KR101628923B1 - Code transformation method and code transformation apparatus - Google Patents

Abstract

The present invention relates to a code conversion method comprising: (b) a protection function selection step of selecting a function to be protected, i.e., the step of selecting a flattening function which is a target whose control flow is flattened, and an integrity function which is a target whose integrity needs to be ensured; and (c) a label generation step of generating labels to be used for flattening of the flattening function, i.e., the step of generating branch functions to be used for respective blocks in the flattening function by using the integrity function, and also relates to a code conversion apparatus. Using the present invention, software having tamper-resistance and a tamper-detection function can be generated by utilizing an intermediate representation.

Description

{CODE TRANSFORMATION METHOD AND CODE TRANSFORMATION APPARATUS}

The present invention relates to a code conversion method and a code conversion apparatus, and more particularly, to a code conversion method and a code conversion apparatus for generating software having a modulation resistance and a modulation detection function using an intermediate language.

The area of software protection is the study of how to protect software from malicious software analysis (for example, software critical logic hijacking) or software tampering (for example, bypassing software license check routines). Among them, tamper-detection is about detecting and responding to the modulation when the software is modulated, and software with tamper-resistance makes it difficult to modulate the software, .

Software protection techniques can be categorized according to their bases. Hardware-based protection is a technique for protecting software based on the stability of hardware that can not be accessed from the outside. Software-based protection techniques are techniques that respond to software analysis or modulation without hardware assistance. Although hardware-based protection schemes are generally known to be more secure, they require additional hardware, which adds to the cost, and is dependent on the hardware installed, making it difficult to adapt to multiple software environments. Thus, software-based protection schemes have a variety of advantages over hardware-based protection schemes.

Software-based protection schemes use transcoding techniques to add modulation resistance and / or detection capabilities to software. Code conversion occurs at the level of the source code (for example, C, Fortran, etc.) or at the level of binary code (for example, machine language). However, each of the source code level and binary level code conversion techniques has various limitations.

There is a limitation in preserving the effect of code conversion due to optimization in the compilation process because the source code level code conversion technique is performed at the source code level. The binary-level code conversion technique is difficult to modify the machine language itself and the machine language itself, so it is difficult to add the resistance and detection functions while maintaining the normal function of the software. Also, source code level conversion techniques are dependent on the source language (eg C, Fortran, etc.) and binary level code conversion techniques are dependent on machine language (eg x86, ARM, etc.) It is not practical to apply the same code conversion technique.

Therefore, there is a need for a code conversion method and a code conversion device that can solve various known problems of software-based protection techniques while providing cost reduction and flexibility by applying software-based protection techniques.

The present invention has been made in order to solve the above-mentioned problems, and it is an object of the present invention to provide an apparatus and a method for adding a function of a modulation detection and a modulation resistance without affecting a function originally based on software regardless of a language of a source code and a language type of a machine language , A code conversion method, and a code conversion device.

According to another aspect of the present invention, there is provided a code conversion method for selecting a function to be protected, the method comprising the steps of: selecting a planarization function to be flattened by a control flow and an integrity function, (c) generating labels to be used for planarization for the flattening function, wherein the integrity function is used to generate each of the branching functions to be used in each of the blocks in the flattening function.

In order to achieve the above object, a code conversion apparatus includes a selecting unit for selecting a function to be protected, a selecting unit for selecting a smoothing function to be smoothed and a smoothing function, And a label generation unit for generating labels to be used in each of the blocks in the flattening function by using an integrity function.

The code conversion method and the code conversion device according to the present invention can easily add the functions of the modulation detection and modulation resistance without affecting the original function of the software based on the language of the source code and the language type of the machine language There is an effect.

1 is a diagram showing an exemplary hardware block diagram of a code conversion apparatus.
2 is a diagram illustrating an exemplary control flow for code conversion.
3 is a diagram showing an exemplary functional block diagram of a code conversion apparatus.
4 is a diagram showing a CFG for an exemplary planarization function to be planarized.
5 shows a planarized CFG after the application of the planarization treatment to the CFG of FIG.

