KR20110013191A - Separating execution method of executable contents, device for forming separating execution based executable contents, and storage media recorded separating execution based executable contents - Google Patents

Abstract

PURPOSE: An isolation executable method of an executable contents, an isolation executable contents configuration device and a recording medium recording an isolation executable contents for executing the executable contents through the coupling of a heterogeneous processor are provided to originally block the illegal copy of the executable contents in order to implement a random code block. CONSTITUTION: A code analyzer(120) analyzes a code area of the executable contents. The code analyzer selects an executable target code block from the code area. A code converter(140) isolates the selected isolation executable target code block. The code converter converts the isolating code block into the executable code block in a storage device. A code controller(130) calls the code block.

Description

Technical Field [0001] The present invention relates to a method and apparatus for separating executable content, a method for separating execution-based content from an executable content, a recording medium for separating executable contents, execution based executable contents}

In order to protect copyright of digital contents, an embodiment of the present invention separates an arbitrary code block in a code area of executable content and executes executable content by separating execution code contents through interaction between a storage device having a host terminal and a processor A separate execution method of content, an execution-based content composition apparatus based on separation execution, and a recording medium on which execution-based content is recorded.

Executable content refers to characters, sounds, sounds, images, and the like, which are created in a digital format. And, as digital contents are accepted as a kind of creation, the importance of digital rights management technology for protecting copyright of such digital contents is increasing.

DRM refers to technologies and services that prevent the unauthorized use of digital contents, protect the rights and interests of digital contents providers, prevent illegal copying, charge fees and settlement agents, and support the distribution and management of contents. Include digital rights management technology that allows only legitimate users to use content and pay appropriate fees, software and security technologies for copyright approval and enforcement, and payment and billing technologies.

In particular, various methods have been used to prevent illegal copying and use of digital contents. The most common method is to use an authentication key. This method allows digital content to be installed or executed only when an authentication key is input. However, illegal use or illegal copying is still performed by users sharing the authentication key or reverse engineering the key verification algorithm.

In a more powerful way, there is a way to provide a hardware key lock so that it is executed only when the provided key lock is present when the program is executed. However, this method can also be disabled by modifying the program to bypass only the portion of the key lock.

As a result, the illegal use of digital contents is still being performed, and the damage caused by content developers due to unauthorized use of digital contents is increasing. Unauthorized use of digital contents is a factor that deteriorates the development desire of the application program of the content developer. Further, when developing digital contents, it is necessary to concentrate more on security technology for suppressing illegal copying and use, Thereby increasing the cost and burdening the content provider.

Disclosure of Invention Technical Problem [8] The present invention has been proposed in order to solve the problems of the related art, and it is an object of the present invention to isolate an arbitrary code block in the code area of executable contents, A separate execution method of executable content for executing executable content separately, an executable content configuration apparatus based on separate execution, and a recording medium recording executable content based on execution execution.

It is another object of the present invention to provide a method and system for separating and executing executable content that enables executable content to be separated between a host terminal and a storage device having different processors, And a recording medium on which the content is recorded.

As a means for solving the above-mentioned problems, the present invention provides a data processing system including a code analysis unit, a code conversion unit, a code operation unit, and a control unit, Type content composing apparatus. The code analyzing unit analyzes the code area of the executable content and selects one or more code blocks to be separated from the code area. The code conversion unit separates the selected separation execution object code block and converts it into a code block for a storage device executable in the storage device. The code operation unit calls the storage device code block at execution time of the executable content and converts the executable content to receive the result value. The control unit controls the operations of the code analysis unit, the code operation unit, and the code conversion unit to output the executable content and the code block for the storage device converted by the code operation unit.

In the execution-based content composing apparatus according to the present invention, the code block for the storage device is executed in a storage device having a processor having a structure different from that of the host terminal.

In the execution-based content composition apparatus according to the present invention, the code analysis unit may include a parser, a profile loader, a rule loader, and a code selector. The parser converts a code block selection rule for defining to which item the profile data and the profile data obtained through the profiling of the executable content have the greatest weight and selects the detached execution object code block into the specified internal data format . The profile loader loads the profile data through the parser. The rule loader loads code block selection rules through the parser. The code selector selects one or more execution target code blocks in the code area of the executable content with reference to the loaded profile data and code block selection rules.

The code analyzer may further include a rule updater that receives the verification result of the selected detachment execution target code block and updates the code block selection rule.

The profile data includes a code block start address, a code block end address, a code block call count, a code block size, a floating point calculation count, a memory block reference count, a code block OS API call count, The total number of instructions to be executed in the code block, the number and types of parameters to be transmitted for execution of the code block, and the kind of result value to be returned after execution of the code block.

The code block selection rule is weighted to at least one of a calling frequency, a calling position, a memory reference frequency of a host terminal, an OS API reference frequency of a host terminal, and a hardware element of a storage device for each code block.

In the apparatus for constructing an execution-based content according to the present invention, the code operation unit may call the storage device code block by packing stack and register information, and when the call is terminated, The auxiliary execution code for restoring the information of the stack and the register by the result value is generated and the stub code for jumping to the auxiliary execution code is inserted at the position where the execution execution target code block of the execution content is located.

In the apparatus for constructing an execution-based content according to the present invention, the auxiliary executable code is implemented as a DLL (Dynamic Link Library) file.

In the apparatus for constructing an execution-based content according to the present invention, the code operating unit may further modify an import table of executable content so that the auxiliary executable code is loaded when the executable content is executed.

The auxiliary execution code includes an interface function unit for providing a communication channel with the code block for the storage device; A packing function for receiving information of the stack and the register from the stub code, packing the same, and transmitting the packed information to the storage device code block through the interface function unit; An unpacking function unit for unpacking a result value transferred from the code block for the storage device through the interface function unit to restore information of the stack and the register; When the memory of the host terminal is called in the code block for the storage device, the data transferred from the code block for the storage device is written into the memory via the interface function unit, the data is dispatched from the memory, A memory mapping function for transferring the memory mapping information; And an OS API mapping function unit for receiving an API name and a parameter value from the storage device code block through the interface function unit, calling OS API of the host terminal, and returning the result to the storage device code block. .

In the apparatus for constructing an execution-based content according to the present invention, the code conversion unit may be implemented using an LLVM (LLVM Intermediate Representation), and includes a preprocessor for converting a code block to be separated into an intermediate language; An intermediate stage optimizer for optimizing a code block to be separated from the front end processor into an intermediate language; And a code generator for converting an optimized intermediate language target separation code block into a code block for processor-based storage devices having one or more different structures.

According to an embodiment of the present invention, when an initial code block to be encrypted is selected in a code area under control of a control unit, an initial code block is encrypted with a specific key, and a specific key And a code encryption unit for converting the executable content to decrypt and execute the encrypted initial code block.

