JP2013045277A - Program obfuscation method and remote debug system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To perform remote debug concurrently protecting a debug object program from a reverse engineering without deteriorating a performance.SOLUTION: Out of a debug object program, information representing a program logic and information necessary for debugging are converted by different systems. The information representing the program logic is obfuscated using an existing obfuscation system, while the information necessary for debugging is encrypted using an existing encryption system. The program logic is executed using the program that has been converted by the different system and, when occurring malfunction, remote debug is performed using the encrypted debug information. The encrypted debug information is decrypted on a maintenance center side for performing the debug.

Description

  The present invention relates to a program obfuscation method and a remote debugging system, and in particular, a technique for protecting a software program to be debugged (hereinafter referred to as a debugging target program) from reverse engineering, and a debugging target program remotely. Regarding technology.

  In recent years, devices equipped with virtual machines have been widely used. In the virtual machine, a CPU such as Pentium (registered trademark) or PowerPC does not directly execute the program, but a virtual computer is prepared in software so that the program is executed by the software.

For example, a device equipped with a Java virtual machine (Java is an abbreviation for Java ^™ and is a registered trademark of Oracle Corporation and its subsidiaries and affiliates in the United States and other countries) is becoming popular. The Java virtual machine absorbs differences between CPUs and OSs and enables Java programs composed of intermediate code to be executed on various devices. Many mobile phones with a variety of devices are equipped with Java virtual machines, and Android (Android is an abbreviation for Android ^TM , which is a trademark or registered trademark of Google Inc. in the United States) has recently adopted Java technology. ing. In addition, OSGi (OSGi is an abbreviation for OSGi ^TM and is a registered trademark of the US OSGi Alliance) is a platform for distributing Java programs to devices and managing the life cycle of programs such as starting and stopping execution. The so-called technology is drawing attention. Several software vendors are starting to distribute and sell programs that run on various devices using execution platforms such as Android and OSGi.

  On the other hand, various Java programs developed by various vendors are installed on Android and OSGi-equipped devices and run simultaneously, complicating the causes of program failures. There are various factors such as contention for CPU resources, memory resources, storage capacity, and screen display area. Since the program developer cannot predict in advance what other programs will be executed at the same time, it is difficult to inspect the malfunction of the program due to resource contention by the preliminary test. Even when a malfunction is detected after the program is distributed, all the programs developed by other vendors must be obtained in order to reproduce the malfunction occurrence environment. Therefore, there is a need for a technique that enables remote program debugging (hereinafter referred to as remote debugging) using an actual machine environment in which a malfunction has occurred. JDB, a Java standard debugger provided by Oracle, has a remote debugging function.

  However, in order to enable remote debugging using a debugger such as JDB, information used for debugging (hereinafter referred to as debug information) must be included in a Java program file (hereinafter referred to as class file). This debug information stores source code line numbers, local variable names, etc., so that it is easy to perform so-called "reverse engineering" in which a malicious user analyzes a program and releases a security function. There are challenges. Originally, Java programs are composed of intermediate codes called bytecodes, and are premised on dynamic linking by means of symbol reference resolution, so they are vulnerable to reverse engineering. In addition, by including debug information in a Java program, a malicious user can reconstruct (decompile) almost complete source code. As representative decompile tools, JAD, JODE, SourceAgain, etc. are known.

  As a technique for preventing such reverse engineering, there is a program obfuscation technique. For example, Patent Document 1 describes a method for obfuscating a program by generating a dummy code that can obtain the same calculation result as before obfuscation. Patent Document 2 describes a method of encrypting a program and decrypting it before executing the program. Further, Patent Document 3 describes an obfuscation method in which continuous instructions included in source code are cut out in units of blocks, and control variables are set for controlling the execution order of the cut out blocks. DashO, ProGuard, ZelixKlassMaster, etc. are known as typical program obfuscation tools. ProGuard is built into the Android development environment as standard.

