CN111538988A - Anti-attack program running method and device, storage medium and electronic device - Google Patents
Anti-attack program running method and device, storage medium and electronic device Download PDFInfo
- Publication number
- CN111538988A CN111538988A CN202010345713.7A CN202010345713A CN111538988A CN 111538988 A CN111538988 A CN 111538988A CN 202010345713 A CN202010345713 A CN 202010345713A CN 111538988 A CN111538988 A CN 111538988A
- Authority
- CN
- China
- Prior art keywords
- instruction
- task
- program
- target
- noise
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Abstract
The application discloses an anti-attack program running method and device, a storage medium and an electronic device. Wherein, the method comprises the following steps: acquiring a target program to be operated; converting the target program into an instruction sequence, wherein the task represented by the instruction sequence is the same as the task represented by the target program; in the process of executing the task instruction in the instruction sequence, the noise instruction in the first instruction set is executed, and the task represented by the noise instruction is different from the task represented by the instruction sequence. The application solves the technical problem that the safety of related technology software is low.
Description
Technical Field
The application relates to the field of software security, in particular to an anti-attack program running method and device, a storage medium and an electronic device.
Background
In the information society, cryptography is applied to people in many ways, and is often used to provide confidential information, i.e., to protect transmitted and stored information. The cryptographic technology can also be used for message signature, identity authentication, system control, information sources and the like, and is an important technology for the development and progress of the human society. While crypto-coding has been developed, the corresponding cryptanalytic techniques have also been greatly improved. In reality, the design security of the cryptographic algorithm is not limited to the security of the algorithm itself, but also includes the security of the cryptographic chip, which is the physical entity of the implementation. When the cryptographic chip works or a processor running a cryptographic algorithm works, many extra information leaks (such as Side-channel information leaks) occur, the information leaks are generated due to the physical characteristics of the chip, and a corresponding cryptographic analysis method is called Side-channel attack (SCA).
The side channel attack bypasses the complicated analysis of the cryptographic algorithm, and analyzes various information (such as running time, power consumption, electromagnetic radiation, Cache, sound and the like) leaked when the chip runs the cryptographic algorithm. At present, side channel attacks have become one of the biggest threats in the security field, and the side channel attack technology has been successfully applied to attack most of cryptographic algorithms and protocols, including public key algorithms (such as RSA, ECC, etc.), block ciphers (such as DES, CLEFIA, AES, Camellia, etc.), sequence ciphers (RC4, Trivium, etc.) and cryptographic protocols (SSL protocol, TLS protocol, PKCS protocol, etc.), and has corresponding effective attack analysis methods for different processor hardware platforms, software implementations on operating systems and implementations on different smart cards, as well as FPGAs and ASICs, and has become one of the biggest threats in the security field.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the application provides an anti-attack program running method and device, a storage medium and an electronic device, and aims to at least solve the technical problem of low safety of related technology software.
According to an aspect of an embodiment of the present application, there is provided an attack-prevention program running method, including: acquiring a target program to be operated; converting the target program into an instruction sequence, wherein the task represented by the instruction sequence is the same as the task represented by the target program; in the process of executing the task instruction in the instruction sequence, executing the noise instruction in the first instruction set, wherein the task represented by the noise instruction is different from the task represented by the instruction sequence.
According to another aspect of the embodiments of the present application, there is also provided an anti-attack program running device, including: the device comprises an acquisition unit, a processing unit and a control unit, wherein the acquisition unit is used for acquiring a target program to be operated; the conversion unit is used for converting the target program into an instruction sequence, wherein the task represented by the instruction sequence is the same as the task represented by the target program; and the execution unit is used for executing the noise instruction in the first instruction set in the process of executing the task instruction in the instruction sequence, wherein the task represented by the noise instruction is different from the task represented by the instruction sequence.
According to another aspect of the embodiments of the present application, there is also provided a storage medium including a stored program which, when executed, performs the above-described method.
According to another aspect of the embodiments of the present application, there is also provided an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor executes the above method through the computer program.