The code encryption unit may generate a start up stub code for calling a function of an auxiliary execution code for decrypting and executing the encrypted initial code block instead of the selected initial code block and inserting the start stub code at a position of the initial code block; A section generator for generating a security zone in the executable content and loading an encrypted initial code block in the generated security zone; An encryptor for encrypting the selected initial code block with a specific key and providing the encrypted initial code block to a section generator; And an import table modifier for modifying the import table of the import area to load the auxiliary executable code at execution time of the executable content.

The auxiliary execution code further includes a code decryption function unit for acquiring a specific key from the storage device in response to the start stub code call, decrypting the encrypted initial code block loaded in the secure area, and executing the decrypted initial code block can do.

The code decoding function unit maps the instruction pointer to the decoded initial code block and jumps the decoded initial code block to execute the decoded initial code block on the memory.

As another means for solving the above problems, the present invention provides a computer-readable recording medium on which separate execution-based executive contents are separately executed through a storage device having a host terminal and a processor.

The recording medium on which the execution-based execution contents are recorded may pack information of the stack and registers so that one or more separate execution target code blocks separated from the code area of the executable file are stored in one or more storage devices An auxiliary executable code for calling the use code block and restoring information of the stack and registers returned from the code block for the storage device when the call is terminated; And one or more stub codes inserted into the code area of the executable file on behalf of one or more separate execution target code blocks and jumping to the auxiliary executable code when execution of the corresponding separate execution target code block is requested.

In a recording medium on which execution-based content according to the present invention is recorded, a code block for a storage device is executed in a storage device having a processor having a structure different from that of the host terminal.

The recording medium on which the execution-based content according to the present invention is recorded further includes an import table into which the auxiliary execution code information is inserted so as to load the auxiliary execution code when the execution file is executed.

In the recording medium on which the execution-based content according to the present invention is recorded, the auxiliary execution code includes an interface function unit for providing a communication channel with the code block for the storage device; A packing function for receiving stack information and register information from the stub code, unpacking the stack information, and transmitting the unpacked information to the code block for the storage device through the interface function unit; An unpacking function unit for unpacking the stack and the information of the register transferred from the code block for the storage device through the interface function unit and returning it as the stub code; A memory mapping function unit for writing the data transferred from the code block for the storage device to the memory of the host terminal via the interface function unit or dispatching the data from the memory of the host terminal to the code block for the storage device; And an OS API mapping function unit that receives the API name and parameter value from the code block for storage device through the interface function unit, calls the OS API of the host terminal, and returns the result to the code block for the storage device .

In addition, the assistant executable code may further include a code decryption function for obtaining a specific key from the storage device, decrypting the encrypted initial code block loaded in the secure area, and executing the decrypted initial code block.

The recording medium on which the execution-based content according to the present invention is recorded is inserted in place of the initial code block selected in the code area of the executable file so that when the execution of the initial code block is requested, A start-up stub code that calls the part; And a security area in which an initial code block encrypted with a specific key is loaded.

In the recording medium on which execution-based content according to the present invention is recorded, the code decoding functional unit maps an instruction pointer to a decoded initial code block, and jumps the decoded initial code block to execute the decoded initial code block on the memory .

As another means for solving the above problems, the present invention provides a code block for a storage device, which is converted so as to be executable in a storage device, The present invention provides a method for separating executable content from a host terminal connected to a storage device having a stored processor.

A method for separating and executing executable content according to the present invention comprises packing stack and register information when an entry into a code block to be separated is requested while the host terminal is executing an executable file of executable content; Calling a code block for the storage device stored in the storage device, and transferring the packed stack and register information; Receiving data including a result of the code block for the storage device from the storage device; And unpacking the data transferred from the storage device to obtain the result of the code block for the storage device, and restoring the stack and register information based on the result.

The code block for the storage device is executed in a storage device having a processor having a structure different from that of the host terminal.

A separate execution method for executing executable content, a run-based content execution device based on separation execution, and a recording medium on which execution-based execution content is recorded, characterized in that the code execution object code block includes a plurality of basic block groups It is a basic block group on the critical path of executable content. The basic block group allows entry of a control signal through an entry point and movement of a control signal between a plurality of basic blocks and permits movement of control signals between a plurality of basic It is a gathering of blocks. A basic block is a block of code with attributes of single input and single output and attributes that do not allow entry of control signals from outside to inside.

In addition, the present invention provides, as yet another means for solving the above-mentioned problems, a computer-readable recording medium on which a program for performing the above-described execution execution method for executing executable content is recorded.

The present invention configures executable content such that arbitrary code blocks existing in a code area of digital contents are separated and executed. In addition, when there is no separate code block, executable content can not operate normally, There is an excellent effect that it is possible to block copying and use at the source.

In addition, the present invention separates the detachment target code block from the executable content and converts it into a code block for a storage device executable on the processor of the storage device, and adds an auxiliary execution code for interacting with the code block for the converted storage device The execution-type content is branched to the auxiliary execution code during the execution of the execution-type content, and the separation-execution-based execution content is configured to execute the storage device code block and receive the resultant value. So that the X86 executable content can be executed separately from a smart card or an USIM having an ARM processor.

1 is a diagram showing a schematic structure of a digital rights management system to which the present invention is applied.
2 is a diagram schematically showing the structure of an executive content to which the present invention is applied.
3 is a diagram schematically illustrating the structure of an execution-based execution content according to the present invention.
FIG. 4 is a block diagram illustrating an execution-based content composition apparatus according to the present invention.
5 is a block diagram showing a detailed configuration of a code analysis unit in an execution-based content composition apparatus according to the present invention.
6 is an exemplary diagram illustrating a stub code generated in a code operation unit of an execution-based content composition apparatus according to the present invention.
7 is a block diagram showing a detailed configuration of a code conversion unit in an execution-based content composition apparatus according to the present invention.
FIG. 8 is a block diagram showing a detailed configuration of a code encryption unit in an execution-based content composition apparatus according to the present invention.
FIG. 9 is a diagram illustrating a structure of an execution-based execution content configured in an execution-based content composition apparatus according to the present invention.
FIG. 10 is a block diagram illustrating a structure of an auxiliary execution code and a separation execution process by an auxiliary execution code in the execution-based execution content according to the present invention.
11 is a block diagram for explaining the detailed operation of the code decryption function of the auxiliary execution code in the execution-based execution content according to the present invention.
12 is a flowchart sequentially illustrating a separation execution method by execution-based execution contents according to the present invention.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. In the following description and the accompanying drawings, detailed description of well-known functions or constructions that may obscure the subject matter of the present invention will be omitted. It should be noted that the same constituent elements are denoted by the same reference numerals as possible throughout the drawings.

