[go: up one dir, main page]

CN114816438B - Method and device for constructing software isomerization development environment - Google Patents

Method and device for constructing software isomerization development environment Download PDF

Info

Publication number
CN114816438B
CN114816438B CN202210356072.4A CN202210356072A CN114816438B CN 114816438 B CN114816438 B CN 114816438B CN 202210356072 A CN202210356072 A CN 202210356072A CN 114816438 B CN114816438 B CN 114816438B
Authority
CN
China
Prior art keywords
software
heterogeneous
development environment
isomerization
plug
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210356072.4A
Other languages
Chinese (zh)
Other versions
CN114816438A (en
Inventor
王亚文
王庆丰
霍树民
谢根琳
何本伟
冯志峰
刘文彦
郭义伟
范学云
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Engineering University Of Chinese People's Liberation Army Cyberspace Force
Original Assignee
PLA Information Engineering University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PLA Information Engineering University filed Critical PLA Information Engineering University
Priority to CN202210356072.4A priority Critical patent/CN114816438B/en
Publication of CN114816438A publication Critical patent/CN114816438A/en
Application granted granted Critical
Publication of CN114816438B publication Critical patent/CN114816438B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The invention belongs to the technical field of network space safety, and particularly relates to a method and a device for constructing a software isomerization development environment, wherein the method comprises the steps of firstly preparing a software isomerization development environment for deployment, wherein the software isomerization development environment is realized based on the expansion of an open source integrated development environment; then deploying a front end of a software development environment, which is responsible for reading user isomerization options; secondly, deploying a back-end software isomerization component, interacting with the front end of the software development environment through a command wrapper, providing a software isomerization function service for a user, and returning a plurality of generated isomerization version files to the user; and finally, performing joint debugging test on the front-end and back-end software isomerization components of the software development environment. The software isomerization development environment designed by the invention supports a plurality of different mainstream programming languages, provides a plurality of deployment modes and provides important support for building the ecological safety industry.

Description

软件异构化开发环境构建方法及装置Method and device for constructing software heterogeneous development environment

技术领域Technical Field

本发明属于网络空间安全技术领域,具体涉及一种软件异构化开发环境构建方法及装置。The present invention belongs to the technical field of cyberspace security, and in particular relates to a method and device for constructing a software heterogeneous development environment.

背景技术Background Art

近年来,由于软件开发与分发机制中的“单一文化主义”,通过逆向工程等途径进行非法软件盗版的现象日益严重。且当前普遍应用的大规模分布式系统中往往存在大量的共模漏洞,这也增加了大规模攻击的风险。而依靠交由不同团队进行软件开发以增加软件的异构性,增强其抗逆向工程的能力,所需的开销代价是巨大的。In recent years, due to the "monoculture" in software development and distribution mechanisms, illegal software piracy through reverse engineering and other means has become increasingly serious. In addition, there are often a large number of common vulnerabilities in the currently widely used large-scale distributed systems, which also increases the risk of large-scale attacks. The cost of increasing the heterogeneity of software and enhancing its ability to resist reverse engineering by entrusting software development to different teams is huge.

针对此问题,软件异构化技术被提出来实现自动化更改软件的内部接口和结构以生成其独特的异构化版本,打破了“单一文化主义”,并在软件部署过程中引入了“多元文化主义”。恶意软件是旨在在用户计算机上运行其代码以破坏计算机的操作或按照攻击者的意愿操纵系统的任何软件。为此,它需要有关如何与环境交互以及访问资源的知识。而软件异构化技术改变了软件的内部接口,并使得恶意软件难以掌握这些知识。因此,恶意软件变得与环境不兼容,并最终变得无法采取有效措施来损害系统,对于保护大规模分布式系统,降低大规模攻击风险是一种十分有效的防御技术。To address this problem, software heterogeneity technology has been proposed to automatically change the internal interface and structure of the software to generate its unique heterogeneous version, breaking the "monoculturalism" and introducing "multiculturalism" in the software deployment process. Malware is any software designed to run its code on the user's computer to disrupt the operation of the computer or manipulate the system as the attacker wishes. To do this, it requires knowledge about how to interact with the environment and access resources. Software heterogeneity technology changes the internal interface of the software and makes it difficult for malware to master this knowledge. As a result, the malware becomes incompatible with the environment and eventually becomes unable to take effective measures to damage the system. It is an effective defense technology for protecting large-scale distributed systems and reducing the risk of large-scale attacks.

但是当前缺少面向大众开发者的低应用门槛的部署软件异构化技术的开发环境,且异构化工具的应用受不同语言、不同操作系统影响较大,为开发者实际使用部署异构化增加了难度。However, there is currently a lack of a development environment for deploying software heterogeneous technology with low application barriers for general developers, and the application of heterogeneous tools is greatly affected by different languages and operating systems, which increases the difficulty for developers to actually use and deploy heterogeneous technology.

发明内容Summary of the invention

针对现有技术中存在的缺陷,本发明提出一种软件异构化开发环境构建方法及装置,设计的软件异构化开发环境支持多种不同主流编程语言,提供多种部署模式,为营造内生安全产业生态提供了重要支撑。In view of the defects existing in the prior art, the present invention proposes a method and device for constructing a software heterogeneous development environment. The designed software heterogeneous development environment supports a variety of different mainstream programming languages and provides a variety of deployment modes, providing important support for creating an endogenous security industry ecosystem.

