KR20170079426A - Security method of web application source code based on emulator - Google Patents

Security method of web application source code based on emulator Download PDF

Info

Publication number
KR20170079426A
KR20170079426A KR1020150189984A KR20150189984A KR20170079426A KR 20170079426 A KR20170079426 A KR 20170079426A KR 1020150189984 A KR1020150189984 A KR 1020150189984A KR 20150189984 A KR20150189984 A KR 20150189984A KR 20170079426 A KR20170079426 A KR 20170079426A
Authority
KR
South Korea
Prior art keywords
binary code
web application
code
emulator
source code
Prior art date
Application number
KR1020150189984A
Other languages
Korean (ko)
Other versions
KR101788296B1 (en
Inventor
남현우
Original Assignee
(주)네모랩스
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by (주)네모랩스 filed Critical (주)네모랩스
Priority to KR1020150189984A priority Critical patent/KR101788296B1/en
Publication of KR20170079426A publication Critical patent/KR20170079426A/en
Application granted granted Critical
Publication of KR101788296B1 publication Critical patent/KR101788296B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/125Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/128Restricting unauthorised execution of programs involving web programs, i.e. using technology especially used in internet, generally interacting with a web browser, e.g. hypertext markup language [HTML], applets, java
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/30Creation or generation of source code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Stored Programmes (AREA)

Abstract

A source code security method according to an aspect of the present invention includes: preparing a binary code in which source code necessary for executing the following web application is built; Generating a boot image including an emulator image for executing the binary code; Preparing a web application for use by calling a necessary function of the binary code through an interface module included in the emulator; And configuring a package by merging the binary code, the boot image, and the web application.

Description

[0001] SECURITY METHOD OF WEB APPLICATION SOURCE CODE BASED ON EMULATOR [0002]

The present invention relates to security of source code, and more particularly, to a method for enhancing security by executing source code based on an emulator so that the source code used in a web application can be executed in a web application without exposing the source code.

Native applications based on general C and C ++ programming languages are not easily exposed to source code because the source code is compiled, converted to machine code level, and distributed as executable files in * .exe format.

However, because web applications distribute the source code itself to the production server without the build process, users can easily check the web application source such as HTML, CSS, Javascript with a text editor.

To overcome this problem, most companies have used native technologies such as ActiveX to prevent source code from being leaked to security-critical applications.

FIG. 1 shows a system structure when executing binary code using ActiveX.

The system includes hardware 110 and operating system 120, and web browser 130 runs on the operating system.

The ActiveX module 150 is not executed in the web browser 130 but is run on the operating system 120 at the same level as the web browser 130. [

Accordingly, when the web application 140 executing in the web browser 130 has a necessary function, the user can access the ActiveX module 150 executed through the operating system 120 instead of directly accessing the ActiveX module 150 .

Since the native code 152 compiled in binary form is included in the ActiveX module 150, the user can advantageously benefit from the source code security because the user can not know the source code through the web browser 130.

However, ActiveX technology is a technology that can only be used when using an Internet Explorer browser on an x86 CPU-based PC equipped with a Microsoft Windows operating system. Recently, a variety of CPUs, operating systems, and browsers, such as a tablet PC or a mobile phone or a Mac OSX or Linux, Since ActiveX is not available in the environment, other measures against source code security are necessary.

To this end, we have used the native execution binary techniques based on C and C ++ source code, such as Netscape Plug-in API (NPAPI) and Nacl (Native Client), which do not use ActiveX, but these technologies are also Netscape- There is a limitation that it is used only in the browser, and recently, the technology such as NPAPI has been stopped in the latest browser.

Another way to secure the source code is to use the obfuscation method of the web source code to transform the source code into a structure that is difficult for human to read. However, the method of decrypting the source code can be easily implemented, There still exists a problem.

Korean Patent Registration No. 10-1292004 An invention related to a source code package security method uses a method of maintaining security by encrypting and packaging source code using a symmetric key. However, when a symmetric key is leaked, There is a problem that all the source code to be used is leaked, and at the time when the source code is executed, there is a security vulnerability that the encryption is not maintained until the end because it is decrypted by the symmetric key.

