JP6578841B2 - Obfuscation device, method and program - Google Patents

Description

  The present invention relates to a technique for obfuscating secret information included in a source code.

  As miniaturization of state-of-the-art LSI (Large Scale Integration) devices progresses, the functions of EDA (electronic design automation) tools for designing LSIs are becoming larger and more complex. Along with this, there are an increasing number of cases in which defects due to devices or EDA tools occur.

Of course, it is almost impossible to investigate the cause of these defects only by analyzing only the design that designed the LSI. For this reason, it is difficult for the designer alone to solve the problem, and there are increasing cases of requesting analysis from device vendors or EDA vendors. In many cases, the designer requests analysis by the following method (1) or (2).
(1) A non-disclosure agreement (hereinafter referred to as NDA) is concluded between a device vendor and an EDA vendor, and the design including confidential information is provided.
(2) The secret information is manually deleted from the design and supplied to the device vendor and EDA vendor.

  In this way, design supply is indispensable for an analysis request from a designer to a device vendor or EDA vendor.

  However, the above method causes the following problems. In method (1), there are many cases where NDA itself cannot be concluded due to the policy of the development project. Even if an NDA is concluded, there are many development projects in which design functions are not specified by module names or signal names and the design cannot be disclosed. This is because the possibility of information leaking to competitors via device vendors and EDA vendors is taken into consideration.

  In the method (2), it takes a lot of man-hours to change the module name, signal name, etc. so that the design function is not specified. Moreover, mistakes are likely to occur during manual changes.

  An example of a technique related to such a problem is described in Patent Document 1. The related technique described in Patent Document 1 converts each variable name into another character string in the source code in which the design contents of the LSI are described in a hardware description language. At this time, this related technique does not perform the character string conversion process for the variable name corresponding to the preset non-converted character string. By using this technology, the designer supplies the device code or EDA vendor with source code in which each variable name as secret information is converted into another character string.

JP 2005-235848 A

  However, the related technique described in Patent Document 1 does not describe details on how to perform character string conversion on each variable name or the like that is secret information. A wide variety of character strings are used for variable names that can be confidential information in the source code. For this reason, simply extracting variable names from the source code and sequentially performing character string conversion may cause unintended character string conversion. For this reason, a syntax error may occur or secret information may remain. For this reason, even if this related technique is used, it is eventually necessary to visually confirm the conversion result.

  The present invention has been made to solve the above-described problems. That is, an object of the present invention is to provide a technique for automatically generating a source code having a design content equivalent to that of the original source code while appropriately deleting secret information from the original source code.

  The obfuscation apparatus of the present invention includes a comment information deleting unit that deletes comment information representing a comment from a source code, and a character string representing a predetermined type of component in the description language from the source code as an obfuscation target keyword. An obfuscation target keyword extraction unit that extracts and generates an obfuscation list; and the obfuscation list that sorts the keywords in descending order of character string length in the obfuscation list and excludes keywords that satisfy a predetermined condition from the obfuscation list An obfuscation executing unit that executes processing for converting a keyword included in the obfuscation list into another character string in the source code from which the comment information has been deleted, in the order included in the obfuscation list And comprising.

  Further, according to the method of the present invention, the computer device deletes comment information representing a comment from the source code, and extracts a character string representing a predetermined type of component in the description language from the source code as an obfuscated keyword. The obfuscated list is generated, the keywords are rearranged in the descending order of the character string length in the obfuscated list, keywords that satisfy a predetermined condition are excluded from the obfuscated list, and the comment information is deleted. In the code, the process of converting the keyword included in the obfuscation list into another character string is executed in the order included in the obfuscation list.

  Further, the program of the present invention includes a comment information deleting step for deleting comment information representing a comment from the source code, and a character string representing a predetermined type of component in the description language from the source code as an obfuscated keyword An obfuscation target keyword extraction step of extracting and generating an obfuscation list; and obfuscation of rearranging the keywords in descending order of character string length in the obfuscation list and excluding keywords satisfying a predetermined condition from the obfuscation list An obfuscation list adjusting step and an obfuscation execution step of executing processing for converting a keyword included in the obfuscation list into another character string in the source code from which the comment information has been deleted, in the order included in the obfuscation list. Are executed by the computer device.

  The present invention can provide a technique for automatically generating a source code whose design content is equivalent to that of the original source code while more appropriately deleting the secret information from the original source code.

It is a block diagram which shows the structure of the obfuscation apparatus as the 1st Embodiment of this invention. It is a figure which shows an example of the hardware constitutions of the obfuscation apparatus as the 1st Embodiment of this invention. It is a flowchart explaining operation | movement of the obfuscation apparatus as the 1st Embodiment of this invention. It is a block diagram which shows the structure of the obfuscation apparatus as the 2nd Embodiment of this invention. It is a figure explaining various description styles of general source code. It is a flowchart explaining the detail of the comment information deletion operation | movement of the obfuscation apparatus as the 2nd Embodiment of this invention. It is a figure which shows an example of the original source code before deleting comment information in the specific example of the 2nd Embodiment of this invention. It is a figure which shows an example of the temporary source code produced | generated when comment information is deleted in the specific example of the 2nd Embodiment of this invention. It is a figure which shows an example of the temporary source code produced | generated when comment information is deleted in the specific example of the 2nd Embodiment of this invention. It is a figure which shows an example of the source code from which the comment information was deleted in the specific example of the 2nd Embodiment of this invention. It is a figure which shows an example of the other original source code before deleting comment information in the specific example of the 2nd Embodiment of this invention. It is a figure which shows an example of the other source code from which the comment information was deleted in the specific example of the 2nd Embodiment of this invention. It is a flowchart explaining the detail of the obfuscation object keyword extraction operation | movement of the obfuscation apparatus as the 2nd Embodiment of this invention. It is a figure which shows an example of the temporary source code produced | generated when shaping a description style in the specific example of the 2nd Embodiment of this invention. It is a figure which shows an example of the source code by which the description style was shaped in the specific example of the 2nd Embodiment of this invention. It is a figure which shows an example of the rule for extracting the keyword of obfuscation object in the specific example of the 2nd Embodiment of this invention. It is a figure which shows an example of the keyword of the obfuscation object extracted in the specific example of the 2nd Embodiment of this invention. It is a figure which shows an example of the obfuscation list | wrist produced | generated / adjusted in the specific example of the 2nd Embodiment of this invention. It is a flowchart explaining the detail of the obfuscation list adjustment operation | movement of the obfuscation apparatus as the 2nd Embodiment of this invention. It is a figure which shows an example of the reserved word table referred in the specific example of the 2nd Embodiment of this invention. It is a flowchart explaining the detail of obfuscation execution operation | movement of the obfuscation apparatus as the 2nd Embodiment of this invention. It is a figure which shows an example of the conversion table produced | generated in the specific example of the 2nd Embodiment of this invention. It is a figure which shows an example of the obfuscation conversion script produced | generated in the specific example of the 2nd Embodiment of this invention. It is a figure which shows an example of the source code obfuscated in the specific example of the 2nd Embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