为解决上述技术问题,本发明采用以下的技术方案:In order to solve the above technical problems, the present invention adopts the following technical solutions:

本发明提供了一种软件异构化开发环境构建方法,包含以下步骤:The present invention provides a method for constructing a software heterogeneous development environment, comprising the following steps:

为软件异构化开发环境部署准备工作,软件异构化开发环境是基于开源集成开发环境扩展实现的;Prepare for deployment of a heterogeneous software development environment, which is implemented based on the expansion of an open source integrated development environment;

部署软件开发环境前端,负责读取用户异构化选项;Deploy the software development environment front end, responsible for reading user heterogeneous options;

部署后端软件异构化组件,通过命令封装器与软件开发环境前端进行交互,为用户提供软件异构化功能服务,并将生成的若干异构化版本文件返回给用户;Deploy backend software heterogeneous components, interact with the software development environment front end through command wrappers, provide users with software heterogeneous functional services, and return several generated heterogeneous version files to users;

对软件开发环境前端和后端软件异构化组件进行联调测试。Conduct joint debugging and testing on heterogeneous components of the front-end and back-end software in the software development environment.

进一步地,所述为软件异构化开发环境部署准备工作包括:安装gcc、g++、autoconf和automake软件,搭建Go、Python、PHP、JavaScript和Java编程语言的开发、执行环境。Furthermore, the preparation work for deploying the software heterogeneous development environment includes: installing gcc, g++, autoconf and automake software, and building the development and execution environment of Go, Python, PHP, JavaScript and Java programming languages.

进一步地,所述软件开发环境前端以软件异构化插件的形式提供多种编程语言的异构化配置视图,通过多种可视化控件完成与用户的交互;同时软件异构化开发环境中对每个异构化功能配置解释页面,用于说明该功能的效果。Furthermore, the software development environment front end provides heterogeneous configuration views of multiple programming languages in the form of software heterogeneous plug-ins, and completes interaction with users through multiple visual controls; at the same time, the software heterogeneous development environment configures an explanation page for each heterogeneous function to illustrate the effect of the function.

进一步地,所述命令封装器将用户在软件异构化插件界面中的异构化功能参数配置以及软件变体数量整合成具体命令操作,然后调用相应编程语言的后端软件异构化组件执行。Furthermore, the command encapsulator integrates the user's heterogeneous function parameter configuration and the number of software variants in the software heterogeneous plug-in interface into specific command operations, and then calls the backend software heterogeneous component of the corresponding programming language to execute.

进一步地,根据编程语言种类不同,所述后端软件异构化组件包括C/C++异构化组件、Python异构化组件、Java异构化组件、JavaScript异构化组件、PHP异构化组件和Go异构化组件,每个异构化组件提供针对该编程语言的异构化功能。Furthermore, according to different types of programming languages, the backend software heterogeneous components include C/C++ heterogeneous components, Python heterogeneous components, Java heterogeneous components, JavaScript heterogeneous components, PHP heterogeneous components and Go heterogeneous components, and each heterogeneous component provides heterogeneous functions for the programming language.

进一步地,每个后端软件异构化组件被封装为相应语言的异构化组件的可执行文件/脚本,由该可执行文件/脚本执行相关异构化功能,并生成所需数量的多个异构化版本文件。Furthermore, each backend software heterogeneous component is encapsulated as an executable file/script of the heterogeneous component in the corresponding language, and the executable file/script executes the relevant heterogeneous functions and generates a required number of multiple heterogeneous version files.

进一步地,利用智能编排算法针对每种编程语言在相应的软件异构化插件中配置最优异构化功能。Furthermore, an intelligent orchestration algorithm is used to configure the best heterogeneous configuration function in the corresponding software heterogeneous plug-in for each programming language.

进一步地,利用软件异构化评估插件对异构软件评估,得到差异化最大的异构软件。Furthermore, the software heterogeneity assessment plug-in is used to evaluate the heterogeneous software and obtain the heterogeneous software with the greatest differentiation.

进一步地,所述软件异构化评估插件包括基于控制流图评估插件、基于 Gadgets评估插件以及基于模糊哈希函数评估插件;所述基于控制流图评估插件通过生成异构软件的控制流图,从控制流图的节点和路径的不同定性分析软件差异;所述基于 Gadgets评估插件搜寻软件中的代码片段Gadgets,通过逐条比对异构软件中Gadgets的存活率,也就是完全相同Gadgets的数量占总Gadgets数量来定量评估软件差异;所述基于模糊哈希函数评估插件通过哈希函数提取软件的局部指纹信息并进行比较,定量分析软件异构程度。Furthermore, the software heterogeneity evaluation plug-in includes a control flow graph-based evaluation plug-in, a gadgets-based evaluation plug-in and a fuzzy hash function-based evaluation plug-in; the control flow graph-based evaluation plug-in generates a control flow graph of heterogeneous software, and qualitatively analyzes software differences from the differences in nodes and paths of the control flow graph; the gadgets-based evaluation plug-in searches for code snippets gadgets in the software, and quantitatively evaluates software differences by comparing the survival rate of gadgets in heterogeneous software one by one, that is, the number of completely identical gadgets to the total number of gadgets; the fuzzy hash function-based evaluation plug-in extracts local fingerprint information of the software through a hash function and compares it, and quantitatively analyzes the degree of software heterogeneity.