JP 2011-018119 A JP 2009-075720 A JP 2008-090668 A

  In order to protect the debug target program from reverse engineering of a device equipped with a virtual machine, as described in Patent Document 1 and Patent Document 3, the method of obfuscating the entire program deletes debug information from the debug target program. In addition, since debugging information becomes meaningless information, there is a problem that remote debugging becomes impossible.

  Further, in order to protect the debug target program from reverse engineering, when the entire program is encrypted as described in Patent Document 2, it is necessary to manage the secret key used for encryption and protect the decryption processing code itself. There is a problem. Furthermore, when the encrypted program is executed while being decrypted, there is a problem that the performance deteriorates.

  It is an object of the present invention to solve such problems of the prior art, protect a program to be debugged from reverse engineering, and at the same time enable remote debugging without degrading performance.

  An example of a representative one of the present invention is as follows. The program obfuscation method of the present invention is a method of obfuscating a debug target program to be executed on a debug target device in an obfuscation apparatus having program obfuscation processing means, wherein the debug target program includes program logic. And code information representing the information necessary for debugging. The program obfuscation processing means reverses the code information without changing the program logic of the program to be debugged. The debugging target program is obfuscated by obfuscating information that is difficult to engineer and encrypting the debug information into information that cannot be reverse engineered.

  According to the present invention, the debug target program is protected from reverse engineering, and at the same time, the debug target program can be remotely debugged.

The figure of the system configuration example of Example 1 of this invention. FIG. 3 is a diagram of a software configuration example related to remote debugging according to the first embodiment. 3 is a flowchart illustrating an example of an obfuscation procedure according to the first embodiment. The figure which shows the example before and behind encryption of the debug information of a program in the obfuscation procedure of FIG. FIG. 3 is a sequence diagram illustrating a remote debugging procedure according to the first embodiment. The figure of the software structural example relevant to remote debugging of Example 2 of this invention. FIG. 10 is a sequence diagram illustrating an example of a remote debugging procedure according to the second embodiment. The figure which shows the structural example of the hardware of the Example 3 of this invention, and software.

  According to the representative embodiment of the present invention, the obfuscation apparatus obfuscates the program to be debugged that executes the virtual machine. In this obfuscation, information such as Java bytecode (hereinafter referred to as code information) constituting the program logic and debug information are converted by different methods. Code information is obfuscated using an existing obfuscation method, and debug information is encrypted using an existing encryption method. The converted code information and debug information are stored in a class file on the actual machine that executes the program in the same format as the conventional class file format. The actual machine normally executes the program logic using the obfuscated code information, and when a malfunction occurs, a debug processing device (maintenance center) different from the actual machine performs remote debugging using the encrypted debug information. I do. The encrypted debug information is not decrypted on the actual machine, but is decrypted on the debug processing device side that performs debugging.

By using this embodiment, the program of the device to be debugged is protected from reverse engineering, and at the same time, the program can be remotely debugged. Since the code information of the program is not encrypted, performance degradation due to decryption processing during program execution in the debug processing device does not occur. In addition, since the encrypted debug information is not decrypted on the real machine, management of the secret key in the real machine is unnecessary, and protection of the decryption code is not necessary. In addition, since neither code information obfuscation nor debug information encryption or decryption processing occurs on the actual machine, logic modification of the program execution environment is unnecessary.
Furthermore, according to another embodiment of the present invention, an existing debugger can be used as it is by using a dedicated proxy server that performs decryption processing on the debug processing device (maintenance center) side.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a diagram illustrating a configuration example of a remote debug system according to the first embodiment of the present invention. The remote debugging system is connected to a maintenance center (debug processing device) 100 and a maintenance center 100 via a network 106, and is connected to a plurality of user terminal devices each having a debug target device, that is, a plurality of actual devices 105 (105A). ˜105 n) and an obfuscation device 107 provided by the program developer connected to the network 106. The maintenance center 100, each user's terminal device 105, and the obfuscation device 107 provided by the program developer each have a computer and a program for causing the computer to realize various functions and means. The maintenance center 100, the user terminal device 105, and the obfuscation apparatus 107 store an application program and a virtual machine that processes the application program so that the application program can be executed in the storage unit, and the processing unit executes the virtual machine. A program execution device. For example, a dedicated Java virtual machine (JavaVM) is installed in advance in each device constituting this remote debugging system, and when executing a Java program, the JavaVM is started, and the same Java program is commonly developed and executed. It is in a possible environment.

