KR20110013182A - Apparatus for separating contents in separating execution based, method thereof and computer recordable medium storing the method - Google Patents

Abstract

PURPOSE: An isolating execution-based contents isolation device is provided to expand a range of a contents code area by performing static analysis about the contents using a basic information of a collected code region. CONSTITUTION: A contents calling unit(12) calls a contents to be separated. A basic block group selector(19) selects a plurality of basic block groups through a profiling about the code area of the called contents and static analysis. A plurality of basic block groups is selected. An extracting and generating unit(18) select the separation operational objection code block of a plurality of basic block groups. The extracting and generating unit extract the selected separation operational objection code block from the code area of the contents.

Description

Apparatus for separating contents in separating execution based, method approximately and computer recordable medium storing the method}

The present invention relates to a technology for preventing copying of content, and more particularly to profiling the content for service and the execution code block and the execution target code that are required for separation between the host terminal and the storage device for the content. Disclosed is a separation execution-based content separation apparatus for separating through analysis, a method, and a computer-readable recording medium on which the method is recorded.

In general, a plurality of contents are installed in a host terminal on an operating system. Content is a digital work that is stored and distributed in digital form and includes software, applications, multimedia data, and the like. For example, the user may perform document editing, image editing, games, etc. using various contents installed in the host terminal.

Although such content can be used free of charge, it is sold for a fee online or offline. The user purchases the necessary content and installs the purchased content in the host terminal. When the content passes the authentication through the authentication number, it is installed in the host terminal. Typically, the authentication number is provided with the purchased content.

Content of the authentication method using the authentication number has a problem that is easily exposed to hacking. That is, if the authentication number of the program is hacked or a code that bypasses authentication is added to the content, those who have not purchased the content can install the duplicated content on the host terminal and use it without permission.

The damage of the content provider (CP) due to the unauthorized use of such content is increasing. Unauthorized use of the content acts as a factor that lowers the motivation of the content provider to develop the content.

In addition, the content provider has to pay attention to a security method for suppressing unauthorized copying of the developed content, which is a burden on the content provider due to the high cost of developing the content.

Accordingly, an object of the present invention is to provide a content separation apparatus based on a separation execution that can minimize the burden on a content provider in a security method for suppressing duplication of developed content, a method thereof, and a computer-readable recording method. To provide a recording medium.

Another object of the present invention is a content separation apparatus based on a separation execution method for extracting a partial block of a code area of a content into a separation execution target code block that enables a separation execution between a host terminal and a storage device, and a method and a method thereof. To provide a computer-readable recording medium.

It is still another object of the present invention to provide a separation execution based content separation device for separating content into a code block for execution and content for service, a method thereof, and a computer-readable recording medium on which the method is recorded.

It is still another object of the present invention to provide a separation execution based content separation device for extracting a separation execution target code block that can provide a stable execution environment when a separation between a host terminal and a storage device for a content, a method, and a method thereof are recorded. To provide a computer-readable recording medium.

It is still another object of the present invention to provide a separation execution based content separation device capable of suppressing an inappropriate basic block group having entry of a control signal into an interior except an entry point from being selected as content in a separation execution target code block. And a method and a computer readable recording medium on which the method is recorded.

Another object of the present invention is to separate content execution apparatus based on separation execution that can extend the analysis range of the code area of the content to improve the extraction rate of the code block required for copy protection of the content, in order to suppress the duplication of the content, the method And a method for providing a computer readable recording medium having recorded thereon.

In order to achieve the above object, the present invention provides a separation execution-based content separation device including a content caller, a basic block group selection unit, extraction and generation unit. The content caller calls the content to be separated. The basic block group selector selects a plurality of basic block groups through dynamic profiling and static analysis on the code region of the called content. The extraction and generation unit selects a code block to be separated from among a plurality of basic block groups and extracts the code block from the content area.

In the separation execution-based content separation apparatus according to the present invention, the extraction and generation unit may insert the stub code into the code region from which the separation execution code block is extracted to generate content for a service.

In the separation execution based content separation apparatus according to the present invention, the basic block group selecting unit collects basic information through dynamic profiling of the called content, and a code region of the content based on the collected basic information. It may include a static analysis unit for selecting a plurality of basic block groups by performing a static analysis for.

In the content separation apparatus based on the separation execution according to the present invention, the basic information may include information about a code region of the content collected during the run-time of the content.

In the content separation apparatus based on the separation execution according to the present invention, the static analysis unit may perform static analysis by substituting the indirect address of the collected basic information into the control flow.

In the content execution apparatus based on the separation execution according to the present invention, the extraction and generation unit separates the basic block group on the critical path that is necessarily executed at least once when executing the content among the plurality of basic block groups. Can be extracted with

The separation execution-based content separation apparatus according to the present invention may further include a storage unit for storing content, a content execution target code block of the content, and a content for service in which the content execution separation code block is separated from the content.

The present invention also provides a plurality of basic blocks through a call step of calling content to be separated by a content separating device, dynamic profiling and static analysis of a code region of content called by the content separating device. A content separation method based on a separation execution method includes a selection step of selecting a group and an extraction step of a content separation device selecting a separation target code block from a plurality of basic block groups and extracting the same from a code area of the content.

In the separation execution-based content separation method according to the present invention, the content separation device, which is performed after the extraction step, further includes a generation step of inserting stub codes into a code region from which the separation execution target code block is extracted to generate content for a service. It may include.

