JP5149061B2 - Program obfuscation apparatus, program obfuscation method, and program - Google Patents

Description

  The present invention relates to a program obfuscation apparatus, a program obfuscation method, and a program by encoding variables using random numbers.

  Software may contain information that should be kept secret to the user, such as valuable algorithms and content encryption keys. On the other hand, many techniques (RE: Reverse Engineering) for analyzing software have been developed. For this reason, when software is analyzed by these techniques, there is a threat that an unauthorized person obtains confidential information. For this threat, there is a technique called obfuscation that makes it difficult to analyze software while keeping the software specifications.

  As the obfuscation technique, an encoding method in which variables in a program are linearly converted by an arithmetic unit and encoded, that is, n variables (where n is a positive integer) to be encoded arbitrarily Select an m × n matrix (where m is a positive integer of m ≧ n) and an arbitrary vector of m dimensions, and linearly transform n variables using the generated matrix and vector as a conversion key. A method of encoding m integers at the same time is disclosed (for example, see Patent Document 1).

Select n variables (n is a positive integer of 2 or more) to be encoded from the program, and use the encoding function consisting of exclusive OR of the selected n variables and an arbitrary constant. Define m (m is a positive integer, m ≧ n) encoding expressions including the following independent encoding functions. An encoding expression composed of n independent encoding functions is calculated for n variables, n encoded variables corresponding to the n variables are obtained, and the n encoded variables are calculated. A method is disclosed in which n variables before encoding are used, initial values are given to the encoded variables, and merging of consecutive assignment instructions is executed (see, for example, Patent Document 2). ).
JP 2006-079347 A JP 2007-079916 A

  However, in the above method, it is possible to make analysis of both data and logic difficult by encoding variables included in the program, but because the values of the encoded variables are the same for the same input, There is a problem that sufficient safety cannot be realized.

  Therefore, the present invention has been made in view of the above-described problems, and an object thereof is to provide a program obfuscation apparatus, a program obfuscation method, and a program that realize sufficient safety.

  The present invention proposes the following items in order to solve the above-described problems.

( 1 ) The present invention relates to a first selection means for selecting n (n: positive integer) variables x_1, x_2,..., X_n to be encoded, and the number of variables after encoding. a second selecting means for selecting m (m; a positive integer of m ≧ n), a Boolean matrix A of m rows and n columns, and an m-dimensional matrix b = [b_1, b_2,..., b_m] ^ T (T: matrix transposing means for arbitrarily generating (T; vector transposition) and a predetermined arithmetic expression, and each row is extracted to calculate an encoding expression y_j = f_j (x_1, x_2,..., X_n) In the program, a first calculating unit that calculates the decoding equation x_i = g_i (y_1, y_2,..., Y_m) using the calculated encoding equation as a simultaneous equation of x_n, A first replacement that replaces the assignment instruction with each encoding expression calculated by the first calculation means Deletes the declaration of the variables x_1, x_2,..., X_n in the program, the second replacement means for replacing the variable on the right side in the program with each decryption formula calculated by the second calculation means, and the program. In the program, declaration adding means for adding declarations of the encoded variables y_1, y_2,..., Y_m and variables r_1, r_2,. There has been proposed a program obfuscation device comprising an instruction adding means for adding an instruction for setting a random number to each variable.

According to the present invention, the first selection means selects n (n: positive integer) variables x_1, x_2,..., X_n to be encoded. The second selection means selects the number m of variables after encoding (m; a positive integer such that m ≧ n). The matrix generation means arbitrarily generates a Boolean matrix A of m rows and n columns and an m-dimensional matrix b = [b_1, b_2,..., B_m] ^ T (T; vector transposition). The first calculation means calculates a predetermined arithmetic expression, extracts each row, and calculates an encoding expression y_j = f_j (x_1, x_2,..., X_n). The second calculating means calculates a decoding expression x_i = g_i (y_1, y_2,..., Y_m) using the calculated encoding expression as simultaneous equations of x_n. The first replacement means replaces the substitution instruction in the program with each encoding expression calculated by the first calculation means. The second replacement means replaces the variable on the right side in the program with each decoding formula calculated by the second calculation means. The deleting means deletes declarations of variables x_1, x_2,..., X_n in the program. The declaration adding means adds declarations of the encoded variables y_1, y_2,..., Y_m and variables r_1, r_2,. The instruction adding means adds an instruction for setting a random number to each variable in the program. Therefore, since the variable value itself is masked, it is possible to further enhance protection of a program that processes highly confidential data.

( 2 ) The present invention provides a first selection unit, a second selection unit, a matrix generation unit, a first calculation unit, a second calculation unit, a first substitution unit, a second substitution unit, a deletion unit, A program obfuscation method in a program obfuscation apparatus comprising a declaration adding unit and an instruction adding unit, wherein the first selection unit includes n (n: positive integer) variables x_1 to be encoded. , X_2,..., X_n, and the second selecting means selects the number m of variables after encoding (m; a positive integer satisfying m ≧ n). And a matrix generation means for arbitrarily generating an m-by-n Boolean matrix A and an m-dimensional matrix b = [b_1, b_2,..., B_m] ^ T (T; vector transposition). 3 and steps of the first calculating means, calculates a predetermined arithmetic expression, each row Ri out, coding type y_j = f_j (x_1, x_2, ···, x_n) a fourth step of calculating the said second calculating means, the coding type of the calculated as simultaneous equations x_n The fifth step of calculating the decoding formula x_i = g_i (y_1, y_2,..., Y_m) and the first replacement means replace the substitution instruction in the program with each of the calculated encoding formulas. A sixth step, a seventh step in which the second replacement means replaces a variable on the right side in the program with each of the calculated decoding equations , and a deletion means in the program uses variables x_1, x_2, ..., the eighth step of deleting the declaration of x_n, and the declaration adding means, in the program, the encoded variable y_1, y_2, ..., y_m and the variable r_ that stores the random number Comprising 1, r_2, · · ·, a ninth step of adding a declaration of r_n, the instruction adding means, in the program, a tenth step of adding an instruction to set a random number to each variable, the We propose a program obfuscation method characterized by this.

According to the present invention, n (n: positive integer) variables x_1, x_2,..., X_n to be encoded are selected, and the number m (m; m ≧ n) of variables after encoding is selected. Positive integer). Next, an m-by-n Boolean matrix A and an m-dimensional matrix b = [b_1, b_2,..., B_m] ^ T (T: vector transposition) are arbitrarily generated, and a predetermined arithmetic expression is calculated. Then, each row is taken out and the encoding formula y_j = f_j (x_1, x_2,..., X_n) is calculated. Further, the decoding equation x_i = g_i (y_1, y_2,..., Y_m) is calculated by using the calculated encoding equation as a simultaneous equation of x_n, and the substitution instruction is replaced with each encoding equation in the program. The variable on the right side is replaced with each decryption expression . Then, in the program, the declarations of the variables x_1, x_2, ..., x_n are deleted, and the variables r_1, r_2, ..., r_n for storing the encoded variables y_1, y_2, ..., y_m and random numbers are stored. And add a command to set a random number to each variable in the program. Therefore, since the variable value itself is masked, it is possible to further enhance protection of a program that processes highly confidential data.

( 3 ) The present invention includes a first step of selecting n (n: positive integer) variables x_1, x_2,..., X_n to be encoded, and the number m of variables after encoding. A second step of selecting (m; a positive integer of m ≧ n), an m-by-n Boolean matrix A and an m-dimensional matrix b = [b_1, b_2,..., B_m] ^ T (T A third step for arbitrarily generating a vector transposition) and a predetermined arithmetic expression to calculate each row and calculate an encoding expression y_j = f_j (x_1, x_2,..., X_n) A fourth step, a fifth step of calculating a decoding equation x_i = g_i (y_1, y_2,..., Y_m) using the calculated encoding equation as a simultaneous equation of x_n, and an assignment instruction in the program A sixth step of replacing with each calculated encoding expression, and a program In the program, the seventh step of replacing the variable on the right side with the calculated decryption formulas , the eighth step of deleting the declaration of the variables x_1, x_2, ..., x_n in the program, 9th step of adding declarations of encoded variables y_1, y_2,..., Y_m and variables r_1, r_2,..., R_n for storing random numbers, and setting a random number for each variable in the program A program for causing a computer to execute a tenth step of adding an instruction for a computer is proposed.

According to the present invention, n (n: positive integer) variables x_1, x_2,..., X_n to be encoded are selected, and the number m (m; m ≧ n) of variables after encoding is selected. Positive integer). Next, an m-by-n Boolean matrix A and an m-dimensional matrix b = [b_1, b_2,..., B_m] ^ T (T: vector transposition) are arbitrarily generated, and a predetermined arithmetic expression is calculated. Then, each row is taken out and the encoding formula y_j = f_j (x_1, x_2,..., X_n) is calculated. Further, the decoding equation x_i = g_i (y_1, y_2,..., Y_m) is calculated by using the calculated encoding equation as a simultaneous equation of x_n, and the substitution instruction is replaced with each encoding equation in the program. The variable on the right side is replaced with each decryption expression . Then, in the program, the declarations of the variables x_1, x_2, ..., x_n are deleted, and the variables r_1, r_2, ..., r_n for storing the encoded variables y_1, y_2, ..., y_m and random numbers are stored. And add a command to set a random number to each variable in the program. Therefore, since the variable value itself is masked, it is possible to further enhance protection of a program that processes highly confidential data.

  According to the present invention, since a control variable for masking a variable included in a program is introduced and the variable is a target of encoding, the effect of being suitable for protection of a program that processes highly confidential data is obtained. is there.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
Note that the constituent elements in the present embodiment can be appropriately replaced with existing constituent elements and the like, and various variations including combinations with other existing constituent elements are possible. Therefore, the description of the present embodiment does not limit the contents of the invention described in the claims.

  Hereinafter, embodiments of the present invention will be described with reference to FIGS. 1 and 2.

<Configuration of program obfuscation device>
The configuration of the program obfuscation device will be described with reference to FIG.
As shown in FIG. 1, the program obfuscation apparatus according to the present embodiment includes a selection unit 1, a matrix generation unit 2, a calculation unit 3, a replacement unit 4, a declaration deletion unit 5, and a declaration addition unit 6. The command adding unit 7 and the control unit 8 are included.

  The selection unit 1 selects n (n: positive integer) variables x_1, x_2,..., X_n to be encoded, and the number m (m; m ≧ n) of the encoded variables. Positive integer). Here, the encoded variables (encoded variables) are y_1, y_2,..., Y_m.

  The matrix generation unit 2 arbitrarily generates an m-by-n Boolean matrix A and an m-dimensional matrix b = [b_1, b_2,..., B_m] ^ T (T: vector transposition). However, the Boolean matrix A satisfies rank (A) = n.

  The calculation unit 3 calculates the arithmetic expression shown in Equation 1, extracts each row, and calculates the encoding expression y_j = f_j (x_1, x_2,..., X_n). Each encoding formula includes variables r_1, r_2,..., R_n for storing random numbers. Thereby, high confidentiality can be obtained.

  In addition, the calculation unit 3 calculates a decoding expression x_i = g_i (y_1, y_2,..., Y_m) using the encoding expression calculated above as a simultaneous equation of x_n. Each decryption formula also includes variables r_1, r_2,..., R_n for storing random numbers. Thereby, high confidentiality can be obtained.

The replacement unit 4 replaces the variable on the left side with the coding formula calculated by the calculation unit 3 in the program. Specifically, the assignment instruction x_i = e (e is a constant or a function) is replaced with the following instruction sequence.
y_1 = f_1 (x_1, x_2,..., x_n) | x_i = e
y_2 = f_2 (x_1, x_2,..., x_n) | x_i = e
・
・
・
y_m = f_m (x_1, x_2,..., x_n) | x_i = e
However, f_j (x_1, x_2, ..., x_n) | x_i = e is an expression in which x_i is replaced with e in the encoding expression f_j.

The replacement unit 4 replaces the variable on the right side with each decoding formula calculated by the calculation unit 3. Specifically, the referenced variable x_i is replaced with a decoding formula g_i (y_1, y_2,..., Y_m).

  The declaration deletion unit 5 deletes declarations of variables x_1, x_2,..., X_n in the program. The declaration adding unit 6 adds declarations of encoded variables y_1, y_2,..., Y_m and variables r_1, r_2,. The instruction adding unit 7 adds an instruction for setting a random number to each variable in the program.

  The control unit 8 controls the entire apparatus according to a control program stored in a storage unit (not shown).

<Processing of program obfuscation device>
Next, processing of the program obfuscation apparatus will be described with reference to FIG.

  First, n variables (n is a positive integer) to be encoded are selected (step S101). The variables selected here are x_1, x_2,..., X_n.

  Next, the number m of encoded variables (m is a positive integer greater than or equal to n) is selected (step S102). Here, the encoded variables (encoded variables) are y_1, y_2,..., Y_m.

  An m-by-n Boolean matrix A and an m-dimensional matrix b = [b_1, b_2,..., b_m] ^ T (T means transposition of a vector) are arbitrarily generated (step S103). However, the Boolean matrix A satisfies rank (A) = n.

  Next, each row of the following formula 2 is extracted (step S104). As a result, the encoding formula y_j = f_j (x_1, x_2,..., X_n) is obtained. Each encoding expression includes variables r_1, r_2,..., R_n for storing random numbers.

  The encoding equation obtained in step S104 is regarded as a simultaneous equation for x_n and is solved (step S105). As a result, the decoding formula x_i = g_i (y_1, y_2,..., Y_m) is obtained. Each decryption formula also includes variables r_1, r_2,..., R_n for storing random numbers.

Then, the variable appearing on the left side in the program is replaced with the encoding variable (step S106). Specifically, the assignment instruction x_i = e (e is a constant or a function) is replaced with the following instruction sequence.
y_1 = f_1 (x_1, x_2,..., x_n) | x_i = e
y_2 = f_2 (x_1, x_2,..., x_n) | x_i = e
・
・
・
y_m = f_m (x_1, x_2,..., x_n) | x_i = e
However, f_j (x_1, x_2, ..., x_n) | x_i = e is an expression in which x_i is replaced with e in the encoding expression f_j.

  Further, the variable appearing on the right side in the program is replaced with the encoding variable (step S107). Specifically, the referenced variable x_i is replaced with a decoding formula g_i (y_1, y_2,..., Y_m).

  Then, in the program, the declarations of the variables x_1, x_2,..., X_n are deleted (step S108), and the variables y_1, y_2,. Is added (step S109). Finally, an instruction for setting a random number to each variable is added (step S110).

  Therefore, according to the present embodiment, since the variable value itself is masked, it is possible to further enhance the protection of the program that processes highly confidential data.

  Note that the program obfuscation apparatus of the present invention is realized by recording the processing of the program obfuscation apparatus on a computer-readable recording medium, causing the program obfuscation apparatus to read and execute the program recorded on the recording medium. be able to. The computer system here includes an OS and hardware such as peripheral devices.

  Further, the “computer system” includes a homepage providing environment (or display environment) if a WWW (World Wide Web) system is used. The program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.

  The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

  The embodiments of the present invention have been described in detail with reference to the drawings. However, the specific configuration is not limited to the embodiments, and includes designs and the like that do not depart from the gist of the present invention.

It is a block diagram of the program obfuscation apparatus which concerns on this embodiment. It is a processing flow of the program obfuscation apparatus which concerns on this embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Selection part 2 ... Matrix generation part 3 ... Calculation part 4 ... Replacement part 5 ... Declaration deletion part 6 ... Declaration addition part 7 ... Instruction addition part 8 ... Control unit

Claims (3)

First selection means for selecting n (n: positive integer) variables x_1, x_2,..., X_n to be encoded;
Second selection means for selecting the number m of variables after encoding (m; a positive integer of m ≧ n);
matrix generating means for arbitrarily generating a Boolean matrix A of m rows and n columns and an m-dimensional matrix b = [b_1, b_2,..., b_m] ^ T (T; vector transposition);
A first calculating unit that calculates Formula 1 and extracts each row to calculate an encoding expression y_j = f_j (x_1, x_2,..., X_n);
Second calculating means for calculating a decoding expression x_i = g_i (y_1, y_2,..., Y_m) using the calculated encoding expression as simultaneous equations of x_n;
In the program, a first replacement unit that replaces an assignment instruction with each encoding expression calculated by the first calculation unit;
In the program, second replacement means for replacing the variable on the right side with each decoding formula calculated by the second calculation means;
In the program, deletion means for deleting declarations of variables x_1, x_2, ..., x_n;
Declaration adding means for adding declarations of encoded variables y_1, y_2,..., Y_m and variables r_1, r_2,.
In the program, an instruction adding means for adding an instruction for setting a random number to each variable;
A program obfuscation device comprising:
First selection means, second selection means, matrix generation means, first calculation means, second calculation means, first replacement means, second replacement means, deletion means, declaration addition means, and instruction addition A program obfuscation method in a program obfuscation apparatus comprising means,
A first step in which the first selecting means selects n (n; positive integer) variables x_1, x_2,..., X_n to be encoded;
A second step in which the second selection means selects the number m of variables after encoding (m; a positive integer of m ≧ n);
A third step in which the matrix generation means arbitrarily generates an m-by-n Boolean matrix A and an m-dimensional matrix b = [b_1, b_2,..., B_m] ^ T (T; vector transposition); When,
A fourth step in which the first calculation means calculates Formula 2 to extract each row and calculate an encoding expression y_j = f_j (x_1, x_2,..., X_n);
A fifth step in which the second calculating means calculates a decoding equation x_i = g_i (y_1, y_2,..., Y_m) using the calculated encoding equation as a simultaneous equation of x_n;
A first step in which the first replacement means replaces the substitution instruction with each calculated encoding expression in the program;
A second step in which the second replacement means replaces the variable on the right side with each calculated decoding formula in the program;
An eighth step in which the deleting means deletes declarations of variables x_1, x_2, ..., x_n in the program;
A ninth step of adding declarations of encoded variables y_1, y_2, ..., y_m and variables r_1, r_2, ..., r_n for storing random numbers in the program;
A tenth step in which the instruction adding means adds an instruction for setting a random number to each variable in the program;
A program obfuscation method characterized by comprising:
A first step of selecting n (n; positive integer) variables x_1, x_2,..., X_n to be encoded;
A second step of selecting the number m of variables after encoding (m; a positive integer with m ≧ n);
a third step of arbitrarily generating an m-by-n Boolean matrix A and an m-dimensional matrix b = [b_1, b_2,..., b_m] ^ T (T; vector transposition);
A fourth step of calculating Formula 3 to extract each row and calculate an encoding expression y_j = f_j (x_1, x_2,..., X_n);
A fifth step of calculating a decoding expression x_i = g_i (y_1, y_2,..., Y_m) using the calculated encoding expression as simultaneous equations of x_n;
A sixth step of replacing an assignment instruction with each calculated encoding expression in the program;
In the program, a seventh step of replacing the variable on the right side with each calculated decoding formula ;
An eighth step of deleting declarations of variables x_1, x_2, ..., x_n in the program;
A ninth step of adding declarations of encoded variables y_1, y_2,..., Y_m and variables r_1, r_2,.
A tenth step of adding an instruction for setting a random number to each variable in the program;
A program that causes a computer to execute.