In the embodiment of the application, the noise instruction in the first instruction set can be automatically executed in the process of executing the task instruction in the instruction sequence, so that a regular and analyzable program becomes to be free of rules and modes, the difficulty of side channel analysis is increased, the technical problem of low safety of related technology software is solved, and the technical effect of improving the safety of the software is achieved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a flowchart of an alternative method for operating an attack-prevention program according to an embodiment of the present application;
FIG. 2 is a flowchart of an alternative method for operating an attack-resistant program according to an embodiment of the present application;
FIG. 3 is a schematic diagram of an alternative attack-resistant program compilation according to an embodiment of the present application;
FIG. 4 is a diagram illustrating an alternative defense-side channel analysis attack protection according to an embodiment of the present application;
fig. 5 is a schematic diagram of an alternative attack-prevention program running apparatus according to an embodiment of the present application; and the number of the first and second groups,
fig. 6 is a block diagram of a terminal according to an embodiment of the present application.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
In order to prevent piracy or other cracking behaviors, according to an aspect of the embodiments of the present application, a method embodiment of an anti-attack program running method is provided, so as to implement protection against side channel attacks (or side channel attacks) in software.
The anti-attack program running method can be run by the defense equipment, and the defense equipment is not limited to a PC, a mobile phone, a tablet computer and the like. The program running method for defending the device to execute the anti-attack of the embodiment of the application can also be executed by the client installed on the device. Fig. 1 is a flowchart of an optional anti-attack program running method according to an embodiment of the present application, and by adopting the technical scheme of the present application to defend side channel attacks, noise can be automatically added to a program, so that the regular and analyzable program becomes unavailable with regularity and mode, thereby increasing the difficulty of side channel analysis and avoiding piracy or other cracking behaviors, as shown in fig. 1, the method may include the following steps:
step S102, the defense device acquires the target program to be operated.
And step S104, the defense equipment converts the target program into an instruction sequence, and the task represented by the instruction sequence is the same as the task represented by the target program.
Step S106, during the process of executing the task instruction in the instruction sequence, the defense device executes the noise instruction in the first instruction set, where the task represented by the noise instruction is different from the task represented by the instruction sequence, that is, the noise instruction is an instruction unrelated to the target program.
The task instruction is an instruction in the process of executing a task, such as a data read instruction, a data operation instruction (e.g., addition, subtraction, multiplication, division, logical and operation, logical or operation, etc.), and a data storage instruction.
Through the steps, the noise instruction in the first instruction set can be automatically executed in the process of executing the task instruction in the instruction sequence, so that the regular and analyzable program becomes free of rules and modes, the difficulty of side channel analysis is increased, the technical problem of low safety of related technology software can be solved, and the technical effect of improving the safety of the software is achieved.
In order to achieve the purposes of adding noise to a batch program and avoiding the software from being analyzed by an attacker side channel, in the technical scheme of the application, the program can be compiled into a process virtual machine to be executed, and a noise instruction is randomly executed when each instruction of the process virtual machine is executed. The technical solution of the present application is further detailed below with reference to the steps shown in fig. 1.
In the technical solution provided in step S102, an object program to be executed is obtained, where the object program is a source code written in a programming language (such as C language, JAVA language, and the like) in advance.
In the technical solution provided in step S104, the target program is converted into an instruction sequence, and the task represented by the instruction sequence is the same as the task represented by the target program.
In an alternative method for defending against the error injection attack, noise can be artificially added to each place in the program where the side channel attack needs to be defended, and if the places in the program where the side channel attack needs to be defended are more, the places where the noise needs to be added are more, so that the program development and maintenance cost is higher. In order to overcome this problem, the present application provides a scheme that can add noise in batches.
Optionally, when the target program is converted into an instruction sequence, a first instruction set and a second instruction set may be created in advance, the first instruction set holds a plurality of noise instructions, each task instruction in the second instruction set is used to represent one subtask, and the task instructions may be executed together with the noise instructions at runtime according to indication information generated for the task instructions and according to a certain probability (for example, a probability greater than 99%), and the noise instructions specifically selected from the first instruction set may be determined according to the indication information.