  The computer includes, for example, an arithmetic device 101, a storage unit (main storage device 102, external storage device 104), and a communication device 103. The arithmetic unit 101 is a central processing unit that processes instructions loaded in the main storage device 102. The main storage device 102 is a volatile memory or a non-volatile memory that stores program data loaded from the external storage device 104. The communication device 103 is a device for connecting to an external network 106 and transmitting / receiving data required by a program operating on hardware. The external storage device 104 is a nonvolatile memory that stores program data. Here, the external storage device 104 may be configured to exist on another machine via a network.

  The maintenance center 100 includes, as functions / means realized by executing an application program stored in the main storage device 102 on a computer, debug information acquisition means and debug information decoding / processing means for each real machine. Have. Furthermore, a debugging target program of each terminal device connected to the maintenance center 100, an ID for specifying the program, and a user list (information for debugging target program table) in which information related to debugging is recorded are held. Each terminal device 105 holds a debug target program and, as functions realized by executing an application program on a computer, a debug target program execution unit and encrypted debug information response processing unit. . The obfuscation device 107 provided by the program developer has program obfuscation processing means for performing obfuscation / encryption processing on the program to be debugged.

  A Java language source file is converted by a Java language compiler and converted into a class file for execution. The source code of the source file is converted into the byte code of the class file. When the class file is executed in each terminal device 105, the Java VM is activated, and the Java VM reads the byte code of the class file and executes the process while translating it into the machine language. The maintenance center device 201 and the debug target device 202 hold debug information such as a line number of a source code and a local variable name used for debugging in a class file.

  The apparatus described in the present invention generally has the hardware configuration shown in FIG. 1, but is not limited to this configuration.

  FIG. 2 illustrates a software configuration example in the maintenance center apparatus 201 and the debug target apparatus 202 in the remote debugging system according to the first embodiment. In FIG. 2, a maintenance center apparatus 201 is an apparatus used by an individual or a group (hereinafter, referred to as a service manager temporarily) who actually performs remote debugging processing on a user's debug target apparatus 202. The service manager uses the remote debugger 204 to debug the program of the debug target device 202. The remote debugger 204 includes a debug request processing unit 205 that provides a service administrator with a user interface for debugging, a debug information decryption processing unit 206 that decrypts encrypted debug information, and a user list (not shown). Consists of.

  The debug target device 202 is a device that executes a debug target program 207 that is a target of remote debugging. In the debug target device 202, a program execution environment 208 that is an execution environment of the debug target program 207 operates. The debug response processing unit 209 of the program execution environment 208 receives the debug request message transmitted from the debug request processing unit 205 of the maintenance center apparatus 201, performs debug processing of the debug target program 207 according to the type of the message, The result is returned to the debug request processing unit 205.

  The network 203 is a general network such as Ethernet (registered trademark) that connects the maintenance center device 201 and the debug target device 202. However, the maintenance center device 201 and the debug target device 202 may be devices (first devices) that operate on the same computer system. In this case, the network 203 represents a logical communication pipe. Alternatively, the obfuscation device and the maintenance center device may be a device (second device) that operates on the same computer system.

  The remote debugging system described in the present invention generally has the software configuration shown in FIG. 2, but is not limited to this configuration.

  FIG. 3 is a flowchart of the program obfuscation process in the present invention. Here, it is assumed that the program obfuscation process 300 is performed by the Java program developer using the dedicated tool in the obfuscation apparatus 107. The program to be debugged held in each terminal device 105 is a program that has been subjected to the program obfuscation processing 300 in advance.

  In the obfuscation process 300, first, in step 301, program data to be operated as the debug target program 207 is read. As a means for reading, for example, a means for reading from the external storage device 104 is conceivable, but another generally conceivable means may be used. For example, program data existing on the network may be downloaded using the communication device 103. Examples of program data include Java class files and archive files (JAR files). The archive file is a file obtained by compressing a plurality of converted Java bytecodes and resources such as images used by them together.