本发明还提供了一种软件异构化开发环境构建装置,包括:The present invention also provides a software heterogeneous development environment construction device, comprising:

准备工作模块,用于为软件异构化开发环境部署准备工作,软件异构化开发环境是基于开源集成开发环境扩展实现的;The preparation module is used to prepare for the deployment of the software heterogeneous development environment. The software heterogeneous development environment is implemented based on the expansion of the open source integrated development environment;

前端部署模块,用于部署软件开发环境前端,负责读取用户异构化选项;The front-end deployment module is used to deploy the front-end of the software development environment and is responsible for reading user heterogeneous options;

后端部署模块,用于部署后端软件异构化组件,通过命令封装器与软件开发环境前端进行交互,为用户提供软件异构化功能服务,并将生成的若干异构化版本文件返回给用户;The back-end deployment module is used to deploy heterogeneous components of back-end software, interact with the front-end of the software development environment through the command wrapper, provide users with software heterogeneous functional services, and return several generated heterogeneous version files to users;

测试模块,用于对软件开发环境前端和后端软件异构化组件进行联调测试。The test module is used to perform joint debugging tests on the heterogeneous components of the front-end and back-end software in the software development environment.

与现有技术相比,本发明具有以下优点:Compared with the prior art, the present invention has the following advantages:

当前缺少面向大众开发者的低应用门槛的部署软件异构化技术的开发环境,且异构化工具的应用受不同语言、不同操作系统影响较大,为开发者实际使用部署异构化增加了难度。针对此问题,本发明提出一种软件异构化开发环境构建方法,该方法将代码编写、多样化编译、代码变形和异构执行体生成有机融合,支持C、C++、Python、Java、JavaScript、PHP、Go等多种不同主流编程语言,提供多种部署模式,为营造内生安全产业生态提供了重要支撑。Currently, there is a lack of a development environment for deploying software heterogeneous technology with low application thresholds for mass developers, and the application of heterogeneous tools is greatly affected by different languages and different operating systems, which increases the difficulty for developers to actually use and deploy heterogeneous. In response to this problem, the present invention proposes a method for constructing a software heterogeneous development environment, which organically integrates code writing, diversified compilation, code deformation and heterogeneous executable body generation, supports multiple different mainstream programming languages such as C, C++, Python, Java, JavaScript, PHP, Go, etc., provides multiple deployment modes, and provides important support for creating an endogenous security industry ecosystem.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings required for use in the embodiments or the description of the prior art will be briefly introduced below. Obviously, the drawings described below are some embodiments of the present invention. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying creative work.

图1是本发明实施例一的软件异构化开发环境构建方法的流程示意图;1 is a schematic diagram of a process of constructing a software heterogeneous development environment according to a first embodiment of the present invention;

图2是本发明实施例二的基于C、C++、Go语言的软件异构化方法的流程示意图;2 is a schematic flow chart of a software isomerization method based on C, C++, and Go languages according to Embodiment 2 of the present invention;

图3是本发明实施例三的基于Python、PHP、JavaScript语言的软件异构化方法的流程示意图;3 is a schematic diagram of the flow of a software isomerization method based on Python, PHP, and JavaScript languages according to Embodiment 3 of the present invention;

图4是本发明实施例四的基于Java语言的软件异构化方法的流程示意图;4 is a schematic diagram of a process flow of a software isomerization method based on Java language according to a fourth embodiment of the present invention;

图5是本发明实施例一的异构软件评估方法的流程示意图。FIG5 is a schematic diagram of a flow chart of a heterogeneous software evaluation method according to the first embodiment of the present invention.

具体实施方式DETAILED DESCRIPTION

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例,基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动的前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments are part of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments in the present invention, all other embodiments obtained by ordinary technicians in this field without making creative work are within the scope of protection of the present invention.

实施例一Embodiment 1

如图1所示的,本实施例的软件异构化开发环境构建方法,包含以下步骤:As shown in FIG1 , the method for constructing a software heterogeneous development environment in this embodiment includes the following steps:

步骤S11,为软件异构化开发环境部署准备工作,软件异构化开发环境是基于开源集成开发环境(IDE,Integrated Development Environment )扩展实现的;Step S11, preparing for deployment of a software heterogeneous development environment, where the software heterogeneous development environment is implemented based on an open source integrated development environment (IDE) extension;

步骤S12,部署软件开发环境前端,负责读取用户异构化选项;Step S12, deploying the software development environment front end, responsible for reading the user's heterogeneous options;

步骤S13,部署后端软件异构化组件,通过命令封装器与软件开发环境前端进行交互,为用户提供软件异构化功能服务,并将生成的若干异构化版本文件返回给用户;Step S13, deploying the backend software heterogeneous component, interacting with the software development environment front end through the command wrapper, providing the user with software heterogeneous functional services, and returning the generated several heterogeneous version files to the user;

步骤S14,对软件开发环境前端和后端软件异构化组件进行联调测试。Step S14, performing joint debugging test on the front-end and back-end software heterogeneous components of the software development environment.

具体的,所述为软件异构化开发环境部署准备工作包括:安装gcc、g++、autoconf和automake等软件,搭建Go、Python、PHP、JavaScript和Java等编程语言的开发、执行环境。Specifically, the preparation work for deploying the software heterogeneous development environment includes: installing software such as gcc, g++, autoconf and automake, and building development and execution environments for programming languages such as Go, Python, PHP, JavaScript and Java.

本实施例的软件异构化开发环境适配多种硬件平台以及多种操作系统,能够为绝大多数的软件开发场景提供支撑,并支持IDE和云DevOps等多种应用模式;在云DevOps模式下,可将软件异构化工具链以容器的形式部署在云环境中,通过云管平台可视化界面对外提供软件异构化服务,将软件异构化过程整合到自动化的研发综合管理体系中。The software heterogeneous development environment of this embodiment is adaptable to a variety of hardware platforms and a variety of operating systems, can provide support for most software development scenarios, and supports a variety of application modes such as IDE and cloud DevOps; in the cloud DevOps mode, the software heterogeneous tool chain can be deployed in the cloud environment in the form of a container, and software heterogeneous services can be provided to the outside through the visual interface of the cloud management platform, integrating the software heterogeneous process into the automated R&D comprehensive management system.

