844B CN 111399844 B CN111399844 B CN 111399844B CN 202010170921 A CN202010170921 A CN 202010170921A CN 111399844 B CN111399844 B CN 111399844B
Authority
CN
China
Prior art keywords
data
registered
compiling
mobile application
intermediate code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010170921.8A
Other languages
Chinese (zh)
Other versions
CN111399844A (en
Inventor
付存军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tongdun Guangzhou Technology Co ltd
Original Assignee
Tongdun Guangzhou Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tongdun Guangzhou Technology Co ltd filed Critical Tongdun Guangzhou Technology Co ltd
Priority to CN202010170921.8A priority Critical patent/CN111399844B/en
Publication of CN111399844A publication Critical patent/CN111399844A/en
Application granted granted Critical
Publication of CN111399844B publication Critical patent/CN111399844B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • G06F8/44Encoding
    • G06F8/447Target code generation
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

Embodiments of the present disclosure provide a secure compiling method, apparatus, electronic device, and computer readable medium. The method comprises the following steps: acquiring a code source file of a mobile application; front-end compiling is carried out on the code source file to obtain an intermediate code; removing the to-be-registered method segment attribute of the global variable in the intermediate code; and performing back-end compiling on the removed intermediate codes to obtain executable files of the mobile application. According to the secure compiling method, the secure compiling device, the electronic equipment and the computer readable medium, when the code source file is compiled, the attribute of the method section to be registered of the global variable is removed, registration of the method in the compiling process can be omitted, direct calling by an attacker is avoided, and safety is improved.