The above and other objects, features and advantages of the present invention will become more apparent from the following detailed description of the present invention when taken in conjunction with the accompanying drawings, in which: It can be easily carried out. In the following description, well-known functions or constructions are not described in detail since they would obscure the invention in unnecessary detail. Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is a diagram showing an exemplary hardware block diagram of the code conversion apparatus 100. As shown in FIG.

1, the code conversion apparatus 100 includes an input interface 101, an output interface 103, a memory 105, a storage medium 107, a system bus / control bus 111 and a processor 113 And may further include a communication interface 109. The specific hardware block may be omitted depending on the use or modification of the code conversion apparatus 100. The transcoder 100 is a device that converts source code (software) to enable modulation resistance and / or modulation detection. The code conversion device 100 may be, for example, a personal computer used by a programmer or a distributor of a program, a notebook computer, or a server that can provide a conversion function of a program through the Internet.

Each hardware block of the code conversion apparatus 100 will be briefly described. The input interface 101 is an interface for receiving user input. The input interface 101 includes a mouse, a keyboard and / or a touch panel, and receives a user input for performing code conversion. The received input is passed to the processor 113 as input data via the system bus / control bus 111.

The output interface 103 includes an LCD module, an LED module, and / or a speaker, and is an interface for outputting a result or an intermediate result performed by the code conversion device 100. The output interface 103 enables to know the result for the code-converted software, for example.

The memory 105 includes a volatile memory. The memory 105 may temporarily store various data and programs. For example, the memory 105 stores a code conversion program executed by the processor 113 or a software (or a source code, hereinafter, the terms "software" and "source code" are used in combination) As shown in FIG.

The storage medium 107 stores at least a code conversion program to be executed by the processor 113 and software which is an input target of the code conversion program. The software consists of source code levels. For example, the software is written in a programming language such as C, C ++, Fortran, or Java.

The transcoding program converts the input software into an Intermediate Representation (IR) to convert the input software to modulation resistance and / or modulation detection on the intermediate language. The software converted into the designated machine language can be output to the output interface 103, stored in the storage medium 107, or output via the communication interface 109.

The processor 113 includes one or more execution units capable of executing instructions to execute the code of a program stored in the storage medium 107. [ The processor 113 may be referred to as a so-called CPU, MPU, or the like.

In particular, the processor 113 loads the code conversion program stored in the storage medium 107 into the memory 105 or the like, and performs a code conversion program to convert the input software into modulation resistance and / or modulation detection. Processor 113 preferably adds code that translates the input software into an intermediate language and has modulation resistance and / or modulation detectability for input software that has been translated into an intermediate language or translates the input software into a designated machine language.

The processor 113, particularly a code conversion program, will be described in detail with reference to FIG. 2 and FIG.

The system bus / control bus 111 is a bus capable of transmitting / receiving various analog / digital data between hardware blocks. The system bus / control bus 111 may be a parallel bus, a serial bus, or a dedicated bus for a specific hardware block. The system bus / control bus 111 can transmit and receive analog or digital data depending on the type of the bus.

The communication interface 109, which can be further included, is an interface for connecting and receiving network packets connected to the Internet network. The communication interface 109 includes, for example, a PHY chip or the like for connecting to a wired or wired LAN.

2 is a diagram illustrating an exemplary control flow for code conversion. The code conversion control flow of FIG. 2 is performed, for example, on a hardware block diagram of the code conversion apparatus 100 of FIG. The code conversion control flow of FIG. 2 is performed by the processor 113 of the code conversion apparatus 100 and preferably by executing instructions of the processor 113 by a code conversion program.

2 starts as the processor 113 of the code conversion apparatus 100 starts executing the code conversion program stored in the storage medium 107 (S100) and terminates the process S200).

First, the code conversion device 100 (the processor 113) receives (S101) a selection of software to be converted by the user through the input interface 101 (or the communication interface 109). Upon receiving the selection for the software, the code conversion apparatus 100 loads the software stored in the storage medium 107 or received via the communication interface 109 into the memory 105 or the like.