In the above embodiment, the converting the target program into the instruction sequence includes the following steps 1 to 2:
Optionally, the above scheme may be implemented by a compiler, and before searching for the task instruction matching each program segment from the second instruction set, obtaining the second instruction set in the compiler; finding task instructions from the second instruction set that match each program fragment includes processing each program fragment in the target program as follows: and searching task instructions of which the expressed subtasks are matched with the currently processed program segments from the second instruction set by using a compiler, wherein each program segment in the target program is used for expressing one subtask. The compiler establishes a mapping relation between a programming language of the target program and instructions in the second instruction set, divides the target program into program segments (one program segment may be one or more programming languages), determines each program segment in the target program by using the compiler, and searches task instructions matched with each program segment from the instruction set.
The compiler mainly has two functions, one of which is to store a mapping relationship between a source code and a task instruction of a program segment (e.g., a program segment written by using a programming language such as C, Java, Python, etc.), for example, to store the mapping relationship as a data table in which the source code and the task are in one-to-one correspondence, where a function a (i.e., a source code of one program segment) is represented by a task instruction a in the scheme of the present application, a function B is represented by a task instruction B in the scheme of the present application, and a function C is represented by a task instruction C in the scheme of the present application; secondly, identifying the source codes of the program segments and completing instruction conversion, the specific implementation mode can match the locally stored functions A, B, C and the like with the program segments in the target program one by one, if the first program segment in the target program is matched to be the function B, the first instruction in the instruction sequence is determined to be the task instruction B, and the like, until the identification of all the program segments in the target program is completed, and a complete instruction sequence is obtained.
And 2, arranging the matched task instructions according to the positions of the corresponding program segments in the target program to obtain an instruction sequence, namely the positions of the task instructions in the instruction sequence are the same as the positions of the corresponding program segments in the target program.
In the technical solution provided in step S106, in the process of executing the task instruction in the instruction sequence, a noise instruction in the first instruction set is executed, where the task represented by the noise instruction is different from the task represented by the instruction sequence, such as an instruction that does not actually process data related to the target program, and an instruction that is not associated with task logic in the target program.
Optionally, in the process of executing the noise instruction in the first instruction set, the noise instruction may be determined according to the following steps 1 to 2:
The preset mode is preset, and there is no rule for selecting the noise instruction according to the mode, for example, a random function is used to generate a random value in a certain interval, and then the generated random value is used to determine whether to select the noise instruction, if so, the random value can be used to select.
And 2, acquiring a target noise instruction from the first instruction set according to the indication information.
Optionally, the obtaining the target noise instruction from the first instruction set according to the indication information includes: and under the condition that the identifier represented by the indication information belongs to the first identifier set, selecting a target noise instruction with the identifier matched with the identifier represented by the indication information from the first instruction set, wherein the identifier stored in the first identifier set is matched with the identifier of the noise instruction in the first instruction set.
Optionally, after the indication information generated for the target task instruction is acquired, the target task instruction may be directly executed in the process virtual machine in a case that the identifier represented by the indication information belongs to a second identifier set, where the identifier stored in the second identifier set does not match the identifier of the noise instruction in the first instruction set.
For example, the random number generation interval may be divided into two sub-intervals, the first sub-interval corresponding to the first identification set, and the second sub-interval corresponding to the second identification set, such as the interval [ -10,100] divided into two sub-intervals, the second sub-interval [ -10,1) and the first sub-interval [1,100 ]. If the random value is 0, then the noise is not selected, and if the random value is between 1 and 100, then the noise is selected in various ways. For example, if the number (e.g. 100) of the noise commands in the first command set is the same as the number of the identifiers in the first subinterval, then the noise commands identified by the random value may be directly selected; if the number of noise commands in the first command set (for example, 20) is not the same as the number of identifiers in the first subinterval, the number of noise commands may be used to perform a remainder operation on the random value, and then the noise command with the remainder as the identifier is obtained, if the random value is 133, the remainder is obtained for 20 to obtain 13, and the selected noise is the noise with the identifier of 13 in the first command set.