(First embodiment)
A functional block configuration of the obfuscation apparatus 1 as the first embodiment of the present invention is shown in FIG. In FIG. 1, the obfuscation apparatus 1 includes a comment information deletion unit 11, an obfuscation target keyword extraction unit 12, an obfuscation list adjustment unit 13, and an obfuscation execution unit 14.

  Here, the obfuscation apparatus 1 can be configured by hardware elements as shown in FIG. In FIG. 2, the obfuscation apparatus 1 includes a CPU (Central Processing Unit) 1001, a memory 1002, an output apparatus 1003, and an input apparatus 1004. The memory 1002 includes a RAM (Random Access Memory), a ROM (Read Only Memory), an auxiliary storage device (such as a hard disk), and the like. The output device 1003 is configured by a device that outputs information, such as a display device or a printer. The input device 1004 is configured by a device that receives an input of a user operation, such as a keyboard or a mouse. In this case, each functional block of the obfuscation device 1 is configured by a CPU 1001 that reads and executes a computer program stored in the memory 1002 and controls each unit of the output device 1003 and the input device 1004. Note that the hardware configuration of the obfuscation apparatus 1 and each functional block thereof is not limited to the above-described configuration.

  The comment information deletion unit 11 deletes comment information from the source code. Here, the source code may be text information in which the design content of the integrated circuit is described in a hardware description language. Specifically, the comment information deletion unit 11 may delete the comment information based on a character string indicating the start or end of the comment in the description language of the source code.

  Here, the comments embedded in the source code can be confidential information. For example, when the source code represents the design content of the integrated circuit, there is a high possibility that the comment includes information that can specify the function of the design. In addition, if the comment is obfuscated, the significance of the comment itself is lost. Therefore, from the viewpoint of obfuscation of the source code, it is suitable that the comment is deleted from the source code rather than being an obfuscation target.

  The source code may be stored in the memory 1002, for example. Alternatively, the source code may be stored in an external device or a portable storage medium connected via a network. In that case, the comment information deletion unit 11 may acquire the source code by acquiring information indicating the storage location of the target source code via the input device 1004. In addition, when the input information indicates a position (folder or the like) where one or more source codes are stored together, the comment information deletion unit 11 acquires all the source codes at the corresponding position. Comments may be deleted.

  The obfuscation target keyword extraction unit 12 extracts obfuscation target keywords from the source code, and sets the extracted keyword list as an obfuscation list. The obfuscation target keyword is a character string representing a predetermined type of component in the description language. The types to be obfuscated among the constituent elements are set in advance. If there are a plurality of types of description languages of the acquired source code group, the obfuscation target keyword extracting unit 12 may generate an obfuscation list for each description language.

  The obfuscation list adjustment unit 13 rearranges the keywords in descending order of the character string length in the obfuscation list. Further, the obfuscation list adjustment unit 13 excludes keywords that satisfy a predetermined condition from the obfuscation list.

  The obfuscation executing unit 14 executes processing for converting a keyword included in the obfuscation list into another character string in the source code from which the comment information is deleted, in the order included in the obfuscation list. If there are a plurality of types of description languages of the acquired source code group, the obfuscation execution unit 14 uses the obfuscation list generated for the description language for each source code from which the comment information has been deleted. Conversion processing may be performed.

  The operation of the obfuscation apparatus 1 configured as described above will be described with reference to FIG.

  In FIG. 3, first, the comment information deletion unit 11 acquires one or more source codes to be processed (step S1).

  Note that when there are a plurality of types of description languages of the source code group acquired here, it is desirable that the following operations in steps S2 to S6 are executed for each description language.

  Next, the comment information deletion unit 11 deletes the comment information from each source code (step S2).

  Next, the obfuscation target keyword extraction unit 12 extracts a character string representing a predetermined type of component in the description language from the source code group as an obfuscation target keyword to obtain an obfuscation list (step S3). .

  Next, the obfuscation list adjustment unit 13 rearranges the keywords included in the obfuscation list in descending order of the character string length (step S4).

  Next, the obfuscation list adjustment unit 13 excludes keywords that satisfy a predetermined condition in the obfuscation list (step S5).

  Next, the obfuscation executing unit 14 converts the keywords included in the obfuscation list into other character strings in the order included in the obfuscation list in each source code from which the comment information is deleted (step S6).

  Thus, the obfuscation apparatus 1 ends the operation.

  Next, effects of the first exemplary embodiment of the present invention will be described.

  The obfuscation apparatus according to the first embodiment of the present invention automatically generates source code equivalent in design content to the original source code while more appropriately deleting the secret information from the original source code. Can do.

  The reason will be described. In the present embodiment, the comment information deletion unit deletes the comment information from the source code. Then, the obfuscation target keyword extraction unit extracts a character string representing a predetermined type of component in the description language from the source code as an obfuscation target keyword to generate an obfuscation list. Then, the obfuscation list adjustment unit rearranges the keywords in descending order of the character string length in the obfuscation list and excludes keywords that satisfy a predetermined condition. This is because the obfuscation executing unit executes the process of converting the keyword included in the obfuscation list into another character string in the source code from which the comment information is deleted, in the order included in the obfuscation list.