Description

Secure compiling method, secure compiling device, electronic equipment and computer readable medium
Technical Field
The present disclosure relates to the field of internet security, and in particular, to a security compiling method, apparatus, electronic device, and computer readable medium.
Background
With the development of mobile internet technology, mobile Application (APP) has become an important tool in people's life and work. However, the popularity of mobile applications also presents a certain safety hazard. For example, risks and vulnerabilities commonly existing in mobile applications can be utilized by lawbreakers to attack user equipment, steal materials, property, implant viruses, etc., causing serious loss to people's lives and enterprises. Methods for executable files in mobile applications are registered at present. An attacker can operate the mobile application by directly calling registered methods in the mobile application to implement its illegal actions, causing serious loss to the user.
Thus, there is a need for a new secure compiling method, apparatus, electronic device and computer readable medium.
It should be noted that the information disclosed in the above background section is only for enhancing understanding of the background of the present disclosure and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
The embodiment of the disclosure provides a secure compiling method, a secure compiling device, electronic equipment and a computer readable medium, so that the security defect that an application program is attacked by an attacker calling method in the prior art is overcome at least to a certain extent.
Other features and advantages of the present disclosure will be apparent from the following detailed description, or may be learned in part by the practice of the disclosure.
The embodiment of the disclosure provides a secure compiling method, which comprises the following steps: acquiring a code source file of a mobile application; front-end compiling is carried out on the code source file to obtain an intermediate code; removing the to-be-registered method segment attribute of the global variable in the intermediate code; and performing back-end compiling on the removed intermediate codes to obtain executable files of the mobile application.
In an exemplary embodiment of the present disclosure, the method further comprises: analyzing the executable file to obtain a starting address and an occupied size of first data comprising a method name section and a starting address and an occupied size of second data comprising a data section; traversing the second data according to the starting address and the occupied size of the second data; determining a method to be registered according to the traversing result and the first data; registering the method to be registered to obtain the mobile application.
In an exemplary embodiment of the present disclosure, determining a method to be registered according to a traversal result and the first data includes: determining an address range of the first data according to the starting address and the occupation size of the first data; and if the second data is in the address range of the first data in the traversal process, determining the second data as the method to be registered.
In an exemplary embodiment of the present disclosure, registering the method to be registered, obtaining the mobile application includes: obtaining configuration information of the method to be registered; and registering the method to be registered according to the configuration information of the method to be registered to obtain the mobile application.
In one exemplary embodiment of the present disclosure, traversing the second data according to the starting address and the occupancy size of the second data includes: acquiring system type information; determining the data length of the second data according to the system type information; traversing the second data according to the data length, the starting address and the occupied size of the second data. In an exemplary embodiment of the present disclosure, removing the to-be-registered method segment attribute of the global variable from the intermediate code includes: traversing the global variable in the intermediate code to obtain at least one attribute information of the global variable; and if the at least one attribute information of the global variable comprises the to-be-registered method segment attribute, eliminating the to-be-registered method segment attribute of the global variable.
In one exemplary embodiment of the present disclosure, front-end compiling the code source file to obtain intermediate code includes: generating a compiling command according to the dynamic library; and compiling the code source file according to the compiling command and the compiling parameter to obtain the intermediate code.
The embodiment of the disclosure provides a secure compiling device, which comprises: a source file acquisition module configured to acquire a code source file of a mobile application; the front-end compiling module is configured to carry out front-end compiling on the code source file to obtain an intermediate code; the intermediate code processing module is configured to remove the to-be-registered method segment attribute of the global variable in the intermediate code; and the back-end compiling module is configured to perform back-end compiling on the removed intermediate codes to obtain executable files of the mobile application.
An embodiment of the present disclosure proposes an electronic device including: one or more processors; and storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the secure compilation method as described in the above embodiments.
In the technical schemes provided by some embodiments of the present disclosure, when compiling a code source file of a mobile application, the attribute of a method segment to be registered of a global variable is removed, so that registration of a method in the compiling process can be omitted, and an executable file of the mobile application without a registered method is obtained. Furthermore, the mobile application can be prevented from directly calling the registered method by an attacker, and the safety of the mobile application is improved.
In the technical schemes provided by other embodiments of the present disclosure, by traversing the second data, the traversing result can be compared with the first data to determine the method to be registered, so that the registration of the method in the mobile application can be realized, the mobile application is prevented from being directly invoked by an attacker, and the security of the mobile application is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure. It will be apparent to those of ordinary skill in the art that the drawings in the following description are merely examples of the disclosure and that other drawings may be derived from them without undue effort.
In the drawings:
FIG. 1 illustrates a schematic diagram of an exemplary system architecture 100 to which the secure compilation method or apparatus of embodiments of the present disclosure may be applied;
FIG. 2 schematically illustrates a flow diagram of a secure compilation method according to one embodiment of the present disclosure;
FIG. 3 schematically illustrates a flow diagram of a secure compilation method according to one embodiment of the present disclosure;