所述软件开发环境前端以软件异构化插件的形式提供多种编程语言的异构化配置视图,通过多种可视化控件完成与用户的交互,大大降低了软件异构化技术的应用门槛,同时软件异构化开发环境中对每个异构化功能配置了解释页面,用于说明该功能的效果,帮助用户根据其需要准确定制功能组合。在IDE模式下,系统具备传统IDE应有的单步调测、语法检查、自动补全等功能外,还具有良好的可视效果和可操作性。The front end of the software development environment provides heterogeneous configuration views of multiple programming languages in the form of software heterogeneous plug-ins, and interacts with users through multiple visual controls, which greatly reduces the application threshold of software heterogeneous technology. At the same time, an explanation page is configured for each heterogeneous function in the software heterogeneous development environment to explain the effect of the function and help users accurately customize the function combination according to their needs. In IDE mode, the system has the single-step debugging, syntax checking, automatic completion and other functions that traditional IDEs should have, and also has good visual effects and operability.

软件异构化插件依托开源IDE所提供的插件开发环境实现,对开源IDE的相关功能进行扩展,向用户提供服务。该软件异构化插件具有良好的可视效果和可操作性,在IDE模式下,通过该可视化插件界面进行功能参数配置即可实现软件异构化。具体是:软件异构化插件根据编程语言的不同,提供多个异构化配置视图,每个异构化配置视图中有针对该编程语言所特定的多种异构化功能,具体支持垃圾代码插入、控制流平坦化、模糊谓词和等效指令替换等多种代码混淆方法,栈帧布局随机化、寄存器分配随机化、函数列表随机化和堆-栈转换等多种内存布局随机化方法;并支持用户通过配置指定的软件多样化生成方法、生成策略、生成数量和场景等,即可自动化获得所需数量的异构化版本文件,支持通过提示信息显示每种异构化功能的效果,便于用户了解每种异构化功能的原理和效果,提供有好的操作界面。The software heterogeneity plug-in is implemented based on the plug-in development environment provided by the open source IDE, and the relevant functions of the open source IDE are expanded to provide services to users. The software heterogeneity plug-in has good visual effects and operability. In IDE mode, software heterogeneity can be realized by configuring the function parameters through the visual plug-in interface. Specifically, the software heterogeneity plug-in provides multiple heterogeneity configuration views according to different programming languages. Each heterogeneity configuration view has multiple heterogeneity functions specific to the programming language, specifically supporting multiple code obfuscation methods such as junk code insertion, control flow flattening, fuzzy predicates and equivalent instruction replacement, and multiple memory layout randomization methods such as stack frame layout randomization, register allocation randomization, function list randomization and heap-stack conversion; and supports users to automatically obtain the required number of heterogeneous version files by configuring the specified software diversification generation method, generation strategy, generation quantity and scenario, etc., and supports displaying the effect of each heterogeneity function through prompt information, so that users can understand the principle and effect of each heterogeneity function and provide a good operation interface.

所述命令封装器在软件异构化开发环境中为前后端提供交互的功能,将用户在软件异构化插件界面中的异构化功能参数配置以及软件变体数量整合成具体命令操作,然后调用相应编程语言的后端软件异构化组件执行。用户只需要通过软件开发环境前端中的异构化配置视图勾选所需功能,并进行参数配置,便可直接获得由后端软件异构化组件自动化生成的所需的异构化版本文件。The command encapsulator provides interactive functions for the front-end and back-end in the software heterogeneous development environment, integrates the user's heterogeneous function parameter configuration and the number of software variants in the software heterogeneous plug-in interface into specific command operations, and then calls the back-end software heterogeneous components of the corresponding programming language to execute. Users only need to check the required functions through the heterogeneous configuration view in the front-end of the software development environment and configure the parameters to directly obtain the required heterogeneous version files automatically generated by the back-end software heterogeneous components.

根据编程语言种类不同,所述后端软件异构化组件分为多个独立的异构化组件模块,具体包括C/C++异构化组件、Python异构化组件、Java异构化组件、JavaScript异构化组件、PHP异构化组件和Go异构化组件,每个异构化组件都可提供针对该编程语言的异构化功能。每个后端软件异构化组件被封装为相应语言的异构化组件的可执行文件/脚本,由该可执行文件/脚本执行相关异构化功能,并生成用户所需数量的多个异构化版本文件。According to different types of programming languages, the backend software heterogeneous component is divided into multiple independent heterogeneous component modules, including C/C++ heterogeneous component, Python heterogeneous component, Java heterogeneous component, JavaScript heterogeneous component, PHP heterogeneous component and Go heterogeneous component, each of which can provide heterogeneous functions for the programming language. Each backend software heterogeneous component is encapsulated as an executable file/script of the heterogeneous component of the corresponding language, and the executable file/script executes the relevant heterogeneous functions and generates multiple heterogeneous version files as required by the user.

