한국통신학회논문지 (The Journal of Korean Institute of Communications and Information Sciences)

  • 제40권4호
  • /
  • Pages.709-719
  • /
  • 2015
  • /
  • 1226-4717(pISSN)
  • /
  • 2287-3880(eISSN)
한국통신학회 (The Korean Institute of Commucations and Information Sciences)
권호 표지
DOI QR코드

DOI QR Code

자바 자동 식별자 리네이밍 기법 및 보호 방법

Java Automatic Identifier Renaming Technique and Protection Method

  • Kim, Ji-Yun (Hanyang University Division of Computer Science & Engineering) ;
  • Hong, Soo-Hwa (Hanyang University Division of Computer Science & Engineering) ;
  • Go, Nam-Hyeon (Korea Open National University Department of Computer Science) ;
  • Lee, Woo-Seung (Hanyang University Division of Computer Science & Engineering) ;
  • Park, Yong-Su (Hanyang University Division of Computer Science & Engineering)
  • 투고 : 2015.03.23
  • 심사 : 2015.04.10
  • 발행 : 2015.04.30
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

본 논문은 자바 언어로 작성된 코드에 선언된 임의의 변수에 관하여, 해당 변수가 사용되는 행위를 기반으로 적절한 이름을 붙여주는 리네이밍 서비스와 이러한 분석 기술에 대응하는 보안 서비스를 소개한다. 소개하는 리네이밍 서비스는 API 기반과 반복문 내부 조건문 기반의 2가지 방법으로 구분된다. 본문에서 제안 기법의 알고리즘과 함께 알려진 자바 난독화 기술과 도구를 다루어 독자의 이해를 돕고, 프로토타입을 구현하여 실용성을 보였다. 프로토타입을 이용한 실험 결과 73%의 변수명 리네이밍 성공률을 보였다. 제안 기법을 활용하면, 공동 작업자가 직관적으로 코드 전체를 파악할 수 있도록 도울 수 있다. 또한, 악성코드 분석가가 변수명을 통하여 행위를 예측할 수 있어 분석에 도움을 줄 수도 있다. 하지만, 자바로 개발한 어플리케이션의 소스코드에 제안 기법을 적용하면, 해커에게 쉽게 노출될 수 있다. 따라서 자바 어플리케이션의 코드를 보호하는 방법도 소개한다.

This paper introduces a proper renaming service using variable action and security services against the analysis techniques in Java code. The renaming service that is introduced is separated into API pattern and loop condition. We present our scheme algorithm with known Java obfuscation techniques and tools in order to help readers understanding, and implement prototype to prove practicality in this paper. Test result using prototype shows 73% successful variable renaming rate. Using our scheme, cooperators can intuitionally understand all of code. Also, It helps malware analysts to predict malware action by variable name. But application source code that is developed by Java is exposed to hackers easily using our scheme. So we introduce Java application code protection methods, too.