1 is a block diagram showing the entire structure of a digital rights management system (hereinafter referred to as DRM system) to which the present invention is applied.

1, a DRM system 10 to which the present invention is applied includes a content providing server 12 and a host terminal 13 connected to each other via a network 11, And a storage device 14 connected to the network.

In the present invention, " separate execution " means that the digital content, more specifically the executable digital content, is executed through two different devices, more concretely by interlocking the host terminal 13 and the storage device 14 . In order to implement such separation execution, the execution terminal 15 of the host terminal 13 is stored with the execution-based content 15a on which the code block selected in the code area (hereinafter referred to as a separation execution object code block) is removed, 14 stores a code block 15b for a storage device which is converted so as to be executable in the storage device 14 for a code block to be separated for execution removed from the execution-based executable content 15a. The separation execution is performed in such a manner that the host terminal 13 requests the storage device 14 to return the result of the part (separation execution target code block) removed from the execution-based execution content 15a and returns it.

Accordingly, the executable content to which the present invention is applied is meant to be executable type content, including a game, an application program, software, and the like.

1, the network 11 performs a series of data transmission / reception for data transmission and information exchange between the content providing server 12 and the host terminal 13. [ For this purpose, the network 11 may be an IP network providing large capacity data transmission / reception service and seamless data service through IP, and may be an ALL-IP network having an IP network structure in which different networks are integrated based on IP. The network 11 includes a wired communication network, a mobile communication network, a wireless broadband (WiBro) network, a high-speed downlink packet access (HSDPA) network, a satellite communication network or other well-known or future wired or wireless networks or a combination thereof.

The content providing server 12 stores the execution-based executable content 15a and the storage device code block 15b and provides it to the host terminal 13 at the request of the customer. The content providing server 12 can constitute an execution-based execution content 15a and a storage device code block 15b through an execution-based content forming apparatus according to the present invention to be described later.

The host terminal 13 collectively refers to a computing device having an independent CPU capable of executing executable contents, such as a PC, a notebook, and a workstation. The host terminal 13 includes a public computer which is accessible by a plurality of users. The host terminal 13 is provided with an execution-based execution content 15a. When the storage device 14 is connected to the host terminal 13 via the wired / wireless interface, the host terminal 13 performs separation execution for the executable content 15a in conjunction with the connected storage device 14. In addition, the host terminal 13 requests the content providing server 12 to purchase the executable content at the request of the user, and sends the executable content 15a and the storage device The code block 15b is downloaded and the executable content 15a based on the separation execution is stored in its own memory and the storage device code block 15b is stored in the storage device 14. [

The wired / wireless interface can be implemented using a wired communication method using a USB, a USB2, a serial / parallel port, an Ethernet, a TCP / IP, a communication cable, and a short-range wireless communication method. Bluetooth, Zigbee, Ruby, Infrared Data Association (IrDA), and Ultra Wide Broadband (UWB) may be used as the short-range wireless communication method.

The storage device 14 is connected to the host terminal 13 via a wired / wireless interface and receives and stores the storage device code block 15b via the host terminal 13. [ In order to safely store the code block 15b for a storage device, the storage device 14 preferably has a security function. In addition, the storage device 14 must perform separation execution in conjunction with the host terminal 13 when executing the execution-based execution content 15a. Therefore, the storage device 14 preferably includes a processor capable of arithmetic processing on the code block to be separated. At this time, the storage device 14 performs an operation on the storage device code block 15b in response to the request of the host terminal 13, and returns the result value to the host terminal 13.

In the DRM system described above, the content provider provides separate execution-based execution content 15a to the host terminal 13 of a legitimate user through the content providing server 12, And stores block 15b. Thereafter, when a legitimate user connects the storage device 14 in which the storage device code block 15b is stored to the host terminal 13, the execution executable content 15a installed in the host terminal 13 Execution-based content is normally executed through the interlocking of the host terminal 13 and the storage device 14. At this time, if there is no storage device code block 15b, the executable content is normally executed I can not.

The basic concept of execution-based execution content will be described with reference to FIGS. 2 and 3. FIG.

FIG. 2 is a schematic diagram of a data structure of executable digital content to which the present invention is applied. Referring to FIG. 2, the executable content 20 to which the present invention is applied includes a plurality of files such as an executable file, (API) provided by the developer, a dynamic linking library (DLL) provided by the developer, and the like. Such an executive content 20 includes a code area 21 and a data area 23. Actually, the code area 21 and the data area 23 are actually mixed with each other. The code area 21 includes a plurality of basic block groups 27 made up of a plurality of basic blocks 25.

Here, the basic block 25 means a sequence of instructions having attributes of a single input and a single output, and is a property that does not allow entry from the outside to the inside As shown in Fig. That is, the basic block 35 is a continuous sentence (a group of codes) executed at one time from the beginning to the end, and is a group of sentences whose execution is not stopped due to the flow control in the middle.

3 is a diagram schematically illustrating the structure of an execution-based execution content according to the present invention.

3, the execution-based execution content 30 according to the present invention includes a code area 31 in which a stub code 39 is inserted in place of one or more separate execution subject code blocks 37, Area 33. [0033] At this time, the stub code 39 is a code inserted in place of the extraction execution object code block 37 extracted for the separation execution, as the separated execution execution based content 30 and the separated execution execution object block 37, Lt; / RTI > More specifically, the stub code 39 calls the detachment object code block 37 and returns the result value of the detachment object code block 37 when performing the detachment execution for the executable content 30 Receive.

The separation execution target code block 37 is a module for executing a plurality of basic blocks 35 as one of a plurality of basic block groups 27 of the code area 31 through dynamic profiling and static analysis of the original executable contents, . More preferably, the detachment object code block 37 allows the entry of the control signal through the entry point and the movement of the control signal between the basic blocks 35 included therein, but the blocking of the basic block 35 And a plurality of basic blocks 35 associated with each other without entry of a control signal into the basic block group.

Alternatively, when the basic block group in which the control signal is input to the basic block 35 excluding the starting point is selected as the separation execution object code block 37, the extraction execution object code block 37 is extracted, The control signal may enter the code 39 in the middle rather than the beginning, and in this case, the stub code 39 can not perform processing for the corresponding control signal, and eventually execution of the executive content 30 stops Or an error may occur.

The above-described separation execution object code block can be extracted as follows.

First, a plurality of basic block groups 27 are selected through dynamic profiling and static analysis of the code area 21 of the executable content 20 to be separated. The selection of the plurality of basic block groups 27 starts with execution of the executable content 20 to be separated and collects basic information about the code area 21 during run-time, And performing static analysis on the code area 21 through dynamic profiling that extends the scope of analysis. The basic information is at least one indirect address among a branch address, a jump address, a call address, and an indirect address of RET. The basic information related to the published API of the executive content 20 is removed from the basic information and the basic information related to the published API is removed from the code area 21 of the executive content 20 based on the removed basic information By performing a static analysis on the subject, the scope of analysis can be extended. More basic block groups 27 can be selected compared to performing dynamic profiling or static analysis alone by extending the scope of analysis by assigning indirect addresses in the collected basic information to the control flow.