进一步的,C/C++异构化组件用于对C/C++项目进行栈帧布局随机化、控制流平坦、全局变量随机化、空指令插入、字符串加密、基本块分割、指令替换等异构化处理,生成若干异构化版本可执行文件;Go异构化组件用于对Go语言项目进行栈帧布局随机化、控制流平坦、全局变量随机化、空指令插入、字符串加密、基本块分割、指令替换等异构化处理,生成若干异构化版本可执行文件;Python异构化组件用于对Python文件进行垃圾代码插入、代码压缩、代码加密、名称转换等异构化处理,生成若干异构化版本的Python文件;PHP异构化组件用于对PHP文件进行名称转换、代码块洗牌、循环转换、IF转换、字符串转换、控制流平坦、代码加密等异构化处理,生成若干异构化版本的PHP文件;JavaScript异构化组件用于对JavaScript文件进行字符串转换、控制流平坦、变量重命名、代码压缩、设置目标环境、垃圾代码插入、源文件映射代码加密等异构化处理,生成若干异构化版本的JavaScript文件;Java异构化组件用于对Java编译后的class文件以及JAR文件进行名称转换、控制流平坦、字符串加密、内部类移除、数字混淆、硬件绑定等异构化处理,生成若干异构化版本的class文件或JAR文件。Furthermore, the C/C++ heterogeneous component is used to perform heterogeneous processing such as stack frame layout randomization, control flow flattening, global variable randomization, null instruction insertion, string encryption, basic block segmentation, instruction replacement, etc. on C/C++ projects to generate several heterogeneous versions of executable files; the Go heterogeneous component is used to perform heterogeneous processing such as stack frame layout randomization, control flow flattening, global variable randomization, null instruction insertion, string encryption, basic block segmentation, instruction replacement, etc. on Go language projects to generate several heterogeneous versions of executable files; the Python heterogeneous component is used to perform heterogeneous processing such as junk code insertion, code compression, code encryption, name conversion, etc. on Python files to generate several heterogeneous versions of Python files; the PHP heterogeneous component is used to perform Heterogeneous processing such as name conversion, code block shuffling, loop conversion, IF conversion, string conversion, control flow flattening, code encryption, etc. is used to generate several heterogeneous versions of PHP files; JavaScript heterogeneous components are used to perform heterogeneous processing such as string conversion, control flow flattening, variable renaming, code compression, setting target environment, junk code insertion, source file mapping code encryption, etc. on JavaScript files to generate several heterogeneous versions of JavaScript files; Java heterogeneous components are used to perform heterogeneous processing such as name conversion, control flow flattening, string encryption, internal class removal, digital obfuscation, hardware binding, etc. on Java compiled class files and JAR files to generate several heterogeneous versions of class files or JAR files.

优选的,利用智能编排算法针对每种编程语言在相应的软件异构化插件中配置最优异构化功能,也可由用户按需进行配置修改,定制相应的异构化功能配置。后端软件异构化组件随机生成若干不同异构化功能配置方案,并根据不同异构化方案生成若干异构化版本文件,并进行评估,根据用户需求得到最优的异构化文件。Preferably, the best heterogeneous function is configured in the corresponding software heterogeneous plug-in for each programming language using an intelligent arrangement algorithm, and the user can also modify the configuration as needed to customize the corresponding heterogeneous function configuration. The backend software heterogeneous component randomly generates several different heterogeneous function configuration schemes, and generates several heterogeneous version files according to different heterogeneous schemes, and evaluates them to obtain the optimal heterogeneous file according to user needs.

利用软件异构化评估插件对异构软件评估,得到差异化最大的异构软件;所述软件异构化评估插件包括基于控制流图评估插件、基于 Gadgets评估插件以及基于模糊哈希函数评估插件;所述基于控制流图评估插件通过生成异构软件的控制流图,从控制流图的节点和路径的不同定性分析软件差异;所述基于 Gadgets评估插件搜寻软件中的代码片段Gadgets,通过逐条比对异构软件中Gadgets的存活率,也就是完全相同Gadgets的数量占总Gadgets数量来定量评估软件差异;所述基于模糊哈希函数评估插件通过哈希函数提取软件的局部指纹信息并进行比较,定量分析软件异构程度。Heterogeneous software is evaluated by using a software heterogeneity evaluation plug-in to obtain heterogeneous software with the greatest differentiation; the software heterogeneity evaluation plug-in includes a control flow graph-based evaluation plug-in, a gadgets-based evaluation plug-in and a fuzzy hash function-based evaluation plug-in; the control flow graph-based evaluation plug-in generates a control flow graph of heterogeneous software and qualitatively analyzes software differences from the differences in nodes and paths of the control flow graph; the gadgets-based evaluation plug-in searches for code fragments gadgets in the software and quantitatively evaluates software differences by comparing the survival rate of gadgets in heterogeneous software one by one, that is, the number of completely identical gadgets accounts for the total number of gadgets; the fuzzy hash function-based evaluation plug-in extracts local fingerprint information of the software through a hash function and compares it to quantitatively analyze the degree of software heterogeneity.

如图5所示,异构软件评估方法包含以下步骤:As shown in Figure 5, the heterogeneous software evaluation method includes the following steps:

步骤S51,软件开发环境前端读取用户需比较的异构软件;Step S51, the software development environment front end reads the heterogeneous software that the user needs to compare;

步骤S52,基于控制流图评估插件通过分析二进制软件,能够提取并展示二进制程序的控制流图,通过节点、路径比较控制流图差异;Step S52, based on the control flow graph evaluation plug-in, by analyzing the binary software, the control flow graph of the binary program can be extracted and displayed, and the control flow graph differences can be compared through nodes and paths;

步骤S53,基于 Gadgets评估插件搜寻软件中的Gadgets,比较地址相同,内容也相同的Gadgets,计算存活率;Step S53, searching for gadgets in the software based on the gadgets evaluation plug-in, comparing gadgets with the same address and content, and calculating the survival rate;

步骤S54,基于模糊哈希函数评估插件通过哈希函数给出软件差异值;Step S54, evaluating the plug-in based on the fuzzy hash function by using a hash function to give a software difference value;

步骤S55,综合以上三个插件的评估结果,得出差异化最大的异构软件。Step S55, combining the evaluation results of the above three plug-ins to obtain the heterogeneous software with the greatest differentiation.

与上述软件异构化开发环境构建方法相应地,本实施例还提供一种软件异构化开发环境构建装置,包括:Corresponding to the above-mentioned method for constructing a software heterogeneous development environment, this embodiment further provides a software heterogeneous development environment construction device, including:

准备工作模块,用于为软件异构化开发环境部署准备工作,软件异构化开发环境是基于开源集成开发环境扩展实现的;The preparation module is used to prepare for the deployment of the software heterogeneous development environment. The software heterogeneous development environment is implemented based on the expansion of the open source integrated development environment;

前端部署模块,用于部署软件开发环境前端,负责读取用户异构化选项;The front-end deployment module is used to deploy the front-end of the software development environment and is responsible for reading user heterogeneous options;

后端部署模块,用于部署后端软件异构化组件,通过命令封装器与软件开发环境前端进行交互,为用户提供软件异构化功能服务,并将生成的若干异构化版本文件返回给用户;The back-end deployment module is used to deploy heterogeneous components of back-end software, interact with the front-end of the software development environment through the command wrapper, provide users with software heterogeneous functional services, and return several generated heterogeneous version files to users;

测试模块,用于对软件开发环境前端和后端软件异构化组件进行联调测试。The test module is used to perform joint debugging tests on the heterogeneous components of the front-end and back-end software in the software development environment.

实施例二Embodiment 2

如图2所示,本实施例公开一种基于C、C++、Go语言的软件异构化方法,包含以下步骤:As shown in FIG2 , this embodiment discloses a software isomerization method based on C, C++, and Go languages, comprising the following steps:

步骤S21,软件开发环境前端读入用户异构化选项,并解析成异构化参数;Step S21, the software development environment front end reads the user's isomerization options and parses them into isomerization parameters;

步骤S22,C/C++/Go异构化组件根据异构化参数编译待异构化的C/C++/Go源程序文件;Step S22, the C/C++/Go isomerization component compiles the C/C++/Go source program file to be isomerized according to the isomerization parameters;

步骤S23,C/C++/Go异构化组件生成异构化版本的可执行文件。Step S23, the C/C++/Go heterogeneous component generates a heterogeneous version of an executable file.

实施例三Embodiment 3

如图3所示,本实施例公开一种基于Python、PHP、JavaScript语言的软件异构化方法,包含以下步骤:As shown in FIG3 , this embodiment discloses a software isomerization method based on Python, PHP, and JavaScript languages, comprising the following steps:

步骤S31,软件开发环境前端读入用户异构化选项,并解析成异构化参数;Step S31, the software development environment front end reads the user's isomerization options and parses them into isomerization parameters;

步骤S32,Python/PHP/JavaScript异构化组件读入待异构化的Python/PHP/JavaScript文件并解析;Step S32, the Python/PHP/JavaScript isomerization component reads the Python/PHP/JavaScript file to be isomerized and parses it;

步骤S33,Python/PHP/JavaScript异构化组件根据异构化参数修改待异构化的Python/PHP/JavaScript文件;Step S33, the Python/PHP/JavaScript isomerization component modifies the Python/PHP/JavaScript file to be isomerized according to the isomerization parameters;

步骤S34,Python/PHP/JavaScript异构化组件生成异构化版本的Python/PHP/JavaScript文件。Step S34, the Python/PHP/JavaScript heterogeneous component generates heterogeneous versions of Python/PHP/JavaScript files.

实施例四Embodiment 4

如图4所示,本实施例公开一种基于Java语言的软件异构化方法,包含以下步骤:As shown in FIG4 , this embodiment discloses a software isomerization method based on Java language, comprising the following steps:

步骤S41,软件开发环境前端读入用户异构化选项,并解析成异构化参数;Step S41, the software development environment front end reads the user's isomerization options and parses them into isomerization parameters;

步骤S42,Java异构化组件读入待异构化的文件(class文件、JAR文件或者War文件),并解析其字节码;Step S42, the Java isomerization component reads the file to be isomerized (class file, JAR file or War file) and parses its bytecode;

步骤S43,Java异构化组件根据异构化参数修改待异构化文件的字节码;Step S43, the Java isomerization component modifies the bytecode of the file to be isomerized according to the isomerization parameters;

步骤S44,Java异构化组件根据修改后的字节码生成异构化版本文件。Step S44: the Java isomerization component generates a isomerization version file according to the modified bytecode.

需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。It should be noted that, in this article, the terms "comprises", "includes" or any other variations thereof are intended to cover non-exclusive inclusion, so that a process, method, article or apparatus that includes a series of elements includes not only those elements, but also other elements not explicitly listed, or also includes elements inherent to such process, method, article or apparatus.

最后需要说明的是:以上所述仅为本发明的较佳实施例,仅用于说明本发明的技术方案,并非用于限定本发明的保护范围。凡在本发明的精神和原则之内所做的任何修改、等同替换、改进等,均包含在本发明的保护范围内。Finally, it should be noted that the above is only a preferred embodiment of the present invention, which is only used to illustrate the technical solution of the present invention, and is not used to limit the protection scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention are included in the protection scope of the present invention.