  Step 302 is a step of acquiring code information of the program data read in Step 301. For example, in a Java class file, a byte code that can be understood by the Java virtual machine and is written in an intermediate format between a programming language and a machine language is stored in a part called a Code attribute.

  Step 303 is a step of obfuscating the code information of the class file and archive file acquired in Step 302. Obfuscation means making the code meaningless even if it is disassembled or decompiled, and deliberately comprehending the analysis of the output source code. There is no limitation on the type and configuration of the obfuscation means, and a general obfuscation tool called an “obfuscator” can be used. DashO, ProGuard, etc. are listed as typical obscure, but it is not limited to these. Code information after obfuscation represents the same logic as code information before obfuscation, but is difficult for humans to analyze. There is no structural change in the program data before obfuscation and the program data after obfuscation.

  FIG. 4 shows an example before (a) and after (b) obfuscation of the code information of the program. In this example, the character string String title = “a” before obfuscation is converted to String abcde = “a” after obfuscation. The code part is obfuscated but not encrypted, so there is no structural change in the program data.

  Step 304 is a step of determining whether or not there is debug information related to the code information acquired in step 302 in the program data. For example, in Java, source line number information is stored in a part called LineNumberTable attribute, and a local variable name is stored in a part called LocalVariableTable attribute. If it is determined in step 304 that debug information exists, the process proceeds to step 305. If it is determined that no debug information exists, the process proceeds to step 308. Here, the program code determined to have no debug information is not a target of remote debugging, but it is possible that a code including debug information and a code not including the debug information are mixed in one program data.

  Step 305 is a step in which transition is made when it is determined in step 304 that debug information exists, and processing for acquiring debug information from program data is performed. In Java, the storage location of debug information is the LineNumberTable attribute or LocalVariableTable attribute in the class file as described above, but it is not limited to this. For example, a compiler that outputs debug information to a separate file can be considered, but the type and location of debug information is not limited.

  Step 306 is a step of editing the debug information of the class file acquired in step 305 into a format associated with the code information obfuscated in step 303. For example, when a plurality of meaningless dummy codes are generated in step 303, a process of associating the same source line number with all the dummy codes can be considered. There can be a plurality of association means, but it is not limited to a specific means as long as normal remote debugging processing is possible.

  Step 307 is a step of encrypting the debug information acquired in step 305 and edited in step 306. As a means of encryption, whether it is a general secret key cryptosystem using 3DES or a general public key cryptosystem using RSA or the like, a general cryptosystem combining them It may be. It is also conceivable to use a unique encryption method that converts the data type of the original debug information to the same data type. For example, a means of converting an integer value representing the source line number into another integer value by bit-shifting by a predetermined number is conceivable. By not changing the data type, there is an advantage that the existing remote debugging interface can be used as it is. Thus, the encryption means is not particularly limited, but the encrypted debug information is stored in the original storage location. For example, when the value of the Java LocalVariableTable attribute is encrypted, the encrypted value is also stored in the LocalVariableTable attribute.

  FIG. 4 shows an example of a compressed file JAR (JavaARchive) in which program debug information is recorded, before encryption (a) and after (b). In this example, <Attribute>, line number = 17, var name = readable in debug information is converted to <Attribute>, line number = XXXX, var name = XXXX. Although the debug information of the class file is encrypted, the debug information is included in the binary even after encryption.

  Step 308 is a step of determining whether the code information different from the code information acquired in step 302 is included in the program. If another code information exists, the process proceeds to step 302, and if it does not exist, the process ends. When ending the process, if the conversion source program is an archive file, it is generally output as an archive file. The program converted in this way becomes the target of remote debugging in the present invention as the debug target program 207.

  The program obfuscation processing described in FIG. 3 is assumed to be performed by a program developer using a dedicated tool. However, as long as it is generally considered, the obfuscation method and the obfuscation timing will be described. Is not limited. For example, a means that the program distribution system automatically obfuscates when installing the program to be debugged can be considered.