In the separation execution-based content separation method according to the present invention, the selection step is a collection step of collecting basic information through dynamic profiling of the content called by the content separation device, the content based on the basic information collected by the content separation device The method may include a basic block group selection step of selecting a plurality of basic block groups by performing a static analysis on a code region of.

In the separation execution-based content separation method according to the present invention, in the collecting step, the basic information may include information about a code region of the content collected by the content separation device during run-time of the content. .

In the separation execution based content separation method according to the present invention, in the collecting step, the collected basic information is a branch address, a jump address, a call address, and an indirect address of the RET. ) May include at least one indirect address.

In the separation execution-based content separation method according to the present invention, in the collecting step, the collected basic information includes the start address of the basic block group, the end address of the basic block group, the number of calls of the basic block group, the size of the basic block group, and the basic. It may include information about the presence or absence of a real operation in the block group.

In the separation execution-based content separation method according to the present invention, the collected basic information includes the number of times of referring to the memory of the host terminal in the basic block group, the number of times of calling the OS API of the host terminal in the basic block group, and the basic block group. It may further include at least one of the execution time of the, the total number of instructions to be performed in the basic block group, the number and type of parameters passed for execution of the basic block group and the type of the value returned after the execution of the basic block group.

In the separation execution-based content separation method according to the present invention, in the basic block group selection step, static analysis may be performed by substituting the indirect address of the collected basic information into a control flow.

In the separation execution-based content separation method according to the present invention, the extracting step separates and executes a basic block group on a critical path that is necessarily executed at least once when the content separation device executes content among a plurality of basic block groups. Can be extracted into the target code block.

In the separation execution based content separation method according to the present invention, the method may further include generating a list of separation execution target code blocks extracted by the content separation device, which is performed after the extraction step.

In the separation execution-based content separation method according to the present invention, the calling step may further include a security level setting step of setting a security level for content to be separated by the content separation device. At this time, in the extracting step, the content separation apparatus may extract the separation execution target code block from the plurality of basic block groups according to the set security level.

In the separation execution-based content separation method according to the present invention, the security level setting step includes the step of displaying the security level setting item by the content separation device and the security level setting item selected by the content separation device from the security level setting item. It may comprise the step of setting.

In the separation execution based content separation method according to the present invention, the security level setting item includes a basic call frequency of a basic block group, a location of a basic block group call, a memory reference frequency of a host terminal, an OS API reference frequency of a host terminal, and a storage device. It may include at least one of the hardware elements.

In the separation execution-based content separation method of the present invention, the selecting step includes a step of defining a basic block group in a code area of the content by the content separation device, and a control signal for entering the interior of the basic block group by the content separation device. It may include a redefinition step of dividing and redefining a basic block group based on an instruction address of a control signal.

In the separation execution-based content separation method according to the present invention, in the redefining step, the finally redefined basic block group includes attributes of single input and single output and entry from outside to inside. It may include a plurality of basic blocks with disallowed attributes.

The present invention also provides a computer-readable recording medium on which the above-described separation execution based content separation method is recorded.

According to the present invention, a content execution apparatus based on a separation execution extracts and uses a separation execution target code block that enables a separation execution between a host terminal and a storage device from a partial block of a code area of a content, thereby preventing content copying. It can improve security performance.

Since the static analysis of the corresponding content is performed using the basic information of the code area collected through the dynamic profiling of the content, the scope of analysis of the code area of the content can be extended. Through this, it is possible to improve the extraction rate of the basic block group required for copy protection of the content.

When performing static analysis using dynamic profiling, you have the flexibility to redefine once defined groups of basic blocks, so that single inputs and single outputs can be candidates for safety code blocks. You can create a basic block group with a single output. As a result, it is possible to prevent an inappropriate basic block group having entry of a control signal into an interior except for an entry point from being extracted from content as a separate execution target code block. In addition, it is possible to prevent an error from occurring during the separation execution between the host terminal and the storage device due to the internal entry of the control signal of the basic block group to be selected as the separation execution target code block.

In addition, by utilizing the extraction technique of the code block of the content according to the present invention, the content provider can also minimize the cost burden on the security method for suppressing the copy of the developed content.

1 is a block diagram illustrating a configuration of a content separation apparatus based on a separation execution according to an embodiment of the present invention.
2 is a block diagram illustrating a configuration of the controller of FIG. 1.
3 is a block diagram showing a data structure of content.
4 is a block diagram showing a configuration of a separate execution target code block separated into contents and content for a service.
5 to 7 are exemplary diagrams for describing an attribute of a split execution target code block.
8 is a flowchart illustrating a content separation method based on separation execution according to an embodiment of the present invention.
9 and 10 are exemplary diagrams for describing a selection step of a basic block group extracted as a separate execution target code block of FIG. 8.

Hereinafter, with reference to the accompanying drawings will be described in detail an embodiment of the present invention.

According to an embodiment of the present invention, the separation execution based content separation device 10 (hereinafter, referred to as a content separation device) may include an input unit 11, a storage unit 13, Including the display unit 15 and the control unit 17, and performs the dynamic profiling and static analysis of the content 30 to separate the content 30 to the execution target code block 34 and the content for the service Separate with (32). In this case, the separation execution target code block 34 means some code blocks extracted from the code area of the content 30. The service content 32 refers to the content portion in the separate execution target code block 34.

