Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Software protection method based on API (Application Program Interface) security attribute hiding and attack threat monitoring

A technology of software protection and security attributes, applied in computer security devices, program/content distribution protection, instruments, etc., can solve the problem of easy removal of threat processing fragments, single type of attack threat, lack of available information, theoretical analysis and research cases, etc. question

Inactive Publication Date: 2016-06-08
NORTHWEST UNIV(CN)
View PDF3 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, there are still deficiencies in the above methods: method ① After the program is loaded and running, if the attacker dumps the input table, the information such as the API name used by the program can be obtained; method ② cannot resist the attacker using some dynamic collection tools ( Such as SoftSnoop) to obtain other information about the API
However, at present, the types of attack threats processed in software are relatively single, and the threat processing fragments are easy to be removed. At the same time, there is a lack of theoretical analysis and in-depth research cases on the information available for software that can be used by reverse analysis.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software protection method based on API (Application Program Interface) security attribute hiding and attack threat monitoring
  • Software protection method based on API (Application Program Interface) security attribute hiding and attack threat monitoring
  • Software protection method based on API (Application Program Interface) security attribute hiding and attack threat monitoring

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0058] According to the above technical solution, as shown in the figure, a software protection method based on API security attribute hiding and attack threat monitoring includes the following steps:

[0059] Step 1, extract the DLL file information from the PE file input table to be protected, and record the DLL file information in an input information record table imp_tab;

[0060] The above-mentioned PE file is a portable and executable program file under the Windows platform. According to the structural characteristics of the PE file, find the storage location of the input table, extract each DLL name and its FirstThunk value in the input table in turn, and count the number of APIs in the DLL at the same time, record the length, name (or name) of each API name serial number); the information of each DLL is recorded in the following format of the DLL input information record table imp_tab:

[0061] Table 1 DLL information record table

[0062] First Thunki

D...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a software protection method based on API (Application Program Interface) security attribute hiding and attack threat monitoring. The software protection method comprises the following steps: obtaining the original input information record chart of a file to be protected, extracting the execution control flow graph of the file, extracting an API calling point, extracting an API parameter passing code block, extracting an API returned value decryption point, dumping a DLL (Dynamic Link Library), calculating a new API entry address, constructing a springboard function block, inserting an exception instruction in the returned value decryption point, constructing a node, generating a node library, deploying a node network, constructing a node background, constructing a returned value decryption processing function, and reconstructing a PE (Portable Executable) file. From internal and external aspects, software is protected so as to analyze the function of API boundary information in a reverse analysis process from an angle of the reverse engineering of the attackers, the API security attribute which needs to be hidden and a detection node library are put in a program new node, and a new node entry is subjected to encryption processing to further prevent the attackers from carrying out reverse analysis on the protected PE file.

Description

technical field [0001] The invention belongs to the field of computer software security, in particular to summarizing and classifying potential attack threats faced by software for hiding API security attributes in target binary codes on Windows systems and combining attack examples, and designing an effective detection box for these attack threats The processing method is a software protection method that increases the attack difficulty. Background technique [0002] The software industry has become the main driving force to promote social development, and has penetrated into all aspects of human life. According to Maslow's hierarchy of needs theory, safety needs are the second largest needs after physiological needs. Therefore, software security is not only the basic requirement for the healthy development of the software industry, but also an important guarantee for the national economy and national security. Since cracking technology and tools are readily available, so...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/12G06F21/14
CPCG06F21/125G06F21/14
Inventor 汤战勇郝朝辉房鼎益龚晓庆陈峰陈晓江叶贵鑫张洁张恒
Owner NORTHWEST UNIV(CN)
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com