Optionally, the obtaining the target noise instruction from the first instruction set according to the indication information includes: when the noise instruction is selected in the first round, generating indication information which is a random number, randomly selecting a target noise instruction from a first instruction set under the condition that the numerical value represented by the indication information is in a preset numerical value interval (such as a numerical value interval larger than 0), and subtracting 1 from the random value represented by the indication information; and when the noise instruction is selected in the Nth round (N is more than or equal to 2), if the current numerical value of the indication information is still in the preset numerical value interval, randomly selecting the target noise instruction from the first instruction set, and if the current numerical value of the indication information is not in the preset numerical value interval, not selecting the target noise instruction.
For example, the generated random number is 2, when the noise command is selected in the first round, the target noise command is directly and randomly selected from the first command set and the random number is changed to 1, when the noise command is selected in the second round, the target noise command is directly and randomly selected from the first command set and the random number is changed to 0, and when the noise command is selected in the third round and later, the noise command is not selected.
In the above embodiment, in the process of executing the task instruction in the instruction sequence, the following two ways are included for executing the noise instruction in the first instruction set: one is to execute a target noise instruction in a process virtual machine and execute a target task instruction after the target noise instruction is executed; and secondly, executing the target task instruction in the process virtual machine, and executing the target noise instruction after the target task instruction is executed.
Considering that the cost of adding noise into a program is proportional to the size of the program, the larger the program size, the higher the cost of resisting side channel attack, in the technical scheme of the application, the program can be compiled into a process virtual machine, the process virtual machine is also a program, the virtual machine can simulate the execution process of a CPU to execute a program needing protection, but the size of the virtual machine is fixed, the size of the program is fixed, and the cost of resisting side channel attack is fixed accordingly. The core idea of the scheme is mainly to abstract the second instruction set and then replace the execution target program with the instruction in the second instruction set, and besides using the virtual machine implementation, other software or hardware with compiling and instruction execution functions can be used instead.
As an alternative example, the following further details the technical solution of the present application with reference to specific implementation modes, as shown in fig. 2:
step S202, a process virtual machine V is pre-programmed, and a plurality of basic instructions (namely, a second instruction set) similar to the instruction set of the CPU are designed in the process virtual machine V.
Step S204, each basic instruction in V is configured to be executed along with the noise instruction, for example, when each basic instruction in V is executed, the number n may be randomly selected, loop n times, randomly select one instruction noise instruction V 'each time, and execute the noise instruction V'.
Step S206, compiling the object program P needing protection on V.
The transformation of the normal program (i.e. the program to be protected P) into the instruction sequence of V is illustrated in fig. 3: p is compiled by a compiler to get P expressed by the instruction set in V, and then the resulting instruction is executed by the process virtual machine V (i.e. side channel attack protection is performed).
In step S208, the compiled instruction sequence is executed, because P is transformed into the basic instructions in V, and each basic instruction in V adds noise, P as a whole can completely defend against side channel analysis attacks, and this process can be automatically completed by the compiler of V without additional human intervention.
For the defense side channel analysis attack protection of the process virtual machine on the process virtual machine, see fig. 4: executing the compiled instruction A in the process virtual machine V, then randomly selecting a number n, if n is less than or equal to 0, directly executing the instruction A without executing the noise instruction, if n is greater than 0, executing a random noise instruction, subtracting 1 from the value of n, and judging whether to execute the noise instruction or not by using n next time.
The program running on the process virtual machine can be protected only by protecting the process virtual machine from channel attack, and the cost is fixed and cannot increase along with the increase of the program size, so that the cost can be reduced while the efficiency is improved.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present application is not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present application.
According to another aspect of the embodiment of the application, an anti-attack program running device for implementing the anti-attack program running method is also provided. Fig. 5 is a schematic diagram of an alternative attack-prevention program execution device according to an embodiment of the present application, and as shown in fig. 5, the device may include:
an obtaining unit 501, configured to obtain a target program to be run;
a conversion unit 503, configured to convert the target program into an instruction sequence, where a task represented by the instruction sequence is the same as a task represented by the target program;
and the execution unit 505 is configured to execute a noise instruction in the first instruction set during execution of a task instruction in the instruction sequence, where a task represented by the noise instruction is different from a task represented by the instruction sequence.