FIG. 4 schematically illustrates a flow diagram of a secure compilation method according to one embodiment of the present disclosure;
FIG. 5 schematically illustrates a flow diagram of a secure compilation method according to one embodiment of the present disclosure;
FIG. 6 schematically illustrates a flow diagram of a secure compilation method according to one embodiment of the present disclosure;
FIG. 7 schematically illustrates a flow diagram of a secure compilation method according to one embodiment of the present disclosure;
FIG. 8 schematically illustrates a flow diagram of a secure compilation method according to one embodiment of the present disclosure;
FIG. 9 schematically illustrates a flow diagram of a secure compilation method according to another embodiment of the present disclosure;
FIG. 10 schematically illustrates a block diagram of a secure compiling apparatus according to an embodiment of the disclosure;
fig. 11 shows a schematic diagram of a computer system suitable for use in implementing embodiments of the present disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments may be embodied in many forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the disclosed aspects may be practiced without one or more of the specific details, or with other methods, components, devices, steps, etc. In other instances, well-known methods, devices, implementations, or operations are not shown or described in detail to avoid obscuring aspects of the disclosure.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
FIG. 1 illustrates a schematic diagram of an exemplary system architecture 100 to which the secure compilation method or apparatus of embodiments of the present disclosure may be applied.
As shown in fig. 1, the system architecture 100 may include one or more of terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation. For example, the server 105 may be a server cluster formed by a plurality of servers.
The user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, portable computers, desktop computers, wearable devices, virtual reality devices, smart homes, etc.
The server 105 may be a server providing various services. For example, the terminal device 103 (which may also be the terminal device 101 or 102) uploads the code source file of the mobile application to the server 105. The server 105 may obtain a code source file for the mobile application; front-end compiling is carried out on the code source file to obtain an intermediate code; removing the to-be-registered method segment attribute of the global variable in the intermediate code; and performing back-end compiling on the removed intermediate codes to obtain executable files of the mobile application. And feeds back the executable file of the mobile application to the terminal device 103, so that the terminal device 103 can operate the executable file of the mobile application according to the user operation.
Fig. 2 schematically illustrates a flow diagram of a secure compilation method according to one embodiment of the present disclosure. The method provided in the embodiments of the present disclosure may be processed by any electronic device having computing processing capability, for example, the server 105 and/or the terminal devices 101, 102, 103 in the embodiment of fig. 1, and in the following embodiments, the server 105 is taken as an example to illustrate the implementation subject, but the present disclosure is not limited thereto.
As shown in fig. 2, the secure compiling method provided by the embodiment of the disclosure may include the following steps.
In step S210, a code source file of the mobile application is acquired.
In the embodiment of the present disclosure, the mobile application may be, for example, a mobile application of an IOS system, but the technical solution of the present disclosure is not limited thereto.
In step S220, front-end compilation is performed on the code source file to obtain intermediate code.
In embodiments of the present disclosure, the intermediate code may be obtained by compiling the code source file by a front-end compiler (e.g., a Clang compiler). The Clang compiler belongs to LLVM sub-projects, and generates intermediate codes by performing grammar analysis, semantic analysis and generation on code source files at the front end of the compiler in a C/C++ system. Intermediate code (Intermediate Representation, also called IR file, intermediate language) is an equivalent internal representation code of a source program that is syntax-oriented and easily translated into a target program.
In step S230, the to-be-registered method segment attribute of the global variable is removed from the intermediate code.
In embodiments of the present disclosure, a segment table may be included in the intermediate code. The segment table describes the offset position and size of the individual segments. Wherein attribute information, such as a method to be registered segment attribute (_objc_selrefs attribute), may be included in the segment table. For example, part of the content of the intermediate code is as follows:
@OBJC_SELECTOR_REFERENCES_.17=private externally_initialized global i8*getelementptr inbounds([15x i8],[15x i8]*
@OBJC_METH_VAR_NAME_.16,i32 0,i32 0),section"__DATA,__objc_selrefs,literal_pointers,no_dead_strip",align 8
after the operation of this step is performed, the content of the intermediate code portion obtained is as follows:
@OBJC_SELECTOR_REFERENCES_.17=private externally_initialized global i8*getelementptr inbounds([15x i8],[15x i8]*
@OBJC_METH_VAR_NAME_.16,i32 0,i32 0),section"__DATA,literal_pointers,no_dead_strip",align 8
in step S240, the removed intermediate code is back-end compiled to obtain an executable file of the mobile application.
In the embodiment of the disclosure, the back-end compilation sequentially processes the intermediate code through an optimizer, an assembler and a linker to obtain an executable file. The executable file may be in the map_ o (Mach Object) format, but the disclosure is not limited thereto.
In step S240 of the embodiment of the present disclosure, when the intermediate code after being removed is processed, since the global variable does not include the attribute of the method segment to be registered that describes the method to be registered, the compiling process will not generate the registration method.
According to the safe compiling method provided by the embodiment of the disclosure, when compiling the code source file of the mobile application, the attribute of the method section to be registered of the global variable is removed, so that the registration of the method in the compiling process can be omitted, and the executable file of the mobile application without the registered method is obtained. Furthermore, the mobile application can be prevented from directly calling the registered method by an attacker, and the safety of the mobile application is improved.
Fig. 3 schematically illustrates a flow diagram of a secure compilation method according to one embodiment of the present disclosure.
As shown in fig. 3, the secure compiling method based on the above embodiment further includes the following steps.
In step S310, the executable file is parsed to obtain a start address and an occupied size of the first data including the method name segment, and a start address and an occupied size of the second data including the data segment.