키워드

참고문헌

  1. M. K. Son and N. H. Kang, "Design and implementation of java crypto provider for android platform," J. KICS, vol. 37C, no. 09, pp. 851-858, Sept. 2012.
  2. B. H. Choi, H. J. Shim, C. H. Lee, S. W. Cho, and S. J. Cho, "An APK overwrite scheme for preventing modification of android applications," J. KICS, vol. 39B, no. 05, pp. 309-136, Jun. 2014.
  3. IDC, Android and iOS squeeze the competition, swelling to 96.3% of the smartphone operating system market for both 4Q14 and CY14, According to IDC(2015), Retrieved Mar., 12, 2015, from http://www. idc.com/getdoc.jsp?containerId=prUS25450615
  4. Y. K. Kim and H. Y. Youn, "The java decompilation-preventive method by java class file encryption," Korea Computer Congress 2009, vol. 36, no. 1C, pp. 571-574, Jeju Island, Korea, Jun. 2009.
  5. T. Varaneckas, README(readme.txt), Retrieved Mar, 12, 2015, from http://varaneckas.com/jad/
  6. B. Y. Lee and Y. S. Choi, "The status and analysis of obfuscation techniques and perspective development," J. Security Eng., vol. 5, no. 3, pp. 219-228, Jun. 2009.
  7. J. U. Noh, B. M. Cho, H. S. Oh, H. Y. Chang, M. Y. Jung, S. W. Lee, Y. S. Park, J. H. Woo, and S. J. Cho, "An implementation of control flow obfuscator for C++ language," Korea Computer Congress, vol. 33, no. 1, pp. 295-297, Yongpyong, Korea, Jun. 2006.
  8. C. Christian, C. Thomborson, and D. Low, "A taxonomy of obfuscating transformations," Dept. Computer Sci., The University of Auckland, New Zealand, 1997.
  9. Y. Piao, "Server-based bytecode obfuscation scheme for tamper detection of android applications," M. S. Thesis, Dept. Computer, Soongsil Univ., Korea, 2013.
  10. J. Y. Kim, N. H. Go, and Y. S. Park, "A code concealment method using java reflection and dynamic loading in android," J. The Korea Inst. Inf. Security & Cryptol., vol. 25, no. 1, pp. 17-30, Feb. 2015. https://doi.org/10.13089/JKIISC.2015.25.1.17
  11. ORACLE, The Java$^{TM}$ Tutorials - Trail: The Reflection API(2015), Retrieved Mar. 6, 2015, from http:/ /docs.oracle.com/javase/tutorial/reflect/
  12. M. Sosonkin, G. Naumovich, and N. Memon, "Obfuscation of design intent in objectoriented applications," in Proc. 3rd ACM Workshop on Digital Rights Management (DRM '03), pp. 142-153, Washington, DC, USA, Oct. 2003.
  13. PREEMPTIVE SOLUTIONS, User's Guide (2009), Retrieved Mar. 6, 2015., from http:// www.agtech.co.jp/products/preemptive/dasho/fi les/userguide6.pdf
  14. Y. Piao, J. H. Jung, and J. H. Yi, "Structural and functional analyses of ProGuard obfuscation tool," J. KICS, vol. 38B, no. 08, pp. 654-662, Aug. 2013.
  15. J. Hoenicke, JODE(2002), Retrieved Mar. 12, 2015., from http://jode.sourceforge.net/
  16. Retrologic Systems, User's Manual(2010), Retrieved Mar. 12, 2015., from http://www.ret rologic.com/retroguard-docs.html
  17. jarg, jarg - Java Archive Grinder(2003), Retrieved Mar. 12, 2015., from http://jarg.sou rceforge.net
  18. yWorks, yGuard - Java$^{TM}$ Bytecode Obfuscator and Shrinker(2015), Retrieved Mar. 12, 2015., from http://www.yworks.com/en/products_ygua rd_about.html
  19. V. Raychev, M. Vechev, and A. Krause, "Predicting program properties from "Big Code"," in Proc. 42nd Annu. ACM SIGPLANSIGACT Symp. Principles of Programming Languages, pp. 111-124, Mumbai, India, Jan. 2015.
  20. B. Taskar, C. Guestrin, and D. Koller, "Max-margin markov networks," Advances in Neural Inf. Process. Syst. 16 (NIPS 2003), pp. 25-32, Vancouver and Whistler, British Columbia, Canada, Dec. 2003.
  21. ORACLE, Java$^{TM}$ Platform, Standard Edition 7 - API Specification(2014), Retrieved Mar., 12, 2015, from http://docs.oracle.com/javase/7/ docs/api/
  22. tutorialspoint, Java Tutorial(2014) Retrieved Mar., 9, 2015, from http://www.tutorialspoint.com/java/
  23. OREANS TECHNOLOGIES, THEMIDA OVERVIEW(2015), Retrieved Mar. 12, 2015, from http://www.oreans.com/themida.php