It should be noted that the obtaining unit 501 in this embodiment may be configured to execute step S102 in this embodiment, the converting unit 503 in this embodiment may be configured to execute step S104 in this embodiment, and the executing unit 505 in this embodiment may be configured to execute step S106 in this embodiment.
Through the module, the noise instruction in the first instruction set can be automatically executed in the process of executing the task instruction in the instruction sequence, so that the regular and analyzable program becomes free of rules and modes, the difficulty of side channel analysis is increased, the technical problem of low safety of related technical software can be solved, and the technical effect of improving the safety of the software is achieved.
Optionally, the conversion unit may be further configured to obtain each program segment in the target program, and search the second instruction set for a task instruction matched with each program segment, where the second instruction set includes a plurality of task instructions created in advance; and arranging the matched task instructions according to the positions of the corresponding program segments in the target program to obtain the instruction sequence.
Optionally, the conversion unit may be further configured to, before searching for a task instruction matching each program fragment from the second instruction set, obtain a second instruction set in the compiler, where each task instruction in the second instruction set is used to represent a sub-task; processing each program segment in the target program in the following manner when searching the task instruction matched with each program segment from the second instruction set: and searching task instructions of which the expressed subtasks are matched with the currently processed program segments from the second instruction set by using the compiler, wherein each program segment in the target program is used for expressing one subtask.
Optionally, the execution unit, in the process of executing the noise instruction in the first instruction set, may further be configured to: acquiring indication information generated for a target task instruction, wherein the target task instruction is a task instruction to be currently operated in a process virtual machine in the instruction sequence, and the indication information is generated according to a preset mode; and acquiring a target noise instruction from the first instruction set according to the indication information.
Optionally, the execution unit may be further configured to execute the target noise instruction in the process virtual machine, and execute the target task instruction after the target noise instruction is executed; or executing the target task instruction in the process virtual machine, and executing the target noise instruction after the target task instruction is executed.
Optionally, when the execution unit obtains the target noise instruction from the first instruction set according to the indication information, the execution unit may further be configured to: and under the condition that the identifier represented by the indication information belongs to a first identifier set, selecting the target noise instruction with the identifier matched with the identifier represented by the indication information from the first instruction set, wherein the identifier stored in the first identifier set is matched with the identifier of the noise instruction in the first instruction set.
Optionally, after acquiring the indication information generated for the target task instruction, the execution unit may further be configured to: and under the condition that the identification represented by the indication information belongs to a second identification set, directly executing the target task instruction in the process virtual machine, wherein the identification stored in the second identification set is not matched with the identification of the noise instruction in the first instruction set.
It should be noted here that the modules described above are the same as the examples and application scenarios implemented by the corresponding steps, but are not limited to the disclosure of the above embodiments. It should be noted that the modules as a part of the apparatus may run in a corresponding hardware environment, and may be implemented by software, or may be implemented by hardware, where the hardware environment includes a network environment.
According to another aspect of the embodiment of the application, a server or a terminal for implementing the anti-attack program running method is also provided.
Fig. 6 is a block diagram of a terminal according to an embodiment of the present application, and as shown in fig. 6, the terminal may include: one or more processors 601 (only one of which is shown in fig. 6), a memory 603, and a transmitting device 605, as shown in fig. 6, the terminal may further include an input-output device 607.
The memory 603 may be configured to store software programs and modules, such as program instructions/modules corresponding to the method and apparatus for operating an anti-attack program in the embodiment of the present application, and the processor 601 executes various functional applications and data processing by operating the software programs and modules stored in the memory 603, that is, implements the above-mentioned method for operating an anti-attack program. The memory 603 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 603 may further include memory located remotely from the processor 601, which may be connected to the terminal through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The above-mentioned transmission device 605 is used for receiving or sending data via a network, and may also be used for data transmission between a processor and a memory. Examples of the network may include a wired network and a wireless network. In one example, the transmission device 605 includes a Network adapter (NIC) that can be connected to a router via a Network cable and other Network devices to communicate with the internet or a local area Network. In one example, the transmission device 605 is a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.