In the embodiment of the disclosure, the method name field is an_objc_meta field, and the data field is a_data field.
In embodiments of the present disclosure, the executable file may include a segment table that describes offset locations and sizes of individual segments. The first data in the segment table including the method name segment may be at least one, and the start address and the occupied size of the first data describe an offset position of the first data in the executable file. The second data in the segment table comprising the data segment may be at least one, the start address and the occupied size of the second segment data describing an offset location of the second data in the executable file.
The technical scheme of the embodiment of the disclosure can be executed when the mobile application is started. For example, steps S210 to S240 in fig. 2 may be performed when the mobile application is generated. And performs steps S310 to S340 of the embodiments of the present disclosure when the mobile application is started.
In step S320, the second data is traversed according to the start address and the occupation size of the second data.
In the embodiment of the disclosure, the address range of the second data may be determined according to the starting address and the occupation size of the second data, and the second data may be traversed according to the address range of the second data.
In step S330, a method to be registered is determined according to the traversal result and the first data.
In the embodiment of the disclosure, since the global variable in the intermediate code after being removed does not contain the attribute of the method segment to be registered, the global variable containing the attribute of the method segment to be registered is compiled into the data containing the data segment (_data segment). According to the embodiment of the disclosure, the second data is traversed, and the data originally containing the to-be-registered method segment attribute in the second data can be carded according to the traversing result to determine the to-be-registered method to be registered.
In step S340, the method to be registered is registered, and the mobile application is obtained.
In the embodiment of the disclosure, the method to be registered can be registered through an interface for calling a system function (such as a sel_registerName function), so as to obtain the mobile application, so that the class can normally run the mobile application when the method is called.
In an exemplary embodiment, configuration information of a method to be registered may be obtained; and registering the method to be registered according to the configuration information of the method to be registered to obtain the mobile application.
According to the secure compiling method, the second data are traversed, the traversing result can be compared with the first data, the method to be registered is determined, further the method in the mobile application can be registered, the mobile application is prevented from being directly called by an attacker, and the security of the mobile application is improved.
Fig. 4 schematically illustrates a flow diagram of a secure compilation method according to one embodiment of the present disclosure.
As shown in fig. 4, the secure compiling method provided by the embodiment of the disclosure may include the following steps.
In step S410, an address range of the first data is determined according to the start address and the occupation size of the first data.
In step S420, if the second data is within the address range of the first data in the traversal process, it is determined that the second data is the method to be registered.
In the embodiment of the disclosure, since the global variable in the intermediate code after being removed does not include the attribute of the method segment to be registered, the global variable including the attribute of the method segment to be registered is compiled into the second data including the data segment. Since the first data includes the method name of the mobile application. The method to be registered can be determined by comparing the address range of the first data with the second data.
Steps S410 to S420 of the embodiments of the present disclosure may be used as an alternative step to step S330 in fig. 3.
According to the secure compiling method, the second data is screened according to the address range of the first data, and the method to be registered can be accurately determined.
Fig. 5 schematically illustrates a flow diagram of a secure compilation method according to one embodiment of the present disclosure.
As shown in fig. 5, the secure compiling method provided by the embodiment of the disclosure may include the following steps.
In step S510, configuration information of a method to be registered is obtained.
In step S520, the method to be registered is registered according to the configuration information of the method to be registered, and the mobile application is obtained.
In the embodiment of the disclosure, whether the method to be registered needs protection or not can be determined according to the configuration information of the method to be registered. And registering the method to be registered which does not need to be protected, and registering the method to be registered which needs to be protected before the function call.
Steps S510 to S520 of the embodiments of the present disclosure may be used as an alternative step to step S340 in fig. 3.
Fig. 6 schematically illustrates a flow diagram of a secure compilation method according to one embodiment of the present disclosure.
As shown in fig. 6, the secure compiling method provided by the embodiment of the disclosure may include the following steps.
In step S610, system type information is acquired.
In an embodiment of the present disclosure, the system type information may include: 32-bit system, 64-bit system.
In step S620, the data length of the second data is determined according to the system type information.
In an embodiment of the present disclosure, the data length may include: 4-byte data length, 8-byte data length. If the system type information is a 32-bit system, the data length can be determined to be 4 bytes of data length; if the system type information is a 64-bit system, it can be determined that the data length is 8-byte data length.
In step S630, the second data is traversed according to the data length, the start address and the occupation size of the second data.
In the embodiment of the disclosure, the address range of the second data can be determined according to the starting address and the occupation size of the second data. And determining a traversing range according to the address range of the second data, and traversing the second data by taking the data length of the second data as a traversing step length.
Steps S610 to S630 of the embodiments of the present disclosure may be used as an alternative step to step S320 in fig. 3.
Fig. 7 schematically illustrates a flow diagram of a secure compilation method according to one embodiment of the present disclosure.
As shown in fig. 7, the secure compiling method provided by the embodiment of the disclosure may include the following steps.
In step S710, the global variable in the intermediate code is traversed to obtain at least one attribute information of the global variable.
In the embodiment of the present disclosure, at least one attribute information of the global variable may include a method segment attribute to be registered, and the present disclosure is not limited in particular.