Then, the code conversion apparatus 100 converts the software of the loaded source code level into the representation of the intermediate language (S103). The intermediate language may be, for example, a command used in a known Low Level Virtual Machine (LLVM) compiler platform. The intermediate language of LLVM is an independent language that is independent of the language of the source level and is also a machine language independent language. The intermediate language of LLVM supports machine-independent labels and can represent various execution paths through labels.

In addition, data based on the software converted into the intermediate language can be output to the output interface 103 by the code conversion device 100. For example, the code conversion apparatus 100 outputs the function list included in the converted software through the output interface 103. [

The user provides an input indicating the selection of a function that needs to be protected in the output function list through the input interface 101 and the code conversion apparatus 100 selects the function to be protected corresponding to the input upon receiving the selection input (S105).

The transcoder 100 selects a particular type of function from the function list as a function selection that needs to be protected. Specifically, the code conversion apparatus 100 selects a function (hereinafter also referred to as a 'flattening function' or a 'flattening function') to which the control flow is to be flattened in order to make code analysis difficult, (Hereinafter also referred to as an 'integrity function' or 'IF' (Integrity Function)) to be guaranteed. Further, the code conversion apparatus 100 selects a function to be encrypted (hereinafter also referred to as an 'encryption function' or an EF (Encryption Function)). The selection of one or more functions may be determined by user input. There can be more than one function of each type. The flattening function is set by the code conversion apparatus 100 or guided through the output interface 103 as a function to be performed first in the integrity function and the encryption function.

The smoothing function is a target function for smoothing the analysis by flattening the control flow of the function. In the smoothing process of the smoothing function, various information for the integrity check of the integrity function and the dynamic key generation for encrypting the encryption function Data) is generated. An integrity function is a target function whose integrity must be guaranteed. It represents a function that is not necessarily hidden, but should not be modulated. For example, an integrity function may be an anti-debug routine or a license check routine. A cryptographic function is a function that must be protected by encryption, and a function that should be hidden to prevent analysis itself can be specified. For example, an encryption function can be a fatal function, etc., when exposed to the outside, including critical software logic.

It should be noted in the present invention that the integrity check of the integrity function can be performed in the various smoothing processes of the smoothing function and further the dynamic key generation is enabled. This will be discussed in detail below.

Then, in step S105, various labels to be used for flattening the selected flatness function are generated (S107).

In order to generate the label, the code conversion apparatus 100 converts the selected flattening function into CFG (Control Flow Graph) and classifies the flattening function into flattenable blocks according to the CFG conversion. Fig. 4 shows the CFG for the specific flattening function, and Fig. 5 shows the CFG (BB0 in Fig. 4 corresponds to BBa in Fig. 5 and the other blocks have the same correspondence relationship) after the flattening application according to the present invention. As can be seen in FIG. 4, each block in the CFG is configured so that the code in the block does not branch to other blocks at execution time, and branches to another block after all the code of each block is completed.

, 도 5의 예에서 i는 a ~ f임)을 생성하고 각 블록에 대한 분기 함수(

) 및 스위치문에서 이용될 함수(

)를 생성한다. Referring to FIGS. 4 and 5, a process of generating a label according to the present invention will be described. First, the code conversion apparatus 100 reads out a label for each block in the CFG of the flattening function

, I in the example of FIG. 5 is a to f) and generates a branch function (

) And the function to be used in the switch statement (

).

The label of the block indicates the execution start position of the corresponding block, and the label can be represented by a variable. The branch functions corresponding to the respective blocks are configured to be different from each other.

는, 블록의 수행 완료후의 분기 조건에 따라 예를 들어 분기가 없는 경우(즉, 하나의 후속하는 블록만이 수행되는 경우) "

+ mask +

"로 표현되고, 분기가 존재하는 경우 "

+ mask+

"로 표현된다.