Among them, the memory 603 is used to store an application program, in particular.
The processor 601 may call the application stored in the memory 603 through the transmission device 605 to perform the following steps:
acquiring a target program to be operated;
converting the target program into an instruction sequence, wherein the task represented by the instruction sequence is the same as the task represented by the target program;
in the process of executing the task instruction in the instruction sequence, executing the noise instruction in the first instruction set, wherein the task represented by the noise instruction is different from the task represented by the instruction sequence.
The processor 601 is further configured to perform the following steps:
acquiring each program segment in a target program, and searching a task instruction matched with each program segment from a second instruction set, wherein the second instruction set comprises a plurality of pre-established task instructions;
and arranging the matched task instructions according to the positions of the corresponding program segments in the target program to obtain an instruction sequence.
By adopting the embodiment of the application, the method and the device for acquiring the target program to be operated are provided; converting the target program into an instruction sequence, wherein the task represented by the instruction sequence is the same as the task represented by the target program; in the process of executing the task instruction in the instruction sequence, executing the noise instruction in the first instruction set, wherein the task represented by the noise instruction is different from the task represented by the instruction sequence. The noise instruction in the first instruction set can be automatically executed in the process of executing the task instruction in the instruction sequence, so that the regular and analyzable programs become unavailable without rules and modes, the difficulty of side channel analysis is increased, the technical problem of low safety of related technology software is solved, and the technical effect of improving the safety of the software is achieved.
Optionally, the specific examples in this embodiment may refer to the examples described in the above embodiments, and this embodiment is not described herein again.
It can be understood by those skilled in the art that the structure shown in fig. 6 is only an illustration, and the terminal may be a terminal device such as a smart phone (e.g., an Android phone, an iOS phone, etc.), a tablet computer, a palm computer, and a Mobile Internet Device (MID), a PAD, etc. Fig. 6 is a diagram illustrating a structure of the electronic device. For example, the terminal may also include more or fewer components (e.g., network interfaces, display devices, etc.) than shown in FIG. 6, or have a different configuration than shown in FIG. 6.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by a program instructing hardware associated with the terminal device, where the program may be stored in a computer-readable storage medium, and the storage medium may include: flash disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
Embodiments of the present application also provide a storage medium. Alternatively, in this embodiment, the storage medium may be a program code for executing an attack-prevention program execution method.
Optionally, in this embodiment, the storage medium may be located on at least one of a plurality of network devices in a network shown in the above embodiment.
Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps:
acquiring a target program to be operated;
converting the target program into an instruction sequence, wherein the task represented by the instruction sequence is the same as the task represented by the target program;
in the process of executing the task instruction in the instruction sequence, executing the noise instruction in the first instruction set, wherein the task represented by the noise instruction is different from the task represented by the instruction sequence.
Optionally, the storage medium is further arranged to store program code for performing the steps of:
acquiring each program segment in a target program, and searching a task instruction matched with each program segment from a second instruction set, wherein the second instruction set comprises a plurality of pre-established task instructions;
and arranging the matched task instructions according to the positions of the corresponding program segments in the target program to obtain an instruction sequence.
Optionally, the specific examples in this embodiment may refer to the examples described in the above embodiments, and this embodiment is not described herein again.
Optionally, in this embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The above-mentioned serial numbers of the embodiments of the present application are merely for description and do not represent the merits of the embodiments.
The integrated unit in the above embodiments, if implemented in the form of a software functional unit and sold or used as a separate product, may be stored in the above computer-readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or a part of or all or part of the technical solution contributing to the prior art may be embodied in the form of a software product stored in a storage medium, and including instructions for causing one or more computer devices (which may be personal computers, servers, network devices, or the like) to execute all or part of the steps of the method described in the embodiments of the present application.