In addition, when a control signal for entering the inside of the basic block group 27 is generated among the selected plurality of basic block groups 27, the corresponding basic block group 27 is divided based on the command address of the control signal, do. At this time, the basic block group 27 to be redefined redefines the previous first basic block group and the subsequent second basic block group including the command address of the control signal based on the command address of the control signal.

By repeating this redefinition process, a basic block group 27 including a plurality of basic blocks 25 having attributes of a single input and a single output and an attribute not allowing entry from the outside to the inside is finally obtained define.

The separation execution object code block 37 is selected from among the plurality of basic block groups 27 to separate the separation execution object code block 27 from the code area and the stub code 39 are inserted.

At this time, it is preferable that the separation execution object code block 37 selects a basic block group on the critical path of the executive contents 20 among the plurality of basic block groups 27. [ In addition, it is possible to select the code block 37 for separation execution in consideration of the number of calls, the size, and the execution time among the plurality of basic block groups 27. [ For example, the basic block group 27 having a large number of calls, a small size, and a short execution time is selected by the separation execution object code block 37.

According to this, in the executable digital content, a basic block group existing on an important path, having a large number of calls, a small size, and a short execution time is selected as a separation execution target code block for security, The execution performance of the executable content can be improved.

Further, by performing static analysis using the basic information of the code area collected through dynamic profiling to extract a basic block group, the scope of analysis of the code area of the executable content is extended, The extraction rate of the group can be improved.

In addition, by providing flexibility to redefine a once-defined basic block group, a basic block group having a single input and a single output, which can be candidate candidates for a separate code block, It is possible to inhibit selection of an unsuitable basic block group having an entry of the control signal into the inside thereof excluding the entry point as a code block to be detached. As a result, It is possible to suppress the occurrence of an error during execution.

Since the storage device 14 has a processor structure different from that of the host terminal 13, the code block to be separated must be converted to be executable in such heterogeneous processor environment do.

As described above, the function of selecting the detachment object code block from the executable content, converting the detachment object code block into the storage device code block, and converting the detachment object code block to be detachable can be referred to as detachment-based execution Type content composing device.

FIG. 4 is a block diagram illustrating an apparatus 100 for executing an execution-based content according to the present invention. The separate execution execution based content composing apparatus 100 to be described below has a separate execution execution based content 15a to be stored respectively in the host terminal 13 and the storage device 140 in the DRM system shown in Fig. And a code block 15b for a storage device, and can be implemented in the server side, more specifically, in the content providing server 12.

Referring to FIG. 4, an apparatus 100 for executing an execution-based content according to the present invention includes a control unit 110, a code analysis unit 120, a code operation unit 130, a code conversion unit 140, And may further include a code encrypting unit 150. [0050]

The control unit 110 controls the entire process for generating the execution-based execution content. That is, the executable content to be separated is inputted, the detachment object code block is selected, the selected detachment object code block is separated from the executable content, and the executable content is converted And controls the code analysis unit 120, the code manipulation unit 130, and the code conversion unit 140 so as to convert the separated code block to be separated into a storage device code block that can be processed in the storage device 14. [

In addition, the control unit 110 extracts an initial code block from the code area of the executable content, encrypts the initial code block, and decrypts and executes the encrypted initial code block when executing the executable content. .

Next, the code analyzing unit 120 analyzes the code area of the executable content, and selects one or more code blocks to be separated from the code area. More specifically, the code analyzing unit 120 receives profile data and code block selection rules for executable content and executable content to be separated and executes executable content based on profile data and code block selection rules, The code block to be separated is determined. Profile data is information collected through dynamic profiling of executable content, which can be collected using the Dynamic Profiling Tool. More specifically, the dynamic profiling tool reads user preference information and decides which part to focus on, and then loads the corresponding PIN tool. Thereafter, the target executive content is loaded into the memory, the PIN tool is inserted and executed, and the result (profile data) is stored.

The profile data essentially includes a code block start address, a code block end address, a code block call count (which is the number of times it is called during the profile), a code block size, and whether or not a floating point calculation is performed. In addition, the profile data may optionally include a host memory reference number of code blocks, a number of calls to the OS API of the host terminal in the code block, an execution time of the code block, a total number of instructions executed in the code block, The type and number of parameters to be passed for execution of the code block, and the type of the value to be returned after execution of the code block.

The code block selection rule is for setting a weight to be given to each item of the profile data. The user preference information for which the weight can be set includes the call frequency for the code block to be separated to be selected by the profiling, A host memory reference frequency, an OS API reference frequency, and a hardware element of a storage device in which a separate execution target code block is to be stored. The calling frequency indicates the degree of calling frequency of the code block to be selected as the detached execution target code block from the execution of the executive type content. The higher the calling frequency is, the higher the security effect can be. Thereby reducing the overall execution speed of the executable content. Therefore, it is desirable to set an appropriate call frequency in accordance with the characteristics of the executable content. The call position indicates whether a code block to be called at the beginning of execution is selected or a code block to be called at the time of setting a specific function is selected in the selection of a code block to be detached. The host memory reference frequency indicates the number of times that the code block to be selected as the detachment object code block refers to the host memory. The OS API reference frequency indicates the OS API reference frequency of the code block. Generally, the higher the memory reference frequency and the OS API reference frequency, the higher the dependency on the host terminal. If the memory reference frequency and OS API reference frequency are high, However, conversely, the execution speed decreases. Therefore, the memory reference frequency and OS API reference frequency should be appropriately set according to a desired security level. The hardware element of the storage device includes, for example, the DRAM amount of the storage device, the NAND flash size, the CPU speed, etc., in which the detachment object code block is stored and executed.

By assigning different weights to each item of profile data according to the code block selection rule, the extracted code block to be extracted is different, and the security level is changed accordingly.

Code block selection rules can be set according to the nature of executable content. For example, if the executable content is a game program, execution speed is important. Therefore, it is desirable to minimize the host memory reference frequency and OS API reference frequency. In this case, a basic code By selecting a block as a block to be divided to be executed, it is possible to minimize the execution speed degradation of the executable contents. In order to reduce the price of the storage device 14 as much as possible in the sale of execution-based execution content, the weight of the hardware element of the storage device may be set to a low value. It should be noted that while the cost of the storage device 14 may be reduced, the execution speed may be somewhat lowered.

The above code block selection rules can further diversify the settable items.

5 is a block diagram showing a detailed configuration of the code analyzer 120. The code analyzer 120 includes a rule updater 121, a parser 122, a profile data loader 123, A rule loader 124, and a code selector 125. [

The rule updater 121 updates the code block selection rule to be a criterion at the time of selection of the detachment object code block. The code block selection rule indicates which item in the profile data has the greatest weight and which code block to be separated is to be selected. As described above, the code block selection rule can be expressed by a weight value of each item of profile data. However, such a code block selection rule is likely to change depending on the type, size, and the like of the executable content. Accordingly, the rule updater 121 continuously feeds back the verification result of the selected detachment object code block and continuously updates the selection rule of the detachment object code block. For example, when an issue such as an execution speed occurs as a result of performing a test on a selected detachment execution target code block, the detailed weight of the selection rule of the detachment execution target code block is changed based on the issue.

The parser 122 converts the selection rules of the profile data and the separation execution object code block into an internal data format (a data format that can be processed by the code selector 125). For example, the profile data and rules may be implemented in XML form. In this case, the parser 122 converts the selection rules of the profile data and the separation execution target code block from the XML format to the internal data format, .

The profile data loader 123 loads the profile data through the parser 122.

The rule loader 124 loads the code block selection rules via the parser 122.

The code selector 125 selects one or more separate execution object code blocks in the code area of the executable content based on the loaded profile data and code block selection rules.

Referring again to FIG. 4, the code manipulation unit 130 controls execution of the executable-type content so that the detachment-executing target code block and the detachment-executing target code block selected by the code- Conversion. More specifically, the code manipulation unit 130 generates an auxiliary execution code for mutual interoperation with the detached detachment execution target code block, and jumps to the auxiliary execution code at the beginning of the detachment execution object code block, A stub code which jumps to a position to be executed next to the detachment execution target code block is generated and inserted into the position of the detachment execution target code block. The auxiliary executable code calls for the parse execution object code block by packing the parameters transferred from the stub code, that is, the stack and the register information. When the call is completed, the auxiliary execution code packs the stack and register information Restore.

In one embodiment of the invention, the code block 15b for the storage device stored in the storage device 14 includes Java bytecode based on the platform of the storage device 14, more specifically a Java applet and ARM instructions It is implemented as a Java applet, which is implemented as a native launcher that runs the Java applet described above. In addition, the auxiliary executable code is implemented as a DLL (Dynamic Link Library) file so that it can be loaded and executed only when necessary. These auxiliary executable codes will be described in more detail below.

FIG. 6 is a diagram illustrating a stub code to be inserted into executable content. FIG. 6 (a) shows executable content before insertion of a stub code, that is, Of the stub code shown in FIG.

6 (a) and 6 (b), the stub code jumps to the specific function of the auxiliary execution code at the beginning of the separation execution target code block (jmp NativeLauncher), and after the function call of the auxiliary execution code, Value to the endpoint to be returned, and inserted at the position of the code block to be separated. According to this, code conversion is possible without changing the caller code.

In addition to the insertion of the stub code, the code operating unit 130 inserts a native Launcher DLL into the import table of the import section for loading the auxiliary executable code. The insertion of the auxiliary execution code into the import table is intended to allow the auxiliary execution code to be loaded by the loader of the OS when the execution execution based content 15a is executed in the host terminal 13. [

In this way, it is possible to interact with the separated code block to be separated, without changing the source code of the execution-based execution content.

Then, the code conversion unit 140 shown in FIG. 4 converts the detachment object code block separated from the detachment-based execution content into a code block 15b for a storage device executable in the storage device 14. [ At this time, it is preferable that the code block 15b for the storage device is converted into the instruction of the processor included in the storage device 14 in order to improve the separation execution speed. For example, when the storage device 14 is a Java-based smart card, the separation execution target code block is converted into Java bytecode, in particular, into Java bytecode with embedded ARM instructions. That is, when the host terminal 13 has the processor structure of the X86 series and the storage device 14 is the processor of the ARM structure, the code conversion unit 140 converts the X86 instruction of the detachment object code block into the Java bytecode And ARM instruction into embedded Java bytecode.

Here, it is preferable that the code conversion unit 140 converts the separate execution object code block into a plurality of machine codes so that execution execution of execution contents can be performed in various processor environments. For this, the code conversion unit 140 may be implemented using a compiler infrastructure, in particular, a low level virtual machine (LLVM). With LLVM, it is possible to utilize various verified open source solutions and to optimize the code independent of the target, i.e. the processor of the storage device 14, and to have high code reusability, Can be converted.

7 is a block diagram showing a detailed configuration of the code conversion unit 140 implemented according to the present invention.

7, the code conversion unit 140 includes a front end processor 141, a code optimizer 142, and a code generator 143. [ The preprocessor 131 converts the source execution code block constituted by the source, that is, the language based on the platform of the host terminal 13, into the LLVM Intermediate Representation (LLVM IR), and the code optimizer 142 The code generator 13 optimizes the isolation execution target code block of the intermediate language that has been optimized and outputs the decompression target code block based on the processor of the storage device 140 Into a plurality of machine codes, for example, Java bytecode, and ARM instructions. The code block output from the code generator 13 becomes a code block for the storage device.

The code conversion unit 140 of the above-described structure can adapt to various processor structures to be applied in the future since only the end processor 131 needs to be changed according to the processor structure of the host terminal 13. [

The execution execution based content composing apparatus according to the present invention is capable of executing the code for executing the separation execution target code block through the code analysis unit 120, the code operation unit 130 and the code conversion unit 140, Based execution contents 15a and a code block 15b for a storage device converted to be executed in the storage device 14. [ The generated executable content 15a based on the separation execution can be normally executed only through interaction with the storage device code block 15b. In particular, since the storage device code block 15b is extracted from the code area of the executable content, it is difficult for the illegal user to share or create the storage device code block 15b in addition to the program developer. Therefore, unauthorized use and copying of executable content can be fundamentally blocked.

4, in addition to the code analysis unit 120, the code control unit 130, and the code conversion unit 140, the execution-based content execution apparatus according to the present invention includes a code encryption unit 150 .

The code encryption unit 150 encrypts the selected initial code block under the control of the control unit 110 with a specific key to decrypt and execute the initial code block through a specific key at the time of execution of the executable content, Conversion. More specifically, the code encryption unit 150 encrypts the selected initial code block with the designated key, inserts the encrypted initial code block into the generated security area in addition to the executable content, and stores the key at the position of the initial code block And inserts a startup stub code for causing the microcomputer to load an auxiliary execution code for decrypting and executing the acquired and encrypted initial code block.

8 is a block diagram illustrating a detailed configuration of the code encryption unit 150 according to an embodiment of the present invention. The code encryption unit 150 includes a startup stub generator 151, a section generator 152 ), An encryptor 153, and an import table changer 154. The encryptor 153,

The startup stub generator 151 generates a startup stub code for calling a function of an auxiliary execution code for decrypting and executing the encrypted initial code block instead of the encrypted initial code block to be moved, do.

The section generator 152 newly creates a security area (.secure section) in the executable content, and loads the encrypted initial code block in the generated security area.

The encryptor 153 encrypts the selected initial block code with the designated key and provides it to the section generator 152. [ At this time, the key used for encryption is managed in the form of a content encryption key (CEK) of a right object (RO) since it is required for decryption at the time of execution of executable content, and can be stored in the storage device 14 .

The import table changer 154 modifies the import table of the import area so as to load an auxiliary execution code to be executed after decoding the encrypted initial code block.

As described above, the initial code block encrypted through the code encrypting unit 150 is decoded by the auxiliary execution code, and is then executed in the on-memory state, do. According to this, the first level security technique using encryption at the time of the initial operation is applied to the executable content, and the second level security technology is applied through the detached execution, so that the illegal use and reproduction of the executive content can be more strongly blocked do.

9 is a diagram illustrating the structure of the separated execution execution type content 15a converted by the code operation unit 130 of the execution execution based content composing apparatus according to the present invention, wherein (a) shows the original execution content 200, and (b) shows the converted execution execution based content 200 '. In FIG. 9, an executable content in a PE (Portable Executable) format is shown as an example.

9, the executable contents 200 and 200 'include a DOS header 210, a PE header 220, a code area 220, a data area 240, an import section 250 , And an export section 260. [ In the code area 220, there are actually executed program codes. In the data area 240, initialized program data exists. In the import area 250, a list of functions to be fetched from the outside when a PE file is executed is included And functions to be used by other modules are exposed in the export area 260.

Referring to the profile data and the predetermined rule file through the code analyzing unit 120 of the execution-based content composing apparatus according to the present invention, in the basic block group of the code region 220, A separation execution target code block 232 to be used is selected. In addition, an initial code block 231 is selected as a code to be encrypted. The initial code block 231 is set to a code block that is initially executed in the code area 230.

When the initial code block 231 and the separation executing object code block 232 are selected as described above, the code manipulation unit 130 inserts the stub code 234 in place of the safety code block 232, Modify the import table of the import area 250 to load the secondary executable code for interacting with the secure code block 232 when the underlying executable content is running. The encrypted code block 271 encrypted with the specific key is inserted into the secure area 270 and the initial encrypted code block 231 is inserted into the secure area 270. In the secure area 270, The start stub code 233 is inserted instead of the code block 231. [ The startup stub code 233 is implemented to call a function for decoding the encrypted code block 271, and the function for decoding can be provided in the auxiliary execution code.

FIG. 10 is a diagram illustrating the construction and execution of separate execution of auxiliary execution code in execution-based execution content according to the present invention.

10, there is shown a separate execution execution based content 200 'stored in the host terminal 13 according to the present invention and an execution-based content 200' stored in the storage device 14 and converted into a form executable in the storage device 14 The code block 400 for the device interoperates with each other through the auxiliary execution code 300. In particular, the auxiliary execution code 300 allows the host terminal 13 and the storage device 14 implemented in the heterogeneous processor to interoperate with each other to implement separate execution.

The protection execution code 300 includes an interface function unit 310, a packing function unit 320, an unpacking function unit 330, a memory mapping function unit 340, OS API mapping function unit 350 and, in addition, may further include a code decoding function unit 360. [

The interface function unit 310 provides a communication channel with the storage device code block 400 and exchanges data with the storage device code block 400 stored in the storage device 14. [ For example, the interface function unit 310 may provide a communication channel with the storage device code block 400 through APDU (Application Protocol Data Unit) defined in ISO-7816. The interface function unit 310 preferably provides a Network bearer transparent interface so that other functional units of the auxiliary executable code 300 are not changed even if other types of interfaces such as TCP / IP Over USB are applied in the future. The interface function unit 310 has functions of the same type as general I / O functions.

The packing function unit 320 receives the stack information and the register information from the stub code 234, and transmits the stack information and the register information to the storage device code block 400 through the interface function unit 310. Here, the stack information is a group of stack values used as a parameter starting from the stack position designated by the SP register, and the register information is transmitted when calling the code block 400 for storage device in the stub code 234 Register information.

The unpacking function unit 330 unpacks the packed data transferred from the storage device code block 400 via the interface function unit 310 and returns the unpacked data to the stub code 234. [ When the return value of the storage device code block 400 is a primitive data type, the unpacking function unit 330 simply sets a return value in the address of the corresponding register, and if the return value is a memory address, Change the corresponding values according to the return value.

The memory mapping function unit 340 writes the data transferred from the separation execution object code block 400 to the memory of the host terminal 13 through the interface function unit 310, And passes it to the code block 400 for the storage device. The code block 400 for the storage device of the storage device 14 can be executed with reference to the memory of the host terminal 13 via the memory mapping function unit 340. [

The OS API mapping function unit 350 receives the API name and the parameter value from the storage device code block 400 via the interface function unit 310 and calls the OS API of the host terminal 13, And transfers it to the code block 400 for the storage device. Thus, the storage device code block 400 stored in the storage device 14 can call the OS API of the host terminal 13 and return the result.

The code decryption function unit 360 obtains a specific key from the storage device 400, decrypts the encrypted initial code block 271 loaded in the secure area 270, and executes the decrypted initial code block .

11 is a flowchart illustrating an operation of the code decryption function unit 360. Referring to FIG. 11, the code decryption function unit 360 receives an encrypted initial code block and a key (CEK) used for encryption, (S361). Then, the decoded initial code block is immediately executed in the memory by the runtime code executioner (S362). More specifically, the run-time code executor maps an instruction pointer to an initial code block decoded and jumps to execute the decoded initial code block. According to this, only when the initial code block is executed, the decoded initial code block exists in the memory, and the execution is immediately terminated, thereby further enhancing the security effect.

The separation executing operation using the auxiliary execution code 300 configured as described above is as follows.

First, when the separation execution based executive content 200 starts to be driven, the auxiliary execution code 300 is loaded (①) by the startup stub code 233 located at the beginning of the code area 230 The unit 360 is invoked to obtain the encrypted initial code block 271 loaded in the secure area 270 and obtain the key CEK necessary for decryption ) And decodes it (step 4). Thereafter, the next program code in the code area is executed in order, and when the stub code 234 is entered, the packing function 320 is called by the stub code 234, The stack and register information transferred from the code 234 are packed and transferred to the code block 400 for the storage device of the storage device 14 through the interface function unit 310 (5). The code block 400 for the storage device is executed through the memory mapping function 340 and the OS API mapping function 350 in the memory of the host terminal 13, You can access the OS API (⑥). When the execution of the storage device code block 400 is completed, the result value is transferred to the auxiliary execution code 300 through the interface function unit 330, and the unpacking function unit 330 reads the result value Unpack it again and return it to the stub code 234 (7).

Accordingly, the execution-based execution content 200 'and the code block 400 for the storage device can be normally operated through interlocking between the host terminal 13 and the storage device 14.

 12 is a flowchart sequentially illustrating a separation execution method using execution-based execution contents according to the present invention.

Referring to FIG. 12, when the execution of the execution-based execution content 200 'is requested in the host terminal 13, the program codes located in the first half are executed in order based on the stub code 234 (S110).

When entering the stub code 234 according to the processing sequence, the stub code 234 branches to the auxiliary execution code 300 (S130), and the stack and register information are packed by the auxiliary execution code 300 (S130). Then, the code block 400 for the storage device stored in the storage device 14 is called, and the packed data is transmitted (S140).

The processor of the storage device 14 operates (S150), unpacks the packed data again, loads the stack and register information (S160), and executes the code block 400 for the storage device S170).

When the code block 400 for the storage device is executed, information on the stack and registers is changed, and the storage device 14 packs the changed stack and register information (S180) 300 (S190).

Subsequently, the auxiliary execution code 300 unpacks the packed data again, and restores the stack and register information to the execution result value of the storage device code block 400 according to the unpacked data (S200).

Thereafter, the auxiliary execution code 300 branches again to the second half code (S210), and the second half code is executed (S220).

By the above process, the execution-based execution content 200 'is normally operated.

The separate execution execution based content composition apparatus, the separation execution execution execution contents and the execution execution method of the execution contents according to the present embodiment are implemented in software form readable by various computer means and recorded in a computer readable recording medium . Here, the recording medium may include program commands, data files, data structures, and the like, alone or in combination. Program instructions to be recorded on a recording medium may be those specially designed and constructed for the present invention or may be available to those skilled in the art of computer software. For example, the recording medium may be a magnetic medium such as a hard disk, a floppy disk and a magnetic tape, an optical medium such as a CD-ROM or a DVD, a magneto-optical medium such as a floppy disk magneto-optical media, and hardware devices that are specially configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions may include machine language code such as those generated by a compiler, as well as high-level language code that may be executed by a computer using an interpreter or the like. Such a hardware device may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.

While the present invention has been described in connection with what is presently considered to be practical exemplary embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, It will be apparent to those skilled in the art. Furthermore, although specific terms are used in this specification and the drawings, they are used in a generic sense only to facilitate the description of the invention and to facilitate understanding of the invention, and are not intended to limit the scope of the invention.

The present invention converts executable content such that arbitrary code blocks existing in the code area of the executable content are executed separately so that the executable content can not operate normally if there is no separate code block, There is an excellent effect of blocking illegal copying and use at its source.

In addition, the present invention separates the detachment target code block from the executable content and converts it into a code block for a storage device executable on the processor of the storage device, and adds an auxiliary execution code for interacting with the code block for the converted storage device The execution-type content is branched to the auxiliary execution code during the execution of the execution-type content, and the separation-execution-based execution content is configured to execute the storage device code block and receive the resultant value. And as a result, X86 executable content can be executed separately from a smart card or an USIM having an ARM processor.

10: Digital Rights Management System
11: Network
12: Content providing server
13: Host terminal
14: Storage device
15a: Separate execution-based executable content
15b: code block for storage device
100: Separate Execution-Based Executable Content Organizer
110:
120: Code analysis section
130:
140: Code conversion section
150: Code encryption unit

Claims (36)

1. An apparatus for configuring an execution-based execution content executed through an interworking of a host terminal and a storage device having a processor,
A code analyzer for analyzing a code area of the executable content and selecting one or more code blocks to be separated from the code area;
A code conversion unit for separating the selected separation execution object code block into a code block for a storage device executable in the storage device;
A code operation unit for calling the storage device code block at the time of executing the executable content and converting the executable content to receive a result value of the storage device code block; And
And a controller for controlling the operations of the code analysis unit, the code operation unit, and the code conversion unit to output a separation execution-based digital content composed of executable content and code blocks for the storage device converted by the code operation unit A detachment - based execution content composer. The apparatus of claim 1, wherein the storage unit code block is executed in a storage device having a processor having a different structure from the host terminal. The apparatus of claim 1, wherein the code analyzer
A parser for converting a code block selection rule for defining which item of the profile data obtained through the profiling of the executable content and information of the profile data has the greatest weight and selecting the detachment object code block to be designated into the specified internal data format ;
A profile data loader loading the profile data via the parser;
A rule loader loading the code block selection rule through the parser; And
And a code selector for selecting the at least one piece of code to be separated for execution in the code area of the executable content with reference to the loaded profile data and code block selection rules, Device. The apparatus of claim 3, wherein the code analyzer
Further comprising a rule updater that receives the verification result of the selected detachment execution target code block and updates the code block selection rule. 3. The method of claim 2,
Code block start address, code block end address, code block call count, code block size, floating point calculation, memory block reference count, code block OS API call count, code block execution time, The number of instructions to be executed, the number and type of parameters to be transmitted for execution of the code block, and the type of the result value to be returned after execution of the code block. Device. 4. The method of claim 3, wherein the code block selection rule comprises:
Wherein a weight is assigned to at least one of a calling frequency for each code block, a calling position, a memory reference frequency of the host terminal, an OS API reference frequency of the host terminal, and a hardware element of the storage device, Content composition device. The apparatus according to claim 1,
Generating an auxiliary executable code for packing the information of the stack and the register to call the code block for the storage device and restoring information of the stack and the register by the result value returned from the code block for the storage device when the call is terminated and,
Wherein the execution executing section inserts a stub code that jumps to the auxiliary execution code at a position where the code block for separation execution of the executable-type content exists. 8. The method of claim 7, wherein the auxiliary executable code
And is implemented as a DLL (Dynamic Link Library) file. 8. The method of claim 7, wherein the auxiliary executable code
An interface function unit for providing a communication channel with the code block for the storage device;
A packing function unit for receiving information on the stack and the register from the stub code, packing the same, and transmitting the packing information to the storage device code block through the interface function unit;
An unpacking function unit for unpacking a result value transferred from the code block for the storage device through the interface function unit and restoring information of the stack and the register;
Wherein when the memory of the host terminal is called in the code block for the storage device, the data transferred from the code block for the storage device is written to the memory through the interface function unit, the data is dispatched from the memory, A memory mapping function for transferring the data to a code block; And
An OS API mapping function unit for receiving an API name and a parameter value from the storage device code block through the interface function unit, calling an OS API of the host terminal, and returning the result to the storage device code block, Wherein the execution-based content generating apparatus comprises: 8. The apparatus according to claim 7, wherein the code manipulation unit
And further modify an import table of the executable content so that the auxiliary executable code is loaded when the executable content is executed. 2. The apparatus of claim 1, wherein the code conversion unit
(LLVM Intermediate Representation). ≪ / RTI > 12. The apparatus of claim 11, wherein the code conversion unit
A preprocessor for converting the code block to be separated into an intermediate language;
An intermediate stage optimizer for optimizing a code block to be separated from the front end processor into an intermediate language; And
And a code generator for converting a code block to be separated for execution of the optimized intermediate language into one or more storage device processor based codes and outputting a plurality of code blocks for storage devices made up of different codes, Executable content composition device. 8. The method of claim 1 or 7,
Wherein the control unit is configured to encrypt the initial code block with a specific key when the initial code block to be encrypted is selected in the code area, acquire the specific key at execution of the executable content, Further comprising a code encrypting unit for converting the executable content so as to decrypt and execute the executable content. 14. The apparatus of claim 13, wherein the code encryption unit
A start stub generator for generating a start stub code for calling a function of the auxiliary execution code that decrypts and executes the encrypted initial code block instead of the selected initial code block and inserts the start stub code at a position of the initial code block;
A section generator for generating a secure area in the executable content and loading the encrypted initial code block in the generated secure area;
An encryptor for encrypting the selected initial code block with a specific key and providing the encrypted initial code block to the section generator; And
And an import table modifier for modifying an import table of the import area so as to load the auxiliary executable code when executing the executable content. 15. The method of claim 14, wherein the auxiliary executable code
Further comprising a code decryption function unit for acquiring a specific key from the storage device in response to the call of the start stub code, decrypting the encrypted initial code block stored in the secure area, and executing the decrypted initial code block Wherein the execution-based content creator comprises: 16. The apparatus of claim 15, wherein the code decoding function
And an instruction pointer is mapped to the decoded initial code block so as to execute the decoded initial code block on the memory. The method according to claim 1,
Wherein the basic block group is a basic block group on a critical path of executive contents among a plurality of basic block groups composed of a plurality of basic blocks. 18. The method of claim 17, wherein the basic block group
A plurality of basic blocks which are associated with each other and which do not allow control signals to enter into the plurality of basic blocks except for the start point, Block of the executable content. 19. The method of claim 18,
Wherein the basic block is a code block having attributes of a single input and a single output and an attribute of not allowing entry of control signals from the outside to the inside. Constituent device. A computer-readable recording medium on which a separate execution execution-based executable content is recorded and executed via a host terminal and a storage device having a processor,
Stack and register information is packed so that one or more separate execution target code blocks separated from the code area of the executable file are invoked for the converted one or more storage device code blocks to be executable on the storage device, A secondary executable code for restoring information of the stack and registers returned from the code block for the storage device; And
And a code execution unit for executing a code to be executed on a separate execution basis including at least one stub code that is inserted into the code area of the executable file instead of the at least one separate execution object code block, A recording medium on which executable content is recorded. 21. The method of claim 20,
Wherein the code block for a storage device is executed in a storage device having a processor having a structure different from that of the host terminal. 21. The method of claim 20,
Further comprising an import table into which auxiliary execution code information is inserted so as to load the auxiliary execution code at the time of initial execution of the execution file. 21. The method of claim 20, wherein the auxiliary executable code
And a dynamic link library (DLL) file. 21. The method of claim 20, wherein the auxiliary executable code
An interface function unit for providing a communication channel with the code block for the storage device;
A packing function unit for receiving the stack and register information from the stub code and unpacking the stack and transmitting the unpacked code block to the storage device code block through the interface function unit;
An unpacking function unit for unpacking the stack and the information of the register transferred from the code block for the storage device through the interface function unit and returning the information to the stub code;
A memory mapping function unit for writing the data transferred from the code block for the storage device to the memory of the host terminal via the interface function unit or dispatching the data from the memory of the host terminal to the code block for the storage device; And
An OS API mapping function unit for receiving an API name and a parameter value from the storage device code block through the interface function unit, calling an OS API of the host terminal, and returning the result to the storage device code block Wherein the execution-based content is recorded on the recording medium. 24. The method of claim 23, wherein the auxiliary executable code
Further comprising a code decryption function for decrypting an encrypted initial code block stored in the secure area by acquiring a specific key from the storage device and executing the decrypted initial code block. Recorded recording medium. 26. The method of claim 25,
A start-up stub code inserted in place of the initial code block selected in the code area of the execution file and calling the code decoding function of the auxiliary execution code when execution of the initial code block is requested; And
Further comprising a secure area on which an initial code block encrypted with the specific key is loaded. 27. The apparatus of claim 26, wherein the code decoding function
Wherein the decoded initial code block is mapped by mapping an instruction pointer to the decoded initial code block, thereby executing the decoded initial code block on the memory. 21. The information processing apparatus according to claim 20,
Wherein the basic block group is a basic block group on a critical path of executive contents among a plurality of basic block groups composed of a plurality of basic blocks existing in a code region of the executable file. Lt; / RTI > 29. The method of claim 28, wherein the basic block group comprises
A plurality of basic blocks which are associated with each other and which do not allow control signals to enter into the plurality of basic blocks except for the start point, Wherein the execution-based content is a collection of blocks. 30. The method of claim 29,
Wherein the basic block is a code block having attributes of a single input and a single output and an attribute of not allowing entry of control signals from the outside to the inside. Is recorded. Separating executable content from a host terminal connected to a storage device having a processor storing one or more code blocks for a storage device in which at least one or more separate execution object code blocks are converted into executable forms in a code area of the executable contents In an implementation method,
Packing the stack and register information when the host terminal is required to enter the detachment object code block while executing the executable file of the executable content;
Calling a code block for a storage device stored in the storage device to transfer the packed stack and register information;
Receiving data including a result value of the code block for the storage device from the storage device; And
Unpacking the data transferred from the storage device to obtain a result of the code block for the storage device, and restoring stack and register information based on the resultant value. 32. The method of claim 31,
Wherein the code block for the storage device is executed in a storage device having a processor different in structure from the host terminal. 32. The method according to claim 31,
Wherein the basic block group is a basic block group on a critical path of executive contents among a plurality of basic block groups composed of a plurality of basic blocks. 34. The method of claim 33, wherein the basic block group
A plurality of basic blocks which are associated with each other and which do not allow control signals to enter into the plurality of basic blocks except for the start point, And a group of blocks. 35. The method of claim 34,
Wherein the basic block is a code block having attributes of a single input and a single output and an attribute of not allowing an entry of a control signal from the outside to the inside. Way. 35. A computer-readable recording medium having recorded thereon a program for executing the method for executing separate execution contents according to any one of claims 31 to 35.

Images