는 해쉬(Hash) 함수로서 각 블록에 맵핑된 무결성 함수를 입력 인자로 한다. 여기서

는 각 블록에 맵핑된 IF(무결성 함수)의 해쉬값을 나타내는 데, 레이블 생성 과정에서 코드 변환 장치(100)는 각 블록마다 어떠한 IF의 무결성을 체크할 것인지를 결정한다. 예를 들어 코드 변환 장치(100)는 랜덤하게 평탄화 함수의 각 블록들을 특정 하나의 IF에 맵핑한다. 여기서,

는 변환된 소프트웨어 상에서 블록 i가 시작하는 시작 위치(분기 위치)를 나타내는 임의의 지시자를 나타낸다.

는 숫자의 조합, 문자의 조합 또는 숫자와 문자의 조합으로 구성되고 변수로 표현될 수도 있다. Branch function of each block

For example, when there is no branch (that is, only one subsequent block is performed) according to the branch condition after completion of execution of the block,

+ mask +

Quot ;, and when a branch is present,

+ mask +

"

As an input argument, an integrity function mapped to each block as a hash function. here

Represents a hash value of an IF (integrity function) mapped to each block. In the process of generating a label, the code conversion apparatus 100 determines which IF integrity is checked for each block. For example, the code conversion device 100 randomly maps each block of the smoothing function to a specific one IF. here,

Represents an arbitrary indicator indicating the start position (branch position) at which the block i starts on the converted software.

May be a combination of numbers, a combination of letters, or a combination of numbers and letters and may be represented by variables.

는 이하에서 살펴볼 바와 같이 하드코딩되지 않고 분기 함수

자체(즉 각 블록의 분기 함수의 계산을 위한 코드)가 대응하는 블록과 함께 코드 블록으로 변환된 소프트웨어에 내장되도록 구성된다. 이에 따라 분기 함수

는 변환된 소프트웨어의 실제 실행시에 레이블 값(

)을 산출하기에 정적 분석 방법에 안전하다.

는 i 블록의 조건을 나타내어 하나 이상의 각 조건에 따른 참(1) 또는 거짓(0)에 따라 특정 레이블로 분기할 수 있도록 한다. 함수 F()는 특정 레이블(

)을 생성하기 위한 함수로서 F()는 분기 함수의 출력을 입력 인자로 하는 해쉬 함수로 표현될 수 있다. 함수 F()를 통해 다음번에 수행되어야 하는 정확한 블록 위치를 스위치문이 선택할 수 있다. mask is a value for correcting a block to be executed next according to the original function of the input software. Branch function

Is not hard-coded as described below,

(I.e., the code for calculating the branch function of each block) is embedded in the software converted into the code block together with the corresponding block. Therefore,

Is the label value (< RTI ID = 0.0 >

) Is safe for static analysis.

Indicates the condition of i block so that it can branch to a specific label according to true (1) or false (0) according to one or more conditions. The function F ()

), F () can be expressed by a hash function with the output of the branch function as an input factor. Through the function F (), the switch statement can select the exact block location to be performed next.

의 값이 달라지고 각 블록의 실행이 정상적으로 동작하지 않게 된다. 만일 무결성 함수의 변조에 따른 변화를 탐지 가능하다면 변조에 대응할 수 있다. 본 발명에서는 무결성 함수에 대한 평탄화 함수의 분기에서 이용되는 해쉬값으로 변조를 판별할 수 있다. 이에 대해서는 이하에서 좀 더 살펴보도록 한다. Here, the branch function according to the present invention is configured by applying a hash function to an integrity function. Thus, if the integrity function is modulated, the hash value produced by applying the hash function to the integrity function is also different. this is

And the execution of each block does not operate normally. If it can detect changes due to modulation of the integrity function, it can respond to modulation. In the present invention, the modulation can be determined by the hash value used in the branching of the smoothing function for the integrity function. This will be discussed in more detail below.

Then, the code conversion apparatus 100 generates a dynamic key for encryption for the encryption function (S109). The dynamic key generated by the present invention is not stored anywhere in the translated software. If the dynamic key is stored in the translated software, the encryption will be lost if the dynamic key is found by the external.

,

)의 쌍을 가진다. 따라서 평탄화 함수의 모든 블록들 각각은 모두 (

,

)를 가지고 i를 인덱스로 하는 이 순서쌍들을 이용하여 동적 키를 코드 변환 장치(100)가 생성한다. Instead, the present invention generates a dynamic key using the label generated in the label generation step (S107). Specifically, each block (i) of the smoothing function has

,

). ≪ / RTI > Thus, each block of the smoothing function has all (

,

), And the dynamic key is generated by the code conversion apparatus 100 using these ordered pairs having i as an index.

(또는

)는 대응하는 블록이 실행되는 경우에 분기 함수 B()에 의해서 동적으로 생성되는 값인데, 평탄화 함수의 특정 블록이 소프트웨어의 조건에 따라 실행될 수도 있고 실행되지 않을 수도 있다. 항상 동일한 동적 키를 변환된 소프트웨어로부터 도출해 낼 수 있어야 정상적으로 암호화된 암호화 함수를 복호화할 수 있고 이에 대한 대응 방안이 요구된다.

(or

Is a value generated dynamically by the branch function B () when the corresponding block is executed, but a specific block of the flattening function may or may not be executed in accordance with the condition of the software. It is necessary to be able to derive the same dynamic key from the converted software all the time so that the normally encrypted function can be decrypted and a corresponding countermeasure is required.

The present invention solves this problem using the known Shamir secret sharing technique ((t, n) -threshold secret sharing). This secret sharing scheme is a technique that can recover secrets when more than t partitions among n shares are collected.

In order to enable dynamic key recovery by applying the secret division technique, the code conversion apparatus 100 derives the number of all blocks (n, 6 in the example of FIG. 4) through the CFG of the smoothing function, (4 in the example of FIG. 4). The length t represents the number of blocks on the shortest execution path. The derivation of n and t can be easily performed by the code conversion apparatus 100. [ The code conversion apparatus 100 generates a secret dynamic key using the derived n and t.

The code conversion apparatus 100 flattens the flattening function using the generated label (S111). 5 shows the CFG after the CFG of FIG. 4 is planarized. As can be seen from FIGS. 4 and 5, the order of dependency between blocks on the original execution path is flattened through the switch door. Each block (see BBa, BBb, etc. in Fig. 5) constitutes one code block together with the corresponding branch function (see Ba (), Bb (), etc. in Fig. 5). The branch function is not hard-coded and is coupled to the corresponding block as a function in accordance with the present invention. Therefore, when the converted software is executed and a specific block of the flattening function is performed, the corresponding branching function is performed immediately after completing the execution of the specific block. The branch function dynamically calculates the label to branch. Therefore, static analysis of the flattening function is impossible.

)을 포함한다. 특정 블록의 분기 함수는 특정 무결성 함수에 대한 지정된 함수(예를 들어 해쉬 함수)의 적용으로 분기 레이블(또는 분기값)이 생성된다. 따라서 무결성 함수가 변조되게 되면 분기 함수에 의해서 산출되는 분기 레이블 또한 달라지게 된다. 본 발명에서는 디폴트 레이블(매칭되는 레이블이 존재하지 않는 경우에 이용되는 레이블)을 이용하여 무결성 함수의 변조를 탐지할 수 있다. 디폴트 레이블의 블록(

)은 변조 대응 루틴(예를 들어, 프로그램 종료, 변조 탐지 출력, 지정된 서버로의 변조 탐지 출력 등)을 포함하여 소프트웨어의 변조 탐지 결과를 출력할 수 있다. Flattened flattened code has a default label (

). A branching function of a particular block generates a branching label (or branching value) by applying a specified function (e.g. a hash function) to a specific integrity function. Therefore, if the integrity function is modulated, the branch label calculated by the branch function also changes. In the present invention, modulation of an integrity function can be detected using a default label (a label used when no matching label exists). Block of default label (

May output the modulation detection results of the software, including modulation-related routines (e.g., program termination, modulation detection output, modulation detection output to designated server, etc.).

After generation of the dynamic key, the code conversion apparatus 100 encrypts the encryption function with the generated dynamic key (S113). The dynamic key according to the present invention is not embedded in the software to be converted. Instead, the flattened function at the time of code execution of the flattened function performs t (shortest execution path length) blocks and branch functions through at least the shortest execution path, and thus transforms the dynamic key using these t branch functions Software can be restored.

Thereafter, the code conversion apparatus 100 proceeds with the optimization process if necessary, and converts it into a machine language (S115) through a compiling and linking process for the machine language designated by the user. Then, the code conversion apparatus 100 stores the converted machine language, that is, the converted software having the modulation resistance and the detection function, in the storage medium 107 (S117) or outputs it via the communication interface 109. [

The code conversion method of Fig. 2 can be configured with a computer program that can be stored in the medium. This computer program is stored on USB, CD, DVD, smart card, removable hard disk, built-in hard disk and so on. The computer program is executed on the hardware block (s), particularly the processor 113, of Fig.

3 is a diagram showing an exemplary functional block diagram of the code conversion apparatus 100. As shown in FIG.

3, the code conversion apparatus 100 includes an intermediate language conversion unit 151, a module loader unit 153, a selection unit 155, a label generation unit 157, a dynamic key generation unit 159, 161, an encrypting unit 163, an optimizing unit 165, and a machine language converting unit 167. Some functional blocks of the functional block diagram of Fig. 3 may be omitted in accordance with the design variant. The functional blocks of FIG. 3 are implemented on a hardware block diagram of FIG. 1 and preferably by a code conversion program performed by the processor 113. The code conversion program can be stored and distributed in various storage media 107 and is executed by the processor 113 on the hardware block diagram of Fig.

The description of the functional block diagram of FIG. 3 will be centered on the difference from FIG. 2 in consideration of the description of FIG. 2, and the omitted description will be replaced with the corresponding description of FIG.

The functional block diagram of FIG. 3 may constitute one software development platform. For example, the functional block diagram of FIG. 3 is configured within the LLVM (Low Level Virtual Machine) compilation platform to translate the source level software into machine language at a particular binary level. The known LLVM platform includes an intermediate language conversion unit 151, a module loader unit 153, an optimization unit 165 and a machine language conversion unit 167. This LLVM platform converts the software into an intermediate level intermediate language After that, it converts to machine language.

3, the intermediate language conversion unit 151 converts the input software selected by the user into a representation of the intermediate language. The intermediate language conversion unit 151 outputs the software having the converted intermediate language representation. The output intermediate language software is then transmitted to the module loader unit 153 and the like.

The module loader unit 153 loads various program modules to be used for software conversion according to the present invention. For example, the module loader unit 153 loads the encryption module, the hash function module, and the secret division module. Such an encryption module, a hash function module, and a secret sharing module are included in the converted software at the time of software conversion. If the converted software is subsequently executed, such a module is also executed if necessary so that the original function of the software can be performed. Preferably, the module loader section 153 links these modules to software in the representation of the intermediate language. The loaded modules are also made up of intermediate language expressions.

The selection unit 155 selects a function to be protected. The selection unit 155 selects at least one leveling function, at least one integrity function, to which the control flow should be leveled, and at least one integrity function whose integrity is to be guaranteed. In addition, the selection unit 155 selects one or more encryption functions to be encrypted. The smoothing function may be a function that precedes the specific one or more integrity functions and the specific one or more encryption functions.

The label generation unit 157 generates labels to be used in the planarization for the smoothing function. The label generation unit 157 generates a CFG for the flatness function and generates branch functions to be used in each block in the CFG. A particular branch function for a particular block contains a specified function that takes a mapped integrity function as an argument. This specified function can be a hash function, for example.

The dynamic key generation unit 159 generates a dynamic key for encrypting the encryption function using branch functions. The dynamic key is generated using a secret partitioning technique that utilizes the length of the shortest execution path and the total number of blocks of the smoothing function. The dynamic key can be restored by using the branch functions of the length (number) of the shortest execution path of the flattening function on the converted software.