In the above embodiments of the present application, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed client may be implemented in other manners. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The foregoing is only a preferred embodiment of the present application and it should be noted that those skilled in the art can make several improvements and modifications without departing from the principle of the present application, and these improvements and modifications should also be considered as the protection scope of the present application.
Claims (10)
1. An attack-prevention program running method is characterized by comprising the following steps:
acquiring a target program to be operated;
converting the target program into an instruction sequence, wherein the task represented by the instruction sequence is the same as the task represented by the target program;
and executing a noise instruction in a first instruction set in the process of executing a task instruction in the instruction sequence, wherein the task represented by the noise instruction is different from the task represented by the instruction sequence.
2. The method of claim 1, wherein converting the target program into a sequence of instructions comprises:
acquiring each program segment in the target program, and searching a task instruction matched with each program segment from a second instruction set, wherein the second instruction set comprises a plurality of pre-created task instructions;
and arranging the matched task instructions according to the positions of the corresponding program segments in the target program to obtain the instruction sequence.
3. The method of claim 2,
before looking up task instructions matching each program fragment from the second set of instructions, the method further comprises: acquiring the second instruction set in a compiler, wherein each task instruction in the second instruction set is used for representing a subtask;
finding task instructions from the second instruction set that match each program fragment includes processing each program fragment in the target program as follows: and searching task instructions of which the expressed subtasks are matched with the currently processed program segments from the second instruction set by using the compiler, wherein each program segment in the target program is used for expressing one subtask.
4. A method according to any one of claims 1 to 3, wherein in executing the noise instructions of the first set of instructions, the method further comprises:
acquiring indication information generated for a target task instruction, wherein the target task instruction is a task instruction to be currently operated in a process virtual machine in the instruction sequence, and the indication information is generated according to a preset mode;
and acquiring a target noise instruction from the first instruction set according to the indication information.
5. The method of claim 4, wherein executing the noise instructions of the first set of instructions during execution of the task instructions of the sequence of instructions comprises:
executing the target noise instruction in the process virtual machine, and executing the target task instruction after the target noise instruction is executed; or the like, or, alternatively,
and executing the target task instruction in the process virtual machine, and executing the target noise instruction after the target task instruction is executed.
6. The method of claim 4, wherein obtaining a target noise order from the first set of orders according to the indication information comprises:
and under the condition that the identifier represented by the indication information belongs to a first identifier set, selecting the target noise instruction with the identifier matched with the identifier represented by the indication information from the first instruction set, wherein each identifier stored in the first identifier set is matched with the identifier of one noise instruction in the first instruction set.
7. The method of claim 4, wherein after obtaining the indication information generated for the target task instruction, the method further comprises:
and under the condition that the identifier represented by the indication information belongs to a second identifier set, directly executing the target task instruction in the process virtual machine, wherein each identifier stored in the second identifier set is not matched with the identifier of any noise instruction in the first instruction set.
8. An attack-preventive program execution device, comprising:
the device comprises an acquisition unit, a processing unit and a control unit, wherein the acquisition unit is used for acquiring a target program to be operated;
the conversion unit is used for converting the target program into an instruction sequence, wherein the task represented by the instruction sequence is the same as the task represented by the target program;
and the execution unit is used for executing the noise instruction in the first instruction set in the process of executing the task instruction in the instruction sequence, wherein the task represented by the noise instruction is different from the task represented by the instruction sequence.