FIG. 5 is a diagram illustrating an example of a remote debugging process sequence in the maintenance center apparatus 201 and the debug target apparatus 202.
The debug start process 401 represents a sequence in which the remote debugger 204 is activated by the service administrator and the debug process of the debug target program 207 is started. For example, a procedure for starting a general integrated development environment such as Eclipse and starting remote debugging of a Java program operating on the debug target device 202 corresponds to this.

  The debug information acquisition request 402 is sent from the debug request processing unit 205 of the remote debugger 204 to the debug response processing unit 209 of the program execution environment 208 via the network 203 based on the user list information. It is a sequence to transmit. This corresponds to, for example, processing in which JDB, which is a Java standard debugger, transmits a message to a debugging interface called JVMTI (Java Virtual Machine Tool Interface) of a Java virtual machine via a network.

  The debug information acquisition process 403 is a sequence for acquiring encrypted debug information from the debug target program 207 in accordance with the type of message received by the debug response processing unit 209. For example, in a general Java virtual machine, a function for receiving a debug information acquisition request from a remote and acquiring debug information through JVMTI is provided, and this sequence corresponds to this processing.

  The debug information acquisition response 404 is a sequence for transmitting a response message to the debug information acquisition request 402. In this sequence, the encrypted debug information acquired in the sequence of the debug information acquisition process 403 is returned to the debug request processing unit 205 of the remote debugger 204. The encrypted debug information is not decrypted here and is returned as it is.

  The debug information decryption processing 405 is a sequence in which the debug information decryption processing unit 206 of the remote debugger 204 decrypts the encrypted debug information returned by the debug information acquisition response 404. This sequence is not a function that a general Java debugger has, but is a part that needs to be extended independently. It is assumed that the debug information decryption processing unit 206 knows the encryption method of the debug information encrypted at step 307 in FIG. 3 and its secret key. The obfuscation means (obfuscation tool) that performs the processing of FIG. 3 and the means by which the debug information decryption processing unit 206 shares the secret key are not particularly limited. For example, a means for sharing a secret key by requesting a user to input a password, a means for sharing secret key data stored in the external storage device 104 in advance by a setting file, and the like are generally considered.

  The debug process request 406 is a sequence for transmitting a general debug process request to the debug response processing unit 209 of the program execution environment 208. This represents a general debug request such as setting a breakpoint using JDB, which is a Java standard debugger. The debug process response 407 is the response message.

  In this way, the program logic is executed in each debug target device 202 by using the code information of the obfuscated class file in normal times. Then, when a malfunction occurs in the program of the debug target device 202, remote debugging can be performed on the program of the debug target device 202 using the encrypted debug information.

  In FIG. 5, only the message from the maintenance center device 201 to the debug target device 202 is described, but it is also conceivable that the message is asynchronously transmitted from the debug target device 202 to the maintenance center device 201. For example, transmission of a Breakpoint event issued by JVMTI can be considered.

  Note that FIG. 5 describes the simplest sequence, and does not limit the processing order and number of messages and the direction of transmission / reception. Except for the debug information decoding process 405, an operation conforming to a standard Java remote debug system is assumed.

  By using the program obfuscated by the obfuscation method shown in FIG. 3 and repeating the sequence as shown in FIG. 5, a remote debug system that solves the problem targeted by the present invention can be realized. That is, according to the present embodiment, the program to be debugged is protected from reverse engineering, and at the same time, the program can be remotely debugged. Since the code information of the program to be debugged is not encrypted, performance degradation due to decryption processing during program execution does not occur. In addition, since the encrypted debug information is not decrypted on the real machine, management of the secret key in the real machine is unnecessary, and protection of the decryption code is not necessary. In addition, since neither code information obfuscation nor debug information encryption or decryption processing occurs on the actual machine, logic modification of the program execution environment is unnecessary.

  In this embodiment, an example of a remote debugging system that can use an existing remote debugger as it is will be described. The remote debugging system according to the present embodiment includes a debugger capable of debugging via a network and a program execution environment capable of debugging via a network, similar to the first embodiment. Further, the proxy server can transfer the debug request transmitted via the network to another device via the network, and can decrypt the encrypted debug information of the program obfuscated by the obfuscation device. A proxy server is provided.

