[关键词]
[摘要]
为了方便程序员比较多种迷惑变换方案的优劣,提出了一种量化评价迷惑变换鲁棒性的方法.该方法从软件复杂度变化与代码功能模糊性两个相对独立的层面来刻画迷惑变换导致的鲁棒性.首先,从系统的复杂性与信息的多样性角度建立软件系统复杂度模型,模型包含软件结构、信息流、分支、循环以及元素的嵌套层次,力求从复杂性层面更准确地反映变换对软件的保护;之后,为量化描述迷惑变换的功能模糊度,根据专家指标评分法建立单种迷惑变换模糊度模型,在此基础上建立多种迷惑变换复合模糊度模型;然后,阐述了如何联合所提出的模型实现对单种迷惑变换技术有效性判定与多种迷惑方案的选优,也给出了模型的实现算法及一些示例;最后,通过实例仿真详细展示了模型的工作过程.
[Key word]
[Abstract]
A method to quantitatively evaluate the robustness of the obfuscated software is proposed in order for programmers to make a choice in different obfuscating schemes. This method aims to measure software robustness during the obfuscating transform from software complexity change and the increase of code functional obscurity, which are relatively independent, each other. First, a system complexity model is constructed from the perspective of system complexity and the diversity of software information. The model contain such elements as software structure, information flow, branch, and loop at nested level, and tries to reflect the robustness from the obfuscating transform on the complexity level. Second, to quantitatively measure the functional obscurity for the obfuscating transform, the experts index score constructs a model for a single transform is constructed by the experts index score. On this basis, transform obscurity composition models for multiple transforms are proposed. Next, the paper describes how applying these two kinds of models can be used to evaluate whether an obfuscating technique is effective, and can sort the given obfuscating scheme set to choose the best one. Also, some examples and corresponding model algorithms are given. Finally, an instance simulation demonstrates in detail the work process for the proposed models.
[中图分类号]
[基金项目]
国家自然科学基金(30800703); 国家高技术研究发展计划(863)(2006AA10Z204)