Korean Patent Registration No. 10-1157996 The invention relates to an obfuscation method for protecting the source code of a JavaScript, which obfuscates the JavaScript code as a web source code to make analysis difficult, but most obfuscation methods There is a limitation in security because the code itself is not encrypted, and the decryption tools can be easily obtained on the web, so that the source code can be restored.

The present invention has been made in view of the above technical background, and it is an object of the present invention to provide a method for providing executable codes in a security-enhanced binary form in a web application, and programs executable on a computer including the methods.

The objects of the present invention are not limited to the above-mentioned objects, and other objects not mentioned can be clearly understood by those skilled in the art from the following description.

According to another aspect of the present invention, there is provided a method for security of a source code, the method comprising the steps of: preparing a binary code in which source code necessary for executing a web application is built; Generating a boot image including an emulator image for executing the binary code; Preparing a web application for use by calling a necessary function of the binary code through an interface module included in the emulator; And configuring a package by merging the binary code, the boot image, and the web application.

A source code security method according to another aspect of the present invention includes: accessing a web page; Downloading a web application, an emulator, and a binary code necessary for executing the web page; Executing the downloaded web application and waiting for loading of the binary code; Booting the emulator required to execute the binary code and loading the binary code; And executing the web application by calling the binary code in the web application when the loading of the binary code is completed.

According to the present invention, since an interface between a web application and a binary source code is provided, the source code is not leaked and is not dependent on an operating system or a browser, so that it can be used in all environments using a web standard language.

1 is a block diagram of a system that maintains source code security using a conventional ActiveX.
BACKGROUND OF THE INVENTION Field of the Invention [0001] The present invention relates to a system and method for executing binary codes.
3 is a structural view illustrating a method of interfacing a binary code and a web application according to an embodiment of the present invention.
4 is a structural view of a computer system according to another embodiment of the present invention;
5 is an example of a code showing a method of executing a binary code according to an embodiment of the present invention.
6 is a flowchart of a method of executing a web application according to an embodiment of the present invention.
FIG. 7 is a block diagram of a web application package according to an embodiment of the present invention; FIG.
8 is a flowchart illustrating a method of configuring a web application package according to another embodiment of the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS The advantages and features of the present invention and the manner of achieving them will become apparent with reference to the embodiments described in detail below with reference to the accompanying drawings. The present invention may, however, be embodied in many different forms and should not be construed as being limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. Is provided to fully convey the scope of the invention to those skilled in the art, and the invention is only defined by the scope of the claims. It is to be understood that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. In the present specification, the singular form includes plural forms unless otherwise specified in the specification. As used herein, the terms " comprises, " and / or "comprising" refer to the presence or absence of one or more other components, steps, operations, and / Or additions.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. FIG. 2 is a structural diagram of an overall system for performing a source code security method according to an embodiment of the present invention.

Secure binary codes 271 and 272 requiring security are not installed and executed on the OS but are executed on the web browser through the emulator 250 and the web application 240 requiring the binary is installed on the interface Module 252 to call the functions included in the binary code to drive necessary applications. Therefore, unlike the conventional ActiveX technology, it is not dependent on an OS or a web browser, and thus it is possible to directly execute native code written in a native language such as C, C ++, or the like without an ActiveX technology.

The entire system is a form in which the web browser 230 is operated in the hardware 210 and the operating system 220. The web application 240 and the emulator 250 are connected to the web browser 230 via HTML, It is implemented in the same standard web programming language.

The web application 240 can execute the application using these functions by providing the functions included in the binary codes 271 and 272 including the emulator 250 interface module 252. [

Since the binary codes 271 and 272 are precompiled in accordance with specific hardware, that is, the CPU, if the binary codes 271 and 272 compiled in hardware different from the hardware 210 to be executed are used, (260) is required.

For example, if the binary code compiled by the x86 CPU and the Windows operating system is executed in the Windows operating system, the virtual operating system 260 may not be required. However, in order to execute on the mobile operating system, the Android operating system, the Windows virtual operating system 260, .