FIG. 6 shows a software configuration in the second embodiment.
The relay device 501 includes a proxy server and is connected to the maintenance center device 201 via the network 203. The relay device 501 is connected to the debug target device 202 via the network 203. The network 203 connecting the devices may be the same network or different networks. In addition, the maintenance center device 201, the relay device 501, and the debug target device 202 may exist on the same machine. In this case, the network 203 represents a logical communication pipe.

  The remote debug proxy 502 operates on the relay device 501 and includes a debug message transfer unit 503 and a debug information decoding processing unit 206. The debug message transfer unit 503 performs processing for transferring the message received from the debug request processing unit 205 to the debug response processing unit 209 as it is. Also, the debug message transfer unit 503 identifies the type of message received from the debug response processing unit, and if it is encrypted debug information, the debug information decryption unit 206 is used to decrypt the debug information and debug request processing The decrypted message is transmitted to the unit 205. In other cases, the message is transmitted to the debug request processing unit 205 as it is.

  The configuration of the maintenance center device 201 is the same as that described in the first embodiment, but the only difference is that the debug information decoding processing unit 206 is not provided. By delegating the processing performed by the debug information decoding processing unit 206 to the relay device 501, the existing remote debugger can be used as it is.

  The configuration of the debug target device 202 is the same as that of the first embodiment. The difference from the first embodiment is only that the connection source device is not the maintenance center device 201 but the relay device 501.

  FIG. 7 shows a sequence of remote debugging processing in the second embodiment. The debug start process 401 is the same as the process described in the first embodiment, but differs only in that the connection destination of the remote debugger 204 is the relay device 501.

  The debug information acquisition request 402 transmitted to the relay device 501 is transferred to the debug target device 202 as it is. The debug target apparatus 202 performs the same debug information acquisition processing 403 as described in the first embodiment, and returns the same debug information acquisition response 404 as described in the first embodiment to the relay apparatus 501. The relay apparatus 501 decrypts the encrypted debug information received by the debug information acquisition response 404 by the same debug information decryption processing 405 as described in the first embodiment, and uses the decrypted debug information to send the debug information acquisition response 404 to the maintenance center. Return to device 201. As described above, the relay device 501 decrypts the encrypted debug information, so that the existing remote debugger 204 can be used on the maintenance center device 201. The existing remote debugger 204 is an integrated development environment such as Java standard JDB or Eclipse having a remote debugging function.

  The debug processing request 406 and the debug processing response 407 are different only in that the relay device 501 relays the message, and the processing contents are the same as those described in the first embodiment.

  FIG. 7 describes the simplest sequence, and does not limit the processing order and number of messages and the direction of transmission / reception. Except for transmitting and receiving messages via the relay device 501, an operation according to the standard Java remote debugging system is assumed.

  The program obfuscated by the obfuscation method shown in FIG. 3 is used, and the sequence shown in FIG. 7 is repeated to solve the problem targeted by the present invention, and a remote that can use an existing remote debugger. A debugging system can be realized. That is, according to the second embodiment, in addition to the effects of the first embodiment, there is an effect that an existing debugger can be used as it is by using a dedicated proxy server that performs a decoding process on the maintenance center side.

  The third embodiment shows an example in which the present invention is applied to an automobile navigation system. Unlike the second embodiment, the maintenance center apparatus 100 includes a proxy server. In this navigation system, a dedicated JavaVM is installed, and when the Java program is executed, the JavaVM is activated, and the same Java program is commonly developed and executed. The actual machine 105m has a Java virtual machine mounted on an in-vehicle CPU as a program execution environment capable of debugging, and a car navigation system as an application. The maintenance center device 100 and the actual machine 105m are connected by a network by wireless communication. Java standard API (JVMTI) is used to acquire debug information of the actual machine 105m. The debug information is not decrypted by the actual machine 105m, but is decrypted by the debugger of the maintenance center apparatus 100. By providing the maintenance center apparatus 100 with a decryption proxy for performing decryption processing, a Java standard debugger (JDB) can be used.