The content separation device 10 according to the present exemplary embodiment may separate the execution target code block 34 from the corresponding content 30 in order to service the content 30 in a digital rights management (DRM) system based on the separation execution. It is a device that separates the content for service. Here, 'separate execution' means that the host terminal and the storage device interwork with each other to execute the content 30. In particular, in order to implement separation execution, the separation execution target code block 34 separated in the code area 31 of the original content 30 is installed in a storage device, and the service for which the separation execution target code block 34 has been removed is removed. The content 32 is installed in the host terminal. Therefore, in the case where the separated execution based content 30 is to be executed, the host terminal receives an output value for the portion of the separated execution target code block 34 that is removed during execution of the content for service 32 from the storage device and receives the returned value. The content 30 is executed in the form. At this time, the separate execution target code block 34 is converted into a storage code block for execution in a storage device having a processor and is provided to the storage device.

In this case, the content separation device 10 according to the present embodiment may be a terminal device capable of dynamic profiling and static analysis of the content 30, and may be a host terminal or a server built on a network. Host terminals include PCs, laptops, workstations, smartphones, and the like.

The input unit 11 provides a plurality of keys for manipulating the content separating apparatus 10, and generates and transmits a selection signal according to a user's key selection to the controller 17. The user may call the content 30 to be separated through the input unit 11 and input a selection signal for separating the called content 30 into the separation execution target code block 34 and the service content 32. have. In this case, the input unit 11 may be a keypad, a pointing device such as a touch pad, or an input device such as a touch screen.

The storage unit 13 stores a program necessary for controlling the operation of the content separating apparatus 10 and information generated while executing the program. In particular, the storage unit 13 stores an execution program for performing dynamic profiling and static analysis on the content 30. The storage unit 13 separates the content 30 to be separated, the separation execution target code block 34 extracted through the code analysis of the content 30, and the separation execution target code block 34 from the content 30. The service content 32 into which the stub code 36 is inserted may be stored in the code area.

In this case, the content 30 may include a plurality of files, for example, an application program interface (API) provided by an operating system, an API provided by a developer, or a file such as a dynamic linking library (DLL). The content 30 including the plurality of files may be divided into a code area 31 and a data area 33, and the actual content 30 is a mixture of the code area 31 and the data area 33. . The code region 31 includes a plurality of code blocks, and the separation target code block 34 includes a plurality of code blocks extracted from the code region 31. For example, the separated execution target code block 34 includes a plurality of basic block groups 37, and the basic block groups 37 are a collection of a plurality of basic blocks 35.

In this case, the basic block 35 is a sequence of instructions having attributes of a single input and a single output, and is a code block having an attribute that does not allow entry from the outside to the inside. Can be defined That is, the basic block 35 means a series of sentences (groups of codes) that are always executed once from the beginning to the end, and is a group of statements in which execution is not stopped due to flow control in the middle.

The service content 32 includes a code area 31a in which a stub code 36 is inserted into a code area of a basic block group 37 extracted as a separate execution target code block 34, and a data area 33. do. In this case, when the stub code 36 separates the content 30 between the host terminal and the storage device, the code region extracted from the service content 32 and the separated execution target code corresponding to the extracted code region are included. Connect block 34. That is, the stub code 36 transmits a control signal to the storage device in the extracted code area when performing the separation on the content 30. The storage device 53 receiving the control signal returns an output value calculated by performing an operation on the separate execution target code block 34 corresponding to the control signal to the host terminal 51.

The separation execution target code block 34 includes a plurality of basic block groups 37 extracted from the code area 31 of the content 30 through profiling and analysis of the content 30. That is, the separated execution target code block 34 is a basic block group 37 selected in the code area 31 of the content 30 through profiling and analysis of the content 30, and the selected basic block group 37 is selected. At least one of the plurality of components) may be extracted to the separate execution target code block 34. The stub code 36 is inserted into the part where the separation execution target code block 34 is extracted. As will be described later, through the profiling and analysis of the content 30, the content 30 is divided into a separate execution target code block 34 and a content for service 32 from which the separation execution target code block 34 is extracted. . For example, the separated execution target code block 34 may include a code block existing on a critical path of the content 30, that is, a basic block group 37. Here, the critical path means a path that is necessarily executed at least once when the content 30 is executed.

The separate execution target code block 34 may be converted into a code block for a storage device and provided in a form stored in the storage device or provided to the storage device in a download form. The separate execution target code block 34 is a basic block group 37 including a plurality of basic blocks 35 as described above. The split execution target code block 34 allows the entry of the control signal through the entry point of the split execution target code block 34 and the movement of the control signal between the basic block 35, but the split execution target code block ( It is preferable to select a basic block group 37 including a plurality of basic blocks 35 which are related to each other without entry of a control signal to the basic block 35 except for the start point of 34.

The reason is that when the basic block group 37 having the entry of the control signal to the basic block 35 except for the starting point from the basic block group 37 is extracted as the separate execution target code block 34, the corresponding execution target code After the block 34 is extracted, a control signal may enter the middle of the stub code 36 to be inserted and not to the beginning. In this case, the stub code 36 may not process the control signal, and thus the execution of the corresponding content 30 may be stopped or an error may be generated. That is, since the stub code 36 has a garbage value such as a no-operation instruction (NOP) in the remaining areas except for the first 5 bytes, an error may occur when the control signal enters the garbage containing area. In other words, since the basic block group 37 having the entry of the control signal to the basic block 35 except for the starting point has a high probability of generating an error when performing the separate execution, the separated execution target code block ( 34) is not suitable.