  As described above, according to the present embodiment, comment information that may include confidential information is deleted from the source code. In the present embodiment, in the source code, all character strings representing various constituent elements that can express confidential information in the description language are converted into other character strings as keywords to be obfuscated. That is, according to the present embodiment, secret information in the source code can be deleted without omission.

  As described above, according to the present embodiment, the character string conversion of the keyword is performed in descending order of the character string length of the obfuscation target keyword. Here, one keyword to be obfuscated may be included in the other keyword. In this case, if the character string conversion of one keyword is performed first, a part of the other keyword is also converted, so that the character string conversion of the other keyword becomes impossible. For this reason, the secret information included in the other keyword may remain without being converted. In this embodiment, since character string conversion is performed in descending order of the character string length of the keyword, it is possible to appropriately convert all the extracted keywords.

(Second Embodiment)
Next, a second embodiment of the present invention will be described in detail with reference to the drawings. In the present embodiment, an example in which the source code to be obfuscated is an RTL (Register Transfer Level) source code written in a hardware description language will be described. Note that, in each drawing referred to in the description of the present embodiment, the same reference numerals are given to the same configuration and steps that operate in the same manner as in the first embodiment of the present invention, and the detailed description in the present embodiment. Description is omitted.

  First, FIG. 4 shows the configuration of the obfuscation apparatus 2 as the second embodiment of the present invention. 4, the obfuscation apparatus 2 includes a comment information deletion unit 21, an obfuscation target keyword extraction unit 22, an obfuscation list adjustment unit 23, and an obfuscation execution unit 24. Here, the obfuscation apparatus 2 and each functional block thereof can be configured by hardware elements similar to those of the first embodiment of the present invention described with reference to FIG. However, the hardware configuration of the obfuscation apparatus 2 and each functional block thereof is not limited to the above-described configuration.

  The comment information deletion unit 21 acquires the RTL source code described above as the source code to be obfuscated. For example, the comment information deletion unit 21 may acquire all the RTL source codes included in the folder on the memory 1002 indicated by the information input from the input device 1004. Such RTL source code description languages include VHDL (Very High Speed Integrated Circuit Hardware Description Language), Verilog, and System Verilog. As described above, the description language of the RTL source code acquired by the comment information deleting unit 21 may be divided into a plurality of types. In the following description, the RTL source code acquired by the comment information deletion unit 21 is also simply referred to as source code.

  Further, the comment information deleting unit 21 deletes comment information other than that satisfying a predetermined condition from the source code. This is because even information described in the form of a comment in the source code may include information necessary for failure analysis or the like.

  For example, in a source code written in a hardware description language, there is a case where information described in a comment format represents a directive (also called pragma) that is interpreted by a synthesis tool. Such information becomes a constraint on circuit operation. For this reason, if such information is deleted as comment information, the equivalence with the original source code may be lost. Therefore, the comment information deletion unit 21 does not delete information applicable to such a directive description even in the comment format. Then, the comment information deletion unit 21 may delete comment information that does not apply to such a directive description.

  For example, in VHDL, a comment from “-” to a line feed code represents a comment. In Verilog and SystemVerilog, “//” to a line feed code represent a comment. In any of VHDL, Verilog, and SystemVerilog, “/ *” to “* /” represent comments. For example, in Verilog, a character string such as “// synopsys” or “// synthesis” is used when a directive is described.

  Therefore, the comment information deletion unit 21 detects the directive description by searching in advance for a character string representing the above directive description as a predetermined condition. Then, the comment information deletion unit 21 temporarily replaces the character string indicating the start of the comment in the detected directive description with a character string that is not used in the source code. The replaced character string is also described as a temporary conversion character string. Then, the comment information deleting unit 21 may delete the comment information from the source code by searching the source code for information indicating the start or end of the comment. Thereafter, the comment information deletion unit 21 may convert the temporary converted character string into an original character string indicating the start of the comment.

  The obfuscation target keyword extraction unit 22 shapes the source code description style into a predetermined style, and then extracts the obfuscation target keyword.

  Here, the description style of the source code differs depending on the designer or the development project. The description style refers to, for example, the insertion timing of line breaks, the indentation method, and the like. In general, in a description language, even if the content is the same, various description styles are often possible from the viewpoints of easy viewing and the number of lines. An example of various description styles is shown in FIG. In FIG. 5, descriptions 901 to 904 represent various description styles of the VHDL port declaration description. As in this example, various description styles are possible in a general description language. In FIG. 5, bold text is a character string representing a component that can be confidential information in VHDL.

  However, it is difficult to set a rule for extracting obfuscated keywords for each description style. For example, in the example of FIG. 5, in the description 901, a character string representing a terminal name can be extracted by extracting a character string immediately before “: in” in a line including “: in”. However, in the description 902, since a plurality of “: in” are included in one line, a character string representing a terminal name cannot be extracted with the same rule as the description 901. Further, in the description 903, the processing delimiter “;” is described at the beginning of the immediately preceding character string. Therefore, the character string representing the terminal name cannot be extracted with the same rule as the description 901. Also, in the description 904, since a plurality of terminal names are delimited by “,” before “: in”, a character string representing the terminal name cannot be extracted with the same rules as the description 901. . In the present embodiment, it is necessary to extract the obfuscation target keyword as correctly as possible regardless of the description style of the source code. Therefore, the obfuscation target keyword extracting unit 22 extracts the obfuscation target keyword after unifying the source code description style into a predetermined style.

  For example, the obfuscation target keyword extraction unit 22 may unify the description style by adjusting the insertion timing of a line break in the source code. Specifically, in this case, the obfuscation target keyword extraction unit 22 performs a process of once deleting all line breaks from the source code, and then inserts a line break immediately after a specific symbol representing a processing sentence break. Thus, the insertion timing of the line feed may be adjusted.

  Further, the obfuscation target keyword extraction unit 22 extracts a character string representing a predetermined component of the description language as an obfuscation target keyword from the source code with the line feed timing adjusted in this way. For example, such components include terminal names, internal signal names, module names, instance names, label names, internal variable names, and the like. Therefore, the obfuscation target keyword extraction unit 22 may store an extraction rule using a character string before or after the constituent element of the obfuscation target constituent element for each description language. Then, the obfuscation target keyword extraction unit 22 may extract a character string representing a constituent element to be obfuscated by searching a portion that matches such an extraction rule in the source code.

  Further, the obfuscation target keyword extraction unit 22 generates a list of obfuscation target keywords extracted as described above as an obfuscation list. When there are a plurality of types of description languages of the acquired source code group, the obfuscation target keyword extraction unit 22 displays an obfuscation target keyword list extracted from the source code group for each description language. And it is sufficient. At this time, the obfuscation target keyword extracting unit 22 removes duplicate keywords from the keywords included in the obfuscation list. For example, the obfuscation target keyword extraction unit 22 rearranges the keywords included in the obfuscation list in ascending or descending order of characters, so that when a plurality of identical keywords are adjacent to each other, the remaining one keyword is left. Delete it.

  The obfuscation list adjustment unit 23 sorts the obfuscation list generated as described above in descending order of the character string length. Here, the reason why the obfuscation list is rearranged in descending order of the character string length will be described. One keyword to be obfuscated may be included in the other keyword. In that case, if one keyword is first converted to a meaningless character string, a part of the other keyword including the keyword is converted to a meaningless character string. Therefore, when trying to convert the other keyword, it cannot be converted because there is no keyword already. However, there is a possibility that secret information remains in the other keyword partially converted. That is, even if these obfuscation target keywords are converted in the order of extraction, ascending / descending order of character strings, random order, etc., there is a high possibility that keywords that cannot be converted into meaningless character strings will occur.

  A specific example will be described. Assume that terminal names “count” and “count_reset_reg” are extracted as obfuscation target keywords. At this time, it is assumed that the process of converting “count” to the meaningless character string “EEE” is performed prior to the conversion process of “count_reset_reg”. In this case, when the terminal name “count” is converted to “EEE”, the terminal name “count_reset_reg” is converted to “EEE_reset_reg”. Then, after that, the conversion process of “count_reset_reg” cannot be performed. As a result, in the converted source code, secret information remains in the terminal name “EEE_reset_reg”, and obfuscation is not sufficient. This problem is solved by performing the conversion process of the terminal name “count_reset_reg” having a longer character string length before the terminal name “count” having a shorter character string length.

  For this reason, the obfuscation list adjustment unit 23 rearranges the keywords in the obfuscation list in descending order of the character string length.

  In addition, the obfuscation list adjustment unit 23 excludes keywords whose character string length is less than the threshold from the obfuscation list generated in this way.

  Here, the reason for excluding keywords less than the threshold will be described. A keyword having a short character string length is likely to be included in a reserved word of the description language. For example, it is assumed that the signal name “en” is extracted as an obfuscation target and registered in the “obfuscation list”. At this time, consider that the keyword “en” is converted into a meaningless character string “zzz”. However, a character string such as “then” or “end”, which is a word representing control in the source code, includes “en” as a part thereof. For this reason, along with the conversion of the signal name “en” to “zzz”, “then” and “end” are converted to “thZZZZ” and “ZZZd”. As a result, obfuscated source code can cause syntax errors. This problem is solved by excluding keywords with a short character string length from the obfuscation list. Note that even a character string representing a component to be obfuscated is difficult to represent secret information if the character string has a sufficiently short character string length. Therefore, even if a keyword having a short character string length is excluded from the obfuscation list, it may be considered that the influence on the obfuscation process is small. For example, in the case of a character string of 1 or 2 characters, the possibility of specifying the LSI design function is very low. Therefore, as described above, the obfuscation list adjustment unit 23 excludes keywords whose character string length is less than the threshold from the obfuscation list. The threshold may be 3, for example. Note that the threshold of the character string length to be excluded can be set by the user.

  In addition, the obfuscation list adjustment unit 23 excludes keywords included in the exclusion list from the obfuscation list. The exclusion list is stored in advance in the memory 1002 and can be set by the user.

  Further, the obfuscation list adjustment unit 23 detects a keyword that is a partial character string of a reserved word in the description language from among the keywords included in the obfuscation list. Then, the obfuscation list adjustment unit 23 corrects the obfuscation list or the source code based on the detection result. Here, the source code to be corrected is the source code from which the comment information is deleted by the comment information deleting unit 21.

  Here, it is assumed that a keyword that is a partial character string of a reserved word in the description language is detected and the reserved word is included in the source code. In such a case, part of the character string of the reserved word is converted along with the conversion of the keyword. For example, it is assumed that the keyword “ack” is included in the obfuscation list extracted from the VHDL source code. This keyword is a partial character string of the VHDL reserved word “package”. If the keyword “ack” is converted to a meaningless character string “XXX”, even a part of the reserved word “package” is converted to “pXXXage”. As a result, the obfuscated source code causes a syntax error.

  Therefore, if the reserved code including the detected keyword is included in the source code, the obfuscation list adjusting unit 23 excludes the keyword from the obfuscation list, or separates the keyword in the obfuscation list and the source code. Make corrections that change to keywords.

  It should be noted that the obfuscation list adjustment unit 23 does not necessarily perform the process of analyzing whether or not the reserved word including the detected keyword is included in the source code. For example, the obfuscation list adjustment unit 23 may output the detected keyword to the output device 1003 as warning information together with a reserved word including the keyword. In this case, the obfuscation list adjustment unit 23 acquires the input information input via the input device 1004 in response to the output of the warning information, and corrects the obfuscation list or the source code based on the input information. May be. Alternatively, in this case, the obfuscation list adjustment unit 23 may obtain a modified obfuscation list or source code after outputting the warning information.

  Specifically, the obfuscation list adjustment unit 23 refers to a list of reserved words defined in the reference manual of the hardware description language. For example, a reserved word table including reserved words respectively defined by VHDL, Verilog, SystemVerilog, etc. may be stored in the memory 1002 in advance. Then, the obfuscation list adjustment unit 23 uses the reserved word table to detect a keyword that is a partial character string of the reserved word included in the reserved word table among the keywords included in the obfuscated list.