In step S720, if at least one attribute information of the global variable includes the to-be-registered method segment attribute, the to-be-registered method segment attribute of the global variable is removed.
Steps S710 to S720 of the embodiment of the present disclosure may be used as an alternative step to step S230 in fig. 2.
Fig. 8 schematically illustrates a flow diagram of a secure compilation method according to one embodiment of the present disclosure.
As shown in fig. 8, the secure compiling method provided by the embodiment of the disclosure may include the following steps.
In step S810, a compiling command is generated from the dynamic library.
In embodiments of the present disclosure, the compilation commands may be generated from underlying virtual machine (Low Level Virtual Machine, LLVM) source code compilation.
In step S820, the code source file is compiled according to the compiling command and the compiling parameters, and the intermediate code is obtained.
In embodiments of the present disclosure, the code source file may be compiled to obtain intermediate code according to a compilation command and a compilation parameter (e.g., -emit-llvm).
Steps S810 to S820 in the embodiments of the present disclosure may be used as alternative steps to step S220 in fig. 2.
According to the safe compiling method, intermediate language processing is performed through the integrated dynamic library, compiling time and testing time can be reduced, and compiling efficiency is improved.
Fig. 9 schematically illustrates a flow chart of a secure compiling method according to another embodiment of the disclosure.
As shown in fig. 9, the secure compiling method based on the above embodiment further includes the following steps.
In step S910, a compiling command is generated from the dynamic library.
In step S920, the compiling command is filtered to obtain a front-end compiling command.
In the disclosed embodiments, the front-end compilation command may be used to generate intermediate code.
In step S930, the code source file of the mobile application is compiled according to the front-end compilation command, and an intermediate code is obtained.
In an exemplary embodiment, the code source file may also be compiled to obtain intermediate code according to a compilation parameter (e.g., -exit-llvm) and a front-end compilation command.
In step S940, the global variable in the intermediate code is traversed, and the to-be-registered method segment attribute of the global variable is removed.
In step S950, the removed intermediate code is back-end compiled to obtain an executable file of the mobile application.
In step S960, when the mobile application is started, the executable file is parsed to obtain the start address and the occupied size of the first data including the method name segment, and the start address and the occupied size of the second data including the data segment.
In step S970, an address range of the first data is determined according to the start address and the occupation size of the first data; traversing the second data according to the starting address and the occupied size of the second data; and if the second data is in the address range of the first data in the traversal process, determining the second data as a method to be registered.
In the embodiment of the disclosure, when the executable file is a MACH_O format file, the MACH_O file may be parsed to determine the start address and the occupied size of the segment names __ obj_meta (method name segment) and __ data (data segment). For example, __ obj c_meta_0 x100 is the starting address __ obj c_meta_0x100, 0x200 is occupied, __ data_0x400 is the starting address __ data, and 0x600 is occupied. One 8-letter value (64-bit system fetches 8-byte address, 32-bit system fetches 4-byte address) within the fetch address (__ data_0x400+8 x index) is traversed starting from address __ data_0x400, which is not called int64_tdata_index_value, and if the value of data_index_value is between __ obj_meta_0x100 and __ obj_meta_meta_0x300, a function (which may be sel_register name (data_index_value), for example) is called for registration. Wherein the function may return a value of sel_selrefval and then write the value of sel_selrefval into the __ data_0x400+8 x index) corresponding address.
In step S980, the method to be registered is registered, and the mobile application is obtained.
In an exemplary embodiment, configuration information of a method to be registered may be obtained; and registering the method to be registered according to the configuration information of the method to be registered to obtain the mobile application.
The secure compiling method of the embodiment of the disclosure eliminates the registration of the method in the compiling process by eliminating the attribute of the method section to be registered in the intermediate code, and obtains the executable file of the mobile application without the registered method. Furthermore, the mobile application can be prevented from directly calling the registered method by an attacker, and the safety of the mobile application is improved. Meanwhile, the security compiling method of the embodiment of the disclosure can compare the traversing result with the first data by traversing the second data to determine the method to be registered, thereby realizing the registration of the method in the mobile application, avoiding the mobile application from being directly called by an attacker and improving the security of the mobile application.
The following describes embodiments of an apparatus of the present disclosure that may be used to perform the secure compilation method described above of the present disclosure. For details not disclosed in the embodiments of the apparatus of the present disclosure, please refer to the embodiments of the secure compiling method described above in the present disclosure.
Fig. 10 schematically illustrates a block diagram of a secure compiling apparatus according to an embodiment of the disclosure.
Referring to fig. 10, a secure compiling apparatus 900 according to an embodiment of the disclosure may include: a source file acquisition module 1010, a front-end compilation module 1020, an intermediate code processing module 1030, and a back-end compilation module 1040.
In the secure compilation apparatus 1000, the source file acquisition module 1010 may be configured to acquire a code source file of a mobile application.
The front-end compilation module 1020 may be configured to front-end compile the code source file to obtain intermediate code.
The intermediate code processing module 1030 may be configured to reject the to-be-registered method segment attribute of the global variable in the intermediate code.
The back-end compiling module 1040 is configured to perform back-end compiling on the intermediate code after the removal to obtain an executable file of the mobile application.
In an exemplary embodiment, the secure compiling apparatus 1000 may further include a parsing module, a traversing module, a method determining module, and a method registering module. The parsing module may be configured to parse the executable file to obtain a start address and an occupied size of the first data including the method name segment, and a start address and an occupied size of the second data including the data segment. The traversing module may be configured to traverse the second data according to the starting address and the occupancy size of the second data. The method determination module may be configured to determine a method to be registered according to the traversal result and the first data; the method registration module may be configured to register a method to be registered to obtain a mobile application.