The display unit 15 may display information stored in the storage unit 13, including various function menus executed in the content separating apparatus 10. The display unit 15 may display a list of the content 30 to be separated, the target code block 34 to be separated, and the service content 32 under the control of the controller 17. The display unit 15 may display image information necessary for separating the content 30. In this case, an LCD (Liquid Crystal Display) or a touch screen may be used as the display unit 15. The touch screen simultaneously serves as a display device and an input device.

The controller 17 is a microprocessor that performs overall control operations of the content separating apparatus 10. The controller 17 controls dynamic profiling and static analysis on the content 30. The controller 17 may extract the separated execution target code block 34 through dynamic profiling and static analysis, generate a list of the extracted separation execution target code block 34, or generate the content 32 for a service. Can be.

In particular, the controller 17 includes a content caller 12, a basic block group selector 19, and an extractor and generator 18. The content caller 12 calls the content 30 to be separated. The basic block group selector 19 selects a plurality of basic block groups 37 through profiling and analysis of the code area 31 of the called content 30. The extraction and generation unit 18 extracts the separation execution target code block 34 from the plurality of basic block groups 37, separates the separation target code block 34 from the code area 31 of the content 30, and the separation execution target code block 34. ) Inserts the stub code 36 into the extracted code area to generate the service content 32.

When the selection signal for the content 30 to be separated is input through the input unit 11, the content caller 12 may call the corresponding content 30 from the storage unit 13. When the content caller 12 calls the content 30 to be separated, the content caller 12 may receive and set a security level for the content 30 to be separated. That is, the content caller 12 may display the list of the content 30 to be separated on the display unit 15. The user selects the content 30 to be separated from the list through the input unit 11 and selects and sets a security level for the selected content 30. In this case, the content caller 12 displays a security level setting item that the user can select on the display unit 15. When the user selects a specific security level setting item from the displayed security level setting items, the content caller 12 sets the security level of the content 30 to be divided into the selected security level setting item.

For example, the security level setting item may be a code block to be extracted, that is, the frequency of calls of the basic block group 37, the location of calls of the basic block group 37, the memory reference frequency of the host terminal, the OS API reference frequency of the host terminal, At least one of the hardware elements.

The call frequency item of the basic block group 37 is an item that sets a preference for each call frequency of the separated execution target code block 34 to be automatically extracted by profiling and analysis. This is the item to select how many times it is called during the execution of 30). In this case, the higher the frequency of the call, the more important the basic block group 37 is, and the higher the security effect. Therefore, it is preferable that the user sets an appropriate call frequency according to the security level of the content 30 to be separated.

The call position item of the basic block group 37 selects the basic block group 37 called at the beginning of program execution in the selection of the separate execution target code block 34, or the basic block group 37 called at the time of executing a specific function. Select whether to select).

The memory reference frequency item of the host terminal is an item that sets how often the separation execution target code block 34 to be selected refers to the memory of the host terminal. The higher the memory reference frequency, the stronger the dependency on the host terminal, which means a higher security efficiency due to the separate execution target code block 34. However, when the memory of the host terminal is referred to repeatedly, since the execution speed of the corresponding content 30 may be reduced, the user may set an appropriate memory reference frequency according to the security level of the content 30 to be separated.

The OS API reference frequency item of the host terminal is an item that sets how often the separate execution target code block 34 to be selected refers to the OS API. The higher the OS API reference frequency, the stronger the dependency on the host terminal, which means a higher security efficiency due to the separate execution target code block 34. However, if the OS API of the host terminal is referred to repeatedly, since the execution speed of the corresponding content 30 may be reduced, the user may set the reference frequency of the appropriate OS API according to the security level of the content 30 to be separated. desirable.

The hardware element item of the storage device may be a hardware form factor of the storage device to be used with the corresponding content 30, such as the capacity of DRAM, NAND Flash, or NOR Flash, You can select the speed of the microprocessor. The hardware element of the storage device may be one of important factors in executing the actual separate execution target code block 34 to calculate the output value.

Meanwhile, in the present embodiment, an example in which the user directly sets the security level is disclosed, but the security level may be set as a default. In the present embodiment, the example of setting the security level after selecting the content 30 to be separated has been disclosed. However, the content 30 to be separated may be selected after the security level is set.

The basic block group selecting unit 19 includes a basic information collecting unit 14 and a static analyzing unit 16. The basic information collecting unit 14 collects basic information through dynamic profiling of the called content 30. The static analysis unit 16 performs a static analysis on the content 30 based on the collected basic information to expand the analysis range of the code area 31 of the content 30, and through this, a plurality of basic block groups ( 37).

As described above, the content 30 includes a plurality of files, for example, a file such as an API provided by an operating system, an API provided by a developer, or a DLL. Therefore, since the part to be analyzed in the content 30 must be set, and it is not preferable to select the basic block block extracted from the API which is already published among the content 30 as the separate execution target code block 34, the content ( It is necessary to limit the portion to be analyzed in 30 to the code region 31.