  Then, the obfuscation list adjustment unit 23 outputs the detected keyword to the output device 1003 as warning information together with the reserved word including the keyword. When the user finds a reserved word including the detected keyword in the source code, the user performs editing to delete the corresponding keyword from the obfuscation list. Alternatively, when a reserved word including the detected keyword is found in the source code, the user performs editing to change the corresponding keyword to another keyword in both the obfuscation list and the source code. If the user does not find a reserved word including the detected keyword in the source code, the obfuscation list and the source code are left unchanged without being edited. In this way, the obfuscation list adjustment unit 23 can acquire the corrected obfuscation list or source code after outputting the warning information.

  The obfuscation execution unit 24 generates an obfuscation conversion script that converts keywords included in the obfuscation list into other character strings in the order included in the obfuscation list. Then, the obfuscation executing unit 24 executes the generated obfuscation conversion script on the source code from which the comment information is deleted. When there are a plurality of types of description languages of the acquired source code group, the obfuscation execution unit 24 may generate an obfuscation conversion script for each description language. Then, the obfuscation execution unit 24 may execute an obfuscation conversion script corresponding to the description language for each source code from which the comment information is deleted. Then, the obfuscation execution unit 24 may store the information output from the obfuscation conversion script as the obfuscated source code in the memory 1002 with a name different from the original source code.

  For example, the obfuscation executing unit 24 may generate a conversion table in which meaningless character strings are described in pairs for the keywords included in the obfuscation list in the order included in the obfuscation list. The meaningless character string may be a character string different from each other. For example, a character string in which a serial number is added to an arbitrary character string may be adopted as a meaningless character string after conversion. By adopting sequential numbers, it is possible to easily cope with an increase in the number of keywords. In this case, the obfuscation executing unit 24 is configured to generate an obfuscated conversion script based on the conversion table. The description language of the obfuscation conversion script is preferably a language suitable for text information processing.

  The operation of the obfuscation apparatus 2 configured as described above will be described with reference to the drawings.

  The outline of the operation of the obfuscation apparatus 2 is substantially the same as the operation of the first embodiment of the present invention described with reference to FIG. 3, but the details of steps S2 to S6 are different. As in the first embodiment of the present invention, when there are a plurality of types of description language of the source code acquired in step S1, the operations in steps S2 to S6 may be executed for each description language. desirable.

  First, the details of the comment information deleting operation in the present embodiment in step S2 are shown in FIG.

  In FIG. 6, first, the comment information deletion unit 21 detects information satisfying a predetermined condition among the comment information in the target source code (step S21).

  For example, as described above, the comment information deletion unit 21 detects a directive description in the source code.

  Next, the comment information deletion unit 21 deletes comment information other than the information detected in step S21 in the source code (step S22).

  For example, as described above, the comment information deletion unit 21 converts the character string indicating the start or end of the comment included in the information detected in step S21 into a temporarily converted character string, and then starts or ends the comment. You may delete comment information based on the character string to represent. In this case, thereafter, the comment information deleting unit 21 may perform conversion to return the temporary conversion character string to the character string indicating the start or end of the comment in the source code after the comment information is deleted.

  As described above, the obfuscation apparatus 2 ends the comment information deletion operation.

  Here, two specific examples of the comment information deleting operation are shown.

  In the first specific example, it is assumed that the target source code is source code 905 described in Verilog as shown in FIG. In FIG. 7, a part of the source code is extracted and shown. As described above, in Verilog, “//” to a line feed code represent a comment. Also, “/ *” to “* /” represent comments. In addition, a character string of directive description such as “// synopsys” or “// synthesis” is defined as a predetermined condition.

  At this time, in step S <b> 21, the comment information deletion unit 21 detects a part surrounded by a broken-line rectangle as a directory description defined as a predetermined condition from the comment information indicated in bold in the source code 905.

  In step S22, the comment information deletion unit 21 deletes comment information other than the part detected in step S21 from the source code 905.

  Specifically, here, the comment information deletion unit 21 replaces the character string “//” indicating the start of the comment with the temporary conversion character string “##” in the directive description in the source code 905. At this point, the source code 905 becomes a temporary source code 906 as shown in FIG. In the source code 906, a portion surrounded by a dashed ellipse is a portion converted into a temporary conversion character string.

  Next, the comment information deletion unit 21 searches for “//” representing the start of the comment from the beginning of the source code 906, and deletes the line feed after detecting “//” until the next line is detected. Continue searching for “//” from the line.

  Next, the comment information deletion unit 21 searches the source code for “/ *” indicating the start of the comment, and when “/ *” is detected, if “* /” is included in the line, Delete the line and continue searching for "/ *" from the next line. Also, when the comment information deletion unit 21 detects “/ *” from the source code, if “* /” is not included in the line, the comment information deletion unit 21 searches for “* /” in the next line and thereafter. Deletes up to “* /” detected for the first time after “/ *” detected in. Then, the comment information deleting unit 21 continues searching for “/ *” from the next line.

  As a result, the comment information described from “//” to the line feed and the comment information described from “/ *” to “* /” are deleted. At this point, the source code 906 becomes the temporary source code 907 shown in FIG.

  Finally, the comment information deleting unit 21 may perform conversion to return the temporary converted character string “##” to the character string “//” indicating the start of the comment in the source code 907. As a result, as shown in FIG. 10, the source code 908 from which the comment information is deleted is generated. In the source code 908, a portion surrounded by a broken ellipse is a portion converted from the temporary conversion character string to the original character string.

  The comment information deleting unit 21 stores the source code 908 generated in this way in the memory 1002 as a file having a name different from that of the original source code.

  In the second specific example, it is assumed that the target source code is the source code 909 described in VHDL as shown in FIG. In FIG. 11, a part of the source code is extracted and shown. In this case, as described above, in VHDL, a comment from “-” to a line feed code represents a comment. Also, “/ *” to “* /” represent comments.

  Here, the source code 909 does not include a directive description.

  For this reason, in step S21, the comment information deleting unit 21 does not detect the directive description defined as the predetermined condition in the comment information.

  In step S22, the comment information deletion unit 21 deletes the comment information from the source code 909.