In an exemplary embodiment, the method determination module may include an address determination unit and a method determination unit. Wherein the address determination unit may be configured to determine the address range of the first data based on the start address and the occupation size of the first data. The method determination unit may be configured to determine the second data as the method to be registered if the second data is within the address range of the first data during the traversal.
In an exemplary embodiment, the method registration module may include a configuration acquisition unit and a method registration unit. Wherein the configuration acquisition unit may be configured to acquire configuration information of the method to be registered. The method registration unit may be configured to register the method to be registered according to configuration information of the method to be registered, and obtain the mobile application.
In an exemplary embodiment, the traversal module may include a system information acquisition unit, a data length determination unit, and a traversal unit. Wherein the system information acquisition unit may be configured to acquire the system type information. The data length determining unit may be configured to determine the data length of the second data according to the system type information. The traversing unit may be configured to traverse the second data according to the data length, the start address and the occupation size of the second data.
In an exemplary embodiment, the intermediate code processing module may include a variable traversing unit and a data culling unit. Wherein. The variable traversing unit can be configured to traverse the global variable in the intermediate code to obtain at least one attribute information of the global variable; the data rejection unit may be configured to reject the to-be-registered method segment attribute of the global variable if the at least one attribute information of the global variable includes the to-be-registered method segment attribute.
In an exemplary embodiment, the front-end compilation module may include a command generation unit and a front-end compilation unit. Wherein the command generating unit may be configured to generate the compiling command according to the dynamic library. The front-end compilation unit may be configured to compile the code source file according to the compilation command and the compilation parameters to obtain intermediate code.
According to the safe compiling device provided by the embodiment of the disclosure, when compiling the code source file of the mobile application, the attribute of the method section to be registered of the global variable is removed, so that the registration of the method in the compiling process can be omitted, and the executable file of the mobile application without the registered method is obtained. Furthermore, the mobile application can be prevented from directly calling the registered method by an attacker, and the safety of the mobile application is improved.
According to the security compiling device provided by other embodiments of the present disclosure, by traversing the second data, the traversing result can be compared with the first data to determine the method to be registered, so that the registration of the method in the mobile application can be realized, the mobile application is prevented from being directly invoked by an attacker, and the security of the mobile application is improved.
Fig. 11 shows a schematic diagram of a computer system suitable for use in implementing embodiments of the present disclosure. It should be noted that, the computer system 1100 of the electronic device shown in fig. 11 is only an example, and should not impose any limitation on the functions and the application scope of the embodiments of the present disclosure.
As shown in fig. 11, the computer system 1100 includes a Central Processing Unit (CPU) 1101 that can execute various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 1102 or a program loaded from a storage section 1108 into a Random Access Memory (RAM) 1103. In the RAM 1103, various programs and data required for system operation are also stored. The CPU 1001, ROM 1102, and RAM 1103 are connected to each other by a bus 1104. An input/output (I/O) interface 1105 is also connected to bus 1104.
The following components are connected to the I/O interface 1105: an input section 1106 including a keyboard, a mouse, and the like; an output portion 1107 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 1108 including a hard disk or the like; and a communication section 1109 including a network interface card such as a LAN card, a modem, and the like. The communication section 1109 performs communication processing via a network such as the internet. The drive 1110 is also connected to the I/O interface 1105 as needed. Removable media 1112, such as a magnetic disk, optical disk, magneto-optical disk, semiconductor memory, or the like, is mounted on drive 1110 as needed so that a computer program read therefrom is mounted into storage section 1108 as needed.
In particular, according to embodiments of the present disclosure, the processes described below with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program can be downloaded and installed from a network via the communication portion 1109, and/or installed from the removable media 1111. When executed by a Central Processing Unit (CPU) 1101, performs the various functions defined in the system of the present application.
It should be noted that the computer readable medium shown in the present disclosure may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present disclosure, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules and/or units and/or sub-units referred to in the embodiments of the present disclosure may be implemented in software or hardware, and the described modules and/or units and/or sub-units may be disposed in a processor. Wherein the names of the modules and/or units and/or sub-units do not in some cases constitute a limitation of the modules and/or units and/or sub-units themselves.
As another aspect, the present application also provides a computer-readable medium that may be contained in the electronic device described in the above embodiment; or may exist alone without being incorporated into the electronic device. The computer-readable medium carries one or more programs which, when executed by one of the electronic devices, cause the electronic device to implement the methods described in the embodiments below. For example, the electronic device may implement the steps shown in fig. 2 or fig. 3 or fig. 4 or fig. 5 or fig. 6 or fig. 7 or fig. 8 or fig. 9.
It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, a touch terminal, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It is to be understood that the present disclosure is not limited to the precise arrangements and instrumentalities shown in the drawings, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (9)

1. A secure compiling method, comprising:
acquiring a code source file of a mobile application;
front-end compiling is carried out on the code source file to obtain an intermediate code;
removing the to-be-registered method segment attribute of the global variable in the intermediate code, wherein the to-be-registered method segment attribute is used for generating a registration method;
performing back-end compiling on the intermediate code with the attribute of the method section to be registered removed to obtain an executable file of the mobile application, so that the executable file generated by compiling does not comprise a registered method;
analyzing the executable file to obtain a starting address and an occupied size of first data comprising a method name section and a starting address and an occupied size of second data comprising a data section;
traversing the second data according to the starting address and the occupied size of the second data;
determining a method to be registered according to the traversing result and the first data;
registering the method to be registered to start the mobile application.
2. The method of claim 1, wherein determining a method to be registered from the traversal result and the first data comprises:
determining an address range of the first data according to the starting address and the occupation size of the first data;
and if the second data is in the address range of the first data in the traversal process, determining the second data as the method to be registered.
3. The method of claim 1, wherein registering the method to be registered, obtaining the mobile application comprises:
obtaining configuration information of the method to be registered;
and registering the method to be registered according to the configuration information of the method to be registered to obtain the mobile application.
4. The method of claim 1, wherein traversing the second data based on the starting address and the occupancy size of the second data comprises:
acquiring system type information;
determining the data length of the second data according to the system type information;
traversing the second data according to the data length, the starting address and the occupied size of the second data.
5. The method of claim 1, wherein rejecting to-be-registered method segment attributes of global variables in the intermediate code comprises:
traversing the global variable in the intermediate code to obtain at least one attribute information of the global variable;
and if the at least one attribute information of the global variable comprises the to-be-registered method segment attribute, eliminating the to-be-registered method segment attribute of the global variable.
6. The method of claim 1, wherein front-end compiling the code source file to obtain intermediate code comprises:
generating a compiling command according to the dynamic library;
and compiling the code source file according to the compiling command and the compiling parameter to obtain the intermediate code.
7. A secure compiling device, comprising:
a source file acquisition module configured to acquire a code source file of a mobile application;
the front-end compiling module is configured to carry out front-end compiling on the code source file to obtain an intermediate code;
the intermediate code processing module is configured to remove the to-be-registered method segment attribute of the global variable in the intermediate code, wherein the to-be-registered method segment attribute is used for registering a method;
the back-end compiling module is configured to perform back-end compiling on the intermediate code with the method segment attribute to be registered removed to obtain an executable file of the mobile application, so that the executable file generated by compiling does not comprise a registered method;
the analysis module is configured to analyze the executable file to obtain a starting address and an occupied size of first data comprising a method name section and a starting address and an occupied size of second data comprising a data section;
the traversing module is configured to traverse the second data according to the starting address and the occupied size of the second data;
the method determining module is configured to determine a method to be registered according to the traversing result and the first data;
and the method registration module is configured to register the method to be registered so as to start the mobile application.
8. An electronic device, comprising:
one or more processors;
a storage means for storing one or more programs;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-6.
9. A computer readable medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any of claims 1-6.
CN202010170921.8A 2020-03-12 2020-03-12 Secure compiling method, secure compiling device, electronic equipment and computer readable medium Active CN111399844B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010170921.8A CN111399844B (en) 2020-03-12 2020-03-12 Secure compiling method, secure compiling device, electronic equipment and computer readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010170921.8A CN111399844B (en) 2020-03-12 2020-03-12 Secure compiling method, secure compiling device, electronic equipment and computer readable medium