9. A storage medium, characterized in that the storage medium comprises a stored program, wherein the program when executed performs the method of any of the preceding claims 1 to 7.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor executes the method of any of the preceding claims 1 to 7 by means of the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010345713.7A CN111538988A (en) | 2020-04-27 | 2020-04-27 | Anti-attack program running method and device, storage medium and electronic device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010345713.7A CN111538988A (en) | 2020-04-27 | 2020-04-27 | Anti-attack program running method and device, storage medium and electronic device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111538988A true CN111538988A (en) | 2020-08-14 |
Family
ID=71978798
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010345713.7A Pending CN111538988A (en) | 2020-04-27 | 2020-04-27 | Anti-attack program running method and device, storage medium and electronic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111538988A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116208317A (en) * | 2023-05-05 | 2023-06-02 | 上海芯联芯智能科技有限公司 | Method for resisting side channel attack and encryption and decryption device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120284688A1 (en) * | 2011-05-03 | 2012-11-08 | Apple Inc. | System and method for blurring instructions and data via binary obfuscation |
| CN106960140A (en) * | 2016-01-08 | 2017-07-18 | 阿里巴巴集团控股有限公司 | Virtual machine instructions obscure method and device, virtual machine protection system |
| CN107092518A (en) * | 2017-04-17 | 2017-08-25 | 上海红神信息技术有限公司 | A kind of Compilation Method for protecting mimicry system of defense software layer safe |
| CN107122633A (en) * | 2016-02-24 | 2017-09-01 | 阿里巴巴集团控股有限公司 | The instruction executing method and device of application program |
-
2020
- 2020-04-27 CN CN202010345713.7A patent/CN111538988A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120284688A1 (en) * | 2011-05-03 | 2012-11-08 | Apple Inc. | System and method for blurring instructions and data via binary obfuscation |
| CN106960140A (en) * | 2016-01-08 | 2017-07-18 | 阿里巴巴集团控股有限公司 | Virtual machine instructions obscure method and device, virtual machine protection system |
| CN107122633A (en) * | 2016-02-24 | 2017-09-01 | 阿里巴巴集团控股有限公司 | The instruction executing method and device of application program |
| CN107092518A (en) * | 2017-04-17 | 2017-08-25 | 上海红神信息技术有限公司 | A kind of Compilation Method for protecting mimicry system of defense software layer safe |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116208317A (en) * | 2023-05-05 | 2023-06-02 | 上海芯联芯智能科技有限公司 | Method for resisting side channel attack and encryption and decryption device |
| CN116208317B (en) * | 2023-05-05 | 2023-07-07 | 上海芯联芯智能科技有限公司 | Method for resisting side channel attack and encryption and decryption device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9281940B2 (en) | Information processing apparatus, information processing method, and program | |
| CN104520873A (en) | Systems and methods for securing and restoring virtual machines | |
| CN106529308B (en) | data encryption method and device and mobile terminal | |
| US10657262B1 (en) | Method and apparatus for securing embedded device firmware | |
| US20140380037A1 (en) | Information processing apparatus, information processing method, and program | |
| US9209968B2 (en) | Information processing apparatus, information processing method, and program | |
| CN108399319B (en) | Source code protection method, application server and computer readable storage medium | |
| CN110417768B (en) | Botnet tracking method and device | |
| CN113722683B (en) | Model protection method, device, equipment, system and storage medium | |
| Jin et al. | Exposing vulnerabilities of untrusted computing platforms | |
| CN105721154B (en) | Encryption protection method based on Android platform communication interface | |
| CN110210211A (en) | A kind of method of data protection and calculate equipment | |
| CN111814210A (en) | Method and device for processing file, storage medium and electronic equipment | |
| CN109067709A (en) | A kind of Vulnerability Management method, apparatus, electronic equipment and storage medium | |
| CN109299944B (en) | Data encryption method, system and terminal in transaction process | |
| CN108182358B (en) | File protection method and device, computing equipment and computer storage medium | |
| CN117240625B (en) | Tamper-resistant data processing method and device and electronic equipment | |
| CN111538988A (en) | Anti-attack program running method and device, storage medium and electronic device | |
| CN113132484A (en) | Data transmission method and device | |
| CN104639313A (en) | Cryptographic algorithm detection method | |
| CN115333753A (en) | Internet protocol address generation method and device, storage medium and electronic equipment | |
| CN107403103B (en) | File decryption method and device | |
| CN112099901B (en) | Method and device for configuring virtual machine memory data encryption mode and CPU chip | |
| CN115174192A (en) | Application security protection method and device, electronic equipment and storage medium | |
| CN114866532A (en) | Method, device, equipment and medium for uploading security check result information of endpoint file |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |