Classifications

• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
  • G06F21/12—Protecting executable software
  • G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
  • G06F21/106—Enforcing content protection by specific content processing
  • G06F21/1066—Hiding content
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
  • G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
  • G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F8/00—Arrangements for software engineering
  • G06F8/60—Software deployment
  • G06F8/61—Installation
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F9/00—Arrangements for program control, e.g. control units
  • G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
  • G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
  • G06F9/30003—Arrangements for executing specific machine instructions
  • G06F9/30007—Arrangements for executing specific machine instructions to perform operations on data operands
  • G06F9/30029—Logical and Boolean instructions, e.g. XOR, NOT
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
  • H04L2209/16—Obfuscation or hiding, e.g. involving white box
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/002—Countermeasures against attacks on cryptographic mechanisms
• • Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
  • Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
  • Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
  • Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
  • Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Definitions

• the invention relates to a method for the computer-aided obfuscation of program code and to a method for executing such an obfuscated program code. Moreover, the invention comprises a technical system, a computer program product and a computer program.
• a common approach consists in encrypting the information with a suitable encryption function, or grab the program code by means of a code packer to ver ⁇ . It is disadvantageous that decrypts the runtime of the Pro ⁇ program codes the information again, or the code will be unpacked so that the sensitive information available in the program execution completed in plain text in the program memory, and thus the risk that an attacker this information with appropriate techniques read from the memory.
• Object of the invention is to provide a computer-protected procedural ⁇ ren, are very well protected with the sensitive information in a program code against unauthorized access by third parties to the duration of the program code.
• the inventive method is used for computer-assisted obfuscation (ie obfuscation) of program code.
• a plurality of computing steps are implemented, wherein predetermined computing steps of the plurality of computing steps in execution of the program code in a predetermined order be called.
• the term of the calculation step as well as of the updating step mentioned below is to be understood broadly.
• a calculation step does not necessarily have to contain only a single arithmetic operation, but can be composed of a multiplicity of arithmetic operations, if necessary with conditions, loops, nestings and the like.
• ⁇ a sequence of operations may be encapsulated.
• the predetermined calculation steps of the program code to be concealed contain predetermined calculation steps.
• the throat ⁇ voted computational steps may include, for example, only the specified differently surrounded calculation steps, however, further processing steps can be seen ⁇ addition to superiors passed computation steps if necessary.
• the predetermined calculation steps are distinguished by the fact that in each of these steps a first table stored in the program code is accessed from a plurality of digital first table values in order to read out a first table value from the first table required for the respective given calculation step. For all of the predetermined calculation steps, which are not predetermined Re ⁇ chenuzee (if present) is indeed still set a predetermined sequence of calls, but these computing steps not access to the first table.
• a table represents a set of digital values to which ge ⁇ aims can be gripped to-by the program code with the corresponding commands.
• the term of the table value is also to be understood broadly.
• a Tabel may be composed of several partial ⁇ lenwert values, which are processed at different points in accordance with the called calculation step.
• a dynamic mask comprising generating a plurality of digi tal ⁇ mask values, wherein the mask values/2017in- at least a part of the mask and preferably all mask values of the mask differ from one another and a respective mask value is valid for a respective predetermined calculation step.
• each first table value of the first table is converted into a digital second table value by means of the mask value, which is valid during the reading of the respective first table value in the respective predetermined calculation step, whereby a second table is obtained from second table values which instead of the first table is stored in the program code.
• Mask value which is valid when reading the respective first table value in the respective given calculation step, is hereinafter referred to as well as the currently valid mask value .
• the obfussistede program code provides the same results as the non-obfus undertakene program code, an additional processing step in the program code within the framework ⁇ men of obfuscation further for any given calculation step imple- mented, which first a read second table value upon execution of the predetermined processing step in those Recalculated table value, which is required for the ⁇ each predetermined calculation step.
• the inventive method has the advantage that very good veiled by a dynamic mask sensitive information that are stored in tables ⁇ the. The operations of unmasking or de-obfuscation are distributed over a large number of computing steps in the entire program code. Thus, a reconstruction of the obfuscated information during the term of the
• an initial mask value and updating steps are set to produce the dynamic mask, by applying egg ⁇ nes or more successive updating steps be ⁇ counted against a currently valid mask value valid for the next predetermined calculation step mask value.
• the initial mask value and the Aktualisie ⁇ connection steps are implemented in the program code, so that there is in each predetermined calculation step, the currently valid mask value, wherein the additional rake ⁇ step in the respective predetermined calculation step, depending on the currently valid mask value.
• the update steps for at least one part of the mask values, and in particular for al ⁇ le mask values to which they are applied, bottom are differently set in a preferred variant of the embodiment just described.
• an updating step is provided in each of the predefined Re ⁇ chenuzee, preferably further also in at least part of the predetermined calculation steps (in particular ⁇ special in all predetermined computing steps), which are no predetermined calculation steps (if any), each one Updating step is provided.
• the initial mask value and the update steps are defined by means of a random number generator. In this way, a very arbitrary determination of these values or steps is achieved and thus the obfuscation of the program code is further improved.
• the first table values and the second table values as well as the mask values each represent a bit sequence.
• the conversion of a respective first table value into a second table value takes place by applying logical operations between the bit sequence of the first table value and Bit sequence of the currently valid mask value. The appli ⁇ logical operations thereby yields the second Ta bell worth.
• the above operations are bitwise logical applied to each corresponding bit of the bit sequences of the gene jeweili ⁇ first table value and the currently valid mask value, wherein the logical operations preferably one or more OR and / or XOR and / or NOR and / or XNOR and / or AND and / or NAND operations.
• the bit sequence of the currently valid mask value is longer than the bit sequence of the first table value, not all bits of the currently valid mask value are therefore used to modify the first table value.
• the original bit sequence of the currently valid mask value is extended by multiple use of the bits of the original bit sequence, so that for each bit of the
• Bit sequence of the respective first table value a corresponding bit of the bit sequence of the currently valid mask value exists.
• the lengthening of the bit sequence preferably takes place in such a way that the original bit sequence is repeated one or more times. In this way, a good wear is ⁇ tion of the corresponding (first) table value is also ER- sufficient if the bit length of the mask value is shorter than diejeni ⁇ ge of the corresponding table value.
• the invention also relates to a method for executing the program
• obfuscated program codes In this case is read out when calling a per ⁇ pier predetermined calculation step of (obfus inhabiten) program code of the second table value from the second table and executed for each predetermined calculation step, the additional processing step which back converts the out ⁇ read in the second table value in those first table value for the respective predetermined calculation step is needed.
• the invention further relates to a technical system comprising a computer means adapted to execute the obfuscated program code according to the method just described.
• the term of the technical system is to be understood broadly, and this may also be a single technical device.
• the technical system can be, for example, an automation system or a component of an automation system or an electrical power generation and / or energy distribution system or a component of a power generation and / or energy distribution system or a medical device.
• the invention relates to a computer program product with program code sections stored on a machine-readable carrier for carrying out the inventive method for computer-aided obfuscation of program code or for carrying out the method according to the invention for executing the obfuscated program code or Carrying out preferred variants of these methods when the program code sections are executed on a computer.
• the invention relates to a computer program with program code sections for carrying out the method according to the invention for the computer-aided obfuscation of program code or for carrying out the method according to the invention for executing the obfuscated program code or preferred variants of these methods when the program code sections are executed on a computer.
• the program code segments correspond to the obfus emergeen Pro ⁇ program code.
• FIG. 1 shows a flow diagram of an embodiment of the inventive method for obfuscation of program code.
• the starting point of the method is a program code ⁇ CO, is to disguise the scope of the invention.
• the index i determines the predetermined order in which the calculation steps STi are executed successively.
• the re ⁇ chen Coloure STi correspond to predetermined Rechenschrit- Within the meaning of claim 1.
• the program code of the first table Tl CO is accessed only in the thus Rechenschrit ⁇ th STi on a particular entry Tli.
• the respective table entry represents a bit sequence which is processed in the corresponding calculation step.
• the bit sequences of the individual table entries have the length 1 (i). These lengths can be different for different table entries.
• the program code CO generates at runtime from a known input by using the calculation steps ST a specific output. Basically, the computation steps ST can be run through in any order, but the special computation steps STi are always run through each other exactly in the same order and independent of the input.
• a respective calculation step STi always accesses only a single table entry Tli, the calculation step, however, any number of times allowed to access the discourseein ⁇ contract when executed.
• the non-veiled table Tl with the corresponding Ta ⁇ bell entries Tli contains sensitive information and it is the goal as described below execution ⁇ form to obfusring the program code CO such that an un ⁇ authorized third parties the table entries, or only with very great effort from can reconstruct the program code.
• the concealment is distributed over the entire program code, whereby the recalculation of the original table values is greatly impeded.
• step Sl of Fig. 1 is used for the obfuscation Pro
• a sequence corresponding to the execution of the computation steps S i is determined.
• the individual mask values Mi represent each ⁇ wells a bit string having a predetermined length is, this length in the embodiment described here over the mask values Mi remains the same, but this need not be the case inevitably fig.
• the individual mask values Mi are determined via a sequence of update steps, which are applied sequentially from an arbitrary initial mask value to the last updated mask value.
• the concept of updating step is far To Hide ⁇ hen.
• an updating step may include not only a single operation, but possibly also several Ope ⁇ nen.
• the updating steps were determined arbitrarily and are therefore at least partially different from each other. Nevertheless, the individual update steps are fixed and the operations contained therein are executed in a fixed order.
• a mask M with arbitrary mask assignments or mask values Mi is thus generated.
• a random number generator is used for determining the initial value of the mask and for determining the updating steps .
• the table entry Tli read out in the respective calculation step STi is then changed by means of a function f ⁇ , M, which depends on the mask value Mi, which is valid in the corresponding calculation step STi.
• the fi FM function can be arbitrarily set thereby, decisive is single ⁇ Lich that the function of each mask value Mi depends and a mapping table entry Tli bijective to a new table entry ⁇ T2i a second table T2.
• the function fiM in this embodiment is an image which maps the bit sequence of a table entry Tli to another bit sequence of the same length, this other bit sequence corresponding to the new table entry ⁇ 2 ⁇ .
• each rake ⁇ step implements an additional step that converts the readout table entry T2i by means of the inverse function f -1 iM, which depends on the currently valid mask value Mi in the ur ⁇ sprün Mi.
• the obfuscation of a program code described above can be used in various technical fields.
• the programs can take on any tasks, eg they can be control and / or regulation algorithms or algorithms based on neural networks.
• the protecting ⁇ cost data may be, for example cryptographic information or to information that is important for licensing exams.
• the embodiment of the method according to the invention described above has a number of advantages.
• an attacker can no longer extract any information from this table due to the masking of a table.
• Unpacking operations do not take the steps of unmasking the table at a point in the program code, but unmasking is distributed throughout the program code. An attacker must therefore analyze the entire program code to get conclusions on the Original Art ⁇ chen values of the table. In contrast, can an attacker in the case of a one-time encryption of a table with knowledge about the decryption directly access the plain text of the table entries.
• the inventive obfuscation ie in particular the current mask value may also at any time of the execution of the program code based on the Spei ⁇ cherSullivans, readily be concluded over the use in the current step ⁇ th table entry. Already with the next update of the mask value the inference on the earlier table entry is no longer possible.
• the obfuscation method according to the invention can also be combined very well with other techniques of reverse engineering, such as anti-debugging measures or the use of self-modifying codes. In this way, it will add more weight for ei ⁇ nen attacker, the entire sequence of de- masking operations to extract the original table values to reconstruct.

Landscapes

• Engineering & Computer Science (AREA)
• Software Systems (AREA)
• Theoretical Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• General Engineering & Computer Science (AREA)
• General Physics & Mathematics (AREA)
• Physics & Mathematics (AREA)
• Computer Hardware Design (AREA)
• Multimedia (AREA)
• Technology Law (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Storage Device Security (AREA)

Priority Applications (5)

Applications Claiming Priority (2)

Publications (1)

Family

ID=61054302

Family Applications (1)

Country Status (7)

Cited By (1)

Families Citing this family (3)

Citations (3)

Family Cites Families (13)

• 2017
  • 2017-03-10 DE DE102017204020.3A patent/DE102017204020A1/de not_active Withdrawn
  • 2017-12-13 EP EP17835809.9A patent/EP3577588B1/de active Active
  • 2017-12-13 KR KR1020197029606A patent/KR102336521B1/ko active Active
  • 2017-12-13 US US16/492,439 patent/US11341216B2/en active Active
  • 2017-12-13 JP JP2019548941A patent/JP6919973B2/ja active Active
  • 2017-12-13 CN CN201780088267.2A patent/CN110383275B/zh active Active
  • 2017-12-13 WO PCT/EP2017/082508 patent/WO2018162107A1/de not_active Ceased

Patent Citations (3)

Also Published As

Similar Documents

Legal Events