The basic information is information collected about the code region 31 through dynamic profiling during run-time for the content 30. In other words, dynamic profiling can track the values assigned to inputs, outputs and registers, and the flow of content 30 in code, so that dynamic profiling can be used to expand the scope of analysis while collecting accurate and accurate basic information. can do. The collected basic information includes the start address of the basic block group 37, the end address of the basic block group 37, the number of calls of the basic block group 37, the size of the basic block group 37, and the basic block group 37. It contains information about the presence or absence of a real operation in). In particular, the collected basic information includes at least one indirect address among a branch address, a jump address, a call address, and an indirect address of the RET. The indirect address includes information about the start address of the basic block group 37, the size of the basic block group 37, and the branch taken address. In addition, the collected basic information is based on the set security level setting item, the number of times of referring to the memory of the host terminal in the basic block group 37, the number of times of calling the OS API of the host terminal in the basic block group 37, basic The execution time of the block group 37, the total number of instructions executed in the basic block group 37, the number and type of parameters passed for execution of the basic block group 37, the return after the execution of the basic block group 37 It may further include at least one of the kind of the value.

The static analyzer 16 performs a static analysis on the code region 31 of the content 30 based on the basic information collected about the code region 31. That is, since the static analysis unit 16 does not desirably select a part related to the published API of the content 30 as an analysis target, the static analysis unit 16 performs the static analysis of the code region 31 except for the corresponding part. In this case, the static analyzer 16 may perform static analysis based on the basic information except the basic information related to the published API among the content 30 among the collected basic information.

A general static analysis is a method of finding the starting point of the code region 31 of the content 30 and analyzing the control flow from the found starting point. Therefore, static analysis does not have information that can be obtained at run-time, so it is only possible to move to a path marked with a certain value in binary code. In particular, there are restrictions such as register data, heap area data, and movement to external DLL. Also following the control flow is a significant limitation due to the lack of indirect information. Because of this, general static analysis can be approached by grasping various starting points arbitrarily, but it is hard to have big meaning, so the scope of analysis is narrow.

However, since the static analysis unit 16 performs static analysis based on the basic information collected through dynamic profiling, the analysis range of the code region 31 of the content 30 may be extended. That is, the static analysis unit 16 substitutes an indirect address among the collected basic information on the control flow to expand the analysis range of the code area 31 of the content 30 to perform dynamic profiling alone or to perform static analysis. More valid basic block groups 37 can be extracted compared to performing.

Since the scope of analysis of the content 30 can be extended by assigning an indirect address as described above, although there may be differences depending on the characteristics of the content 30 to be analyzed, compared to performing dynamic profiling or static analysis alone. The range of analysis can be increased by several orders of magnitude. For example, if the static analysis alone shows a compression range of less than 1% for compressed executable programs such as Alzip.exe (Eastsoft's solution), but static analysis is performed using the basic information collected through dynamic profiling. It can be seen that the analysis range is more than 27%. That is, a large number of indirect addresses present in the code area 31 of the content 30, and the possibility of extending the analysis range using the indirect addresses means that various outputs, for example, the basic block group 37, can be derived. do.

On the other hand, since the size of the basic block group 37 may be tens to hundreds of bytes in 1 byte, such as RET, the larger the size of the basic block group 37 is, the greater the probability of internal entry is. In addition, if all instructions of the content 30 can be inspected and analyzed before execution, a more accurate and detailed basic block group 37 can be defined. However, this also cannot completely define the basic block group 37 due to the existence of indirect addresses.

Therefore, the basic block group 37 which allows the entry of the control signal through the starting point and the movement of the control signal between the basic block 35 but does not enter the control signal to the basic block 35 except for the starting point is included in the content 30. In order to extract from, the static analyzer 16 may select the basic block group 37 in the code area 31 of the content 30 by using the following definition (rule).

In this case, the definition of the basic block group 37 is as follows. First, the basic block group 37 defined once is not fixedly defined, and the basic block group 37 is separated and redefined according to the presence or absence of a control signal entering into the basic block group 37.

2, 3, and 9, the static analyzer 16 includes a basic block group 37 including a plurality of basic blocks 35 associated with each other in the code area 31 of the content 30. Can be defined In this case, the defined basic block group 37 may be referred to as a collection of basic blocks 35 without entering a control signal to the basic block 35b excluding the starting point.

In this case, when a control signal through the basic block 35a positioned at the start point of the basic block group 37 is input, the static analyzer 16 does not redefine the basic block group 37. In addition, even when the control signal is moved between the basic blocks 35 included in the basic block group 37, the static analyzer 16 does not redefine the basic block group 37. That is, in the above two cases, the static analyzer 16 maintains the basic block group 37 in the current defined state.

However, as shown in FIGS. 2, 3, and 10, when the control signal is input to the other basic block 35b except for the basic block 35a positioned at the start of the basic block group 37, the static analyzer Reference numeral 16 divides the basic block group 37 based on the basic block 35b to which the control signal is input and redefines it. That is, if there is a control signal entering the basic block group 37, the static analyzer 16 divides and redefines the basic block group 37 based on an instruction address of the control signal.

By redefining the basic block group 37 in this manner, it is possible to increase the probability that the divided basic block groups 37a and 37b are established as basic block groups without internal entry.

In this case, the basic block group 37 to be redefined has a first basic block group 37a based on the command address of the control signal and a second basic block group 37b including the command address of the control signal. Is redefined to). The branch address of the first basic block group 37a becomes the next instruction address for entry to the start point of the second basic block group 37b.

And by repeating this redefinition step, the finally redefined basic block group 37 is a plurality of basic blocks 35 having the properties of a single input and a single output and the property of not allowing entry from outside to inside. It may be defined as a basic block group 37 including a.