The present invention differs from the technology of ActiveX, which is required to be installed in a conventional operating system, and the present invention can execute the native code regardless of the operating system since the binary code of the operating system executes the virtual operating system 260 and executes on the operating system 260 .

Since the binary codes 271 and 272 are precompiled and stored in a binary form using a language such as C or C ++, the binary codes 271 and 272 can be written in various languages without being limited to the C and C ++ languages.

The binary codes 271 and 272 may be directly executed on the hardware 210 without the operating system 220 at the firmware level. The time required for booting the operating system 220 is not required unless the operating system 220 is passed through.

The virtual operating system 260 may not be required when the program is stored in the source code format rather than the binary format and is compiled according to the hardware platform 210 at the time of execution. However, as described above, there is a problem of source code distribution.

The emulator 250 may use emulators that are implemented in a JavaScript language and are already implemented.

jslinux is an x86 CPU emulator that uses the Linux 2.6.20 kernel and includes a C compiler, a terminal, and an editor to test the source code, compile and run it.

jorlk is an emulator for the OpenRISC OR1K CPU, an open source processor core, that can be used to boot the Linux 3.18.0 kernel and includes compilers, terminals, and editors just like jslinux. Compared to jslinux, it has various network functions.

The interface module 252 included in the emulator 250 is required for data transmission and reception such as calling the source code logic implemented in the binary codes 271 and 272 or receiving the argument value and transmitting the return value.

The web application 240 is implemented in a standard web language such as HTML, JavaScript, and CSS, while the secure binary code is implemented in a programming language such as C or C ++ and stored in a compiled binary form. This is because direct interoperation between the codes 271 and 272 is impossible.

3 is a detailed view illustrating an interface process between a web application and a binary code.

When the web application 240 requires a function on the binary code 271 called func1, the web application 240 calls the interface module 252 of the emulator 250 to transfer the parameter of the func1 function.

The interface module 252 transmits the parameter to the binary code 271 and receives the return value and transmits the parameter to the web application 230 so that the web application 240 and the binary code 271 are interlocked.

The secure binary codes 271 and 272 may be loaded into the emulator memory area at the time of emulator initialization in a dynamic library file format such as .so or .dll.

Since the web application 240 and the emulator 250 are implemented in the same web standard language, they can be linked to a JavaScript function call level without a separate interface method. However, the functions of the secure binary files 271 and 272 written in other languages such as C and C ++ can be implemented by modifying the memory area of the virtual operating system operating on the emulator 250 or by using a general-purpose application such as Shared Memory, RFC (Remote Function Call) Interface technologies.

Fig. 5 shows an API example of the interface module 252. Fig.

FIG. 5A shows an example of code for creating and releasing an object for calling a function in the binary code.

FIG. 5 (b) is an example of a function part that actually needs security implemented in the binary code. The example of FIG. 5 may be created using the C and C ++ languages, and may be built and distributed in the form of a binary file or an executable file. In addition, various programming languages may be used.

FIG. 5C is an example of a code for calling a function implemented in a binary code in a web application implemented in a JavaScript language.

Use the createSecuBinaryFunc () function, and enter the function information implemented in the binary code to be called with the argument value. This function eventually returns a JavaScript function object, which you can use to implement functions implemented in binary code.

The encrypt () function in the binary code shown in FIG. 5 (b) is created in the JavaScript source code of the web application by using the create function shown in FIG. 5 (a) in the encrypt_js variable. The encrypt function in the binary code can be used. When the use of the encrypt_js function is completed, the object resource is released using the release function shown in FIG. 5 (b).

Therefore, various functions included in the binary code can be used by using the APIs provided by the interface module. Even if a function is added or modified in the binary code, the interface module itself does not need to be changed. If you modify only the script code, you can use the added and modified functions.

6 is a flowchart showing a method of executing a secure binary code according to the present invention.

When the web application accesses the web page for execution, the web page is downloaded, and the web application page file composed of HTML, JavaScript, CSS, etc., emulator, virtual operating system, file system image file, and binary code files are downloaded together (S610 ).

When the download is completed, the web application page is executed (S620), and the emulator boot (S630), the virtual operating system boot (S632), and the binary code load (S634) are sequentially performed for executing the binary code.

The web application maintains the standby state until the load for executing the binary code is completed (S640). When the initialization process is completed, the web application is executed using the loaded binary code (S660) Since the operation is performed using only the binary code, the security can be maintained. When the operation is completed (S670), the web application is terminated.

7 shows a package configuration for applying a secure binary code according to the present invention.

The package 700 mainly comprises a web application 710, a binary code 732 used in the application, and an emulator 760 for binary code execution and interface.

The emulator 760 includes not only an emulator of the device but also an image of the virtual operating system 740 and the file system 730 executed on the emulator. Since the binary code 732 developed by the developer is included in the image of the file system 730 and merged, even if the malicious user acquires the package, the reverse engineering step is further needed to detect the source code, .

The file system 730 can support all file systems supported by the operating system of the device, and file systems such as FAT32, JFFS, and EXT4 can be used.

In the header file 720 of the package, information on the emulator information and the binary code modules is recorded, and the information is used by the web application 710 to initialize the emulator 760. The configuration of the header file 720 may be added or modified depending on the purpose and configuration of the web application.

8 is a flowchart illustrating a packaging procedure of an emulator-based web application according to the present invention.

The step of generating binary code information (S810) is a step of extracting information such as file information of the secure binary code, internal functions, and variables. Such information is included in the header file of the aforementioned package.

When the extraction of the information of the binary code is completed, it is determined whether or not the file system is used (S820), and the binary code is stored in the package in the file system according to the determination result (S830).

When the preparation of the binary code is completed, a boot image in which the binary code is to be executed is created (S840). The boot image includes a virtual machine and a virtual operating system, which may vary depending on the type of the binary code.

For example, if the binary code has a small capacity, select a low-performance virtual machine and operating system, and if the binary code requires a large capacity or high-performance processing capability, then the virtual machine and the operating system also select a high-performance Linux image.

Finally, when the merging of the boot image and the binary code (S850) is completed, the web application is merged into one package file (S860) to complete the packaging procedure.

Through the above-described method, the security of the source code leakage can be further enhanced by allowing the web application to execute the binary code instead of the source code.

Meanwhile, the source code security method according to the embodiment of the present invention may be implemented in a computer system or recorded on a recording medium. 4, a computer system includes at least one processor 421, a memory 423, a user input device 426, a data communication bus 422, a user output device 427, And may include a storage 428. Each of the above-described components performs data communication via the data communication bus 422. [

The computer system may further include a network interface 429 coupled to the network. The processor 421 may be a central processing unit (CPU) or a semiconductor device that processes instructions stored in the memory 423 and / or the storage 428.

The memory 423 and the storage 428 may include various forms of volatile or non-volatile storage media. For example, the memory 423 may include a ROM 424 and a RAM 425.

Therefore, the source code security method according to the embodiment of the present invention can be implemented in a computer-executable method. When the source code security method according to the embodiment of the present invention is performed in a computer device, computer-readable instructions can perform the recognition method according to the present invention.

Meanwhile, the source code security method according to the present invention described above can be implemented as a computer-readable code on a computer-readable recording medium. The computer-readable recording medium includes all kinds of recording media storing data that can be decoded by a computer system. For example, there may be a ROM (Read Only Memory), a RAM (Random Access Memory), a magnetic tape, a magnetic disk, a flash memory, an optical data storage device and the like. The computer-readable recording medium may also be distributed and executed in a computer system connected to a computer network and stored and executed as a code that can be read in a distributed manner.

While the present invention has been described in detail with reference to the accompanying drawings, it is to be understood that the invention is not limited to the above-described embodiments. Those skilled in the art will appreciate that various modifications, Of course this is possible. Accordingly, the scope of protection of the present invention should not be limited to the above-described embodiments, but should be determined by the description of the following claims.

Claims (8)

Preparing a binary code in which source code necessary for executing the following web application is built;
Generating a boot image including an emulator image for executing the binary code;
Preparing a web application for use by calling a necessary function of the binary code through an interface module included in the emulator; And
Configuring a package by merging the binary code, the boot image, and the web application;
/ RTI >
The method according to claim 1,
Wherein the binary code and the web application are written using different programming languages
How to secure source code.
2. The method of claim 1, further comprising: after the step of generating the boot image
And generating a header file including information of the emulator and information of the binary code
How to secure source code.
The method of claim 1, wherein the boot image
A virtual operating system for executing the binary code on the emulator
How to secure source code.
Accessing a web page;
Downloading a web application, an emulator, and a binary code necessary for executing the web page;
Executing the downloaded web application and waiting for loading of the binary code;
Booting the emulator required to execute the binary code and loading the binary code; And
Calling and executing the binary code in the web application when the loading of the binary code is completed;
The method comprising the steps of:
6. The method of claim 5,
Wherein the step of booting the emulator and loading the binary code comprises booting a virtual operating system for executing the binary code
How to secure source code.
6. The method of claim 5,
Wherein the binary code and the web application are written using different programming languages
How to secure source code.
A computer-readable recording medium storing a program for executing a source code security method according to any one of claims 1 to 7.
KR1020150189984A 2015-12-30 2015-12-30 Security method of web application source code based on emulator KR101788296B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150189984A KR101788296B1 (en) 2015-12-30 2015-12-30 Security method of web application source code based on emulator

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150189984A KR101788296B1 (en) 2015-12-30 2015-12-30 Security method of web application source code based on emulator

Publications (2)

Publication Number Publication Date
KR20170079426A true KR20170079426A (en) 2017-07-10
KR101788296B1 KR101788296B1 (en) 2017-10-20

Family

ID=59355850

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150189984A KR101788296B1 (en) 2015-12-30 2015-12-30 Security method of web application source code based on emulator

Country Status (1)

Country Link
KR (1) KR101788296B1 (en)

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6055366B2 (en) * 2013-04-23 2016-12-27 株式会社Nttドコモ Virtual Web server program and function substitution method

Also Published As

Publication number Publication date
KR101788296B1 (en) 2017-10-20

Similar Documents

Publication Publication Date Title
Kim et al. ScanDal: Static analyzer for detecting privacy leaks in android applications
US10824716B2 (en) Executing native-code applications in a browser
KR101471589B1 (en) Method for Providing Security for Common Intermediate Language Program
US10846101B2 (en) Method and system for starting up application
CN108229112B (en) Protection application program, and running method and device of application program
US8090959B2 (en) Method and apparatus for protecting .net programs
WO2017107706A1 (en) Elf file protection method and system based on arm instruction virtualization
US20080216071A1 (en) Software Protection
US20160180065A1 (en) Apparatus for tamper protection of application code and method thereof
WO2016078130A1 (en) Dynamic loading method for preventing reverse of apk file
US20180129794A1 (en) Method for Protecting Dex File from Decompilation in Android System
US8812873B2 (en) Secure execution of a computer program using binary translators
US10380329B2 (en) Method and apparatus for preventing application from being deciphered
CN107430650B (en) Securing computer programs against reverse engineering
Cho et al. Anti-debugging scheme for protecting mobile apps on android platform
Singh et al. Analysis of malicious behavior of android apps
CN107871066B (en) Code compiling method and device based on android system
Göttel et al. Developing secure services for IoT with OP-TEE: a first look at performance and usability
CN115378735A (en) Data processing method and device, storage medium and electronic equipment
CN111090425A (en) Program packaging method and device and electronic equipment
CN110597496A (en) Method and device for acquiring bytecode file of application program
KR101863325B1 (en) Method and apparatus for preventing reverse engineering
KR101667774B1 (en) Apparatus and Method of Providing Security for Script Program
KR101788296B1 (en) Security method of web application source code based on emulator
Lim et al. Protecting Android Applications with Multiple DEX Files Against Static Reverse Engineering Attacks.

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
AMND Amendment
E601 Decision to refuse application
AMND Amendment
X701 Decision to grant (after re-examination)