  Specifically, the comment information deletion unit 21 searches for “-” indicating the start of the comment from the top of the source code 909, and deletes the line breaks after detecting “-”. Continue searching for "-" from the next line.

  Next, the comment information deletion unit 21 searches the source code for “/ *” indicating the start of the comment, but ends the search because the source code 909 does not include “/ *”.

  As a result, the comment information described from “-” to the line feed is deleted. As a result, as shown in FIG. 12, the source code 910 from which the comment information is deleted is generated.

  This is the end of the detailed description of the comment information deletion operation.

  Next, details of the obfuscation target keyword extraction operation in the present embodiment in step S3 are shown in FIG.

  In FIG. 13, first, the obfuscation target keyword extracting unit 22 formats the description style into a predetermined style for the source code from which the comment information is deleted (step S31).

  For example, as described above, the obfuscation target keyword extraction unit 22 adjusts the line feed timing in the source code.

  Next, the obfuscation target keyword extraction unit 22 detects a character string representing a predetermined component in the shaped source code as an obfuscation target keyword (step S32).

  Next, the obfuscation target keyword extraction unit 22 generates an obfuscation list that represents a list of keywords detected in step S32 (step S33).

  For example, as described above, the obfuscation target keyword extracting unit 22 may generate an obfuscation list by deleting duplicates by rearranging the detected keywords in ascending or descending order of characters.

  As described above, the obfuscation apparatus 2 ends the obfuscation target keyword extraction operation.

  Here, the obfuscation target keyword extraction operation is shown as a specific example.

  Here, it is assumed that the source code 910 shown in FIG. 12 is generated as the source code from which the comment information is deleted.

  First, in step S <b> 31, the obfuscation target keyword extraction unit 22 deletes the line feed code from the source code 910. As a result, any description style source code is once processed into a one-line file. Here, the line feed code is deleted from the source code 910, and the temporary source code 911 shown in FIG. 14 is generated. Then, the obfuscation target keyword extraction unit 22 reinserts the line feed code immediately after the “;” character in the source code 911 processed into one line. In the hardware description language, “;” indicates a delimiter between processing sentences. Thereby, as shown in FIG. 15, the shaped source code 912 is generated. In this way, the obfuscation target keyword extraction unit 22 once deletes the line feed code and then reinserts the line feed code in units of processing sentences, thereby including one process per line regardless of the description style of the original source code. Generate a description style source code.

  Then, in step S32, the obfuscation target keyword extraction unit 22 extracts components defined as obfuscation targets in the VHDL from the source code 912 shown in FIG. Here, it is assumed that components such as a terminal name, an internal signal name, a module name, an instance name, a label name, and an internal variable name are defined as obfuscation targets.

  FIG. 16 shows extraction rules 1 to 6 as an example of a rule for extracting a component defined as an obfuscation object in VHDL. The extraction rules 1 to 6 are rules for extracting a character string representing a corresponding constituent element by searching for a character string that appears immediately before or immediately after the constituent element determined as the obfuscation target. By using such a rule, the obfuscation target keyword extraction unit 22 extracts a character string shown in bold as an obfuscation target keyword, as shown in FIG. In addition, the character string shown in italics in FIG. 17 represents the character string that appears immediately before or after the corresponding component defined in the extraction rules 1 to 6. As in this example, the obfuscation target keyword extraction unit 22 uses the character string before or after the constituent elements of the obfuscation target constituent elements determined in advance according to the description language of the source code. Should be remembered. Then, the obfuscation target keyword extraction unit 22 may extract a character string representing a component to be obfuscated using such an extraction rule in the source code.

  Then, in step S33, the obfuscation target keyword extraction unit 22 arranges the extracted keywords and generates an obfuscation list 913 shown in FIG. In FIG. 18, in addition to the bold keywords shown in FIG. 17, the keywords “en”, “ack”, and “n_1” are added to the obfuscation list 913. It is assumed that these keywords are extracted from a portion of the source code 912 that is not illustrated or other VHDL source code that is acquired at the same time.

  This is the end of the detailed description of the obfuscation target keyword extraction operation.

  Next, the details of the obfuscation list adjustment operation in this embodiment in steps S4 to S5 are shown in FIG.

  In FIG. 19, first, the obfuscation list adjustment unit 23 rearranges the keywords in the obfuscation list in descending order of the character string length (step S41).

  Next, the obfuscation list adjustment unit 23 excludes keywords whose character string length is less than the threshold from the obfuscation list (step S51).

  Next, the obfuscation list adjustment unit 23 excludes keywords included in the exclusion list from the obfuscation list (step S52).

  Next, the obfuscation list adjustment unit 23 detects a keyword that is a partial character string of a reserved word from the obfuscation list (step S53).

  Next, the obfuscation list adjustment unit 23 corrects the obfuscation list or the source code based on the detection result of step S53 (step S54).

  For example, as described above, the obfuscation list adjustment unit 23 may output the detected keyword and reserved word as warning information. In this case, the obfuscation list adjustment unit 23 may acquire the corrected obfuscation list or source code after outputting the warning information.

  As described above, the obfuscation apparatus 2 ends the obfuscation list adjustment operation.

  Here, a specific example of the obfuscation list adjustment operation is shown.

  Here, it is assumed that the obfuscation list 913 shown in FIG. 18 is extracted from the source code 912 shown in FIG.

  In this case, in step S41, the obfuscation list adjustment unit 23 rearranges the keywords in the obfuscation list 913 in descending order of the character string length. Thereby, the obfuscation list 913 becomes the obfuscation list 914 as shown in FIG.

  In step S51, the threshold value of the character string length is 3. In this case, the obfuscation list adjustment unit 23 excludes the keyword “en” whose character string length is less than 3 (1 or 2) from the obfuscation list 914. Thereby, the obfuscation list 914 becomes the obfuscation list 915 as shown in FIG.

  Next, in step S52, it is assumed that “n_1” is included in the exclusion list. In this case, the obfuscation list adjustment unit 23 excludes the keyword “n_1” from the obfuscation list 915. Thereby, the obfuscation list 915 becomes an obfuscation list 916 as shown in FIG.