Publications (2)

Publication Number Publication Date
CN111399844A CN111399844A (en) 2020-07-10
CN111399844B true CN111399844B (en) 2023-11-24

Family

ID=71432379

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010170921.8A Active CN111399844B (en) 2020-03-12 2020-03-12 Secure compiling method, secure compiling device, electronic equipment and computer readable medium

Country Status (1)

Country Link
CN (1) CN111399844B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1790267A (en) * 2005-12-14 2006-06-21 浙江大学 Virtual machine compiling system implementation method applied in Java operation system
CN102681838A (en) * 2010-11-10 2012-09-19 欧贝特技术公司 Method, computer program and device for providing security for intermediate programming code for its execution by a virtual machine

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9280554B2 (en) * 2012-09-28 2016-03-08 Oracle International Corporation Using confidence values for synchronizing file systems
US9442707B2 (en) * 2014-06-25 2016-09-13 Microsoft Technology Licensing, Llc Incremental whole program compilation of code
CN108376066B (en) * 2016-11-24 2020-09-11 腾讯科技(深圳)有限公司 Code processing device and code processing method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1790267A (en) * 2005-12-14 2006-06-21 浙江大学 Virtual machine compiling system implementation method applied in Java operation system
CN102681838A (en) * 2010-11-10 2012-09-19 欧贝特技术公司 Method, computer program and device for providing security for intermediate programming code for its execution by a virtual machine

Also Published As

Publication number Publication date
CN111399844A (en) 2020-07-10

Similar Documents

Publication Publication Date Title
CN110659210A (en) Information acquisition method and device, electronic equipment and storage medium
CN113326030A (en) Service request processing method and device
US9064042B2 (en) Instrumenting computer program code by merging template and target code methods
CN113238737A (en) Page packaging method and device, electronic equipment and storage medium
CN111399844B (en) Secure compiling method, secure compiling device, electronic equipment and computer readable medium
CN113760242A (en) Data processing method, device, server and medium
CN110489164B (en) Acquisition method, device, medium and equipment of hidden assertion information
CN110908882A (en) Performance analysis method and device of application program, terminal equipment and medium
CN107817972B (en) Cache code processing method and device, storage medium and electronic equipment
CN113821486B (en) Method and device for determining dependency relationship between pod libraries and electronic equipment
CN108984221B (en) Method and device for acquiring multi-platform user behavior logs
CN114090514A (en) Log retrieval method and device for distributed system
CN113190235B (en) Code analysis method and device, electronic terminal and storage medium
CN112379967B (en) Simulator detection method, device, equipment and medium
CN111796865B (en) Byte code file modification method, device, terminal equipment and medium
CN113448585B (en) Compiling method and device of thread pool, electronic equipment and storage medium
CN110674491B (en) Method and device for real-time evidence obtaining of android application and electronic equipment
CN114065197A (en) Call sequence generation method and device, electronic equipment, storage medium and product
CN111274551B (en) Compiler-based java code protection method and device and electronic equipment
CN113988313A (en) User data deleting method and device and electronic equipment
CN113779576A (en) Identification method and device for executable file infected virus and electronic equipment
CN111209225B (en) Method, device, medium and electronic equipment for acquiring real address
CN111625432B (en) Page loading time consumption determination method and device and computer readable storage medium
GB2508365A (en) Optimising a compilation parser by identifying a subset of grammar productions
CN113946347B (en) Function call detection method and device, electronic equipment and readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant