2022 Fiscal Year Final Research Report
Protecting Software against Man-At-The-End Attacks Using Automated Code Analysis
| Project/Area Number |
19K11916
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Multi-year Fund |
|---|
| Section | 一般 |
|---|
| Review Section |
Basic Section 60050:Software-related
|
|---|
| Research Institution | National Institute of Technology, Kumamoto College |
|---|
Principal Investigator |
Kanzaki Yuichiro 熊本高等専門学校, 電子情報システム工学系HIグループ, 准教授 (90435488)
|
|---|
| Project Period (FY) |
2019-04-01 – 2023-03-31
|
| Keywords | ソフトウェア保護 / Man-At-The-End攻撃 / 難読化 |
|---|
| Outline of Final Research Achievements |
The purpose of this study is to develop a method for protecting software against Man-At-The-End attacks that use automated code analysis techniques, and a method for evaluating the effectiveness of protection mechanisms. One of our achievements is to develop a method for obfuscating a program based on an automatic code fragment generation mechanism that uses an SMT solver. A system based on the proposed method is implemented as an LLVM pass. The experimental results show that the obfuscated programs tend to have more resistance to symbolic execution attacks than the original ones.
|
| Free Research Field |
ソフトウェア保護
|
| Academic Significance and Societal Importance of the Research Achievements |
Man-At-The-End攻撃からソフトウェアを保護する方法として,命令列の自動生成機構を用いたコード難読化方法を新たに提案した.また,難読化されたコードの機械学習を用いたステルス評価の方法など,ソフトウェア保護機構の有効性評価に関する方法についても検討した.これらの成果は,ソフトウェア保護の研究分野の発展に役立つものと期待される.また,LLVM IRのコード断片をSMTソルバによって自動生成する方法は,コードの自動生成技術を用いる他分野の研究への応用が期待できると考える.
|