  Next, in step S53, the obfuscation list adjustment unit 23 refers to the VHDL reserved word table. Here, it is assumed that a reserved word table for each description language as shown in FIG. 20 is stored in the memory 1002 in advance. Then, the obfuscation list adjustment unit 23 detects the keyword “ack” from the obfuscation list 916 as a partial character string of the VHDL reserved word “package”.

  Next, in step S54, the obfuscation list adjustment unit 23 outputs a warning with the content that “the keyword“ ack ”is a partial character string of the reserved word“ package ”.” Here, along with the warning, the user Confirms whether or not the reserved word that has been warned is used in the target source code, and if it is used, performs editing to exclude it from the obfuscation list 916. Here, the source code 912 is illustrated. It is assumed that the reserved word “package” is used in the missing part or other VHDL source code acquired at the same time. As a result, it is assumed that the user edits the obfuscation list 916 and excludes “ack”. Thereafter, the obfuscation list adjustment unit 23 acquires the obfuscation list 917 from which “ack” is excluded, as shown in FIG.

  This is the end of the detailed description of the obfuscation list adjustment operation.

  Next, FIG. 21 shows details of the obfuscation execution operation in the present embodiment in step S6.

  In FIG. 21, the obfuscation executing unit 24 generates a conversion table in which the keywords included in the obfuscation list are associated with the insignificant character strings and described in the order included in the obfuscation list (step S61). ).

  Next, the obfuscation execution unit 24 generates an obfuscation conversion script that converts keywords into meaningless character strings in the order described in the conversion table based on the conversion table (step S62).

  Next, the obfuscation executing unit 24 executes the obfuscation conversion script for each source code from which the comment information has been deleted (step S63).

  As described above, the obfuscation apparatus 2 ends the obfuscation execution operation.

  Here, the obfuscation execution operation is shown as a specific example.

  For example, in step S61, the obfuscation executing unit 24 generates the conversion table 918 shown in FIG. 22 from the obfuscation list 917 shown in FIG. Here, “KEYWORD_ [serial number]” is adopted as a meaningless character string after conversion. [Sequence number] represents a numerical value based on the order described in the conversion table.

  Next, in step S62, the obfuscation executing unit 24 generates the obfuscation conversion script 919 shown in FIG. 23 based on the conversion table 918. Here, C Shell is adopted as the description language of the obfuscation conversion script. However, the obfuscation conversion script 919 can be any description language as long as it is a content that executes processing for replacing all keywords with meaningless character strings in the order described in the conversion table 918 in the text file to be processed. It may be described in.

  In step S63, the obfuscation executing unit 24 executes the obfuscation conversion script 919 shown in FIG. 23 on the VHDL source code 912 shown in FIG. Thereby, as shown in FIG. 24, the obfuscated source code 920 is generated.

  This is the end of the detailed description of the obfuscation execution operation.

  Next, the effect of the second exemplary embodiment of the present invention will be described.

  The obfuscation apparatus according to the second embodiment of the present invention automatically generates source code equivalent in design content to the original source code while further appropriately deleting the secret information from the original source code. Can do.

  The reason will be described. This is because in the present embodiment, the comment information deletion unit deletes comment information in the target source code other than the one that satisfies a predetermined condition. As a result, this embodiment can delete other comment information that may contain confidential information without deleting useful information such as a directive description described in the comment format.

  In this embodiment, the obfuscation target keyword extraction unit shapes the source code into a predetermined description style, and then extracts a character string representing a predetermined component of the description language as a keyword to be obfuscated. Because it does. Thus, according to the present embodiment, an obfuscation list can be generated by reliably extracting a character string representing a constituent element that can include confidential information, regardless of the description style of the target source code.

  Moreover, in this Embodiment, it is because an obfuscation list adjustment part excludes the keyword whose character string length is less than a threshold value from an obfuscation list. As a result, the present embodiment excludes keywords that have a high probability of being included in the reserved words of the description language, thereby preventing occurrence of syntax errors in the obfuscated source code. In the present embodiment, even if a keyword having a sufficiently short character string length is excluded as described above, it is difficult for such a keyword to contain confidential information, so that the obfuscation result is not affected.

  Moreover, in this Embodiment, it is because the obfuscation list adjustment part excludes the keyword contained in an exclusion list from an obfuscation list. Thereby, since this Embodiment does not convert the character string showing a predetermined component uniformly, it can respond flexibly for every object case.

  Further, in the present embodiment, the obfuscation list adjustment unit detects a keyword that is a partial character string of a reserved word in a description language among keywords included in the obfuscation list. This is because the obfuscation list adjustment unit corrects the obfuscation list or the source code based on the detection result. As a result, in the present embodiment, the obfuscation list does not include a keyword that is a partial character string of a reserved word used in the source code, and a syntax error occurs in the obfuscated source code. To prevent.

  As described above, the present embodiment greatly reduces the man-hours and the period for preparing a design to be supplied when requesting device vendors or EDA vendors to analyze defects during LSI development. In addition, since the source code automatically obfuscated by this embodiment is generated based on the obfuscation list that has been subjected to various adjustments by the obfuscation list adjustment unit, there is a possibility of causing a syntax error and confidential information. Is less likely to remain.

  In addition, the present embodiment automatically generates obfuscated source code to reduce the occurrence of change mistakes and iterations spent on manual correction, and after obfuscation. Improve the quality of the source code itself. As a result, the present embodiment makes it possible to proceed with development in a normal LSI design flow using the obfuscated source code.

  Further, since this embodiment employs a text-based conversion algorithm, it can be implemented without depending on a programming language or an application database, and is very versatile.

  In the present embodiment, an example has been described in which the obfuscation list adjustment unit outputs the detected keyword and reserved word as warning information when it detects a keyword that is a partial character string of the reserved word in the obfuscation list. . Accordingly, the obfuscation list adjustment unit has been described as correcting the obfuscation list or the source code based on information input corresponding to the warning information. As a result, the present embodiment does not analyze whether or not a reserved word including the detected keyword is used in the target source code. This embodiment saves the cost of analysis by not analyzing. However, the present invention is not limited thereto, and the obfuscation list adjustment unit may analyze whether or not a reserved word including the detected keyword is used in the target source code. In this case, the obfuscation list adjustment unit may output the reserved word used in the source code and the keyword that is the partial character string as warning information. Alternatively, in this case, the obfuscation list adjustment unit may perform processing for deleting the reserved word used in the source code and the keyword that is the partial character string from the obfuscation list.

  In the present embodiment, the obfuscation list adjustment unit may correct the obfuscation list or the source code not only by outputting the warning information but also by other methods. For example, the obfuscation list adjustment unit may output whether or not to exclude the detected keyword and reserved word so as to be selectively input. Then, the obfuscation list adjustment unit may exclude the corresponding keyword from the obfuscation list when the input selection information indicates that it is excluded. In any case, the obfuscation list adjustment unit makes sure that the obfuscation list or the source code of the obfuscation list does not include the keyword that is a partial character string of the reserved word used in the target source code. You only have to make corrections.

  Further, in the present embodiment, description has been made by taking, as an example, a directive description interpreted by the synthesis tool as information that the comment information deletion unit does not delete even comment information. However, the comment information deletion unit is not limited to this, and may use other useful information that should not be deleted even if it is comment information.

  Further, in the present embodiment, the example in which the obfuscation target keyword extraction unit unifies the line feed timing as a process of shaping the description style of the source code into a predetermined style has been described. Not only this but the obfuscation object keyword extraction part may perform other shaping for extracting the character string showing a predetermined component reliably.

  Moreover, in each embodiment of the present invention described above, an example in which the obfuscation list and the obfuscation conversion script are created for each description language has been described. Further, in each embodiment, the obfuscation list and the obfuscation conversion script may be generated for each designated source code group among source code groups of the same description language.

  Further, in each of the above-described embodiments of the present invention, the description has been made centering on an example for a source code described in a hardware description language. Not only this but each embodiment is applicable also when obfuscating the source code of the program which performs software.

  Further, in each of the above-described embodiments of the present invention, the example in which each functional block of the obfuscation apparatus is realized by a CPU that executes a computer program stored in a storage device or ROM has been described. However, the present invention is not limited to this, and some, all, or a combination of each functional block may be realized by dedicated hardware.

  Moreover, in each embodiment of the present invention described above, the functional blocks of the obfuscation apparatus may be realized by being distributed among a plurality of apparatuses.

  In each of the embodiments of the present invention described above, the operation of the obfuscation apparatus described with reference to the flowcharts is stored in a storage device (storage medium) of the computer as a computer program of the present invention. Then, the computer program may be read and executed by the CPU. In such a case, the present invention is constituted by the code of the computer program or a storage medium.

  Moreover, each embodiment mentioned above can be implemented in combination as appropriate.

  The present invention is not limited to the above-described embodiments, and can be implemented in various modes.

  The present invention can provide a technique for more appropriately automatically generating equivalent source code in which secret information is deleted from the original source code, and obfuscate the source code representing the design in the RTL design flow at the time of LSI development. It is suitable as a device to perform. The present invention is also suitable as an apparatus for obfuscating software source code.

1, 2 Obfuscation device 11, 21 Comment information deletion unit 12, 22 Obfuscation target keyword extraction unit 13, 23 Obfuscation list adjustment unit 14, 24 Obfuscation execution unit 1001 CPU
1002 Memory 1003 Output device 1004 Input device

Claims (9)

A comment information deletion unit for deleting comment information representing a comment from the source code;
An obfuscation target keyword extraction unit that extracts a character string representing a predetermined type of component in the description language of the source code as an obfuscation target keyword to generate an obfuscation list;
Reordering the keywords in descending order of the character string length in the obfuscation list, and obfuscation list adjustment unit for excluding keywords satisfying a predetermined condition from the obfuscation list;
In the source code from which the comment information has been deleted, an obfuscation execution unit that executes processing for converting a keyword included in the obfuscation list into another character string in the order included in the obfuscation list;
Obfuscation device with   The obfuscation apparatus according to claim 1, wherein the comment information deletion unit deletes the comment information other than a condition that satisfies a predetermined condition from the source code.   3. The obfuscation target keyword extracting unit according to claim 1, wherein the obfuscation target keyword extracting unit extracts the obfuscation target keyword after shaping the description style of the source code into a predetermined style. Device.   The obfuscation apparatus according to claim 1, wherein the obfuscation list adjustment unit excludes a keyword having a character string length less than a threshold from the obfuscation list.   The obfuscation apparatus according to any one of claims 1 to 4, wherein the obfuscation list adjustment unit excludes keywords included in an exclusion list from the obfuscation list.   The obfuscation list adjustment unit detects a keyword that is a partial character string of a reserved word of the description language, and corrects the obfuscation list or the source code based on a detection result. The obfuscation apparatus according to claim 5.   The obfuscation execution unit generates an obfuscation conversion script that converts a keyword included in the obfuscation list into another character string in the order included in the obfuscation list, and generates the obfuscation conversion script as the comment The obfuscation apparatus according to claim 1, wherein the obfuscation apparatus is executed on the source code from which the information has been deleted. The computer device deletes the comment information representing the comment from the source code,
From the source code, a character string representing a predetermined type of component in the description language of the source code is extracted as an obfuscation target keyword to generate an obfuscation list,
Rearranging the keywords in descending order of the string length in the obfuscation list, excluding keywords that satisfy a predetermined condition from the obfuscation list,
A method of executing processing for converting a keyword included in the obfuscation list into another character string in the source code from which the comment information has been deleted, in the order included in the obfuscation list. A comment information deletion step for deleting comment information representing a comment from the source code;
An obfuscation target keyword extraction step of extracting a character string representing a predetermined type of component in the description language of the source code as an obfuscation target keyword to generate an obfuscation list;
Reordering the keywords in descending order of character string length in the obfuscation list, and obfuscation list adjustment step of excluding keywords satisfying a predetermined condition from the obfuscation list;
In the source code from which the comment information has been deleted, an obfuscation execution step of executing processing for converting a keyword included in the obfuscation list into another character string in the order included in the obfuscation list;
That causes a computer device to execute the program.

Images