  The maintenance center device 100 has a program execution environment capable of decrypting the encrypted debug information of the debug target program obfuscated by the obfuscation device and capable of performing debug processing via the network. The maintenance center device 100 transmits a debug request for acquiring debug information of the obfuscated program to the program execution environment of the car navigation system 105m, and the program execution environment receiving the debug request is the obfuscated program. The encrypted debug information requested by the debug request is acquired from the server, and the encrypted debug information is returned to the maintenance center apparatus 100. The maintenance center device 100 decrypts the encrypted debug information received from the program execution environment.

  In this way, it is possible to protect the car navigation system program from reverse engineering, and at the same time perform remote debugging of the car navigation system with existing JDB-compatible tools without degrading performance.

  The remote debugging system of the present invention can also be applied to a home gateway in which various terminal devices such as personal computers, digital home appliances, and telephones installed in a Java virtual machine are connected via a home network. In this home gateway, a dedicated JavaVM is installed, and when the Java program is executed, the JavaVM is activated, and the same Java program is commonly developed and is in an executable environment. By applying the present invention, it is possible to protect a debug target program of a device equipped with a Java virtual machine constituting a home gateway in each home from reverse engineering, and at the same time enable remote debugging of each device without degrading performance. be able to.

  Alternatively, the remote debugging system of the present invention is configured to control the flow of power from both the supply side and the demand side, and to construct a power transmission network that can be optimized so that power can be exchanged from both the consumer and supply side. It can also be applied to smart grids. In this smart grid system, dedicated devices and software equipped with Java virtual machines are incorporated into a part of the power grid. By applying the present invention, it is effective in overcoming the security vulnerability that is a drawback of the smart grid. For example, it is possible to protect a debug target program of a device mounted with a Java virtual machine that constitutes a customer's smart grid system from reverse engineering, and simultaneously enable remote debugging of each device without degrading performance.

DESCRIPTION OF SYMBOLS 100 Maintenance center 101 Arithmetic apparatus 102 Main storage apparatus 103 Communication apparatus 104 External storage apparatus 105 User terminal device 106 Network 107 Obfuscation apparatus 201 provided by program developer Maintenance center apparatus 202 Debug target apparatus 203 Network 204 Remote debugger 205 Debug request processing Unit 206 debug information decoding processing unit 207 debug target program 208 program execution environment 209 debug response processing unit 300 obfuscation processing 301 program read 302 code information acquisition 303 code information obfuscation 304 debug information present 305 debug information acquisition 306 debug information editing 307 debug Information encryption 308 Code information present 401 Debug start processing 402 Debug information acquisition request 403 Debug information acquisition processing 404 Debug information The resulting response 405 debug information decoding processing 406 debug processing request 407 debug processing response 501 relay apparatus 502 remote debugging proxy 503 debug message transfer part.

Claims (12)

A method for obfuscating a program to be debugged for execution on a device to be debugged in an obfuscation device having program obfuscation processing means,
The debug target program includes code information representing program logic and debug information representing information necessary for debugging,
By the program obfuscation processing means,
Without changing the program logic of the debug target program, the code information is obfuscated into information that is difficult to reverse engineer,
A program obfuscation method comprising obfuscating the debug target program by encrypting the debug information into information that cannot be reverse-engineered. In claim 1,
The program obfuscation method, wherein the debug target program is an application program for executing a virtual machine on the debug target device. In claim 2,
The debug target program is a program written in Java language,
A program obfuscation method, wherein the code information and the debug information of a class file constituting the program logic are converted by different methods. In claim 3,
The program obfuscation processing means includes:
Read the program data of the class file from its storage location,
The code information is obtained from the byte code of the read program data,
Using the obfuscation means, the obtained code information of the class file represents the same logic as the code information before obfuscation, but is converted into code information that is difficult for humans to analyze,
Determining whether there is debug information related to the acquired code information in the program data;
When it is determined that the code includes the debug information, the debug information is acquired from the program data and stored in a predetermined location.
Edit the acquired class file debug information into a format that corresponds to the obfuscated code information,
A program obfuscation method, comprising: encrypting the edited debug information; and storing the encrypted debug information in an original storage location. A remote configured so that a debug target device that executes a debug target program, an obfuscation device that includes program obfuscation processing means, and a debug processing device that debugs the debug target program can be connected to each other via a network. A debugging system,
The program obfuscation processing means of the obfuscation apparatus comprises:
Without changing the program logic of the debug target program, the code information is obfuscated into information that is difficult to reverse engineer, and the debug information is encrypted into information that cannot be reverse engineered. Obfuscating the program to be debugged,
The debug target device is:
Holding the debug target program obfuscated by the program obfuscation processing means, and including an execution environment of the debug target program, and a debug response processing unit,
The debug processing device includes:
A debug information acquisition means function relating to the debug target program of the debug target device; and debug information decoding / processing means relating to the debug target program;
A remote debugging system for performing a debugging process of an obfuscated debugging target program of the debugging target device via the network. In claim 5,
The debug processing device is a maintenance center connected to the debug target device via the network;
The maintenance center includes a debugger capable of decrypting the encrypted debug information of the obfuscated program, and a program execution environment capable of the debug process via the network,
The debugger is
A debug request processing unit for providing a user interface for the debugging process;
A remote debug system comprising a debug information decryption processing unit for decrypting the encrypted debug information. In claim 6,
The debug target device includes a storage unit and a processing unit,
An application program as the program and a virtual machine that processes the application program so as to be executable are stored in the storage unit, and the processing unit includes an environment in which the virtual machine is executed,
A remote debugging system that executes the obfuscated program at normal times. In claim 5,
The debug response processing receives a debug request message transmitted from the debug request processing unit, performs debug processing of the program to be debugged according to the type of the message, and returns the result to the debug request processing unit. A featured remote debugging system. In claim 6,
When the malfunction occurs in the debug target program of the debug target device, the maintenance center decrypts the encrypted debug information and performs remote debugging on the debug target program of the debug target device. Remote debugging system. In claim 6,
When the debugger transmits a debug request for acquiring the debug information of the obfuscated program to the program execution environment of the debug target device, the program of the debug target device that has received the debug request The execution environment obtains the debug information encrypted that the debug request requests from the obfuscated program,
Return the encrypted debug information to the debugger,
The remote debugging system, wherein the debugger decrypts the encrypted debug information received from the program execution environment of the debug target device. In claim 5,
The debug processing device is configured with a debugger capable of debugging processing via the network, and a proxy server capable of transferring a debug request transmitted via the network to the debug target device via the network,
The proxy server has a program execution environment capable of decrypting the encrypted debug information of the obfuscated program and capable of performing debug processing via a network;
The debug target device has a program execution environment capable of executing the obfuscated program;
When the debugger sends a debug request for acquiring the debug information of the obfuscated program to the proxy server, the proxy server transfers the debug request to the program execution environment of the debug target device. And
The program execution environment of the device to be debugged that has received the debug request acquires the encrypted debug information requested by the debug request from the obfuscated program, and the program execution environment is encrypted The debug information is returned to the proxy server,
The remote debug system, wherein the proxy server decrypts the encrypted debug information received from the program execution environment, and returns the decrypted debug information to the debugger. In claim 5,
The debug processing device is configured by a maintenance center including a debugger capable of performing debug processing via the network, and a proxy server capable of transferring the debug request to the debug target device via the network,
The maintenance center has a program execution environment capable of decrypting the encrypted debug information of the obfuscated program and capable of performing debug processing via a network;
The debug target device has a program execution environment capable of executing the obfuscated program;
The maintenance center sends a debug request for obtaining the debug information of the obfuscated program to the program execution environment of the debug target device;
The program execution environment of the device to be debugged that has received the debug request acquires the encrypted debug information requested by the debug request from the obfuscated program, and the program execution environment is encrypted Return the debug information to the maintenance center,
The remote maintenance system, wherein the maintenance center decrypts the encrypted debug information received from the program execution environment.

Images