The planarizing unit 161 flattens the selected flattening function. The flattening unit 161 constitutes one block of the block of the flattening function together with each corresponding branching function. Thus, the flattened function code dynamically calculates the branching function dynamically after the execution of the block, and the branching function dynamically calculates the branch to be branched later in the dynamic execution.

The code of the smoothing function generated by the flattening unit 161 includes a default label and the default label is configured to detect the modulation of the software.

The encryption unit 163 encrypts the encryption function using the dynamic key generated by the dynamic key generation unit 159. [

The optimizer 165 optimizes the intermediate language software generated or transformed through each of the blocks. Here, the optimization is configured so that the code conversion result is maintained even after applying the code conversion technique according to the present invention.

The machine language conversion unit 167 performs a link process using compilation and library to a designated or selected machine language. And converts the intermediate language software to machine language by the machine language conversion unit 167 to generate converted software having modulation resistance and detection function.

The converted software can be stored in the storage medium 107 or output via the communication interface 109. [

It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the invention. The present invention is not limited to the drawings.

100: Code conversion device
101: input interface 103: output interface
105: memory 107: storage medium
109: Communication interface 111: System bus / control bus
113: Processor
151: intermediate language conversion unit 153: module loader unit
155: selection unit 157: label generation unit
159: Dynamic key generation unit 161:
163: Encryption unit 165: Optimization unit
167:

Claims (11)

(a) converting the input software into an intermediate language;
(b) selecting a function to be protected, the method comprising the steps of: selecting a planarization function as an object to be flattened by a control flow and an integrity function to be an object of integrity; And
(c) generating labels to be used for planarization for the flattening function, wherein the integrity function is used to generate each of the branching functions to be used in each of the blocks in the flattening function,
Code conversion method. The method of claim 1,
(B) and (c) are performed on the software converted into the intermediate language,
Wherein each of the branch functions includes a specified function that takes an integrity function mapped to a block as a factor.
Code conversion method. The method according to claim 1,
The step (b) further selects an encryption function to be encrypted,
The code conversion method includes: (d) generating a dynamic key for encrypting the encryption function using branch functions; And (f) encrypting the encryption function using the dynamic key,
Wherein the dynamic key is restored using branch functions of the number of blocks of the shortest execution path of the flattening function,
Code conversion method. The method according to claim 1,
(e) flattening the flattening function, wherein each of the blocks comprises a corresponding one of the branching functions and one code block,
The branching function dynamically calculates a label to be branched at the time of execution,
Code conversion method. 5. The method of claim 4,
Wherein the code of the flattening function of step (e) comprises a default label,
Wherein the default label is configured to detect tampering of the software,
Code conversion method. A computer program stored on a computer readable recording medium coupled to the hardware for executing the steps of the method of claim 1. A selection unit for selecting a function to be protected, the selection unit selecting a smoothing function as an object to be flattened by the control flow and an integrity function to be an object of integrity;
A label generating unit for generating labels to be used for flattening the flattening function, the label generating unit generating each branching function to be used in each of the blocks in the flattening function using the integrity function; And
And an intermediate language conversion unit for converting the input software into an intermediate language and outputting the converted intermediate language software to the selection unit.
Code conversion device. 8. The method of claim 7,
Wherein each of the branch functions includes a specified function that takes an integrity function mapped to a block as a factor.
Code conversion device. 8. The method of claim 7,
The selection unit further selects an encryption function to be encrypted,
Wherein the code conversion apparatus comprises: a dynamic key generation unit for generating a dynamic key for encrypting the encryption function using branch functions; And an encryption unit encrypting the encryption function using the dynamic key,
Wherein the dynamic key is restored using branch functions of the number of blocks of the shortest execution path of the flattening function,
Code conversion device. 8. The method of claim 7,
And a flattening unit for flattening the flattening function so that each branching function and each corresponding branching function are constituted by one code block,
The branching function dynamically calculates a label to be branched at the time of execution,
Code conversion device. 11. The method of claim 10,
Wherein the code of the flattening function generated by the flattening unit includes a default label,
Wherein the default label is configured to detect tampering of the software,
Code conversion device.

Images