The extraction and generation unit 18 extracts the separate execution target code block 34 from the extracted basic block groups 37, generates a list of the extracted execution target code blocks 34, or generates a service content. Generate (32). In particular, the extraction and generation unit 18 separates the basic block group 37 on the important path that is necessarily executed at least once when executing the content 30 among the plurality of extracted basic block groups 37. 34). In addition, the extraction and generation unit 18 may extract the separation execution target code block 34 according to the set security level. For example, the user weights at least one of the call frequency of the basic block group 37, the call position of the basic block group 37, the memory reference frequency of the host terminal, the OS API reference frequency of the host terminal, and the hardware elements of the storage device. By setting the security level, the extraction and generation unit 18 may select the separate execution target code block 34 according to the set security level. That is, the user may set a security level at the user level in consideration of the type, value, and the like of the content 30, and thereby obtain a copy protection effect of the content 30.

The extraction and generation unit 18 may generate a list of the extracted execution target code blocks 34. The list of separation execution target code blocks 34 may be provided to the content registration server together with the corresponding content 30 to be used when registering the corresponding content 30.

The extraction and generation unit 18 may generate the service content 32 by inserting the stub code 36 into the code area from which the separation execution code block 34 is extracted. At this time, the stub code 36 connects the code region extracted from the content 30 with the extracted separation target code block 34.

In addition, the extraction and generation unit 18 is a content for service in which the stub code 36 is inserted into the separated execution target code block 34 extracted from the content 30 and the code region from which the separate execution target code block 34 is extracted. It can be divided into 32 and stored in the storage unit (13).

As described above, the separation execution target code block 34 extracted by the extraction and generation unit 18 allows input of the control signal when a control signal is input through the basic block 35 positioned at the start point. The separate execution target code block 34 allows the movement of the control signal between the basic blocks 35 according to the input of the control signal through the start point. The separate execution target code block 34 also includes a plurality of basic blocks 35 without entry of control signals to the basic block 35 except for the start point. In other words, the separated execution code block 34 includes a plurality of basic blocks 35 which do not allow entry of the control signal to the basic block 35 except for the start point.

The separation execution target code block 34 extracted by the extraction and generation unit 18 as described above has attributes as shown in FIGS. 5 to 7. That is, as shown in FIG. 5, when the control signal through the basic block 35a positioned at the starting point is input, the separation execution target code block 34 allows the input of the control signal.

As shown in Fig. 6, the separate execution target code block 34 allows the movement of the control signal between the basic blocks 35a and 35b according to the input of the control signal through the start point.

In addition, as illustrated in FIG. 7, the separated execution target code block 34 includes a plurality of basic blocks 35a and 35b without entering a control signal to the basic block 35b except for the starting point. In other words, the separated execution code block 34 includes a plurality of basic blocks 35 which do not allow entry of the control signal to the basic block 35b except for the start point.

Therefore, the content separation device 10 according to the present embodiment divides the corresponding content 30 into a separate execution target code block 34 and a service content 32 through dynamic profiling and static analysis of the content 30. can do. In addition, since static analysis of the corresponding content 30 is performed using the basic information of the code area 31 collected through the dynamic profiling of the content 30, the code area 31 of the content 30 The scope of analysis can be extended, and through this, the extraction rate of code blocks required for copy protection of the content 30 can be improved.

A method of separating content based on the separation execution according to the present embodiment will be described with reference to FIGS. 1 to 10. 8 is a flowchart illustrating a content separation method based on separation execution according to an embodiment of the present invention. 9 and 10 are exemplary diagrams for describing a selection step of a basic block group extracted as a separate execution target code block of FIG. 8.

First, in step S61, the content separation device 10 calls the content 30 to be separated. That is, when a selection signal for calling the content 30 to be separated from the user is input through the input unit 11, the content separating apparatus 10 displays a list of the content before separation 30 stored in the storage unit 13. 15). Subsequently, when the specific content 30 is selected from the list, the content separating apparatus 10 calls the selected content 30.

Next, in step S63, the content separation device 10 sets the security level for the selected content (30). That is, the content separation device 10 displays the security level setting item that can be selected by the user on the display unit 15. When the user selects a specific security level setting item from the displayed security level setting items, the content separation device 10 sets the security level of the content 30 to be registered as the selected security level setting item.

In this embodiment, the example proceeds in the steps S61 and S63, but may be performed in the reverse order. In addition, when the security level is set as a default, the content separation device 10 may skip step S63.

Next, in step S65, the content separating apparatus 10 starts execution of the called content 30.

Next, in step S67, the content separation device 10 collects basic information about the code area 31 by performing dynamic profiling on the called content 30. That is, the content separation device 10 collects basic information about the code area 31 during the run-time for the content 30. The collected basic information includes the start address of the basic block group 37, the end address of the basic block group 37, the number of calls of the basic block group 37, the size of the basic block group 37, and the basic block group 37. It contains information about the presence or absence of a real operation in). In particular, the collected basic information includes at least one indirect address of a branch address, a jump address, a call address, and an indirect address of the RET. The indirect address includes information about the start address of the basic block group 37, the size of the basic block group 37, and the branch tagged address. Also, the collected basic information may include the number of times of referring to the memory of the host terminal in the basic block group, the number of times of calling the OS API of the host terminal in the basic block group, the execution time of the basic block group, and the like. The method may further include at least one of the total number of instructions executed in the basic block group, the number and type of parameters transferred for the execution of the basic block group, and the type of values returned after the execution of the basic block group.

Next, in step S69, the content separation device 10 performs a static analysis based on the collected basic information. That is, the content separating apparatus 10 substitutes an indirect address among the collected basic information on the control flow and performs a static analysis on the code area 31 of the corresponding content 30.

As described above, since the static analysis is performed based on the collected basic information, the scope of analysis for the code area 31 of the content 30 may be extended as compared with performing dynamic profiling or static analysis alone. Can be.

In operation S69, the content separation device 10 may select a plurality of basic block groups 37 through static analysis based on basic information. That is, the content separation device 10 may select a plurality of basic block groups 37 in the code area of the content by substituting an indirect address among the collected basic information on the control flow.

In operation S69, the content separation device 10 may select the basic block group 37 through definitions (rules) as illustrated in FIGS. 9 and 10.

First, as illustrated in FIG. 9, the content separation device 10 may define a basic block group 37 including a plurality of basic blocks 35 associated with each other in the code area 31 of the content 30. .

When the control signal through the basic block 35a positioned at the start of the basic block group 37 is input, the content separation device 10 does not redefine the basic block group 37. In addition, even when the control signal is moved between the basic blocks 35 included in the basic block group 37, the content separation device 10 does not redefine the basic block group 37. That is, in the above two cases, the content separation device 10 maintains the basic block group 37 in the current defined state.

However, as shown in FIG. 10, when the control signal is input to the other basic block 35b except for the basic block 35a positioned at the start point of the basic block group 37, the content separation device 10 may use the corresponding basic type. The block group 37 is divided and redefined based on the basic block 35b to which the control signal is input. That is, if there is a control signal entering the basic block group 37, the content separation device 10 divides and redefines the basic block group 37 based on the command address of the control signal.

By redefining the basic block group 37 in this manner, it is possible to increase the probability that the divided basic block groups 37a and 37b are established as the basic block group 37 without internal entry.

In this case, the basic block group 37 to be redefined has a first basic block group 37a based on the command address of the control signal and a second basic block group 37b including the command address of the control signal. Is redefined to).

And by repeating this redefinition step, the finally redefined basic block group 37 is a plurality of basic blocks 35 having the properties of a single input and a single output and the property of not allowing entry from outside to inside. It may be defined as a basic block group 37 including a.

In operation S71, the content separation device 10 may extract the separation execution code block 34 from the selected basic block groups 37. That is, in operation S71, the content separation device 10 may extract the basic block group 37 as the separation execution target code block 34 according to a security level set among the plurality of selected basic block groups 37. For example, the user may call the basic block group 37, the calling position of the basic block group 37, the memory reference frequency of the host terminal 51, the OS API reference frequency of the host terminal 51, and the storage 53. When the security level is set by weighting at least one of the hardware elements, the content separation device 10 may extract the separation target code block 34 according to the set security level.

In this case, after operation S71, the content separation device 10 may generate a list for the extracted separation execution target code block 34.

In operation S73, the content separation device 10 may generate the service content 32 by inserting the stub code 36 into the code region from which the separation execution code block 34 is extracted. At this time, the stub code 36 connects the code region extracted from the content 30 with the extracted separation target code block 34.

In this way, the separation execution target code block 34 is extracted from the content 30, and the stub code 36 is inserted into the code region from which the separation execution target code block 34 is extracted to generate the service content 32. The content separating apparatus 10 may divide the content 30 into the extracted execution target code block 34 and the generated service content 32. In this case, in operation S73, the content separation device 10 may store the separation execution target code block 34 and the service content 32 in the storage unit 13.

Content separation method according to the present embodiment is implemented in the form of program instructions that can be executed by various computer means may be recorded on a computer-readable recording medium. The recording medium may include program instructions, data files, data structures, etc. alone or in combination. Program instructions recorded on the recording medium may be those specially designed and constructed for the present invention, or they may be of the kind well-known and available to those having skill in the computer software arts. For example, the recording medium may be magnetic media such as hard disks, floppy disks, and magnetic tapes, optical media such as CD-ROMs, DVDs, or magnetic-optical media such as floptical disks. magneto-optical media, and hardware devices specifically configured to store and execute program instructions, such as ROM, RAM, flash memory, and the like. Examples of program instructions may include high-level language code that can be executed by a computer using an interpreter as well as machine code such as produced by a compiler. Such hardware devices may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.

On the other hand, the embodiments of the present invention disclosed in the specification and drawings are merely presented specific examples to aid understanding, and are not intended to limit the scope of the present invention. In addition to the embodiments disclosed herein, it is apparent to those skilled in the art that other modifications based on the technical idea of the present invention may be implemented.

The present invention relates to an apparatus for separating content based on separation execution, a method thereof, and a computer-readable recording medium on which the method is recorded. The present invention collects basic information of a code area through dynamic profiling of content, and collects basic information. Using the information obtained by performing a static analysis of the code area of the content using the can be separated into the content to be separated and executed code block and service content. In addition, since static analysis of the code area of the corresponding content is performed using the basic information of the code area collected through dynamic profiling of the content, the scope of analysis of the code area of the content is extended, thereby preventing duplication of content. By improving the extraction rate of the required code block, it is possible to effectively extract the separated execution target code block required for copy protection of the content.

10: content separation device 11: input unit
12: content call unit 13: storage unit
14: basic information collecting unit 15: display unit
16: static analysis unit 17: control unit
18: extraction and generation unit 30: content
31: Code area 32: Content for service
33: data area 34: code block to be separated
35: basic block 37: basic block group

Claims (23)

In the content separation device based on the separation execution,
A content caller for calling content to be separated;
A basic block group selector configured to select a plurality of basic block groups through dynamic profiling and static analysis on a code region of the called content;
An extraction and generation unit for selecting a separation execution target code block from the plurality of basic block groups and extracting the extracted code block from a code area of the content;
Separation execution-based content separation device comprising a. The method of claim 1, wherein the extraction and generation unit,
Separating execution-based content separation device, characterized in that for generating the content for the service by inserting a stub code in the code region from which the separation execution target code block is extracted. The method of claim 1 or 2, wherein the basic block group selection unit,
A basic information collecting unit which collects basic information through dynamic profiling of the called content;
A static analyzer configured to select the plurality of basic block groups by performing static analysis on the code area of the content based on the collected basic information;
Separation execution-based content separation device comprising a. The method of claim 3,
And the basic information includes information on a code region of the content collected during a run-time of the content. The method of claim 3, wherein the static analysis unit,
Separation execution-based content separation device, characterized in that for performing static analysis by substituting the indirect address of the collected basic information into a control flow (control flow). The method of claim 3, wherein the extraction and generation unit,
Separating execution-based content separation device, characterized in that for extracting the basic block group on the critical path (critical path) that is necessarily executed at least once in the execution of the content of the plurality of basic block groups as a separate execution target code block. The method of claim 6,
A storage unit for storing the content, the content execution target code block of the content, and content for a service in which the content execution separation code block is separated from the content;
Separation execution-based content separation device further comprising a.
In the separation execution based content separation method,
A call step of calling the content to be separated by the content separating apparatus;
A selection step of selecting, by the content separation device, a plurality of basic block groups through dynamic profiling and static analysis of a code region of the called content;
An extraction step of the content separation device selecting a code block to be separated from the basic block group and extracting the code block from the code area of the content;
Separation execution-based content separation method comprising a. The method according to claim 8, which is carried out after the extraction step,
Generating, by the content separation device, content for a service by inserting stub codes into the code region from which the separation execution target code block is extracted;
Separation execution based content separation method characterized in that it further comprises. The method of claim 8, wherein the selecting step,
A collection step of collecting, by the content separation device, basic information through dynamic profiling of the called content;
A basic block group selecting step of selecting a plurality of basic block groups by performing a static analysis on a code region of the content based on the collected basic information by the content separating apparatus;
Separation execution-based content separation method comprising a. The method of claim 10, wherein in the collecting step,
And wherein the basic information includes information on a code region of the content collected by the content separation apparatus during run-time of the content. The method of claim 10, wherein in the collecting step,
The collected basic information may include at least one indirect address among a branch address, a jump address, a call address, and an indirect address of the RET. Based content separation method. The method of claim 10, wherein in the collecting step,
The collected basic information includes information on the start address of the basic block group, the end address of the basic block group, the number of calls of the basic block group, the size of the basic block group, and the presence or absence of a real operation in the basic block group. Separation execution based content separation method. The method of claim 13,
The collected basic information includes the number of times of referring to the memory of the host terminal in the basic block group, the number of times of calling the OS API of the host terminal in the basic block group, the execution time of the basic block group, and the total performed in the basic block group. Separating execution-based content separation method characterized in that it further comprises at least one of the number of instructions, the number and type of parameters passed for execution of the basic block group, and the type of the value returned after the execution of the basic block group. The method of claim 10, wherein in the basic block group selection step,
Separation execution-based content separation method, characterized in that for performing static analysis by substituting the indirect address of the collected basic information into a control flow (control flow). The method of claim 8, wherein the extracting step
The content separation apparatus extracts a basic block group on a critical path that is necessarily executed at least once when executing the content among the plurality of basic block groups as a separate execution target code block. How to separate content from. The method of claim 16, wherein after the extraction step,
Generating, by the content separation device, a list of the extracted separation execution code blocks;
Separation execution based content separation method characterized in that it further comprises. The method of claim 8,
The calling step may further include a security level setting step of setting a security level for the content to be separated by the content separation device.
In the extraction step,
Separating execution-based content separation method, characterized in that the content separation device extracts the separation execution target code block from the plurality of basic block groups according to the set security level. The method of claim 18, wherein the setting of the security level,
Displaying, by the content separation device, a security level setting item;
Setting, by the content separation device, a security level to a security level setting item selected from the security level setting items;
Separation execution-based content separation method comprising a. The method of claim 19, wherein the security level setting item,
Separation execution-based content separation comprising at least one of the call frequency of the basic block group, the call location of the basic block group, the memory reference frequency of the host terminal, the OS API reference frequency of the host terminal, the hardware elements of the storage device. Way. The method of claim 8, wherein the selecting step,
Defining a basic block group in a code area of the content by the content separation device;
Redefining by dividing the basic block group based on an instruction address of the control signal when the content separation device has a control signal entering the basic block group;
Separation execution-based content separation method comprising a. The method of claim 21, wherein in the redefining step,
The finally redefined basic block group is divided into a plurality of basic blocks having attributes of a single input and a single output and a property which does not allow entry from outside to inside. Execution based content separation method. A computer-readable recording medium having recorded thereon a method according to any one of claims 8 to 22.

Images