Claims (8)

1.一种软件异构化开发环境构建方法,其特征在于,包含以下步骤:1. A method for constructing a software heterogeneous development environment, characterized by comprising the following steps: 步骤1、为软件异构化开发环境部署准备工作,软件异构化开发环境是基于开源集成开发环境扩展实现的;Step 1: Prepare for the deployment of a software heterogeneous development environment, which is implemented based on the expansion of an open source integrated development environment; 步骤2、部署软件开发环境前端,负责读取用户异构化选项;Step 2: Deploy the software development environment front end, which is responsible for reading the user's heterogeneous options; 步骤3、部署后端软件异构化组件,通过命令封装器与软件开发环境前端进行交互,为用户提供软件异构化功能服务,并将生成的若干异构化版本文件返回给用户;Step 3: Deploy the backend software heterogeneous components, interact with the software development environment front end through the command wrapper, provide the user with software heterogeneous functional services, and return the generated heterogeneous version files to the user; 所述命令封装器将用户在软件异构化插件界面中的异构化功能参数配置以及软件变体数量整合成具体命令操作,然后调用相应编程语言的后端软件异构化组件执行;每个后端软件异构化组件被封装为相应语言的异构化组件的可执行文件/脚本,由该可执行文件/脚本执行相关异构化功能,并生成所需数量的多个异构化版本文件;The command encapsulator integrates the heterogeneous function parameter configuration and the number of software variants in the software heterogeneous plug-in interface into specific command operations, and then calls the backend software heterogeneous component of the corresponding programming language to execute; each backend software heterogeneous component is encapsulated as an executable file/script of the heterogeneous component of the corresponding language, and the executable file/script executes the relevant heterogeneous function and generates a required number of heterogeneous version files; 步骤4、对软件开发环境前端和后端软件异构化组件进行联调测试。Step 4: Perform joint debugging and testing on the heterogeneous components of the front-end and back-end software in the software development environment. 2.根据权利要求1所述的软件异构化开发环境构建方法,其特征在于,所述为软件异构化开发环境部署准备工作包括:安装gcc、g++、autoconf和automake软件,搭建Go、Python、PHP、JavaScript和Java编程语言的开发、执行环境。2. The method for constructing a software heterogeneous development environment according to claim 1 is characterized in that the preparation work for deploying the software heterogeneous development environment includes: installing gcc, g++, autoconf and automake software, and building development and execution environments for Go, Python, PHP, JavaScript and Java programming languages. 3.根据权利要求1所述的软件异构化开发环境构建方法,其特征在于,所述软件开发环境前端以软件异构化插件的形式提供多种编程语言的异构化配置视图,通过多种可视化控件完成与用户的交互;同时软件异构化开发环境中对每个异构化功能配置解释页面,用于说明该功能的效果。3. According to the method for constructing a software heterogeneous development environment in claim 1, it is characterized in that the software development environment front end provides heterogeneous configuration views of multiple programming languages in the form of software heterogeneous plug-ins, and completes interaction with users through multiple visual controls; at the same time, an explanation page is configured for each heterogeneous function in the software heterogeneous development environment to illustrate the effect of the function. 4.根据权利要求1所述的软件异构化开发环境构建方法,其特征在于,根据编程语言种类不同,所述后端软件异构化组件包括C/C++异构化组件、Python异构化组件、Java异构化组件、JavaScript异构化组件、PHP异构化组件和Go异构化组件,每个异构化组件提供针对该编程语言的异构化功能。4. The method for constructing a software heterogeneous development environment according to claim 1 is characterized in that, depending on the type of programming language, the back-end software heterogeneous components include C/C++ heterogeneous components, Python heterogeneous components, Java heterogeneous components, JavaScript heterogeneous components, PHP heterogeneous components and Go heterogeneous components, and each heterogeneous component provides heterogeneous functions for the programming language. 5.根据权利要求3所述的软件异构化开发环境构建方法,其特征在于,利用智能编排算法针对每种编程语言在相应的软件异构化插件中配置最优异构化功能。5. The method for constructing a software heterogeneous development environment according to claim 3 is characterized in that an intelligent orchestration algorithm is used to configure the best heterogeneous function in the corresponding software heterogeneous plug-in for each programming language. 6.根据权利要求1所述的软件异构化开发环境构建方法,其特征在于,利用软件异构化评估插件对异构软件评估,得到差异化最大的异构软件。6. The method for constructing a software heterogeneous development environment according to claim 1 is characterized in that a software heterogeneous evaluation plug-in is used to evaluate heterogeneous software to obtain heterogeneous software with the greatest differentiation. 7.根据权利要求6所述的软件异构化开发环境构建方法,其特征在于,所述软件异构化评估插件包括基于控制流图评估插件、基于 Gadgets评估插件以及基于模糊哈希函数评估插件;所述基于控制流图评估插件通过生成异构软件的控制流图,从控制流图的节点和路径的不同定性分析软件差异;所述基于 Gadgets评估插件搜寻软件中的代码片段Gadgets,通过逐条比对异构软件中Gadgets的存活率,也就是完全相同Gadgets的数量占总Gadgets数量来定量评估软件差异;所述基于模糊哈希函数评估插件通过哈希函数提取软件的局部指纹信息并进行比较,定量分析软件异构程度。7. The method for constructing a software heterogeneous development environment according to claim 6 is characterized in that the software heterogeneous evaluation plug-in includes a control flow graph-based evaluation plug-in, a gadgets-based evaluation plug-in and a fuzzy hash function-based evaluation plug-in; the control flow graph-based evaluation plug-in generates a control flow graph of heterogeneous software and qualitatively analyzes software differences from the differences in nodes and paths of the control flow graph; the gadgets-based evaluation plug-in searches for code fragments gadgets in the software and quantitatively evaluates software differences by comparing the survival rate of gadgets in heterogeneous software one by one, that is, the number of completely identical gadgets accounts for the total number of gadgets; the fuzzy hash function-based evaluation plug-in extracts local fingerprint information of the software through a hash function and compares it to quantitatively analyze the degree of software heterogeneity. 8.一种软件异构化开发环境构建装置,其特征在于,用于实现如权利要求1-7任一项所述的软件异构化开发环境构建方法,该装置包括:8. A software heterogeneous development environment construction device, characterized in that it is used to implement the software heterogeneous development environment construction method according to any one of claims 1 to 7, and the device comprises: 准备工作模块,用于为软件异构化开发环境部署准备工作,软件异构化开发环境是基于开源集成开发环境扩展实现的;The preparation module is used to prepare for the deployment of the software heterogeneous development environment. The software heterogeneous development environment is implemented based on the expansion of the open source integrated development environment; 前端部署模块,用于部署软件开发环境前端,负责读取用户异构化选项;The front-end deployment module is used to deploy the front-end of the software development environment and is responsible for reading user heterogeneous options; 后端部署模块,用于部署后端软件异构化组件,通过命令封装器与软件开发环境前端进行交互,为用户提供软件异构化功能服务,并将生成的若干异构化版本文件返回给用户;The back-end deployment module is used to deploy heterogeneous components of back-end software, interact with the front-end of the software development environment through the command wrapper, provide users with software heterogeneous functional services, and return several generated heterogeneous version files to users; 测试模块,用于对软件开发环境前端和后端软件异构化组件进行联调测试。The test module is used to perform joint debugging tests on the heterogeneous components of the front-end and back-end software in the software development environment.
CN202210356072.4A 2022-04-06 2022-04-06 Method and device for constructing software isomerization development environment Active CN114816438B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210356072.4A CN114816438B (en) 2022-04-06 2022-04-06 Method and device for constructing software isomerization development environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210356072.4A CN114816438B (en) 2022-04-06 2022-04-06 Method and device for constructing software isomerization development environment

Publications (2)

Publication Number Publication Date
CN114816438A CN114816438A (en) 2022-07-29
CN114816438B true CN114816438B (en) 2024-08-20

Family

ID=82532822

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210356072.4A Active CN114816438B (en) 2022-04-06 2022-04-06 Method and device for constructing software isomerization development environment

Country Status (1)

Country Link
CN (1) CN114816438B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116149613B (en) * 2022-12-28 2024-11-19 广州玖晔网络科技有限公司 PHP language-based micro-service design device and PHP language-based micro-service design method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108366049A (en) * 2018-01-15 2018-08-03 中国人民解放军战略支援部队信息工程大学 A kind of isomery function equivalence executes the implementation method of body
CN113703772A (en) * 2021-08-23 2021-11-26 北京计算机技术及应用研究所 Efficient intelligent computing application architecture of heterogeneous platform based on ICE (Internet communications Engineers) and construction method thereof

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101840334B (en) * 2010-04-16 2013-04-17 中国电子科技集团公司第二十八研究所 Software component service packaging method
CN105721562B (en) * 2016-01-28 2019-01-29 武汉大学 A proxy-based heterogeneous service invocation method and collaborative invocation system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108366049A (en) * 2018-01-15 2018-08-03 中国人民解放军战略支援部队信息工程大学 A kind of isomery function equivalence executes the implementation method of body
CN113703772A (en) * 2021-08-23 2021-11-26 北京计算机技术及应用研究所 Efficient intelligent computing application architecture of heterogeneous platform based on ICE (Internet communications Engineers) and construction method thereof

Also Published As

Publication number Publication date
CN114816438A (en) 2022-07-29

Similar Documents

Publication Publication Date Title
Corina et al. Difuze: Interface aware fuzzing for kernel drivers
Afonso et al. Going native: Using a large-scale analysis of android apps to create a practical native-code sandboxing policy
Gens et al. K-Miner: Uncovering Memory Corruption in Linux.
Luo et al. Tchecker: Precise static inter-procedural analysis for detecting taint-style vulnerabilities in php applications
Drewry et al. Flayer: Exposing Application Internals.
Liang et al. Deepfuzzer: Accelerated deep greybox fuzzing
CN110046089B (en) A Smart Contract Testing Method Based on Path Coverage Sufficiency Criterion
Bonett et al. Discovering flaws in {Security-Focused} static analysis tools for android using systematic mutation
Bhuiyan et al. Secbench. js: An executable security benchmark suite for server-side javascript
Agosta et al. Automated security analysis of dynamic web applications through symbolic code execution
Dawoud et al. Bringing balance to the force: Dynamic analysis of the android application framework
Gasparis et al. Detecting android root exploits by learning from root providers
Pagani et al. Autoprofile: Towards automated profile generation for memory analysis
Bao et al. Mining sandboxes: Are we there yet?
Biswas et al. Code specialization through dynamic feature observation
Xiong et al. Towards build verifiability for java-based systems
CN113935041A (en) Vulnerability detection system and method for real-time operating system equipment
Shcherbakov et al. Unveiling the invisible: Detection and evaluation of prototype pollution gadgets with dynamic taint analysis
Pashakhanloo et al. Pacjam: Securing dependencies continuously via package-oriented debloating
Reps et al. A next-generation platform for analyzing executables
Chess et al. Dynamic taint propagation: Finding vulnerabilities without attacking
Borrello et al. Predictive context-sensitive fuzzing
CN114816438B (en) Method and device for constructing software isomerization development environment
Miltenberger et al. Benchmarking the benchmarks
CN117610001A (en) Automatic analysis method for fine-grained malicious behaviors in Internet of things malicious software

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: 450000 Science Avenue 62, Zhengzhou High-tech Zone, Henan Province

Patentee after: Information Engineering University of the Chinese People's Liberation Army Cyberspace Force

Country or region after: China

Address before: No. 62 Science Avenue, High tech Zone, Zhengzhou City, Henan Province

Patentee before: Information Engineering University of Strategic Support Force,PLA

Country or region before: China

CP03 Change of name, title or address